From: Valentine Krasnobaeva Date: Tue, 18 Mar 2025 15:33:54 +0000 (+0100) Subject: BUG/MINOR: limits: compute_ideal_maxconn: don't cap remain if fd_hard_limit=0 X-Git-Tag: v3.2-dev8~26 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=060f441199aa97d9735dd553bafd231ca615f723;p=thirdparty%2Fhaproxy.git BUG/MINOR: limits: compute_ideal_maxconn: don't cap remain if fd_hard_limit=0 'global.fd_hard_limit' stays uninitialized, if haproxy is started with -m (global.rlimit_memmax). 'remain' is the MAX between soft and hard process fd limits. It will be always bigger than 'global.fd_hard_limit' (0) in this case. So, if we reassign 'remain' to the 'global.fd_hard_limit' unconditionally, calculated then 'maxconn' will be even negative and the DEFAULT_MAXCONN (100) will be set as the 'ideal_maxconn'. During the 'global.maxconn' calculations in set_global_maxconn(), if the provided 'global.rlimit_memmax' is quite big, system will refuse to calculate based on its 'global.maxconn' and we will do a fallback to the 'ideal_maxconn', which is 100. Same problem for the configs with SSL frontends and backends. This fixes the issue #2899. This should be backported to v3.1.0. --- diff --git a/src/limits.c b/src/limits.c index 83ddb37e4..e9ce8b8d7 100644 --- a/src/limits.c +++ b/src/limits.c @@ -152,8 +152,14 @@ static int compute_ideal_maxconn() if (!is_any_limit_configured()) global.fd_hard_limit = DEFAULT_MAXFD; - if (remain > global.fd_hard_limit) + if (global.fd_hard_limit && (remain > global.fd_hard_limit)) { + /* cap remain only when global.fd_hard_limit > 0, i.e.: either + * there were no any other limits set and it's defined by lines + * above as DEFAULT_MAXFD (100), or fd_hard_limit is explicitly + * provided in config. + */ remain = global.fd_hard_limit; + } /* subtract listeners and checks */ remain -= global.maxsock;