| From d5aac3401e180f3d4ff3db04ebb4e3165b975987 Mon Sep 17 00:00:00 2001 |
| From: Ankit Kumar <ankit.kumar@samsung.com> |
| Date: Tue, 16 Aug 2022 11:08:20 +0530 |
| Subject: [PATCH] engines/xnvme: fix segfault issue with xnvme ioengine |
| |
| fix segfault when xnvme ioengine is called without thread=1. |
| The segfault happens because td->io_ops_data is accessed at |
| two locations xnvme_fioe_cleanup and xnvme_fioe_iomem_free, |
| during the error handling call. |
| |
| Signed-off-by: Ankit Kumar <ankit.kumar@samsung.com> |
| Link: https://lore.kernel.org/r/20220816053821.440-2-ankit.kumar@samsung.com |
| Signed-off-by: Jens Axboe <axboe@kernel.dk> |
| --- |
| engines/xnvme.c | 17 ++++++++++++++--- |
| 1 file changed, 14 insertions(+), 3 deletions(-) |
| |
| diff --git a/engines/xnvme.c b/engines/xnvme.c |
| index c11b33a8..d8647481 100644 |
| --- a/engines/xnvme.c |
| +++ b/engines/xnvme.c |
| @@ -205,9 +205,14 @@ static void _dev_close(struct thread_data *td, struct xnvme_fioe_fwrap *fwrap) |
| |
| static void xnvme_fioe_cleanup(struct thread_data *td) |
| { |
| - struct xnvme_fioe_data *xd = td->io_ops_data; |
| + struct xnvme_fioe_data *xd = NULL; |
| int err; |
| |
| + if (!td->io_ops_data) |
| + return; |
| + |
| + xd = td->io_ops_data; |
| + |
| err = pthread_mutex_lock(&g_serialize); |
| if (err) |
| log_err("ioeng->cleanup(): pthread_mutex_lock(), err(%d)\n", err); |
| @@ -367,8 +372,14 @@ static int xnvme_fioe_iomem_alloc(struct thread_data *td, size_t total_mem) |
| /* NOTE: using the first device for buffer-allocators) */ |
| static void xnvme_fioe_iomem_free(struct thread_data *td) |
| { |
| - struct xnvme_fioe_data *xd = td->io_ops_data; |
| - struct xnvme_fioe_fwrap *fwrap = &xd->files[0]; |
| + struct xnvme_fioe_data *xd = NULL; |
| + struct xnvme_fioe_fwrap *fwrap = NULL; |
| + |
| + if (!td->io_ops_data) |
| + return; |
| + |
| + xd = td->io_ops_data; |
| + fwrap = &xd->files[0]; |
| |
| if (!fwrap->dev) { |
| log_err("ioeng->iomem_free(): failed no dev-handle\n"); |