Date: Thu, 13 Mar 2025 23:21:31 +0000 From: bugzilla-noreply@freebsd.org To: fs@FreeBSD.org Subject: [Bug 215856] Prevent page fault in g_dev_orphan() after ejecting disc Message-ID: <bug-215856-3630-qZiO1fQyJI@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-215856-3630@https.bugs.freebsd.org/bugzilla/> References: <bug-215856-3630@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D215856 --- Comment #1 from commit-hook@FreeBSD.org --- A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/src/commit/?id=3Df7856fe81df2df3c4355e674d34a4c15a= 095a33c commit f7856fe81df2df3c4355e674d34a4c15a095a33c Author: Fabian Keil <fk@fabiankeil.de> AuthorDate: 2025-03-13 23:13:46 +0000 Commit: Warner Losh <imp@FreeBSD.org> CommitDate: 2025-03-13 23:20:00 +0000 g_dev_orphan(): Return early if the device is already gone The following panic was the result of running "cdcontrol eject" after using the physical ejection key on the device before the tray was actually ejected. So we have hardware racing software. The device was loaded with a DVD. Resulted in a NULL pointer dereference g_dev_orphan() at g_dev_orphan+0x2e/frame 0xfffffe01eba0a9f0 g_resize_provider_event() at g_resize_provider_event+0x71/frame 0xfffffe01eba0aa20 g_run_events() at g_run_events+0x20e/frame 0xfffffe01eba0aa70 fork_exit() at fork_exit+0x85/frame 0xfffffe01eba0aab0 fork_trampoline() at fork_trampoline+0xe/frame 0xfffffe01eba0aab0 Avoid this possibility and return early of dev is NULL already. PR: 215856 Reviewed by: imp (I've triggered this once or twice over the years too) Sponsored by: Netflix sys/geom/geom_dev.c | 3 +++ 1 file changed, 3 insertions(+) --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-215856-3630-qZiO1fQyJI>