rate_submit: synchronize accesses to io_u_queue->nr

Accesses to io_u_queue->nr are not properly synchronized in offload
submission mode. put_io_u locks td but the parent td flags reflecting
the need to lock are not propogated to child threads when the child
threads are intialized.

The main thread accesses io_u_queue->nr via io_u_qpop() as it prepares
io_u's for handing off to the worker threads. The worker threads access
io_u_queue->nr via io_u_qpush() as they complete io_u's. When these
accesses are not protected by locks, io_u_qpop() will return NULL when
it means to provide a valid io_u pointer. This occurs in offload
submission mode with iodepth > 1.

Fixes: 26b3a18 ("Make td_io_u_lock/unlock() explicit")

diff --git a/rate-submit.c b/rate-submit.c
index 5c77a4e8ecb83089ad2fb6a0322aafcbcab2bc4c..2f02fe2ba8365dea762051e555b1f28651ee45e3 100644 (file)
--- a/rate-submit.c
+++ b/rate-submit.c
@@ -126,7 +126,7 @@ static int io_workqueue_init_worker_fn(struct submit_worker *sw)
        clear_io_state(td, 1);
 
        td_set_runstate(td, TD_RUNNING);
-       td->flags |= TD_F_CHILD;
+       td->flags |= TD_F_CHILD | TD_F_NEED_LOCK;
        td->parent = parent;
        return 0;