Tarantool development patches archive
 help / color / mirror / Atom feed
From: Vladislav Shpilevoy <v.shpilevoy@tarantool.org>
To: tarantool-patches@dev.tarantool.org, korablev@tarantool.org,
	imun@tarantool.org
Subject: [Tarantool-patches] [PATCH 2/2] box: on cfg properly check memory quota
Date: Thu,  5 Mar 2020 01:14:20 +0100	[thread overview]
Message-ID: <cad2416c8386d40becd21848bc037a6403191814.1583366981.git.v.shpilevoy@tarantool.org> (raw)
In-Reply-To: <cover.1583366981.git.v.shpilevoy@tarantool.org>

box_check_config() didn't check memtx_memory and vinyl_memory
upper bound. As a result, it was possible to set memory size
higher than what the quota allows as maximum.

That worked only when box.cfg() was called first time, because
quota_init() does not check its value. Subsequent box.cfg() calls
use quota_set(), which aborts the program if a size is too big.
Only in debug mode. In release quota_set() also worked with any
sizes.

Closes #4705
---
 src/box/box.cc        | 46 +++++++++++++++++++++----------------------
 test/box/cfg.result   | 19 ++++++++++++++++--
 test/box/cfg.test.lua |  5 +++++
 3 files changed, 44 insertions(+), 26 deletions(-)

diff --git a/src/box/box.cc b/src/box/box.cc
index 0212f34ad..9045cefe4 100644
--- a/src/box/box.cc
+++ b/src/box/box.cc
@@ -577,24 +577,16 @@ box_check_wal_max_size(int64_t wal_max_size)
 	return wal_max_size;
 }
 
-static int64_t
-box_check_memtx_memory(int64_t memory)
-{
-	if (memory < 0) {
-		tnt_raise(ClientError, ER_CFG, "memtx_memory",
-			  "must not be less than 0");
-	}
-	return memory;
-}
-
-static int64_t
-box_check_vinyl_memory(int64_t memory)
-{
-	if (memory < 0) {
-		tnt_raise(ClientError, ER_CFG, "vinyl_memory",
-			  "must not be less than 0");
-	}
-	return memory;
+static ssize_t
+box_check_memory_quota(const char *quota_name)
+{
+	int64_t size = cfg_geti64(quota_name);
+	if (size >= 0 && (size_t) size <= QUOTA_MAX)
+		return size;
+	diag_set(ClientError, ER_CFG, quota_name,
+		 tt_sprintf("must be >= 0 and <= %zu, but it is %lld",
+		 QUOTA_MAX, size));
+	return -1;
 }
 
 static void
@@ -608,7 +600,8 @@ box_check_vinyl_options(void)
 	double run_size_ratio = cfg_getd("vinyl_run_size_ratio");
 	double bloom_fpr = cfg_getd("vinyl_bloom_fpr");
 
-	box_check_vinyl_memory(cfg_geti64("vinyl_memory"));
+	if (box_check_memory_quota("vinyl_memory") < 0)
+		diag_raise();
 
 	if (read_threads < 1) {
 		tnt_raise(ClientError, ER_CFG, "vinyl_read_threads",
@@ -666,7 +659,8 @@ box_check_config()
 	box_check_checkpoint_count(cfg_geti("checkpoint_count"));
 	box_check_wal_max_size(cfg_geti64("wal_max_size"));
 	box_check_wal_mode(cfg_gets("wal_mode"));
-	box_check_memtx_memory(cfg_geti64("memtx_memory"));
+	if (box_check_memory_quota("memtx_memory") < 0)
+		diag_raise();
 	box_check_memtx_min_tuple_size(cfg_geti64("memtx_min_tuple_size"));
 	box_check_vinyl_options();
 	if (box_check_sql_cache_size(cfg_geti("sql_cache_size")) != 0)
@@ -895,8 +889,10 @@ box_set_memtx_memory(void)
 	struct memtx_engine *memtx;
 	memtx = (struct memtx_engine *)engine_by_name("memtx");
 	assert(memtx != NULL);
-	memtx_engine_set_memory_xc(memtx,
-		box_check_memtx_memory(cfg_geti64("memtx_memory")));
+	ssize_t size = box_check_memory_quota("memtx_memory");
+	if (size < 0)
+		diag_raise();
+	memtx_engine_set_memory_xc(memtx, size);
 }
 
 void
@@ -954,8 +950,10 @@ box_set_vinyl_memory(void)
 {
 	struct engine *vinyl = engine_by_name("vinyl");
 	assert(vinyl != NULL);
-	vinyl_engine_set_memory_xc(vinyl,
-		box_check_vinyl_memory(cfg_geti64("vinyl_memory")));
+	ssize_t size = box_check_memory_quota("vinyl_memory");
+	if (size < 0)
+		diag_raise();
+	vinyl_engine_set_memory_xc(vinyl, size);
 }
 
 void
diff --git a/test/box/cfg.result b/test/box/cfg.result
index 8024b5516..9dd417c4f 100644
--- a/test/box/cfg.result
+++ b/test/box/cfg.result
@@ -254,11 +254,13 @@ box.cfg{memtx_memory = "100500"}
  | ...
 box.cfg{memtx_memory = -1}
  | ---
- | - error: 'Incorrect value for option ''memtx_memory'': must not be less than 0'
+ | - error: 'Incorrect value for option ''memtx_memory'': must be >= 0 and <= 4398046510080,
+ |     but it is -1'
  | ...
 box.cfg{vinyl_memory = -1}
  | ---
- | - error: 'Incorrect value for option ''vinyl_memory'': must not be less than 0'
+ | - error: 'Incorrect value for option ''vinyl_memory'': must be >= 0 and <= 4398046510080,
+ |     but it is -1'
  | ...
 box.cfg{vinyl = "vinyl"}
  | ---
@@ -268,6 +270,19 @@ box.cfg{vinyl_write_threads = "threads"}
  | ---
  | - error: 'Incorrect value for option ''vinyl_write_threads'': should be of type number'
  | ...
+--
+-- gh-4705: too big memory size led to an assertion.
+--
+box.cfg{memtx_memory = 5000000000000}
+ | ---
+ | - error: 'Incorrect value for option ''memtx_memory'': must be >= 0 and <= 4398046510080,
+ |     but it is 5000000000000'
+ | ...
+box.cfg{vinyl_memory = 5000000000000}
+ | ---
+ | - error: 'Incorrect value for option ''vinyl_memory'': must be >= 0 and <= 4398046510080,
+ |     but it is 5000000000000'
+ | ...
 
 --------------------------------------------------------------------------------
 -- Dynamic configuration check
diff --git a/test/box/cfg.test.lua b/test/box/cfg.test.lua
index e6a90d770..875466a25 100644
--- a/test/box/cfg.test.lua
+++ b/test/box/cfg.test.lua
@@ -28,6 +28,11 @@ box.cfg{memtx_memory = -1}
 box.cfg{vinyl_memory = -1}
 box.cfg{vinyl = "vinyl"}
 box.cfg{vinyl_write_threads = "threads"}
+--
+-- gh-4705: too big memory size led to an assertion.
+--
+box.cfg{memtx_memory = 5000000000000}
+box.cfg{vinyl_memory = 5000000000000}
 
 --------------------------------------------------------------------------------
 -- Dynamic configuration check
-- 
2.21.1 (Apple Git-122.3)

  parent reply	other threads:[~2020-03-05  0:14 UTC|newest]

Thread overview: 11+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-03-05  0:14 [Tarantool-patches] [PATCH 0/2] box.cfg() check memtx/vinyl_memory Vladislav Shpilevoy
2020-03-05  0:14 ` [Tarantool-patches] [PATCH 1/2] box: fail in box_check_config() on bad sql cache size Vladislav Shpilevoy
2020-03-05 11:35   ` Nikita Pettik
2020-03-05 20:53     ` Vladislav Shpilevoy
2020-03-05 21:00       ` Nikita Pettik
2020-03-05 21:17         ` Vladislav Shpilevoy
2020-03-19 15:27   ` Igor Munkin
2020-03-20  0:11     ` Vladislav Shpilevoy
2020-03-05  0:14 ` Vladislav Shpilevoy [this message]
2020-03-05 11:41   ` [Tarantool-patches] [PATCH 2/2] box: on cfg properly check memory quota Nikita Pettik
2020-03-20 13:56 ` [Tarantool-patches] [PATCH 0/2] box.cfg() check memtx/vinyl_memory Nikita Pettik

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=cad2416c8386d40becd21848bc037a6403191814.1583366981.git.v.shpilevoy@tarantool.org \
    --to=v.shpilevoy@tarantool.org \
    --cc=imun@tarantool.org \
    --cc=korablev@tarantool.org \
    --cc=tarantool-patches@dev.tarantool.org \
    --subject='Re: [Tarantool-patches] [PATCH 2/2] box: on cfg properly check memory quota' \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox