On Wed, Mar 21 2007, Johannes Weiner wrote: > Hi, > > I think I found where the NULL may come from. Please, anybody, do not > apply this patch before a trustful person reviewed it... Jens? ;) > > My thoughts on this are, that there are two possibilities cfqq->next_rq > could be NULL: End of list or a bug when it is set (or not set). > But why does RB_EMPTY_ROOT() as last call in this loop does not trigger? > > Did I even get the right place on where the NULL pointer dereference > happens? :) > > =Hannes > > Signed-off-by: Johannes Weiner <[EMAIL PROTECTED]>
> diff --git a/block/cfq-iosched.c b/block/cfq-iosched.c > index b6491c0..ca84f0b 100644 > --- a/block/cfq-iosched.c > +++ b/block/cfq-iosched.c > @@ -961,8 +961,8 @@ __cfq_dispatch_requests(struct cfq_data *cfqd, struct > cfq_queue *cfqq, > /* > * follow expired path, else get first next available > */ > - if ((rq = cfq_check_fifo(cfqq)) == NULL) > - rq = cfqq->next_rq; > + if (!(rq = cfq_check_fifo(cfqq)) && !(rq = cfqq->next_rq)) > + break; That still only hides a bug. It is illegal for ->next_rq to be NULL while the RB tree is non-empty. -- Jens Axboe - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/