[thirdparty/systemd.git] / src / core / kmod-setup.c

/* SPDX-License-Identifier: LGPL-2.1-or-later */

#include <unistd.h>

#include "alloc-util.h"
#include "bus-util.h"
#include "capability-util.h"
#include "efi-api.h"
#include "fileio.h"
#include "kmod-setup.h"
#include "macro.h"
#include "recurse-dir.h"
#include "string-util.h"
#include "strv.h"
#include "virt.h"

#if HAVE_KMOD
#include "module-util.h"

static void systemd_kmod_log(
                void *data,
                int priority,
                const char *file, int line,
                const char *fn,
                const char *format,
                va_list args) {

        /* library logging is enabled at debug only */
        DISABLE_WARNING_FORMAT_NONLITERAL;
        log_internalv(LOG_DEBUG, 0, file, line, fn, format, args);
        REENABLE_WARNING;
}

static int match_modalias_recurse_dir_cb(
                RecurseDirEvent event,
                const char *path,
                int dir_fd,
                int inode_fd,
                const struct dirent *de,
                const struct statx *sx,
                void *userdata) {

        _cleanup_free_ char *alias = NULL;
        char **modaliases = ASSERT_PTR(userdata);
        int r;

        if (event != RECURSE_DIR_ENTRY)
                return RECURSE_DIR_CONTINUE;

        if (de->d_type != DT_REG)
                return RECURSE_DIR_CONTINUE;

        if (!streq(de->d_name, "modalias"))
                return RECURSE_DIR_CONTINUE;

        r = read_one_line_file(path, &alias);
        if (r < 0) {
                log_debug_errno(r, "Failed to read %s, ignoring: %m", path);
                return RECURSE_DIR_LEAVE_DIRECTORY;
        }

        if (startswith_strv(alias, modaliases))
                return 1;

        return RECURSE_DIR_LEAVE_DIRECTORY;
}

static bool has_virtio_rng(void) {
        int r;

        /* Directory traversal might be slow, hence let's do a cheap check first if it's even worth it */
        if (detect_vm() == VIRTUALIZATION_NONE)
                return false;

        r = recurse_dir_at(
                        AT_FDCWD,
                        "/sys/devices/pci0000:00",
                        /* statx_mask= */ 0,
                        /* n_depth_max= */ 2,
                        RECURSE_DIR_ENSURE_TYPE,
                        match_modalias_recurse_dir_cb,
                        STRV_MAKE("pci:v00001AF4d00001005", "pci:v00001AF4d00001044"));
        if (r < 0)
                log_debug_errno(r, "Failed to determine whether host has virtio-rng device, ignoring: %m");

        return r > 0;
}

static bool has_virtio_console(void) {
        int r;

        /* Directory traversal might be slow, hence let's do a cheap check first if it's even worth it */
        if (detect_vm() == VIRTUALIZATION_NONE)
                return false;

        r = recurse_dir_at(
                        AT_FDCWD,
                        "/sys/devices/pci0000:00",
                        /* statx_mask= */ 0,
                        /* n_depth_max= */ 3,
                        RECURSE_DIR_ENSURE_TYPE,
                        match_modalias_recurse_dir_cb,
                        STRV_MAKE("virtio:d00000003v", "virtio:d0000000Bv"));
        if (r < 0)
                log_debug_errno(r, "Failed to determine whether host has virtio-console device, ignoring: %m");

        return r > 0;
}

static bool has_virtio_vsock(void) {
        int r;

        /* Directory traversal might be slow, hence let's do a cheap check first if it's even worth it */
        if (detect_vm() == VIRTUALIZATION_NONE)
                return false;

        r = recurse_dir_at(
                        AT_FDCWD,
                        "/sys/devices/pci0000:00",
                        /* statx_mask= */ 0,
                        /* n_depth_max= */ 3,
                        RECURSE_DIR_ENSURE_TYPE,
                        match_modalias_recurse_dir_cb,
                        STRV_MAKE("virtio:d00000013v"));
        if (r < 0)
                log_debug_errno(r, "Failed to determine whether host has virtio-vsock device, ignoring: %m");

        return r > 0;
}

static bool in_qemu(void) {
        return IN_SET(detect_vm(), VIRTUALIZATION_KVM, VIRTUALIZATION_QEMU);
}
#endif

int kmod_setup(void) {
#if HAVE_KMOD

        static const struct {
                const char *module;
                const char *path;
                bool warn_if_unavailable:1;
                bool warn_if_module:1;
                bool (*condition_fn)(void);
        } kmod_table[] = {
                /* This one we need to load explicitly, since auto-loading on use doesn't work
                 * before udev created the ghost device nodes, and we need it earlier than that. */
                { "autofs4",                    "/sys/class/misc/autofs",    true,  false, NULL               },

                /* This one we need to load explicitly, since auto-loading of IPv6 is not done when
                 * we try to configure ::1 on the loopback device. */
                { "ipv6",                       "/sys/module/ipv6",          false, true,  NULL               },

                /* This should never be a module */
                { "unix",                       "/proc/net/unix",            true,  true,  NULL               },

#if HAVE_LIBIPTC
                /* netfilter is needed by networkd, nspawn among others, and cannot be autoloaded */
                { "ip_tables",                  "/proc/net/ip_tables_names", false, false, NULL               },
#endif
                /* virtio_rng would be loaded by udev later, but real entropy might be needed very early */
                { "virtio_rng",                 NULL,                        false, false, has_virtio_rng     },

                /* we want early logging to hvc consoles if possible, and make sure systemd-getty-generator
                 * can rely on all consoles being probed already.*/
                { "virtio_console",             NULL,                        false, false, has_virtio_console },

                /* Make sure we can send sd-notify messages over vsock as early as possible. */
                { "vmw_vsock_virtio_transport", NULL,                        false, false, has_virtio_vsock   },

                /* qemu_fw_cfg would be loaded by udev later, but we want to import credentials from it super early */
                { "qemu_fw_cfg",                "/sys/firmware/qemu_fw_cfg", false, false, in_qemu            },

                /* dmi-sysfs is needed to import credentials from it super early */
                { "dmi-sysfs",                  "/sys/firmware/dmi/entries", false, false, NULL               },

#if HAVE_TPM2
                /* Make sure the tpm subsystem is available which ConditionSecurity=tpm2 depends on. */
                { "tpm",                        "/sys/class/tpmrm",          false, false, efi_has_tpm2       },
#endif
        };
        _cleanup_(kmod_unrefp) struct kmod_ctx *ctx = NULL;
        unsigned i;

        if (have_effective_cap(CAP_SYS_MODULE) <= 0)
                return 0;

        for (i = 0; i < ELEMENTSOF(kmod_table); i++) {
                if (kmod_table[i].path && access(kmod_table[i].path, F_OK) >= 0)
                        continue;

                if (kmod_table[i].condition_fn && !kmod_table[i].condition_fn())
                        continue;

                if (kmod_table[i].warn_if_module)
                        log_debug("Your kernel apparently lacks built-in %s support. Might be "
                                  "a good idea to compile it in. We'll now try to work around "
                                  "this by loading the module...", kmod_table[i].module);

                if (!ctx) {
                        ctx = kmod_new(NULL, NULL);
                        if (!ctx)
                                return log_oom();

                        kmod_set_log_fn(ctx, systemd_kmod_log, NULL);
                        kmod_load_resources(ctx);
                }

                (void) module_load_and_warn(ctx, kmod_table[i].module, kmod_table[i].warn_if_unavailable);
        }

#endif
        return 0;
}
Commit	Line	Data
db9ecf05	1	/* SPDX-License-Identifier: LGPL-2.1-or-later */
11c3a4ee	2
cf0fbc49	3	#include <unistd.h>
f84f9974	4
6c1f72f6	5	#include "alloc-util.h"
d79acc30	6	#include "bus-util.h"
cf0fbc49	7	#include "capability-util.h"
0ae03a0f	8	#include "efi-api.h"
6c1f72f6	9	#include "fileio.h"
11c3a4ee	10	#include "kmod-setup.h"
cf0fbc49	11	#include "macro.h"
79a72b1b	12	#include "recurse-dir.h"
6c1f72f6	13	#include "string-util.h"
fa505db3	14	#include "strv.h"
5c1d67af	15	#include "virt.h"
11c3a4ee	16
349cc4a5	17	#if HAVE_KMOD
8a8a4b6e ZJS	18	#include "module-util.h"
8a8a4b6e ZJS	19
b4b87964 LP	20	static void systemd_kmod_log(
	21	void *data,
	22	int priority,
	23	const char *file, int line,
	24	const char *fn,
	25	const char *format,
	26	va_list args) {
	27
10223732	28	/* library logging is enabled at debug only */
bcfce235	29	DISABLE_WARNING_FORMAT_NONLITERAL;
79008bdd	30	log_internalv(LOG_DEBUG, 0, file, line, fn, format, args);
bcfce235	31	REENABLE_WARNING;
728beb28	32	}
b4b87964	33
e1d8f702	34	static int match_modalias_recurse_dir_cb(
79a72b1b LP	35	RecurseDirEvent event,
	36	const char *path,
	37	int dir_fd,
	38	int inode_fd,
	39	const struct dirent *de,
	40	const struct statx *sx,
	41	void *userdata) {
6c1f72f6 HH	42
6c1f72f6 HH	43	_cleanup_free_ char *alias = NULL;
e1d8f702	44	char **modaliases = ASSERT_PTR(userdata);
6c1f72f6 HH	45	int r;
6c1f72f6 HH	46
79a72b1b LP	47	if (event != RECURSE_DIR_ENTRY)
79a72b1b LP	48	return RECURSE_DIR_CONTINUE;
6c1f72f6	49
79a72b1b LP	50	if (de->d_type != DT_REG)
79a72b1b LP	51	return RECURSE_DIR_CONTINUE;
6c1f72f6	52
79a72b1b LP	53	if (!streq(de->d_name, "modalias"))
79a72b1b LP	54	return RECURSE_DIR_CONTINUE;
6c1f72f6	55
79a72b1b LP	56	r = read_one_line_file(path, &alias);
	57	if (r < 0) {
	58	log_debug_errno(r, "Failed to read %s, ignoring: %m", path);
	59	return RECURSE_DIR_LEAVE_DIRECTORY;
	60	}
6c1f72f6	61
e1d8f702	62	if (startswith_strv(alias, modaliases))
79a72b1b	63	return 1;
6c1f72f6	64
79a72b1b	65	return RECURSE_DIR_LEAVE_DIRECTORY;
6c1f72f6 HH	66	}
	67
	68	static bool has_virtio_rng(void) {
79a72b1b LP	69	int r;
79a72b1b LP	70
0a5d3c0b LP	71	/* Directory traversal might be slow, hence let's do a cheap check first if it's even worth it */
	72	if (detect_vm() == VIRTUALIZATION_NONE)
	73	return false;
	74
79a72b1b LP	75	r = recurse_dir_at(
	76	AT_FDCWD,
	77	"/sys/devices/pci0000:00",
	78	/* statx_mask= */ 0,
	79	/* n_depth_max= */ 2,
	80	RECURSE_DIR_ENSURE_TYPE,
e1d8f702 DDM	81	match_modalias_recurse_dir_cb,
e1d8f702 DDM	82	STRV_MAKE("pci:v00001AF4d00001005", "pci:v00001AF4d00001044"));
79a72b1b LP	83	if (r < 0)
	84	log_debug_errno(r, "Failed to determine whether host has virtio-rng device, ignoring: %m");
	85
	86	return r > 0;
6c1f72f6	87	}
5c1d67af	88
a93aaede DDM	89	static bool has_virtio_console(void) {
	90	int r;
	91
	92	/* Directory traversal might be slow, hence let's do a cheap check first if it's even worth it */
	93	if (detect_vm() == VIRTUALIZATION_NONE)
	94	return false;
	95
	96	r = recurse_dir_at(
	97	AT_FDCWD,
	98	"/sys/devices/pci0000:00",
	99	/* statx_mask= */ 0,
	100	/* n_depth_max= */ 3,
	101	RECURSE_DIR_ENSURE_TYPE,
	102	match_modalias_recurse_dir_cb,
	103	STRV_MAKE("virtio:d00000003v", "virtio:d0000000Bv"));
	104	if (r < 0)
	105	log_debug_errno(r, "Failed to determine whether host has virtio-console device, ignoring: %m");
	106
	107	return r > 0;
	108	}
	109
abf25fae DDM	110	static bool has_virtio_vsock(void) {
	111	int r;
	112
	113	/* Directory traversal might be slow, hence let's do a cheap check first if it's even worth it */
	114	if (detect_vm() == VIRTUALIZATION_NONE)
	115	return false;
	116
	117	r = recurse_dir_at(
	118	AT_FDCWD,
	119	"/sys/devices/pci0000:00",
	120	/* statx_mask= */ 0,
	121	/* n_depth_max= */ 3,
	122	RECURSE_DIR_ENSURE_TYPE,
	123	match_modalias_recurse_dir_cb,
	124	STRV_MAKE("virtio:d00000013v"));
	125	if (r < 0)
	126	log_debug_errno(r, "Failed to determine whether host has virtio-vsock device, ignoring: %m");
	127
	128	return r > 0;
	129	}
	130
5c1d67af LP	131	static bool in_qemu(void) {
	132	return IN_SET(detect_vm(), VIRTUALIZATION_KVM, VIRTUALIZATION_QEMU);
	133	}
95441cf2	134	#endif
6c1f72f6	135
7491e6e7	136	int kmod_setup(void) {
349cc4a5	137	#if HAVE_KMOD
c47fc1f0	138
7491e6e7 KS	139	static const struct {
	140	const char *module;
	141	const char *path;
85c67553 DM	142	bool warn_if_unavailable:1;
85c67553 DM	143	bool warn_if_module:1;
7491e6e7 KS	144	bool (*condition_fn)(void);
7491e6e7 KS	145	} kmod_table[] = {
6755bb55 ZJS	146	/* This one we need to load explicitly, since auto-loading on use doesn't work
6755bb55 ZJS	147	* before udev created the ghost device nodes, and we need it earlier than that. */
abf25fae	148	{ "autofs4", "/sys/class/misc/autofs", true, false, NULL },
7491e6e7	149
6755bb55 ZJS	150	/* This one we need to load explicitly, since auto-loading of IPv6 is not done when
6755bb55 ZJS	151	* we try to configure ::1 on the loopback device. */
abf25fae	152	{ "ipv6", "/sys/module/ipv6", false, true, NULL },
7491e6e7	153
6755bb55	154	/* This should never be a module */
abf25fae	155	{ "unix", "/proc/net/unix", true, true, NULL },
7491e6e7	156
349cc4a5	157	#if HAVE_LIBIPTC
1d308797	158	/* netfilter is needed by networkd, nspawn among others, and cannot be autoloaded */
abf25fae	159	{ "ip_tables", "/proc/net/ip_tables_names", false, false, NULL },
a363680f	160	#endif
6c1f72f6	161	/* virtio_rng would be loaded by udev later, but real entropy might be needed very early */
abf25fae	162	{ "virtio_rng", NULL, false, false, has_virtio_rng },
a93aaede DDM	163
	164	/* we want early logging to hvc consoles if possible, and make sure systemd-getty-generator
	165	* can rely on all consoles being probed already.*/
abf25fae DDM	166	{ "virtio_console", NULL, false, false, has_virtio_console },
	167
	168	/* Make sure we can send sd-notify messages over vsock as early as possible. */
	169	{ "vmw_vsock_virtio_transport", NULL, false, false, has_virtio_vsock },
5c1d67af LP	170
5c1d67af LP	171	/* qemu_fw_cfg would be loaded by udev later, but we want to import credentials from it super early */
abf25fae	172	{ "qemu_fw_cfg", "/sys/firmware/qemu_fw_cfg", false, false, in_qemu },
8313a1a5 LN	173
8313a1a5 LN	174	/* dmi-sysfs is needed to import credentials from it super early */
abf25fae	175	{ "dmi-sysfs", "/sys/firmware/dmi/entries", false, false, NULL },
0ae03a0f DDM	176
	177	#if HAVE_TPM2
	178	/* Make sure the tpm subsystem is available which ConditionSecurity=tpm2 depends on. */
abf25fae	179	{ "tpm", "/sys/class/tpmrm", false, false, efi_has_tpm2 },
0ae03a0f	180	#endif
7491e6e7	181	};
232ac0d6	182	_cleanup_(kmod_unrefp) struct kmod_ctx *ctx = NULL;
14cb109d	183	unsigned i;
11c3a4ee	184
26c45a6c	185	if (have_effective_cap(CAP_SYS_MODULE) <= 0)
c47fc1f0 LP	186	return 0;
c47fc1f0 LP	187
7491e6e7	188	for (i = 0; i < ELEMENTSOF(kmod_table); i++) {
b43b8f7a	189	if (kmod_table[i].path && access(kmod_table[i].path, F_OK) >= 0)
7491e6e7 KS	190	continue;
7491e6e7 KS	191
b43b8f7a	192	if (kmod_table[i].condition_fn && !kmod_table[i].condition_fn())
11c3a4ee LP	193	continue;
11c3a4ee LP	194
85c67553	195	if (kmod_table[i].warn_if_module)
7491e6e7 KS	196	log_debug("Your kernel apparently lacks built-in %s support. Might be "
	197	"a good idea to compile it in. We'll now try to work around "
	198	"this by loading the module...", kmod_table[i].module);
11c3a4ee	199
728beb28 TG	200	if (!ctx) {
728beb28 TG	201	ctx = kmod_new(NULL, NULL);
b4b87964 LP	202	if (!ctx)
b4b87964 LP	203	return log_oom();
11c3a4ee	204
728beb28	205	kmod_set_log_fn(ctx, systemd_kmod_log, NULL);
728beb28 TG	206	kmod_load_resources(ctx);
728beb28 TG	207	}
11c3a4ee	208
81d7c696	209	(void) module_load_and_warn(ctx, kmod_table[i].module, kmod_table[i].warn_if_unavailable);
11c3a4ee LP	210	}
11c3a4ee LP	211
f84f9974	212	#endif
728beb28	213	return 0;
11c3a4ee	214	}