Null dereference in disk_conditioner_delay
| Originator: | joh07467 | ||
| Number: | rdar://37723855 | Date Originated: | 02/20/2018 |
| Status: | open | Resolved: | |
| Product: | Mac OS X | Product Version: | 10.13 |
| Classification: | Reproducible: | yes |
Our dkreadwritecompletion() function calls into xnu/bsd/vfs/vfs_bio.c@buf_biodone(), which eventually calls a newish function, xnu/bsd/vfs/vfs_disk_conditioner.c@disk_conditioner_delay(). buf_biodone() populates the mount_t structure only if (buf_t bp)'s vnode member is not null. However, disk_conditioner_delay() doesn't make this check. It does: mp = buf_vnode(bp)->v_mount; This doesn't protect against buf_vnode(bp) returning NULL which results in a crash in my code. I haven't ruled out that my code is causing the vnode member to be NULL, but it wouldn't cause a crash anyway if it were coded in a defensive manner like buf_biodone() is. Steps to Reproduce: Pass a bp with a null bp->b_bp member into disk_conditioner_delay(). Expected Results: No panic. Actual Results: Panic. Version/Build: 10.13.3 17D47 Configuration: We have an ATTO card and fibre channel storage that this is writing to.
Comments
Please note: Reports posted here will not necessarily be seen by Apple. All problems should be submitted at bugreport.apple.com before they are posted here. Please only post information for Radars that you have filed yourself, and please do not include Apple confidential information in your posts. Thank you!