Jeff noticed that x86-64's sys32_io_setup() wasn't properly copying the context pointer from userspace before passing it to sys_io_setup(). This caused sys_io_setup() to see on-stack garbage instead of zeros and fail. I built Jeff's fix into 2.6.9-22.EL and confirmed that it fixes the problem: Before: $ ./aio-stress.i386 -s 2 file file size 2MB, record size 64KB, depth 64, ios per iteration 8 max io_submit 8, buffer alignment set to 4KB threads 1 files 1 contexts 1 context offset 2MB verification off Running single thread version io_queue_setup(512) returned -22 (Invalid argument) After: $ ./aio-stress.i386 -s 2 file file size 2MB, record size 64KB, depth 64, ios per iteration 8 max io_submit 8, buffer alignment set to 4KB threads 1 files 1 contexts 1 context offset 2MB verification off Running single thread version write on file (270.78 MB/s) 2.00 MB in 0.01s thread 0 write totals (34.01 MB/s) 2.00 MB in 0.06s read on file (848.54 MB/s) 2.00 MB in 0.00s thread 0 read totals (441.11 MB/s) 2.00 MB in 0.00s random write on file (704.47 MB/s) 2.00 MB in 0.00s thread 0 random write totals (66.96 MB/s) 2.00 MB in 0.03s random read on file (1003.51 MB/s) 2.00 MB in 0.00s thread 0 random read totals (984.74 MB/s) 2.00 MB in 0.00s Can we hope to see this in an update real soon?
Created attachment 122502 [details] copy user's ctx in sys32_io_setup() before calling sys_io_setup()
I've posted this patch for internal review. I've also verified that x86_64 should be the only affected platform.
*** Bug 185646 has been marked as a duplicate of this bug. ***
committed in stream U4 build 34.6. A test kernel with this patch is available from http://people.redhat.com/~jbaron/rhel4/
This issue is on Red Hat Engineering's list of planned work items for the upcoming Red Hat Enterprise Linux 4.4 release. Engineering resources have been assigned and barring unforeseen circumstances, Red Hat intends to include this item in the 4.4 release.
[root@dhcp59-204 ltp-aiodio]# ./aio-stress32 -s 2 file > out-`uname -r` 2>&1 [root@dhcp59-204 ltp-aiodio]# cat out-2.6.9-34.ELsmp file size 2MB, record size 64KB, depth 64, ios per iteration 8 max io_submit 8, buffer alignment set to 4KB threads 1 files 1 contexts 1 context offset 2MB verification off io_queue_setup(512) returned -22 (Invalid argument) Running single thread version [root@dhcp59-204 ltp-aiodio]# cat out-2.6.9-37.ELsmp file size 2MB, record size 64KB, depth 64, ios per iteration 8 max io_submit 8, buffer alignment set to 4KB threads 1 files 1 contexts 1 context offset 2MB verification off write on file (581.73 MB/s) 2.00 MB in 0.00s thread 0 write totals (17.28 MB/s) 2.00 MB in 0.12s read on file (1252.35 MB/s) 2.00 MB in 0.00s thread 0 read totals (487.92 MB/s) 2.00 MB in 0.00s random write on file (907.03 MB/s) 2.00 MB in 0.00s thread 0 random write totals (19.02 MB/s) 2.00 MB in 0.11s random read on file (1719.69 MB/s) 2.00 MB in 0.00s thread 0 random read totals (1672.24 MB/s) 2.00 MB in 0.00s Running single thread version Confirmed this fails on -34, and passes on -37 using 32-bit build of ltp-aiodio/aio-stress from ltp-20060515.
*** Bug 134218 has been marked as a duplicate of this bug. ***
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on the solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHSA-2006-0575.html