From 65d2f7dae05d01cbd055feebe7272f2e53d52ce3 Mon Sep 17 00:00:00 2001
From: Kohei Sugihara <ksugihara@preferred.jp>
Date: Thu, 25 Jan 2024 21:55:44 +0900
Subject: [PATCH] Limit max entries for checkAcls

---
 .../main/java/org/apache/hadoop/ozone/om/OMConfigKeys.java | 5 +++++
 .../java/org/apache/hadoop/ozone/om/KeyManagerImpl.java    | 7 +++++++
 2 files changed, 12 insertions(+)

diff --git a/hadoop-ozone/common/src/main/java/org/apache/hadoop/ozone/om/OMConfigKeys.java b/hadoop-ozone/common/src/main/java/org/apache/hadoop/ozone/om/OMConfigKeys.java
index 3c2078b7351..b1a02aefe66 100644
--- a/hadoop-ozone/common/src/main/java/org/apache/hadoop/ozone/om/OMConfigKeys.java
+++ b/hadoop-ozone/common/src/main/java/org/apache/hadoop/ozone/om/OMConfigKeys.java
@@ -422,4 +422,9 @@ private OMConfigKeys() {
   public static final String OZONE_OM_LISTSTATUS_RATELIMIT_TIMEOUT_KEY =
           "ozone.om.liststatus.ratelimit-timeout";
   public static final int OZONE_OM_LISTSTATUS_RATELIMIT_TIMEOUT_DEFAULT = 8; // seconds
+
+  // Limit for child entries on Ozone ACL check
+  public static final String OZONE_OM_ACL_CHECK_MAX_CHILDREN =
+          "ozone.om.acls.max-children";
+  public static final int OZONE_OM_ACL_CHECK_MAX_CHILDREN_DEFAULT = 300; // entries
 }
diff --git a/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/KeyManagerImpl.java b/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/KeyManagerImpl.java
index 65f133b4683..49d3a9657de 100644
--- a/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/KeyManagerImpl.java
+++ b/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/KeyManagerImpl.java
@@ -116,6 +116,7 @@
 import static org.apache.hadoop.ozone.OzoneConsts.OZONE_URI_DELIMITER;
 import static org.apache.hadoop.ozone.om.OMConfigKeys.OZONE_DIR_DELETING_SERVICE_INTERVAL;
 import static org.apache.hadoop.ozone.om.OMConfigKeys.OZONE_DIR_DELETING_SERVICE_INTERVAL_DEFAULT;
+import static org.apache.hadoop.ozone.om.OMConfigKeys.OZONE_OM_ACL_CHECK_MAX_CHILDREN;
 import static org.apache.hadoop.ozone.om.OMConfigKeys.OZONE_OM_OPEN_KEY_CLEANUP_SERVICE_INTERVAL;
 import static org.apache.hadoop.ozone.om.OMConfigKeys.OZONE_OM_OPEN_KEY_CLEANUP_SERVICE_INTERVAL_DEFAULT;
 import static org.apache.hadoop.ozone.om.OMConfigKeys.OZONE_OM_OPEN_KEY_CLEANUP_SERVICE_TIMEOUT;
@@ -128,6 +129,7 @@
 import static org.apache.hadoop.ozone.om.exceptions.OMException.ResultCodes.KEY_NOT_FOUND;
 import static org.apache.hadoop.ozone.om.exceptions.OMException.ResultCodes.SCM_GET_PIPELINE_EXCEPTION;
 import static org.apache.hadoop.ozone.om.exceptions.OMException.ResultCodes.VOLUME_NOT_FOUND;
+import static org.apache.hadoop.ozone.om.exceptions.OMException.ResultCodes.TIMEOUT;
 import static org.apache.hadoop.util.MetricUtil.captureLatencyNs;
 import static org.apache.hadoop.ozone.om.lock.OzoneManagerLock.Resource.BUCKET_LOCK;
 import static org.apache.hadoop.ozone.security.acl.OzoneObj.ResourceType.KEY;
@@ -1113,6 +1115,11 @@ private boolean checkChildrenAcls(OzoneObj ozObject, RequestContext context)
       directories.add(ozoneFileStatus);
     }
     while (!directories.isEmpty() && hasAccess) {
+      if (directories.size() >
+              ozoneManager.getConfiguration()
+                      .getInt(OZONE_OM_ACL_CHECK_MAX_CHILDREN, 300)) {
+        throw new OMException("Too much entries for ACL check", TIMEOUT);
+      }
       ozoneFileStatus = directories.pop();
       String keyPath = ozoneFileStatus.getTrimmedName();
       Iterator<? extends OzoneFileStatus> children =