1/*
2 * kmod - the kernel module loader
3 *
4 * Copyright (C) 2023 Luis Chamberlain <mcgrof@kernel.org>
5 */
6
7#include <linux/module.h>
8#include <linux/sched.h>
9#include <linux/sched/task.h>
10#include <linux/binfmts.h>
11#include <linux/syscalls.h>
12#include <linux/unistd.h>
13#include <linux/kmod.h>
14#include <linux/slab.h>
15#include <linux/completion.h>
16#include <linux/cred.h>
17#include <linux/file.h>
18#include <linux/fdtable.h>
19#include <linux/workqueue.h>
20#include <linux/security.h>
21#include <linux/mount.h>
22#include <linux/kernel.h>
23#include <linux/init.h>
24#include <linux/resource.h>
25#include <linux/notifier.h>
26#include <linux/suspend.h>
27#include <linux/rwsem.h>
28#include <linux/ptrace.h>
29#include <linux/async.h>
30#include <linux/uaccess.h>
31
32#include <trace/events/module.h>
33#include "internal.h"
34
35/*
36 * Assuming:
37 *
38 * threads = div64_u64((u64) totalram_pages * (u64) PAGE_SIZE,
39 * (u64) THREAD_SIZE * 8UL);
40 *
41 * If you need less than 50 threads would mean we're dealing with systems
42 * smaller than 3200 pages. This assumes you are capable of having ~13M memory,
43 * and this would only be an upper limit, after which the OOM killer would take
44 * effect. Systems like these are very unlikely if modules are enabled.
45 */
46#define MAX_KMOD_CONCURRENT 50
47static DEFINE_SEMAPHORE(kmod_concurrent_max, MAX_KMOD_CONCURRENT);
48
49/*
50 * This is a restriction on having *all* MAX_KMOD_CONCURRENT threads
51 * running at the same time without returning. When this happens we
52 * believe you've somehow ended up with a recursive module dependency
53 * creating a loop.
54 *
55 * We have no option but to fail.
56 *
57 * Userspace should proactively try to detect and prevent these.
58 */
59#define MAX_KMOD_ALL_BUSY_TIMEOUT 5
60
61/*
62 modprobe_path is set via /proc/sys.
63*/
64char modprobe_path[KMOD_PATH_LEN] = CONFIG_MODPROBE_PATH;
65
66static void free_modprobe_argv(struct subprocess_info *info)
67{
68 kfree(objp: info->argv[3]); /* check call_modprobe() */
69 kfree(objp: info->argv);
70}
71
72static int call_modprobe(char *orig_module_name, int wait)
73{
74 struct subprocess_info *info;
75 static char *envp[] = {
76 "HOME=/",
77 "TERM=linux",
78 "PATH=/sbin:/usr/sbin:/bin:/usr/bin",
79 NULL
80 };
81 char *module_name;
82 int ret;
83
84 char **argv = kmalloc(size: sizeof(char *[5]), GFP_KERNEL);
85 if (!argv)
86 goto out;
87
88 module_name = kstrdup(s: orig_module_name, GFP_KERNEL);
89 if (!module_name)
90 goto free_argv;
91
92 argv[0] = modprobe_path;
93 argv[1] = "-q";
94 argv[2] = "--";
95 argv[3] = module_name; /* check free_modprobe_argv() */
96 argv[4] = NULL;
97
98 info = call_usermodehelper_setup(path: modprobe_path, argv, envp, GFP_KERNEL,
99 NULL, cleanup: free_modprobe_argv, NULL);
100 if (!info)
101 goto free_module_name;
102
103 ret = call_usermodehelper_exec(info, wait: wait | UMH_KILLABLE);
104 kmod_dup_request_announce(module_name: orig_module_name, ret);
105 return ret;
106
107free_module_name:
108 kfree(objp: module_name);
109free_argv:
110 kfree(objp: argv);
111out:
112 kmod_dup_request_announce(module_name: orig_module_name, ret: -ENOMEM);
113 return -ENOMEM;
114}
115
116/**
117 * __request_module - try to load a kernel module
118 * @wait: wait (or not) for the operation to complete
119 * @fmt: printf style format string for the name of the module
120 * @...: arguments as specified in the format string
121 *
122 * Load a module using the user mode module loader. The function returns
123 * zero on success or a negative errno code or positive exit code from
124 * "modprobe" on failure. Note that a successful module load does not mean
125 * the module did not then unload and exit on an error of its own. Callers
126 * must check that the service they requested is now available not blindly
127 * invoke it.
128 *
129 * If module auto-loading support is disabled then this function
130 * simply returns -ENOENT.
131 */
132int __request_module(bool wait, const char *fmt, ...)
133{
134 va_list args;
135 char module_name[MODULE_NAME_LEN];
136 int ret, dup_ret;
137
138 /*
139 * We don't allow synchronous module loading from async. Module
140 * init may invoke async_synchronize_full() which will end up
141 * waiting for this task which already is waiting for the module
142 * loading to complete, leading to a deadlock.
143 */
144 WARN_ON_ONCE(wait && current_is_async());
145
146 if (!modprobe_path[0])
147 return -ENOENT;
148
149 va_start(args, fmt);
150 ret = vsnprintf(buf: module_name, MODULE_NAME_LEN, fmt, args);
151 va_end(args);
152 if (ret >= MODULE_NAME_LEN)
153 return -ENAMETOOLONG;
154
155 ret = security_kernel_module_request(kmod_name: module_name);
156 if (ret)
157 return ret;
158
159 ret = down_timeout(sem: &kmod_concurrent_max, MAX_KMOD_ALL_BUSY_TIMEOUT * HZ);
160 if (ret) {
161 pr_warn_ratelimited("request_module: modprobe %s cannot be processed, kmod busy with %d threads for more than %d seconds now",
162 module_name, MAX_KMOD_CONCURRENT, MAX_KMOD_ALL_BUSY_TIMEOUT);
163 return ret;
164 }
165
166 trace_module_request(name: module_name, wait, _RET_IP_);
167
168 if (kmod_dup_request_exists_wait(module_name, wait, dup_ret: &dup_ret)) {
169 ret = dup_ret;
170 goto out;
171 }
172
173 ret = call_modprobe(orig_module_name: module_name, wait: wait ? UMH_WAIT_PROC : UMH_WAIT_EXEC);
174
175out:
176 up(sem: &kmod_concurrent_max);
177
178 return ret;
179}
180EXPORT_SYMBOL(__request_module);
181

source code of linux/kernel/module/kmod.c