1/* SPDX-License-Identifier: GPL-2.0-or-later */
2/*
3 * kmod dups - the kernel module autoloader duplicate suppressor
4 *
5 * Copyright (C) 2023 Luis Chamberlain <mcgrof@kernel.org>
6 */
7
8#define pr_fmt(fmt) "module: " fmt
9
10#include <linux/module.h>
11#include <linux/sched.h>
12#include <linux/sched/task.h>
13#include <linux/binfmts.h>
14#include <linux/syscalls.h>
15#include <linux/unistd.h>
16#include <linux/kmod.h>
17#include <linux/slab.h>
18#include <linux/completion.h>
19#include <linux/cred.h>
20#include <linux/file.h>
21#include <linux/workqueue.h>
22#include <linux/security.h>
23#include <linux/mount.h>
24#include <linux/kernel.h>
25#include <linux/init.h>
26#include <linux/resource.h>
27#include <linux/notifier.h>
28#include <linux/suspend.h>
29#include <linux/rwsem.h>
30#include <linux/ptrace.h>
31#include <linux/async.h>
32#include <linux/uaccess.h>
33
34#include "internal.h"
35
36#undef MODULE_PARAM_PREFIX
37#define MODULE_PARAM_PREFIX "module."
38static bool enable_dups_trace = IS_ENABLED(CONFIG_MODULE_DEBUG_AUTOLOAD_DUPS_TRACE);
39module_param(enable_dups_trace, bool_enable_only, 0644);
40
41/*
42 * Protects dup_kmod_reqs list, adds / removals with RCU.
43 */
44static DEFINE_MUTEX(kmod_dup_mutex);
45static LIST_HEAD(dup_kmod_reqs);
46
47struct kmod_dup_req {
48 struct list_head list;
49 char name[MODULE_NAME_LEN];
50 struct completion first_req_done;
51 struct work_struct complete_work;
52 struct delayed_work delete_work;
53 int dup_ret;
54};
55
56static struct kmod_dup_req *kmod_dup_request_lookup(char *module_name)
57{
58 struct kmod_dup_req *kmod_req;
59
60 list_for_each_entry_rcu(kmod_req, &dup_kmod_reqs, list,
61 lockdep_is_held(&kmod_dup_mutex)) {
62 if (strlen(kmod_req->name) == strlen(module_name) &&
63 !memcmp(p: kmod_req->name, q: module_name, strlen(module_name))) {
64 return kmod_req;
65 }
66 }
67
68 return NULL;
69}
70
71static void kmod_dup_request_delete(struct work_struct *work)
72{
73 struct kmod_dup_req *kmod_req;
74 kmod_req = container_of(to_delayed_work(work), struct kmod_dup_req, delete_work);
75
76 /*
77 * The typical situation is a module successully loaded. In that
78 * situation the module will be present already in userspace. If
79 * new requests come in after that, userspace will already know the
80 * module is loaded so will just return 0 right away. There is still
81 * a small chance right after we delete this entry new request_module()
82 * calls may happen after that, they can happen. These heuristics
83 * are to protect finit_module() abuse for auto-loading, if modules
84 * are still tryign to auto-load even if a module is already loaded,
85 * that's on them, and those inneficiencies should not be fixed by
86 * kmod. The inneficies there are a call to modprobe and modprobe
87 * just returning 0.
88 */
89 mutex_lock(&kmod_dup_mutex);
90 list_del_rcu(entry: &kmod_req->list);
91 synchronize_rcu();
92 mutex_unlock(lock: &kmod_dup_mutex);
93 kfree(objp: kmod_req);
94}
95
96static void kmod_dup_request_complete(struct work_struct *work)
97{
98 struct kmod_dup_req *kmod_req;
99
100 kmod_req = container_of(work, struct kmod_dup_req, complete_work);
101
102 /*
103 * This will ensure that the kernel will let all the waiters get
104 * informed its time to check the return value. It's time to
105 * go home.
106 */
107 complete_all(&kmod_req->first_req_done);
108
109 /*
110 * Now that we have allowed prior request_module() calls to go on
111 * with life, let's schedule deleting this entry. We don't have
112 * to do it right away, but we *eventually* want to do it so to not
113 * let this linger forever as this is just a boot optimization for
114 * possible abuses of vmalloc() incurred by finit_module() thrashing.
115 */
116 queue_delayed_work(wq: system_wq, dwork: &kmod_req->delete_work, delay: 60 * HZ);
117}
118
119bool kmod_dup_request_exists_wait(char *module_name, bool wait, int *dup_ret)
120{
121 struct kmod_dup_req *kmod_req, *new_kmod_req;
122 int ret;
123
124 /*
125 * Pre-allocate the entry in case we have to use it later
126 * to avoid contention with the mutex.
127 */
128 new_kmod_req = kzalloc(sizeof(*new_kmod_req), GFP_KERNEL);
129 if (!new_kmod_req)
130 return false;
131
132 memcpy(new_kmod_req->name, module_name, strlen(module_name));
133 INIT_WORK(&new_kmod_req->complete_work, kmod_dup_request_complete);
134 INIT_DELAYED_WORK(&new_kmod_req->delete_work, kmod_dup_request_delete);
135 init_completion(x: &new_kmod_req->first_req_done);
136
137 mutex_lock(&kmod_dup_mutex);
138
139 kmod_req = kmod_dup_request_lookup(module_name);
140 if (!kmod_req) {
141 /*
142 * If the first request that came through for a module
143 * was with request_module_nowait() we cannot wait for it
144 * and share its return value with other users which may
145 * have used request_module() and need a proper return value
146 * so just skip using them as an anchor.
147 *
148 * If a prior request to this one came through with
149 * request_module() though, then a request_module_nowait()
150 * would benefit from duplicate detection.
151 */
152 if (!wait) {
153 kfree(objp: new_kmod_req);
154 pr_debug("New request_module_nowait() for %s -- cannot track duplicates for this request\n", module_name);
155 mutex_unlock(lock: &kmod_dup_mutex);
156 return false;
157 }
158
159 /*
160 * There was no duplicate, just add the request so we can
161 * keep tab on duplicates later.
162 */
163 pr_debug("New request_module() for %s\n", module_name);
164 list_add_rcu(new: &new_kmod_req->list, head: &dup_kmod_reqs);
165 mutex_unlock(lock: &kmod_dup_mutex);
166 return false;
167 }
168 mutex_unlock(lock: &kmod_dup_mutex);
169
170 /* We are dealing with a duplicate request now */
171 kfree(objp: new_kmod_req);
172
173 /*
174 * To fix these try to use try_then_request_module() instead as that
175 * will check if the component you are looking for is present or not.
176 * You could also just queue a single request to load the module once,
177 * instead of having each and everything you need try to request for
178 * the module.
179 *
180 * Duplicate request_module() calls can cause quite a bit of wasted
181 * vmalloc() space when racing with userspace.
182 */
183 if (enable_dups_trace)
184 WARN(1, "module-autoload: duplicate request for module %s\n", module_name);
185 else
186 pr_warn("module-autoload: duplicate request for module %s\n", module_name);
187
188 if (!wait) {
189 /*
190 * If request_module_nowait() was used then the user just
191 * wanted to issue the request and if another module request
192 * was already its way with the same name we don't care for
193 * the return value either. Let duplicate request_module_nowait()
194 * calls bail out right away.
195 */
196 *dup_ret = 0;
197 return true;
198 }
199
200 /*
201 * If a duplicate request_module() was used they *may* care for
202 * the return value, so we have no other option but to wait for
203 * the first caller to complete. If the first caller used
204 * the request_module_nowait() call, subsquent callers will
205 * deal with the comprmise of getting a successful call with this
206 * optimization enabled ...
207 */
208 ret = wait_for_completion_state(x: &kmod_req->first_req_done,
209 TASK_KILLABLE);
210 if (ret) {
211 *dup_ret = ret;
212 return true;
213 }
214
215 /* Now the duplicate request has the same exact return value as the first request */
216 *dup_ret = kmod_req->dup_ret;
217
218 return true;
219}
220
221void kmod_dup_request_announce(char *module_name, int ret)
222{
223 struct kmod_dup_req *kmod_req;
224
225 mutex_lock(&kmod_dup_mutex);
226
227 kmod_req = kmod_dup_request_lookup(module_name);
228 if (!kmod_req)
229 goto out;
230
231 kmod_req->dup_ret = ret;
232
233 /*
234 * If we complete() here we may allow duplicate threads
235 * to continue before the first one that submitted the
236 * request. We're in no rush also, given that each and
237 * every bounce back to userspace is slow we avoid that
238 * with a slight delay here. So queueue up the completion
239 * and let duplicates suffer, just wait a tad bit longer.
240 * There is no rush. But we also don't want to hold the
241 * caller up forever or introduce any boot delays.
242 */
243 queue_work(wq: system_wq, work: &kmod_req->complete_work);
244
245out:
246 mutex_unlock(lock: &kmod_dup_mutex);
247}
248

source code of linux/kernel/module/dups.c

Morty Proxy This is a proxified and sanitized view of the page, visit original site.