From: Eric Gouriou Date: Tue, 16 Aug 2011 06:35:43 +0000 (+0200) Subject: stats: fix io_u_plat out-of-bound accesses (round 2) X-Git-Tag: fio-1.58~27 X-Git-Url: https://git.kernel.dk/?p=fio.git;a=commitdiff_plain;h=0a7d7f9e450f823b4ca25c23516050c339778b13 stats: fix io_u_plat out-of-bound accesses (round 2) Commit 833491908a1afd67 introduced the ability to report completion latency percentiles. It also caused a memory corruption when running with multiple threads due to out of bound accesses in show_run_stats(). The major index of the io_u_plat two-dimensional array is meant to be DDIR_ value in {DDIR_READ, DDIR_WRITE} (i.e., {0, 1}). The code in show_run_stats() incorrectly wrote into the array using a major index with values {0, 1, 2}. Commit 0a0b49007cbce8d1 fixed the out of bound accesses by increasing the size of the major dimension of the io_u_plat array from 2 to 3. This patch reverts the size change from 0a0b49007cbce8d1 in favor of avoiding the out-of-bound accesses in show_run_stats(). Signed-off-by: Eric Gouriou Signed-off-by: Jens Axboe --- diff --git a/fio.h b/fio.h index c7411625..6c574966 100644 --- a/fio.h +++ b/fio.h @@ -217,7 +217,7 @@ struct thread_stat { unsigned int io_u_complete[FIO_IO_U_MAP_NR]; unsigned int io_u_lat_u[FIO_IO_U_LAT_U_NR]; unsigned int io_u_lat_m[FIO_IO_U_LAT_M_NR]; - unsigned int io_u_plat[3][FIO_IO_U_PLAT_NR]; + unsigned int io_u_plat[2][FIO_IO_U_PLAT_NR]; unsigned long total_io_u[3]; unsigned long short_io_u[3]; unsigned long total_submit; diff --git a/stat.c b/stat.c index ee6ee51e..ae3c71af 100644 --- a/stat.c +++ b/stat.c @@ -773,11 +773,12 @@ void show_run_stats(void) for (k = 0; k <= 2; k++) { - int m; - ts->total_io_u[k] += td->ts.total_io_u[k]; ts->short_io_u[k] += td->ts.short_io_u[k]; + } + for (k = 0; k <= DDIR_WRITE; k++) { + int m; for (m = 0; m < FIO_IO_U_PLAT_NR; m++) ts->io_u_plat[k][m] += td->ts.io_u_plat[k][m]; }