[thirdparty/systemd.git] / src / core / kmod-setup.c

/* SPDX-License-Identifier: LGPL-2.1-or-later */

#include <unistd.h>

#include "alloc-util.h"
#include "bus-util.h"
#include "capability-util.h"
#include "efi-api.h"
#include "fileio.h"
#include "kmod-setup.h"
#include "macro.h"
#include "recurse-dir.h"
#include "string-util.h"
#include "virt.h"

#if HAVE_KMOD
#include "module-util.h"

static void systemd_kmod_log(
                void *data,
                int priority,
                const char *file, int line,
                const char *fn,
                const char *format,
                va_list args) {

        /* library logging is enabled at debug only */
        DISABLE_WARNING_FORMAT_NONLITERAL;
        log_internalv(LOG_DEBUG, 0, file, line, fn, format, args);
        REENABLE_WARNING;
}

static int has_virtio_rng_recurse_dir_cb(
                RecurseDirEvent event,
                const char *path,
                int dir_fd,
                int inode_fd,
                const struct dirent *de,
                const struct statx *sx,
                void *userdata) {

        _cleanup_free_ char *alias = NULL;
        int r;

        if (event != RECURSE_DIR_ENTRY)
                return RECURSE_DIR_CONTINUE;

        if (de->d_type != DT_REG)
                return RECURSE_DIR_CONTINUE;

        if (!streq(de->d_name, "modalias"))
                return RECURSE_DIR_CONTINUE;

        r = read_one_line_file(path, &alias);
        if (r < 0) {
                log_debug_errno(r, "Failed to read %s, ignoring: %m", path);
                return RECURSE_DIR_LEAVE_DIRECTORY;
        }

        if (startswith(alias, "pci:v00001AF4d00001005"))
                return 1;

        if (startswith(alias, "pci:v00001AF4d00001044"))
                return 1;

        return RECURSE_DIR_LEAVE_DIRECTORY;
}

static bool has_virtio_rng(void) {
        int r;

        r = recurse_dir_at(
                        AT_FDCWD,
                        "/sys/devices/pci0000:00",
                        /* statx_mask= */ 0,
                        /* n_depth_max= */ 2,
                        RECURSE_DIR_ENSURE_TYPE,
                        has_virtio_rng_recurse_dir_cb,
                        NULL);
        if (r < 0)
                log_debug_errno(r, "Failed to determine whether host has virtio-rng device, ignoring: %m");

        return r > 0;
}

static bool in_qemu(void) {
        return IN_SET(detect_vm(), VIRTUALIZATION_KVM, VIRTUALIZATION_QEMU);
}
#endif

int kmod_setup(void) {
#if HAVE_KMOD

        static const struct {
                const char *module;
                const char *path;
                bool warn_if_unavailable:1;
                bool warn_if_module:1;
                bool (*condition_fn)(void);
        } kmod_table[] = {
                /* This one we need to load explicitly, since auto-loading on use doesn't work
                 * before udev created the ghost device nodes, and we need it earlier than that. */
                { "autofs4",     "/sys/class/misc/autofs",    true,  false, NULL           },

                /* This one we need to load explicitly, since auto-loading of IPv6 is not done when
                 * we try to configure ::1 on the loopback device. */
                { "ipv6",        "/sys/module/ipv6",          false, true,  NULL           },

                /* This should never be a module */
                { "unix",        "/proc/net/unix",            true,  true,  NULL           },

#if HAVE_LIBIPTC
                /* netfilter is needed by networkd, nspawn among others, and cannot be autoloaded */
                { "ip_tables",   "/proc/net/ip_tables_names", false, false, NULL           },
#endif
                /* virtio_rng would be loaded by udev later, but real entropy might be needed very early */
                { "virtio_rng",  NULL,                        false, false, has_virtio_rng },

                /* qemu_fw_cfg would be loaded by udev later, but we want to import credentials from it super early */
                { "qemu_fw_cfg", "/sys/firmware/qemu_fw_cfg", false, false, in_qemu        },

                /* dmi-sysfs is needed to import credentials from it super early */
                { "dmi-sysfs",   "/sys/firmware/dmi/entries", false, false, NULL           },

#if HAVE_TPM2
                /* Make sure the tpm subsystem is available which ConditionSecurity=tpm2 depends on. */
                { "tpm",         "/sys/class/tpmrm",          false, false, efi_has_tpm2   },
#endif
        };
        _cleanup_(kmod_unrefp) struct kmod_ctx *ctx = NULL;
        unsigned i;

        if (have_effective_cap(CAP_SYS_MODULE) == 0)
                return 0;

        for (i = 0; i < ELEMENTSOF(kmod_table); i++) {
                if (kmod_table[i].path && access(kmod_table[i].path, F_OK) >= 0)
                        continue;

                if (kmod_table[i].condition_fn && !kmod_table[i].condition_fn())
                        continue;

                if (kmod_table[i].warn_if_module)
                        log_debug("Your kernel apparently lacks built-in %s support. Might be "
                                  "a good idea to compile it in. We'll now try to work around "
                                  "this by loading the module...", kmod_table[i].module);

                if (!ctx) {
                        ctx = kmod_new(NULL, NULL);
                        if (!ctx)
                                return log_oom();

                        kmod_set_log_fn(ctx, systemd_kmod_log, NULL);
                        kmod_load_resources(ctx);
                }

                (void) module_load_and_warn(ctx, kmod_table[i].module, kmod_table[i].warn_if_unavailable);
        }

#endif
        return 0;
}
Commit	Line	Data
db9ecf05	1	/* SPDX-License-Identifier: LGPL-2.1-or-later */
11c3a4ee	2
cf0fbc49	3	#include <unistd.h>
f84f9974	4
6c1f72f6	5	#include "alloc-util.h"
d79acc30	6	#include "bus-util.h"
cf0fbc49	7	#include "capability-util.h"
0ae03a0f	8	#include "efi-api.h"
6c1f72f6	9	#include "fileio.h"
11c3a4ee	10	#include "kmod-setup.h"
cf0fbc49	11	#include "macro.h"
79a72b1b	12	#include "recurse-dir.h"
6c1f72f6	13	#include "string-util.h"
5c1d67af	14	#include "virt.h"
11c3a4ee	15
349cc4a5	16	#if HAVE_KMOD
8a8a4b6e ZJS	17	#include "module-util.h"
8a8a4b6e ZJS	18
b4b87964 LP	19	static void systemd_kmod_log(
	20	void *data,
	21	int priority,
	22	const char *file, int line,
	23	const char *fn,
	24	const char *format,
	25	va_list args) {
	26
10223732	27	/* library logging is enabled at debug only */
bcfce235	28	DISABLE_WARNING_FORMAT_NONLITERAL;
79008bdd	29	log_internalv(LOG_DEBUG, 0, file, line, fn, format, args);
bcfce235	30	REENABLE_WARNING;
728beb28	31	}
b4b87964	32
79a72b1b LP	33	static int has_virtio_rng_recurse_dir_cb(
	34	RecurseDirEvent event,
	35	const char *path,
	36	int dir_fd,
	37	int inode_fd,
	38	const struct dirent *de,
	39	const struct statx *sx,
	40	void *userdata) {
6c1f72f6 HH	41
	42	_cleanup_free_ char *alias = NULL;
	43	int r;
	44
79a72b1b LP	45	if (event != RECURSE_DIR_ENTRY)
79a72b1b LP	46	return RECURSE_DIR_CONTINUE;
6c1f72f6	47
79a72b1b LP	48	if (de->d_type != DT_REG)
79a72b1b LP	49	return RECURSE_DIR_CONTINUE;
6c1f72f6	50
79a72b1b LP	51	if (!streq(de->d_name, "modalias"))
79a72b1b LP	52	return RECURSE_DIR_CONTINUE;
6c1f72f6	53
79a72b1b LP	54	r = read_one_line_file(path, &alias);
	55	if (r < 0) {
	56	log_debug_errno(r, "Failed to read %s, ignoring: %m", path);
	57	return RECURSE_DIR_LEAVE_DIRECTORY;
	58	}
6c1f72f6 HH	59
6c1f72f6 HH	60	if (startswith(alias, "pci:v00001AF4d00001005"))
79a72b1b	61	return 1;
6c1f72f6 HH	62
6c1f72f6 HH	63	if (startswith(alias, "pci:v00001AF4d00001044"))
79a72b1b	64	return 1;
6c1f72f6	65
79a72b1b	66	return RECURSE_DIR_LEAVE_DIRECTORY;
6c1f72f6 HH	67	}
	68
	69	static bool has_virtio_rng(void) {
79a72b1b LP	70	int r;
	71
	72	r = recurse_dir_at(
	73	AT_FDCWD,
	74	"/sys/devices/pci0000:00",
	75	/* statx_mask= */ 0,
	76	/* n_depth_max= */ 2,
	77	RECURSE_DIR_ENSURE_TYPE,
	78	has_virtio_rng_recurse_dir_cb,
	79	NULL);
	80	if (r < 0)
	81	log_debug_errno(r, "Failed to determine whether host has virtio-rng device, ignoring: %m");
	82
	83	return r > 0;
6c1f72f6	84	}
5c1d67af LP	85
	86	static bool in_qemu(void) {
	87	return IN_SET(detect_vm(), VIRTUALIZATION_KVM, VIRTUALIZATION_QEMU);
	88	}
95441cf2	89	#endif
6c1f72f6	90
7491e6e7	91	int kmod_setup(void) {
349cc4a5	92	#if HAVE_KMOD
c47fc1f0	93
7491e6e7 KS	94	static const struct {
	95	const char *module;
	96	const char *path;
85c67553 DM	97	bool warn_if_unavailable:1;
85c67553 DM	98	bool warn_if_module:1;
7491e6e7 KS	99	bool (*condition_fn)(void);
7491e6e7 KS	100	} kmod_table[] = {
6755bb55 ZJS	101	/* This one we need to load explicitly, since auto-loading on use doesn't work
6755bb55 ZJS	102	* before udev created the ghost device nodes, and we need it earlier than that. */
0ae03a0f	103	{ "autofs4", "/sys/class/misc/autofs", true, false, NULL },
7491e6e7	104
6755bb55 ZJS	105	/* This one we need to load explicitly, since auto-loading of IPv6 is not done when
6755bb55 ZJS	106	* we try to configure ::1 on the loopback device. */
0ae03a0f	107	{ "ipv6", "/sys/module/ipv6", false, true, NULL },
7491e6e7	108
6755bb55	109	/* This should never be a module */
0ae03a0f	110	{ "unix", "/proc/net/unix", true, true, NULL },
7491e6e7	111
349cc4a5	112	#if HAVE_LIBIPTC
1d308797	113	/* netfilter is needed by networkd, nspawn among others, and cannot be autoloaded */
0ae03a0f	114	{ "ip_tables", "/proc/net/ip_tables_names", false, false, NULL },
a363680f	115	#endif
6c1f72f6	116	/* virtio_rng would be loaded by udev later, but real entropy might be needed very early */
0ae03a0f	117	{ "virtio_rng", NULL, false, false, has_virtio_rng },
5c1d67af LP	118
5c1d67af LP	119	/* qemu_fw_cfg would be loaded by udev later, but we want to import credentials from it super early */
0ae03a0f	120	{ "qemu_fw_cfg", "/sys/firmware/qemu_fw_cfg", false, false, in_qemu },
8313a1a5 LN	121
8313a1a5 LN	122	/* dmi-sysfs is needed to import credentials from it super early */
0ae03a0f DDM	123	{ "dmi-sysfs", "/sys/firmware/dmi/entries", false, false, NULL },
	124
	125	#if HAVE_TPM2
	126	/* Make sure the tpm subsystem is available which ConditionSecurity=tpm2 depends on. */
	127	{ "tpm", "/sys/class/tpmrm", false, false, efi_has_tpm2 },
	128	#endif
7491e6e7	129	};
232ac0d6	130	_cleanup_(kmod_unrefp) struct kmod_ctx *ctx = NULL;
14cb109d	131	unsigned i;
11c3a4ee	132
c47fc1f0 LP	133	if (have_effective_cap(CAP_SYS_MODULE) == 0)
	134	return 0;
	135
7491e6e7	136	for (i = 0; i < ELEMENTSOF(kmod_table); i++) {
b43b8f7a	137	if (kmod_table[i].path && access(kmod_table[i].path, F_OK) >= 0)
7491e6e7 KS	138	continue;
7491e6e7 KS	139
b43b8f7a	140	if (kmod_table[i].condition_fn && !kmod_table[i].condition_fn())
11c3a4ee LP	141	continue;
11c3a4ee LP	142
85c67553	143	if (kmod_table[i].warn_if_module)
7491e6e7 KS	144	log_debug("Your kernel apparently lacks built-in %s support. Might be "
	145	"a good idea to compile it in. We'll now try to work around "
	146	"this by loading the module...", kmod_table[i].module);
11c3a4ee	147
728beb28 TG	148	if (!ctx) {
728beb28 TG	149	ctx = kmod_new(NULL, NULL);
b4b87964 LP	150	if (!ctx)
b4b87964 LP	151	return log_oom();
11c3a4ee	152
728beb28	153	kmod_set_log_fn(ctx, systemd_kmod_log, NULL);
728beb28 TG	154	kmod_load_resources(ctx);
728beb28 TG	155	}
11c3a4ee	156
81d7c696	157	(void) module_load_and_warn(ctx, kmod_table[i].module, kmod_table[i].warn_if_unavailable);
11c3a4ee LP	158	}
11c3a4ee LP	159
f84f9974	160	#endif
728beb28	161	return 0;
11c3a4ee	162	}