Re: request_module DoS
From: Luis Chamberlain <mcgrof@kernel.org>
Date: 2022-05-09 01:47:14
Also in:
linux-modules, lkml
Subsystem:
kernel selftest framework, module support, the rest · Maintainers:
Shuah Khan, Luis Chamberlain, Petr Pavlu, Daniel Gomez, Sami Tolvanen, Linus Torvalds
Possibly related (same subject, not in this thread)
- 2022-05-12 · Re: request_module DoS · Luis Chamberlain <mcgrof@kernel.org>
- 2022-05-12 · Re: request_module DoS · Michael Ellerman <mpe@ellerman.id.au>
- 2022-05-12 · Re: request_module DoS · Michael Ellerman <mpe@ellerman.id.au>
- 2022-05-11 · Re: request_module DoS · Luis Chamberlain <mcgrof@kernel.org>
- 2022-05-09 · Re: request_module DoS · Luis Chamberlain <mcgrof@kernel.org>
On Sat, May 07, 2022 at 12:14:47PM -0700, Luis Chamberlain wrote:
On Sat, May 07, 2022 at 01:02:20AM -0700, Luis Chamberlain wrote:quoted
You can try to reproduce by using adding a new test type for crypto-aegis256 on lib/test_kmod.c. These tests however can try something similar but other modules. /tools/testing/selftests/kmod/kmod.sh -t 0008 /tools/testing/selftests/kmod/kmod.sh -t 0009 I can't decipher this yet.Without testing it... but something like this might be an easier reproducer: + config_set_driver crypto-aegis256
If the module is not present though nothing really happens, and so is it possible this is another issue? Below a bogus module request.
diff --git a/tools/testing/selftests/kmod/kmod.sh b/tools/testing/selftests/kmod/kmod.sh
index afd42387e8b2..a747ad549940 100755
--- a/tools/testing/selftests/kmod/kmod.sh
+++ b/tools/testing/selftests/kmod/kmod.sh@@ -65,6 +66,7 @@ ALL_TESTS="$ALL_TESTS 0010:1:1" ALL_TESTS="$ALL_TESTS 0011:1:1" ALL_TESTS="$ALL_TESTS 0012:1:1" ALL_TESTS="$ALL_TESTS 0013:1:1" +ALL_TESTS="$ALL_TESTS 0014:150:1" # Kselftest framework requirement - SKIP code is 4. ksft_skip=4
@@ -504,6 +506,17 @@ kmod_test_0013() "cat /sys/module/${DEFAULT_KMOD_DRIVER}/sections/.*text | head -n1" } +kmod_test_0014() +{ + kmod_defaults_driver + MODPROBE_LIMIT=$(config_get_modprobe_limit) + let EXTRA=$MODPROBE_LIMIT/6 + config_set_driver bogus_module_does_not_exist + config_num_thread_limit_extra $EXTRA + config_trigger ${FUNCNAME[0]} + config_expect_result ${FUNCNAME[0]} MODULE_NOT_FOUND +} + list_tests() { echo "Test ID list:"
@@ -525,6 +538,7 @@ list_tests() echo "0011 x $(get_test_count 0011) - test completely disabling module autoloading" echo "0012 x $(get_test_count 0012) - test /proc/modules address visibility under CAP_SYSLOG" echo "0013 x $(get_test_count 0013) - test /sys/module/*/sections/* visibility under CAP_SYSLOG" + echo "0014 x $(get_test_count 0014) - multithreaded - push kmod_concurrent over max_modprobes for request_module() for a missing module" } usage()