From a2f768f61fc4b4216b095a5937bbf0c9baaeffe9 Mon Sep 17 00:00:00 2001 From: Mark Johnston Date: Mon, 8 Dec 2025 16:46:30 -0500 Subject: [PATCH] FreeBSD: Fix a potential null dereference in zfs_freebsd_fsync() In general it's possible for a vnode to not have an associated VM object. This happens in particular with named pipes, which have some distinct VOPs, defined in zfs_fifoops. Thus, this chunk of zfs_freebsd_fsync() needs to check for the FIFO case, like other vm_object_mightbedirty() callers do. (Note that vn_flush_cached_data() calls are predicated on zn_has_cached_data() returning true, and it checks for a NULL v_object pointer already.) Fixes: ef4058fcdc01838117dd93a654228bac7487a37c Reported-by: Collin Funk Reviewed-by: Sean Eric Fagan Reviewed-by: Brian Behlendorf Reviewed-by: Alexander Motin Signed-off-by: Mark Johnston Closes #18015 --- module/os/freebsd/zfs/zfs_vnops_os.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/module/os/freebsd/zfs/zfs_vnops_os.c b/module/os/freebsd/zfs/zfs_vnops_os.c index b2b347361..9b90a2c3e 100644 --- a/module/os/freebsd/zfs/zfs_vnops_os.c +++ b/module/os/freebsd/zfs/zfs_vnops_os.c @@ -5277,7 +5277,7 @@ zfs_freebsd_fsync(struct vop_fsync_args *ap) * Push any dirty mmap()'d data out to the DMU and ZIL, ready for * zil_commit() to be called in zfs_fsync(). */ - if (vm_object_mightbedirty(vp->v_object)) { + if (vp->v_object != NULL && vm_object_mightbedirty(vp->v_object)) { zfs_vmobject_wlock(vp->v_object); if (!vm_object_page_clean(vp->v_object, 0, 0, 0)) err = SET_ERROR(EIO);