| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 3 Sep 2014 10:02:26 -0700
From: Cong Wang <cwang@...pensource.com>
To: David Laight <David.Laight@...lab.com>
Cc: Linux Netdev List <netdev@...r.kernel.org>,
David Miller <davem@...emloft.net>
Subject: Re: [PATCH net] core: Don't attempt to load the "" driver.
On Wed, Sep 3, 2014 at 2:02 AM, David Laight <David.Laight@...lab.com> wrote:
>> On Tue, Sep 2, 2014 at 6:48 AM, David Laight <David.Laight@...lab.com> wrote:
>> > While the applications shouldn't be calling an SIOCxxx ioctl with ifr_name[0] == 0
>> > the kernel shouldn't be tracing the error either.
>> >
>>
>> Why don't we reject this empty string? It doesn't look like a valid one.
>> I assume this is for compatibility?
>
> The ioctl code will error it later on - the module load is 'speculative'.
> Analysing whether all the ioctls need dev_load() to succeed is another issue.
>
> Indeed I'm not sure anything stops the module being unloaded before the
> ioctl action tries to take a real reference on the interface.
>
> Whether request_module("") should be an error is a different question,
> probably much harder to analyse.
>
If an empty string is an invalid name, we definitely should reject it from
the very beginning, so that you would not need to worry about the above
issues.
Something like the attached patch.
View attachment "dev_load.diff" of type "text/plain" (5202 bytes)
Powered by blists - more mailing lists