diff options
| author | Csaba Henk <csaba@redhat.com> | 2017-07-05 17:48:37 +0200 | 
|---|---|---|
| committer | Jeff Darcy <jeff@pl.atyp.us> | 2017-07-06 18:26:08 +0000 | 
| commit | e14ea3f5c37475e12a3b7fb7bd3165b0a4e77c51 (patch) | |
| tree | 7ef467ec7fa1761379a101ada475f504c479a42f /xlators/nfs | |
| parent | fc73ae5f81ef5926e3dc2311db116250d0f2a321 (diff) | |
groups: don't allocate auxiliary gid list on stack
When glusterfs wants to retrieve the list of auxiliary gids
of a user, it typically allocates a sufficiently big gid_t
array on stack and calls getgrouplist(3) with it. However,
"sufficiently big" means to be of maximum supported gid list
size, which in GlusterFS is GF_MAX_AUX_GROUPS = 64k.
That means a 64k * sizeof(gid_t) = 256k allocation, which is
big enough to overflow the stack in certain cases.
A further observation is that stack allocation of the gid list
brings no gain, as in all cases the content of the gid list
eventually gets copied over to a heap allocated buffer.
So we add a convenience wrapper of getgrouplist to libglusterfs
called gf_getgrouplist which calls getgrouplist with a sufficiently
big heap allocated buffer (it takes care of the allocation too).
We are porting all the getgrouplist invocations to gf_getgrouplist
and thus eliminate the huge stack allocation.
BUG: 1464327
Change-Id: Icea76d0d74dcf2f87d26cb299acc771ca3b32d2b
Signed-off-by: Csaba Henk <csaba@redhat.com>
Reviewed-on: https://review.gluster.org/17706
Smoke: Gluster Build System <jenkins@build.gluster.org>
Reviewed-by: Niels de Vos <ndevos@redhat.com>
Reviewed-by: Amar Tumballi <amarts@redhat.com>
CentOS-regression: Gluster Build System <jenkins@build.gluster.org>
Diffstat (limited to 'xlators/nfs')
| -rw-r--r-- | xlators/nfs/server/src/nfs-fops.c | 36 | 
1 files changed, 13 insertions, 23 deletions
| diff --git a/xlators/nfs/server/src/nfs-fops.c b/xlators/nfs/server/src/nfs-fops.c index f6361f02161..28b1781f4b1 100644 --- a/xlators/nfs/server/src/nfs-fops.c +++ b/xlators/nfs/server/src/nfs-fops.c @@ -8,7 +8,6 @@    cases as published by the Free Software Foundation.  */ -#include <grp.h>  #include <pwd.h>  #include "dict.h" @@ -34,12 +33,7 @@ nfs_fix_groups (xlator_t *this, call_stack_t *root)          struct passwd    mypw;          char             mystrs[1024];          struct passwd    *result; -#ifdef GF_DARWIN_HOST_OS -        /* BSD/DARWIN does not correctly uses gid_t in getgrouplist */ -        int              mygroups[GF_MAX_AUX_GROUPS]; -#else -        gid_t            mygroups[GF_MAX_AUX_GROUPS]; -#endif +        gid_t            *mygroups;          int              ngroups;          int              i;          int              max_groups; @@ -88,25 +82,13 @@ nfs_fix_groups (xlator_t *this, call_stack_t *root)          gf_msg_trace (this->name, 0, "mapped %u => %s",                        root->uid, result->pw_name); -        ngroups = GF_MAX_AUX_GROUPS; -        if (getgrouplist(result->pw_name,root->gid,mygroups,&ngroups) == -1) { +        ngroups = gf_getgrouplist (result->pw_name, root->gid, &mygroups); +        if (ngroups == -1) {                  gf_msg (this->name, GF_LOG_ERROR, 0, NFS_MSG_MAP_GRP_LIST_FAIL,                          "could not map %s to group list", result->pw_name);                  return;          } -	/* Add the group data to the cache. */ -	gl.gl_list = GF_CALLOC(ngroups, sizeof(gid_t), gf_nfs_mt_aux_gids); -	if (gl.gl_list) { -		/* It's not fatal if the alloc failed. */ -		gl.gl_id = root->uid; -		gl.gl_uid = 0; -		gl.gl_gid = 0; -		gl.gl_count = ngroups; -		memcpy(gl.gl_list, mygroups, sizeof(gid_t) * ngroups); -		if (gid_cache_add(&priv->gid_cache, &gl) != 1) -			GF_FREE(gl.gl_list); -	}  	/* RPC enforces the GF_AUTH_GLUSTERFS_MAX_GROUPS limit */  	if (ngroups > max_groups) { @@ -115,16 +97,24 @@ nfs_fix_groups (xlator_t *this, call_stack_t *root)  				     "too many groups, reducing %d -> %d",  				     ngroups, max_groups); -		ngroups = max_groups;  	}  	/* Copy data to the frame. */ -        for (i = 0; i < ngroups; ++i) { +        for (i = 0; i < ngroups && i < max_groups; ++i) {                  gf_msg_trace (this->name, 0, "%s is in group %u",                                result->pw_name, mygroups[i]);                  root->groups[i] = mygroups[i];          }          root->ngrps = ngroups; + +        /* Add the group data to the cache. */ +        gl.gl_list = mygroups; +        gl.gl_id = root->uid; +        gl.gl_uid = 0; +        gl.gl_gid = 0; +        gl.gl_count = ngroups; +        if (gid_cache_add(&priv->gid_cache, &gl) != 1) +                GF_FREE(mygroups);  }  struct nfs_fop_local * | 
