LXR linux-bk/kernel/kmod.c

   1/*
   2        kmod, the new module loader (replaces kerneld)
   3        Kirk Petersen
   4
   5        Reorganized not to be a daemon by Adam Richter, with guidance
   6        from Greg Zornetzer.
   7
   8        Modified to avoid chroot and file sharing problems.
   9        Mikael Pettersson
  10
  11        Limit the concurrent number of kmod modprobes to catch loops from
  12        "modprobe needs a service that is in a module".
  13        Keith Owens <kaos@ocs.com.au> December 1999
  14
  15        Unblock all signals when we exec a usermode process.
  16        Shuu Yamaguchi <shuu@wondernetworkresources.com> December 2000
  17*/
  18
  19#define __KERNEL_SYSCALLS__
  20
  21#include <linux/config.h>
  22#include <linux/module.h>
  23#include <linux/sched.h>
  24#include <linux/unistd.h>
  25#include <linux/kmod.h>
  26#include <linux/smp_lock.h>
  27#include <linux/slab.h>
  28#include <linux/namespace.h>
  29#include <linux/completion.h>
  30#include <linux/file.h>
  31#include <linux/tqueue.h>
  32
  33#include <asm/uaccess.h>
  34
  35extern int max_threads, system_running;
  36
  37static inline void
  38use_init_fs_context(void)
  39{
  40        struct fs_struct *our_fs, *init_fs;
  41        struct dentry *root, *pwd;
  42        struct vfsmount *rootmnt, *pwdmnt;
  43        struct namespace *our_ns, *init_ns;
  44
  45        /*
  46         * Make modprobe's fs context be a copy of init's.
  47         *
  48         * We cannot use the user's fs context, because it
  49         * may have a different root than init.
  50         * Since init was created with CLONE_FS, we can grab
  51         * its fs context from "init_task".
  52         *
  53         * The fs context has to be a copy. If it is shared
  54         * with init, then any chdir() call in modprobe will
  55         * also affect init and the other threads sharing
  56         * init_task's fs context.
  57         *
  58         * We created the exec_modprobe thread without CLONE_FS,
  59         * so we can update the fields in our fs context freely.
  60         */
  61
  62        init_fs = init_task.fs;
  63        init_ns = init_task.namespace;
  64        get_namespace(init_ns);
  65        our_ns = current->namespace;
  66        current->namespace = init_ns;
  67        put_namespace(our_ns);
  68        read_lock(&init_fs->lock);
  69        rootmnt = mntget(init_fs->rootmnt);
  70        root = dget(init_fs->root);
  71        pwdmnt = mntget(init_fs->pwdmnt);
  72        pwd = dget(init_fs->pwd);
  73        read_unlock(&init_fs->lock);
  74
  75        /* FIXME - unsafe ->fs access */
  76        our_fs = current->fs;
  77        our_fs->umask = init_fs->umask;
  78        set_fs_root(our_fs, rootmnt, root);
  79        set_fs_pwd(our_fs, pwdmnt, pwd);
  80        write_lock(&our_fs->lock);
  81        if (our_fs->altroot) {
  82                struct vfsmount *mnt = our_fs->altrootmnt;
  83                struct dentry *dentry = our_fs->altroot;
  84                our_fs->altrootmnt = NULL;
  85                our_fs->altroot = NULL;
  86                write_unlock(&our_fs->lock);
  87                dput(dentry);
  88                mntput(mnt);
  89        } else 
  90                write_unlock(&our_fs->lock);
  91        dput(root);
  92        mntput(rootmnt);
  93        dput(pwd);
  94        mntput(pwdmnt);
  95}
  96
  97int exec_usermodehelper(char *program_path, char *argv[], char *envp[])
  98{
  99        int i;
 100        struct task_struct *curtask = current;
 101
 102        curtask->session = 1;
 103        curtask->pgrp = 1;
 104
 105        use_init_fs_context();
 106
 107        /* Prevent parent user process from sending signals to child.
 108           Otherwise, if the modprobe program does not exist, it might
 109           be possible to get a user defined signal handler to execute
 110           as the super user right after the execve fails if you time
 111           the signal just right.
 112        */
 113        spin_lock_irq(&curtask->sigmask_lock);
 114        sigemptyset(&curtask->blocked);
 115        flush_signals(curtask);
 116        flush_signal_handlers(curtask);
 117        recalc_sigpending();
 118        spin_unlock_irq(&curtask->sigmask_lock);
 119
 120        for (i = 0; i < curtask->files->max_fds; i++ ) {
 121                if (curtask->files->fd[i]) close(i);
 122        }
 123
 124        /* Drop the "current user" thing */
 125        {
 126                struct user_struct *user = curtask->user;
 127                curtask->user = INIT_USER;
 128                atomic_inc(&INIT_USER->__count);
 129                atomic_inc(&INIT_USER->processes);
 130                atomic_dec(&user->processes);
 131                free_uid(user);
 132        }
 133
 134        /* Give kmod all effective privileges.. */
 135        curtask->euid = curtask->fsuid = 0;
 136        curtask->egid = curtask->fsgid = 0;
 137        security_ops->task_kmod_set_label();
 138
 139        /* Allow execve args to be in kernel space. */
 140        set_fs(KERNEL_DS);
 141
 142        /* Go, go, go... */
 143        if (execve(program_path, argv, envp) < 0)
 144                return -errno;
 145        return 0;
 146}
 147
 148#ifdef CONFIG_KMOD
 149
 150/*
 151        modprobe_path is set via /proc/sys.
 152*/
 153char modprobe_path[256] = "/sbin/modprobe";
 154
 155static int exec_modprobe(void * module_name)
 156{
 157        static char * envp[] = { "HOME=/", "TERM=linux", "PATH=/sbin:/usr/sbin:/bin:/usr/bin", NULL };
 158        char *argv[] = { modprobe_path, "-s", "-k", "--", (char*)module_name, NULL };
 159        int ret;
 160
 161        if (!system_running)
 162                return -EBUSY;
 163
 164        ret = exec_usermodehelper(modprobe_path, argv, envp);
 165        if (ret) {
 166                static unsigned long last;
 167                unsigned long now = jiffies;
 168                if (now - last > HZ) {
 169                        last = now;
 170                        printk(KERN_DEBUG
 171                               "kmod: failed to exec %s -s -k %s, errno = %d\n",
 172                               modprobe_path, (char*) module_name, errno);
 173                }
 174        }
 175        return ret;
 176}
 177
 178/**
 179 * request_module - try to load a kernel module
 180 * @module_name: Name of module
 181 *
 182 * Load a module using the user mode module loader. The function returns
 183 * zero on success or a negative errno code on failure. Note that a
 184 * successful module load does not mean the module did not then unload
 185 * and exit on an error of its own. Callers must check that the service
 186 * they requested is now available not blindly invoke it.
 187 *
 188 * If module auto-loading support is disabled then this function
 189 * becomes a no-operation.
 190 */
 191int request_module(const char * module_name)
 192{
 193        pid_t pid;
 194        int waitpid_result;
 195        sigset_t tmpsig;
 196        int i, ret;
 197        static atomic_t kmod_concurrent = ATOMIC_INIT(0);
 198#define MAX_KMOD_CONCURRENT 50  /* Completely arbitrary value - KAO */
 199        static int kmod_loop_msg;
 200        unsigned long saved_policy = current->policy;
 201
 202        current->policy = SCHED_NORMAL;
 203        /* Don't allow request_module() when the system isn't set up */
 204        if ( ! system_running ) {
 205                printk(KERN_ERR "request_module[%s]: not ready\n", module_name);
 206                ret = -EPERM;
 207                goto out;
 208        }
 209
 210        /* If modprobe needs a service that is in a module, we get a recursive
 211         * loop.  Limit the number of running kmod threads to max_threads/2 or
 212         * MAX_KMOD_CONCURRENT, whichever is the smaller.  A cleaner method
 213         * would be to run the parents of this process, counting how many times
 214         * kmod was invoked.  That would mean accessing the internals of the
 215         * process tables to get the command line, proc_pid_cmdline is static
 216         * and it is not worth changing the proc code just to handle this case. 
 217         * KAO.
 218         */
 219        i = max_threads/2;
 220        if (i > MAX_KMOD_CONCURRENT)
 221                i = MAX_KMOD_CONCURRENT;
 222        atomic_inc(&kmod_concurrent);
 223        if (atomic_read(&kmod_concurrent) > i) {
 224                if (kmod_loop_msg++ < 5)
 225                        printk(KERN_ERR
 226                               "kmod: runaway modprobe loop assumed and stopped\n");
 227                atomic_dec(&kmod_concurrent);
 228                ret = -ENOMEM;
 229                goto out;
 230        }
 231
 232        pid = kernel_thread(exec_modprobe, (void*) module_name, 0);
 233        if (pid < 0) {
 234                printk(KERN_ERR "request_module[%s]: fork failed, errno %d\n", module_name, -pid);
 235                atomic_dec(&kmod_concurrent);
 236                ret = pid;
 237                goto out;
 238        }
 239
 240        /* Block everything but SIGKILL/SIGSTOP */
 241        spin_lock_irq(&current->sigmask_lock);
 242        tmpsig = current->blocked;
 243        siginitsetinv(&current->blocked, sigmask(SIGKILL) | sigmask(SIGSTOP));
 244        recalc_sigpending();
 245        spin_unlock_irq(&current->sigmask_lock);
 246
 247        waitpid_result = waitpid(pid, NULL, __WCLONE);
 248        atomic_dec(&kmod_concurrent);
 249
 250        /* Allow signals again.. */
 251        spin_lock_irq(&current->sigmask_lock);
 252        current->blocked = tmpsig;
 253        recalc_sigpending();
 254        spin_unlock_irq(&current->sigmask_lock);
 255
 256        if (waitpid_result != pid) {
 257                printk(KERN_ERR "request_module[%s]: waitpid(%d,...) failed, errno %d\n",
 258                       module_name, pid, -waitpid_result);
 259        }
 260        ret = 0;
 261out:
 262        current->policy = saved_policy;
 263        return ret;
 264}
 265#endif /* CONFIG_KMOD */
 266
 267
 268#ifdef CONFIG_HOTPLUG
 269/*
 270        hotplug path is set via /proc/sys
 271        invoked by hotplug-aware bus drivers,
 272        with exec_usermodehelper and some thread-spawner
 273
 274        argv [0] = hotplug_path;
 275        argv [1] = "usb", "scsi", "pci", "network", etc;
 276        ... plus optional type-specific parameters
 277        argv [n] = 0;
 278
 279        envp [*] = HOME, PATH; optional type-specific parameters
 280
 281        a hotplug bus should invoke this for device add/remove
 282        events.  the command is expected to load drivers when
 283        necessary, and may perform additional system setup.
 284*/
 285char hotplug_path[256] = "/sbin/hotplug";
 286
 287EXPORT_SYMBOL(hotplug_path);
 288
 289#endif /* CONFIG_HOTPLUG */
 290
 291struct subprocess_info {
 292        struct completion *complete;
 293        char *path;
 294        char **argv;
 295        char **envp;
 296        pid_t retval;
 297};
 298
 299/*
 300 * This is the task which runs the usermode application
 301 */
 302static int ____call_usermodehelper(void *data)
 303{
 304        struct subprocess_info *sub_info = data;
 305        int retval;
 306
 307        retval = -EPERM;
 308        if (current->fs->root)
 309                retval = exec_usermodehelper(sub_info->path, sub_info->argv, sub_info->envp);
 310
 311        /* Exec failed? */
 312        sub_info->retval = (pid_t)retval;
 313        do_exit(0);
 314}
 315
 316/*
 317 * This is run by keventd.
 318 */
 319static void __call_usermodehelper(void *data)
 320{
 321        struct subprocess_info *sub_info = data;
 322        pid_t pid;
 323
 324        /*
 325         * CLONE_VFORK: wait until the usermode helper has execve'd successfully
 326         * We need the data structures to stay around until that is done.
 327         */
 328        pid = kernel_thread(____call_usermodehelper, sub_info, CLONE_VFORK | SIGCHLD);
 329        if (pid < 0)
 330                sub_info->retval = pid;
 331        complete(sub_info->complete);
 332}
 333
 334/**
 335 * call_usermodehelper - start a usermode application
 336 * @path: pathname for the application
 337 * @argv: null-terminated argument list
 338 * @envp: null-terminated environment list
 339 *
 340 * Runs a user-space application.  The application is started asynchronously.  It
 341 * runs as a child of keventd.  It runs with full root capabilities.  keventd silently
 342 * reaps the child when it exits.
 343 *
 344 * Must be called from process context.  Returns zero on success, else a negative
 345 * error code.
 346 */
 347int call_usermodehelper(char *path, char **argv, char **envp)
 348{
 349        DECLARE_COMPLETION(work);
 350        struct subprocess_info sub_info = {
 351                .complete       = &work,
 352                .path           = path,
 353                .argv           = argv,
 354                .envp           = envp,
 355                .retval         = 0,
 356        };
 357        struct tq_struct tqs = {
 358                .routine        = __call_usermodehelper,
 359                .data           = &sub_info,
 360        };
 361
 362        if (!system_running)
 363                return -EBUSY;
 364
 365        if (path[0] == '\0')
 366                goto out;
 367
 368        if (current_is_keventd()) {
 369                /* We can't wait on keventd! */
 370                __call_usermodehelper(&sub_info);
 371        } else {
 372                schedule_task(&tqs);
 373                wait_for_completion(&work);
 374        }
 375out:
 376        return sub_info.retval;
 377}
 378
 379/*
 380 * This is for the serialisation of device probe() functions
 381 * against device open() functions
 382 */
 383static DECLARE_MUTEX(dev_probe_sem);
 384
 385void dev_probe_lock(void)
 386{
 387        down(&dev_probe_sem);
 388}
 389
 390void dev_probe_unlock(void)
 391{
 392        up(&dev_probe_sem);
 393}
 394
 395EXPORT_SYMBOL(exec_usermodehelper);
 396EXPORT_SYMBOL(call_usermodehelper);
 397
 398#ifdef CONFIG_KMOD
 399EXPORT_SYMBOL(request_module);
 400#endif
 401
 402