From 6b74887f0306adaba6eac4e30d8bcbc817fce9f4 Mon Sep 17 00:00:00 2001 From: Toomas Soome Date: Sat, 19 Oct 2019 08:08:06 +0000 Subject: [PATCH] loader: zfs_fmtdev can crash when pool discovery did fail and we have no spa When zfs probe did fail and no spa was created, but zfs_fmtdev() is called, we will crash while dereferencing spa (NULL pointer dereference). MFC after: 1 week --- stand/libsa/zfs/zfs.c | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/stand/libsa/zfs/zfs.c b/stand/libsa/zfs/zfs.c index c4d3df4244d4..6a8d523fb798 100644 --- a/stand/libsa/zfs/zfs.c +++ b/stand/libsa/zfs/zfs.c @@ -769,11 +769,16 @@ zfs_fmtdev(void *vdev) if (dev->dd.d_dev->dv_type != DEVT_ZFS) return (buf); - if (dev->pool_guid == 0) { - spa = STAILQ_FIRST(&zfs_pools); + /* Do we have any pools? */ + spa = STAILQ_FIRST(&zfs_pools); + if (spa == NULL) + return (buf); + + if (dev->pool_guid == 0) dev->pool_guid = spa->spa_guid; - } else + else spa = spa_find_by_guid(dev->pool_guid); + if (spa == NULL) { printf("ZFS: can't find pool by guid\n"); return (buf);