1. Patchew
  2. linux
  3. View series

[PATCH] net/core/dev_ioctl: avoid invoking modprobe with empty ifr_name

Song Chen posted 1 patch 1 year, 2 months ago 
net/core/dev_ioctl.c | 3 +++
1 file changed, 3 insertions(+)
[PATCH] net/core/dev_ioctl: avoid invoking modprobe with empty ifr_name
Posted by Song Chen 1 year, 2 months ago 
dev_ioctl handles requests from user space if a process calls
ioctl(sockfd, SIOCGIFINDEX, &ifr). However, if this user space
process doesn't have interface name well specified, dev_ioctl
doesn't give it an essential check, as a result, dev_load will
invoke modprobe with a nonsense module name if the user happens
to be sys admin or root, see following code in dev_load:

    no_module = !dev;
    if (no_module && capable(CAP_NET_ADMIN))
        no_module = request_module("netdev-%s", name);
    if (no_module && capable(CAP_SYS_MODULE))
        request_module("%s", name);

This patch checks if ifr_name is empty at the beginning, reduces
the overhead of calling modprobe.

Signed-off-by: Song Chen <chensong_2000@189.cn>
---
 net/core/dev_ioctl.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/net/core/dev_ioctl.c b/net/core/dev_ioctl.c
index 473c437b6b53..1371269f17d5 100644
--- a/net/core/dev_ioctl.c
+++ b/net/core/dev_ioctl.c
@@ -676,6 +676,9 @@ int dev_ioctl(struct net *net, unsigned int cmd, struct ifreq *ifr,
 	if (cmd == SIOCGIFNAME)
 		return dev_ifname(net, ifr);
 
+	if (ifr->ifr_name[0] == '\0')
+		return -EINVAL;
+
 	ifr->ifr_name[IFNAMSIZ-1] = 0;
 
 	colon = strchr(ifr->ifr_name, ':');
-- 
2.25.1
Re: [PATCH] net/core/dev_ioctl: avoid invoking modprobe with empty ifr_name
Posted by kernel test robot 1 year, 2 months ago 

Hello,

kernel test robot noticed "ltp.sockioctl01.fail" on:

commit: 903558372166a07179510dc222f7360583a9ad0b ("[PATCH] net/core/dev_ioctl: avoid invoking modprobe with empty ifr_name")
url: https://github.com/intel-lab-lkp/linux/commits/Song-Chen/net-core-dev_ioctl-avoid-invoking-modprobe-with-empty-ifr_name/20241121-093707
base: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git 43fb83c17ba2d63dfb798f0be7453ed55ca3f9c2
patch link: https://lore.kernel.org/all/20241117045512.111515-1-chensong_2000@189.cn/
patch subject: [PATCH] net/core/dev_ioctl: avoid invoking modprobe with empty ifr_name

in testcase: ltp
version: ltp-x86_64-14c1f76-1_20241111
with following parameters:

	disk: 1HDD
	fs: btrfs
	test: syscalls-05/sockioctl01



config: x86_64-rhel-9.4-ltp
compiler: gcc-12
test machine: 36 threads 1 sockets Intel(R) Core(TM) i9-10980XE CPU @ 3.00GHz (Cascade Lake) with 128G memory

(please refer to attached dmesg/kmsg for entire log/backtrace)




If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <oliver.sang@intel.com>
| Closes: https://lore.kernel.org/oe-lkp/202411252134.27764973-lkp@intel.com



Running tests.......
<<<test_start>>>
tag=sockioctl01 stime=1732585843
cmdline="sockioctl01"
contacts=""
analysis=exit
<<<test_output>>>
sockioctl01    0  TINFO  :  Using /fs/sda1/tmpdir/ltp-9HFOb999pn/LTP_soc6SpZTX as tmpdir (btrfs filesystem)
sockioctl01    1  TPASS  :  bad file descriptor successful
sockioctl01    2  TPASS  :  not a socket successful
sockioctl01    3  TPASS  :  invalid option buffer successful
sockioctl01    4  TFAIL  :  sockioctl01.c:136: ATMARK on UDP ; returned -1 (expected -1), errno 22 (expected 25)
sockioctl01    5  TPASS  :  SIOCGIFCONF successful
sockioctl01    6  TPASS  :  SIOCGIFFLAGS successful
sockioctl01    7  TPASS  :  SIOCGIFFLAGS with invalid ifr successful
sockioctl01    8  TPASS  :  SIOCSIFFLAGS with invalid ifr successful
incrementing stop
<<<execution_status>>>
initiation_status="ok"
duration=0 termination_type=exited termination_id=1 corefile=no
cutime=0 cstime=0
<<<test_end>>>
INFO: ltp-pan reported some tests FAIL
LTP Version: 20240930-63-g6408294d8

       ###############################################################

            Done executing testcases.
            LTP Version:  20240930-63-g6408294d8
       ###############################################################




The kernel config and materials to reproduce are available at:
https://download.01.org/0day-ci/archive/20241125/202411252134.27764973-lkp@intel.com



-- 
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki
Re: [PATCH] net/core/dev_ioctl: avoid invoking modprobe with empty ifr_name
Posted by Paolo Abeni 1 year, 2 months ago 
On 11/17/24 05:55, Song Chen wrote:
> dev_ioctl handles requests from user space if a process calls
> ioctl(sockfd, SIOCGIFINDEX, &ifr). However, if this user space
> process doesn't have interface name well specified, dev_ioctl
> doesn't give it an essential check, as a result, dev_load will
> invoke modprobe with a nonsense module name if the user happens
> to be sys admin or root, see following code in dev_load:
> 
>     no_module = !dev;
>     if (no_module && capable(CAP_NET_ADMIN))
>         no_module = request_module("netdev-%s", name);
>     if (no_module && capable(CAP_SYS_MODULE))
>         request_module("%s", name);
> 
> This patch checks if ifr_name is empty at the beginning, reduces
> the overhead of calling modprobe.

AFAICS technically this optimize a slow path (bad input from the
user-space) at the expense of the more usual path (additional unneeded
conditional) and still AFAICS, there are no functional issues addressed
here.

Note that even the latter more usual path is not a fast path, still the
optimization is not worthy.

/P

Patchew 2.1-devel-b67e4c2

© 2016 - 2026 Red Hat, Inc.