BUG/MINOR: limits: compute_ideal_maxconn: don't cap remain if fd_hard_limit=0

'global.fd_hard_limit' stays uninitialized, if haproxy is started with -m (global.rlimit_memmax). 'remain' is the MAX between soft and hard process fd limits. It will be always bigger than 'global.fd_hard_limit' (0) in this case. So, if we reassign 'remain' to the 'global.fd_hard_limit' unconditionally, calculated then 'maxconn' will be even negative and the DEFAULT_MAXCONN (100) will be set as the 'ideal_maxconn'. During the 'global.maxconn' calculations in set_global_maxconn(), if the provided 'global.rlimit_memmax' is quite big, system will refuse to calculate based on its 'global.maxconn' and we will do a fallback to the 'ideal_maxconn', which is 100. Same problem for the configs with SSL frontends and backends. This fixes the issue #2899. This should be backported to v3.1.0.
2025-11-24 12:20:59 +01:00 · 2025-03-18 16:33:54 +01:00 · 2025-03-18 16:33:54 +01:00 · 060f441199
commit 060f441199
parent 6336b636f7
1 changed files with 7 additions and 1 deletions
--- a/src/limits.c
+++ b/src/limits.c
@ -152,8 +152,14 @@ static int compute_ideal_maxconn()
 	if (!is_any_limit_configured())
 		global.fd_hard_limit = DEFAULT_MAXFD;

-	if (remain > global.fd_hard_limit)
+	if (global.fd_hard_limit && (remain > global.fd_hard_limit)) {
+		/* cap remain only when global.fd_hard_limit > 0, i.e.: either
+		 * there were no any other limits set and it's defined by lines
+		 * above as DEFAULT_MAXFD (100), or fd_hard_limit is explicitly
+		 * provided in config.
+		 */
 		remain = global.fd_hard_limit;
+	}

 	/* subtract listeners and checks */
 	remain -= global.maxsock;