125be451aSLuis Chamberlain /*
225be451aSLuis Chamberlain * kmod - the kernel module loader
3*8660484eSLuis Chamberlain *
4*8660484eSLuis Chamberlain * Copyright (C) 2023 Luis Chamberlain <mcgrof@kernel.org>
525be451aSLuis Chamberlain */
6*8660484eSLuis Chamberlain
725be451aSLuis Chamberlain #include <linux/module.h>
825be451aSLuis Chamberlain #include <linux/sched.h>
925be451aSLuis Chamberlain #include <linux/sched/task.h>
1025be451aSLuis Chamberlain #include <linux/binfmts.h>
1125be451aSLuis Chamberlain #include <linux/syscalls.h>
1225be451aSLuis Chamberlain #include <linux/unistd.h>
1325be451aSLuis Chamberlain #include <linux/kmod.h>
1425be451aSLuis Chamberlain #include <linux/slab.h>
1525be451aSLuis Chamberlain #include <linux/completion.h>
1625be451aSLuis Chamberlain #include <linux/cred.h>
1725be451aSLuis Chamberlain #include <linux/file.h>
1825be451aSLuis Chamberlain #include <linux/fdtable.h>
1925be451aSLuis Chamberlain #include <linux/workqueue.h>
2025be451aSLuis Chamberlain #include <linux/security.h>
2125be451aSLuis Chamberlain #include <linux/mount.h>
2225be451aSLuis Chamberlain #include <linux/kernel.h>
2325be451aSLuis Chamberlain #include <linux/init.h>
2425be451aSLuis Chamberlain #include <linux/resource.h>
2525be451aSLuis Chamberlain #include <linux/notifier.h>
2625be451aSLuis Chamberlain #include <linux/suspend.h>
2725be451aSLuis Chamberlain #include <linux/rwsem.h>
2825be451aSLuis Chamberlain #include <linux/ptrace.h>
2925be451aSLuis Chamberlain #include <linux/async.h>
3025be451aSLuis Chamberlain #include <linux/uaccess.h>
3125be451aSLuis Chamberlain
3225be451aSLuis Chamberlain #include <trace/events/module.h>
33*8660484eSLuis Chamberlain #include "internal.h"
3425be451aSLuis Chamberlain
3525be451aSLuis Chamberlain /*
3625be451aSLuis Chamberlain * Assuming:
3725be451aSLuis Chamberlain *
3825be451aSLuis Chamberlain * threads = div64_u64((u64) totalram_pages * (u64) PAGE_SIZE,
3925be451aSLuis Chamberlain * (u64) THREAD_SIZE * 8UL);
4025be451aSLuis Chamberlain *
4125be451aSLuis Chamberlain * If you need less than 50 threads would mean we're dealing with systems
4225be451aSLuis Chamberlain * smaller than 3200 pages. This assumes you are capable of having ~13M memory,
4325be451aSLuis Chamberlain * and this would only be an upper limit, after which the OOM killer would take
4425be451aSLuis Chamberlain * effect. Systems like these are very unlikely if modules are enabled.
4525be451aSLuis Chamberlain */
4625be451aSLuis Chamberlain #define MAX_KMOD_CONCURRENT 50
4725a1b5b5SLuis Chamberlain static DEFINE_SEMAPHORE(kmod_concurrent_max, MAX_KMOD_CONCURRENT);
4825be451aSLuis Chamberlain
4925be451aSLuis Chamberlain /*
5025be451aSLuis Chamberlain * This is a restriction on having *all* MAX_KMOD_CONCURRENT threads
5125be451aSLuis Chamberlain * running at the same time without returning. When this happens we
5225be451aSLuis Chamberlain * believe you've somehow ended up with a recursive module dependency
5325be451aSLuis Chamberlain * creating a loop.
5425be451aSLuis Chamberlain *
5525be451aSLuis Chamberlain * We have no option but to fail.
5625be451aSLuis Chamberlain *
5725be451aSLuis Chamberlain * Userspace should proactively try to detect and prevent these.
5825be451aSLuis Chamberlain */
5925be451aSLuis Chamberlain #define MAX_KMOD_ALL_BUSY_TIMEOUT 5
6025be451aSLuis Chamberlain
6125be451aSLuis Chamberlain /*
6225be451aSLuis Chamberlain modprobe_path is set via /proc/sys.
6325be451aSLuis Chamberlain */
6425be451aSLuis Chamberlain char modprobe_path[KMOD_PATH_LEN] = CONFIG_MODPROBE_PATH;
6525be451aSLuis Chamberlain
free_modprobe_argv(struct subprocess_info * info)6625be451aSLuis Chamberlain static void free_modprobe_argv(struct subprocess_info *info)
6725be451aSLuis Chamberlain {
6825be451aSLuis Chamberlain kfree(info->argv[3]); /* check call_modprobe() */
6925be451aSLuis Chamberlain kfree(info->argv);
7025be451aSLuis Chamberlain }
7125be451aSLuis Chamberlain
call_modprobe(char * orig_module_name,int wait)72*8660484eSLuis Chamberlain static int call_modprobe(char *orig_module_name, int wait)
7325be451aSLuis Chamberlain {
7425be451aSLuis Chamberlain struct subprocess_info *info;
7525be451aSLuis Chamberlain static char *envp[] = {
7625be451aSLuis Chamberlain "HOME=/",
7725be451aSLuis Chamberlain "TERM=linux",
7825be451aSLuis Chamberlain "PATH=/sbin:/usr/sbin:/bin:/usr/bin",
7925be451aSLuis Chamberlain NULL
8025be451aSLuis Chamberlain };
81*8660484eSLuis Chamberlain char *module_name;
82*8660484eSLuis Chamberlain int ret;
8325be451aSLuis Chamberlain
8425be451aSLuis Chamberlain char **argv = kmalloc(sizeof(char *[5]), GFP_KERNEL);
8525be451aSLuis Chamberlain if (!argv)
8625be451aSLuis Chamberlain goto out;
8725be451aSLuis Chamberlain
88*8660484eSLuis Chamberlain module_name = kstrdup(orig_module_name, GFP_KERNEL);
8925be451aSLuis Chamberlain if (!module_name)
9025be451aSLuis Chamberlain goto free_argv;
9125be451aSLuis Chamberlain
9225be451aSLuis Chamberlain argv[0] = modprobe_path;
9325be451aSLuis Chamberlain argv[1] = "-q";
9425be451aSLuis Chamberlain argv[2] = "--";
9525be451aSLuis Chamberlain argv[3] = module_name; /* check free_modprobe_argv() */
9625be451aSLuis Chamberlain argv[4] = NULL;
9725be451aSLuis Chamberlain
9825be451aSLuis Chamberlain info = call_usermodehelper_setup(modprobe_path, argv, envp, GFP_KERNEL,
9925be451aSLuis Chamberlain NULL, free_modprobe_argv, NULL);
10025be451aSLuis Chamberlain if (!info)
10125be451aSLuis Chamberlain goto free_module_name;
10225be451aSLuis Chamberlain
103*8660484eSLuis Chamberlain ret = call_usermodehelper_exec(info, wait | UMH_KILLABLE);
104*8660484eSLuis Chamberlain kmod_dup_request_announce(orig_module_name, ret);
105*8660484eSLuis Chamberlain return ret;
10625be451aSLuis Chamberlain
10725be451aSLuis Chamberlain free_module_name:
10825be451aSLuis Chamberlain kfree(module_name);
10925be451aSLuis Chamberlain free_argv:
11025be451aSLuis Chamberlain kfree(argv);
11125be451aSLuis Chamberlain out:
112*8660484eSLuis Chamberlain kmod_dup_request_announce(orig_module_name, -ENOMEM);
11325be451aSLuis Chamberlain return -ENOMEM;
11425be451aSLuis Chamberlain }
11525be451aSLuis Chamberlain
11625be451aSLuis Chamberlain /**
11725be451aSLuis Chamberlain * __request_module - try to load a kernel module
11825be451aSLuis Chamberlain * @wait: wait (or not) for the operation to complete
11925be451aSLuis Chamberlain * @fmt: printf style format string for the name of the module
12025be451aSLuis Chamberlain * @...: arguments as specified in the format string
12125be451aSLuis Chamberlain *
12225be451aSLuis Chamberlain * Load a module using the user mode module loader. The function returns
12325be451aSLuis Chamberlain * zero on success or a negative errno code or positive exit code from
12425be451aSLuis Chamberlain * "modprobe" on failure. Note that a successful module load does not mean
12525be451aSLuis Chamberlain * the module did not then unload and exit on an error of its own. Callers
12625be451aSLuis Chamberlain * must check that the service they requested is now available not blindly
12725be451aSLuis Chamberlain * invoke it.
12825be451aSLuis Chamberlain *
12925be451aSLuis Chamberlain * If module auto-loading support is disabled then this function
13025be451aSLuis Chamberlain * simply returns -ENOENT.
13125be451aSLuis Chamberlain */
__request_module(bool wait,const char * fmt,...)13225be451aSLuis Chamberlain int __request_module(bool wait, const char *fmt, ...)
13325be451aSLuis Chamberlain {
13425be451aSLuis Chamberlain va_list args;
13525be451aSLuis Chamberlain char module_name[MODULE_NAME_LEN];
136*8660484eSLuis Chamberlain int ret, dup_ret;
13725be451aSLuis Chamberlain
13825be451aSLuis Chamberlain /*
13925be451aSLuis Chamberlain * We don't allow synchronous module loading from async. Module
14025be451aSLuis Chamberlain * init may invoke async_synchronize_full() which will end up
14125be451aSLuis Chamberlain * waiting for this task which already is waiting for the module
14225be451aSLuis Chamberlain * loading to complete, leading to a deadlock.
14325be451aSLuis Chamberlain */
14425be451aSLuis Chamberlain WARN_ON_ONCE(wait && current_is_async());
14525be451aSLuis Chamberlain
14625be451aSLuis Chamberlain if (!modprobe_path[0])
14725be451aSLuis Chamberlain return -ENOENT;
14825be451aSLuis Chamberlain
14925be451aSLuis Chamberlain va_start(args, fmt);
15025be451aSLuis Chamberlain ret = vsnprintf(module_name, MODULE_NAME_LEN, fmt, args);
15125be451aSLuis Chamberlain va_end(args);
15225be451aSLuis Chamberlain if (ret >= MODULE_NAME_LEN)
15325be451aSLuis Chamberlain return -ENAMETOOLONG;
15425be451aSLuis Chamberlain
15525be451aSLuis Chamberlain ret = security_kernel_module_request(module_name);
15625be451aSLuis Chamberlain if (ret)
15725be451aSLuis Chamberlain return ret;
15825be451aSLuis Chamberlain
15925a1b5b5SLuis Chamberlain ret = down_timeout(&kmod_concurrent_max, MAX_KMOD_ALL_BUSY_TIMEOUT * HZ);
16025a1b5b5SLuis Chamberlain if (ret) {
16125be451aSLuis Chamberlain pr_warn_ratelimited("request_module: modprobe %s cannot be processed, kmod busy with %d threads for more than %d seconds now",
16225be451aSLuis Chamberlain module_name, MAX_KMOD_CONCURRENT, MAX_KMOD_ALL_BUSY_TIMEOUT);
16325be451aSLuis Chamberlain return ret;
16425be451aSLuis Chamberlain }
16525be451aSLuis Chamberlain
16625be451aSLuis Chamberlain trace_module_request(module_name, wait, _RET_IP_);
16725be451aSLuis Chamberlain
168*8660484eSLuis Chamberlain if (kmod_dup_request_exists_wait(module_name, wait, &dup_ret)) {
169*8660484eSLuis Chamberlain ret = dup_ret;
170*8660484eSLuis Chamberlain goto out;
171*8660484eSLuis Chamberlain }
172*8660484eSLuis Chamberlain
17325be451aSLuis Chamberlain ret = call_modprobe(module_name, wait ? UMH_WAIT_PROC : UMH_WAIT_EXEC);
17425be451aSLuis Chamberlain
175*8660484eSLuis Chamberlain out:
17625a1b5b5SLuis Chamberlain up(&kmod_concurrent_max);
17725be451aSLuis Chamberlain
17825be451aSLuis Chamberlain return ret;
17925be451aSLuis Chamberlain }
18025be451aSLuis Chamberlain EXPORT_SYMBOL(__request_module);
181