[PATCH nft] tests: shell: better parameters for the interval stack overflow test

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Wider testing has shown that 128 kB stack is too low (e.g. for systems
with 64 kB page size), leading to false failures in some environments.

Based on results from a matrix of RHEL 8 and RHEL 9 systems across
x86_64, aarch64, ppc64le and s390x architectures as well as some
anecdotal testing of other Linux distros on x86_64 machines, 400 kB
seems safe: the normal nft stack (which should stay constant during
this test) on all tested systems doesn't exceed 200 kB (stays around
100 kB on typical systems with 4 kB page size), while always growing
beyond 500 kB in the failing case (nftables before baecd1cf2685) with
the increased set size.

Fixes: d8ccad2a2b73 ("tests: cover baecd1cf2685 ("segtree: Fix segfault when restoring a huge interval set")")
Signed-off-by: Štěpán Němec <snemec@xxxxxxxxxx>
---
I haven't been able to find an answer to the question of how much
stack size can vary across different systems (particularly those
nftables is likely to run on), so more testing might be useful,
especially on systems not listed above.

In an attempt to avoid depending on a particular stack size and
instead fail the test in case the stack continues to grow, I also
successfully tested the following (across the same range of systems as
the above), but don't think the possible gain is worth the clunkiness.
At least with the current version there is only one assumption (the
stack limit) that might be wrong.

--8<---------------cut here---------------start------------->8---
#!/bin/bash

ruleset_file=$(mktemp) || exit 1

trap 'rm -f "$ruleset_file"' EXIT

{
	echo 'define big_set = {'
	for ((i = 1; i < 255; i++)); do
		for ((j = 1; j < 255; j++)); do
			echo "10.0.$i.$j,"
		done
	done
	echo '10.1.0.0/24 }'
} >"$ruleset_file" || exit 1

cat >>"$ruleset_file" <<\EOF || exit 1
table inet test68_table {
	set test68_set {
		type ipv4_addr
		flags interval
		elements = { $big_set }
	}
}
EOF

report() {
	printf 'Initial stack: %dkB\nCurrent stack: %dkB\n' \
	       "$initial" "$current"
	exit "$1"
}

get_stack() {
	# Going by 'Size:' rather than 'Rss:'; the latter seemed
	# too precise (e.g., it sometimes also catched the
	# initial bump from a few kB to the usual stack size).
	awk '
		found && /^Size:/ { print $2; exit }
		/\[stack\]/ { found = 1 }
	    ' /proc/"$nft_pid"/smaps
}

watch_stack() {
	local interval initial current
	interval=$1
	# discard two initial samples (even with Size: instead of Rss:, it
	# did happen once (in more than 100 runs) that the initial sample
	# was 0kB)
	get_stack; get_stack
	initial=$(get_stack) || { echo This should never happen; exit 1; }

	while true; do
		if stack=$(get_stack); then
			current=$stack
			printf '%d\n' "$stack"

			# failure: stack size more than doubled
			# (should be ~constant)
			((current - initial > initial)) && report 1
		else
			# success?: /proc/$nft_pid/smaps gone means that
			# $nft_pid exited
			wait "$nft_pid"
			report $?
		fi

		sleep "$interval"
	done
}

$NFT -f "$ruleset_file" &
nft_pid=$!

trap 'rm -f "$ruleset_file"; kill "$nft_pid" && wait "$nft_pid"' EXIT

watch_stack 0.01
--8<---------------cut here---------------end--------------->8---

 tests/shell/testcases/sets/0068interval_stack_overflow_0 | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/tests/shell/testcases/sets/0068interval_stack_overflow_0 b/tests/shell/testcases/sets/0068interval_stack_overflow_0
index 6620572449c3..2cbc98680264 100755
--- a/tests/shell/testcases/sets/0068interval_stack_overflow_0
+++ b/tests/shell/testcases/sets/0068interval_stack_overflow_0
@@ -9,7 +9,7 @@ trap 'rm -f "$ruleset_file"' EXIT
 {
 	echo 'define big_set = {'
 	for ((i = 1; i < 255; i++)); do
-		for ((j = 1; j < 80; j++)); do
+		for ((j = 1; j < 255; j++)); do
 			echo "10.0.$i.$j,"
 		done
 	done
@@ -26,4 +26,4 @@ table inet test68_table {
 }
 EOF
 
-( ulimit -s 128 && $NFT -f "$ruleset_file" )
+( ulimit -s 400 && $NFT -f "$ruleset_file" )

base-commit: 247eb3c7a102ce184ca203978e74351d01cee79d
-- 
2.34.1




[Index of Archives]     [Netfitler Users]     [Berkeley Packet Filter]     [LARTC]     [Bugtraq]     [Yosemite Forum]

  Powered by Linux