| /* SPDX-License-Identifier: GPL-2.0-or-later */ |
| /* |
| * kmod dups - the kernel module autoloader duplicate suppressor |
| * |
| * Copyright (C) 2023 Luis Chamberlain <mcgrof@kernel.org> |
| */ |
| |
| #define pr_fmt(fmt) "module: " fmt |
| |
| #include <linux/module.h> |
| #include <linux/sched.h> |
| #include <linux/sched/task.h> |
| #include <linux/binfmts.h> |
| #include <linux/syscalls.h> |
| #include <linux/unistd.h> |
| #include <linux/kmod.h> |
| #include <linux/slab.h> |
| #include <linux/completion.h> |
| #include <linux/cred.h> |
| #include <linux/file.h> |
| #include <linux/fdtable.h> |
| #include <linux/workqueue.h> |
| #include <linux/security.h> |
| #include <linux/mount.h> |
| #include <linux/kernel.h> |
| #include <linux/init.h> |
| #include <linux/resource.h> |
| #include <linux/notifier.h> |
| #include <linux/suspend.h> |
| #include <linux/rwsem.h> |
| #include <linux/ptrace.h> |
| #include <linux/async.h> |
| #include <linux/uaccess.h> |
| |
| #include "internal.h" |
| |
| #undef MODULE_PARAM_PREFIX |
| #define MODULE_PARAM_PREFIX "module." |
| static bool enable_dups_trace = IS_ENABLED(CONFIG_MODULE_DEBUG_AUTOLOAD_DUPS_TRACE); |
| module_param(enable_dups_trace, bool_enable_only, 0644); |
| |
| /* |
| * Protects dup_kmod_reqs list, adds / removals with RCU. |
| */ |
| static DEFINE_MUTEX(kmod_dup_mutex); |
| static LIST_HEAD(dup_kmod_reqs); |
| |
| struct kmod_dup_req { |
| struct list_head list; |
| char name[MODULE_NAME_LEN]; |
| struct completion first_req_done; |
| struct work_struct complete_work; |
| struct delayed_work delete_work; |
| int dup_ret; |
| }; |
| |
| static struct kmod_dup_req *kmod_dup_request_lookup(char *module_name) |
| { |
| struct kmod_dup_req *kmod_req; |
| |
| list_for_each_entry_rcu(kmod_req, &dup_kmod_reqs, list, |
| lockdep_is_held(&kmod_dup_mutex)) { |
| if (strlen(kmod_req->name) == strlen(module_name) && |
| !memcmp(kmod_req->name, module_name, strlen(module_name))) { |
| return kmod_req; |
| } |
| } |
| |
| return NULL; |
| } |
| |
| static void kmod_dup_request_delete(struct work_struct *work) |
| { |
| struct kmod_dup_req *kmod_req; |
| kmod_req = container_of(to_delayed_work(work), struct kmod_dup_req, delete_work); |
| |
| /* |
| * The typical situation is a module successully loaded. In that |
| * situation the module will be present already in userspace. If |
| * new requests come in after that, userspace will already know the |
| * module is loaded so will just return 0 right away. There is still |
| * a small chance right after we delete this entry new request_module() |
| * calls may happen after that, they can happen. These heuristics |
| * are to protect finit_module() abuse for auto-loading, if modules |
| * are still tryign to auto-load even if a module is already loaded, |
| * that's on them, and those inneficiencies should not be fixed by |
| * kmod. The inneficies there are a call to modprobe and modprobe |
| * just returning 0. |
| */ |
| mutex_lock(&kmod_dup_mutex); |
| list_del_rcu(&kmod_req->list); |
| synchronize_rcu(); |
| mutex_unlock(&kmod_dup_mutex); |
| kfree(kmod_req); |
| } |
| |
| static void kmod_dup_request_complete(struct work_struct *work) |
| { |
| struct kmod_dup_req *kmod_req; |
| |
| kmod_req = container_of(work, struct kmod_dup_req, complete_work); |
| |
| /* |
| * This will ensure that the kernel will let all the waiters get |
| * informed its time to check the return value. It's time to |
| * go home. |
| */ |
| complete_all(&kmod_req->first_req_done); |
| |
| /* |
| * Now that we have allowed prior request_module() calls to go on |
| * with life, let's schedule deleting this entry. We don't have |
| * to do it right away, but we *eventually* want to do it so to not |
| * let this linger forever as this is just a boot optimization for |
| * possible abuses of vmalloc() incurred by finit_module() thrashing. |
| */ |
| queue_delayed_work(system_wq, &kmod_req->delete_work, 60 * HZ); |
| } |
| |
| bool kmod_dup_request_exists_wait(char *module_name, bool wait, int *dup_ret) |
| { |
| struct kmod_dup_req *kmod_req, *new_kmod_req; |
| int ret; |
| |
| /* |
| * Pre-allocate the entry in case we have to use it later |
| * to avoid contention with the mutex. |
| */ |
| new_kmod_req = kzalloc(sizeof(*new_kmod_req), GFP_KERNEL); |
| if (!new_kmod_req) |
| return false; |
| |
| memcpy(new_kmod_req->name, module_name, strlen(module_name)); |
| INIT_WORK(&new_kmod_req->complete_work, kmod_dup_request_complete); |
| INIT_DELAYED_WORK(&new_kmod_req->delete_work, kmod_dup_request_delete); |
| init_completion(&new_kmod_req->first_req_done); |
| |
| mutex_lock(&kmod_dup_mutex); |
| |
| kmod_req = kmod_dup_request_lookup(module_name); |
| if (!kmod_req) { |
| /* |
| * If the first request that came through for a module |
| * was with request_module_nowait() we cannot wait for it |
| * and share its return value with other users which may |
| * have used request_module() and need a proper return value |
| * so just skip using them as an anchor. |
| * |
| * If a prior request to this one came through with |
| * request_module() though, then a request_module_nowait() |
| * would benefit from duplicate detection. |
| */ |
| if (!wait) { |
| kfree(new_kmod_req); |
| pr_debug("New request_module_nowait() for %s -- cannot track duplicates for this request\n", module_name); |
| mutex_unlock(&kmod_dup_mutex); |
| return false; |
| } |
| |
| /* |
| * There was no duplicate, just add the request so we can |
| * keep tab on duplicates later. |
| */ |
| pr_debug("New request_module() for %s\n", module_name); |
| list_add_rcu(&new_kmod_req->list, &dup_kmod_reqs); |
| mutex_unlock(&kmod_dup_mutex); |
| return false; |
| } |
| mutex_unlock(&kmod_dup_mutex); |
| |
| /* We are dealing with a duplicate request now */ |
| kfree(new_kmod_req); |
| |
| /* |
| * To fix these try to use try_then_request_module() instead as that |
| * will check if the component you are looking for is present or not. |
| * You could also just queue a single request to load the module once, |
| * instead of having each and everything you need try to request for |
| * the module. |
| * |
| * Duplicate request_module() calls can cause quite a bit of wasted |
| * vmalloc() space when racing with userspace. |
| */ |
| if (enable_dups_trace) |
| WARN(1, "module-autoload: duplicate request for module %s\n", module_name); |
| else |
| pr_warn("module-autoload: duplicate request for module %s\n", module_name); |
| |
| if (!wait) { |
| /* |
| * If request_module_nowait() was used then the user just |
| * wanted to issue the request and if another module request |
| * was already its way with the same name we don't care for |
| * the return value either. Let duplicate request_module_nowait() |
| * calls bail out right away. |
| */ |
| *dup_ret = 0; |
| return true; |
| } |
| |
| /* |
| * If a duplicate request_module() was used they *may* care for |
| * the return value, so we have no other option but to wait for |
| * the first caller to complete. If the first caller used |
| * the request_module_nowait() call, subsquent callers will |
| * deal with the comprmise of getting a successful call with this |
| * optimization enabled ... |
| */ |
| ret = wait_for_completion_state(&kmod_req->first_req_done, |
| TASK_UNINTERRUPTIBLE | TASK_KILLABLE); |
| if (ret) { |
| *dup_ret = ret; |
| return true; |
| } |
| |
| /* Now the duplicate request has the same exact return value as the first request */ |
| *dup_ret = kmod_req->dup_ret; |
| |
| return true; |
| } |
| |
| void kmod_dup_request_announce(char *module_name, int ret) |
| { |
| struct kmod_dup_req *kmod_req; |
| |
| mutex_lock(&kmod_dup_mutex); |
| |
| kmod_req = kmod_dup_request_lookup(module_name); |
| if (!kmod_req) |
| goto out; |
| |
| kmod_req->dup_ret = ret; |
| |
| /* |
| * If we complete() here we may allow duplicate threads |
| * to continue before the first one that submitted the |
| * request. We're in no rush also, given that each and |
| * every bounce back to userspace is slow we avoid that |
| * with a slight delay here. So queueue up the completion |
| * and let duplicates suffer, just wait a tad bit longer. |
| * There is no rush. But we also don't want to hold the |
| * caller up forever or introduce any boot delays. |
| */ |
| queue_work(system_wq, &kmod_req->complete_work); |
| |
| out: |
| mutex_unlock(&kmod_dup_mutex); |
| } |