We recently added some build time asserts to detect incorrect calls to clamp and it detected this bug which breaks the build. The variable in this clamp is "max_avail" and it should be the first argument. The code currently is the equivalent to max = min(max_avail, max).
There probably aren't very many systems out there where we actually can hit the minimum value so this doesn't affect runtime for most people. Reported-by: Linux Kernel Functional Testing <[email protected]> Closes: https://lore.kernel.org/all/ca+g9fyst34ukgfkxus63h6uvpyi5grzkezt9mrlfabm3f6k...@mail.gmail.com/ Suggested-by: David Laight <[email protected]> Fixes: 4f325e26277b ("ipvs: dynamically limit the connection hash table") Signed-off-by: Dan Carpenter <[email protected]> Tested-by: Bartosz Golaszewski <[email protected]> Reviewed-by: Bartosz Golaszewski <[email protected]> --- v2: In the commit message, I said max() but it should have been min(). I added a note that this bug probably doesn't affect too many people in real life. I also added David Laight as a Suggested-by because he did all the work root causing this bug and he already sent a similar patch last week. Added Bartosz's tested by tags. net/netfilter/ipvs/ip_vs_conn.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/net/netfilter/ipvs/ip_vs_conn.c b/net/netfilter/ipvs/ip_vs_conn.c index 98d7dbe3d787..9f75ac801301 100644 --- a/net/netfilter/ipvs/ip_vs_conn.c +++ b/net/netfilter/ipvs/ip_vs_conn.c @@ -1495,7 +1495,7 @@ int __init ip_vs_conn_init(void) max_avail -= 2; /* ~4 in hash row */ max_avail -= 1; /* IPVS up to 1/2 of mem */ max_avail -= order_base_2(sizeof(struct ip_vs_conn)); - max = clamp(max, min, max_avail); + max = clamp(max_avail, min, max); ip_vs_conn_tab_bits = clamp_val(ip_vs_conn_tab_bits, min, max); ip_vs_conn_tab_size = 1 << ip_vs_conn_tab_bits; ip_vs_conn_tab_mask = ip_vs_conn_tab_size - 1; -- 2.45.2
