diff mbox series

net/core/dev_ioctl: avoid invoking modprobe with empty ifr_name

Message ID 20241117045512.111515-1-chensong_2000@189.cn (mailing list archive)
State Rejected
Delegated to: Netdev Maintainers
Headers show
Series net/core/dev_ioctl: avoid invoking modprobe with empty ifr_name | expand

Checks

Context Check Description
netdev/series_format warning Single patches do not need cover letters; Target tree name not specified in the subject
netdev/tree_selection success Guessed tree name to be net-next
netdev/ynl success Generated files up to date; no warnings/errors; no diff in generated;
netdev/fixes_present success Fixes tag not required for -next series
netdev/header_inline success No static functions without inline keyword in header files
netdev/build_32bit success Errors and warnings before: 3 this patch: 3
netdev/build_tools success No tools touched, skip
netdev/cc_maintainers warning 1 maintainers not CCed: horms@kernel.org
netdev/build_clang success Errors and warnings before: 3 this patch: 3
netdev/verify_signedoff success Signed-off-by tag matches author and committer
netdev/deprecated_api success None detected
netdev/check_selftest success No net selftest shell script
netdev/verify_fixes success No Fixes tag
netdev/build_allmodconfig_warn success Errors and warnings before: 4 this patch: 4
netdev/checkpatch success total: 0 errors, 0 warnings, 0 checks, 9 lines checked
netdev/build_clang_rust success No Rust files in patch. Skipping build
netdev/kdoc success Errors and warnings before: 3 this patch: 3
netdev/source_inline success Was 0 now: 0
netdev/contest success net-next-2024-11-17--12-00 (tests: 789)

Commit Message

Song Chen Nov. 17, 2024, 4:55 a.m. UTC 
dev_ioctl handles requests from user space if a process calls
ioctl(sockfd, SIOCGIFINDEX, &ifr). However, if this user space
process doesn't have interface name well specified, dev_ioctl
doesn't give it an essential check, as a result, dev_load will
invoke modprobe with a nonsense module name if the user happens
to be sys admin or root, see following code in dev_load:

    no_module = !dev;
    if (no_module && capable(CAP_NET_ADMIN))
        no_module = request_module("netdev-%s", name);
    if (no_module && capable(CAP_SYS_MODULE))
        request_module("%s", name);

This patch checks if ifr_name is empty at the beginning, reduces
the overhead of calling modprobe.

Signed-off-by: Song Chen <chensong_2000@189.cn>
---
 net/core/dev_ioctl.c | 3 +++
 1 file changed, 3 insertions(+)

Comments

Paolo Abeni Nov. 19, 2024, 11:01 a.m. UTC | #1 
On 11/17/24 05:55, Song Chen wrote:
> dev_ioctl handles requests from user space if a process calls
> ioctl(sockfd, SIOCGIFINDEX, &ifr). However, if this user space
> process doesn't have interface name well specified, dev_ioctl
> doesn't give it an essential check, as a result, dev_load will
> invoke modprobe with a nonsense module name if the user happens
> to be sys admin or root, see following code in dev_load:
> 
>     no_module = !dev;
>     if (no_module && capable(CAP_NET_ADMIN))
>         no_module = request_module("netdev-%s", name);
>     if (no_module && capable(CAP_SYS_MODULE))
>         request_module("%s", name);
> 
> This patch checks if ifr_name is empty at the beginning, reduces
> the overhead of calling modprobe.

AFAICS technically this optimize a slow path (bad input from the
user-space) at the expense of the more usual path (additional unneeded
conditional) and still AFAICS, there are no functional issues addressed
here.

Note that even the latter more usual path is not a fast path, still the
optimization is not worthy.

/P
diff mbox series

Patch

diff --git a/net/core/dev_ioctl.c b/net/core/dev_ioctl.c
index 473c437b6b53..1371269f17d5 100644
--- a/net/core/dev_ioctl.c
+++ b/net/core/dev_ioctl.c
@@ -676,6 +676,9 @@  int dev_ioctl(struct net *net, unsigned int cmd, struct ifreq *ifr,
 	if (cmd == SIOCGIFNAME)
 		return dev_ifname(net, ifr);
 
+	if (ifr->ifr_name[0] == '\0')
+		return -EINVAL;
+
 	ifr->ifr_name[IFNAMSIZ-1] = 0;
 
 	colon = strchr(ifr->ifr_name, ':');