[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Repeat: Difficulties with large ACL/DACL counts

To: XFS-List <linux-xfs@oss.sgi.com>, "acl-devel@bestbits.at" <acl-devel@bestbits.at>, Andreas Gruenbacher <ag@bestbits.at>, Nathan Scott <nathans@snort.melbourne.sgi.com>
Subject: Repeat: Difficulties with large ACL/DACL counts
From: John M Trostel <jtrostel@snapserver.com>
Date: 21 May 2002 15:16:05 -0400
Sender: owner-linux-xfs@oss.sgi.com

There are really 2 problems described below.  The first problem in which
having _exactly_ 21 Access ACEs and _exactly_ 21 Default ACEs on a
directory leads to system panics REMAINS.

I suspect this is related to whether or not the ACEs and DACEs are small
enough to be represented as 'short-form' EAs.  Note that it occurs
between 20 entries (4 + 20*12 = 244 bytes) and 21 entries ( 4 + 21*12 =
256 bytes).

The second problem, in which the 17th created ACE resulted in an
'arguement list too long' message, has indeed been corrected.


-----Forwarded Message-----

Subject: Difficulties with large ACL/DACL counts
Date: 03 May 2002 17:41:23 -0400

We are seeing strange behavior with the current versions of XFS when using a
large number of ACEs in a combination of Access and Default ACEs.  When one
creates enough entries so that you have exactly 21 ACEs in an ACL and then you
try to create 21 or more ACEs in the 'other' ACL on a directory, the operation
will fail.  It often panics the system. Any subsequent access attempt to that
directory will also panic the system. Note the number of ACEs counted includes
the u,g,m,o entries if they are present.

Another very interesting note is that, if you create enough entries so that you
have a total number of ACEs greater than 21 (or less than 21), there is no
problem creating the 'other' ACL entries until you reach the XFS limit of 25
entrys.

It may be a problem caused by trying to fit the ACL into the inode... but I'm
much too confused right now to be sure ;->

Andreas:

As a side note: there seems to be a difficulty using the current userspace
tools to make any ACEs when you have more than 16 already created.  The 17th
will seem to be created fine (with setfacl -d -m u:a17:rw ./test_dir) but a
subsequent getfacl call will return 'argument too long'.  If you _don't_ check
the ACL with getfacl, the next use of setfacl will yield the same error,
'argument too long'. XFS _should_ allow a total of 25 ACEs in the Access ACL
and 25 ACEs in the Default ACL. (And older versions of the tools (2.0.4) seem
to work)
-- 
John M. Trostel
Senior Software Engineer
Quantum Corp. / NASD
jtrostel@snapserver.com
-- 
John M. Trostel
Senior Software Engineer
Quantum Corp. / NASD
jtrostel@snapserver.com

Follow-Ups:
- Re: Repeat: Difficulties with large ACL/DACL counts
  - From: Tim Shimmin <tes@sgi.com>

Prev by Date: xfs_freeze stuck on filesystem with several snapshots.
Next by Date: TAKE - More I/O path work
Previous by thread: xfs_freeze stuck on filesystem with several snapshots.
Next by thread: Re: Repeat: Difficulties with large ACL/DACL counts
Index(es):
- Date
- Thread