Author: asomers
Date: Thu Oct 26 19:45:15 2017
New Revision: 325018
URL: https://svnweb.freebsd.org/changeset/base/325018
Log:
Fix aio_suspend in 32-bit emulation
An off-by-one error has been present since the system call was first present
in 185878. It additionally became a memory corruption bug after change
324941. The failure is actually revealed by our existing AIO tests.
However, apparently nobody's been running those in 32-bit emulation mode.
Reported by: Coverity, cem
CID: 1382114
MFC after: 18 days
X-MFC-With: 324941
Sponsored by: Spectra Logic Corp
Modified:
head/sys/kern/vfs_aio.c
Modified: head/sys/kern/vfs_aio.c
==============================================================================
--- head/sys/kern/vfs_aio.c Thu Oct 26 18:32:04 2017 (r325017)
+++ head/sys/kern/vfs_aio.c Thu Oct 26 19:45:15 2017 (r325018)
@@ -2814,7 +2814,7 @@ freebsd32_aio_suspend(struct thread *td, struct freebs
error = copyin(uap->aiocbp, ujoblist32, uap->nent *
sizeof(ujoblist32[0]));
if (error == 0) {
- for (i = uap->nent; i > 0; i--)
+ for (i = uap->nent - 1; i >= 0; i--)
ujoblist[i] = PTRIN(ujoblist32[i]);
error = kern_aio_suspend(td, uap->nent, ujoblist, tsp);
_______________________________________________
svn-src-head@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
