[Bug 206699] [Hyper-V]FreeBSD potential NULL pointer dereference in storage bounce buffer

bugzilla-noreply at freebsd.org bugzilla-noreply at freebsd.org
Thu Jan 28 01:33:25 UTC 2016


            Bug ID: 206699
           Summary: [Hyper-V]FreeBSD potential NULL pointer dereference in
                    storage bounce buffer
           Product: Base System
           Version: 10.2-STABLE
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Many People
          Priority: ---
         Component: kern
          Assignee: freebsd-bugs at FreeBSD.org
          Reporter: honzhan at microsoft.com

Created attachment 166215
  --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=166215&action=edit
Patch to fix the NULL pointer dereference

This bug is reported from NetApp:
We found, what we believe to be, a bug in storvsc_create_bounce_buffer and


A panic was hit when the g_hv_sgl_page_pool.in_use_sgl_list list is empty.  The
remove of a NULL sgl_node causes a page fault.

To address this (and the same code in create_bounce_buffer), we added a
LIST_EMPTY check prior to calling LIST_FIRST and LIST_REMOVE.

This bug cannot be easily reproduced. It may be triggered in some corner case.

You are receiving this mail because:
You are the assignee for the bug.

More information about the freebsd-bugs mailing list