From nobody Fri Jul 18 22:41:40 2025 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4bkPtB2fzFz61v87; Fri, 18 Jul 2025 22:41:54 +0000 (UTC) (envelope-from kostikbel@gmail.com) Received: from kib.kiev.ua (kib.kiev.ua [IPv6:2001:470:d5e7:1::1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4bkPt9564jz3qTK; Fri, 18 Jul 2025 22:41:53 +0000 (UTC) (envelope-from kostikbel@gmail.com) Authentication-Results: mx1.freebsd.org; none Received: from tom.home (kib@localhost [127.0.0.1] (may be forged)) by kib.kiev.ua (8.18.1/8.18.1) with ESMTP id 56IMfeCL099897; Sat, 19 Jul 2025 01:41:43 +0300 (EEST) (envelope-from kostikbel@gmail.com) DKIM-Filter: OpenDKIM Filter v2.10.3 kib.kiev.ua 56IMfeCL099897 Received: (from kostik@localhost) by tom.home (8.18.1/8.18.1/Submit) id 56IMfevk099896; Sat, 19 Jul 2025 01:41:40 +0300 (EEST) (envelope-from kostikbel@gmail.com) X-Authentication-Warning: tom.home: kostik set sender to kostikbel@gmail.com using -f Date: Sat, 19 Jul 2025 01:41:40 +0300 From: Konstantin Belousov To: Alan Somers Cc: src-committers@freebsd.org, dev-commits-src-all@freebsd.org, dev-commits-src-main@freebsd.org Subject: Re: git: 29af6d2e2ec9 - main - msdosfs: replace '/' in direntries with '?' Message-ID: References: <202507172154.56HLsGLL095197@gitrepo.freebsd.org> List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-all@freebsd.org Sender: owner-dev-commits-src-all@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: X-Spam-Status: No, score=-1.0 required=5.0 tests=ALL_TRUSTED,BAYES_00, DKIM_ADSP_CUSTOM_MED,FORGED_GMAIL_RCVD,FREEMAIL_FROM, NML_ADSP_CUSTOM_MED autolearn=no autolearn_force=no version=4.0.1 X-Spam-Checker-Version: SpamAssassin 4.0.1 (2024-03-26) on tom.home X-Rspamd-Queue-Id: 4bkPt9564jz3qTK X-Spamd-Bar: ---- X-Rspamd-Pre-Result: action=no action; module=replies; Message is reply to one we originated X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[]; ASN(0.00)[asn:6939, ipnet:2001:470::/32, country:US] On Fri, Jul 18, 2025 at 10:06:56AM -0600, Alan Somers wrote: > Should we move this logic up into kern_getdirentries? msdosfs is not the > only file system vulnerable to this problem. It is relatively hard to do in kern_getdirentries(), and perhaps would cause a severe performance hit for filesystems that do not need it. The issue is that uio might be for UIO_USERSPACE (and less likely UIO_NOCOPY). So we must allocate the transient buffer, then call VOP_READDIR() for that buffer, then do the validation, and then copyout to the final uio. Another thing, there are more VOP_READDIR() uses than only kern_getdirents(). Worst part, we do trust UFS and ZFS which are the most perf-sensitive. I did looked at generic checker, might be guided by some MNTK_-level flag, but decided to just patch msdosfs. > > On Thu, Jul 17, 2025 at 3:54 PM Konstantin Belousov wrote: > > > The branch main has been updated by kib: > > > > URL: > > https://cgit.FreeBSD.org/src/commit/?id=29af6d2e2ec9fe8df7cf1e1a0bf3597028831b18 > > > > commit 29af6d2e2ec9fe8df7cf1e1a0bf3597028831b18 > > Author: Konstantin Belousov > > AuthorDate: 2025-07-17 01:12:05 +0000 > > Commit: Konstantin Belousov > > CommitDate: 2025-07-17 21:53:54 +0000 > > > > msdosfs: replace '/' in direntries with '?' > > > > PR: 288266 > > Reported by: Robert Morris > > Reviewed by: markj > > Sponsored by: The FreeBSD Foundation > > MFC after: 1 week > > Differential revision: https://reviews.freebsd.org/D51365 > > --- > > sys/fs/msdosfs/msdosfs_conv.c | 11 +++++++++-- > > 1 file changed, 9 insertions(+), 2 deletions(-) > > > > diff --git a/sys/fs/msdosfs/msdosfs_conv.c b/sys/fs/msdosfs/msdosfs_conv.c > > index da4848169173..208b64930e61 100644 > > --- a/sys/fs/msdosfs/msdosfs_conv.c > > +++ b/sys/fs/msdosfs/msdosfs_conv.c > > @@ -797,19 +797,24 @@ mbsadjpos(const char **instr, size_t inlen, size_t > > outlen, int weight, int flag, > > static u_char * > > dos2unixchr(u_char *outbuf, const u_char **instr, size_t *ilen, int > > lower, struct msdosfsmount *pmp) > > { > > - u_char c, *outp; > > - size_t len, olen; > > + u_char c, *outp, *outp1; > > + size_t i, len, olen; > > > > outp = outbuf; > > if (pmp->pm_flags & MSDOSFSMNT_KICONV && msdosfs_iconv) { > > olen = len = 4; > > > > + outp1 = outp; > > if (lower & (LCASE_BASE | LCASE_EXT)) > > msdosfs_iconv->convchr_case(pmp->pm_d2u, (const > > char **)instr, > > ilen, (char **)&outp, > > &olen, KICONV_LOWER); > > else > > msdosfs_iconv->convchr(pmp->pm_d2u, (const char > > **)instr, > > ilen, (char **)&outp, &olen); > > + for (i = 0; i < outp - outp1; i++) { > > + if (outp1[i] == '/') > > + outp1[i] = '?'; > > + } > > len -= olen; > > > > /* > > @@ -826,6 +831,8 @@ dos2unixchr(u_char *outbuf, const u_char **instr, > > size_t *ilen, int lower, struc > > c = dos2unix[c]; > > if (lower & (LCASE_BASE | LCASE_EXT)) > > c = u2l[c]; > > + if (c == '/') > > + c = '?'; > > *outp++ = c; > > outbuf[1] = '\0'; > > } > >