chucklever
commented
9 months ago First thing to do would be to deal with the array in the rpc_status netlink argument. Make it a dynamic array.
Open chucklever opened 9 months ago
chucklever
commented
9 months ago First thing to do would be to deal with the array in the rpc_status netlink argument. Make it a dynamic array.
chucklever
commented
9 months ago We also need to understand how the max-ops limit affects Reply size and the likelihood that a COMPOUND will fail because the server can't construct a Reply that fits within a session's max-rep-size limit.
chucklever
commented
4 weeks ago The COMPOUND size limit is addressed already by the size of the XDR send and receive buffers. Another purpose of the max-op-per-compound limit is to bound the amount of time an nfsd thread can take to process a single COMPOUND operation of arbitrary complexity. NFSD should permit COMPOUNDs that are large but can be executed quickly, and should fail COMPOUNDs that take more than, say, 30ms to execute, in order to mitigate DoS attacks.
In other words, make it so that other limits will restrict the number of operations first. The maximum size of a request or reply (just over 1MB) will certainly restrict the total number of ops a COMPOUND can have.