From: Vladislav Shpilevoy <v.shpilevoy@tarantool.org> To: tarantool-patches@dev.tarantool.org, korablev@tarantool.org, imun@tarantool.org Subject: [Tarantool-patches] [PATCH 2/2] box: on cfg properly check memory quota Date: Thu, 5 Mar 2020 01:14:20 +0100 [thread overview] Message-ID: <cad2416c8386d40becd21848bc037a6403191814.1583366981.git.v.shpilevoy@tarantool.org> (raw) In-Reply-To: <cover.1583366981.git.v.shpilevoy@tarantool.org> box_check_config() didn't check memtx_memory and vinyl_memory upper bound. As a result, it was possible to set memory size higher than what the quota allows as maximum. That worked only when box.cfg() was called first time, because quota_init() does not check its value. Subsequent box.cfg() calls use quota_set(), which aborts the program if a size is too big. Only in debug mode. In release quota_set() also worked with any sizes. Closes #4705 --- src/box/box.cc | 46 +++++++++++++++++++++---------------------- test/box/cfg.result | 19 ++++++++++++++++-- test/box/cfg.test.lua | 5 +++++ 3 files changed, 44 insertions(+), 26 deletions(-) diff --git a/src/box/box.cc b/src/box/box.cc index 0212f34ad..9045cefe4 100644 --- a/src/box/box.cc +++ b/src/box/box.cc @@ -577,24 +577,16 @@ box_check_wal_max_size(int64_t wal_max_size) return wal_max_size; } -static int64_t -box_check_memtx_memory(int64_t memory) -{ - if (memory < 0) { - tnt_raise(ClientError, ER_CFG, "memtx_memory", - "must not be less than 0"); - } - return memory; -} - -static int64_t -box_check_vinyl_memory(int64_t memory) -{ - if (memory < 0) { - tnt_raise(ClientError, ER_CFG, "vinyl_memory", - "must not be less than 0"); - } - return memory; +static ssize_t +box_check_memory_quota(const char *quota_name) +{ + int64_t size = cfg_geti64(quota_name); + if (size >= 0 && (size_t) size <= QUOTA_MAX) + return size; + diag_set(ClientError, ER_CFG, quota_name, + tt_sprintf("must be >= 0 and <= %zu, but it is %lld", + QUOTA_MAX, size)); + return -1; } static void @@ -608,7 +600,8 @@ box_check_vinyl_options(void) double run_size_ratio = cfg_getd("vinyl_run_size_ratio"); double bloom_fpr = cfg_getd("vinyl_bloom_fpr"); - box_check_vinyl_memory(cfg_geti64("vinyl_memory")); + if (box_check_memory_quota("vinyl_memory") < 0) + diag_raise(); if (read_threads < 1) { tnt_raise(ClientError, ER_CFG, "vinyl_read_threads", @@ -666,7 +659,8 @@ box_check_config() box_check_checkpoint_count(cfg_geti("checkpoint_count")); box_check_wal_max_size(cfg_geti64("wal_max_size")); box_check_wal_mode(cfg_gets("wal_mode")); - box_check_memtx_memory(cfg_geti64("memtx_memory")); + if (box_check_memory_quota("memtx_memory") < 0) + diag_raise(); box_check_memtx_min_tuple_size(cfg_geti64("memtx_min_tuple_size")); box_check_vinyl_options(); if (box_check_sql_cache_size(cfg_geti("sql_cache_size")) != 0) @@ -895,8 +889,10 @@ box_set_memtx_memory(void) struct memtx_engine *memtx; memtx = (struct memtx_engine *)engine_by_name("memtx"); assert(memtx != NULL); - memtx_engine_set_memory_xc(memtx, - box_check_memtx_memory(cfg_geti64("memtx_memory"))); + ssize_t size = box_check_memory_quota("memtx_memory"); + if (size < 0) + diag_raise(); + memtx_engine_set_memory_xc(memtx, size); } void @@ -954,8 +950,10 @@ box_set_vinyl_memory(void) { struct engine *vinyl = engine_by_name("vinyl"); assert(vinyl != NULL); - vinyl_engine_set_memory_xc(vinyl, - box_check_vinyl_memory(cfg_geti64("vinyl_memory"))); + ssize_t size = box_check_memory_quota("vinyl_memory"); + if (size < 0) + diag_raise(); + vinyl_engine_set_memory_xc(vinyl, size); } void diff --git a/test/box/cfg.result b/test/box/cfg.result index 8024b5516..9dd417c4f 100644 --- a/test/box/cfg.result +++ b/test/box/cfg.result @@ -254,11 +254,13 @@ box.cfg{memtx_memory = "100500"} | ... box.cfg{memtx_memory = -1} | --- - | - error: 'Incorrect value for option ''memtx_memory'': must not be less than 0' + | - error: 'Incorrect value for option ''memtx_memory'': must be >= 0 and <= 4398046510080, + | but it is -1' | ... box.cfg{vinyl_memory = -1} | --- - | - error: 'Incorrect value for option ''vinyl_memory'': must not be less than 0' + | - error: 'Incorrect value for option ''vinyl_memory'': must be >= 0 and <= 4398046510080, + | but it is -1' | ... box.cfg{vinyl = "vinyl"} | --- @@ -268,6 +270,19 @@ box.cfg{vinyl_write_threads = "threads"} | --- | - error: 'Incorrect value for option ''vinyl_write_threads'': should be of type number' | ... +-- +-- gh-4705: too big memory size led to an assertion. +-- +box.cfg{memtx_memory = 5000000000000} + | --- + | - error: 'Incorrect value for option ''memtx_memory'': must be >= 0 and <= 4398046510080, + | but it is 5000000000000' + | ... +box.cfg{vinyl_memory = 5000000000000} + | --- + | - error: 'Incorrect value for option ''vinyl_memory'': must be >= 0 and <= 4398046510080, + | but it is 5000000000000' + | ... -------------------------------------------------------------------------------- -- Dynamic configuration check diff --git a/test/box/cfg.test.lua b/test/box/cfg.test.lua index e6a90d770..875466a25 100644 --- a/test/box/cfg.test.lua +++ b/test/box/cfg.test.lua @@ -28,6 +28,11 @@ box.cfg{memtx_memory = -1} box.cfg{vinyl_memory = -1} box.cfg{vinyl = "vinyl"} box.cfg{vinyl_write_threads = "threads"} +-- +-- gh-4705: too big memory size led to an assertion. +-- +box.cfg{memtx_memory = 5000000000000} +box.cfg{vinyl_memory = 5000000000000} -------------------------------------------------------------------------------- -- Dynamic configuration check -- 2.21.1 (Apple Git-122.3)
next prev parent reply other threads:[~2020-03-05 0:14 UTC|newest] Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top 2020-03-05 0:14 [Tarantool-patches] [PATCH 0/2] box.cfg() check memtx/vinyl_memory Vladislav Shpilevoy 2020-03-05 0:14 ` [Tarantool-patches] [PATCH 1/2] box: fail in box_check_config() on bad sql cache size Vladislav Shpilevoy 2020-03-05 11:35 ` Nikita Pettik 2020-03-05 20:53 ` Vladislav Shpilevoy 2020-03-05 21:00 ` Nikita Pettik 2020-03-05 21:17 ` Vladislav Shpilevoy 2020-03-19 15:27 ` Igor Munkin 2020-03-20 0:11 ` Vladislav Shpilevoy 2020-03-05 0:14 ` Vladislav Shpilevoy [this message] 2020-03-05 11:41 ` [Tarantool-patches] [PATCH 2/2] box: on cfg properly check memory quota Nikita Pettik 2020-03-20 13:56 ` [Tarantool-patches] [PATCH 0/2] box.cfg() check memtx/vinyl_memory Nikita Pettik
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=cad2416c8386d40becd21848bc037a6403191814.1583366981.git.v.shpilevoy@tarantool.org \ --to=v.shpilevoy@tarantool.org \ --cc=imun@tarantool.org \ --cc=korablev@tarantool.org \ --cc=tarantool-patches@dev.tarantool.org \ --subject='Re: [Tarantool-patches] [PATCH 2/2] box: on cfg properly check memory quota' \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: link
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox