From: David Miller <davem@davemloft.net>
To: herbert@gondor.apana.org.au
Cc: johannes@sipsolutions.net, netdev@vger.kernel.org,
kaber@trash.net, tgraf@suug.ch, johannes.berg@intel.com
Subject: Re: rhashtable: Add cap on number of elements in hash table
Date: Thu, 14 May 2015 22:22:17 -0400 (EDT) [thread overview]
Message-ID: <20150514.222217.1991822787577994078.davem@davemloft.net> (raw)
In-Reply-To: <20150513080640.GA27800@gondor.apana.org.au>
From: Herbert Xu <herbert@gondor.apana.org.au>
Date: Wed, 13 May 2015 16:06:40 +0800
> We currently have no limit on the number of elements in a hash table.
> This is a problem because some users (tipc) set a ceiling on the
> maximum table size and when that is reached the hash table may
> degenerate. Others may encounter OOM when growing and if we allow
> insertions when that happens the hash table perofrmance may also
> suffer.
>
> This patch adds a new paramater insecure_max_entries which becomes
> the cap on the table. If unset it defaults to max_size. If it is
> also zero it means that there is no cap on the number of elements
> in the table. However, the table will grow whenever the utilisation
> hits 100% and if that growth fails, you will get ENOMEM on insertion.
>
> As allowing >100% utilisation is potentially dangerous, the name
> contains the word insecure.
>
> Note that the cap is not a hard limit. This is done for performance
> reasons as enforcing a hard limit will result in use of atomic ops
> that are heavier than the ones we currently use.
>
> The reasoning is that we're only guarding against a gross over-
> subscription of the table, rather than a small breach of the limit.
>
> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
I'm not so sure I can get behind this change.
For the default case where we propagate max_size into this new limt,
if we grow the hash table to it's maximum size, and then just go one
past the limit, we're going to start failing inserts.
In my opinion, up to at least 2 X max_size, it's safe to allow the
insert. Assuming a well choosen hash function and a roughly even
distribution.
A two entry deep hash chain is not a reason to fail a hash insertion.
Failures on hash insertions we would not do in pretty much any other
hash implementation in the kernel. I'd seriously would rather have
3 entry deep hash chains than no new connections at all.
If an administrator has to analyze some situation where this is
happening and they see -E2BIG propagating into their applications,
this is going to be surprising. And when they do all of the work
to figure out what is causing it, I am pretty sure they will be
somewhat upset that we considered it OK to do this.
So I'd like you to take some time to reconsider hash insert failures,
and only do them when it's going to create an unnaceptable, _massive_
hardship for the machine. And I do not think that 2 or 3 entry deep
hash chains quality.
Thanks.
next prev parent reply other threads:[~2015-05-15 2:22 UTC|newest]
Thread overview: 26+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-04-23 14:38 [PATCH] rhashtable: don't attempt to grow when at max_size Johannes Berg
2015-04-23 15:59 ` David Miller
2015-04-23 16:09 ` Johannes Berg
2015-04-23 16:16 ` Daniel Borkmann
2015-04-24 0:57 ` rhashtable: Add cap on number of elements in hash table Herbert Xu
2015-04-24 7:01 ` Johannes Berg
2015-04-24 8:04 ` Herbert Xu
2015-04-24 8:06 ` Thomas Graf
2015-04-24 8:12 ` Herbert Xu
2015-04-24 8:15 ` Thomas Graf
2015-04-24 8:22 ` Herbert Xu
2015-04-24 15:38 ` David Miller
2015-05-13 8:06 ` Herbert Xu
2015-05-15 2:22 ` David Miller [this message]
2015-05-15 3:06 ` Herbert Xu
2015-05-15 3:46 ` David Miller
2015-05-15 6:30 ` Herbert Xu
2015-05-16 22:09 ` David Miller
2015-05-17 1:38 ` Herbert Xu
2015-05-18 20:12 ` David Miller
2015-05-18 22:35 ` Herbert Xu
2015-05-19 10:25 ` David Laight
2015-05-15 3:30 ` [v2 PATCH] " Herbert Xu
2015-05-16 22:08 ` David Miller
2015-04-23 20:46 ` [PATCH] rhashtable: don't attempt to grow when at max_size Thomas Graf
2015-04-23 20:49 ` Johannes Berg
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20150514.222217.1991822787577994078.davem@davemloft.net \
--to=davem@davemloft.net \
--cc=herbert@gondor.apana.org.au \
--cc=johannes.berg@intel.com \
--cc=johannes@sipsolutions.net \
--cc=kaber@trash.net \
--cc=netdev@vger.kernel.org \
--cc=tgraf@suug.ch \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).