From 6f8f2fe58616ae4446066288b54bcca96eac69be Mon Sep 17 00:00:00 2001 From: jhb Date: Mon, 21 Mar 2016 21:37:33 +0000 Subject: Fully handle size_t lengths in AIO requests. First, update the return types of aio_return() and aio_waitcomplete() to ssize_t. POSIX requires aio_return() to return a ssize_t so that it can represent all return values from read() and write(). aio_waitcomplete() should use ssize_t for the same reason. aio_return() has used ssize_t in since r31620 but the manpage and system call entry were not updated. aio_waitcomplete() has always returned int. Note that this does not require new system call stubs as this is effectively only an API change in how the compiler interprets the return value. Second, allow aio_nbytes values up to IOSIZE_MAX instead of just INT_MAX. aio_read/write should now honor the same length limits as normal read/write. Third, use longs instead of ints in the aio_return() and aio_waitcomplete() system call functions so that the 64-bit size_t in the in-kernel aiocb isn't truncated to 32-bits before being copied out to userland or being returned. Finally, a simple test has been added to verify the bounds checking on the maximum read size from a file. --- lib/libc/sys/aio_return.2 | 4 ++-- lib/libc/sys/aio_waitcomplete.2 | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) (limited to 'lib/libc') diff --git a/lib/libc/sys/aio_return.2 b/lib/libc/sys/aio_return.2 index 2ef6c25..df55873 100644 --- a/lib/libc/sys/aio_return.2 +++ b/lib/libc/sys/aio_return.2 @@ -24,7 +24,7 @@ .\" .\" $FreeBSD$ .\" -.Dd October 7, 2006 +.Dd March 21, 2016 .Dt AIO_RETURN 2 .Os .Sh NAME @@ -34,7 +34,7 @@ .Lb libc .Sh SYNOPSIS .In aio.h -.Ft int +.Ft ssize_t .Fn aio_return "struct aiocb *iocb" .Sh DESCRIPTION The diff --git a/lib/libc/sys/aio_waitcomplete.2 b/lib/libc/sys/aio_waitcomplete.2 index 885b3d7..66e7208 100644 --- a/lib/libc/sys/aio_waitcomplete.2 +++ b/lib/libc/sys/aio_waitcomplete.2 @@ -24,7 +24,7 @@ .\" .\" $FreeBSD$ .\" -.Dd January 19, 2000 +.Dd March 21, 2016 .Dt AIO_WAITCOMPLETE 2 .Os .Sh NAME @@ -34,7 +34,7 @@ .Lb libc .Sh SYNOPSIS .In aio.h -.Ft int +.Ft ssize_t .Fn aio_waitcomplete "struct aiocb **iocbp" "struct timespec *timeout" .Sh DESCRIPTION The -- cgit v1.1