Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 13 May 2025 12:51:00 GMT
From:      Mark Johnston <markj@FreeBSD.org>
To:        src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org
Subject:   git: df4d9abbcc04 - stable/14 - aio: Fix opcode handling in aio_process_rw()
Message-ID:  <202505131251.54DCp0h4086923@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help 
The branch stable/14 has been updated by markj:

URL: https://cgit.FreeBSD.org/src/commit/?id=df4d9abbcc04db5a195b98d5291ba15949fc03c5

commit df4d9abbcc04db5a195b98d5291ba15949fc03c5
Author:     Mark Johnston <markj@FreeBSD.org>
AuthorDate: 2025-05-02 21:37:39 +0000
Commit:     Mark Johnston <markj@FreeBSD.org>
CommitDate: 2025-05-13 12:50:51 +0000

    aio: Fix opcode handling in aio_process_rw()
    
    LIO_FOFFSET needs to be masked off, as it is in aio_aqueue().
    
    Reported by:    syzbot+b6e15476c91852bb2264@syzkaller.appspotmail.com
    Reviewed by:    kib, asomers
    MFC after:      1 week
    Differential Revision:  https://reviews.freebsd.org/D50118
    
    (cherry picked from commit ab01a5f5628eb0d334f491ff06462cff214d5f49)
---
 sys/kern/vfs_aio.c | 8 +++-----
 1 file changed, 3 insertions(+), 5 deletions(-)

diff --git a/sys/kern/vfs_aio.c b/sys/kern/vfs_aio.c
index c5b0c7896a17..291ac46babef 100644
--- a/sys/kern/vfs_aio.c
+++ b/sys/kern/vfs_aio.c
@@ -764,10 +764,9 @@ aio_process_rw(struct kaiocb *job)
 	long inblock_st, inblock_end;
 	int error, opcode;
 
-	KASSERT(job->uaiocb.aio_lio_opcode == LIO_READ ||
-	    job->uaiocb.aio_lio_opcode == LIO_READV ||
-	    job->uaiocb.aio_lio_opcode == LIO_WRITE ||
-	    job->uaiocb.aio_lio_opcode == LIO_WRITEV,
+	opcode = job->uaiocb.aio_lio_opcode & ~LIO_FOFFSET;
+	KASSERT(opcode == LIO_READ || opcode == LIO_READV ||
+	    opcode == LIO_WRITE || opcode == LIO_WRITEV,
 	    ("%s: opcode %d", __func__, job->uaiocb.aio_lio_opcode));
 
 	aio_switch_vmspace(job);
@@ -777,7 +776,6 @@ aio_process_rw(struct kaiocb *job)
 	job->uiop->uio_td = td;
 	fp = job->fd_file;
 
-	opcode = job->uaiocb.aio_lio_opcode;
 	cnt = job->uiop->uio_resid;
 
 	msgrcv_st = td->td_ru.ru_msgrcv;

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202505131251.54DCp0h4086923>