diff options
| author | Csaba Henk <csaba@redhat.com> | 2017-07-05 17:48:37 +0200 |
|---|---|---|
| committer | Jeff Darcy <jeff@pl.atyp.us> | 2017-07-06 18:26:08 +0000 |
| commit | e14ea3f5c37475e12a3b7fb7bd3165b0a4e77c51 (patch) | |
| tree | 7ef467ec7fa1761379a101ada475f504c479a42f /xlators/nfs | |
| parent | fc73ae5f81ef5926e3dc2311db116250d0f2a321 (diff) | |
groups: don't allocate auxiliary gid list on stack
When glusterfs wants to retrieve the list of auxiliary gids
of a user, it typically allocates a sufficiently big gid_t
array on stack and calls getgrouplist(3) with it. However,
"sufficiently big" means to be of maximum supported gid list
size, which in GlusterFS is GF_MAX_AUX_GROUPS = 64k.
That means a 64k * sizeof(gid_t) = 256k allocation, which is
big enough to overflow the stack in certain cases.
A further observation is that stack allocation of the gid list
brings no gain, as in all cases the content of the gid list
eventually gets copied over to a heap allocated buffer.
So we add a convenience wrapper of getgrouplist to libglusterfs
called gf_getgrouplist which calls getgrouplist with a sufficiently
big heap allocated buffer (it takes care of the allocation too).
We are porting all the getgrouplist invocations to gf_getgrouplist
and thus eliminate the huge stack allocation.
BUG: 1464327
Change-Id: Icea76d0d74dcf2f87d26cb299acc771ca3b32d2b
Signed-off-by: Csaba Henk <csaba@redhat.com>
Reviewed-on: https://review.gluster.org/17706
Smoke: Gluster Build System <jenkins@build.gluster.org>
Reviewed-by: Niels de Vos <ndevos@redhat.com>
Reviewed-by: Amar Tumballi <amarts@redhat.com>
CentOS-regression: Gluster Build System <jenkins@build.gluster.org>
Diffstat (limited to 'xlators/nfs')
| -rw-r--r-- | xlators/nfs/server/src/nfs-fops.c | 36 |
1 files changed, 13 insertions, 23 deletions
diff --git a/xlators/nfs/server/src/nfs-fops.c b/xlators/nfs/server/src/nfs-fops.c index f6361f02161..28b1781f4b1 100644 --- a/xlators/nfs/server/src/nfs-fops.c +++ b/xlators/nfs/server/src/nfs-fops.c @@ -8,7 +8,6 @@ cases as published by the Free Software Foundation. */ -#include <grp.h> #include <pwd.h> #include "dict.h" @@ -34,12 +33,7 @@ nfs_fix_groups (xlator_t *this, call_stack_t *root) struct passwd mypw; char mystrs[1024]; struct passwd *result; -#ifdef GF_DARWIN_HOST_OS - /* BSD/DARWIN does not correctly uses gid_t in getgrouplist */ - int mygroups[GF_MAX_AUX_GROUPS]; -#else - gid_t mygroups[GF_MAX_AUX_GROUPS]; -#endif + gid_t *mygroups; int ngroups; int i; int max_groups; @@ -88,25 +82,13 @@ nfs_fix_groups (xlator_t *this, call_stack_t *root) gf_msg_trace (this->name, 0, "mapped %u => %s", root->uid, result->pw_name); - ngroups = GF_MAX_AUX_GROUPS; - if (getgrouplist(result->pw_name,root->gid,mygroups,&ngroups) == -1) { + ngroups = gf_getgrouplist (result->pw_name, root->gid, &mygroups); + if (ngroups == -1) { gf_msg (this->name, GF_LOG_ERROR, 0, NFS_MSG_MAP_GRP_LIST_FAIL, "could not map %s to group list", result->pw_name); return; } - /* Add the group data to the cache. */ - gl.gl_list = GF_CALLOC(ngroups, sizeof(gid_t), gf_nfs_mt_aux_gids); - if (gl.gl_list) { - /* It's not fatal if the alloc failed. */ - gl.gl_id = root->uid; - gl.gl_uid = 0; - gl.gl_gid = 0; - gl.gl_count = ngroups; - memcpy(gl.gl_list, mygroups, sizeof(gid_t) * ngroups); - if (gid_cache_add(&priv->gid_cache, &gl) != 1) - GF_FREE(gl.gl_list); - } /* RPC enforces the GF_AUTH_GLUSTERFS_MAX_GROUPS limit */ if (ngroups > max_groups) { @@ -115,16 +97,24 @@ nfs_fix_groups (xlator_t *this, call_stack_t *root) "too many groups, reducing %d -> %d", ngroups, max_groups); - ngroups = max_groups; } /* Copy data to the frame. */ - for (i = 0; i < ngroups; ++i) { + for (i = 0; i < ngroups && i < max_groups; ++i) { gf_msg_trace (this->name, 0, "%s is in group %u", result->pw_name, mygroups[i]); root->groups[i] = mygroups[i]; } root->ngrps = ngroups; + + /* Add the group data to the cache. */ + gl.gl_list = mygroups; + gl.gl_id = root->uid; + gl.gl_uid = 0; + gl.gl_gid = 0; + gl.gl_count = ngroups; + if (gid_cache_add(&priv->gid_cache, &gl) != 1) + GF_FREE(mygroups); } struct nfs_fop_local * |