Date: Thu, 28 Jan 2016 01:33:25 +0000 From: bugzilla-noreply@freebsd.org To: freebsd-bugs@FreeBSD.org Subject: [Bug 206699] [Hyper-V]FreeBSD potential NULL pointer dereference in storage bounce buffer Message-ID: <bug-206699-8@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D206699 Bug ID: 206699 Summary: [Hyper-V]FreeBSD potential NULL pointer dereference in storage bounce buffer Product: Base System Version: 10.2-STABLE Hardware: Any OS: Any Status: New Severity: Affects Many People Priority: --- Component: kern Assignee: freebsd-bugs@FreeBSD.org Reporter: honzhan@microsoft.com Created attachment 166215 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=3D166215&action= =3Dedit Patch to fix the NULL pointer dereference This bug is reported from NetApp: -------------- We found, what we believe to be, a bug in storvsc_create_bounce_buffer and storvsc_destroy_bounce_buffer. http://fxr.watson.org/fxr/source/dev/hyperv/storvsc/hv_storvsc_drv_freebsd.= c?v=3DFREEBSD10#L1529 A panic was hit when the g_hv_sgl_page_pool.in_use_sgl_list list is empty. = The remove of a NULL sgl_node causes a page fault. To address this (and the same code in create_bounce_buffer), we added a LIST_EMPTY check prior to calling LIST_FIRST and LIST_REMOVE. -------------- This bug cannot be easily reproduced. It may be triggered in some corner ca= se. --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-206699-8>