Destroy the kaio_mtx on the freeing the struct kaioinfo in the

aio_proc_rundown. Do not allow for zero-length read to be passed to the fo_read file method by aio. Reported and tested by: Peter Holm Approved by: re (kensmith)
svn path=/head/; revision=171901
2007-08-20 11:53:26 +00:00 · 2007-08-20 11:53:26 +00:00 · 5114048b63 · 2020-12-20 02:59:44 +00:00
commit 5114048b63
parent 67e20930bd
1 changed files with 5 additions and 1 deletions
--- a/sys/kern/vfs_aio.c
+++ b/sys/kern/vfs_aio.c
@ -719,6 +719,7 @@ aio_proc_rundown(void *arg, struct proc *p)
 	}
 	AIO_UNLOCK(ki);
 	taskqueue_drain(taskqueue_aiod_bio, &ki->kaio_task);
+	mtx_destroy(&ki->kaio_mtx);
 	uma_zfree(kaio_zone, ki);
 	p->p_aioinfo = NULL;
 }
@ -837,7 +838,10 @@ aio_process(struct aiocblist *aiocbe)
 	 */
 	if (cb->aio_lio_opcode == LIO_READ) {
 		auio.uio_rw = UIO_READ;
-		error = fo_read(fp, &auio, fp->f_cred, FOF_OFFSET, td);
+		if (auio.uio_resid == 0)
+			error = 0;
+		else
+			error = fo_read(fp, &auio, fp->f_cred, FOF_OFFSET, td);
 	} else {
 		if (fp->f_type == DTYPE_VNODE)
 			bwillwrite();