On 7/15/20 9:50 AM, Ziyang Li wrote: > Hi all: > > I hope this is the right place to ask about a potential bug in > bounce.c. So on line 329 we assign the result of `mempool_alloc` to > `to->bv_page` but we never check if `to->bv_page` is a valid pointer, > also given that this variable is dereferenced in inc_zone_page_state. > I wonder if we should add something like `if (to->bv_page == null)` > here? > > 329: to->bv_page = mempool_alloc(pool, q->bounce_gfp); > 330: inc_zone_page_state(to->bv_page, NR_BOUNCE); bounce_gfp must have __GFP_WAIT set, which guarantees that mempool_alloc() will always (eventually) return an allocation successfully. -- Jens Axboe
