kvs: support fence-max-ops

Problem: The new transaction-max-ops configuration limits the number
of operations a user can submit in a KVS commit or fence.  However,
this does not cap the total number of operations from a combined
fence, which could exceed the transaction-max-ops by a lot.

Support a new KVS configuration "fence-max-ops" that will reject
KVS fences with a combined number of options above a maximum.  The
default maximum is 1048576.

Author: chu11

src/modules/kvs/kvs.c

@@ -67,6 +67,7 @@ const double max_namespace_age = 3600.;
 /* Transaction max ops
  */
 const uint64_t kvs_transaction_max_ops = 65536;
+const uint64_t kvs_fence_max_ops = 1048576;
 
 struct kvs_ctx {
     struct cache *cache;    /* blobref => cache_entry */
@@ -79,6 +80,7 @@ struct kvs_ctx {
     flux_watcher_t *check_w;
     int transaction_merge;
     uint64_t transaction_max_ops;
+    uint64_t fence_max_ops;
     bool events_init;            /* flag */
     char *hash_name;
     unsigned int seq;           /* for commit transactions */
@@ -192,6 +194,7 @@ static struct kvs_ctx *kvs_ctx_create (flux_t *h)
     }
     ctx->transaction_merge = 1;
     ctx->transaction_max_ops = kvs_transaction_max_ops;
+    ctx->fence_max_ops = kvs_fence_max_ops;
     if (!(ctx->requests = msg_hash_create (MSG_HASH_TYPE_UUID_MATCHTAG)))
         goto error;
     list_head_init (&ctx->work_queue);
@@ -1927,6 +1930,11 @@ static void relayfence_request_cb (flux_t *h,
          * earlier */
         assert (!treq_get_processed (tr));
 
+        if (json_array_size (treq_get_ops (tr)) > ctx->fence_max_ops) {
+            errno = E2BIG;
+            goto error;
+        }
+
         /* we use this flag to indicate if a treq has been added to
          * the ready queue */
         treq_set_processed (tr, true);
@@ -2053,6 +2061,11 @@ static void fence_request_cb (flux_t *h,
              * earlier */
             assert (!treq_get_processed (tr));
 
+            if (json_array_size (treq_get_ops (tr)) > ctx->fence_max_ops) {
+                errno = E2BIG;
+                goto error_all;
+            }
+
             /* we use this flag to indicate if a treq has been added to
              * the ready queue */
             treq_set_processed (tr, true);
@@ -3140,20 +3153,27 @@ static int max_ops_parse (struct kvs_ctx *ctx,
                           flux_error_t *errp)
 {
     uint64_t t_max_ops = kvs_transaction_max_ops;
+    uint64_t f_max_ops = kvs_fence_max_ops;
     flux_error_t error;
     if (flux_conf_unpack (conf,
                           &error,
-                          "{s?{s?I}}",
+                          "{s?{s?I s?I}}",
                           "kvs",
-                          "transaction-max-ops", &t_max_ops) < 0) {
+                          "transaction-max-ops", &t_max_ops,
+                          "fence-max-ops", &f_max_ops) < 0) {
         errprintf (errp, "error reading config for kvs: %s", error.text);
         return -1;
     }
     if (t_max_ops <= 0) {
         errprintf (errp, "kvs transaction-max-ops invalid");
         return -1;
     }
+    if (f_max_ops <= 0) {
+        errprintf (errp, "kvs fence-max-ops invalid");
+        return -1;
+    }
     ctx->transaction_max_ops = t_max_ops;
+    ctx->fence_max_ops = f_max_ops;
     return 0;
 }
 

t/kvs/fence_api.c

@@ -168,6 +168,7 @@ int main (int argc, char *argv[])
             opcount = atoi (optarg);
             if (opcount <= 0)
                 usage ();
+            break;
         default:
             usage ();
         }