From: Cory Snyder Date: Fri, 28 May 2021 19:08:49 +0000 (-0400) Subject: mgr/DaemonServer.cc: prevent integer underflow that is triggered by large increases... X-Git-Tag: v16.2.5~59^2 X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=67c46c837f0fefa972bfe1e4fa6f795900d5b816;p=ceph.git mgr/DaemonServer.cc: prevent integer underflow that is triggered by large increases to pg_num/pgp_num This fixes a scenario where mgrs continually crash while attempting to apply large increases to pg_num/pgp_num. The max step size (estmax) for each incremental update to the pgp_num is calculated as a percentage of the pg_num, which permits the possibility for the max step size (estmax) to be greater than the current pgp_num when the increase is large; this causes an integer underflow when the max step size is subtracted from the pgp_num in order to calculate the next step size with std::clamp. The integer underflow causes hi < lo in args passed to std::clamp, which causes a failed assertion, SIGABRT, and ultimately crashing mgr. Fixes: https://tracker.ceph.com/issues/47738 Signed-off-by: Cory Snyder (cherry picked from commit b4316d257e928b3789b818054927c2e98bb3c0d6) --- diff --git a/src/mgr/DaemonServer.cc b/src/mgr/DaemonServer.cc index 1371a8729ec0..48816578ccb5 100644 --- a/src/mgr/DaemonServer.cc +++ b/src/mgr/DaemonServer.cc @@ -2839,8 +2839,12 @@ void DaemonServer::adjust_pgs() max_misplaced / 2.0); unsigned estmax = std::max( (double)p.get_pg_num() * room, 1u); + unsigned next_min = 0; + if (p.get_pgp_num() > estmax) { + next_min = p.get_pgp_num() - estmax; + } next = std::clamp(target, - p.get_pgp_num() - estmax, + next_min, p.get_pgp_num() + estmax); dout(20) << " room " << room << " estmax " << estmax << " delta " << (target-p.get_pgp_num())