Date: Thu, 26 Oct 2017 19:45:15 +0000 (UTC) From: Alan Somers <asomers@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r325018 - head/sys/kern Message-ID: <201710261945.v9QJjFaW030109@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: asomers Date: Thu Oct 26 19:45:15 2017 New Revision: 325018 URL: https://svnweb.freebsd.org/changeset/base/325018 Log: Fix aio_suspend in 32-bit emulation An off-by-one error has been present since the system call was first present in 185878. It additionally became a memory corruption bug after change 324941. The failure is actually revealed by our existing AIO tests. However, apparently nobody's been running those in 32-bit emulation mode. Reported by: Coverity, cem CID: 1382114 MFC after: 18 days X-MFC-With: 324941 Sponsored by: Spectra Logic Corp Modified: head/sys/kern/vfs_aio.c Modified: head/sys/kern/vfs_aio.c ============================================================================== --- head/sys/kern/vfs_aio.c Thu Oct 26 18:32:04 2017 (r325017) +++ head/sys/kern/vfs_aio.c Thu Oct 26 19:45:15 2017 (r325018) @@ -2814,7 +2814,7 @@ freebsd32_aio_suspend(struct thread *td, struct freebs error = copyin(uap->aiocbp, ujoblist32, uap->nent * sizeof(ujoblist32[0])); if (error == 0) { - for (i = uap->nent; i > 0; i--) + for (i = uap->nent - 1; i >= 0; i--) ujoblist[i] = PTRIN(ujoblist32[i]); error = kern_aio_suspend(td, uap->nent, ujoblist, tsp);
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201710261945.v9QJjFaW030109>