kmod.c 5 KB
Newer Older
Linus Torvalds's avatar
Linus Torvalds committed
1
/*
2 3
 * kmod - the kernel module loader
 */
Linus Torvalds's avatar
Linus Torvalds committed
4 5
#include <linux/module.h>
#include <linux/sched.h>
6
#include <linux/sched/task.h>
7
#include <linux/binfmts.h>
Linus Torvalds's avatar
Linus Torvalds committed
8 9 10 11 12
#include <linux/syscalls.h>
#include <linux/unistd.h>
#include <linux/kmod.h>
#include <linux/slab.h>
#include <linux/completion.h>
13
#include <linux/cred.h>
Linus Torvalds's avatar
Linus Torvalds committed
14
#include <linux/file.h>
Al Viro's avatar
Al Viro committed
15
#include <linux/fdtable.h>
Linus Torvalds's avatar
Linus Torvalds committed
16 17 18 19 20
#include <linux/workqueue.h>
#include <linux/security.h>
#include <linux/mount.h>
#include <linux/kernel.h>
#include <linux/init.h>
21
#include <linux/resource.h>
22 23
#include <linux/notifier.h>
#include <linux/suspend.h>
24
#include <linux/rwsem.h>
25
#include <linux/ptrace.h>
26
#include <linux/async.h>
27
#include <linux/uaccess.h>
Linus Torvalds's avatar
Linus Torvalds committed
28

29 30
#include <trace/events/module.h>

31 32 33 34 35 36 37 38 39 40 41 42 43 44
/*
 * Assuming:
 *
 * threads = div64_u64((u64) totalram_pages * (u64) PAGE_SIZE,
 *		       (u64) THREAD_SIZE * 8UL);
 *
 * If you need less than 50 threads would mean we're dealing with systems
 * smaller than 3200 pages. This assuems you are capable of having ~13M memory,
 * and this would only be an be an upper limit, after which the OOM killer
 * would take effect. Systems like these are very unlikely if modules are
 * enabled.
 */
#define MAX_KMOD_CONCURRENT 50
static atomic_t kmod_concurrent_max = ATOMIC_INIT(MAX_KMOD_CONCURRENT);
45
static DECLARE_WAIT_QUEUE_HEAD(kmod_wq);
Linus Torvalds's avatar
Linus Torvalds committed
46

47 48 49 50 51 52 53 54 55 56 57 58
/*
 * This is a restriction on having *all* MAX_KMOD_CONCURRENT threads
 * running at the same time without returning. When this happens we
 * believe you've somehow ended up with a recursive module dependency
 * creating a loop.
 *
 * We have no option but to fail.
 *
 * Userspace should proactively try to detect and prevent these.
 */
#define MAX_KMOD_ALL_BUSY_TIMEOUT 5

Linus Torvalds's avatar
Linus Torvalds committed
59 60 61 62 63
/*
	modprobe_path is set via /proc/sys.
*/
char modprobe_path[KMOD_PATH_LEN] = "/sbin/modprobe";

64 65 66 67 68 69
static void free_modprobe_argv(struct subprocess_info *info)
{
	kfree(info->argv[3]); /* check call_modprobe() */
	kfree(info->argv);
}

70 71
static int call_modprobe(char *module_name, int wait)
{
72
	struct subprocess_info *info;
73 74 75 76 77 78 79
	static char *envp[] = {
		"HOME=/",
		"TERM=linux",
		"PATH=/sbin:/usr/sbin:/bin:/usr/bin",
		NULL
	};

80 81 82 83 84 85 86 87 88 89 90 91 92
	char **argv = kmalloc(sizeof(char *[5]), GFP_KERNEL);
	if (!argv)
		goto out;

	module_name = kstrdup(module_name, GFP_KERNEL);
	if (!module_name)
		goto free_argv;

	argv[0] = modprobe_path;
	argv[1] = "-q";
	argv[2] = "--";
	argv[3] = module_name;	/* check free_modprobe_argv() */
	argv[4] = NULL;
93

94 95 96 97 98 99 100 101 102
	info = call_usermodehelper_setup(modprobe_path, argv, envp, GFP_KERNEL,
					 NULL, free_modprobe_argv, NULL);
	if (!info)
		goto free_module_name;

	return call_usermodehelper_exec(info, wait | UMH_KILLABLE);

free_module_name:
	kfree(module_name);
103 104 105 106
free_argv:
	kfree(argv);
out:
	return -ENOMEM;
107 108
}

Linus Torvalds's avatar
Linus Torvalds committed
109
/**
110 111
 * __request_module - try to load a kernel module
 * @wait: wait (or not) for the operation to complete
112 113
 * @fmt: printf style format string for the name of the module
 * @...: arguments as specified in the format string
Linus Torvalds's avatar
Linus Torvalds committed
114 115
 *
 * Load a module using the user mode module loader. The function returns
116 117 118 119 120
 * zero on success or a negative errno code or positive exit code from
 * "modprobe" on failure. Note that a successful module load does not mean
 * the module did not then unload and exit on an error of its own. Callers
 * must check that the service they requested is now available not blindly
 * invoke it.
Linus Torvalds's avatar
Linus Torvalds committed
121 122 123 124
 *
 * If module auto-loading support is disabled then this function
 * becomes a no-operation.
 */
125
int __request_module(bool wait, const char *fmt, ...)
Linus Torvalds's avatar
Linus Torvalds committed
126 127 128 129 130
{
	va_list args;
	char module_name[MODULE_NAME_LEN];
	int ret;

131 132 133 134 135 136 137 138
	/*
	 * We don't allow synchronous module loading from async.  Module
	 * init may invoke async_synchronize_full() which will end up
	 * waiting for this task which already is waiting for the module
	 * loading to complete, leading to a deadlock.
	 */
	WARN_ON_ONCE(wait && current_is_async());

139 140 141
	if (!modprobe_path[0])
		return 0;

Linus Torvalds's avatar
Linus Torvalds committed
142 143 144 145 146 147
	va_start(args, fmt);
	ret = vsnprintf(module_name, MODULE_NAME_LEN, fmt, args);
	va_end(args);
	if (ret >= MODULE_NAME_LEN)
		return -ENAMETOOLONG;

148 149 150 151
	ret = security_kernel_module_request(module_name);
	if (ret)
		return ret;

152
	if (atomic_dec_if_positive(&kmod_concurrent_max) < 0) {
153 154 155
		pr_warn_ratelimited("request_module: kmod_concurrent_max (%u) close to 0 (max_modprobes: %u), for module %s, throttling...",
				    atomic_read(&kmod_concurrent_max),
				    MAX_KMOD_CONCURRENT, module_name);
156 157 158 159 160 161 162 163 164 165 166
		ret = wait_event_killable_timeout(kmod_wq,
						  atomic_dec_if_positive(&kmod_concurrent_max) >= 0,
						  MAX_KMOD_ALL_BUSY_TIMEOUT * HZ);
		if (!ret) {
			pr_warn_ratelimited("request_module: modprobe %s cannot be processed, kmod busy with %d threads for more than %d seconds now",
					    module_name, MAX_KMOD_CONCURRENT, MAX_KMOD_ALL_BUSY_TIMEOUT);
			return -ETIME;
		} else if (ret == -ERESTARTSYS) {
			pr_warn_ratelimited("request_module: sigkill sent for modprobe %s, giving up", module_name);
			return ret;
		}
Linus Torvalds's avatar
Linus Torvalds committed
167 168
	}

169 170
	trace_module_request(module_name, wait, _RET_IP_);

171
	ret = call_modprobe(module_name, wait ? UMH_WAIT_PROC : UMH_WAIT_EXEC);
172

173
	atomic_inc(&kmod_concurrent_max);
174
	wake_up(&kmod_wq);
175

Linus Torvalds's avatar
Linus Torvalds committed
176 177
	return ret;
}
178
EXPORT_SYMBOL(__request_module);