From owner-svn-src-all@freebsd.org  Wed Aug 19 17:26:17 2020
Return-Path: <owner-svn-src-all@freebsd.org>
Delivered-To: svn-src-all@mailman.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.nyi.freebsd.org (Postfix) with ESMTP id 7266E3C528C
 for <svn-src-all@mailman.nyi.freebsd.org>;
 Wed, 19 Aug 2020 17:26:17 +0000 (UTC)
 (envelope-from shawn.webb@hardenedbsd.org)
Received: from mail-qt1-x843.google.com (mail-qt1-x843.google.com
 [IPv6:2607:f8b0:4864:20::843])
 (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)
 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
 client-signature RSA-PSS (2048 bits) client-digest SHA256)
 (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 4BWvp05Kblz4KDJ
 for <svn-src-all@freebsd.org>; Wed, 19 Aug 2020 17:26:16 +0000 (UTC)
 (envelope-from shawn.webb@hardenedbsd.org)
Received: by mail-qt1-x843.google.com with SMTP id c12so18393177qtn.9
 for <svn-src-all@freebsd.org>; Wed, 19 Aug 2020 10:26:16 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=hardenedbsd.org; s=google;
 h=date:from:to:cc:subject:message-id:references:mime-version
 :content-disposition:in-reply-to;
 bh=EWmqyYFpPgKWahfYztYx7Nj9XoeqSbYeq1luG5UrlNM=;
 b=IDrD2oY82EYzLL24Lgp9nRpV0NZlGIKQfdYWUCjUtB3p2RcUUftfUF20SMpP1JkpMF
 CfFELlFwHF7VTRlcu4S6h2j9SK5GxrLLoHhvqtmmX8cOEfGN2Sp6FU3JsHEJbfOKkj3Q
 ko0NyUwFCYp/1rxOQybJUcjhCphCyrQHn043L5WH3lTY8eANOP77/R2wYuLJ6/FQYsGX
 WPcf3Ke0KJXgoetpR+3nndzJZEWeMU6z4hRlt4I54FvOElpkK1QBvHSd9PZX2lOewzqZ
 oamHbn44wRHZ1Eec440G0nz3qw+WQJRmfuNKg5syVdistXI7m3NfGoZCj+mcUrrDND/E
 +bOw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:date:from:to:cc:subject:message-id:references
 :mime-version:content-disposition:in-reply-to;
 bh=EWmqyYFpPgKWahfYztYx7Nj9XoeqSbYeq1luG5UrlNM=;
 b=pwQtkorg/CL4gl+MLUUHANyGAddRaGvu4sVKFdrdu0JizMAyypcECUKLT6PyxSt1tG
 ma3N3zEOO6/fyuEirDgpecfIoU/xpG9f8Fr/t/H0dhWsPo4Xyw/+LTvZ4HZUG1LmKykD
 P3Sbd+m3JGWh6ds+n/Ysg1Kvu1nrORBiwc4hrCBKudHXRKYgxz2s9/I96F92YupN62ty
 8EHEAvZNO3We7LlsUKD9B7qoVx0v5PNguSXBBaXamlVmZMeYc6TwDOZBJnFyItY/i4kA
 OaQM1d0wzkQ8ld176o9orDNUJLZakifwY1azGnMu3Y6dnFr05r5yN+kPPPnFHPGRQijR
 AKNQ==
X-Gm-Message-State: AOAM530TVc7eiVTTHBI1fjHFCqkpu4KqENlQu16QQQqgZ8A4cGLU2NT3
 YGuwn736MK+b+7hhaQkwyxcRCA==
X-Google-Smtp-Source: ABdhPJy/ygEmNLB/BBvyT1VVP82Az2aeyPGrbm2n0r9Z6EuaR5l4ZuPGitNdPDLrDWvn8itNa315SA==
X-Received: by 2002:ac8:47c8:: with SMTP id d8mr22109801qtr.32.1597857975651; 
 Wed, 19 Aug 2020 10:26:15 -0700 (PDT)
Received: from mutt-hbsd (pool-100-16-231-224.bltmmd.fios.verizon.net.
 [100.16.231.224])
 by smtp.gmail.com with ESMTPSA id l1sm26891194qtp.96.2020.08.19.10.26.14
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Wed, 19 Aug 2020 10:26:14 -0700 (PDT)
Date: Wed, 19 Aug 2020 13:26:13 -0400
From: Shawn Webb <shawn.webb@hardenedbsd.org>
To: Warner Losh <imp@FreeBSD.org>
Cc: src-committers@freebsd.org, svn-src-all@freebsd.org,
 svn-src-head@freebsd.org
Subject: Re: svn commit: r364402 - head/sys/kern
Message-ID: <20200819172613.vdyutsn6a4w5fbqr@mutt-hbsd>
X-Operating-System: FreeBSD mutt-hbsd 13.0-CURRENT-HBSD FreeBSD
 13.0-CURRENT-HBSD 
X-PGP-Key: http://pgp.mit.edu/pks/lookup?op=vindex&search=0xFF2E67A277F8E1FA
References: <202008191710.07JHA5Rk008764@repo.freebsd.org>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha256;
 protocol="application/pgp-signature"; boundary="wvgkifyvole67pl3"
Content-Disposition: inline
In-Reply-To: <202008191710.07JHA5Rk008764@repo.freebsd.org>
X-Rspamd-Queue-Id: 4BWvp05Kblz4KDJ
X-Spamd-Bar: --
Authentication-Results: mx1.freebsd.org;
 dkim=pass header.d=hardenedbsd.org header.s=google header.b=IDrD2oY8;
 dmarc=none;
 spf=pass (mx1.freebsd.org: domain of shawn.webb@hardenedbsd.org designates
 2607:f8b0:4864:20::843 as permitted sender)
 smtp.mailfrom=shawn.webb@hardenedbsd.org
X-Spamd-Result: default: False [-2.09 / 15.00]; RCVD_VIA_SMTP_AUTH(0.00)[];
 ARC_NA(0.00)[]; R_DKIM_ALLOW(-0.20)[hardenedbsd.org:s=google];
 FROM_HAS_DN(0.00)[]; RCPT_COUNT_THREE(0.00)[4];
 TO_DN_SOME(0.00)[];
 R_SPF_ALLOW(-0.20)[+ip6:2607:f8b0:4000::/36];
 MIME_GOOD(-0.20)[multipart/signed,text/plain];
 PREVIOUSLY_DELIVERED(0.00)[svn-src-all@freebsd.org];
 DMARC_NA(0.00)[hardenedbsd.org];
 NEURAL_SPAM_SHORT(0.01)[0.014]; RCVD_COUNT_THREE(0.00)[3];
 TO_MATCH_ENVRCPT_SOME(0.00)[];
 DKIM_TRACE(0.00)[hardenedbsd.org:+];
 RCVD_IN_DNSWL_NONE(0.00)[2607:f8b0:4864:20::843:from];
 SIGNED_PGP(-2.00)[]; FROM_EQ_ENVFROM(0.00)[];
 MIME_TRACE(0.00)[0:+,1:+,2:~]; MID_RHS_NOT_FQDN(0.50)[];
 ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US];
 RCVD_TLS_ALL(0.00)[]; MAILMAN_DEST(0.00)[svn-src-all];
 RECEIVED_SPAMHAUS_PBL(0.00)[100.16.231.224:received]
X-BeenThere: svn-src-all@freebsd.org
X-Mailman-Version: 2.1.33
Precedence: list
List-Id: "SVN commit messages for the entire src tree \(except for &quot;
 user&quot; and &quot; projects&quot; \)" <svn-src-all.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/svn-src-all>,
 <mailto:svn-src-all-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-all/>
List-Post: <mailto:svn-src-all@freebsd.org>
List-Help: <mailto:svn-src-all-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/svn-src-all>,
 <mailto:svn-src-all-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 19 Aug 2020 17:26:17 -0000


--wvgkifyvole67pl3
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Wed, Aug 19, 2020 at 05:10:05PM +0000, Warner Losh wrote:
> Author: imp
> Date: Wed Aug 19 17:10:04 2020
> New Revision: 364402
> URL: https://svnweb.freebsd.org/changeset/base/364402
>=20
> Log:
>   Add VFS FS events for mount and unmount to devctl/devd
>  =20
>   Report when a filesystem is mounted, remounted or unmounted via devd, a=
long with
>   details about the mount point and mount options.
>  =20
>   Discussed with:	kib@
>   Reviewed by: kirk@ (prior version)
>   Sponsored by: Netflix
>   Diffential Revision: https://reviews.freebsd.org/D25969
>=20
> Modified:
>   head/sys/kern/vfs_mount.c
>=20
> Modified: head/sys/kern/vfs_mount.c
> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D
> --- head/sys/kern/vfs_mount.c	Wed Aug 19 17:09:58 2020	(r364401)
> +++ head/sys/kern/vfs_mount.c	Wed Aug 19 17:10:04 2020	(r364402)
> @@ -42,6 +42,7 @@ __FBSDID("$FreeBSD$");
>  #include <sys/param.h>
>  #include <sys/conf.h>
>  #include <sys/smp.h>
> +#include <sys/bus.h>
>  #include <sys/eventhandler.h>
>  #include <sys/fcntl.h>
>  #include <sys/jail.h>
> @@ -101,6 +102,8 @@ MTX_SYSINIT(mountlist, &mountlist_mtx, "mountlist", MT
>  EVENTHANDLER_LIST_DEFINE(vfs_mounted);
>  EVENTHANDLER_LIST_DEFINE(vfs_unmounted);
> =20
> +static void dev_vfs_event(const char *type, struct mount *mp, bool donew=
);
> +
>  /*
>   * Global opts, taken by all filesystems
>   */
> @@ -1020,6 +1023,7 @@ vfs_domount_first(
>  	VOP_UNLOCK(vp);
>  	EVENTHANDLER_DIRECT_INVOKE(vfs_mounted, mp, newdp, td);
>  	VOP_UNLOCK(newdp);
> +	dev_vfs_event("MOUNT", mp, false);
>  	mountcheckdirs(vp, newdp);
>  	vn_seqc_write_end(vp);
>  	vn_seqc_write_end(newdp);
> @@ -1221,6 +1225,7 @@ vfs_domount_update(
>  	if (error !=3D 0)
>  		goto end;
> =20
> +	dev_vfs_event("REMOUNT", mp, true);
>  	if (mp->mnt_opt !=3D NULL)
>  		vfs_freeopts(mp->mnt_opt);
>  	mp->mnt_opt =3D mp->mnt_optnew;
> @@ -1839,6 +1844,7 @@ dounmount(struct mount *mp, int flags, struct threa=
d *
>  	TAILQ_REMOVE(&mountlist, mp, mnt_list);
>  	mtx_unlock(&mountlist_mtx);
>  	EVENTHANDLER_DIRECT_INVOKE(vfs_unmounted, mp, td);
> +	dev_vfs_event("UNMOUNT", mp, false);
>  	if (coveredvp !=3D NULL) {
>  		coveredvp->v_mountedhere =3D NULL;
>  		vn_seqc_write_end(coveredvp);
> @@ -2425,4 +2431,72 @@ kernel_vmount(int flags, ...)
> =20
>  	error =3D kernel_mount(ma, flags);
>  	return (error);
> +}
> +
> +/* Map from mount options to printable formats. */
> +static struct mntoptnames optnames[] =3D {
> +	MNTOPT_NAMES
> +};
> +
> +static void
> +dev_vfs_event_mntopt(struct sbuf *sb, const char *what, struct vfsoptlis=
t *opts)
> +{
> +	struct vfsopt *opt;
> +
> +	if (opts =3D=3D NULL || TAILQ_EMPTY(opts))
> +		return;
> +	sbuf_printf(sb, " %s=3D\"", what);
> +	TAILQ_FOREACH(opt, opts, link) {
> +		if (opt->name[0] =3D=3D '\0' || (opt->len > 0 && *(char *)opt->value =
=3D=3D '\0'))
> +			continue;
> +		devctl_safe_quote_sb(sb, opt->name);
> +		if (opt->len > 0) {
> +			sbuf_putc(sb, '=3D');
> +			devctl_safe_quote_sb(sb, opt->value);
> +		}
> +		sbuf_putc(sb, ';');
> +	}
> +	sbuf_putc(sb, '"');
> +}
> +
> +#define DEVCTL_LEN 1024
> +static void
> +dev_vfs_event(const char *type, struct mount *mp, bool donew)
> +{
> +	const uint8_t *cp;
> +	struct mntoptnames *fp;
> +	struct sbuf sb;
> +	struct statfs *sfp =3D &mp->mnt_stat;
> +	char *buf;
> +
> +	buf =3D malloc(DEVCTL_LEN, M_MOUNT, M_WAITOK);
> +	if (buf =3D=3D NULL)
> +		return;

buf can't be NULL.

> +	sbuf_new(&sb, buf, DEVCTL_LEN, SBUF_FIXEDLEN);
> +	sbuf_cpy(&sb, "mount-point=3D\"");
> +	devctl_safe_quote_sb(&sb, sfp->f_mntonname);
> +	sbuf_cat(&sb, "\" mount-dev=3D\"");
> +	devctl_safe_quote_sb(&sb, sfp->f_mntfromname);
> +	sbuf_cat(&sb, "\" mount-type=3D\"");
> +	devctl_safe_quote_sb(&sb, sfp->f_fstypename);
> +	sbuf_cat(&sb, "\" fsid=3D0x");
> +	cp =3D (const uint8_t *)&sfp->f_fsid.val[0];
> +	for (int i =3D 0; i < sizeof(sfp->f_fsid); i++)
> +		sbuf_printf(&sb, "%02x", cp[i]);
> +	sbuf_printf(&sb, " owner=3D%u flags=3D\"", sfp->f_owner);
> +	for (fp =3D optnames; fp->o_opt !=3D 0; fp++) {
> +		if ((mp->mnt_flag & fp->o_opt) !=3D 0) {
> +			sbuf_cat(&sb, fp->o_name);
> +			sbuf_putc(&sb, ';');
> +		}
> +	}
> +	sbuf_putc(&sb, '"');
> +	dev_vfs_event_mntopt(&sb, "opt", mp->mnt_opt);
> +	if (donew)
> +		dev_vfs_event_mntopt(&sb, "optnew", mp->mnt_optnew);
> +	sbuf_finish(&sb);
> +
> +	devctl_notify("VFS", "FS", type, sbuf_data(&sb));
> +	sbuf_delete(&sb);
> +	free(buf, M_MOUNT);
>  }

I don't really see much attention paid to checking for sbuf overflow.
Could that cause issues, especially in case of impartial quotation
termination? Could not performing those checks have security
implications? Would performing those checks adhere to good code
development practices?

Thanks,

--=20
Shawn Webb
Cofounder / Security Engineer
HardenedBSD

GPG Key ID:          0xFF2E67A277F8E1FA
GPG Key Fingerprint: D206 BB45 15E0 9C49 0CF9  3633 C85B 0AF8 AB23 0FB2
https://git-01.md.hardenedbsd.org/HardenedBSD/pubkeys/src/branch/master/Sha=
wn_Webb/03A4CBEBB82EA5A67D9F3853FF2E67A277F8E1FA.pub.asc

--wvgkifyvole67pl3
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAABCAAdFiEEA6TL67gupaZ9nzhT/y5nonf44foFAl89YLMACgkQ/y5nonf4
4fqzKRAAn3OmJQmJXPPTrgG1i0pAgikhacZzJtB1yUUrsCnCYoWZVyvdthe3Ax9V
176AHgIMth/mbU8OgBmoQEc4wtQ1wEJnbH/I3x1jr0SaakMxWe5hI+4pfxKpm996
pYjSA5K6wrdHG0Q3mB7HLUyjRplqyJbPIaSlkt+vD9932nCMCApP/9D5fmTp/LmB
jzQqFSWi6ZR9OHnZnUq6iMzy4cJT9vUUpNMUGn9cqIZ8aJkVlxgr3BWNchCotipj
tPFc7Cq41VoChfKPk/uJV9allHawzColoATxf/2pF5rcP62l7RyoTnLdzxVF3VkP
IQlhapIPd6kLNP8/EJyLrtVIubPzChOxog3XAps+KBNrdVV0GkDR82qBPF0DMJW7
XoiW9b7Jz6DPjNoxZarN82g0dua0SVcw6cX9hD6hg2AA2Rnqkuzf6Y/fiGN5VWrs
yuaxXJfR/cCBmb/doGMmunuBTofPjr1tBeUlAgEr3mXxeT1sZi6KbEsdw6BUZd5B
wRKrm2b/LcaB7UD0ItTB0ypeV4ls7EMgxd1/frG5vY6gLSg1f4mM10ijChDyT4P0
LPG12C7IBodEyPiA3XBpOjrPek9uJx5VvwZBMskvU6PUtheGG3fEmJAnrDmQg1XF
ecXbm9lRoZihAGWR4CTiRzmssemSGAudRbw97aDrS5nyPH7des8=
=mvvo
-----END PGP SIGNATURE-----

--wvgkifyvole67pl3--