NetBSD Problem Report #43919

From www@NetBSD.org  Tue Sep 28 11:45:26 2010
Return-Path: <www@NetBSD.org>
Received: from mail.netbsd.org (mail.netbsd.org [204.152.190.11])
	by www.NetBSD.org (Postfix) with ESMTP id 2A45F63B9B8
	for <gnats-bugs@gnats.NetBSD.org>; Tue, 28 Sep 2010 11:45:26 +0000 (UTC)
Message-Id: <20100928114525.DDB3F63B8DB@www.NetBSD.org>
Date: Tue, 28 Sep 2010 11:45:25 +0000 (UTC)
From: alnsn@yandex.ru
Reply-To: alnsn@yandex.ru
To: gnats-bugs@NetBSD.org
Subject: EFAULT is not documented in aio_read
X-Send-Pr-Version: www-1.0

>Number:         43919
>Category:       lib
>Synopsis:       EFAULT is not documented in aio_read
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    lib-bug-people
>State:          open
>Class:          doc-bug
>Submitter-Id:   net
>Arrival-Date:   Tue Sep 28 11:50:00 +0000 2010
>Originator:     Alexander Nasonov
>Release:        NetBSD-current
>Organization:
N/A
>Environment:
I don't have an access to that machine at the moment.
>Description:
If struct aiocb is read-only protected, aio_read returns error and sets errno to EFAULT. The error is not documented.

Actually, neither POSIX nor man page are clear about read-only aiocb. They allude to illegal addresses (invalid references) but a pointer to read-only page is a legal address.

POSIX: "If the buffer pointed to by aiocbp->aio_buf or the control block pointed to by aiocbp becomes an illegal address prior to asynchronous I/O completion, then the behaviour is undefined."

aio_read(3):

"If the request is successfully enqueued, the value of aiocbp->aio_offset can be modified during the request as context, so this value must not be referenced after the request is enqueued."

"The Asynchronous I/O Control Block structure pointed to by aiocbp and the buffer that the aiocbp->aio_buf member of that structure references must remain valid until the operation has completed."
>How-To-Repeat:
 - Allocate space for struct aiocb using mmap
 - Properly initialise members of aiocb
 - Call mprotect with PROT_READ and pass a pointer to allocated space
 - Call aio_read

>Fix:
NetBSD Home
NetBSD PR Database Search
(Contact us) $NetBSD: query-full-pr,v 1.39 2013/11/01 18:47:49 spz Exp $
$NetBSD: gnats_config.sh,v 1.8 2006/05/07 09:23:38 tsutsui Exp $
Copyright © 1994-2007 The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.