diff options
author | dillon <dillon@FreeBSD.org> | 2003-01-20 17:46:48 +0000 |
---|---|---|
committer | dillon <dillon@FreeBSD.org> | 2003-01-20 17:46:48 +0000 |
commit | e7be7a0432de3e374a6d4cfedc0ef5c8b264a021 (patch) | |
tree | 9f8f2a306dcef88eb5da009ebff53701aaaeee2b /sys/kern/vfs_aio.c | |
parent | a752ec7b60312f295643dc7eb37ec1318d8c7412 (diff) | |
download | FreeBSD-src-e7be7a0432de3e374a6d4cfedc0ef5c8b264a021.zip FreeBSD-src-e7be7a0432de3e374a6d4cfedc0ef5c8b264a021.tar.gz |
Close the remaining user address mapping races for physical
I/O, CAM, and AIO. Still TODO: streamline useracc() checks.
Reviewed by: alc, tegge
MFC after: 7 days
Diffstat (limited to 'sys/kern/vfs_aio.c')
-rw-r--r-- | sys/kern/vfs_aio.c | 15 |
1 files changed, 13 insertions, 2 deletions
diff --git a/sys/kern/vfs_aio.c b/sys/kern/vfs_aio.c index bffdf71..9532ff2 100644 --- a/sys/kern/vfs_aio.c +++ b/sys/kern/vfs_aio.c @@ -1124,8 +1124,19 @@ aio_qphysio(struct proc *p, struct aiocblist *aiocbe) } } - /* Bring buffer into kernel space. */ - vmapbuf(bp); + /* + * Bring buffer into kernel space. + * + * Note that useracc() alone is not a + * sufficient test. vmapbuf() can still fail + * due to a smaller file mapped into a larger + * area of VM, or if userland races against + * vmapbuf() after the useracc() check. + */ + if (vmapbuf(bp) < 0) { + error = EFAULT; + goto doerror; + } s = splbio(); aiocbe->bp = bp; |