Date: Fri, 18 Jul 2025 16:44:32 -0600 From: Alan Somers <asomers@freebsd.org> To: Konstantin Belousov <kostikbel@gmail.com> Cc: src-committers@freebsd.org, dev-commits-src-all@freebsd.org, dev-commits-src-main@freebsd.org Subject: Re: git: 29af6d2e2ec9 - main - msdosfs: replace '/' in direntries with '?' Message-ID: <CAOtMX2hFx8oFKxgvUk2=mo_xE55qOsRJ6MAH-k5XrkLNa-0vSQ@mail.gmail.com> In-Reply-To: <aHrNpJVxPL3cnwmZ@kib.kiev.ua> References: <202507172154.56HLsGLL095197@gitrepo.freebsd.org> <CAOtMX2hdWCAzhieDJkzWZf-5bdw-%2Bycq0m_t0fdrqag11hPW0A@mail.gmail.com> <aHrNpJVxPL3cnwmZ@kib.kiev.ua>
next in thread | previous in thread | raw e-mail | index | archive | help
--00000000000051ccd7063a3bdf78 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable On Fri, Jul 18, 2025 at 4:42=E2=80=AFPM Konstantin Belousov <kostikbel@gmai= l.com> wrote: > On Fri, Jul 18, 2025 at 10:06:56AM -0600, Alan Somers wrote: > > Should we move this logic up into kern_getdirentries? msdosfs is not t= he > > only file system vulnerable to this problem. > It is relatively hard to do in kern_getdirentries(), and perhaps would > cause a severe performance hit for filesystems that do not need it. > > The issue is that uio might be for UIO_USERSPACE (and less likely > UIO_NOCOPY). > So we must allocate the transient buffer, then call VOP_READDIR() for tha= t > buffer, then do the validation, and then copyout to the final uio. > > Another thing, there are more VOP_READDIR() uses than only > kern_getdirents(). > Worst part, we do trust UFS and ZFS which are the most perf-sensitive. > > I did looked at generic checker, might be guided by some MNTK_-level flag= , > but decided to just patch msdosfs. > > That explanation makes sense. I guess I need to patch fusefs, too. We definitely don't want to trust that one. --00000000000051ccd7063a3bdf78 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable <div dir=3D"ltr"><div class=3D"gmail_quote gmail_quote_container"><div dir= =3D"ltr" class=3D"gmail_attr">On Fri, Jul 18, 2025 at 4:42=E2=80=AFPM Konst= antin Belousov <<a href=3D"mailto:kostikbel@gmail.com">kostikbel@gmail.c= om</a>> wrote:<br></div><blockquote class=3D"gmail_quote" style=3D"margi= n:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex= "><div>On Fri, Jul 18, 2025 at 10:06:56AM -0600, Alan Somers wrote:<br> > Should we move this logic up into kern_getdirentries?=C2=A0 msdosfs is= not the<br> > only file system vulnerable to this problem.<br> It is relatively hard to do in kern_getdirentries(), and perhaps would<br> cause a severe performance hit for filesystems that do not need it.<br> <br> The issue is that uio might be for UIO_USERSPACE (and less likely UIO_NOCOP= Y).<br> So we must allocate the transient buffer, then call VOP_READDIR() for that<= br> buffer, then do the validation, and then copyout to the final uio.<br> <br> Another thing, there are more VOP_READDIR() uses than only kern_getdirents(= ).<br> Worst part, we do trust UFS and ZFS which are the most perf-sensitive.<br> <br> I did looked at generic checker, might be guided by some MNTK_-level flag,<= br> but decided to just patch msdosfs.<br> <br></div></blockquote><div><br></div><div>That explanation makes sense.=C2= =A0 I guess I need to patch fusefs, too.=C2=A0 We definitely don't want= to trust that one. <br></div></div></div> --00000000000051ccd7063a3bdf78--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAOtMX2hFx8oFKxgvUk2=mo_xE55qOsRJ6MAH-k5XrkLNa-0vSQ>