Re: [PATCH 2/2] pnfs/blocklayout: cap total parse operations in volume topology

Next message: Christoph Hellwig: "Re: [PATCH 0/2] pnfs/blocklayout: harden GETDEVICEINFO volume parser"
Previous message: Jiri Slaby: "Re: [PATCH] ALSA: pcmtest: fix reference leak on failed device registration"
In reply to: Werner Kasselman: "[PATCH 2/2] pnfs/blocklayout: cap total parse operations in volume topology"
Next in thread: Christoph Hellwig: "Re: [PATCH 0/2] pnfs/blocklayout: harden GETDEVICEINFO volume parser"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Christoph Hellwig

Date: Thu Apr 23 2026 - 01:19:30 EST

On Tue, Apr 21, 2026 at 10:03:44AM +0000, Werner Kasselman wrote:
> The recursive-descent volume parser materializes a separate device
> tree node for every volume reference. When CONCAT or STRIPE volumes
> reference the same child index, the parser re-parses that subtree for
> each reference, causing work exponential in nesting depth.
>
> Cap the total number of bl_parse_deviceid() calls at
> PNFS_BLOCK_MAX_PARSE_OPS (1024) to bound CPU and memory consumption
> from server-controlled GETDEVICEINFO topologies.

The OPS naming is a bit odd, these are called 'volumes' in the specs.
Which isn't a great name, but it generally helps to stick to the
spec terms. So maybe rename the constant, and also add a comment
explaining the limit to the code?

> + int depth, int *remaining, gfp_t gfp_mask);

Also use unsigned here as well. And maybe we should group the depth
and ops into a struct instead of adding more and more parameters?

Otherwise this looks good.