* Bug in io_u buf calculaiton.
@ 2011-10-21 5:49 Jagadish Kumar
2011-10-22 16:51 ` Jens Axboe
0 siblings, 1 reply; 2+ messages in thread
From: Jagadish Kumar @ 2011-10-21 5:49 UTC (permalink / raw)
To: fio
Hello,
following are the details of the bug in fio.
This bug in fio can show up as corruption of data when performing verify.
Description:
----------------
if� the product of block size and queudepth is greater than 4GB, io_u
buffer will not
be assigned properly due to overflow.
fio --bsrange=256k-4m --ioengine=libaio --iodepth=2064 --direct=1
--name=job3 --offset=2GB --size=14GB --rw=write
--verify_pattern=0xdeadbeef --filename=/dev/sdb
can show false corruption.
Version:
-----------
1.58
Explanation:
-----------------
in a loop fio tries to assign the data buffer to each i/o request.
static int init_io_u(struct thread_data *td)
{
��������struct io_u *io_u;
��������unsigned int max_bs;
��������int cl_align, i, max_units;
��������char *p;
...
���������p = td->orig_buffer;
...
���������for (i = 0; i < max_units; i++) {
...
��������������������io_u->buf = p + max_bs * i;
���������}
}
at max_bs=4M i=1024, the integer overflows and the addresses are being
used again.
i,e i/o request 1024 will have the same data buffer as that of i/o request 0.
This is seen from fio debug log.
mem 11164 io_u alloc 0x219f530, index 0
mem 11164 io_u 0x219f530, mem 0x7f09bb62d000
mem 11164 io_u alloc 0x219f820, index 1
mem 11164 io_u 0x219f820, mem 0x7f09bba2d000
mem 11164 io_u alloc 0x225b530, index 1024
mem 11164 io_u 0x225b530, mem 0x7f09bb62d000
mem 11164 io_u alloc 0x225b820, index 1025
mem 11164 io_u 0x225b820, mem 0x7f09bba2d000
the fix is as follows:
������������������������io_u->buf = p + (unsigned long long)max_bs * i;
thanks,
-jagadish
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: Bug in io_u buf calculaiton.
2011-10-21 5:49 Bug in io_u buf calculaiton Jagadish Kumar
@ 2011-10-22 16:51 ` Jens Axboe
0 siblings, 0 replies; 2+ messages in thread
From: Jens Axboe @ 2011-10-22 16:51 UTC (permalink / raw)
To: Jagadish Kumar; +Cc: fio
On 2011-10-21 07:49, Jagadish Kumar wrote:
> Hello,
> following are the details of the bug in fio.
>
> This bug in fio can show up as corruption of data when performing verify.
>
> Description:
> ----------------
>
> if the product of block size and queudepth is greater than 4GB, io_u
> buffer will not
> be assigned properly due to overflow.
>
> fio --bsrange=256k-4m --ioengine=libaio --iodepth=2064 --direct=1
> --name=job3 --offset=2GB --size=14GB --rw=write
> --verify_pattern=0xdeadbeef --filename=/dev/sdb
>
> can show false corruption.
>
> Version:
> -----------
> 1.58
>
> Explanation:
> -----------------
>
> in a loop fio tries to assign the data buffer to each i/o request.
>
>
> static int init_io_u(struct thread_data *td)
> {
> struct io_u *io_u;
> unsigned int max_bs;
> int cl_align, i, max_units;
> char *p;
> ...
> p = td->orig_buffer;
> ...
> for (i = 0; i < max_units; i++) {
> ...
> io_u->buf = p + max_bs * i;
> }
> }
>
> at max_bs=4M i=1024, the integer overflows and the addresses are being
> used again.
> i,e i/o request 1024 will have the same data buffer as that of i/o request 0.
>
> This is seen from fio debug log.
>
> mem 11164 io_u alloc 0x219f530, index 0
> mem 11164 io_u 0x219f530, mem 0x7f09bb62d000
> mem 11164 io_u alloc 0x219f820, index 1
> mem 11164 io_u 0x219f820, mem 0x7f09bba2d000
>
>
> mem 11164 io_u alloc 0x225b530, index 1024
> mem 11164 io_u 0x225b530, mem 0x7f09bb62d000
> mem 11164 io_u alloc 0x225b820, index 1025
> mem 11164 io_u 0x225b820, mem 0x7f09bba2d000
>
> the fix is as follows:
>
> io_u->buf = p + (unsigned long long)max_bs * i;
Thanks, excellent bug report! I committed this fix:
http://git.kernel.dk/?p=fio.git;a=commitdiff;h=cf00f975d506d20ad5f02ee9dd8fec17af74bb2f
since it's a little simpler and avoids the overflow as well. Patch has
gone into stable-1.x and master branches.
--
Jens Axboe
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2011-10-22 16:51 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2011-10-21 5:49 Bug in io_u buf calculaiton Jagadish Kumar
2011-10-22 16:51 ` Jens Axboe
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.