A while ago, I reported that I encountered a null pointer problem on the SCSI layer when I was testing Mingming Cao's diskio patch "diskio-stat-rq-2414" on 2.4.14. Mingming's patch is at http://sourceforge.net/projects/lse/. The code in sd_find_queue() that protects against accessing a non-existent device is not correct. After my patch was sent out, Pete Zaitcev of Red Hat identified a similar problem in sd_init_command of the same file. Let's consider sd_find_queue(). If the array pointed by rscsi_disk has been allocated, dpnt cannot be null. If rscsi_disk has NOT been allocated, dpnt = &rscsi_disks[target] may NOT be null, and it depends on the value of target. Thus, "if (!dpnt)" is not sufficient anyway. You can also look at sd_attach(), in which "if (!dpnt->device)" is tested, not "if (!dpnt)". Please check. The following patch is based on the 2.4.18-pre7 code: --------------------------------------------------------------------------- --- linux/drivers/scsi/sd.c Mon Feb 18 13:36:42 2002 +++ linux-2.4.17-diskio/drivers/scsi/sd.c Mon Feb 18 13:29:34 2002 @@ -279,7 +279,7 @@ target = DEVICE_NR(dev); dpnt = &rscsi_disks[target]; - if (!dpnt) + if (!dpnt->device) return NULL; /* No such device */ return &dpnt->device->request_queue; } @@ -302,7 +302,7 @@ dpnt = &rscsi_disks[dev]; if (devm >= (sd_template.dev_max << 4) || - !dpnt || + !dpnt->device || !dpnt->device->online || block + SCpnt->request.nr_sectors > sd[devm].nr_sects) { SCSI_LOG_HLQUEUE(2, printk("Finishing %ld sectors\n", SCpnt->request.nr_sectors)); --------------------------------------------------------------------------- Regards, Peter Wai Yee Peter Wong IBM Linux Technology Center, Performance Analysis email: wpeter@us.ibm.com - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/