On Thu, Sep 30, 2021 at 08:03:40AM +0200, Jinpu Wang wrote: > On Wed, Sep 29, 2021 at 2:04 PM Leon Romanovsky <leon@xxxxxxxxxx> wrote: > > > > On Wed, Sep 29, 2021 at 09:00:56AM +0200, Jack Wang wrote: > > > Leon Romanovsky <leon@xxxxxxxxxx> 于2021年9月28日周二 上午9:28写道: > > > > > > > > On Tue, Sep 28, 2021 at 09:08:26AM +0200, Jack Wang wrote: > > > > > Leon Romanovsky <leon@xxxxxxxxxx> 于2021年9月27日周一 下午2:23写道: > > > > > > > > > > > > On Wed, Sep 22, 2021 at 02:53:32PM +0200, Md Haris Iqbal wrote: > > > > > > > Allowing these characters in sessname can lead to unexpected results, > > > > > > > particularly because / is used as a separator between files in a path, > > > > > > > and . points to the current directory. > > > > > > > > > > > > > > Signed-off-by: Md Haris Iqbal <haris.iqbal@xxxxxxxxx> > > > > > > > Reviewed-by: Gioh Kim <gi-oh.kim@xxxxxxxxx> > > > > > > > Reviewed-by: Aleksei Marov <aleksei.marov@xxxxxxxxx> > > > > > > > --- > > > > > > > drivers/infiniband/ulp/rtrs/rtrs-clt.c | 6 ++++++ > > > > > > > drivers/infiniband/ulp/rtrs/rtrs-srv.c | 5 +++++ > > > > > > > 2 files changed, 11 insertions(+) > > > > > > > > > > > > It will be safer if you check for only allowed symbols and disallow > > > > > > everything else. Check for: a-Z, 0-9 and "-". > > > > > > > > > > > Hi Leon, > > > > > > > > > > Thanks for your suggestions. > > > > > The reasons we choose to do disallow only '/' and '.': > > > > > 1 more flexible, most UNIX filenames allow any 8-bit set, except '/' and null. > > > > > > > > So you need to add all possible protections and checks that VFS has to allow "random" name. > > > It's only about sysfs here, as we use sessname to create dir in sysfs, > > > and I checked the code, it allows any 8-bit set, and convert '/' to > > > '!', see https://elixir.bootlin.com/linux/latest/source/lib/kobject.c#L299 > > > > > > > > > 2 matching for 2 characters is faster than checking all the allowed > > > > > symbols during session establishment. > > > > > > > > Extra CPU cycles won't make any difference here. > > > As we can have hundreds of sessions, in the end, it matters. > > > > Your rtrs_clt_open() function is far from being optimized for > > performance. It allocates memory, iterates over all paths, creates > > sysfs and kobject. > > > > So no, it doesn't matter here. > > > Let me reiterate, why do we want to further slow it down, what do you > anticipate if we only do the disallow approach > as we do it now? It is common practice to sanitize user input and explicitly allow known good input, instead of relying on deny of bad input. We don't know the future and can't be sure that "deny" is actually closed all holes. Thanks
