summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--libglusterfs/src/glusterfs.h2
-rw-r--r--libglusterfs/src/mem-types.h3
-rw-r--r--libglusterfs/src/stack.h33
-rw-r--r--libglusterfs/src/syncop.h17
-rw-r--r--xlators/mount/fuse/src/fuse-helpers.c23
-rw-r--r--xlators/nfs/server/src/nfs-fops.c6
-rw-r--r--xlators/protocol/server/src/server-helpers.c3
7 files changed, 75 insertions, 12 deletions
diff --git a/libglusterfs/src/glusterfs.h b/libglusterfs/src/glusterfs.h
index dbb2b58d951..ac0c8126735 100644
--- a/libglusterfs/src/glusterfs.h
+++ b/libglusterfs/src/glusterfs.h
@@ -148,7 +148,7 @@
/* TODO: Keeping it to 200, so that we can fit in 2KB buffer for auth data
* in RPC server code, if there is ever need for having more aux-gids, then
* we have to add aux-gid in payload of actors */
-#define GF_MAX_AUX_GROUPS 200
+#define GF_MAX_AUX_GROUPS 65536
#define GF_UUID_BUF_SIZE 50
diff --git a/libglusterfs/src/mem-types.h b/libglusterfs/src/mem-types.h
index 4c78f46071e..fea54c35ebc 100644
--- a/libglusterfs/src/mem-types.h
+++ b/libglusterfs/src/mem-types.h
@@ -108,6 +108,7 @@ enum gf_common_mem_types_ {
gf_common_mt_drc_globals_t = 92,
gf_common_mt_drc_rbtree_node_t = 93,
gf_common_mt_iov_base_t = 94,
- gf_common_mt_end = 95,
+ gf_common_mt_groups_t = 95,
+ gf_common_mt_end = 96
};
#endif
diff --git a/libglusterfs/src/stack.h b/libglusterfs/src/stack.h
index a91b635e47e..0e8b705bdf7 100644
--- a/libglusterfs/src/stack.h
+++ b/libglusterfs/src/stack.h
@@ -82,6 +82,8 @@ struct _call_frame_t {
const char *unwind_to;
};
+#define SMALL_GROUP_COUNT 128
+
struct _call_stack_t {
union {
struct list_head all_frames;
@@ -99,7 +101,9 @@ struct _call_stack_t {
gid_t gid;
pid_t pid;
uint16_t ngrps;
- uint32_t groups[GF_MAX_AUX_GROUPS];
+ uint32_t groups_small[SMALL_GROUP_COUNT];
+ uint32_t *groups_large;
+ uint32_t *groups;
gf_lkowner_t lk_owner;
glusterfs_ctx_t *ctx;
@@ -174,6 +178,9 @@ STACK_DESTROY (call_stack_t *stack)
while (stack->frames.next) {
FRAME_DESTROY (stack->frames.next);
}
+
+ GF_FREE (stack->groups_large);
+
mem_put (stack);
if (local)
@@ -370,6 +377,24 @@ STACK_RESET (call_stack_t *stack)
} while (0)
+static inline int
+call_stack_alloc_groups (call_stack_t *stack, int ngrps)
+{
+ if (ngrps <= SMALL_GROUP_COUNT) {
+ stack->groups = stack->groups_small;
+ } else {
+ stack->groups_large = GF_CALLOC (sizeof (gid_t), ngrps,
+ gf_common_mt_groups_t);
+ if (!stack->groups_large)
+ return -1;
+ stack->groups = stack->groups_large;
+ }
+
+ stack->ngrps = ngrps;
+
+ return 0;
+}
+
static inline call_frame_t *
copy_frame (call_frame_t *frame)
{
@@ -393,8 +418,12 @@ copy_frame (call_frame_t *frame)
newstack->ngrps = oldstack->ngrps;
newstack->op = oldstack->op;
newstack->type = oldstack->type;
+ if (call_stack_alloc_groups (newstack, oldstack->ngrps) != 0) {
+ mem_put (newstack);
+ return NULL;
+ }
memcpy (newstack->groups, oldstack->groups,
- sizeof (gid_t) * GF_MAX_AUX_GROUPS);
+ sizeof (gid_t) * oldstack->ngrps);
newstack->unique = oldstack->unique;
newstack->frames.this = frame->this;
diff --git a/libglusterfs/src/syncop.h b/libglusterfs/src/syncop.h
index 43e71c4f6f8..c4b339ee7ba 100644
--- a/libglusterfs/src/syncop.h
+++ b/libglusterfs/src/syncop.h
@@ -240,6 +240,7 @@ static inline call_frame_t *
syncop_create_frame (xlator_t *this)
{
call_frame_t *frame = NULL;
+ int ngrps = -1;
frame = create_frame (this, this->ctx->pool);
if (!frame)
@@ -248,7 +249,21 @@ syncop_create_frame (xlator_t *this)
frame->root->pid = getpid();
frame->root->uid = geteuid ();
frame->root->gid = getegid ();
- frame->root->ngrps = getgroups (GF_MAX_AUX_GROUPS, frame->root->groups);
+ ngrps = getgroups (0, 0);
+ if (ngrps < 0) {
+ STACK_DESTROY (frame->root);
+ return NULL;
+ }
+
+ if (call_stack_alloc_groups (frame->root, ngrps) != 0) {
+ STACK_DESTROY (frame->root);
+ return NULL;
+ }
+
+ if (getgroups (ngrps, frame->root->groups) < 0) {
+ STACK_DESTROY (frame->root);
+ return NULL;
+ }
return frame;
}
diff --git a/xlators/mount/fuse/src/fuse-helpers.c b/xlators/mount/fuse/src/fuse-helpers.c
index 4ea3094d1b5..d29c31651bc 100644
--- a/xlators/mount/fuse/src/fuse-helpers.c
+++ b/xlators/mount/fuse/src/fuse-helpers.c
@@ -14,9 +14,6 @@
#include <sys/sysctl.h>
#endif
-#ifndef GF_REQUEST_MAXGROUPS
-#define GF_REQUEST_MAXGROUPS 16
-#endif /* GF_REQUEST_MAXGROUPS */
static void
fuse_resolve_wipe (fuse_resolve_t *resolve)
@@ -138,6 +135,7 @@ get_fuse_state (xlator_t *this, fuse_in_header_t *finh)
}
+#define FUSE_MAX_AUX_GROUPS 32 /* We can get only up to 32 aux groups from /proc */
void
frame_fill_groups (call_frame_t *frame)
{
@@ -160,6 +158,9 @@ frame_fill_groups (call_frame_t *frame)
if (!fp)
goto out;
+ if (call_stack_alloc_groups (frame->root, FUSE_MAX_AUX_GROUPS) != 0)
+ goto out;
+
while ((ptr = fgets (line, sizeof line, fp))) {
if (strncmp (ptr, "Groups:", 7) != 0)
continue;
@@ -176,7 +177,7 @@ frame_fill_groups (call_frame_t *frame)
if (!endptr || *endptr)
break;
frame->root->groups[idx++] = id;
- if (idx == GF_MAX_AUX_GROUPS)
+ if (idx == FUSE_MAX_AUX_GROUPS)
break;
}
@@ -192,6 +193,7 @@ out:
prcred_t *prcred = (prcred_t *) scratch;
FILE *fp = NULL;
int ret = 0;
+ int ngrps;
ret = snprintf (filename, sizeof filename,
"/proc/%d/cred", frame->root->pid);
@@ -200,8 +202,11 @@ out:
fp = fopen (filename, "r");
if (fp != NULL) {
if (fgets (scratch, sizeof scratch, fp) != NULL) {
- frame->root->ngrps = MIN(prcred->pr_ngroups,
- GF_REQUEST_MAXGROUPS);
+ ngrps = MIN(prcred->pr_ngroups,
+ GF_MAX_AUX_GROUPS);
+ if (call_stack_alloc_groups (frame->root,
+ ngrps) != 0)
+ return;
}
fclose (fp);
}
@@ -226,7 +231,9 @@ out:
if (sysctl(name, namelen, &kp, &kplen, NULL, 0) != 0)
return;
- ngroups = MIN(kp.kp_eproc.e_ucred.cr_ngroups, GF_REQUEST_MAXGROUPS);
+ ngroups = MIN(kp.kp_eproc.e_ucred.cr_ngroups, GF_MAX_AUX_GROUPS);
+ if (call_stack_alloc_groups (frame->root, ngroups) != 0)
+ return;
for (i = 0; i < ngroups; i++)
frame->root->groups[i] = kp.kp_eproc.e_ucred.cr_groups[i];
frame->root->ngrps = ngroups;
@@ -257,6 +264,8 @@ static void get_groups(fuse_private_t *priv, call_frame_t *frame)
gl = gid_cache_lookup(&priv->gid_cache, frame->root->pid);
if (gl) {
+ if (call_stack_alloc_groups (frame->root, gl->gl_count) != 0)
+ return;
frame->root->ngrps = gl->gl_count;
for (i = 0; i < gl->gl_count; i++)
frame->root->groups[i] = gl->gl_list[i];
diff --git a/xlators/nfs/server/src/nfs-fops.c b/xlators/nfs/server/src/nfs-fops.c
index fa8f7319a55..2b6b741cda1 100644
--- a/xlators/nfs/server/src/nfs-fops.c
+++ b/xlators/nfs/server/src/nfs-fops.c
@@ -191,6 +191,12 @@ nfs_create_frame (xlator_t *xl, nfs_user_t *nfu)
frame = create_frame (xl, (call_pool_t *)xl->ctx->pool);
if (!frame)
goto err;
+ if (call_stack_alloc_groups (frame->root, nfu->ngrps) != 0) {
+ STACK_DESTROY (frame->root);
+ frame = NULL;
+ goto err;
+ }
+
frame->root->pid = NFS_PID;
frame->root->uid = nfu->uid;
frame->root->gid = nfu->gids[NFS_PRIMGID_IDX];
diff --git a/xlators/protocol/server/src/server-helpers.c b/xlators/protocol/server/src/server-helpers.c
index c8d42505603..2da1607692e 100644
--- a/xlators/protocol/server/src/server-helpers.c
+++ b/xlators/protocol/server/src/server-helpers.c
@@ -26,6 +26,9 @@ server_decode_groups (call_frame_t *frame, rpcsvc_request_t *req)
GF_VALIDATE_OR_GOTO ("server", frame, out);
GF_VALIDATE_OR_GOTO ("server", req, out);
+ if (call_stack_alloc_groups (frame->root, req->auxgidcount) != 0)
+ return -1;
+
frame->root->ngrps = req->auxgidcount;
if (frame->root->ngrps == 0)
return 0;