From nobody Wed Sep 06 21:56:34 2023 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Rgx6C2Y2Mz4sJG5; Wed, 6 Sep 2023 21:56:35 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Rgx6C1TTzz3b0m; Wed, 6 Sep 2023 21:56:35 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1694037395; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=sOQx2/KAxaT4k/byyWSd78dIZf0M3pmiLQ7vWl/LdbE=; b=eoL+F73lScC3XRfIroUfjD19JKJME1wbb8reRbLgxi/FpSyubqr2+/yEnj2zx+DautlZtQ YA0twGBkXuio0ANixc/0dYtnamNvCkeLMXLxfgkeACSw8dP7idxcx8B8s+Ou6XTwKAnGZ9 Wi2bH5trE6YGBqkqZKVFyeO0+YzA9mude+EjhQviFeDnXKQrRsFvi50f5mB7sI0nZlxBrt S77UX85bb4cfG+nRuWyn2lrr4M/LzbY2/byrngUg/5LJ20lf1q3G1cxu5xIqSOWg1v7hLY jNtBAAVh6G/rk+6D7cgGx435YyOeyVmGehQbJ+dtunEU7CkiUpwylC+qFUeWyg== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1694037395; a=rsa-sha256; cv=none; b=v+j79Ayp673IAkIuDALqhKtF9x/DcHxVTeJJbUN2+9KYkYkPwqVHuJggVy4OrWAksXp/EK iGt6gTZTdS76kqGg1sH5IOIR9zhQ4BMY2E3POV+jdFygXY2wDvLfz4qkfdKGC9jDfbn0Tv dUjzyVULhpNjsvCOERrv2lbgYG0pdff4w9tSkPj2RFMtSpMjUGahXpZW/dI3KF41Eu1c/N oljtGGFHy9v7LPYO3Vu74YVoRJXeJQI31+69szDbMoRds1t2qAD4YcYU3Q4pv8j0dtFkqa mo4Tl03sfr9cPfdvfdVhgncNuhE52rCxyJAPl8KzSJ73WUcD/T6bMaEoCcNkiA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1694037395; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=sOQx2/KAxaT4k/byyWSd78dIZf0M3pmiLQ7vWl/LdbE=; b=mpAl2W0aFLH+/w0nIxSar2uNnnA56ZUs9zG0eIFMMda0awVKlTYSlHEB14+ZuUxigi3VhT 9RGmxnzRNzGTbE/+NeNG1XrkPYpITb0NQYPYJWCNLUSUwLVHQ1Qkdv420iNrHvI2sFidpM Ui//jHob5U/DgK9i8fQ6ggXX4MqXK5FsWhM57+LSb7t3YbI4Lzi8KmYLwsrx7cktEw3c7E SJaYzK1hrUUPn8MWGFpm1OvxgdbG3sJFeXvMmdsQGT7HgP5WVgGmRGEYbd8O3a/SFxl0Ln GQNAgHGvtC3INxgnEMG9kn6EwoFxw1ddRtI0rWVCZIAcwA/4l1xmhzjDBVnJoQ== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4Rgx6C0PzSzYmR; Wed, 6 Sep 2023 21:56:35 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.17.1/8.17.1) with ESMTP id 386LuYCo022516; Wed, 6 Sep 2023 21:56:34 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.17.1/8.17.1/Submit) id 386LuYnG022513; Wed, 6 Sep 2023 21:56:34 GMT (envelope-from git) Date: Wed, 6 Sep 2023 21:56:34 GMT Message-Id: <202309062156.386LuYnG022513@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: John Baldwin Subject: git: c6c0b631fa26 - stable/13 - aio: Fix up the opcode in aiocb32_copyin() List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-all@freebsd.org X-BeenThere: dev-commits-src-all@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: jhb X-Git-Repository: src X-Git-Refname: refs/heads/stable/13 X-Git-Reftype: branch X-Git-Commit: c6c0b631fa26afc22c8476f577728d65a003e801 Auto-Submitted: auto-generated The branch stable/13 has been updated by jhb: URL: https://cgit.FreeBSD.org/src/commit/?id=c6c0b631fa26afc22c8476f577728d65a003e801 commit c6c0b631fa26afc22c8476f577728d65a003e801 Author: Mark Johnston AuthorDate: 2021-09-11 16:55:32 +0000 Commit: John Baldwin CommitDate: 2023-09-06 21:56:09 +0000 aio: Fix up the opcode in aiocb32_copyin() With lio_listio(2), the opcode is specified by userspace rather than being hard-coded by the system call (e.g., aio_readv() -> LIO_READV). kern_lio_listio() calls aio_aqueue() with an opcode of LIO_NOP, which gets fixed up when the aiocb is copied in. When copying in a job request for vectored I/O, we need to dynamically allocate a uio to wrap an iovec. So aiocb_copyin() needs to get the opcode from the aiocb and then decide whether an allocation is required. We failed to do this in the COMPAT_FREEBSD32 case. Fix it. Reported by: syzbot+27eab6f2c2162f2885ee@syzkaller.appspotmail.com Reviewed by: kib, asomers Fixes: f30a1ae8d529 ("lio_listio(2): Allow LIO_READV and LIO_WRITEV.") Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D31914 (cherry picked from commit 2884918c73389bebfc8025bfb267adae086ee0bd) --- sys/kern/vfs_aio.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/sys/kern/vfs_aio.c b/sys/kern/vfs_aio.c index 02014ceefdf5..5ad912ea38c4 100644 --- a/sys/kern/vfs_aio.c +++ b/sys/kern/vfs_aio.c @@ -2829,6 +2829,8 @@ aiocb32_copyin(struct aiocb *ujob, struct kaiocb *kjob, int type) CP(job32, *kcb, aio_fildes); CP(job32, *kcb, aio_offset); CP(job32, *kcb, aio_lio_opcode); + if (type == LIO_NOP) + type = kcb->aio_lio_opcode; if (type & LIO_VECTORED) { iov32 = PTRIN(job32.aio_iov); CP(job32, *kcb, aio_iovcnt);