1 /*
2 * kmod - the kernel module loader
3 */
4 #include <linux/module.h>
5 #include <linux/sched.h>
6 #include <linux/sched/task.h>
7 #include <linux/binfmts.h>
8 #include <linux/syscalls.h>
9 #include <linux/unistd.h>
10 #include <linux/kmod.h>
11 #include <linux/slab.h>
12 #include <linux/completion.h>
13 #include <linux/cred.h>
14 #include <linux/file.h>
15 #include <linux/fdtable.h>
16 #include <linux/workqueue.h>
17 #include <linux/security.h>
18 #include <linux/mount.h>
19 #include <linux/kernel.h>
20 #include <linux/init.h>
21 #include <linux/resource.h>
22 #include <linux/notifier.h>
23 #include <linux/suspend.h>
24 #include <linux/rwsem.h>
25 #include <linux/ptrace.h>
26 #include <linux/async.h>
27 #include <linux/uaccess.h>
28
29 #include <trace/events/module.h>
30
31 /*
32 * Assuming:
33 *
34 * threads = div64_u64((u64) totalram_pages * (u64) PAGE_SIZE,
35 * (u64) THREAD_SIZE * 8UL);
36 *
37 * If you need less than 50 threads would mean we're dealing with systems
38 * smaller than 3200 pages. This assuems you are capable of having ~13M memory,
39 * and this would only be an be an upper limit, after which the OOM killer
40 * would take effect. Systems like these are very unlikely if modules are
41 * enabled.
42 */
43 #define MAX_KMOD_CONCURRENT 50
44 static atomic_t kmod_concurrent_max = ATOMIC_INIT(MAX_KMOD_CONCURRENT);
45 static DECLARE_WAIT_QUEUE_HEAD(kmod_wq);
46
47 /*
48 * This is a restriction on having *all* MAX_KMOD_CONCURRENT threads
49 * running at the same time without returning. When this happens we
50 * believe you've somehow ended up with a recursive module dependency
51 * creating a loop.
52 *
53 * We have no option but to fail.
54 *
55 * Userspace should proactively try to detect and prevent these.
56 */
57 #define MAX_KMOD_ALL_BUSY_TIMEOUT 5
58
59 /*
60 modprobe_path is set via /proc/sys.
61 */
62 char modprobe_path[KMOD_PATH_LEN] = "/sbin/modprobe";
63
free_modprobe_argv(struct subprocess_info * info)64 static void free_modprobe_argv(struct subprocess_info *info)
65 {
66 kfree(info->argv[3]); /* check call_modprobe() */
67 kfree(info->argv);
68 }
69
call_modprobe(char * module_name,int wait)70 static int call_modprobe(char *module_name, int wait)
71 {
72 struct subprocess_info *info;
73 static char *envp[] = {
74 "HOME=/",
75 "TERM=linux",
76 "PATH=/sbin:/usr/sbin:/bin:/usr/bin",
77 NULL
78 };
79
80 char **argv = kmalloc(sizeof(char *[5]), GFP_KERNEL);
81 if (!argv)
82 goto out;
83
84 module_name = kstrdup(module_name, GFP_KERNEL);
85 if (!module_name)
86 goto free_argv;
87
88 argv[0] = modprobe_path;
89 argv[1] = "-q";
90 argv[2] = "--";
91 argv[3] = module_name; /* check free_modprobe_argv() */
92 argv[4] = NULL;
93
94 info = call_usermodehelper_setup(modprobe_path, argv, envp, GFP_KERNEL,
95 NULL, free_modprobe_argv, NULL);
96 if (!info)
97 goto free_module_name;
98
99 return call_usermodehelper_exec(info, wait | UMH_KILLABLE);
100
101 free_module_name:
102 kfree(module_name);
103 free_argv:
104 kfree(argv);
105 out:
106 return -ENOMEM;
107 }
108
109 /**
110 * __request_module - try to load a kernel module
111 * @wait: wait (or not) for the operation to complete
112 * @fmt: printf style format string for the name of the module
113 * @...: arguments as specified in the format string
114 *
115 * Load a module using the user mode module loader. The function returns
116 * zero on success or a negative errno code or positive exit code from
117 * "modprobe" on failure. Note that a successful module load does not mean
118 * the module did not then unload and exit on an error of its own. Callers
119 * must check that the service they requested is now available not blindly
120 * invoke it.
121 *
122 * If module auto-loading support is disabled then this function
123 * becomes a no-operation.
124 */
__request_module(bool wait,const char * fmt,...)125 int __request_module(bool wait, const char *fmt, ...)
126 {
127 va_list args;
128 char module_name[MODULE_NAME_LEN];
129 int ret;
130
131 /*
132 * We don't allow synchronous module loading from async. Module
133 * init may invoke async_synchronize_full() which will end up
134 * waiting for this task which already is waiting for the module
135 * loading to complete, leading to a deadlock.
136 */
137 WARN_ON_ONCE(wait && current_is_async());
138
139 if (!modprobe_path[0])
140 return 0;
141
142 va_start(args, fmt);
143 ret = vsnprintf(module_name, MODULE_NAME_LEN, fmt, args);
144 va_end(args);
145 if (ret >= MODULE_NAME_LEN)
146 return -ENAMETOOLONG;
147
148 ret = security_kernel_module_request(module_name);
149 if (ret)
150 return ret;
151
152 if (atomic_dec_if_positive(&kmod_concurrent_max) < 0) {
153 pr_warn_ratelimited("request_module: kmod_concurrent_max (%u) close to 0 (max_modprobes: %u), for module %s, throttling...",
154 atomic_read(&kmod_concurrent_max),
155 MAX_KMOD_CONCURRENT, module_name);
156 ret = wait_event_killable_timeout(kmod_wq,
157 atomic_dec_if_positive(&kmod_concurrent_max) >= 0,
158 MAX_KMOD_ALL_BUSY_TIMEOUT * HZ);
159 if (!ret) {
160 pr_warn_ratelimited("request_module: modprobe %s cannot be processed, kmod busy with %d threads for more than %d seconds now",
161 module_name, MAX_KMOD_CONCURRENT, MAX_KMOD_ALL_BUSY_TIMEOUT);
162 return -ETIME;
163 } else if (ret == -ERESTARTSYS) {
164 pr_warn_ratelimited("request_module: sigkill sent for modprobe %s, giving up", module_name);
165 return ret;
166 }
167 }
168
169 trace_module_request(module_name, wait, _RET_IP_);
170
171 ret = call_modprobe(module_name, wait ? UMH_WAIT_PROC : UMH_WAIT_EXEC);
172
173 atomic_inc(&kmod_concurrent_max);
174 wake_up(&kmod_wq);
175
176 return ret;
177 }
178 EXPORT_SYMBOL(__request_module);
179
