HomeFreeBSD

aio: Fix up the opcode in aiocb32_copyin()

Description

aio: Fix up the opcode in aiocb32_copyin()

With lio_listio(2), the opcode is specified by userspace rather than
being hard-coded by the system call (e.g., aio_readv() -> LIO_READV).
kern_lio_listio() calls aio_aqueue() with an opcode of LIO_NOP, which
gets fixed up when the aiocb is copied in.

When copying in a job request for vectored I/O, we need to dynamically
allocate a uio to wrap an iovec. So aiocb_copyin() needs to get the
opcode from the aiocb and then decide whether an allocation is required.
We failed to do this in the COMPAT_FREEBSD32 case. Fix it.

Reported by: syzbot+27eab6f2c2162f2885ee@syzkaller.appspotmail.com
Reviewed by: kib, asomers
Fixes: f30a1ae8d529 ("lio_listio(2): Allow LIO_READV and LIO_WRITEV.")
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D31914

(cherry picked from commit 2884918c73389bebfc8025bfb267adae086ee0bd)

Details

Provenance
markjAuthored on Sep 11 2021, 4:55 PM
jhbCommitted on Sep 6 2023, 9:56 PM
Reviewer
rGf30a1ae8d529: lio_listio(2): Allow LIO_READV and LIO_WRITEV.
Differential Revision
D31914: aio: Fix up the opcode in aiocb32_copyin()
Parents
rG05bfa3e05896: lio_listio(2): Allow LIO_READV and LIO_WRITEV.
Branches
Unknown
Tags
Unknown