From 15b87723551b424d0db4c53577b567e670c7d4d8 Mon Sep 17 00:00:00 2001 From: Jens Axboe Date: Wed, 12 Oct 2011 09:42:33 +0200 Subject: [PATCH] Fix bad random offset generation for file map If OS_RAND_MAX and FRAND_MAX are different, then ensure that we use the right one. If not, our lookup cache could be outside the allowed range, thus causing a segfault by indexing f->file_map beyond end of the array. Signed-off-by: Jens Axboe --- io_u.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/io_u.c b/io_u.c index 0bc83d22..4dcb1fce 100644 --- a/io_u.c +++ b/io_u.c @@ -158,7 +158,7 @@ static int get_next_free_block(struct thread_data *td, struct fio_file *f, static int get_next_rand_offset(struct thread_data *td, struct fio_file *f, enum fio_ddir ddir, unsigned long long *b) { - unsigned long long r, lastb; + unsigned long long rmax, r, lastb; int loops = 5; lastb = last_block(td, f, ddir); @@ -168,14 +168,14 @@ static int get_next_rand_offset(struct thread_data *td, struct fio_file *f, if (f->failed_rands >= 200) goto ffz; + rmax = td->o.use_os_rand ? OS_RAND_MAX : FRAND_MAX; do { - if (td->o.use_os_rand) { + if (td->o.use_os_rand) r = os_random_long(&td->random_state); - *b = (lastb - 1) * (r / ((unsigned long long) OS_RAND_MAX + 1.0)); - } else { + else r = __rand(&td->__random_state); - *b = (lastb - 1) * (r / ((unsigned long long) FRAND_MAX + 1.0)); - } + + *b = (lastb - 1) * (r / ((unsigned long long) rmax + 1.0)); dprint(FD_RANDOM, "off rand %llu\n", r); @@ -207,7 +207,7 @@ static int get_next_rand_offset(struct thread_data *td, struct fio_file *f, loops = 10; do { f->last_free_lookup = (f->num_maps - 1) * - (r / (OS_RAND_MAX + 1.0)); + (r / ((unsigned long long) rmax + 1.0)); if (!get_next_free_block(td, f, ddir, b)) goto ret; -- 2.25.1