diff options
| author | Mark Johnston <markj@FreeBSD.org> | 2025-12-14 17:20:38 +0000 |
|---|---|---|
| committer | Mark Johnston <markj@FreeBSD.org> | 2025-12-14 17:44:37 +0000 |
| commit | fa259d156d43966db95fe0f5cc15a0e6af206ff7 (patch) | |
| tree | e39cf998c9600bfb7492d3c422bc04bf25ca3c4a /sys/contrib | |
| parent | 8be8642826099368208efb2c1222f2a102cc5b08 (diff) | |
FreeBSD: Fix a potential null dereference in zfs_freebsd_fsync()
In general it's possible for a vnode to not have an associated VM
object. This happens in particular with named pipes, which have
some distinct VOPs, defined in zfs_fifoops. Thus, this chunk of
zfs_freebsd_fsync() needs to check for the FIFO case, like other
vm_object_mightbedirty() callers do.
(Note that vn_flush_cached_data() calls are predicated on
zn_has_cached_data() returning true, and it checks for a NULL v_object
pointer already.)
Fixes: ef4058fcdc01838117dd93a654228bac7487a37c
Reported-by: Collin Funk <collin.funk1@gmail.com>
Reviewed-by: Sean Eric Fagan <sef@FreeBSD.org>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Reviewed-by: Alexander Motin <alexander.motin@TrueNAS.com>
Signed-off-by: Mark Johnston <markj@FreeBSD.org>
Closes #18015
MFC after: 3 days
Diffstat (limited to 'sys/contrib')
| -rw-r--r-- | sys/contrib/openzfs/module/os/freebsd/zfs/zfs_vnops_os.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/sys/contrib/openzfs/module/os/freebsd/zfs/zfs_vnops_os.c b/sys/contrib/openzfs/module/os/freebsd/zfs/zfs_vnops_os.c index 8a9d23d0d554..05ac77741d4f 100644 --- a/sys/contrib/openzfs/module/os/freebsd/zfs/zfs_vnops_os.c +++ b/sys/contrib/openzfs/module/os/freebsd/zfs/zfs_vnops_os.c @@ -5275,7 +5275,7 @@ zfs_freebsd_fsync(struct vop_fsync_args *ap) * Push any dirty mmap()'d data out to the DMU and ZIL, ready for * zil_commit() to be called in zfs_fsync(). */ - if (vm_object_mightbedirty(vp->v_object)) { + if (vp->v_object != NULL && vm_object_mightbedirty(vp->v_object)) { zfs_vmobject_wlock(vp->v_object); if (!vm_object_page_clean(vp->v_object, 0, 0, 0)) err = SET_ERROR(EIO); |