The finit_module() system call, introduced in Linux 3.8, reads the
module from a supplied file descriptor. This allows the kernel to do
security checks based on the file's location.
From fbb90c1db3c3ec4cffce32e4cdd67a880ed8e9f2 Mon Sep 17 00:00:00 2001
From: Steve Muckle <smuc...@google.com>
Date: Wed, 25 Jan 2017 17:51:40 -0800
Subject: [PATCH] modprobe: use finit_module when possible
The finit_module() system call, introduced in Linux 3.8, reads the
module from a supplied file descriptor. This allows the kernel to do
security checks based on the file's location.
---
toys/pending/modprobe.c | 17 +++++++++++++----
1 file changed, 13 insertions(+), 4 deletions(-)
diff --git a/toys/pending/modprobe.c b/toys/pending/modprobe.c
index 50ec60f..c701f5b 100644
--- a/toys/pending/modprobe.c
+++ b/toys/pending/modprobe.c
@@ -373,6 +373,19 @@ static int ins_mod(char *modules, char *flags)
int len, res;
int fd = xopenro(modules);
+ while (flags && strlen(toybuf) + strlen(flags) + 2 < sizeof(toybuf)) {
+ strcat(toybuf, flags);
+ strcat(toybuf, " ");
+ }
+
+#ifdef __NR_finit_module
+ res = syscall(__NR_finit_module, fd, toybuf, 0);
+ if (!res || errno != ENOSYS) {
+ xclose(fd);
+ return res;
+ }
+#endif
+
// TODO xreadfile()
len = fdlength(fd);
@@ -380,10 +393,6 @@ static int ins_mod(char *modules, char *flags)
xreadall(fd, buf, len);
xclose(fd);
- while (flags && strlen(toybuf) + strlen(flags) + 2 < sizeof(toybuf)) {
- strcat(toybuf, flags);
- strcat(toybuf, " ");
- }
res = syscall(__NR_init_module, buf, len, toybuf);
if (CFG_TOYBOX_FREE && buf != toybuf) free(buf);
return res;
--
2.11.0.483.g087da7b7c-goog
_______________________________________________
Toybox mailing list
Toybox@lists.landley.net
http://lists.landley.net/listinfo.cgi/toybox-landley.net
