On 11/10/24 12:42, Song Chen wrote: > Sometimes when kernel calls request_module to load a module > into kernel space, it doesn't pass the module name appropriately, > and request_module doesn't verify it as well. > > As a result, modprobe is invoked anyway and spend a lot of time > searching a nonsense name. > > For example reported from a customer, he runs a user space process > to call ioctl(fd, SIOCGIFINDEX, &ifr), the callstack in kernel is > like that: > dev_ioctl(net/core/dev_iovtl.c) > dev_load > request_module("netdev-%s", name); > or request_module("%s", name); > > However if name of NIC is empty, neither dev_load nor request_module > checks it at the first place, modprobe will search module "netdev-" > in its default path, env path and path configured in etc for nothing, > increase a lot system overhead. > > To address this problem, this patch copies va_list and introduces > a helper is_module_name_valid to verify the parameters validity > one by one, either null or empty. if it fails, no modprobe invoked. I'm not sure if I fully follow why this should be addressed at the request_module() level. If the user repeatedly invokes SIOCGIFINDEX with an empty name and this increases their system load, wouldn't it be better to update the userspace to prevent this non-sense request in the first place? Similarly, if something should be done in the kernel, wouldn't it be more straightforward for dev_ioctl()/dev_load() to check this case? I think the same should in principle apply to other places that might invoke request_module() with "%s" and a bogus value. The callers can appropriately decide if their request makes sense and should be fixed/improved. -- Thanks, Petr