many: handlers and backend for kernel-modules components

kernel/kernel.go

@@ -25,7 +25,9 @@ import (
 	"os"
 	"path/filepath"
 	"regexp"
+	"strings"
 
+	"github.com/snapcore/snapd/snap"
 	"gopkg.in/yaml.v2"
 )
 
@@ -77,3 +79,23 @@ func ReadInfo(kernelSnapRootDir string) (*Info, error) {
 	}
 	return InfoFromKernelYaml(content)
 }
+
+// KernelVersionFromPlaceInfo returns the kernel version for a mounted kernel
+// snap (this would be the output if "uname -r" for a running kernel).
+func KernelVersionFromPlaceInfo(spi snap.PlaceInfo) (string, error) {
+	systemMapPathPrefix := filepath.Join(spi.MountDir(), "System.map-")
+	matchPath := systemMapPathPrefix + "*"
+	matches, err := filepath.Glob(matchPath)
+	if err != nil {
+		// could be only ErrBadPattern, should not really happen
+		return "", fmt.Errorf("internal error: %w", err)
+	}
+	if len(matches) != 1 {
+		return "", fmt.Errorf("number of matches for %s is %d", matchPath, len(matches))
+	}
+	version := strings.TrimPrefix(matches[0], systemMapPathPrefix)
+	if version == "" {
+		return "", fmt.Errorf("kernel version not set in %s", matches[0])
+	}
+	return version, nil
+}

kernel/kernel_test.go

@@ -26,7 +26,10 @@ import (
 
 	. "gopkg.in/check.v1"
 
+	"github.com/snapcore/snapd/dirs"
 	"github.com/snapcore/snapd/kernel"
+	"github.com/snapcore/snapd/snap"
+	"github.com/snapcore/snapd/testutil"
 )
 
 func makeMockKernel(c *C, kernelYaml string, filesWithContent map[string]string) string {
@@ -47,9 +50,18 @@ func makeMockKernel(c *C, kernelYaml string, filesWithContent map[string]string)
 	return kernelRootDir
 }
 
-type kernelYamlTestSuite struct{}
+type kernelTestSuite struct {
+	testutil.BaseTest
+}
+
+var _ = Suite(&kernelTestSuite{})
 
-var _ = Suite(&kernelYamlTestSuite{})
+func (s *kernelTestSuite) SetUpTest(c *C) {
+	s.BaseTest.SetUpTest(c)
+
+	dirs.SetRootDir(c.MkDir())
+	s.AddCleanup(func() { dirs.SetRootDir("") })
+}
 
 func TestCommand(t *testing.T) { TestingT(t) }
 
@@ -67,19 +79,19 @@ assets:
   non-#alphanumeric:
 `)
 
-func (s *kernelYamlTestSuite) TestInfoFromKernelYamlSad(c *C) {
+func (s *kernelTestSuite) TestInfoFromKernelYamlSad(c *C) {
 	ki, err := kernel.InfoFromKernelYaml([]byte("foo"))
 	c.Check(err, ErrorMatches, "(?m)cannot parse kernel metadata: .*")
 	c.Check(ki, IsNil)
 }
 
-func (s *kernelYamlTestSuite) TestInfoFromKernelYamlBadName(c *C) {
+func (s *kernelTestSuite) TestInfoFromKernelYamlBadName(c *C) {
 	ki, err := kernel.InfoFromKernelYaml(mockInvalidKernelYaml)
 	c.Check(err, ErrorMatches, `invalid asset name "non-#alphanumeric", please use only alphanumeric characters and dashes`)
 	c.Check(ki, IsNil)
 }
 
-func (s *kernelYamlTestSuite) TestInfoFromKernelYamlHappy(c *C) {
+func (s *kernelTestSuite) TestInfoFromKernelYamlHappy(c *C) {
 	ki, err := kernel.InfoFromKernelYaml(mockKernelYaml)
 	c.Check(err, IsNil)
 	c.Check(ki, DeepEquals, &kernel.Info{
@@ -95,13 +107,13 @@ func (s *kernelYamlTestSuite) TestInfoFromKernelYamlHappy(c *C) {
 	})
 }
 
-func (s *kernelYamlTestSuite) TestReadKernelYamlOptional(c *C) {
+func (s *kernelTestSuite) TestReadKernelYamlOptional(c *C) {
 	ki, err := kernel.ReadInfo("this-path-does-not-exist")
 	c.Check(err, IsNil)
 	c.Check(ki, DeepEquals, &kernel.Info{})
 }
 
-func (s *kernelYamlTestSuite) TestReadKernelYamlSad(c *C) {
+func (s *kernelTestSuite) TestReadKernelYamlSad(c *C) {
 	mockKernelSnapRoot := c.MkDir()
 	kernelYamlPath := filepath.Join(mockKernelSnapRoot, "meta/kernel.yaml")
 	err := os.MkdirAll(filepath.Dir(kernelYamlPath), 0755)
@@ -114,7 +126,7 @@ func (s *kernelYamlTestSuite) TestReadKernelYamlSad(c *C) {
 	c.Check(ki, IsNil)
 }
 
-func (s *kernelYamlTestSuite) TestReadKernelYamlHappy(c *C) {
+func (s *kernelTestSuite) TestReadKernelYamlHappy(c *C) {
 	mockKernelSnapRoot := c.MkDir()
 	kernelYamlPath := filepath.Join(mockKernelSnapRoot, "meta/kernel.yaml")
 	err := os.MkdirAll(filepath.Dir(kernelYamlPath), 0755)
@@ -136,3 +148,41 @@ func (s *kernelYamlTestSuite) TestReadKernelYamlHappy(c *C) {
 		},
 	})
 }
+
+func (s *kernelTestSuite) TestKernelVersionFromPlaceInfo(c *C) {
+	spi := snap.MinimalPlaceInfo("pc-kernel", snap.R(1))
+
+	c.Assert(os.MkdirAll(spi.MountDir(), 0755), IsNil)
+
+	// No map file
+	ver, err := kernel.KernelVersionFromPlaceInfo(spi)
+	c.Check(err, ErrorMatches, `number of matches for .* is 0`)
+	c.Check(ver, Equals, "")
+
+	// Create file so kernel version can be found
+	c.Assert(os.WriteFile(filepath.Join(
+		spi.MountDir(), "System.map-5.15.0-78-generic"), []byte{}, 0644), IsNil)
+	ver, err = kernel.KernelVersionFromPlaceInfo(spi)
+	c.Check(err, IsNil)
+	c.Check(ver, Equals, "5.15.0-78-generic")
+
+	// Too many matches
+	c.Assert(os.WriteFile(filepath.Join(
+		spi.MountDir(), "System.map-6.8.0-71-generic"), []byte{}, 0644), IsNil)
+	ver, err = kernel.KernelVersionFromPlaceInfo(spi)
+	c.Check(err, ErrorMatches, `number of matches for .* is 2`)
+	c.Check(ver, Equals, "")
+}
+
+func (s *kernelTestSuite) TestKernelVersionFromPlaceInfoNotSetInFile(c *C) {
+	spi := snap.MinimalPlaceInfo("pc-kernel", snap.R(1))
+
+	c.Assert(os.MkdirAll(spi.MountDir(), 0755), IsNil)
+
+	// Create bad file name
+	c.Assert(os.WriteFile(filepath.Join(
+		spi.MountDir(), "System.map-"), []byte{}, 0644), IsNil)
+	ver, err := kernel.KernelVersionFromPlaceInfo(spi)
+	c.Check(err, ErrorMatches, `kernel version not set in .*System\.map\-`)
+	c.Check(ver, Equals, "")
+}

overlord/snapstate/backend.go

@@ -80,6 +80,8 @@ type managerBackend interface {
 	StartServices(svcs []*snap.AppInfo, disabledSvcs []string, meter progress.Meter, tm timings.Measurer) error
 	StopServices(svcs []*snap.AppInfo, reason snap.ServiceStopReason, meter progress.Meter, tm timings.Measurer) error
 	QueryDisabledServices(info *snap.Info, pb progress.Meter) ([]string, error)
+	SetupKernelModulesComponent(cpi snap.ContainerPlaceInfo, cref naming.ComponentRef, kernelVersion string, meter progress.Meter) (err error)
+	UndoSetupKernelModulesComponent(cpi snap.ContainerPlaceInfo, cref naming.ComponentRef, kernelVersion string, meter progress.Meter) error
 
 	// the undoers for install
 	UndoSetupSnap(s snap.PlaceInfo, typ snap.Type, installRecord *backend.InstallRecord, dev snap.Device, meter progress.Meter) error

overlord/snapstate/backend/export_test.go

@@ -73,3 +73,11 @@ func MockMkdirAllChown(f func(string, os.FileMode, sys.UserID, sys.GroupID) erro
 		mkdirAllChown = old
 	}
 }
+
+func MockRunDepmod(f func(baseDir, kernelVersion string) error) func() {
+	old := runDepmod
+	runDepmod = f
+	return func() {
+		runDepmod = old
+	}
+}

overlord/snapstate/backend/kernel_modules_components.go

@@ -0,0 +1,217 @@
+// -*- Mode: Go; indent-tabs-mode: t -*-
+
+/*
+ * Copyright (C) 2024 Canonical Ltd
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 3 as
+ * published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+package backend
+
+import (
+	"fmt"
+	"os"
+	"path/filepath"
+
+	"github.com/snapcore/snapd/dirs"
+	"github.com/snapcore/snapd/logger"
+	"github.com/snapcore/snapd/osutil"
+	"github.com/snapcore/snapd/progress"
+	"github.com/snapcore/snapd/snap"
+	"github.com/snapcore/snapd/snap/naming"
+	"github.com/snapcore/snapd/systemd"
+)
+
+type NoKernelDriversError struct {
+	cref          naming.ComponentRef
+	kernelVersion string
+}
+
+func (e NoKernelDriversError) Error() string {
+	return fmt.Sprintf("%s does not contain firmware or components for %s",
+		e.cref, e.kernelVersion)
+}
+
+func cleanupMount(mountDir string, meter progress.Meter) error {
+	mountDir = filepath.Join(dirs.GlobalRootDir, mountDir)
+	// this also ensures that the mount unit stops
+	if err := removeMountUnit(mountDir, meter); err != nil {
+		return err
+	}
+
+	if err := os.RemoveAll(mountDir); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+type kernelModulesCleanupParts struct {
+	compMountDir    string
+	modulesMountDir string
+	rerunDepmod     bool
+}
+
+func cleanupKernelModulesSetup(parts *kernelModulesCleanupParts, kernelVersion string, meter progress.Meter) error {
+	if parts.modulesMountDir != "" {
+		if err := cleanupMount(parts.modulesMountDir, meter); err != nil {
+			return err
+		}
+		if parts.rerunDepmod {
+			if err := runDepmod("/usr", kernelVersion); err != nil {
+				return err
+			}
+		}
+	}
+
+	if parts.compMountDir != "" {
+		if err := cleanupMount(parts.compMountDir, meter); err != nil {
+			return err
+		}
+	}
+
+	return nil
+}
+
+func checkKernelModulesCompContent(mountDir, kernelVersion string) (bool, bool) {
+	hasModules := osutil.IsDirectory(filepath.Join(mountDir, "modules", kernelVersion))
+	hasFirmware := osutil.IsDirectory(filepath.Join(mountDir, "firmware"))
+	return hasModules, hasFirmware
+}
+
+func componentMountPoint(componentName, kernelVersion string) string {
+	return filepath.Join("/run/mnt/kernel-modules/", kernelVersion, componentName)
+}
+
+func modulesMountPoint(componentName, kernelVersion string) string {
+	return filepath.Join("/usr/lib/modules", kernelVersion, "updates", componentName)
+}
+
+// SetupKernelModulesComponent creates and starts mount units for
+// kernel-modules components.
+func (b Backend) SetupKernelModulesComponent(cpi snap.ContainerPlaceInfo, cref naming.ComponentRef, kernelVersion string, meter progress.Meter) (err error) {
+	var sysd systemd.Systemd
+	if b.preseed {
+		sysd = systemd.NewEmulationMode(dirs.GlobalRootDir)
+	} else {
+		sysd = systemd.New(systemd.SystemMode, meter)
+	}
+
+	// Restore state if something goes wrong
+	var cleanOnFailure kernelModulesCleanupParts
+	defer func() {
+		if err == nil {
+			return
+		}
+		if err := cleanupKernelModulesSetup(&cleanOnFailure, kernelVersion, meter); err != nil {
+			logger.Noticef("while cleaning up a failed kernel-modules set-up: %v", err)
+		}
+	}()
+
+	// Check that the kernel-modules component really has
+	// something we must mount on early boot.
+	hasModules, hasFirmware := checkKernelModulesCompContent(cpi.MountDir(), kernelVersion)
+	if !hasModules && !hasFirmware {
+		return &NoKernelDriversError{cref: cref, kernelVersion: kernelVersion}
+	}
+
+	// Mount the component itself (we need it early, so the mount in /snap cannot
+	// be used).
+	componentMount := componentMountPoint(cref.ComponentName, kernelVersion)
+	addMountUnitOptions := &systemd.MountUnitOptions{
+		MountUnitType: systemd.BeforeDriversLoadMountUnit,
+		Lifetime:      systemd.Persistent,
+		Description:   fmt.Sprintf("Mount unit for kernel-modules component %s", cref),
+		What:          cpi.MountFile(),
+		Where:         componentMount,
+		Fstype:        "squashfs",
+		Options:       []string{"nodev,ro,x-gdu.hide,x-gvfs-hide"},
+	}
+	_, err = sysd.EnsureMountUnitFileWithOptions(addMountUnitOptions)
+	if err != nil {
+		return fmt.Errorf("cannot create mount in %q: %w", componentMount, err)
+	}
+	cleanOnFailure.compMountDir = componentMount
+
+	if hasModules {
+		// systemd automatically works out dependencies on the "what"
+		// path too so this mount happens after the component one.
+		modulesDir := modulesMountPoint(cref.ComponentName, kernelVersion)
+		addMountUnitOptions = &systemd.MountUnitOptions{
+			MountUnitType: systemd.BeforeDriversLoadMountUnit,
+			Lifetime:      systemd.Persistent,
+			Description:   fmt.Sprintf("Mount unit for modules from %s", cref.String()),
+			What:          filepath.Join(componentMount, "modules", kernelVersion),
+			Where:         modulesDir,
+			Fstype:        "none",
+			Options:       []string{"bind"},
+		}
+		_, err = sysd.EnsureMountUnitFileWithOptions(addMountUnitOptions)
+		if err != nil {
+			return fmt.Errorf("cannot create mount in %q: %w", modulesDir, err)
+		}
+		cleanOnFailure.modulesMountDir = modulesDir
+
+		// Rebuild modinfo files
+		if err := runDepmod("/usr", kernelVersion); err != nil {
+			return err
+		}
+		cleanOnFailure.rerunDepmod = true
+	}
+
+	if hasFirmware {
+		// TODO create recursively symlinks in
+		// /usr/lib/firmware/updates while checking for conflicts with
+		// existing files.
+	}
+
+	return nil
+}
+
+var runDepmod = runDepmodImpl
+
+func runDepmodImpl(baseDir, kernelVersion string) error {
+	logger.Debugf("running depmod on %q for kernel %s", baseDir, kernelVersion)
+	stdout, stderr, err := osutil.RunSplitOutput("depmod", "-b", baseDir, kernelVersion)
+	logger.Debugf("depmod stderr:\n%s\n\ndepmod stdout:\n%s",
+		string(stderr), string(stdout))
+	if err != nil {
+		return osutil.OutputErrCombine(stdout, stderr, err)
+	}
+	return nil
+}
+
+// UndoSetupKernelModulesComponent undoes the work of SetupKernelModulesComponent
+func (b Backend) UndoSetupKernelModulesComponent(cpi snap.ContainerPlaceInfo, cref naming.ComponentRef, kernelVersion string, meter progress.Meter) error {
+	hasModules, hasFirmware := checkKernelModulesCompContent(cpi.MountDir(), kernelVersion)
+	var partsToClean kernelModulesCleanupParts
+	if hasFirmware {
+		// TODO remove recursively symlinks in
+		// /usr/lib/firmware/updates (set var in kernelModulesCleanupParts)
+	}
+
+	// Remove created mount units
+	if hasModules {
+		partsToClean.modulesMountDir =
+			modulesMountPoint(cref.ComponentName, kernelVersion)
+		partsToClean.rerunDepmod = true
+	}
+
+	if hasModules || hasFirmware {
+		partsToClean.compMountDir =
+			componentMountPoint(cref.ComponentName, kernelVersion)
+	}
+
+	return cleanupKernelModulesSetup(&partsToClean, kernelVersion, meter)
+}