1/* 2 kmod, the new module loader (replaces kerneld) 3 Kirk Petersen 4 5 Reorganized not to be a daemon by Adam Richter, with guidance 6 from Greg Zornetzer. 7 8 Modified to avoid chroot and file sharing problems. 9 Mikael Pettersson 10 11 Limit the concurrent number of kmod modprobes to catch loops from 12 "modprobe needs a service that is in a module". 13 Keith Owens <kaos@ocs.com.au> December 1999 14 15 Unblock all signals when we exec a usermode process. 16 Shuu Yamaguchi <shuu@wondernetworkresources.com> December 2000 17 18 call_usermodehelper wait flag, and remove exec_usermodehelper. 19 Rusty Russell <rusty@rustcorp.com.au> Jan 2003 20*/ 21#include <linux/module.h> 22#include <linux/sched.h> 23#include <linux/syscalls.h> 24#include <linux/unistd.h> 25#include <linux/kmod.h> 26#include <linux/slab.h> 27#include <linux/completion.h> 28#include <linux/file.h> 29#include <linux/fdtable.h> 30#include <linux/workqueue.h> 31#include <linux/security.h> 32#include <linux/mount.h> 33#include <linux/kernel.h> 34#include <linux/init.h> 35#include <linux/resource.h> 36#include <linux/notifier.h> 37#include <linux/suspend.h> 38#include <asm/uaccess.h> 39 40#include <trace/events/module.h> 41 42extern int max_threads; 43 44static struct workqueue_struct *khelper_wq; 45 46#ifdef CONFIG_MODULES 47 48/* 49 modprobe_path is set via /proc/sys. 50*/ 51char modprobe_path[KMOD_PATH_LEN] = "/sbin/modprobe"; 52 53/** 54 * __request_module - try to load a kernel module 55 * @wait: wait (or not) for the operation to complete 56 * @fmt: printf style format string for the name of the module 57 * @...: arguments as specified in the format string 58 * 59 * Load a module using the user mode module loader. The function returns 60 * zero on success or a negative errno code on failure. Note that a 61 * successful module load does not mean the module did not then unload 62 * and exit on an error of its own. Callers must check that the service 63 * they requested is now available not blindly invoke it. 64 * 65 * If module auto-loading support is disabled then this function 66 * becomes a no-operation. 67 */ 68int __request_module(bool wait, const char *fmt, ...) 69{ 70 va_list args; 71 char module_name[MODULE_NAME_LEN]; 72 unsigned int max_modprobes; 73 int ret; 74 char *argv[] = { modprobe_path, "-q", "--", module_name, NULL }; 75 static char *envp[] = { "HOME=/", 76 "TERM=linux", 77 "PATH=/sbin:/usr/sbin:/bin:/usr/bin", 78 NULL }; 79 static atomic_t kmod_concurrent = ATOMIC_INIT(0); 80#define MAX_KMOD_CONCURRENT 50 /* Completely arbitrary value - KAO */ 81 static int kmod_loop_msg; 82 83 va_start(args, fmt); 84 ret = vsnprintf(module_name, MODULE_NAME_LEN, fmt, args); 85 va_end(args); 86 if (ret >= MODULE_NAME_LEN) 87 return -ENAMETOOLONG; 88 89 ret = security_kernel_module_request(module_name); 90 if (ret) 91 return ret; 92 93 /* If modprobe needs a service that is in a module, we get a recursive 94 * loop. Limit the number of running kmod threads to max_threads/2 or 95 * MAX_KMOD_CONCURRENT, whichever is the smaller. A cleaner method 96 * would be to run the parents of this process, counting how many times 97 * kmod was invoked. That would mean accessing the internals of the 98 * process tables to get the command line, proc_pid_cmdline is static 99 * and it is not worth changing the proc code just to handle this case. 100 * KAO. 101 * 102 * "trace the ppid" is simple, but will fail if someone's 103 * parent exits. I think this is as good as it gets. --RR 104 */ 105 max_modprobes = min(max_threads/2, MAX_KMOD_CONCURRENT); 106 atomic_inc(&kmod_concurrent); 107 if (atomic_read(&kmod_concurrent) > max_modprobes) { 108 /* We may be blaming an innocent here, but unlikely */ 109 if (kmod_loop_msg++ < 5) 110 printk(KERN_ERR 111 "request_module: runaway loop modprobe %s\n", 112 module_name); 113 atomic_dec(&kmod_concurrent); 114 return -ENOMEM; 115 } 116 117 trace_module_request(module_name, wait, _RET_IP_); 118 119 ret = call_usermodehelper_fns(modprobe_path, argv, envp, 120 wait ? UMH_WAIT_PROC : UMH_WAIT_EXEC, 121 NULL, NULL, NULL); 122 123 atomic_dec(&kmod_concurrent); 124 return ret; 125} 126EXPORT_SYMBOL(__request_module); 127#endif /* CONFIG_MODULES */ 128 129/* 130 * This is the task which runs the usermode application 131 */ 132static int ____call_usermodehelper(void *data) 133{ 134 struct subprocess_info *sub_info = data; 135 int retval; 136 137 spin_lock_irq(¤t->sighand->siglock); 138 flush_signal_handlers(current, 1); 139 spin_unlock_irq(¤t->sighand->siglock); 140 141 /* We can run anywhere, unlike our parent keventd(). */ 142 set_cpus_allowed_ptr(current, cpu_all_mask); 143 144 /* 145 * Our parent is keventd, which runs with elevated scheduling priority. 146 * Avoid propagating that into the userspace child. 147 */ 148 set_user_nice(current, 0); 149 150 if (sub_info->init) { 151 retval = sub_info->init(sub_info); 152 if (retval) 153 goto fail; 154 } 155 156 retval = kernel_execve(sub_info->path, 157 (const char *const *)sub_info->argv, 158 (const char *const *)sub_info->envp); 159 160 /* Exec failed? */ 161fail: 162 sub_info->retval = retval; 163 do_exit(0); 164} 165 166void call_usermodehelper_freeinfo(struct subprocess_info *info) 167{ 168 if (info->cleanup) 169 (*info->cleanup)(info); 170 kfree(info); 171} 172EXPORT_SYMBOL(call_usermodehelper_freeinfo); 173 174/* Keventd can't block, but this (a child) can. */ 175static int wait_for_helper(void *data) 176{ 177 struct subprocess_info *sub_info = data; 178 pid_t pid; 179 180 /* If SIGCLD is ignored sys_wait4 won't populate the status. */ 181 spin_lock_irq(¤t->sighand->siglock); 182 current->sighand->action[SIGCHLD-1].sa.sa_handler = SIG_DFL; 183 spin_unlock_irq(¤t->sighand->siglock); 184 185 pid = kernel_thread(____call_usermodehelper, sub_info, SIGCHLD); 186 if (pid < 0) { 187 sub_info->retval = pid; 188 } else { 189 int ret = -ECHILD; 190 /* 191 * Normally it is bogus to call wait4() from in-kernel because 192 * wait4() wants to write the exit code to a userspace address. 193 * But wait_for_helper() always runs as keventd, and put_user() 194 * to a kernel address works OK for kernel threads, due to their 195 * having an mm_segment_t which spans the entire address space. 196 * 197 * Thus the __user pointer cast is valid here. 198 */ 199 sys_wait4(pid, (int __user *)&ret, 0, NULL); 200 201 /* 202 * If ret is 0, either ____call_usermodehelper failed and the 203 * real error code is already in sub_info->retval or 204 * sub_info->retval is 0 anyway, so don't mess with it then. 205 */ 206 if (ret) 207 sub_info->retval = ret; 208 } 209 210 complete(sub_info->complete); 211 return 0; 212} 213 214/* This is run by khelper thread */ 215static void __call_usermodehelper(struct work_struct *work) 216{ 217 struct subprocess_info *sub_info = 218 container_of(work, struct subprocess_info, work); 219 enum umh_wait wait = sub_info->wait; 220 pid_t pid; 221 222 /* CLONE_VFORK: wait until the usermode helper has execve'd 223 * successfully We need the data structures to stay around 224 * until that is done. */ 225 if (wait == UMH_WAIT_PROC) 226 pid = kernel_thread(wait_for_helper, sub_info, 227 CLONE_FS | CLONE_FILES | SIGCHLD); 228 else 229 pid = kernel_thread(____call_usermodehelper, sub_info, 230 CLONE_VFORK | SIGCHLD); 231 232 switch (wait) { 233 case UMH_NO_WAIT: 234 call_usermodehelper_freeinfo(sub_info); 235 break; 236 237 case UMH_WAIT_PROC: 238 if (pid > 0) 239 break; 240 /* FALLTHROUGH */ 241 case UMH_WAIT_EXEC: 242 if (pid < 0) 243 sub_info->retval = pid; 244 complete(sub_info->complete); 245 } 246} 247 248#ifdef CONFIG_PM_SLEEP 249/* 250 * If set, call_usermodehelper_exec() will exit immediately returning -EBUSY 251 * (used for preventing user land processes from being created after the user 252 * land has been frozen during a system-wide hibernation or suspend operation). 253 */ 254static int usermodehelper_disabled; 255 256/* Number of helpers running */ 257static atomic_t running_helpers = ATOMIC_INIT(0); 258 259/* 260 * Wait queue head used by usermodehelper_pm_callback() to wait for all running 261 * helpers to finish. 262 */ 263static DECLARE_WAIT_QUEUE_HEAD(running_helpers_waitq); 264 265/* 266 * Time to wait for running_helpers to become zero before the setting of 267 * usermodehelper_disabled in usermodehelper_pm_callback() fails 268 */ 269#define RUNNING_HELPERS_TIMEOUT (5 * HZ) 270 271/** 272 * usermodehelper_disable - prevent new helpers from being started 273 */ 274int usermodehelper_disable(void) 275{ 276 long retval; 277 278 usermodehelper_disabled = 1; 279 smp_mb(); 280 /* 281 * From now on call_usermodehelper_exec() won't start any new 282 * helpers, so it is sufficient if running_helpers turns out to 283 * be zero at one point (it may be increased later, but that 284 * doesn't matter). 285 */ 286 retval = wait_event_timeout(running_helpers_waitq, 287 atomic_read(&running_helpers) == 0, 288 RUNNING_HELPERS_TIMEOUT); 289 if (retval) 290 return 0; 291 292 usermodehelper_disabled = 0; 293 return -EAGAIN; 294} 295 296/** 297 * usermodehelper_enable - allow new helpers to be started again 298 */ 299void usermodehelper_enable(void) 300{ 301 usermodehelper_disabled = 0; 302} 303 304static void helper_lock(void) 305{ 306 atomic_inc(&running_helpers); 307 smp_mb__after_atomic_inc(); 308} 309 310static void helper_unlock(void) 311{ 312 if (atomic_dec_and_test(&running_helpers)) 313 wake_up(&running_helpers_waitq); 314} 315#else /* CONFIG_PM_SLEEP */ 316#define usermodehelper_disabled 0 317 318static inline void helper_lock(void) {} 319static inline void helper_unlock(void) {} 320#endif /* CONFIG_PM_SLEEP */ 321 322/** 323 * call_usermodehelper_setup - prepare to call a usermode helper 324 * @path: path to usermode executable 325 * @argv: arg vector for process 326 * @envp: environment for process 327 * @gfp_mask: gfp mask for memory allocation 328 * 329 * Returns either %NULL on allocation failure, or a subprocess_info 330 * structure. This should be passed to call_usermodehelper_exec to 331 * exec the process and free the structure. 332 */ 333struct subprocess_info *call_usermodehelper_setup(char *path, char **argv, 334 char **envp, gfp_t gfp_mask) 335{ 336 struct subprocess_info *sub_info; 337 sub_info = kzalloc(sizeof(struct subprocess_info), gfp_mask); 338 if (!sub_info) 339 goto out; 340 341 INIT_WORK(&sub_info->work, __call_usermodehelper); 342 sub_info->path = path; 343 sub_info->argv = argv; 344 sub_info->envp = envp; 345 out: 346 return sub_info; 347} 348EXPORT_SYMBOL(call_usermodehelper_setup); 349 350/** 351 * call_usermodehelper_setfns - set a cleanup/init function 352 * @info: a subprocess_info returned by call_usermodehelper_setup 353 * @cleanup: a cleanup function 354 * @init: an init function 355 * @data: arbitrary context sensitive data 356 * 357 * The init function is used to customize the helper process prior to 358 * exec. A non-zero return code causes the process to error out, exit, 359 * and return the failure to the calling process 360 * 361 * The cleanup function is just before ethe subprocess_info is about to 362 * be freed. This can be used for freeing the argv and envp. The 363 * Function must be runnable in either a process context or the 364 * context in which call_usermodehelper_exec is called. 365 */ 366void call_usermodehelper_setfns(struct subprocess_info *info, 367 int (*init)(struct subprocess_info *info), 368 void (*cleanup)(struct subprocess_info *info), 369 void *data) 370{ 371 info->cleanup = cleanup; 372 info->init = init; 373 info->data = data; 374} 375EXPORT_SYMBOL(call_usermodehelper_setfns); 376 377/** 378 * call_usermodehelper_exec - start a usermode application 379 * @sub_info: information about the subprocessa 380 * @wait: wait for the application to finish and return status. 381 * when -1 don't wait at all, but you get no useful error back when 382 * the program couldn't be exec'ed. This makes it safe to call 383 * from interrupt context. 384 * 385 * Runs a user-space application. The application is started 386 * asynchronously if wait is not set, and runs as a child of keventd. 387 * (ie. it runs with full root capabilities). 388 */ 389int call_usermodehelper_exec(struct subprocess_info *sub_info, 390 enum umh_wait wait) 391{ 392 DECLARE_COMPLETION_ONSTACK(done); 393 int retval = 0; 394 395 helper_lock(); 396 if (sub_info->path[0] == '\0') 397 goto out; 398 399 if (!khelper_wq || usermodehelper_disabled) { 400 retval = -EBUSY; 401 goto out; 402 } 403 404 sub_info->complete = &done; 405 sub_info->wait = wait; 406 407 queue_work(khelper_wq, &sub_info->work); 408 if (wait == UMH_NO_WAIT) /* task has freed sub_info */ 409 goto unlock; 410 wait_for_completion(&done); 411 retval = sub_info->retval; 412 413out: 414 call_usermodehelper_freeinfo(sub_info); 415unlock: 416 helper_unlock(); 417 return retval; 418} 419EXPORT_SYMBOL(call_usermodehelper_exec); 420 421void __init usermodehelper_init(void) 422{ 423 khelper_wq = create_singlethread_workqueue("khelper"); 424 BUG_ON(!khelper_wq); 425} 426