From: Petr Pavlu <petr.pavlu@suse.com>
To: Song Chen <chensong_2000@189.cn>
Cc: mcgrof@kernel.org, samitolvanen@google.com, da.gomez@samsung.com,
linux-kernel@vger.kernel.org, linux-modules@vger.kernel.org
Subject: Re: [PATCH] kmod: verify module name before invoking modprobe
Date: Tue, 12 Nov 2024 13:56:33 +0100 [thread overview]
Message-ID: <21423aea-65c3-430e-932d-2ba70b6b9ac3@suse.com> (raw)
In-Reply-To: <20241110114233.97169-1-chensong_2000@189.cn>
On 11/10/24 12:42, Song Chen wrote:
> Sometimes when kernel calls request_module to load a module
> into kernel space, it doesn't pass the module name appropriately,
> and request_module doesn't verify it as well.
>
> As a result, modprobe is invoked anyway and spend a lot of time
> searching a nonsense name.
>
> For example reported from a customer, he runs a user space process
> to call ioctl(fd, SIOCGIFINDEX, &ifr), the callstack in kernel is
> like that:
> dev_ioctl(net/core/dev_iovtl.c)
> dev_load
> request_module("netdev-%s", name);
> or request_module("%s", name);
>
> However if name of NIC is empty, neither dev_load nor request_module
> checks it at the first place, modprobe will search module "netdev-"
> in its default path, env path and path configured in etc for nothing,
> increase a lot system overhead.
>
> To address this problem, this patch copies va_list and introduces
> a helper is_module_name_valid to verify the parameters validity
> one by one, either null or empty. if it fails, no modprobe invoked.
I'm not sure if I fully follow why this should be addressed at the
request_module() level. If the user repeatedly invokes SIOCGIFINDEX with
an empty name and this increases their system load, wouldn't it be
better to update the userspace to prevent this non-sense request in the
first place? Similarly, if something should be done in the kernel,
wouldn't it be more straightforward for dev_ioctl()/dev_load() to check
this case?
I think the same should in principle apply to other places that might
invoke request_module() with "%s" and a bogus value. The callers can
appropriately decide if their request makes sense and should be
fixed/improved.
--
Thanks,
Petr
next prev parent reply other threads:[~2024-11-12 12:56 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-11-10 11:42 [PATCH] kmod: verify module name before invoking modprobe Song Chen
2024-11-12 12:56 ` Petr Pavlu [this message]
2024-11-13 2:15 ` Song Chen
2024-11-18 12:54 ` Petr Pavlu
2024-11-20 2:17 ` Song Chen
2024-11-27 16:36 ` Petr Pavlu
2024-11-26 18:46 ` Luis Chamberlain
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=21423aea-65c3-430e-932d-2ba70b6b9ac3@suse.com \
--to=petr.pavlu@suse.com \
--cc=chensong_2000@189.cn \
--cc=da.gomez@samsung.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-modules@vger.kernel.org \
--cc=mcgrof@kernel.org \
--cc=samitolvanen@google.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox