[thirdparty/systemd.git] / src / core / kmod-setup.c

/* SPDX-License-Identifier: LGPL-2.1-or-later */

#include <unistd.h>

#include "alloc-util.h"
#include "capability-util.h"
#include "efi-api.h"
#include "fileio.h"
#include "kmod-setup.h"
#include "log.h"
#include "module-util.h"
#include "recurse-dir.h"
#include "string-util.h"
#include "strv.h"
#include "virt.h"

#if HAVE_KMOD
static int match_modalias_recurse_dir_cb(
                RecurseDirEvent event,
                const char *path,
                int dir_fd,
                int inode_fd,
                const struct dirent *de,
                const struct statx *sx,
                void *userdata) {

        _cleanup_free_ char *alias = NULL;
        char **modaliases = ASSERT_PTR(userdata);
        int r;

        if (event != RECURSE_DIR_ENTRY)
                return RECURSE_DIR_CONTINUE;

        if (de->d_type != DT_REG)
                return RECURSE_DIR_CONTINUE;

        if (!streq(de->d_name, "modalias"))
                return RECURSE_DIR_CONTINUE;

        r = read_one_line_file(path, &alias);
        if (r < 0) {
                log_debug_errno(r, "Failed to read %s, ignoring: %m", path);
                return RECURSE_DIR_LEAVE_DIRECTORY;
        }

        if (startswith_strv(alias, modaliases))
                return 1;

        return RECURSE_DIR_LEAVE_DIRECTORY;
}

static bool has_virtio_feature(const char *name, char **modaliases) {
        int r;

        /* Directory traversal might be slow, hence let's do a cheap check first if it's even worth it */
        if (detect_vm() == VIRTUALIZATION_NONE)
                return false;

        r = recurse_dir_at(
                        AT_FDCWD,
                        "/sys/devices/pci0000:00",
                        /* statx_mask= */ 0,
                        /* n_depth_max= */ 3,
                        RECURSE_DIR_ENSURE_TYPE,
                        match_modalias_recurse_dir_cb,
                        modaliases);
        if (r < 0)
                log_debug_errno(r, "Failed to determine whether host has %s device, ignoring: %m", name);

        return r > 0;
}

static bool has_virtio_rng(void) {
        return has_virtio_feature("virtio-rng", STRV_MAKE("pci:v00001AF4d00001005", "pci:v00001AF4d00001044"));
}

static bool has_virtio_console(void) {
        return has_virtio_feature("virtio-console", STRV_MAKE("virtio:d00000003v", "virtio:d0000000Bv"));
}

static bool has_virtio_vsock(void) {
        return has_virtio_feature("virtio-vsock", STRV_MAKE("virtio:d00000013v"));
}

static bool has_virtiofs(void) {
        return has_virtio_feature("virtiofs", STRV_MAKE("virtio:d0000001Av"));
}

static bool has_virtio_pci(void) {
        return has_virtio_feature("virtio-pci", STRV_MAKE("pci:v00001AF4d"));
}

static bool in_qemu(void) {
        return IN_SET(detect_vm(), VIRTUALIZATION_KVM, VIRTUALIZATION_QEMU);
}
#endif

int kmod_setup(void) {
#if HAVE_KMOD
        static const struct {
                const char *module;
                const char *path;
                bool warn_if_unavailable;
                bool warn_if_module;
                bool (*condition_fn)(void);
        } kmod_table[] = {
                /* This one we need to load explicitly, since auto-loading on use doesn't work
                 * before udev created the ghost device nodes, and we need it earlier than that. */
                { "autofs4",                    "/sys/class/misc/autofs",    true,  false, NULL               },

                /* This one we need to load explicitly, since auto-loading of IPv6 is not done when
                 * we try to configure ::1 on the loopback device. */
                { "ipv6",                       "/sys/module/ipv6",          false, true,  NULL               },

                /* This should never be a module */
                { "unix",                       "/proc/net/unix",            true,  true,  NULL               },

#if HAVE_LIBIPTC
                /* netfilter is needed by networkd, nspawn among others, and cannot be autoloaded */
                { "ip_tables",                  "/proc/net/ip_tables_names", false, false, NULL               },
#endif
                /* virtio_rng would be loaded by udev later, but real entropy might be needed very early */
                { "virtio_rng",                 NULL,                        false, false, has_virtio_rng     },

                /* we want early logging to hvc consoles if possible, and make sure systemd-getty-generator
                 * can rely on all consoles being probed already. */
                { "virtio_console",             NULL,                        false, false, has_virtio_console },

                /* Make sure we can send sd-notify messages over vsock as early as possible. */
                { "vmw_vsock_virtio_transport", NULL,                        false, false, has_virtio_vsock   },

                /* We can't wait for specific virtiofs tags to show up as device nodes so we have to load the
                 * virtiofs and virtio_pci modules early to make sure the virtiofs tags are found when
                 * sysroot.mount is started.
                 *
                 * TODO: Remove these again once https://gitlab.com/virtio-fs/virtiofsd/-/issues/128 is
                 * resolved and the kernel fix is widely available. */
                { "virtiofs",                   "/sys/module/virtiofs",      false, false, has_virtiofs       },
                { "virtio_pci",                 "/sys/module/virtio_pci",    false, false, has_virtio_pci     },

                /* qemu_fw_cfg would be loaded by udev later, but we want to import credentials from it super early */
                { "qemu_fw_cfg",                "/sys/firmware/qemu_fw_cfg", false, false, in_qemu            },

                /* dmi-sysfs is needed to import credentials from it super early */
                { "dmi-sysfs",                  "/sys/firmware/dmi/entries", false, false, NULL               },

#if HAVE_TPM2
                /* Make sure the tpm subsystem is available which ConditionSecurity=tpm2 depends on. */
                { "tpm",                        "/sys/class/tpmrm",          false, false, efi_has_tpm2       },
#endif
        };

        int r;

        if (have_effective_cap(CAP_SYS_MODULE) <= 0)
                return 0;

        _cleanup_(sym_kmod_unrefp) struct kmod_ctx *ctx = NULL;
        FOREACH_ELEMENT(kmod, kmod_table) {
                if (kmod->path && access(kmod->path, F_OK) >= 0)
                        continue;

                if (kmod->condition_fn && !kmod->condition_fn())
                        continue;

                if (kmod->warn_if_module)
                        log_debug("Your kernel apparently lacks built-in %s support. Might be "
                                  "a good idea to compile it in. We'll now try to work around "
                                  "this by loading the module...", kmod->module);

                if (!ctx) {
                        r = module_setup_context(&ctx);
                        if (r < 0)
                                return log_error_errno(r, "Failed to initialize kmod context: %m");
                }

                (void) module_load_and_warn(ctx, kmod->module, kmod->warn_if_unavailable);
        }

#endif
        return 0;
}
Commit	Line	Data
	1	/* SPDX-License-Identifier: LGPL-2.1-or-later */
	2
	3	#include <unistd.h>
	4
	5	#include "alloc-util.h"
	6	#include "capability-util.h"
	7	#include "efi-api.h"
	8	#include "fileio.h"
	9	#include "kmod-setup.h"
	10	#include "log.h"
	11	#include "module-util.h"
	12	#include "recurse-dir.h"
	13	#include "string-util.h"
	14	#include "strv.h"
	15	#include "virt.h"
	16
	17	#if HAVE_KMOD
	18	static int match_modalias_recurse_dir_cb(
	19	RecurseDirEvent event,
	20	const char *path,
	21	int dir_fd,
	22	int inode_fd,
	23	const struct dirent *de,
	24	const struct statx *sx,
	25	void *userdata) {
	26
	27	_cleanup_free_ char *alias = NULL;
	28	char **modaliases = ASSERT_PTR(userdata);
	29	int r;
	30
	31	if (event != RECURSE_DIR_ENTRY)
	32	return RECURSE_DIR_CONTINUE;
	33
	34	if (de->d_type != DT_REG)
	35	return RECURSE_DIR_CONTINUE;
	36
	37	if (!streq(de->d_name, "modalias"))
	38	return RECURSE_DIR_CONTINUE;
	39
	40	r = read_one_line_file(path, &alias);
	41	if (r < 0) {
	42	log_debug_errno(r, "Failed to read %s, ignoring: %m", path);
	43	return RECURSE_DIR_LEAVE_DIRECTORY;
	44	}
	45
	46	if (startswith_strv(alias, modaliases))
	47	return 1;
	48
	49	return RECURSE_DIR_LEAVE_DIRECTORY;
	50	}
	51
	52	static bool has_virtio_feature(const char name, char *modaliases) {
	53	int r;
	54
	55	/* Directory traversal might be slow, hence let's do a cheap check first if it's even worth it */
	56	if (detect_vm() == VIRTUALIZATION_NONE)
	57	return false;
	58
	59	r = recurse_dir_at(
	60	AT_FDCWD,
	61	"/sys/devices/pci0000:00",
	62	/* statx_mask= */ 0,
	63	/* n_depth_max= */ 3,
	64	RECURSE_DIR_ENSURE_TYPE,
	65	match_modalias_recurse_dir_cb,
	66	modaliases);
	67	if (r < 0)
	68	log_debug_errno(r, "Failed to determine whether host has %s device, ignoring: %m", name);
	69
	70	return r > 0;
	71	}
	72
	73	static bool has_virtio_rng(void) {
	74	return has_virtio_feature("virtio-rng", STRV_MAKE("pci:v00001AF4d00001005", "pci:v00001AF4d00001044"));
	75	}
	76
	77	static bool has_virtio_console(void) {
	78	return has_virtio_feature("virtio-console", STRV_MAKE("virtio:d00000003v", "virtio:d0000000Bv"));
	79	}
	80
	81	static bool has_virtio_vsock(void) {
	82	return has_virtio_feature("virtio-vsock", STRV_MAKE("virtio:d00000013v"));
	83	}
	84
	85	static bool has_virtiofs(void) {
	86	return has_virtio_feature("virtiofs", STRV_MAKE("virtio:d0000001Av"));
	87	}
	88
	89	static bool has_virtio_pci(void) {
	90	return has_virtio_feature("virtio-pci", STRV_MAKE("pci:v00001AF4d"));
	91	}
	92
	93	static bool in_qemu(void) {
	94	return IN_SET(detect_vm(), VIRTUALIZATION_KVM, VIRTUALIZATION_QEMU);
	95	}
	96	#endif
	97
	98	int kmod_setup(void) {
	99	#if HAVE_KMOD
	100	static const struct {
	101	const char *module;
	102	const char *path;
	103	bool warn_if_unavailable;
	104	bool warn_if_module;
	105	bool (*condition_fn)(void);
	106	} kmod_table[] = {
	107	/* This one we need to load explicitly, since auto-loading on use doesn't work
	108	* before udev created the ghost device nodes, and we need it earlier than that. */
	109	{ "autofs4", "/sys/class/misc/autofs", true, false, NULL },
	110
	111	/* This one we need to load explicitly, since auto-loading of IPv6 is not done when
	112	* we try to configure ::1 on the loopback device. */
	113	{ "ipv6", "/sys/module/ipv6", false, true, NULL },
	114
	115	/* This should never be a module */
	116	{ "unix", "/proc/net/unix", true, true, NULL },
	117
	118	#if HAVE_LIBIPTC
	119	/* netfilter is needed by networkd, nspawn among others, and cannot be autoloaded */
	120	{ "ip_tables", "/proc/net/ip_tables_names", false, false, NULL },
	121	#endif
	122	/* virtio_rng would be loaded by udev later, but real entropy might be needed very early */
	123	{ "virtio_rng", NULL, false, false, has_virtio_rng },
	124
	125	/* we want early logging to hvc consoles if possible, and make sure systemd-getty-generator
	126	* can rely on all consoles being probed already. */
	127	{ "virtio_console", NULL, false, false, has_virtio_console },
	128
	129	/* Make sure we can send sd-notify messages over vsock as early as possible. */
	130	{ "vmw_vsock_virtio_transport", NULL, false, false, has_virtio_vsock },
	131
	132	/* We can't wait for specific virtiofs tags to show up as device nodes so we have to load the
	133	* virtiofs and virtio_pci modules early to make sure the virtiofs tags are found when
	134	* sysroot.mount is started.
	135	*
	136	* TODO: Remove these again once https://gitlab.com/virtio-fs/virtiofsd/-/issues/128 is
	137	* resolved and the kernel fix is widely available. */
	138	{ "virtiofs", "/sys/module/virtiofs", false, false, has_virtiofs },
	139	{ "virtio_pci", "/sys/module/virtio_pci", false, false, has_virtio_pci },
	140
	141	/* qemu_fw_cfg would be loaded by udev later, but we want to import credentials from it super early */
	142	{ "qemu_fw_cfg", "/sys/firmware/qemu_fw_cfg", false, false, in_qemu },
	143
	144	/* dmi-sysfs is needed to import credentials from it super early */
	145	{ "dmi-sysfs", "/sys/firmware/dmi/entries", false, false, NULL },
	146
	147	#if HAVE_TPM2
	148	/* Make sure the tpm subsystem is available which ConditionSecurity=tpm2 depends on. */
	149	{ "tpm", "/sys/class/tpmrm", false, false, efi_has_tpm2 },
	150	#endif
	151	};
	152
	153	int r;
	154
	155	if (have_effective_cap(CAP_SYS_MODULE) <= 0)
	156	return 0;
	157
	158	_cleanup_(sym_kmod_unrefp) struct kmod_ctx *ctx = NULL;
	159	FOREACH_ELEMENT(kmod, kmod_table) {
	160	if (kmod->path && access(kmod->path, F_OK) >= 0)
	161	continue;
	162
	163	if (kmod->condition_fn && !kmod->condition_fn())
	164	continue;
	165
	166	if (kmod->warn_if_module)
	167	log_debug("Your kernel apparently lacks built-in %s support. Might be "
	168	"a good idea to compile it in. We'll now try to work around "
	169	"this by loading the module...", kmod->module);
	170
	171	if (!ctx) {
	172	r = module_setup_context(&ctx);
	173	if (r < 0)
	174	return log_error_errno(r, "Failed to initialize kmod context: %m");
	175	}
	176
	177	(void) module_load_and_warn(ctx, kmod->module, kmod->warn_if_unavailable);
	178	}
	179
	180	#endif
	181	return 0;
	182	}