Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 2 May 2025 21:38:30 GMT
From:      Mark Johnston <markj@FreeBSD.org>
To:        src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org
Subject:   git: ab01a5f5628e - main - aio: Fix opcode handling in aio_process_rw()
Message-ID:  <202505022138.542LcUd4054422@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help 
The branch main has been updated by markj:

URL: https://cgit.FreeBSD.org/src/commit/?id=ab01a5f5628eb0d334f491ff06462cff214d5f49

commit ab01a5f5628eb0d334f491ff06462cff214d5f49
Author:     Mark Johnston <markj@FreeBSD.org>
AuthorDate: 2025-05-02 21:37:39 +0000
Commit:     Mark Johnston <markj@FreeBSD.org>
CommitDate: 2025-05-02 21:37:39 +0000

    aio: Fix opcode handling in aio_process_rw()
    
    LIO_FOFFSET needs to be masked off, as it is in aio_aqueue().
    
    Reported by:    syzbot+b6e15476c91852bb2264@syzkaller.appspotmail.com
    Reviewed by:    kib, asomers
    MFC after:      1 week
    Differential Revision:  https://reviews.freebsd.org/D50118
---
 sys/kern/vfs_aio.c | 8 +++-----
 1 file changed, 3 insertions(+), 5 deletions(-)

diff --git a/sys/kern/vfs_aio.c b/sys/kern/vfs_aio.c
index 92c30b48e4f5..97dc854c9386 100644
--- a/sys/kern/vfs_aio.c
+++ b/sys/kern/vfs_aio.c
@@ -755,10 +755,9 @@ aio_process_rw(struct kaiocb *job)
 	long inblock_st, inblock_end;
 	int error, opcode;
 
-	KASSERT(job->uaiocb.aio_lio_opcode == LIO_READ ||
-	    job->uaiocb.aio_lio_opcode == LIO_READV ||
-	    job->uaiocb.aio_lio_opcode == LIO_WRITE ||
-	    job->uaiocb.aio_lio_opcode == LIO_WRITEV,
+	opcode = job->uaiocb.aio_lio_opcode & ~LIO_FOFFSET;
+	KASSERT(opcode == LIO_READ || opcode == LIO_READV ||
+	    opcode == LIO_WRITE || opcode == LIO_WRITEV,
 	    ("%s: opcode %d", __func__, job->uaiocb.aio_lio_opcode));
 
 	aio_switch_vmspace(job);
@@ -768,7 +767,6 @@ aio_process_rw(struct kaiocb *job)
 	job->uiop->uio_td = td;
 	fp = job->fd_file;
 
-	opcode = job->uaiocb.aio_lio_opcode;
 	cnt = job->uiop->uio_resid;
 
 	msgrcv_st = td->td_ru.ru_msgrcv;

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202505022138.542LcUd4054422>