From 6693ef12593160b618550dc691d8def2e65b0509 Mon Sep 17 00:00:00 2001 From: Kohei Sugihara Date: Tue, 16 Jul 2024 17:58:22 +0900 Subject: [PATCH] Limit ACL check of the large flat tree --- .../org/apache/hadoop/ozone/om/KeyManagerImpl.java | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/KeyManagerImpl.java b/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/KeyManagerImpl.java index 49d3a9657def..6efe4ff45c1e 100644 --- a/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/KeyManagerImpl.java +++ b/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/KeyManagerImpl.java @@ -1114,17 +1114,18 @@ private boolean checkChildrenAcls(OzoneObj ozObject, RequestContext context) if (ozoneFileStatus.isDirectory() && hasAccess) { directories.add(ozoneFileStatus); } + long keys_scanned = 0; while (!directories.isEmpty() && hasAccess) { - if (directories.size() > - ozoneManager.getConfiguration() - .getInt(OZONE_OM_ACL_CHECK_MAX_CHILDREN, 300)) { - throw new OMException("Too much entries for ACL check", TIMEOUT); - } ozoneFileStatus = directories.pop(); String keyPath = ozoneFileStatus.getTrimmedName(); Iterator children = ozObject.getOzonePrefixPathViewer().getChildren(keyPath); while (hasAccess && children.hasNext()) { + if (keys_scanned > + ozoneManager.getConfiguration() + .getInt(OZONE_OM_ACL_CHECK_MAX_CHILDREN, 1_000_000)) { + throw new OMException("Too much entries for ACL check", TIMEOUT); + } ozoneFileStatus = children.next(); keyInfo = ozoneFileStatus.getKeyInfo(); hasAccess = OzoneAclUtil.checkAclRights(keyInfo.getAcls(), context); @@ -1135,6 +1136,7 @@ private boolean checkChildrenAcls(OzoneObj ozObject, RequestContext context) if (hasAccess && ozoneFileStatus.isDirectory()) { directories.add(ozoneFileStatus); } + keys_scanned += 1; } } return hasAccess;