From 1480ce7d72c140ec70b6a92072ecf472444f0e19 Mon Sep 17 00:00:00 2001 From: Dmitry Monakhov Date: Tue, 7 Apr 2020 22:18:42 +0300 Subject: [PATCH] engine/rdmaio: fix io_u initialization Currenly rdmaio engine fataly broken. We fill io_u buffer inside engine->init() phase, but at this point td->io_u_freelist is empty, so initialization code does nothing, so io_u->engine_data will be unitialized, later this result in null pointer dereferent in fio_rdmaio_prep() This patch moves io_u initialization to post_init() callback --- engines/rdma.c | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/engines/rdma.c b/engines/rdma.c index 43d8fa6a..f192f432 100644 --- a/engines/rdma.c +++ b/engines/rdma.c @@ -1249,8 +1249,7 @@ static int fio_rdmaio_init(struct thread_data *td) { struct rdmaio_data *rd = td->io_ops_data; struct rdmaio_options *o = td->eo; - unsigned int max_bs; - int ret, i; + int ret; if (td_rw(td)) { log_err("fio: rdma connections must be read OR write\n"); @@ -1318,6 +1317,13 @@ static int fio_rdmaio_init(struct thread_data *td) rd->is_client = 1; ret = fio_rdmaio_setup_connect(td, td->o.filename, o->port); } + return ret; +} +static int fio_rdmaio_post_init(struct thread_data *td) +{ + unsigned int max_bs; + int i; + struct rdmaio_data *rd = td->io_ops_data; max_bs = max(td->o.max_bs[DDIR_READ], td->o.max_bs[DDIR_WRITE]); rd->send_buf.max_bs = htonl(max_bs); @@ -1351,7 +1357,7 @@ static int fio_rdmaio_init(struct thread_data *td) rd->send_buf.nr = htonl(i); - return ret; + return 0; } static void fio_rdmaio_cleanup(struct thread_data *td) @@ -1388,6 +1394,7 @@ static struct ioengine_ops ioengine_rw = { .version = FIO_IOOPS_VERSION, .setup = fio_rdmaio_setup, .init = fio_rdmaio_init, + .post_init = fio_rdmaio_post_init, .prep = fio_rdmaio_prep, .queue = fio_rdmaio_queue, .commit = fio_rdmaio_commit, -- 2.25.1