[PATCH] kmod: verify module name before invoking modprobe

Linux Modules
 help / color / mirror / Atom feed

From: Song Chen <chensong_2000@189.cn>
To: mcgrof@kernel.org, petr.pavlu@suse.com, samitolvanen@google.com,
	da.gomez@samsung.com
Cc: linux-kernel@vger.kernel.org, linux-modules@vger.kernel.org,
	Song Chen <chensong_2000@189.cn>
Subject: [PATCH] kmod: verify module name before invoking modprobe
Date: Sun, 10 Nov 2024 19:42:33 +0800	[thread overview]
Message-ID: <20241110114233.97169-1-chensong_2000@189.cn> (raw)

Sometimes when kernel calls request_module to load a module
into kernel space, it doesn't pass the module name appropriately,
and request_module doesn't verify it as well.

As a result, modprobe is invoked anyway and spend a lot of time
searching a nonsense name.

For example reported from a customer, he runs a user space process
to call ioctl(fd, SIOCGIFINDEX, &ifr), the callstack in kernel is
like that:
dev_ioctl(net/core/dev_iovtl.c)
  dev_load
     request_module("netdev-%s", name);
     or request_module("%s", name);

However if name of NIC is empty, neither dev_load nor request_module
checks it at the first place, modprobe will search module "netdev-"
in its default path, env path and path configured in etc for nothing,
increase a lot system overhead.

To address this problem, this patch copies va_list and introduces
a helper is_module_name_valid to verify the parameters validity
one by one, either null or empty. if it fails, no modprobe invoked.

Signed-off-by: Song Chen <chensong_2000@189.cn>
---
 kernel/module/kmod.c | 29 ++++++++++++++++++++++++++++-
 1 file changed, 28 insertions(+), 1 deletion(-)

diff --git a/kernel/module/kmod.c b/kernel/module/kmod.c
index 0800d9891692..161ad41b864e 100644
--- a/kernel/module/kmod.c
+++ b/kernel/module/kmod.c
@@ -113,6 +113,27 @@ static int call_modprobe(char *orig_module_name, int wait)
 	return -ENOMEM;
 }
 
+static inline bool is_module_name_valid(const char *fmt, va_list args)
+{
+	va_list args_verify;
+	bool ret = true;
+	const char *p, *arg;
+
+	va_copy(args_verify, args);
+	for (p = fmt; *p; p++) {
+		if (*p == '%' && *(++p) == 's') {
+			arg = va_arg(args_verify, const char *);
+			if (!arg || arg[0] == '\0') {
+				ret = false;
+				break;
+			}
+		}
+	}
+	va_end(args_verify);
+
+	return ret;
+}
+
 /**
  * __request_module - try to load a kernel module
  * @wait: wait (or not) for the operation to complete
@@ -147,7 +168,13 @@ int __request_module(bool wait, const char *fmt, ...)
 		return -ENOENT;
 
 	va_start(args, fmt);
-	ret = vsnprintf(module_name, MODULE_NAME_LEN, fmt, args);
+	if (is_module_name_valid(fmt, args))
+		ret = vsnprintf(module_name, MODULE_NAME_LEN, fmt, args);
+	else {
+		pr_warn_ratelimited("request_module: modprobe cannot be processed due to invalid module name");
+		va_end(args);
+		return -EINVAL;
+	}
 	va_end(args);
 	if (ret >= MODULE_NAME_LEN)
 		return -ENAMETOOLONG;
-- 
2.25.1

next             reply	other threads:[~2024-11-10 11:46 UTC|newest]

Thread overview: 7+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2024-11-10 11:42 Song Chen [this message]
2024-11-12 12:56 ` [PATCH] kmod: verify module name before invoking modprobe Petr Pavlu
2024-11-13  2:15   ` Song Chen
2024-11-18 12:54     ` Petr Pavlu
2024-11-20  2:17       ` Song Chen
2024-11-27 16:36         ` Petr Pavlu
2024-11-26 18:46       ` Luis Chamberlain

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:0800d989169 dfblob:161ad41b864 )
 OR (
bs:"[PATCH] kmod: verify module name before invoking modprobe" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20241110114233.97169-1-chensong_2000@189.cn \
    --to=chensong_2000@189.cn \
    --cc=da.gomez@samsung.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-modules@vger.kernel.org \
    --cc=mcgrof@kernel.org \
    --cc=petr.pavlu@suse.com \
    --cc=samitolvanen@google.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox