Commit | Line | Data |
---|---|---|
1da177e4 | 1 | /* |
23558693 | 2 | * kmod - the kernel module loader |
8660484e LC |
3 | * |
4 | * Copyright (C) 2023 Luis Chamberlain <mcgrof@kernel.org> | |
23558693 | 5 | */ |
8660484e | 6 | |
1da177e4 LT |
7 | #include <linux/module.h> |
8 | #include <linux/sched.h> | |
29930025 | 9 | #include <linux/sched/task.h> |
5c2c5c55 | 10 | #include <linux/binfmts.h> |
1da177e4 LT |
11 | #include <linux/syscalls.h> |
12 | #include <linux/unistd.h> | |
13 | #include <linux/kmod.h> | |
1da177e4 | 14 | #include <linux/slab.h> |
1da177e4 | 15 | #include <linux/completion.h> |
17f60a7d | 16 | #include <linux/cred.h> |
1da177e4 | 17 | #include <linux/file.h> |
9f3acc31 | 18 | #include <linux/fdtable.h> |
1da177e4 LT |
19 | #include <linux/workqueue.h> |
20 | #include <linux/security.h> | |
21 | #include <linux/mount.h> | |
22 | #include <linux/kernel.h> | |
23 | #include <linux/init.h> | |
d025c9db | 24 | #include <linux/resource.h> |
8cdd4936 RW |
25 | #include <linux/notifier.h> |
26 | #include <linux/suspend.h> | |
b298d289 | 27 | #include <linux/rwsem.h> |
a74fb73c | 28 | #include <linux/ptrace.h> |
0fdff3ec | 29 | #include <linux/async.h> |
7c0f6ba6 | 30 | #include <linux/uaccess.h> |
1da177e4 | 31 | |
7ead8b83 | 32 | #include <trace/events/module.h> |
8660484e | 33 | #include "internal.h" |
7ead8b83 | 34 | |
165d1cc0 LR |
35 | /* |
36 | * Assuming: | |
37 | * | |
38 | * threads = div64_u64((u64) totalram_pages * (u64) PAGE_SIZE, | |
39 | * (u64) THREAD_SIZE * 8UL); | |
40 | * | |
41 | * If you need less than 50 threads would mean we're dealing with systems | |
06d4f815 | 42 | * smaller than 3200 pages. This assumes you are capable of having ~13M memory, |
6f9e148c TY |
43 | * and this would only be an upper limit, after which the OOM killer would take |
44 | * effect. Systems like these are very unlikely if modules are enabled. | |
165d1cc0 LR |
45 | */ |
46 | #define MAX_KMOD_CONCURRENT 50 | |
25a1b5b5 | 47 | static DEFINE_SEMAPHORE(kmod_concurrent_max, MAX_KMOD_CONCURRENT); |
1da177e4 | 48 | |
2ba293c9 LR |
49 | /* |
50 | * This is a restriction on having *all* MAX_KMOD_CONCURRENT threads | |
51 | * running at the same time without returning. When this happens we | |
52 | * believe you've somehow ended up with a recursive module dependency | |
53 | * creating a loop. | |
54 | * | |
55 | * We have no option but to fail. | |
56 | * | |
57 | * Userspace should proactively try to detect and prevent these. | |
58 | */ | |
59 | #define MAX_KMOD_ALL_BUSY_TIMEOUT 5 | |
60 | ||
1da177e4 LT |
61 | /* |
62 | modprobe_path is set via /proc/sys. | |
63 | */ | |
17652f42 | 64 | char modprobe_path[KMOD_PATH_LEN] = CONFIG_MODPROBE_PATH; |
1da177e4 | 65 | |
1cc684ab ON |
66 | static void free_modprobe_argv(struct subprocess_info *info) |
67 | { | |
68 | kfree(info->argv[3]); /* check call_modprobe() */ | |
69 | kfree(info->argv); | |
70 | } | |
71 | ||
8660484e | 72 | static int call_modprobe(char *orig_module_name, int wait) |
3e63a93b | 73 | { |
f634460c | 74 | struct subprocess_info *info; |
3e63a93b ON |
75 | static char *envp[] = { |
76 | "HOME=/", | |
77 | "TERM=linux", | |
78 | "PATH=/sbin:/usr/sbin:/bin:/usr/bin", | |
79 | NULL | |
80 | }; | |
8660484e LC |
81 | char *module_name; |
82 | int ret; | |
3e63a93b | 83 | |
1cc684ab ON |
84 | char **argv = kmalloc(sizeof(char *[5]), GFP_KERNEL); |
85 | if (!argv) | |
86 | goto out; | |
87 | ||
8660484e | 88 | module_name = kstrdup(orig_module_name, GFP_KERNEL); |
1cc684ab ON |
89 | if (!module_name) |
90 | goto free_argv; | |
91 | ||
92 | argv[0] = modprobe_path; | |
93 | argv[1] = "-q"; | |
94 | argv[2] = "--"; | |
95 | argv[3] = module_name; /* check free_modprobe_argv() */ | |
96 | argv[4] = NULL; | |
3e63a93b | 97 | |
f634460c LDM |
98 | info = call_usermodehelper_setup(modprobe_path, argv, envp, GFP_KERNEL, |
99 | NULL, free_modprobe_argv, NULL); | |
100 | if (!info) | |
101 | goto free_module_name; | |
102 | ||
8660484e LC |
103 | ret = call_usermodehelper_exec(info, wait | UMH_KILLABLE); |
104 | kmod_dup_request_announce(orig_module_name, ret); | |
105 | return ret; | |
f634460c LDM |
106 | |
107 | free_module_name: | |
108 | kfree(module_name); | |
1cc684ab ON |
109 | free_argv: |
110 | kfree(argv); | |
111 | out: | |
8660484e | 112 | kmod_dup_request_announce(orig_module_name, -ENOMEM); |
1cc684ab | 113 | return -ENOMEM; |
3e63a93b ON |
114 | } |
115 | ||
1da177e4 | 116 | /** |
acae0515 AV |
117 | * __request_module - try to load a kernel module |
118 | * @wait: wait (or not) for the operation to complete | |
bd4207c9 RD |
119 | * @fmt: printf style format string for the name of the module |
120 | * @...: arguments as specified in the format string | |
1da177e4 LT |
121 | * |
122 | * Load a module using the user mode module loader. The function returns | |
60b61a6f N |
123 | * zero on success or a negative errno code or positive exit code from |
124 | * "modprobe" on failure. Note that a successful module load does not mean | |
125 | * the module did not then unload and exit on an error of its own. Callers | |
126 | * must check that the service they requested is now available not blindly | |
127 | * invoke it. | |
1da177e4 LT |
128 | * |
129 | * If module auto-loading support is disabled then this function | |
d7d27cfc | 130 | * simply returns -ENOENT. |
1da177e4 | 131 | */ |
acae0515 | 132 | int __request_module(bool wait, const char *fmt, ...) |
1da177e4 LT |
133 | { |
134 | va_list args; | |
135 | char module_name[MODULE_NAME_LEN]; | |
8660484e | 136 | int ret, dup_ret; |
1da177e4 | 137 | |
0fdff3ec TH |
138 | /* |
139 | * We don't allow synchronous module loading from async. Module | |
140 | * init may invoke async_synchronize_full() which will end up | |
141 | * waiting for this task which already is waiting for the module | |
142 | * loading to complete, leading to a deadlock. | |
143 | */ | |
144 | WARN_ON_ONCE(wait && current_is_async()); | |
145 | ||
7f57cfa4 | 146 | if (!modprobe_path[0]) |
d7d27cfc | 147 | return -ENOENT; |
7f57cfa4 | 148 | |
1da177e4 LT |
149 | va_start(args, fmt); |
150 | ret = vsnprintf(module_name, MODULE_NAME_LEN, fmt, args); | |
151 | va_end(args); | |
152 | if (ret >= MODULE_NAME_LEN) | |
153 | return -ENAMETOOLONG; | |
154 | ||
dd8dbf2e EP |
155 | ret = security_kernel_module_request(module_name); |
156 | if (ret) | |
157 | return ret; | |
158 | ||
25a1b5b5 LC |
159 | ret = down_timeout(&kmod_concurrent_max, MAX_KMOD_ALL_BUSY_TIMEOUT * HZ); |
160 | if (ret) { | |
161 | pr_warn_ratelimited("request_module: modprobe %s cannot be processed, kmod busy with %d threads for more than %d seconds now", | |
162 | module_name, MAX_KMOD_CONCURRENT, MAX_KMOD_ALL_BUSY_TIMEOUT); | |
163 | return ret; | |
1da177e4 LT |
164 | } |
165 | ||
7ead8b83 LZ |
166 | trace_module_request(module_name, wait, _RET_IP_); |
167 | ||
8660484e LC |
168 | if (kmod_dup_request_exists_wait(module_name, wait, &dup_ret)) { |
169 | ret = dup_ret; | |
170 | goto out; | |
171 | } | |
172 | ||
3e63a93b | 173 | ret = call_modprobe(module_name, wait ? UMH_WAIT_PROC : UMH_WAIT_EXEC); |
a06a4dc3 | 174 | |
8660484e | 175 | out: |
25a1b5b5 | 176 | up(&kmod_concurrent_max); |
165d1cc0 | 177 | |
1da177e4 LT |
178 | return ret; |
179 | } | |
acae0515 | 180 | EXPORT_SYMBOL(__request_module); |