I encountered a null pointer problem on the SCSI layer when
I was testing Mingming Cao's diskio patch "diskio-stat-rq-2414"
on 2.4.14.
Mingming's patch is at http://sourceforge.net/projects/lse/.
The code in sd_find_queue() that protects against accessing a
non-existent device is not correct. The patch to fix it is given
below. Please check.
The following patch is based on the 2.4.18-pre7 code:
---------------------------------------------------------------------------
--- linux/drivers/scsi/sd.c Fri Jan 25 14:01:07 2002
+++ linux-2.4.17-diskio/drivers/scsi/sd.c Fri Jan 25 13:57:01 2002
@@ -279,7 +279,7 @@
target = DEVICE_NR(dev);
dpnt = &rscsi_disks[target];
- if (!dpnt)
+ if (!dpnt->device)
return NULL; /* No such device */
return &dpnt->device->request_queue;
}
---------------------------------------------------------------------------
Regards,
Peter
Wai Yee Peter Wong
IBM Linux Technology Center, Performance Analysis
email: [email protected]
> --- linux/drivers/scsi/sd.c Fri Jan 25 14:01:07 2002
> +++ linux-2.4.17-diskio/drivers/scsi/sd.c Fri Jan 25 13:57:01 2002
> @@ -279,7 +279,7 @@
> target = DEVICE_NR(dev);
>
> dpnt = &rscsi_disks[target];
> - if (!dpnt)
> + if (!dpnt->device)
> return NULL; /* No such device */
> return &dpnt->device->request_queue;
> }
> Wai Yee Peter Wong
There's one more of theese
--- linux-2.4.18-pre1/drivers/scsi/sd.c Fri Nov 9 14:05:06 2001
+++ linux-2.4.18-pre1-p3/drivers/scsi/sd.c Mon Jan 28 14:46:11 2002
@@ -302,7 +302,7 @@
dpnt = &rscsi_disks[dev];
if (devm >= (sd_template.dev_max << 4) ||
- !dpnt ||
+ !dpnt->device ||
!dpnt->device->online ||
block + SCpnt->request.nr_sectors > sd[devm].nr_sects) {
SCSI_LOG_HLQUEUE(2, printk("Finishing %ld sectors\n", SCpnt->request.nr_sectors));
-- Pete
> From: Jesper Juhl <[email protected]>
> Date: Tue, 29 Jan 2002 00:57:02 +0100
> > - if (!dpnt)
> > + if (!dpnt->device)
> > return NULL; /* No such device */
>
> Maybe I don't understand this right, but shouldn't that be
>
> if (!dpnt || !dpnt->device)
> return NULL; /* No such device */
In both cases, the code is like this:
dpnt = &rscsi_disks[dev_nr];
if (!dpnt->device)
return NULL;
So, it is unlikely that dpnt would be zero. It could be if rscsi_disks
were NULL, and in such case whole logics is toast.
-- Pete
Might I suggest adding the below instead of swapping it out?
-d
>--- linux-2.4.18-pre1/drivers/scsi/sd.c Fri Nov 9 14:05:06 2001
>+++ linux-2.4.18-pre1-p3/drivers/scsi/sd.c Mon Jan 28 14:46:11 2002
>@@ -302,7 +302,7 @@
>
> dpnt = &rscsi_disks[dev];
> if (devm >= (sd_template.dev_max << 4) ||
>- !dpnt ||
>+ !dpnt->device ||
> !dpnt->device->online ||
> block + SCpnt->request.nr_sectors > sd[devm].nr_sects) {
> SCSI_LOG_HLQUEUE(2, printk("Finishing %ld sectors\n", SCpnt->request.nr_sectors));
>
Jesper,
Let's use sd_find_queue() as an example.
If the array pointed by rscsi_disk has been allocated,
dpnt cannot be null.
If rscsi_disk has not been allocated, dpnt = &rscsi_disks[target]
may not be null depending on the value of target. Thus, "if (!dpnt)"
is not sufficient anyway.
You can also look at sd_attach(), in which "if (!dpnt->device)" is
tested, not "if (!dpnt)".
Regards,
Peter
Wai Yee Peter Wong
IBM Linux Technology Center, Performance Analysis
email: [email protected]
Jesper Juhl
<[email protected]> To: "'Pete Zaitcev '" <[email protected]>, Peter Wong/Austin/IBM@IBMUS,
"'[email protected] '" <[email protected]>
01/28/02 05:57 PM cc: "'Jens Axboe '" <[email protected]>
Subject: RE: Encountered a Null Pointer Problem on the SCSI Layer
> - if (!dpnt)
> + if (!dpnt->device)
> return NULL; /* No such device */
Maybe I don't understand this right, but shouldn't that be
if (!dpnt || !dpnt->device)
return NULL; /* No such device */
?
Best regards,
Jesper Juhl
[email protected]
Pete Zaitcev <[email protected]> said:
> > --- linux/drivers/scsi/sd.c Fri Jan 25 14:01:07 2002
> > +++ linux-2.4.17-diskio/drivers/scsi/sd.c Fri Jan 25 13:57:01 2002
> > @@ -279,7 +279,7 @@
> > target = DEVICE_NR(dev);
> >
> > dpnt = &rscsi_disks[target];
> > - if (!dpnt)
> > + if (!dpnt->device)
> > return NULL; /* No such device */
> > return &dpnt->device->request_queue;
> > }
>
> > Wai Yee Peter Wong
>
> There's one more of theese
>
> --- linux-2.4.18-pre1/drivers/scsi/sd.c Fri Nov 9 14:05:06 2001
> +++ linux-2.4.18-pre1-p3/drivers/scsi/sd.c Mon Jan 28 14:46:11 2002
> @@ -302,7 +302,7 @@
>
> dpnt = &rscsi_disks[dev];
> if (devm >= (sd_template.dev_max << 4) ||
> - !dpnt ||
> + !dpnt->device ||
> !dpnt->device->online ||
> block + SCpnt->request.nr_sectors > sd[devm].nr_sects) {
> SCSI_LOG_HLQUEUE(2, printk("Finishing %ld sectors\n", SCpnt->re
> quest.nr_sectors));
Is is possible for dpnt to be NULL here? Should perhaps be checked...
--
Horst von Brand http://counter.li.org # 22616