Possible bug in block/bounce.c

Possible bug in block/bounce.c

[Ziyang Li]

Hi all:

I hope this is the right place to ask about a potential bug in bounce.c. So on line 329 we assign the result of `mempool_alloc` to `to->bv_page` but we never check if `to->bv_page` is a valid pointer, also given that this variable is dereferenced in inc_zone_page_state. I wonder if we should add something like `if (to->bv_page == null)` here?

329: to->bv_page = mempool_alloc(pool, q->bounce_gfp);
330: inc_zone_page_state(to->bv_page, NR_BOUNCE);

Best,
Ziyang

Re: Possible bug in block/bounce.c

[Jens Axboe]

On 7/15/20 9:50 AM, Ziyang Li wrote:
> Hi all:
> 
> I hope this is the right place to ask about a potential bug in
> bounce.c. So on line 329 we assign the result of `mempool_alloc` to
> `to->bv_page` but we never check if `to->bv_page` is a valid pointer,
> also given that this variable is dereferenced in inc_zone_page_state.
> I wonder if we should add something like `if (to->bv_page == null)`
> here?
> 
> 329: to->bv_page = mempool_alloc(pool, q->bounce_gfp);
> 330: inc_zone_page_state(to->bv_page, NR_BOUNCE);

bounce_gfp must have __GFP_WAIT set, which guarantees that
mempool_alloc() will always (eventually) return an allocation
successfully.

-- 
Jens Axboe