kernel/kmod.c at v3.18-rc7 · tjh.dev/kernel

tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
kernel / kernel / kmod.c
at v3.18-rc7 727 lines 20 kB view raw
  1/*
  2	kmod, the new module loader (replaces kerneld)
  3	Kirk Petersen
  4
  5	Reorganized not to be a daemon by Adam Richter, with guidance
  6	from Greg Zornetzer.
  7
  8	Modified to avoid chroot and file sharing problems.
  9	Mikael Pettersson
 10
 11	Limit the concurrent number of kmod modprobes to catch loops from
 12	"modprobe needs a service that is in a module".
 13	Keith Owens <kaos@ocs.com.au> December 1999
 14
 15	Unblock all signals when we exec a usermode process.
 16	Shuu Yamaguchi <shuu@wondernetworkresources.com> December 2000
 17
 18	call_usermodehelper wait flag, and remove exec_usermodehelper.
 19	Rusty Russell <rusty@rustcorp.com.au>  Jan 2003
 20*/
 21#include <linux/module.h>
 22#include <linux/sched.h>
 23#include <linux/syscalls.h>
 24#include <linux/unistd.h>
 25#include <linux/kmod.h>
 26#include <linux/slab.h>
 27#include <linux/completion.h>
 28#include <linux/cred.h>
 29#include <linux/file.h>
 30#include <linux/fdtable.h>
 31#include <linux/workqueue.h>
 32#include <linux/security.h>
 33#include <linux/mount.h>
 34#include <linux/kernel.h>
 35#include <linux/init.h>
 36#include <linux/resource.h>
 37#include <linux/notifier.h>
 38#include <linux/suspend.h>
 39#include <linux/rwsem.h>
 40#include <linux/ptrace.h>
 41#include <linux/async.h>
 42#include <asm/uaccess.h>
 43
 44#include <trace/events/module.h>
 45
 46extern int max_threads;
 47
 48static struct workqueue_struct *khelper_wq;
 49
 50/*
 51 * kmod_thread_locker is used for deadlock avoidance.  There is no explicit
 52 * locking to protect this global - it is private to the singleton khelper
 53 * thread and should only ever be modified by that thread.
 54 */
 55static const struct task_struct *kmod_thread_locker;
 56
 57#define CAP_BSET	(void *)1
 58#define CAP_PI		(void *)2
 59
 60static kernel_cap_t usermodehelper_bset = CAP_FULL_SET;
 61static kernel_cap_t usermodehelper_inheritable = CAP_FULL_SET;
 62static DEFINE_SPINLOCK(umh_sysctl_lock);
 63static DECLARE_RWSEM(umhelper_sem);
 64
 65#ifdef CONFIG_MODULES
 66
 67/*
 68	modprobe_path is set via /proc/sys.
 69*/
 70char modprobe_path[KMOD_PATH_LEN] = "/sbin/modprobe";
 71
 72static void free_modprobe_argv(struct subprocess_info *info)
 73{
 74	kfree(info->argv[3]); /* check call_modprobe() */
 75	kfree(info->argv);
 76}
 77
 78static int call_modprobe(char *module_name, int wait)
 79{
 80	struct subprocess_info *info;
 81	static char *envp[] = {
 82		"HOME=/",
 83		"TERM=linux",
 84		"PATH=/sbin:/usr/sbin:/bin:/usr/bin",
 85		NULL
 86	};
 87
 88	char **argv = kmalloc(sizeof(char *[5]), GFP_KERNEL);
 89	if (!argv)
 90		goto out;
 91
 92	module_name = kstrdup(module_name, GFP_KERNEL);
 93	if (!module_name)
 94		goto free_argv;
 95
 96	argv[0] = modprobe_path;
 97	argv[1] = "-q";
 98	argv[2] = "--";
 99	argv[3] = module_name;	/* check free_modprobe_argv() */
100	argv[4] = NULL;
101
102	info = call_usermodehelper_setup(modprobe_path, argv, envp, GFP_KERNEL,
103					 NULL, free_modprobe_argv, NULL);
104	if (!info)
105		goto free_module_name;
106
107	return call_usermodehelper_exec(info, wait | UMH_KILLABLE);
108
109free_module_name:
110	kfree(module_name);
111free_argv:
112	kfree(argv);
113out:
114	return -ENOMEM;
115}
116
117/**
118 * __request_module - try to load a kernel module
119 * @wait: wait (or not) for the operation to complete
120 * @fmt: printf style format string for the name of the module
121 * @...: arguments as specified in the format string
122 *
123 * Load a module using the user mode module loader. The function returns
124 * zero on success or a negative errno code on failure. Note that a
125 * successful module load does not mean the module did not then unload
126 * and exit on an error of its own. Callers must check that the service
127 * they requested is now available not blindly invoke it.
128 *
129 * If module auto-loading support is disabled then this function
130 * becomes a no-operation.
131 */
132int __request_module(bool wait, const char *fmt, ...)
133{
134	va_list args;
135	char module_name[MODULE_NAME_LEN];
136	unsigned int max_modprobes;
137	int ret;
138	static atomic_t kmod_concurrent = ATOMIC_INIT(0);
139#define MAX_KMOD_CONCURRENT 50	/* Completely arbitrary value - KAO */
140	static int kmod_loop_msg;
141
142	/*
143	 * We don't allow synchronous module loading from async.  Module
144	 * init may invoke async_synchronize_full() which will end up
145	 * waiting for this task which already is waiting for the module
146	 * loading to complete, leading to a deadlock.
147	 */
148	WARN_ON_ONCE(wait && current_is_async());
149
150	if (!modprobe_path[0])
151		return 0;
152
153	va_start(args, fmt);
154	ret = vsnprintf(module_name, MODULE_NAME_LEN, fmt, args);
155	va_end(args);
156	if (ret >= MODULE_NAME_LEN)
157		return -ENAMETOOLONG;
158
159	ret = security_kernel_module_request(module_name);
160	if (ret)
161		return ret;
162
163	/* If modprobe needs a service that is in a module, we get a recursive
164	 * loop.  Limit the number of running kmod threads to max_threads/2 or
165	 * MAX_KMOD_CONCURRENT, whichever is the smaller.  A cleaner method
166	 * would be to run the parents of this process, counting how many times
167	 * kmod was invoked.  That would mean accessing the internals of the
168	 * process tables to get the command line, proc_pid_cmdline is static
169	 * and it is not worth changing the proc code just to handle this case. 
170	 * KAO.
171	 *
172	 * "trace the ppid" is simple, but will fail if someone's
173	 * parent exits.  I think this is as good as it gets. --RR
174	 */
175	max_modprobes = min(max_threads/2, MAX_KMOD_CONCURRENT);
176	atomic_inc(&kmod_concurrent);
177	if (atomic_read(&kmod_concurrent) > max_modprobes) {
178		/* We may be blaming an innocent here, but unlikely */
179		if (kmod_loop_msg < 5) {
180			printk(KERN_ERR
181			       "request_module: runaway loop modprobe %s\n",
182			       module_name);
183			kmod_loop_msg++;
184		}
185		atomic_dec(&kmod_concurrent);
186		return -ENOMEM;
187	}
188
189	trace_module_request(module_name, wait, _RET_IP_);
190
191	ret = call_modprobe(module_name, wait ? UMH_WAIT_PROC : UMH_WAIT_EXEC);
192
193	atomic_dec(&kmod_concurrent);
194	return ret;
195}
196EXPORT_SYMBOL(__request_module);
197#endif /* CONFIG_MODULES */
198
199static void call_usermodehelper_freeinfo(struct subprocess_info *info)
200{
201	if (info->cleanup)
202		(*info->cleanup)(info);
203	kfree(info);
204}
205
206static void umh_complete(struct subprocess_info *sub_info)
207{
208	struct completion *comp = xchg(&sub_info->complete, NULL);
209	/*
210	 * See call_usermodehelper_exec(). If xchg() returns NULL
211	 * we own sub_info, the UMH_KILLABLE caller has gone away
212	 * or the caller used UMH_NO_WAIT.
213	 */
214	if (comp)
215		complete(comp);
216	else
217		call_usermodehelper_freeinfo(sub_info);
218}
219
220/*
221 * This is the task which runs the usermode application
222 */
223static int ____call_usermodehelper(void *data)
224{
225	struct subprocess_info *sub_info = data;
226	int wait = sub_info->wait & ~UMH_KILLABLE;
227	struct cred *new;
228	int retval;
229
230	spin_lock_irq(&current->sighand->siglock);
231	flush_signal_handlers(current, 1);
232	spin_unlock_irq(&current->sighand->siglock);
233
234	/* We can run anywhere, unlike our parent keventd(). */
235	set_cpus_allowed_ptr(current, cpu_all_mask);
236
237	/*
238	 * Our parent is keventd, which runs with elevated scheduling priority.
239	 * Avoid propagating that into the userspace child.
240	 */
241	set_user_nice(current, 0);
242
243	retval = -ENOMEM;
244	new = prepare_kernel_cred(current);
245	if (!new)
246		goto out;
247
248	spin_lock(&umh_sysctl_lock);
249	new->cap_bset = cap_intersect(usermodehelper_bset, new->cap_bset);
250	new->cap_inheritable = cap_intersect(usermodehelper_inheritable,
251					     new->cap_inheritable);
252	spin_unlock(&umh_sysctl_lock);
253
254	if (sub_info->init) {
255		retval = sub_info->init(sub_info, new);
256		if (retval) {
257			abort_creds(new);
258			goto out;
259		}
260	}
261
262	commit_creds(new);
263
264	retval = do_execve(getname_kernel(sub_info->path),
265			   (const char __user *const __user *)sub_info->argv,
266			   (const char __user *const __user *)sub_info->envp);
267out:
268	sub_info->retval = retval;
269	/* wait_for_helper() will call umh_complete if UHM_WAIT_PROC. */
270	if (wait != UMH_WAIT_PROC)
271		umh_complete(sub_info);
272	if (!retval)
273		return 0;
274	do_exit(0);
275}
276
277static int call_helper(void *data)
278{
279	/* Worker thread started blocking khelper thread. */
280	kmod_thread_locker = current;
281	return ____call_usermodehelper(data);
282}
283
284/* Keventd can't block, but this (a child) can. */
285static int wait_for_helper(void *data)
286{
287	struct subprocess_info *sub_info = data;
288	pid_t pid;
289
290	/* If SIGCLD is ignored sys_wait4 won't populate the status. */
291	kernel_sigaction(SIGCHLD, SIG_DFL);
292	pid = kernel_thread(____call_usermodehelper, sub_info, SIGCHLD);
293	if (pid < 0) {
294		sub_info->retval = pid;
295	} else {
296		int ret = -ECHILD;
297		/*
298		 * Normally it is bogus to call wait4() from in-kernel because
299		 * wait4() wants to write the exit code to a userspace address.
300		 * But wait_for_helper() always runs as keventd, and put_user()
301		 * to a kernel address works OK for kernel threads, due to their
302		 * having an mm_segment_t which spans the entire address space.
303		 *
304		 * Thus the __user pointer cast is valid here.
305		 */
306		sys_wait4(pid, (int __user *)&ret, 0, NULL);
307
308		/*
309		 * If ret is 0, either ____call_usermodehelper failed and the
310		 * real error code is already in sub_info->retval or
311		 * sub_info->retval is 0 anyway, so don't mess with it then.
312		 */
313		if (ret)
314			sub_info->retval = ret;
315	}
316
317	umh_complete(sub_info);
318	do_exit(0);
319}
320
321/* This is run by khelper thread  */
322static void __call_usermodehelper(struct work_struct *work)
323{
324	struct subprocess_info *sub_info =
325		container_of(work, struct subprocess_info, work);
326	int wait = sub_info->wait & ~UMH_KILLABLE;
327	pid_t pid;
328
329	/* CLONE_VFORK: wait until the usermode helper has execve'd
330	 * successfully We need the data structures to stay around
331	 * until that is done.  */
332	if (wait == UMH_WAIT_PROC)
333		pid = kernel_thread(wait_for_helper, sub_info,
334				    CLONE_FS | CLONE_FILES | SIGCHLD);
335	else {
336		pid = kernel_thread(call_helper, sub_info,
337				    CLONE_VFORK | SIGCHLD);
338		/* Worker thread stopped blocking khelper thread. */
339		kmod_thread_locker = NULL;
340	}
341
342	if (pid < 0) {
343		sub_info->retval = pid;
344		umh_complete(sub_info);
345	}
346}
347
348/*
349 * If set, call_usermodehelper_exec() will exit immediately returning -EBUSY
350 * (used for preventing user land processes from being created after the user
351 * land has been frozen during a system-wide hibernation or suspend operation).
352 * Should always be manipulated under umhelper_sem acquired for write.
353 */
354static enum umh_disable_depth usermodehelper_disabled = UMH_DISABLED;
355
356/* Number of helpers running */
357static atomic_t running_helpers = ATOMIC_INIT(0);
358
359/*
360 * Wait queue head used by usermodehelper_disable() to wait for all running
361 * helpers to finish.
362 */
363static DECLARE_WAIT_QUEUE_HEAD(running_helpers_waitq);
364
365/*
366 * Used by usermodehelper_read_lock_wait() to wait for usermodehelper_disabled
367 * to become 'false'.
368 */
369static DECLARE_WAIT_QUEUE_HEAD(usermodehelper_disabled_waitq);
370
371/*
372 * Time to wait for running_helpers to become zero before the setting of
373 * usermodehelper_disabled in usermodehelper_disable() fails
374 */
375#define RUNNING_HELPERS_TIMEOUT	(5 * HZ)
376
377int usermodehelper_read_trylock(void)
378{
379	DEFINE_WAIT(wait);
380	int ret = 0;
381
382	down_read(&umhelper_sem);
383	for (;;) {
384		prepare_to_wait(&usermodehelper_disabled_waitq, &wait,
385				TASK_INTERRUPTIBLE);
386		if (!usermodehelper_disabled)
387			break;
388
389		if (usermodehelper_disabled == UMH_DISABLED)
390			ret = -EAGAIN;
391
392		up_read(&umhelper_sem);
393
394		if (ret)
395			break;
396
397		schedule();
398		try_to_freeze();
399
400		down_read(&umhelper_sem);
401	}
402	finish_wait(&usermodehelper_disabled_waitq, &wait);
403	return ret;
404}
405EXPORT_SYMBOL_GPL(usermodehelper_read_trylock);
406
407long usermodehelper_read_lock_wait(long timeout)
408{
409	DEFINE_WAIT(wait);
410
411	if (timeout < 0)
412		return -EINVAL;
413
414	down_read(&umhelper_sem);
415	for (;;) {
416		prepare_to_wait(&usermodehelper_disabled_waitq, &wait,
417				TASK_UNINTERRUPTIBLE);
418		if (!usermodehelper_disabled)
419			break;
420
421		up_read(&umhelper_sem);
422
423		timeout = schedule_timeout(timeout);
424		if (!timeout)
425			break;
426
427		down_read(&umhelper_sem);
428	}
429	finish_wait(&usermodehelper_disabled_waitq, &wait);
430	return timeout;
431}
432EXPORT_SYMBOL_GPL(usermodehelper_read_lock_wait);
433
434void usermodehelper_read_unlock(void)
435{
436	up_read(&umhelper_sem);
437}
438EXPORT_SYMBOL_GPL(usermodehelper_read_unlock);
439
440/**
441 * __usermodehelper_set_disable_depth - Modify usermodehelper_disabled.
442 * @depth: New value to assign to usermodehelper_disabled.
443 *
444 * Change the value of usermodehelper_disabled (under umhelper_sem locked for
445 * writing) and wakeup tasks waiting for it to change.
446 */
447void __usermodehelper_set_disable_depth(enum umh_disable_depth depth)
448{
449	down_write(&umhelper_sem);
450	usermodehelper_disabled = depth;
451	wake_up(&usermodehelper_disabled_waitq);
452	up_write(&umhelper_sem);
453}
454
455/**
456 * __usermodehelper_disable - Prevent new helpers from being started.
457 * @depth: New value to assign to usermodehelper_disabled.
458 *
459 * Set usermodehelper_disabled to @depth and wait for running helpers to exit.
460 */
461int __usermodehelper_disable(enum umh_disable_depth depth)
462{
463	long retval;
464
465	if (!depth)
466		return -EINVAL;
467
468	down_write(&umhelper_sem);
469	usermodehelper_disabled = depth;
470	up_write(&umhelper_sem);
471
472	/*
473	 * From now on call_usermodehelper_exec() won't start any new
474	 * helpers, so it is sufficient if running_helpers turns out to
475	 * be zero at one point (it may be increased later, but that
476	 * doesn't matter).
477	 */
478	retval = wait_event_timeout(running_helpers_waitq,
479					atomic_read(&running_helpers) == 0,
480					RUNNING_HELPERS_TIMEOUT);
481	if (retval)
482		return 0;
483
484	__usermodehelper_set_disable_depth(UMH_ENABLED);
485	return -EAGAIN;
486}
487
488static void helper_lock(void)
489{
490	atomic_inc(&running_helpers);
491	smp_mb__after_atomic();
492}
493
494static void helper_unlock(void)
495{
496	if (atomic_dec_and_test(&running_helpers))
497		wake_up(&running_helpers_waitq);
498}
499
500/**
501 * call_usermodehelper_setup - prepare to call a usermode helper
502 * @path: path to usermode executable
503 * @argv: arg vector for process
504 * @envp: environment for process
505 * @gfp_mask: gfp mask for memory allocation
506 * @cleanup: a cleanup function
507 * @init: an init function
508 * @data: arbitrary context sensitive data
509 *
510 * Returns either %NULL on allocation failure, or a subprocess_info
511 * structure.  This should be passed to call_usermodehelper_exec to
512 * exec the process and free the structure.
513 *
514 * The init function is used to customize the helper process prior to
515 * exec.  A non-zero return code causes the process to error out, exit,
516 * and return the failure to the calling process
517 *
518 * The cleanup function is just before ethe subprocess_info is about to
519 * be freed.  This can be used for freeing the argv and envp.  The
520 * Function must be runnable in either a process context or the
521 * context in which call_usermodehelper_exec is called.
522 */
523struct subprocess_info *call_usermodehelper_setup(char *path, char **argv,
524		char **envp, gfp_t gfp_mask,
525		int (*init)(struct subprocess_info *info, struct cred *new),
526		void (*cleanup)(struct subprocess_info *info),
527		void *data)
528{
529	struct subprocess_info *sub_info;
530	sub_info = kzalloc(sizeof(struct subprocess_info), gfp_mask);
531	if (!sub_info)
532		goto out;
533
534	INIT_WORK(&sub_info->work, __call_usermodehelper);
535	sub_info->path = path;
536	sub_info->argv = argv;
537	sub_info->envp = envp;
538
539	sub_info->cleanup = cleanup;
540	sub_info->init = init;
541	sub_info->data = data;
542  out:
543	return sub_info;
544}
545EXPORT_SYMBOL(call_usermodehelper_setup);
546
547/**
548 * call_usermodehelper_exec - start a usermode application
549 * @sub_info: information about the subprocessa
550 * @wait: wait for the application to finish and return status.
551 *        when UMH_NO_WAIT don't wait at all, but you get no useful error back
552 *        when the program couldn't be exec'ed. This makes it safe to call
553 *        from interrupt context.
554 *
555 * Runs a user-space application.  The application is started
556 * asynchronously if wait is not set, and runs as a child of keventd.
557 * (ie. it runs with full root capabilities).
558 */
559int call_usermodehelper_exec(struct subprocess_info *sub_info, int wait)
560{
561	DECLARE_COMPLETION_ONSTACK(done);
562	int retval = 0;
563
564	if (!sub_info->path) {
565		call_usermodehelper_freeinfo(sub_info);
566		return -EINVAL;
567	}
568	helper_lock();
569	if (!khelper_wq || usermodehelper_disabled) {
570		retval = -EBUSY;
571		goto out;
572	}
573	/*
574	 * Worker thread must not wait for khelper thread at below
575	 * wait_for_completion() if the thread was created with CLONE_VFORK
576	 * flag, for khelper thread is already waiting for the thread at
577	 * wait_for_completion() in do_fork().
578	 */
579	if (wait != UMH_NO_WAIT && current == kmod_thread_locker) {
580		retval = -EBUSY;
581		goto out;
582	}
583
584	/*
585	 * Set the completion pointer only if there is a waiter.
586	 * This makes it possible to use umh_complete to free
587	 * the data structure in case of UMH_NO_WAIT.
588	 */
589	sub_info->complete = (wait == UMH_NO_WAIT) ? NULL : &done;
590	sub_info->wait = wait;
591
592	queue_work(khelper_wq, &sub_info->work);
593	if (wait == UMH_NO_WAIT)	/* task has freed sub_info */
594		goto unlock;
595
596	if (wait & UMH_KILLABLE) {
597		retval = wait_for_completion_killable(&done);
598		if (!retval)
599			goto wait_done;
600
601		/* umh_complete() will see NULL and free sub_info */
602		if (xchg(&sub_info->complete, NULL))
603			goto unlock;
604		/* fallthrough, umh_complete() was already called */
605	}
606
607	wait_for_completion(&done);
608wait_done:
609	retval = sub_info->retval;
610out:
611	call_usermodehelper_freeinfo(sub_info);
612unlock:
613	helper_unlock();
614	return retval;
615}
616EXPORT_SYMBOL(call_usermodehelper_exec);
617
618/**
619 * call_usermodehelper() - prepare and start a usermode application
620 * @path: path to usermode executable
621 * @argv: arg vector for process
622 * @envp: environment for process
623 * @wait: wait for the application to finish and return status.
624 *        when UMH_NO_WAIT don't wait at all, but you get no useful error back
625 *        when the program couldn't be exec'ed. This makes it safe to call
626 *        from interrupt context.
627 *
628 * This function is the equivalent to use call_usermodehelper_setup() and
629 * call_usermodehelper_exec().
630 */
631int call_usermodehelper(char *path, char **argv, char **envp, int wait)
632{
633	struct subprocess_info *info;
634	gfp_t gfp_mask = (wait == UMH_NO_WAIT) ? GFP_ATOMIC : GFP_KERNEL;
635
636	info = call_usermodehelper_setup(path, argv, envp, gfp_mask,
637					 NULL, NULL, NULL);
638	if (info == NULL)
639		return -ENOMEM;
640
641	return call_usermodehelper_exec(info, wait);
642}
643EXPORT_SYMBOL(call_usermodehelper);
644
645static int proc_cap_handler(struct ctl_table *table, int write,
646			 void __user *buffer, size_t *lenp, loff_t *ppos)
647{
648	struct ctl_table t;
649	unsigned long cap_array[_KERNEL_CAPABILITY_U32S];
650	kernel_cap_t new_cap;
651	int err, i;
652
653	if (write && (!capable(CAP_SETPCAP) ||
654		      !capable(CAP_SYS_MODULE)))
655		return -EPERM;
656
657	/*
658	 * convert from the global kernel_cap_t to the ulong array to print to
659	 * userspace if this is a read.
660	 */
661	spin_lock(&umh_sysctl_lock);
662	for (i = 0; i < _KERNEL_CAPABILITY_U32S; i++)  {
663		if (table->data == CAP_BSET)
664			cap_array[i] = usermodehelper_bset.cap[i];
665		else if (table->data == CAP_PI)
666			cap_array[i] = usermodehelper_inheritable.cap[i];
667		else
668			BUG();
669	}
670	spin_unlock(&umh_sysctl_lock);
671
672	t = *table;
673	t.data = &cap_array;
674
675	/*
676	 * actually read or write and array of ulongs from userspace.  Remember
677	 * these are least significant 32 bits first
678	 */
679	err = proc_doulongvec_minmax(&t, write, buffer, lenp, ppos);
680	if (err < 0)
681		return err;
682
683	/*
684	 * convert from the sysctl array of ulongs to the kernel_cap_t
685	 * internal representation
686	 */
687	for (i = 0; i < _KERNEL_CAPABILITY_U32S; i++)
688		new_cap.cap[i] = cap_array[i];
689
690	/*
691	 * Drop everything not in the new_cap (but don't add things)
692	 */
693	spin_lock(&umh_sysctl_lock);
694	if (write) {
695		if (table->data == CAP_BSET)
696			usermodehelper_bset = cap_intersect(usermodehelper_bset, new_cap);
697		if (table->data == CAP_PI)
698			usermodehelper_inheritable = cap_intersect(usermodehelper_inheritable, new_cap);
699	}
700	spin_unlock(&umh_sysctl_lock);
701
702	return 0;
703}
704
705struct ctl_table usermodehelper_table[] = {
706	{
707		.procname	= "bset",
708		.data		= CAP_BSET,
709		.maxlen		= _KERNEL_CAPABILITY_U32S * sizeof(unsigned long),
710		.mode		= 0600,
711		.proc_handler	= proc_cap_handler,
712	},
713	{
714		.procname	= "inheritable",
715		.data		= CAP_PI,
716		.maxlen		= _KERNEL_CAPABILITY_U32S * sizeof(unsigned long),
717		.mode		= 0600,
718		.proc_handler	= proc_cap_handler,
719	},
720	{ }
721};
722
723void __init usermodehelper_init(void)
724{
725	khelper_wq = create_singlethread_workqueue("khelper");
726	BUG_ON(!khelper_wq);
727}