xref: /linux/kernel/module/kmod.c (revision 7f71507851fc7764b36a3221839607d3a45c2025)
1 /*
2  * kmod - the kernel module loader
3  *
4  * Copyright (C) 2023 Luis Chamberlain <mcgrof@kernel.org>
5  */
6 
7 #include <linux/module.h>
8 #include <linux/sched.h>
9 #include <linux/sched/task.h>
10 #include <linux/binfmts.h>
11 #include <linux/syscalls.h>
12 #include <linux/unistd.h>
13 #include <linux/kmod.h>
14 #include <linux/slab.h>
15 #include <linux/completion.h>
16 #include <linux/cred.h>
17 #include <linux/file.h>
18 #include <linux/workqueue.h>
19 #include <linux/security.h>
20 #include <linux/mount.h>
21 #include <linux/kernel.h>
22 #include <linux/init.h>
23 #include <linux/resource.h>
24 #include <linux/notifier.h>
25 #include <linux/suspend.h>
26 #include <linux/rwsem.h>
27 #include <linux/ptrace.h>
28 #include <linux/async.h>
29 #include <linux/uaccess.h>
30 
31 #include <trace/events/module.h>
32 #include "internal.h"
33 
34 /*
35  * Assuming:
36  *
37  * threads = div64_u64((u64) totalram_pages * (u64) PAGE_SIZE,
38  *		       (u64) THREAD_SIZE * 8UL);
39  *
40  * If you need less than 50 threads would mean we're dealing with systems
41  * smaller than 3200 pages. This assumes you are capable of having ~13M memory,
42  * and this would only be an upper limit, after which the OOM killer would take
43  * effect. Systems like these are very unlikely if modules are enabled.
44  */
45 #define MAX_KMOD_CONCURRENT 50
46 static DEFINE_SEMAPHORE(kmod_concurrent_max, MAX_KMOD_CONCURRENT);
47 
48 /*
49  * This is a restriction on having *all* MAX_KMOD_CONCURRENT threads
50  * running at the same time without returning. When this happens we
51  * believe you've somehow ended up with a recursive module dependency
52  * creating a loop.
53  *
54  * We have no option but to fail.
55  *
56  * Userspace should proactively try to detect and prevent these.
57  */
58 #define MAX_KMOD_ALL_BUSY_TIMEOUT 5
59 
60 /*
61 	modprobe_path is set via /proc/sys.
62 */
63 char modprobe_path[KMOD_PATH_LEN] = CONFIG_MODPROBE_PATH;
64 
65 static void free_modprobe_argv(struct subprocess_info *info)
66 {
67 	kfree(info->argv[3]); /* check call_modprobe() */
68 	kfree(info->argv);
69 }
70 
71 static int call_modprobe(char *orig_module_name, int wait)
72 {
73 	struct subprocess_info *info;
74 	static char *envp[] = {
75 		"HOME=/",
76 		"TERM=linux",
77 		"PATH=/sbin:/usr/sbin:/bin:/usr/bin",
78 		NULL
79 	};
80 	char *module_name;
81 	int ret;
82 
83 	char **argv = kmalloc(sizeof(char *[5]), GFP_KERNEL);
84 	if (!argv)
85 		goto out;
86 
87 	module_name = kstrdup(orig_module_name, GFP_KERNEL);
88 	if (!module_name)
89 		goto free_argv;
90 
91 	argv[0] = modprobe_path;
92 	argv[1] = "-q";
93 	argv[2] = "--";
94 	argv[3] = module_name;	/* check free_modprobe_argv() */
95 	argv[4] = NULL;
96 
97 	info = call_usermodehelper_setup(modprobe_path, argv, envp, GFP_KERNEL,
98 					 NULL, free_modprobe_argv, NULL);
99 	if (!info)
100 		goto free_module_name;
101 
102 	ret = call_usermodehelper_exec(info, wait | UMH_KILLABLE);
103 	kmod_dup_request_announce(orig_module_name, ret);
104 	return ret;
105 
106 free_module_name:
107 	kfree(module_name);
108 free_argv:
109 	kfree(argv);
110 out:
111 	kmod_dup_request_announce(orig_module_name, -ENOMEM);
112 	return -ENOMEM;
113 }
114 
115 /**
116  * __request_module - try to load a kernel module
117  * @wait: wait (or not) for the operation to complete
118  * @fmt: printf style format string for the name of the module
119  * @...: arguments as specified in the format string
120  *
121  * Load a module using the user mode module loader. The function returns
122  * zero on success or a negative errno code or positive exit code from
123  * "modprobe" on failure. Note that a successful module load does not mean
124  * the module did not then unload and exit on an error of its own. Callers
125  * must check that the service they requested is now available not blindly
126  * invoke it.
127  *
128  * If module auto-loading support is disabled then this function
129  * simply returns -ENOENT.
130  */
131 int __request_module(bool wait, const char *fmt, ...)
132 {
133 	va_list args;
134 	char module_name[MODULE_NAME_LEN];
135 	int ret, dup_ret;
136 
137 	/*
138 	 * We don't allow synchronous module loading from async.  Module
139 	 * init may invoke async_synchronize_full() which will end up
140 	 * waiting for this task which already is waiting for the module
141 	 * loading to complete, leading to a deadlock.
142 	 */
143 	WARN_ON_ONCE(wait && current_is_async());
144 
145 	if (!modprobe_path[0])
146 		return -ENOENT;
147 
148 	va_start(args, fmt);
149 	ret = vsnprintf(module_name, MODULE_NAME_LEN, fmt, args);
150 	va_end(args);
151 	if (ret >= MODULE_NAME_LEN)
152 		return -ENAMETOOLONG;
153 
154 	ret = security_kernel_module_request(module_name);
155 	if (ret)
156 		return ret;
157 
158 	ret = down_timeout(&kmod_concurrent_max, MAX_KMOD_ALL_BUSY_TIMEOUT * HZ);
159 	if (ret) {
160 		pr_warn_ratelimited("request_module: modprobe %s cannot be processed, kmod busy with %d threads for more than %d seconds now",
161 				    module_name, MAX_KMOD_CONCURRENT, MAX_KMOD_ALL_BUSY_TIMEOUT);
162 		return ret;
163 	}
164 
165 	trace_module_request(module_name, wait, _RET_IP_);
166 
167 	if (kmod_dup_request_exists_wait(module_name, wait, &dup_ret)) {
168 		ret = dup_ret;
169 		goto out;
170 	}
171 
172 	ret = call_modprobe(module_name, wait ? UMH_WAIT_PROC : UMH_WAIT_EXEC);
173 
174 out:
175 	up(&kmod_concurrent_max);
176 
177 	return ret;
178 }
179 EXPORT_SYMBOL(__request_module);
180