Merge branch 'kbuild/rc-fixes' into kbuild/kconfig
[platform/adaptation/renesas_rcar/renesas_kernel.git] / kernel / kmod.c
1 /*
2         kmod, the new module loader (replaces kerneld)
3         Kirk Petersen
4
5         Reorganized not to be a daemon by Adam Richter, with guidance
6         from Greg Zornetzer.
7
8         Modified to avoid chroot and file sharing problems.
9         Mikael Pettersson
10
11         Limit the concurrent number of kmod modprobes to catch loops from
12         "modprobe needs a service that is in a module".
13         Keith Owens <kaos@ocs.com.au> December 1999
14
15         Unblock all signals when we exec a usermode process.
16         Shuu Yamaguchi <shuu@wondernetworkresources.com> December 2000
17
18         call_usermodehelper wait flag, and remove exec_usermodehelper.
19         Rusty Russell <rusty@rustcorp.com.au>  Jan 2003
20 */
21 #include <linux/module.h>
22 #include <linux/sched.h>
23 #include <linux/syscalls.h>
24 #include <linux/unistd.h>
25 #include <linux/kmod.h>
26 #include <linux/slab.h>
27 #include <linux/completion.h>
28 #include <linux/cred.h>
29 #include <linux/file.h>
30 #include <linux/fdtable.h>
31 #include <linux/workqueue.h>
32 #include <linux/security.h>
33 #include <linux/mount.h>
34 #include <linux/kernel.h>
35 #include <linux/init.h>
36 #include <linux/resource.h>
37 #include <linux/notifier.h>
38 #include <linux/suspend.h>
39 #include <linux/rwsem.h>
40 #include <linux/ptrace.h>
41 #include <asm/uaccess.h>
42
43 #include <trace/events/module.h>
44
45 extern int max_threads;
46
47 static struct workqueue_struct *khelper_wq;
48
49 /*
50  * kmod_thread_locker is used for deadlock avoidance.  There is no explicit
51  * locking to protect this global - it is private to the singleton khelper
52  * thread and should only ever be modified by that thread.
53  */
54 static const struct task_struct *kmod_thread_locker;
55
56 #define CAP_BSET        (void *)1
57 #define CAP_PI          (void *)2
58
59 static kernel_cap_t usermodehelper_bset = CAP_FULL_SET;
60 static kernel_cap_t usermodehelper_inheritable = CAP_FULL_SET;
61 static DEFINE_SPINLOCK(umh_sysctl_lock);
62 static DECLARE_RWSEM(umhelper_sem);
63
64 #ifdef CONFIG_MODULES
65
66 /*
67         modprobe_path is set via /proc/sys.
68 */
69 char modprobe_path[KMOD_PATH_LEN] = "/sbin/modprobe";
70
71 static void free_modprobe_argv(struct subprocess_info *info)
72 {
73         kfree(info->argv[3]); /* check call_modprobe() */
74         kfree(info->argv);
75 }
76
77 static int call_modprobe(char *module_name, int wait)
78 {
79         static char *envp[] = {
80                 "HOME=/",
81                 "TERM=linux",
82                 "PATH=/sbin:/usr/sbin:/bin:/usr/bin",
83                 NULL
84         };
85
86         char **argv = kmalloc(sizeof(char *[5]), GFP_KERNEL);
87         if (!argv)
88                 goto out;
89
90         module_name = kstrdup(module_name, GFP_KERNEL);
91         if (!module_name)
92                 goto free_argv;
93
94         argv[0] = modprobe_path;
95         argv[1] = "-q";
96         argv[2] = "--";
97         argv[3] = module_name;  /* check free_modprobe_argv() */
98         argv[4] = NULL;
99
100         return call_usermodehelper_fns(modprobe_path, argv, envp,
101                 wait | UMH_KILLABLE, NULL, free_modprobe_argv, NULL);
102 free_argv:
103         kfree(argv);
104 out:
105         return -ENOMEM;
106 }
107
108 /**
109  * __request_module - try to load a kernel module
110  * @wait: wait (or not) for the operation to complete
111  * @fmt: printf style format string for the name of the module
112  * @...: arguments as specified in the format string
113  *
114  * Load a module using the user mode module loader. The function returns
115  * zero on success or a negative errno code on failure. Note that a
116  * successful module load does not mean the module did not then unload
117  * and exit on an error of its own. Callers must check that the service
118  * they requested is now available not blindly invoke it.
119  *
120  * If module auto-loading support is disabled then this function
121  * becomes a no-operation.
122  */
123 int __request_module(bool wait, const char *fmt, ...)
124 {
125         va_list args;
126         char module_name[MODULE_NAME_LEN];
127         unsigned int max_modprobes;
128         int ret;
129         static atomic_t kmod_concurrent = ATOMIC_INIT(0);
130 #define MAX_KMOD_CONCURRENT 50  /* Completely arbitrary value - KAO */
131         static int kmod_loop_msg;
132
133         va_start(args, fmt);
134         ret = vsnprintf(module_name, MODULE_NAME_LEN, fmt, args);
135         va_end(args);
136         if (ret >= MODULE_NAME_LEN)
137                 return -ENAMETOOLONG;
138
139         ret = security_kernel_module_request(module_name);
140         if (ret)
141                 return ret;
142
143         /* If modprobe needs a service that is in a module, we get a recursive
144          * loop.  Limit the number of running kmod threads to max_threads/2 or
145          * MAX_KMOD_CONCURRENT, whichever is the smaller.  A cleaner method
146          * would be to run the parents of this process, counting how many times
147          * kmod was invoked.  That would mean accessing the internals of the
148          * process tables to get the command line, proc_pid_cmdline is static
149          * and it is not worth changing the proc code just to handle this case. 
150          * KAO.
151          *
152          * "trace the ppid" is simple, but will fail if someone's
153          * parent exits.  I think this is as good as it gets. --RR
154          */
155         max_modprobes = min(max_threads/2, MAX_KMOD_CONCURRENT);
156         atomic_inc(&kmod_concurrent);
157         if (atomic_read(&kmod_concurrent) > max_modprobes) {
158                 /* We may be blaming an innocent here, but unlikely */
159                 if (kmod_loop_msg < 5) {
160                         printk(KERN_ERR
161                                "request_module: runaway loop modprobe %s\n",
162                                module_name);
163                         kmod_loop_msg++;
164                 }
165                 atomic_dec(&kmod_concurrent);
166                 return -ENOMEM;
167         }
168
169         trace_module_request(module_name, wait, _RET_IP_);
170
171         ret = call_modprobe(module_name, wait ? UMH_WAIT_PROC : UMH_WAIT_EXEC);
172
173         atomic_dec(&kmod_concurrent);
174         return ret;
175 }
176 EXPORT_SYMBOL(__request_module);
177 #endif /* CONFIG_MODULES */
178
179 /*
180  * This is the task which runs the usermode application
181  */
182 static int ____call_usermodehelper(void *data)
183 {
184         struct subprocess_info *sub_info = data;
185         struct cred *new;
186         int retval;
187
188         spin_lock_irq(&current->sighand->siglock);
189         flush_signal_handlers(current, 1);
190         spin_unlock_irq(&current->sighand->siglock);
191
192         /* We can run anywhere, unlike our parent keventd(). */
193         set_cpus_allowed_ptr(current, cpu_all_mask);
194
195         /*
196          * Our parent is keventd, which runs with elevated scheduling priority.
197          * Avoid propagating that into the userspace child.
198          */
199         set_user_nice(current, 0);
200
201         retval = -ENOMEM;
202         new = prepare_kernel_cred(current);
203         if (!new)
204                 goto fail;
205
206         spin_lock(&umh_sysctl_lock);
207         new->cap_bset = cap_intersect(usermodehelper_bset, new->cap_bset);
208         new->cap_inheritable = cap_intersect(usermodehelper_inheritable,
209                                              new->cap_inheritable);
210         spin_unlock(&umh_sysctl_lock);
211
212         if (sub_info->init) {
213                 retval = sub_info->init(sub_info, new);
214                 if (retval) {
215                         abort_creds(new);
216                         goto fail;
217                 }
218         }
219
220         commit_creds(new);
221
222         retval = do_execve(sub_info->path,
223                            (const char __user *const __user *)sub_info->argv,
224                            (const char __user *const __user *)sub_info->envp);
225         if (!retval)
226                 return 0;
227
228         /* Exec failed? */
229 fail:
230         sub_info->retval = retval;
231         do_exit(0);
232 }
233
234 static int call_helper(void *data)
235 {
236         /* Worker thread started blocking khelper thread. */
237         kmod_thread_locker = current;
238         return ____call_usermodehelper(data);
239 }
240
241 static void call_usermodehelper_freeinfo(struct subprocess_info *info)
242 {
243         if (info->cleanup)
244                 (*info->cleanup)(info);
245         kfree(info);
246 }
247
248 static void umh_complete(struct subprocess_info *sub_info)
249 {
250         struct completion *comp = xchg(&sub_info->complete, NULL);
251         /*
252          * See call_usermodehelper_exec(). If xchg() returns NULL
253          * we own sub_info, the UMH_KILLABLE caller has gone away.
254          */
255         if (comp)
256                 complete(comp);
257         else
258                 call_usermodehelper_freeinfo(sub_info);
259 }
260
261 /* Keventd can't block, but this (a child) can. */
262 static int wait_for_helper(void *data)
263 {
264         struct subprocess_info *sub_info = data;
265         pid_t pid;
266
267         /* If SIGCLD is ignored sys_wait4 won't populate the status. */
268         spin_lock_irq(&current->sighand->siglock);
269         current->sighand->action[SIGCHLD-1].sa.sa_handler = SIG_DFL;
270         spin_unlock_irq(&current->sighand->siglock);
271
272         pid = kernel_thread(____call_usermodehelper, sub_info, SIGCHLD);
273         if (pid < 0) {
274                 sub_info->retval = pid;
275         } else {
276                 int ret = -ECHILD;
277                 /*
278                  * Normally it is bogus to call wait4() from in-kernel because
279                  * wait4() wants to write the exit code to a userspace address.
280                  * But wait_for_helper() always runs as keventd, and put_user()
281                  * to a kernel address works OK for kernel threads, due to their
282                  * having an mm_segment_t which spans the entire address space.
283                  *
284                  * Thus the __user pointer cast is valid here.
285                  */
286                 sys_wait4(pid, (int __user *)&ret, 0, NULL);
287
288                 /*
289                  * If ret is 0, either ____call_usermodehelper failed and the
290                  * real error code is already in sub_info->retval or
291                  * sub_info->retval is 0 anyway, so don't mess with it then.
292                  */
293                 if (ret)
294                         sub_info->retval = ret;
295         }
296
297         umh_complete(sub_info);
298         do_exit(0);
299 }
300
301 /* This is run by khelper thread  */
302 static void __call_usermodehelper(struct work_struct *work)
303 {
304         struct subprocess_info *sub_info =
305                 container_of(work, struct subprocess_info, work);
306         int wait = sub_info->wait & ~UMH_KILLABLE;
307         pid_t pid;
308
309         /* CLONE_VFORK: wait until the usermode helper has execve'd
310          * successfully We need the data structures to stay around
311          * until that is done.  */
312         if (wait == UMH_WAIT_PROC)
313                 pid = kernel_thread(wait_for_helper, sub_info,
314                                     CLONE_FS | CLONE_FILES | SIGCHLD);
315         else {
316                 pid = kernel_thread(call_helper, sub_info,
317                                     CLONE_VFORK | SIGCHLD);
318                 /* Worker thread stopped blocking khelper thread. */
319                 kmod_thread_locker = NULL;
320         }
321
322         switch (wait) {
323         case UMH_NO_WAIT:
324                 call_usermodehelper_freeinfo(sub_info);
325                 break;
326
327         case UMH_WAIT_PROC:
328                 if (pid > 0)
329                         break;
330                 /* FALLTHROUGH */
331         case UMH_WAIT_EXEC:
332                 if (pid < 0)
333                         sub_info->retval = pid;
334                 umh_complete(sub_info);
335         }
336 }
337
338 /*
339  * If set, call_usermodehelper_exec() will exit immediately returning -EBUSY
340  * (used for preventing user land processes from being created after the user
341  * land has been frozen during a system-wide hibernation or suspend operation).
342  * Should always be manipulated under umhelper_sem acquired for write.
343  */
344 static enum umh_disable_depth usermodehelper_disabled = UMH_DISABLED;
345
346 /* Number of helpers running */
347 static atomic_t running_helpers = ATOMIC_INIT(0);
348
349 /*
350  * Wait queue head used by usermodehelper_disable() to wait for all running
351  * helpers to finish.
352  */
353 static DECLARE_WAIT_QUEUE_HEAD(running_helpers_waitq);
354
355 /*
356  * Used by usermodehelper_read_lock_wait() to wait for usermodehelper_disabled
357  * to become 'false'.
358  */
359 static DECLARE_WAIT_QUEUE_HEAD(usermodehelper_disabled_waitq);
360
361 /*
362  * Time to wait for running_helpers to become zero before the setting of
363  * usermodehelper_disabled in usermodehelper_disable() fails
364  */
365 #define RUNNING_HELPERS_TIMEOUT (5 * HZ)
366
367 int usermodehelper_read_trylock(void)
368 {
369         DEFINE_WAIT(wait);
370         int ret = 0;
371
372         down_read(&umhelper_sem);
373         for (;;) {
374                 prepare_to_wait(&usermodehelper_disabled_waitq, &wait,
375                                 TASK_INTERRUPTIBLE);
376                 if (!usermodehelper_disabled)
377                         break;
378
379                 if (usermodehelper_disabled == UMH_DISABLED)
380                         ret = -EAGAIN;
381
382                 up_read(&umhelper_sem);
383
384                 if (ret)
385                         break;
386
387                 schedule();
388                 try_to_freeze();
389
390                 down_read(&umhelper_sem);
391         }
392         finish_wait(&usermodehelper_disabled_waitq, &wait);
393         return ret;
394 }
395 EXPORT_SYMBOL_GPL(usermodehelper_read_trylock);
396
397 long usermodehelper_read_lock_wait(long timeout)
398 {
399         DEFINE_WAIT(wait);
400
401         if (timeout < 0)
402                 return -EINVAL;
403
404         down_read(&umhelper_sem);
405         for (;;) {
406                 prepare_to_wait(&usermodehelper_disabled_waitq, &wait,
407                                 TASK_UNINTERRUPTIBLE);
408                 if (!usermodehelper_disabled)
409                         break;
410
411                 up_read(&umhelper_sem);
412
413                 timeout = schedule_timeout(timeout);
414                 if (!timeout)
415                         break;
416
417                 down_read(&umhelper_sem);
418         }
419         finish_wait(&usermodehelper_disabled_waitq, &wait);
420         return timeout;
421 }
422 EXPORT_SYMBOL_GPL(usermodehelper_read_lock_wait);
423
424 void usermodehelper_read_unlock(void)
425 {
426         up_read(&umhelper_sem);
427 }
428 EXPORT_SYMBOL_GPL(usermodehelper_read_unlock);
429
430 /**
431  * __usermodehelper_set_disable_depth - Modify usermodehelper_disabled.
432  * @depth: New value to assign to usermodehelper_disabled.
433  *
434  * Change the value of usermodehelper_disabled (under umhelper_sem locked for
435  * writing) and wakeup tasks waiting for it to change.
436  */
437 void __usermodehelper_set_disable_depth(enum umh_disable_depth depth)
438 {
439         down_write(&umhelper_sem);
440         usermodehelper_disabled = depth;
441         wake_up(&usermodehelper_disabled_waitq);
442         up_write(&umhelper_sem);
443 }
444
445 /**
446  * __usermodehelper_disable - Prevent new helpers from being started.
447  * @depth: New value to assign to usermodehelper_disabled.
448  *
449  * Set usermodehelper_disabled to @depth and wait for running helpers to exit.
450  */
451 int __usermodehelper_disable(enum umh_disable_depth depth)
452 {
453         long retval;
454
455         if (!depth)
456                 return -EINVAL;
457
458         down_write(&umhelper_sem);
459         usermodehelper_disabled = depth;
460         up_write(&umhelper_sem);
461
462         /*
463          * From now on call_usermodehelper_exec() won't start any new
464          * helpers, so it is sufficient if running_helpers turns out to
465          * be zero at one point (it may be increased later, but that
466          * doesn't matter).
467          */
468         retval = wait_event_timeout(running_helpers_waitq,
469                                         atomic_read(&running_helpers) == 0,
470                                         RUNNING_HELPERS_TIMEOUT);
471         if (retval)
472                 return 0;
473
474         __usermodehelper_set_disable_depth(UMH_ENABLED);
475         return -EAGAIN;
476 }
477
478 static void helper_lock(void)
479 {
480         atomic_inc(&running_helpers);
481         smp_mb__after_atomic_inc();
482 }
483
484 static void helper_unlock(void)
485 {
486         if (atomic_dec_and_test(&running_helpers))
487                 wake_up(&running_helpers_waitq);
488 }
489
490 /**
491  * call_usermodehelper_setup - prepare to call a usermode helper
492  * @path: path to usermode executable
493  * @argv: arg vector for process
494  * @envp: environment for process
495  * @gfp_mask: gfp mask for memory allocation
496  *
497  * Returns either %NULL on allocation failure, or a subprocess_info
498  * structure.  This should be passed to call_usermodehelper_exec to
499  * exec the process and free the structure.
500  */
501 static
502 struct subprocess_info *call_usermodehelper_setup(char *path, char **argv,
503                                                   char **envp, gfp_t gfp_mask)
504 {
505         struct subprocess_info *sub_info;
506         sub_info = kzalloc(sizeof(struct subprocess_info), gfp_mask);
507         if (!sub_info)
508                 goto out;
509
510         INIT_WORK(&sub_info->work, __call_usermodehelper);
511         sub_info->path = path;
512         sub_info->argv = argv;
513         sub_info->envp = envp;
514   out:
515         return sub_info;
516 }
517
518 /**
519  * call_usermodehelper_setfns - set a cleanup/init function
520  * @info: a subprocess_info returned by call_usermodehelper_setup
521  * @cleanup: a cleanup function
522  * @init: an init function
523  * @data: arbitrary context sensitive data
524  *
525  * The init function is used to customize the helper process prior to
526  * exec.  A non-zero return code causes the process to error out, exit,
527  * and return the failure to the calling process
528  *
529  * The cleanup function is just before ethe subprocess_info is about to
530  * be freed.  This can be used for freeing the argv and envp.  The
531  * Function must be runnable in either a process context or the
532  * context in which call_usermodehelper_exec is called.
533  */
534 static
535 void call_usermodehelper_setfns(struct subprocess_info *info,
536                     int (*init)(struct subprocess_info *info, struct cred *new),
537                     void (*cleanup)(struct subprocess_info *info),
538                     void *data)
539 {
540         info->cleanup = cleanup;
541         info->init = init;
542         info->data = data;
543 }
544
545 /**
546  * call_usermodehelper_exec - start a usermode application
547  * @sub_info: information about the subprocessa
548  * @wait: wait for the application to finish and return status.
549  *        when -1 don't wait at all, but you get no useful error back when
550  *        the program couldn't be exec'ed. This makes it safe to call
551  *        from interrupt context.
552  *
553  * Runs a user-space application.  The application is started
554  * asynchronously if wait is not set, and runs as a child of keventd.
555  * (ie. it runs with full root capabilities).
556  */
557 static
558 int call_usermodehelper_exec(struct subprocess_info *sub_info, int wait)
559 {
560         DECLARE_COMPLETION_ONSTACK(done);
561         int retval = 0;
562
563         helper_lock();
564         if (sub_info->path[0] == '\0')
565                 goto out;
566
567         if (!khelper_wq || usermodehelper_disabled) {
568                 retval = -EBUSY;
569                 goto out;
570         }
571         /*
572          * Worker thread must not wait for khelper thread at below
573          * wait_for_completion() if the thread was created with CLONE_VFORK
574          * flag, for khelper thread is already waiting for the thread at
575          * wait_for_completion() in do_fork().
576          */
577         if (wait != UMH_NO_WAIT && current == kmod_thread_locker) {
578                 retval = -EBUSY;
579                 goto out;
580         }
581
582         sub_info->complete = &done;
583         sub_info->wait = wait;
584
585         queue_work(khelper_wq, &sub_info->work);
586         if (wait == UMH_NO_WAIT)        /* task has freed sub_info */
587                 goto unlock;
588
589         if (wait & UMH_KILLABLE) {
590                 retval = wait_for_completion_killable(&done);
591                 if (!retval)
592                         goto wait_done;
593
594                 /* umh_complete() will see NULL and free sub_info */
595                 if (xchg(&sub_info->complete, NULL))
596                         goto unlock;
597                 /* fallthrough, umh_complete() was already called */
598         }
599
600         wait_for_completion(&done);
601 wait_done:
602         retval = sub_info->retval;
603 out:
604         call_usermodehelper_freeinfo(sub_info);
605 unlock:
606         helper_unlock();
607         return retval;
608 }
609
610 /*
611  * call_usermodehelper_fns() will not run the caller-provided cleanup function
612  * if a memory allocation failure is experienced.  So the caller might need to
613  * check the call_usermodehelper_fns() return value: if it is -ENOMEM, perform
614  * the necessaary cleanup within the caller.
615  */
616 int call_usermodehelper_fns(
617         char *path, char **argv, char **envp, int wait,
618         int (*init)(struct subprocess_info *info, struct cred *new),
619         void (*cleanup)(struct subprocess_info *), void *data)
620 {
621         struct subprocess_info *info;
622         gfp_t gfp_mask = (wait == UMH_NO_WAIT) ? GFP_ATOMIC : GFP_KERNEL;
623
624         info = call_usermodehelper_setup(path, argv, envp, gfp_mask);
625
626         if (info == NULL)
627                 return -ENOMEM;
628
629         call_usermodehelper_setfns(info, init, cleanup, data);
630
631         return call_usermodehelper_exec(info, wait);
632 }
633 EXPORT_SYMBOL(call_usermodehelper_fns);
634
635 static int proc_cap_handler(struct ctl_table *table, int write,
636                          void __user *buffer, size_t *lenp, loff_t *ppos)
637 {
638         struct ctl_table t;
639         unsigned long cap_array[_KERNEL_CAPABILITY_U32S];
640         kernel_cap_t new_cap;
641         int err, i;
642
643         if (write && (!capable(CAP_SETPCAP) ||
644                       !capable(CAP_SYS_MODULE)))
645                 return -EPERM;
646
647         /*
648          * convert from the global kernel_cap_t to the ulong array to print to
649          * userspace if this is a read.
650          */
651         spin_lock(&umh_sysctl_lock);
652         for (i = 0; i < _KERNEL_CAPABILITY_U32S; i++)  {
653                 if (table->data == CAP_BSET)
654                         cap_array[i] = usermodehelper_bset.cap[i];
655                 else if (table->data == CAP_PI)
656                         cap_array[i] = usermodehelper_inheritable.cap[i];
657                 else
658                         BUG();
659         }
660         spin_unlock(&umh_sysctl_lock);
661
662         t = *table;
663         t.data = &cap_array;
664
665         /*
666          * actually read or write and array of ulongs from userspace.  Remember
667          * these are least significant 32 bits first
668          */
669         err = proc_doulongvec_minmax(&t, write, buffer, lenp, ppos);
670         if (err < 0)
671                 return err;
672
673         /*
674          * convert from the sysctl array of ulongs to the kernel_cap_t
675          * internal representation
676          */
677         for (i = 0; i < _KERNEL_CAPABILITY_U32S; i++)
678                 new_cap.cap[i] = cap_array[i];
679
680         /*
681          * Drop everything not in the new_cap (but don't add things)
682          */
683         spin_lock(&umh_sysctl_lock);
684         if (write) {
685                 if (table->data == CAP_BSET)
686                         usermodehelper_bset = cap_intersect(usermodehelper_bset, new_cap);
687                 if (table->data == CAP_PI)
688                         usermodehelper_inheritable = cap_intersect(usermodehelper_inheritable, new_cap);
689         }
690         spin_unlock(&umh_sysctl_lock);
691
692         return 0;
693 }
694
695 struct ctl_table usermodehelper_table[] = {
696         {
697                 .procname       = "bset",
698                 .data           = CAP_BSET,
699                 .maxlen         = _KERNEL_CAPABILITY_U32S * sizeof(unsigned long),
700                 .mode           = 0600,
701                 .proc_handler   = proc_cap_handler,
702         },
703         {
704                 .procname       = "inheritable",
705                 .data           = CAP_PI,
706                 .maxlen         = _KERNEL_CAPABILITY_U32S * sizeof(unsigned long),
707                 .mode           = 0600,
708                 .proc_handler   = proc_cap_handler,
709         },
710         { }
711 };
712
713 void __init usermodehelper_init(void)
714 {
715         khelper_wq = create_singlethread_workqueue("khelper");
716         BUG_ON(!khelper_wq);
717 }