diff mbox series

net/core/dev_ioctl: avoid invoking modprobe with empty ifr_name

Message ID 20241117045512.111515-1-chensong_2000@189.cn (mailing list archive)
State Rejected
Delegated to: Netdev Maintainers
Headers show
Series net/core/dev_ioctl: avoid invoking modprobe with empty ifr_name | expand

Checks

Context Check Description
netdev/series_format warning Single patches do not need cover letters; Target tree name not specified in the subject
netdev/tree_selection success Guessed tree name to be net-next
netdev/ynl success Generated files up to date; no warnings/errors; no diff in generated;
netdev/fixes_present success Fixes tag not required for -next series
netdev/header_inline success No static functions without inline keyword in header files
netdev/build_32bit success Errors and warnings before: 3 this patch: 3
netdev/build_tools success No tools touched, skip
netdev/cc_maintainers warning 1 maintainers not CCed: horms@kernel.org
netdev/build_clang success Errors and warnings before: 3 this patch: 3
netdev/verify_signedoff success Signed-off-by tag matches author and committer
netdev/deprecated_api success None detected
netdev/check_selftest success No net selftest shell script
netdev/verify_fixes success No Fixes tag
netdev/build_allmodconfig_warn success Errors and warnings before: 4 this patch: 4
netdev/checkpatch success total: 0 errors, 0 warnings, 0 checks, 9 lines checked
netdev/build_clang_rust success No Rust files in patch. Skipping build
netdev/kdoc success Errors and warnings before: 3 this patch: 3
netdev/source_inline success Was 0 now: 0
netdev/contest success net-next-2024-11-17--12-00 (tests: 789)

Commit Message

Song Chen Nov. 17, 2024, 4:55 a.m. UTC 
dev_ioctl handles requests from user space if a process calls
ioctl(sockfd, SIOCGIFINDEX, &ifr). However, if this user space
process doesn't have interface name well specified, dev_ioctl
doesn't give it an essential check, as a result, dev_load will
invoke modprobe with a nonsense module name if the user happens
to be sys admin or root, see following code in dev_load:

    no_module = !dev;
    if (no_module && capable(CAP_NET_ADMIN))
        no_module = request_module("netdev-%s", name);
    if (no_module && capable(CAP_SYS_MODULE))
        request_module("%s", name);

This patch checks if ifr_name is empty at the beginning, reduces
the overhead of calling modprobe.

Signed-off-by: Song Chen <chensong_2000@189.cn>
---
 net/core/dev_ioctl.c | 3 +++
 1 file changed, 3 insertions(+)

Comments

Paolo Abeni Nov. 19, 2024, 11:01 a.m. UTC | #1 
On 11/17/24 05:55, Song Chen wrote:
> dev_ioctl handles requests from user space if a process calls
> ioctl(sockfd, SIOCGIFINDEX, &ifr). However, if this user space
> process doesn't have interface name well specified, dev_ioctl
> doesn't give it an essential check, as a result, dev_load will
> invoke modprobe with a nonsense module name if the user happens
> to be sys admin or root, see following code in dev_load:
> 
>     no_module = !dev;
>     if (no_module && capable(CAP_NET_ADMIN))
>         no_module = request_module("netdev-%s", name);
>     if (no_module && capable(CAP_SYS_MODULE))
>         request_module("%s", name);
> 
> This patch checks if ifr_name is empty at the beginning, reduces
> the overhead of calling modprobe.

AFAICS technically this optimize a slow path (bad input from the
user-space) at the expense of the more usual path (additional unneeded
conditional) and still AFAICS, there are no functional issues addressed
here.

Note that even the latter more usual path is not a fast path, still the
optimization is not worthy.

/P
kernel test robot Nov. 25, 2024, 1:21 p.m. UTC | #2 
Hello,

kernel test robot noticed "ltp.sockioctl01.fail" on:

commit: 903558372166a07179510dc222f7360583a9ad0b ("[PATCH] net/core/dev_ioctl: avoid invoking modprobe with empty ifr_name")
url: https://github.com/intel-lab-lkp/linux/commits/Song-Chen/net-core-dev_ioctl-avoid-invoking-modprobe-with-empty-ifr_name/20241121-093707
base: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git 43fb83c17ba2d63dfb798f0be7453ed55ca3f9c2
patch link: https://lore.kernel.org/all/20241117045512.111515-1-chensong_2000@189.cn/
patch subject: [PATCH] net/core/dev_ioctl: avoid invoking modprobe with empty ifr_name

in testcase: ltp
version: ltp-x86_64-14c1f76-1_20241111
with following parameters:

	disk: 1HDD
	fs: btrfs
	test: syscalls-05/sockioctl01



config: x86_64-rhel-9.4-ltp
compiler: gcc-12
test machine: 36 threads 1 sockets Intel(R) Core(TM) i9-10980XE CPU @ 3.00GHz (Cascade Lake) with 128G memory

(please refer to attached dmesg/kmsg for entire log/backtrace)




If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <oliver.sang@intel.com>
| Closes: https://lore.kernel.org/oe-lkp/202411252134.27764973-lkp@intel.com



Running tests.......
<<<test_start>>>
tag=sockioctl01 stime=1732585843
cmdline="sockioctl01"
contacts=""
analysis=exit
<<<test_output>>>
sockioctl01    0  TINFO  :  Using /fs/sda1/tmpdir/ltp-9HFOb999pn/LTP_soc6SpZTX as tmpdir (btrfs filesystem)
sockioctl01    1  TPASS  :  bad file descriptor successful
sockioctl01    2  TPASS  :  not a socket successful
sockioctl01    3  TPASS  :  invalid option buffer successful
sockioctl01    4  TFAIL  :  sockioctl01.c:136: ATMARK on UDP ; returned -1 (expected -1), errno 22 (expected 25)
sockioctl01    5  TPASS  :  SIOCGIFCONF successful
sockioctl01    6  TPASS  :  SIOCGIFFLAGS successful
sockioctl01    7  TPASS  :  SIOCGIFFLAGS with invalid ifr successful
sockioctl01    8  TPASS  :  SIOCSIFFLAGS with invalid ifr successful
incrementing stop
<<<execution_status>>>
initiation_status="ok"
duration=0 termination_type=exited termination_id=1 corefile=no
cutime=0 cstime=0
<<<test_end>>>
INFO: ltp-pan reported some tests FAIL
LTP Version: 20240930-63-g6408294d8

       ###############################################################

            Done executing testcases.
            LTP Version:  20240930-63-g6408294d8
       ###############################################################




The kernel config and materials to reproduce are available at:
https://download.01.org/0day-ci/archive/20241125/202411252134.27764973-lkp@intel.com
diff mbox series

Patch

diff --git a/net/core/dev_ioctl.c b/net/core/dev_ioctl.c
index 473c437b6b53..1371269f17d5 100644
--- a/net/core/dev_ioctl.c
+++ b/net/core/dev_ioctl.c
@@ -676,6 +676,9 @@  int dev_ioctl(struct net *net, unsigned int cmd, struct ifreq *ifr,
 	if (cmd == SIOCGIFNAME)
 		return dev_ifname(net, ifr);
 
+	if (ifr->ifr_name[0] == '\0')
+		return -EINVAL;
+
 	ifr->ifr_name[IFNAMSIZ-1] = 0;
 
 	colon = strchr(ifr->ifr_name, ':');