We recently added some build time asserts to detect incorrect calls to clamp and it detected this bug which breaks the build. The variable in this clamp is "max_avail" and it should be the first argument. The code currently is the equivalent to max = min(max_avail, max). There probably aren't very many systems out there where we actually can hit the minimum value so this doesn't affect runtime for most people. Reported-by: Linux Kernel Functional Testing <lkft@xxxxxxxxxx> Closes: https://lore.kernel.org/all/CA+G9fYsT34UkGFKxus63H6UVpYi5GRZkezT9MRLfAbM3f6ke0g@xxxxxxxxxxxxxx/ Suggested-by: David Laight <David.Laight@xxxxxxxxxx> Fixes: 4f325e26277b ("ipvs: dynamically limit the connection hash table") Signed-off-by: Dan Carpenter <dan.carpenter@xxxxxxxxxx> Tested-by: Bartosz Golaszewski <bartosz.golaszewski@xxxxxxxxxx> Reviewed-by: Bartosz Golaszewski <bartosz.golaszewski@xxxxxxxxxx> --- v2: In the commit message, I said max() but it should have been min(). I added a note that this bug probably doesn't affect too many people in real life. I also added David Laight as a Suggested-by because he did all the work root causing this bug and he already sent a similar patch last week. Added Bartosz's tested by tags. net/netfilter/ipvs/ip_vs_conn.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/net/netfilter/ipvs/ip_vs_conn.c b/net/netfilter/ipvs/ip_vs_conn.c index 98d7dbe3d787..9f75ac801301 100644 --- a/net/netfilter/ipvs/ip_vs_conn.c +++ b/net/netfilter/ipvs/ip_vs_conn.c @@ -1495,7 +1495,7 @@ int __init ip_vs_conn_init(void) max_avail -= 2; /* ~4 in hash row */ max_avail -= 1; /* IPVS up to 1/2 of mem */ max_avail -= order_base_2(sizeof(struct ip_vs_conn)); - max = clamp(max, min, max_avail); + max = clamp(max_avail, min, max); ip_vs_conn_tab_bits = clamp_val(ip_vs_conn_tab_bits, min, max); ip_vs_conn_tab_size = 1 << ip_vs_conn_tab_bits; ip_vs_conn_tab_mask = ip_vs_conn_tab_size - 1; -- 2.45.2