Date: Fri, 18 Jul 2025 16:44:32 -0600 From: Alan Somers <asomers@freebsd.org> To: Konstantin Belousov <kostikbel@gmail.com> Cc: src-committers@freebsd.org, dev-commits-src-all@freebsd.org, dev-commits-src-main@freebsd.org Subject: Re: git: 29af6d2e2ec9 - main - msdosfs: replace '/' in direntries with '?' Message-ID: <CAOtMX2hFx8oFKxgvUk2=mo_xE55qOsRJ6MAH-k5XrkLNa-0vSQ@mail.gmail.com> In-Reply-To: <aHrNpJVxPL3cnwmZ@kib.kiev.ua> References: <202507172154.56HLsGLL095197@gitrepo.freebsd.org> <CAOtMX2hdWCAzhieDJkzWZf-5bdw-%2Bycq0m_t0fdrqag11hPW0A@mail.gmail.com> <aHrNpJVxPL3cnwmZ@kib.kiev.ua>
next in thread | previous in thread | raw e-mail | index | archive | help
[-- Attachment #1 --] On Fri, Jul 18, 2025 at 4:42 PM Konstantin Belousov <kostikbel@gmail.com> wrote: > On Fri, Jul 18, 2025 at 10:06:56AM -0600, Alan Somers wrote: > > Should we move this logic up into kern_getdirentries? msdosfs is not the > > only file system vulnerable to this problem. > It is relatively hard to do in kern_getdirentries(), and perhaps would > cause a severe performance hit for filesystems that do not need it. > > The issue is that uio might be for UIO_USERSPACE (and less likely > UIO_NOCOPY). > So we must allocate the transient buffer, then call VOP_READDIR() for that > buffer, then do the validation, and then copyout to the final uio. > > Another thing, there are more VOP_READDIR() uses than only > kern_getdirents(). > Worst part, we do trust UFS and ZFS which are the most perf-sensitive. > > I did looked at generic checker, might be guided by some MNTK_-level flag, > but decided to just patch msdosfs. > > That explanation makes sense. I guess I need to patch fusefs, too. We definitely don't want to trust that one. [-- Attachment #2 --] <div dir="ltr"><div class="gmail_quote gmail_quote_container"><div dir="ltr" class="gmail_attr">On Fri, Jul 18, 2025 at 4:42 PM Konstantin Belousov <<a href="mailto:kostikbel@gmail.com">kostikbel@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div>On Fri, Jul 18, 2025 at 10:06:56AM -0600, Alan Somers wrote:<br> > Should we move this logic up into kern_getdirentries? msdosfs is not the<br> > only file system vulnerable to this problem.<br> It is relatively hard to do in kern_getdirentries(), and perhaps would<br> cause a severe performance hit for filesystems that do not need it.<br> <br> The issue is that uio might be for UIO_USERSPACE (and less likely UIO_NOCOPY).<br> So we must allocate the transient buffer, then call VOP_READDIR() for that<br> buffer, then do the validation, and then copyout to the final uio.<br> <br> Another thing, there are more VOP_READDIR() uses than only kern_getdirents().<br> Worst part, we do trust UFS and ZFS which are the most perf-sensitive.<br> <br> I did looked at generic checker, might be guided by some MNTK_-level flag,<br> but decided to just patch msdosfs.<br> <br></div></blockquote><div><br></div><div>That explanation makes sense. I guess I need to patch fusefs, too. We definitely don't want to trust that one. <br></div></div></div>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAOtMX2hFx8oFKxgvUk2=mo_xE55qOsRJ6MAH-k5XrkLNa-0vSQ>