Re: [PATCH 09/10] nfsd: cap decoded POSIX ACL count to bound sort cost

Next message: Heiko Stuebner: "[PATCH v4 5/5] arm64: dts: rockchip: Enable USB 2.0 ports on NanoPi Zero2"
Previous message: Heiko Stuebner: "[PATCH v4 3/5] arm64: dts: rockchip: Enable USB ports on Radxa ROCK 2A/2F"
In reply to: Chuck Lever: "Re: [PATCH 09/10] nfsd: cap decoded POSIX ACL count to bound sort cost"
Next in thread: Chuck Lever: "Re: [PATCH 09/10] nfsd: cap decoded POSIX ACL count to bound sort cost"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Jeff Layton

Date: Fri May 29 2026 - 15:04:53 EST

On Fri, 2026-05-29 at 14:34 -0400, Chuck Lever wrote:
> [ replaced broken email address for Trond ]
>
> On Thu, May 28, 2026, at 5:55 PM, Jeff Layton wrote:
>
> > diff --git a/fs/nfsd/nfs4xdr.c b/fs/nfsd/nfs4xdr.c
> > index c6c50c376b23..5469c6c207ba 100644
> > --- a/fs/nfsd/nfs4xdr.c
> > +++ b/fs/nfsd/nfs4xdr.c
> > @@ -448,6 +448,8 @@ nfsd4_decode_posixacl(struct nfsd4_compoundargs
> > *argp, struct posix_acl **acl)
> >
> > if (xdr_stream_decode_u32(argp->xdr, &count) < 0)
> > return nfserr_bad_xdr;
> > + if (count > NFS_ACL_MAX_ENTRIES)
> > + return nfserr_resource;
>
> nfserr_resource is consistent with other fattr4 decoders, but
> does not make sense here, IMO. A better choice is nfserr_inval.
>

Why not? An ACL that long doesn't violate the spec (as you pointed
out), the implementation just can't handle it. I do agree that
nfserr_resource is not the ideal error code, but it's the closest error
I can see that says "you hit an internal limitation of the server".

> Rick, any opinion?
>
>
> > *acl = posix_acl_alloc(count, GFP_KERNEL);
> > if (*acl == NULL)
> >
> > --
> > 2.54.0

--
Jeff Layton <jlayton@xxxxxxxxxx>