git: ab01a5f5628e - main - aio: Fix opcode handling in aio_process_rw()
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Fri, 02 May 2025 21:38:30 UTC
The branch main has been updated by markj:
URL: https://cgit.FreeBSD.org/src/commit/?id=ab01a5f5628eb0d334f491ff06462cff214d5f49
commit ab01a5f5628eb0d334f491ff06462cff214d5f49
Author: Mark Johnston <markj@FreeBSD.org>
AuthorDate: 2025-05-02 21:37:39 +0000
Commit: Mark Johnston <markj@FreeBSD.org>
CommitDate: 2025-05-02 21:37:39 +0000
aio: Fix opcode handling in aio_process_rw()
LIO_FOFFSET needs to be masked off, as it is in aio_aqueue().
Reported by: syzbot+b6e15476c91852bb2264@syzkaller.appspotmail.com
Reviewed by: kib, asomers
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D50118
---
sys/kern/vfs_aio.c | 8 +++-----
1 file changed, 3 insertions(+), 5 deletions(-)
diff --git a/sys/kern/vfs_aio.c b/sys/kern/vfs_aio.c
index 92c30b48e4f5..97dc854c9386 100644
--- a/sys/kern/vfs_aio.c
+++ b/sys/kern/vfs_aio.c
@@ -755,10 +755,9 @@ aio_process_rw(struct kaiocb *job)
long inblock_st, inblock_end;
int error, opcode;
- KASSERT(job->uaiocb.aio_lio_opcode == LIO_READ ||
- job->uaiocb.aio_lio_opcode == LIO_READV ||
- job->uaiocb.aio_lio_opcode == LIO_WRITE ||
- job->uaiocb.aio_lio_opcode == LIO_WRITEV,
+ opcode = job->uaiocb.aio_lio_opcode & ~LIO_FOFFSET;
+ KASSERT(opcode == LIO_READ || opcode == LIO_READV ||
+ opcode == LIO_WRITE || opcode == LIO_WRITEV,
("%s: opcode %d", __func__, job->uaiocb.aio_lio_opcode));
aio_switch_vmspace(job);
@@ -768,7 +767,6 @@ aio_process_rw(struct kaiocb *job)
job->uiop->uio_td = td;
fp = job->fd_file;
- opcode = job->uaiocb.aio_lio_opcode;
cnt = job->uiop->uio_resid;
msgrcv_st = td->td_ru.ru_msgrcv;