Destroy the kaio_mtx on the freeing the struct kaioinfo in the

aio_proc_rundown. Do not allow for zero-length read to be passed to the fo_read file method by aio. Reported and tested by: Peter Holm Approved by: re (kensmith)
author: kib <kib@FreeBSD.org> 2007-08-20 11:53:26 +0000
committer: kib <kib@FreeBSD.org> 2007-08-20 11:53:26 +0000
commit: e23c502c5b8d2dd20b3e554d80c10f046307cb67 (patch)
tree: 6700df77772bc34234d170c4690b9f3dd0e3997f
parent: b3923a600f03072c03a3676cfa81200d7aaed157 (diff)
download: FreeBSD-src-e23c502c5b8d2dd20b3e554d80c10f046307cb67.zip
FreeBSD-src-e23c502c5b8d2dd20b3e554d80c10f046307cb67.tar.gz
1 files changed, 5 insertions, 1 deletions
diff --git a/sys/kern/vfs_aio.c b/sys/kern/vfs_aio.c
index 85896f2..842b435 100644
--- a/sys/kern/vfs_aio.c
+++ b/sys/kern/vfs_aio.c
@@ -719,6 +719,7 @@ restart:
 	}
 	AIO_UNLOCK(ki);
 	taskqueue_drain(taskqueue_aiod_bio, &ki->kaio_task);
+	mtx_destroy(&ki->kaio_mtx);
 	uma_zfree(kaio_zone, ki);
 	p->p_aioinfo = NULL;
 }
@@ -837,7 +838,10 @@ aio_process(struct aiocblist *aiocbe)
 	 */
 	if (cb->aio_lio_opcode == LIO_READ) {
 		auio.uio_rw = UIO_READ;
-		error = fo_read(fp, &auio, fp->f_cred, FOF_OFFSET, td);
+		if (auio.uio_resid == 0)
+			error = 0;
+		else
+			error = fo_read(fp, &auio, fp->f_cred, FOF_OFFSET, td);
 	} else {
 		if (fp->f_type == DTYPE_VNODE)
 			bwillwrite();
author	kib <kib@FreeBSD.org>	2007-08-20 11:53:26 +0000
committer	kib <kib@FreeBSD.org>	2007-08-20 11:53:26 +0000
commit	e23c502c5b8d2dd20b3e554d80c10f046307cb67 (patch)
tree	6700df77772bc34234d170c4690b9f3dd0e3997f
parent	b3923a600f03072c03a3676cfa81200d7aaed157 (diff)
download	FreeBSD-src-e23c502c5b8d2dd20b3e554d80c10f046307cb67.zip FreeBSD-src-e23c502c5b8d2dd20b3e554d80c10f046307cb67.tar.gz