[ Friday, March 3, 2000 ] James Manning wrote:
> [root@jmm-nt /root]# nbd-client localhost 1024 /dev/nd0
> Negotiation: ..size = 104857600
> Unable to handle kernel NULL pointer dereference at virtual address 00000010
> printing eip:
> c017d446
> >>EIP; c017d446 <nbd_clear_que+1e/108> <=====
After digging through include/linux/list.h enough, I realized that the
nbd_device's queue_head's ->prev and ->next should *never* get to a
state of being NULL.
It looks like we simply never initialize the doubly-linked list so
that ->prev and ->next initialize to the location of queue_head itself,
which is the correct state for an empty list. This led to list_empty
never returning true, since ->next was never getting set to queue_head,
so the driver would try processing queue entries that simply didn't exist.
James
--- linux/drivers/block/nbd.c.orig Sat Mar 4 00:16:24 2000
+++ linux/drivers/block/nbd.c Sat Mar 4 00:16:53 2000
@@ -77,6 +77,7 @@
nbd_dev[dev].refcnt++;
if (!(nbdev->flags & NBD_INITIALISED)) {
init_MUTEX(&nbdev->queue_lock);
+ INIT_LIST_HEAD(&nbdev->queue_head);
nbdev->flags |= NBD_INITIALISED;
}
MOD_INC_USE_COUNT;
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Tue Mar 07 2000 - 21:00:16 EST