[RFC] Performance improvements

Wed Jun 20 09:00:56 UTC 2018

On Tue, 2018-06-19 at 11:53 -0700, Jeremy Allison wrote:
> On Mon, Jun 18, 2018 at 12:57:14PM +0200, Swen Schillig via samba-
> technical wrote:
> > On Mon, 2018-06-18 at 10:58 +0200, Andreas Schneider wrote:
> > > On Monday, 18 June 2018 10:04:03 CEST Swen Schillig via samba-
> > > technical wrote:
> > > 
> > > There are some nice cleanups.
> > 
> > Thanks.
> > 
> > > 
> > > In the first patch:
> > > 
> > > +	int num_ready;
> > > 
> > > +		int new_size = num_ready + queue->buffer.length;
> > > 
> > > Please use size_t.
> > 
> > Done.
> > 
> > Won't send the updated patch series yet...
> > expecting more comments / updates soon.
> 
> Don't have a lot of bandwidth right now, but can you
> check all the packet + offset calculations are integer
> wrap safe (yes I know they're updates of existing
> code, but it's nice to add safety when stuff gets
> updated).
> 
> Jeremy.
> 
Ok, what do you thin of such an addition to the patchset ?

diff --git a/ctdb/common/ctdb_io.c b/ctdb/common/ctdb_io.c
index c0a432fd5d0..3f0efd4f181 100644
--- a/ctdb/common/ctdb_io.c
+++ b/ctdb/common/ctdb_io.c
@@ -118,6 +118,13 @@ process_pkt:
        queue->buffer.offset += pkt_size;
        queue->buffer.length -= pkt_size;
 
+       if (queue->buffer.offset < pkt_size ||
+           queue->buffer.offset > queue->buffer.size) {
+               D_ERR("buffer offset overflow\n");
+               queue->callback(NULL, 0, queue->private_data);
+               return;
+       }
+
        if ((queue->buffer.length == 0) &&
            (queue->buffer.size > queue->buffer_size)) {
                /* if the buffer is empty and more than its
@@ -175,6 +182,17 @@ static void queue_io_read(struct ctdb_queue *queue)
 
                size_t new_size = MAX(num_ready + qb->length + qb->offset,
                                   queue->buffer_size);
+               if (new_size < num_ready) {
+                       /* with qb->length and qb->offset both being guaranteed
+                        * to be smaller than MAX_TALLOC_SIZE which in turn is
+                        * only a fraction of MAX_INT, the only possibility for
+                        * new_size being smaller than num_ready is an overflow
+                        */
+                       D_ERR("read error num_ready overflow %u\n", num_ready);
+                       queue->callback(NULL, 0, queue->private_data);
+                       return;
+               }
+
                qb->data = talloc_realloc_size(queue, qb->data, new_size);
                qb->size = new_size;


