ailto:dev-commits-src-all+unsubscribe@freebsd.org> X-BeenThere: dev-commits-src-all@freebsd.org Sender: owner-dev-commits-src-all@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: markj X-Git-Repository: src X-Git-Refname: refs/heads/releng/15.0 X-Git-Reftype: branch X-Git-Commit: ff6b9c7c1c3494f143879a98d645f5e682babf2c Auto-Submitted: auto-generated Date: Tue, 16 Dec 2025 23:42:59 +0000 Message-Id: <6941ee83.2397e.32ee3da2@gitrepo.freebsd.org> The branch releng/15.0 has been updated by markj: URL: https://cgit.FreeBSD.org/src/commit/?id=ff6b9c7c1c3494f143879a98d645f5e682babf2c commit ff6b9c7c1c3494f143879a98d645f5e682babf2c Author: Mark Johnston AuthorDate: 2025-12-14 17:20:38 +0000 Commit: Mark Johnston CommitDate: 2025-12-16 16:01:07 +0000 zfs: Merge commit 86b064469dc9c2 from OpenZFS FreeBSD: Fix a potential null dereference in zfs_freebsd_fsync() In general it's possible for a vnode to not have an associated VM object. This happens in particular with named pipes, which have some distinct VOPs, defined in zfs_fifoops. Thus, this chunk of zfs_freebsd_fsync() needs to check for the FIFO case, like other vm_object_mightbedirty() callers do. (Note that vn_flush_cached_data() calls are predicated on zn_has_cached_data() returning true, and it checks for a NULL v_object pointer already.) Fixes: ef4058fcdc01838117dd93a654228bac7487a37c Reported-by: Collin Funk Reviewed-by: Sean Eric Fagan Reviewed-by: Brian Behlendorf Reviewed-by: Alexander Motin Signed-off-by: Mark Johnston Closes #18015 MFC after: 3 days Approved by: so Security: FreeBSD-EN-25:19.zfs (cherry picked from commit fa259d156d43966db95fe0f5cc15a0e6af206ff7) (cherry picked from commit d988a0c1fc4cf75d5c4c9820fd2a5619d59ac608) --- sys/contrib/openzfs/module/os/freebsd/zfs/zfs_vnops_os.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sys/contrib/openzfs/module/os/freebsd/zfs/zfs_vnops_os.c b/sys/contrib/openzfs/module/os/freebsd/zfs/zfs_vnops_os.c index 8a9d23d0d554..05ac77741d4f 100644 --- a/sys/contrib/openzfs/module/os/freebsd/zfs/zfs_vnops_os.c +++ b/sys/contrib/openzfs/module/os/freebsd/zfs/zfs_vnops_os.c @@ -5275,7 +5275,7 @@ zfs_freebsd_fsync(struct vop_fsync_args *ap) * Push any dirty mmap()'d data out to the DMU and ZIL, ready for * zil_commit() to be called in zfs_fsync(). */ - if (vm_object_mightbedirty(vp->v_object)) { + if (vp->v_object != NULL && vm_object_mightbedirty(vp->v_object)) { zfs_vmobject_wlock(vp->v_object); if (!vm_object_page_clean(vp->v_object, 0, 0, 0)) err = SET_ERROR(EIO);