log: fix use-after-free

[fio.git] / backend.c
diff --git a/backend.c b/backend.c

index 9deef284e36b81be3012f837b7a3bfdd53d242c8..448fc5981ada3f1724df6982b876554ab22dd10c 100644 (file)
--- a/backend.c
+++ b/backend.c
@@ -780,16 +780,21 @@ static uint64_t do_io(struct thread_data *td)
                 case FIO_Q_COMPLETED:
                         if (io_u->error) {
                                 ret = -io_u->error;
+                               unlog_io_piece(td, io_u);
                                 clear_io_u(td, io_u);
                         } else if (io_u->resid) {
                                 int bytes = io_u->xfer_buflen - io_u->resid;
                                 struct fio_file *f = io_u->file;
  
                                 bytes_issued += bytes;
+
+                               trim_io_piece(td, io_u);
+
                                 /*
                                  * zero read, fail
                                  */
                                 if (!bytes) {
+                                       unlog_io_piece(td, io_u);
                                         td_verror(td, EIO, "full resid");
                                         put_io_u(td, io_u);
                                         break;
@@ -830,6 +835,7 @@ sync_done:
                         bytes_issued += io_u->xfer_buflen;
                         break;
                 case FIO_Q_BUSY:
+                       unlog_io_piece(td, io_u);
                         requeue_io_u(td, &io_u);
                         ret2 = td_io_commit(td);
                         if (ret2 < 0)
@@ -1264,11 +1270,6 @@ static void *thread_main(void *data)
         } else
                 td->pid = gettid();
  
-       /*
-        * fio_time_init() may not have been called yet if running as a server
-        */
-       fio_time_init();
-
         fio_local_clock_init(o->use_thread);
  
         dprint(FD_PROCESS, "jobs pid=%d started\n", (int) td->pid);
@@ -1574,7 +1575,7 @@ static int fork_main(int shmid, int offset)
         struct thread_data *td;
         void *data, *ret;
  
-#ifndef __hpux
+#if !defined(__hpux) && !defined(CONFIG_NO_SHM)
         data = shmat(shmid, NULL, 0);
         if (data == (void *) -1) {
                 int __err = errno;
@@ -2019,9 +2020,9 @@ int fio_backend(void)
                 return 0;
  
         if (write_bw_log) {
-               setup_log(&agg_io_log[DDIR_READ], 0, IO_LOG_TYPE_BW);
-               setup_log(&agg_io_log[DDIR_WRITE], 0, IO_LOG_TYPE_BW);
-               setup_log(&agg_io_log[DDIR_TRIM], 0, IO_LOG_TYPE_BW);
+               setup_log(&agg_io_log[DDIR_READ], 0, IO_LOG_TYPE_BW, 0, "agg-read_bw.log");
+               setup_log(&agg_io_log[DDIR_WRITE], 0, IO_LOG_TYPE_BW, 0, "agg-write_bw.log");
+               setup_log(&agg_io_log[DDIR_TRIM], 0, IO_LOG_TYPE_BW, 0, "agg-trim_bw.log");
         }
  
         startup_mutex = fio_mutex_init(FIO_MUTEX_LOCKED);
@@ -2040,11 +2041,14 @@ int fio_backend(void)
         if (!fio_abort) {
                 show_run_stats();
                 if (write_bw_log) {
-                       __finish_log(agg_io_log[DDIR_READ], "agg-read_bw.log");
-                       __finish_log(agg_io_log[DDIR_WRITE],
-                                       "agg-write_bw.log");
-                       __finish_log(agg_io_log[DDIR_TRIM],
-                                       "agg-write_bw.log");
+                       int i;
+
+                       for (i = 0; i < DDIR_RWDIR_CNT; i++) {
+                               struct io_log *log = agg_io_log[i];
+
+                               __finish_log(log);
+                               free_log(log);
+                       }
                 }
         }