git: df4d9abbcc04 - stable/14 - aio: Fix opcode handling in aio_process_rw()
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Tue, 13 May 2025 12:51:00 UTC
The branch stable/14 has been updated by markj:
URL: https://cgit.FreeBSD.org/src/commit/?id=df4d9abbcc04db5a195b98d5291ba15949fc03c5
commit df4d9abbcc04db5a195b98d5291ba15949fc03c5
Author: Mark Johnston <markj@FreeBSD.org>
AuthorDate: 2025-05-02 21:37:39 +0000
Commit: Mark Johnston <markj@FreeBSD.org>
CommitDate: 2025-05-13 12:50:51 +0000
aio: Fix opcode handling in aio_process_rw()
LIO_FOFFSET needs to be masked off, as it is in aio_aqueue().
Reported by: syzbot+b6e15476c91852bb2264@syzkaller.appspotmail.com
Reviewed by: kib, asomers
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D50118
(cherry picked from commit ab01a5f5628eb0d334f491ff06462cff214d5f49)
---
sys/kern/vfs_aio.c | 8 +++-----
1 file changed, 3 insertions(+), 5 deletions(-)
diff --git a/sys/kern/vfs_aio.c b/sys/kern/vfs_aio.c
index c5b0c7896a17..291ac46babef 100644
--- a/sys/kern/vfs_aio.c
+++ b/sys/kern/vfs_aio.c
@@ -764,10 +764,9 @@ aio_process_rw(struct kaiocb *job)
long inblock_st, inblock_end;
int error, opcode;
- KASSERT(job->uaiocb.aio_lio_opcode == LIO_READ ||
- job->uaiocb.aio_lio_opcode == LIO_READV ||
- job->uaiocb.aio_lio_opcode == LIO_WRITE ||
- job->uaiocb.aio_lio_opcode == LIO_WRITEV,
+ opcode = job->uaiocb.aio_lio_opcode & ~LIO_FOFFSET;
+ KASSERT(opcode == LIO_READ || opcode == LIO_READV ||
+ opcode == LIO_WRITE || opcode == LIO_WRITEV,
("%s: opcode %d", __func__, job->uaiocb.aio_lio_opcode));
aio_switch_vmspace(job);
@@ -777,7 +776,6 @@ aio_process_rw(struct kaiocb *job)
job->uiop->uio_td = td;
fp = job->fd_file;
- opcode = job->uaiocb.aio_lio_opcode;
cnt = job->uiop->uio_resid;
msgrcv_st = td->td_ru.ru_msgrcv;