From: Johannes Berg <johannes@sipsolutions.net>
To: Herbert Xu <herbert@gondor.apana.org.au>
Cc: David Miller <davem@davemloft.net>,
netdev@vger.kernel.org, kaber@trash.net, tgraf@suug.ch
Subject: Re: rhashtable: Add cap on number of elements in hash table
Date: Fri, 24 Apr 2015 09:01:10 +0200 [thread overview]
Message-ID: <1429858870.1852.7.camel@sipsolutions.net> (raw)
In-Reply-To: <20150424005729.GA27075@gondor.apana.org.au>
On Fri, 2015-04-24 at 08:57 +0800, Herbert Xu wrote:
> It seems that I lost track somewhere along the line. I meant
> to add an explicit limit on the overall number of entries since
> that was what users like netlink expected but never got around
> to doing it. Instead it seems that we're currently relying on
> the rht_grow_above_100 to protect us.
This isn't really what I wanted though :-)
I just wanted to test hash collisions.
> We currently have no limit on the number of elements in a hash table.
> This is very bad especially considering that some rhashtable users
> had such a limit before the conversion and relied on it for defence
> against DoS attacks.
>
> We already have a maximum hash table size limit but its enforcement
> is only by luck and results in a nasty WARN_ON.
And doesn't actually work, the insertion appears to succeed :-)
> This patch adds a new paramater insecure_max_entries which becomes
typo: parameter
> the cap on the table. If unset it defaults to max_size.
So at least for my (admittedly testing only) use case, I wouldn't want
it to default to max_size, since the two at least *seem* to do different
things (max # of chains vs. max # of entries), no?
Anyway - since it's for testing only I guess I could even set max_size
to 4 and insecure_max_entries to something far bigger :)
> If it is
> also zero it means that there is no cap on the number of elements
> in the table. However, the table will grow whenever the utilisation
> hits 100% and if that growth fails, you will get ENOMEM on insertion.
>
> As allowing >100% utilisation is potentially dangerous, the name
> contains the word insecure.
Not sure I get this. So rhashtable is trying to actually never have
collisions? How could that possibly work?
> @@ -282,7 +285,20 @@ static inline bool rht_shrink_below_30(const struct rhashtable *ht,
> static inline bool rht_grow_above_100(const struct rhashtable *ht,
> const struct bucket_table *tbl)
> {
> - return atomic_read(&ht->nelems) > tbl->size;
> + return atomic_read(&ht->nelems) > tbl->size &&
> + (!ht->p.max_size || tbl->size < ht->p.max_size);
> +}
Since you're also doing what I did here, would it make sense to apply my
patch to net and this one only to net-next?
For my use case (which was testing/debug) I don't actually care that
much, but perhaps that'd be an easier sell towards the end of the merge
window :) It seems that my patch would mostly fix the *issue*, while
yours actually adds a new parameter that's also not actually used yet.
The netlink hash table could potentially hit max_size and thus the
warning and the case I was hitting (on a system with >>64k netlink
sockets.)
johannes
next prev parent reply other threads:[~2015-04-24 7:01 UTC|newest]
Thread overview: 26+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-04-23 14:38 [PATCH] rhashtable: don't attempt to grow when at max_size Johannes Berg
2015-04-23 15:59 ` David Miller
2015-04-23 16:09 ` Johannes Berg
2015-04-23 16:16 ` Daniel Borkmann
2015-04-24 0:57 ` rhashtable: Add cap on number of elements in hash table Herbert Xu
2015-04-24 7:01 ` Johannes Berg [this message]
2015-04-24 8:04 ` Herbert Xu
2015-04-24 8:06 ` Thomas Graf
2015-04-24 8:12 ` Herbert Xu
2015-04-24 8:15 ` Thomas Graf
2015-04-24 8:22 ` Herbert Xu
2015-04-24 15:38 ` David Miller
2015-05-13 8:06 ` Herbert Xu
2015-05-15 2:22 ` David Miller
2015-05-15 3:06 ` Herbert Xu
2015-05-15 3:46 ` David Miller
2015-05-15 6:30 ` Herbert Xu
2015-05-16 22:09 ` David Miller
2015-05-17 1:38 ` Herbert Xu
2015-05-18 20:12 ` David Miller
2015-05-18 22:35 ` Herbert Xu
2015-05-19 10:25 ` David Laight
2015-05-15 3:30 ` [v2 PATCH] " Herbert Xu
2015-05-16 22:08 ` David Miller
2015-04-23 20:46 ` [PATCH] rhashtable: don't attempt to grow when at max_size Thomas Graf
2015-04-23 20:49 ` Johannes Berg
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1429858870.1852.7.camel@sipsolutions.net \
--to=johannes@sipsolutions.net \
--cc=davem@davemloft.net \
--cc=herbert@gondor.apana.org.au \
--cc=kaber@trash.net \
--cc=netdev@vger.kernel.org \
--cc=tgraf@suug.ch \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).