| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 22 Mar 2007 20:22:34 +0100 From: Johannes Weiner <hannes-kernel@...urebad.de> To: Jens Axboe <jens.axboe@...cle.com> Cc: linux-kernel@...r.kernel.org Subject: Re: PROBLEM: null pointer dereference in cfq_dispatch_requests (2.6.21-rc2 and 2.6.20) Hi, On Thu, Mar 22, 2007 at 07:42:35PM +0100, Jens Axboe wrote: > > diff --git a/block/cfq-iosched.c b/block/cfq-iosched.c > > index b6491c0..ca84f0b 100644 > > --- a/block/cfq-iosched.c > > +++ b/block/cfq-iosched.c > > @@ -961,8 +961,8 @@ __cfq_dispatch_requests(struct cfq_data *cfqd, struct cfq_queue *cfqq, > > /* > > * follow expired path, else get first next available > > */ > > - if ((rq = cfq_check_fifo(cfqq)) == NULL) > > - rq = cfqq->next_rq; > > + if (!(rq = cfq_check_fifo(cfqq)) && !(rq = cfqq->next_rq)) > > + break; > > That still only hides a bug. It is illegal for ->next_rq to be NULL > while the RB tree is non-empty. As I noticed afterwards this isn't even the point where the NULL ptr is dereferenced. It must be in the next code-line, cfqd->queue or cfqd->queue->elevator was NULL when the oops occured or am I wrong? 'Hannes - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists