io_u: ensure buflen is capped at maxbs

If we use bsranges and the maxbs isn't a natural multiple of the minbs,
then we can generate sizes that are larger than maxbs. Ensure that we
cap the buffer length generated at maxbs.

Sample workload and problem report:

fio --name=App2 --size=10m --rw=read --blocksize_range=3k-10k

App2: (g=0): rw=read, bs=(R) 3072B-10.0KiB, (W) 3072B-10.0KiB, (T) 3072B-10.0KiB, ioengine=psync, iodepth=1
fio-3.12-17-g0fcbc0
Starting 1 process
*** Error in `fio': double free or corruption (!prev): 0x0000555f92a80a60 ***
fio: pid=1468, got signal=6

App2: (groupid=0, jobs=1): err= 0: pid=1468: Wed Dec 12 19:09:07 2018
read: IOPS=8365, BW=52.9MiB/s (55.5MB/s)(9.00MiB/189msec)
clat (nsec): min=874, max=74912k, avg=116222.51, stdev=2186743.16
lat (nsec): min=912, max=74912k, avg=116373.83, stdev=2186743.70
clat percentiles (nsec):
| 1.00th=[ 964], 5.00th=[ 1128], 10.00th=[ 1368],
| 20.00th=[ 1672], 30.00th=[ 2008], 40.00th=[ 2288],
| 50.00th=[ 2704], 60.00th=[ 3088], 70.00th=[ 3536],
| 80.00th=[ 4768], 90.00th=[ 6304], 95.00th=[ 8160],
| 99.00th=[ 544768], 99.50th=[ 2113536], 99.90th=[30539776],
| 99.95th=[74973184], 99.99th=[74973184]
lat (nsec) : 1000=1.52%
lat (usec) : 2=28.34%, 4=44.85%, 10=21.70%, 20=0.51%, 50=0.32%
lat (usec) : 250=0.25%, 500=1.20%, 750=0.76%
lat (msec) : 4=0.25%, 20=0.13%, 50=0.13%, 100=0.06%
cpu : usr=3.72%, sys=3.72%, ctx=43, majf=0, minf=14
IO depths : 1=100.0%, 2=0.0%, 4=0.0%, 8=0.0%, 16=0.0%, 32=0.0%, >=64=0.0%
submit : 0=0.0%, 4=100.0%, 8=0.0%, 16=0.0%, 32=0.0%, 64=0.0%, >=64=0.0%
complete : 0=0.0%, 4=100.0%, 8=0.0%, 16=0.0%, 32=0.0%, 64=0.0%, >=64=0.0%
issued rwts: total=1581,0,0,0 short=0,0,0,0 dropped=0,0,0,0
latency : target=0, window=0, percentile=100.00%, depth=1

Run status group 0 (all jobs):
READ: bw=52.9MiB/s (55.5MB/s), 52.9MiB/s-52.9MiB/s (55.5MB/s-55.5MB/s), io=9.00MiB (10.5MB), run=189-189msec

Disk stats (read/write):
sda: ios=24/0, merge=0/0, ticks=188/0, in_queue=260, util=55.70%

Fixes: https://github.com/axboe/fio/issues/726
Signed-off-by: Jens Axboe <axboe@kernel.dk>

diff --git a/io_u.c b/io_u.c
index 1604ff84b94edc14dea508589e683dfecdd95baa..bee99c3798d8474afcfaaa71a0bc8d1a0c7de2d8 100644 (file)
--- a/io_u.c
+++ b/io_u.c
@@ -570,8 +570,10 @@ static unsigned long long get_next_buflen(struct thread_data *td, struct io_u *i
                power_2 = is_power_of_2(minbs);
                if (!td->o.bs_unaligned && power_2)
                        buflen &= ~(minbs - 1);
-               else if (!td->o.bs_unaligned && !power_2) 
-                       buflen -= buflen % minbs; 
+               else if (!td->o.bs_unaligned && !power_2)
+                       buflen -= buflen % minbs;
+               if (buflen > maxbs)
+                       buflen = maxbs;
        } while (!io_u_fits(td, io_u, buflen));
 
        return buflen;