modprobe: use finit_module when possible

The finit_module() system call, introduced in Linux 3.8, reads the module from a supplied file descriptor. This allows the kernel to do security checks based on the file's location.
author: Steve Muckle <smuckle@google.com> 2017-01-25 17:51:40 -0800
committer: Rob Landley <rob@landley.net> 2017-01-28 16:54:15 -0600
commit: 6a003c837a9799df9435db6e8002b5f0a4eb3e88 (patch)
tree: 4939856f672f6af6d1cbe335c0ec7a83124538c8 /toys/pending
parent: 066f230dd89952671a5faae172e6c73a9af08512 (diff)
download: toybox-6a003c837a9799df9435db6e8002b5f0a4eb3e88.tar.gz
1 files changed, 13 insertions, 4 deletions
diff --git a/toys/pending/modprobe.c b/toys/pending/modprobe.c
index 50ec60f5..c701f5bf 100644
--- a/toys/pending/modprobe.c
+++ b/toys/pending/modprobe.c
@@ -373,6 +373,19 @@ static int ins_mod(char *modules, char *flags)
   int len, res;
   int fd = xopenro(modules);
 
+  while (flags && strlen(toybuf) + strlen(flags) + 2 < sizeof(toybuf)) {
+    strcat(toybuf, flags);
+    strcat(toybuf, " ");
+  }
+
+#ifdef __NR_finit_module
+  res = syscall(__NR_finit_module, fd, toybuf, 0);
+  if (!res || errno != ENOSYS) {
+	  xclose(fd);
+	  return res;
+  }
+#endif
+
   // TODO xreadfile()
 
   len = fdlength(fd);
@@ -380,10 +393,6 @@ static int ins_mod(char *modules, char *flags)
   xreadall(fd, buf, len);
   xclose(fd);
 
-  while (flags && strlen(toybuf) + strlen(flags) + 2 < sizeof(toybuf)) {
-    strcat(toybuf, flags);
-    strcat(toybuf, " ");
-  }
   res = syscall(__NR_init_module, buf, len, toybuf);
   if (CFG_TOYBOX_FREE && buf != toybuf) free(buf);
   return res;
author	Steve Muckle <smuckle@google.com>	2017-01-25 17:51:40 -0800
committer	Rob Landley <rob@landley.net>	2017-01-28 16:54:15 -0600
commit	6a003c837a9799df9435db6e8002b5f0a4eb3e88 (patch)
tree	4939856f672f6af6d1cbe335c0ec7a83124538c8 /toys/pending
parent	066f230dd89952671a5faae172e6c73a9af08512 (diff)
download	toybox-6a003c837a9799df9435db6e8002b5f0a4eb3e88.tar.gz