[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [cobalt-users] 32 Group Limitation

Subject: RE: [cobalt-users] 32 Group Limitation
From: "Lyle Scheer" <lyle@xxxxxxxxxxxxx>
Date: Wed Dec 22 15:12:03 1999

On Tue, Dec 21, 1999 at 02:48:58PM -0800, Lyle Scheer wrote:
> You are correct.  It stems from a Linux limitation that a user on a Linux
> machine can be in no more than 32 groups.... you can put them in more than
> 32 groups in the /etc/groups file, but they will only show up in the first
> 32.  We were not aware of this when we designed our interface to handle
> virtual sites, and it came up in our SQA testing, but unless we totally
> rework the way we handle groups and virtual site, or patch Linux itself,
we
> cannot get around this.

Robert G. Fisher responded:
= Has there been any testing on a cobalt of a 'patched' kernel -- after
= all,  it is only one line in limits.h that we're talking about here
= where it reads:
=
= #define NGROUPS_MAX	32	/* supplimental group IDs are available */

I did a little asking around at work, and was told that libc and possibly
all of the linux utils might also have to be patched.  I also received this
as an e-mail, indicating that the kernel patch is not as simple as implied:

    The kernel uses a task structure to define each executing
    process.  The task includes a group list defines as:
	gid_t   groups[NGROUPS]

    Why not just bump NGROUP up to, say, 256?  Well, the task
    structure is allocated on the per user page.  Yup, that's
    a 4096 byte chunk of memory, that is shared with the per
    user kernel stack.  If the group array grows to 256 entries
    (== 1024 bytes), that blows a big chunk of valuable space.

    Furthermore, there are a couple of structures (svc_cred and
    nfsiod_cred) that contain analogous arrays with NGROUP
    entries.  There are routines in the kernel that allocate
    these on the kernel stack for temporary use.  That would
    blow another 1024 bytes on any execution path that calls
    these routines.

    1k here, 1k there, pretty soon your 4k disappears.  This
    results in a decent chance that the kernel stack will
    overflow.  Very bad stuff.

    This can be fixed, but it isn't just "patch and recompile".
    At least not with the patches that were posted.

- Lyle

References:
- Re: [cobalt-users] 32 Group Limitation
  - From: Robert G. Fisher

Prev by Date: Re: [cobalt-users] help!
Next by Date: [cobalt-users] Stacking Domains
Previous by thread: Re: [cobalt-users] 32 Group Limitation
Next by thread: Re: [cobalt-users] 32 Group Limitation

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index