Date: Thu, 24 Jan 2008 17:10:19 +0000 (UTC) From: Jean-Sebastien Pedron <dumbbell@FreeBSD.org> To: src-committers@FreeBSD.org, cvs-src@FreeBSD.org, cvs-all@FreeBSD.org Subject: cvs commit: src/sys/sys event.h src/sys/kern vfs_aio.c Message-ID: <200801241710.m0OHAJCG083388@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
dumbbell 2008-01-24 17:10:19 UTC
FreeBSD src repository
Modified files:
sys/sys event.h
sys/kern vfs_aio.c
Log:
When asked to use kqueue, AIO stores its internal state in the
`kn_sdata' member of the newly registered knote. The problem is that
this member is overwritten by a call to kevent(2) with the EV_ADD flag,
targetted at the same kevent/knote. For instance, a userland application
may set the pointer to NULL, leading to a panic.
A testcase was provided by the submitter.
PR: kern/118911
Submitted by: MOROHOSHI Akihiko <moro@remus.dti.ne.jp>
MFC after: 1 day
Revision Changes Path
1.237 +6 -4 src/sys/kern/vfs_aio.c
1.38 +2 -0 src/sys/sys/event.h
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200801241710.m0OHAJCG083388>