1*25be451aSLuis Chamberlain /* 2*25be451aSLuis Chamberlain * kmod - the kernel module loader 3*25be451aSLuis Chamberlain */ 4*25be451aSLuis Chamberlain #include <linux/module.h> 5*25be451aSLuis Chamberlain #include <linux/sched.h> 6*25be451aSLuis Chamberlain #include <linux/sched/task.h> 7*25be451aSLuis Chamberlain #include <linux/binfmts.h> 8*25be451aSLuis Chamberlain #include <linux/syscalls.h> 9*25be451aSLuis Chamberlain #include <linux/unistd.h> 10*25be451aSLuis Chamberlain #include <linux/kmod.h> 11*25be451aSLuis Chamberlain #include <linux/slab.h> 12*25be451aSLuis Chamberlain #include <linux/completion.h> 13*25be451aSLuis Chamberlain #include <linux/cred.h> 14*25be451aSLuis Chamberlain #include <linux/file.h> 15*25be451aSLuis Chamberlain #include <linux/fdtable.h> 16*25be451aSLuis Chamberlain #include <linux/workqueue.h> 17*25be451aSLuis Chamberlain #include <linux/security.h> 18*25be451aSLuis Chamberlain #include <linux/mount.h> 19*25be451aSLuis Chamberlain #include <linux/kernel.h> 20*25be451aSLuis Chamberlain #include <linux/init.h> 21*25be451aSLuis Chamberlain #include <linux/resource.h> 22*25be451aSLuis Chamberlain #include <linux/notifier.h> 23*25be451aSLuis Chamberlain #include <linux/suspend.h> 24*25be451aSLuis Chamberlain #include <linux/rwsem.h> 25*25be451aSLuis Chamberlain #include <linux/ptrace.h> 26*25be451aSLuis Chamberlain #include <linux/async.h> 27*25be451aSLuis Chamberlain #include <linux/uaccess.h> 28*25be451aSLuis Chamberlain 29*25be451aSLuis Chamberlain #include <trace/events/module.h> 30*25be451aSLuis Chamberlain 31*25be451aSLuis Chamberlain /* 32*25be451aSLuis Chamberlain * Assuming: 33*25be451aSLuis Chamberlain * 34*25be451aSLuis Chamberlain * threads = div64_u64((u64) totalram_pages * (u64) PAGE_SIZE, 35*25be451aSLuis Chamberlain * (u64) THREAD_SIZE * 8UL); 36*25be451aSLuis Chamberlain * 37*25be451aSLuis Chamberlain * If you need less than 50 threads would mean we're dealing with systems 38*25be451aSLuis Chamberlain * smaller than 3200 pages. This assumes you are capable of having ~13M memory, 39*25be451aSLuis Chamberlain * and this would only be an upper limit, after which the OOM killer would take 40*25be451aSLuis Chamberlain * effect. Systems like these are very unlikely if modules are enabled. 41*25be451aSLuis Chamberlain */ 42*25be451aSLuis Chamberlain #define MAX_KMOD_CONCURRENT 50 43*25be451aSLuis Chamberlain static atomic_t kmod_concurrent_max = ATOMIC_INIT(MAX_KMOD_CONCURRENT); 44*25be451aSLuis Chamberlain static DECLARE_WAIT_QUEUE_HEAD(kmod_wq); 45*25be451aSLuis Chamberlain 46*25be451aSLuis Chamberlain /* 47*25be451aSLuis Chamberlain * This is a restriction on having *all* MAX_KMOD_CONCURRENT threads 48*25be451aSLuis Chamberlain * running at the same time without returning. When this happens we 49*25be451aSLuis Chamberlain * believe you've somehow ended up with a recursive module dependency 50*25be451aSLuis Chamberlain * creating a loop. 51*25be451aSLuis Chamberlain * 52*25be451aSLuis Chamberlain * We have no option but to fail. 53*25be451aSLuis Chamberlain * 54*25be451aSLuis Chamberlain * Userspace should proactively try to detect and prevent these. 55*25be451aSLuis Chamberlain */ 56*25be451aSLuis Chamberlain #define MAX_KMOD_ALL_BUSY_TIMEOUT 5 57*25be451aSLuis Chamberlain 58*25be451aSLuis Chamberlain /* 59*25be451aSLuis Chamberlain modprobe_path is set via /proc/sys. 60*25be451aSLuis Chamberlain */ 61*25be451aSLuis Chamberlain char modprobe_path[KMOD_PATH_LEN] = CONFIG_MODPROBE_PATH; 62*25be451aSLuis Chamberlain 63*25be451aSLuis Chamberlain static void free_modprobe_argv(struct subprocess_info *info) 64*25be451aSLuis Chamberlain { 65*25be451aSLuis Chamberlain kfree(info->argv[3]); /* check call_modprobe() */ 66*25be451aSLuis Chamberlain kfree(info->argv); 67*25be451aSLuis Chamberlain } 68*25be451aSLuis Chamberlain 69*25be451aSLuis Chamberlain static int call_modprobe(char *module_name, int wait) 70*25be451aSLuis Chamberlain { 71*25be451aSLuis Chamberlain struct subprocess_info *info; 72*25be451aSLuis Chamberlain static char *envp[] = { 73*25be451aSLuis Chamberlain "HOME=/", 74*25be451aSLuis Chamberlain "TERM=linux", 75*25be451aSLuis Chamberlain "PATH=/sbin:/usr/sbin:/bin:/usr/bin", 76*25be451aSLuis Chamberlain NULL 77*25be451aSLuis Chamberlain }; 78*25be451aSLuis Chamberlain 79*25be451aSLuis Chamberlain char **argv = kmalloc(sizeof(char *[5]), GFP_KERNEL); 80*25be451aSLuis Chamberlain if (!argv) 81*25be451aSLuis Chamberlain goto out; 82*25be451aSLuis Chamberlain 83*25be451aSLuis Chamberlain module_name = kstrdup(module_name, GFP_KERNEL); 84*25be451aSLuis Chamberlain if (!module_name) 85*25be451aSLuis Chamberlain goto free_argv; 86*25be451aSLuis Chamberlain 87*25be451aSLuis Chamberlain argv[0] = modprobe_path; 88*25be451aSLuis Chamberlain argv[1] = "-q"; 89*25be451aSLuis Chamberlain argv[2] = "--"; 90*25be451aSLuis Chamberlain argv[3] = module_name; /* check free_modprobe_argv() */ 91*25be451aSLuis Chamberlain argv[4] = NULL; 92*25be451aSLuis Chamberlain 93*25be451aSLuis Chamberlain info = call_usermodehelper_setup(modprobe_path, argv, envp, GFP_KERNEL, 94*25be451aSLuis Chamberlain NULL, free_modprobe_argv, NULL); 95*25be451aSLuis Chamberlain if (!info) 96*25be451aSLuis Chamberlain goto free_module_name; 97*25be451aSLuis Chamberlain 98*25be451aSLuis Chamberlain return call_usermodehelper_exec(info, wait | UMH_KILLABLE); 99*25be451aSLuis Chamberlain 100*25be451aSLuis Chamberlain free_module_name: 101*25be451aSLuis Chamberlain kfree(module_name); 102*25be451aSLuis Chamberlain free_argv: 103*25be451aSLuis Chamberlain kfree(argv); 104*25be451aSLuis Chamberlain out: 105*25be451aSLuis Chamberlain return -ENOMEM; 106*25be451aSLuis Chamberlain } 107*25be451aSLuis Chamberlain 108*25be451aSLuis Chamberlain /** 109*25be451aSLuis Chamberlain * __request_module - try to load a kernel module 110*25be451aSLuis Chamberlain * @wait: wait (or not) for the operation to complete 111*25be451aSLuis Chamberlain * @fmt: printf style format string for the name of the module 112*25be451aSLuis Chamberlain * @...: arguments as specified in the format string 113*25be451aSLuis Chamberlain * 114*25be451aSLuis Chamberlain * Load a module using the user mode module loader. The function returns 115*25be451aSLuis Chamberlain * zero on success or a negative errno code or positive exit code from 116*25be451aSLuis Chamberlain * "modprobe" on failure. Note that a successful module load does not mean 117*25be451aSLuis Chamberlain * the module did not then unload and exit on an error of its own. Callers 118*25be451aSLuis Chamberlain * must check that the service they requested is now available not blindly 119*25be451aSLuis Chamberlain * invoke it. 120*25be451aSLuis Chamberlain * 121*25be451aSLuis Chamberlain * If module auto-loading support is disabled then this function 122*25be451aSLuis Chamberlain * simply returns -ENOENT. 123*25be451aSLuis Chamberlain */ 124*25be451aSLuis Chamberlain int __request_module(bool wait, const char *fmt, ...) 125*25be451aSLuis Chamberlain { 126*25be451aSLuis Chamberlain va_list args; 127*25be451aSLuis Chamberlain char module_name[MODULE_NAME_LEN]; 128*25be451aSLuis Chamberlain int ret; 129*25be451aSLuis Chamberlain 130*25be451aSLuis Chamberlain /* 131*25be451aSLuis Chamberlain * We don't allow synchronous module loading from async. Module 132*25be451aSLuis Chamberlain * init may invoke async_synchronize_full() which will end up 133*25be451aSLuis Chamberlain * waiting for this task which already is waiting for the module 134*25be451aSLuis Chamberlain * loading to complete, leading to a deadlock. 135*25be451aSLuis Chamberlain */ 136*25be451aSLuis Chamberlain WARN_ON_ONCE(wait && current_is_async()); 137*25be451aSLuis Chamberlain 138*25be451aSLuis Chamberlain if (!modprobe_path[0]) 139*25be451aSLuis Chamberlain return -ENOENT; 140*25be451aSLuis Chamberlain 141*25be451aSLuis Chamberlain va_start(args, fmt); 142*25be451aSLuis Chamberlain ret = vsnprintf(module_name, MODULE_NAME_LEN, fmt, args); 143*25be451aSLuis Chamberlain va_end(args); 144*25be451aSLuis Chamberlain if (ret >= MODULE_NAME_LEN) 145*25be451aSLuis Chamberlain return -ENAMETOOLONG; 146*25be451aSLuis Chamberlain 147*25be451aSLuis Chamberlain ret = security_kernel_module_request(module_name); 148*25be451aSLuis Chamberlain if (ret) 149*25be451aSLuis Chamberlain return ret; 150*25be451aSLuis Chamberlain 151*25be451aSLuis Chamberlain if (atomic_dec_if_positive(&kmod_concurrent_max) < 0) { 152*25be451aSLuis Chamberlain pr_warn_ratelimited("request_module: kmod_concurrent_max (%u) close to 0 (max_modprobes: %u), for module %s, throttling...", 153*25be451aSLuis Chamberlain atomic_read(&kmod_concurrent_max), 154*25be451aSLuis Chamberlain MAX_KMOD_CONCURRENT, module_name); 155*25be451aSLuis Chamberlain ret = wait_event_killable_timeout(kmod_wq, 156*25be451aSLuis Chamberlain atomic_dec_if_positive(&kmod_concurrent_max) >= 0, 157*25be451aSLuis Chamberlain MAX_KMOD_ALL_BUSY_TIMEOUT * HZ); 158*25be451aSLuis Chamberlain if (!ret) { 159*25be451aSLuis Chamberlain pr_warn_ratelimited("request_module: modprobe %s cannot be processed, kmod busy with %d threads for more than %d seconds now", 160*25be451aSLuis Chamberlain module_name, MAX_KMOD_CONCURRENT, MAX_KMOD_ALL_BUSY_TIMEOUT); 161*25be451aSLuis Chamberlain return -ETIME; 162*25be451aSLuis Chamberlain } else if (ret == -ERESTARTSYS) { 163*25be451aSLuis Chamberlain pr_warn_ratelimited("request_module: sigkill sent for modprobe %s, giving up", module_name); 164*25be451aSLuis Chamberlain return ret; 165*25be451aSLuis Chamberlain } 166*25be451aSLuis Chamberlain } 167*25be451aSLuis Chamberlain 168*25be451aSLuis Chamberlain trace_module_request(module_name, wait, _RET_IP_); 169*25be451aSLuis Chamberlain 170*25be451aSLuis Chamberlain ret = call_modprobe(module_name, wait ? UMH_WAIT_PROC : UMH_WAIT_EXEC); 171*25be451aSLuis Chamberlain 172*25be451aSLuis Chamberlain atomic_inc(&kmod_concurrent_max); 173*25be451aSLuis Chamberlain wake_up(&kmod_wq); 174*25be451aSLuis Chamberlain 175*25be451aSLuis Chamberlain return ret; 176*25be451aSLuis Chamberlain } 177*25be451aSLuis Chamberlain EXPORT_SYMBOL(__request_module); 178