Home » Mailing list archives » linux-kernel » 2008 » September » 28

Re: scatterlist.c: bug in sg_next()?

Previous thread: [PATCH] AMD IOMMU: use iommu_device_max_index by FUJITA Tomonori on Sunday, September 28, 2008 - 8:06 am. (4 messages)

Next thread: none
[view original message]
From: Leon Woestenberg
Subject: scatterlist.c: bug in sg_next()?
Date: Sunday, September 28, 2008 - 8:15 am

Hello,

I was code-inspecting 2.6.27-r7 through git web, when I came across this:

In sg_next(), after following a chain_ptr, a few more checks should be
performed.
The rare case exists that the first entry in the chained list is a
last marker, in case NULL must be returned.

Can someone confirm and cook a patch?

struct scatterlist *sg_next(struct scatterlist *sg)
{
  if (sg_is_last(sg))
    return NULL;
  sg++;
  if (unlikely(sg_is_chain(sg))) {
     sg = sg_chain_ptr(sg);
+#ifdef CONFIG_DEBUG_SG
+ BUG_ON(sg->sg_magic != SG_MAGIC);
+#endif
+   if (sg_is_last(sg))
+     return NULL;
  }
  return sg;
}

Signed-off-by: Leon Woestenberg <leon@sidebranch.com>

Regards,
-- 
Leon
--


[ message continues ]
[view original message]
From: Boaz Harrosh
Subject: Re: scatterlist.c: bug in sg_next()?
Date: Sunday, September 28, 2008 - 8:28 am

No! the last marker is set on a valid sg entry. Only it's next
is no longer valid. So the check at the top is for the Next-sg
not the passed-in-sg. What you thought of is a NULL terminating
sg-list. The end marker is so to save the extra NULL entry.

Boaz

--


[ message continues ]
[view original message]
From: Leon Woestenberg
Subject: Re: scatterlist.c: bug in sg_next()?
Date: Sunday, September 28, 2008 - 8:51 am

Hello,

Ah yes, the lower bit magic. Thanks!

Sorry for the noise.

Regards,
-- 
Leon
--


[ message continues ]
Previous thread: [PATCH] AMD IOMMU: use iommu_device_max_index by FUJITA Tomonori on Sunday, September 28, 2008 - 8:06 am. (4 messages)

Next thread: none