Re: PROBLEM: null pointer dereference in cfq_dispatch_requests (2.6.21-rc2 and 2.6.20)
From: Johannes Weiner
Date: Wed Mar 21 2007 - 15:04:36 EST
Hi,
I think I found where the NULL may come from. Please, anybody, do not
apply this patch before a trustful person reviewed it... Jens? ;)
My thoughts on this are, that there are two possibilities cfqq->next_rq
could be NULL: End of list or a bug when it is set (or not set).
But why does RB_EMPTY_ROOT() as last call in this loop does not trigger?
Did I even get the right place on where the NULL pointer dereference
happens? :)
=Hannes
Signed-off-by: Johannes Weiner <hannes-kernel@xxxxxxxxxxxx>
diff --git a/block/cfq-iosched.c b/block/cfq-iosched.c
index b6491c0..ca84f0b 100644
--- a/block/cfq-iosched.c
+++ b/block/cfq-iosched.c
@@ -961,8 +961,8 @@ __cfq_dispatch_requests(struct cfq_data *cfqd, struct cfq_queue *cfqq,
/*
* follow expired path, else get first next available
*/
- if ((rq = cfq_check_fifo(cfqq)) == NULL)
- rq = cfqq->next_rq;
+ if (!(rq = cfq_check_fifo(cfqq)) && !(rq = cfqq->next_rq))
+ break;
/*
* finally, insert request into driver dispatch list