From: Chuck Lever <chuck.lever@oracle.com>
To: Olga Kornievskaia <aglo@umich.edu>
Cc: Trond Myklebust <trondmy@hammerspace.com>,
Linux NFS Mailing List <linux-nfs@vger.kernel.org>
Subject: Re: acls+kerberos (limitation)
Date: Fri, 20 Dec 2019 15:11:43 -0500 [thread overview]
Message-ID: <AD3D5C4D-25C5-4457-9F3A-4EFC703911B4@oracle.com> (raw)
In-Reply-To: <CAN-5tyF1iJsm6CSezZ4HGaWSU-5w4Q1W3_e8f6V6v9Uk+B6+Ag@mail.gmail.com>
> On Dec 20, 2019, at 3:04 PM, Olga Kornievskaia <aglo@umich.edu> wrote:
>
> On Fri, Dec 20, 2019 at 1:28 PM Chuck Lever <chuck.lever@oracle.com> wrote:
>>
>>
>>
>>> On Dec 20, 2019, at 1:15 PM, Olga Kornievskaia <aglo@umich.edu> wrote:
>>>
>>> On Wed, Dec 18, 2019 at 2:34 PM Chuck Lever <chuck.lever@oracle.com> wrote:
>>>>
>>>>
>>>>
>>>>> On Dec 18, 2019, at 2:31 PM, Olga Kornievskaia <aglo@umich.edu> wrote:
>>>>>
>>>>> On Wed, Dec 18, 2019 at 2:05 PM Trond Myklebust <trondmy@hammerspace.com> wrote:
>>>>>>
>>>>>> On Wed, 2019-12-18 at 12:47 -0500, Olga Kornievskaia wrote:
>>>>>>> Hi folks,
>>>>>>>
>>>>>>> Is this a well know but undocumented fact that you can't set large
>>>>>>> amount of acls (over 4096bytes, ~90acls) while mounted using
>>>>>>> krb5i/krb5p? That if you want to get/set large acls, it must be done
>>>>>>> over auth_sys/krb5?
>>>>>>>
>>>>>>
>>>>>> It's certainly not something that I was aware of. Do you see where that
>>>>>> limitation is coming from?
>>>>>
>>>>> I haven't figure it exactly but gss_unwrap_resp_integ() is failing in
>>>>> if (mic_offset > rcv_buf->len). I'm just not sure who sets up the
>>>>> buffer (or why rvc_buf->len is (4280) larger than a page can a
>>>>> page-limit might make sense to for me but it's not). So you think it
>>>>> should have been working.
>>>>
>>>> The buffer is set up in the XDR encoder. But pages can be added
>>>> by the transport... I guess rcv_buf->len isn't updated when that
>>>> happens.
>>>>
>>>
>>> Here's why the acl+krbi/krb5p is failing.
>>>
>>> acl tool first calls into the kernel to find out how large of a buffer
>>> it needs to supply and gets acl size then calls down again then code
>>> in __nfs4_get_acl_uncached() allocates a number of pages (this what
>>> set's the available buffer length later used by the sunrpc code). That
>>> works for non-integrity because in call_decode() the call
>>> rpc_unwrap_resp() doesn't try to calculate the checksum on the buffer
>>> that was just read. However, when its krb5i/krb5p we have truncated
>>> buffer and mic offset that's larger than the existing buffer.
>>>
>>> I think something needs to be marked to skip doing gss for the initial
>>> acl query? I first try providing more space in
>>> __nfs4_get_acl_uncached() for when authflavor=krb5i/krb5p and buflen=0
>>> but no matter what the number is the received acl can be larger than
>>> that thus I don't think that's a good approach.
>>
>> It's not strictly true that the received ACL can be always be larger.
>> There is an upper bound on request sizes.
>>
>> My preference has always been to allocate a receive buffer of the maximum
>> size before the call, just like every other request works. I can't think
>> of any reason why retrieving an ACL has to be different. Then we can get
>> rid of the hack in the transports to fill in those pages behind the back
>> of the upper layers.
>>
>> The issue here has always been that there's no way for the client to
>> discover the number of bytes it needs to retrieve before it sets up the
>> GETACL.
>>
>> For NFSv4.1+ you can probably assume that the ACL will never be larger
>> than the session's maximum reply size.
>>
>> For NFSv4.0 you'll have to make something up.
>>
>> But allocating a large receive buffer for this request is the only way to
>> make the receive reliable. You should be able to do that by stuffing the
>> recv XDR buffer with individual pages, just like nfsd does, in GETACL's
>> encoding function.
>>
>> Others might have a different opinion. Or I might have completely
>> misunderstood the issue.
>>
>
> Putting a limit would be easier. I thought of using rsize (wsize) as
> we can't get anything larger than in the payload that but that's not
> possible. Because the code sets limits based on XATTR_MAX_SIZE which
> is a linux server side limitation and it doesn't seem to be
> appropriate to be applied as a generic implementation. Would it be ok
> to change the static memory allocation to be dynamic and based on the
> rsize? Thoughts?
Why is using the NFSv4.1 session max reply size not possible? For
NFSv4.0, rsize seems reasonable to me.
--
Chuck Lever
next prev parent reply other threads:[~2019-12-20 20:11 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-12-18 17:47 acls+kerberos (limitation) Olga Kornievskaia
2019-12-18 19:05 ` Trond Myklebust
2019-12-18 19:31 ` Olga Kornievskaia
2019-12-18 19:34 ` Chuck Lever
2019-12-20 18:15 ` Olga Kornievskaia
2019-12-20 18:28 ` Chuck Lever
2019-12-20 20:04 ` Olga Kornievskaia
2019-12-20 20:11 ` Chuck Lever [this message]
2019-12-20 20:53 ` Olga Kornievskaia
2019-12-20 20:57 ` Chuck Lever
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=AD3D5C4D-25C5-4457-9F3A-4EFC703911B4@oracle.com \
--to=chuck.lever@oracle.com \
--cc=aglo@umich.edu \
--cc=linux-nfs@vger.kernel.org \
--cc=trondmy@hammerspace.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).