From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <linux-rdma-owner@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from mail.kernel.org (mail.kernel.org [198.145.29.99])
	by smtp.lore.kernel.org (Postfix) with ESMTP id C17D8C433EF
	for <linux-rdma@archiver.kernel.org>; Thu, 30 Sep 2021 07:01:20 +0000 (UTC)
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by mail.kernel.org (Postfix) with ESMTP id A8F90615E5
	for <linux-rdma@archiver.kernel.org>; Thu, 30 Sep 2021 07:01:20 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1348423AbhI3HDA (ORCPT <rfc822;linux-rdma@archiver.kernel.org>);
        Thu, 30 Sep 2021 03:03:00 -0400
Received: from mail.kernel.org ([198.145.29.99]:39330 "EHLO mail.kernel.org"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S233661AbhI3HC7 (ORCPT <rfc822;linux-rdma@vger.kernel.org>);
        Thu, 30 Sep 2021 03:02:59 -0400
Received: by mail.kernel.org (Postfix) with ESMTPSA id 1A1A6615E1;
        Thu, 30 Sep 2021 07:01:16 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
        s=k20201202; t=1632985277;
        bh=x0UZfrwganxoeSy7+inNzF3N9vJmbnkB8uOpKidAVLc=;
        h=Date:From:To:Cc:Subject:References:In-Reply-To:From;
        b=q7lyBvNxwJFi+5OUM1UtZ+tThkI8hWT2W2kGhcnfxr83nhazu8OWvOem0e0G72lgm
         oH8C8jfk4VLWJKUsz0V8Kj0R8k12YB73xIcfo+TepQk3l+R0de4bmxKMX8/xwFRVA1
         wZtD1prc8uzwFmv4SUu4M6EyXGyA6fgPBh9+2m6RLGed9VzktN/OJgDmC+0BbKhIIG
         qENM6X9m+CSMmm/341b3MuF43/KNozVLKWXTUI38fzTJmvqgnLP37bcYcUxfeJQ3YK
         KklixLh4qeh/u095MwGL4lDWpB91gaqaAxOP9KdtYPEi6IbAHO0v5G9c1kcZtMZ2PQ
         Lr3LN2VUR5x4g==
Date:   Thu, 30 Sep 2021 10:01:14 +0300
From:   Leon Romanovsky <leon@kernel.org>
To:     Jinpu Wang <jinpu.wang@ionos.com>
Cc:     Jack Wang <xjtuwjp@gmail.com>,
        Md Haris Iqbal <haris.iqbal@ionos.com>,
        RDMA mailing list <linux-rdma@vger.kernel.org>,
        Bart Van Assche <bvanassche@acm.org>,
        Doug Ledford <dledford@redhat.com>,
        Jason Gunthorpe <jgg@ziepe.ca>, Gioh Kim <gi-oh.kim@ionos.com>,
        Aleksei Marov <aleksei.marov@ionos.com>
Subject: Re: [PATCH for-next 6/7] RDMA/rtrs: Do not allow sessname to contain
 special symbols / and .
Message-ID: <YVVgunT1hSIzu1tA@unreal>
References: <20210922125333.351454-1-haris.iqbal@ionos.com>
 <20210922125333.351454-7-haris.iqbal@ionos.com>
 <YVG3cme0KX9CD4oh@unreal>
 <CAD+HZHWTZY=6W4MNEGwVi=e64MJtntVE1Hwm6Lt_m=UaAW2W-A@mail.gmail.com>
 <YVLEIVz1mCV0cZlC@unreal>
 <CAD+HZHW5u1MiB-+C784yYXZc9Q-F0yB+1EvRKb4sAQJe4p2Yeg@mail.gmail.com>
 <YVRWXim7T0mReBu/@unreal>
 <CAMGffE=mv8jJYeNC7BjiGbOt4qEFAQhXWROk4Uwzg5ED4a0sug@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <CAMGffE=mv8jJYeNC7BjiGbOt4qEFAQhXWROk4Uwzg5ED4a0sug@mail.gmail.com>
Precedence: bulk
List-ID: <linux-rdma.vger.kernel.org>
X-Mailing-List: linux-rdma@vger.kernel.org

On Thu, Sep 30, 2021 at 08:03:40AM +0200, Jinpu Wang wrote:
> On Wed, Sep 29, 2021 at 2:04 PM Leon Romanovsky <leon@kernel.org> wrote:
> >
> > On Wed, Sep 29, 2021 at 09:00:56AM +0200, Jack Wang wrote:
> > > Leon Romanovsky <leon@kernel.org> 于2021年9月28日周二 上午9:28写道：
> > > >
> > > > On Tue, Sep 28, 2021 at 09:08:26AM +0200, Jack Wang wrote:
> > > > > Leon Romanovsky <leon@kernel.org> 于2021年9月27日周一 下午2:23写道：
> > > > > >
> > > > > > On Wed, Sep 22, 2021 at 02:53:32PM +0200, Md Haris Iqbal wrote:
> > > > > > > Allowing these characters in sessname can lead to unexpected results,
> > > > > > > particularly because / is used as a separator between files in a path,
> > > > > > > and . points to the current directory.
> > > > > > >
> > > > > > > Signed-off-by: Md Haris Iqbal <haris.iqbal@ionos.com>
> > > > > > > Reviewed-by: Gioh Kim <gi-oh.kim@ionos.com>
> > > > > > > Reviewed-by: Aleksei Marov <aleksei.marov@ionos.com>
> > > > > > > ---
> > > > > > >  drivers/infiniband/ulp/rtrs/rtrs-clt.c | 6 ++++++
> > > > > > >  drivers/infiniband/ulp/rtrs/rtrs-srv.c | 5 +++++
> > > > > > >  2 files changed, 11 insertions(+)
> > > > > >
> > > > > > It will be safer if you check for only allowed symbols and disallow
> > > > > > everything else. Check for: a-Z, 0-9 and "-".
> > > > > >
> > > > > Hi Leon,
> > > > >
> > > > > Thanks for your suggestions.
> > > > > The reasons we choose to do disallow only '/' and '.':
> > > > > 1 more flexible, most UNIX filenames allow any 8-bit set, except '/' and null.
> > > >
> > > > So you need to add all possible protections and checks that VFS has to allow "random" name.
> > > It's only about sysfs here, as we use sessname to create dir in sysfs,
> > > and I checked the code, it allows any 8-bit set, and convert '/' to
> > > '!', see https://elixir.bootlin.com/linux/latest/source/lib/kobject.c#L299
> > > >
> > > > > 2 matching for 2 characters is faster than checking all the allowed
> > > > > symbols during session establishment.
> > > >
> > > > Extra CPU cycles won't make any difference here.
> > > As we can have hundreds of sessions, in the end, it matters.
> >
> > Your rtrs_clt_open() function is far from being optimized for
> > performance. It allocates memory, iterates over all paths, creates
> > sysfs and kobject.
> >
> > So no, it doesn't matter here.
> >
> Let me reiterate, why do we want to further slow it down, what do you
> anticipate if we only do the disallow approach
> as we do it now?

It is common practice to sanitize user input and explicitly allow known
good input, instead of relying on deny of bad input. We don't know the
future and can't be sure that "deny" is actually closed all holes.

Thanks