A while ago, I reported that I encountered a null pointer problem
on the SCSI layer when I was testing Mingming Cao's diskio patch
"diskio-stat-rq-2414" on 2.4.14.
Mingming's patch is at http://sourceforge.net/projects/lse/.
The code in sd_find_queue() that protects against accessing a
non-existent device is not correct. After my patch was sent out,
Pete Zaitcev of Red Hat identified a similar problem in
sd_init_command of the same file.
Let's consider sd_find_queue().
If the array pointed by rscsi_disk has been allocated,
dpnt cannot be null.
If rscsi_disk has NOT been allocated, dpnt = &rscsi_disks[target]
may NOT be null, and it depends on the value of target. Thus,
"if (!dpnt)" is not sufficient anyway.
You can also look at sd_attach(), in which "if (!dpnt->device)" is
tested, not "if (!dpnt)".
Please check.
The following patch is based on the 2.4.18-pre7 code:
---------------------------------------------------------------------------
--- linux/drivers/scsi/sd.c Mon Feb 18 13:36:42 2002
+++ linux-2.4.17-diskio/drivers/scsi/sd.c Mon Feb 18 13:29:34 2002
@@ -279,7 +279,7 @@
target = DEVICE_NR(dev);
dpnt = &rscsi_disks[target];
- if (!dpnt)
+ if (!dpnt->device)
return NULL; /* No such device */
return &dpnt->device->request_queue;
}
@@ -302,7 +302,7 @@
dpnt = &rscsi_disks[dev];
if (devm >= (sd_template.dev_max << 4) ||
- !dpnt ||
+ !dpnt->device ||
!dpnt->device->online ||
block + SCpnt->request.nr_sectors > sd[devm].nr_sects) {
SCSI_LOG_HLQUEUE(2, printk("Finishing %ld sectors\n", SCpnt->request.nr_sectors));
---------------------------------------------------------------------------
Regards,
Peter
Wai Yee Peter Wong
IBM Linux Technology Center, Performance Analysis
email: wpeter@us.ibm.com
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Sat Feb 23 2002 - 21:00:15 EST