From: Simon Horman <horms@kernel.org>
To: Gustavo Luiz Duarte <gustavold@gmail.com>
Cc: Breno Leitao <leitao@debian.org>,
Andrew Lunn <andrew+netdev@lunn.ch>,
"David S. Miller" <davem@davemloft.net>,
Eric Dumazet <edumazet@google.com>,
Jakub Kicinski <kuba@kernel.org>, Paolo Abeni <pabeni@redhat.com>,
Shuah Khan <shuah@kernel.org>,
Matthew Wood <thepacketgeek@gmail.com>,
linux-kernel@vger.kernel.org, netdev@vger.kernel.org,
linux-kselftest@vger.kernel.org
Subject: Re: [PATCH net 2/2] netconsole: Fix race condition in between reader and writer of userdata
Date: Tue, 21 Oct 2025 11:04:53 +0100 [thread overview]
Message-ID: <aPdaxSUBMYwfQXW6@horms.kernel.org> (raw)
In-Reply-To: <20251020-netconsole-fix-race-v1-2-b775be30ee8a@gmail.com>
On Mon, Oct 20, 2025 at 02:22:35PM -0700, Gustavo Luiz Duarte wrote:
> The update_userdata() function constructs the complete userdata string
> in nt->extradata_complete and updates nt->userdata_length. This data
> is then read by write_msg() and write_ext_msg() when sending netconsole
> messages. However, update_userdata() was not holding target_list_lock
> during this process, allowing concurrent message transmission to read
> partially updated userdata.
>
> This race condition could result in netconsole messages containing
> incomplete or inconsistent userdata - for example, reading the old
> userdata_length with new extradata_complete content, or vice versa,
> leading to truncated or corrupted output.
>
> Fix this by acquiring target_list_lock with spin_lock_irqsave() before
> updating extradata_complete and userdata_length, and releasing it after
> both fields are fully updated. This ensures that readers see a
> consistent view of the userdata, preventing corruption during concurrent
> access.
>
> The fix aligns with the existing locking pattern used throughout the
> netconsole code, where target_list_lock protects access to target
> fields including buf[] and msgcounter that are accessed during message
> transmission.
>
> Fixes: df03f830d099 ("net: netconsole: cache userdata formatted string in netconsole_target")
nit: no blank line here please
>
> Signed-off-by: Gustavo Luiz Duarte <gustavold@gmail.com>
> ---
> drivers/net/netconsole.c | 5 +++++
> 1 file changed, 5 insertions(+)
>
> diff --git a/drivers/net/netconsole.c b/drivers/net/netconsole.c
> index 194570443493b..1f9cf6b12dfc5 100644
> --- a/drivers/net/netconsole.c
> +++ b/drivers/net/netconsole.c
> @@ -888,6 +888,9 @@ static void update_userdata(struct netconsole_target *nt)
> {
> int complete_idx = 0, child_count = 0;
> struct list_head *entry;
> + unsigned long flags;
> +
> + spin_lock_irqsave(&target_list_lock, flags);
>
> /* Clear the current string in case the last userdatum was deleted */
> nt->userdata_length = 0;
> @@ -918,6 +921,8 @@ static void update_userdata(struct netconsole_target *nt)
> }
> nt->userdata_length = strnlen(nt->extradata_complete,
> sizeof(nt->extradata_complete));
> +
> + spin_unlock_irqrestore(&target_list_lock, flags);
> }
>
> static ssize_t userdatum_value_store(struct config_item *item, const char *buf,
>
> --
> 2.47.3
>
>
prev parent reply other threads:[~2025-10-21 10:04 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-10-20 21:22 [PATCH net 0/2] netconsole: Fix userdata race condition Gustavo Luiz Duarte
2025-10-20 21:22 ` [PATCH net 1/2] selftests: netconsole: Add race condition test for userdata corruption Gustavo Luiz Duarte
2025-10-20 23:14 ` Andre Carvalho
2025-10-22 15:31 ` Gustavo Luiz Duarte
2025-10-20 21:22 ` [PATCH net 2/2] netconsole: Fix race condition in between reader and writer of userdata Gustavo Luiz Duarte
2025-10-21 10:04 ` Simon Horman [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=aPdaxSUBMYwfQXW6@horms.kernel.org \
--to=horms@kernel.org \
--cc=andrew+netdev@lunn.ch \
--cc=davem@davemloft.net \
--cc=edumazet@google.com \
--cc=gustavold@gmail.com \
--cc=kuba@kernel.org \
--cc=leitao@debian.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-kselftest@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=pabeni@redhat.com \
--cc=shuah@kernel.org \
--cc=thepacketgeek@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.