kernel/module/kmod.c

25be451aSLuis Chamberlain/*
25be451aSLuis Chamberlain * kmod - the kernel module loader
*8660484eSLuis Chamberlain *
*8660484eSLuis Chamberlain * Copyright (C) 2023 Luis Chamberlain <mcgrof@kernel.org>
25be451aSLuis Chamberlain */
*8660484eSLuis Chamberlain
25be451aSLuis Chamberlain#include <linux/module.h>
25be451aSLuis Chamberlain#include <linux/sched.h>
25be451aSLuis Chamberlain#include <linux/sched/task.h>
25be451aSLuis Chamberlain#include <linux/binfmts.h>
25be451aSLuis Chamberlain#include <linux/syscalls.h>
25be451aSLuis Chamberlain#include <linux/unistd.h>
25be451aSLuis Chamberlain#include <linux/kmod.h>
25be451aSLuis Chamberlain#include <linux/slab.h>
25be451aSLuis Chamberlain#include <linux/completion.h>
25be451aSLuis Chamberlain#include <linux/cred.h>
25be451aSLuis Chamberlain#include <linux/file.h>
25be451aSLuis Chamberlain#include <linux/fdtable.h>
25be451aSLuis Chamberlain#include <linux/workqueue.h>
25be451aSLuis Chamberlain#include <linux/security.h>
25be451aSLuis Chamberlain#include <linux/mount.h>
25be451aSLuis Chamberlain#include <linux/kernel.h>
25be451aSLuis Chamberlain#include <linux/init.h>
25be451aSLuis Chamberlain#include <linux/resource.h>
25be451aSLuis Chamberlain#include <linux/notifier.h>
25be451aSLuis Chamberlain#include <linux/suspend.h>
25be451aSLuis Chamberlain#include <linux/rwsem.h>
25be451aSLuis Chamberlain#include <linux/ptrace.h>
25be451aSLuis Chamberlain#include <linux/async.h>
25be451aSLuis Chamberlain#include <linux/uaccess.h>
25be451aSLuis Chamberlain
25be451aSLuis Chamberlain#include <trace/events/module.h>
*8660484eSLuis Chamberlain#include "internal.h"
25be451aSLuis Chamberlain
25be451aSLuis Chamberlain/*
25be451aSLuis Chamberlain * Assuming:
25be451aSLuis Chamberlain *
25be451aSLuis Chamberlain * threads = div64_u64((u64) totalram_pages * (u64) PAGE_SIZE,
25be451aSLuis Chamberlain *		       (u64) THREAD_SIZE * 8UL);
25be451aSLuis Chamberlain *
25be451aSLuis Chamberlain * If you need less than 50 threads would mean we're dealing with systems
25be451aSLuis Chamberlain * smaller than 3200 pages. This assumes you are capable of having ~13M memory,
25be451aSLuis Chamberlain * and this would only be an upper limit, after which the OOM killer would take
25be451aSLuis Chamberlain * effect. Systems like these are very unlikely if modules are enabled.
25be451aSLuis Chamberlain */
25be451aSLuis Chamberlain#define MAX_KMOD_CONCURRENT 50
25a1b5b5SLuis Chamberlainstatic DEFINE_SEMAPHORE(kmod_concurrent_max, MAX_KMOD_CONCURRENT);
25be451aSLuis Chamberlain
25be451aSLuis Chamberlain/*
25be451aSLuis Chamberlain * This is a restriction on having *all* MAX_KMOD_CONCURRENT threads
25be451aSLuis Chamberlain * running at the same time without returning. When this happens we
25be451aSLuis Chamberlain * believe you've somehow ended up with a recursive module dependency
25be451aSLuis Chamberlain * creating a loop.
25be451aSLuis Chamberlain *
25be451aSLuis Chamberlain * We have no option but to fail.
25be451aSLuis Chamberlain *
25be451aSLuis Chamberlain * Userspace should proactively try to detect and prevent these.
25be451aSLuis Chamberlain */
25be451aSLuis Chamberlain#define MAX_KMOD_ALL_BUSY_TIMEOUT 5
25be451aSLuis Chamberlain
25be451aSLuis Chamberlain/*
25be451aSLuis Chamberlain	modprobe_path is set via /proc/sys.
25be451aSLuis Chamberlain*/
25be451aSLuis Chamberlainchar modprobe_path[KMOD_PATH_LEN] = CONFIG_MODPROBE_PATH;
25be451aSLuis Chamberlain
25be451aSLuis Chamberlainstatic void free_modprobe_argv(struct subprocess_info *info)
25be451aSLuis Chamberlain{
25be451aSLuis Chamberlain	kfree(info->argv[3]); /* check call_modprobe() */
25be451aSLuis Chamberlain	kfree(info->argv);
25be451aSLuis Chamberlain}
25be451aSLuis Chamberlain
*8660484eSLuis Chamberlainstatic int call_modprobe(char *orig_module_name, int wait)
25be451aSLuis Chamberlain{
25be451aSLuis Chamberlain	struct subprocess_info *info;
25be451aSLuis Chamberlain	static char *envp[] = {
25be451aSLuis Chamberlain		"HOME=/",
25be451aSLuis Chamberlain		"TERM=linux",
25be451aSLuis Chamberlain		"PATH=/sbin:/usr/sbin:/bin:/usr/bin",
25be451aSLuis Chamberlain		NULL
25be451aSLuis Chamberlain	};
*8660484eSLuis Chamberlain	char *module_name;
*8660484eSLuis Chamberlain	int ret;
25be451aSLuis Chamberlain
25be451aSLuis Chamberlain	char **argv = kmalloc(sizeof(char *[5]), GFP_KERNEL);
25be451aSLuis Chamberlain	if (!argv)
25be451aSLuis Chamberlain		goto out;
25be451aSLuis Chamberlain
*8660484eSLuis Chamberlain	module_name = kstrdup(orig_module_name, GFP_KERNEL);
25be451aSLuis Chamberlain	if (!module_name)
25be451aSLuis Chamberlain		goto free_argv;
25be451aSLuis Chamberlain
25be451aSLuis Chamberlain	argv[0] = modprobe_path;
25be451aSLuis Chamberlain	argv[1] = "-q";
25be451aSLuis Chamberlain	argv[2] = "--";
25be451aSLuis Chamberlain	argv[3] = module_name;	/* check free_modprobe_argv() */
25be451aSLuis Chamberlain	argv[4] = NULL;
25be451aSLuis Chamberlain
25be451aSLuis Chamberlain	info = call_usermodehelper_setup(modprobe_path, argv, envp, GFP_KERNEL,
25be451aSLuis Chamberlain					 NULL, free_modprobe_argv, NULL);
25be451aSLuis Chamberlain	if (!info)
25be451aSLuis Chamberlain		goto free_module_name;
25be451aSLuis Chamberlain
*8660484eSLuis Chamberlain	ret = call_usermodehelper_exec(info, wait | UMH_KILLABLE);
*8660484eSLuis Chamberlain	kmod_dup_request_announce(orig_module_name, ret);
*8660484eSLuis Chamberlain	return ret;
25be451aSLuis Chamberlain
25be451aSLuis Chamberlainfree_module_name:
25be451aSLuis Chamberlain	kfree(module_name);
25be451aSLuis Chamberlainfree_argv:
25be451aSLuis Chamberlain	kfree(argv);
25be451aSLuis Chamberlainout:
*8660484eSLuis Chamberlain	kmod_dup_request_announce(orig_module_name, -ENOMEM);
25be451aSLuis Chamberlain	return -ENOMEM;
25be451aSLuis Chamberlain}
25be451aSLuis Chamberlain
25be451aSLuis Chamberlain/**
25be451aSLuis Chamberlain * __request_module - try to load a kernel module
25be451aSLuis Chamberlain * @wait: wait (or not) for the operation to complete
25be451aSLuis Chamberlain * @fmt: printf style format string for the name of the module
25be451aSLuis Chamberlain * @...: arguments as specified in the format string
25be451aSLuis Chamberlain *
25be451aSLuis Chamberlain * Load a module using the user mode module loader. The function returns
25be451aSLuis Chamberlain * zero on success or a negative errno code or positive exit code from
25be451aSLuis Chamberlain * "modprobe" on failure. Note that a successful module load does not mean
25be451aSLuis Chamberlain * the module did not then unload and exit on an error of its own. Callers
25be451aSLuis Chamberlain * must check that the service they requested is now available not blindly
25be451aSLuis Chamberlain * invoke it.
25be451aSLuis Chamberlain *
25be451aSLuis Chamberlain * If module auto-loading support is disabled then this function
25be451aSLuis Chamberlain * simply returns -ENOENT.
25be451aSLuis Chamberlain */
25be451aSLuis Chamberlainint __request_module(bool wait, const char *fmt, ...)
25be451aSLuis Chamberlain{
25be451aSLuis Chamberlain	va_list args;
25be451aSLuis Chamberlain	char module_name[MODULE_NAME_LEN];
*8660484eSLuis Chamberlain	int ret, dup_ret;
25be451aSLuis Chamberlain
25be451aSLuis Chamberlain	/*
25be451aSLuis Chamberlain	 * We don't allow synchronous module loading from async.  Module
25be451aSLuis Chamberlain	 * init may invoke async_synchronize_full() which will end up
25be451aSLuis Chamberlain	 * waiting for this task which already is waiting for the module
25be451aSLuis Chamberlain	 * loading to complete, leading to a deadlock.
25be451aSLuis Chamberlain	 */
25be451aSLuis Chamberlain	WARN_ON_ONCE(wait && current_is_async());
25be451aSLuis Chamberlain
25be451aSLuis Chamberlain	if (!modprobe_path[0])
25be451aSLuis Chamberlain		return -ENOENT;
25be451aSLuis Chamberlain
25be451aSLuis Chamberlain	va_start(args, fmt);
25be451aSLuis Chamberlain	ret = vsnprintf(module_name, MODULE_NAME_LEN, fmt, args);
25be451aSLuis Chamberlain	va_end(args);
25be451aSLuis Chamberlain	if (ret >= MODULE_NAME_LEN)
25be451aSLuis Chamberlain		return -ENAMETOOLONG;
25be451aSLuis Chamberlain
25be451aSLuis Chamberlain	ret = security_kernel_module_request(module_name);
25be451aSLuis Chamberlain	if (ret)
25be451aSLuis Chamberlain		return ret;
25be451aSLuis Chamberlain
25a1b5b5SLuis Chamberlain	ret = down_timeout(&kmod_concurrent_max, MAX_KMOD_ALL_BUSY_TIMEOUT * HZ);
25a1b5b5SLuis Chamberlain	if (ret) {
25be451aSLuis Chamberlain		pr_warn_ratelimited("request_module: modprobe %s cannot be processed, kmod busy with %d threads for more than %d seconds now",
25be451aSLuis Chamberlain				    module_name, MAX_KMOD_CONCURRENT, MAX_KMOD_ALL_BUSY_TIMEOUT);
25be451aSLuis Chamberlain		return ret;
25be451aSLuis Chamberlain	}
25be451aSLuis Chamberlain
25be451aSLuis Chamberlain	trace_module_request(module_name, wait, _RET_IP_);
25be451aSLuis Chamberlain
*8660484eSLuis Chamberlain	if (kmod_dup_request_exists_wait(module_name, wait, &dup_ret)) {
*8660484eSLuis Chamberlain		ret = dup_ret;
*8660484eSLuis Chamberlain		goto out;
*8660484eSLuis Chamberlain	}
*8660484eSLuis Chamberlain
25be451aSLuis Chamberlain	ret = call_modprobe(module_name, wait ? UMH_WAIT_PROC : UMH_WAIT_EXEC);
25be451aSLuis Chamberlain
*8660484eSLuis Chamberlainout:
25a1b5b5SLuis Chamberlain	up(&kmod_concurrent_max);
25be451aSLuis Chamberlain
25be451aSLuis Chamberlain	return ret;
25be451aSLuis Chamberlain}
25be451aSLuis ChamberlainEXPORT_SYMBOL(__request_module);