Re: [PATCH] module: ban '.', '..' as module names, ban '/' in module names

From: Luis Chamberlain
Date: Sun Apr 14 2024 - 16:59:07 EST


On Sun, Apr 14, 2024 at 10:05:05PM +0300, Alexey Dobriyan wrote:
> --- a/include/linux/fs.h
> +++ b/include/linux/fs.h
> @@ -3616,4 +3616,12 @@ extern int vfs_fadvise(struct file *file, loff_t offset, loff_t len,
> extern int generic_fadvise(struct file *file, loff_t offset, loff_t len,
> int advice);
>
> +/*
> + * Use this if data from userspace end up as directory/filename on
> + * some virtual filesystem.
> + */
> +static inline bool string_is_vfs_ready(const char *s)
> +{
> + return strcmp(s, ".") != 0 && strcmp(s, "..") != 0 && !strchr(s, '/');
> +}
> #endif /* _LINUX_FS_H */
> --- a/kernel/module/main.c
> +++ b/kernel/module/main.c
> @@ -2893,6 +2893,11 @@ static int load_module(struct load_info *info, const char __user *uargs,
>
> audit_log_kern_module(mod->name);
>
> + if (!string_is_vfs_ready(mod->name)) {
> + err = -EINVAL;
> + goto free_module;
> + }
> +

Sensible change however to put string_is_vfs_ready() in include/linux/fs.h
is a stretch if there really are no other users.

Luis