]>
Commit | Line | Data |
---|---|---|
db9ecf05 | 1 | /* SPDX-License-Identifier: LGPL-2.1-or-later */ |
11c3a4ee | 2 | |
cf0fbc49 | 3 | #include <unistd.h> |
f84f9974 | 4 | |
6c1f72f6 | 5 | #include "alloc-util.h" |
cf0fbc49 | 6 | #include "capability-util.h" |
0ae03a0f | 7 | #include "efi-api.h" |
6c1f72f6 | 8 | #include "fileio.h" |
11c3a4ee | 9 | #include "kmod-setup.h" |
93a1f792 | 10 | #include "log.h" |
1d98716e | 11 | #include "module-util.h" |
79a72b1b | 12 | #include "recurse-dir.h" |
6c1f72f6 | 13 | #include "string-util.h" |
fa505db3 | 14 | #include "strv.h" |
5c1d67af | 15 | #include "virt.h" |
11c3a4ee | 16 | |
349cc4a5 | 17 | #if HAVE_KMOD |
e1d8f702 | 18 | static int match_modalias_recurse_dir_cb( |
79a72b1b LP |
19 | RecurseDirEvent event, |
20 | const char *path, | |
21 | int dir_fd, | |
22 | int inode_fd, | |
23 | const struct dirent *de, | |
24 | const struct statx *sx, | |
25 | void *userdata) { | |
6c1f72f6 HH |
26 | |
27 | _cleanup_free_ char *alias = NULL; | |
e1d8f702 | 28 | char **modaliases = ASSERT_PTR(userdata); |
6c1f72f6 HH |
29 | int r; |
30 | ||
79a72b1b LP |
31 | if (event != RECURSE_DIR_ENTRY) |
32 | return RECURSE_DIR_CONTINUE; | |
6c1f72f6 | 33 | |
79a72b1b LP |
34 | if (de->d_type != DT_REG) |
35 | return RECURSE_DIR_CONTINUE; | |
6c1f72f6 | 36 | |
79a72b1b LP |
37 | if (!streq(de->d_name, "modalias")) |
38 | return RECURSE_DIR_CONTINUE; | |
6c1f72f6 | 39 | |
79a72b1b LP |
40 | r = read_one_line_file(path, &alias); |
41 | if (r < 0) { | |
42 | log_debug_errno(r, "Failed to read %s, ignoring: %m", path); | |
43 | return RECURSE_DIR_LEAVE_DIRECTORY; | |
44 | } | |
6c1f72f6 | 45 | |
e1d8f702 | 46 | if (startswith_strv(alias, modaliases)) |
79a72b1b | 47 | return 1; |
6c1f72f6 | 48 | |
79a72b1b | 49 | return RECURSE_DIR_LEAVE_DIRECTORY; |
6c1f72f6 HH |
50 | } |
51 | ||
67c92f3f | 52 | static bool has_virtio_feature(const char *name, char **modaliases) { |
79a72b1b LP |
53 | int r; |
54 | ||
0a5d3c0b LP |
55 | /* Directory traversal might be slow, hence let's do a cheap check first if it's even worth it */ |
56 | if (detect_vm() == VIRTUALIZATION_NONE) | |
57 | return false; | |
58 | ||
79a72b1b LP |
59 | r = recurse_dir_at( |
60 | AT_FDCWD, | |
61 | "/sys/devices/pci0000:00", | |
62 | /* statx_mask= */ 0, | |
67c92f3f | 63 | /* n_depth_max= */ 3, |
79a72b1b | 64 | RECURSE_DIR_ENSURE_TYPE, |
e1d8f702 | 65 | match_modalias_recurse_dir_cb, |
67c92f3f | 66 | modaliases); |
79a72b1b | 67 | if (r < 0) |
67c92f3f | 68 | log_debug_errno(r, "Failed to determine whether host has %s device, ignoring: %m", name); |
79a72b1b LP |
69 | |
70 | return r > 0; | |
6c1f72f6 | 71 | } |
5c1d67af | 72 | |
67c92f3f DDM |
73 | static bool has_virtio_rng(void) { |
74 | return has_virtio_feature("virtio-rng", STRV_MAKE("pci:v00001AF4d00001005", "pci:v00001AF4d00001044")); | |
75 | } | |
a93aaede | 76 | |
67c92f3f DDM |
77 | static bool has_virtio_console(void) { |
78 | return has_virtio_feature("virtio-console", STRV_MAKE("virtio:d00000003v", "virtio:d0000000Bv")); | |
a93aaede DDM |
79 | } |
80 | ||
abf25fae | 81 | static bool has_virtio_vsock(void) { |
67c92f3f DDM |
82 | return has_virtio_feature("virtio-vsock", STRV_MAKE("virtio:d00000013v")); |
83 | } | |
abf25fae | 84 | |
67c92f3f DDM |
85 | static bool has_virtiofs(void) { |
86 | return has_virtio_feature("virtiofs", STRV_MAKE("virtio:d0000001Av")); | |
87 | } | |
abf25fae | 88 | |
67c92f3f DDM |
89 | static bool has_virtio_pci(void) { |
90 | return has_virtio_feature("virtio-pci", STRV_MAKE("pci:v00001AF4d")); | |
abf25fae DDM |
91 | } |
92 | ||
5c1d67af LP |
93 | static bool in_qemu(void) { |
94 | return IN_SET(detect_vm(), VIRTUALIZATION_KVM, VIRTUALIZATION_QEMU); | |
95 | } | |
95441cf2 | 96 | #endif |
6c1f72f6 | 97 | |
7491e6e7 | 98 | int kmod_setup(void) { |
349cc4a5 | 99 | #if HAVE_KMOD |
7491e6e7 KS |
100 | static const struct { |
101 | const char *module; | |
102 | const char *path; | |
0a35e7f6 ZJS |
103 | bool warn_if_unavailable; |
104 | bool warn_if_module; | |
7491e6e7 KS |
105 | bool (*condition_fn)(void); |
106 | } kmod_table[] = { | |
6755bb55 ZJS |
107 | /* This one we need to load explicitly, since auto-loading on use doesn't work |
108 | * before udev created the ghost device nodes, and we need it earlier than that. */ | |
abf25fae | 109 | { "autofs4", "/sys/class/misc/autofs", true, false, NULL }, |
7491e6e7 | 110 | |
6755bb55 ZJS |
111 | /* This one we need to load explicitly, since auto-loading of IPv6 is not done when |
112 | * we try to configure ::1 on the loopback device. */ | |
abf25fae | 113 | { "ipv6", "/sys/module/ipv6", false, true, NULL }, |
7491e6e7 | 114 | |
6755bb55 | 115 | /* This should never be a module */ |
abf25fae | 116 | { "unix", "/proc/net/unix", true, true, NULL }, |
7491e6e7 | 117 | |
349cc4a5 | 118 | #if HAVE_LIBIPTC |
1d308797 | 119 | /* netfilter is needed by networkd, nspawn among others, and cannot be autoloaded */ |
abf25fae | 120 | { "ip_tables", "/proc/net/ip_tables_names", false, false, NULL }, |
a363680f | 121 | #endif |
6c1f72f6 | 122 | /* virtio_rng would be loaded by udev later, but real entropy might be needed very early */ |
abf25fae | 123 | { "virtio_rng", NULL, false, false, has_virtio_rng }, |
a93aaede DDM |
124 | |
125 | /* we want early logging to hvc consoles if possible, and make sure systemd-getty-generator | |
d7306348 | 126 | * can rely on all consoles being probed already. */ |
abf25fae DDM |
127 | { "virtio_console", NULL, false, false, has_virtio_console }, |
128 | ||
129 | /* Make sure we can send sd-notify messages over vsock as early as possible. */ | |
130 | { "vmw_vsock_virtio_transport", NULL, false, false, has_virtio_vsock }, | |
5c1d67af | 131 | |
67c92f3f DDM |
132 | /* We can't wait for specific virtiofs tags to show up as device nodes so we have to load the |
133 | * virtiofs and virtio_pci modules early to make sure the virtiofs tags are found when | |
134 | * sysroot.mount is started. | |
135 | * | |
136 | * TODO: Remove these again once https://gitlab.com/virtio-fs/virtiofsd/-/issues/128 is | |
137 | * resolved and the kernel fix is widely available. */ | |
138 | { "virtiofs", "/sys/module/virtiofs", false, false, has_virtiofs }, | |
139 | { "virtio_pci", "/sys/module/virtio_pci", false, false, has_virtio_pci }, | |
140 | ||
5c1d67af | 141 | /* qemu_fw_cfg would be loaded by udev later, but we want to import credentials from it super early */ |
abf25fae | 142 | { "qemu_fw_cfg", "/sys/firmware/qemu_fw_cfg", false, false, in_qemu }, |
8313a1a5 LN |
143 | |
144 | /* dmi-sysfs is needed to import credentials from it super early */ | |
abf25fae | 145 | { "dmi-sysfs", "/sys/firmware/dmi/entries", false, false, NULL }, |
0ae03a0f DDM |
146 | |
147 | #if HAVE_TPM2 | |
148 | /* Make sure the tpm subsystem is available which ConditionSecurity=tpm2 depends on. */ | |
abf25fae | 149 | { "tpm", "/sys/class/tpmrm", false, false, efi_has_tpm2 }, |
0ae03a0f | 150 | #endif |
7491e6e7 | 151 | }; |
11c3a4ee | 152 | |
1d98716e LP |
153 | int r; |
154 | ||
26c45a6c | 155 | if (have_effective_cap(CAP_SYS_MODULE) <= 0) |
c47fc1f0 LP |
156 | return 0; |
157 | ||
1d98716e | 158 | _cleanup_(sym_kmod_unrefp) struct kmod_ctx *ctx = NULL; |
85471164 | 159 | FOREACH_ELEMENT(kmod, kmod_table) { |
0a35e7f6 | 160 | if (kmod->path && access(kmod->path, F_OK) >= 0) |
7491e6e7 KS |
161 | continue; |
162 | ||
0a35e7f6 | 163 | if (kmod->condition_fn && !kmod->condition_fn()) |
11c3a4ee LP |
164 | continue; |
165 | ||
0a35e7f6 | 166 | if (kmod->warn_if_module) |
7491e6e7 KS |
167 | log_debug("Your kernel apparently lacks built-in %s support. Might be " |
168 | "a good idea to compile it in. We'll now try to work around " | |
0a35e7f6 | 169 | "this by loading the module...", kmod->module); |
11c3a4ee | 170 | |
728beb28 | 171 | if (!ctx) { |
1d98716e LP |
172 | r = module_setup_context(&ctx); |
173 | if (r < 0) | |
174 | return log_error_errno(r, "Failed to initialize kmod context: %m"); | |
728beb28 | 175 | } |
11c3a4ee | 176 | |
0a35e7f6 | 177 | (void) module_load_and_warn(ctx, kmod->module, kmod->warn_if_unavailable); |
11c3a4ee LP |
178 | } |
179 | ||
f84f9974 | 180 | #endif |
728beb28 | 181 | return 0; |
11c3a4ee | 182 | } |