summaryrefslogtreecommitdiff
path: root/drivers/net/netconsole.c
AgeCommit message (Collapse)Author
2026-06-18netconsole: don't drop the last byte of a full-sized messageBreno Leitao
nt->buf is exactly MAX_PRINT_CHUNK bytes, but scnprintf() reserves one byte for its NUL terminator, so a non-fragmented payload of exactly MAX_PRINT_CHUNK loses its last byte (emitted as a stray NUL in the release path). Grow nt->buf to MAX_PRINT_CHUNK + 1 and bound the scnprintf() calls with sizeof(nt->buf); the transmitted length stays capped at MAX_PRINT_CHUNK. Alternatively, nt->buf could be left at MAX_PRINT_CHUNK and the NUL byte reserved by routing exactly-MAX_PRINT_CHUNK payloads to fragmentation ('len < MAX_PRINT_CHUNK'), at the cost of fragmenting those messages. But it would look less sane, thus the current approach. Fixes: c62c0a17f9b7 ("netconsole: Append kernel version to message") Signed-off-by: Breno Leitao <leitao@debian.org> Reviewed-by: Simon Horman <horms@kernel.org> Link: https://patch.msgid.link/20260616-max_print_chunk-v1-1-8dc125d67083@debian.org Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2026-06-12netconsole: clear cached dev_name on resume-window cleanupBreno Leitao
When process_resume_target() catches a device that was unregistered while the target was off target_list, it calls do_netpoll_cleanup() to release the reference but leaves the cached np.dev_name in place. The other cleanup path, netconsole_process_cleanups_core(), already wipes dev_name for MAC-bound targets because the name was only a cache of the device that last carried the MAC and may no longer match. The pattern is the same in both spots, so fold it into a small helper netcons_release_dev() and route both call sites through it. This makes the resume-window cleanup consistent with the notifier-driven one so a later enable does not let netpoll_setup() pick a stale interface by name when the user bound the target by MAC. Signed-off-by: Breno Leitao <leitao@debian.org> Reviewed-by: Andre Carvalho <asantostc@gmail.com> Link: https://patch.msgid.link/20260610-netconsole_fix_more-v1-1-a18652c47cef@debian.org Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2026-06-09netconsole: close netdevice unregister window during target resumeBreno Leitao
process_resume_target() removes the target from target_list before calling resume_target() so that netpoll_setup() can run with interrupts enabled, then re-adds it once setup completes. netpoll_setup() acquires a net_device reference (netdev_hold()) and releases the RTNL before returning. While the target is off target_list and the RTNL is not held, netconsole_netdev_event() cannot find it. If the egress device is unregistered in that window, the NETDEV_UNREGISTER notifier walks target_list, misses the resuming target, and never tears it down. The target is then re-added in STATE_ENABLED still holding a reference to the now-unregistered device, leaking it and hanging unregister_netdevice() in netdev_wait_allrefs(). Re-check under RTNL before re-publishing the target: if the device left NETREG_REGISTERED while we were off the list, run do_netpoll_cleanup() and mark the target disabled. Taking the RTNL across the check and the list_add() serialises against the NETDEV_UNREGISTER notifier, which also runs under RTNL, so the device is either still registered (and the notifier will find the re-added target later) or already unregistering (and we drop the reference here). netdev_wait_allrefs() runs from netdev_run_todo() outside the RTNL, so dropping the reference here cannot deadlock against the pending unregister. Signed-off-by: Breno Leitao <leitao@debian.org> Link: https://patch.msgid.link/20260604-netcons_fix_before_move-v3-5-ab055b3a6aa5@debian.org Signed-off-by: Paolo Abeni <pabeni@redhat.com>
2026-06-09netconsole: clean up deactivated targets dropped before the cleanup workerBreno Leitao
drop_netconsole_target() downgrades a STATE_DEACTIVATED target to STATE_DISABLED and then only calls netpoll_cleanup() when the target is STATE_ENABLED. A target becomes STATE_DEACTIVATED when its underlying interface is unregistered: netconsole_netdev_event() moves it to target_cleanup_list, and netconsole_process_cleanups_core() is expected to run do_netpoll_cleanup() on it. Now that drop_netconsole_target() takes target_cleanup_list_lock around the unlink, a configfs removal racing with NETDEV_UNREGISTER can pull the target off target_cleanup_list before the cleanup worker processes it. The notifier drops the lock before calling netconsole_process_cleanups_core(), so the worker then iterates a list that no longer contains the target and never runs do_netpoll_cleanup() on it. Because drop_netconsole_target() has already rewritten the state to STATE_DISABLED, its own STATE_ENABLED check is false and netpoll_cleanup() is skipped too. The net_device reference taken by netpoll_setup() is then leaked and unregister_netdevice() hangs forever in netdev_wait_allrefs(). Capture whether the target still owns a netpoll before the state is downgraded and clean it up for both STATE_ENABLED and STATE_DEACTIVATED targets. netpoll_cleanup() is idempotent -- it skips when np->dev is already NULL -- so it is safe even when the cleanup worker won the race and already tore the netpoll down. Signed-off-by: Breno Leitao <leitao@debian.org> Link: https://patch.msgid.link/20260604-netcons_fix_before_move-v3-4-ab055b3a6aa5@debian.org Signed-off-by: Paolo Abeni <pabeni@redhat.com>
2026-06-09netconsole: take target_cleanup_list_lock in drop_netconsole_target()Breno Leitao
drop_netconsole_target() unlinks the target while only holding target_list_lock. However, when the underlying interface has been unregistered, netconsole_netdev_event() moves the target from target_list to target_cleanup_list, and netconsole_process_cleanups_core() walks that list under target_cleanup_list_lock only. If a user removes the configfs target at the same time the cleanup worker is iterating target_cleanup_list, list_del() can corrupt the list because the two paths take disjoint locks while operating on the same list node. Acquire target_cleanup_list_lock around the list_del() so the unlink is serialised against netconsole_process_cleanups_core() regardless of which list the target currently belongs to. The state transition that downgrades STATE_DEACTIVATED to STATE_DISABLED is left intact and is performed under the same combined locking, preserving the existing ordering with resume_target(). Signed-off-by: Breno Leitao <leitao@debian.org> Link: https://patch.msgid.link/20260604-netcons_fix_before_move-v3-3-ab055b3a6aa5@debian.org Signed-off-by: Paolo Abeni <pabeni@redhat.com>
2026-06-09netconsole: do not dequeue pooled skbs that cannot satisfy lenBreno Leitao
find_skb() falls back to np->skb_pool when the GFP_ATOMIC alloc_skb() fails. The pool is refilled by refill_skbs(), which always allocates buffers of MAX_SKB_SIZE (ethhdr + iphdr + udphdr + MAX_UDP_CHUNK == 1502 bytes). netconsole, however, computes the requested length dynamically as total_len + np->dev->needed_tailroom If the egress device declares a non-zero needed_tailroom (e.g. some tunnel or hardware accelerator devices), the required length can exceed MAX_SKB_SIZE. The pooled skb is then handed back to the caller, which immediately performs skb_put(skb, len), trips the tail > end check, and triggers skb_over_panic(). Leave the normal alloc_skb(len, GFP_ATOMIC) path untouched -- the slab allocator can still satisfy oversized requests when memory is available, so senders to devices with non-zero needed_tailroom keep working in the common case. Only the pool fallback is gated: when alloc_skb() failed and len exceeds the pool buffer size, skip the skb_dequeue() instead of burning a pre-allocated skb on a request that would later trip skb_over_panic(). Reserving pool entries for requests they can actually satisfy also keeps the panic path, which depends on the pool being primed, intact. When that drop happens, emit a rate-limited net_warn() so the user notices that netconsole is unable to push messages on the egress device. The warn is skipped under in_nmi() for the same reason schedule_work() is: printk machinery taken by net_warn_ratelimited() is not NMI-safe and would risk recursing into the same nbcon console we are servicing. MAX_SKB_SIZE / MAX_UDP_CHUNK were private to net/core/netpoll.c. Move them to include/linux/netpoll.h so netconsole can reference the same definition that refill_skbs() uses, keeping the two in sync by construction. The header now pulls in <linux/ip.h> and <linux/udp.h> explicitly so MAX_SKB_SIZE remains self-contained for any future user. Signed-off-by: Breno Leitao <leitao@debian.org> Link: https://patch.msgid.link/20260604-netcons_fix_before_move-v3-2-ab055b3a6aa5@debian.org Signed-off-by: Paolo Abeni <pabeni@redhat.com>
2026-06-09netconsole: do not schedule skb pool refill from NMIBreno Leitao
When alloc_skb() fails in find_skb(), the fallback path dequeues an skb from np->skb_pool and unconditionally calls schedule_work() to top the pool back up. schedule_work() ends up taking the workqueue pool locks, which are not NMI-safe. netconsole_write() is registered as the nbcon write_atomic callback and is explicitly marked CON_NBCON_ATOMIC_UNSAFE, meaning it is invoked from emergency/panic contexts including NMIs. If the NMI interrupts a thread already holding the workqueue pool lock, calling schedule_work() self-deadlocks and the panic message that was being printed is lost. Introduce netcons_skb_pop() to fold the pool dequeue and the refill request into a single helper. The helper skips schedule_work() when called from NMI context; the pool is best-effort, so the refill is simply deferred to the next non-NMI find_skb() call that exhausts alloc_skb() and hits the fallback again. This keeps the fast path untouched and the locking rules around the fallback pool documented in one place. Note this only removes the schedule_work() hazard from the NMI path. The allocation itself is still not fully NMI-safe: the alloc_skb(GFP_ATOMIC) attempted first may take slab locks, and the skb_dequeue() fallback takes np->skb_pool.lock, so either can deadlock if the NMI interrupts a holder of those locks. Closing those windows requires an NMI-safe (lockless) skb pool and is left to a follow-up; this patch addresses the schedule_work() deadlock, which is both the most likely and the easiest to trigger. Signed-off-by: Breno Leitao <leitao@debian.org> Link: https://patch.msgid.link/20260604-netcons_fix_before_move-v3-1-ab055b3a6aa5@debian.org Signed-off-by: Paolo Abeni <pabeni@redhat.com>
2026-05-26netconsole: Constify struct configfs_item_operations and ↵Christophe JAILLET
configfs_group_operations 'struct configfs_item_operations' and 'configfs_group_operations' are not modified in this driver. Constifying these structures moves some data to a read-only section, so increases overall security, especially when the structure holds some function pointers. On a x86_64, with allmodconfig, as an example: Before: ====== text data bss dec hex filename 64259 24272 608 89139 15c33 drivers/net/netconsole.o After: ===== text data bss dec hex filename 64579 23952 608 89139 15c33 drivers/net/netconsole.o Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr> Reviewed-by: Breno Leitao <leitao@debian.org> Link: https://patch.msgid.link/7ff56bdb0cee826a56365f930dcdf457b44931df.1779711734.git.christophe.jaillet@wanadoo.fr Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2026-05-13netconsole: move find_skb() from netpollBreno Leitao
find_skb() is the netconsole-specific entry into the netpoll skb pool: every other netpoll consumer (bonding, team, vlan, bridge, macvlan, dsa) builds its own sk_buff and never touches the pool. With netpoll_send_udp() (its only caller) now living in netconsole, find_skb() can join it. Move find_skb() into drivers/net/netconsole.c as a file-static helper, drop EXPORT_SYMBOL_GPL(find_skb) and remove its prototype from include/linux/netpoll.h. find_skb() drains TX completions via netpoll_zap_completion_queue(), which is already exported in the NETDEV_INTERNAL namespace, so netconsole picks up MODULE_IMPORT_NS("NETDEV_INTERNAL") to consume it. The skb pool's lifecycle (np->skb_pool, np->refill_wq, refill_skbs(), refill_skbs_work_handler(), skb_pool_flush()) stays in netpoll: it is initialised in __netpoll_setup() and torn down in __netpoll_cleanup(), both of which remain netpoll's responsibility. The refill work queued via schedule_work(&np->refill_wq) from the moved find_skb() runs refill_skbs_work_handler() in netpoll without any further plumbing. This is pure code motion: the function body is unchanged and its sole caller (netpoll_send_udp(), already moved by an earlier patch) keeps invoking it the same way. Pre-existing concerns about find_skb() running from NMI/printk context (zap_completion_queue() re-entry, skb_pool spinlocks, GFP_ATOMIC allocation, fallback skb sizing vs. MAX_SKB_SIZE, PREEMPT_RT semantics of __kfree_skb()) are inherited as-is and are not addressed here; they predate this series and are out of scope. Fixing them is left for follow-up work. Signed-off-by: Breno Leitao <leitao@debian.org> Link: https://patch.msgid.link/20260512-netconsole_split-v2-9-1191d14ad66d@debian.org Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2026-05-13netconsole: move netpoll_udp_checksum() from netpollBreno Leitao
netpoll_udp_checksum() computes the UDP checksum for netconsole's packets. Move it into drivers/net/netconsole.c as a file-static helper; drop its EXPORT_SYMBOL_GPL and remove the prototype from include/linux/netpoll.h. This was the last csum_ipv6_magic() consumer in net/core/netpoll.c, so drop the now-stale <net/ip6_checksum.h> include there. Pull it into netconsole.c so the moved code keeps building. It was also the last udp_hdr() consumer in net/core/netpoll.c. The file no longer needs anything from <net/udp.h> (the UDP socket-layer helpers); MAX_SKB_SIZE only needs struct udphdr, which is provided by the lighter <linux/udp.h>. Swap the include accordingly. Signed-off-by: Breno Leitao <leitao@debian.org> Link: https://patch.msgid.link/20260512-netconsole_split-v2-7-1191d14ad66d@debian.org Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2026-05-13netconsole: move push_udp() from netpollBreno Leitao
push_udp() builds the UDP header (and triggers the checksum) for netconsole's UDP packets. Move it into drivers/net/netconsole.c as a file-static helper; drop its EXPORT_SYMBOL_GPL and remove the prototype from include/linux/netpoll.h. Signed-off-by: Breno Leitao <leitao@debian.org> Link: https://patch.msgid.link/20260512-netconsole_split-v2-6-1191d14ad66d@debian.org Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2026-05-13netconsole: move push_eth() from netpollBreno Leitao
push_eth() builds the Ethernet header for netconsole's UDP packets. Move it into drivers/net/netconsole.c as a file-static helper; drop its EXPORT_SYMBOL_GPL and remove the prototype from include/linux/netpoll.h. Signed-off-by: Breno Leitao <leitao@debian.org> Link: https://patch.msgid.link/20260512-netconsole_split-v2-5-1191d14ad66d@debian.org Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2026-05-13netconsole: move push_ipv4() from netpollBreno Leitao
push_ipv4() builds the IPv4 header for netconsole's UDP packets. Move it into drivers/net/netconsole.c as a file-static helper; drop its EXPORT_SYMBOL_GPL and remove the prototype from include/linux/netpoll.h. put_unaligned() is no longer used in net/core/netpoll.c, so drop the now-stale <linux/unaligned.h> include from there. Pull it into netconsole.c so the moved code keeps building. Signed-off-by: Breno Leitao <leitao@debian.org> Link: https://patch.msgid.link/20260512-netconsole_split-v2-4-1191d14ad66d@debian.org Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2026-05-13netconsole: move push_ipv6() from netpollBreno Leitao
push_ipv6() builds the IPv6 header for netconsole's UDP packets. Its only caller, netpoll_send_udp(), now lives in netconsole, so the helper can move there as a file-static function. Drop its EXPORT_SYMBOL_GPL and remove the prototype from include/linux/netpoll.h. Signed-off-by: Breno Leitao <leitao@debian.org> Link: https://patch.msgid.link/20260512-netconsole_split-v2-3-1191d14ad66d@debian.org Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2026-05-13netconsole: move netpoll_send_udp() from netpollBreno Leitao
Move netpoll_send_udp() from net/core/netpoll.c into drivers/net/netconsole.c as a static helper, drop EXPORT_SYMBOL(), and remove the prototype from include/linux/netpoll.h. netconsole was the only in-tree caller of this entry point. Every other netpoll consumer (bonding, team, vlan, bridge, macvlan, dsa) already builds its own sk_buff and hands it to netpoll_send_skb(), so the netpoll send-side interface is now skb-only. The helpers it depends on (find_skb(), push_ipv6(), push_ipv4(), push_udp(), push_eth(), netpoll_udp_checksum()) were exposed in the previous patches and stay in net/core/netpoll.c for now. Subsequent patches move each of them into netconsole one at a time and drop the corresponding EXPORT_SYMBOL_GPL. Pull <linux/ip.h>, <linux/ipv6.h> and <linux/udp.h> into netconsole.c so the moved code can name the header structures. Signed-off-by: Breno Leitao <leitao@debian.org> Link: https://patch.msgid.link/20260512-netconsole_split-v2-2-1191d14ad66d@debian.org Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2026-04-28netconsole: restore userdatum value on update_userdata() failureBreno Leitao
userdatum_value_store() updates udm->value first and only then calls update_userdata() to rebuild the on-the-wire payload. If update_userdata() fails (e.g. -ENOMEM from kmalloc), the function returns the error to userspace, but udm->value already holds the new string while the live nt->userdata buffer still reflects the old one. The next successful write to any sibling userdatum on the same target will call update_userdata() again, which walks every entry and packs the now-stale udm->value into the payload. The failed write is thus silently activated later, with no indication to userspace that the value it tried to set was rejected. Snapshot the previous value before overwriting udm->value and restore it if update_userdata() fails so the visible state and the active payload stay consistent. Fixes: eb83801af2dc ("netconsole: Dynamic allocation of userdata buffer") Signed-off-by: Breno Leitao <leitao@debian.org> Link: https://patch.msgid.link/20260427-netconsole_ai_fixes-v2-4-59965f29d9cc@debian.org Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2026-04-28netconsole: propagate device name truncation in dev_name_store()Breno Leitao
dev_name_store() calls strscpy(nt->np.dev_name, buf, IFNAMSIZ) without checking the return value. If userspace writes an interface name longer than IFNAMSIZ - 1, strscpy() silently truncates and returns -E2BIG, but the function ignores it and reports a fully successful write back to userspace. If a real interface happens to match the truncated name, netconsole will bind to the wrong device on the next enable, sending kernel logs and panic output to an unintended network segment with no indication to userspace that anything was rewritten. Reject writes whose length cannot fit in nt->np.dev_name up front: if (count >= IFNAMSIZ) return -ENAMETOOLONG; This is not a big deal of a problem, but, it is still the correct approach. Fixes: 0bcc1816188e57 ("[NET] netconsole: Support dynamic reconfiguration using configfs") Signed-off-by: Breno Leitao <leitao@debian.org> Link: https://patch.msgid.link/20260427-netconsole_ai_fixes-v2-3-59965f29d9cc@debian.org Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2026-04-28netconsole: avoid clobbering userdatum value on truncated writeBreno Leitao
userdatum_value_store() bounds count by MAX_EXTRADATA_VALUE_LEN (200) and then copies straight into udm->value, which is itself 200 bytes: if (count > MAX_EXTRADATA_VALUE_LEN) return -EMSGSIZE; ... ret = strscpy(udm->value, buf, sizeof(udm->value)); if (ret < 0) goto out_unlock; If userspace writes exactly MAX_EXTRADATA_VALUE_LEN bytes with no NUL within them, strscpy() copies 199 bytes plus a NUL into udm->value and returns -E2BIG. The function jumps to out_unlock and reports the error to userspace, but udm->value has already been overwritten with the truncated string and update_userdata() is skipped, so the corruption is not yet visible on the wire. The next successful write to any userdatum entry under the same target calls update_userdata(), which packs udm->value into the active netconsole payload. From that point on, every netconsole message carries the silently truncated value, and userspace has no indication that a previous, error-returning write left state behind. Tighten the entry check from "count > MAX_EXTRADATA_VALUE_LEN" to "count >= MAX_EXTRADATA_VALUE_LEN". With count strictly less than sizeof(udm->value), strscpy() can no longer return -E2BIG here, so the corrupting truncation path is removed entirely. Fixes: 8a6d5fec6c7f ("net: netconsole: add a userdata config_group member to netconsole_target") Signed-off-by: Breno Leitao <leitao@debian.org> Link: https://patch.msgid.link/20260427-netconsole_ai_fixes-v2-2-59965f29d9cc@debian.org Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2026-04-28netconsole: return count instead of strnlen(buf, count) from store callbacksBreno Leitao
Several configfs store callbacks in netconsole end with: ret = strnlen(buf, count); This under-reports the number of bytes consumed when the input contains an embedded NUL within count, telling the VFS that fewer bytes were written than userspace actually handed in. A conformant partial-write loop would then retry the trailing bytes against a callback that has already accepted them. Every other configfs driver in the tree returns count directly from its store callbacks once parsing has succeeded, including drivers/nvme/target/configfs.c, drivers/gpio/gpio-sim.c, drivers/most/configfs.c, drivers/block/null_blk/main.c, drivers/pci/endpoint/pci-ep-cfs.c, and the rest of the configfs users. netconsole was the outlier (along with drivers/infiniband/core/cma_configfs.c, which has the same latent issue). Align netconsole with the rest of the configfs ecosystem: return count once the parser/validator has accepted the input. The numeric and boolean parsers (kstrtobool, kstrtou16, mac_pton, netpoll_parse_ip_addr) have already validated the meaningful prefix; any trailing bytes are padding and should simply be reported as consumed. Fixes: 0bcc1816188e ("[NET] netconsole: Support dynamic reconfiguration using configfs") Reviewed-by: Simon Horman <horms@kernel.org> Signed-off-by: Breno Leitao <leitao@debian.org> Link: https://patch.msgid.link/20260427-netconsole_ai_fixes-v2-1-59965f29d9cc@debian.org Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2026-04-23netconsole: avoid out-of-bounds access on empty string in trim_newline()Breno Leitao
trim_newline() unconditionally dereferences s[len - 1] after computing len = strnlen(s, maxlen). When the string is empty, len is 0 and the expression underflows to s[(size_t)-1], reading (and potentially writing) one byte before the buffer. The two callers feed trim_newline() with the result of strscpy() from configfs store callbacks (dev_name_store, userdatum_value_store). configfs guarantees count >= 1 reaches the callback, but the byte itself can be NUL: a userspace write(fd, "\0", 1) leaves the destination empty after strscpy() and triggers the underflow. The OOB write only fires if the adjacent byte happens to be '\n', so this is not a security issue, but the access is undefined behaviour either way. This pattern is commonly flagged by LLM-based code reviewers. While it is not a security fix, the underlying access is undefined behaviour and the change is small and self-contained, so it is a reasonable candidate for the stable trees. Guard the dereference on a non-zero length. Fixes: ae001dc67907 ("net: netconsole: move newline trimming to function") Cc: stable@vger.kernel.org Signed-off-by: Breno Leitao <leitao@debian.org> Reviewed-by: Gustavo Luiz Duarte <gustavold@gmail.com> Reviewed-by: Simon Horman <horms@kernel.org> Link: https://patch.msgid.link/20260420-netcons_trim_newline-v1-1-dc35889aeedf@debian.org Signed-off-by: Paolo Abeni <pabeni@redhat.com>
2026-03-03netconsole: fix sysdata_release_enabled_show checking wrong flagBreno Leitao
sysdata_release_enabled_show() checks SYSDATA_TASKNAME instead of SYSDATA_RELEASE, causing the configfs release_enabled attribute to reflect the taskname feature state rather than the release feature state. This is a copy-paste error from the adjacent sysdata_taskname_enabled_show() function. The corresponding _store function already uses the correct SYSDATA_RELEASE flag. Fixes: 343f90227070 ("netconsole: implement configfs for release_enabled") Signed-off-by: Breno Leitao <leitao@debian.org> Cc: stable@vger.kernel.org Link: https://patch.msgid.link/20260302-sysdata_release_fix-v1-1-e5090f677c7c@debian.org Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2026-02-26Merge tag 'net-7.0-rc2' of ↵Linus Torvalds
git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net Pull networking fixes from Paolo Abeni: "Including fixes from IPsec, Bluetooth and netfilter Current release - regressions: - wifi: fix dev_alloc_name() return value check - rds: fix recursive lock in rds_tcp_conn_slots_available Current release - new code bugs: - vsock: lock down child_ns_mode as write-once Previous releases - regressions: - core: - do not pass flow_id to set_rps_cpu() - consume xmit errors of GSO frames - netconsole: avoid OOB reads, msg is not nul-terminated - netfilter: h323: fix OOB read in decode_choice() - tcp: re-enable acceptance of FIN packets when RWIN is 0 - udplite: fix null-ptr-deref in __udp_enqueue_schedule_skb(). - wifi: brcmfmac: fix potential kernel oops when probe fails - phy: register phy led_triggers during probe to avoid AB-BA deadlock - eth: - bnxt_en: fix deleting of Ntuple filters - wan: farsync: fix use-after-free bugs caused by unfinished tasklets - xscale: check for PTP support properly Previous releases - always broken: - tcp: fix potential race in tcp_v6_syn_recv_sock() - kcm: fix zero-frag skb in frag_list on partial sendmsg error - xfrm: - fix race condition in espintcp_close() - always flush state and policy upon NETDEV_UNREGISTER event - bluetooth: - purge error queues in socket destructors - fix response to L2CAP_ECRED_CONN_REQ - eth: - mlx5: - fix circular locking dependency in dump - fix "scheduling while atomic" in IPsec MAC address query - gve: fix incorrect buffer cleanup for QPL - team: avoid NETDEV_CHANGEMTU event when unregistering slave - usb: validate USB endpoints" * tag 'net-7.0-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net: (72 commits) netfilter: nf_conntrack_h323: fix OOB read in decode_choice() dpaa2-switch: validate num_ifs to prevent out-of-bounds write net: consume xmit errors of GSO frames vsock: document write-once behavior of the child_ns_mode sysctl vsock: lock down child_ns_mode as write-once selftests/vsock: change tests to respect write-once child ns mode net/mlx5e: Fix "scheduling while atomic" in IPsec MAC address query net/mlx5: Fix missing devlink lock in SRIOV enable error path net/mlx5: E-switch, Clear legacy flag when moving to switchdev net/mlx5: LAG, disable MPESW in lag_disable_change() net/mlx5: DR, Fix circular locking dependency in dump selftests: team: Add a reference count leak test team: avoid NETDEV_CHANGEMTU event when unregistering slave net: mana: Fix double destroy_workqueue on service rescan PCI path MAINTAINERS: Update maintainer entry for QUALCOMM ETHQOS ETHERNET DRIVER dpll: zl3073x: Remove redundant cleanup in devm_dpll_init() selftests/net: packetdrill: Verify acceptance of FIN packets when RWIN is 0 tcp: re-enable acceptance of FIN packets when RWIN is 0 vsock: Use container_of() to get net namespace in sysctl handlers net: usb: kaweth: validate USB endpoints ...
2026-02-24netconsole: avoid OOB reads, msg is not nul-terminatedJakub Kicinski
msg passed to netconsole from the console subsystem is not guaranteed to be nul-terminated. Before recent commit 7eab73b18630 ("netconsole: convert to NBCON console infrastructure") the message would be placed in printk_shared_pbufs, a static global buffer, so KASAN had harder time catching OOB accesses. Now we see: printk: console [netcon_ext0] enabled BUG: KASAN: slab-out-of-bounds in string+0x1f7/0x240 Read of size 1 at addr ffff88813b6d4c00 by task pr/netcon_ext0/594 CPU: 65 UID: 0 PID: 594 Comm: pr/netcon_ext0 Not tainted 6.19.0-11754-g4246fd6547c9 Call Trace: kasan_report+0xe4/0x120 string+0x1f7/0x240 vsnprintf+0x655/0xba0 scnprintf+0xba/0x120 netconsole_write+0x3fe/0xa10 nbcon_emit_next_record+0x46e/0x860 nbcon_kthread_func+0x623/0x750 Allocated by task 1: nbcon_alloc+0x1ea/0x450 register_console+0x26b/0xe10 init_netconsole+0xbb0/0xda0 The buggy address belongs to the object at ffff88813b6d4000 which belongs to the cache kmalloc-4k of size 4096 The buggy address is located 0 bytes to the right of allocated 3072-byte region [ffff88813b6d4000, ffff88813b6d4c00) Fixes: c62c0a17f9b7 ("netconsole: Append kernel version to message") Signed-off-by: Jakub Kicinski <kuba@kernel.org> Reviewed-by: Simon Horman <horms@kernel.org> Link: https://patch.msgid.link/20260219195021.2099699-1-kuba@kernel.org Signed-off-by: Paolo Abeni <pabeni@redhat.com>
2026-02-21Convert 'alloc_obj' family to use the new default GFP_KERNEL argumentLinus Torvalds
This was done entirely with mindless brute force, using git grep -l '\<k[vmz]*alloc_objs*(.*, GFP_KERNEL)' | xargs sed -i 's/\(alloc_objs*(.*\), GFP_KERNEL)/\1)/' to convert the new alloc_obj() users that had a simple GFP_KERNEL argument to just drop that argument. Note that due to the extreme simplicity of the scripting, any slightly more complex cases spread over multiple lines would not be triggered: they definitely exist, but this covers the vast bulk of the cases, and the resulting diff is also then easier to check automatically. For the same reason the 'flex' versions will be done as a separate conversion. Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2026-02-21treewide: Replace kmalloc with kmalloc_obj for non-scalar typesKees Cook
This is the result of running the Coccinelle script from scripts/coccinelle/api/kmalloc_objs.cocci. The script is designed to avoid scalar types (which need careful case-by-case checking), and instead replace kmalloc-family calls that allocate struct or union object instances: Single allocations: kmalloc(sizeof(TYPE), ...) are replaced with: kmalloc_obj(TYPE, ...) Array allocations: kmalloc_array(COUNT, sizeof(TYPE), ...) are replaced with: kmalloc_objs(TYPE, COUNT, ...) Flex array allocations: kmalloc(struct_size(PTR, FAM, COUNT), ...) are replaced with: kmalloc_flex(*PTR, FAM, COUNT, ...) (where TYPE may also be *VAR) The resulting allocations no longer return "void *", instead returning "TYPE *". Signed-off-by: Kees Cook <kees@kernel.org>
2026-02-12Merge tag 'mm-nonmm-stable-2026-02-12-10-48' of ↵Linus Torvalds
git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Pull non-MM updates from Andrew Morton: - "ocfs2: give ocfs2 the ability to reclaim suballocator free bg" saves disk space by teaching ocfs2 to reclaim suballocator block group space (Heming Zhao) - "Add ARRAY_END(), and use it to fix off-by-one bugs" adds the ARRAY_END() macro and uses it in various places (Alejandro Colomar) - "vmcoreinfo: support VMCOREINFO_BYTES larger than PAGE_SIZE" makes the vmcore code future-safe, if VMCOREINFO_BYTES ever exceeds the page size (Pnina Feder) - "kallsyms: Prevent invalid access when showing module buildid" cleans up kallsyms code related to module buildid and fixes an invalid access crash when printing backtraces (Petr Mladek) - "Address page fault in ima_restore_measurement_list()" fixes a kexec-related crash that can occur when booting the second-stage kernel on x86 (Harshit Mogalapalli) - "kho: ABI headers and Documentation updates" updates the kexec handover ABI documentation (Mike Rapoport) - "Align atomic storage" adds the __aligned attribute to atomic_t and atomic64_t definitions to get natural alignment of both types on csky, m68k, microblaze, nios2, openrisc and sh (Finn Thain) - "kho: clean up page initialization logic" simplifies the page initialization logic in kho_restore_page() (Pratyush Yadav) - "Unload linux/kernel.h" moves several things out of kernel.h and into more appropriate places (Yury Norov) - "don't abuse task_struct.group_leader" removes the usage of ->group_leader when it is "obviously unnecessary" (Oleg Nesterov) - "list private v2 & luo flb" adds some infrastructure improvements to the live update orchestrator (Pasha Tatashin) * tag 'mm-nonmm-stable-2026-02-12-10-48' of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm: (107 commits) watchdog/hardlockup: simplify perf event probe and remove per-cpu dependency procfs: fix missing RCU protection when reading real_parent in do_task_stat() watchdog/softlockup: fix sample ring index wrap in need_counting_irqs() kcsan, compiler_types: avoid duplicate type issues in BPF Type Format kho: fix doc for kho_restore_pages() tests/liveupdate: add in-kernel liveupdate test liveupdate: luo_flb: introduce File-Lifecycle-Bound global state liveupdate: luo_file: Use private list list: add kunit test for private list primitives list: add primitives for private list manipulations delayacct: fix uapi timespec64 definition panic: add panic_force_cpu= parameter to redirect panic to a specific CPU netclassid: use thread_group_leader(p) in update_classid_task() RDMA/umem: don't abuse current->group_leader drm/pan*: don't abuse current->group_leader drm/amd: kill the outdated "Only the pthreads threading model is supported" checks drm/amdgpu: don't abuse current->group_leader android/binder: use same_thread_group(proc->tsk, current) in binder_mmap() android/binder: don't abuse current->group_leader kho: skip memoryless NUMA nodes when reserving scratch areas ...
2026-02-10netconsole: Use printk context for CPU and task informationBreno Leitao
Use the CPU and task name captured at printk() time from nbcon_write_context instead of querying the current execution context. This provides accurate information about where the message originated, rather than where netconsole happens to be running. For CPU, use wctxt->cpu instead of raw_smp_processor_id(). For taskname, use wctxt->comm directly which contains the task name captured at printk time. This change ensures netconsole outputs reflect the actual context that generated the log message, which is especially important when the console driver runs asynchronously in a dedicated thread. Reviewed-by: John Ogness <john.ogness@linutronix.de> Reviewed-by: Petr Mladek <pmladek@suse.com> Signed-off-by: Breno Leitao <leitao@debian.org> Link: https://patch.msgid.link/20260206-nbcon-v7-4-62bda69b1b41@debian.org Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2026-02-10netconsole: convert to NBCON console infrastructureBreno Leitao
Convert netconsole from the legacy console API to the NBCON framework. NBCON provides threaded printing which unblocks printk()s and flushes in a thread, decoupling network TX from printk() when netconsole is in use. Since netconsole relies on the network stack which cannot safely operate from all atomic contexts, mark both consoles with CON_NBCON_ATOMIC_UNSAFE. (See discussion in [1]) CON_NBCON_ATOMIC_UNSAFE restricts write_atomic() usage to emergency scenarios (panic) where regular messages are sent in threaded mode. Implementation changes: - Unify write_ext_msg() and write_msg() into netconsole_write() - Add device_lock/device_unlock callbacks to manage target_list_lock - Use nbcon_enter_unsafe()/nbcon_exit_unsafe() around network operations. - If nbcon_enter_unsafe() fails, just return given netconsole lost the ownership of the console. - Set write_thread and write_atomic callbacks (both use same function) Link: https://lore.kernel.org/all/b2qps3uywhmjaym4mht2wpxul4yqtuuayeoq4iv4k3zf5wdgh3@tocu6c7mj4lt/ [1] Reviewed-by: John Ogness <john.ogness@linutronix.de> Reviewed-by: Petr Mladek <pmladek@suse.com> Signed-off-by: Breno Leitao <leitao@debian.org> Link: https://patch.msgid.link/20260206-nbcon-v7-3-62bda69b1b41@debian.org Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2026-02-10netconsole: extract message fragmentation into send_msg_udp()Breno Leitao
Extract the message fragmentation logic from write_msg() into a dedicated send_msg_udp() function. This improves code readability and prepares for future enhancements. The new send_msg_udp() function handles splitting messages that exceed MAX_PRINT_CHUNK into smaller fragments and sending them sequentially. This function is placed before send_ext_msg_udp() to maintain a logical ordering of related functions. No functional changes - this is purely a refactoring commit. Reviewed-by: Petr Mladek <pmladek@suse.com> Reviewed-by: Simon Horman <horms@kernel.org> Reviewed-by: John Ogness <john.ogness@linutronix.de> Signed-off-by: Breno Leitao <leitao@debian.org> Link: https://patch.msgid.link/20260206-nbcon-v7-2-62bda69b1b41@debian.org Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2026-01-21netconsole: resume previously deactivated targetAndre Carvalho
Attempt to resume a previously deactivated target when the associated interface comes back (NETDEV_REGISTER) or when it changes name (NETDEV_CHANGENAME) by calling netpoll_setup on the device. Depending on how the target was setup (by mac or interface name), the corresponding field is compared with the device being brought up. Targets that match the incoming device, are scheduled for resume on a workqueue. Resuming happens on a workqueue as we can't execute netpoll_setup in the context of the netdev event. A standalone workqueue (as opposed to the global one) is used to allow for proper cleanup process during netconsole module cleanup as we need to be able to flush all pending work before traversing the target list given that targets are temporarily removed from the list during resume_target. Target transitions to STATE_DISABLED in case of failures resuming it to avoid retrying the same target indefinitely. Signed-off-by: Andre Carvalho <asantostc@gmail.com> Reviewed-by: Breno Leitao <leitao@debian.org> Tested-by: Breno Leitao <leitao@debian.org> Link: https://patch.msgid.link/20260118-netcons-retrigger-v11-6-4de36aebcf48@gmail.com Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2026-01-21netconsole: introduce helpers for dynamic_netconsole_mutex lock/unlockAndre Carvalho
This commit introduces two helper functions to perform lock/unlock on dynamic_netconsole_mutex providing no-op stub versions when compiled without CONFIG_NETCONSOLE_DYNAMIC and refactors existing call sites to use the new helpers. This is done following kernel coding style guidelines, in preparation for an upcoming change. It avoids the need for preprocessor conditionals in the call site and keeps the logic easier to follow. Signed-off-by: Andre Carvalho <asantostc@gmail.com> Reviewed-by: Breno Leitao <leitao@debian.org> Tested-by: Breno Leitao <leitao@debian.org> Link: https://patch.msgid.link/20260118-netcons-retrigger-v11-5-4de36aebcf48@gmail.com Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2026-01-21netconsole: clear dev_name for devices bound by macAndre Carvalho
This patch makes sure netconsole clears dev_name for devices bound by mac in order to allow calling setup_netpoll on targets that have previously been cleaned up (in order to support resuming deactivated targets). This is required as netpoll_setup populates dev_name even when devices are matched via mac address. The cleanup is done inside netconsole as bound by mac is a netconsole concept. Signed-off-by: Andre Carvalho <asantostc@gmail.com> Reviewed-by: Breno Leitao <leitao@debian.org> Tested-by: Breno Leitao <leitao@debian.org> Link: https://patch.msgid.link/20260118-netcons-retrigger-v11-4-4de36aebcf48@gmail.com Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2026-01-21netconsole: add STATE_DEACTIVATED to track targets disabled by low levelBreno Leitao
When the low level interface brings a netconsole target down, record this using a new STATE_DEACTIVATED state. This allows netconsole to distinguish between targets explicitly disabled by users and those deactivated due to interface state changes. It also enables automatic recovery and re-enabling of targets if the underlying low-level interfaces come back online. From a code perspective, anything that is not STATE_ENABLED is disabled. Devices (de)enslaving are marked STATE_DISABLED to prevent automatically resuming as enslaved interfaces cannot have netconsole enabled. Signed-off-by: Breno Leitao <leitao@debian.org> Signed-off-by: Andre Carvalho <asantostc@gmail.com> Tested-by: Breno Leitao <leitao@debian.org> Link: https://patch.msgid.link/20260118-netcons-retrigger-v11-3-4de36aebcf48@gmail.com Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2026-01-21netconsole: convert 'enabled' flag to enum for clearer state managementAndre Carvalho
This patch refactors the netconsole driver's target enabled state from a simple boolean to an explicit enum (`target_state`). This allow the states to be expanded to a new state in the upcoming change. Co-developed-by: Breno Leitao <leitao@debian.org> Signed-off-by: Breno Leitao <leitao@debian.org> Reviewed-by: Breno Leitao <leitao@debian.org> Signed-off-by: Andre Carvalho <asantostc@gmail.com> Tested-by: Breno Leitao <leitao@debian.org> Link: https://patch.msgid.link/20260118-netcons-retrigger-v11-2-4de36aebcf48@gmail.com Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2026-01-21netconsole: add target_state enumBreno Leitao
Introduces a enum to track netconsole target state which is going to replace the enabled boolean. Signed-off-by: Breno Leitao <leitao@debian.org> Signed-off-by: Andre Carvalho <asantostc@gmail.com> Tested-by: Breno Leitao <leitao@debian.org> Link: https://patch.msgid.link/20260118-netcons-retrigger-v11-1-4de36aebcf48@gmail.com Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2026-01-20kernel.h: drop hex.h and update all hex.h usersRandy Dunlap
Remove <linux/hex.h> from <linux/kernel.h> and update all users/callers of hex.h interfaces to directly #include <linux/hex.h> as part of the process of putting kernel.h on a diet. Removing hex.h from kernel.h means that 36K C source files don't have to pay the price of parsing hex.h for the roughly 120 C source files that need it. This change has been build-tested with allmodconfig on most ARCHes. Also, all users/callers of <linux/hex.h> in the entire source tree have been updated if needed (if not already #included). Link: https://lkml.kernel.org/r/20251215005206.2362276-1-rdunlap@infradead.org Signed-off-by: Randy Dunlap <rdunlap@infradead.org> Reviewed-by: Andy Shevchenko <andriy.shevchenko@intel.com> Cc: Ingo Molnar <mingo@kernel.org> Cc: Yury Norov (NVIDIA) <yury.norov@gmail.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
2025-11-20netconsole: Increase MAX_USERDATA_ITEMSGustavo Luiz Duarte
Increase MAX_USERDATA_ITEMS from 16 to 256 entries now that the userdata buffer is allocated dynamically. The previous limit of 16 was necessary because the buffer was statically allocated for all targets. With dynamic allocation, we can support more entries without wasting memory on targets that don't use userdata. This allows users to attach more metadata to their netconsole messages, which is useful for complex debugging and logging scenarios. Also update the testcase accordingly. Signed-off-by: Gustavo Luiz Duarte <gustavold@gmail.com> Reviewed-by: Breno Leitao <leitao@debian.org> Link: https://patch.msgid.link/20251119-netconsole_dynamic_extradata-v3-4-497ac3191707@meta.com Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2025-11-20netconsole: Dynamic allocation of userdata bufferGustavo Luiz Duarte
The userdata buffer in struct netconsole_target is currently statically allocated with a size of MAX_USERDATA_ITEMS * MAX_EXTRADATA_ENTRY_LEN (16 * 256 = 4096 bytes). This wastes memory when userdata entries are not used or when only a few entries are configured, which is common in typical usage scenarios. It also forces us to keep MAX_USERDATA_ITEMS small to limit the memory wasted. Change the userdata buffer from a static array to a dynamically allocated pointer. The buffer is now allocated on-demand in update_userdata() whenever userdata entries are added, modified, or removed via configfs. The implementation calculates the exact size needed for all current userdata entries, allocates a new buffer of that size, formats the entries into it, and atomically swaps it with the old buffer. This approach provides several benefits: - Memory efficiency: Targets with no userdata use zero bytes instead of 4KB, and targets with userdata only allocate what they need; - Scalability: Makes it practical to increase MAX_USERDATA_ITEMS to a much larger value without imposing a fixed memory cost on every target; - No hot-path overhead: Allocation occurs during configuration (write to configfs), not during message transmission If memory allocation fails during userdata update, -ENOMEM is returned to userspace through the configfs attribute write operation. The sysdata buffer remains statically allocated since it has a smaller fixed size (MAX_SYSDATA_ITEMS * MAX_EXTRADATA_ENTRY_LEN = 4 * 256 = 1024 bytes) and its content length is less predictable. Signed-off-by: Gustavo Luiz Duarte <gustavold@gmail.com> Reviewed-by: Breno Leitao <leitao@debian.org> Link: https://patch.msgid.link/20251119-netconsole_dynamic_extradata-v3-3-497ac3191707@meta.com Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2025-11-20netconsole: Split userdata and sysdataGustavo Luiz Duarte
Separate userdata and sysdata into distinct buffers to enable independent management. Previously, both were stored in a single extradata_complete buffer with a fixed size that accommodated both types of data. This separation allows: - userdata to grow dynamically (in subsequent patch) - sysdata to remain in a small static buffer - removal of complex entry counting logic that tracked both types together The split also simplifies the code by eliminating the need to check total entry count across both userdata and sysdata when enabling features, which allows to drop holding su_mutex on sysdata_*_enabled_store(). No functional change in this patch, just structural preparation for dynamic userdata allocation. Signed-off-by: Gustavo Luiz Duarte <gustavold@gmail.com> Reviewed-by: Breno Leitao <leitao@debian.org> Link: https://patch.msgid.link/20251119-netconsole_dynamic_extradata-v3-2-497ac3191707@meta.com Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2025-11-20netconsole: Simplify send_fragmented_body()Gustavo Luiz Duarte
Refactor send_fragmented_body() to use separate offset tracking for msgbody, and extradata instead of complex conditional logic. The previous implementation used boolean flags and calculated offsets which made the code harder to follow. The new implementation maintains independent offset counters (msgbody_offset, extradata_offset) and processes each section sequentially, making the data flow more straightforward and the code easier to maintain. This is a preparatory refactoring with no functional changes, which will allow easily splitting extradata_complete into separate userdata and sysdata buffers in the next patch. Signed-off-by: Gustavo Luiz Duarte <gustavold@gmail.com> Reviewed-by: Breno Leitao <leitao@debian.org> Link: https://patch.msgid.link/20251119-netconsole_dynamic_extradata-v3-1-497ac3191707@meta.com Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2025-10-31netconsole: Acquire su_mutex before navigating configs hierarchyGustavo Luiz Duarte
There is a race between operations that iterate over the userdata cg_children list and concurrent add/remove of userdata items through configfs. The update_userdata() function iterates over the nt->userdata_group.cg_children list, and count_extradata_entries() also iterates over this same list to count nodes. Quoting from Documentation/filesystems/configfs.rst: > A subsystem can navigate the cg_children list and the ci_parent pointer > to see the tree created by the subsystem. This can race with configfs' > management of the hierarchy, so configfs uses the subsystem mutex to > protect modifications. Whenever a subsystem wants to navigate the > hierarchy, it must do so under the protection of the subsystem > mutex. Without proper locking, if a userdata item is added or removed concurrently while these functions are iterating, the list can be accessed in an inconsistent state. For example, the list_for_each() loop can reach a node that is being removed from the list by list_del_init() which sets the nodes' .next pointer to point to itself, so the loop will never end (or reach the WARN_ON_ONCE in update_userdata() ). Fix this by holding the configfs subsystem mutex (su_mutex) during all operations that iterate over cg_children. This includes: - userdatum_value_store() which calls update_userdata() to iterate over cg_children - All sysdata_*_enabled_store() functions which call count_extradata_entries() to iterate over cg_children The su_mutex must be acquired before dynamic_netconsole_mutex to avoid potential lock ordering issues, as configfs operations may already hold su_mutex when calling into our code. Fixes: df03f830d099 ("net: netconsole: cache userdata formatted string in netconsole_target") Signed-off-by: Gustavo Luiz Duarte <gustavold@gmail.com> Link: https://patch.msgid.link/20251029-netconsole-fix-warn-v1-1-0d0dd4622f48@gmail.com Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2025-10-29netconsole: Fix race condition in between reader and writer of userdataGustavo Luiz Duarte
The update_userdata() function constructs the complete userdata string in nt->extradata_complete and updates nt->userdata_length. This data is then read by write_msg() and write_ext_msg() when sending netconsole messages. However, update_userdata() was not holding target_list_lock during this process, allowing concurrent message transmission to read partially updated userdata. This race condition could result in netconsole messages containing incomplete or inconsistent userdata - for example, reading the old userdata_length with new extradata_complete content, or vice versa, leading to truncated or corrupted output. Fix this by acquiring target_list_lock with spin_lock_irqsave() before updating extradata_complete and userdata_length, and releasing it after both fields are fully updated. This ensures that readers see a consistent view of the userdata, preventing corruption during concurrent access. The fix aligns with the existing locking pattern used throughout the netconsole code, where target_list_lock protects access to target fields including buf[] and msgcounter that are accessed during message transmission. Also get rid of the unnecessary variable complete_idx, which makes it easier to bail out of update_userdata(). Fixes: df03f830d099 ("net: netconsole: cache userdata formatted string in netconsole_target") Signed-off-by: Gustavo Luiz Duarte <gustavold@gmail.com> Link: https://patch.msgid.link/20251028-netconsole-fix-race-v4-1-63560b0ae1a0@meta.com Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2025-08-12netconsole: use netpoll_parse_ip_addr in local_ip_storeBreno Leitao
Replace manual IP address parsing with a call to netpoll_parse_ip_addr in remote_ip_store(), simplifying the code and reducing the chance of errors. The error message got removed, since it is not a good practice to pr_err() if used pass a wrong value in configfs. Signed-off-by: Breno Leitao <leitao@debian.org> Reviewed-by: Simon Horman <horms@kernel.org> Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2025-08-12netconsole: use netpoll_parse_ip_addr in local_ip_storeBreno Leitao
Replace manual IP address parsing with a call to netpoll_parse_ip_addr in local_ip_store(), simplifying the code and reducing the chance of errors. Also, remove the pr_err() if the user enters an invalid value in configfs entries. pr_err() is not the best way to alert user that the configuration is invalid. Signed-off-by: Breno Leitao <leitao@debian.org> Reviewed-by: Simon Horman <horms@kernel.org> Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2025-08-12netconsole: add support for strings with new line in netpoll_parse_ip_addrBreno Leitao
The current IP address parsing logic fails when the input string contains a trailing newline character. This can occur when IP addresses are provided through configfs, which contains newlines in a const buffer. Teach netpoll_parse_ip_addr() how to ignore newlines at the end of the IPs. Also, simplify the code by: * No need to check for separators. Try to parse ipv4, if it fails try ipv6 similarly to ceph_pton() * If ipv6 is not supported, don't call in6_pton() at all. Signed-off-by: Breno Leitao <leitao@debian.org> Link: https://patch.msgid.link/20250811-netconsole_ref-v4-2-9c510d8713a2@debian.org Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2025-08-12netconsole: move netpoll_parse_ip_addr() earlier for reuseBreno Leitao
Move netpoll_parse_ip_addr() earlier in the file to be reused in other functions, such as local_ip_store(). This avoids duplicate address parsing logic and centralizes validation for both IPv4 and IPv6 string input. No functional changes intended. Signed-off-by: Breno Leitao <leitao@debian.org> Reviewed-by: Simon Horman <horms@kernel.org> Link: https://patch.msgid.link/20250811-netconsole_ref-v4-1-9c510d8713a2@debian.org Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2025-06-18netconsole: append msgid to sysdataGustavo Luiz Duarte
Add msgcounter to the netconsole_target struct to generate message IDs. If the msgid_enabled attribute is true, increment msgcounter and append msgid=<msgcounter> to sysdata buffer before sending the message. Signed-off-by: Gustavo Luiz Duarte <gustavold@gmail.com> Reviewed-by: Breno Leitao <leitao@debian.org> Signed-off-by: David S. Miller <davem@davemloft.net>
2025-06-18netconsole: implement configfs for msgid_enabledGustavo Luiz Duarte
Implement the _show and _store functions for the msgid_enabled configfs attribute under userdata. Set the sysdata_fields bit accordingly. Reviewed-by: Breno Leitao <leitao@debian.org> Signed-off-by: Gustavo Luiz Duarte <gustavold@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2025-06-18netconsole: introduce 'msgid' as a new sysdata fieldGustavo Luiz Duarte
This adds a new sysdata field to enable assigning a per-target unique id to each message sent to that target. This id can later be appended as part of sysdata, allowing targets to detect dropped netconsole messages. Update count_extradata_entries() to take the new field into account. Reviewed-by: Breno Leitao <leitao@debian.org> Signed-off-by: Gustavo Luiz Duarte <gustavold@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2025-06-16netconsole: improve code style in parser functionBreno Leitao
Split assignment from conditional checks and use preferred null pointer check style (!delim instead of == NULL) in netconsole_parser_cmdline(). This improves code readability and follows kernel coding style conventions. Signed-off-by: Breno Leitao <leitao@debian.org> Link: https://patch.msgid.link/20250613-rework-v3-6-0752bf2e6912@debian.org Signed-off-by: Jakub Kicinski <kuba@kernel.org>