Received: by 2002:a25:8b12:0:0:0:0:0 with SMTP id i18csp1430479ybl; Wed, 28 Aug 2019 14:44:53 -0700 (PDT) X-Google-Smtp-Source: APXvYqxILnolyVX75MyamCDSYJK75K0fDNdyRsyjW4kRU6vJ0yX6ZGYWI7g8tNxVFuOgKn8Fft+1 X-Received: by 2002:a62:db86:: with SMTP id f128mr7062720pfg.159.1567028693622; Wed, 28 Aug 2019 14:44:53 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1567028693; cv=none; d=google.com; s=arc-20160816; b=BO7ig7H8EsBuhkr06HvVzGSlx6ZruV5bY7g7u8zVq7K7PKZFFQhb2z9ToMJe+lsDu5 2d2nfJ5y5TnUYR9808Hi2ijaRlV5+e64peIPDp6F01uvhxaAZG8RLKEsN7Ehx/d6mRx0 p2uum+QB+E8yyMmxfvBvo+sOKQXLhYV1O5ZI1Uw4rCts4+4hNRviozHryd11+QK20Pqx IRocG734OPf8OdT5A3DJioYPkmji9BktHT80E0YVds93DkzTzIM2e4myiB7wDEpT2QiQ shsPIr1NWI6rRDTpHbr07nERqo8RRHrA9TKkQXbaKl8oX6B+AcF+19LUPBD0gI6iGHWY l3aQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date; bh=MyYbB7ldEY+XH/wNe3UnWe2XauVVfToLx8zFJcLC8Tc=; b=zxgh9L1705ZbKdNdXM/4QJE0Z5XX5MuIKFWyhskOMBs6ep0qp8i1MFZ9uH+A43pHH1 /cDj+xoVahVgJUThPs6pEdZoD6InpNc6HoBPcEDlYmgYeHT4jAv9blisRdqRNmiCpWtX BGlBGdA3Tdgw4nKLKlamgYkf+cu9VQGx3YwYZjeLIVSEy4/6o0BEKHfgN9KIsv8xIQI3 4wLzAVokS8TJWd2WI/mu9CpPMqDGbSoDYhjdJktjXpR6NbehUhf2latn2t6+khR6vtwv eynZySzjG2CRmjqOci1k3B1ObFc13l7R3IAMq0eSUlsSsSMuC9cIJDEFY6NdbhbXk+1U 1xzw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-nfs-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-nfs-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id v189si398546pfv.99.2019.08.28.14.44.32; Wed, 28 Aug 2019 14:44:53 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-nfs-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-nfs-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-nfs-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726735AbfH1Voc (ORCPT + 99 others); Wed, 28 Aug 2019 17:44:32 -0400 Received: from fieldses.org ([173.255.197.46]:49498 "EHLO fieldses.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726725AbfH1Vob (ORCPT ); Wed, 28 Aug 2019 17:44:31 -0400 Received: by fieldses.org (Postfix, from userid 2815) id 5C10F7CC; Wed, 28 Aug 2019 17:44:31 -0400 (EDT) Date: Wed, 28 Aug 2019 17:44:31 -0400 From: "bfields@fieldses.org" To: Trond Myklebust Cc: "linux-nfs@vger.kernel.org" , "aglo@umich.edu" , "louis.devandiere@atos.net" Subject: Re: Maximum Number of ACL on NFSv4 Message-ID: <20190828214431.GB32010@fieldses.org> References: <20190826164600.GD28580@ndevos-x270> <20190828180541.GC29148@fieldses.org> <20190828192931.GA30217@fieldses.org> <848b2abbedb5147e7a7e527111018fb04ec9ed7d.camel@hammerspace.com> <20190828210615.GA32010@fieldses.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.21 (2010-09-15) Sender: linux-nfs-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-nfs@vger.kernel.org On Wed, Aug 28, 2019 at 09:26:20PM +0000, Trond Myklebust wrote: > On Wed, 2019-08-28 at 17:06 -0400, bfields@fieldses.org wrote: > > On Wed, Aug 28, 2019 at 08:25:16PM +0000, Trond Myklebust wrote: > > > Umm... Don't forget that NFSv4 ACL aces are typically much larger > > > than > > > POSIX ACL aces because the user/group names are encoded as strings, > > > not > > > binary uids and gids. > > > > > > IOW: The size of the RPC message is likely to be a lot larger than > > > the > > > resulting POSIX ACL... > > > > Actually this limit is post-idmapping, but, yes, before NFSv4->Posix > > mapping (complicated in itself), which is why I talked about having > > to > > estimate. > > > > More interested to hear what you think about whether we need a limit > > at > > all. Do we have any ideas how big is too big a number to pass to > > kmalloc? Or is it OK to just let anything through and let kmalloc > > fail? > > > > A NFSv4.x client is always required to respect the max request size as > negotiated during CREATE_SESSION, so there is an upper limit right > there. On Linux, the client will never try to negotiate a limit greater > than 1MB. The limit's actually a sanity check on the number of ACEs. Since that's what we're about to use in the kmalloc; in the ACL xdr decoding: if (nace > NFS4_ACL_MAX) return nfserr_fbig; *acl = svcxdr_tmpalloc(argp, nfs4_acl_bytes(nace)); Maybe the simplest thing is only to reject an nace value that'd be impossible given the size of the rpc call. --b.