RE: [PATCH net] Fix clamp() of ip_vs_conn_tab on small memory systems.
From: Julian Anastasov
Date: Fri Dec 06 2024 - 11:23:36 EST
Hello,
On Fri, 6 Dec 2024, David Laight wrote:
> From: Julian Anastasov
> > Sent: 06 December 2024 12:19
> >
> > On Fri, 6 Dec 2024, David Laight wrote:
> >
> > > The intention of the code seems to be that the minimum table
> > > size should be 256 (1 << min).
> > > However the code uses max = clamp(20, 5, max_avail) which implies
> >
> > Actually, it tries to reduce max=20 (max possible) below
> > max_avail: [8 .. max_avail]. Not sure what 5 is here...
>
> Me mistyping values between two windows :-)
>
> Well min(max, max_avail) would be the reduced upper limit.
> But you'd still fall foul of the compiler propagating the 'n > 1'
> check in order_base_2() further down the function.
>
> > > the author thought max_avail could be less than 5.
> > > But clamp(val, min, max) is only well defined for max >= min.
> > > If max < min whether is returns min or max depends on the order of
> > > the comparisons.
> >
> > Looks like max_avail goes below 8 ? What value you see
> > for such small system?
>
> I'm not, but clearly you thought the value could be small otherwise
> the code would only have a 'max' limit.
> (Apart from a 'sanity' min of maybe 2 to stop the code breaking.)
I'm not sure how much memory we can see in small system,
IMHO, problem should not be possible in practice:
- nobody expects 0 from totalram_pages() in the code
- order_base_2(sizeof(struct ip_vs_conn)) is probably 8 on 32-bit
- PAGE_SHIFT: 12 (for 4KB) or more?
So, if totalram_pages() returns below 128 pages (4KB each)
max_avail will be below 19 (7 + 12), then 19 is reduced with 2 + 1
and becomes 16, finally with 8 (from the 2nd order_base_2) to reach
16-8=8. You need a system with less than 512KB (19 bits) to trigger
problem in clamp() that will lead to max below 8. Further, without
checks, for ip_vs_conn_tab_bits=1 we need totalram_pages() to return 0
pages.
> > > Detected by compile time checks added to clamp(), specifically:
> > > minmax.h: use BUILD_BUG_ON_MSG() for the lo < hi test in clamp()
> >
> > Existing or new check? Does it happen that max_avail
> > is a constant, so that a compile check triggers?
>
> Is all stems from order_base_2(totalram_pages()).
> order_base_2(n) is 'n > 1 ? ilog2(n - 1) + 1 : 0'.
> And the compiler generates two copies of the code that follows
> for the 'constant zero' and ilog2() values.
> And the 'zero' case compiles clamp(20, 8, 0) which is errored.
> Note that it is only executed if totalram_pages() is zero,
> but it is always compiled 'just in case'.
I'm confused with these compiler issues, if you
think we should go with the patch just decide if it is a
net or net-next material. Your change is safer for bad
max_avail values but I don't expect to see problem while
running without the change, except the building bugs.
Also, please use nf/nf-next tag to avoid any
confusion with upstreaming...
Regards
--
Julian Anastasov <ja@xxxxxx>