-
Notifications
You must be signed in to change notification settings - Fork 1.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
microzap: set hard upper limit of 1M #16888
base: master
Are you sure you want to change the base?
Conversation
I was confused for a minute, you meant |
The on-disk component is:
Is there a reason we use a signed value in memory? |
4a3f90f
to
8b09779
Compare
The count of chunks in a microzap block is stored as an uint16_t (mze_chunkid). Each chunk is 64 bytes, and the first is used to store a header, so there are 32767 usable chunks, which is just under 2M. 1M is the largest power-2-rounded block size under 2M, so we must set the limit there. If it goes higher, the loop in mzap_addent can overflow and fall into the PANIC case. Sponsored-by: Klara, Inc. Sponsored-by: Wasabi Technology, Inc. Signed-off-by: Rob Norris <[email protected]>
8b09779
to
04c2ad2
Compare
Last push updates code and commit comment. It turns out it can actually survive at max 2M. Adding entry 32768 causes a hash collision though, which immediately triggers an upgrade to fatzap. So that really does make 1M the practical upper limit. @allanjude It might be possible to update everything to use unsigned ints internally to get to 2M (not sure about the hashing), but that would still be a problem if the block is used on an older ZFS (import or replication). The feature flag will help with that after 2.3 of course, but still. (at this point I'm tempted to deprecate this tunable entirely). |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good to me. But on a quick look I haven't noticed any difficulties with making the 3 variables unsigned either, just to not have artificial the limits in future.
[Sponsors: Klara, Inc., Wasabi Technology, Inc.]
Motivation and Context
We were running tests with large
zap_micro_max_size
, and could easily trip the panic inmzap_addent()
.Description
The count of chunks in a microzap block is stored as an
int16_t
(zap_num_chunks
). Each chunk is 64 bytes, and the first is used to store a header, so there are 32767 usable chunks, which is just under 2M. 1M is the largest power-2-rounded block size under 2M, so we must set the limit there.How Has This Been Tested?
This will panic consistently until the tunable value gets down to 1M. With this patch, its safe.
Types of changes
Checklist:
Signed-off-by
.