From owner-svn-src-all@FreeBSD.ORG Wed Feb 24 22:16:17 2010 Return-Path: Delivered-To: svn-src-all@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 78CA2106566C; Wed, 24 Feb 2010 22:16:17 +0000 (UTC) (envelope-from brooks@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c]) by mx1.freebsd.org (Postfix) with ESMTP id 658F58FC17; Wed, 24 Feb 2010 22:16:17 +0000 (UTC) Received: from svn.freebsd.org (localhost [127.0.0.1]) by svn.freebsd.org (8.14.3/8.14.3) with ESMTP id o1OMGHnI020603; Wed, 24 Feb 2010 22:16:17 GMT (envelope-from brooks@svn.freebsd.org) Received: (from brooks@localhost) by svn.freebsd.org (8.14.3/8.14.3/Submit) id o1OMGHVj020591; Wed, 24 Feb 2010 22:16:17 GMT (envelope-from brooks@svn.freebsd.org) Message-Id: <201002242216.o1OMGHVj020591@svn.freebsd.org> From: Brooks Davis Date: Wed, 24 Feb 2010 22:16:17 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-8@freebsd.org X-SVN-Group: stable-8 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Cc: Subject: svn commit: r204293 - in stable/8/sys: boot/forth compat/linux compat/svr4 i386/ibcs2 kern rpc security/audit sys X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 24 Feb 2010 22:16:17 -0000 Author: brooks Date: Wed Feb 24 22:16:16 2010 New Revision: 204293 URL: http://svn.freebsd.org/changeset/base/204293 Log: MFC r202143,202163,202341,202342,204278 Replace the static NGROUPS=NGROUPS_MAX+1=1024 with a dynamic kern.ngroups+1. kern.ngroups can range from NGROUPS_MAX=1023 to somewhere in the neighborhood of INT_MAX/4 one a system with sufficent RAM and memory bandwidth. Given that the Windows group limit is 1024, this range should be sufficient for most applications r202342: Only allocate the space we need before calling kern_getgroups instead of allocating what ever the user asks for up to "ngroups_max + 1". On systems with large values of kern.ngroups this will be more efficient. The now redundant check that the array is large enough in kern_getgroups() is deliberate to allow this change to be merged to stable/8 without breaking potential third party consumers of the API. Modified: stable/8/sys/boot/forth/loader.conf stable/8/sys/compat/linux/linux_misc.c stable/8/sys/compat/linux/linux_uid16.c stable/8/sys/compat/svr4/svr4_misc.c stable/8/sys/i386/ibcs2/ibcs2_misc.c stable/8/sys/kern/kern_mib.c stable/8/sys/kern/kern_prot.c stable/8/sys/kern/subr_param.c stable/8/sys/rpc/authunix_prot.c stable/8/sys/security/audit/audit_arg.c stable/8/sys/sys/systm.h Directory Properties: stable/8/sys/ (props changed) stable/8/sys/amd64/include/xen/ (props changed) stable/8/sys/cddl/contrib/opensolaris/ (props changed) stable/8/sys/contrib/dev/acpica/ (props changed) stable/8/sys/contrib/pf/ (props changed) stable/8/sys/dev/xen/xenpci/ (props changed) stable/8/sys/netinet/ (props changed) Modified: stable/8/sys/boot/forth/loader.conf ============================================================================== --- stable/8/sys/boot/forth/loader.conf Wed Feb 24 22:04:49 2010 (r204292) +++ stable/8/sys/boot/forth/loader.conf Wed Feb 24 22:16:16 2010 (r204293) @@ -101,6 +101,7 @@ module_path="/boot/modules" # Set the mo #kern.maxusers="32" # Set size of various static tables #kern.nbuf="" # Set the number of buffer headers #kern.ncallout="" # Set the maximum # of timer events +#kern.ngroups="1023" # Set the maximum # of supplemental groups #kern.sgrowsiz="" # Set the amount to grow stack #kern.cam.scsi_delay="2000" # Delay (in ms) before probing SCSI #kern.ipc.maxsockets="" # Set the maximum number of sockets avaliable Modified: stable/8/sys/compat/linux/linux_misc.c ============================================================================== --- stable/8/sys/compat/linux/linux_misc.c Wed Feb 24 22:04:49 2010 (r204292) +++ stable/8/sys/compat/linux/linux_misc.c Wed Feb 24 22:16:16 2010 (r204293) @@ -1138,7 +1138,7 @@ linux_setgroups(struct thread *td, struc struct proc *p; ngrp = args->gidsetsize; - if (ngrp < 0 || ngrp >= NGROUPS) + if (ngrp < 0 || ngrp >= ngroups_max + 1) return (EINVAL); linux_gidset = malloc(ngrp * sizeof(*linux_gidset), M_TEMP, M_WAITOK); error = copyin(args->grouplist, linux_gidset, ngrp * sizeof(l_gid_t)); Modified: stable/8/sys/compat/linux/linux_uid16.c ============================================================================== --- stable/8/sys/compat/linux/linux_uid16.c Wed Feb 24 22:04:49 2010 (r204292) +++ stable/8/sys/compat/linux/linux_uid16.c Wed Feb 24 22:16:16 2010 (r204293) @@ -109,7 +109,7 @@ linux_setgroups16(struct thread *td, str #endif ngrp = args->gidsetsize; - if (ngrp < 0 || ngrp >= NGROUPS) + if (ngrp < 0 || ngrp >= ngroups_max + 1) return (EINVAL); linux_gidset = malloc(ngrp * sizeof(*linux_gidset), M_TEMP, M_WAITOK); error = copyin(args->gidset, linux_gidset, ngrp * sizeof(l_gid16_t)); Modified: stable/8/sys/compat/svr4/svr4_misc.c ============================================================================== --- stable/8/sys/compat/svr4/svr4_misc.c Wed Feb 24 22:04:49 2010 (r204292) +++ stable/8/sys/compat/svr4/svr4_misc.c Wed Feb 24 22:16:16 2010 (r204293) @@ -708,7 +708,7 @@ svr4_sys_sysconfig(td, uap) switch (uap->name) { case SVR4_CONFIG_NGROUPS: - *retval = NGROUPS_MAX; + *retval = ngroups_max; break; case SVR4_CONFIG_CHILD_MAX: *retval = maxproc; Modified: stable/8/sys/i386/ibcs2/ibcs2_misc.c ============================================================================== --- stable/8/sys/i386/ibcs2/ibcs2_misc.c Wed Feb 24 22:04:49 2010 (r204292) +++ stable/8/sys/i386/ibcs2/ibcs2_misc.c Wed Feb 24 22:16:16 2010 (r204293) @@ -663,9 +663,13 @@ ibcs2_getgroups(td, uap) u_int i, ngrp; int error; - if (uap->gidsetsize < 0) - return (EINVAL); - ngrp = MIN(uap->gidsetsize, NGROUPS); + if (uap->gidsetsize < td->td_ucred->cr_ngroups) { + if (uap->gidsetsize == 0) + ngrp = 0; + else + return (EINVAL); + } else + ngrp = td->td_ucred->cr_ngroups; gp = malloc(ngrp * sizeof(*gp), M_TEMP, M_WAITOK); error = kern_getgroups(td, &ngrp, gp); if (error) @@ -693,7 +697,7 @@ ibcs2_setgroups(td, uap) gid_t *gp; int error, i; - if (uap->gidsetsize < 0 || uap->gidsetsize > NGROUPS) + if (uap->gidsetsize < 0 || uap->gidsetsize > ngroups_max + 1) return (EINVAL); if (uap->gidsetsize && uap->gidset == NULL) return (EINVAL); Modified: stable/8/sys/kern/kern_mib.c ============================================================================== --- stable/8/sys/kern/kern_mib.c Wed Feb 24 22:04:49 2010 (r204292) +++ stable/8/sys/kern/kern_mib.c Wed Feb 24 22:16:16 2010 (r204293) @@ -124,8 +124,8 @@ SYSCTL_INT(_kern, KERN_ARGMAX, argmax, C SYSCTL_INT(_kern, KERN_POSIX1, posix1version, CTLFLAG_RD, 0, _POSIX_VERSION, "Version of POSIX attempting to comply to"); -SYSCTL_INT(_kern, KERN_NGROUPS, ngroups, CTLFLAG_RD, - 0, NGROUPS_MAX, +SYSCTL_INT(_kern, KERN_NGROUPS, ngroups, CTLFLAG_RDTUN, + &ngroups_max, 0, "Maximum number of supplemental groups a user can belong to"); SYSCTL_INT(_kern, KERN_JOB_CONTROL, job_control, CTLFLAG_RD, Modified: stable/8/sys/kern/kern_prot.c ============================================================================== --- stable/8/sys/kern/kern_prot.c Wed Feb 24 22:04:49 2010 (r204292) +++ stable/8/sys/kern/kern_prot.c Wed Feb 24 22:16:16 2010 (r204293) @@ -283,7 +283,13 @@ getgroups(struct thread *td, register st u_int ngrp; int error; - ngrp = MIN(uap->gidsetsize, NGROUPS); + if (uap->gidsetsize < td->td_ucred->cr_ngroups) { + if (uap->gidsetsize == 0) + ngrp = 0; + else + return (EINVAL); + } else + ngrp = td->td_ucred->cr_ngroups; groups = malloc(ngrp * sizeof(*groups), M_TEMP, M_WAITOK); error = kern_getgroups(td, &ngrp, groups); if (error) @@ -796,7 +802,7 @@ setgroups(struct thread *td, struct setg gid_t *groups = NULL; int error; - if (uap->gidsetsize > NGROUPS) + if (uap->gidsetsize > ngroups_max + 1) return (EINVAL); groups = malloc(uap->gidsetsize * sizeof(gid_t), M_TEMP, M_WAITOK); error = copyin(uap->gidset, groups, uap->gidsetsize * sizeof(gid_t)); @@ -815,7 +821,7 @@ kern_setgroups(struct thread *td, u_int struct ucred *newcred, *oldcred; int error; - if (ngrp > NGROUPS) + if (ngrp > ngroups_max + 1) return (EINVAL); AUDIT_ARG_GROUPSET(groups, ngrp); newcred = crget(); @@ -2022,14 +2028,14 @@ crsetgroups_locked(struct ucred *cr, int /* * Copy groups in to a credential after expanding it if required. - * Truncate the list to NGROUPS if it is too large. + * Truncate the list to (ngroups_max + 1) if it is too large. */ void crsetgroups(struct ucred *cr, int ngrp, gid_t *groups) { - if (ngrp > NGROUPS) - ngrp = NGROUPS; + if (ngrp > ngroups_max + 1) + ngrp = ngroups_max + 1; crextend(cr, ngrp); crsetgroups_locked(cr, ngrp, groups); Modified: stable/8/sys/kern/subr_param.c ============================================================================== --- stable/8/sys/kern/subr_param.c Wed Feb 24 22:04:49 2010 (r204292) +++ stable/8/sys/kern/subr_param.c Wed Feb 24 22:16:16 2010 (r204293) @@ -40,6 +40,7 @@ __FBSDID("$FreeBSD$"); #include "opt_param.h" #include "opt_maxusers.h" +#include #include #include #include @@ -88,6 +89,7 @@ int maxfiles; /* sys. wide open files int maxfilesperproc; /* per-proc open files limit */ int ncallout; /* maximum # of timer events */ int nbuf; +int ngroups_max; /* max # groups per process */ int nswbuf; long maxswzone; /* max swmeta KVA storage */ long maxbcache; /* max buffer cache KVA storage */ @@ -228,6 +230,16 @@ init_param1(void) TUNABLE_ULONG_FETCH("kern.maxssiz", &maxssiz); sgrowsiz = SGROWSIZ; TUNABLE_ULONG_FETCH("kern.sgrowsiz", &sgrowsiz); + + /* + * Let the administrator set {NGROUPS_MAX}, but disallow values + * less than NGROUPS_MAX which would violate POSIX.1-2008 or + * greater than INT_MAX-1 which would result in overflow. + */ + ngroups_max = NGROUPS_MAX; + TUNABLE_INT_FETCH("kern.ngroups", &ngroups_max); + if (ngroups_max < NGROUPS_MAX) + ngroups_max = NGROUPS_MAX; } /* Modified: stable/8/sys/rpc/authunix_prot.c ============================================================================== --- stable/8/sys/rpc/authunix_prot.c Wed Feb 24 22:04:49 2010 (r204292) +++ stable/8/sys/rpc/authunix_prot.c Wed Feb 24 22:16:16 2010 (r204293) @@ -110,7 +110,7 @@ xdr_authunix_parms(XDR *xdrs, uint32_t * if (!xdr_uint32_t(xdrs, &ngroups)) return (FALSE); for (i = 0; i < ngroups; i++) { - if (i + 1 < NGROUPS) { + if (i + 1 < ngroups_max + 1) { if (!xdr_uint32_t(xdrs, &cred->cr_groups[i + 1])) return (FALSE); } else { @@ -120,8 +120,8 @@ xdr_authunix_parms(XDR *xdrs, uint32_t * } if (xdrs->x_op == XDR_DECODE) { - if (ngroups + 1 > NGROUPS) - cred->cr_ngroups = NGROUPS; + if (ngroups + 1 > ngroups_max + 1) + cred->cr_ngroups = ngroups_max + 1; else cred->cr_ngroups = ngroups + 1; } Modified: stable/8/sys/security/audit/audit_arg.c ============================================================================== --- stable/8/sys/security/audit/audit_arg.c Wed Feb 24 22:04:49 2010 (r204292) +++ stable/8/sys/security/audit/audit_arg.c Wed Feb 24 22:16:16 2010 (r204293) @@ -262,8 +262,8 @@ audit_arg_groupset(gid_t *gidset, u_int u_int i; struct kaudit_record *ar; - KASSERT(gidset_size <= NGROUPS, - ("audit_arg_groupset: gidset_size > NGROUPS")); + KASSERT(gidset_size <= ngroups_max + 1, + ("audit_arg_groupset: gidset_size > (kern.ngroups + 1)")); ar = currecord(); if (ar == NULL) Modified: stable/8/sys/sys/systm.h ============================================================================== --- stable/8/sys/sys/systm.h Wed Feb 24 22:04:49 2010 (r204292) +++ stable/8/sys/sys/systm.h Wed Feb 24 22:16:16 2010 (r204293) @@ -64,6 +64,7 @@ extern int boothowto; /* reboot flags, extern int bootverbose; /* nonzero to print verbose messages */ extern int maxusers; /* system tune hint */ +extern int ngroups_max; /* max # of supplemental groups */ #ifdef INVARIANTS /* The option is always available */ #define KASSERT(exp,msg) do { \