From a6aaf848a5367448af56e92b320e3c1cf990631c Mon Sep 17 00:00:00 2001
From: John Levon <john.levon@nutanix.com>
Date: Fri, 22 Apr 2022 11:36:14 +0100
Subject: [PATCH] nvme/fio_plugin: fix race during startup

We can crash with spdk_nvme_qpair_process_completions(qpair=0x0) when
called from spdk_fio_getevents(). This was observed when passing more
than two namespaces to an fio job.

This is because this callback can be called concurrently with
spdk_fio_open(), which assigns ->qpair. We'll just skip any
non-initialized qpairs in the processing loop, as eventually
spdk_fio_open() will set them.

Fixes: "f69367c78 fio_nvme: defer qpair allocation to file_open callback"

Signed-off-by: John Levon <john.levon@nutanix.com>
Change-Id: Ie8f1ac37726e202bb971ffeb497f9e32656392aa
Reviewed-on: https://review.spdk.io/gerrit/c/spdk/spdk/+/12338
Community-CI: Broadcom CI <spdk-ci.pdl@broadcom.com>
Community-CI: Mellanox Build Bot
Tested-by: SPDK CI Jenkins <sys_sgci@intel.com>
Reviewed-by: Changpeng Liu <changpeng.liu@intel.com>
Reviewed-by: Jim Harris <james.r.harris@intel.com>
---
 examples/nvme/fio_plugin/fio_plugin.c | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/examples/nvme/fio_plugin/fio_plugin.c b/examples/nvme/fio_plugin/fio_plugin.c
index cd4a5e651..b1fcc135c 100644
--- a/examples/nvme/fio_plugin/fio_plugin.c
+++ b/examples/nvme/fio_plugin/fio_plugin.c
@@ -1165,6 +1165,15 @@ static int spdk_fio_getevents(struct thread_data *td, unsigned int min,
 		}
 
 		while (fio_qpair != NULL) {
+			/*
+			 * We can be called while spdk_fio_open()s are still
+			 * ongoing, in which case, ->qpair can still be NULL.
+			 */
+			if (fio_qpair->qpair == NULL) {
+				fio_qpair = TAILQ_NEXT(fio_qpair, link);
+				continue;
+			}
+
 			spdk_nvme_qpair_process_completions(fio_qpair->qpair, max - fio_thread->iocq_count);
 
 			if (fio_thread->iocq_count >= min) {