Date: Mon, 28 Jan 2008 10:43:11 +0000 (UTC) From: Jean-Sebastien Pedron <dumbbell@FreeBSD.org> To: src-committers@FreeBSD.org, cvs-src@FreeBSD.org, cvs-all@FreeBSD.org Subject: cvs commit: src/sys/kern vfs_aio.c src/sys/sys event.h Message-ID: <200801281043.m0SAhBkg053056@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
dumbbell 2008-01-28 10:43:11 UTC
FreeBSD src repository
Modified files: (Branch: RELENG_7_0)
sys/kern vfs_aio.c
sys/sys event.h
Log:
MFC:
sys/kern/vfs_aio.c; revision 1.237
sys/sys/event.h; revision 1.38
When asked to use kqueue, AIO stores its internal state in the
`kn_sdata' member of the newly registered knote. The problem is that
this member is overwritten by a call to kevent(2) with the EV_ADD flag,
targetted at the same kevent/knote. For instance, a userland application
may set the pointer to NULL, leading to a panic.
A testcase was provided by the submitter.
PR: kern/118911
Submitted by: MOROHOSHI Akihiko <moro@remus.dti.ne.jp>
Approved by: re (kensmith)
Revision Changes Path
1.233.4.1 +6 -4 src/sys/kern/vfs_aio.c
1.37.4.1 +2 -0 src/sys/sys/event.h
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200801281043.m0SAhBkg053056>