kmod.c (5124B)
1/* 2 * kmod - the kernel module loader 3 */ 4#include <linux/module.h> 5#include <linux/sched.h> 6#include <linux/sched/task.h> 7#include <linux/binfmts.h> 8#include <linux/syscalls.h> 9#include <linux/unistd.h> 10#include <linux/kmod.h> 11#include <linux/slab.h> 12#include <linux/completion.h> 13#include <linux/cred.h> 14#include <linux/file.h> 15#include <linux/fdtable.h> 16#include <linux/workqueue.h> 17#include <linux/security.h> 18#include <linux/mount.h> 19#include <linux/kernel.h> 20#include <linux/init.h> 21#include <linux/resource.h> 22#include <linux/notifier.h> 23#include <linux/suspend.h> 24#include <linux/rwsem.h> 25#include <linux/ptrace.h> 26#include <linux/async.h> 27#include <linux/uaccess.h> 28 29#include <trace/events/module.h> 30 31/* 32 * Assuming: 33 * 34 * threads = div64_u64((u64) totalram_pages * (u64) PAGE_SIZE, 35 * (u64) THREAD_SIZE * 8UL); 36 * 37 * If you need less than 50 threads would mean we're dealing with systems 38 * smaller than 3200 pages. This assumes you are capable of having ~13M memory, 39 * and this would only be an upper limit, after which the OOM killer would take 40 * effect. Systems like these are very unlikely if modules are enabled. 41 */ 42#define MAX_KMOD_CONCURRENT 50 43static atomic_t kmod_concurrent_max = ATOMIC_INIT(MAX_KMOD_CONCURRENT); 44static DECLARE_WAIT_QUEUE_HEAD(kmod_wq); 45 46/* 47 * This is a restriction on having *all* MAX_KMOD_CONCURRENT threads 48 * running at the same time without returning. When this happens we 49 * believe you've somehow ended up with a recursive module dependency 50 * creating a loop. 51 * 52 * We have no option but to fail. 53 * 54 * Userspace should proactively try to detect and prevent these. 55 */ 56#define MAX_KMOD_ALL_BUSY_TIMEOUT 5 57 58/* 59 modprobe_path is set via /proc/sys. 60*/ 61char modprobe_path[KMOD_PATH_LEN] = CONFIG_MODPROBE_PATH; 62 63static void free_modprobe_argv(struct subprocess_info *info) 64{ 65 kfree(info->argv[3]); /* check call_modprobe() */ 66 kfree(info->argv); 67} 68 69static int call_modprobe(char *module_name, int wait) 70{ 71 struct subprocess_info *info; 72 static char *envp[] = { 73 "HOME=/", 74 "TERM=linux", 75 "PATH=/sbin:/usr/sbin:/bin:/usr/bin", 76 NULL 77 }; 78 79 char **argv = kmalloc(sizeof(char *[5]), GFP_KERNEL); 80 if (!argv) 81 goto out; 82 83 module_name = kstrdup(module_name, GFP_KERNEL); 84 if (!module_name) 85 goto free_argv; 86 87 argv[0] = modprobe_path; 88 argv[1] = "-q"; 89 argv[2] = "--"; 90 argv[3] = module_name; /* check free_modprobe_argv() */ 91 argv[4] = NULL; 92 93 info = call_usermodehelper_setup(modprobe_path, argv, envp, GFP_KERNEL, 94 NULL, free_modprobe_argv, NULL); 95 if (!info) 96 goto free_module_name; 97 98 return call_usermodehelper_exec(info, wait | UMH_KILLABLE); 99 100free_module_name: 101 kfree(module_name); 102free_argv: 103 kfree(argv); 104out: 105 return -ENOMEM; 106} 107 108/** 109 * __request_module - try to load a kernel module 110 * @wait: wait (or not) for the operation to complete 111 * @fmt: printf style format string for the name of the module 112 * @...: arguments as specified in the format string 113 * 114 * Load a module using the user mode module loader. The function returns 115 * zero on success or a negative errno code or positive exit code from 116 * "modprobe" on failure. Note that a successful module load does not mean 117 * the module did not then unload and exit on an error of its own. Callers 118 * must check that the service they requested is now available not blindly 119 * invoke it. 120 * 121 * If module auto-loading support is disabled then this function 122 * simply returns -ENOENT. 123 */ 124int __request_module(bool wait, const char *fmt, ...) 125{ 126 va_list args; 127 char module_name[MODULE_NAME_LEN]; 128 int ret; 129 130 /* 131 * We don't allow synchronous module loading from async. Module 132 * init may invoke async_synchronize_full() which will end up 133 * waiting for this task which already is waiting for the module 134 * loading to complete, leading to a deadlock. 135 */ 136 WARN_ON_ONCE(wait && current_is_async()); 137 138 if (!modprobe_path[0]) 139 return -ENOENT; 140 141 va_start(args, fmt); 142 ret = vsnprintf(module_name, MODULE_NAME_LEN, fmt, args); 143 va_end(args); 144 if (ret >= MODULE_NAME_LEN) 145 return -ENAMETOOLONG; 146 147 ret = security_kernel_module_request(module_name); 148 if (ret) 149 return ret; 150 151 if (atomic_dec_if_positive(&kmod_concurrent_max) < 0) { 152 pr_warn_ratelimited("request_module: kmod_concurrent_max (%u) close to 0 (max_modprobes: %u), for module %s, throttling...", 153 atomic_read(&kmod_concurrent_max), 154 MAX_KMOD_CONCURRENT, module_name); 155 ret = wait_event_killable_timeout(kmod_wq, 156 atomic_dec_if_positive(&kmod_concurrent_max) >= 0, 157 MAX_KMOD_ALL_BUSY_TIMEOUT * HZ); 158 if (!ret) { 159 pr_warn_ratelimited("request_module: modprobe %s cannot be processed, kmod busy with %d threads for more than %d seconds now", 160 module_name, MAX_KMOD_CONCURRENT, MAX_KMOD_ALL_BUSY_TIMEOUT); 161 return -ETIME; 162 } else if (ret == -ERESTARTSYS) { 163 pr_warn_ratelimited("request_module: sigkill sent for modprobe %s, giving up", module_name); 164 return ret; 165 } 166 } 167 168 trace_module_request(module_name, wait, _RET_IP_); 169 170 ret = call_modprobe(module_name, wait ? UMH_WAIT_PROC : UMH_WAIT_EXEC); 171 172 atomic_inc(&kmod_concurrent_max); 173 wake_up(&kmod_wq); 174 175 return ret; 176} 177EXPORT_SYMBOL(__request_module);