From: Florian Westphal <fw@strlen.de>
To: Herbert Xu <herbert@gondor.apana.org.au>
Cc: David Miller <davem@davemloft.net>,
fw@strlen.de, netdev@vger.kernel.org, Thomas Graf <tgraf@suug.ch>
Subject: Re: rhashtable - Cap total number of entries to 2^31
Date: Thu, 27 Apr 2017 12:11:34 +0200 [thread overview]
Message-ID: <20170427101134.GB448@breakpoint.cc> (raw)
In-Reply-To: <20170427054451.GA529@gondor.apana.org.au>
Herbert Xu <herbert@gondor.apana.org.au> wrote:
> On Tue, Apr 25, 2017 at 10:48:22AM -0400, David Miller wrote:
> > From: Florian Westphal <fw@strlen.de>
> > Date: Tue, 25 Apr 2017 16:17:49 +0200
> >
> > > I'd have less of an issue with this if we'd be talking about
> > > something computationally expensive, but this is about storing
> > > an extra value inside a struct just to avoid one "shr" in insert path...
> >
> > Agreed, this shift is probably filling an available cpu cycle :-)
>
> OK, but we need to have an extra field for another reason anyway.
> The problem is that we're not capping the total number of elements
> in the hashtable when max_size is not set, this means that nelems
> can overflow which will cause havoc with the automatic shrinking
> when it tries to fit 2^32 entries into a minimum-sized table.
Right, good catch.
I guess eventually we should get rid of min_size and max_size
completely as parameters and keep actual sizing/bucket count internal to
rhashtable.
In fact I would not be surprised if some existing users did set
max_size under assumption it is a 'max element count'.
> ---8<---
> When max_size is not set or if it set to a sufficiently large
> value, the nelems counter can overflow. This would cause havoc
> with the automatic shrinking as it would then attempt to fit a
> huge number of entries into a tiny hash table.
>
> This patch fixes this by adding max_elems to struct rhashtable
> to cap the number of elements. This is set to 2^31 as nelems is
> not a precise count. This is sufficiently smaller than UINT_MAX
> that it should be safe.
>
> When max_size is set max_elems will be lowered to at most twice
> max_size as is the status quo.
>
> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
[..]
> diff --git a/include/linux/rhashtable.h b/include/linux/rhashtable.h
> @@ -165,6 +166,7 @@ struct rhashtable {
> atomic_t nelems;
> unsigned int key_len;
> struct rhashtable_params p;
> + unsigned int max_elems;
> bool rhlist;
> struct work_struct run_work;
> struct mutex mutex;
> @@ -327,8 +329,7 @@ static inline bool rht_grow_above_100(const struct rhashtable *ht,
> static inline bool rht_grow_above_max(const struct rhashtable *ht,
> const struct bucket_table *tbl)
> {
> - return ht->p.max_size &&
> - (atomic_read(&ht->nelems) / 2u) >= ht->p.max_size;
> + return atomic_read(&ht->nelems) >= ht->max_elems;
> }
>
> /* The bucket lock is selected based on the hash and protects mutations
> diff --git a/lib/rhashtable.c b/lib/rhashtable.c
> index f3b82e0..751630b 100644
> --- a/lib/rhashtable.c
> +++ b/lib/rhashtable.c
> @@ -961,6 +961,11 @@ int rhashtable_init(struct rhashtable *ht,
> if (params->max_size)
> ht->p.max_size = rounddown_pow_of_two(params->max_size);
>
> + /* Cap total entries at 2^31 to avoid nelems overflow. */
> + ht->max_elems = 1u << 31;
> + if (ht->p.max_size < ht->max_elems / 2)
> + ht->max_elems = ht->p.max_size * 2;
> +
Looks like instead of adding this max_elems you could instead have fixed this via
if (!ht->p.max_size)
ht->p.max_size = INT_MAX / 2;
if (ht->p.max_size > INT_MAX / 2)
return -EINVAL;
next prev parent reply other threads:[~2017-04-27 10:11 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-04-25 9:41 [PATCH net-next] rhashtable: remove insecure_max_entries param Florian Westphal
2017-04-25 11:04 ` Herbert Xu
2017-04-25 11:23 ` Florian Westphal
2017-04-25 13:28 ` Herbert Xu
2017-04-25 14:17 ` Florian Westphal
2017-04-25 14:48 ` David Miller
2017-04-27 5:44 ` rhashtable - Cap total number of entries to 2^31 Herbert Xu
2017-04-27 10:11 ` Florian Westphal [this message]
2017-04-27 10:13 ` Herbert Xu
2017-04-27 15:48 ` David Miller
2017-04-27 21:16 ` Florian Fainelli
2017-04-27 22:21 ` Florian Fainelli
2017-04-27 22:28 ` [PATCH net-next] rhashtable: Make sure max_size is non zero Florian Fainelli
2017-04-27 22:32 ` Florian Fainelli
2017-04-27 22:30 ` Florian Fainelli
2017-04-28 6:10 ` [PATCH net-next] rhashtable: Do not lower max_elems when max_size is zero Herbert Xu
2017-04-28 14:14 ` David Miller
2017-04-28 15:42 ` Florian Fainelli
2017-04-28 10:23 ` rhashtable - Cap total number of entries to 2^31 Christian Borntraeger
2017-04-28 11:31 ` Herbert Xu
2017-04-28 11:43 ` Christian Borntraeger
2017-04-28 2:10 ` [lkp-robot] [rhashtable ] df7008bdd5: Kernel_panic-not_syncing:rtnetlink_init:cannot_initialize_rtnetlink kernel test robot
2017-04-28 2:10 ` kernel test robot
2017-04-26 18:39 ` [PATCH net-next] rhashtable: remove insecure_max_entries param David Miller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170427101134.GB448@breakpoint.cc \
--to=fw@strlen.de \
--cc=davem@davemloft.net \
--cc=herbert@gondor.apana.org.au \
--cc=netdev@vger.kernel.org \
--cc=tgraf@suug.ch \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.