[thirdparty/systemd.git] / src / core / kmod-setup.c

/* SPDX-License-Identifier: LGPL-2.1-or-later */

#include <unistd.h>

#include "alloc-util.h"
#include "capability-util.h"
#include "efi-api.h"
#include "fileio.h"
#include "kmod-setup.h"
#include "log.h"
#include "module-util.h"
#include "recurse-dir.h"
#include "string-util.h"
#include "strv.h"
#include "virt.h"

#if HAVE_KMOD
static int match_modalias_recurse_dir_cb(
                RecurseDirEvent event,
                const char *path,
                int dir_fd,
                int inode_fd,
                const struct dirent *de,
                const struct statx *sx,
                void *userdata) {

        _cleanup_free_ char *alias = NULL;
        char **modaliases = ASSERT_PTR(userdata);
        int r;

        if (event != RECURSE_DIR_ENTRY)
                return RECURSE_DIR_CONTINUE;

        if (de->d_type != DT_REG)
                return RECURSE_DIR_CONTINUE;

        if (!streq(de->d_name, "modalias"))
                return RECURSE_DIR_CONTINUE;

        r = read_one_line_file(path, &alias);
        if (r < 0) {
                log_debug_errno(r, "Failed to read %s, ignoring: %m", path);
                return RECURSE_DIR_LEAVE_DIRECTORY;
        }

        if (startswith_strv(alias, modaliases))
                return 1;

        return RECURSE_DIR_LEAVE_DIRECTORY;
}

static bool has_virtio_feature(const char *name, char **modaliases) {
        int r;

        /* Directory traversal might be slow, hence let's do a cheap check first if it's even worth it */
        if (detect_vm() == VIRTUALIZATION_NONE)
                return false;

        r = recurse_dir_at(
                        AT_FDCWD,
                        "/sys/devices/pci0000:00",
                        /* statx_mask= */ 0,
                        /* n_depth_max= */ 3,
                        RECURSE_DIR_ENSURE_TYPE,
                        match_modalias_recurse_dir_cb,
                        modaliases);
        if (r < 0)
                log_debug_errno(r, "Failed to determine whether host has %s device, ignoring: %m", name);

        return r > 0;
}

static bool has_virtio_rng(void) {
        return has_virtio_feature("virtio-rng", STRV_MAKE("pci:v00001AF4d00001005", "pci:v00001AF4d00001044"));
}

static bool has_virtio_console(void) {
        return has_virtio_feature("virtio-console", STRV_MAKE("virtio:d00000003v", "virtio:d0000000Bv"));
}

static bool has_virtio_vsock(void) {
        return has_virtio_feature("virtio-vsock", STRV_MAKE("virtio:d00000013v"));
}

static bool has_virtiofs(void) {
        return has_virtio_feature("virtiofs", STRV_MAKE("virtio:d0000001Av"));
}

static bool has_virtio_pci(void) {
        return has_virtio_feature("virtio-pci", STRV_MAKE("pci:v00001AF4d"));
}

static bool in_qemu(void) {
        return IN_SET(detect_vm(), VIRTUALIZATION_KVM, VIRTUALIZATION_QEMU);
}
#endif

int kmod_setup(void) {
#if HAVE_KMOD
        static const struct {
                const char *module;
                const char *path;
                bool warn_if_unavailable;
                bool warn_if_module;
                bool (*condition_fn)(void);
        } kmod_table[] = {
                /* This one we need to load explicitly, since auto-loading on use doesn't work
                 * before udev created the ghost device nodes, and we need it earlier than that. */
                { "autofs4",                    "/sys/class/misc/autofs",    true,  false, NULL               },

                /* This one we need to load explicitly, since auto-loading of IPv6 is not done when
                 * we try to configure ::1 on the loopback device. */
                { "ipv6",                       "/sys/module/ipv6",          false, true,  NULL               },

                /* This should never be a module */
                { "unix",                       "/proc/net/unix",            true,  true,  NULL               },

#if HAVE_LIBIPTC
                /* netfilter is needed by networkd, nspawn among others, and cannot be autoloaded */
                { "ip_tables",                  "/proc/net/ip_tables_names", false, false, NULL               },
#endif
                /* virtio_rng would be loaded by udev later, but real entropy might be needed very early */
                { "virtio_rng",                 NULL,                        false, false, has_virtio_rng     },

                /* we want early logging to hvc consoles if possible, and make sure systemd-getty-generator
                 * can rely on all consoles being probed already. */
                { "virtio_console",             NULL,                        false, false, has_virtio_console },

                /* Make sure we can send sd-notify messages over vsock as early as possible. */
                { "vmw_vsock_virtio_transport", NULL,                        false, false, has_virtio_vsock   },

                /* We can't wait for specific virtiofs tags to show up as device nodes so we have to load the
                 * virtiofs and virtio_pci modules early to make sure the virtiofs tags are found when
                 * sysroot.mount is started.
                 *
                 * TODO: Remove these again once https://gitlab.com/virtio-fs/virtiofsd/-/issues/128 is
                 * resolved and the kernel fix is widely available. */
                { "virtiofs",                   "/sys/module/virtiofs",      false, false, has_virtiofs       },
                { "virtio_pci",                 "/sys/module/virtio_pci",    false, false, has_virtio_pci     },

                /* qemu_fw_cfg would be loaded by udev later, but we want to import credentials from it super early */
                { "qemu_fw_cfg",                "/sys/firmware/qemu_fw_cfg", false, false, in_qemu            },

                /* dmi-sysfs is needed to import credentials from it super early */
                { "dmi-sysfs",                  "/sys/firmware/dmi/entries", false, false, NULL               },

#if HAVE_TPM2
                /* Make sure the tpm subsystem is available which ConditionSecurity=tpm2 depends on. */
                { "tpm",                        "/sys/class/tpmrm",          false, false, efi_has_tpm2       },
#endif
        };

        int r;

        if (have_effective_cap(CAP_SYS_MODULE) <= 0)
                return 0;

        _cleanup_(sym_kmod_unrefp) struct kmod_ctx *ctx = NULL;
        FOREACH_ELEMENT(kmod, kmod_table) {
                if (kmod->path && access(kmod->path, F_OK) >= 0)
                        continue;

                if (kmod->condition_fn && !kmod->condition_fn())
                        continue;

                if (kmod->warn_if_module)
                        log_debug("Your kernel apparently lacks built-in %s support. Might be "
                                  "a good idea to compile it in. We'll now try to work around "
                                  "this by loading the module...", kmod->module);

                if (!ctx) {
                        r = module_setup_context(&ctx);
                        if (r < 0)
                                return log_error_errno(r, "Failed to initialize kmod context: %m");
                }

                (void) module_load_and_warn(ctx, kmod->module, kmod->warn_if_unavailable);
        }

#endif
        return 0;
}
Commit	Line	Data
db9ecf05	1	/* SPDX-License-Identifier: LGPL-2.1-or-later */
11c3a4ee	2
cf0fbc49	3	#include <unistd.h>
f84f9974	4
6c1f72f6	5	#include "alloc-util.h"
cf0fbc49	6	#include "capability-util.h"
0ae03a0f	7	#include "efi-api.h"
6c1f72f6	8	#include "fileio.h"
11c3a4ee	9	#include "kmod-setup.h"
93a1f792	10	#include "log.h"
1d98716e	11	#include "module-util.h"
79a72b1b	12	#include "recurse-dir.h"
6c1f72f6	13	#include "string-util.h"
fa505db3	14	#include "strv.h"
5c1d67af	15	#include "virt.h"
11c3a4ee	16
349cc4a5	17	#if HAVE_KMOD
e1d8f702	18	static int match_modalias_recurse_dir_cb(
79a72b1b LP	19	RecurseDirEvent event,
	20	const char *path,
	21	int dir_fd,
	22	int inode_fd,
	23	const struct dirent *de,
	24	const struct statx *sx,
	25	void *userdata) {
6c1f72f6 HH	26
6c1f72f6 HH	27	_cleanup_free_ char *alias = NULL;
e1d8f702	28	char **modaliases = ASSERT_PTR(userdata);
6c1f72f6 HH	29	int r;
6c1f72f6 HH	30
79a72b1b LP	31	if (event != RECURSE_DIR_ENTRY)
79a72b1b LP	32	return RECURSE_DIR_CONTINUE;
6c1f72f6	33
79a72b1b LP	34	if (de->d_type != DT_REG)
79a72b1b LP	35	return RECURSE_DIR_CONTINUE;
6c1f72f6	36
79a72b1b LP	37	if (!streq(de->d_name, "modalias"))
79a72b1b LP	38	return RECURSE_DIR_CONTINUE;
6c1f72f6	39
79a72b1b LP	40	r = read_one_line_file(path, &alias);
	41	if (r < 0) {
	42	log_debug_errno(r, "Failed to read %s, ignoring: %m", path);
	43	return RECURSE_DIR_LEAVE_DIRECTORY;
	44	}
6c1f72f6	45
e1d8f702	46	if (startswith_strv(alias, modaliases))
79a72b1b	47	return 1;
6c1f72f6	48
79a72b1b	49	return RECURSE_DIR_LEAVE_DIRECTORY;
6c1f72f6 HH	50	}
6c1f72f6 HH	51
67c92f3f	52	static bool has_virtio_feature(const char name, char *modaliases) {
79a72b1b LP	53	int r;
79a72b1b LP	54
0a5d3c0b LP	55	/* Directory traversal might be slow, hence let's do a cheap check first if it's even worth it */
	56	if (detect_vm() == VIRTUALIZATION_NONE)
	57	return false;
	58
79a72b1b LP	59	r = recurse_dir_at(
	60	AT_FDCWD,
	61	"/sys/devices/pci0000:00",
	62	/* statx_mask= */ 0,
67c92f3f	63	/* n_depth_max= */ 3,
79a72b1b	64	RECURSE_DIR_ENSURE_TYPE,
e1d8f702	65	match_modalias_recurse_dir_cb,
67c92f3f	66	modaliases);
79a72b1b	67	if (r < 0)
67c92f3f	68	log_debug_errno(r, "Failed to determine whether host has %s device, ignoring: %m", name);
79a72b1b LP	69
79a72b1b LP	70	return r > 0;
6c1f72f6	71	}
5c1d67af	72
67c92f3f DDM	73	static bool has_virtio_rng(void) {
	74	return has_virtio_feature("virtio-rng", STRV_MAKE("pci:v00001AF4d00001005", "pci:v00001AF4d00001044"));
	75	}
a93aaede	76
67c92f3f DDM	77	static bool has_virtio_console(void) {
67c92f3f DDM	78	return has_virtio_feature("virtio-console", STRV_MAKE("virtio:d00000003v", "virtio:d0000000Bv"));
a93aaede DDM	79	}
a93aaede DDM	80
abf25fae	81	static bool has_virtio_vsock(void) {
67c92f3f DDM	82	return has_virtio_feature("virtio-vsock", STRV_MAKE("virtio:d00000013v"));
67c92f3f DDM	83	}
abf25fae	84
67c92f3f DDM	85	static bool has_virtiofs(void) {
	86	return has_virtio_feature("virtiofs", STRV_MAKE("virtio:d0000001Av"));
	87	}
abf25fae	88
67c92f3f DDM	89	static bool has_virtio_pci(void) {
67c92f3f DDM	90	return has_virtio_feature("virtio-pci", STRV_MAKE("pci:v00001AF4d"));
abf25fae DDM	91	}
abf25fae DDM	92
5c1d67af LP	93	static bool in_qemu(void) {
	94	return IN_SET(detect_vm(), VIRTUALIZATION_KVM, VIRTUALIZATION_QEMU);
	95	}
95441cf2	96	#endif
6c1f72f6	97
7491e6e7	98	int kmod_setup(void) {
349cc4a5	99	#if HAVE_KMOD
7491e6e7 KS	100	static const struct {
	101	const char *module;
	102	const char *path;
0a35e7f6 ZJS	103	bool warn_if_unavailable;
0a35e7f6 ZJS	104	bool warn_if_module;
7491e6e7 KS	105	bool (*condition_fn)(void);
7491e6e7 KS	106	} kmod_table[] = {
6755bb55 ZJS	107	/* This one we need to load explicitly, since auto-loading on use doesn't work
6755bb55 ZJS	108	* before udev created the ghost device nodes, and we need it earlier than that. */
abf25fae	109	{ "autofs4", "/sys/class/misc/autofs", true, false, NULL },
7491e6e7	110
6755bb55 ZJS	111	/* This one we need to load explicitly, since auto-loading of IPv6 is not done when
6755bb55 ZJS	112	* we try to configure ::1 on the loopback device. */
abf25fae	113	{ "ipv6", "/sys/module/ipv6", false, true, NULL },
7491e6e7	114
6755bb55	115	/* This should never be a module */
abf25fae	116	{ "unix", "/proc/net/unix", true, true, NULL },
7491e6e7	117
349cc4a5	118	#if HAVE_LIBIPTC
1d308797	119	/* netfilter is needed by networkd, nspawn among others, and cannot be autoloaded */
abf25fae	120	{ "ip_tables", "/proc/net/ip_tables_names", false, false, NULL },
a363680f	121	#endif
6c1f72f6	122	/* virtio_rng would be loaded by udev later, but real entropy might be needed very early */
abf25fae	123	{ "virtio_rng", NULL, false, false, has_virtio_rng },
a93aaede DDM	124
a93aaede DDM	125	/* we want early logging to hvc consoles if possible, and make sure systemd-getty-generator
d7306348	126	* can rely on all consoles being probed already. */
abf25fae DDM	127	{ "virtio_console", NULL, false, false, has_virtio_console },
	128
	129	/* Make sure we can send sd-notify messages over vsock as early as possible. */
	130	{ "vmw_vsock_virtio_transport", NULL, false, false, has_virtio_vsock },
5c1d67af	131
67c92f3f DDM	132	/* We can't wait for specific virtiofs tags to show up as device nodes so we have to load the
	133	* virtiofs and virtio_pci modules early to make sure the virtiofs tags are found when
	134	* sysroot.mount is started.
	135	*
	136	* TODO: Remove these again once https://gitlab.com/virtio-fs/virtiofsd/-/issues/128 is
	137	* resolved and the kernel fix is widely available. */
	138	{ "virtiofs", "/sys/module/virtiofs", false, false, has_virtiofs },
	139	{ "virtio_pci", "/sys/module/virtio_pci", false, false, has_virtio_pci },
	140
5c1d67af	141	/* qemu_fw_cfg would be loaded by udev later, but we want to import credentials from it super early */
abf25fae	142	{ "qemu_fw_cfg", "/sys/firmware/qemu_fw_cfg", false, false, in_qemu },
8313a1a5 LN	143
8313a1a5 LN	144	/* dmi-sysfs is needed to import credentials from it super early */
abf25fae	145	{ "dmi-sysfs", "/sys/firmware/dmi/entries", false, false, NULL },
0ae03a0f DDM	146
	147	#if HAVE_TPM2
	148	/* Make sure the tpm subsystem is available which ConditionSecurity=tpm2 depends on. */
abf25fae	149	{ "tpm", "/sys/class/tpmrm", false, false, efi_has_tpm2 },
0ae03a0f	150	#endif
7491e6e7	151	};
11c3a4ee	152
1d98716e LP	153	int r;
1d98716e LP	154
26c45a6c	155	if (have_effective_cap(CAP_SYS_MODULE) <= 0)
c47fc1f0 LP	156	return 0;
c47fc1f0 LP	157
1d98716e	158	_cleanup_(sym_kmod_unrefp) struct kmod_ctx *ctx = NULL;
85471164	159	FOREACH_ELEMENT(kmod, kmod_table) {
0a35e7f6	160	if (kmod->path && access(kmod->path, F_OK) >= 0)
7491e6e7 KS	161	continue;
7491e6e7 KS	162
0a35e7f6	163	if (kmod->condition_fn && !kmod->condition_fn())
11c3a4ee LP	164	continue;
11c3a4ee LP	165
0a35e7f6	166	if (kmod->warn_if_module)
7491e6e7 KS	167	log_debug("Your kernel apparently lacks built-in %s support. Might be "
7491e6e7 KS	168	"a good idea to compile it in. We'll now try to work around "
0a35e7f6	169	"this by loading the module...", kmod->module);
11c3a4ee	170
728beb28	171	if (!ctx) {
1d98716e LP	172	r = module_setup_context(&ctx);
	173	if (r < 0)
	174	return log_error_errno(r, "Failed to initialize kmod context: %m");
728beb28	175	}
11c3a4ee	176
0a35e7f6	177	(void) module_load_and_warn(ctx, kmod->module, kmod->warn_if_unavailable);
11c3a4ee LP	178	}
11c3a4ee LP	179
f84f9974	180	#endif
728beb28	181	return 0;
11c3a4ee	182	}