From: Christoph Hellwig <hch@lst.de>
To: Werner Kasselman <werner@verivus.ai>
Cc: Trond Myklebust <trondmy@kernel.org>,
Anna Schumaker <anna@kernel.org>, Christoph Hellwig <hch@lst.de>,
"linux-nfs@vger.kernel.org" <linux-nfs@vger.kernel.org>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
"stable@vger.kernel.org" <stable@vger.kernel.org>
Subject: Re: [PATCH 2/2] pnfs/blocklayout: cap total parse operations in volume topology
Date: Thu, 23 Apr 2026 07:18:58 +0200 [thread overview]
Message-ID: <20260423051858.GD27929@lst.de> (raw)
In-Reply-To: <20260421100338.1227152-3-werner@verivus.com>
On Tue, Apr 21, 2026 at 10:03:44AM +0000, Werner Kasselman wrote:
> The recursive-descent volume parser materializes a separate device
> tree node for every volume reference. When CONCAT or STRIPE volumes
> reference the same child index, the parser re-parses that subtree for
> each reference, causing work exponential in nesting depth.
>
> Cap the total number of bl_parse_deviceid() calls at
> PNFS_BLOCK_MAX_PARSE_OPS (1024) to bound CPU and memory consumption
> from server-controlled GETDEVICEINFO topologies.
The OPS naming is a bit odd, these are called 'volumes' in the specs.
Which isn't a great name, but it generally helps to stick to the
spec terms. So maybe rename the constant, and also add a comment
explaining the limit to the code?
> + int depth, int *remaining, gfp_t gfp_mask);
Also use unsigned here as well. And maybe we should group the depth
and ops into a struct instead of adding more and more parameters?
Otherwise this looks good.
next prev parent reply other threads:[~2026-04-23 5:19 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-04-21 10:03 [PATCH 0/2] pnfs/blocklayout: harden GETDEVICEINFO volume parser Werner Kasselman
2026-04-21 10:03 ` [PATCH 1/2] pnfs/blocklayout: validate volume indices and limit recursion depth Werner Kasselman
2026-04-23 5:15 ` Christoph Hellwig
2026-04-21 10:03 ` [PATCH 2/2] pnfs/blocklayout: cap total parse operations in volume topology Werner Kasselman
2026-04-23 5:18 ` Christoph Hellwig [this message]
2026-04-23 5:20 ` [PATCH 0/2] pnfs/blocklayout: harden GETDEVICEINFO volume parser Christoph Hellwig
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260423051858.GD27929@lst.de \
--to=hch@lst.de \
--cc=anna@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-nfs@vger.kernel.org \
--cc=stable@vger.kernel.org \
--cc=trondmy@kernel.org \
--cc=werner@verivus.ai \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.