From: Vincent Fu Date: Tue, 11 Sep 2018 13:01:56 +0000 (-0400) Subject: rate_submit: synchronize accesses to io_u_queue->nr X-Git-Tag: fio-3.10~2^2 X-Git-Url: https://git.kernel.dk/?p=fio.git;a=commitdiff_plain;h=b7aae4ba630b1dd6853f0794f00080f61b7cdc93 rate_submit: synchronize accesses to io_u_queue->nr Accesses to io_u_queue->nr are not properly synchronized in offload submission mode. put_io_u locks td but the parent td flags reflecting the need to lock are not propogated to child threads when the child threads are intialized. The main thread accesses io_u_queue->nr via io_u_qpop() as it prepares io_u's for handing off to the worker threads. The worker threads access io_u_queue->nr via io_u_qpush() as they complete io_u's. When these accesses are not protected by locks, io_u_qpop() will return NULL when it means to provide a valid io_u pointer. This occurs in offload submission mode with iodepth > 1. Fixes: 26b3a18 ("Make td_io_u_lock/unlock() explicit") --- diff --git a/rate-submit.c b/rate-submit.c index 5c77a4e8..2f02fe2b 100644 --- a/rate-submit.c +++ b/rate-submit.c @@ -126,7 +126,7 @@ static int io_workqueue_init_worker_fn(struct submit_worker *sw) clear_io_state(td, 1); td_set_runstate(td, TD_RUNNING); - td->flags |= TD_F_CHILD; + td->flags |= TD_F_CHILD | TD_F_NEED_LOCK; td->parent = parent; return 0;