Re: [PATCH] Encountered a Null Pointer Problem on the SCSI Layer

From: Stephan von Krawczynski (skraw@ithnet.com)
Date: Mon Feb 18 2002 - 18:01:39 EST


> A while ago, I reported that I encountered a null pointer problem
> on the SCSI layer when I was testing Mingming Cao's diskio patch
> "diskio-stat-rq-2414" on 2.4.14.
>
> Mingming's patch is at http://sourceforge.net/projects/lse/.
>
> The code in sd_find_queue() that protects against accessing a
> non-existent device is not correct. After my patch was sent out,
> Pete Zaitcev of Red Hat identified a similar problem in
> sd_init_command of the same file.
>
> Let's consider sd_find_queue().
>
> If the array pointed by rscsi_disk has been allocated,
> dpnt cannot be null.
>
> If rscsi_disk has NOT been allocated, dpnt =
&rscsi_disks[target]
> may NOT be null, and it depends on the value of target. Thus,
> "if (!dpnt)" is not sufficient anyway.
>
> You can also look at sd_attach(), in which "if (!dpnt->device)"
is
> tested, not "if (!dpnt)".
>
> Please check.
                                                                      
Are you 100% sure, that there is no case where
dpnt==NULL? Because if there is such a possibility, your patch will
blow up.
It would be completely safe to check both
                                                                      
(!dpnt && !dpnt->device)
                                                                      
Regards,
Stephan
                                                                      
                                                                      
>
> The following patch is based on the 2.4.18-pre7 code:
>
----------------------------------------------------------------------
-----
> --- linux/drivers/scsi/sd.c Mon Feb 18 13:36:42 2002
> +++ linux-2.4.17-diskio/drivers/scsi/sd.c Mon Feb 18 13:29:34 2002
> @@ -279,7 +279,7 @@
> target = DEVICE_NR(dev);
>
> dpnt = &rscsi_disks[target];
> - if (!dpnt)
> + if (!dpnt->device)
> return NULL; /* No such device */
> return &dpnt->device->request_queue;
> }
> @@ -302,7 +302,7 @@
>
> dpnt = &rscsi_disks[dev];
> if (devm >= (sd_template.dev_max << 4) ||
> - !dpnt ||
> + !dpnt->device ||
> !dpnt->device->online ||
> block + SCpnt->request.nr_sectors > sd[devm].nr_sects) {
> SCSI_LOG_HLQUEUE(2, printk("Finishing %ld sectors\n",
SCpnt->request.nr_sectors));
>
----------------------------------------------------------------------
-----
>
> Regards,
> Peter
>
> Wai Yee Peter Wong
> IBM Linux Technology Center, Performance Analysis
> email: wpeter@us.ibm.com
>
> -
> To unsubscribe from this list: send the line "unsubscribe
linux-kernel" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
> Please read the FAQ at http://www.tux.org/lkml/
>
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/



This archive was generated by hypermail 2b29 : Sat Feb 23 2002 - 21:00:16 EST