1/*
2	kmod, the new module loader (replaces kerneld)
3	Kirk Petersen
4
5	Reorganized not to be a daemon by Adam Richter, with guidance
6	from Greg Zornetzer.
7
8	Modified to avoid chroot and file sharing problems.
9	Mikael Pettersson
10
11	Limit the concurrent number of kmod modprobes to catch loops from
12	"modprobe needs a service that is in a module".
13	Keith Owens <kaos@ocs.com.au> December 1999
14
15	Unblock all signals when we exec a usermode process.
16	Shuu Yamaguchi <shuu@wondernetworkresources.com> December 2000
17
18	call_usermodehelper wait flag, and remove exec_usermodehelper.
19	Rusty Russell <rusty@rustcorp.com.au>  Jan 2003
20*/
21#include <linux/module.h>
22#include <linux/sched.h>
23#include <linux/syscalls.h>
24#include <linux/unistd.h>
25#include <linux/kmod.h>
26#include <linux/slab.h>
27#include <linux/completion.h>
28#include <linux/file.h>
29#include <linux/fdtable.h>
30#include <linux/workqueue.h>
31#include <linux/security.h>
32#include <linux/mount.h>
33#include <linux/kernel.h>
34#include <linux/init.h>
35#include <linux/resource.h>
36#include <linux/notifier.h>
37#include <linux/suspend.h>
38#include <asm/uaccess.h>
39
40#include <trace/events/module.h>
41
42extern int max_threads;
43
44static struct workqueue_struct *khelper_wq;
45
46#ifdef CONFIG_MODULES
47
48/*
49	modprobe_path is set via /proc/sys.
50*/
51char modprobe_path[KMOD_PATH_LEN] = "/sbin/modprobe";
52
53/**
54 * __request_module - try to load a kernel module
55 * @wait: wait (or not) for the operation to complete
56 * @fmt: printf style format string for the name of the module
57 * @...: arguments as specified in the format string
58 *
59 * Load a module using the user mode module loader. The function returns
60 * zero on success or a negative errno code on failure. Note that a
61 * successful module load does not mean the module did not then unload
62 * and exit on an error of its own. Callers must check that the service
63 * they requested is now available not blindly invoke it.
64 *
65 * If module auto-loading support is disabled then this function
66 * becomes a no-operation.
67 */
68int __request_module(bool wait, const char *fmt, ...)
69{
70	va_list args;
71	char module_name[MODULE_NAME_LEN];
72	unsigned int max_modprobes;
73	int ret;
74	char *argv[] = { modprobe_path, "-q", "--", module_name, NULL };
75	static char *envp[] = { "HOME=/",
76				"TERM=linux",
77				"PATH=/sbin:/usr/sbin:/bin:/usr/bin",
78				NULL };
79	static atomic_t kmod_concurrent = ATOMIC_INIT(0);
80#define MAX_KMOD_CONCURRENT 50	/* Completely arbitrary value - KAO */
81	static int kmod_loop_msg;
82
83	va_start(args, fmt);
84	ret = vsnprintf(module_name, MODULE_NAME_LEN, fmt, args);
85	va_end(args);
86	if (ret >= MODULE_NAME_LEN)
87		return -ENAMETOOLONG;
88
89	ret = security_kernel_module_request(module_name);
90	if (ret)
91		return ret;
92
93	/* If modprobe needs a service that is in a module, we get a recursive
94	 * loop.  Limit the number of running kmod threads to max_threads/2 or
95	 * MAX_KMOD_CONCURRENT, whichever is the smaller.  A cleaner method
96	 * would be to run the parents of this process, counting how many times
97	 * kmod was invoked.  That would mean accessing the internals of the
98	 * process tables to get the command line, proc_pid_cmdline is static
99	 * and it is not worth changing the proc code just to handle this case.
100	 * KAO.
101	 *
102	 * "trace the ppid" is simple, but will fail if someone's
103	 * parent exits.  I think this is as good as it gets. --RR
104	 */
105	max_modprobes = min(max_threads/2, MAX_KMOD_CONCURRENT);
106	atomic_inc(&kmod_concurrent);
107	if (atomic_read(&kmod_concurrent) > max_modprobes) {
108		/* We may be blaming an innocent here, but unlikely */
109		if (kmod_loop_msg++ < 5)
110			printk(KERN_ERR
111			       "request_module: runaway loop modprobe %s\n",
112			       module_name);
113		atomic_dec(&kmod_concurrent);
114		return -ENOMEM;
115	}
116
117	trace_module_request(module_name, wait, _RET_IP_);
118
119	ret = call_usermodehelper_fns(modprobe_path, argv, envp,
120			wait ? UMH_WAIT_PROC : UMH_WAIT_EXEC,
121			NULL, NULL, NULL);
122
123	atomic_dec(&kmod_concurrent);
124	return ret;
125}
126EXPORT_SYMBOL(__request_module);
127#endif /* CONFIG_MODULES */
128
129/*
130 * This is the task which runs the usermode application
131 */
132static int ____call_usermodehelper(void *data)
133{
134	struct subprocess_info *sub_info = data;
135	int retval;
136
137	spin_lock_irq(&current->sighand->siglock);
138	flush_signal_handlers(current, 1);
139	spin_unlock_irq(&current->sighand->siglock);
140
141	/* We can run anywhere, unlike our parent keventd(). */
142	set_cpus_allowed_ptr(current, cpu_all_mask);
143
144	/*
145	 * Our parent is keventd, which runs with elevated scheduling priority.
146	 * Avoid propagating that into the userspace child.
147	 */
148	set_user_nice(current, 0);
149
150	if (sub_info->init) {
151		retval = sub_info->init(sub_info);
152		if (retval)
153			goto fail;
154	}
155
156	retval = kernel_execve(sub_info->path,
157			       (const char *const *)sub_info->argv,
158			       (const char *const *)sub_info->envp);
159
160	/* Exec failed? */
161fail:
162	sub_info->retval = retval;
163	do_exit(0);
164}
165
166void call_usermodehelper_freeinfo(struct subprocess_info *info)
167{
168	if (info->cleanup)
169		(*info->cleanup)(info);
170	kfree(info);
171}
172EXPORT_SYMBOL(call_usermodehelper_freeinfo);
173
174/* Keventd can't block, but this (a child) can. */
175static int wait_for_helper(void *data)
176{
177	struct subprocess_info *sub_info = data;
178	pid_t pid;
179
180	/* If SIGCLD is ignored sys_wait4 won't populate the status. */
181	spin_lock_irq(&current->sighand->siglock);
182	current->sighand->action[SIGCHLD-1].sa.sa_handler = SIG_DFL;
183	spin_unlock_irq(&current->sighand->siglock);
184
185	pid = kernel_thread(____call_usermodehelper, sub_info, SIGCHLD);
186	if (pid < 0) {
187		sub_info->retval = pid;
188	} else {
189		int ret = -ECHILD;
190		/*
191		 * Normally it is bogus to call wait4() from in-kernel because
192		 * wait4() wants to write the exit code to a userspace address.
193		 * But wait_for_helper() always runs as keventd, and put_user()
194		 * to a kernel address works OK for kernel threads, due to their
195		 * having an mm_segment_t which spans the entire address space.
196		 *
197		 * Thus the __user pointer cast is valid here.
198		 */
199		sys_wait4(pid, (int __user *)&ret, 0, NULL);
200
201		/*
202		 * If ret is 0, either ____call_usermodehelper failed and the
203		 * real error code is already in sub_info->retval or
204		 * sub_info->retval is 0 anyway, so don't mess with it then.
205		 */
206		if (ret)
207			sub_info->retval = ret;
208	}
209
210	complete(sub_info->complete);
211	return 0;
212}
213
214/* This is run by khelper thread  */
215static void __call_usermodehelper(struct work_struct *work)
216{
217	struct subprocess_info *sub_info =
218		container_of(work, struct subprocess_info, work);
219	enum umh_wait wait = sub_info->wait;
220	pid_t pid;
221
222	/* CLONE_VFORK: wait until the usermode helper has execve'd
223	 * successfully We need the data structures to stay around
224	 * until that is done.  */
225	if (wait == UMH_WAIT_PROC)
226		pid = kernel_thread(wait_for_helper, sub_info,
227				    CLONE_FS | CLONE_FILES | SIGCHLD);
228	else
229		pid = kernel_thread(____call_usermodehelper, sub_info,
230				    CLONE_VFORK | SIGCHLD);
231
232	switch (wait) {
233	case UMH_NO_WAIT:
234		call_usermodehelper_freeinfo(sub_info);
235		break;
236
237	case UMH_WAIT_PROC:
238		if (pid > 0)
239			break;
240		/* FALLTHROUGH */
241	case UMH_WAIT_EXEC:
242		if (pid < 0)
243			sub_info->retval = pid;
244		complete(sub_info->complete);
245	}
246}
247
248#ifdef CONFIG_PM_SLEEP
249/*
250 * If set, call_usermodehelper_exec() will exit immediately returning -EBUSY
251 * (used for preventing user land processes from being created after the user
252 * land has been frozen during a system-wide hibernation or suspend operation).
253 */
254static int usermodehelper_disabled;
255
256/* Number of helpers running */
257static atomic_t running_helpers = ATOMIC_INIT(0);
258
259/*
260 * Wait queue head used by usermodehelper_pm_callback() to wait for all running
261 * helpers to finish.
262 */
263static DECLARE_WAIT_QUEUE_HEAD(running_helpers_waitq);
264
265/*
266 * Time to wait for running_helpers to become zero before the setting of
267 * usermodehelper_disabled in usermodehelper_pm_callback() fails
268 */
269#define RUNNING_HELPERS_TIMEOUT	(5 * HZ)
270
271/**
272 * usermodehelper_disable - prevent new helpers from being started
273 */
274int usermodehelper_disable(void)
275{
276	long retval;
277
278	usermodehelper_disabled = 1;
279	smp_mb();
280	/*
281	 * From now on call_usermodehelper_exec() won't start any new
282	 * helpers, so it is sufficient if running_helpers turns out to
283	 * be zero at one point (it may be increased later, but that
284	 * doesn't matter).
285	 */
286	retval = wait_event_timeout(running_helpers_waitq,
287					atomic_read(&running_helpers) == 0,
288					RUNNING_HELPERS_TIMEOUT);
289	if (retval)
290		return 0;
291
292	usermodehelper_disabled = 0;
293	return -EAGAIN;
294}
295
296/**
297 * usermodehelper_enable - allow new helpers to be started again
298 */
299void usermodehelper_enable(void)
300{
301	usermodehelper_disabled = 0;
302}
303
304static void helper_lock(void)
305{
306	atomic_inc(&running_helpers);
307	smp_mb__after_atomic_inc();
308}
309
310static void helper_unlock(void)
311{
312	if (atomic_dec_and_test(&running_helpers))
313		wake_up(&running_helpers_waitq);
314}
315#else /* CONFIG_PM_SLEEP */
316#define usermodehelper_disabled	0
317
318static inline void helper_lock(void) {}
319static inline void helper_unlock(void) {}
320#endif /* CONFIG_PM_SLEEP */
321
322/**
323 * call_usermodehelper_setup - prepare to call a usermode helper
324 * @path: path to usermode executable
325 * @argv: arg vector for process
326 * @envp: environment for process
327 * @gfp_mask: gfp mask for memory allocation
328 *
329 * Returns either %NULL on allocation failure, or a subprocess_info
330 * structure.  This should be passed to call_usermodehelper_exec to
331 * exec the process and free the structure.
332 */
333struct subprocess_info *call_usermodehelper_setup(char *path, char **argv,
334						  char **envp, gfp_t gfp_mask)
335{
336	struct subprocess_info *sub_info;
337	sub_info = kzalloc(sizeof(struct subprocess_info), gfp_mask);
338	if (!sub_info)
339		goto out;
340
341	INIT_WORK(&sub_info->work, __call_usermodehelper);
342	sub_info->path = path;
343	sub_info->argv = argv;
344	sub_info->envp = envp;
345  out:
346	return sub_info;
347}
348EXPORT_SYMBOL(call_usermodehelper_setup);
349
350/**
351 * call_usermodehelper_setfns - set a cleanup/init function
352 * @info: a subprocess_info returned by call_usermodehelper_setup
353 * @cleanup: a cleanup function
354 * @init: an init function
355 * @data: arbitrary context sensitive data
356 *
357 * The init function is used to customize the helper process prior to
358 * exec.  A non-zero return code causes the process to error out, exit,
359 * and return the failure to the calling process
360 *
361 * The cleanup function is just before ethe subprocess_info is about to
362 * be freed.  This can be used for freeing the argv and envp.  The
363 * Function must be runnable in either a process context or the
364 * context in which call_usermodehelper_exec is called.
365 */
366void call_usermodehelper_setfns(struct subprocess_info *info,
367		    int (*init)(struct subprocess_info *info),
368		    void (*cleanup)(struct subprocess_info *info),
369		    void *data)
370{
371	info->cleanup = cleanup;
372	info->init = init;
373	info->data = data;
374}
375EXPORT_SYMBOL(call_usermodehelper_setfns);
376
377/**
378 * call_usermodehelper_exec - start a usermode application
379 * @sub_info: information about the subprocessa
380 * @wait: wait for the application to finish and return status.
381 *        when -1 don't wait at all, but you get no useful error back when
382 *        the program couldn't be exec'ed. This makes it safe to call
383 *        from interrupt context.
384 *
385 * Runs a user-space application.  The application is started
386 * asynchronously if wait is not set, and runs as a child of keventd.
387 * (ie. it runs with full root capabilities).
388 */
389int call_usermodehelper_exec(struct subprocess_info *sub_info,
390			     enum umh_wait wait)
391{
392	DECLARE_COMPLETION_ONSTACK(done);
393	int retval = 0;
394
395	helper_lock();
396	if (sub_info->path[0] == '\0')
397		goto out;
398
399	if (!khelper_wq || usermodehelper_disabled) {
400		retval = -EBUSY;
401		goto out;
402	}
403
404	sub_info->complete = &done;
405	sub_info->wait = wait;
406
407	queue_work(khelper_wq, &sub_info->work);
408	if (wait == UMH_NO_WAIT)	/* task has freed sub_info */
409		goto unlock;
410	wait_for_completion(&done);
411	retval = sub_info->retval;
412
413out:
414	call_usermodehelper_freeinfo(sub_info);
415unlock:
416	helper_unlock();
417	return retval;
418}
419EXPORT_SYMBOL(call_usermodehelper_exec);
420
421void __init usermodehelper_init(void)
422{
423	khelper_wq = create_singlethread_workqueue("khelper");
424	BUG_ON(!khelper_wq);
425}
426