* Re: [PATCH v4 00/17] module: Introduce hash-based integrity checking
From: James Bottomley @ 2026-02-03 8:18 UTC (permalink / raw)
To: David Howells, Mihai-Drosi Câju
Cc: linux, arnd, arnout, atomlin, bigeasy, chleroy, christian, corbet,
coxu, da.gomez, da.gomez, dmitry.kasatkin, eric.snowberg,
f.gruenbichler, jmorris, kpcyrd, linux-arch, linux-doc,
linux-integrity, linux-kbuild, linux-kernel, linux-modules,
linux-security-module, linuxppc-dev, lkp, maddy, mattia, mcgrof,
mpe, nathan, naveen, nicolas.bouchinet, nicolas.schier, npiggin,
nsc, paul, petr.pavlu, roberto.sassu, samitolvanen, serge,
xiujianfeng, zohar
In-Reply-To: <2316630.1769965788@warthog.procyon.org.uk>
On Sun, 2026-02-01 at 17:09 +0000, David Howells wrote:
> Mihai-Drosi Câju <mcaju95@gmail.com> wrote:
>
> > > The current signature-based module integrity checking has some
> > > drawbacks
> > in combination with reproducible builds. Either the module signing
> > key is generated at build time, which makes the build
> > unreproducible, or a static signing key is used, which precludes
> > rebuilds by third parties and makes the whole build and packaging
> > process much more complicated.
>
> There is another issue too: If you have a static private key that you
> use to sign modules (and probably other things), someone will likely
> give you a GPL request to get it.
The SFC just lost that exact point in the Vizio trial, so I think
you're wrong on this under US law at least. There's no general ability
under GPLv2 to demand long lived signing keys.
Regards,
James
^ permalink raw reply
* [PATCH v2 2/3] evm: Don't enable fix mode when secure boot is enabled
From: Coiby Xu @ 2026-02-03 4:14 UTC (permalink / raw)
To: linux-integrity
Cc: Heiko Carstens, Alexander Egorenkov, Ard Biesheuvel, Dave Hansen,
Mimi Zohar, Roberto Sassu, Dmitry Kasatkin, Eric Snowberg,
Paul Moore, James Morris, Serge E. Hallyn,
open list:SECURITY SUBSYSTEM, open list
In-Reply-To: <20260203041434.872784-1-coxu@redhat.com>
Similar to IMA fix mode, forbid EVM fix mode when secure boot is
enabled.
Reported-and-suggested-by: Mimi Zohar <zohar@linux.ibm.com>
Suggested-by: Roberto Sassu <roberto.sassu@huawei.com>
Signed-off-by: Coiby Xu <coxu@redhat.com>
---
security/integrity/evm/evm_main.c | 24 +++++++++++++++++-------
1 file changed, 17 insertions(+), 7 deletions(-)
diff --git a/security/integrity/evm/evm_main.c b/security/integrity/evm/evm_main.c
index 73d500a375cb..a54cb73b51ee 100644
--- a/security/integrity/evm/evm_main.c
+++ b/security/integrity/evm/evm_main.c
@@ -72,17 +72,25 @@ static struct xattr_list evm_config_default_xattrnames[] = {
LIST_HEAD(evm_config_xattrnames);
+static char *evm_cmdline __initdata;
+core_param(evm, evm_cmdline, charp, 0);
+
static int evm_fixmode __ro_after_init;
-static int __init evm_set_fixmode(char *str)
+static void __init evm_set_fixmode(void)
{
- if (strncmp(str, "fix", 3) == 0)
- evm_fixmode = 1;
- else
- pr_err("invalid \"%s\" mode", str);
+ if (!evm_cmdline)
+ return;
- return 1;
+ if (strncmp(evm_cmdline, "fix", 3) == 0) {
+ if (arch_get_secureboot()) {
+ pr_info("Secure boot enabled: ignoring evm=fix");
+ return;
+ }
+ evm_fixmode = 1;
+ } else {
+ pr_err("invalid \"%s\" mode", evm_cmdline);
+ }
}
-__setup("evm=", evm_set_fixmode);
static void __init evm_init_config(void)
{
@@ -1119,6 +1127,8 @@ static int __init init_evm(void)
evm_init_config();
+ evm_set_fixmode();
+
error = integrity_init_keyring(INTEGRITY_KEYRING_EVM);
if (error)
goto error;
--
2.52.0
^ permalink raw reply related
* [PATCH v2 1/3] integrity: Make arch_ima_get_secureboot integrity-wide
From: Coiby Xu @ 2026-02-03 4:14 UTC (permalink / raw)
To: linux-integrity
Cc: Heiko Carstens, Alexander Egorenkov, Ard Biesheuvel, Dave Hansen,
Mimi Zohar, Roberto Sassu, Madhavan Srinivasan, Michael Ellerman,
Nicholas Piggin, Christophe Leroy (CS GROUP), Vasily Gorbik,
Alexander Gordeev, Christian Borntraeger, Sven Schnelle,
Thomas Gleixner, Ingo Molnar, Borislav Petkov, Dave Hansen,
maintainer:X86 ARCHITECTURE (32-BIT AND 64-BIT), H. Peter Anvin,
Dmitry Kasatkin, Eric Snowberg, Paul Moore, James Morris,
Serge E. Hallyn, Jarkko Sakkinen, open list,
open list:LINUX FOR POWERPC (32-BIT AND 64-BIT),
open list:S390 ARCHITECTURE,
open list:EXTENSIBLE FIRMWARE INTERFACE (EFI),
open list:SECURITY SUBSYSTEM, open list:KEYS/KEYRINGS_INTEGRITY
In-Reply-To: <20260203041434.872784-1-coxu@redhat.com>
EVM and other LSMs need the ability to query the secure boot status of
the system, without directly calling the IMA arch_ima_get_secureboot
function. Refactor the secure boot status check into a general function
named arch_get_secureboot.
Reported-and-suggested-by: Mimi Zohar <zohar@linux.ibm.com>
Suggested-by: Roberto Sassu <roberto.sassu@huawei.com>
Signed-off-by: Coiby Xu <coxu@redhat.com>
---
MAINTAINERS | 1 +
arch/powerpc/kernel/ima_arch.c | 5 --
arch/powerpc/kernel/secure_boot.c | 6 ++
arch/s390/kernel/ima_arch.c | 6 --
arch/s390/kernel/ipl.c | 5 ++
arch/x86/include/asm/efi.h | 4 +-
arch/x86/platform/efi/efi.c | 2 +-
include/linux/ima.h | 7 +--
include/linux/secure_boot.h | 19 +++++++
security/integrity/Makefile | 3 +-
security/integrity/efi_secureboot.c | 56 +++++++++++++++++++
security/integrity/ima/ima_appraise.c | 2 +-
security/integrity/ima/ima_efi.c | 48 +---------------
security/integrity/ima/ima_main.c | 4 +-
security/integrity/integrity.h | 1 +
security/integrity/platform_certs/load_uefi.c | 2 +-
security/integrity/secure_boot.c | 16 ++++++
17 files changed, 117 insertions(+), 70 deletions(-)
create mode 100644 include/linux/secure_boot.h
create mode 100644 security/integrity/efi_secureboot.c
create mode 100644 security/integrity/secure_boot.c
diff --git a/MAINTAINERS b/MAINTAINERS
index 67db88b04537..1f963a621a99 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -12519,6 +12519,7 @@ R: Eric Snowberg <eric.snowberg@oracle.com>
L: linux-integrity@vger.kernel.org
S: Supported
T: git git://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity.git
+F: include/linux/secure_boot.h
F: security/integrity/
F: security/integrity/ima/
diff --git a/arch/powerpc/kernel/ima_arch.c b/arch/powerpc/kernel/ima_arch.c
index b7029beed847..0d8892a03526 100644
--- a/arch/powerpc/kernel/ima_arch.c
+++ b/arch/powerpc/kernel/ima_arch.c
@@ -7,11 +7,6 @@
#include <linux/ima.h>
#include <asm/secure_boot.h>
-bool arch_ima_get_secureboot(void)
-{
- return is_ppc_secureboot_enabled();
-}
-
/*
* The "secure_rules" are enabled only on "secureboot" enabled systems.
* These rules verify the file signatures against known good values.
diff --git a/arch/powerpc/kernel/secure_boot.c b/arch/powerpc/kernel/secure_boot.c
index 3a28795b4ed8..28436c1599e0 100644
--- a/arch/powerpc/kernel/secure_boot.c
+++ b/arch/powerpc/kernel/secure_boot.c
@@ -5,6 +5,7 @@
*/
#include <linux/types.h>
#include <linux/of.h>
+#include <linux/secure_boot.h>
#include <linux/string_choices.h>
#include <asm/secure_boot.h>
@@ -44,6 +45,11 @@ bool is_ppc_secureboot_enabled(void)
return enabled;
}
+bool arch_get_secureboot(void)
+{
+ return is_ppc_secureboot_enabled();
+}
+
bool is_ppc_trustedboot_enabled(void)
{
struct device_node *node;
diff --git a/arch/s390/kernel/ima_arch.c b/arch/s390/kernel/ima_arch.c
index f3c3e6e1c5d3..6ccbe34ce408 100644
--- a/arch/s390/kernel/ima_arch.c
+++ b/arch/s390/kernel/ima_arch.c
@@ -1,12 +1,6 @@
// SPDX-License-Identifier: GPL-2.0
#include <linux/ima.h>
-#include <asm/boot_data.h>
-
-bool arch_ima_get_secureboot(void)
-{
- return ipl_secure_flag;
-}
const char * const *arch_get_ima_policy(void)
{
diff --git a/arch/s390/kernel/ipl.c b/arch/s390/kernel/ipl.c
index dcdc7e274848..781deb588557 100644
--- a/arch/s390/kernel/ipl.c
+++ b/arch/s390/kernel/ipl.c
@@ -2504,6 +2504,11 @@ void *ipl_report_finish(struct ipl_report *report)
return buf;
}
+bool arch_get_secureboot(void)
+{
+ return ipl_secure_flag;
+}
+
int ipl_report_free(struct ipl_report *report)
{
struct ipl_report_component *comp, *ncomp;
diff --git a/arch/x86/include/asm/efi.h b/arch/x86/include/asm/efi.h
index f227a70ac91f..ee382b56dd7b 100644
--- a/arch/x86/include/asm/efi.h
+++ b/arch/x86/include/asm/efi.h
@@ -401,9 +401,9 @@ extern int __init efi_memmap_split_count(efi_memory_desc_t *md,
extern void __init efi_memmap_insert(struct efi_memory_map *old_memmap,
void *buf, struct efi_mem_range *mem);
-extern enum efi_secureboot_mode __x86_ima_efi_boot_mode(void);
+enum efi_secureboot_mode __x86_efi_boot_mode(void);
-#define arch_ima_efi_boot_mode __x86_ima_efi_boot_mode()
+#define arch_efi_boot_mode __x86_efi_boot_mode()
#ifdef CONFIG_EFI_RUNTIME_MAP
int efi_get_runtime_map_size(void);
diff --git a/arch/x86/platform/efi/efi.c b/arch/x86/platform/efi/efi.c
index 463b784499a8..d8b25ae7af1e 100644
--- a/arch/x86/platform/efi/efi.c
+++ b/arch/x86/platform/efi/efi.c
@@ -921,7 +921,7 @@ umode_t efi_attr_is_visible(struct kobject *kobj, struct attribute *attr, int n)
return attr->mode;
}
-enum efi_secureboot_mode __x86_ima_efi_boot_mode(void)
+enum efi_secureboot_mode __x86_efi_boot_mode(void)
{
return boot_params.secure_boot;
}
diff --git a/include/linux/ima.h b/include/linux/ima.h
index 8e29cb4e6a01..b3927b795a60 100644
--- a/include/linux/ima.h
+++ b/include/linux/ima.h
@@ -11,6 +11,7 @@
#include <linux/fs.h>
#include <linux/security.h>
#include <linux/kexec.h>
+#include <linux/secure_boot.h>
#include <crypto/hash_info.h>
struct linux_binprm;
@@ -72,14 +73,8 @@ int __init ima_get_kexec_buffer(void **addr, size_t *size);
#endif
#ifdef CONFIG_IMA_SECURE_AND_OR_TRUSTED_BOOT
-extern bool arch_ima_get_secureboot(void);
extern const char * const *arch_get_ima_policy(void);
#else
-static inline bool arch_ima_get_secureboot(void)
-{
- return false;
-}
-
static inline const char * const *arch_get_ima_policy(void)
{
return NULL;
diff --git a/include/linux/secure_boot.h b/include/linux/secure_boot.h
new file mode 100644
index 000000000000..3ded3f03655c
--- /dev/null
+++ b/include/linux/secure_boot.h
@@ -0,0 +1,19 @@
+/* SPDX-License-Identifier: GPL-2.0-only */
+/*
+ * Copyright (C) 2026 Red Hat, Inc. All Rights Reserved.
+ *
+ * Author: Coiby Xu <coxu@redhat.com>
+ */
+
+#ifndef _LINUX_SECURE_BOOT_H
+#define _LINUX_SECURE_BOOT_H
+
+#include <linux/types.h>
+
+/*
+ * Returns true if the platform secure boot is enabled.
+ * Returns false if disabled or not supported.
+ */
+bool arch_get_secureboot(void);
+
+#endif /* _LINUX_SECURE_BOOT_H */
diff --git a/security/integrity/Makefile b/security/integrity/Makefile
index 92b63039c654..548665e2b702 100644
--- a/security/integrity/Makefile
+++ b/security/integrity/Makefile
@@ -5,7 +5,7 @@
obj-$(CONFIG_INTEGRITY) += integrity.o
-integrity-y := iint.o
+integrity-y := iint.o secure_boot.o
integrity-$(CONFIG_INTEGRITY_AUDIT) += integrity_audit.o
integrity-$(CONFIG_INTEGRITY_SIGNATURE) += digsig.o
integrity-$(CONFIG_INTEGRITY_ASYMMETRIC_KEYS) += digsig_asymmetric.o
@@ -18,6 +18,7 @@ integrity-$(CONFIG_LOAD_IPL_KEYS) += platform_certs/load_ipl_s390.o
integrity-$(CONFIG_LOAD_PPC_KEYS) += platform_certs/efi_parser.o \
platform_certs/load_powerpc.o \
platform_certs/keyring_handler.o
+integrity-$(CONFIG_EFI) += efi_secureboot.o
# The relative order of the 'ima' and 'evm' LSMs depends on the order below.
obj-$(CONFIG_IMA) += ima/
obj-$(CONFIG_EVM) += evm/
diff --git a/security/integrity/efi_secureboot.c b/security/integrity/efi_secureboot.c
new file mode 100644
index 000000000000..bfd4260a83a3
--- /dev/null
+++ b/security/integrity/efi_secureboot.c
@@ -0,0 +1,56 @@
+// SPDX-License-Identifier: GPL-1.0+
+/*
+ * Copyright (C) 2018 IBM Corporation
+ */
+#include <linux/efi.h>
+#include <linux/secure_boot.h>
+#include <asm/efi.h>
+
+#ifndef arch_efi_boot_mode
+#define arch_efi_boot_mode efi_secureboot_mode_unset
+#endif
+
+static enum efi_secureboot_mode get_sb_mode(void)
+{
+ enum efi_secureboot_mode mode;
+
+ if (!efi_rt_services_supported(EFI_RT_SUPPORTED_GET_VARIABLE)) {
+ pr_info("integrity: secureboot mode unknown, no efi\n");
+ return efi_secureboot_mode_unknown;
+ }
+
+ mode = efi_get_secureboot_mode(efi.get_variable);
+ if (mode == efi_secureboot_mode_disabled)
+ pr_info("integrity: secureboot mode disabled\n");
+ else if (mode == efi_secureboot_mode_unknown)
+ pr_info("integrity: secureboot mode unknown\n");
+ else
+ pr_info("integrity: secureboot mode enabled\n");
+ return mode;
+}
+
+/*
+ * Query secure boot status
+ *
+ * Note don't call this function too early e.g. in __setup hook otherwise the
+ * kernel may hang when calling efi_get_secureboot_mode.
+ *
+ */
+bool arch_get_secureboot(void)
+{
+ static enum efi_secureboot_mode sb_mode;
+ static bool initialized;
+
+ if (!initialized && efi_enabled(EFI_BOOT)) {
+ sb_mode = arch_efi_boot_mode;
+
+ if (sb_mode == efi_secureboot_mode_unset)
+ sb_mode = get_sb_mode();
+ initialized = true;
+ }
+
+ if (sb_mode == efi_secureboot_mode_enabled)
+ return true;
+ else
+ return false;
+}
diff --git a/security/integrity/ima/ima_appraise.c b/security/integrity/ima/ima_appraise.c
index 5149ff4fd50d..9737bf76ce17 100644
--- a/security/integrity/ima/ima_appraise.c
+++ b/security/integrity/ima/ima_appraise.c
@@ -27,7 +27,7 @@ core_param(ima_appraise, ima_appraise_cmdline_default, charp, 0);
void __init ima_appraise_parse_cmdline(void)
{
const char *str = ima_appraise_cmdline_default;
- bool sb_state = arch_ima_get_secureboot();
+ bool sb_state = arch_get_secureboot();
int appraisal_state = ima_appraise;
if (!str)
diff --git a/security/integrity/ima/ima_efi.c b/security/integrity/ima/ima_efi.c
index 138029bfcce1..27521d665d33 100644
--- a/security/integrity/ima/ima_efi.c
+++ b/security/integrity/ima/ima_efi.c
@@ -2,52 +2,9 @@
/*
* Copyright (C) 2018 IBM Corporation
*/
-#include <linux/efi.h>
#include <linux/module.h>
#include <linux/ima.h>
-#include <asm/efi.h>
-
-#ifndef arch_ima_efi_boot_mode
-#define arch_ima_efi_boot_mode efi_secureboot_mode_unset
-#endif
-
-static enum efi_secureboot_mode get_sb_mode(void)
-{
- enum efi_secureboot_mode mode;
-
- if (!efi_rt_services_supported(EFI_RT_SUPPORTED_GET_VARIABLE)) {
- pr_info("ima: secureboot mode unknown, no efi\n");
- return efi_secureboot_mode_unknown;
- }
-
- mode = efi_get_secureboot_mode(efi.get_variable);
- if (mode == efi_secureboot_mode_disabled)
- pr_info("ima: secureboot mode disabled\n");
- else if (mode == efi_secureboot_mode_unknown)
- pr_info("ima: secureboot mode unknown\n");
- else
- pr_info("ima: secureboot mode enabled\n");
- return mode;
-}
-
-bool arch_ima_get_secureboot(void)
-{
- static enum efi_secureboot_mode sb_mode;
- static bool initialized;
-
- if (!initialized && efi_enabled(EFI_BOOT)) {
- sb_mode = arch_ima_efi_boot_mode;
-
- if (sb_mode == efi_secureboot_mode_unset)
- sb_mode = get_sb_mode();
- initialized = true;
- }
-
- if (sb_mode == efi_secureboot_mode_enabled)
- return true;
- else
- return false;
-}
+#include <linux/secure_boot.h>
/* secureboot arch rules */
static const char * const sb_arch_rules[] = {
@@ -67,7 +24,8 @@ static const char * const sb_arch_rules[] = {
const char * const *arch_get_ima_policy(void)
{
- if (IS_ENABLED(CONFIG_IMA_ARCH_POLICY) && arch_ima_get_secureboot()) {
+ if (IS_ENABLED(CONFIG_IMA_ARCH_POLICY) &&
+ arch_get_secureboot()) {
if (IS_ENABLED(CONFIG_MODULE_SIG))
set_module_sig_enforced();
if (IS_ENABLED(CONFIG_KEXEC_SIG))
diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c
index 5770cf691912..6d093ac82a45 100644
--- a/security/integrity/ima/ima_main.c
+++ b/security/integrity/ima/ima_main.c
@@ -949,8 +949,8 @@ static int ima_load_data(enum kernel_load_data_id id, bool contents)
switch (id) {
case LOADING_KEXEC_IMAGE:
- if (IS_ENABLED(CONFIG_KEXEC_SIG)
- && arch_ima_get_secureboot()) {
+ if (IS_ENABLED(CONFIG_KEXEC_SIG) &&
+ arch_get_secureboot()) {
pr_err("impossible to appraise a kernel image without a file descriptor; try using kexec_file_load syscall.\n");
return -EACCES;
}
diff --git a/security/integrity/integrity.h b/security/integrity/integrity.h
index 7b388b66cf80..4636629533af 100644
--- a/security/integrity/integrity.h
+++ b/security/integrity/integrity.h
@@ -14,6 +14,7 @@
#include <linux/types.h>
#include <linux/integrity.h>
+#include <linux/secure_boot.h>
#include <crypto/sha1.h>
#include <crypto/hash.h>
#include <linux/key.h>
diff --git a/security/integrity/platform_certs/load_uefi.c b/security/integrity/platform_certs/load_uefi.c
index d1fdd113450a..c0d6948446c3 100644
--- a/security/integrity/platform_certs/load_uefi.c
+++ b/security/integrity/platform_certs/load_uefi.c
@@ -212,7 +212,7 @@ static int __init load_uefi_certs(void)
}
/* the MOK/MOKx can not be trusted when secure boot is disabled */
- if (!arch_ima_get_secureboot())
+ if (!arch_get_secureboot())
return 0;
mokx = get_cert_list(L"MokListXRT", &mok_var, &mokxsize, &status);
diff --git a/security/integrity/secure_boot.c b/security/integrity/secure_boot.c
new file mode 100644
index 000000000000..fc2693c286f8
--- /dev/null
+++ b/security/integrity/secure_boot.c
@@ -0,0 +1,16 @@
+// SPDX-License-Identifier: GPL-2.0-only
+/*
+ * Copyright (C) 2026 Red Hat, Inc. All Rights Reserved.
+ *
+ * Author: Coiby Xu <coxu@redhat.com>
+ */
+#include <linux/secure_boot.h>
+
+/*
+ * Default weak implementation.
+ * Architectures that support secure boot must override this.
+ */
+__weak bool arch_get_secureboot(void)
+{
+ return false;
+}
--
2.52.0
^ permalink raw reply related
* Re: [PATCH] xfrm: kill xfrm_dev_{state,policy}_flush_secctx_check()
From: Tetsuo Handa @ 2026-02-03 3:47 UTC (permalink / raw)
To: Paul Moore, SELinux, linux-security-module
Cc: Steffen Klassert, Herbert Xu, David S. Miller, Eric Dumazet,
Jakub Kicinski, Paolo Abeni, Simon Horman, Network Development
In-Reply-To: <CAHC9VhQPKU5DqG-ryZsiCV2vZeGGf_a-JStR_LVVCCn03C4usQ@mail.gmail.com>
[-- Attachment #1: Type: text/plain, Size: 2686 bytes --]
On 2026/02/02 13:07, Paul Moore wrote:
> I'm asking you to verify that we have the LSM xfrm hooks in all of the
> necessary locations to ensure that we are safely and comprehensively
> gating all of the operations that result in removal of SPD and SAD
> entries.
That is impossible. We can't have the LSM xfrm hooks in all locations
that result in removal of SPD and SAD entries. We must give up trying
to have the LSM xfrm hooks in NETDEV_UNREGISTER event handler despite
NETDEV_UNREGISTER event handler results in removal of SPD and SAD entries.
>> No authorization can be placed during must-not-fail operation.
>
> Of course, but that means that we simply need to make sure we have the
> authorization hooks placed elsewhere to ensure that users can not
> remove SPD and SAD entries if they are not allowed. I'm not arguing
> about if returning an error in a place that can not handle an error
> condition is correct or not, I'm arguing that you should audit the SPD
> and SAD removal code paths to ensure that they all have the proper LSM
> xfrm hook authorizations.
This patch just removes error-returning LSM xfrm hook calls from one of
must-not-fail locations. I attach two syzbot reports that demonstrate
a result of having LSM xfrm hook calls from NETDEV_UNREGISTER event
( https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/net/xfrm?h=next-20260202&id=638361ad7ab20c5740d9637d3a51306f9b2e1461 ) .
As you can see, this must-not-fail operation is triggered by both
"sendmsg() system call (i.e. sending netlink message) by a userspace process"
and "the cleanup_net kernel WQ thread".
You might be able to call LSM xfrm hooks before netlink_sendmsg() is authorized
(assuming that that LSM hook can examine what SPD and SAD entries will be deleted
by allow processing netlink_sendmsg() request), but I guess that it will be
subjected to TOCTOU problem; can we have such giant lock that can serialize all
operations that might be triggered by allow calling netlink_sendmsg()? Even if
you had such giant lock, what about cleanup_net() path that happens without
explicit request from userspace?
It is your role (not my role) to verify that we have the LSM xfrm hooks in all
of the necessary locations, for it is you who is wishing to ensure that we are
safely and comprehensively gating all of the operations that result in removal
of SPD and SAD entries. The reports I attached are suggesting you that we can't
safely and comprehensively gate all of the operations that result in removal of
SPD and SAD entries.
Reported-by: syzbot+881d65229ca4f9ae8c84@syzkaller.appspotmail.com
Closes: https://syzkaller.appspot.com/bug?extid=881d65229ca4f9ae8c84
[-- Attachment #2: report-20260202-cleanup_net.txt --]
[-- Type: text/plain, Size: 73840 bytes --]
ret_from_fork+0x51e/0xb90 arch/x86/kernel/process.c:158
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
</TASK>
unregister_netdevice: waiting for netdevsim0 to become free. Usage count = 2
ref_tracker: netdev@ffff88807ddc4630 has 1/1 users at
xfrm_dev_state_add+0x6f4/0xc40 net/xfrm/xfrm_device.c:316
xfrm_state_construct net/xfrm/xfrm_user.c:986 [inline]
xfrm_add_sa+0x34ca/0x4230 net/xfrm/xfrm_user.c:1022
xfrm_user_rcv_msg+0x746/0xb20 net/xfrm/xfrm_user.c:3507
netlink_rcv_skb+0x232/0x4b0 net/netlink/af_netlink.c:2550
xfrm_netlink_rcv+0x79/0x90 net/xfrm/xfrm_user.c:3529
netlink_unicast_kernel net/netlink/af_netlink.c:1318 [inline]
netlink_unicast+0x80f/0x9b0 net/netlink/af_netlink.c:1344
netlink_sendmsg+0x813/0xb40 net/netlink/af_netlink.c:1894
sock_sendmsg_nosec+0x18f/0x1d0 net/socket.c:737
__sock_sendmsg net/socket.c:752 [inline]
____sys_sendmsg+0x589/0x8c0 net/socket.c:2610
___sys_sendmsg+0x2a5/0x360 net/socket.c:2664
__sys_sendmsg net/socket.c:2696 [inline]
__do_sys_sendmsg net/socket.c:2701 [inline]
__se_sys_sendmsg net/socket.c:2699 [inline]
__x64_sys_sendmsg+0x1bd/0x2a0 net/socket.c:2699
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0x14d/0xf80 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
infiniband: balance for netdevsim0@ib_gid_table_entry is 0
balance for netdevsim0@j1939_priv is 0
Call trace for netdevsim0[1] +1 at
__dev_hold include/linux/netdevice.h:4403 [inline]
netdev_hold include/linux/netdevice.h:4446 [inline]
rx_queue_add_kobject net/core/net-sysfs.c:1257 [inline]
net_rx_queue_update_kobjects+0x148/0x750 net/core/net-sysfs.c:1322
register_queue_kobjects net/core/net-sysfs.c:2114 [inline]
netdev_register_kobject+0x21f/0x310 net/core/net-sysfs.c:2362
register_netdevice+0x12c0/0x1cf0 net/core/dev.c:11409
nsim_init_netdevsim drivers/net/netdevsim/netdev.c:1064 [inline]
nsim_create+0xb92/0x1100 drivers/net/netdevsim/netdev.c:1146
__nsim_dev_port_add+0x72a/0xb50 drivers/net/netdevsim/dev.c:1494
nsim_dev_port_add_all+0x37/0xf0 drivers/net/netdevsim/dev.c:1550
nsim_drv_probe+0x905/0xc20 drivers/net/netdevsim/dev.c:1711
call_driver_probe drivers/base/dd.c:-1 [inline]
really_probe+0x267/0xaf0 drivers/base/dd.c:661
__driver_probe_device+0x18c/0x320 drivers/base/dd.c:803
driver_probe_device+0x4f/0x240 drivers/base/dd.c:833
__device_attach_driver+0x2d4/0x4c0 drivers/base/dd.c:961
bus_for_each_drv+0x258/0x2f0 drivers/base/bus.c:500
__device_attach+0x2c5/0x450 drivers/base/dd.c:1033
device_initial_probe+0xa1/0xd0 drivers/base/dd.c:1088
bus_probe_device+0x12a/0x220 drivers/base/bus.c:574
device_add+0x7b6/0xb70 drivers/base/core.c:3689
nsim_bus_dev_new drivers/net/netdevsim/bus.c:471 [inline]
new_device_store+0x37b/0x710 drivers/net/netdevsim/bus.c:191
kernfs_fop_write_iter+0x3af/0x540 fs/kernfs/file.c:352
new_sync_write fs/read_write.c:595 [inline]
vfs_write+0x61d/0xb90 fs/read_write.c:688
ksys_write+0x150/0x270 fs/read_write.c:740
Call trace for netdevsim0[2] +1 at
__dev_hold include/linux/netdevice.h:4403 [inline]
netdev_hold include/linux/netdevice.h:4446 [inline]
netdev_queue_add_kobject net/core/net-sysfs.c:1994 [inline]
netdev_queue_update_kobjects+0x170/0x6d0 net/core/net-sysfs.c:2056
register_queue_kobjects net/core/net-sysfs.c:2119 [inline]
netdev_register_kobject+0x258/0x310 net/core/net-sysfs.c:2362
register_netdevice+0x12c0/0x1cf0 net/core/dev.c:11409
nsim_init_netdevsim drivers/net/netdevsim/netdev.c:1064 [inline]
nsim_create+0xb92/0x1100 drivers/net/netdevsim/netdev.c:1146
__nsim_dev_port_add+0x72a/0xb50 drivers/net/netdevsim/dev.c:1494
nsim_dev_port_add_all+0x37/0xf0 drivers/net/netdevsim/dev.c:1550
nsim_drv_probe+0x905/0xc20 drivers/net/netdevsim/dev.c:1711
call_driver_probe drivers/base/dd.c:-1 [inline]
really_probe+0x267/0xaf0 drivers/base/dd.c:661
__driver_probe_device+0x18c/0x320 drivers/base/dd.c:803
driver_probe_device+0x4f/0x240 drivers/base/dd.c:833
__device_attach_driver+0x2d4/0x4c0 drivers/base/dd.c:961
bus_for_each_drv+0x258/0x2f0 drivers/base/bus.c:500
__device_attach+0x2c5/0x450 drivers/base/dd.c:1033
device_initial_probe+0xa1/0xd0 drivers/base/dd.c:1088
bus_probe_device+0x12a/0x220 drivers/base/bus.c:574
device_add+0x7b6/0xb70 drivers/base/core.c:3689
nsim_bus_dev_new drivers/net/netdevsim/bus.c:471 [inline]
new_device_store+0x37b/0x710 drivers/net/netdevsim/bus.c:191
kernfs_fop_write_iter+0x3af/0x540 fs/kernfs/file.c:352
new_sync_write fs/read_write.c:595 [inline]
vfs_write+0x61d/0xb90 fs/read_write.c:688
ksys_write+0x150/0x270 fs/read_write.c:740
Call trace for netdevsim0[3] +1 at
__dev_hold include/linux/netdevice.h:4403 [inline]
netdev_hold+0x27/0xc0 include/linux/netdevice.h:4446
register_netdevice+0x15cc/0x1cf0 net/core/dev.c:11433
nsim_init_netdevsim drivers/net/netdevsim/netdev.c:1064 [inline]
nsim_create+0xb92/0x1100 drivers/net/netdevsim/netdev.c:1146
__nsim_dev_port_add+0x72a/0xb50 drivers/net/netdevsim/dev.c:1494
nsim_dev_port_add_all+0x37/0xf0 drivers/net/netdevsim/dev.c:1550
nsim_drv_probe+0x905/0xc20 drivers/net/netdevsim/dev.c:1711
call_driver_probe drivers/base/dd.c:-1 [inline]
really_probe+0x267/0xaf0 drivers/base/dd.c:661
__driver_probe_device+0x18c/0x320 drivers/base/dd.c:803
driver_probe_device+0x4f/0x240 drivers/base/dd.c:833
__device_attach_driver+0x2d4/0x4c0 drivers/base/dd.c:961
bus_for_each_drv+0x258/0x2f0 drivers/base/bus.c:500
__device_attach+0x2c5/0x450 drivers/base/dd.c:1033
device_initial_probe+0xa1/0xd0 drivers/base/dd.c:1088
bus_probe_device+0x12a/0x220 drivers/base/bus.c:574
device_add+0x7b6/0xb70 drivers/base/core.c:3689
nsim_bus_dev_new drivers/net/netdevsim/bus.c:471 [inline]
new_device_store+0x37b/0x710 drivers/net/netdevsim/bus.c:191
kernfs_fop_write_iter+0x3af/0x540 fs/kernfs/file.c:352
new_sync_write fs/read_write.c:595 [inline]
vfs_write+0x61d/0xb90 fs/read_write.c:688
ksys_write+0x150/0x270 fs/read_write.c:740
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0x14d/0xf80 arch/x86/entry/syscall_64.c:94
Call trace for netdevsim0[4] +3 at
__dev_hold include/linux/netdevice.h:4403 [inline]
netdev_hold include/linux/netdevice.h:4446 [inline]
dev_hold include/linux/netdevice.h:4469 [inline]
netdevice_queue_work drivers/infiniband/core/roce_gid_mgmt.c:698 [inline]
netdevice_event+0x4ea/0x8d0 drivers/infiniband/core/roce_gid_mgmt.c:849
notifier_call_chain+0x1be/0x400 kernel/notifier.c:85
call_netdevice_notifiers_extack net/core/dev.c:2281 [inline]
call_netdevice_notifiers net/core/dev.c:2295 [inline]
register_netdevice+0x173a/0x1cf0 net/core/dev.c:11447
nsim_init_netdevsim drivers/net/netdevsim/netdev.c:1064 [inline]
nsim_create+0xb92/0x1100 drivers/net/netdevsim/netdev.c:1146
__nsim_dev_port_add+0x72a/0xb50 drivers/net/netdevsim/dev.c:1494
nsim_dev_port_add_all+0x37/0xf0 drivers/net/netdevsim/dev.c:1550
nsim_drv_probe+0x905/0xc20 drivers/net/netdevsim/dev.c:1711
call_driver_probe drivers/base/dd.c:-1 [inline]
really_probe+0x267/0xaf0 drivers/base/dd.c:661
__driver_probe_device+0x18c/0x320 drivers/base/dd.c:803
driver_probe_device+0x4f/0x240 drivers/base/dd.c:833
__device_attach_driver+0x2d4/0x4c0 drivers/base/dd.c:961
bus_for_each_drv+0x258/0x2f0 drivers/base/bus.c:500
__device_attach+0x2c5/0x450 drivers/base/dd.c:1033
device_initial_probe+0xa1/0xd0 drivers/base/dd.c:1088
bus_probe_device+0x12a/0x220 drivers/base/bus.c:574
device_add+0x7b6/0xb70 drivers/base/core.c:3689
nsim_bus_dev_new drivers/net/netdevsim/bus.c:471 [inline]
new_device_store+0x37b/0x710 drivers/net/netdevsim/bus.c:191
kernfs_fop_write_iter+0x3af/0x540 fs/kernfs/file.c:352
new_sync_write fs/read_write.c:595 [inline]
vfs_write+0x61d/0xb90 fs/read_write.c:688
ksys_write+0x150/0x270 fs/read_write.c:740
Call trace for netdevsim0[5] +3 at
__dev_hold include/linux/netdevice.h:4403 [inline]
netdev_hold include/linux/netdevice.h:4446 [inline]
dev_hold include/linux/netdevice.h:4469 [inline]
netdevice_queue_work drivers/infiniband/core/roce_gid_mgmt.c:699 [inline]
netdevice_event+0x593/0x8d0 drivers/infiniband/core/roce_gid_mgmt.c:849
notifier_call_chain+0x1be/0x400 kernel/notifier.c:85
call_netdevice_notifiers_extack net/core/dev.c:2281 [inline]
call_netdevice_notifiers net/core/dev.c:2295 [inline]
register_netdevice+0x173a/0x1cf0 net/core/dev.c:11447
nsim_init_netdevsim drivers/net/netdevsim/netdev.c:1064 [inline]
nsim_create+0xb92/0x1100 drivers/net/netdevsim/netdev.c:1146
__nsim_dev_port_add+0x72a/0xb50 drivers/net/netdevsim/dev.c:1494
nsim_dev_port_add_all+0x37/0xf0 drivers/net/netdevsim/dev.c:1550
nsim_drv_probe+0x905/0xc20 drivers/net/netdevsim/dev.c:1711
call_driver_probe drivers/base/dd.c:-1 [inline]
really_probe+0x267/0xaf0 drivers/base/dd.c:661
__driver_probe_device+0x18c/0x320 drivers/base/dd.c:803
driver_probe_device+0x4f/0x240 drivers/base/dd.c:833
__device_attach_driver+0x2d4/0x4c0 drivers/base/dd.c:961
bus_for_each_drv+0x258/0x2f0 drivers/base/bus.c:500
__device_attach+0x2c5/0x450 drivers/base/dd.c:1033
device_initial_probe+0xa1/0xd0 drivers/base/dd.c:1088
bus_probe_device+0x12a/0x220 drivers/base/bus.c:574
device_add+0x7b6/0xb70 drivers/base/core.c:3689
nsim_bus_dev_new drivers/net/netdevsim/bus.c:471 [inline]
new_device_store+0x37b/0x710 drivers/net/netdevsim/bus.c:191
kernfs_fop_write_iter+0x3af/0x540 fs/kernfs/file.c:352
new_sync_write fs/read_write.c:595 [inline]
vfs_write+0x61d/0xb90 fs/read_write.c:688
ksys_write+0x150/0x270 fs/read_write.c:740
Call trace for netdevsim0[6] -7 at
__dev_put include/linux/netdevice.h:4389 [inline]
netdev_put include/linux/netdevice.h:4456 [inline]
dev_put include/linux/netdevice.h:4481 [inline]
netdevice_event_work_handler+0x12c/0x260 drivers/infiniband/core/roce_gid_mgmt.c:675
process_one_work+0x949/0x1650 kernel/workqueue.c:3279
Call trace for netdevsim0[7] -7 at
__dev_put include/linux/netdevice.h:4389 [inline]
netdev_put include/linux/netdevice.h:4456 [inline]
dev_put include/linux/netdevice.h:4481 [inline]
netdevice_event_work_handler+0x1b2/0x260 drivers/infiniband/core/roce_gid_mgmt.c:676
process_one_work+0x949/0x1650 kernel/workqueue.c:3279
Call trace for netdevsim0[8] +1 at
__dev_hold include/linux/netdevice.h:4403 [inline]
netdev_hold include/linux/netdevice.h:4446 [inline]
neigh_parms_alloc+0x192/0x530 net/core/neighbour.c:1778
inetdev_init+0x118/0x4f0 net/ipv4/devinet.c:280
inetdev_event+0x30d/0x1610 net/ipv4/devinet.c:1590
notifier_call_chain+0x1be/0x400 kernel/notifier.c:85
call_netdevice_notifiers_extack net/core/dev.c:2281 [inline]
call_netdevice_notifiers net/core/dev.c:2295 [inline]
register_netdevice+0x173a/0x1cf0 net/core/dev.c:11447
nsim_init_netdevsim drivers/net/netdevsim/netdev.c:1064 [inline]
nsim_create+0xb92/0x1100 drivers/net/netdevsim/netdev.c:1146
__nsim_dev_port_add+0x72a/0xb50 drivers/net/netdevsim/dev.c:1494
nsim_dev_port_add_all+0x37/0xf0 drivers/net/netdevsim/dev.c:1550
nsim_drv_probe+0x905/0xc20 drivers/net/netdevsim/dev.c:1711
call_driver_probe drivers/base/dd.c:-1 [inline]
really_probe+0x267/0xaf0 drivers/base/dd.c:661
__driver_probe_device+0x18c/0x320 drivers/base/dd.c:803
driver_probe_device+0x4f/0x240 drivers/base/dd.c:833
__device_attach_driver+0x2d4/0x4c0 drivers/base/dd.c:961
bus_for_each_drv+0x258/0x2f0 drivers/base/bus.c:500
__device_attach+0x2c5/0x450 drivers/base/dd.c:1033
device_initial_probe+0xa1/0xd0 drivers/base/dd.c:1088
bus_probe_device+0x12a/0x220 drivers/base/bus.c:574
device_add+0x7b6/0xb70 drivers/base/core.c:3689
nsim_bus_dev_new drivers/net/netdevsim/bus.c:471 [inline]
new_device_store+0x37b/0x710 drivers/net/netdevsim/bus.c:191
kernfs_fop_write_iter+0x3af/0x540 fs/kernfs/file.c:352
Call trace for netdevsim0[9] +1 at
__dev_hold include/linux/netdevice.h:4403 [inline]
netdev_hold include/linux/netdevice.h:4446 [inline]
inetdev_init+0x19f/0x4f0 net/ipv4/devinet.c:286
inetdev_event+0x30d/0x1610 net/ipv4/devinet.c:1590
notifier_call_chain+0x1be/0x400 kernel/notifier.c:85
call_netdevice_notifiers_extack net/core/dev.c:2281 [inline]
call_netdevice_notifiers net/core/dev.c:2295 [inline]
register_netdevice+0x173a/0x1cf0 net/core/dev.c:11447
nsim_init_netdevsim drivers/net/netdevsim/netdev.c:1064 [inline]
nsim_create+0xb92/0x1100 drivers/net/netdevsim/netdev.c:1146
__nsim_dev_port_add+0x72a/0xb50 drivers/net/netdevsim/dev.c:1494
nsim_dev_port_add_all+0x37/0xf0 drivers/net/netdevsim/dev.c:1550
nsim_drv_probe+0x905/0xc20 drivers/net/netdevsim/dev.c:1711
call_driver_probe drivers/base/dd.c:-1 [inline]
really_probe+0x267/0xaf0 drivers/base/dd.c:661
__driver_probe_device+0x18c/0x320 drivers/base/dd.c:803
driver_probe_device+0x4f/0x240 drivers/base/dd.c:833
__device_attach_driver+0x2d4/0x4c0 drivers/base/dd.c:961
bus_for_each_drv+0x258/0x2f0 drivers/base/bus.c:500
__device_attach+0x2c5/0x450 drivers/base/dd.c:1033
device_initial_probe+0xa1/0xd0 drivers/base/dd.c:1088
bus_probe_device+0x12a/0x220 drivers/base/bus.c:574
device_add+0x7b6/0xb70 drivers/base/core.c:3689
nsim_bus_dev_new drivers/net/netdevsim/bus.c:471 [inline]
new_device_store+0x37b/0x710 drivers/net/netdevsim/bus.c:191
kernfs_fop_write_iter+0x3af/0x540 fs/kernfs/file.c:352
new_sync_write fs/read_write.c:595 [inline]
vfs_write+0x61d/0xb90 fs/read_write.c:688
Call trace for netdevsim0[10] +1 at
__dev_hold include/linux/netdevice.h:4403 [inline]
netdev_hold include/linux/netdevice.h:4446 [inline]
neigh_parms_alloc+0x192/0x530 net/core/neighbour.c:1778
ipv6_add_dev+0x40d/0x13c0 net/ipv6/addrconf.c:403
addrconf_notify+0x771/0x1050 net/ipv6/addrconf.c:3655
notifier_call_chain+0x1be/0x400 kernel/notifier.c:85
call_netdevice_notifiers_extack net/core/dev.c:2281 [inline]
call_netdevice_notifiers net/core/dev.c:2295 [inline]
register_netdevice+0x173a/0x1cf0 net/core/dev.c:11447
nsim_init_netdevsim drivers/net/netdevsim/netdev.c:1064 [inline]
nsim_create+0xb92/0x1100 drivers/net/netdevsim/netdev.c:1146
__nsim_dev_port_add+0x72a/0xb50 drivers/net/netdevsim/dev.c:1494
nsim_dev_port_add_all+0x37/0xf0 drivers/net/netdevsim/dev.c:1550
nsim_drv_probe+0x905/0xc20 drivers/net/netdevsim/dev.c:1711
call_driver_probe drivers/base/dd.c:-1 [inline]
really_probe+0x267/0xaf0 drivers/base/dd.c:661
__driver_probe_device+0x18c/0x320 drivers/base/dd.c:803
driver_probe_device+0x4f/0x240 drivers/base/dd.c:833
__device_attach_driver+0x2d4/0x4c0 drivers/base/dd.c:961
bus_for_each_drv+0x258/0x2f0 drivers/base/bus.c:500
__device_attach+0x2c5/0x450 drivers/base/dd.c:1033
device_initial_probe+0xa1/0xd0 drivers/base/dd.c:1088
bus_probe_device+0x12a/0x220 drivers/base/bus.c:574
device_add+0x7b6/0xb70 drivers/base/core.c:3689
nsim_bus_dev_new drivers/net/netdevsim/bus.c:471 [inline]
new_device_store+0x37b/0x710 drivers/net/netdevsim/bus.c:191
kernfs_fop_write_iter+0x3af/0x540 fs/kernfs/file.c:352
Call trace for netdevsim0[11] +1 at
__dev_hold include/linux/netdevice.h:4403 [inline]
netdev_hold include/linux/netdevice.h:4446 [inline]
ipv6_add_dev+0x4ae/0x13c0 net/ipv6/addrconf.c:411
addrconf_notify+0x771/0x1050 net/ipv6/addrconf.c:3655
notifier_call_chain+0x1be/0x400 kernel/notifier.c:85
call_netdevice_notifiers_extack net/core/dev.c:2281 [inline]
call_netdevice_notifiers net/core/dev.c:2295 [inline]
register_netdevice+0x173a/0x1cf0 net/core/dev.c:11447
nsim_init_netdevsim drivers/net/netdevsim/netdev.c:1064 [inline]
nsim_create+0xb92/0x1100 drivers/net/netdevsim/netdev.c:1146
__nsim_dev_port_add+0x72a/0xb50 drivers/net/netdevsim/dev.c:1494
nsim_dev_port_add_all+0x37/0xf0 drivers/net/netdevsim/dev.c:1550
nsim_drv_probe+0x905/0xc20 drivers/net/netdevsim/dev.c:1711
call_driver_probe drivers/base/dd.c:-1 [inline]
really_probe+0x267/0xaf0 drivers/base/dd.c:661
__driver_probe_device+0x18c/0x320 drivers/base/dd.c:803
driver_probe_device+0x4f/0x240 drivers/base/dd.c:833
__device_attach_driver+0x2d4/0x4c0 drivers/base/dd.c:961
bus_for_each_drv+0x258/0x2f0 drivers/base/bus.c:500
__device_attach+0x2c5/0x450 drivers/base/dd.c:1033
device_initial_probe+0xa1/0xd0 drivers/base/dd.c:1088
bus_probe_device+0x12a/0x220 drivers/base/bus.c:574
device_add+0x7b6/0xb70 drivers/base/core.c:3689
nsim_bus_dev_new drivers/net/netdevsim/bus.c:471 [inline]
new_device_store+0x37b/0x710 drivers/net/netdevsim/bus.c:191
kernfs_fop_write_iter+0x3af/0x540 fs/kernfs/file.c:352
new_sync_write fs/read_write.c:595 [inline]
vfs_write+0x61d/0xb90 fs/read_write.c:688
Call trace for netdevsim0[12] +1 at
__dev_hold include/linux/netdevice.h:4403 [inline]
netdev_hold include/linux/netdevice.h:4446 [inline]
batadv_hardif_add_interface net/batman-adv/hard-interface.c:878 [inline]
batadv_hard_if_event+0xb47/0x1240 net/batman-adv/hard-interface.c:958
notifier_call_chain+0x1be/0x400 kernel/notifier.c:85
call_netdevice_notifiers_extack net/core/dev.c:2281 [inline]
call_netdevice_notifiers net/core/dev.c:2295 [inline]
register_netdevice+0x173a/0x1cf0 net/core/dev.c:11447
nsim_init_netdevsim drivers/net/netdevsim/netdev.c:1064 [inline]
nsim_create+0xb92/0x1100 drivers/net/netdevsim/netdev.c:1146
__nsim_dev_port_add+0x72a/0xb50 drivers/net/netdevsim/dev.c:1494
nsim_dev_port_add_all+0x37/0xf0 drivers/net/netdevsim/dev.c:1550
nsim_drv_probe+0x905/0xc20 drivers/net/netdevsim/dev.c:1711
call_driver_probe drivers/base/dd.c:-1 [inline]
really_probe+0x267/0xaf0 drivers/base/dd.c:661
__driver_probe_device+0x18c/0x320 drivers/base/dd.c:803
driver_probe_device+0x4f/0x240 drivers/base/dd.c:833
__device_attach_driver+0x2d4/0x4c0 drivers/base/dd.c:961
bus_for_each_drv+0x258/0x2f0 drivers/base/bus.c:500
__device_attach+0x2c5/0x450 drivers/base/dd.c:1033
device_initial_probe+0xa1/0xd0 drivers/base/dd.c:1088
bus_probe_device+0x12a/0x220 drivers/base/bus.c:574
device_add+0x7b6/0xb70 drivers/base/core.c:3689
nsim_bus_dev_new drivers/net/netdevsim/bus.c:471 [inline]
new_device_store+0x37b/0x710 drivers/net/netdevsim/bus.c:191
kernfs_fop_write_iter+0x3af/0x540 fs/kernfs/file.c:352
new_sync_write fs/read_write.c:595 [inline]
vfs_write+0x61d/0xb90 fs/read_write.c:688
ksys_write+0x150/0x270 fs/read_write.c:740
Call trace for netdevsim0[13] +1 at
__dev_hold include/linux/netdevice.h:4403 [inline]
netdev_hold include/linux/netdevice.h:4446 [inline]
dev_hold include/linux/netdevice.h:4469 [inline]
udp_tunnel_nic_register net/ipv4/udp_tunnel_nic.c:850 [inline]
udp_tunnel_nic_netdevice_event+0xaea/0x17e0 net/ipv4/udp_tunnel_nic.c:931
notifier_call_chain+0x1be/0x400 kernel/notifier.c:85
call_netdevice_notifiers_extack net/core/dev.c:2281 [inline]
call_netdevice_notifiers net/core/dev.c:2295 [inline]
register_netdevice+0x173a/0x1cf0 net/core/dev.c:11447
nsim_init_netdevsim drivers/net/netdevsim/netdev.c:1064 [inline]
nsim_create+0xb92/0x1100 drivers/net/netdevsim/netdev.c:1146
__nsim_dev_port_add+0x72a/0xb50 drivers/net/netdevsim/dev.c:1494
nsim_dev_port_add_all+0x37/0xf0 drivers/net/netdevsim/dev.c:1550
nsim_drv_probe+0x905/0xc20 drivers/net/netdevsim/dev.c:1711
call_driver_probe drivers/base/dd.c:-1 [inline]
really_probe+0x267/0xaf0 drivers/base/dd.c:661
__driver_probe_device+0x18c/0x320 drivers/base/dd.c:803
driver_probe_device+0x4f/0x240 drivers/base/dd.c:833
__device_attach_driver+0x2d4/0x4c0 drivers/base/dd.c:961
bus_for_each_drv+0x258/0x2f0 drivers/base/bus.c:500
__device_attach+0x2c5/0x450 drivers/base/dd.c:1033
device_initial_probe+0xa1/0xd0 drivers/base/dd.c:1088
bus_probe_device+0x12a/0x220 drivers/base/bus.c:574
device_add+0x7b6/0xb70 drivers/base/core.c:3689
nsim_bus_dev_new drivers/net/netdevsim/bus.c:471 [inline]
new_device_store+0x37b/0x710 drivers/net/netdevsim/bus.c:191
kernfs_fop_write_iter+0x3af/0x540 fs/kernfs/file.c:352
new_sync_write fs/read_write.c:595 [inline]
vfs_write+0x61d/0xb90 fs/read_write.c:688
ksys_write+0x150/0x270 fs/read_write.c:740
Call trace for netdevsim0[14] +1 at
__dev_hold include/linux/netdevice.h:4403 [inline]
netdev_hold include/linux/netdevice.h:4446 [inline]
qdisc_alloc+0x631/0x910 net/sched/sch_generic.c:985
qdisc_create_dflt+0x8e/0x510 net/sched/sch_generic.c:1008
attach_one_default_qdisc net/sched/sch_generic.c:1174 [inline]
netdev_for_each_tx_queue include/linux/netdevice.h:2688 [inline]
attach_default_qdiscs net/sched/sch_generic.c:1192 [inline]
dev_activate+0x378/0x1150 net/sched/sch_generic.c:1251
__dev_open+0x67a/0x830 net/core/dev.c:1704
__dev_change_flags+0x1f7/0x690 net/core/dev.c:9749
netif_change_flags+0x88/0x1a0 net/core/dev.c:9812
do_setlink+0xf82/0x4590 net/core/rtnetlink.c:3158
rtnl_changelink net/core/rtnetlink.c:3776 [inline]
__rtnl_newlink net/core/rtnetlink.c:3935 [inline]
rtnl_newlink+0x15a9/0x1be0 net/core/rtnetlink.c:4072
rtnetlink_rcv_msg+0x7d5/0xbe0 net/core/rtnetlink.c:6958
netlink_rcv_skb+0x232/0x4b0 net/netlink/af_netlink.c:2550
netlink_unicast_kernel net/netlink/af_netlink.c:1318 [inline]
netlink_unicast+0x80f/0x9b0 net/netlink/af_netlink.c:1344
netlink_sendmsg+0x813/0xb40 net/netlink/af_netlink.c:1894
sock_sendmsg_nosec+0x18f/0x1d0 net/socket.c:737
Call trace for netdevsim0[15] +3 at
__dev_hold include/linux/netdevice.h:4403 [inline]
netdev_hold include/linux/netdevice.h:4446 [inline]
dev_hold include/linux/netdevice.h:4469 [inline]
netdevice_queue_work drivers/infiniband/core/roce_gid_mgmt.c:698 [inline]
netdevice_event+0x4ea/0x8d0 drivers/infiniband/core/roce_gid_mgmt.c:849
notifier_call_chain+0x1be/0x400 kernel/notifier.c:85
call_netdevice_notifiers_extack net/core/dev.c:2281 [inline]
call_netdevice_notifiers net/core/dev.c:2295 [inline]
__dev_notify_flags+0x1a9/0x310 net/core/dev.c:9788
netif_change_flags+0xe8/0x1a0 net/core/dev.c:9817
do_setlink+0xf82/0x4590 net/core/rtnetlink.c:3158
rtnl_changelink net/core/rtnetlink.c:3776 [inline]
__rtnl_newlink net/core/rtnetlink.c:3935 [inline]
rtnl_newlink+0x15a9/0x1be0 net/core/rtnetlink.c:4072
rtnetlink_rcv_msg+0x7d5/0xbe0 net/core/rtnetlink.c:6958
netlink_rcv_skb+0x232/0x4b0 net/netlink/af_netlink.c:2550
netlink_unicast_kernel net/netlink/af_netlink.c:1318 [inline]
netlink_unicast+0x80f/0x9b0 net/netlink/af_netlink.c:1344
netlink_sendmsg+0x813/0xb40 net/netlink/af_netlink.c:1894
sock_sendmsg_nosec+0x18f/0x1d0 net/socket.c:737
Call trace for netdevsim0[16] +3 at
__dev_hold include/linux/netdevice.h:4403 [inline]
netdev_hold include/linux/netdevice.h:4446 [inline]
dev_hold include/linux/netdevice.h:4469 [inline]
netdevice_queue_work drivers/infiniband/core/roce_gid_mgmt.c:699 [inline]
netdevice_event+0x593/0x8d0 drivers/infiniband/core/roce_gid_mgmt.c:849
notifier_call_chain+0x1be/0x400 kernel/notifier.c:85
call_netdevice_notifiers_extack net/core/dev.c:2281 [inline]
call_netdevice_notifiers net/core/dev.c:2295 [inline]
__dev_notify_flags+0x1a9/0x310 net/core/dev.c:9788
netif_change_flags+0xe8/0x1a0 net/core/dev.c:9817
do_setlink+0xf82/0x4590 net/core/rtnetlink.c:3158
rtnl_changelink net/core/rtnetlink.c:3776 [inline]
__rtnl_newlink net/core/rtnetlink.c:3935 [inline]
rtnl_newlink+0x15a9/0x1be0 net/core/rtnetlink.c:4072
rtnetlink_rcv_msg+0x7d5/0xbe0 net/core/rtnetlink.c:6958
netlink_rcv_skb+0x232/0x4b0 net/netlink/af_netlink.c:2550
netlink_unicast_kernel net/netlink/af_netlink.c:1318 [inline]
netlink_unicast+0x80f/0x9b0 net/netlink/af_netlink.c:1344
netlink_sendmsg+0x813/0xb40 net/netlink/af_netlink.c:1894
sock_sendmsg_nosec+0x18f/0x1d0 net/socket.c:737
Call trace for netdevsim0[17] +1 at
__dev_hold include/linux/netdevice.h:4403 [inline]
netdev_hold include/linux/netdevice.h:4446 [inline]
dev_hold include/linux/netdevice.h:4469 [inline]
dev_get_by_index+0x1b3/0x2f0 net/core/dev.c:995
netdev_get_by_index+0x25/0xb0 net/core/dev.c:1018
fib6_nh_init+0x1f2/0x2010 net/ipv6/route.c:3598
ip6_route_info_create_nh+0x16a/0xad0 net/ipv6/route.c:3898
ip6_route_add+0x6e/0x1b0 net/ipv6/route.c:3950
addrconf_add_mroute+0x2d1/0x370 net/ipv6/addrconf.c:2552
addrconf_add_dev net/ipv6/addrconf.c:2570 [inline]
addrconf_dev_config net/ipv6/addrconf.c:3484 [inline]
addrconf_init_auto_addrs+0x4d7/0xa50 net/ipv6/addrconf.c:3572
addrconf_notify+0xb1e/0x1050 net/ipv6/addrconf.c:3745
notifier_call_chain+0x1be/0x400 kernel/notifier.c:85
call_netdevice_notifiers_extack net/core/dev.c:2281 [inline]
call_netdevice_notifiers net/core/dev.c:2295 [inline]
__dev_notify_flags+0x1a9/0x310 net/core/dev.c:9788
netif_change_flags+0xe8/0x1a0 net/core/dev.c:9817
do_setlink+0xf82/0x4590 net/core/rtnetlink.c:3158
rtnl_changelink net/core/rtnetlink.c:3776 [inline]
__rtnl_newlink net/core/rtnetlink.c:3935 [inline]
rtnl_newlink+0x15a9/0x1be0 net/core/rtnetlink.c:4072
rtnetlink_rcv_msg+0x7d5/0xbe0 net/core/rtnetlink.c:6958
netlink_rcv_skb+0x232/0x4b0 net/netlink/af_netlink.c:2550
netlink_unicast_kernel net/netlink/af_netlink.c:1318 [inline]
netlink_unicast+0x80f/0x9b0 net/netlink/af_netlink.c:1344
netlink_sendmsg+0x813/0xb40 net/netlink/af_netlink.c:1894
sock_sendmsg_nosec+0x18f/0x1d0 net/socket.c:737
Call trace for netdevsim0[18] +1 at
__dev_hold include/linux/netdevice.h:4403 [inline]
netdev_hold include/linux/netdevice.h:4446 [inline]
dev_hold include/linux/netdevice.h:4469 [inline]
dev_get_by_index+0x1b3/0x2f0 net/core/dev.c:995
netdev_get_by_index+0x25/0xb0 net/core/dev.c:1018
fib6_nh_init+0x1f2/0x2010 net/ipv6/route.c:3598
ip6_route_info_create_nh+0x16a/0xad0 net/ipv6/route.c:3898
addrconf_f6i_alloc+0x3b7/0x630 net/ipv6/route.c:4690
ipv6_add_addr+0x59c/0x1100 net/ipv6/addrconf.c:1126
addrconf_add_linklocal+0x20c/0x460 net/ipv6/addrconf.c:3311
addrconf_addr_gen+0x2f8/0x360 net/ipv6/addrconf.c:3447
addrconf_notify+0xb1e/0x1050 net/ipv6/addrconf.c:3745
notifier_call_chain+0x1be/0x400 kernel/notifier.c:85
call_netdevice_notifiers_extack net/core/dev.c:2281 [inline]
call_netdevice_notifiers net/core/dev.c:2295 [inline]
__dev_notify_flags+0x1a9/0x310 net/core/dev.c:9788
netif_change_flags+0xe8/0x1a0 net/core/dev.c:9817
do_setlink+0xf82/0x4590 net/core/rtnetlink.c:3158
rtnl_changelink net/core/rtnetlink.c:3776 [inline]
__rtnl_newlink net/core/rtnetlink.c:3935 [inline]
rtnl_newlink+0x15a9/0x1be0 net/core/rtnetlink.c:4072
rtnetlink_rcv_msg+0x7d5/0xbe0 net/core/rtnetlink.c:6958
netlink_rcv_skb+0x232/0x4b0 net/netlink/af_netlink.c:2550
netlink_unicast_kernel net/netlink/af_netlink.c:1318 [inline]
netlink_unicast+0x80f/0x9b0 net/netlink/af_netlink.c:1344
netlink_sendmsg+0x813/0xb40 net/netlink/af_netlink.c:1894
sock_sendmsg_nosec+0x18f/0x1d0 net/socket.c:737
Call trace for netdevsim0[19] +1 at
__dev_hold include/linux/netdevice.h:4403 [inline]
netdev_hold include/linux/netdevice.h:4446 [inline]
dev_hold include/linux/netdevice.h:4469 [inline]
addr_event+0x302/0x480 drivers/infiniband/core/roce_gid_mgmt.c:897
inet6addr_event+0x9f/0xd0 drivers/infiniband/core/roce_gid_mgmt.c:930
notifier_call_chain+0x1be/0x400 kernel/notifier.c:85
atomic_notifier_call_chain+0xda/0x180 kernel/notifier.c:223
ipv6_add_addr+0xe08/0x1100 net/ipv6/addrconf.c:1186
addrconf_add_linklocal+0x20c/0x460 net/ipv6/addrconf.c:3311
addrconf_addr_gen+0x2f8/0x360 net/ipv6/addrconf.c:3447
addrconf_notify+0xb1e/0x1050 net/ipv6/addrconf.c:3745
notifier_call_chain+0x1be/0x400 kernel/notifier.c:85
call_netdevice_notifiers_extack net/core/dev.c:2281 [inline]
call_netdevice_notifiers net/core/dev.c:2295 [inline]
__dev_notify_flags+0x1a9/0x310 net/core/dev.c:9788
netif_change_flags+0xe8/0x1a0 net/core/dev.c:9817
do_setlink+0xf82/0x4590 net/core/rtnetlink.c:3158
rtnl_changelink net/core/rtnetlink.c:3776 [inline]
__rtnl_newlink net/core/rtnetlink.c:3935 [inline]
rtnl_newlink+0x15a9/0x1be0 net/core/rtnetlink.c:4072
rtnetlink_rcv_msg+0x7d5/0xbe0 net/core/rtnetlink.c:6958
netlink_rcv_skb+0x232/0x4b0 net/netlink/af_netlink.c:2550
netlink_unicast_kernel net/netlink/af_netlink.c:1318 [inline]
netlink_unicast+0x80f/0x9b0 net/netlink/af_netlink.c:1344
netlink_sendmsg+0x813/0xb40 net/netlink/af_netlink.c:1894
sock_sendmsg_nosec+0x18f/0x1d0 net/socket.c:737
Call trace for netdevsim0[20] -2 at
__dev_put include/linux/netdevice.h:4389 [inline]
netdev_put include/linux/netdevice.h:4456 [inline]
dev_put include/linux/netdevice.h:4481 [inline]
update_gid_event_work_handler+0x84/0xf0 drivers/infiniband/core/roce_gid_mgmt.c:861
process_one_work+0x949/0x1650 kernel/workqueue.c:3279
Call trace for netdevsim0[21] +1 at
__dev_hold include/linux/netdevice.h:4403 [inline]
netdev_hold include/linux/netdevice.h:4446 [inline]
dev_hold include/linux/netdevice.h:4469 [inline]
dev_get_by_index+0x1b3/0x2f0 net/core/dev.c:995
netdev_get_by_index+0x25/0xb0 net/core/dev.c:1018
fib6_nh_init+0x1f2/0x2010 net/ipv6/route.c:3598
ip6_route_info_create_nh+0x16a/0xad0 net/ipv6/route.c:3898
ip6_route_add+0x6e/0x1b0 net/ipv6/route.c:3950
addrconf_prefix_route+0x3a2/0x480 net/ipv6/addrconf.c:2488
addrconf_add_linklocal+0x266/0x460 net/ipv6/addrconf.c:3313
addrconf_addr_gen+0x2f8/0x360 net/ipv6/addrconf.c:3447
addrconf_notify+0xb1e/0x1050 net/ipv6/addrconf.c:3745
notifier_call_chain+0x1be/0x400 kernel/notifier.c:85
call_netdevice_notifiers_extack net/core/dev.c:2281 [inline]
call_netdevice_notifiers net/core/dev.c:2295 [inline]
__dev_notify_flags+0x1a9/0x310 net/core/dev.c:9788
netif_change_flags+0xe8/0x1a0 net/core/dev.c:9817
do_setlink+0xf82/0x4590 net/core/rtnetlink.c:3158
rtnl_changelink net/core/rtnetlink.c:3776 [inline]
__rtnl_newlink net/core/rtnetlink.c:3935 [inline]
rtnl_newlink+0x15a9/0x1be0 net/core/rtnetlink.c:4072
rtnetlink_rcv_msg+0x7d5/0xbe0 net/core/rtnetlink.c:6958
netlink_rcv_skb+0x232/0x4b0 net/netlink/af_netlink.c:2550
netlink_unicast_kernel net/netlink/af_netlink.c:1318 [inline]
netlink_unicast+0x80f/0x9b0 net/netlink/af_netlink.c:1344
netlink_sendmsg+0x813/0xb40 net/netlink/af_netlink.c:1894
sock_sendmsg_nosec+0x18f/0x1d0 net/socket.c:737
Call trace for netdevsim0[22] +2 at
__dev_hold include/linux/netdevice.h:4403 [inline]
netdev_hold include/linux/netdevice.h:4446 [inline]
dst_init+0x6f/0x490 net/core/dst.c:52
dst_alloc+0x12a/0x170 net/core/dst.c:94
ip6_dst_alloc net/ipv6/route.c:342 [inline]
icmp6_dst_alloc+0x75/0x440 net/ipv6/route.c:3333
mld_sendpack+0x6ba/0xe40 net/ipv6/mcast.c:1844
mld_send_cr net/ipv6/mcast.c:2154 [inline]
mld_ifc_work+0x835/0xe70 net/ipv6/mcast.c:2693
process_one_work+0x949/0x1650 kernel/workqueue.c:3279
Call trace for netdevsim0[23] +1 at
__dev_hold include/linux/netdevice.h:4403 [inline]
netdev_hold include/linux/netdevice.h:4446 [inline]
___neigh_create+0xc3d/0x2290 net/core/neighbour.c:664
ip6_finish_output2+0x1038/0x1360 net/ipv6/ip6_output.c:128
NF_HOOK_COND include/linux/netfilter.h:307 [inline]
ip6_output+0x340/0x550 net/ipv6/ip6_output.c:247
NF_HOOK+0xa2/0x3a0 include/linux/netfilter.h:318
mld_sendpack+0x8b4/0xe40 net/ipv6/mcast.c:1855
mld_send_cr net/ipv6/mcast.c:2154 [inline]
mld_ifc_work+0x835/0xe70 net/ipv6/mcast.c:2693
process_one_work+0x949/0x1650 kernel/workqueue.c:3279
Call trace for netdevsim0[24] -12 at
__dev_put include/linux/netdevice.h:4389 [inline]
netdev_put include/linux/netdevice.h:4456 [inline]
dst_destroy+0x117/0x360 net/core/dst.c:115
rcu_do_batch kernel/rcu/tree.c:2617 [inline]
rcu_core+0x7cd/0x1070 kernel/rcu/tree.c:2869
handle_softirqs+0x22a/0x870 kernel/softirq.c:626
Call trace for netdevsim0[25] +1 at
__dev_hold include/linux/netdevice.h:4403 [inline]
netdev_hold include/linux/netdevice.h:4446 [inline]
dst_init+0x6f/0x490 net/core/dst.c:52
dst_alloc+0x12a/0x170 net/core/dst.c:94
ip6_dst_alloc net/ipv6/route.c:342 [inline]
icmp6_dst_alloc+0x75/0x440 net/ipv6/route.c:3333
ndisc_send_skb+0x42d/0x14e0 net/ipv6/ndisc.c:491
ndisc_send_ns+0xd7/0x160 net/ipv6/ndisc.c:670
addrconf_dad_work+0xac4/0x14c0 net/ipv6/addrconf.c:4287
process_one_work+0x949/0x1650 kernel/workqueue.c:3279
Call trace for netdevsim0[26] +1 at
__dev_hold include/linux/netdevice.h:4403 [inline]
netdev_hold include/linux/netdevice.h:4446 [inline]
___neigh_create+0xc3d/0x2290 net/core/neighbour.c:664
ip6_finish_output2+0x1038/0x1360 net/ipv6/ip6_output.c:128
NF_HOOK_COND include/linux/netfilter.h:307 [inline]
ip6_output+0x340/0x550 net/ipv6/ip6_output.c:247
NF_HOOK include/linux/netfilter.h:318 [inline]
ndisc_send_skb+0xbaa/0x14e0 net/ipv6/ndisc.c:512
ndisc_send_ns+0xd7/0x160 net/ipv6/ndisc.c:670
addrconf_dad_work+0xac4/0x14c0 net/ipv6/addrconf.c:4287
process_one_work+0x949/0x1650 kernel/workqueue.c:3279
Call trace for netdevsim0[27] +1 at
__dev_hold include/linux/netdevice.h:4403 [inline]
netdev_hold include/linux/netdevice.h:4446 [inline]
dst_init+0x6f/0x490 net/core/dst.c:52
dst_alloc+0x12a/0x170 net/core/dst.c:94
ip6_dst_alloc net/ipv6/route.c:342 [inline]
icmp6_dst_alloc+0x75/0x440 net/ipv6/route.c:3333
mld_sendpack+0x6ba/0xe40 net/ipv6/mcast.c:1844
ipv6_mc_dad_complete+0x88/0x540 net/ipv6/mcast.c:2279
addrconf_dad_completed+0x8a7/0xe60 net/ipv6/addrconf.c:4345
addrconf_dad_work+0xc5e/0x14c0 net/ipv6/addrconf.c:-1
process_one_work+0x949/0x1650 kernel/workqueue.c:3279
Call trace for netdevsim0[28] +1 at
__dev_hold include/linux/netdevice.h:4403 [inline]
netdev_hold include/linux/netdevice.h:4446 [inline]
dst_init+0x6f/0x490 net/core/dst.c:52
dst_alloc+0x12a/0x170 net/core/dst.c:94
ip6_dst_alloc net/ipv6/route.c:342 [inline]
icmp6_dst_alloc+0x75/0x440 net/ipv6/route.c:3333
ndisc_send_skb+0x42d/0x14e0 net/ipv6/ndisc.c:491
addrconf_dad_completed+0x909/0xe60 net/ipv6/addrconf.c:4365
addrconf_dad_work+0xc5e/0x14c0 net/ipv6/addrconf.c:-1
process_one_work+0x949/0x1650 kernel/workqueue.c:3279
Call trace for netdevsim0[29] +1 at
__dev_hold include/linux/netdevice.h:4403 [inline]
netdev_hold include/linux/netdevice.h:4446 [inline]
___neigh_create+0xc3d/0x2290 net/core/neighbour.c:664
ip6_finish_output2+0x1038/0x1360 net/ipv6/ip6_output.c:128
NF_HOOK_COND include/linux/netfilter.h:307 [inline]
ip6_output+0x340/0x550 net/ipv6/ip6_output.c:247
NF_HOOK include/linux/netfilter.h:318 [inline]
ndisc_send_skb+0xbaa/0x14e0 net/ipv6/ndisc.c:512
addrconf_dad_completed+0x909/0xe60 net/ipv6/addrconf.c:4365
addrconf_dad_work+0xc5e/0x14c0 net/ipv6/addrconf.c:-1
process_one_work+0x949/0x1650 kernel/workqueue.c:3279
Call trace for netdevsim0[30] +1 at
__dev_hold include/linux/netdevice.h:4403 [inline]
netdev_hold include/linux/netdevice.h:4446 [inline]
dst_init+0x6f/0x490 net/core/dst.c:52
dst_alloc+0x12a/0x170 net/core/dst.c:94
ip6_dst_alloc net/ipv6/route.c:342 [inline]
icmp6_dst_alloc+0x75/0x440 net/ipv6/route.c:3333
mld_sendpack+0x6ba/0xe40 net/ipv6/mcast.c:1844
mld_dad_work+0x45/0x5b0 net/ipv6/mcast.c:2294
process_one_work+0x949/0x1650 kernel/workqueue.c:3279
Call trace for netdevsim0[31] +6 at
__dev_hold include/linux/netdevice.h:4403 [inline]
netdev_hold include/linux/netdevice.h:4446 [inline]
dst_init+0x6f/0x490 net/core/dst.c:52
dst_alloc+0x12a/0x170 net/core/dst.c:94
ip6_dst_alloc net/ipv6/route.c:342 [inline]
icmp6_dst_alloc+0x75/0x440 net/ipv6/route.c:3333
ndisc_send_skb+0x42d/0x14e0 net/ipv6/ndisc.c:491
addrconf_rs_timer+0x395/0x6d0 net/ipv6/addrconf.c:4042
call_timer_fn+0x192/0x640 kernel/time/timer.c:1748
expire_timers kernel/time/timer.c:1799 [inline]
__run_timers kernel/time/timer.c:2373 [inline]
__run_timer_base+0x652/0x8b0 kernel/time/timer.c:2385
run_timer_base kernel/time/timer.c:2394 [inline]
run_timer_softirq+0xb7/0x170 kernel/time/timer.c:2404
handle_softirqs+0x22a/0x870 kernel/softirq.c:626
Call trace for netdevsim0[32] -4 at
__dev_put include/linux/netdevice.h:4389 [inline]
netdev_put include/linux/netdevice.h:4456 [inline]
neigh_destroy+0x35c/0x5d0 net/core/neighbour.c:940
neigh_periodic_work+0xb4f/0xe50 net/core/neighbour.c:1029
process_one_work+0x949/0x1650 kernel/workqueue.c:3279
process_scheduled_works kernel/workqueue.c:3362 [inline]
worker_thread+0xb46/0x1140 kernel/workqueue.c:3443
kthread+0x388/0x470 kernel/kthread.c:467
ret_from_fork+0x51e/0xb90 arch/x86/kernel/process.c:158
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
Call trace for netdevsim0[33] +1 at
__dev_hold include/linux/netdevice.h:4403 [inline]
netdev_hold include/linux/netdevice.h:4446 [inline]
dev_hold include/linux/netdevice.h:4469 [inline]
dev_get_by_index+0x1b3/0x2f0 net/core/dev.c:995
xfrm_dev_state_add+0x33a/0xc40 net/xfrm/xfrm_device.c:268
xfrm_state_construct net/xfrm/xfrm_user.c:986 [inline]
xfrm_add_sa+0x34ca/0x4230 net/xfrm/xfrm_user.c:1022
xfrm_user_rcv_msg+0x746/0xb20 net/xfrm/xfrm_user.c:3507
netlink_rcv_skb+0x232/0x4b0 net/netlink/af_netlink.c:2550
xfrm_netlink_rcv+0x79/0x90 net/xfrm/xfrm_user.c:3529
netlink_unicast_kernel net/netlink/af_netlink.c:1318 [inline]
netlink_unicast+0x80f/0x9b0 net/netlink/af_netlink.c:1344
netlink_sendmsg+0x813/0xb40 net/netlink/af_netlink.c:1894
sock_sendmsg_nosec+0x18f/0x1d0 net/socket.c:737
Call trace for netdevsim0[34] +2 at
__dev_hold include/linux/netdevice.h:4403 [inline]
netdev_hold include/linux/netdevice.h:4446 [inline]
___neigh_create+0xc3d/0x2290 net/core/neighbour.c:664
ip6_finish_output2+0x1038/0x1360 net/ipv6/ip6_output.c:128
NF_HOOK_COND include/linux/netfilter.h:307 [inline]
ip6_output+0x340/0x550 net/ipv6/ip6_output.c:247
NF_HOOK include/linux/netfilter.h:318 [inline]
ndisc_send_skb+0xbaa/0x14e0 net/ipv6/ndisc.c:512
addrconf_rs_timer+0x395/0x6d0 net/ipv6/addrconf.c:4042
call_timer_fn+0x192/0x640 kernel/time/timer.c:1748
expire_timers kernel/time/timer.c:1799 [inline]
__run_timers kernel/time/timer.c:2373 [inline]
__run_timer_base+0x652/0x8b0 kernel/time/timer.c:2385
run_timer_base kernel/time/timer.c:2394 [inline]
run_timer_softirq+0xb7/0x170 kernel/time/timer.c:2404
handle_softirqs+0x22a/0x870 kernel/softirq.c:626
Call trace for netdevsim0[35] +1 at
__dev_hold include/linux/netdevice.h:4403 [inline]
netdev_hold include/linux/netdevice.h:4446 [inline]
dev_hold include/linux/netdevice.h:4469 [inline]
dev_get_by_name+0xdb/0x210 net/core/dev.c:909
netdev_get_by_name+0x27/0xb0 net/core/dev.c:933
ethnl_parse_header_dev_get+0x445/0x8b0 net/ethtool/netlink.c:194
ethnl_default_parse net/ethtool/netlink.c:457 [inline]
ethnl_default_set_doit+0x224/0xae0 net/ethtool/netlink.c:895
genl_family_rcv_msg_doit+0x22a/0x330 net/netlink/genetlink.c:1115
genl_family_rcv_msg net/netlink/genetlink.c:1195 [inline]
genl_rcv_msg+0x61c/0x7a0 net/netlink/genetlink.c:1210
netlink_rcv_skb+0x232/0x4b0 net/netlink/af_netlink.c:2550
genl_rcv+0x28/0x40 net/netlink/genetlink.c:1219
netlink_unicast_kernel net/netlink/af_netlink.c:1318 [inline]
netlink_unicast+0x80f/0x9b0 net/netlink/af_netlink.c:1344
netlink_sendmsg+0x813/0xb40 net/netlink/af_netlink.c:1894
sock_sendmsg_nosec+0x18f/0x1d0 net/socket.c:737
Call trace for netdevsim0[36] -1 at
__dev_put include/linux/netdevice.h:4389 [inline]
netdev_put include/linux/netdevice.h:4456 [inline]
ethnl_parse_header_dev_put net/ethtool/netlink.h:274 [inline]
ethnl_default_set_doit+0x92e/0xae0 net/ethtool/netlink.c:940
genl_family_rcv_msg_doit+0x22a/0x330 net/netlink/genetlink.c:1115
genl_family_rcv_msg net/netlink/genetlink.c:1195 [inline]
genl_rcv_msg+0x61c/0x7a0 net/netlink/genetlink.c:1210
netlink_rcv_skb+0x232/0x4b0 net/netlink/af_netlink.c:2550
genl_rcv+0x28/0x40 net/netlink/genetlink.c:1219
netlink_unicast_kernel net/netlink/af_netlink.c:1318 [inline]
netlink_unicast+0x80f/0x9b0 net/netlink/af_netlink.c:1344
netlink_sendmsg+0x813/0xb40 net/netlink/af_netlink.c:1894
sock_sendmsg_nosec+0x18f/0x1d0 net/socket.c:737
Call trace for netdevsim0[37] +1 at
__dev_hold include/linux/netdevice.h:4403 [inline]
netdev_hold include/linux/netdevice.h:4446 [inline]
linkwatch_add_event net/core/link_watch.c:131 [inline]
linkwatch_fire_event+0x166/0x220 net/core/link_watch.c:314
nsim_stop+0x88/0x430 drivers/net/netdevsim/netdev.c:595
__dev_close_many+0x368/0x6d0 net/core/dev.c:1768
netif_close_many+0x225/0x420 net/core/dev.c:1793
netif_close_many_and_unlock net/core/dev.c:12317 [inline]
unregister_netdevice_many_notify+0x81f/0x2380 net/core/dev.c:12381
unregister_netdevice_many net/core/dev.c:12480 [inline]
unregister_netdevice_queue+0x31f/0x360 net/core/dev.c:12294
unregister_netdevice include/linux/netdevice.h:3414 [inline]
nsim_destroy+0x1e5/0x680 drivers/net/netdevsim/netdev.c:1183
__nsim_dev_port_del+0x14d/0x1b0 drivers/net/netdevsim/dev.c:1529
nsim_dev_port_del_all drivers/net/netdevsim/dev.c:1541 [inline]
nsim_dev_reload_destroy+0x288/0x490 drivers/net/netdevsim/dev.c:1765
nsim_dev_reload_down+0x8a/0xc0 drivers/net/netdevsim/dev.c:1039
devlink_reload+0x1d1/0x8e0 net/devlink/dev.c:461
devlink_pernet_pre_exit+0x1e6/0x3f0 net/devlink/core.c:509
ops_pre_exit_list net/core/net_namespace.c:161 [inline]
ops_undo_list+0x187/0x940 net/core/net_namespace.c:234
cleanup_net+0x4df/0x7b0 net/core/net_namespace.c:696
process_one_work+0x949/0x1650 kernel/workqueue.c:3279
Call trace for netdevsim0[38] -1 at
__dev_put include/linux/netdevice.h:4389 [inline]
netdev_put include/linux/netdevice.h:4456 [inline]
neigh_destroy+0x35c/0x5d0 net/core/neighbour.c:940
neigh_flush_dev net/core/neighbour.c:433 [inline]
__neigh_ifdown+0x1e8/0x8c0 net/core/neighbour.c:467
neigh_ifdown+0x1f/0x30 net/core/neighbour.c:491
rt6_disable_ip+0x776/0x7f0 net/ipv6/route.c:5018
addrconf_ifdown+0x161/0x1a40 net/ipv6/addrconf.c:3858
addrconf_notify+0x1bc/0x1050 net/ipv6/addrconf.c:-1
notifier_call_chain+0x1be/0x400 kernel/notifier.c:85
call_netdevice_notifiers_extack net/core/dev.c:2281 [inline]
call_netdevice_notifiers net/core/dev.c:2295 [inline]
netif_close_many+0x2ae/0x420 net/core/dev.c:1797
netif_close_many_and_unlock net/core/dev.c:12317 [inline]
unregister_netdevice_many_notify+0x81f/0x2380 net/core/dev.c:12381
unregister_netdevice_many net/core/dev.c:12480 [inline]
unregister_netdevice_queue+0x31f/0x360 net/core/dev.c:12294
unregister_netdevice include/linux/netdevice.h:3414 [inline]
nsim_destroy+0x1e5/0x680 drivers/net/netdevsim/netdev.c:1183
__nsim_dev_port_del+0x14d/0x1b0 drivers/net/netdevsim/dev.c:1529
nsim_dev_port_del_all drivers/net/netdevsim/dev.c:1541 [inline]
nsim_dev_reload_destroy+0x288/0x490 drivers/net/netdevsim/dev.c:1765
nsim_dev_reload_down+0x8a/0xc0 drivers/net/netdevsim/dev.c:1039
devlink_reload+0x1d1/0x8e0 net/devlink/dev.c:461
devlink_pernet_pre_exit+0x1e6/0x3f0 net/devlink/core.c:509
ops_pre_exit_list net/core/net_namespace.c:161 [inline]
ops_undo_list+0x187/0x940 net/core/net_namespace.c:234
cleanup_net+0x4df/0x7b0 net/core/net_namespace.c:696
process_one_work+0x949/0x1650 kernel/workqueue.c:3279
process_scheduled_works kernel/workqueue.c:3362 [inline]
worker_thread+0xb46/0x1140 kernel/workqueue.c:3443
Call trace for netdevsim0[39] +1 at
__dev_hold include/linux/netdevice.h:4403 [inline]
netdev_hold include/linux/netdevice.h:4446 [inline]
dev_hold include/linux/netdevice.h:4469 [inline]
addr_event+0x302/0x480 drivers/infiniband/core/roce_gid_mgmt.c:897
inet6addr_event+0x9f/0xd0 drivers/infiniband/core/roce_gid_mgmt.c:930
notifier_call_chain+0x1be/0x400 kernel/notifier.c:85
atomic_notifier_call_chain+0xda/0x180 kernel/notifier.c:223
addrconf_ifdown+0xeb3/0x1a40 net/ipv6/addrconf.c:3983
addrconf_notify+0x1bc/0x1050 net/ipv6/addrconf.c:-1
notifier_call_chain+0x1be/0x400 kernel/notifier.c:85
call_netdevice_notifiers_extack net/core/dev.c:2281 [inline]
call_netdevice_notifiers net/core/dev.c:2295 [inline]
netif_close_many+0x2ae/0x420 net/core/dev.c:1797
netif_close_many_and_unlock net/core/dev.c:12317 [inline]
unregister_netdevice_many_notify+0x81f/0x2380 net/core/dev.c:12381
unregister_netdevice_many net/core/dev.c:12480 [inline]
unregister_netdevice_queue+0x31f/0x360 net/core/dev.c:12294
unregister_netdevice include/linux/netdevice.h:3414 [inline]
nsim_destroy+0x1e5/0x680 drivers/net/netdevsim/netdev.c:1183
__nsim_dev_port_del+0x14d/0x1b0 drivers/net/netdevsim/dev.c:1529
nsim_dev_port_del_all drivers/net/netdevsim/dev.c:1541 [inline]
nsim_dev_reload_destroy+0x288/0x490 drivers/net/netdevsim/dev.c:1765
nsim_dev_reload_down+0x8a/0xc0 drivers/net/netdevsim/dev.c:1039
devlink_reload+0x1d1/0x8e0 net/devlink/dev.c:461
devlink_pernet_pre_exit+0x1e6/0x3f0 net/devlink/core.c:509
ops_pre_exit_list net/core/net_namespace.c:161 [inline]
ops_undo_list+0x187/0x940 net/core/net_namespace.c:234
cleanup_net+0x4df/0x7b0 net/core/net_namespace.c:696
process_one_work+0x949/0x1650 kernel/workqueue.c:3279
Call trace for netdevsim0[40] -3 at
__dev_put include/linux/netdevice.h:4389 [inline]
netdev_put include/linux/netdevice.h:4456 [inline]
fib_nh_common_release+0x5c/0x430 net/ipv4/fib_semantics.c:204
fib6_info_destroy_rcu+0xca/0x1c0 net/ipv6/ip6_fib.c:177
rcu_do_batch kernel/rcu/tree.c:2617 [inline]
rcu_core+0x7cd/0x1070 kernel/rcu/tree.c:2869
handle_softirqs+0x22a/0x870 kernel/softirq.c:626
Call trace for netdevsim0[41] -1 at
__dev_put include/linux/netdevice.h:4389 [inline]
netdev_put include/linux/netdevice.h:4456 [inline]
__qdisc_destroy+0x1c9/0x450 net/sched/sch_generic.c:1081
qdisc_put net/sched/sch_generic.c:1105 [inline]
dev_shutdown+0x34c/0x440 net/sched/sch_generic.c:1493
unregister_netdevice_many_notify+0x11a9/0x2380 net/core/dev.c:12405
unregister_netdevice_many net/core/dev.c:12480 [inline]
unregister_netdevice_queue+0x31f/0x360 net/core/dev.c:12294
unregister_netdevice include/linux/netdevice.h:3414 [inline]
nsim_destroy+0x1e5/0x680 drivers/net/netdevsim/netdev.c:1183
__nsim_dev_port_del+0x14d/0x1b0 drivers/net/netdevsim/dev.c:1529
nsim_dev_port_del_all drivers/net/netdevsim/dev.c:1541 [inline]
nsim_dev_reload_destroy+0x288/0x490 drivers/net/netdevsim/dev.c:1765
nsim_dev_reload_down+0x8a/0xc0 drivers/net/netdevsim/dev.c:1039
devlink_reload+0x1d1/0x8e0 net/devlink/dev.c:461
devlink_pernet_pre_exit+0x1e6/0x3f0 net/devlink/core.c:509
ops_pre_exit_list net/core/net_namespace.c:161 [inline]
ops_undo_list+0x187/0x940 net/core/net_namespace.c:234
cleanup_net+0x4df/0x7b0 net/core/net_namespace.c:696
process_one_work+0x949/0x1650 kernel/workqueue.c:3279
Call trace for netdevsim0[42] +1 at
__dev_hold include/linux/netdevice.h:4403 [inline]
netdev_hold include/linux/netdevice.h:4446 [inline]
dev_hold include/linux/netdevice.h:4469 [inline]
netdevice_queue_work drivers/infiniband/core/roce_gid_mgmt.c:698 [inline]
netdevice_event+0x4ea/0x8d0 drivers/infiniband/core/roce_gid_mgmt.c:849
notifier_call_chain+0x1be/0x400 kernel/notifier.c:85
call_netdevice_notifiers_extack net/core/dev.c:2281 [inline]
call_netdevice_notifiers net/core/dev.c:2295 [inline]
unregister_netdevice_many_notify+0x186a/0x2380 net/core/dev.c:12417
unregister_netdevice_many net/core/dev.c:12480 [inline]
unregister_netdevice_queue+0x31f/0x360 net/core/dev.c:12294
unregister_netdevice include/linux/netdevice.h:3414 [inline]
nsim_destroy+0x1e5/0x680 drivers/net/netdevsim/netdev.c:1183
__nsim_dev_port_del+0x14d/0x1b0 drivers/net/netdevsim/dev.c:1529
nsim_dev_port_del_all drivers/net/netdevsim/dev.c:1541 [inline]
nsim_dev_reload_destroy+0x288/0x490 drivers/net/netdevsim/dev.c:1765
nsim_dev_reload_down+0x8a/0xc0 drivers/net/netdevsim/dev.c:1039
devlink_reload+0x1d1/0x8e0 net/devlink/dev.c:461
devlink_pernet_pre_exit+0x1e6/0x3f0 net/devlink/core.c:509
ops_pre_exit_list net/core/net_namespace.c:161 [inline]
ops_undo_list+0x187/0x940 net/core/net_namespace.c:234
cleanup_net+0x4df/0x7b0 net/core/net_namespace.c:696
process_one_work+0x949/0x1650 kernel/workqueue.c:3279
Call trace for netdevsim0[43] +1 at
__dev_hold include/linux/netdevice.h:4403 [inline]
netdev_hold include/linux/netdevice.h:4446 [inline]
dev_hold include/linux/netdevice.h:4469 [inline]
netdevice_queue_work drivers/infiniband/core/roce_gid_mgmt.c:699 [inline]
netdevice_event+0x593/0x8d0 drivers/infiniband/core/roce_gid_mgmt.c:849
notifier_call_chain+0x1be/0x400 kernel/notifier.c:85
call_netdevice_notifiers_extack net/core/dev.c:2281 [inline]
call_netdevice_notifiers net/core/dev.c:2295 [inline]
unregister_netdevice_many_notify+0x186a/0x2380 net/core/dev.c:12417
unregister_netdevice_many net/core/dev.c:12480 [inline]
unregister_netdevice_queue+0x31f/0x360 net/core/dev.c:12294
unregister_netdevice include/linux/netdevice.h:3414 [inline]
nsim_destroy+0x1e5/0x680 drivers/net/netdevsim/netdev.c:1183
__nsim_dev_port_del+0x14d/0x1b0 drivers/net/netdevsim/dev.c:1529
nsim_dev_port_del_all drivers/net/netdevsim/dev.c:1541 [inline]
nsim_dev_reload_destroy+0x288/0x490 drivers/net/netdevsim/dev.c:1765
nsim_dev_reload_down+0x8a/0xc0 drivers/net/netdevsim/dev.c:1039
devlink_reload+0x1d1/0x8e0 net/devlink/dev.c:461
devlink_pernet_pre_exit+0x1e6/0x3f0 net/devlink/core.c:509
ops_pre_exit_list net/core/net_namespace.c:161 [inline]
ops_undo_list+0x187/0x940 net/core/net_namespace.c:234
cleanup_net+0x4df/0x7b0 net/core/net_namespace.c:696
process_one_work+0x949/0x1650 kernel/workqueue.c:3279
Call trace for netdevsim0[44] -1 at
__dev_put include/linux/netdevice.h:4389 [inline]
netdev_put include/linux/netdevice.h:4456 [inline]
neigh_parms_release+0x170/0x200 net/core/neighbour.c:1817
inetdev_destroy net/ipv4/devinet.c:335 [inline]
inetdev_event+0x7f4/0x1610 net/ipv4/devinet.c:1655
notifier_call_chain+0x1be/0x400 kernel/notifier.c:85
call_netdevice_notifiers_extack net/core/dev.c:2281 [inline]
call_netdevice_notifiers net/core/dev.c:2295 [inline]
unregister_netdevice_many_notify+0x186a/0x2380 net/core/dev.c:12417
unregister_netdevice_many net/core/dev.c:12480 [inline]
unregister_netdevice_queue+0x31f/0x360 net/core/dev.c:12294
unregister_netdevice include/linux/netdevice.h:3414 [inline]
nsim_destroy+0x1e5/0x680 drivers/net/netdevsim/netdev.c:1183
__nsim_dev_port_del+0x14d/0x1b0 drivers/net/netdevsim/dev.c:1529
nsim_dev_port_del_all drivers/net/netdevsim/dev.c:1541 [inline]
nsim_dev_reload_destroy+0x288/0x490 drivers/net/netdevsim/dev.c:1765
nsim_dev_reload_down+0x8a/0xc0 drivers/net/netdevsim/dev.c:1039
devlink_reload+0x1d1/0x8e0 net/devlink/dev.c:461
devlink_pernet_pre_exit+0x1e6/0x3f0 net/devlink/core.c:509
ops_pre_exit_list net/core/net_namespace.c:161 [inline]
ops_undo_list+0x187/0x940 net/core/net_namespace.c:234
cleanup_net+0x4df/0x7b0 net/core/net_namespace.c:696
process_one_work+0x949/0x1650 kernel/workqueue.c:3279
Call trace for netdevsim0[45] -1 at
__dev_put include/linux/netdevice.h:4389 [inline]
netdev_put include/linux/netdevice.h:4456 [inline]
in_dev_finish_destroy+0xa7/0x1a0 net/ipv4/devinet.c:258
in_dev_put include/linux/inetdevice.h:290 [inline]
inetdev_destroy net/ipv4/devinet.c:338 [inline]
inetdev_event+0x83b/0x1610 net/ipv4/devinet.c:1655
notifier_call_chain+0x1be/0x400 kernel/notifier.c:85
call_netdevice_notifiers_extack net/core/dev.c:2281 [inline]
call_netdevice_notifiers net/core/dev.c:2295 [inline]
unregister_netdevice_many_notify+0x186a/0x2380 net/core/dev.c:12417
unregister_netdevice_many net/core/dev.c:12480 [inline]
unregister_netdevice_queue+0x31f/0x360 net/core/dev.c:12294
unregister_netdevice include/linux/netdevice.h:3414 [inline]
nsim_destroy+0x1e5/0x680 drivers/net/netdevsim/netdev.c:1183
__nsim_dev_port_del+0x14d/0x1b0 drivers/net/netdevsim/dev.c:1529
nsim_dev_port_del_all drivers/net/netdevsim/dev.c:1541 [inline]
nsim_dev_reload_destroy+0x288/0x490 drivers/net/netdevsim/dev.c:1765
nsim_dev_reload_down+0x8a/0xc0 drivers/net/netdevsim/dev.c:1039
devlink_reload+0x1d1/0x8e0 net/devlink/dev.c:461
devlink_pernet_pre_exit+0x1e6/0x3f0 net/devlink/core.c:509
ops_pre_exit_list net/core/net_namespace.c:161 [inline]
ops_undo_list+0x187/0x940 net/core/net_namespace.c:234
cleanup_net+0x4df/0x7b0 net/core/net_namespace.c:696
process_one_work+0x949/0x1650 kernel/workqueue.c:3279
Call trace for netdevsim0[46] -1 at
__dev_put include/linux/netdevice.h:4389 [inline]
netdev_put include/linux/netdevice.h:4456 [inline]
neigh_parms_release+0x170/0x200 net/core/neighbour.c:1817
addrconf_ifdown+0x177b/0x1a40 net/ipv6/addrconf.c:4012
addrconf_notify+0x1bc/0x1050 net/ipv6/addrconf.c:-1
notifier_call_chain+0x1be/0x400 kernel/notifier.c:85
call_netdevice_notifiers_extack net/core/dev.c:2281 [inline]
call_netdevice_notifiers net/core/dev.c:2295 [inline]
unregister_netdevice_many_notify+0x186a/0x2380 net/core/dev.c:12417
unregister_netdevice_many net/core/dev.c:12480 [inline]
unregister_netdevice_queue+0x31f/0x360 net/core/dev.c:12294
unregister_netdevice include/linux/netdevice.h:3414 [inline]
nsim_destroy+0x1e5/0x680 drivers/net/netdevsim/netdev.c:1183
__nsim_dev_port_del+0x14d/0x1b0 drivers/net/netdevsim/dev.c:1529
nsim_dev_port_del_all drivers/net/netdevsim/dev.c:1541 [inline]
nsim_dev_reload_destroy+0x288/0x490 drivers/net/netdevsim/dev.c:1765
nsim_dev_reload_down+0x8a/0xc0 drivers/net/netdevsim/dev.c:1039
devlink_reload+0x1d1/0x8e0 net/devlink/dev.c:461
devlink_pernet_pre_exit+0x1e6/0x3f0 net/devlink/core.c:509
ops_pre_exit_list net/core/net_namespace.c:161 [inline]
ops_undo_list+0x187/0x940 net/core/net_namespace.c:234
cleanup_net+0x4df/0x7b0 net/core/net_namespace.c:696
process_one_work+0x949/0x1650 kernel/workqueue.c:3279
Call trace for netdevsim0[47] -1 at
__dev_put include/linux/netdevice.h:4389 [inline]
netdev_put include/linux/netdevice.h:4456 [inline]
in6_dev_finish_destroy+0xdd/0x1e0 net/ipv6/addrconf_core.c:273
in6_dev_put include/net/addrconf.h:422 [inline]
addrconf_ifdown+0x17d1/0x1a40 net/ipv6/addrconf.c:4014
addrconf_notify+0x1bc/0x1050 net/ipv6/addrconf.c:-1
notifier_call_chain+0x1be/0x400 kernel/notifier.c:85
call_netdevice_notifiers_extack net/core/dev.c:2281 [inline]
call_netdevice_notifiers net/core/dev.c:2295 [inline]
unregister_netdevice_many_notify+0x186a/0x2380 net/core/dev.c:12417
unregister_netdevice_many net/core/dev.c:12480 [inline]
unregister_netdevice_queue+0x31f/0x360 net/core/dev.c:12294
unregister_netdevice include/linux/netdevice.h:3414 [inline]
nsim_destroy+0x1e5/0x680 drivers/net/netdevsim/netdev.c:1183
__nsim_dev_port_del+0x14d/0x1b0 drivers/net/netdevsim/dev.c:1529
nsim_dev_port_del_all drivers/net/netdevsim/dev.c:1541 [inline]
nsim_dev_reload_destroy+0x288/0x490 drivers/net/netdevsim/dev.c:1765
nsim_dev_reload_down+0x8a/0xc0 drivers/net/netdevsim/dev.c:1039
devlink_reload+0x1d1/0x8e0 net/devlink/dev.c:461
devlink_pernet_pre_exit+0x1e6/0x3f0 net/devlink/core.c:509
ops_pre_exit_list net/core/net_namespace.c:161 [inline]
ops_undo_list+0x187/0x940 net/core/net_namespace.c:234
cleanup_net+0x4df/0x7b0 net/core/net_namespace.c:696
process_one_work+0x949/0x1650 kernel/workqueue.c:3279
Call trace for netdevsim0[48] -1 at
__dev_put include/linux/netdevice.h:4389 [inline]
netdev_put include/linux/netdevice.h:4456 [inline]
batadv_hardif_release net/batman-adv/hard-interface.c:55 [inline]
kref_put include/linux/kref.h:65 [inline]
batadv_hardif_put+0x8f/0x140 net/batman-adv/hard-interface.h:94
batadv_hard_if_event+0x624/0x1240 net/batman-adv/hard-interface.c:1008
notifier_call_chain+0x1be/0x400 kernel/notifier.c:85
call_netdevice_notifiers_extack net/core/dev.c:2281 [inline]
call_netdevice_notifiers net/core/dev.c:2295 [inline]
unregister_netdevice_many_notify+0x186a/0x2380 net/core/dev.c:12417
unregister_netdevice_many net/core/dev.c:12480 [inline]
unregister_netdevice_queue+0x31f/0x360 net/core/dev.c:12294
unregister_netdevice include/linux/netdevice.h:3414 [inline]
nsim_destroy+0x1e5/0x680 drivers/net/netdevsim/netdev.c:1183
__nsim_dev_port_del+0x14d/0x1b0 drivers/net/netdevsim/dev.c:1529
nsim_dev_port_del_all drivers/net/netdevsim/dev.c:1541 [inline]
nsim_dev_reload_destroy+0x288/0x490 drivers/net/netdevsim/dev.c:1765
nsim_dev_reload_down+0x8a/0xc0 drivers/net/netdevsim/dev.c:1039
devlink_reload+0x1d1/0x8e0 net/devlink/dev.c:461
devlink_pernet_pre_exit+0x1e6/0x3f0 net/devlink/core.c:509
ops_pre_exit_list net/core/net_namespace.c:161 [inline]
ops_undo_list+0x187/0x940 net/core/net_namespace.c:234
cleanup_net+0x4df/0x7b0 net/core/net_namespace.c:696
process_one_work+0x949/0x1650 kernel/workqueue.c:3279
Call trace for netdevsim0[49] -1 at
__dev_put include/linux/netdevice.h:4389 [inline]
netdev_put include/linux/netdevice.h:4456 [inline]
dev_put include/linux/netdevice.h:4481 [inline]
udp_tunnel_nic_unregister net/ipv4/udp_tunnel_nic.c:913 [inline]
udp_tunnel_nic_netdevice_event+0x1582/0x17e0 net/ipv4/udp_tunnel_nic.c:942
notifier_call_chain+0x1be/0x400 kernel/notifier.c:85
call_netdevice_notifiers_extack net/core/dev.c:2281 [inline]
call_netdevice_notifiers net/core/dev.c:2295 [inline]
unregister_netdevice_many_notify+0x186a/0x2380 net/core/dev.c:12417
unregister_netdevice_many net/core/dev.c:12480 [inline]
unregister_netdevice_queue+0x31f/0x360 net/core/dev.c:12294
unregister_netdevice include/linux/netdevice.h:3414 [inline]
nsim_destroy+0x1e5/0x680 drivers/net/netdevsim/netdev.c:1183
__nsim_dev_port_del+0x14d/0x1b0 drivers/net/netdevsim/dev.c:1529
nsim_dev_port_del_all drivers/net/netdevsim/dev.c:1541 [inline]
nsim_dev_reload_destroy+0x288/0x490 drivers/net/netdevsim/dev.c:1765
nsim_dev_reload_down+0x8a/0xc0 drivers/net/netdevsim/dev.c:1039
devlink_reload+0x1d1/0x8e0 net/devlink/dev.c:461
devlink_pernet_pre_exit+0x1e6/0x3f0 net/devlink/core.c:509
ops_pre_exit_list net/core/net_namespace.c:161 [inline]
ops_undo_list+0x187/0x940 net/core/net_namespace.c:234
cleanup_net+0x4df/0x7b0 net/core/net_namespace.c:696
process_one_work+0x949/0x1650 kernel/workqueue.c:3279
Call trace for netdevsim0[50] -1 at
__dev_put include/linux/netdevice.h:4389 [inline]
netdev_put include/linux/netdevice.h:4456 [inline]
rx_queue_release+0x126/0x1a0 net/core/net-sysfs.c:1181
kobject_cleanup lib/kobject.c:689 [inline]
kobject_release lib/kobject.c:720 [inline]
kref_put include/linux/kref.h:65 [inline]
kobject_put+0x228/0x560 lib/kobject.c:737
net_rx_queue_update_kobjects+0x6a6/0x750 net/core/net-sysfs.c:1338
remove_queue_kobjects net/core/net-sysfs.c:2169 [inline]
netdev_unregister_kobject+0x113/0x450 net/core/net-sysfs.c:2325
unregister_netdevice_many_notify+0x1e0e/0x2380 net/core/dev.c:12452
unregister_netdevice_many net/core/dev.c:12480 [inline]
unregister_netdevice_queue+0x31f/0x360 net/core/dev.c:12294
unregister_netdevice include/linux/netdevice.h:3414 [inline]
nsim_destroy+0x1e5/0x680 drivers/net/netdevsim/netdev.c:1183
__nsim_dev_port_del+0x14d/0x1b0 drivers/net/netdevsim/dev.c:1529
nsim_dev_port_del_all drivers/net/netdevsim/dev.c:1541 [inline]
nsim_dev_reload_destroy+0x288/0x490 drivers/net/netdevsim/dev.c:1765
nsim_dev_reload_down+0x8a/0xc0 drivers/net/netdevsim/dev.c:1039
devlink_reload+0x1d1/0x8e0 net/devlink/dev.c:461
devlink_pernet_pre_exit+0x1e6/0x3f0 net/devlink/core.c:509
ops_pre_exit_list net/core/net_namespace.c:161 [inline]
ops_undo_list+0x187/0x940 net/core/net_namespace.c:234
cleanup_net+0x4df/0x7b0 net/core/net_namespace.c:696
process_one_work+0x949/0x1650 kernel/workqueue.c:3279
Call trace for netdevsim0[51] -1 at
__dev_put include/linux/netdevice.h:4389 [inline]
netdev_put include/linux/netdevice.h:4456 [inline]
netdev_queue_release+0x6a/0xd0 net/core/net-sysfs.c:1931
kobject_cleanup lib/kobject.c:689 [inline]
kobject_release lib/kobject.c:720 [inline]
kref_put include/linux/kref.h:65 [inline]
kobject_put+0x228/0x560 lib/kobject.c:737
netdev_queue_update_kobjects+0x5e8/0x6d0 net/core/net-sysfs.c:2073
remove_queue_kobjects net/core/net-sysfs.c:2170 [inline]
netdev_unregister_kobject+0x11f/0x450 net/core/net-sysfs.c:2325
unregister_netdevice_many_notify+0x1e0e/0x2380 net/core/dev.c:12452
unregister_netdevice_many net/core/dev.c:12480 [inline]
unregister_netdevice_queue+0x31f/0x360 net/core/dev.c:12294
unregister_netdevice include/linux/netdevice.h:3414 [inline]
nsim_destroy+0x1e5/0x680 drivers/net/netdevsim/netdev.c:1183
__nsim_dev_port_del+0x14d/0x1b0 drivers/net/netdevsim/dev.c:1529
nsim_dev_port_del_all drivers/net/netdevsim/dev.c:1541 [inline]
nsim_dev_reload_destroy+0x288/0x490 drivers/net/netdevsim/dev.c:1765
nsim_dev_reload_down+0x8a/0xc0 drivers/net/netdevsim/dev.c:1039
devlink_reload+0x1d1/0x8e0 net/devlink/dev.c:461
devlink_pernet_pre_exit+0x1e6/0x3f0 net/devlink/core.c:509
ops_pre_exit_list net/core/net_namespace.c:161 [inline]
ops_undo_list+0x187/0x940 net/core/net_namespace.c:234
cleanup_net+0x4df/0x7b0 net/core/net_namespace.c:696
process_one_work+0x949/0x1650 kernel/workqueue.c:3279
Call trace for netdevsim0[52] -1 at
__dev_put include/linux/netdevice.h:4389 [inline]
netdev_put include/linux/netdevice.h:4456 [inline]
unregister_netdevice_many_notify+0x2068/0x2380 net/core/dev.c:12462
unregister_netdevice_many net/core/dev.c:12480 [inline]
unregister_netdevice_queue+0x31f/0x360 net/core/dev.c:12294
unregister_netdevice include/linux/netdevice.h:3414 [inline]
nsim_destroy+0x1e5/0x680 drivers/net/netdevsim/netdev.c:1183
__nsim_dev_port_del+0x14d/0x1b0 drivers/net/netdevsim/dev.c:1529
nsim_dev_port_del_all drivers/net/netdevsim/dev.c:1541 [inline]
nsim_dev_reload_destroy+0x288/0x490 drivers/net/netdevsim/dev.c:1765
nsim_dev_reload_down+0x8a/0xc0 drivers/net/netdevsim/dev.c:1039
devlink_reload+0x1d1/0x8e0 net/devlink/dev.c:461
devlink_pernet_pre_exit+0x1e6/0x3f0 net/devlink/core.c:509
ops_pre_exit_list net/core/net_namespace.c:161 [inline]
ops_undo_list+0x187/0x940 net/core/net_namespace.c:234
cleanup_net+0x4df/0x7b0 net/core/net_namespace.c:696
process_one_work+0x949/0x1650 kernel/workqueue.c:3279
Call trace for netdevsim0[53] -1 at
__dev_put include/linux/netdevice.h:4389 [inline]
linkwatch_do_dev+0x89/0x180 net/core/link_watch.c:191
linkwatch_sync_dev+0x27f/0x390 net/core/link_watch.c:289
netdev_run_todo+0x3fe/0x1130 net/core/dev.c:11705
nsim_destroy+0x3ae/0x680 drivers/net/netdevsim/netdev.c:1190
__nsim_dev_port_del+0x14d/0x1b0 drivers/net/netdevsim/dev.c:1529
nsim_dev_port_del_all drivers/net/netdevsim/dev.c:1541 [inline]
nsim_dev_reload_destroy+0x288/0x490 drivers/net/netdevsim/dev.c:1765
nsim_dev_reload_down+0x8a/0xc0 drivers/net/netdevsim/dev.c:1039
devlink_reload+0x1d1/0x8e0 net/devlink/dev.c:461
devlink_pernet_pre_exit+0x1e6/0x3f0 net/devlink/core.c:509
ops_pre_exit_list net/core/net_namespace.c:161 [inline]
ops_undo_list+0x187/0x940 net/core/net_namespace.c:234
cleanup_net+0x4df/0x7b0 net/core/net_namespace.c:696
process_one_work+0x949/0x1650 kernel/workqueue.c:3279
balance as of netdevsim0[53] is 1
xfrm_dev_state_flush_secctx_check: LSM policy is rejecting this operation.
CPU: 1 UID: 0 PID: 11340 Comm: kworker/u8:17 Tainted: G L syzkaller #0 PREEMPT(full)
Tainted: [L]=SOFTLOCKUP
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026
Workqueue: netns cleanup_net
Call Trace:
<TASK>
dump_stack_lvl+0xe8/0x150 lib/dump_stack.c:120
xfrm_dev_state_flush_secctx_check net/xfrm/xfrm_state.c:900 [inline]
xfrm_dev_state_flush+0x5fa/0x740 net/xfrm/xfrm_state.c:971
xfrm_dev_unregister net/xfrm/xfrm_device.c:549 [inline]
xfrm_dev_event+0x1bc/0x3f0 net/xfrm/xfrm_device.c:570
notifier_call_chain+0x1be/0x400 kernel/notifier.c:85
call_netdevice_notifiers_extack net/core/dev.c:2281 [inline]
call_netdevice_notifiers net/core/dev.c:2295 [inline]
netdev_wait_allrefs_any net/core/dev.c:11589 [inline]
netdev_run_todo+0x778/0x1130 net/core/dev.c:11710
nsim_destroy+0x3ae/0x680 drivers/net/netdevsim/netdev.c:1190
__nsim_dev_port_del+0x14d/0x1b0 drivers/net/netdevsim/dev.c:1529
nsim_dev_port_del_all drivers/net/netdevsim/dev.c:1541 [inline]
nsim_dev_reload_destroy+0x288/0x490 drivers/net/netdevsim/dev.c:1765
nsim_dev_reload_down+0x8a/0xc0 drivers/net/netdevsim/dev.c:1039
devlink_reload+0x1d1/0x8e0 net/devlink/dev.c:461
devlink_pernet_pre_exit+0x1e6/0x3f0 net/devlink/core.c:509
ops_pre_exit_list net/core/net_namespace.c:161 [inline]
ops_undo_list+0x187/0x940 net/core/net_namespace.c:234
cleanup_net+0x4df/0x7b0 net/core/net_namespace.c:696
process_one_work+0x949/0x1650 kernel/workqueue.c:3279
process_scheduled_works kernel/workqueue.c:3362 [inline]
worker_thread+0xb46/0x1140 kernel/workqueue.c:3443
kthread+0x388/0x470 kernel/kthread.c:467
ret_from_fork+0x51e/0xb90 arch/x86/kernel/process.c:158
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
</TASK>
xfrm_dev_state_flush_secctx_check: LSM policy is rejecting this operation.
CPU: 1 UID: 0 PID: 11340 Comm: kworker/u8:17 Tainted: G L syzkaller #0 PREEMPT(full)
Tainted: [L]=SOFTLOCKUP
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026
Workqueue: netns cleanup_net
Call Trace:
<TASK>
dump_stack_lvl+0xe8/0x150 lib/dump_stack.c:120
xfrm_dev_state_flush_secctx_check net/xfrm/xfrm_state.c:900 [inline]
xfrm_dev_state_flush+0x5fa/0x740 net/xfrm/xfrm_state.c:971
xfrm_dev_unregister net/xfrm/xfrm_device.c:549 [inline]
xfrm_dev_event+0x1bc/0x3f0 net/xfrm/xfrm_device.c:570
notifier_call_chain+0x1be/0x400 kernel/notifier.c:85
call_netdevice_notifiers_extack net/core/dev.c:2281 [inline]
call_netdevice_notifiers net/core/dev.c:2295 [inline]
netdev_wait_allrefs_any net/core/dev.c:11589 [inline]
netdev_run_todo+0x778/0x1130 net/core/dev.c:11710
nsim_destroy+0x3ae/0x680 drivers/net/netdevsim/netdev.c:1190
__nsim_dev_port_del+0x14d/0x1b0 drivers/net/netdevsim/dev.c:1529
nsim_dev_port_del_all drivers/net/netdevsim/dev.c:1541 [inline]
nsim_dev_reload_destroy+0x288/0x490 drivers/net/netdevsim/dev.c:1765
nsim_dev_reload_down+0x8a/0xc0 drivers/net/netdevsim/dev.c:1039
devlink_reload+0x1d1/0x8e0 net/devlink/dev.c:461
devlink_pernet_pre_exit+0x1e6/0x3f0 net/devlink/core.c:509
ops_pre_exit_list net/core/net_namespace.c:161 [inline]
ops_undo_list+0x187/0x940 net/core/net_namespace.c:234
cleanup_net+0x4df/0x7b0 net/core/net_namespace.c:696
process_one_work+0x949/0x1650 kernel/workqueue.c:3279
process_scheduled_works kernel/workqueue.c:3362 [inline]
worker_thread+0xb46/0x1140 kernel/workqueue.c:3443
kthread+0x388/0x470 kernel/kthread.c:467
ret_from_fork+0x51e/0xb90 arch/x86/kernel/process.c:158
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
</TASK>
xfrm_dev_state_flush_secctx_check: LSM policy is rejecting this operation.
CPU: 1 UID: 0 PID: 11340 Comm: kworker/u8:17 Tainted: G L syzkaller #0 PREEMPT(full)
Tainted: [L]=SOFTLOCKUP
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026
Workqueue: netns cleanup_net
Call Trace:
<TASK>
dump_stack_lvl+0xe8/0x150 lib/dump_stack.c:120
xfrm_dev_state_flush_secctx_check net/xfrm/xfrm_state.c:900 [inline]
xfrm_dev_state_flush+0x5fa/0x740 net/xfrm/xfrm_state.c:971
xfrm_dev_unregister net/xfrm/xfrm_device.c:549 [inline]
xfrm_dev_event+0x1bc/0x3f0 net/xfrm/xfrm_device.c:570
notifier_call_chain+0x1be/0x400 kernel/notifier.c:85
call_netdevice_notifiers_extack net/core/dev.c:2281 [inline]
call_netdevice_notifiers net/core/dev.c:2295 [inline]
netdev_wait_allrefs_any net/core/dev.c:11589 [inline]
netdev_run_todo+0x778/0x1130 net/core/dev.c:11710
nsim_destroy+0x3ae/0x680 drivers/net/netdevsim/netdev.c:1190
__nsim_dev_port_del+0x14d/0x1b0 drivers/net/netdevsim/dev.c:1529
nsim_dev_port_del_all drivers/net/netdevsim/dev.c:1541 [inline]
nsim_dev_reload_destroy+0x288/0x490 drivers/net/netdevsim/dev.c:1765
nsim_dev_reload_down+0x8a/0xc0 drivers/net/netdevsim/dev.c:1039
devlink_reload+0x1d1/0x8e0 net/devlink/dev.c:461
devlink_pernet_pre_exit+0x1e6/0x3f0 net/devlink/core.c:509
ops_pre_exit_list net/core/net_namespace.c:161 [inline]
ops_undo_list+0x187/0x940 net/core/net_namespace.c:234
cleanup_net+0x4df/0x7b0 net/core/net_namespace.c:696
process_one_work+0x949/0x1650 kernel/workqueue.c:3279
process_scheduled_works kernel/workqueue.c:3362 [inline]
worker_thread+0xb46/0x1140 kernel/workqueue.c:3443
kthread+0x388/0x470 kernel/kthread.c:467
ret_from_fork+0x51e/0xb90 arch/x86/kernel/process.c:158
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
</TASK>
xfrm_dev_state_flush_secctx_check: LSM policy is rejecting this operation.
CPU: 1 UID: 0 PID: 11340 Comm: kworker/u8:17 Tainted: G L syzkaller #0 PREEMPT(full)
Tainted: [L]=SOFTLOCKUP
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026
Workqueue: netns cleanup_net
Call Trace:
<TASK>
dump_stack_lvl+0xe8/0x150 lib/dump_stack.c:120
xfrm_dev_state_flush_secctx_check net/xfrm/xfrm_state.c:900 [inline]
xfrm_dev_state_flush+0x5fa/0x740 net/xfrm/xfrm_state.c:971
xfrm_dev_unregister net/xfrm/xfrm_device.c:549 [inline]
xfrm_dev_event+0x1bc/0x3f0 net/xfrm/xfrm_device.c:570
notifier_call_chain+0x1be/0x400 kernel/notifier.c:85
call_netdevice_notifiers_extack net/core/dev.c:2281 [inline]
call_netdevice_notifiers net/core/dev.c:2295 [inline]
netdev_wait_allrefs_any net/core/dev.c:11589 [inline]
netdev_run_todo+0x778/0x1130 net/core/dev.c:11710
nsim_destroy+0x3ae/0x680 drivers/net/netdevsim/netdev.c:1190
__nsim_dev_port_del+0x14d/0x1b0 drivers/net/netdevsim/dev.c:1529
nsim_dev_port_del_all drivers/net/netdevsim/dev.c:1541 [inline]
nsim_dev_reload_destroy+0x288/0x490 drivers/net/netdevsim/dev.c:1765
nsim_dev_reload_down+0x8a/0xc0 drivers/net/netdevsim/dev.c:1039
devlink_reload+0x1d1/0x8e0 net/devlink/dev.c:461
devlink_pernet_pre_exit+0x1e6/0x3f0 net/devlink/core.c:509
ops_pre_exit_list net/core/net_namespace.c:161 [inline]
ops_undo_list+0x187/0x940 net/core/net_namespace.c:234
cleanup_net+0x4df/0x7b0 net/core/net_namespace.c:696
process_one_work+0x949/0x1650 kernel/workqueue.c:3279
process_scheduled_works kernel/workqueue.c:3362 [inline]
worker_thread+0xb46/0x1140 kernel/workqueue.c:3443
kthread+0x388/0x470 kernel/kthread.c:467
ret_from_fork+0x51e/0xb90 arch/x86/kernel/process.c:158
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
</TASK>
[-- Attachment #3: report-20260202-netlink_sendmsg.txt --]
[-- Type: text/plain, Size: 76858 bytes --]
unregister_netdevice: waiting for netdevsim0 to become free. Usage count = 2
ref_tracker: netdev@ffff88805b5fc630 has 1/1 users at
xfrm_dev_state_add+0x6f4/0xc40 net/xfrm/xfrm_device.c:316
xfrm_state_construct net/xfrm/xfrm_user.c:986 [inline]
xfrm_add_sa+0x34ca/0x4230 net/xfrm/xfrm_user.c:1022
xfrm_user_rcv_msg+0x746/0xb20 net/xfrm/xfrm_user.c:3507
netlink_rcv_skb+0x232/0x4b0 net/netlink/af_netlink.c:2550
xfrm_netlink_rcv+0x79/0x90 net/xfrm/xfrm_user.c:3529
netlink_unicast_kernel net/netlink/af_netlink.c:1318 [inline]
netlink_unicast+0x80f/0x9b0 net/netlink/af_netlink.c:1344
netlink_sendmsg+0x813/0xb40 net/netlink/af_netlink.c:1894
sock_sendmsg_nosec+0x18f/0x1d0 net/socket.c:737
__sock_sendmsg net/socket.c:752 [inline]
____sys_sendmsg+0x589/0x8c0 net/socket.c:2610
___sys_sendmsg+0x2a5/0x360 net/socket.c:2664
__sys_sendmsg net/socket.c:2696 [inline]
__do_sys_sendmsg net/socket.c:2701 [inline]
__se_sys_sendmsg net/socket.c:2699 [inline]
__x64_sys_sendmsg+0x1bd/0x2a0 net/socket.c:2699
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0x14d/0xf80 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
infiniband: balance for netdevsim0@ib_gid_table_entry is 0
balance for netdevsim0@j1939_priv is 0
Call trace for netdevsim0[1] +1 at
__dev_hold include/linux/netdevice.h:4403 [inline]
netdev_hold include/linux/netdevice.h:4446 [inline]
rx_queue_add_kobject net/core/net-sysfs.c:1257 [inline]
net_rx_queue_update_kobjects+0x148/0x750 net/core/net-sysfs.c:1322
register_queue_kobjects net/core/net-sysfs.c:2114 [inline]
netdev_register_kobject+0x21f/0x310 net/core/net-sysfs.c:2362
register_netdevice+0x12c0/0x1cf0 net/core/dev.c:11409
nsim_init_netdevsim drivers/net/netdevsim/netdev.c:1064 [inline]
nsim_create+0xb92/0x1100 drivers/net/netdevsim/netdev.c:1146
__nsim_dev_port_add+0x72a/0xb50 drivers/net/netdevsim/dev.c:1494
nsim_dev_port_add_all+0x37/0xf0 drivers/net/netdevsim/dev.c:1550
nsim_drv_probe+0x905/0xc20 drivers/net/netdevsim/dev.c:1711
call_driver_probe drivers/base/dd.c:-1 [inline]
really_probe+0x267/0xaf0 drivers/base/dd.c:661
__driver_probe_device+0x18c/0x320 drivers/base/dd.c:803
driver_probe_device+0x4f/0x240 drivers/base/dd.c:833
__device_attach_driver+0x2d4/0x4c0 drivers/base/dd.c:961
bus_for_each_drv+0x258/0x2f0 drivers/base/bus.c:500
__device_attach+0x2c5/0x450 drivers/base/dd.c:1033
device_initial_probe+0xa1/0xd0 drivers/base/dd.c:1088
bus_probe_device+0x12a/0x220 drivers/base/bus.c:574
device_add+0x7b6/0xb70 drivers/base/core.c:3689
nsim_bus_dev_new drivers/net/netdevsim/bus.c:471 [inline]
new_device_store+0x37b/0x710 drivers/net/netdevsim/bus.c:191
kernfs_fop_write_iter+0x3af/0x540 fs/kernfs/file.c:352
new_sync_write fs/read_write.c:595 [inline]
vfs_write+0x61d/0xb90 fs/read_write.c:688
ksys_write+0x150/0x270 fs/read_write.c:740
Call trace for netdevsim0[2] +1 at
__dev_hold include/linux/netdevice.h:4403 [inline]
netdev_hold include/linux/netdevice.h:4446 [inline]
netdev_queue_add_kobject net/core/net-sysfs.c:1994 [inline]
netdev_queue_update_kobjects+0x170/0x6d0 net/core/net-sysfs.c:2056
register_queue_kobjects net/core/net-sysfs.c:2119 [inline]
netdev_register_kobject+0x258/0x310 net/core/net-sysfs.c:2362
register_netdevice+0x12c0/0x1cf0 net/core/dev.c:11409
nsim_init_netdevsim drivers/net/netdevsim/netdev.c:1064 [inline]
nsim_create+0xb92/0x1100 drivers/net/netdevsim/netdev.c:1146
__nsim_dev_port_add+0x72a/0xb50 drivers/net/netdevsim/dev.c:1494
nsim_dev_port_add_all+0x37/0xf0 drivers/net/netdevsim/dev.c:1550
nsim_drv_probe+0x905/0xc20 drivers/net/netdevsim/dev.c:1711
call_driver_probe drivers/base/dd.c:-1 [inline]
really_probe+0x267/0xaf0 drivers/base/dd.c:661
__driver_probe_device+0x18c/0x320 drivers/base/dd.c:803
driver_probe_device+0x4f/0x240 drivers/base/dd.c:833
__device_attach_driver+0x2d4/0x4c0 drivers/base/dd.c:961
bus_for_each_drv+0x258/0x2f0 drivers/base/bus.c:500
__device_attach+0x2c5/0x450 drivers/base/dd.c:1033
device_initial_probe+0xa1/0xd0 drivers/base/dd.c:1088
bus_probe_device+0x12a/0x220 drivers/base/bus.c:574
device_add+0x7b6/0xb70 drivers/base/core.c:3689
nsim_bus_dev_new drivers/net/netdevsim/bus.c:471 [inline]
new_device_store+0x37b/0x710 drivers/net/netdevsim/bus.c:191
kernfs_fop_write_iter+0x3af/0x540 fs/kernfs/file.c:352
new_sync_write fs/read_write.c:595 [inline]
vfs_write+0x61d/0xb90 fs/read_write.c:688
ksys_write+0x150/0x270 fs/read_write.c:740
Call trace for netdevsim0[3] +1 at
__dev_hold include/linux/netdevice.h:4403 [inline]
netdev_hold+0x27/0xc0 include/linux/netdevice.h:4446
register_netdevice+0x15cc/0x1cf0 net/core/dev.c:11433
nsim_init_netdevsim drivers/net/netdevsim/netdev.c:1064 [inline]
nsim_create+0xb92/0x1100 drivers/net/netdevsim/netdev.c:1146
__nsim_dev_port_add+0x72a/0xb50 drivers/net/netdevsim/dev.c:1494
nsim_dev_port_add_all+0x37/0xf0 drivers/net/netdevsim/dev.c:1550
nsim_drv_probe+0x905/0xc20 drivers/net/netdevsim/dev.c:1711
call_driver_probe drivers/base/dd.c:-1 [inline]
really_probe+0x267/0xaf0 drivers/base/dd.c:661
__driver_probe_device+0x18c/0x320 drivers/base/dd.c:803
driver_probe_device+0x4f/0x240 drivers/base/dd.c:833
__device_attach_driver+0x2d4/0x4c0 drivers/base/dd.c:961
bus_for_each_drv+0x258/0x2f0 drivers/base/bus.c:500
__device_attach+0x2c5/0x450 drivers/base/dd.c:1033
device_initial_probe+0xa1/0xd0 drivers/base/dd.c:1088
bus_probe_device+0x12a/0x220 drivers/base/bus.c:574
device_add+0x7b6/0xb70 drivers/base/core.c:3689
nsim_bus_dev_new drivers/net/netdevsim/bus.c:471 [inline]
new_device_store+0x37b/0x710 drivers/net/netdevsim/bus.c:191
kernfs_fop_write_iter+0x3af/0x540 fs/kernfs/file.c:352
new_sync_write fs/read_write.c:595 [inline]
vfs_write+0x61d/0xb90 fs/read_write.c:688
ksys_write+0x150/0x270 fs/read_write.c:740
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0x14d/0xf80 arch/x86/entry/syscall_64.c:94
Call trace for netdevsim0[4] +3 at
__dev_hold include/linux/netdevice.h:4403 [inline]
netdev_hold include/linux/netdevice.h:4446 [inline]
dev_hold include/linux/netdevice.h:4469 [inline]
netdevice_queue_work drivers/infiniband/core/roce_gid_mgmt.c:698 [inline]
netdevice_event+0x4ea/0x8d0 drivers/infiniband/core/roce_gid_mgmt.c:849
notifier_call_chain+0x1be/0x400 kernel/notifier.c:85
call_netdevice_notifiers_extack net/core/dev.c:2281 [inline]
call_netdevice_notifiers net/core/dev.c:2295 [inline]
register_netdevice+0x173a/0x1cf0 net/core/dev.c:11447
nsim_init_netdevsim drivers/net/netdevsim/netdev.c:1064 [inline]
nsim_create+0xb92/0x1100 drivers/net/netdevsim/netdev.c:1146
__nsim_dev_port_add+0x72a/0xb50 drivers/net/netdevsim/dev.c:1494
nsim_dev_port_add_all+0x37/0xf0 drivers/net/netdevsim/dev.c:1550
nsim_drv_probe+0x905/0xc20 drivers/net/netdevsim/dev.c:1711
call_driver_probe drivers/base/dd.c:-1 [inline]
really_probe+0x267/0xaf0 drivers/base/dd.c:661
__driver_probe_device+0x18c/0x320 drivers/base/dd.c:803
driver_probe_device+0x4f/0x240 drivers/base/dd.c:833
__device_attach_driver+0x2d4/0x4c0 drivers/base/dd.c:961
bus_for_each_drv+0x258/0x2f0 drivers/base/bus.c:500
__device_attach+0x2c5/0x450 drivers/base/dd.c:1033
device_initial_probe+0xa1/0xd0 drivers/base/dd.c:1088
bus_probe_device+0x12a/0x220 drivers/base/bus.c:574
device_add+0x7b6/0xb70 drivers/base/core.c:3689
nsim_bus_dev_new drivers/net/netdevsim/bus.c:471 [inline]
new_device_store+0x37b/0x710 drivers/net/netdevsim/bus.c:191
kernfs_fop_write_iter+0x3af/0x540 fs/kernfs/file.c:352
new_sync_write fs/read_write.c:595 [inline]
vfs_write+0x61d/0xb90 fs/read_write.c:688
ksys_write+0x150/0x270 fs/read_write.c:740
Call trace for netdevsim0[5] +3 at
__dev_hold include/linux/netdevice.h:4403 [inline]
netdev_hold include/linux/netdevice.h:4446 [inline]
dev_hold include/linux/netdevice.h:4469 [inline]
netdevice_queue_work drivers/infiniband/core/roce_gid_mgmt.c:699 [inline]
netdevice_event+0x593/0x8d0 drivers/infiniband/core/roce_gid_mgmt.c:849
notifier_call_chain+0x1be/0x400 kernel/notifier.c:85
call_netdevice_notifiers_extack net/core/dev.c:2281 [inline]
call_netdevice_notifiers net/core/dev.c:2295 [inline]
register_netdevice+0x173a/0x1cf0 net/core/dev.c:11447
nsim_init_netdevsim drivers/net/netdevsim/netdev.c:1064 [inline]
nsim_create+0xb92/0x1100 drivers/net/netdevsim/netdev.c:1146
__nsim_dev_port_add+0x72a/0xb50 drivers/net/netdevsim/dev.c:1494
nsim_dev_port_add_all+0x37/0xf0 drivers/net/netdevsim/dev.c:1550
nsim_drv_probe+0x905/0xc20 drivers/net/netdevsim/dev.c:1711
call_driver_probe drivers/base/dd.c:-1 [inline]
really_probe+0x267/0xaf0 drivers/base/dd.c:661
__driver_probe_device+0x18c/0x320 drivers/base/dd.c:803
driver_probe_device+0x4f/0x240 drivers/base/dd.c:833
__device_attach_driver+0x2d4/0x4c0 drivers/base/dd.c:961
bus_for_each_drv+0x258/0x2f0 drivers/base/bus.c:500
__device_attach+0x2c5/0x450 drivers/base/dd.c:1033
device_initial_probe+0xa1/0xd0 drivers/base/dd.c:1088
bus_probe_device+0x12a/0x220 drivers/base/bus.c:574
device_add+0x7b6/0xb70 drivers/base/core.c:3689
nsim_bus_dev_new drivers/net/netdevsim/bus.c:471 [inline]
new_device_store+0x37b/0x710 drivers/net/netdevsim/bus.c:191
kernfs_fop_write_iter+0x3af/0x540 fs/kernfs/file.c:352
new_sync_write fs/read_write.c:595 [inline]
vfs_write+0x61d/0xb90 fs/read_write.c:688
ksys_write+0x150/0x270 fs/read_write.c:740
Call trace for netdevsim0[6] -7 at
__dev_put include/linux/netdevice.h:4389 [inline]
netdev_put include/linux/netdevice.h:4456 [inline]
dev_put include/linux/netdevice.h:4481 [inline]
netdevice_event_work_handler+0x12c/0x260 drivers/infiniband/core/roce_gid_mgmt.c:675
process_one_work+0x949/0x1650 kernel/workqueue.c:3279
Call trace for netdevsim0[7] -7 at
__dev_put include/linux/netdevice.h:4389 [inline]
netdev_put include/linux/netdevice.h:4456 [inline]
dev_put include/linux/netdevice.h:4481 [inline]
netdevice_event_work_handler+0x1b2/0x260 drivers/infiniband/core/roce_gid_mgmt.c:676
process_one_work+0x949/0x1650 kernel/workqueue.c:3279
Call trace for netdevsim0[8] +1 at
__dev_hold include/linux/netdevice.h:4403 [inline]
netdev_hold include/linux/netdevice.h:4446 [inline]
neigh_parms_alloc+0x192/0x530 net/core/neighbour.c:1778
inetdev_init+0x118/0x4f0 net/ipv4/devinet.c:280
inetdev_event+0x30d/0x1610 net/ipv4/devinet.c:1590
notifier_call_chain+0x1be/0x400 kernel/notifier.c:85
call_netdevice_notifiers_extack net/core/dev.c:2281 [inline]
call_netdevice_notifiers net/core/dev.c:2295 [inline]
register_netdevice+0x173a/0x1cf0 net/core/dev.c:11447
nsim_init_netdevsim drivers/net/netdevsim/netdev.c:1064 [inline]
nsim_create+0xb92/0x1100 drivers/net/netdevsim/netdev.c:1146
__nsim_dev_port_add+0x72a/0xb50 drivers/net/netdevsim/dev.c:1494
nsim_dev_port_add_all+0x37/0xf0 drivers/net/netdevsim/dev.c:1550
nsim_drv_probe+0x905/0xc20 drivers/net/netdevsim/dev.c:1711
call_driver_probe drivers/base/dd.c:-1 [inline]
really_probe+0x267/0xaf0 drivers/base/dd.c:661
__driver_probe_device+0x18c/0x320 drivers/base/dd.c:803
driver_probe_device+0x4f/0x240 drivers/base/dd.c:833
__device_attach_driver+0x2d4/0x4c0 drivers/base/dd.c:961
bus_for_each_drv+0x258/0x2f0 drivers/base/bus.c:500
__device_attach+0x2c5/0x450 drivers/base/dd.c:1033
device_initial_probe+0xa1/0xd0 drivers/base/dd.c:1088
bus_probe_device+0x12a/0x220 drivers/base/bus.c:574
device_add+0x7b6/0xb70 drivers/base/core.c:3689
nsim_bus_dev_new drivers/net/netdevsim/bus.c:471 [inline]
new_device_store+0x37b/0x710 drivers/net/netdevsim/bus.c:191
kernfs_fop_write_iter+0x3af/0x540 fs/kernfs/file.c:352
Call trace for netdevsim0[9] +1 at
__dev_hold include/linux/netdevice.h:4403 [inline]
netdev_hold include/linux/netdevice.h:4446 [inline]
inetdev_init+0x19f/0x4f0 net/ipv4/devinet.c:286
inetdev_event+0x30d/0x1610 net/ipv4/devinet.c:1590
notifier_call_chain+0x1be/0x400 kernel/notifier.c:85
call_netdevice_notifiers_extack net/core/dev.c:2281 [inline]
call_netdevice_notifiers net/core/dev.c:2295 [inline]
register_netdevice+0x173a/0x1cf0 net/core/dev.c:11447
nsim_init_netdevsim drivers/net/netdevsim/netdev.c:1064 [inline]
nsim_create+0xb92/0x1100 drivers/net/netdevsim/netdev.c:1146
__nsim_dev_port_add+0x72a/0xb50 drivers/net/netdevsim/dev.c:1494
nsim_dev_port_add_all+0x37/0xf0 drivers/net/netdevsim/dev.c:1550
nsim_drv_probe+0x905/0xc20 drivers/net/netdevsim/dev.c:1711
call_driver_probe drivers/base/dd.c:-1 [inline]
really_probe+0x267/0xaf0 drivers/base/dd.c:661
__driver_probe_device+0x18c/0x320 drivers/base/dd.c:803
driver_probe_device+0x4f/0x240 drivers/base/dd.c:833
__device_attach_driver+0x2d4/0x4c0 drivers/base/dd.c:961
bus_for_each_drv+0x258/0x2f0 drivers/base/bus.c:500
__device_attach+0x2c5/0x450 drivers/base/dd.c:1033
device_initial_probe+0xa1/0xd0 drivers/base/dd.c:1088
bus_probe_device+0x12a/0x220 drivers/base/bus.c:574
device_add+0x7b6/0xb70 drivers/base/core.c:3689
nsim_bus_dev_new drivers/net/netdevsim/bus.c:471 [inline]
new_device_store+0x37b/0x710 drivers/net/netdevsim/bus.c:191
kernfs_fop_write_iter+0x3af/0x540 fs/kernfs/file.c:352
new_sync_write fs/read_write.c:595 [inline]
vfs_write+0x61d/0xb90 fs/read_write.c:688
Call trace for netdevsim0[10] +1 at
__dev_hold include/linux/netdevice.h:4403 [inline]
netdev_hold include/linux/netdevice.h:4446 [inline]
neigh_parms_alloc+0x192/0x530 net/core/neighbour.c:1778
ipv6_add_dev+0x40d/0x13c0 net/ipv6/addrconf.c:403
addrconf_notify+0x771/0x1050 net/ipv6/addrconf.c:3655
notifier_call_chain+0x1be/0x400 kernel/notifier.c:85
call_netdevice_notifiers_extack net/core/dev.c:2281 [inline]
call_netdevice_notifiers net/core/dev.c:2295 [inline]
register_netdevice+0x173a/0x1cf0 net/core/dev.c:11447
nsim_init_netdevsim drivers/net/netdevsim/netdev.c:1064 [inline]
nsim_create+0xb92/0x1100 drivers/net/netdevsim/netdev.c:1146
__nsim_dev_port_add+0x72a/0xb50 drivers/net/netdevsim/dev.c:1494
nsim_dev_port_add_all+0x37/0xf0 drivers/net/netdevsim/dev.c:1550
nsim_drv_probe+0x905/0xc20 drivers/net/netdevsim/dev.c:1711
call_driver_probe drivers/base/dd.c:-1 [inline]
really_probe+0x267/0xaf0 drivers/base/dd.c:661
__driver_probe_device+0x18c/0x320 drivers/base/dd.c:803
driver_probe_device+0x4f/0x240 drivers/base/dd.c:833
__device_attach_driver+0x2d4/0x4c0 drivers/base/dd.c:961
bus_for_each_drv+0x258/0x2f0 drivers/base/bus.c:500
__device_attach+0x2c5/0x450 drivers/base/dd.c:1033
device_initial_probe+0xa1/0xd0 drivers/base/dd.c:1088
bus_probe_device+0x12a/0x220 drivers/base/bus.c:574
device_add+0x7b6/0xb70 drivers/base/core.c:3689
nsim_bus_dev_new drivers/net/netdevsim/bus.c:471 [inline]
new_device_store+0x37b/0x710 drivers/net/netdevsim/bus.c:191
kernfs_fop_write_iter+0x3af/0x540 fs/kernfs/file.c:352
Call trace for netdevsim0[11] +1 at
__dev_hold include/linux/netdevice.h:4403 [inline]
netdev_hold include/linux/netdevice.h:4446 [inline]
ipv6_add_dev+0x4ae/0x13c0 net/ipv6/addrconf.c:411
addrconf_notify+0x771/0x1050 net/ipv6/addrconf.c:3655
notifier_call_chain+0x1be/0x400 kernel/notifier.c:85
call_netdevice_notifiers_extack net/core/dev.c:2281 [inline]
call_netdevice_notifiers net/core/dev.c:2295 [inline]
register_netdevice+0x173a/0x1cf0 net/core/dev.c:11447
nsim_init_netdevsim drivers/net/netdevsim/netdev.c:1064 [inline]
nsim_create+0xb92/0x1100 drivers/net/netdevsim/netdev.c:1146
__nsim_dev_port_add+0x72a/0xb50 drivers/net/netdevsim/dev.c:1494
nsim_dev_port_add_all+0x37/0xf0 drivers/net/netdevsim/dev.c:1550
nsim_drv_probe+0x905/0xc20 drivers/net/netdevsim/dev.c:1711
call_driver_probe drivers/base/dd.c:-1 [inline]
really_probe+0x267/0xaf0 drivers/base/dd.c:661
__driver_probe_device+0x18c/0x320 drivers/base/dd.c:803
driver_probe_device+0x4f/0x240 drivers/base/dd.c:833
__device_attach_driver+0x2d4/0x4c0 drivers/base/dd.c:961
bus_for_each_drv+0x258/0x2f0 drivers/base/bus.c:500
__device_attach+0x2c5/0x450 drivers/base/dd.c:1033
device_initial_probe+0xa1/0xd0 drivers/base/dd.c:1088
bus_probe_device+0x12a/0x220 drivers/base/bus.c:574
device_add+0x7b6/0xb70 drivers/base/core.c:3689
nsim_bus_dev_new drivers/net/netdevsim/bus.c:471 [inline]
new_device_store+0x37b/0x710 drivers/net/netdevsim/bus.c:191
kernfs_fop_write_iter+0x3af/0x540 fs/kernfs/file.c:352
new_sync_write fs/read_write.c:595 [inline]
vfs_write+0x61d/0xb90 fs/read_write.c:688
Call trace for netdevsim0[12] +1 at
__dev_hold include/linux/netdevice.h:4403 [inline]
netdev_hold include/linux/netdevice.h:4446 [inline]
batadv_hardif_add_interface net/batman-adv/hard-interface.c:878 [inline]
batadv_hard_if_event+0xb47/0x1240 net/batman-adv/hard-interface.c:958
notifier_call_chain+0x1be/0x400 kernel/notifier.c:85
call_netdevice_notifiers_extack net/core/dev.c:2281 [inline]
call_netdevice_notifiers net/core/dev.c:2295 [inline]
register_netdevice+0x173a/0x1cf0 net/core/dev.c:11447
nsim_init_netdevsim drivers/net/netdevsim/netdev.c:1064 [inline]
nsim_create+0xb92/0x1100 drivers/net/netdevsim/netdev.c:1146
__nsim_dev_port_add+0x72a/0xb50 drivers/net/netdevsim/dev.c:1494
nsim_dev_port_add_all+0x37/0xf0 drivers/net/netdevsim/dev.c:1550
nsim_drv_probe+0x905/0xc20 drivers/net/netdevsim/dev.c:1711
call_driver_probe drivers/base/dd.c:-1 [inline]
really_probe+0x267/0xaf0 drivers/base/dd.c:661
__driver_probe_device+0x18c/0x320 drivers/base/dd.c:803
driver_probe_device+0x4f/0x240 drivers/base/dd.c:833
__device_attach_driver+0x2d4/0x4c0 drivers/base/dd.c:961
bus_for_each_drv+0x258/0x2f0 drivers/base/bus.c:500
__device_attach+0x2c5/0x450 drivers/base/dd.c:1033
device_initial_probe+0xa1/0xd0 drivers/base/dd.c:1088
bus_probe_device+0x12a/0x220 drivers/base/bus.c:574
device_add+0x7b6/0xb70 drivers/base/core.c:3689
nsim_bus_dev_new drivers/net/netdevsim/bus.c:471 [inline]
new_device_store+0x37b/0x710 drivers/net/netdevsim/bus.c:191
kernfs_fop_write_iter+0x3af/0x540 fs/kernfs/file.c:352
new_sync_write fs/read_write.c:595 [inline]
vfs_write+0x61d/0xb90 fs/read_write.c:688
ksys_write+0x150/0x270 fs/read_write.c:740
Call trace for netdevsim0[13] +1 at
__dev_hold include/linux/netdevice.h:4403 [inline]
netdev_hold include/linux/netdevice.h:4446 [inline]
dev_hold include/linux/netdevice.h:4469 [inline]
udp_tunnel_nic_register net/ipv4/udp_tunnel_nic.c:850 [inline]
udp_tunnel_nic_netdevice_event+0xaea/0x17e0 net/ipv4/udp_tunnel_nic.c:931
notifier_call_chain+0x1be/0x400 kernel/notifier.c:85
call_netdevice_notifiers_extack net/core/dev.c:2281 [inline]
call_netdevice_notifiers net/core/dev.c:2295 [inline]
register_netdevice+0x173a/0x1cf0 net/core/dev.c:11447
nsim_init_netdevsim drivers/net/netdevsim/netdev.c:1064 [inline]
nsim_create+0xb92/0x1100 drivers/net/netdevsim/netdev.c:1146
__nsim_dev_port_add+0x72a/0xb50 drivers/net/netdevsim/dev.c:1494
nsim_dev_port_add_all+0x37/0xf0 drivers/net/netdevsim/dev.c:1550
nsim_drv_probe+0x905/0xc20 drivers/net/netdevsim/dev.c:1711
call_driver_probe drivers/base/dd.c:-1 [inline]
really_probe+0x267/0xaf0 drivers/base/dd.c:661
__driver_probe_device+0x18c/0x320 drivers/base/dd.c:803
driver_probe_device+0x4f/0x240 drivers/base/dd.c:833
__device_attach_driver+0x2d4/0x4c0 drivers/base/dd.c:961
bus_for_each_drv+0x258/0x2f0 drivers/base/bus.c:500
__device_attach+0x2c5/0x450 drivers/base/dd.c:1033
device_initial_probe+0xa1/0xd0 drivers/base/dd.c:1088
bus_probe_device+0x12a/0x220 drivers/base/bus.c:574
device_add+0x7b6/0xb70 drivers/base/core.c:3689
nsim_bus_dev_new drivers/net/netdevsim/bus.c:471 [inline]
new_device_store+0x37b/0x710 drivers/net/netdevsim/bus.c:191
kernfs_fop_write_iter+0x3af/0x540 fs/kernfs/file.c:352
new_sync_write fs/read_write.c:595 [inline]
vfs_write+0x61d/0xb90 fs/read_write.c:688
ksys_write+0x150/0x270 fs/read_write.c:740
Call trace for netdevsim0[14] +1 at
__dev_hold include/linux/netdevice.h:4403 [inline]
netdev_hold include/linux/netdevice.h:4446 [inline]
qdisc_alloc+0x631/0x910 net/sched/sch_generic.c:985
qdisc_create_dflt+0x8e/0x510 net/sched/sch_generic.c:1008
attach_one_default_qdisc net/sched/sch_generic.c:1174 [inline]
netdev_for_each_tx_queue include/linux/netdevice.h:2688 [inline]
attach_default_qdiscs net/sched/sch_generic.c:1192 [inline]
dev_activate+0x378/0x1150 net/sched/sch_generic.c:1251
__dev_open+0x67a/0x830 net/core/dev.c:1704
__dev_change_flags+0x1f7/0x690 net/core/dev.c:9749
netif_change_flags+0x88/0x1a0 net/core/dev.c:9812
do_setlink+0xf82/0x4590 net/core/rtnetlink.c:3158
rtnl_changelink net/core/rtnetlink.c:3776 [inline]
__rtnl_newlink net/core/rtnetlink.c:3935 [inline]
rtnl_newlink+0x15a9/0x1be0 net/core/rtnetlink.c:4072
rtnetlink_rcv_msg+0x7d5/0xbe0 net/core/rtnetlink.c:6958
netlink_rcv_skb+0x232/0x4b0 net/netlink/af_netlink.c:2550
netlink_unicast_kernel net/netlink/af_netlink.c:1318 [inline]
netlink_unicast+0x80f/0x9b0 net/netlink/af_netlink.c:1344
netlink_sendmsg+0x813/0xb40 net/netlink/af_netlink.c:1894
sock_sendmsg_nosec+0x18f/0x1d0 net/socket.c:737
Call trace for netdevsim0[15] +3 at
__dev_hold include/linux/netdevice.h:4403 [inline]
netdev_hold include/linux/netdevice.h:4446 [inline]
dev_hold include/linux/netdevice.h:4469 [inline]
netdevice_queue_work drivers/infiniband/core/roce_gid_mgmt.c:698 [inline]
netdevice_event+0x4ea/0x8d0 drivers/infiniband/core/roce_gid_mgmt.c:849
notifier_call_chain+0x1be/0x400 kernel/notifier.c:85
call_netdevice_notifiers_extack net/core/dev.c:2281 [inline]
call_netdevice_notifiers net/core/dev.c:2295 [inline]
__dev_notify_flags+0x1a9/0x310 net/core/dev.c:9788
netif_change_flags+0xe8/0x1a0 net/core/dev.c:9817
do_setlink+0xf82/0x4590 net/core/rtnetlink.c:3158
rtnl_changelink net/core/rtnetlink.c:3776 [inline]
__rtnl_newlink net/core/rtnetlink.c:3935 [inline]
rtnl_newlink+0x15a9/0x1be0 net/core/rtnetlink.c:4072
rtnetlink_rcv_msg+0x7d5/0xbe0 net/core/rtnetlink.c:6958
netlink_rcv_skb+0x232/0x4b0 net/netlink/af_netlink.c:2550
netlink_unicast_kernel net/netlink/af_netlink.c:1318 [inline]
netlink_unicast+0x80f/0x9b0 net/netlink/af_netlink.c:1344
netlink_sendmsg+0x813/0xb40 net/netlink/af_netlink.c:1894
sock_sendmsg_nosec+0x18f/0x1d0 net/socket.c:737
Call trace for netdevsim0[16] +3 at
__dev_hold include/linux/netdevice.h:4403 [inline]
netdev_hold include/linux/netdevice.h:4446 [inline]
dev_hold include/linux/netdevice.h:4469 [inline]
netdevice_queue_work drivers/infiniband/core/roce_gid_mgmt.c:699 [inline]
netdevice_event+0x593/0x8d0 drivers/infiniband/core/roce_gid_mgmt.c:849
notifier_call_chain+0x1be/0x400 kernel/notifier.c:85
call_netdevice_notifiers_extack net/core/dev.c:2281 [inline]
call_netdevice_notifiers net/core/dev.c:2295 [inline]
__dev_notify_flags+0x1a9/0x310 net/core/dev.c:9788
netif_change_flags+0xe8/0x1a0 net/core/dev.c:9817
do_setlink+0xf82/0x4590 net/core/rtnetlink.c:3158
rtnl_changelink net/core/rtnetlink.c:3776 [inline]
__rtnl_newlink net/core/rtnetlink.c:3935 [inline]
rtnl_newlink+0x15a9/0x1be0 net/core/rtnetlink.c:4072
rtnetlink_rcv_msg+0x7d5/0xbe0 net/core/rtnetlink.c:6958
netlink_rcv_skb+0x232/0x4b0 net/netlink/af_netlink.c:2550
netlink_unicast_kernel net/netlink/af_netlink.c:1318 [inline]
netlink_unicast+0x80f/0x9b0 net/netlink/af_netlink.c:1344
netlink_sendmsg+0x813/0xb40 net/netlink/af_netlink.c:1894
sock_sendmsg_nosec+0x18f/0x1d0 net/socket.c:737
Call trace for netdevsim0[17] +1 at
__dev_hold include/linux/netdevice.h:4403 [inline]
netdev_hold include/linux/netdevice.h:4446 [inline]
dev_hold include/linux/netdevice.h:4469 [inline]
dev_get_by_index+0x1b3/0x2f0 net/core/dev.c:995
netdev_get_by_index+0x25/0xb0 net/core/dev.c:1018
fib6_nh_init+0x1f2/0x2010 net/ipv6/route.c:3598
ip6_route_info_create_nh+0x16a/0xad0 net/ipv6/route.c:3898
ip6_route_add+0x6e/0x1b0 net/ipv6/route.c:3950
addrconf_add_mroute+0x2d1/0x370 net/ipv6/addrconf.c:2552
addrconf_add_dev net/ipv6/addrconf.c:2570 [inline]
addrconf_dev_config net/ipv6/addrconf.c:3484 [inline]
addrconf_init_auto_addrs+0x4d7/0xa50 net/ipv6/addrconf.c:3572
addrconf_notify+0xb1e/0x1050 net/ipv6/addrconf.c:3745
notifier_call_chain+0x1be/0x400 kernel/notifier.c:85
call_netdevice_notifiers_extack net/core/dev.c:2281 [inline]
call_netdevice_notifiers net/core/dev.c:2295 [inline]
__dev_notify_flags+0x1a9/0x310 net/core/dev.c:9788
netif_change_flags+0xe8/0x1a0 net/core/dev.c:9817
do_setlink+0xf82/0x4590 net/core/rtnetlink.c:3158
rtnl_changelink net/core/rtnetlink.c:3776 [inline]
__rtnl_newlink net/core/rtnetlink.c:3935 [inline]
rtnl_newlink+0x15a9/0x1be0 net/core/rtnetlink.c:4072
rtnetlink_rcv_msg+0x7d5/0xbe0 net/core/rtnetlink.c:6958
netlink_rcv_skb+0x232/0x4b0 net/netlink/af_netlink.c:2550
netlink_unicast_kernel net/netlink/af_netlink.c:1318 [inline]
netlink_unicast+0x80f/0x9b0 net/netlink/af_netlink.c:1344
netlink_sendmsg+0x813/0xb40 net/netlink/af_netlink.c:1894
sock_sendmsg_nosec+0x18f/0x1d0 net/socket.c:737
Call trace for netdevsim0[18] +1 at
__dev_hold include/linux/netdevice.h:4403 [inline]
netdev_hold include/linux/netdevice.h:4446 [inline]
dev_hold include/linux/netdevice.h:4469 [inline]
dev_get_by_index+0x1b3/0x2f0 net/core/dev.c:995
netdev_get_by_index+0x25/0xb0 net/core/dev.c:1018
fib6_nh_init+0x1f2/0x2010 net/ipv6/route.c:3598
ip6_route_info_create_nh+0x16a/0xad0 net/ipv6/route.c:3898
addrconf_f6i_alloc+0x3b7/0x630 net/ipv6/route.c:4690
ipv6_add_addr+0x59c/0x1100 net/ipv6/addrconf.c:1126
addrconf_add_linklocal+0x20c/0x460 net/ipv6/addrconf.c:3311
addrconf_addr_gen+0x2f8/0x360 net/ipv6/addrconf.c:3447
addrconf_notify+0xb1e/0x1050 net/ipv6/addrconf.c:3745
notifier_call_chain+0x1be/0x400 kernel/notifier.c:85
call_netdevice_notifiers_extack net/core/dev.c:2281 [inline]
call_netdevice_notifiers net/core/dev.c:2295 [inline]
__dev_notify_flags+0x1a9/0x310 net/core/dev.c:9788
netif_change_flags+0xe8/0x1a0 net/core/dev.c:9817
do_setlink+0xf82/0x4590 net/core/rtnetlink.c:3158
rtnl_changelink net/core/rtnetlink.c:3776 [inline]
__rtnl_newlink net/core/rtnetlink.c:3935 [inline]
rtnl_newlink+0x15a9/0x1be0 net/core/rtnetlink.c:4072
rtnetlink_rcv_msg+0x7d5/0xbe0 net/core/rtnetlink.c:6958
netlink_rcv_skb+0x232/0x4b0 net/netlink/af_netlink.c:2550
netlink_unicast_kernel net/netlink/af_netlink.c:1318 [inline]
netlink_unicast+0x80f/0x9b0 net/netlink/af_netlink.c:1344
netlink_sendmsg+0x813/0xb40 net/netlink/af_netlink.c:1894
sock_sendmsg_nosec+0x18f/0x1d0 net/socket.c:737
Call trace for netdevsim0[19] +1 at
__dev_hold include/linux/netdevice.h:4403 [inline]
netdev_hold include/linux/netdevice.h:4446 [inline]
dev_hold include/linux/netdevice.h:4469 [inline]
addr_event+0x302/0x480 drivers/infiniband/core/roce_gid_mgmt.c:897
inet6addr_event+0x9f/0xd0 drivers/infiniband/core/roce_gid_mgmt.c:930
notifier_call_chain+0x1be/0x400 kernel/notifier.c:85
atomic_notifier_call_chain+0xda/0x180 kernel/notifier.c:223
ipv6_add_addr+0xe08/0x1100 net/ipv6/addrconf.c:1186
addrconf_add_linklocal+0x20c/0x460 net/ipv6/addrconf.c:3311
addrconf_addr_gen+0x2f8/0x360 net/ipv6/addrconf.c:3447
addrconf_notify+0xb1e/0x1050 net/ipv6/addrconf.c:3745
notifier_call_chain+0x1be/0x400 kernel/notifier.c:85
call_netdevice_notifiers_extack net/core/dev.c:2281 [inline]
call_netdevice_notifiers net/core/dev.c:2295 [inline]
__dev_notify_flags+0x1a9/0x310 net/core/dev.c:9788
netif_change_flags+0xe8/0x1a0 net/core/dev.c:9817
do_setlink+0xf82/0x4590 net/core/rtnetlink.c:3158
rtnl_changelink net/core/rtnetlink.c:3776 [inline]
__rtnl_newlink net/core/rtnetlink.c:3935 [inline]
rtnl_newlink+0x15a9/0x1be0 net/core/rtnetlink.c:4072
rtnetlink_rcv_msg+0x7d5/0xbe0 net/core/rtnetlink.c:6958
netlink_rcv_skb+0x232/0x4b0 net/netlink/af_netlink.c:2550
netlink_unicast_kernel net/netlink/af_netlink.c:1318 [inline]
netlink_unicast+0x80f/0x9b0 net/netlink/af_netlink.c:1344
netlink_sendmsg+0x813/0xb40 net/netlink/af_netlink.c:1894
sock_sendmsg_nosec+0x18f/0x1d0 net/socket.c:737
Call trace for netdevsim0[20] -2 at
__dev_put include/linux/netdevice.h:4389 [inline]
netdev_put include/linux/netdevice.h:4456 [inline]
dev_put include/linux/netdevice.h:4481 [inline]
update_gid_event_work_handler+0x84/0xf0 drivers/infiniband/core/roce_gid_mgmt.c:861
process_one_work+0x949/0x1650 kernel/workqueue.c:3279
Call trace for netdevsim0[21] +1 at
__dev_hold include/linux/netdevice.h:4403 [inline]
netdev_hold include/linux/netdevice.h:4446 [inline]
dev_hold include/linux/netdevice.h:4469 [inline]
dev_get_by_index+0x1b3/0x2f0 net/core/dev.c:995
netdev_get_by_index+0x25/0xb0 net/core/dev.c:1018
fib6_nh_init+0x1f2/0x2010 net/ipv6/route.c:3598
ip6_route_info_create_nh+0x16a/0xad0 net/ipv6/route.c:3898
ip6_route_add+0x6e/0x1b0 net/ipv6/route.c:3950
addrconf_prefix_route+0x3a2/0x480 net/ipv6/addrconf.c:2488
addrconf_add_linklocal+0x266/0x460 net/ipv6/addrconf.c:3313
addrconf_addr_gen+0x2f8/0x360 net/ipv6/addrconf.c:3447
addrconf_notify+0xb1e/0x1050 net/ipv6/addrconf.c:3745
notifier_call_chain+0x1be/0x400 kernel/notifier.c:85
call_netdevice_notifiers_extack net/core/dev.c:2281 [inline]
call_netdevice_notifiers net/core/dev.c:2295 [inline]
__dev_notify_flags+0x1a9/0x310 net/core/dev.c:9788
netif_change_flags+0xe8/0x1a0 net/core/dev.c:9817
do_setlink+0xf82/0x4590 net/core/rtnetlink.c:3158
rtnl_changelink net/core/rtnetlink.c:3776 [inline]
__rtnl_newlink net/core/rtnetlink.c:3935 [inline]
rtnl_newlink+0x15a9/0x1be0 net/core/rtnetlink.c:4072
rtnetlink_rcv_msg+0x7d5/0xbe0 net/core/rtnetlink.c:6958
netlink_rcv_skb+0x232/0x4b0 net/netlink/af_netlink.c:2550
netlink_unicast_kernel net/netlink/af_netlink.c:1318 [inline]
netlink_unicast+0x80f/0x9b0 net/netlink/af_netlink.c:1344
netlink_sendmsg+0x813/0xb40 net/netlink/af_netlink.c:1894
sock_sendmsg_nosec+0x18f/0x1d0 net/socket.c:737
Call trace for netdevsim0[22] +2 at
__dev_hold include/linux/netdevice.h:4403 [inline]
netdev_hold include/linux/netdevice.h:4446 [inline]
dst_init+0x6f/0x490 net/core/dst.c:52
dst_alloc+0x12a/0x170 net/core/dst.c:94
ip6_dst_alloc net/ipv6/route.c:342 [inline]
icmp6_dst_alloc+0x75/0x440 net/ipv6/route.c:3333
mld_sendpack+0x6ba/0xe40 net/ipv6/mcast.c:1844
mld_send_cr net/ipv6/mcast.c:2154 [inline]
mld_ifc_work+0x835/0xe70 net/ipv6/mcast.c:2693
process_one_work+0x949/0x1650 kernel/workqueue.c:3279
Call trace for netdevsim0[23] +1 at
__dev_hold include/linux/netdevice.h:4403 [inline]
netdev_hold include/linux/netdevice.h:4446 [inline]
___neigh_create+0xc3d/0x2290 net/core/neighbour.c:664
ip6_finish_output2+0x1038/0x1360 net/ipv6/ip6_output.c:128
NF_HOOK_COND include/linux/netfilter.h:307 [inline]
ip6_output+0x340/0x550 net/ipv6/ip6_output.c:247
NF_HOOK+0xa2/0x3a0 include/linux/netfilter.h:318
mld_sendpack+0x8b4/0xe40 net/ipv6/mcast.c:1855
mld_send_cr net/ipv6/mcast.c:2154 [inline]
mld_ifc_work+0x835/0xe70 net/ipv6/mcast.c:2693
process_one_work+0x949/0x1650 kernel/workqueue.c:3279
Call trace for netdevsim0[24] -11 at
__dev_put include/linux/netdevice.h:4389 [inline]
netdev_put include/linux/netdevice.h:4456 [inline]
dst_destroy+0x117/0x360 net/core/dst.c:115
rcu_do_batch kernel/rcu/tree.c:2617 [inline]
rcu_core+0x7cd/0x1070 kernel/rcu/tree.c:2869
handle_softirqs+0x22a/0x870 kernel/softirq.c:626
Call trace for netdevsim0[25] +1 at
__dev_hold include/linux/netdevice.h:4403 [inline]
netdev_hold include/linux/netdevice.h:4446 [inline]
dst_init+0x6f/0x490 net/core/dst.c:52
dst_alloc+0x12a/0x170 net/core/dst.c:94
ip6_dst_alloc net/ipv6/route.c:342 [inline]
icmp6_dst_alloc+0x75/0x440 net/ipv6/route.c:3333
ndisc_send_skb+0x42d/0x14e0 net/ipv6/ndisc.c:491
ndisc_send_ns+0xd7/0x160 net/ipv6/ndisc.c:670
addrconf_dad_work+0xac4/0x14c0 net/ipv6/addrconf.c:4287
process_one_work+0x949/0x1650 kernel/workqueue.c:3279
Call trace for netdevsim0[26] +1 at
__dev_hold include/linux/netdevice.h:4403 [inline]
netdev_hold include/linux/netdevice.h:4446 [inline]
___neigh_create+0xc3d/0x2290 net/core/neighbour.c:664
ip6_finish_output2+0x1038/0x1360 net/ipv6/ip6_output.c:128
NF_HOOK_COND include/linux/netfilter.h:307 [inline]
ip6_output+0x340/0x550 net/ipv6/ip6_output.c:247
NF_HOOK include/linux/netfilter.h:318 [inline]
ndisc_send_skb+0xbaa/0x14e0 net/ipv6/ndisc.c:512
ndisc_send_ns+0xd7/0x160 net/ipv6/ndisc.c:670
addrconf_dad_work+0xac4/0x14c0 net/ipv6/addrconf.c:4287
process_one_work+0x949/0x1650 kernel/workqueue.c:3279
Call trace for netdevsim0[27] +1 at
__dev_hold include/linux/netdevice.h:4403 [inline]
netdev_hold include/linux/netdevice.h:4446 [inline]
dst_init+0x6f/0x490 net/core/dst.c:52
dst_alloc+0x12a/0x170 net/core/dst.c:94
ip6_dst_alloc net/ipv6/route.c:342 [inline]
icmp6_dst_alloc+0x75/0x440 net/ipv6/route.c:3333
mld_sendpack+0x6ba/0xe40 net/ipv6/mcast.c:1844
ipv6_mc_dad_complete+0x88/0x540 net/ipv6/mcast.c:2279
addrconf_dad_completed+0x8a7/0xe60 net/ipv6/addrconf.c:4345
addrconf_dad_work+0xc5e/0x14c0 net/ipv6/addrconf.c:-1
process_one_work+0x949/0x1650 kernel/workqueue.c:3279
Call trace for netdevsim0[28] +1 at
__dev_hold include/linux/netdevice.h:4403 [inline]
netdev_hold include/linux/netdevice.h:4446 [inline]
dst_init+0x6f/0x490 net/core/dst.c:52
dst_alloc+0x12a/0x170 net/core/dst.c:94
ip6_dst_alloc net/ipv6/route.c:342 [inline]
icmp6_dst_alloc+0x75/0x440 net/ipv6/route.c:3333
ndisc_send_skb+0x42d/0x14e0 net/ipv6/ndisc.c:491
addrconf_dad_completed+0x909/0xe60 net/ipv6/addrconf.c:4365
addrconf_dad_work+0xc5e/0x14c0 net/ipv6/addrconf.c:-1
process_one_work+0x949/0x1650 kernel/workqueue.c:3279
Call trace for netdevsim0[29] +1 at
__dev_hold include/linux/netdevice.h:4403 [inline]
netdev_hold include/linux/netdevice.h:4446 [inline]
___neigh_create+0xc3d/0x2290 net/core/neighbour.c:664
ip6_finish_output2+0x1038/0x1360 net/ipv6/ip6_output.c:128
NF_HOOK_COND include/linux/netfilter.h:307 [inline]
ip6_output+0x340/0x550 net/ipv6/ip6_output.c:247
NF_HOOK include/linux/netfilter.h:318 [inline]
ndisc_send_skb+0xbaa/0x14e0 net/ipv6/ndisc.c:512
addrconf_dad_completed+0x909/0xe60 net/ipv6/addrconf.c:4365
addrconf_dad_work+0xc5e/0x14c0 net/ipv6/addrconf.c:-1
process_one_work+0x949/0x1650 kernel/workqueue.c:3279
Call trace for netdevsim0[30] +1 at
__dev_hold include/linux/netdevice.h:4403 [inline]
netdev_hold include/linux/netdevice.h:4446 [inline]
dst_init+0x6f/0x490 net/core/dst.c:52
dst_alloc+0x12a/0x170 net/core/dst.c:94
ip6_dst_alloc net/ipv6/route.c:342 [inline]
icmp6_dst_alloc+0x75/0x440 net/ipv6/route.c:3333
mld_sendpack+0x6ba/0xe40 net/ipv6/mcast.c:1844
mld_dad_work+0x45/0x5b0 net/ipv6/mcast.c:2294
process_one_work+0x949/0x1650 kernel/workqueue.c:3279
Call trace for netdevsim0[31] +5 at
__dev_hold include/linux/netdevice.h:4403 [inline]
netdev_hold include/linux/netdevice.h:4446 [inline]
dst_init+0x6f/0x490 net/core/dst.c:52
dst_alloc+0x12a/0x170 net/core/dst.c:94
ip6_dst_alloc net/ipv6/route.c:342 [inline]
icmp6_dst_alloc+0x75/0x440 net/ipv6/route.c:3333
ndisc_send_skb+0x42d/0x14e0 net/ipv6/ndisc.c:491
addrconf_rs_timer+0x395/0x6d0 net/ipv6/addrconf.c:4042
call_timer_fn+0x192/0x640 kernel/time/timer.c:1748
expire_timers kernel/time/timer.c:1799 [inline]
__run_timers kernel/time/timer.c:2373 [inline]
__run_timer_base+0x652/0x8b0 kernel/time/timer.c:2385
run_timer_base kernel/time/timer.c:2394 [inline]
run_timer_softirq+0xb7/0x170 kernel/time/timer.c:2404
handle_softirqs+0x22a/0x870 kernel/softirq.c:626
Call trace for netdevsim0[32] -3 at
__dev_put include/linux/netdevice.h:4389 [inline]
netdev_put include/linux/netdevice.h:4456 [inline]
neigh_destroy+0x35c/0x5d0 net/core/neighbour.c:940
neigh_remove_one+0x46d/0x4c0 net/core/neighbour.c:249
neigh_forced_gc net/core/neighbour.c:280 [inline]
neigh_alloc net/core/neighbour.c:512 [inline]
___neigh_create+0x485/0x2290 net/core/neighbour.c:655
ip6_finish_output2+0x1038/0x1360 net/ipv6/ip6_output.c:128
NF_HOOK_COND include/linux/netfilter.h:307 [inline]
ip6_output+0x340/0x550 net/ipv6/ip6_output.c:247
NF_HOOK include/linux/netfilter.h:318 [inline]
ndisc_send_skb+0xbaa/0x14e0 net/ipv6/ndisc.c:512
addrconf_rs_timer+0x395/0x6d0 net/ipv6/addrconf.c:4042
call_timer_fn+0x192/0x640 kernel/time/timer.c:1748
expire_timers kernel/time/timer.c:1799 [inline]
__run_timers kernel/time/timer.c:2373 [inline]
__run_timer_base+0x652/0x8b0 kernel/time/timer.c:2385
run_timer_base kernel/time/timer.c:2394 [inline]
run_timer_softirq+0xb7/0x170 kernel/time/timer.c:2404
handle_softirqs+0x22a/0x870 kernel/softirq.c:626
Call trace for netdevsim0[33] +1 at
__dev_hold include/linux/netdevice.h:4403 [inline]
netdev_hold include/linux/netdevice.h:4446 [inline]
ethnl_default_dumpit+0x1ed/0x630 net/ethtool/netlink.c:626
genl_dumpit+0x10b/0x1b0 net/netlink/genetlink.c:1027
netlink_dump+0x722/0xe80 net/netlink/af_netlink.c:2325
__netlink_dump_start+0x5cb/0x7e0 net/netlink/af_netlink.c:2440
genl_family_rcv_msg_dumpit+0x213/0x310 net/netlink/genetlink.c:1076
genl_family_rcv_msg net/netlink/genetlink.c:1192 [inline]
genl_rcv_msg+0x5e8/0x7a0 net/netlink/genetlink.c:1210
netlink_rcv_skb+0x232/0x4b0 net/netlink/af_netlink.c:2550
genl_rcv+0x28/0x40 net/netlink/genetlink.c:1219
netlink_unicast_kernel net/netlink/af_netlink.c:1318 [inline]
netlink_unicast+0x80f/0x9b0 net/netlink/af_netlink.c:1344
netlink_sendmsg+0x813/0xb40 net/netlink/af_netlink.c:1894
sock_sendmsg_nosec+0x18f/0x1d0 net/socket.c:737
Call trace for netdevsim0[34] -1 at
__dev_put include/linux/netdevice.h:4389 [inline]
netdev_put include/linux/netdevice.h:4456 [inline]
ethnl_default_dumpit+0x404/0x630 net/ethtool/netlink.c:632
genl_dumpit+0x10b/0x1b0 net/netlink/genetlink.c:1027
netlink_dump+0x722/0xe80 net/netlink/af_netlink.c:2325
__netlink_dump_start+0x5cb/0x7e0 net/netlink/af_netlink.c:2440
genl_family_rcv_msg_dumpit+0x213/0x310 net/netlink/genetlink.c:1076
genl_family_rcv_msg net/netlink/genetlink.c:1192 [inline]
genl_rcv_msg+0x5e8/0x7a0 net/netlink/genetlink.c:1210
netlink_rcv_skb+0x232/0x4b0 net/netlink/af_netlink.c:2550
genl_rcv+0x28/0x40 net/netlink/genetlink.c:1219
netlink_unicast_kernel net/netlink/af_netlink.c:1318 [inline]
netlink_unicast+0x80f/0x9b0 net/netlink/af_netlink.c:1344
netlink_sendmsg+0x813/0xb40 net/netlink/af_netlink.c:1894
sock_sendmsg_nosec+0x18f/0x1d0 net/socket.c:737
Call trace for netdevsim0[35] +2 at
__dev_hold include/linux/netdevice.h:4403 [inline]
netdev_hold include/linux/netdevice.h:4446 [inline]
___neigh_create+0xc3d/0x2290 net/core/neighbour.c:664
ip6_finish_output2+0x1038/0x1360 net/ipv6/ip6_output.c:128
NF_HOOK_COND include/linux/netfilter.h:307 [inline]
ip6_output+0x340/0x550 net/ipv6/ip6_output.c:247
NF_HOOK include/linux/netfilter.h:318 [inline]
ndisc_send_skb+0xbaa/0x14e0 net/ipv6/ndisc.c:512
addrconf_rs_timer+0x395/0x6d0 net/ipv6/addrconf.c:4042
call_timer_fn+0x192/0x640 kernel/time/timer.c:1748
expire_timers kernel/time/timer.c:1799 [inline]
__run_timers kernel/time/timer.c:2373 [inline]
__run_timer_base+0x652/0x8b0 kernel/time/timer.c:2385
run_timer_base kernel/time/timer.c:2394 [inline]
run_timer_softirq+0xb7/0x170 kernel/time/timer.c:2404
handle_softirqs+0x22a/0x870 kernel/softirq.c:626
Call trace for netdevsim0[36] +1 at
__dev_hold include/linux/netdevice.h:4403 [inline]
netdev_hold include/linux/netdevice.h:4446 [inline]
dev_hold include/linux/netdevice.h:4469 [inline]
dev_get_by_index+0x1b3/0x2f0 net/core/dev.c:995
xfrm_dev_state_add+0x33a/0xc40 net/xfrm/xfrm_device.c:268
xfrm_state_construct net/xfrm/xfrm_user.c:986 [inline]
xfrm_add_sa+0x34ca/0x4230 net/xfrm/xfrm_user.c:1022
xfrm_user_rcv_msg+0x746/0xb20 net/xfrm/xfrm_user.c:3507
netlink_rcv_skb+0x232/0x4b0 net/netlink/af_netlink.c:2550
xfrm_netlink_rcv+0x79/0x90 net/xfrm/xfrm_user.c:3529
netlink_unicast_kernel net/netlink/af_netlink.c:1318 [inline]
netlink_unicast+0x80f/0x9b0 net/netlink/af_netlink.c:1344
netlink_sendmsg+0x813/0xb40 net/netlink/af_netlink.c:1894
sock_sendmsg_nosec+0x18f/0x1d0 net/socket.c:737
Call trace for netdevsim0[37] -1 at
__dev_put include/linux/netdevice.h:4389 [inline]
netdev_put include/linux/netdevice.h:4456 [inline]
neigh_destroy+0x35c/0x5d0 net/core/neighbour.c:940
neigh_periodic_work+0xb4f/0xe50 net/core/neighbour.c:1029
process_one_work+0x949/0x1650 kernel/workqueue.c:3279
process_scheduled_works kernel/workqueue.c:3362 [inline]
worker_thread+0xb46/0x1140 kernel/workqueue.c:3443
kthread+0x388/0x470 kernel/kthread.c:467
ret_from_fork+0x51e/0xb90 arch/x86/kernel/process.c:158
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
Call trace for netdevsim0[38] +1 at
__dev_hold include/linux/netdevice.h:4403 [inline]
netdev_hold include/linux/netdevice.h:4446 [inline]
linkwatch_add_event net/core/link_watch.c:131 [inline]
linkwatch_fire_event+0x166/0x220 net/core/link_watch.c:314
nsim_stop+0x88/0x430 drivers/net/netdevsim/netdev.c:595
__dev_close_many+0x368/0x6d0 net/core/dev.c:1768
netif_close_many+0x225/0x420 net/core/dev.c:1793
netif_close_many_and_unlock net/core/dev.c:12317 [inline]
unregister_netdevice_many_notify+0x81f/0x2380 net/core/dev.c:12381
unregister_netdevice_many net/core/dev.c:12480 [inline]
unregister_netdevice_queue+0x31f/0x360 net/core/dev.c:12294
unregister_netdevice include/linux/netdevice.h:3414 [inline]
nsim_destroy+0x1e5/0x680 drivers/net/netdevsim/netdev.c:1183
__nsim_dev_port_del+0x14d/0x1b0 drivers/net/netdevsim/dev.c:1529
nsim_dev_port_del_all drivers/net/netdevsim/dev.c:1541 [inline]
nsim_dev_reload_destroy+0x288/0x490 drivers/net/netdevsim/dev.c:1765
nsim_dev_reload_down+0x8a/0xc0 drivers/net/netdevsim/dev.c:1039
devlink_reload+0x1d1/0x8e0 net/devlink/dev.c:461
devlink_nl_reload_doit+0xaaa/0xc80 net/devlink/dev.c:584
genl_family_rcv_msg_doit+0x22a/0x330 net/netlink/genetlink.c:1115
genl_family_rcv_msg net/netlink/genetlink.c:1195 [inline]
genl_rcv_msg+0x61c/0x7a0 net/netlink/genetlink.c:1210
netlink_rcv_skb+0x232/0x4b0 net/netlink/af_netlink.c:2550
genl_rcv+0x28/0x40 net/netlink/genetlink.c:1219
netlink_unicast_kernel net/netlink/af_netlink.c:1318 [inline]
netlink_unicast+0x80f/0x9b0 net/netlink/af_netlink.c:1344
netlink_sendmsg+0x813/0xb40 net/netlink/af_netlink.c:1894
sock_sendmsg_nosec+0x18f/0x1d0 net/socket.c:737
Call trace for netdevsim0[39] -1 at
__dev_put include/linux/netdevice.h:4389 [inline]
netdev_put include/linux/netdevice.h:4456 [inline]
neigh_destroy+0x35c/0x5d0 net/core/neighbour.c:940
neigh_flush_dev net/core/neighbour.c:433 [inline]
__neigh_ifdown+0x1e8/0x8c0 net/core/neighbour.c:467
neigh_ifdown+0x1f/0x30 net/core/neighbour.c:491
rt6_disable_ip+0x776/0x7f0 net/ipv6/route.c:5018
addrconf_ifdown+0x161/0x1a40 net/ipv6/addrconf.c:3858
addrconf_notify+0x1bc/0x1050 net/ipv6/addrconf.c:-1
notifier_call_chain+0x1be/0x400 kernel/notifier.c:85
call_netdevice_notifiers_extack net/core/dev.c:2281 [inline]
call_netdevice_notifiers net/core/dev.c:2295 [inline]
netif_close_many+0x2ae/0x420 net/core/dev.c:1797
netif_close_many_and_unlock net/core/dev.c:12317 [inline]
unregister_netdevice_many_notify+0x81f/0x2380 net/core/dev.c:12381
unregister_netdevice_many net/core/dev.c:12480 [inline]
unregister_netdevice_queue+0x31f/0x360 net/core/dev.c:12294
unregister_netdevice include/linux/netdevice.h:3414 [inline]
nsim_destroy+0x1e5/0x680 drivers/net/netdevsim/netdev.c:1183
__nsim_dev_port_del+0x14d/0x1b0 drivers/net/netdevsim/dev.c:1529
nsim_dev_port_del_all drivers/net/netdevsim/dev.c:1541 [inline]
nsim_dev_reload_destroy+0x288/0x490 drivers/net/netdevsim/dev.c:1765
nsim_dev_reload_down+0x8a/0xc0 drivers/net/netdevsim/dev.c:1039
devlink_reload+0x1d1/0x8e0 net/devlink/dev.c:461
devlink_nl_reload_doit+0xaaa/0xc80 net/devlink/dev.c:584
genl_family_rcv_msg_doit+0x22a/0x330 net/netlink/genetlink.c:1115
genl_family_rcv_msg net/netlink/genetlink.c:1195 [inline]
genl_rcv_msg+0x61c/0x7a0 net/netlink/genetlink.c:1210
netlink_rcv_skb+0x232/0x4b0 net/netlink/af_netlink.c:2550
genl_rcv+0x28/0x40 net/netlink/genetlink.c:1219
Call trace for netdevsim0[40] +1 at
__dev_hold include/linux/netdevice.h:4403 [inline]
netdev_hold include/linux/netdevice.h:4446 [inline]
dev_hold include/linux/netdevice.h:4469 [inline]
addr_event+0x302/0x480 drivers/infiniband/core/roce_gid_mgmt.c:897
inet6addr_event+0x9f/0xd0 drivers/infiniband/core/roce_gid_mgmt.c:930
notifier_call_chain+0x1be/0x400 kernel/notifier.c:85
atomic_notifier_call_chain+0xda/0x180 kernel/notifier.c:223
addrconf_ifdown+0xeb3/0x1a40 net/ipv6/addrconf.c:3983
addrconf_notify+0x1bc/0x1050 net/ipv6/addrconf.c:-1
notifier_call_chain+0x1be/0x400 kernel/notifier.c:85
call_netdevice_notifiers_extack net/core/dev.c:2281 [inline]
call_netdevice_notifiers net/core/dev.c:2295 [inline]
netif_close_many+0x2ae/0x420 net/core/dev.c:1797
netif_close_many_and_unlock net/core/dev.c:12317 [inline]
unregister_netdevice_many_notify+0x81f/0x2380 net/core/dev.c:12381
unregister_netdevice_many net/core/dev.c:12480 [inline]
unregister_netdevice_queue+0x31f/0x360 net/core/dev.c:12294
unregister_netdevice include/linux/netdevice.h:3414 [inline]
nsim_destroy+0x1e5/0x680 drivers/net/netdevsim/netdev.c:1183
__nsim_dev_port_del+0x14d/0x1b0 drivers/net/netdevsim/dev.c:1529
nsim_dev_port_del_all drivers/net/netdevsim/dev.c:1541 [inline]
nsim_dev_reload_destroy+0x288/0x490 drivers/net/netdevsim/dev.c:1765
nsim_dev_reload_down+0x8a/0xc0 drivers/net/netdevsim/dev.c:1039
devlink_reload+0x1d1/0x8e0 net/devlink/dev.c:461
devlink_nl_reload_doit+0xaaa/0xc80 net/devlink/dev.c:584
genl_family_rcv_msg_doit+0x22a/0x330 net/netlink/genetlink.c:1115
genl_family_rcv_msg net/netlink/genetlink.c:1195 [inline]
genl_rcv_msg+0x61c/0x7a0 net/netlink/genetlink.c:1210
netlink_rcv_skb+0x232/0x4b0 net/netlink/af_netlink.c:2550
genl_rcv+0x28/0x40 net/netlink/genetlink.c:1219
Call trace for netdevsim0[41] -1 at
__dev_put include/linux/netdevice.h:4389 [inline]
netdev_put include/linux/netdevice.h:4456 [inline]
__qdisc_destroy+0x1c9/0x450 net/sched/sch_generic.c:1081
qdisc_put net/sched/sch_generic.c:1105 [inline]
dev_shutdown+0x34c/0x440 net/sched/sch_generic.c:1493
unregister_netdevice_many_notify+0x11a9/0x2380 net/core/dev.c:12405
unregister_netdevice_many net/core/dev.c:12480 [inline]
unregister_netdevice_queue+0x31f/0x360 net/core/dev.c:12294
unregister_netdevice include/linux/netdevice.h:3414 [inline]
nsim_destroy+0x1e5/0x680 drivers/net/netdevsim/netdev.c:1183
__nsim_dev_port_del+0x14d/0x1b0 drivers/net/netdevsim/dev.c:1529
nsim_dev_port_del_all drivers/net/netdevsim/dev.c:1541 [inline]
nsim_dev_reload_destroy+0x288/0x490 drivers/net/netdevsim/dev.c:1765
nsim_dev_reload_down+0x8a/0xc0 drivers/net/netdevsim/dev.c:1039
devlink_reload+0x1d1/0x8e0 net/devlink/dev.c:461
devlink_nl_reload_doit+0xaaa/0xc80 net/devlink/dev.c:584
genl_family_rcv_msg_doit+0x22a/0x330 net/netlink/genetlink.c:1115
genl_family_rcv_msg net/netlink/genetlink.c:1195 [inline]
genl_rcv_msg+0x61c/0x7a0 net/netlink/genetlink.c:1210
netlink_rcv_skb+0x232/0x4b0 net/netlink/af_netlink.c:2550
genl_rcv+0x28/0x40 net/netlink/genetlink.c:1219
netlink_unicast_kernel net/netlink/af_netlink.c:1318 [inline]
netlink_unicast+0x80f/0x9b0 net/netlink/af_netlink.c:1344
netlink_sendmsg+0x813/0xb40 net/netlink/af_netlink.c:1894
sock_sendmsg_nosec+0x18f/0x1d0 net/socket.c:737
Call trace for netdevsim0[42] +1 at
__dev_hold include/linux/netdevice.h:4403 [inline]
netdev_hold include/linux/netdevice.h:4446 [inline]
dev_hold include/linux/netdevice.h:4469 [inline]
netdevice_queue_work drivers/infiniband/core/roce_gid_mgmt.c:698 [inline]
netdevice_event+0x4ea/0x8d0 drivers/infiniband/core/roce_gid_mgmt.c:849
notifier_call_chain+0x1be/0x400 kernel/notifier.c:85
call_netdevice_notifiers_extack net/core/dev.c:2281 [inline]
call_netdevice_notifiers net/core/dev.c:2295 [inline]
unregister_netdevice_many_notify+0x186a/0x2380 net/core/dev.c:12417
unregister_netdevice_many net/core/dev.c:12480 [inline]
unregister_netdevice_queue+0x31f/0x360 net/core/dev.c:12294
unregister_netdevice include/linux/netdevice.h:3414 [inline]
nsim_destroy+0x1e5/0x680 drivers/net/netdevsim/netdev.c:1183
__nsim_dev_port_del+0x14d/0x1b0 drivers/net/netdevsim/dev.c:1529
nsim_dev_port_del_all drivers/net/netdevsim/dev.c:1541 [inline]
nsim_dev_reload_destroy+0x288/0x490 drivers/net/netdevsim/dev.c:1765
nsim_dev_reload_down+0x8a/0xc0 drivers/net/netdevsim/dev.c:1039
devlink_reload+0x1d1/0x8e0 net/devlink/dev.c:461
devlink_nl_reload_doit+0xaaa/0xc80 net/devlink/dev.c:584
genl_family_rcv_msg_doit+0x22a/0x330 net/netlink/genetlink.c:1115
genl_family_rcv_msg net/netlink/genetlink.c:1195 [inline]
genl_rcv_msg+0x61c/0x7a0 net/netlink/genetlink.c:1210
netlink_rcv_skb+0x232/0x4b0 net/netlink/af_netlink.c:2550
genl_rcv+0x28/0x40 net/netlink/genetlink.c:1219
netlink_unicast_kernel net/netlink/af_netlink.c:1318 [inline]
netlink_unicast+0x80f/0x9b0 net/netlink/af_netlink.c:1344
netlink_sendmsg+0x813/0xb40 net/netlink/af_netlink.c:1894
sock_sendmsg_nosec+0x18f/0x1d0 net/socket.c:737
Call trace for netdevsim0[43] +1 at
__dev_hold include/linux/netdevice.h:4403 [inline]
netdev_hold include/linux/netdevice.h:4446 [inline]
dev_hold include/linux/netdevice.h:4469 [inline]
netdevice_queue_work drivers/infiniband/core/roce_gid_mgmt.c:699 [inline]
netdevice_event+0x593/0x8d0 drivers/infiniband/core/roce_gid_mgmt.c:849
notifier_call_chain+0x1be/0x400 kernel/notifier.c:85
call_netdevice_notifiers_extack net/core/dev.c:2281 [inline]
call_netdevice_notifiers net/core/dev.c:2295 [inline]
unregister_netdevice_many_notify+0x186a/0x2380 net/core/dev.c:12417
unregister_netdevice_many net/core/dev.c:12480 [inline]
unregister_netdevice_queue+0x31f/0x360 net/core/dev.c:12294
unregister_netdevice include/linux/netdevice.h:3414 [inline]
nsim_destroy+0x1e5/0x680 drivers/net/netdevsim/netdev.c:1183
__nsim_dev_port_del+0x14d/0x1b0 drivers/net/netdevsim/dev.c:1529
nsim_dev_port_del_all drivers/net/netdevsim/dev.c:1541 [inline]
nsim_dev_reload_destroy+0x288/0x490 drivers/net/netdevsim/dev.c:1765
nsim_dev_reload_down+0x8a/0xc0 drivers/net/netdevsim/dev.c:1039
devlink_reload+0x1d1/0x8e0 net/devlink/dev.c:461
devlink_nl_reload_doit+0xaaa/0xc80 net/devlink/dev.c:584
genl_family_rcv_msg_doit+0x22a/0x330 net/netlink/genetlink.c:1115
genl_family_rcv_msg net/netlink/genetlink.c:1195 [inline]
genl_rcv_msg+0x61c/0x7a0 net/netlink/genetlink.c:1210
netlink_rcv_skb+0x232/0x4b0 net/netlink/af_netlink.c:2550
genl_rcv+0x28/0x40 net/netlink/genetlink.c:1219
netlink_unicast_kernel net/netlink/af_netlink.c:1318 [inline]
netlink_unicast+0x80f/0x9b0 net/netlink/af_netlink.c:1344
netlink_sendmsg+0x813/0xb40 net/netlink/af_netlink.c:1894
sock_sendmsg_nosec+0x18f/0x1d0 net/socket.c:737
Call trace for netdevsim0[44] -1 at
__dev_put include/linux/netdevice.h:4389 [inline]
netdev_put include/linux/netdevice.h:4456 [inline]
neigh_parms_release+0x170/0x200 net/core/neighbour.c:1817
inetdev_destroy net/ipv4/devinet.c:335 [inline]
inetdev_event+0x7f4/0x1610 net/ipv4/devinet.c:1655
notifier_call_chain+0x1be/0x400 kernel/notifier.c:85
call_netdevice_notifiers_extack net/core/dev.c:2281 [inline]
call_netdevice_notifiers net/core/dev.c:2295 [inline]
unregister_netdevice_many_notify+0x186a/0x2380 net/core/dev.c:12417
unregister_netdevice_many net/core/dev.c:12480 [inline]
unregister_netdevice_queue+0x31f/0x360 net/core/dev.c:12294
unregister_netdevice include/linux/netdevice.h:3414 [inline]
nsim_destroy+0x1e5/0x680 drivers/net/netdevsim/netdev.c:1183
__nsim_dev_port_del+0x14d/0x1b0 drivers/net/netdevsim/dev.c:1529
nsim_dev_port_del_all drivers/net/netdevsim/dev.c:1541 [inline]
nsim_dev_reload_destroy+0x288/0x490 drivers/net/netdevsim/dev.c:1765
nsim_dev_reload_down+0x8a/0xc0 drivers/net/netdevsim/dev.c:1039
devlink_reload+0x1d1/0x8e0 net/devlink/dev.c:461
devlink_nl_reload_doit+0xaaa/0xc80 net/devlink/dev.c:584
genl_family_rcv_msg_doit+0x22a/0x330 net/netlink/genetlink.c:1115
genl_family_rcv_msg net/netlink/genetlink.c:1195 [inline]
genl_rcv_msg+0x61c/0x7a0 net/netlink/genetlink.c:1210
netlink_rcv_skb+0x232/0x4b0 net/netlink/af_netlink.c:2550
genl_rcv+0x28/0x40 net/netlink/genetlink.c:1219
netlink_unicast_kernel net/netlink/af_netlink.c:1318 [inline]
netlink_unicast+0x80f/0x9b0 net/netlink/af_netlink.c:1344
netlink_sendmsg+0x813/0xb40 net/netlink/af_netlink.c:1894
sock_sendmsg_nosec+0x18f/0x1d0 net/socket.c:737
Call trace for netdevsim0[45] -1 at
__dev_put include/linux/netdevice.h:4389 [inline]
netdev_put include/linux/netdevice.h:4456 [inline]
in_dev_finish_destroy+0xa7/0x1a0 net/ipv4/devinet.c:258
in_dev_put include/linux/inetdevice.h:290 [inline]
inetdev_destroy net/ipv4/devinet.c:338 [inline]
inetdev_event+0x83b/0x1610 net/ipv4/devinet.c:1655
notifier_call_chain+0x1be/0x400 kernel/notifier.c:85
call_netdevice_notifiers_extack net/core/dev.c:2281 [inline]
call_netdevice_notifiers net/core/dev.c:2295 [inline]
unregister_netdevice_many_notify+0x186a/0x2380 net/core/dev.c:12417
unregister_netdevice_many net/core/dev.c:12480 [inline]
unregister_netdevice_queue+0x31f/0x360 net/core/dev.c:12294
unregister_netdevice include/linux/netdevice.h:3414 [inline]
nsim_destroy+0x1e5/0x680 drivers/net/netdevsim/netdev.c:1183
__nsim_dev_port_del+0x14d/0x1b0 drivers/net/netdevsim/dev.c:1529
nsim_dev_port_del_all drivers/net/netdevsim/dev.c:1541 [inline]
nsim_dev_reload_destroy+0x288/0x490 drivers/net/netdevsim/dev.c:1765
nsim_dev_reload_down+0x8a/0xc0 drivers/net/netdevsim/dev.c:1039
devlink_reload+0x1d1/0x8e0 net/devlink/dev.c:461
devlink_nl_reload_doit+0xaaa/0xc80 net/devlink/dev.c:584
genl_family_rcv_msg_doit+0x22a/0x330 net/netlink/genetlink.c:1115
genl_family_rcv_msg net/netlink/genetlink.c:1195 [inline]
genl_rcv_msg+0x61c/0x7a0 net/netlink/genetlink.c:1210
netlink_rcv_skb+0x232/0x4b0 net/netlink/af_netlink.c:2550
genl_rcv+0x28/0x40 net/netlink/genetlink.c:1219
netlink_unicast_kernel net/netlink/af_netlink.c:1318 [inline]
netlink_unicast+0x80f/0x9b0 net/netlink/af_netlink.c:1344
netlink_sendmsg+0x813/0xb40 net/netlink/af_netlink.c:1894
sock_sendmsg_nosec+0x18f/0x1d0 net/socket.c:737
Call trace for netdevsim0[46] -3 at
__dev_put include/linux/netdevice.h:4389 [inline]
netdev_put include/linux/netdevice.h:4456 [inline]
fib_nh_common_release+0x5c/0x430 net/ipv4/fib_semantics.c:204
fib6_info_destroy_rcu+0xca/0x1c0 net/ipv6/ip6_fib.c:177
rcu_do_batch kernel/rcu/tree.c:2617 [inline]
rcu_core+0x7cd/0x1070 kernel/rcu/tree.c:2869
handle_softirqs+0x22a/0x870 kernel/softirq.c:626
Call trace for netdevsim0[47] -1 at
__dev_put include/linux/netdevice.h:4389 [inline]
netdev_put include/linux/netdevice.h:4456 [inline]
neigh_parms_release+0x170/0x200 net/core/neighbour.c:1817
addrconf_ifdown+0x177b/0x1a40 net/ipv6/addrconf.c:4012
addrconf_notify+0x1bc/0x1050 net/ipv6/addrconf.c:-1
notifier_call_chain+0x1be/0x400 kernel/notifier.c:85
call_netdevice_notifiers_extack net/core/dev.c:2281 [inline]
call_netdevice_notifiers net/core/dev.c:2295 [inline]
unregister_netdevice_many_notify+0x186a/0x2380 net/core/dev.c:12417
unregister_netdevice_many net/core/dev.c:12480 [inline]
unregister_netdevice_queue+0x31f/0x360 net/core/dev.c:12294
unregister_netdevice include/linux/netdevice.h:3414 [inline]
nsim_destroy+0x1e5/0x680 drivers/net/netdevsim/netdev.c:1183
__nsim_dev_port_del+0x14d/0x1b0 drivers/net/netdevsim/dev.c:1529
nsim_dev_port_del_all drivers/net/netdevsim/dev.c:1541 [inline]
nsim_dev_reload_destroy+0x288/0x490 drivers/net/netdevsim/dev.c:1765
nsim_dev_reload_down+0x8a/0xc0 drivers/net/netdevsim/dev.c:1039
devlink_reload+0x1d1/0x8e0 net/devlink/dev.c:461
devlink_nl_reload_doit+0xaaa/0xc80 net/devlink/dev.c:584
genl_family_rcv_msg_doit+0x22a/0x330 net/netlink/genetlink.c:1115
genl_family_rcv_msg net/netlink/genetlink.c:1195 [inline]
genl_rcv_msg+0x61c/0x7a0 net/netlink/genetlink.c:1210
netlink_rcv_skb+0x232/0x4b0 net/netlink/af_netlink.c:2550
genl_rcv+0x28/0x40 net/netlink/genetlink.c:1219
netlink_unicast_kernel net/netlink/af_netlink.c:1318 [inline]
netlink_unicast+0x80f/0x9b0 net/netlink/af_netlink.c:1344
netlink_sendmsg+0x813/0xb40 net/netlink/af_netlink.c:1894
sock_sendmsg_nosec+0x18f/0x1d0 net/socket.c:737
Call trace for netdevsim0[48] -1 at
__dev_put include/linux/netdevice.h:4389 [inline]
netdev_put include/linux/netdevice.h:4456 [inline]
in6_dev_finish_destroy+0xdd/0x1e0 net/ipv6/addrconf_core.c:273
in6_dev_put include/net/addrconf.h:422 [inline]
addrconf_ifdown+0x17d1/0x1a40 net/ipv6/addrconf.c:4014
addrconf_notify+0x1bc/0x1050 net/ipv6/addrconf.c:-1
notifier_call_chain+0x1be/0x400 kernel/notifier.c:85
call_netdevice_notifiers_extack net/core/dev.c:2281 [inline]
call_netdevice_notifiers net/core/dev.c:2295 [inline]
unregister_netdevice_many_notify+0x186a/0x2380 net/core/dev.c:12417
unregister_netdevice_many net/core/dev.c:12480 [inline]
unregister_netdevice_queue+0x31f/0x360 net/core/dev.c:12294
unregister_netdevice include/linux/netdevice.h:3414 [inline]
nsim_destroy+0x1e5/0x680 drivers/net/netdevsim/netdev.c:1183
__nsim_dev_port_del+0x14d/0x1b0 drivers/net/netdevsim/dev.c:1529
nsim_dev_port_del_all drivers/net/netdevsim/dev.c:1541 [inline]
nsim_dev_reload_destroy+0x288/0x490 drivers/net/netdevsim/dev.c:1765
nsim_dev_reload_down+0x8a/0xc0 drivers/net/netdevsim/dev.c:1039
devlink_reload+0x1d1/0x8e0 net/devlink/dev.c:461
devlink_nl_reload_doit+0xaaa/0xc80 net/devlink/dev.c:584
genl_family_rcv_msg_doit+0x22a/0x330 net/netlink/genetlink.c:1115
genl_family_rcv_msg net/netlink/genetlink.c:1195 [inline]
genl_rcv_msg+0x61c/0x7a0 net/netlink/genetlink.c:1210
netlink_rcv_skb+0x232/0x4b0 net/netlink/af_netlink.c:2550
genl_rcv+0x28/0x40 net/netlink/genetlink.c:1219
netlink_unicast_kernel net/netlink/af_netlink.c:1318 [inline]
netlink_unicast+0x80f/0x9b0 net/netlink/af_netlink.c:1344
netlink_sendmsg+0x813/0xb40 net/netlink/af_netlink.c:1894
sock_sendmsg_nosec+0x18f/0x1d0 net/socket.c:737
Call trace for netdevsim0[49] -1 at
__dev_put include/linux/netdevice.h:4389 [inline]
netdev_put include/linux/netdevice.h:4456 [inline]
batadv_hardif_release net/batman-adv/hard-interface.c:55 [inline]
kref_put include/linux/kref.h:65 [inline]
batadv_hardif_put+0x8f/0x140 net/batman-adv/hard-interface.h:94
batadv_hard_if_event+0x624/0x1240 net/batman-adv/hard-interface.c:1008
notifier_call_chain+0x1be/0x400 kernel/notifier.c:85
call_netdevice_notifiers_extack net/core/dev.c:2281 [inline]
call_netdevice_notifiers net/core/dev.c:2295 [inline]
unregister_netdevice_many_notify+0x186a/0x2380 net/core/dev.c:12417
unregister_netdevice_many net/core/dev.c:12480 [inline]
unregister_netdevice_queue+0x31f/0x360 net/core/dev.c:12294
unregister_netdevice include/linux/netdevice.h:3414 [inline]
nsim_destroy+0x1e5/0x680 drivers/net/netdevsim/netdev.c:1183
__nsim_dev_port_del+0x14d/0x1b0 drivers/net/netdevsim/dev.c:1529
nsim_dev_port_del_all drivers/net/netdevsim/dev.c:1541 [inline]
nsim_dev_reload_destroy+0x288/0x490 drivers/net/netdevsim/dev.c:1765
nsim_dev_reload_down+0x8a/0xc0 drivers/net/netdevsim/dev.c:1039
devlink_reload+0x1d1/0x8e0 net/devlink/dev.c:461
devlink_nl_reload_doit+0xaaa/0xc80 net/devlink/dev.c:584
genl_family_rcv_msg_doit+0x22a/0x330 net/netlink/genetlink.c:1115
genl_family_rcv_msg net/netlink/genetlink.c:1195 [inline]
genl_rcv_msg+0x61c/0x7a0 net/netlink/genetlink.c:1210
netlink_rcv_skb+0x232/0x4b0 net/netlink/af_netlink.c:2550
genl_rcv+0x28/0x40 net/netlink/genetlink.c:1219
netlink_unicast_kernel net/netlink/af_netlink.c:1318 [inline]
netlink_unicast+0x80f/0x9b0 net/netlink/af_netlink.c:1344
netlink_sendmsg+0x813/0xb40 net/netlink/af_netlink.c:1894
sock_sendmsg_nosec+0x18f/0x1d0 net/socket.c:737
Call trace for netdevsim0[50] -1 at
__dev_put include/linux/netdevice.h:4389 [inline]
netdev_put include/linux/netdevice.h:4456 [inline]
dev_put include/linux/netdevice.h:4481 [inline]
udp_tunnel_nic_unregister net/ipv4/udp_tunnel_nic.c:913 [inline]
udp_tunnel_nic_netdevice_event+0x1582/0x17e0 net/ipv4/udp_tunnel_nic.c:942
notifier_call_chain+0x1be/0x400 kernel/notifier.c:85
call_netdevice_notifiers_extack net/core/dev.c:2281 [inline]
call_netdevice_notifiers net/core/dev.c:2295 [inline]
unregister_netdevice_many_notify+0x186a/0x2380 net/core/dev.c:12417
unregister_netdevice_many net/core/dev.c:12480 [inline]
unregister_netdevice_queue+0x31f/0x360 net/core/dev.c:12294
unregister_netdevice include/linux/netdevice.h:3414 [inline]
nsim_destroy+0x1e5/0x680 drivers/net/netdevsim/netdev.c:1183
__nsim_dev_port_del+0x14d/0x1b0 drivers/net/netdevsim/dev.c:1529
nsim_dev_port_del_all drivers/net/netdevsim/dev.c:1541 [inline]
nsim_dev_reload_destroy+0x288/0x490 drivers/net/netdevsim/dev.c:1765
nsim_dev_reload_down+0x8a/0xc0 drivers/net/netdevsim/dev.c:1039
devlink_reload+0x1d1/0x8e0 net/devlink/dev.c:461
devlink_nl_reload_doit+0xaaa/0xc80 net/devlink/dev.c:584
genl_family_rcv_msg_doit+0x22a/0x330 net/netlink/genetlink.c:1115
genl_family_rcv_msg net/netlink/genetlink.c:1195 [inline]
genl_rcv_msg+0x61c/0x7a0 net/netlink/genetlink.c:1210
netlink_rcv_skb+0x232/0x4b0 net/netlink/af_netlink.c:2550
genl_rcv+0x28/0x40 net/netlink/genetlink.c:1219
netlink_unicast_kernel net/netlink/af_netlink.c:1318 [inline]
netlink_unicast+0x80f/0x9b0 net/netlink/af_netlink.c:1344
netlink_sendmsg+0x813/0xb40 net/netlink/af_netlink.c:1894
sock_sendmsg_nosec+0x18f/0x1d0 net/socket.c:737
Call trace for netdevsim0[51] -1 at
__dev_put include/linux/netdevice.h:4389 [inline]
netdev_put include/linux/netdevice.h:4456 [inline]
rx_queue_release+0x126/0x1a0 net/core/net-sysfs.c:1181
kobject_cleanup lib/kobject.c:689 [inline]
kobject_release lib/kobject.c:720 [inline]
kref_put include/linux/kref.h:65 [inline]
kobject_put+0x228/0x560 lib/kobject.c:737
net_rx_queue_update_kobjects+0x6a6/0x750 net/core/net-sysfs.c:1338
remove_queue_kobjects net/core/net-sysfs.c:2169 [inline]
netdev_unregister_kobject+0x113/0x450 net/core/net-sysfs.c:2325
unregister_netdevice_many_notify+0x1e0e/0x2380 net/core/dev.c:12452
unregister_netdevice_many net/core/dev.c:12480 [inline]
unregister_netdevice_queue+0x31f/0x360 net/core/dev.c:12294
unregister_netdevice include/linux/netdevice.h:3414 [inline]
nsim_destroy+0x1e5/0x680 drivers/net/netdevsim/netdev.c:1183
__nsim_dev_port_del+0x14d/0x1b0 drivers/net/netdevsim/dev.c:1529
nsim_dev_port_del_all drivers/net/netdevsim/dev.c:1541 [inline]
nsim_dev_reload_destroy+0x288/0x490 drivers/net/netdevsim/dev.c:1765
nsim_dev_reload_down+0x8a/0xc0 drivers/net/netdevsim/dev.c:1039
devlink_reload+0x1d1/0x8e0 net/devlink/dev.c:461
devlink_nl_reload_doit+0xaaa/0xc80 net/devlink/dev.c:584
genl_family_rcv_msg_doit+0x22a/0x330 net/netlink/genetlink.c:1115
genl_family_rcv_msg net/netlink/genetlink.c:1195 [inline]
genl_rcv_msg+0x61c/0x7a0 net/netlink/genetlink.c:1210
netlink_rcv_skb+0x232/0x4b0 net/netlink/af_netlink.c:2550
genl_rcv+0x28/0x40 net/netlink/genetlink.c:1219
netlink_unicast_kernel net/netlink/af_netlink.c:1318 [inline]
netlink_unicast+0x80f/0x9b0 net/netlink/af_netlink.c:1344
netlink_sendmsg+0x813/0xb40 net/netlink/af_netlink.c:1894
sock_sendmsg_nosec+0x18f/0x1d0 net/socket.c:737
Call trace for netdevsim0[52] -1 at
__dev_put include/linux/netdevice.h:4389 [inline]
netdev_put include/linux/netdevice.h:4456 [inline]
netdev_queue_release+0x6a/0xd0 net/core/net-sysfs.c:1931
kobject_cleanup lib/kobject.c:689 [inline]
kobject_release lib/kobject.c:720 [inline]
kref_put include/linux/kref.h:65 [inline]
kobject_put+0x228/0x560 lib/kobject.c:737
netdev_queue_update_kobjects+0x5e8/0x6d0 net/core/net-sysfs.c:2073
remove_queue_kobjects net/core/net-sysfs.c:2170 [inline]
netdev_unregister_kobject+0x11f/0x450 net/core/net-sysfs.c:2325
unregister_netdevice_many_notify+0x1e0e/0x2380 net/core/dev.c:12452
unregister_netdevice_many net/core/dev.c:12480 [inline]
unregister_netdevice_queue+0x31f/0x360 net/core/dev.c:12294
unregister_netdevice include/linux/netdevice.h:3414 [inline]
nsim_destroy+0x1e5/0x680 drivers/net/netdevsim/netdev.c:1183
__nsim_dev_port_del+0x14d/0x1b0 drivers/net/netdevsim/dev.c:1529
nsim_dev_port_del_all drivers/net/netdevsim/dev.c:1541 [inline]
nsim_dev_reload_destroy+0x288/0x490 drivers/net/netdevsim/dev.c:1765
nsim_dev_reload_down+0x8a/0xc0 drivers/net/netdevsim/dev.c:1039
devlink_reload+0x1d1/0x8e0 net/devlink/dev.c:461
devlink_nl_reload_doit+0xaaa/0xc80 net/devlink/dev.c:584
genl_family_rcv_msg_doit+0x22a/0x330 net/netlink/genetlink.c:1115
genl_family_rcv_msg net/netlink/genetlink.c:1195 [inline]
genl_rcv_msg+0x61c/0x7a0 net/netlink/genetlink.c:1210
netlink_rcv_skb+0x232/0x4b0 net/netlink/af_netlink.c:2550
genl_rcv+0x28/0x40 net/netlink/genetlink.c:1219
netlink_unicast_kernel net/netlink/af_netlink.c:1318 [inline]
netlink_unicast+0x80f/0x9b0 net/netlink/af_netlink.c:1344
netlink_sendmsg+0x813/0xb40 net/netlink/af_netlink.c:1894
sock_sendmsg_nosec+0x18f/0x1d0 net/socket.c:737
Call trace for netdevsim0[53] -1 at
__dev_put include/linux/netdevice.h:4389 [inline]
netdev_put include/linux/netdevice.h:4456 [inline]
unregister_netdevice_many_notify+0x2068/0x2380 net/core/dev.c:12462
unregister_netdevice_many net/core/dev.c:12480 [inline]
unregister_netdevice_queue+0x31f/0x360 net/core/dev.c:12294
unregister_netdevice include/linux/netdevice.h:3414 [inline]
nsim_destroy+0x1e5/0x680 drivers/net/netdevsim/netdev.c:1183
__nsim_dev_port_del+0x14d/0x1b0 drivers/net/netdevsim/dev.c:1529
nsim_dev_port_del_all drivers/net/netdevsim/dev.c:1541 [inline]
nsim_dev_reload_destroy+0x288/0x490 drivers/net/netdevsim/dev.c:1765
nsim_dev_reload_down+0x8a/0xc0 drivers/net/netdevsim/dev.c:1039
devlink_reload+0x1d1/0x8e0 net/devlink/dev.c:461
devlink_nl_reload_doit+0xaaa/0xc80 net/devlink/dev.c:584
genl_family_rcv_msg_doit+0x22a/0x330 net/netlink/genetlink.c:1115
genl_family_rcv_msg net/netlink/genetlink.c:1195 [inline]
genl_rcv_msg+0x61c/0x7a0 net/netlink/genetlink.c:1210
netlink_rcv_skb+0x232/0x4b0 net/netlink/af_netlink.c:2550
genl_rcv+0x28/0x40 net/netlink/genetlink.c:1219
netlink_unicast_kernel net/netlink/af_netlink.c:1318 [inline]
netlink_unicast+0x80f/0x9b0 net/netlink/af_netlink.c:1344
netlink_sendmsg+0x813/0xb40 net/netlink/af_netlink.c:1894
sock_sendmsg_nosec+0x18f/0x1d0 net/socket.c:737
Call trace for netdevsim0[54] -1 at
__dev_put include/linux/netdevice.h:4389 [inline]
linkwatch_do_dev+0x89/0x180 net/core/link_watch.c:191
__linkwatch_run_queue+0x572/0x7f0 net/core/link_watch.c:244
linkwatch_event+0x4c/0x60 net/core/link_watch.c:304
process_one_work+0x949/0x1650 kernel/workqueue.c:3279
balance as of netdevsim0[54] is 1
xfrm_dev_state_flush_secctx_check: LSM policy is rejecting this operation.
CPU: 1 UID: 0 PID: 16195 Comm: syz.3.3878 Tainted: G L syzkaller #0 PREEMPT(full)
Tainted: [L]=SOFTLOCKUP
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026
Call Trace:
<TASK>
dump_stack_lvl+0xe8/0x150 lib/dump_stack.c:120
xfrm_dev_state_flush_secctx_check net/xfrm/xfrm_state.c:900 [inline]
xfrm_dev_state_flush+0x5fa/0x740 net/xfrm/xfrm_state.c:971
xfrm_dev_unregister net/xfrm/xfrm_device.c:549 [inline]
xfrm_dev_event+0x1bc/0x3f0 net/xfrm/xfrm_device.c:570
notifier_call_chain+0x1be/0x400 kernel/notifier.c:85
call_netdevice_notifiers_extack net/core/dev.c:2281 [inline]
call_netdevice_notifiers net/core/dev.c:2295 [inline]
netdev_wait_allrefs_any net/core/dev.c:11589 [inline]
netdev_run_todo+0x778/0x1130 net/core/dev.c:11710
nsim_destroy+0x3ae/0x680 drivers/net/netdevsim/netdev.c:1190
__nsim_dev_port_del+0x14d/0x1b0 drivers/net/netdevsim/dev.c:1529
nsim_dev_port_del_all drivers/net/netdevsim/dev.c:1541 [inline]
nsim_dev_reload_destroy+0x288/0x490 drivers/net/netdevsim/dev.c:1765
nsim_dev_reload_down+0x8a/0xc0 drivers/net/netdevsim/dev.c:1039
devlink_reload+0x1d1/0x8e0 net/devlink/dev.c:461
devlink_nl_reload_doit+0xaaa/0xc80 net/devlink/dev.c:584
genl_family_rcv_msg_doit+0x22a/0x330 net/netlink/genetlink.c:1115
genl_family_rcv_msg net/netlink/genetlink.c:1195 [inline]
genl_rcv_msg+0x61c/0x7a0 net/netlink/genetlink.c:1210
netlink_rcv_skb+0x232/0x4b0 net/netlink/af_netlink.c:2550
genl_rcv+0x28/0x40 net/netlink/genetlink.c:1219
netlink_unicast_kernel net/netlink/af_netlink.c:1318 [inline]
netlink_unicast+0x80f/0x9b0 net/netlink/af_netlink.c:1344
netlink_sendmsg+0x813/0xb40 net/netlink/af_netlink.c:1894
sock_sendmsg_nosec+0x18f/0x1d0 net/socket.c:737
__sock_sendmsg net/socket.c:752 [inline]
____sys_sendmsg+0x589/0x8c0 net/socket.c:2610
___sys_sendmsg+0x2a5/0x360 net/socket.c:2664
__sys_sendmsg net/socket.c:2696 [inline]
__do_sys_sendmsg net/socket.c:2701 [inline]
__se_sys_sendmsg net/socket.c:2699 [inline]
__x64_sys_sendmsg+0x1bd/0x2a0 net/socket.c:2699
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0x14d/0xf80 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7feb10f9aeb9
Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007feb11efc028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 00007feb11215fa0 RCX: 00007feb10f9aeb9
RDX: 0000000006048800 RSI: 0000200000000080 RDI: 0000000000000005
RBP: 00007feb11008c1f R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007feb11216038 R14: 00007feb11215fa0 R15: 00007ffdd0b07b18
</TASK>
xfrm_dev_state_flush_secctx_check: LSM policy is rejecting this operation.
CPU: 0 UID: 0 PID: 16195 Comm: syz.3.3878 Tainted: G L syzkaller #0 PREEMPT(full)
Tainted: [L]=SOFTLOCKUP
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026
Call Trace:
<TASK>
dump_stack_lvl+0xe8/0x150 lib/dump_stack.c:120
xfrm_dev_state_flush_secctx_check net/xfrm/xfrm_state.c:900 [inline]
xfrm_dev_state_flush+0x5fa/0x740 net/xfrm/xfrm_state.c:971
xfrm_dev_unregister net/xfrm/xfrm_device.c:549 [inline]
xfrm_dev_event+0x1bc/0x3f0 net/xfrm/xfrm_device.c:570
notifier_call_chain+0x1be/0x400 kernel/notifier.c:85
call_netdevice_notifiers_extack net/core/dev.c:2281 [inline]
call_netdevice_notifiers net/core/dev.c:2295 [inline]
netdev_wait_allrefs_any net/core/dev.c:11589 [inline]
netdev_run_todo+0x778/0x1130 net/core/dev.c:11710
nsim_destroy+0x3ae/0x680 drivers/net/netdevsim/netdev.c:1190
__nsim_dev_port_del+0x14d/0x1b0 drivers/net/netdevsim/dev.c:1529
nsim_dev_port_del_all drivers/net/netdevsim/dev.c:1541 [inline]
nsim_dev_reload_destroy+0x288/0x490 drivers/net/netdevsim/dev.c:1765
nsim_dev_reload_down+0x8a/0xc0 drivers/net/netdevsim/dev.c:1039
devlink_reload+0x1d1/0x8e0 net/devlink/dev.c:461
devlink_nl_reload_doit+0xaaa/0xc80 net/devlink/dev.c:584
genl_family_rcv_msg_doit+0x22a/0x330 net/netlink/genetlink.c:1115
genl_family_rcv_msg net/netlink/genetlink.c:1195 [inline]
genl_rcv_msg+0x61c/0x7a0 net/netlink/genetlink.c:1210
netlink_rcv_skb+0x232/0x4b0 net/netlink/af_netlink.c:2550
genl_rcv+0x28/0x40 net/netlink/genetlink.c:1219
netlink_unicast_kernel net/netlink/af_netlink.c:1318 [inline]
netlink_unicast+0x80f/0x9b0 net/netlink/af_netlink.c:1344
netlink_sendmsg+0x813/0xb40 net/netlink/af_netlink.c:1894
sock_sendmsg_nosec+0x18f/0x1d0 net/socket.c:737
__sock_sendmsg net/socket.c:752 [inline]
____sys_sendmsg+0x589/0x8c0 net/socket.c:2610
___sys_sendmsg+0x2a5/0x360 net/socket.c:2664
__sys_sendmsg net/socket.c:2696 [inline]
__do_sys_sendmsg net/socket.c:2701 [inline]
__se_sys_sendmsg net/socket.c:2699 [inline]
__x64_sys_sendmsg+0x1bd/0x2a0 net/socket.c:2699
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0x14d/0xf80 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7feb10f9aeb9
Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007feb11efc028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 00007feb11215fa0 RCX: 00007feb10f9aeb9
RDX: 0000000006048800 RSI: 0000200000000080 RDI: 0000000000000005
RBP: 00007feb11008c1f R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007feb11216038 R14: 00007feb11215fa0 R15: 00007ffdd0b07b18
</TASK>
^ permalink raw reply
* Re: [PATCH v2 0/6] Landlock: Implement scope control for pathname Unix sockets
From: Tingmao Wang @ 2026-02-03 1:26 UTC (permalink / raw)
To: Justin Suess, Mickaël Salaün
Cc: Günther Noack, Demi Marie Obenour, Günther Noack,
Alyssa Ross, Jann Horn, Tahera Fahimi, linux-security-module
In-Reply-To: <8093547c-ab40-4814-ac9a-8dff6f2a2a90@gmail.com>
Hi Mickaël,
Thanks for the feedback and explanations :)
On 2/2/26 20:32, Mickaël Salaün wrote:
> On Sat, Jan 31, 2026 at 05:41:14PM +0000, Tingmao Wang wrote:
>> [...]
>> What do folks think?
>
> I'd like to keep a clean API, with a "scoped" field handling IPC
> scoping, and an "handled_access_fs" field handling filesystem-related
> accesses.
>
> One thing to keep in mind is that we could add a new kind of "handled"
> field that would enable to add rules identifying e.g. processes,
> cgroups, or Landlock domains, and that could be used to add exceptions
> to the current scopes. This means that we need to have a generic way to
> handle this case.
>
> What is the issue with two complementary interfaces (scope and access)
> used to express a policy about connecting to UNIX sockets? We just need
> to make sure that scopes and handled_access_fs dealing with UNIX sockets
> are like binary OR: if the scope is set, then the domain can communicate
> with peers which are in the same domain, and if the handled_access_fs
> right is set, then the domain can only communicate with matching sockets
> (OR scoped ones if the scope is set).
Right, I see what you're saying, especially with the "additional access
rules for other scopes" example, and I think I'm happy with this. I guess
my attempt at trying to make the API more "elegant" would introduce
complexity and also create future inconsistency if other existing scope
bits are combined with handled_access rules.
> [...]
> Anyway, we need to decide if this should be merged in Linux 7.0 (next
> week) or not. I'd prefer to merge it now because I think it works well
> and it's not a new concept wrt the abstract UNIX socket scoping.
> However, if there are any concern, I'd like to hear them now and I can
> delay this merge if needed. This patch series still need a new version
> but that should only be about cosmetic fixes. WDYT?
I ended up being pretty busy today but I can definitely send the next
version tomorrow with your formatting changes and comments. I'm happy
with it going into the next merge window if you are. Justin raises a
point about having these two mechanisms in the same ABI version - see
below for consideration.
>> [...]
>
> My main concern is about user space libraries and users that may want to
> have conditional enforcement for compatibility reasons e.g., only
> enforce LANDLOCK_SCOPE_PATHNAME_UNIX_SOCKET (let's say ABI v8) if it can
> also set LANDLOCK_ACCESS_FS_RESOLVE_UNIX (let's say ABI v9). I see two
> ways to deal with this case (if needed):
> - add synthetic access right to easily let users "combine" two access
> rigths or none;
> - have a more generic way to AND and OR access rights. I'm thinking
> about updating the Rust library in this direction.
I'm not sure I fully understand the complexity here, but I think, assuming
these land in separate kernel versions, it will have to be that if both
the scope bit and LANDLOCK_ACCESS_FS_RESOLVE_UNIX is requested (maybe if
the user actually adds rules containing RESOLVE_UNIX access), but only the
scope bit is supported, then it will have to skip enforcing pathname UNIX
socket restrictions altogether by skipping both the scope bit and the
RESOLVE_UNIX access (if in best effort mode), or fail (if in hard
requirement mode).
I don't immediately see how further customization ability (e.g. synthetic
access rights or other AND/OR combination) could be used - if an app needs
access to a privileged socket and can't pre-open it before
landlock_restrict_self(), then the only realistic choice is to not use the
scope bits if LANDLOCK_ACCESS_FS_RESOLVE_UNIX is not supported.
On 2/2/26 22:03, Justin Suess wrote:
> Regardless if you merge the patch series now in 7.0 or a later version, I think there is something to be said
> about having the filesystem and scoped unix access right merged in the same ABI version / merge window.
>
> As you pointed out earlier, the combination of the two flags is much flexible and useful to userspace
> consumers than one or the other, and if the features were merged separately, there would be an
> awkward middle ABI where user space consumers may have to make compromises or changes to
> sandbox between different versions or change application behavior.
> [...]
Given that the scope bit and RESOLVE_UNIX access right are in some sense
part of the same system (they interact in an OR manner, after all), there
is some positive for having them introduced in the same version, but on
the other hand, with my above reasoning, I don't think these two
mechanisms (scope bit and RESOLVE_UNIX access) being in different ABI
versions would be too much of a problem. In either case, for applications
which require access to more "privileged" sockets, when running on a
kernel without the RESOLVE_UNIX access right support, no pathname socket
restrictions can be applied (i.e. it won't use the scope bit either, there
isn't much "compromise" it can make here). On the other hand, if
RESOLVE_UNIX is supported, then it knows that the scope bit is also
supported, and can just use it.
Furthermore, an application / Landlock config etc can always opt to not
use the scope bit at all, if it "knows" all the locations where the
application's sockets would be placed, and just use RESOLVE_UNIX access
right (or nothing if it is not supported).
(The following is a bit of a side note, not terribly relevant if we're
deciding to go with the patch as is.)
>> [...]
>> Another way to put it is that, if FS-based and scope-based controls
>> interacts in the above proposed way, both mechanisms feel like "poking
>> holes" in the other. But as Mickaël said, one can think of the two
>> mechanisms not as independent controls, but rather as two interfaces for
>> the same control. The socket access control is "enabled" if either the
>> LANDLOCK_ACCESS_FS_RESOLVE_UNIX access is handled, or the scope bit
>> proposed in this patch is enabled.
>>
>> With that said, I can think of some alternative ways that might make this
>> API look "better" (from a subjective point of view, feedback welcome),
>> however it does mean more delays, and specifically, these will depend on
>> LANDLOCK_ACCESS_FS_RESOLVE_UNIX:
>>
>> One possibility is to simply always allow a Landlock domain to connect to
>> its own sockets (in the case where LANDLOCK_ACCESS_FS_RESOLVE_UNIX is
>> handled, otherwise all sockets are allowed). This might be reasonable, as
>> one can only connect to a socket it creates if it has the permission to
>> create it in the first place, which is already controlled by
>> LANDLOCK_ACCESS_FS_MAKE_SOCK, so we don't really lose any policy
>> flexibility here - if for some reason the sandboxer don't want to allow
>> access to any (pathname) sockets, even the sandboxed app's own ones, it
>> can just not allow LANDLOCK_ACCESS_FS_MAKE_SOCK anywhere.
>
> LANDLOCK_ACCESS_FS_MAKE_SOCK is only required to bind/listen to a
> socket, not to connect. I guess you was thinking about
> LANDLOCK_ACCESS_FS_RESOLVE_UNIX in this case?
In this "allow same-scope connect unconditionally" proposal, the
application would still be able to (bind to and) connect to its own
sockets, even if LANDLOCK_ACCESS_FS_RESOLVE_UNIX is handled and nothing is
allowed to have LANDLOCK_ACCESS_FS_RESOLVE_UNIX access. But a sandboxer
which for whatever reason doesn't want this "allow same scope" default can
still prevent the use of (pathname) sockets by restricting
LANDLOCK_ACCESS_FS_MAKE_SOCK, because if an app can't connect to any
sockets it doesn't own, and can't create any sockets itself either, then
it effectively can't connect to any sockets at all.
(Although on second thought, I guess there could be a case where an app
first creates some socket files before doing landlock_restrict_self(),
then it might still be able to bind to these even without
LANDLOCK_ACCESS_FS_MAKE_SOCK?)
^ permalink raw reply
* Re: [PATCH v2 0/6] Landlock: Implement scope control for pathname Unix sockets
From: Justin Suess @ 2026-02-02 22:03 UTC (permalink / raw)
To: Mickaël Salaün, Tingmao Wang
Cc: Günther Noack, Demi Marie Obenour, Günther Noack,
Alyssa Ross, Jann Horn, Tahera Fahimi, linux-security-module
In-Reply-To: <20260202.uu0oCheexahY@digikod.net>
On 2/2/26 15:32, Mickaël Salaün wrote:
> On Sat, Jan 31, 2026 at 05:41:14PM +0000, Tingmao Wang wrote:
>> On 1/9/26 12:01, Mickaël Salaün wrote:
>>> On Wed, Dec 31, 2025 at 11:54:27AM -0500, Demi Marie Obenour wrote:
>>>> On 12/30/25 18:16, Günther Noack wrote:
>>>>> [...]
>>>>> On Tue, Dec 30, 2025 at 05:20:18PM +0000, Tingmao Wang wrote:
>>>>>> [...]
>>>>> What is unclear to me from the examples and the description is: Why is
>>>>> the boundary between allowed and denied connection targets drawn at
>>>>> the border of the Landlock domain (the "scope") and why don't we solve
>>>>> this with the file-system-based approach described in [1]?
>>>>>
>>>>> **Do we have existing use cases where a service is both offered and
>>>>> connected to all from within the same Landlock domain, and where the
>>>>> process enforcing the policy does not control the child process enough
>>>>> so that it would be possible to allow-list it with a
>>>>> LANDLOCK_ACCESS_FS_CONNECT_UNIX rule?**
>>> Yes, with the sandboxer use case. It's similar to a container that
>>> doesn't know all programs that could be run in it. We should be able to
>>> create sandboxes that don't assume (nor restrict) internal IPCs (or any
>>> kind of direct process I/O).
>>>
>>> Landlock should make it possible to scope any kind of IPC. It's a
>>> mental model which is easy to understand and that should be enforced by
>>> default. Of course, we need some ways to add exceptions to this
>>> deny-by-default policy, and that's why we also need the FS-based control
>>> mechanism.
>>>
>>>>> If we do not have such a use case, it seems that the planned FS-based
>>>>> control mechanism from [1] would do the same job? Long term, we might
>>>>> be better off if we only have only one control -- as we have discussed
>>>>> in [2], having two of these might mean that they interact in
>>>>> unconventional and possibly confusing ways.
>>>> I agree with this.
>>> Both approaches are complementary/orthogonal and make sense long term
>>> too. This might be the first time we can restrict the same operations,
>>> but I'm pretty sure it will not be the last, and it's OK. Handled FS
>>> access and scoped restrictions are two ways to describe a part of the
>>> security policy. Having different ways makes the interface much simpler
>>> than a generic one that would have to take into account all potential
>>> future access controls.
>>>
>>> One thing to keep in mind is that UAPI doesn't have to map 1:1 to the
>>> kernel implementation, but the UAPI is stable and future proof, whereas
>>> the kernel implementation can change a lot.
>>>
>>> The ruleset's handled fields serve two purposes: define what should be
>>> denied by default, and define which type of rules are valid
>>> (compatibility). The ruleset's scoped field serve similar purposes but
>>> it also implies implicit rules (i.e. communications with processes
>>> inside the sandbox are allowed). Without the soped field, we would have
>>> to create dedicated handled field per type (i.e. scope's bit) and
>>> dedicated rule type for the related handled field, which would make the
>>> interface more generic but also more complex, for something which is not
>>> needed.
>>>
>>> In a nutshell, in the case of the FS-based and scope-based unix socket
>>> control, we should see one kind of restrictions (e.g. connect to unix
>>> socket), which can accept two types of rules: (explicit) file path, or
>>> (implicit) peer's scope. Access should be granted as long as a rule
>>> matches, whatever its type.
>>>
>>> This rationale should be explained in a commit message.
>>>
>>>>> Apart from that, there are some other weaker hints that make me
>>>>> slightly critical of this patch set:
>>>>>
>>>>> * We discussed the idea that a FS-based path_beneath rule would act
>>>>> implicitly also as an exception for
>>>>> LANDLOCK_SCOPE_PATHNAME_UNIX_SOCKET, in [2] - one possible way to
>>>>> interpret this is that the gravity of the system's logic pulls us
>>>>> back towards a FS-based control, and we would have to swim less
>>>>> against the stream if we integrated the Unix connect() control in
>>>>> that way?
>> While I do think being able to control UNIX socket access via domain
>> scoping is useful (after all, it is an additional bit of information /
>> relationship that "normal" filesystem objects doesn't have, and
>> applications using Landlock might find it useful to control access based
>> on this extra information, either to simplify the policy, or because a
>> generic sandboxer can't come up with a pre-determined list of UNIX socket
>> fs rules, e.g. for applications which places socket in hard-coded "/tmp"),
>> I do share the worry about how this might get confusing from an API
>> perspective, as discussed in my GitHub comment [1].
>>
>> Another way to put it is that, if FS-based and scope-based controls
>> interacts in the above proposed way, both mechanisms feel like "poking
>> holes" in the other. But as Mickaël said, one can think of the two
>> mechanisms not as independent controls, but rather as two interfaces for
>> the same control. The socket access control is "enabled" if either the
>> LANDLOCK_ACCESS_FS_RESOLVE_UNIX access is handled, or the scope bit
>> proposed in this patch is enabled.
>>
>> With that said, I can think of some alternative ways that might make this
>> API look "better" (from a subjective point of view, feedback welcome),
>> however it does mean more delays, and specifically, these will depend on
>> LANDLOCK_ACCESS_FS_RESOLVE_UNIX:
>>
>> One possibility is to simply always allow a Landlock domain to connect to
>> its own sockets (in the case where LANDLOCK_ACCESS_FS_RESOLVE_UNIX is
>> handled, otherwise all sockets are allowed). This might be reasonable, as
>> one can only connect to a socket it creates if it has the permission to
>> create it in the first place, which is already controlled by
>> LANDLOCK_ACCESS_FS_MAKE_SOCK, so we don't really lose any policy
>> flexibility here - if for some reason the sandboxer don't want to allow
>> access to any (pathname) sockets, even the sandboxed app's own ones, it
>> can just not allow LANDLOCK_ACCESS_FS_MAKE_SOCK anywhere.
> LANDLOCK_ACCESS_FS_MAKE_SOCK is only required to bind/listen to a
> socket, not to connect. I guess you was thinking about
> LANDLOCK_ACCESS_FS_RESOLVE_UNIX in this case?
>
>> Another possibility is to have this scope control as part of the
>> LANDLOCK_ACCESS_FS_RESOLVE_UNIX rule itself, rather than as a separate
>> scope bit, via introducing a "rule flag" (which is a new mechanism
>> proposed in [2]) which I will tentatively call
>> (LANDLOCK_ADD_RULE_)SAME_SCOPE_ONLY. So for example:
>>
>> - If the sandboxer wants to allow all socket access, don't handle
>> LANDLOCK_ACCESS_FS_RESOLVE_UNIX at all, or handle it but have an allow
>> rule at / with no flags.
>>
>> - If it wants to allow access to only the sandboxed app's own sockets,
>> handle LANDLOCK_ACCESS_FS_RESOLVE_UNIX, then place one allow rule on /
>> with the rule flag SAME_SCOPE_ONLY. This means that the allow rule
>> "UNIX socket under /" only allows connecting to sockets in the same
>> domain scope. Additional rules without this rule flag can be placed on
>> more specific places to add "exceptions" to allow access to more
>> privileged sockets.
>>
>> - To allow access to specific sockets only, not even the sandboxed app's
>> own sockets, just use LANDLOCK_ACCESS_FS_RESOLVE_UNIX without this new
>> rule flag.
>>
>> This is slightly more flexible than just the LANDLOCK_SCOPE_PATHNAME_UNIX_SOCKET
>> scope bit plus LANDLOCK_ACCESS_FS_RESOLVE_UNIX, as it allows the sandboxer
>> to specify where an application can connect, even with sockets in its own
>> domain, and it also nicely avoids the "what feels like two independent
>> controls poking holes in each other" problem. But it does mean more
>> complexity (although hopefully not too much), as we now need to introduce
>> the rule flags concept, but that is required for some other proposed stuff
>> anyway - quiet flags [3] and no_inherit [4] rules, and the rule flags
>> design is in a good state I think.
> This looks too complex and would intertwine both concept, which is more
> confusing IMO.
>
>> What do folks think?
> I'd like to keep a clean API, with a "scoped" field handling IPC
> scoping, and an "handled_access_fs" field handling filesystem-related
> accesses.
>
> One thing to keep in mind is that we could add a new kind of "handled"
> field that would enable to add rules identifying e.g. processes,
> cgroups, or Landlock domains, and that could be used to add exceptions
> to the current scopes. This means that we need to have a generic way to
> handle this case.
>
> What is the issue with two complementary interfaces (scope and access)
> used to express a policy about connecting to UNIX sockets? We just need
> to make sure that scopes and handled_access_fs dealing with UNIX sockets
> are like binary OR: if the scope is set, then the domain can communicate
> with peers which are in the same domain, and if the handled_access_fs
> right is set, then the domain can only communicate with matching sockets
> (OR scoped ones if the scope is set).
>
> My main concern is about user space libraries and users that may want to
> have conditional enforcement for compatibility reasons e.g., only
> enforce LANDLOCK_SCOPE_PATHNAME_UNIX_SOCKET (let's say ABI v8) if it can
> also set LANDLOCK_ACCESS_FS_RESOLVE_UNIX (let's say ABI v9). I see two
> ways to deal with this case (if needed):
> - add synthetic access right to easily let users "combine" two access
> rigths or none;
> - have a more generic way to AND and OR access rights. I'm thinking
> about updating the Rust library in this direction.
>
> Anyway, we need to decide if this should be merged in Linux 7.0 (next
> week) or not. I'd prefer to merge it now because I think it works well
> and it's not a new concept wrt the abstract UNIX socket scoping.
> However, if there are any concern, I'd like to hear them now and I can
> delay this merge if needed. This patch series still need a new version
> but that should only be about cosmetic fixes. WDYT?
Regardless if you merge the patch series now in 7.0 or a later version, I think there is something to be said
about having the filesystem and scoped unix access right merged in the same ABI version / merge window.
As you pointed out earlier, the combination of the two flags is much flexible and useful to userspace
consumers than one or the other, and if the features were merged separately, there would be an
awkward middle ABI where user space consumers may have to make compromises or changes to
sandbox between different versions or change application behavior.
I think the discussion has died down on the security_unix_find hook for
LANDLOCK_ACCESS_FS_RESOLVE_UNIX [1] [2], and it seemed the general consensus was favorable.
The series for LANDLOCK_ACCESS_FS_RESOLVE_UNIX is pretty small, and feedback on the last version
was pretty quiet as well. So maybe it's worth a final look into. [3]
(PS: I do think if they are merged together, there should be tests specifically for the combination of the
two access rights. I'd be happy to draft some)
Justin
[1] : https://lore.kernel.org/linux-security-module/4bc22faa-2927-4ef9-b5dc-67a7575177e9@gmail.com/
[2] : https://lore.kernel.org/linux-security-module/20260110143300.71048-4-gnoack3000@gmail.com/
[3] : https://lore.kernel.org/linux-security-module/20260119203457.97676-2-gnoack3000@gmail.com/
>
>> (btw, when I say "sandboxed app" this can of course also mean multiple
>> applications in the same sandbox, e.g. like a container runtime as Mickaël
>> pointed out, which raises the probability that just having
>> LANDLOCK_ACCESS_FS_RESOLVE_UNIX would be insufficient, e.g. when bind
>> mounts are involved, or other cases which I haven't thought of right now)
>>
>> [1]: https://github.com/landlock-lsm/linux/issues/36#issuecomment-3693123942
>> [2]: https://lore.kernel.org/all/f238931bc813fc50fc8e11a007a8ad2136024df3.1766330134.git.m@maowtm.org/
>> [3]: https://lore.kernel.org/all/cover.1766330134.git.m@maowtm.org/
>> [4]: https://lore.kernel.org/all/20251221194301.247484-1-utilityemal77@gmail.com/
>>
^ permalink raw reply
* Re: [GIT PULL] lsm/lsm-pr-20260202
From: pr-tracker-bot @ 2026-02-02 20:47 UTC (permalink / raw)
To: Paul Moore; +Cc: Linus Torvalds, linux-security-module, linux-mm, linux-kernel
In-Reply-To: <1840fe300392f962e0bd444941c24969@paul-moore.com>
The pull request you sent on Mon, 02 Feb 2026 12:37:02 -0500:
> https://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/lsm.git tags/lsm-pr-20260202
has been merged into torvalds/linux.git:
https://git.kernel.org/torvalds/c/dee65f79364c18033cabdf0728c7e7025405cf40
Thank you!
--
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/prtracker.html
^ permalink raw reply
* Re: [PATCH v2 0/6] Landlock: Implement scope control for pathname Unix sockets
From: Mickaël Salaün @ 2026-02-02 20:32 UTC (permalink / raw)
To: Tingmao Wang
Cc: Günther Noack, Demi Marie Obenour, Günther Noack,
Alyssa Ross, Jann Horn, Tahera Fahimi, Justin Suess,
linux-security-module
In-Reply-To: <f07fe41a-96c5-4d3a-9966-35b30b3a71f1@maowtm.org>
On Sat, Jan 31, 2026 at 05:41:14PM +0000, Tingmao Wang wrote:
> On 1/9/26 12:01, Mickaël Salaün wrote:
> > On Wed, Dec 31, 2025 at 11:54:27AM -0500, Demi Marie Obenour wrote:
> >> On 12/30/25 18:16, Günther Noack wrote:
> >>> [...]
> >>> On Tue, Dec 30, 2025 at 05:20:18PM +0000, Tingmao Wang wrote:
> >>>> [...]
> >>>
> >>> What is unclear to me from the examples and the description is: Why is
> >>> the boundary between allowed and denied connection targets drawn at
> >>> the border of the Landlock domain (the "scope") and why don't we solve
> >>> this with the file-system-based approach described in [1]?
> >>>
> >>> **Do we have existing use cases where a service is both offered and
> >>> connected to all from within the same Landlock domain, and where the
> >>> process enforcing the policy does not control the child process enough
> >>> so that it would be possible to allow-list it with a
> >>> LANDLOCK_ACCESS_FS_CONNECT_UNIX rule?**
> >
> > Yes, with the sandboxer use case. It's similar to a container that
> > doesn't know all programs that could be run in it. We should be able to
> > create sandboxes that don't assume (nor restrict) internal IPCs (or any
> > kind of direct process I/O).
> >
> > Landlock should make it possible to scope any kind of IPC. It's a
> > mental model which is easy to understand and that should be enforced by
> > default. Of course, we need some ways to add exceptions to this
> > deny-by-default policy, and that's why we also need the FS-based control
> > mechanism.
> >
> >>>
> >>> If we do not have such a use case, it seems that the planned FS-based
> >>> control mechanism from [1] would do the same job? Long term, we might
> >>> be better off if we only have only one control -- as we have discussed
> >>> in [2], having two of these might mean that they interact in
> >>> unconventional and possibly confusing ways.
> >>
> >> I agree with this.
> >
> > Both approaches are complementary/orthogonal and make sense long term
> > too. This might be the first time we can restrict the same operations,
> > but I'm pretty sure it will not be the last, and it's OK. Handled FS
> > access and scoped restrictions are two ways to describe a part of the
> > security policy. Having different ways makes the interface much simpler
> > than a generic one that would have to take into account all potential
> > future access controls.
> >
> > One thing to keep in mind is that UAPI doesn't have to map 1:1 to the
> > kernel implementation, but the UAPI is stable and future proof, whereas
> > the kernel implementation can change a lot.
> >
> > The ruleset's handled fields serve two purposes: define what should be
> > denied by default, and define which type of rules are valid
> > (compatibility). The ruleset's scoped field serve similar purposes but
> > it also implies implicit rules (i.e. communications with processes
> > inside the sandbox are allowed). Without the soped field, we would have
> > to create dedicated handled field per type (i.e. scope's bit) and
> > dedicated rule type for the related handled field, which would make the
> > interface more generic but also more complex, for something which is not
> > needed.
> >
> > In a nutshell, in the case of the FS-based and scope-based unix socket
> > control, we should see one kind of restrictions (e.g. connect to unix
> > socket), which can accept two types of rules: (explicit) file path, or
> > (implicit) peer's scope. Access should be granted as long as a rule
> > matches, whatever its type.
> >
> > This rationale should be explained in a commit message.
> >
> >>
> >>> Apart from that, there are some other weaker hints that make me
> >>> slightly critical of this patch set:
> >>>
> >>> * We discussed the idea that a FS-based path_beneath rule would act
> >>> implicitly also as an exception for
> >>> LANDLOCK_SCOPE_PATHNAME_UNIX_SOCKET, in [2] - one possible way to
> >>> interpret this is that the gravity of the system's logic pulls us
> >>> back towards a FS-based control, and we would have to swim less
> >>> against the stream if we integrated the Unix connect() control in
> >>> that way?
>
> While I do think being able to control UNIX socket access via domain
> scoping is useful (after all, it is an additional bit of information /
> relationship that "normal" filesystem objects doesn't have, and
> applications using Landlock might find it useful to control access based
> on this extra information, either to simplify the policy, or because a
> generic sandboxer can't come up with a pre-determined list of UNIX socket
> fs rules, e.g. for applications which places socket in hard-coded "/tmp"),
> I do share the worry about how this might get confusing from an API
> perspective, as discussed in my GitHub comment [1].
>
> Another way to put it is that, if FS-based and scope-based controls
> interacts in the above proposed way, both mechanisms feel like "poking
> holes" in the other. But as Mickaël said, one can think of the two
> mechanisms not as independent controls, but rather as two interfaces for
> the same control. The socket access control is "enabled" if either the
> LANDLOCK_ACCESS_FS_RESOLVE_UNIX access is handled, or the scope bit
> proposed in this patch is enabled.
>
> With that said, I can think of some alternative ways that might make this
> API look "better" (from a subjective point of view, feedback welcome),
> however it does mean more delays, and specifically, these will depend on
> LANDLOCK_ACCESS_FS_RESOLVE_UNIX:
>
> One possibility is to simply always allow a Landlock domain to connect to
> its own sockets (in the case where LANDLOCK_ACCESS_FS_RESOLVE_UNIX is
> handled, otherwise all sockets are allowed). This might be reasonable, as
> one can only connect to a socket it creates if it has the permission to
> create it in the first place, which is already controlled by
> LANDLOCK_ACCESS_FS_MAKE_SOCK, so we don't really lose any policy
> flexibility here - if for some reason the sandboxer don't want to allow
> access to any (pathname) sockets, even the sandboxed app's own ones, it
> can just not allow LANDLOCK_ACCESS_FS_MAKE_SOCK anywhere.
LANDLOCK_ACCESS_FS_MAKE_SOCK is only required to bind/listen to a
socket, not to connect. I guess you was thinking about
LANDLOCK_ACCESS_FS_RESOLVE_UNIX in this case?
>
> Another possibility is to have this scope control as part of the
> LANDLOCK_ACCESS_FS_RESOLVE_UNIX rule itself, rather than as a separate
> scope bit, via introducing a "rule flag" (which is a new mechanism
> proposed in [2]) which I will tentatively call
> (LANDLOCK_ADD_RULE_)SAME_SCOPE_ONLY. So for example:
>
> - If the sandboxer wants to allow all socket access, don't handle
> LANDLOCK_ACCESS_FS_RESOLVE_UNIX at all, or handle it but have an allow
> rule at / with no flags.
>
> - If it wants to allow access to only the sandboxed app's own sockets,
> handle LANDLOCK_ACCESS_FS_RESOLVE_UNIX, then place one allow rule on /
> with the rule flag SAME_SCOPE_ONLY. This means that the allow rule
> "UNIX socket under /" only allows connecting to sockets in the same
> domain scope. Additional rules without this rule flag can be placed on
> more specific places to add "exceptions" to allow access to more
> privileged sockets.
>
> - To allow access to specific sockets only, not even the sandboxed app's
> own sockets, just use LANDLOCK_ACCESS_FS_RESOLVE_UNIX without this new
> rule flag.
>
> This is slightly more flexible than just the LANDLOCK_SCOPE_PATHNAME_UNIX_SOCKET
> scope bit plus LANDLOCK_ACCESS_FS_RESOLVE_UNIX, as it allows the sandboxer
> to specify where an application can connect, even with sockets in its own
> domain, and it also nicely avoids the "what feels like two independent
> controls poking holes in each other" problem. But it does mean more
> complexity (although hopefully not too much), as we now need to introduce
> the rule flags concept, but that is required for some other proposed stuff
> anyway - quiet flags [3] and no_inherit [4] rules, and the rule flags
> design is in a good state I think.
This looks too complex and would intertwine both concept, which is more
confusing IMO.
>
> What do folks think?
I'd like to keep a clean API, with a "scoped" field handling IPC
scoping, and an "handled_access_fs" field handling filesystem-related
accesses.
One thing to keep in mind is that we could add a new kind of "handled"
field that would enable to add rules identifying e.g. processes,
cgroups, or Landlock domains, and that could be used to add exceptions
to the current scopes. This means that we need to have a generic way to
handle this case.
What is the issue with two complementary interfaces (scope and access)
used to express a policy about connecting to UNIX sockets? We just need
to make sure that scopes and handled_access_fs dealing with UNIX sockets
are like binary OR: if the scope is set, then the domain can communicate
with peers which are in the same domain, and if the handled_access_fs
right is set, then the domain can only communicate with matching sockets
(OR scoped ones if the scope is set).
My main concern is about user space libraries and users that may want to
have conditional enforcement for compatibility reasons e.g., only
enforce LANDLOCK_SCOPE_PATHNAME_UNIX_SOCKET (let's say ABI v8) if it can
also set LANDLOCK_ACCESS_FS_RESOLVE_UNIX (let's say ABI v9). I see two
ways to deal with this case (if needed):
- add synthetic access right to easily let users "combine" two access
rigths or none;
- have a more generic way to AND and OR access rights. I'm thinking
about updating the Rust library in this direction.
Anyway, we need to decide if this should be merged in Linux 7.0 (next
week) or not. I'd prefer to merge it now because I think it works well
and it's not a new concept wrt the abstract UNIX socket scoping.
However, if there are any concern, I'd like to hear them now and I can
delay this merge if needed. This patch series still need a new version
but that should only be about cosmetic fixes. WDYT?
>
> (btw, when I say "sandboxed app" this can of course also mean multiple
> applications in the same sandbox, e.g. like a container runtime as Mickaël
> pointed out, which raises the probability that just having
> LANDLOCK_ACCESS_FS_RESOLVE_UNIX would be insufficient, e.g. when bind
> mounts are involved, or other cases which I haven't thought of right now)
>
> [1]: https://github.com/landlock-lsm/linux/issues/36#issuecomment-3693123942
> [2]: https://lore.kernel.org/all/f238931bc813fc50fc8e11a007a8ad2136024df3.1766330134.git.m@maowtm.org/
> [3]: https://lore.kernel.org/all/cover.1766330134.git.m@maowtm.org/
> [4]: https://lore.kernel.org/all/20251221194301.247484-1-utilityemal77@gmail.com/
>
^ permalink raw reply
* Re: [PATCH v2 3/6] samples/landlock: Support LANDLOCK_SCOPE_PATHNAME_UNIX_SOCKET
From: Mickaël Salaün @ 2026-02-02 20:14 UTC (permalink / raw)
To: Tingmao Wang
Cc: Günther Noack, Demi Marie Obenour, Alyssa Ross, Jann Horn,
Tahera Fahimi, Justin Suess, linux-security-module
In-Reply-To: <5a2e3aad-0eaf-4964-9629-333b36a05ae6@maowtm.org>
On Sat, Jan 31, 2026 at 05:48:24PM +0000, Tingmao Wang wrote:
> On 1/29/26 21:27, Mickaël Salaün wrote:
> > We should have a (potentially small) description of what this patch
> > does, even if it's a bit redundant with the subject.
> >
> >
> > On Tue, Dec 30, 2025 at 05:20:21PM +0000, Tingmao Wang wrote:
> >> Signed-off-by: Tingmao Wang <m@maowtm.org>
> >> ---
> >>
> >> I've decided to use "u" as the character to control this scope bit since
> >> it stands for (normal) Unix sockets. Imo using "p" or "n" would make it less
> >> clear / memorable. Open to suggestions.
> >
> > Looks good to me.
> >
> >>
> >> Also, open to suggestion whether socket scoping (pathname and abstract)
> >> should be enabled by default, if LL_SCOPED is not set. This would break
> >> backward compatibility, but maybe we shouldn't guarentee backward
> >> compatibility of this sandboxer in the first place, and almost all cases
> >> of Landlock usage would want socket scoping.
> >
> > I agree that this example could have better defaults, but this should be
> > done with a standalone patch series. An important point to keep in mind
> > is that this example is used by developers (e.g. potential copy/paste),
> > so we need to be careful to not encourage them to create code which is
> > backward incompatible. I think the best way to do it is to request a
> > default behavior for a specific Landlock ABI version (e.g. with a new
> > parameter).
>
> Just to make sure we're on the same page, I was only talking about whether
> we keep the behavior of the sandboxer "backward compatible" (i.e. if
> someone ran a program that relied on accessing UNIX sockets of more
> privileged programs, if we make the sandboxer start enforcing socket
> scoping by default, their program would stop working under this
> sandboxer), I was not suggesting that we do something which will cause the
> sandboxer itself to no longer work on older kernels.
Yep, I extrapolated a bit.
>
> But on second thought, the sandboxer is already not designed to be relied
> upon to always behave the same way after an update, since the user don't
> get to choose which handled access rights are added to the ruleset. With
> new bits added to either ACCESS_FS_ROUGHLY_READ or
> ACCESS_FS_ROUGHLY_WRITE, the policy effectively gets more restrictive
> automatically. For example, once Günther's patch [1] that adds
> LANDLOCK_ACCESS_FS_RESOLVE_UNIX is merged, the sandboxer will effectively
> starts restricting pathname UNIX sockets "by default" anyway (under any
> dirs not listed in LL_FS_RW). So maybe we don't need to think too hard
> about this.
Indeed :)
>
> [1]: https://lore.kernel.org/all/20260119203457.97676-6-gnoack3000@gmail.com/
>
^ permalink raw reply
* Re: [PATCH v4 00/17] module: Introduce hash-based integrity checking
From: Eric Biggers @ 2026-02-02 18:47 UTC (permalink / raw)
To: David Howells
Cc: =?UTF-8?q?Mihai-Drosi=20C=C3=A2ju?=, linux, arnd, arnout, atomlin,
bigeasy, chleroy, christian, corbet, coxu, da.gomez, da.gomez,
dmitry.kasatkin, eric.snowberg, f.gruenbichler, jmorris, kpcyrd,
linux-arch, linux-doc, linux-integrity, linux-kbuild,
linux-kernel, linux-modules, linux-security-module, linuxppc-dev,
lkp, maddy, mattia, mcgrof, mpe, nathan, naveen,
nicolas.bouchinet, nicolas.schier, npiggin, nsc, paul, petr.pavlu,
roberto.sassu, samitolvanen, serge, xiujianfeng, zohar
In-Reply-To: <2513499.1770057531@warthog.procyon.org.uk>
On Mon, Feb 02, 2026 at 06:38:51PM +0000, David Howells wrote:
> > Could you give more details on this use case and why it needs
> > signatures, as opposed to e.g. loading an additional Merkle tree root
> > into the kernel to add to the set of allowed modules?
>
> Because we don't want to, for example, include all the nvidia drivers in our
> kernel SRPM.
That doesn't answer my question. Are you trying to say these modules
need to be built later *and* signed using the original signing key?
- Eric
^ permalink raw reply
* Re: [PATCH v4 00/17] module: Introduce hash-based integrity checking
From: David Howells @ 2026-02-02 18:38 UTC (permalink / raw)
To: Eric Biggers
Cc: dhowells, =?UTF-8?q?Mihai-Drosi=20C=C3=A2ju?=, linux, arnd,
arnout, atomlin, bigeasy, chleroy, christian, corbet, coxu,
da.gomez, da.gomez, dmitry.kasatkin, eric.snowberg,
f.gruenbichler, jmorris, kpcyrd, linux-arch, linux-doc,
linux-integrity, linux-kbuild, linux-kernel, linux-modules,
linux-security-module, linuxppc-dev, lkp, maddy, mattia, mcgrof,
mpe, nathan, naveen, nicolas.bouchinet, nicolas.schier, npiggin,
nsc, paul, petr.pavlu, roberto.sassu, samitolvanen, serge,
xiujianfeng, zohar
In-Reply-To: <20260202183055.GB2036@quark>
Eric Biggers <ebiggers@kernel.org> wrote:
> On Mon, Feb 02, 2026 at 09:21:19AM +0000, David Howells wrote:
> > Eric Biggers <ebiggers@kernel.org> wrote:
> >
> > > With that being the case, why is there still effort being put into
> > > adding more features to module signing? I would think efforts should be
> > > focused on hash-based module authentication, i.e. this patchset.
> >
> > Because it's not just signing of modules
>
> Module signing is indeed about the signing of modules.
The signature verification stuff in the kernel isn't just used for modules.
kexec, for instance; wifi restriction database for another.
> > and it's not just modules built with the kernel.
>
> Could you give more details on this use case and why it needs
> signatures, as opposed to e.g. loading an additional Merkle tree root
> into the kernel to add to the set of allowed modules?
Because we don't want to, for example, include all the nvidia drivers in our
kernel SRPM.
David
^ permalink raw reply
* Re: [PATCH v4 00/17] module: Introduce hash-based integrity checking
From: Eric Biggers @ 2026-02-02 18:30 UTC (permalink / raw)
To: David Howells
Cc: =?UTF-8?q?Mihai-Drosi=20C=C3=A2ju?=, linux, arnd, arnout, atomlin,
bigeasy, chleroy, christian, corbet, coxu, da.gomez, da.gomez,
dmitry.kasatkin, eric.snowberg, f.gruenbichler, jmorris, kpcyrd,
linux-arch, linux-doc, linux-integrity, linux-kbuild,
linux-kernel, linux-modules, linux-security-module, linuxppc-dev,
lkp, maddy, mattia, mcgrof, mpe, nathan, naveen,
nicolas.bouchinet, nicolas.schier, npiggin, nsc, paul, petr.pavlu,
roberto.sassu, samitolvanen, serge, xiujianfeng, zohar
In-Reply-To: <2339369.1770024079@warthog.procyon.org.uk>
On Mon, Feb 02, 2026 at 09:21:19AM +0000, David Howells wrote:
> Eric Biggers <ebiggers@kernel.org> wrote:
>
> > With that being the case, why is there still effort being put into
> > adding more features to module signing? I would think efforts should be
> > focused on hash-based module authentication, i.e. this patchset.
>
> Because it's not just signing of modules
Module signing is indeed about the signing of modules.
> and it's not just modules built with the kernel.
Could you give more details on this use case and why it needs
signatures, as opposed to e.g. loading an additional Merkle tree root
into the kernel to add to the set of allowed modules?
> Also a hash table just of module hashes built into the core
> kernel image will increase the size of the kernel by around a third of a meg
> (on Fedora 43 and assuming SHA512) with uncompressible data.
This patchset already optimizes it to use Merkle tree proofs instead.
While I'm a bit skeptical of the complexity myself (and distros
shouldn't be shipping such an excessively large number of modules in the
first place), if it's indeed needed it's already been solved. It's
still much simpler than the PKCS#7 signature mess.
- Eric
^ permalink raw reply
* Re: [GIT PULL] lsm/lsm-pr-20260202
From: Paul Moore @ 2026-02-02 17:39 UTC (permalink / raw)
To: Linus Torvalds; +Cc: linux-security-module, linux-mm, linux-kernel
In-Reply-To: <1840fe300392f962e0bd444941c24969@paul-moore.com>
On Mon, Feb 2, 2026 at 12:37 PM Paul Moore <paul@paul-moore.com> wrote:
>
> Hi Linus,
>
> A small LSM patch to address a regression found in the v6.19-rcX releases
> where the /proc/sys/vm/mmap_min_addr tunable disappeared when
> CONFIG_SECURITY was not selected. Long term we plan to work with the MM
> folks to get the core parts of this moved over to the MM subsystem, but
> in the meantime we need to fix this regression prior to the v6.19
> release.
I forgot to add, you'll notice a forced push on that branch, but that
was simply to add some additional reviewed-by/tested-by tags this
morning that I thought were worthwhile given we are currently at -rc8.
> --
> The following changes since commit 63804fed149a6750ffd28610c5c1c98cce6bd377:
>
> Linux 6.19-rc7 (2026-01-25 14:11:24 -0800)
>
> are available in the Git repository at:
>
> https://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/lsm.git
> tags/lsm-pr-20260202
>
> for you to fetch changes up to bdde21d3e77da55121885fd2ef42bc6a15ac2f0c:
>
> lsm: preserve /proc/sys/vm/mmap_min_addr when !CONFIG_SECURITY
> (2026-01-29 13:56:53 -0500)
>
> ----------------------------------------------------------------
> lsm/stable-6.19 PR 20260202
> ----------------------------------------------------------------
>
> Paul Moore (1):
> lsm: preserve /proc/sys/vm/mmap_min_addr when !CONFIG_SECURITY
>
> security/lsm.h | 9 ---------
> security/lsm_init.c | 7 +------
> security/min_addr.c | 5 ++---
> 3 files changed, 3 insertions(+), 18 deletions(-)
--
paul-moore.com
^ permalink raw reply
* [GIT PULL] lsm/lsm-pr-20260202
From: Paul Moore @ 2026-02-02 17:37 UTC (permalink / raw)
To: Linus Torvalds; +Cc: linux-security-module, linux-mm, linux-kernel
Hi Linus,
A small LSM patch to address a regression found in the v6.19-rcX releases
where the /proc/sys/vm/mmap_min_addr tunable disappeared when
CONFIG_SECURITY was not selected. Long term we plan to work with the MM
folks to get the core parts of this moved over to the MM subsystem, but
in the meantime we need to fix this regression prior to the v6.19
release.
Paul
--
The following changes since commit 63804fed149a6750ffd28610c5c1c98cce6bd377:
Linux 6.19-rc7 (2026-01-25 14:11:24 -0800)
are available in the Git repository at:
https://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/lsm.git
tags/lsm-pr-20260202
for you to fetch changes up to bdde21d3e77da55121885fd2ef42bc6a15ac2f0c:
lsm: preserve /proc/sys/vm/mmap_min_addr when !CONFIG_SECURITY
(2026-01-29 13:56:53 -0500)
----------------------------------------------------------------
lsm/stable-6.19 PR 20260202
----------------------------------------------------------------
Paul Moore (1):
lsm: preserve /proc/sys/vm/mmap_min_addr when !CONFIG_SECURITY
security/lsm.h | 9 ---------
security/lsm_init.c | 7 +------
security/min_addr.c | 5 ++---
3 files changed, 3 insertions(+), 18 deletions(-)
--
paul-moore.com
^ permalink raw reply
* Re: [PATCH] lsm: preserve /proc/sys/vm/mmap_min_addr when !CONFIG_SECURITY
From: Paul Moore @ 2026-02-02 16:19 UTC (permalink / raw)
To: Lorenzo Stoakes; +Cc: linux-security-module, linux-mm
In-Reply-To: <38c9c9bf-3912-4e16-b15e-60890390e8dc@lucifer.local>
On Mon, Feb 2, 2026 at 5:53 AM Lorenzo Stoakes
<lorenzo.stoakes@oracle.com> wrote:
> On Thu, Jan 29, 2026 at 05:51:33PM -0500, Paul Moore wrote:
> > While reworking the LSM initialization code the
> > /proc/sys/vm/mmap_min_addr handler was inadvertently caught up in the
> > change and the procfs entry wasn't setup when CONFIG_SECURITY was not
> > selected at kernel build time. This patch restores the previous behavior
> > and ensures that the procfs entry is setup regardless of the
> > CONFIG_SECURITY state.
> >
> > Future work will improve upon this, likely by moving the procfs handler
> > into the mm subsystem, but this patch should resolve the immediate
> > regression.
> >
> > Fixes: 4ab5efcc2829 ("lsm: consolidate all of the LSM framework initcalls")
> > Reported-by: Lorenzo Stoakes <lorenzo.stoakes@oracle.com>
> > Signed-off-by: Paul Moore <paul@paul-moore.com>
>
> (Sorry was at fosdem from fri)
>
> LGTM and tested locally confirming it works, thanks so much for the quick
> turnaround! Feel free to add:
>
> Reviewed-by: Lorenzo Stoakes <lorenzo.stoakes@oracle.com>
> Tested-by: Lorenzo Stoakes <lorenzo.stoakes@oracle.com>
>
> Cheers, Lorenzo
Thanks, for the original report, testing, and extra set of eyes! added
and updated lsm/stable-6.19, I'll be sending this to Linus shortly.
--
paul-moore.com
^ permalink raw reply
* Re: [PATCH v13 1/4] rust: types: Add Ownable/Owned types
From: Andreas Hindborg @ 2026-02-02 13:04 UTC (permalink / raw)
To: Gary Guo, Gary Guo, Oliver Mangold
Cc: Miguel Ojeda, Alex Gaynor, Boqun Feng, Björn Roy Baron,
Alice Ryhl, Trevor Gross, Benno Lossin, Danilo Krummrich,
Greg Kroah-Hartman, Dave Ertman, Ira Weiny, Leon Romanovsky,
Rafael J. Wysocki, Maarten Lankhorst, Maxime Ripard,
Thomas Zimmermann, David Airlie, Simona Vetter, Alexander Viro,
Christian Brauner, Jan Kara, Lorenzo Stoakes, Liam R. Howlett,
Viresh Kumar, Nishanth Menon, Stephen Boyd, Bjorn Helgaas,
Krzysztof Wilczyński, Paul Moore, Serge Hallyn, Asahi Lina,
rust-for-linux, linux-kernel, linux-block, dri-devel,
linux-fsdevel, linux-mm, linux-pm, linux-pci,
linux-security-module
In-Reply-To: <DG4H66NZ5ME0.3M9CQY1ER4Q0X@garyguo.net>
"Gary Guo" <gary@garyguo.net> writes:
> On Mon Feb 2, 2026 at 9:37 AM GMT, Andreas Hindborg wrote:
>> Gary Guo <gary@garyguo.net> writes:
>>
>>> On Mon, 17 Nov 2025 10:07:40 +0000
>>> Oliver Mangold <oliver.mangold@pm.me> wrote:
>>>
>>>> From: Asahi Lina <lina+kernel@asahilina.net>
<cut>
>>>> +impl<T: Ownable> Owned<T> {
>>>> + /// Creates a new instance of [`Owned`].
>>>> + ///
>>>> + /// It takes over ownership of the underlying object.
>>>> + ///
>>>> + /// # Safety
>>>> + ///
>>>> + /// Callers must ensure that:
>>>> + /// - `ptr` points to a valid instance of `T`.
>>>> + /// - Ownership of the underlying `T` can be transferred to the `Self<T>` (i.e. operations
>>>> + /// which require ownership will be safe).
>>>> + /// - No other Rust references to the underlying object exist. This implies that the underlying
>>>> + /// object is not accessed through `ptr` anymore after the function call (at least until the
>>>> + /// the `Self<T>` is dropped.
>>>
>>> Is this correct? If `Self<T>` is dropped then `T::release` is called so
>>> the pointer should also not be accessed further?
>>
>> I can't follow you point here. Are you saying that the requirement is
>> wrong because `T::release` will access the object by reference? If so,
>> that is part of `Owned<_>::drop`, which is explicitly mentioned in the
>> comment (until .. dropped).
>
> I meant that the `Self<T>` is dropped, the object is destroyed so it should also
> not be accessed further. Perhaps just remove the "(at least ...)" part from
> comment.
Right, got it. The "until.." is in place to allow reuse of the
allocation. There is no requirement here to drop `T` via the `release`
method when an `Owned<T>` is dropped. Implementers are free to implement
schemes that reuse the object without drop and re-init. This can be used
in object caches such as for the block request cache.
>
>>
>>>
>>>> + /// - The C code follows the usual shared reference requirements. That is, the kernel will never
>>>> + /// mutate or free the underlying object (excluding interior mutability that follows the usual
>>>> + /// rules) while Rust owns it.
>>>
>>> The concept "interior mutability" doesn't really exist on the C side.
>>> Also, use of interior mutability (by UnsafeCell) would be incorrect if
>>> the type is implemented in the rust side (as this requires a
>>> UnsafePinned).
>>>
>>> Interior mutability means things can be mutated behind a shared
>>> reference -- however in this case, we have a mutable reference (either
>>> `Pin<&mut Self>` or `&mut Self`)!
>>>
>>> Perhaps together with the next line, they could be just phrased like
>>> this?
>>>
>>> - The underlying object must not be accessed (read or mutated) through
>>> any pointer other than the created `Owned<T>`.
>>> Opt-out is still possbile similar to a mutable reference (e.g. by
>>> using p`Opaque`]).
>>>
>>> I think we should just tell the user "this is just a unique reference
>>> similar to &mut". They should be able to deduce that all the `!Unpin`
>>> that opts out from uniqueness of mutable reference applies here too.
>>
>> I agree. I would suggest updating the struct documentation:
>>
>> @@ -108,7 +108,7 @@ pub unsafe trait Ownable {
>> unsafe fn release(this: NonNull<Self>);
>> }
>>
>> -/// An owned reference to an owned `T`.
>> +/// An mutable reference to an owned `T`.
>> ///
>> /// The [`Ownable`] is automatically freed or released when an instance of [`Owned`] is
>> /// dropped.
>>
>> And then the safety requirement as
>>
>> An `Owned<T>` is a mutable reference to the underlying object. As such,
>> the object must not be accessed (read or mutated) through any pointer
>> other than the created `Owned<T>`. Opt-out is still possbile similar to
>> a mutable reference (e.g. by using [`Opaque`]).
>
> Sounds good to me.
OK.
>
>>
>>
>>>> + /// - In case `T` implements [`Unpin`] the previous requirement is extended from shared to
>>>> + /// mutable reference requirements. That is, the kernel will not mutate or free the underlying
>>>> + /// object and is okay with it being modified by Rust code.
>>>
>>> - If `T` implements [`Unpin`], the structure must not be mutated for
>>> the entire lifetime of `Owned<T>`.
>>
>> Would it be OK to just write "If `T: Unpin`, the ..."?
>>
>> Again, opt out is possible, right?
>>
>
> When the "mutable reference" framing above I think you can just drop this part.
Agreed.
>
>>>
>>>> + pub unsafe fn from_raw(ptr: NonNull<T>) -> Self {
>>>
>>> This needs a (rather trivial) INVARIANT comment.
>>
>> OK.
>>
>>>
>>>> + Self {
>>>> + ptr,
>>>> + }
>>>> + }
>>>> +
>>>> + /// Consumes the [`Owned`], returning a raw pointer.
>>>> + ///
>>>> + /// This function does not actually relinquish ownership of the object. After calling this
>>>
>>> Perhaps "relinquish" isn't the best word here? In my mental model
>>> this function is pretty much relinquishing ownership as `Owned<T>` no
>>> longer exists. It just doesn't release the object.
>>
>> How about this:
>>
>>
>> /// Consumes the [`Owned`], returning a raw pointer.
>> ///
>> /// This function does not drop the underlying `T`. When this function returns, ownership of the
>> /// underlying `T` is with the caller.
>
> SGTM.
OK.
Best regards,
Andreas Hindborg
^ permalink raw reply
* Re: [PATCH v13 1/4] rust: types: Add Ownable/Owned types
From: Gary Guo @ 2026-02-02 12:29 UTC (permalink / raw)
To: Andreas Hindborg, Gary Guo, Oliver Mangold
Cc: Miguel Ojeda, Alex Gaynor, Boqun Feng, Björn Roy Baron,
Alice Ryhl, Trevor Gross, Benno Lossin, Danilo Krummrich,
Greg Kroah-Hartman, Dave Ertman, Ira Weiny, Leon Romanovsky,
Rafael J. Wysocki, Maarten Lankhorst, Maxime Ripard,
Thomas Zimmermann, David Airlie, Simona Vetter, Alexander Viro,
Christian Brauner, Jan Kara, Lorenzo Stoakes, Liam R. Howlett,
Viresh Kumar, Nishanth Menon, Stephen Boyd, Bjorn Helgaas,
Krzysztof Wilczyński, Paul Moore, Serge Hallyn, Asahi Lina,
rust-for-linux, linux-kernel, linux-block, dri-devel,
linux-fsdevel, linux-mm, linux-pm, linux-pci,
linux-security-module
In-Reply-To: <87343jqydo.fsf@t14s.mail-host-address-is-not-set>
On Mon Feb 2, 2026 at 9:37 AM GMT, Andreas Hindborg wrote:
> Gary Guo <gary@garyguo.net> writes:
>
>> On Mon, 17 Nov 2025 10:07:40 +0000
>> Oliver Mangold <oliver.mangold@pm.me> wrote:
>>
>>> From: Asahi Lina <lina+kernel@asahilina.net>
>>>
>>> By analogy to `AlwaysRefCounted` and `ARef`, an `Ownable` type is a
>>> (typically C FFI) type that *may* be owned by Rust, but need not be. Unlike
>>> `AlwaysRefCounted`, this mechanism expects the reference to be unique
>>> within Rust, and does not allow cloning.
>>>
>>> Conceptually, this is similar to a `KBox<T>`, except that it delegates
>>> resource management to the `T` instead of using a generic allocator.
>>>
>>> [ om:
>>> - Split code into separate file and `pub use` it from types.rs.
>>> - Make from_raw() and into_raw() public.
>>> - Remove OwnableMut, and make DerefMut dependent on Unpin instead.
>>> - Usage example/doctest for Ownable/Owned.
>>> - Fixes to documentation and commit message.
>>> ]
>>>
>>> Link: https://lore.kernel.org/all/20250202-rust-page-v1-1-e3170d7fe55e@asahilina.net/
>>> Signed-off-by: Asahi Lina <lina+kernel@asahilina.net>
>>> Co-developed-by: Oliver Mangold <oliver.mangold@pm.me>
>>> Signed-off-by: Oliver Mangold <oliver.mangold@pm.me>
>>> Co-developed-by: Andreas Hindborg <a.hindborg@kernel.org>
>>> Signed-off-by: Andreas Hindborg <a.hindborg@kernel.org>
>>> Reviewed-by: Boqun Feng <boqun.feng@gmail.com>
>>> ---
>>> rust/kernel/lib.rs | 1 +
>>> rust/kernel/owned.rs | 195 +++++++++++++++++++++++++++++++++++++++++++++++
>>> rust/kernel/sync/aref.rs | 5 ++
>>> rust/kernel/types.rs | 2 +
>>> 4 files changed, 203 insertions(+)
>>>
>>> diff --git a/rust/kernel/lib.rs b/rust/kernel/lib.rs
>>> index 3dd7bebe7888..e0ee04330dd0 100644
>>> --- a/rust/kernel/lib.rs
>>> +++ b/rust/kernel/lib.rs
>>> @@ -112,6 +112,7 @@
>>> pub mod of;
>>> #[cfg(CONFIG_PM_OPP)]
>>> pub mod opp;
>>> +pub mod owned;
>>> pub mod page;
>>> #[cfg(CONFIG_PCI)]
>>> pub mod pci;
>>> diff --git a/rust/kernel/owned.rs b/rust/kernel/owned.rs
>>> new file mode 100644
>>> index 000000000000..a2cdd2cb8a10
>>> --- /dev/null
>>> +++ b/rust/kernel/owned.rs
>>> @@ -0,0 +1,195 @@
>>> +// SPDX-License-Identifier: GPL-2.0
>>> +
>>> +//! Unique owned pointer types for objects with custom drop logic.
>>> +//!
>>> +//! These pointer types are useful for C-allocated objects which by API-contract
>>> +//! are owned by Rust, but need to be freed through the C API.
>>> +
>>> +use core::{
>>> + mem::ManuallyDrop,
>>> + ops::{Deref, DerefMut},
>>> + pin::Pin,
>>> + ptr::NonNull,
>>> +};
>>> +
>>> +/// Type allocated and destroyed on the C side, but owned by Rust.
>>
>> The example given in the documentation below shows a valid way of
>> defining a type that's handled on the Rust side, so I think this
>> message is somewhat inaccurate.
>>
>> Perhaps something like
>>
>> Types that specify their own way of performing allocation and
>> destruction. Typically, this trait is implemented on types from
>> the C side.
>
> Thanks, I'll use this.
>
>>
>> ?
>>
>>> +///
>>> +/// Implementing this trait allows types to be referenced via the [`Owned<Self>`] pointer type. This
>>> +/// is useful when it is desirable to tie the lifetime of the reference to an owned object, rather
>>> +/// than pass around a bare reference. [`Ownable`] types can define custom drop logic that is
>>> +/// executed when the owned reference [`Owned<Self>`] pointing to the object is dropped.
>>> +///
>>> +/// Note: The underlying object is not required to provide internal reference counting, because it
>>> +/// represents a unique, owned reference. If reference counting (on the Rust side) is required,
>>> +/// [`AlwaysRefCounted`](crate::types::AlwaysRefCounted) should be implemented.
>>> +///
>>> +/// # Safety
>>> +///
>>> +/// Implementers must ensure that the [`release()`](Self::release) function frees the underlying
>>> +/// object in the correct way for a valid, owned object of this type.
>>> +///
>>> +/// # Examples
>>> +///
>>> +/// A minimal example implementation of [`Ownable`] and its usage with [`Owned`] looks like this:
>>> +///
>>> +/// ```
>>> +/// # #![expect(clippy::disallowed_names)]
>>> +/// # use core::cell::Cell;
>>> +/// # use core::ptr::NonNull;
>>> +/// # use kernel::sync::global_lock;
>>> +/// # use kernel::alloc::{flags, kbox::KBox, AllocError};
>>> +/// # use kernel::types::{Owned, Ownable};
>>> +///
>>> +/// // Let's count the allocations to see if freeing works.
>>> +/// kernel::sync::global_lock! {
>>> +/// // SAFETY: we call `init()` right below, before doing anything else.
>>> +/// unsafe(uninit) static FOO_ALLOC_COUNT: Mutex<usize> = 0;
>>> +/// }
>>> +/// // SAFETY: We call `init()` only once, here.
>>> +/// unsafe { FOO_ALLOC_COUNT.init() };
>>> +///
>>> +/// struct Foo {
>>> +/// }
>>> +///
>>> +/// impl Foo {
>>> +/// fn new() -> Result<Owned<Self>, AllocError> {
>>> +/// // We are just using a `KBox` here to handle the actual allocation, as our `Foo` is
>>> +/// // not actually a C-allocated object.
>>> +/// let result = KBox::new(
>>> +/// Foo {},
>>> +/// flags::GFP_KERNEL,
>>> +/// )?;
>>> +/// let result = NonNull::new(KBox::into_raw(result))
>>> +/// .expect("Raw pointer to newly allocation KBox is null, this should never happen.");
>>> +/// // Count new allocation
>>> +/// *FOO_ALLOC_COUNT.lock() += 1;
>>> +/// // SAFETY: We just allocated the `Self`, thus it is valid and there cannot be any other
>>> +/// // Rust references. Calling `into_raw()` makes us responsible for ownership and we won't
>>> +/// // use the raw pointer anymore. Thus we can transfer ownership to the `Owned`.
>>> +/// Ok(unsafe { Owned::from_raw(result) })
>>> +/// }
>>> +/// }
>>> +///
>>> +/// // SAFETY: What out `release()` function does is safe of any valid `Self`.
>>
>> I can't parse this sentence. Is "out" supposed to be a different word?
>
> I think it should be "our".
>
>>
>>> +/// unsafe impl Ownable for Foo {
>>> +/// unsafe fn release(this: NonNull<Self>) {
>>> +/// // The `Foo` will be dropped when `KBox` goes out of scope.
>>
>> I would just write `drop(unsafe { ... })` to make drop explicit instead
>> of commenting about the implicit drop.
>
> Agree, that is easier to read.
>
>>
>>> +/// // SAFETY: The [`KBox<Self>`] is still alive. We can pass ownership to the [`KBox`], as
>>> +/// // by requirement on calling this function, the `Self` will no longer be used by the
>>> +/// // caller.
>>> +/// unsafe { KBox::from_raw(this.as_ptr()) };
>>> +/// // Count released allocation
>>> +/// *FOO_ALLOC_COUNT.lock() -= 1;
>>> +/// }
>>> +/// }
>>> +///
>>> +/// {
>>> +/// let foo = Foo::new().expect("Failed to allocate a Foo. This shouldn't happen");
>>> +/// assert!(*FOO_ALLOC_COUNT.lock() == 1);
>>> +/// }
>>> +/// // `foo` is out of scope now, so we expect no live allocations.
>>> +/// assert!(*FOO_ALLOC_COUNT.lock() == 0);
>>> +/// ```
>>> +pub unsafe trait Ownable {
>>> + /// Releases the object.
>>> + ///
>>> + /// # Safety
>>> + ///
>>> + /// Callers must ensure that:
>>> + /// - `this` points to a valid `Self`.
>>> + /// - `*this` is no longer used after this call.
>>> + unsafe fn release(this: NonNull<Self>);
>>> +}
>>> +
>>> +/// An owned reference to an owned `T`.
>>> +///
>>> +/// The [`Ownable`] is automatically freed or released when an instance of [`Owned`] is
>>> +/// dropped.
>>> +///
>>> +/// # Invariants
>>> +///
>>> +/// - The [`Owned<T>`] has exclusive access to the instance of `T`.
>>> +/// - The instance of `T` will stay alive at least as long as the [`Owned<T>`] is alive.
>>> +pub struct Owned<T: Ownable> {
>>> + ptr: NonNull<T>,
>>> +}
>>> +
>>> +// SAFETY: It is safe to send an [`Owned<T>`] to another thread when the underlying `T` is [`Send`],
>>> +// because of the ownership invariant. Sending an [`Owned<T>`] is equivalent to sending the `T`.
>>> +unsafe impl<T: Ownable + Send> Send for Owned<T> {}
>>> +
>>> +// SAFETY: It is safe to send [`&Owned<T>`] to another thread when the underlying `T` is [`Sync`],
>>> +// because of the ownership invariant. Sending an [`&Owned<T>`] is equivalent to sending the `&T`.
>>> +unsafe impl<T: Ownable + Sync> Sync for Owned<T> {}
>>> +
>>> +impl<T: Ownable> Owned<T> {
>>> + /// Creates a new instance of [`Owned`].
>>> + ///
>>> + /// It takes over ownership of the underlying object.
>>> + ///
>>> + /// # Safety
>>> + ///
>>> + /// Callers must ensure that:
>>> + /// - `ptr` points to a valid instance of `T`.
>>> + /// - Ownership of the underlying `T` can be transferred to the `Self<T>` (i.e. operations
>>> + /// which require ownership will be safe).
>>> + /// - No other Rust references to the underlying object exist. This implies that the underlying
>>> + /// object is not accessed through `ptr` anymore after the function call (at least until the
>>> + /// the `Self<T>` is dropped.
>>
>> Is this correct? If `Self<T>` is dropped then `T::release` is called so
>> the pointer should also not be accessed further?
>
> I can't follow you point here. Are you saying that the requirement is
> wrong because `T::release` will access the object by reference? If so,
> that is part of `Owned<_>::drop`, which is explicitly mentioned in the
> comment (until .. dropped).
I meant that the `Self<T>` is dropped, the object is destroyed so it should also
not be accessed further. Perhaps just remove the "(at least ...)" part from
comment.
>
>>
>>> + /// - The C code follows the usual shared reference requirements. That is, the kernel will never
>>> + /// mutate or free the underlying object (excluding interior mutability that follows the usual
>>> + /// rules) while Rust owns it.
>>
>> The concept "interior mutability" doesn't really exist on the C side.
>> Also, use of interior mutability (by UnsafeCell) would be incorrect if
>> the type is implemented in the rust side (as this requires a
>> UnsafePinned).
>>
>> Interior mutability means things can be mutated behind a shared
>> reference -- however in this case, we have a mutable reference (either
>> `Pin<&mut Self>` or `&mut Self`)!
>>
>> Perhaps together with the next line, they could be just phrased like
>> this?
>>
>> - The underlying object must not be accessed (read or mutated) through
>> any pointer other than the created `Owned<T>`.
>> Opt-out is still possbile similar to a mutable reference (e.g. by
>> using p`Opaque`]).
>>
>> I think we should just tell the user "this is just a unique reference
>> similar to &mut". They should be able to deduce that all the `!Unpin`
>> that opts out from uniqueness of mutable reference applies here too.
>
> I agree. I would suggest updating the struct documentation:
>
> @@ -108,7 +108,7 @@ pub unsafe trait Ownable {
> unsafe fn release(this: NonNull<Self>);
> }
>
> -/// An owned reference to an owned `T`.
> +/// An mutable reference to an owned `T`.
> ///
> /// The [`Ownable`] is automatically freed or released when an instance of [`Owned`] is
> /// dropped.
>
> And then the safety requirement as
>
> An `Owned<T>` is a mutable reference to the underlying object. As such,
> the object must not be accessed (read or mutated) through any pointer
> other than the created `Owned<T>`. Opt-out is still possbile similar to
> a mutable reference (e.g. by using [`Opaque`]).
Sounds good to me.
>
>
>>> + /// - In case `T` implements [`Unpin`] the previous requirement is extended from shared to
>>> + /// mutable reference requirements. That is, the kernel will not mutate or free the underlying
>>> + /// object and is okay with it being modified by Rust code.
>>
>> - If `T` implements [`Unpin`], the structure must not be mutated for
>> the entire lifetime of `Owned<T>`.
>
> Would it be OK to just write "If `T: Unpin`, the ..."?
>
> Again, opt out is possible, right?
>
When the "mutable reference" framing above I think you can just drop this part.
>>
>>> + pub unsafe fn from_raw(ptr: NonNull<T>) -> Self {
>>
>> This needs a (rather trivial) INVARIANT comment.
>
> OK.
>
>>
>>> + Self {
>>> + ptr,
>>> + }
>>> + }
>>> +
>>> + /// Consumes the [`Owned`], returning a raw pointer.
>>> + ///
>>> + /// This function does not actually relinquish ownership of the object. After calling this
>>
>> Perhaps "relinquish" isn't the best word here? In my mental model
>> this function is pretty much relinquishing ownership as `Owned<T>` no
>> longer exists. It just doesn't release the object.
>
> How about this:
>
>
> /// Consumes the [`Owned`], returning a raw pointer.
> ///
> /// This function does not drop the underlying `T`. When this function returns, ownership of the
> /// underlying `T` is with the caller.
SGTM.
>
>
> Thanks for the comments!
Best,
Gary
>
>
> Best regards,
> Andreas Hindborg
^ permalink raw reply
* Re: [PATCH] lsm: preserve /proc/sys/vm/mmap_min_addr when !CONFIG_SECURITY
From: Lorenzo Stoakes @ 2026-02-02 10:53 UTC (permalink / raw)
To: Paul Moore; +Cc: linux-security-module, linux-mm
In-Reply-To: <20260129225132.420484-2-paul@paul-moore.com>
On Thu, Jan 29, 2026 at 05:51:33PM -0500, Paul Moore wrote:
> While reworking the LSM initialization code the
> /proc/sys/vm/mmap_min_addr handler was inadvertently caught up in the
> change and the procfs entry wasn't setup when CONFIG_SECURITY was not
> selected at kernel build time. This patch restores the previous behavior
> and ensures that the procfs entry is setup regardless of the
> CONFIG_SECURITY state.
>
> Future work will improve upon this, likely by moving the procfs handler
> into the mm subsystem, but this patch should resolve the immediate
> regression.
>
> Fixes: 4ab5efcc2829 ("lsm: consolidate all of the LSM framework initcalls")
> Reported-by: Lorenzo Stoakes <lorenzo.stoakes@oracle.com>
> Signed-off-by: Paul Moore <paul@paul-moore.com>
(Sorry was at fosdem from fri)
LGTM and tested locally confirming it works, thanks so much for the quick
turnaround! Feel free to add:
Reviewed-by: Lorenzo Stoakes <lorenzo.stoakes@oracle.com>
Tested-by: Lorenzo Stoakes <lorenzo.stoakes@oracle.com>
Cheers, Lorenzo
> ---
> security/lsm.h | 9 ---------
> security/lsm_init.c | 7 +------
> security/min_addr.c | 5 ++---
> 3 files changed, 3 insertions(+), 18 deletions(-)
>
> diff --git a/security/lsm.h b/security/lsm.h
> index 81aadbc61685..db77cc83e158 100644
> --- a/security/lsm.h
> +++ b/security/lsm.h
> @@ -37,15 +37,6 @@ int lsm_task_alloc(struct task_struct *task);
>
> /* LSM framework initializers */
>
> -#ifdef CONFIG_MMU
> -int min_addr_init(void);
> -#else
> -static inline int min_addr_init(void)
> -{
> - return 0;
> -}
> -#endif /* CONFIG_MMU */
> -
> #ifdef CONFIG_SECURITYFS
> int securityfs_init(void);
> #else
> diff --git a/security/lsm_init.c b/security/lsm_init.c
> index 05bd52e6b1f2..573e2a7250c4 100644
> --- a/security/lsm_init.c
> +++ b/security/lsm_init.c
> @@ -489,12 +489,7 @@ int __init security_init(void)
> */
> static int __init security_initcall_pure(void)
> {
> - int rc_adr, rc_lsm;
> -
> - rc_adr = min_addr_init();
> - rc_lsm = lsm_initcall(pure);
> -
> - return (rc_adr ? rc_adr : rc_lsm);
> + return lsm_initcall(pure);
> }
> pure_initcall(security_initcall_pure);
>
> diff --git a/security/min_addr.c b/security/min_addr.c
> index 0fde5ec9abc8..56e4f9d25929 100644
> --- a/security/min_addr.c
> +++ b/security/min_addr.c
> @@ -5,8 +5,6 @@
> #include <linux/sysctl.h>
> #include <linux/minmax.h>
>
> -#include "lsm.h"
> -
> /* amount of vm to protect from userspace access by both DAC and the LSM*/
> unsigned long mmap_min_addr;
> /* amount of vm to protect from userspace using CAP_SYS_RAWIO (DAC) */
> @@ -54,10 +52,11 @@ static const struct ctl_table min_addr_sysctl_table[] = {
> },
> };
>
> -int __init min_addr_init(void)
> +static int __init mmap_min_addr_init(void)
> {
> register_sysctl_init("vm", min_addr_sysctl_table);
> update_mmap_min_addr();
>
> return 0;
> }
> +pure_initcall(mmap_min_addr_init);
> --
> 2.52.0
>
^ permalink raw reply
* Re: [PATCH v13 3/4] rust: Add missing SAFETY documentation for `ARef` example
From: Andreas Hindborg @ 2026-02-02 9:52 UTC (permalink / raw)
To: Daniel Almeida, Oliver Mangold
Cc: Miguel Ojeda, Alex Gaynor, Boqun Feng, Gary Guo,
Björn Roy Baron, Alice Ryhl, Trevor Gross, Benno Lossin,
Danilo Krummrich, Greg Kroah-Hartman, Dave Ertman, Ira Weiny,
Leon Romanovsky, Rafael J. Wysocki, Maarten Lankhorst,
Maxime Ripard, Thomas Zimmermann, David Airlie, Simona Vetter,
Alexander Viro, Christian Brauner, Jan Kara, Lorenzo Stoakes,
Liam R. Howlett, Viresh Kumar, Nishanth Menon, Stephen Boyd,
Bjorn Helgaas, Krzysztof Wilczyński, Paul Moore,
Serge Hallyn, Asahi Lina, rust-for-linux, linux-kernel,
linux-block, dri-devel, linux-fsdevel, linux-mm, linux-pm,
linux-pci, linux-security-module
In-Reply-To: <06C410F4-8534-43B4-8DE1-039F70B26E5A@collabora.com>
Daniel Almeida <daniel.almeida@collabora.com> writes:
>> On 17 Nov 2025, at 07:08, Oliver Mangold <oliver.mangold@pm.me> wrote:
>>
>> SAFETY comment in rustdoc example was just 'TODO'. Fixed.
>>
>> Signed-off-by: Oliver Mangold <oliver.mangold@pm.me>
>> Co-developed-by: Andreas Hindborg <a.hindborg@kernel.org>
>> Signed-off-by: Andreas Hindborg <a.hindborg@kernel.org>
>> ---
>> rust/kernel/sync/aref.rs | 10 ++++++----
>> 1 file changed, 6 insertions(+), 4 deletions(-)
>>
>> diff --git a/rust/kernel/sync/aref.rs b/rust/kernel/sync/aref.rs
>> index 4226119d5ac9..937dcf6ed5de 100644
>> --- a/rust/kernel/sync/aref.rs
>> +++ b/rust/kernel/sync/aref.rs
>> @@ -129,12 +129,14 @@ pub unsafe fn from_raw(ptr: NonNull<T>) -> Self {
>> /// # Examples
>> ///
>> /// ```
>> - /// use core::ptr::NonNull;
>> - /// use kernel::sync::aref::{ARef, RefCounted};
>> + /// # use core::ptr::NonNull;
>> + /// # use kernel::sync::aref::{ARef, RefCounted};
>> ///
>> /// struct Empty {}
>> ///
>> - /// # // SAFETY: TODO.
>> + /// // SAFETY: The `RefCounted` implementation for `Empty` does not count references and
>> + /// // never frees the underlying object. Thus we can act as having a refcount on the object
>
> nit: perhaps saying “an increment on the refcount” is clearer?
OK
/// // SAFETY: The `RefCounted` implementation for `Empty` does not count references and never
/// // frees the underlying object. Thus we can act as owning an increment on the refcount for
/// // the object that we pass to the newly created `ARef`.
>
>> + /// // that we pass to the newly created `ARef`.
>> /// unsafe impl RefCounted for Empty {
>> /// fn inc_ref(&self) {}
>> /// unsafe fn dec_ref(_obj: NonNull<Self>) {}
>> @@ -142,7 +144,7 @@ pub unsafe fn from_raw(ptr: NonNull<T>) -> Self {
>> ///
>> /// let mut data = Empty {};
>> /// let ptr = NonNull::<Empty>::new(&mut data).unwrap();
>> - /// # // SAFETY: TODO.
>> + /// // SAFETY: We keep `data` around longer than the `ARef`.
>> /// let data_ref: ARef<Empty> = unsafe { ARef::from_raw(ptr) };
>> /// let raw_ptr: NonNull<Empty> = ARef::into_raw(data_ref);
>> ///
>>
>> --
>> 2.51.2
>>
>>
>>
>
> Reviewed-by: Daniel Almeida <daniel.almeida@collabora.com>
Thanks.
Best regards,
Andreas Hindborg
^ permalink raw reply
* Re: [PATCH v13 1/4] rust: types: Add Ownable/Owned types
From: Andreas Hindborg @ 2026-02-02 9:14 UTC (permalink / raw)
To: Daniel Almeida, Oliver Mangold
Cc: Miguel Ojeda, Alex Gaynor, Boqun Feng, Gary Guo,
Björn Roy Baron, Alice Ryhl, Trevor Gross, Benno Lossin,
Danilo Krummrich, Greg Kroah-Hartman, Dave Ertman, Ira Weiny,
Leon Romanovsky, Rafael J. Wysocki, Maarten Lankhorst,
Maxime Ripard, Thomas Zimmermann, David Airlie, Simona Vetter,
Alexander Viro, Christian Brauner, Jan Kara, Lorenzo Stoakes,
Liam R. Howlett, Viresh Kumar, Nishanth Menon, Stephen Boyd,
Bjorn Helgaas, Krzysztof Wilczyński, Paul Moore,
Serge Hallyn, Asahi Lina, rust-for-linux, linux-kernel,
linux-block, dri-devel, linux-fsdevel, linux-mm, linux-pm,
linux-pci, linux-security-module
In-Reply-To: <C95B13F7-B3F5-4508-A862-EAD22EF56FE2@collabora.com>
Hi Daniel,
I'll send the next iteration of this series.
Daniel Almeida <daniel.almeida@collabora.com> writes:
> Hi Oliver,
>
>> On 17 Nov 2025, at 07:07, Oliver Mangold <oliver.mangold@pm.me> wrote:
>>
>> From: Asahi Lina <lina+kernel@asahilina.net>
>>
>> By analogy to `AlwaysRefCounted` and `ARef`, an `Ownable` type is a
>> (typically C FFI) type that *may* be owned by Rust, but need not be. Unlike
>> `AlwaysRefCounted`, this mechanism expects the reference to be unique
>> within Rust, and does not allow cloning.
>>
>> Conceptually, this is similar to a `KBox<T>`, except that it delegates
>> resource management to the `T` instead of using a generic allocator.
>>
>> [ om:
>> - Split code into separate file and `pub use` it from types.rs.
>> - Make from_raw() and into_raw() public.
>> - Remove OwnableMut, and make DerefMut dependent on Unpin instead.
>> - Usage example/doctest for Ownable/Owned.
>> - Fixes to documentation and commit message.
>> ]
>>
>> Link: https://lore.kernel.org/all/20250202-rust-page-v1-1-e3170d7fe55e@asahilina.net/
>> Signed-off-by: Asahi Lina <lina+kernel@asahilina.net>
>> Co-developed-by: Oliver Mangold <oliver.mangold@pm.me>
>> Signed-off-by: Oliver Mangold <oliver.mangold@pm.me>
>> Co-developed-by: Andreas Hindborg <a.hindborg@kernel.org>
>> Signed-off-by: Andreas Hindborg <a.hindborg@kernel.org>
>> Reviewed-by: Boqun Feng <boqun.feng@gmail.com>
>> ---
>> rust/kernel/lib.rs | 1 +
>> rust/kernel/owned.rs | 195 +++++++++++++++++++++++++++++++++++++++++++++++
>> rust/kernel/sync/aref.rs | 5 ++
>> rust/kernel/types.rs | 2 +
>> 4 files changed, 203 insertions(+)
>>
>> diff --git a/rust/kernel/lib.rs b/rust/kernel/lib.rs
>> index 3dd7bebe7888..e0ee04330dd0 100644
>> --- a/rust/kernel/lib.rs
>> +++ b/rust/kernel/lib.rs
>> @@ -112,6 +112,7 @@
>> pub mod of;
>> #[cfg(CONFIG_PM_OPP)]
>> pub mod opp;
>> +pub mod owned;
>> pub mod page;
>> #[cfg(CONFIG_PCI)]
>> pub mod pci;
>> diff --git a/rust/kernel/owned.rs b/rust/kernel/owned.rs
>> new file mode 100644
>> index 000000000000..a2cdd2cb8a10
>> --- /dev/null
>> +++ b/rust/kernel/owned.rs
>> @@ -0,0 +1,195 @@
>> +// SPDX-License-Identifier: GPL-2.0
>> +
>> +//! Unique owned pointer types for objects with custom drop logic.
>> +//!
>> +//! These pointer types are useful for C-allocated objects which by API-contract
>> +//! are owned by Rust, but need to be freed through the C API.
>> +
>> +use core::{
>> + mem::ManuallyDrop,
>> + ops::{Deref, DerefMut},
>> + pin::Pin,
>> + ptr::NonNull,
>> +};
>> +
>> +/// Type allocated and destroyed on the C side, but owned by Rust.
>> +///
>> +/// Implementing this trait allows types to be referenced via the [`Owned<Self>`] pointer type. This
>> +/// is useful when it is desirable to tie the lifetime of the reference to an owned object, rather
>> +/// than pass around a bare reference. [`Ownable`] types can define custom drop logic that is
>> +/// executed when the owned reference [`Owned<Self>`] pointing to the object is dropped.
>> +///
>> +/// Note: The underlying object is not required to provide internal reference counting, because it
>> +/// represents a unique, owned reference. If reference counting (on the Rust side) is required,
>> +/// [`AlwaysRefCounted`](crate::types::AlwaysRefCounted) should be implemented.
>> +///
>> +/// # Safety
>> +///
>> +/// Implementers must ensure that the [`release()`](Self::release) function frees the underlying
>> +/// object in the correct way for a valid, owned object of this type.
>> +///
>> +/// # Examples
>> +///
>> +/// A minimal example implementation of [`Ownable`] and its usage with [`Owned`] looks like this:
>> +///
>> +/// ```
>> +/// # #![expect(clippy::disallowed_names)]
>> +/// # use core::cell::Cell;
>> +/// # use core::ptr::NonNull;
>> +/// # use kernel::sync::global_lock;
>> +/// # use kernel::alloc::{flags, kbox::KBox, AllocError};
>> +/// # use kernel::types::{Owned, Ownable};
>> +///
>> +/// // Let's count the allocations to see if freeing works.
>> +/// kernel::sync::global_lock! {
>> +/// // SAFETY: we call `init()` right below, before doing anything else.
>> +/// unsafe(uninit) static FOO_ALLOC_COUNT: Mutex<usize> = 0;
>> +/// }
>> +/// // SAFETY: We call `init()` only once, here.
>> +/// unsafe { FOO_ALLOC_COUNT.init() };
>> +///
>> +/// struct Foo {
>> +/// }
>
> nit: this can be simply:
>
> struct Foo;
Got it.
>
>> +///
>> +/// impl Foo {
>> +/// fn new() -> Result<Owned<Self>, AllocError> {
>> +/// // We are just using a `KBox` here to handle the actual allocation, as our `Foo` is
>> +/// // not actually a C-allocated object.
>> +/// let result = KBox::new(
>> +/// Foo {},
>> +/// flags::GFP_KERNEL,
>> +/// )?;
>> +/// let result = NonNull::new(KBox::into_raw(result))
>> +/// .expect("Raw pointer to newly allocation KBox is null, this should never happen.");
>> +/// // Count new allocation
>> +/// *FOO_ALLOC_COUNT.lock() += 1;
>> +/// // SAFETY: We just allocated the `Self`, thus it is valid and there cannot be any other
>> +/// // Rust references. Calling `into_raw()` makes us responsible for ownership and we won't
>> +/// // use the raw pointer anymore. Thus we can transfer ownership to the `Owned`.
>> +/// Ok(unsafe { Owned::from_raw(result) })
>> +/// }
>> +/// }
>> +///
>> +/// // SAFETY: What out `release()` function does is safe of any valid `Self`.
>> +/// unsafe impl Ownable for Foo {
>> +/// unsafe fn release(this: NonNull<Self>) {
>> +/// // The `Foo` will be dropped when `KBox` goes out of scope.
>> +/// // SAFETY: The [`KBox<Self>`] is still alive. We can pass ownership to the [`KBox`], as
>> +/// // by requirement on calling this function, the `Self` will no longer be used by the
>> +/// // caller.
>> +/// unsafe { KBox::from_raw(this.as_ptr()) };
>> +/// // Count released allocation
>> +/// *FOO_ALLOC_COUNT.lock() -= 1;
>> +/// }
>> +/// }
>> +///
>> +/// {
>> +/// let foo = Foo::new().expect("Failed to allocate a Foo. This shouldn't happen");
>> +/// assert!(*FOO_ALLOC_COUNT.lock() == 1);
>> +/// }
>> +/// // `foo` is out of scope now, so we expect no live allocations.
>> +/// assert!(*FOO_ALLOC_COUNT.lock() == 0);
>> +/// ```
>> +pub unsafe trait Ownable {
>> + /// Releases the object.
>> + ///
>> + /// # Safety
>> + ///
>> + /// Callers must ensure that:
>> + /// - `this` points to a valid `Self`.
>> + /// - `*this` is no longer used after this call.
>> + unsafe fn release(this: NonNull<Self>);
>> +}
>> +
>> +/// An owned reference to an owned `T`.
>> +///
>> +/// The [`Ownable`] is automatically freed or released when an instance of [`Owned`] is
>> +/// dropped.
>> +///
>> +/// # Invariants
>> +///
>> +/// - The [`Owned<T>`] has exclusive access to the instance of `T`.
>> +/// - The instance of `T` will stay alive at least as long as the [`Owned<T>`] is alive.
>> +pub struct Owned<T: Ownable> {
>> + ptr: NonNull<T>,
>> +}
>> +
>> +// SAFETY: It is safe to send an [`Owned<T>`] to another thread when the underlying `T` is [`Send`],
>> +// because of the ownership invariant. Sending an [`Owned<T>`] is equivalent to sending the `T`.
>> +unsafe impl<T: Ownable + Send> Send for Owned<T> {}
>> +
>> +// SAFETY: It is safe to send [`&Owned<T>`] to another thread when the underlying `T` is [`Sync`],
>> +// because of the ownership invariant. Sending an [`&Owned<T>`] is equivalent to sending the `&T`.
>> +unsafe impl<T: Ownable + Sync> Sync for Owned<T> {}
>> +
>> +impl<T: Ownable> Owned<T> {
>
> Can you make sure that impl Owned<T> follows the struct declaration?
>
> IOW: please move the Send and Sync impls to be after the impl above.
I don't really see the point, but moving them is no problem, so let's do that.
>
>> + /// Creates a new instance of [`Owned`].
>> + ///
>> + /// It takes over ownership of the underlying object.
>> + ///
>> + /// # Safety
>> + ///
>> + /// Callers must ensure that:
>> + /// - `ptr` points to a valid instance of `T`.
>> + /// - Ownership of the underlying `T` can be transferred to the `Self<T>` (i.e. operations
>> + /// which require ownership will be safe).
>> + /// - No other Rust references to the underlying object exist. This implies that the underlying
>> + /// object is not accessed through `ptr` anymore after the function call (at least until the
>> + /// the `Self<T>` is dropped.
>
> It looks like this can be written more succinctly as:
>
> "This implies that the underlying object is not accessed through `ptr` anymore until `Self<T>` is dropped."
I'll rephrase with that text.
>
>> + /// - The C code follows the usual shared reference requirements. That is, the kernel will never
>> + /// mutate or free the underlying object (excluding interior mutability that follows the usual
>> + /// rules) while Rust owns it.
>> + /// - In case `T` implements [`Unpin`] the previous requirement is extended from shared to
>> + /// mutable reference requirements. That is, the kernel will not mutate or free the underlying
>> + /// object and is okay with it being modified by Rust code.
>> + pub unsafe fn from_raw(ptr: NonNull<T>) -> Self {
>> + Self {
>> + ptr,
>> + }
>> + }
>> +
>> + /// Consumes the [`Owned`], returning a raw pointer.
>> + ///
>> + /// This function does not actually relinquish ownership of the object. After calling this
>> + /// function, the caller is responsible for ownership previously managed
>> + /// by the [`Owned`].
>> + pub fn into_raw(me: Self) -> NonNull<T> {
>> + ManuallyDrop::new(me).ptr
>> + }
>> +
>> + /// Get a pinned mutable reference to the data owned by this `Owned<T>`.
>> + pub fn get_pin_mut(&mut self) -> Pin<&mut T> {
>> + // SAFETY: The type invariants guarantee that the object is valid, and that we can safely
>> + // return a mutable reference to it.
>> + let unpinned = unsafe { self.ptr.as_mut() };
>> +
>> + // SAFETY: We never hand out unpinned mutable references to the data in
>> + // `Self`, unless the contained type is `Unpin`.
>> + unsafe { Pin::new_unchecked(unpinned) }
>> + }
>> +}
>> +
>> +impl<T: Ownable> Deref for Owned<T> {
>> + type Target = T;
>> +
>> + fn deref(&self) -> &Self::Target {
>> + // SAFETY: The type invariants guarantee that the object is valid.
>> + unsafe { self.ptr.as_ref() }
>> + }
>> +}
>> +
>> +impl<T: Ownable + Unpin> DerefMut for Owned<T> {
>> + fn deref_mut(&mut self) -> &mut Self::Target {
>> + // SAFETY: The type invariants guarantee that the object is valid, and that we can safely
>> + // return a mutable reference to it.
>> + unsafe { self.ptr.as_mut() }
>> + }
>> +}
>> +
>> +impl<T: Ownable> Drop for Owned<T> {
>> + fn drop(&mut self) {
>> + // SAFETY: The type invariants guarantee that the `Owned` owns the object we're about to
>> + // release.
>> + unsafe { T::release(self.ptr) };
>> + }
>> +}
>> diff --git a/rust/kernel/sync/aref.rs b/rust/kernel/sync/aref.rs
>> index 0d24a0432015..e175aefe8615 100644
>> --- a/rust/kernel/sync/aref.rs
>> +++ b/rust/kernel/sync/aref.rs
>> @@ -29,6 +29,11 @@
>> /// Rust code, the recommendation is to use [`Arc`](crate::sync::Arc) to create reference-counted
>> /// instances of a type.
>> ///
>> +/// Note: Implementing this trait allows types to be wrapped in an [`ARef<Self>`]. It requires an
>> +/// internal reference count and provides only shared references. If unique references are required
>> +/// [`Ownable`](crate::types::Ownable) should be implemented which allows types to be wrapped in an
>> +/// [`Owned<Self>`](crate::types::Owned).
>> +///
>> /// # Safety
>> ///
>> /// Implementers must ensure that increments to the reference count keep the object alive in memory
>> diff --git a/rust/kernel/types.rs b/rust/kernel/types.rs
>> index dc0a02f5c3cf..7bc07c38cd6c 100644
>> --- a/rust/kernel/types.rs
>> +++ b/rust/kernel/types.rs
>> @@ -11,6 +11,8 @@
>> };
>> use pin_init::{PinInit, Wrapper, Zeroable};
>>
>> +pub use crate::owned::{Ownable, Owned};
>> +
>> pub use crate::sync::aref::{ARef, AlwaysRefCounted};
>>
>> /// Used to transfer ownership to and from foreign (non-Rust) languages.
>>
>> --
>> 2.51.2
>>
>>
>>
>
> With the changes above,
>
> Reviewed-by: Daniel Almeida <daniel.almeida@collabora.com>
Thanks!
^ permalink raw reply
* Re: [PATCH v13 2/4] rust: `AlwaysRefCounted` is renamed to `RefCounted`.
From: Andreas Hindborg @ 2026-02-02 9:46 UTC (permalink / raw)
To: Daniel Almeida, Oliver Mangold
Cc: Miguel Ojeda, Alex Gaynor, Boqun Feng, Gary Guo,
Björn Roy Baron, Alice Ryhl, Trevor Gross, Benno Lossin,
Danilo Krummrich, Greg Kroah-Hartman, Dave Ertman, Ira Weiny,
Leon Romanovsky, Rafael J. Wysocki, Maarten Lankhorst,
Maxime Ripard, Thomas Zimmermann, David Airlie, Simona Vetter,
Alexander Viro, Christian Brauner, Jan Kara, Lorenzo Stoakes,
Liam R. Howlett, Viresh Kumar, Nishanth Menon, Stephen Boyd,
Bjorn Helgaas, Krzysztof Wilczyński, Paul Moore,
Serge Hallyn, Asahi Lina, rust-for-linux, linux-kernel,
linux-block, dri-devel, linux-fsdevel, linux-mm, linux-pm,
linux-pci, linux-security-module
In-Reply-To: <D2C11077-2001-4E45-8039-C999E6CA5606@collabora.com>
Daniel Almeida <daniel.almeida@collabora.com> writes:
>> On 17 Nov 2025, at 07:07, Oliver Mangold <oliver.mangold@pm.me> wrote:
>>
>> `AlwaysRefCounted` will become a marker trait to indicate that it is
>> allowed to obtain an `ARef<T>` from a `&T`, which cannot be allowed for
>> types which are also Ownable.
>>
>> Signed-off-by: Oliver Mangold <oliver.mangold@pm.me>
>> Co-developed-by: Andreas Hindborg <a.hindborg@kernel.org>
>> Signed-off-by: Andreas Hindborg <a.hindborg@kernel.org>
>> Suggested-by: Alice Ryhl <aliceryhl@google.com>
>> ---
>> rust/kernel/auxiliary.rs | 7 +++++-
>> rust/kernel/block/mq/request.rs | 15 +++++++------
>> rust/kernel/cred.rs | 13 ++++++++++--
>> rust/kernel/device.rs | 13 ++++++++----
>> rust/kernel/device/property.rs | 7 +++++-
>> rust/kernel/drm/device.rs | 10 ++++++---
>> rust/kernel/drm/gem/mod.rs | 10 ++++++---
>> rust/kernel/fs/file.rs | 16 ++++++++++----
>> rust/kernel/mm.rs | 15 +++++++++----
>> rust/kernel/mm/mmput_async.rs | 9 ++++++--
>> rust/kernel/opp.rs | 10 ++++++---
>> rust/kernel/owned.rs | 2 +-
>> rust/kernel/pci.rs | 10 ++++++---
>> rust/kernel/pid_namespace.rs | 12 +++++++++--
>> rust/kernel/platform.rs | 7 +++++-
>> rust/kernel/sync/aref.rs | 47 ++++++++++++++++++++++++++---------------
>> rust/kernel/task.rs | 10 ++++++---
>> rust/kernel/types.rs | 2 +-
>> 18 files changed, 154 insertions(+), 61 deletions(-)
>>
>> diff --git a/rust/kernel/auxiliary.rs b/rust/kernel/auxiliary.rs
>> index 7a3b0b9c418e..7f5b16053c11 100644
>> --- a/rust/kernel/auxiliary.rs
>> +++ b/rust/kernel/auxiliary.rs
>> @@ -10,6 +10,7 @@
>> driver,
>> error::{from_result, to_result, Result},
>> prelude::*,
>> + sync::aref::{AlwaysRefCounted, RefCounted},
>> types::Opaque,
>> ThisModule,
>> };
>> @@ -239,7 +240,7 @@ extern "C" fn release(dev: *mut bindings::device) {
>> kernel::impl_device_context_into_aref!(Device);
>>
>> // SAFETY: Instances of `Device` are always reference-counted.
>> -unsafe impl crate::sync::aref::AlwaysRefCounted for Device {
>> +unsafe impl RefCounted for Device {
>> fn inc_ref(&self) {
>> // SAFETY: The existence of a shared reference guarantees that the refcount is non-zero.
>> unsafe { bindings::get_device(self.as_ref().as_raw()) };
>> @@ -258,6 +259,10 @@ unsafe fn dec_ref(obj: NonNull<Self>) {
>> }
>> }
>>
>> +// SAFETY: We do not implement `Ownable`, thus it is okay to obtain an `ARef<Device>` from a
>> +// `&Device`.
>> +unsafe impl AlwaysRefCounted for Device {}
>> +
>> impl<Ctx: device::DeviceContext> AsRef<device::Device<Ctx>> for Device<Ctx> {
>> fn as_ref(&self) -> &device::Device<Ctx> {
>> // SAFETY: By the type invariant of `Self`, `self.as_raw()` is a pointer to a valid
>> diff --git a/rust/kernel/block/mq/request.rs b/rust/kernel/block/mq/request.rs
>> index c5f1f6b1ccfb..b6165f96b4ce 100644
>> --- a/rust/kernel/block/mq/request.rs
>> +++ b/rust/kernel/block/mq/request.rs
>> @@ -8,7 +8,7 @@
>> bindings,
>> block::mq::Operations,
>> error::Result,
>> - sync::{atomic::Relaxed, Refcount},
>> + sync::{aref::RefCounted, atomic::Relaxed, Refcount},
>> types::{ARef, AlwaysRefCounted, Opaque},
>> };
>> use core::{marker::PhantomData, ptr::NonNull};
>> @@ -225,11 +225,10 @@ unsafe impl<T: Operations> Send for Request<T> {}
>> // mutate `self` are internally synchronized`
>> unsafe impl<T: Operations> Sync for Request<T> {}
>>
>> -// SAFETY: All instances of `Request<T>` are reference counted. This
>> -// implementation of `AlwaysRefCounted` ensure that increments to the ref count
>> -// keeps the object alive in memory at least until a matching reference count
>> -// decrement is executed.
>> -unsafe impl<T: Operations> AlwaysRefCounted for Request<T> {
>> +// SAFETY: All instances of `Request<T>` are reference counted. This implementation of `RefCounted`
>> +// ensure that increments to the ref count keeps the object alive in memory at least until a
>> +// matching reference count decrement is executed.
>> +unsafe impl<T: Operations> RefCounted for Request<T> {
>> fn inc_ref(&self) {
>> self.wrapper_ref().refcount().inc();
>> }
>> @@ -251,3 +250,7 @@ unsafe fn dec_ref(obj: core::ptr::NonNull<Self>) {
>> }
>> }
>> }
>> +
>> +// SAFETY: We currently do not implement `Ownable`, thus it is okay to obtain an `ARef<Request>`
>> +// from a `&Request` (but this will change in the future).
>> +unsafe impl<T: Operations> AlwaysRefCounted for Request<T> {}
>> diff --git a/rust/kernel/cred.rs b/rust/kernel/cred.rs
>> index ffa156b9df37..20ef0144094b 100644
>> --- a/rust/kernel/cred.rs
>> +++ b/rust/kernel/cred.rs
>> @@ -8,7 +8,12 @@
>> //!
>> //! Reference: <https://www.kernel.org/doc/html/latest/security/credentials.html>
>>
>> -use crate::{bindings, sync::aref::AlwaysRefCounted, task::Kuid, types::Opaque};
>> +use crate::{
>> + bindings,
>> + sync::aref::RefCounted,
>> + task::Kuid,
>> + types::{AlwaysRefCounted, Opaque},
>> +};
>>
>> /// Wraps the kernel's `struct cred`.
>> ///
>> @@ -76,7 +81,7 @@ pub fn euid(&self) -> Kuid {
>> }
>>
>> // SAFETY: The type invariants guarantee that `Credential` is always ref-counted.
>> -unsafe impl AlwaysRefCounted for Credential {
>> +unsafe impl RefCounted for Credential {
>> #[inline]
>> fn inc_ref(&self) {
>> // SAFETY: The existence of a shared reference means that the refcount is nonzero.
>> @@ -90,3 +95,7 @@ unsafe fn dec_ref(obj: core::ptr::NonNull<Credential>) {
>> unsafe { bindings::put_cred(obj.cast().as_ptr()) };
>> }
>> }
>> +
>> +// SAFETY: We do not implement `Ownable`, thus it is okay to obtain an `ARef<Credential>` from a
>> +// `&Credential`.
>> +unsafe impl AlwaysRefCounted for Credential {}
>> diff --git a/rust/kernel/device.rs b/rust/kernel/device.rs
>> index a849b7dde2fd..a69ee32997c1 100644
>> --- a/rust/kernel/device.rs
>> +++ b/rust/kernel/device.rs
>> @@ -5,9 +5,10 @@
>> //! C header: [`include/linux/device.h`](srctree/include/linux/device.h)
>>
>> use crate::{
>> - bindings, fmt,
>> - sync::aref::ARef,
>> - types::{ForeignOwnable, Opaque},
>> + bindings,
>> + fmt,
>> + sync::aref::RefCounted,
>> + types::{ARef, AlwaysRefCounted, ForeignOwnable, Opaque},
>> };
>> use core::{marker::PhantomData, ptr};
>>
>> @@ -407,7 +408,7 @@ pub fn fwnode(&self) -> Option<&property::FwNode> {
>> kernel::impl_device_context_into_aref!(Device);
>>
>> // SAFETY: Instances of `Device` are always reference-counted.
>> -unsafe impl crate::sync::aref::AlwaysRefCounted for Device {
>> +unsafe impl RefCounted for Device {
>> fn inc_ref(&self) {
>> // SAFETY: The existence of a shared reference guarantees that the refcount is non-zero.
>> unsafe { bindings::get_device(self.as_raw()) };
>> @@ -419,6 +420,10 @@ unsafe fn dec_ref(obj: ptr::NonNull<Self>) {
>> }
>> }
>>
>> +// SAFETY: We do not implement `Ownable`, thus it is okay to obtain an `ARef<Device>` from a
>> +// `&Device`.
>> +unsafe impl AlwaysRefCounted for Device {}
>> +
>> // SAFETY: As by the type invariant `Device` can be sent to any thread.
>> unsafe impl Send for Device {}
>>
>> diff --git a/rust/kernel/device/property.rs b/rust/kernel/device/property.rs
>> index 3a332a8c53a9..a8bb824ad0ec 100644
>> --- a/rust/kernel/device/property.rs
>> +++ b/rust/kernel/device/property.rs
>> @@ -14,6 +14,7 @@
>> fmt,
>> prelude::*,
>> str::{CStr, CString},
>> + sync::aref::{AlwaysRefCounted, RefCounted},
>> types::{ARef, Opaque},
>> };
>>
>> @@ -359,7 +360,7 @@ fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
>> }
>>
>> // SAFETY: Instances of `FwNode` are always reference-counted.
>> -unsafe impl crate::types::AlwaysRefCounted for FwNode {
>> +unsafe impl RefCounted for FwNode {
>> fn inc_ref(&self) {
>> // SAFETY: The existence of a shared reference guarantees that the
>> // refcount is non-zero.
>> @@ -373,6 +374,10 @@ unsafe fn dec_ref(obj: ptr::NonNull<Self>) {
>> }
>> }
>>
>> +// SAFETY: We do not implement `Ownable`, thus it is okay to obtain an `ARef<FwNode>` from a
>> +// `&FwNode`.
>> +unsafe impl AlwaysRefCounted for FwNode {}
>> +
>> enum Node<'a> {
>> Borrowed(&'a FwNode),
>> Owned(ARef<FwNode>),
>> diff --git a/rust/kernel/drm/device.rs b/rust/kernel/drm/device.rs
>> index 3ce8f62a0056..38ce7f389ed0 100644
>> --- a/rust/kernel/drm/device.rs
>> +++ b/rust/kernel/drm/device.rs
>> @@ -11,8 +11,8 @@
>> error::from_err_ptr,
>> error::Result,
>> prelude::*,
>> - sync::aref::{ARef, AlwaysRefCounted},
>> - types::Opaque,
>> + sync::aref::{AlwaysRefCounted, RefCounted},
>> + types::{ARef, Opaque},
>> };
>> use core::{alloc::Layout, mem, ops::Deref, ptr, ptr::NonNull};
>>
>> @@ -198,7 +198,7 @@ fn deref(&self) -> &Self::Target {
>>
>> // SAFETY: DRM device objects are always reference counted and the get/put functions
>> // satisfy the requirements.
>> -unsafe impl<T: drm::Driver> AlwaysRefCounted for Device<T> {
>> +unsafe impl<T: drm::Driver> RefCounted for Device<T> {
>> fn inc_ref(&self) {
>> // SAFETY: The existence of a shared reference guarantees that the refcount is non-zero.
>> unsafe { bindings::drm_dev_get(self.as_raw()) };
>> @@ -213,6 +213,10 @@ unsafe fn dec_ref(obj: NonNull<Self>) {
>> }
>> }
>>
>> +// SAFETY: We do not implement `Ownable`, thus it is okay to obtain an `ARef<Device>` from a
>> +// `&Device`.
>> +unsafe impl<T: drm::Driver> AlwaysRefCounted for Device<T> {}
>> +
>> impl<T: drm::Driver> AsRef<device::Device> for Device<T> {
>> fn as_ref(&self) -> &device::Device {
>> // SAFETY: `bindings::drm_device::dev` is valid as long as the DRM device itself is valid,
>> diff --git a/rust/kernel/drm/gem/mod.rs b/rust/kernel/drm/gem/mod.rs
>> index 30c853988b94..4afd36e49205 100644
>> --- a/rust/kernel/drm/gem/mod.rs
>> +++ b/rust/kernel/drm/gem/mod.rs
>> @@ -10,8 +10,8 @@
>> drm::driver::{AllocImpl, AllocOps},
>> error::{to_result, Result},
>> prelude::*,
>> - sync::aref::{ARef, AlwaysRefCounted},
>> - types::Opaque,
>> + sync::aref::RefCounted,
>> + types::{ARef, AlwaysRefCounted, Opaque},
>> };
>> use core::{ops::Deref, ptr::NonNull};
>>
>> @@ -56,7 +56,7 @@ pub trait IntoGEMObject: Sized + super::private::Sealed + AlwaysRefCounted {
>> }
>>
>> // SAFETY: All gem objects are refcounted.
>> -unsafe impl<T: IntoGEMObject> AlwaysRefCounted for T {
>> +unsafe impl<T: IntoGEMObject> RefCounted for T {
>> fn inc_ref(&self) {
>> // SAFETY: The existence of a shared reference guarantees that the refcount is non-zero.
>> unsafe { bindings::drm_gem_object_get(self.as_raw()) };
>> @@ -75,6 +75,10 @@ unsafe fn dec_ref(obj: NonNull<Self>) {
>> }
>> }
>>
>> +// SAFETY: We do not implement `Ownable`, thus it is okay to obtain an `ARef<T>` from a
>> +// `&T`.
>> +unsafe impl<T: IntoGEMObject> crate::types::AlwaysRefCounted for T {}
>> +
>> extern "C" fn open_callback<T: DriverObject>(
>> raw_obj: *mut bindings::drm_gem_object,
>> raw_file: *mut bindings::drm_file,
>> diff --git a/rust/kernel/fs/file.rs b/rust/kernel/fs/file.rs
>> index cd6987850332..86309ca5dad0 100644
>> --- a/rust/kernel/fs/file.rs
>> +++ b/rust/kernel/fs/file.rs
>> @@ -12,8 +12,8 @@
>> cred::Credential,
>> error::{code::*, to_result, Error, Result},
>> fmt,
>> - sync::aref::{ARef, AlwaysRefCounted},
>> - types::{NotThreadSafe, Opaque},
>> + sync::aref::RefCounted,
>> + types::{ARef, AlwaysRefCounted, NotThreadSafe, Opaque},
>> };
>> use core::ptr;
>>
>> @@ -192,7 +192,7 @@ unsafe impl Sync for File {}
>>
>> // SAFETY: The type invariants guarantee that `File` is always ref-counted. This implementation
>> // makes `ARef<File>` own a normal refcount.
>> -unsafe impl AlwaysRefCounted for File {
>> +unsafe impl RefCounted for File {
>> #[inline]
>> fn inc_ref(&self) {
>> // SAFETY: The existence of a shared reference means that the refcount is nonzero.
>> @@ -207,6 +207,10 @@ unsafe fn dec_ref(obj: ptr::NonNull<File>) {
>> }
>> }
>>
>> +// SAFETY: We do not implement `Ownable`, thus it is okay to obtain an `ARef<File>` from a
>> +// `&File`.
>> +unsafe impl AlwaysRefCounted for File {}
>> +
>> /// Wraps the kernel's `struct file`. Not thread safe.
>> ///
>> /// This type represents a file that is not known to be safe to transfer across thread boundaries.
>> @@ -228,7 +232,7 @@ pub struct LocalFile {
>>
>> // SAFETY: The type invariants guarantee that `LocalFile` is always ref-counted. This implementation
>> // makes `ARef<LocalFile>` own a normal refcount.
>> -unsafe impl AlwaysRefCounted for LocalFile {
>> +unsafe impl RefCounted for LocalFile {
>> #[inline]
>> fn inc_ref(&self) {
>> // SAFETY: The existence of a shared reference means that the refcount is nonzero.
>> @@ -244,6 +248,10 @@ unsafe fn dec_ref(obj: ptr::NonNull<LocalFile>) {
>> }
>> }
>>
>> +// SAFETY: We do not implement `Ownable`, thus it is okay to obtain an `ARef<LocalFile>` from a
>> +// `&LocalFile`.
>> +unsafe impl AlwaysRefCounted for LocalFile {}
>> +
>> impl LocalFile {
>> /// Constructs a new `struct file` wrapper from a file descriptor.
>> ///
>> diff --git a/rust/kernel/mm.rs b/rust/kernel/mm.rs
>> index 4764d7b68f2a..dd9e3969e720 100644
>> --- a/rust/kernel/mm.rs
>> +++ b/rust/kernel/mm.rs
>> @@ -13,8 +13,8 @@
>>
>> use crate::{
>> bindings,
>> - sync::aref::{ARef, AlwaysRefCounted},
>> - types::{NotThreadSafe, Opaque},
>> + sync::aref::RefCounted,
>> + types::{ARef, AlwaysRefCounted, NotThreadSafe, Opaque},
>> };
>> use core::{ops::Deref, ptr::NonNull};
>>
>> @@ -55,7 +55,7 @@ unsafe impl Send for Mm {}
>> unsafe impl Sync for Mm {}
>>
>> // SAFETY: By the type invariants, this type is always refcounted.
>> -unsafe impl AlwaysRefCounted for Mm {
>> +unsafe impl RefCounted for Mm {
>> #[inline]
>> fn inc_ref(&self) {
>> // SAFETY: The pointer is valid since self is a reference.
>> @@ -69,6 +69,9 @@ unsafe fn dec_ref(obj: NonNull<Self>) {
>> }
>> }
>>
>> +// SAFETY: We do not implement `Ownable`, thus it is okay to obtain an `ARef<Mm>` from a `&Mm`.
>> +unsafe impl AlwaysRefCounted for Mm {}
>> +
>> /// A wrapper for the kernel's `struct mm_struct`.
>> ///
>> /// This type is like [`Mm`], but with non-zero `mm_users`. It can only be used when `mm_users` can
>> @@ -91,7 +94,7 @@ unsafe impl Send for MmWithUser {}
>> unsafe impl Sync for MmWithUser {}
>>
>> // SAFETY: By the type invariants, this type is always refcounted.
>> -unsafe impl AlwaysRefCounted for MmWithUser {
>> +unsafe impl RefCounted for MmWithUser {
>> #[inline]
>> fn inc_ref(&self) {
>> // SAFETY: The pointer is valid since self is a reference.
>> @@ -105,6 +108,10 @@ unsafe fn dec_ref(obj: NonNull<Self>) {
>> }
>> }
>>
>> +// SAFETY: We do not implement `Ownable`, thus it is okay to obtain an `ARef<MmWithUser>` from a
>> +// `&MmWithUser`.
>> +unsafe impl AlwaysRefCounted for MmWithUser {}
>> +
>> // Make all `Mm` methods available on `MmWithUser`.
>> impl Deref for MmWithUser {
>> type Target = Mm;
>> diff --git a/rust/kernel/mm/mmput_async.rs b/rust/kernel/mm/mmput_async.rs
>> index b8d2f051225c..aba4ce675c86 100644
>> --- a/rust/kernel/mm/mmput_async.rs
>> +++ b/rust/kernel/mm/mmput_async.rs
>> @@ -10,7 +10,8 @@
>> use crate::{
>> bindings,
>> mm::MmWithUser,
>> - sync::aref::{ARef, AlwaysRefCounted},
>> + sync::aref::RefCounted,
>> + types::{ARef, AlwaysRefCounted},
>> };
>> use core::{ops::Deref, ptr::NonNull};
>>
>> @@ -34,7 +35,7 @@ unsafe impl Send for MmWithUserAsync {}
>> unsafe impl Sync for MmWithUserAsync {}
>>
>> // SAFETY: By the type invariants, this type is always refcounted.
>> -unsafe impl AlwaysRefCounted for MmWithUserAsync {
>> +unsafe impl RefCounted for MmWithUserAsync {
>> #[inline]
>> fn inc_ref(&self) {
>> // SAFETY: The pointer is valid since self is a reference.
>> @@ -48,6 +49,10 @@ unsafe fn dec_ref(obj: NonNull<Self>) {
>> }
>> }
>>
>> +// SAFETY: We do not implement `Ownable`, thus it is okay to obtain an `ARef<MmWithUserAsync>`
>> +// from a `&MmWithUserAsync`.
>> +unsafe impl AlwaysRefCounted for MmWithUserAsync {}
>> +
>> // Make all `MmWithUser` methods available on `MmWithUserAsync`.
>> impl Deref for MmWithUserAsync {
>> type Target = MmWithUser;
>> diff --git a/rust/kernel/opp.rs b/rust/kernel/opp.rs
>> index 2c763fa9276d..77d1cc89c412 100644
>> --- a/rust/kernel/opp.rs
>> +++ b/rust/kernel/opp.rs
>> @@ -16,8 +16,8 @@
>> ffi::c_ulong,
>> prelude::*,
>> str::CString,
>> - sync::aref::{ARef, AlwaysRefCounted},
>> - types::Opaque,
>> + sync::aref::RefCounted,
>> + types::{ARef, AlwaysRefCounted, Opaque},
>> };
>>
>> #[cfg(CONFIG_CPU_FREQ)]
>> @@ -1037,7 +1037,7 @@ unsafe impl Send for OPP {}
>> unsafe impl Sync for OPP {}
>>
>> /// SAFETY: The type invariants guarantee that [`OPP`] is always refcounted.
>> -unsafe impl AlwaysRefCounted for OPP {
>> +unsafe impl RefCounted for OPP {
>> fn inc_ref(&self) {
>> // SAFETY: The existence of a shared reference means that the refcount is nonzero.
>> unsafe { bindings::dev_pm_opp_get(self.0.get()) };
>> @@ -1049,6 +1049,10 @@ unsafe fn dec_ref(obj: ptr::NonNull<Self>) {
>> }
>> }
>>
>> +// SAFETY: We do not implement `Ownable`, thus it is okay to obtain an `ARef<OPP>` from an
>> +// `&OPP`.
>> +unsafe impl AlwaysRefCounted for OPP {}
>> +
>> impl OPP {
>> /// Creates an owned reference to a [`OPP`] from a valid pointer.
>> ///
>> diff --git a/rust/kernel/owned.rs b/rust/kernel/owned.rs
>> index a2cdd2cb8a10..a26747cbc13b 100644
>> --- a/rust/kernel/owned.rs
>> +++ b/rust/kernel/owned.rs
>> @@ -21,7 +21,7 @@
>> ///
>> /// Note: The underlying object is not required to provide internal reference counting, because it
>> /// represents a unique, owned reference. If reference counting (on the Rust side) is required,
>> -/// [`AlwaysRefCounted`](crate::types::AlwaysRefCounted) should be implemented.
>> +/// [`RefCounted`](crate::types::RefCounted) should be implemented.
>> ///
>> /// # Safety
>> ///
>> diff --git a/rust/kernel/pci.rs b/rust/kernel/pci.rs
>> index 7fcc5f6022c1..9ac70823fb4d 100644
>> --- a/rust/kernel/pci.rs
>> +++ b/rust/kernel/pci.rs
>> @@ -13,8 +13,8 @@
>> io::{Io, IoRaw},
>> irq::{self, IrqRequest},
>> str::CStr,
>> - sync::aref::ARef,
>> - types::Opaque,
>> + sync::aref::{AlwaysRefCounted, RefCounted},
>> + types::{ARef, Opaque},
>> ThisModule,
>> };
>> use core::{
>> @@ -601,7 +601,7 @@ pub fn set_master(&self) {
>> impl crate::dma::Device for Device<device::Core> {}
>>
>> // SAFETY: Instances of `Device` are always reference-counted.
>> -unsafe impl crate::sync::aref::AlwaysRefCounted for Device {
>> +unsafe impl RefCounted for Device {
>> fn inc_ref(&self) {
>> // SAFETY: The existence of a shared reference guarantees that the refcount is non-zero.
>> unsafe { bindings::pci_dev_get(self.as_raw()) };
>> @@ -613,6 +613,10 @@ unsafe fn dec_ref(obj: NonNull<Self>) {
>> }
>> }
>>
>> +// SAFETY: We do not implement `Ownable`, thus it is okay to obtain an `ARef<Device>` from a
>> +// `&Device`.
>> +unsafe impl AlwaysRefCounted for Device {}
>> +
>> impl<Ctx: device::DeviceContext> AsRef<device::Device<Ctx>> for Device<Ctx> {
>> fn as_ref(&self) -> &device::Device<Ctx> {
>> // SAFETY: By the type invariant of `Self`, `self.as_raw()` is a pointer to a valid
>> diff --git a/rust/kernel/pid_namespace.rs b/rust/kernel/pid_namespace.rs
>> index 979a9718f153..4f6a94540e33 100644
>> --- a/rust/kernel/pid_namespace.rs
>> +++ b/rust/kernel/pid_namespace.rs
>> @@ -7,7 +7,11 @@
>> //! C header: [`include/linux/pid_namespace.h`](srctree/include/linux/pid_namespace.h) and
>> //! [`include/linux/pid.h`](srctree/include/linux/pid.h)
>>
>> -use crate::{bindings, sync::aref::AlwaysRefCounted, types::Opaque};
>> +use crate::{
>> + bindings,
>> + sync::aref::RefCounted,
>> + types::{AlwaysRefCounted, Opaque},
>> +};
>> use core::ptr;
>>
>> /// Wraps the kernel's `struct pid_namespace`. Thread safe.
>> @@ -41,7 +45,7 @@ pub unsafe fn from_ptr<'a>(ptr: *const bindings::pid_namespace) -> &'a Self {
>> }
>>
>> // SAFETY: Instances of `PidNamespace` are always reference-counted.
>> -unsafe impl AlwaysRefCounted for PidNamespace {
>> +unsafe impl RefCounted for PidNamespace {
>> #[inline]
>> fn inc_ref(&self) {
>> // SAFETY: The existence of a shared reference means that the refcount is nonzero.
>> @@ -55,6 +59,10 @@ unsafe fn dec_ref(obj: ptr::NonNull<PidNamespace>) {
>> }
>> }
>>
>> +// SAFETY: We do not implement `Ownable`, thus it is okay to obtain an `ARef<PidNamespace>` from
>> +// a `&PidNamespace`.
>> +unsafe impl AlwaysRefCounted for PidNamespace {}
>> +
>> // SAFETY:
>> // - `PidNamespace::dec_ref` can be called from any thread.
>> // - It is okay to send ownership of `PidNamespace` across thread boundaries.
>> diff --git a/rust/kernel/platform.rs b/rust/kernel/platform.rs
>> index 7205fe3416d3..bf2aa496b377 100644
>> --- a/rust/kernel/platform.rs
>> +++ b/rust/kernel/platform.rs
>> @@ -13,6 +13,7 @@
>> irq::{self, IrqRequest},
>> of,
>> prelude::*,
>> + sync::aref::{AlwaysRefCounted, RefCounted},
>> types::Opaque,
>> ThisModule,
>> };
>> @@ -468,7 +469,7 @@ pub fn optional_irq_by_name(&self, name: &CStr) -> Result<IrqRequest<'_>> {
>> impl crate::dma::Device for Device<device::Core> {}
>>
>> // SAFETY: Instances of `Device` are always reference-counted.
>> -unsafe impl crate::sync::aref::AlwaysRefCounted for Device {
>> +unsafe impl RefCounted for Device {
>> fn inc_ref(&self) {
>> // SAFETY: The existence of a shared reference guarantees that the refcount is non-zero.
>> unsafe { bindings::get_device(self.as_ref().as_raw()) };
>> @@ -480,6 +481,10 @@ unsafe fn dec_ref(obj: NonNull<Self>) {
>> }
>> }
>>
>> +// SAFETY: We do not implement `Ownable`, thus it is okay to obtain an `ARef<Device>` from a
>> +// `&Device`.
>> +unsafe impl AlwaysRefCounted for Device {}
>> +
>> impl<Ctx: device::DeviceContext> AsRef<device::Device<Ctx>> for Device<Ctx> {
>> fn as_ref(&self) -> &device::Device<Ctx> {
>> // SAFETY: By the type invariant of `Self`, `self.as_raw()` is a pointer to a valid
>> diff --git a/rust/kernel/sync/aref.rs b/rust/kernel/sync/aref.rs
>> index e175aefe8615..4226119d5ac9 100644
>> --- a/rust/kernel/sync/aref.rs
>> +++ b/rust/kernel/sync/aref.rs
>> @@ -19,11 +19,9 @@
>>
>> use core::{marker::PhantomData, mem::ManuallyDrop, ops::Deref, ptr::NonNull};
>>
>> -/// Types that are _always_ reference counted.
>> +/// Types that are internally reference counted.
>> ///
>> /// It allows such types to define their own custom ref increment and decrement functions.
>> -/// Additionally, it allows users to convert from a shared reference `&T` to an owned reference
>> -/// [`ARef<T>`].
>> ///
>> /// This is usually implemented by wrappers to existing structures on the C side of the code. For
>> /// Rust code, the recommendation is to use [`Arc`](crate::sync::Arc) to create reference-counted
>> @@ -40,9 +38,8 @@
>> /// at least until matching decrements are performed.
>> ///
>> /// Implementers must also ensure that all instances are reference-counted. (Otherwise they
>> -/// won't be able to honour the requirement that [`AlwaysRefCounted::inc_ref`] keep the object
>> -/// alive.)
>> -pub unsafe trait AlwaysRefCounted {
>> +/// won't be able to honour the requirement that [`RefCounted::inc_ref`] keep the object alive.)
>> +pub unsafe trait RefCounted {
>> /// Increments the reference count on the object.
>> fn inc_ref(&self);
>>
>> @@ -55,11 +52,27 @@ pub unsafe trait AlwaysRefCounted {
>> /// Callers must ensure that there was a previous matching increment to the reference count,
>> /// and that the object is no longer used after its reference count is decremented (as it may
>> /// result in the object being freed), unless the caller owns another increment on the refcount
>> - /// (e.g., it calls [`AlwaysRefCounted::inc_ref`] twice, then calls
>> - /// [`AlwaysRefCounted::dec_ref`] once).
>> + /// (e.g., it calls [`RefCounted::inc_ref`] twice, then calls [`RefCounted::dec_ref`] once).
>> unsafe fn dec_ref(obj: NonNull<Self>);
>> }
>>
>> +/// Always reference-counted type.
>> +///
>> +/// It allows to derive a counted reference [`ARef<T>`] from a `&T`.
>> +///
>> +/// This provides some convenience, but it allows "escaping" borrow checks on `&T`. As it
>> +/// complicates attempts to ensure that a reference to T is unique, it is optional to provide for
>> +/// [`RefCounted`] types. See *Safety* below.
>> +///
>> +/// # Safety
>> +///
>> +/// Implementers must ensure that no safety invariants are violated by upgrading an `&T` to an
>> +/// [`ARef<T>`]. In particular that implies [`AlwaysRefCounted`] and [`crate::types::Ownable`]
>> +/// cannot be implemented for the same type, as this would allow to violate the uniqueness guarantee
>> +/// of [`crate::types::Owned<T>`] by derefencing it into an `&T` and obtaining an [`ARef`] from
>> +/// that.
>> +pub unsafe trait AlwaysRefCounted: RefCounted {}
>> +
>> /// An owned reference to an always-reference-counted object.
>> ///
>> /// The object's reference count is automatically decremented when an instance of [`ARef`] is
>> @@ -70,7 +83,7 @@ pub unsafe trait AlwaysRefCounted {
>> ///
>> /// The pointer stored in `ptr` is non-null and valid for the lifetime of the [`ARef`] instance. In
>> /// particular, the [`ARef`] instance owns an increment on the underlying object's reference count.
>> -pub struct ARef<T: AlwaysRefCounted> {
>> +pub struct ARef<T: RefCounted> {
>> ptr: NonNull<T>,
>> _p: PhantomData<T>,
>> }
>> @@ -79,16 +92,16 @@ pub struct ARef<T: AlwaysRefCounted> {
>> // it effectively means sharing `&T` (which is safe because `T` is `Sync`); additionally, it needs
>> // `T` to be `Send` because any thread that has an `ARef<T>` may ultimately access `T` using a
>> // mutable reference, for example, when the reference count reaches zero and `T` is dropped.
>> -unsafe impl<T: AlwaysRefCounted + Sync + Send> Send for ARef<T> {}
>> +unsafe impl<T: RefCounted + Sync + Send> Send for ARef<T> {}
>>
>> // SAFETY: It is safe to send `&ARef<T>` to another thread when the underlying `T` is `Sync`
>> // because it effectively means sharing `&T` (which is safe because `T` is `Sync`); additionally,
>> // it needs `T` to be `Send` because any thread that has a `&ARef<T>` may clone it and get an
>> // `ARef<T>` on that thread, so the thread may ultimately access `T` using a mutable reference, for
>> // example, when the reference count reaches zero and `T` is dropped.
>> -unsafe impl<T: AlwaysRefCounted + Sync + Send> Sync for ARef<T> {}
>> +unsafe impl<T: RefCounted + Sync + Send> Sync for ARef<T> {}
>>
>> -impl<T: AlwaysRefCounted> ARef<T> {
>> +impl<T: RefCounted> ARef<T> {
>> /// Creates a new instance of [`ARef`].
>> ///
>> /// It takes over an increment of the reference count on the underlying object.
>> @@ -117,12 +130,12 @@ pub unsafe fn from_raw(ptr: NonNull<T>) -> Self {
>> ///
>> /// ```
>> /// use core::ptr::NonNull;
>> - /// use kernel::sync::aref::{ARef, AlwaysRefCounted};
>> + /// use kernel::sync::aref::{ARef, RefCounted};
>> ///
>> /// struct Empty {}
>> ///
>> /// # // SAFETY: TODO.
>> - /// unsafe impl AlwaysRefCounted for Empty {
>> + /// unsafe impl RefCounted for Empty {
>> /// fn inc_ref(&self) {}
>> /// unsafe fn dec_ref(_obj: NonNull<Self>) {}
>> /// }
>> @@ -140,7 +153,7 @@ pub fn into_raw(me: Self) -> NonNull<T> {
>> }
>> }
>>
>> -impl<T: AlwaysRefCounted> Clone for ARef<T> {
>> +impl<T: RefCounted> Clone for ARef<T> {
>> fn clone(&self) -> Self {
>> self.inc_ref();
>> // SAFETY: We just incremented the refcount above.
>> @@ -148,7 +161,7 @@ fn clone(&self) -> Self {
>> }
>> }
>>
>> -impl<T: AlwaysRefCounted> Deref for ARef<T> {
>> +impl<T: RefCounted> Deref for ARef<T> {
>> type Target = T;
>>
>> fn deref(&self) -> &Self::Target {
>> @@ -165,7 +178,7 @@ fn from(b: &T) -> Self {
>> }
>> }
>>
>> -impl<T: AlwaysRefCounted> Drop for ARef<T> {
>> +impl<T: RefCounted> Drop for ARef<T> {
>> fn drop(&mut self) {
>> // SAFETY: The type invariants guarantee that the `ARef` owns the reference we're about to
>> // decrement.
>> diff --git a/rust/kernel/task.rs b/rust/kernel/task.rs
>> index 49fad6de0674..0a6e38d98456 100644
>> --- a/rust/kernel/task.rs
>> +++ b/rust/kernel/task.rs
>> @@ -9,8 +9,8 @@
>> ffi::{c_int, c_long, c_uint},
>> mm::MmWithUser,
>> pid_namespace::PidNamespace,
>> - sync::aref::ARef,
>> - types::{NotThreadSafe, Opaque},
>> + sync::aref::{AlwaysRefCounted, RefCounted},
>> + types::{ARef, NotThreadSafe, Opaque},
>> };
>> use core::{
>> cmp::{Eq, PartialEq},
>> @@ -348,7 +348,7 @@ pub fn active_pid_ns(&self) -> Option<&PidNamespace> {
>> }
>>
>> // SAFETY: The type invariants guarantee that `Task` is always refcounted.
>> -unsafe impl crate::sync::aref::AlwaysRefCounted for Task {
>> +unsafe impl RefCounted for Task {
>> #[inline]
>> fn inc_ref(&self) {
>> // SAFETY: The existence of a shared reference means that the refcount is nonzero.
>> @@ -362,6 +362,10 @@ unsafe fn dec_ref(obj: ptr::NonNull<Self>) {
>> }
>> }
>>
>> +// SAFETY: We do not implement `Ownable`, thus it is okay to obtain an `ARef<Task>` from a
>> +// `&Task`.
>> +unsafe impl AlwaysRefCounted for Task {}
>> +
>> impl Kuid {
>> /// Get the current euid.
>> #[inline]
>> diff --git a/rust/kernel/types.rs b/rust/kernel/types.rs
>> index 7bc07c38cd6c..8ef01393352b 100644
>> --- a/rust/kernel/types.rs
>> +++ b/rust/kernel/types.rs
>> @@ -13,7 +13,7 @@
>>
>> pub use crate::owned::{Ownable, Owned};
>>
>> -pub use crate::sync::aref::{ARef, AlwaysRefCounted};
>> +pub use crate::sync::aref::{ARef, AlwaysRefCounted, RefCounted};
>>
>> /// Used to transfer ownership to and from foreign (non-Rust) languages.
>> ///
>>
>> --
>> 2.51.2
>>
>>
>>
>
> Can you use imperative voice in the title? i.e.:
>
> rust: rename `AlwaysRefCounted` to `RefCounted
>
> …or something similar?
>
> Reviewed-by: Daniel Almeida <daniel.almeida@collabora.com>
How about this:
rust: rename `AlwaysRefCounted` to `RefCounted`.
Change `AlwaysRefCounted` to be a marker trait that indicate that obtaining
an `ARef<T>` from a `&T` is possible.
- Rename `AlwaysRefCounted` to `RefCounted`.
- Add a new unsafe trait `AlwaysRefCounted`.
- Implement the new trait `AlwaysRefCounted` for the newly renamed
`RefCounted` implementations. This leaves functionality of existing
implementers of `AlwaysRefCounted` intact.
Best regards,
Andreas Hindborg
^ permalink raw reply
* Re: [PATCH v13 4/4] rust: Add `OwnableRefCounted`
From: Andreas Hindborg @ 2026-02-02 10:06 UTC (permalink / raw)
To: Daniel Almeida, Oliver Mangold
Cc: Miguel Ojeda, Alex Gaynor, Boqun Feng, Gary Guo,
Björn Roy Baron, Alice Ryhl, Trevor Gross, Benno Lossin,
Danilo Krummrich, Greg Kroah-Hartman, Dave Ertman, Ira Weiny,
Leon Romanovsky, Rafael J. Wysocki, Maarten Lankhorst,
Maxime Ripard, Thomas Zimmermann, David Airlie, Simona Vetter,
Alexander Viro, Christian Brauner, Jan Kara, Lorenzo Stoakes,
Liam R. Howlett, Viresh Kumar, Nishanth Menon, Stephen Boyd,
Bjorn Helgaas, Krzysztof Wilczyński, Paul Moore,
Serge Hallyn, Asahi Lina, rust-for-linux, linux-kernel,
linux-block, dri-devel, linux-fsdevel, linux-mm, linux-pm,
linux-pci, linux-security-module
In-Reply-To: <A5A7C4C9-1504-439C-B4FF-C28482AF7444@collabora.com>
Daniel Almeida <daniel.almeida@collabora.com> writes:
> Hi Oliver,
>
>> On 17 Nov 2025, at 07:08, Oliver Mangold <oliver.mangold@pm.me> wrote:
>>
>> Types implementing one of these traits can safely convert between an
>> `ARef<T>` and an `Owned<T>`.
>>
>> This is useful for types which generally are accessed through an `ARef`
>> but have methods which can only safely be called when the reference is
>> unique, like e.g. `block::mq::Request::end_ok()`.
>>
>> Signed-off-by: Oliver Mangold <oliver.mangold@pm.me>
>> Co-developed-by: Andreas Hindborg <a.hindborg@kernel.org>
>> Signed-off-by: Andreas Hindborg <a.hindborg@kernel.org>
>> Reviewed-by: Andreas Hindborg <a.hindborg@kernel.org>
>> ---
>> rust/kernel/owned.rs | 138 ++++++++++++++++++++++++++++++++++++++++++++---
>> rust/kernel/sync/aref.rs | 11 +++-
>> rust/kernel/types.rs | 2 +-
>> 3 files changed, 141 insertions(+), 10 deletions(-)
>>
>> diff --git a/rust/kernel/owned.rs b/rust/kernel/owned.rs
>> index a26747cbc13b..26ab2b00ada0 100644
>> --- a/rust/kernel/owned.rs
>> +++ b/rust/kernel/owned.rs
>> @@ -5,6 +5,7 @@
>> //! These pointer types are useful for C-allocated objects which by API-contract
>> //! are owned by Rust, but need to be freed through the C API.
>>
>> +use crate::sync::aref::{ARef, RefCounted};
>> use core::{
>> mem::ManuallyDrop,
>> ops::{Deref, DerefMut},
>> @@ -14,14 +15,16 @@
>>
>> /// Type allocated and destroyed on the C side, but owned by Rust.
>> ///
>> -/// Implementing this trait allows types to be referenced via the [`Owned<Self>`] pointer type. This
>> -/// is useful when it is desirable to tie the lifetime of the reference to an owned object, rather
>> -/// than pass around a bare reference. [`Ownable`] types can define custom drop logic that is
>> -/// executed when the owned reference [`Owned<Self>`] pointing to the object is dropped.
>> +/// Implementing this trait allows types to be referenced via the [`Owned<Self>`] pointer type.
>> +/// - This is useful when it is desirable to tie the lifetime of an object reference to an owned
>> +/// object, rather than pass around a bare reference.
>> +/// - [`Ownable`] types can define custom drop logic that is executed when the owned reference
>> +/// of type [`Owned<_>`] pointing to the object is dropped.
>> ///
>> /// Note: The underlying object is not required to provide internal reference counting, because it
>> /// represents a unique, owned reference. If reference counting (on the Rust side) is required,
>> -/// [`RefCounted`](crate::types::RefCounted) should be implemented.
>> +/// [`RefCounted`] should be implemented. [`OwnableRefCounted`] should be implemented if conversion
>> +/// between unique and shared (reference counted) ownership is needed.
>> ///
>> /// # Safety
>> ///
>> @@ -143,9 +146,7 @@ impl<T: Ownable> Owned<T> {
>> /// mutable reference requirements. That is, the kernel will not mutate or free the underlying
>> /// object and is okay with it being modified by Rust code.
>> pub unsafe fn from_raw(ptr: NonNull<T>) -> Self {
>> - Self {
>> - ptr,
>> - }
>> + Self { ptr }
>> }
>
> Unrelated change?
Looks like a rustfmt thing. I'll split it out or remove it.
>
>>
>> /// Consumes the [`Owned`], returning a raw pointer.
>> @@ -193,3 +194,124 @@ fn drop(&mut self) {
>> unsafe { T::release(self.ptr) };
>> }
>> }
>> +
>> +/// A trait for objects that can be wrapped in either one of the reference types [`Owned`] and
>> +/// [`ARef`].
>> +///
>> +/// # Examples
>> +///
>> +/// A minimal example implementation of [`OwnableRefCounted`], [`Ownable`] and its usage with
>> +/// [`ARef`] and [`Owned`] looks like this:
>> +///
>> +/// ```
>> +/// # #![expect(clippy::disallowed_names)]
>> +/// # use core::cell::Cell;
>> +/// # use core::ptr::NonNull;
>> +/// # use kernel::alloc::{flags, kbox::KBox, AllocError};
>> +/// # use kernel::sync::aref::{ARef, RefCounted};
>> +/// # use kernel::types::{Owned, Ownable, OwnableRefCounted};
>> +///
>> +/// // Example internally refcounted struct.
>
> nit: IMHO the wording could improve ^
/// // An internally refcounted struct for demonstration purposes.
>
>> +/// //
>> +/// // # Invariants
>> +/// //
>> +/// // - `refcount` is always non-zero for a valid object.
>> +/// // - `refcount` is >1 if there are more than 1 Rust reference to it.
>> +/// //
>> +/// struct Foo {
>> +/// refcount: Cell<usize>,
>> +/// }
>> +///
>> +/// impl Foo {
>> +/// fn new() -> Result<Owned<Self>, AllocError> {
>> +/// // We are just using a `KBox` here to handle the actual allocation, as our `Foo` is
>> +/// // not actually a C-allocated object.
>> +/// let result = KBox::new(
>> +/// Foo {
>> +/// refcount: Cell::new(1),
>> +/// },
>> +/// flags::GFP_KERNEL,
>> +/// )?;
>> +/// let result = NonNull::new(KBox::into_raw(result))
>> +/// .expect("Raw pointer to newly allocation KBox is null, this should never happen.");
>> +/// // SAFETY: We just allocated the `Self`, thus it is valid and there cannot be any other
>> +/// // Rust references. Calling `into_raw()` makes us responsible for ownership and
>> +/// // we won't use the raw pointer anymore, thus we can transfer ownership to the `Owned`.
>> +/// Ok(unsafe { Owned::from_raw(result) })
>> +/// }
>> +/// }
>> +///
>> +/// // SAFETY: We increment and decrement each time the respective function is called and only free
>> +/// // the `Foo` when the refcount reaches zero.
>> +/// unsafe impl RefCounted for Foo {
>> +/// fn inc_ref(&self) {
>> +/// self.refcount.replace(self.refcount.get() + 1);
>> +/// }
>> +///
>> +/// unsafe fn dec_ref(this: NonNull<Self>) {
>> +/// // SAFETY: By requirement on calling this function, the refcount is non-zero,
>> +/// // implying the underlying object is valid.
>> +/// let refcount = unsafe { &this.as_ref().refcount };
>> +/// let new_refcount = refcount.get() - 1;
>> +/// if new_refcount == 0 {
>> +/// // The `Foo` will be dropped when `KBox` goes out of scope.
>> +/// // SAFETY: The [`KBox<Foo>`] is still alive as the old refcount is 1. We can pass
>> +/// // ownership to the [`KBox`] as by requirement on calling this function,
>> +/// // the `Self` will no longer be used by the caller.
>> +/// unsafe { KBox::from_raw(this.as_ptr()) };
>> +/// } else {
>> +/// refcount.replace(new_refcount);
>> +/// }
>> +/// }
>> +/// }
>> +///
>> +/// impl OwnableRefCounted for Foo {
>> +/// fn try_from_shared(this: ARef<Self>) -> Result<Owned<Self>, ARef<Self>> {
>> +/// if this.refcount.get() == 1 {
>> +/// // SAFETY: The `Foo` is still alive and has no other Rust references as the refcount
>> +/// // is 1.
>> +/// Ok(unsafe { Owned::from_raw(ARef::into_raw(this)) })
>> +/// } else {
>> +/// Err(this)
>> +/// }
>> +/// }
>> +/// }
>> +///
>
> We wouldn’t need this implementation if we added a “refcount()”
> member to this trait. This lets you abstract away this logic for all
> implementors, which has the massive upside of making sure we hardcode (and thus
> enforce) the refcount == 1 check.
This exist to allow reference counting schemes that are different from
the general implementation. See [1] for an example.
[1] https://github.com/metaspace/linux/blob/3e46e95f0707fa71259b1d241f689144ad61cc62/rust/kernel/block/mq/request.rs#L478
>
>
>> +/// // SAFETY: This implementation of `release()` is safe for any valid `Self`.
>> +/// unsafe impl Ownable for Foo {
>> +/// unsafe fn release(this: NonNull<Self>) {
>> +/// // SAFETY: Using `dec_ref()` from [`RefCounted`] to release is okay, as the refcount is
>> +/// // always 1 for an [`Owned<Foo>`].
>> +/// unsafe{ Foo::dec_ref(this) };
>> +/// }
>> +/// }
>> +///
>> +/// let foo = Foo::new().expect("Failed to allocate a Foo. This shouldn't happen");
>
> All these “expects()” and custom error strings would go away if you
> place this behind a fictional function that returns Result.
I'll do that.
>
>> +/// let mut foo = ARef::from(foo);
>> +/// {
>> +/// let bar = foo.clone();
>> +/// assert!(Owned::try_from(bar).is_err());
>> +/// }
>> +/// assert!(Owned::try_from(foo).is_ok());
>> +/// ```
>> +pub trait OwnableRefCounted: RefCounted + Ownable + Sized {
>> + /// Checks if the [`ARef`] is unique and convert it to an [`Owned`] it that is that case.
>> + /// Otherwise it returns again an [`ARef`] to the same underlying object.
>> + fn try_from_shared(this: ARef<Self>) -> Result<Owned<Self>, ARef<Self>>;
>
> Again, this method can go way if we add a method to expose the refcount.
>
>> +
>> + /// Converts the [`Owned`] into an [`ARef`].
>> + fn into_shared(this: Owned<Self>) -> ARef<Self> {
>> + // SAFETY: Safe by the requirements on implementing the trait.
>> + unsafe { ARef::from_raw(Owned::into_raw(this)) }
>> + }
>> +}
>> +
>> +impl<T: OwnableRefCounted> TryFrom<ARef<T>> for Owned<T> {
>> + type Error = ARef<T>;
>> + /// Tries to convert the [`ARef`] to an [`Owned`] by calling
>> + /// [`try_from_shared()`](OwnableRefCounted::try_from_shared). In case the [`ARef`] is not
>> + /// unique, it returns again an [`ARef`] to the same underlying object.
>> + fn try_from(b: ARef<T>) -> Result<Owned<T>, Self::Error> {
>> + T::try_from_shared(b)
>> + }
>> +}
>> diff --git a/rust/kernel/sync/aref.rs b/rust/kernel/sync/aref.rs
>> index 937dcf6ed5de..2dbffe2ed1b8 100644
>> --- a/rust/kernel/sync/aref.rs
>> +++ b/rust/kernel/sync/aref.rs
>> @@ -30,7 +30,10 @@
>> /// Note: Implementing this trait allows types to be wrapped in an [`ARef<Self>`]. It requires an
>> /// internal reference count and provides only shared references. If unique references are required
>> /// [`Ownable`](crate::types::Ownable) should be implemented which allows types to be wrapped in an
>> -/// [`Owned<Self>`](crate::types::Owned).
>> +/// [`Owned<Self>`](crate::types::Owned). Implementing the trait
>> +/// [`OwnableRefCounted`](crate::types::OwnableRefCounted) allows to convert between unique and
>> +/// shared references (i.e. [`Owned<Self>`](crate::types::Owned) and
>> +/// [`ARef<Self>`](crate::types::Owned)).
>> ///
>> /// # Safety
>> ///
>> @@ -180,6 +183,12 @@ fn from(b: &T) -> Self {
>> }
>> }
>>
>> +impl<T: crate::types::OwnableRefCounted> From<crate::types::Owned<T>> for ARef<T> {
>> + fn from(b: crate::types::Owned<T>) -> Self {
>> + T::into_shared(b)
>> + }
>> +}
>> +
>
> Not sure why we’re using fully-qualified names here if we can import them, but your call.
I'll import them.
Best regards,
Andreas Hindborg
^ permalink raw reply
* Re: [PATCH v13 1/4] rust: types: Add Ownable/Owned types
From: Andreas Hindborg @ 2026-02-02 9:37 UTC (permalink / raw)
To: Gary Guo, Oliver Mangold
Cc: Miguel Ojeda, Alex Gaynor, Boqun Feng, Björn Roy Baron,
Alice Ryhl, Trevor Gross, Benno Lossin, Danilo Krummrich,
Greg Kroah-Hartman, Dave Ertman, Ira Weiny, Leon Romanovsky,
Rafael J. Wysocki, Maarten Lankhorst, Maxime Ripard,
Thomas Zimmermann, David Airlie, Simona Vetter, Alexander Viro,
Christian Brauner, Jan Kara, Lorenzo Stoakes, Liam R. Howlett,
Viresh Kumar, Nishanth Menon, Stephen Boyd, Bjorn Helgaas,
Krzysztof Wilczyński, Paul Moore, Serge Hallyn, Asahi Lina,
rust-for-linux, linux-kernel, linux-block, dri-devel,
linux-fsdevel, linux-mm, linux-pm, linux-pci,
linux-security-module
In-Reply-To: <20251201155135.2b9c4084.gary@garyguo.net>
Gary Guo <gary@garyguo.net> writes:
> On Mon, 17 Nov 2025 10:07:40 +0000
> Oliver Mangold <oliver.mangold@pm.me> wrote:
>
>> From: Asahi Lina <lina+kernel@asahilina.net>
>>
>> By analogy to `AlwaysRefCounted` and `ARef`, an `Ownable` type is a
>> (typically C FFI) type that *may* be owned by Rust, but need not be. Unlike
>> `AlwaysRefCounted`, this mechanism expects the reference to be unique
>> within Rust, and does not allow cloning.
>>
>> Conceptually, this is similar to a `KBox<T>`, except that it delegates
>> resource management to the `T` instead of using a generic allocator.
>>
>> [ om:
>> - Split code into separate file and `pub use` it from types.rs.
>> - Make from_raw() and into_raw() public.
>> - Remove OwnableMut, and make DerefMut dependent on Unpin instead.
>> - Usage example/doctest for Ownable/Owned.
>> - Fixes to documentation and commit message.
>> ]
>>
>> Link: https://lore.kernel.org/all/20250202-rust-page-v1-1-e3170d7fe55e@asahilina.net/
>> Signed-off-by: Asahi Lina <lina+kernel@asahilina.net>
>> Co-developed-by: Oliver Mangold <oliver.mangold@pm.me>
>> Signed-off-by: Oliver Mangold <oliver.mangold@pm.me>
>> Co-developed-by: Andreas Hindborg <a.hindborg@kernel.org>
>> Signed-off-by: Andreas Hindborg <a.hindborg@kernel.org>
>> Reviewed-by: Boqun Feng <boqun.feng@gmail.com>
>> ---
>> rust/kernel/lib.rs | 1 +
>> rust/kernel/owned.rs | 195 +++++++++++++++++++++++++++++++++++++++++++++++
>> rust/kernel/sync/aref.rs | 5 ++
>> rust/kernel/types.rs | 2 +
>> 4 files changed, 203 insertions(+)
>>
>> diff --git a/rust/kernel/lib.rs b/rust/kernel/lib.rs
>> index 3dd7bebe7888..e0ee04330dd0 100644
>> --- a/rust/kernel/lib.rs
>> +++ b/rust/kernel/lib.rs
>> @@ -112,6 +112,7 @@
>> pub mod of;
>> #[cfg(CONFIG_PM_OPP)]
>> pub mod opp;
>> +pub mod owned;
>> pub mod page;
>> #[cfg(CONFIG_PCI)]
>> pub mod pci;
>> diff --git a/rust/kernel/owned.rs b/rust/kernel/owned.rs
>> new file mode 100644
>> index 000000000000..a2cdd2cb8a10
>> --- /dev/null
>> +++ b/rust/kernel/owned.rs
>> @@ -0,0 +1,195 @@
>> +// SPDX-License-Identifier: GPL-2.0
>> +
>> +//! Unique owned pointer types for objects with custom drop logic.
>> +//!
>> +//! These pointer types are useful for C-allocated objects which by API-contract
>> +//! are owned by Rust, but need to be freed through the C API.
>> +
>> +use core::{
>> + mem::ManuallyDrop,
>> + ops::{Deref, DerefMut},
>> + pin::Pin,
>> + ptr::NonNull,
>> +};
>> +
>> +/// Type allocated and destroyed on the C side, but owned by Rust.
>
> The example given in the documentation below shows a valid way of
> defining a type that's handled on the Rust side, so I think this
> message is somewhat inaccurate.
>
> Perhaps something like
>
> Types that specify their own way of performing allocation and
> destruction. Typically, this trait is implemented on types from
> the C side.
Thanks, I'll use this.
>
> ?
>
>> +///
>> +/// Implementing this trait allows types to be referenced via the [`Owned<Self>`] pointer type. This
>> +/// is useful when it is desirable to tie the lifetime of the reference to an owned object, rather
>> +/// than pass around a bare reference. [`Ownable`] types can define custom drop logic that is
>> +/// executed when the owned reference [`Owned<Self>`] pointing to the object is dropped.
>> +///
>> +/// Note: The underlying object is not required to provide internal reference counting, because it
>> +/// represents a unique, owned reference. If reference counting (on the Rust side) is required,
>> +/// [`AlwaysRefCounted`](crate::types::AlwaysRefCounted) should be implemented.
>> +///
>> +/// # Safety
>> +///
>> +/// Implementers must ensure that the [`release()`](Self::release) function frees the underlying
>> +/// object in the correct way for a valid, owned object of this type.
>> +///
>> +/// # Examples
>> +///
>> +/// A minimal example implementation of [`Ownable`] and its usage with [`Owned`] looks like this:
>> +///
>> +/// ```
>> +/// # #![expect(clippy::disallowed_names)]
>> +/// # use core::cell::Cell;
>> +/// # use core::ptr::NonNull;
>> +/// # use kernel::sync::global_lock;
>> +/// # use kernel::alloc::{flags, kbox::KBox, AllocError};
>> +/// # use kernel::types::{Owned, Ownable};
>> +///
>> +/// // Let's count the allocations to see if freeing works.
>> +/// kernel::sync::global_lock! {
>> +/// // SAFETY: we call `init()` right below, before doing anything else.
>> +/// unsafe(uninit) static FOO_ALLOC_COUNT: Mutex<usize> = 0;
>> +/// }
>> +/// // SAFETY: We call `init()` only once, here.
>> +/// unsafe { FOO_ALLOC_COUNT.init() };
>> +///
>> +/// struct Foo {
>> +/// }
>> +///
>> +/// impl Foo {
>> +/// fn new() -> Result<Owned<Self>, AllocError> {
>> +/// // We are just using a `KBox` here to handle the actual allocation, as our `Foo` is
>> +/// // not actually a C-allocated object.
>> +/// let result = KBox::new(
>> +/// Foo {},
>> +/// flags::GFP_KERNEL,
>> +/// )?;
>> +/// let result = NonNull::new(KBox::into_raw(result))
>> +/// .expect("Raw pointer to newly allocation KBox is null, this should never happen.");
>> +/// // Count new allocation
>> +/// *FOO_ALLOC_COUNT.lock() += 1;
>> +/// // SAFETY: We just allocated the `Self`, thus it is valid and there cannot be any other
>> +/// // Rust references. Calling `into_raw()` makes us responsible for ownership and we won't
>> +/// // use the raw pointer anymore. Thus we can transfer ownership to the `Owned`.
>> +/// Ok(unsafe { Owned::from_raw(result) })
>> +/// }
>> +/// }
>> +///
>> +/// // SAFETY: What out `release()` function does is safe of any valid `Self`.
>
> I can't parse this sentence. Is "out" supposed to be a different word?
I think it should be "our".
>
>> +/// unsafe impl Ownable for Foo {
>> +/// unsafe fn release(this: NonNull<Self>) {
>> +/// // The `Foo` will be dropped when `KBox` goes out of scope.
>
> I would just write `drop(unsafe { ... })` to make drop explicit instead
> of commenting about the implicit drop.
Agree, that is easier to read.
>
>> +/// // SAFETY: The [`KBox<Self>`] is still alive. We can pass ownership to the [`KBox`], as
>> +/// // by requirement on calling this function, the `Self` will no longer be used by the
>> +/// // caller.
>> +/// unsafe { KBox::from_raw(this.as_ptr()) };
>> +/// // Count released allocation
>> +/// *FOO_ALLOC_COUNT.lock() -= 1;
>> +/// }
>> +/// }
>> +///
>> +/// {
>> +/// let foo = Foo::new().expect("Failed to allocate a Foo. This shouldn't happen");
>> +/// assert!(*FOO_ALLOC_COUNT.lock() == 1);
>> +/// }
>> +/// // `foo` is out of scope now, so we expect no live allocations.
>> +/// assert!(*FOO_ALLOC_COUNT.lock() == 0);
>> +/// ```
>> +pub unsafe trait Ownable {
>> + /// Releases the object.
>> + ///
>> + /// # Safety
>> + ///
>> + /// Callers must ensure that:
>> + /// - `this` points to a valid `Self`.
>> + /// - `*this` is no longer used after this call.
>> + unsafe fn release(this: NonNull<Self>);
>> +}
>> +
>> +/// An owned reference to an owned `T`.
>> +///
>> +/// The [`Ownable`] is automatically freed or released when an instance of [`Owned`] is
>> +/// dropped.
>> +///
>> +/// # Invariants
>> +///
>> +/// - The [`Owned<T>`] has exclusive access to the instance of `T`.
>> +/// - The instance of `T` will stay alive at least as long as the [`Owned<T>`] is alive.
>> +pub struct Owned<T: Ownable> {
>> + ptr: NonNull<T>,
>> +}
>> +
>> +// SAFETY: It is safe to send an [`Owned<T>`] to another thread when the underlying `T` is [`Send`],
>> +// because of the ownership invariant. Sending an [`Owned<T>`] is equivalent to sending the `T`.
>> +unsafe impl<T: Ownable + Send> Send for Owned<T> {}
>> +
>> +// SAFETY: It is safe to send [`&Owned<T>`] to another thread when the underlying `T` is [`Sync`],
>> +// because of the ownership invariant. Sending an [`&Owned<T>`] is equivalent to sending the `&T`.
>> +unsafe impl<T: Ownable + Sync> Sync for Owned<T> {}
>> +
>> +impl<T: Ownable> Owned<T> {
>> + /// Creates a new instance of [`Owned`].
>> + ///
>> + /// It takes over ownership of the underlying object.
>> + ///
>> + /// # Safety
>> + ///
>> + /// Callers must ensure that:
>> + /// - `ptr` points to a valid instance of `T`.
>> + /// - Ownership of the underlying `T` can be transferred to the `Self<T>` (i.e. operations
>> + /// which require ownership will be safe).
>> + /// - No other Rust references to the underlying object exist. This implies that the underlying
>> + /// object is not accessed through `ptr` anymore after the function call (at least until the
>> + /// the `Self<T>` is dropped.
>
> Is this correct? If `Self<T>` is dropped then `T::release` is called so
> the pointer should also not be accessed further?
I can't follow you point here. Are you saying that the requirement is
wrong because `T::release` will access the object by reference? If so,
that is part of `Owned<_>::drop`, which is explicitly mentioned in the
comment (until .. dropped).
>
>> + /// - The C code follows the usual shared reference requirements. That is, the kernel will never
>> + /// mutate or free the underlying object (excluding interior mutability that follows the usual
>> + /// rules) while Rust owns it.
>
> The concept "interior mutability" doesn't really exist on the C side.
> Also, use of interior mutability (by UnsafeCell) would be incorrect if
> the type is implemented in the rust side (as this requires a
> UnsafePinned).
>
> Interior mutability means things can be mutated behind a shared
> reference -- however in this case, we have a mutable reference (either
> `Pin<&mut Self>` or `&mut Self`)!
>
> Perhaps together with the next line, they could be just phrased like
> this?
>
> - The underlying object must not be accessed (read or mutated) through
> any pointer other than the created `Owned<T>`.
> Opt-out is still possbile similar to a mutable reference (e.g. by
> using p`Opaque`]).
>
> I think we should just tell the user "this is just a unique reference
> similar to &mut". They should be able to deduce that all the `!Unpin`
> that opts out from uniqueness of mutable reference applies here too.
I agree. I would suggest updating the struct documentation:
@@ -108,7 +108,7 @@ pub unsafe trait Ownable {
unsafe fn release(this: NonNull<Self>);
}
-/// An owned reference to an owned `T`.
+/// An mutable reference to an owned `T`.
///
/// The [`Ownable`] is automatically freed or released when an instance of [`Owned`] is
/// dropped.
And then the safety requirement as
An `Owned<T>` is a mutable reference to the underlying object. As such,
the object must not be accessed (read or mutated) through any pointer
other than the created `Owned<T>`. Opt-out is still possbile similar to
a mutable reference (e.g. by using [`Opaque`]).
>> + /// - In case `T` implements [`Unpin`] the previous requirement is extended from shared to
>> + /// mutable reference requirements. That is, the kernel will not mutate or free the underlying
>> + /// object and is okay with it being modified by Rust code.
>
> - If `T` implements [`Unpin`], the structure must not be mutated for
> the entire lifetime of `Owned<T>`.
Would it be OK to just write "If `T: Unpin`, the ..."?
Again, opt out is possible, right?
>
>> + pub unsafe fn from_raw(ptr: NonNull<T>) -> Self {
>
> This needs a (rather trivial) INVARIANT comment.
OK.
>
>> + Self {
>> + ptr,
>> + }
>> + }
>> +
>> + /// Consumes the [`Owned`], returning a raw pointer.
>> + ///
>> + /// This function does not actually relinquish ownership of the object. After calling this
>
> Perhaps "relinquish" isn't the best word here? In my mental model
> this function is pretty much relinquishing ownership as `Owned<T>` no
> longer exists. It just doesn't release the object.
How about this:
/// Consumes the [`Owned`], returning a raw pointer.
///
/// This function does not drop the underlying `T`. When this function returns, ownership of the
/// underlying `T` is with the caller.
Thanks for the comments!
Best regards,
Andreas Hindborg
^ permalink raw reply
* Re: [PATCH v13 2/4] rust: `AlwaysRefCounted` is renamed to `RefCounted`.
From: Andreas Hindborg @ 2026-02-02 9:48 UTC (permalink / raw)
To: Gary Guo, Oliver Mangold
Cc: Miguel Ojeda, Alex Gaynor, Boqun Feng, Björn Roy Baron,
Alice Ryhl, Trevor Gross, Benno Lossin, Danilo Krummrich,
Greg Kroah-Hartman, Dave Ertman, Ira Weiny, Leon Romanovsky,
Rafael J. Wysocki, Maarten Lankhorst, Maxime Ripard,
Thomas Zimmermann, David Airlie, Simona Vetter, Alexander Viro,
Christian Brauner, Jan Kara, Lorenzo Stoakes, Liam R. Howlett,
Viresh Kumar, Nishanth Menon, Stephen Boyd, Bjorn Helgaas,
Krzysztof Wilczyński, Paul Moore, Serge Hallyn, Asahi Lina,
rust-for-linux, linux-kernel, linux-block, dri-devel,
linux-fsdevel, linux-mm, linux-pm, linux-pci,
linux-security-module
In-Reply-To: <20251201160030.6956a834.gary@garyguo.net>
Gary Guo <gary@garyguo.net> writes:
> On Mon, 17 Nov 2025 10:07:57 +0000
> Oliver Mangold <oliver.mangold@pm.me> wrote:
>
>> `AlwaysRefCounted` will become a marker trait to indicate that it is
>> allowed to obtain an `ARef<T>` from a `&T`, which cannot be allowed for
>> types which are also Ownable.
>
> The message needs a rationale for making the change rather than relying
> on the reader to deduce so.
>
> For example:
>
> There are types where it may both be referenced counted in some
> cases and owned in other. In such cases, obtaining `ARef<T>`
> from `&T` would be unsound as it allows creation of `ARef<T>`
> copy from `&Owned<T>`.
>
> Therefore, we split `AlwaysRefCounted` into `RefCounted` (which
> `ARef<T>` would require) and a marker trait to indicate that
> the type is always reference counted (and not `Ownable`) so the
> `&T` -> `ARef<T>` conversion is possible.
Thanks, I'll mix this in with the one I sent to Daniel.
Best regards,
Andreas Hindborg
^ permalink raw reply
* Re: [PATCH v4 00/17] module: Introduce hash-based integrity checking
From: David Howells @ 2026-02-02 9:21 UTC (permalink / raw)
To: Eric Biggers
Cc: dhowells, =?UTF-8?q?Mihai-Drosi=20C=C3=A2ju?=, linux, arnd,
arnout, atomlin, bigeasy, chleroy, christian, corbet, coxu,
da.gomez, da.gomez, dmitry.kasatkin, eric.snowberg,
f.gruenbichler, jmorris, kpcyrd, linux-arch, linux-doc,
linux-integrity, linux-kbuild, linux-kernel, linux-modules,
linux-security-module, linuxppc-dev, lkp, maddy, mattia, mcgrof,
mpe, nathan, naveen, nicolas.bouchinet, nicolas.schier, npiggin,
nsc, paul, petr.pavlu, roberto.sassu, samitolvanen, serge,
xiujianfeng, zohar
In-Reply-To: <20260201201218.GA15755@quark>
Eric Biggers <ebiggers@kernel.org> wrote:
> With that being the case, why is there still effort being put into
> adding more features to module signing? I would think efforts should be
> focused on hash-based module authentication, i.e. this patchset.
Because it's not just signing of modules and it's not just modules built with
the kernel. Also a hash table just of module hashes built into the core
kernel image will increase the size of the kernel by around a third of a meg
(on Fedora 43 and assuming SHA512) with uncompressible data.
David
^ permalink raw reply
page: next (older) | prev (newer) | latest
- recent:[subjects (threaded)|topics (new)|topics (active)]
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox