From b7aae4ba630b1dd6853f0794f00080f61b7cdc93 Mon Sep 17 00:00:00 2001 From: Vincent Fu Date: Tue, 11 Sep 2018 09:01:56 -0400 Subject: [PATCH] rate_submit: synchronize accesses to io_u_queue->nr Accesses to io_u_queue->nr are not properly synchronized in offload submission mode. put_io_u locks td but the parent td flags reflecting the need to lock are not propogated to child threads when the child threads are intialized. The main thread accesses io_u_queue->nr via io_u_qpop() as it prepares io_u's for handing off to the worker threads. The worker threads access io_u_queue->nr via io_u_qpush() as they complete io_u's. When these accesses are not protected by locks, io_u_qpop() will return NULL when it means to provide a valid io_u pointer. This occurs in offload submission mode with iodepth > 1. Fixes: 26b3a18 ("Make td_io_u_lock/unlock() explicit") --- rate-submit.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rate-submit.c b/rate-submit.c index 5c77a4e8..2f02fe2b 100644 --- a/rate-submit.c +++ b/rate-submit.c @@ -126,7 +126,7 @@ static int io_workqueue_init_worker_fn(struct submit_worker *sw) clear_io_state(td, 1); td_set_runstate(td, TD_RUNNING); - td->flags |= TD_F_CHILD; + td->flags |= TD_F_CHILD | TD_F_NEED_LOCK; td->parent = parent; return 0; -- 2.25.1