From: Liu Bo Date: Mon, 10 Nov 2014 07:01:07 +0000 (+1100) Subject: aio: fix memory corruption in aio-last-ref-held-by-io X-Git-Tag: v2022.05.01~3018 X-Git-Url: http://git.apps.os.sepia.ceph.com/?a=commitdiff_plain;h=181ba037284c35f6583af0f40c57e9396da970d7;p=xfstests-dev.git aio: fix memory corruption in aio-last-ref-held-by-io This's been detected by testing generic/323 on btrfs, it keeps producing chaos of checksum errors. It is because aio-last-ref-held-by-io uses a static buffer that is been used repeatedly for every io_submit() call, but we'll issue NUM_IOS(=16) io_sumbit() in a 'for' loop at a time, and when those data read by aio has not finish its endio(), its memory is likely to be used in the next io_submit, which ends up data corruption and numerous checksum errors. This allocates memory for each io_submit() and generic/323 runs fine after this. Signed-off-by: Liu Bo Reviewed-by: Dave Chinner Signed-off-by: Dave Chinner --- diff --git a/src/aio-dio-regress/aio-last-ref-held-by-io.c b/src/aio-dio-regress/aio-last-ref-held-by-io.c index a73dc3bd..7633831e 100644 --- a/src/aio-dio-regress/aio-last-ref-held-by-io.c +++ b/src/aio-dio-regress/aio-last-ref-held-by-io.c @@ -109,7 +109,7 @@ aio_test_thread(void *data) ioctx_initted = 0; ios_submitted = 0; - ret = posix_memalign((void **)&buffer, getpagesize(), IOSIZE); + ret = posix_memalign((void **)&buffer, getpagesize(), IOSIZE * NUM_IOS); if (ret != 0) { printf("%lu: Failed to allocate buffer for IO: %d\n", pthread_self(), ret); @@ -137,7 +137,7 @@ aio_test_thread(void *data) struct iocb *iocb = &iocbs[i]; memset(iocb, 0, sizeof(*iocb)); - io_prep_pread(iocb, fd, buffer, + io_prep_pread(iocb, fd, (buffer + i * IOSIZE), IOSIZE, i * IOSIZE); if (io_submit(ioctx, 1, &iocb) != 1) { printf("%lu: failed to submit io #%d\n",