linux/kernel/kmod.c
<<
>>
Prefs
   1/*
   2        kmod, the new module loader (replaces kerneld)
   3        Kirk Petersen
   4
   5        Reorganized not to be a daemon by Adam Richter, with guidance
   6        from Greg Zornetzer.
   7
   8        Modified to avoid chroot and file sharing problems.
   9        Mikael Pettersson
  10
  11        Limit the concurrent number of kmod modprobes to catch loops from
  12        "modprobe needs a service that is in a module".
  13        Keith Owens <kaos@ocs.com.au> December 1999
  14
  15        Unblock all signals when we exec a usermode process.
  16        Shuu Yamaguchi <shuu@wondernetworkresources.com> December 2000
  17
  18        call_usermodehelper wait flag, and remove exec_usermodehelper.
  19        Rusty Russell <rusty@rustcorp.com.au>  Jan 2003
  20*/
  21#include <linux/module.h>
  22#include <linux/sched.h>
  23#include <linux/syscalls.h>
  24#include <linux/unistd.h>
  25#include <linux/kmod.h>
  26#include <linux/slab.h>
  27#include <linux/completion.h>
  28#include <linux/cred.h>
  29#include <linux/file.h>
  30#include <linux/fdtable.h>
  31#include <linux/workqueue.h>
  32#include <linux/security.h>
  33#include <linux/mount.h>
  34#include <linux/kernel.h>
  35#include <linux/init.h>
  36#include <linux/resource.h>
  37#include <linux/notifier.h>
  38#include <linux/suspend.h>
  39#include <linux/rwsem.h>
  40#include <linux/ptrace.h>
  41#include <asm/uaccess.h>
  42
  43#include <trace/events/module.h>
  44
  45extern int max_threads;
  46
  47static struct workqueue_struct *khelper_wq;
  48
  49/*
  50 * kmod_thread_locker is used for deadlock avoidance.  There is no explicit
  51 * locking to protect this global - it is private to the singleton khelper
  52 * thread and should only ever be modified by that thread.
  53 */
  54static const struct task_struct *kmod_thread_locker;
  55
  56#define CAP_BSET        (void *)1
  57#define CAP_PI          (void *)2
  58
  59static kernel_cap_t usermodehelper_bset = CAP_FULL_SET;
  60static kernel_cap_t usermodehelper_inheritable = CAP_FULL_SET;
  61static DEFINE_SPINLOCK(umh_sysctl_lock);
  62static DECLARE_RWSEM(umhelper_sem);
  63
  64#ifdef CONFIG_MODULES
  65
  66/*
  67        modprobe_path is set via /proc/sys.
  68*/
  69char modprobe_path[KMOD_PATH_LEN] = "/sbin/modprobe";
  70
  71static void free_modprobe_argv(struct subprocess_info *info)
  72{
  73        kfree(info->argv[3]); /* check call_modprobe() */
  74        kfree(info->argv);
  75}
  76
  77static int call_modprobe(char *module_name, int wait)
  78{
  79        static char *envp[] = {
  80                "HOME=/",
  81                "TERM=linux",
  82                "PATH=/sbin:/usr/sbin:/bin:/usr/bin",
  83                NULL
  84        };
  85
  86        char **argv = kmalloc(sizeof(char *[5]), GFP_KERNEL);
  87        if (!argv)
  88                goto out;
  89
  90        module_name = kstrdup(module_name, GFP_KERNEL);
  91        if (!module_name)
  92                goto free_argv;
  93
  94        argv[0] = modprobe_path;
  95        argv[1] = "-q";
  96        argv[2] = "--";
  97        argv[3] = module_name;  /* check free_modprobe_argv() */
  98        argv[4] = NULL;
  99
 100        return call_usermodehelper_fns(modprobe_path, argv, envp,
 101                wait | UMH_KILLABLE, NULL, free_modprobe_argv, NULL);
 102free_argv:
 103        kfree(argv);
 104out:
 105        return -ENOMEM;
 106}
 107
 108/**
 109 * __request_module - try to load a kernel module
 110 * @wait: wait (or not) for the operation to complete
 111 * @fmt: printf style format string for the name of the module
 112 * @...: arguments as specified in the format string
 113 *
 114 * Load a module using the user mode module loader. The function returns
 115 * zero on success or a negative errno code on failure. Note that a
 116 * successful module load does not mean the module did not then unload
 117 * and exit on an error of its own. Callers must check that the service
 118 * they requested is now available not blindly invoke it.
 119 *
 120 * If module auto-loading support is disabled then this function
 121 * becomes a no-operation.
 122 */
 123int __request_module(bool wait, const char *fmt, ...)
 124{
 125        va_list args;
 126        char module_name[MODULE_NAME_LEN];
 127        unsigned int max_modprobes;
 128        int ret;
 129        static atomic_t kmod_concurrent = ATOMIC_INIT(0);
 130#define MAX_KMOD_CONCURRENT 50  /* Completely arbitrary value - KAO */
 131        static int kmod_loop_msg;
 132
 133        va_start(args, fmt);
 134        ret = vsnprintf(module_name, MODULE_NAME_LEN, fmt, args);
 135        va_end(args);
 136        if (ret >= MODULE_NAME_LEN)
 137                return -ENAMETOOLONG;
 138
 139        ret = security_kernel_module_request(module_name);
 140        if (ret)
 141                return ret;
 142
 143        /* If modprobe needs a service that is in a module, we get a recursive
 144         * loop.  Limit the number of running kmod threads to max_threads/2 or
 145         * MAX_KMOD_CONCURRENT, whichever is the smaller.  A cleaner method
 146         * would be to run the parents of this process, counting how many times
 147         * kmod was invoked.  That would mean accessing the internals of the
 148         * process tables to get the command line, proc_pid_cmdline is static
 149         * and it is not worth changing the proc code just to handle this case. 
 150         * KAO.
 151         *
 152         * "trace the ppid" is simple, but will fail if someone's
 153         * parent exits.  I think this is as good as it gets. --RR
 154         */
 155        max_modprobes = min(max_threads/2, MAX_KMOD_CONCURRENT);
 156        atomic_inc(&kmod_concurrent);
 157        if (atomic_read(&kmod_concurrent) > max_modprobes) {
 158                /* We may be blaming an innocent here, but unlikely */
 159                if (kmod_loop_msg < 5) {
 160                        printk(KERN_ERR
 161                               "request_module: runaway loop modprobe %s\n",
 162                               module_name);
 163                        kmod_loop_msg++;
 164                }
 165                atomic_dec(&kmod_concurrent);
 166                return -ENOMEM;
 167        }
 168
 169        trace_module_request(module_name, wait, _RET_IP_);
 170
 171        ret = call_modprobe(module_name, wait ? UMH_WAIT_PROC : UMH_WAIT_EXEC);
 172
 173        atomic_dec(&kmod_concurrent);
 174        return ret;
 175}
 176EXPORT_SYMBOL(__request_module);
 177#endif /* CONFIG_MODULES */
 178
 179/*
 180 * This is the task which runs the usermode application
 181 */
 182static int ____call_usermodehelper(void *data)
 183{
 184        struct subprocess_info *sub_info = data;
 185        struct cred *new;
 186        int retval;
 187
 188        spin_lock_irq(&current->sighand->siglock);
 189        flush_signal_handlers(current, 1);
 190        spin_unlock_irq(&current->sighand->siglock);
 191
 192        /* We can run anywhere, unlike our parent keventd(). */
 193        set_cpus_allowed_ptr(current, cpu_all_mask);
 194
 195        /*
 196         * Our parent is keventd, which runs with elevated scheduling priority.
 197         * Avoid propagating that into the userspace child.
 198         */
 199        set_user_nice(current, 0);
 200
 201        retval = -ENOMEM;
 202        new = prepare_kernel_cred(current);
 203        if (!new)
 204                goto fail;
 205
 206        spin_lock(&umh_sysctl_lock);
 207        new->cap_bset = cap_intersect(usermodehelper_bset, new->cap_bset);
 208        new->cap_inheritable = cap_intersect(usermodehelper_inheritable,
 209                                             new->cap_inheritable);
 210        spin_unlock(&umh_sysctl_lock);
 211
 212        if (sub_info->init) {
 213                retval = sub_info->init(sub_info, new);
 214                if (retval) {
 215                        abort_creds(new);
 216                        goto fail;
 217                }
 218        }
 219
 220        commit_creds(new);
 221
 222        retval = kernel_execve(sub_info->path,
 223                               (const char *const *)sub_info->argv,
 224                               (const char *const *)sub_info->envp);
 225        if (!retval)
 226                return 0;
 227
 228        /* Exec failed? */
 229fail:
 230        sub_info->retval = retval;
 231        do_exit(0);
 232}
 233
 234static int call_helper(void *data)
 235{
 236        /* Worker thread started blocking khelper thread. */
 237        kmod_thread_locker = current;
 238        return ____call_usermodehelper(data);
 239}
 240
 241static void call_usermodehelper_freeinfo(struct subprocess_info *info)
 242{
 243        if (info->cleanup)
 244                (*info->cleanup)(info);
 245        kfree(info);
 246}
 247
 248static void umh_complete(struct subprocess_info *sub_info)
 249{
 250        struct completion *comp = xchg(&sub_info->complete, NULL);
 251        /*
 252         * See call_usermodehelper_exec(). If xchg() returns NULL
 253         * we own sub_info, the UMH_KILLABLE caller has gone away.
 254         */
 255        if (comp)
 256                complete(comp);
 257        else
 258                call_usermodehelper_freeinfo(sub_info);
 259}
 260
 261/* Keventd can't block, but this (a child) can. */
 262static int wait_for_helper(void *data)
 263{
 264        struct subprocess_info *sub_info = data;
 265        pid_t pid;
 266
 267        /* If SIGCLD is ignored sys_wait4 won't populate the status. */
 268        spin_lock_irq(&current->sighand->siglock);
 269        current->sighand->action[SIGCHLD-1].sa.sa_handler = SIG_DFL;
 270        spin_unlock_irq(&current->sighand->siglock);
 271
 272        pid = kernel_thread(____call_usermodehelper, sub_info, SIGCHLD);
 273        if (pid < 0) {
 274                sub_info->retval = pid;
 275        } else {
 276                int ret = -ECHILD;
 277                /*
 278                 * Normally it is bogus to call wait4() from in-kernel because
 279                 * wait4() wants to write the exit code to a userspace address.
 280                 * But wait_for_helper() always runs as keventd, and put_user()
 281                 * to a kernel address works OK for kernel threads, due to their
 282                 * having an mm_segment_t which spans the entire address space.
 283                 *
 284                 * Thus the __user pointer cast is valid here.
 285                 */
 286                sys_wait4(pid, (int __user *)&ret, 0, NULL);
 287
 288                /*
 289                 * If ret is 0, either ____call_usermodehelper failed and the
 290                 * real error code is already in sub_info->retval or
 291                 * sub_info->retval is 0 anyway, so don't mess with it then.
 292                 */
 293                if (ret)
 294                        sub_info->retval = ret;
 295        }
 296
 297        umh_complete(sub_info);
 298        do_exit(0);
 299}
 300
 301/* This is run by khelper thread  */
 302static void __call_usermodehelper(struct work_struct *work)
 303{
 304        struct subprocess_info *sub_info =
 305                container_of(work, struct subprocess_info, work);
 306        int wait = sub_info->wait & ~UMH_KILLABLE;
 307        pid_t pid;
 308
 309        /* CLONE_VFORK: wait until the usermode helper has execve'd
 310         * successfully We need the data structures to stay around
 311         * until that is done.  */
 312        if (wait == UMH_WAIT_PROC)
 313                pid = kernel_thread(wait_for_helper, sub_info,
 314                                    CLONE_FS | CLONE_FILES | SIGCHLD);
 315        else {
 316                pid = kernel_thread(call_helper, sub_info,
 317                                    CLONE_VFORK | SIGCHLD);
 318                /* Worker thread stopped blocking khelper thread. */
 319                kmod_thread_locker = NULL;
 320        }
 321
 322        switch (wait) {
 323        case UMH_NO_WAIT:
 324                call_usermodehelper_freeinfo(sub_info);
 325                break;
 326
 327        case UMH_WAIT_PROC:
 328                if (pid > 0)
 329                        break;
 330                /* FALLTHROUGH */
 331        case UMH_WAIT_EXEC:
 332                if (pid < 0)
 333                        sub_info->retval = pid;
 334                umh_complete(sub_info);
 335        }
 336}
 337
 338/*
 339 * If set, call_usermodehelper_exec() will exit immediately returning -EBUSY
 340 * (used for preventing user land processes from being created after the user
 341 * land has been frozen during a system-wide hibernation or suspend operation).
 342 * Should always be manipulated under umhelper_sem acquired for write.
 343 */
 344static enum umh_disable_depth usermodehelper_disabled = UMH_DISABLED;
 345
 346/* Number of helpers running */
 347static atomic_t running_helpers = ATOMIC_INIT(0);
 348
 349/*
 350 * Wait queue head used by usermodehelper_disable() to wait for all running
 351 * helpers to finish.
 352 */
 353static DECLARE_WAIT_QUEUE_HEAD(running_helpers_waitq);
 354
 355/*
 356 * Used by usermodehelper_read_lock_wait() to wait for usermodehelper_disabled
 357 * to become 'false'.
 358 */
 359static DECLARE_WAIT_QUEUE_HEAD(usermodehelper_disabled_waitq);
 360
 361/*
 362 * Time to wait for running_helpers to become zero before the setting of
 363 * usermodehelper_disabled in usermodehelper_disable() fails
 364 */
 365#define RUNNING_HELPERS_TIMEOUT (5 * HZ)
 366
 367int usermodehelper_read_trylock(void)
 368{
 369        DEFINE_WAIT(wait);
 370        int ret = 0;
 371
 372        down_read(&umhelper_sem);
 373        for (;;) {
 374                prepare_to_wait(&usermodehelper_disabled_waitq, &wait,
 375                                TASK_INTERRUPTIBLE);
 376                if (!usermodehelper_disabled)
 377                        break;
 378
 379                if (usermodehelper_disabled == UMH_DISABLED)
 380                        ret = -EAGAIN;
 381
 382                up_read(&umhelper_sem);
 383
 384                if (ret)
 385                        break;
 386
 387                schedule();
 388                try_to_freeze();
 389
 390                down_read(&umhelper_sem);
 391        }
 392        finish_wait(&usermodehelper_disabled_waitq, &wait);
 393        return ret;
 394}
 395EXPORT_SYMBOL_GPL(usermodehelper_read_trylock);
 396
 397long usermodehelper_read_lock_wait(long timeout)
 398{
 399        DEFINE_WAIT(wait);
 400
 401        if (timeout < 0)
 402                return -EINVAL;
 403
 404        down_read(&umhelper_sem);
 405        for (;;) {
 406                prepare_to_wait(&usermodehelper_disabled_waitq, &wait,
 407                                TASK_UNINTERRUPTIBLE);
 408                if (!usermodehelper_disabled)
 409                        break;
 410
 411                up_read(&umhelper_sem);
 412
 413                timeout = schedule_timeout(timeout);
 414                if (!timeout)
 415                        break;
 416
 417                down_read(&umhelper_sem);
 418        }
 419        finish_wait(&usermodehelper_disabled_waitq, &wait);
 420        return timeout;
 421}
 422EXPORT_SYMBOL_GPL(usermodehelper_read_lock_wait);
 423
 424void usermodehelper_read_unlock(void)
 425{
 426        up_read(&umhelper_sem);
 427}
 428EXPORT_SYMBOL_GPL(usermodehelper_read_unlock);
 429
 430/**
 431 * __usermodehelper_set_disable_depth - Modify usermodehelper_disabled.
 432 * @depth: New value to assign to usermodehelper_disabled.
 433 *
 434 * Change the value of usermodehelper_disabled (under umhelper_sem locked for
 435 * writing) and wakeup tasks waiting for it to change.
 436 */
 437void __usermodehelper_set_disable_depth(enum umh_disable_depth depth)
 438{
 439        down_write(&umhelper_sem);
 440        usermodehelper_disabled = depth;
 441        wake_up(&usermodehelper_disabled_waitq);
 442        up_write(&umhelper_sem);
 443}
 444
 445/**
 446 * __usermodehelper_disable - Prevent new helpers from being started.
 447 * @depth: New value to assign to usermodehelper_disabled.
 448 *
 449 * Set usermodehelper_disabled to @depth and wait for running helpers to exit.
 450 */
 451int __usermodehelper_disable(enum umh_disable_depth depth)
 452{
 453        long retval;
 454
 455        if (!depth)
 456                return -EINVAL;
 457
 458        down_write(&umhelper_sem);
 459        usermodehelper_disabled = depth;
 460        up_write(&umhelper_sem);
 461
 462        /*
 463         * From now on call_usermodehelper_exec() won't start any new
 464         * helpers, so it is sufficient if running_helpers turns out to
 465         * be zero at one point (it may be increased later, but that
 466         * doesn't matter).
 467         */
 468        retval = wait_event_timeout(running_helpers_waitq,
 469                                        atomic_read(&running_helpers) == 0,
 470                                        RUNNING_HELPERS_TIMEOUT);
 471        if (retval)
 472                return 0;
 473
 474        __usermodehelper_set_disable_depth(UMH_ENABLED);
 475        return -EAGAIN;
 476}
 477
 478static void helper_lock(void)
 479{
 480        atomic_inc(&running_helpers);
 481        smp_mb__after_atomic_inc();
 482}
 483
 484static void helper_unlock(void)
 485{
 486        if (atomic_dec_and_test(&running_helpers))
 487                wake_up(&running_helpers_waitq);
 488}
 489
 490/**
 491 * call_usermodehelper_setup - prepare to call a usermode helper
 492 * @path: path to usermode executable
 493 * @argv: arg vector for process
 494 * @envp: environment for process
 495 * @gfp_mask: gfp mask for memory allocation
 496 *
 497 * Returns either %NULL on allocation failure, or a subprocess_info
 498 * structure.  This should be passed to call_usermodehelper_exec to
 499 * exec the process and free the structure.
 500 */
 501static
 502struct subprocess_info *call_usermodehelper_setup(char *path, char **argv,
 503                                                  char **envp, gfp_t gfp_mask)
 504{
 505        struct subprocess_info *sub_info;
 506        sub_info = kzalloc(sizeof(struct subprocess_info), gfp_mask);
 507        if (!sub_info)
 508                goto out;
 509
 510        INIT_WORK(&sub_info->work, __call_usermodehelper);
 511        sub_info->path = path;
 512        sub_info->argv = argv;
 513        sub_info->envp = envp;
 514  out:
 515        return sub_info;
 516}
 517
 518/**
 519 * call_usermodehelper_setfns - set a cleanup/init function
 520 * @info: a subprocess_info returned by call_usermodehelper_setup
 521 * @cleanup: a cleanup function
 522 * @init: an init function
 523 * @data: arbitrary context sensitive data
 524 *
 525 * The init function is used to customize the helper process prior to
 526 * exec.  A non-zero return code causes the process to error out, exit,
 527 * and return the failure to the calling process
 528 *
 529 * The cleanup function is just before ethe subprocess_info is about to
 530 * be freed.  This can be used for freeing the argv and envp.  The
 531 * Function must be runnable in either a process context or the
 532 * context in which call_usermodehelper_exec is called.
 533 */
 534static
 535void call_usermodehelper_setfns(struct subprocess_info *info,
 536                    int (*init)(struct subprocess_info *info, struct cred *new),
 537                    void (*cleanup)(struct subprocess_info *info),
 538                    void *data)
 539{
 540        info->cleanup = cleanup;
 541        info->init = init;
 542        info->data = data;
 543}
 544
 545/**
 546 * call_usermodehelper_exec - start a usermode application
 547 * @sub_info: information about the subprocessa
 548 * @wait: wait for the application to finish and return status.
 549 *        when -1 don't wait at all, but you get no useful error back when
 550 *        the program couldn't be exec'ed. This makes it safe to call
 551 *        from interrupt context.
 552 *
 553 * Runs a user-space application.  The application is started
 554 * asynchronously if wait is not set, and runs as a child of keventd.
 555 * (ie. it runs with full root capabilities).
 556 */
 557static
 558int call_usermodehelper_exec(struct subprocess_info *sub_info, int wait)
 559{
 560        DECLARE_COMPLETION_ONSTACK(done);
 561        int retval = 0;
 562
 563        helper_lock();
 564        if (sub_info->path[0] == '\0')
 565                goto out;
 566
 567        if (!khelper_wq || usermodehelper_disabled) {
 568                retval = -EBUSY;
 569                goto out;
 570        }
 571        /*
 572         * Worker thread must not wait for khelper thread at below
 573         * wait_for_completion() if the thread was created with CLONE_VFORK
 574         * flag, for khelper thread is already waiting for the thread at
 575         * wait_for_completion() in do_fork().
 576         */
 577        if (wait != UMH_NO_WAIT && current == kmod_thread_locker) {
 578                retval = -EBUSY;
 579                goto out;
 580        }
 581
 582        sub_info->complete = &done;
 583        sub_info->wait = wait;
 584
 585        queue_work(khelper_wq, &sub_info->work);
 586        if (wait == UMH_NO_WAIT)        /* task has freed sub_info */
 587                goto unlock;
 588
 589        if (wait & UMH_KILLABLE) {
 590                retval = wait_for_completion_killable(&done);
 591                if (!retval)
 592                        goto wait_done;
 593
 594                /* umh_complete() will see NULL and free sub_info */
 595                if (xchg(&sub_info->complete, NULL))
 596                        goto unlock;
 597                /* fallthrough, umh_complete() was already called */
 598        }
 599
 600        wait_for_completion(&done);
 601wait_done:
 602        retval = sub_info->retval;
 603out:
 604        call_usermodehelper_freeinfo(sub_info);
 605unlock:
 606        helper_unlock();
 607        return retval;
 608}
 609
 610/*
 611 * call_usermodehelper_fns() will not run the caller-provided cleanup function
 612 * if a memory allocation failure is experienced.  So the caller might need to
 613 * check the call_usermodehelper_fns() return value: if it is -ENOMEM, perform
 614 * the necessaary cleanup within the caller.
 615 */
 616int call_usermodehelper_fns(
 617        char *path, char **argv, char **envp, int wait,
 618        int (*init)(struct subprocess_info *info, struct cred *new),
 619        void (*cleanup)(struct subprocess_info *), void *data)
 620{
 621        struct subprocess_info *info;
 622        gfp_t gfp_mask = (wait == UMH_NO_WAIT) ? GFP_ATOMIC : GFP_KERNEL;
 623
 624        info = call_usermodehelper_setup(path, argv, envp, gfp_mask);
 625
 626        if (info == NULL)
 627                return -ENOMEM;
 628
 629        call_usermodehelper_setfns(info, init, cleanup, data);
 630
 631        return call_usermodehelper_exec(info, wait);
 632}
 633EXPORT_SYMBOL(call_usermodehelper_fns);
 634
 635static int proc_cap_handler(struct ctl_table *table, int write,
 636                         void __user *buffer, size_t *lenp, loff_t *ppos)
 637{
 638        struct ctl_table t;
 639        unsigned long cap_array[_KERNEL_CAPABILITY_U32S];
 640        kernel_cap_t new_cap;
 641        int err, i;
 642
 643        if (write && (!capable(CAP_SETPCAP) ||
 644                      !capable(CAP_SYS_MODULE)))
 645                return -EPERM;
 646
 647        /*
 648         * convert from the global kernel_cap_t to the ulong array to print to
 649         * userspace if this is a read.
 650         */
 651        spin_lock(&umh_sysctl_lock);
 652        for (i = 0; i < _KERNEL_CAPABILITY_U32S; i++)  {
 653                if (table->data == CAP_BSET)
 654                        cap_array[i] = usermodehelper_bset.cap[i];
 655                else if (table->data == CAP_PI)
 656                        cap_array[i] = usermodehelper_inheritable.cap[i];
 657                else
 658                        BUG();
 659        }
 660        spin_unlock(&umh_sysctl_lock);
 661
 662        t = *table;
 663        t.data = &cap_array;
 664
 665        /*
 666         * actually read or write and array of ulongs from userspace.  Remember
 667         * these are least significant 32 bits first
 668         */
 669        err = proc_doulongvec_minmax(&t, write, buffer, lenp, ppos);
 670        if (err < 0)
 671                return err;
 672
 673        /*
 674         * convert from the sysctl array of ulongs to the kernel_cap_t
 675         * internal representation
 676         */
 677        for (i = 0; i < _KERNEL_CAPABILITY_U32S; i++)
 678                new_cap.cap[i] = cap_array[i];
 679
 680        /*
 681         * Drop everything not in the new_cap (but don't add things)
 682         */
 683        spin_lock(&umh_sysctl_lock);
 684        if (write) {
 685                if (table->data == CAP_BSET)
 686                        usermodehelper_bset = cap_intersect(usermodehelper_bset, new_cap);
 687                if (table->data == CAP_PI)
 688                        usermodehelper_inheritable = cap_intersect(usermodehelper_inheritable, new_cap);
 689        }
 690        spin_unlock(&umh_sysctl_lock);
 691
 692        return 0;
 693}
 694
 695struct ctl_table usermodehelper_table[] = {
 696        {
 697                .procname       = "bset",
 698                .data           = CAP_BSET,
 699                .maxlen         = _KERNEL_CAPABILITY_U32S * sizeof(unsigned long),
 700                .mode           = 0600,
 701                .proc_handler   = proc_cap_handler,
 702        },
 703        {
 704                .procname       = "inheritable",
 705                .data           = CAP_PI,
 706                .maxlen         = _KERNEL_CAPABILITY_U32S * sizeof(unsigned long),
 707                .mode           = 0600,
 708                .proc_handler   = proc_cap_handler,
 709        },
 710        { }
 711};
 712
 713void __init usermodehelper_init(void)
 714{
 715        khelper_wq = create_singlethread_workqueue("khelper");
 716        BUG_ON(!khelper_wq);
 717}
 718
lxr.linux.no kindly hosted by Redpill Linpro AS, provider of Linux consulting and operations services since 1995.