Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1760514AbXJQSTV (ORCPT ); Wed, 17 Oct 2007 14:19:21 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S1756560AbXJQSTN (ORCPT ); Wed, 17 Oct 2007 14:19:13 -0400 Received: from smtp2.linux-foundation.org ([207.189.120.14]:57635 "EHLO smtp2.linux-foundation.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1755905AbXJQSTM (ORCPT ); Wed, 17 Oct 2007 14:19:12 -0400 Date: Wed, 17 Oct 2007 11:18:36 -0700 (PDT) From: Linus Torvalds To: Jens Axboe cc: Ingo Molnar , linux-kernel@vger.kernel.org, Andrew Morton Subject: Re: [bug] block subsystem related crash with latest -git In-Reply-To: <20071017180042.GP15552@kernel.dk> Message-ID: References: <20071017154655.GA13394@elte.hu> <20071017165949.GF15552@kernel.dk> <20071017170804.GG15552@kernel.dk> <20071017180042.GP15552@kernel.dk> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=us-ascii Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 941 Lines: 25 On Wed, 17 Oct 2007, Jens Axboe wrote: > > > > So avoiding the "sg_next()" on the last entry is pointless. > > Yeah, I didn't quite understand why if sg was valid, why dereferencing > *(sg + 1)->page would crap out :/ Actually, I take that back. If 'sg' is the last entry in a *non*linked scatter-gather list (ie we don't use the last entry as a link, we actually use it as a real SG entry), then "sg_next(sg)" will indeed access past the end of the whole allocated array, and will access one past the end. And with page-alloc debugging, that *will* blow up. So I think your change to use "sg_next()" only when you actually need a next pointer is the correct one after all. Linus - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/