lib/43919: EFAULT is not documented in aio_read

[alnsn%yandex.ru@localhost]

>Number:         43919
>Category:       lib
>Synopsis:       EFAULT is not documented in aio_read
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    lib-bug-people
>State:          open
>Class:          doc-bug
>Submitter-Id:   net
>Arrival-Date:   Tue Sep 28 11:50:00 +0000 2010
>Originator:     Alexander Nasonov
>Release:        NetBSD-current
>Organization:
N/A
>Environment:
I don't have an access to that machine at the moment.
>Description:
If struct aiocb is read-only protected, aio_read returns error and sets errno 
to EFAULT. The error is not documented.

Actually, neither POSIX nor man page are clear about read-only aiocb. They 
allude to illegal addresses (invalid references) but a pointer to read-only 
page is a legal address.

POSIX: "If the buffer pointed to by aiocbp->aio_buf or the control block 
pointed to by aiocbp becomes an illegal address prior to asynchronous I/O 
completion, then the behaviour is undefined."

aio_read(3):

"If the request is successfully enqueued, the value of aiocbp->aio_offset can 
be modified during the request as context, so this value must not be referenced 
after the request is enqueued."

"The Asynchronous I/O Control Block structure pointed to by aiocbp and the 
buffer that the aiocbp->aio_buf member of that structure references must remain 
valid until the operation has completed."
>How-To-Repeat:
 - Allocate space for struct aiocb using mmap
 - Properly initialise members of aiocb
 - Call mprotect with PROT_READ and pass a pointer to allocated space
 - Call aio_read

>Fix: