* [PATCH v3 2/6] landlock: Implement LANDLOCK_SCOPE_PATHNAME_UNIX_SOCKET
From: Tingmao Wang @ 2026-02-03 23:12 UTC (permalink / raw)
To: Mickaël Salaün
Cc: Tingmao Wang, Günther Noack, Demi Marie Obenour, Alyssa Ross,
Jann Horn, Tahera Fahimi, Justin Suess, linux-security-module
In-Reply-To: <cover.1770160146.git.m@maowtm.org>
Extend the existing abstract UNIX socket scoping to pathname sockets as
well. Basically all of the logic is reused between the two types, just
that pathname sockets scoping are controlled by another bit, and has its
own audit request type (since the current one is named
"abstract_unix_socket").
Closes: https://github.com/landlock-lsm/linux/issues/51
Signed-off-by: Tingmao Wang <m@maowtm.org>
---
Changes in v3:
- missing dot in comment
- More accurate comment on check_socket_access
- Unix -> UNIX
Changes in v2:
- Factor out common code in hook_unix_stream_connect and
hook_unix_may_send into check_socket_access(), and inline
is_abstract_socket().
security/landlock/audit.c | 4 ++
security/landlock/audit.h | 1 +
security/landlock/task.c | 113 ++++++++++++++++++++++----------------
3 files changed, 71 insertions(+), 47 deletions(-)
diff --git a/security/landlock/audit.c b/security/landlock/audit.c
index 650bd7f5cb6b..97f0f503a836 100644
--- a/security/landlock/audit.c
+++ b/security/landlock/audit.c
@@ -75,6 +75,10 @@ get_blocker(const enum landlock_request_type type,
WARN_ON_ONCE(access_bit != -1);
return "scope.abstract_unix_socket";
+ case LANDLOCK_REQUEST_SCOPE_PATHNAME_UNIX_SOCKET:
+ WARN_ON_ONCE(access_bit != -1);
+ return "scope.pathname_unix_socket";
+
case LANDLOCK_REQUEST_SCOPE_SIGNAL:
WARN_ON_ONCE(access_bit != -1);
return "scope.signal";
diff --git a/security/landlock/audit.h b/security/landlock/audit.h
index 104472060ef5..0e40fed17f21 100644
--- a/security/landlock/audit.h
+++ b/security/landlock/audit.h
@@ -21,6 +21,7 @@ enum landlock_request_type {
LANDLOCK_REQUEST_NET_ACCESS,
LANDLOCK_REQUEST_SCOPE_ABSTRACT_UNIX_SOCKET,
LANDLOCK_REQUEST_SCOPE_SIGNAL,
+ LANDLOCK_REQUEST_SCOPE_PATHNAME_UNIX_SOCKET,
};
/*
diff --git a/security/landlock/task.c b/security/landlock/task.c
index 833bc0cfe5c9..973de1efc08a 100644
--- a/security/landlock/task.c
+++ b/security/landlock/task.c
@@ -232,35 +232,85 @@ static bool domain_is_scoped(const struct landlock_ruleset *const client,
return false;
}
+/**
+ * sock_is_scoped - Check if socket connect or send should be restricted
+ * based on scope controls.
+ *
+ * @other: The server socket.
+ * @domain: The client domain.
+ * @scope: The relevant scope bit to check (i.e. pathname or abstract).
+ *
+ * Returns: True if connect should be restricted, false otherwise.
+ */
static bool sock_is_scoped(struct sock *const other,
- const struct landlock_ruleset *const domain)
+ const struct landlock_ruleset *const domain,
+ access_mask_t scope)
{
const struct landlock_ruleset *dom_other;
/* The credentials will not change. */
lockdep_assert_held(&unix_sk(other)->lock);
dom_other = landlock_cred(other->sk_socket->file->f_cred)->domain;
- return domain_is_scoped(domain, dom_other,
- LANDLOCK_SCOPE_ABSTRACT_UNIX_SOCKET);
+ return domain_is_scoped(domain, dom_other, scope);
}
-static bool is_abstract_socket(struct sock *const sock)
+/*
+ * Allow us to quickly test if the current domain scopes any form of
+ * socket.
+ */
+static const struct access_masks unix_scope = {
+ .scope = LANDLOCK_SCOPE_ABSTRACT_UNIX_SOCKET |
+ LANDLOCK_SCOPE_PATHNAME_UNIX_SOCKET,
+};
+
+/*
+ * UNIX sockets can have three types of addresses: pathname (a filesystem path),
+ * unnamed (not bound to an address), and abstract (sun_path[0] is '\0').
+ * Unnamed sockets include those created with socketpair() and unbound sockets.
+ * We do not restrict unnamed sockets since they cannot be used to reach a
+ * new peer.
+ */
+static int
+check_socket_access(struct sock *const other,
+ const struct landlock_cred_security *const subject,
+ const size_t handle_layer)
{
- struct unix_address *addr = unix_sk(sock)->addr;
+ const struct unix_address *addr = unix_sk(other)->addr;
+ access_mask_t scope;
+ enum landlock_request_type request_type;
+ /* Unnamed sockets are not restricted. */
if (!addr)
- return false;
+ return 0;
+ /*
+ * Abstract and pathname UNIX sockets have separate scope and audit
+ * request type.
+ */
if (addr->len >= offsetof(struct sockaddr_un, sun_path) + 1 &&
- addr->name->sun_path[0] == '\0')
- return true;
+ addr->name->sun_path[0] == '\0') {
+ scope = LANDLOCK_SCOPE_ABSTRACT_UNIX_SOCKET;
+ request_type = LANDLOCK_REQUEST_SCOPE_ABSTRACT_UNIX_SOCKET;
+ } else {
+ scope = LANDLOCK_SCOPE_PATHNAME_UNIX_SOCKET;
+ request_type = LANDLOCK_REQUEST_SCOPE_PATHNAME_UNIX_SOCKET;
+ }
- return false;
-}
+ if (!sock_is_scoped(other, subject->domain, scope))
+ return 0;
-static const struct access_masks unix_scope = {
- .scope = LANDLOCK_SCOPE_ABSTRACT_UNIX_SOCKET,
-};
+ landlock_log_denial(subject, &(struct landlock_request) {
+ .type = request_type,
+ .audit = {
+ .type = LSM_AUDIT_DATA_NET,
+ .u.net = &(struct lsm_network_audit) {
+ .sk = other,
+ },
+ },
+ .layer_plus_one = handle_layer + 1,
+ });
+ return -EPERM;
+}
static int hook_unix_stream_connect(struct sock *const sock,
struct sock *const other,
@@ -275,23 +325,7 @@ static int hook_unix_stream_connect(struct sock *const sock,
if (!subject)
return 0;
- if (!is_abstract_socket(other))
- return 0;
-
- if (!sock_is_scoped(other, subject->domain))
- return 0;
-
- landlock_log_denial(subject, &(struct landlock_request) {
- .type = LANDLOCK_REQUEST_SCOPE_ABSTRACT_UNIX_SOCKET,
- .audit = {
- .type = LSM_AUDIT_DATA_NET,
- .u.net = &(struct lsm_network_audit) {
- .sk = other,
- },
- },
- .layer_plus_one = handle_layer + 1,
- });
- return -EPERM;
+ return check_socket_access(other, subject, handle_layer);
}
static int hook_unix_may_send(struct socket *const sock,
@@ -302,6 +336,7 @@ static int hook_unix_may_send(struct socket *const sock,
landlock_get_applicable_subject(current_cred(), unix_scope,
&handle_layer);
+ /* Quick return for non-landlocked tasks. */
if (!subject)
return 0;
@@ -312,23 +347,7 @@ static int hook_unix_may_send(struct socket *const sock,
if (unix_peer(sock->sk) == other->sk)
return 0;
- if (!is_abstract_socket(other->sk))
- return 0;
-
- if (!sock_is_scoped(other->sk, subject->domain))
- return 0;
-
- landlock_log_denial(subject, &(struct landlock_request) {
- .type = LANDLOCK_REQUEST_SCOPE_ABSTRACT_UNIX_SOCKET,
- .audit = {
- .type = LSM_AUDIT_DATA_NET,
- .u.net = &(struct lsm_network_audit) {
- .sk = other->sk,
- },
- },
- .layer_plus_one = handle_layer + 1,
- });
- return -EPERM;
+ return check_socket_access(other->sk, subject, handle_layer);
}
static const struct access_masks signal_scope = {
--
2.52.0
^ permalink raw reply related
* [PATCH v3 1/6] landlock: Add LANDLOCK_SCOPE_PATHNAME_UNIX_SOCKET scope bit to uAPI
From: Tingmao Wang @ 2026-02-03 23:12 UTC (permalink / raw)
To: Mickaël Salaün
Cc: Tingmao Wang, Günther Noack, Demi Marie Obenour, Alyssa Ross,
Jann Horn, Tahera Fahimi, Justin Suess, linux-security-module
In-Reply-To: <cover.1770160146.git.m@maowtm.org>
Add the new scope bit to the uAPI header, add documentation, and bump
ABI version to 8.
This documentation edit specifically calls out the security implications
of not restricting UNIX sockets.
Fix some minor cosmetic issue in landlock.h around the changed lines as
well.
Signed-off-by: Tingmao Wang <m@maowtm.org>
---
Changes in v3:
- Doc edit from review, update date
Changes in v2:
- Fix grammar
Note that in the code block in "Defining and enforcing a security policy"
the switch case currently jumps from 5 to 7. This should be fixed by
https://lore.kernel.org/all/20251216210248.4150777-1-samasth.norway.ananda@oracle.com/
Documentation/userspace-api/landlock.rst | 37 ++++++++++++++++---
include/uapi/linux/landlock.h | 8 +++-
security/landlock/limits.h | 2 +-
security/landlock/syscalls.c | 2 +-
tools/testing/selftests/landlock/base_test.c | 2 +-
.../testing/selftests/landlock/scoped_test.c | 2 +-
6 files changed, 41 insertions(+), 12 deletions(-)
diff --git a/Documentation/userspace-api/landlock.rst b/Documentation/userspace-api/landlock.rst
index 1d0c2c15c22e..b0d07051633b 100644
--- a/Documentation/userspace-api/landlock.rst
+++ b/Documentation/userspace-api/landlock.rst
@@ -8,7 +8,7 @@ Landlock: unprivileged access control
=====================================
:Author: Mickaël Salaün
-:Date: March 2025
+:Date: December 2025
The goal of Landlock is to enable restriction of ambient rights (e.g. global
filesystem or network access) for a set of processes. Because Landlock
@@ -83,7 +83,8 @@ to be explicit about the denied-by-default access rights.
LANDLOCK_ACCESS_NET_CONNECT_TCP,
.scoped =
LANDLOCK_SCOPE_ABSTRACT_UNIX_SOCKET |
- LANDLOCK_SCOPE_SIGNAL,
+ LANDLOCK_SCOPE_SIGNAL |
+ LANDLOCK_SCOPE_PATHNAME_UNIX_SOCKET,
};
Because we may not know which kernel version an application will be executed
@@ -127,6 +128,10 @@ version, and only use the available subset of access rights:
/* Removes LANDLOCK_SCOPE_* for ABI < 6 */
ruleset_attr.scoped &= ~(LANDLOCK_SCOPE_ABSTRACT_UNIX_SOCKET |
LANDLOCK_SCOPE_SIGNAL);
+ __attribute__((fallthrough));
+ case 7:
+ /* Removes LANDLOCK_SCOPE_PATHNAME_UNIX_SOCKET for ABI < 8 */
+ ruleset_attr.scoped &= ~LANDLOCK_SCOPE_PATHNAME_UNIX_SOCKET;
}
This enables the creation of an inclusive ruleset that will contain our rules.
@@ -328,10 +333,13 @@ The operations which can be scoped are:
This limits the sending of signals to target processes which run within the
same or a nested Landlock domain.
-``LANDLOCK_SCOPE_ABSTRACT_UNIX_SOCKET``
- This limits the set of abstract :manpage:`unix(7)` sockets to which we can
- :manpage:`connect(2)` to socket addresses which were created by a process in
- the same or a nested Landlock domain.
+``LANDLOCK_SCOPE_ABSTRACT_UNIX_SOCKET`` and ``LANDLOCK_SCOPE_PATHNAME_UNIX_SOCKET``
+ This limits the set of :manpage:`unix(7)` sockets to which we can
+ :manpage:`connect(2)` to socket addresses which were created by a
+ process in the same or a nested Landlock domain.
+ ``LANDLOCK_SCOPE_ABSTRACT_UNIX_SOCKET`` applies to abstract sockets,
+ and ``LANDLOCK_SCOPE_PATHNAME_UNIX_SOCKET`` applies to pathname
+ sockets.
A :manpage:`sendto(2)` on a non-connected datagram socket is treated as if
it were doing an implicit :manpage:`connect(2)` and will be blocked if the
@@ -604,6 +612,23 @@ Landlock audit events with the ``LANDLOCK_RESTRICT_SELF_LOG_SAME_EXEC_OFF``,
sys_landlock_restrict_self(). See Documentation/admin-guide/LSM/landlock.rst
for more details on audit.
+Pathname UNIX socket (ABI < 8)
+------------------------------
+
+Starting with the Landlock ABI version 8, it is possible to restrict
+connections to a pathname (non-abstract) :manpage:`unix(7)` socket by
+setting ``LANDLOCK_SCOPE_PATHNAME_UNIX_SOCKET`` to the ``scoped`` ruleset
+attribute. This works the same way as the abstract socket scoping.
+
+This allows sandboxing applications using only Landlock to protect against
+bypasses relying on connecting to Unix sockets of other services running
+under the same user. These services typically assume that any process
+capable of connecting to a local Unix socket, or connecting with the
+expected user credentials, is trusted. Without this protection, sandbox
+escapes may be possible, especially when running in a standard desktop
+environment, such as by using systemd-run, or sockets exposed by other
+common applications.
+
.. _kernel_support:
Kernel support
diff --git a/include/uapi/linux/landlock.h b/include/uapi/linux/landlock.h
index 75fd7f5e6cc3..7fa0e6c1a931 100644
--- a/include/uapi/linux/landlock.h
+++ b/include/uapi/linux/landlock.h
@@ -361,10 +361,14 @@ struct landlock_net_port_attr {
* related Landlock domain (e.g., a parent domain or a non-sandboxed process).
* - %LANDLOCK_SCOPE_SIGNAL: Restrict a sandboxed process from sending a signal
* to another process outside the domain.
+ * - %LANDLOCK_SCOPE_PATHNAME_UNIX_SOCKET: Restrict a sandboxed process from
+ * connecting to a pathname UNIX socket created by a process outside the
+ * related Landlock domain.
*/
/* clang-format off */
#define LANDLOCK_SCOPE_ABSTRACT_UNIX_SOCKET (1ULL << 0)
-#define LANDLOCK_SCOPE_SIGNAL (1ULL << 1)
-/* clang-format on*/
+#define LANDLOCK_SCOPE_SIGNAL (1ULL << 1)
+#define LANDLOCK_SCOPE_PATHNAME_UNIX_SOCKET (1ULL << 2)
+/* clang-format on */
#endif /* _UAPI_LINUX_LANDLOCK_H */
diff --git a/security/landlock/limits.h b/security/landlock/limits.h
index 65b5ff051674..d653e14dba10 100644
--- a/security/landlock/limits.h
+++ b/security/landlock/limits.h
@@ -27,7 +27,7 @@
#define LANDLOCK_MASK_ACCESS_NET ((LANDLOCK_LAST_ACCESS_NET << 1) - 1)
#define LANDLOCK_NUM_ACCESS_NET __const_hweight64(LANDLOCK_MASK_ACCESS_NET)
-#define LANDLOCK_LAST_SCOPE LANDLOCK_SCOPE_SIGNAL
+#define LANDLOCK_LAST_SCOPE LANDLOCK_SCOPE_PATHNAME_UNIX_SOCKET
#define LANDLOCK_MASK_SCOPE ((LANDLOCK_LAST_SCOPE << 1) - 1)
#define LANDLOCK_NUM_SCOPE __const_hweight64(LANDLOCK_MASK_SCOPE)
diff --git a/security/landlock/syscalls.c b/security/landlock/syscalls.c
index 0116e9f93ffe..66fd196be85a 100644
--- a/security/landlock/syscalls.c
+++ b/security/landlock/syscalls.c
@@ -161,7 +161,7 @@ static const struct file_operations ruleset_fops = {
* Documentation/userspace-api/landlock.rst should be updated to reflect the
* UAPI change.
*/
-const int landlock_abi_version = 7;
+const int landlock_abi_version = 8;
/**
* sys_landlock_create_ruleset - Create a new ruleset
diff --git a/tools/testing/selftests/landlock/base_test.c b/tools/testing/selftests/landlock/base_test.c
index 7b69002239d7..f4b1a275d8d9 100644
--- a/tools/testing/selftests/landlock/base_test.c
+++ b/tools/testing/selftests/landlock/base_test.c
@@ -76,7 +76,7 @@ TEST(abi_version)
const struct landlock_ruleset_attr ruleset_attr = {
.handled_access_fs = LANDLOCK_ACCESS_FS_READ_FILE,
};
- ASSERT_EQ(7, landlock_create_ruleset(NULL, 0,
+ ASSERT_EQ(8, landlock_create_ruleset(NULL, 0,
LANDLOCK_CREATE_RULESET_VERSION));
ASSERT_EQ(-1, landlock_create_ruleset(&ruleset_attr, 0,
diff --git a/tools/testing/selftests/landlock/scoped_test.c b/tools/testing/selftests/landlock/scoped_test.c
index b90f76ed0d9c..7f83512a328d 100644
--- a/tools/testing/selftests/landlock/scoped_test.c
+++ b/tools/testing/selftests/landlock/scoped_test.c
@@ -12,7 +12,7 @@
#include "common.h"
-#define ACCESS_LAST LANDLOCK_SCOPE_SIGNAL
+#define ACCESS_LAST LANDLOCK_SCOPE_PATHNAME_UNIX_SOCKET
TEST(ruleset_with_unknown_scope)
{
--
2.52.0
^ permalink raw reply related
* [PATCH v3 0/6] Landlock: Implement scope control for pathname Unix sockets
From: Tingmao Wang @ 2026-02-03 23:12 UTC (permalink / raw)
To: Mickaël Salaün
Cc: Tingmao Wang, Günther Noack, Demi Marie Obenour, Alyssa Ross,
Jann Horn, Tahera Fahimi, Justin Suess, linux-security-module
This version contains some minor update based on feedback from Mickaël.
(Sending this anyway for completeness despite discussion in
https://lore.kernel.org/all/e6b6b069-384c-4c45-a56b-fa54b26bc72a@maowtm.org/ )
The rest is the same as the v2 cover letter:
Changes in v2:
Fix grammar in doc, rebased on mic/next, and extracted common code from
hook_unix_stream_connect and hook_unix_may_send into a separate
function.
The rest is the same as the v1 cover letter:
This patch series extend the existing abstract Unix socket scoping to
pathname (i.e. normal file-based) sockets as well, by adding a new scope
bit LANDLOCK_SCOPE_PATHNAME_UNIX_SOCKET that works the same as
LANDLOCK_SCOPE_ABSTRACT_UNIX_SOCKET, except that restricts pathname Unix
sockets. This means that a sandboxed process with this scope enabled will
not be able to connect to Unix sockets created outside the sandbox via the
filesystem.
There is a future plan [1] for allowing specific sockets based on FS
hierarchy, but this series is only determining access based on domain
parent-child relationship. There is currently no way to allow specific
(outside the Landlock domain) Unix sockets, and none of the existing
Landlock filesystem controls apply to socket connect().
With this series, we can now properly protect against things like the the
following while only relying on Landlock:
(running under tmux)
root@6-19-0-rc1-dev-00023-g68f0b276cbeb ~# LL_FS_RO=/ LL_FS_RW= ./sandboxer bash
Executing the sandboxed command...
root@6-19-0-rc1-dev-00023-g68f0b276cbeb:/# cat /tmp/hi
cat: /tmp/hi: No such file or directory
root@6-19-0-rc1-dev-00023-g68f0b276cbeb:/# tmux new-window 'echo hi > /tmp/hi'
root@6-19-0-rc1-dev-00023-g68f0b276cbeb:/# cat /tmp/hi
hi
The above but with Unix socket scoping enabled (both pathname and abstract
sockets) - the sandboxed shell can now no longer talk to tmux due to the
socket being created from outside the Landlock sandbox:
(running under tmux)
root@6-19-0-rc1-dev-00023-g68f0b276cbeb ~# LL_FS_RO=/ LL_FS_RW= LL_SCOPED=u:a ./sandboxer bash
Executing the sandboxed command...
root@6-19-0-rc1-dev-00023-g68f0b276cbeb:/# cat /tmp/hi
cat: /tmp/hi: No such file or directory
root@6-19-0-rc1-dev-00023-g68f0b276cbeb:/# tmux new-window 'echo hi > /tmp/hi'
error connecting to /tmp/tmux-0/default (Operation not permitted)
root@6-19-0-rc1-dev-00023-g68f0b276cbeb:/# cat /tmp/hi
cat: /tmp/hi: No such file or directory
Tmux is just one example. In a standard systemd session, `systemd-run
--user` can also be used (--user will run the command in the user's
session, without requiring any root privileges), and likely a lot more if
running in a desktop environment with many popular applications. This
change therefore makes it possible to create sandboxes without relying on
additional mechanisms like seccomp to protect against such issues.
These kind of issues was originally discussed on here (I took the idea for
systemd-run from Demi):
https://spectrum-os.org/lists/archives/spectrum-devel/00256266-26db-40cf-8f5b-f7c7064084c2@gmail.com/
Demo with socat + sandboxer:
Outside:
socat unix-listen:/foo.sock,fork -
Sandbox with pathname socket scope bit:
root@6-19-0-rc1-dev-00023-g0994a10d6512 ~# LL_FS_RW=/ LL_FS_RO= LL_SCOPED=u /sandboxer socat -d2 unix:/foo.sock -
Executing the sandboxed command...
2025/12/27 20:28:54 socat[1227] E UNIX-CLIENT: /foo.sock: Operation not permitted
2025/12/27 20:28:54 socat[1227] N exit(1)
Sandbox without pathname socket scope bit:
root@6-19-0-rc1-dev-00023-g0994a10d6512 ~# LL_FS_RW=/ LL_FS_RO= LL_SCOPED= /sandboxer socat -d2 unix:/foo.sock -
Executing the sandboxed command...
2025/12/27 20:29:22 socat[1250] N successfully connected from local address AF=1 "(7\xAE\xAE\xAE\xAE\xAE\xAE\xAE\xAE\xAE\xAE\xAE\xAE\xB0\xAE\xAE\xAE\xAE\xAE\xAE\xAE\xAE\xAE\xAE\xC3\xAE\xAE\xAE\xAE"
...
Sandbox with only abstract socket scope bit:
root@6-19-0-rc1-dev-00023-g0994a10d6512 ~# LL_FS_RW=/ LL_FS_RO= LL_SCOPED=a /sandboxer socat -d2 unix:/foo.sock -
Executing the sandboxed command...
2025/12/27 20:29:26 socat[1259] N successfully connected from local address AF=1 "\0\0\0\0\0\0\0\0\0"
...
Sendmsg/recvmsg - outside:
socat unix-recvfrom:/datagram.sock -
Sandbox with pathname socket scope bit:
root@6-19-0-rc1-dev-00023-g0994a10d6512 ~# LL_FS_RW=/ LL_FS_RO= LL_SCOPED=u /sandboxer socat -d2 unix-sendto:/datagram.sock -
Executing the sandboxed command...
...
2025/12/27 20:33:04 socat[1446] N starting data transfer loop with FDs [5,5] and [0,1]
123
2025/12/27 20:33:05 socat[1446] E sendto(5, 0x55d260d8f000, 4, 0, AF=1 "/datagram.sock", 16): Operation not permitted
2025/12/27 20:33:05 socat[1446] N exit(1)
[1]: https://github.com/landlock-lsm/linux/issues/36
Closes: https://github.com/landlock-lsm/linux/issues/51
Tingmao Wang (6):
landlock: Add LANDLOCK_SCOPE_PATHNAME_UNIX_SOCKET scope bit to uAPI
landlock: Implement LANDLOCK_SCOPE_PATHNAME_UNIX_SOCKET
samples/landlock: Support LANDLOCK_SCOPE_PATHNAME_UNIX_SOCKET
selftests/landlock: Support pathname socket path in set_unix_address
selftests/landlock: Repurpose scoped_abstract_unix_test.c for pathname
sockets too
selftests/landlock: Add pathname socket variants for more tests
Documentation/userspace-api/landlock.rst | 37 +-
include/uapi/linux/landlock.h | 8 +-
samples/landlock/sandboxer.c | 23 +-
security/landlock/audit.c | 4 +
security/landlock/audit.h | 1 +
security/landlock/limits.h | 2 +-
security/landlock/syscalls.c | 2 +-
security/landlock/task.c | 113 ++-
tools/testing/selftests/landlock/base_test.c | 2 +-
tools/testing/selftests/landlock/common.h | 33 +-
tools/testing/selftests/landlock/net_test.c | 2 +-
.../selftests/landlock/scoped_signal_test.c | 2 +-
.../testing/selftests/landlock/scoped_test.c | 2 +-
...bstract_unix_test.c => scoped_unix_test.c} | 886 +++++++++++++-----
14 files changed, 787 insertions(+), 330 deletions(-)
rename tools/testing/selftests/landlock/{scoped_abstract_unix_test.c => scoped_unix_test.c} (50%)
base-commit: 24d479d26b25bce5faea3ddd9fa8f3a6c3129ea7
prerequisite-patch-id: 5f3ab4d7ae2173abb98b510534b2eabc575944ed # https://lore.kernel.org/all/20251230103917.10549-3-gnoack3000@gmail.com/
prerequisite-patch-id: 0002366468db0afd2e68f4ee4f6cfb0d8e7ed315
--
2.52.0
^ permalink raw reply
* Re: [PATCH] xfrm: kill xfrm_dev_{state,policy}_flush_secctx_check()
From: Paul Moore @ 2026-02-03 22:40 UTC (permalink / raw)
To: Tetsuo Handa
Cc: SELinux, linux-security-module, Steffen Klassert, Herbert Xu,
David S. Miller, Eric Dumazet, Jakub Kicinski, Paolo Abeni,
Simon Horman, Network Development
In-Reply-To: <f9b88268-03dc-4356-8b31-0bab73cc9b1e@I-love.SAKURA.ne.jp>
On Mon, Feb 2, 2026 at 10:48 PM Tetsuo Handa
<penguin-kernel@i-love.sakura.ne.jp> wrote:
> On 2026/02/02 13:07, Paul Moore wrote:
> > I'm asking you to verify that we have the LSM xfrm hooks in all of the
> > necessary locations to ensure that we are safely and comprehensively
> > gating all of the operations that result in removal of SPD and SAD
> > entries.
>
> That is impossible. We can't have the LSM xfrm hooks in all locations
> that result in removal of SPD and SAD entries.
It's a good thing that isn't what I said. I said "... LSM xfrm hooks
in all of the
necessary locations to ensure that we are safely and COMPREHENSIVELY
GATING all of the operations that result in removal of SPD and SAD
entries." I used the capitalization to emphasize the idea that the
goal is a comprehensive gating of the operations, not necessarily a
placement of LSM hooks in all of the functions. It can be a subtle
difference, but it is an important one as I think you can understand.
> It is your role (not my role) to verify that we have the LSM xfrm hooks in all
> of the necessary locations, for it is you who is wishing to ensure that we are
> safely and comprehensively gating all of the operations that result in removal
> of SPD and SAD entries.
All of us who contribute upstream have a responsibility to ensure the
proper operation and maintenance of the upstream Linux kernel, this is
especially true for individuals such as yourself who have accepted a
maintainer role.
You have identified what appear to be issues with the upstream kernel,
and have proposed changes to address that. While reviewing those
changes I asked you to verify that the LSM hooks associated with your
proposed change were still working as expected, since it was not clear
from the discussion, or the patch, that an investigation had taken
place. This is not an unusual request for such a proposed change, and
is something that I would expect a LSM maintainer to do without much
hesitation. If you are unwilling to investigate this, can you explain
why?
--
paul-moore.com
^ permalink raw reply
* Re: [PATCH net-next v2 0/4] net: uapi: Provide an UAPI definition of 'struct sockaddr'
From: Jakub Kicinski @ 2026-02-03 22:40 UTC (permalink / raw)
To: Thomas Weißschuh
Cc: Eric Dumazet, Kuniyuki Iwashima, Paolo Abeni, Willem de Bruijn,
David S. Miller, Simon Horman, Shuah Khan, Matthieu Baerts,
Mat Martineau, Geliang Tang, Mickaël Salaün,
Günther Noack, Alexei Starovoitov, Daniel Borkmann,
Jesper Dangaard Brouer, John Fastabend, Stanislav Fomichev,
Andrii Nakryiko, Martin KaFai Lau, Eduard Zingerman, Song Liu,
Yonghong Song, KP Singh, Hao Luo, Jiri Olsa, netdev, linux-kernel,
linux-api, Arnd Bergmann, linux-kselftest, mptcp,
linux-security-module, bpf, libc-alpha, Carlos O'Donell,
Adhemerval Zanella, Rich Felker, klibc, Florian Weimer
In-Reply-To: <20260203122715-eeb304f9-4b42-4fc6-a527-658182a92ba5@linutronix.de>
On Tue, 3 Feb 2026 12:42:22 +0100 Thomas Weißschuh wrote:
> > FWIW the typelimits change broke compilation of ethtool, we'll see if
> > anyone "outside kernel community itself" complains.
>
> Can you point me to that breakage? I was unable to find it.
Not reported on the ML, and it's kinda annoying to repro because
the uAPI header sync script isn't committed :/ You have to check
this out
https://git.kernel.org/pub/scm/network/ethtool/ethtool.git/
and run a script like this to sync headers from the kernel (then build):
#!/bin/bash -e
sn="${0##*/}"
export ARCH="x86_64"
if [ ! -d "$LINUX_GIT" ]; then
echo "${sn}: LINUX_GIT not set" >&2
exit 1
fi
pushd "$LINUX_GIT"
if [ -n "$1" ]; then
git checkout "$1"
fi
desc=$(git describe --exact-match 2>/dev/null \
|| git show -s --abbrev=12 --pretty='commit %h')
kobj=$(mktemp -d)
make -j16 O="$kobj" allmodconfig
make -j16 O="$kobj" prepare
make -j16 O="$kobj" INSTALL_HDR_PATH="${kobj}/hdr" headers_install
popd
pushd uapi
find . -type f -name '*.h' -exec cp -v "${kobj}/hdr/include/{}" {} \;
popd
rm -rf "$kobj"
git add uapi
git commit -s -F - <<EOT
update UAPI header copies
Update to kernel ${desc}.
EOT
^ permalink raw reply
* Re: [PATCH v2 0/6] Landlock: Implement scope control for pathname Unix sockets
From: Tingmao Wang @ 2026-02-03 21:53 UTC (permalink / raw)
To: Günther Noack, Justin Suess, Mickaël Salaün
Cc: Günther Noack, Demi Marie Obenour, Alyssa Ross, Jann Horn,
Tahera Fahimi, linux-security-module
In-Reply-To: <aYI2OQhPMgdMAOiz@google.com>
On 2/3/26 17:54, Günther Noack wrote:
> On Tue, Feb 03, 2026 at 01:26:31AM +0000, Tingmao Wang wrote:
>> On 2/2/26 22:03, Justin Suess wrote:
>>> Regardless if you merge the patch series now in 7.0 or a later version, I think there is something to be said
>>> about having the filesystem and scoped unix access right merged in the same ABI version / merge window.
>>>
>>> As you pointed out earlier, the combination of the two flags is much flexible and useful to userspace
>>> consumers than one or the other, and if the features were merged separately, there would be an
>>> awkward middle ABI where user space consumers may have to make compromises or changes to
>>> sandbox between different versions or change application behavior.
>>> [...]
>>
>> Given that the scope bit and RESOLVE_UNIX access right are in some sense
>> part of the same system (they interact in an OR manner, after all), there
>> is some positive for having them introduced in the same version, but on
>> the other hand, with my above reasoning, I don't think these two
>> mechanisms (scope bit and RESOLVE_UNIX access) being in different ABI
>> versions would be too much of a problem. In either case, for applications
>> which require access to more "privileged" sockets, when running on a
>> kernel without the RESOLVE_UNIX access right support, no pathname socket
>> restrictions can be applied (i.e. it won't use the scope bit either, there
>> isn't much "compromise" it can make here). On the other hand, if
>> RESOLVE_UNIX is supported, then it knows that the scope bit is also
>> supported, and can just use it.
>
> Yes, but that does require additional subtle backwards compatibility
> logic in userspace libraries, to implement the "best effort" fallbacks.
>
> Assuming the scoped bit is added in v8 and the FS_RESOLVE_UNIX right in v9,
> if a user does this (in Go-landlock syntax):
>
> // restrict both scoped bit and FS RESOLVE_UNIX right, if possible
> landlock.V9.BestEffort().RestrictPaths(
> landlock.ResolveUnix("/tmp/socket"), // allow to connect to /tmp/socket
> )
>
> then if the system only supports ABI v8, it will have to clear both
> bits so that connections to /tmp/socket work,
> even though the scoped bit is technically supported on v8.
>
> **This requires additional logic in client libraries**,
> similar to our "refer" semantics (which users often get wrong):
>
> if (there is a rule that allows connections by path name)
> clear_the_scoped_bit_as_well();
> // even though the path name rule normally only affects a different bit
>
>
> In contrast, if both the scoped bit and FS_RESOLVE_UNIX were added in
> the same ABI version, then if a user does the above call, we are
> either equal-or-above that ABI version, in which case it works, or we
> are below that ABI version, in which case the two bits already get
> cleared from the landlock_ruleset_attr through the existing backwards
> compatibility mechanism.
>
> **In my mind, Justin is right that we should ideally introduce these
> together.** We have seen users implementing the "Refer" special case
> wrongly very often, it will likely happen here too, if we require
> extra logic in userspace libraries.
Ok, this makes sense to me. I will send the patch's next version as-is
anyway for completeness since it's basically done but I recognize that we
might change the plan based on this discussion.
>
>
> BTW, regarding the implementation: To have *OR* semantics for "within
> scope" and "allow-listed path", the implementation will be
> non-trivial, and I suspect we won't hit the merge window if we try to
> get them both in for 7.0. But in my mind, a simple UAPI is more
> important than trying to make it in time for the next merge window.
>
> (The implementation is difficult because the path-based and
> scope-based check currently happen in different LSM hooks, and none of
> the two hooks has enough information to make the decision alone. The
> second hook only gets called if the first returns 0. It'll require
> some further discussion to make it work together.)
Right. In that case, would it make sense to pass sk into the new
security_unix_find() hook, perhaps with the new argument named `struct
sock *other`? Then we can use this hook for the scope check as well by
using landlock_cred(other->sk_socket->file->f_cred)->domain etc.
diff --git a/net/unix/af_unix.c b/net/unix/af_unix.c
index 227467236930..db9d279b3883 100644
--- a/net/unix/af_unix.c
+++ b/net/unix/af_unix.c
@@ -1223,24 +1223,24 @@ static struct sock *unix_find_bsd(struct sockaddr_un *sunaddr, int addr_len,
err = -ECONNREFUSED;
inode = d_backing_inode(path.dentry);
if (!S_ISSOCK(inode->i_mode))
goto path_put;
+ err = -ECONNREFUSED;
+ sk = unix_find_socket_byinode(inode);
+ if (!sk)
+ goto path_put;
+
/*
* We call the hook because we know that the inode is a socket
* and we hold a valid reference to it via the path.
*/
- err = security_unix_find(&path, type, flags);
+ err = security_unix_find(&path, sk, flags);
if (err)
- goto path_put;
-
- err = -ECONNREFUSED;
- sk = unix_find_socket_byinode(inode);
- if (!sk)
- goto path_put;
+ goto sock_put;
err = -EPROTOTYPE;
if (sk->sk_type == type)
touch_atime(&path);
else
goto sock_put;
By doing this we won't even need to pass `type` separately anymore. The
only change would be that now one can determine if a socket is bound or
not even without being allowed RESOLVE_UNIX access. I'm not sure how much
of an issue this is, but we could also call the hook anyway with a NULL in
place of the new argument, if unix_find_socket_byinode() fails. Other
LSMs can then decide what to do in that case (either return -ECONNREFUSED
or -EPERM).
>
>
>> Furthermore, an application / Landlock config etc can always opt to not
>> use the scope bit at all, if it "knows" all the locations where the
>> application's sockets would be placed, and just use RESOLVE_UNIX access
>> right (or nothing if it is not supported).
>>
>> (The following is a bit of a side note, not terribly relevant if we're
>> deciding to go with the patch as is.)
>>
>>>> [...]
>>>> Another way to put it is that, if FS-based and scope-based controls
>>>> interacts in the above proposed way, both mechanisms feel like "poking
>>>> holes" in the other. But as Mickaël said, one can think of the two
>>>> mechanisms not as independent controls, but rather as two interfaces for
>>>> the same control. The socket access control is "enabled" if either the
>>>> LANDLOCK_ACCESS_FS_RESOLVE_UNIX access is handled, or the scope bit
>>>> proposed in this patch is enabled.
>>>>
>>>> With that said, I can think of some alternative ways that might make this
>>>> API look "better" (from a subjective point of view, feedback welcome),
>>>> however it does mean more delays, and specifically, these will depend on
>>>> LANDLOCK_ACCESS_FS_RESOLVE_UNIX:
>>>>
>>>> One possibility is to simply always allow a Landlock domain to connect to
>>>> its own sockets (in the case where LANDLOCK_ACCESS_FS_RESOLVE_UNIX is
>>>> handled, otherwise all sockets are allowed). This might be reasonable, as
>>>> one can only connect to a socket it creates if it has the permission to
>>>> create it in the first place, which is already controlled by
>>>> LANDLOCK_ACCESS_FS_MAKE_SOCK, so we don't really lose any policy
>>>> flexibility here - if for some reason the sandboxer don't want to allow
>>>> access to any (pathname) sockets, even the sandboxed app's own ones, it
>>>> can just not allow LANDLOCK_ACCESS_FS_MAKE_SOCK anywhere.
>>>
>>> LANDLOCK_ACCESS_FS_MAKE_SOCK is only required to bind/listen to a
>>> socket, not to connect. I guess you was thinking about
>>> LANDLOCK_ACCESS_FS_RESOLVE_UNIX in this case?
>>
>> In this "allow same-scope connect unconditionally" proposal, the
>> application would still be able to (bind to and) connect to its own
>> sockets, even if LANDLOCK_ACCESS_FS_RESOLVE_UNIX is handled and nothing is
>> allowed to have LANDLOCK_ACCESS_FS_RESOLVE_UNIX access. But a sandboxer
>> which for whatever reason doesn't want this "allow same scope" default can
>> still prevent the use of (pathname) sockets by restricting
>> LANDLOCK_ACCESS_FS_MAKE_SOCK, because if an app can't connect to any
>> sockets it doesn't own, and can't create any sockets itself either, then
>> it effectively can't connect to any sockets at all.
>>
>> (Although on second thought, I guess there could be a case where an app
>> first creates some socket files before doing landlock_restrict_self(),
>> then it might still be able to bind to these even without
>> LANDLOCK_ACCESS_FS_MAKE_SOCK?)
>
> FWIW, I also really liked Tingmao's first of the two listed
> possibilities in [1], where she proposed to introduce both rights
> together. In my understanding, the arguments we have discussed so far
> for that are:
>
> IN FAVOR:
>
> (pro1) Connecting to a UNIX socket in the same scope is always safe,
> and it makes it possible to use named UNIX sockets between the
> processes within a Landlock domains. (Mickaël convinced me in
> discussion at FOSDEM that this is true.)
>
> If someone absolutely does not want that, they can restrict
> LANDLOCK_ACCESS_FS_MAKE_SOCK and achieve the same effect (as
> Tingmao said above).
>
> (pro2) The implementation of this is simpler.
>
> (I attempted to understand how the "or" semantics would be
> implemented, and I found it non-trivial when you try to do it
> for all layers at once. (Kernighan's Law applies, IMHO))
I think the logic would basically be:
1. if any layers deny the access due to handled RESOLVE_UNIX but does not
have the scope bit set, then we will deny rightaway, without calling
domain_is_scoped().
2. Call domain_is_scoped() with a bitmask of "rules_covered" layers where
there are RESOLVE_UNIX rules covering the socket being accessed, and
essentially ignore those layers in the scope violation check.
I definitely agree that it is tricky, but making same-scope access be
allowed (i.e. the suggested idea above) would only get rid of step 1,
which I think is the "simpler" bit. The extra logic in step 2 is still
needed.
I definitely agree with pro1 tho.
>
> AGAINST:
>
> (con1) It would work differently than the other scoped access rights
> that we already have.
>
> A speculative feature that could potentially be built with the
> scoped access rights is that we could add a rule to permit IPC
> to other Landlock scopes, e.g. introducing a new rule type
>
> struct landlock_scope_attr {
> __u64 allowed_access; /* for "scoped" bits */
> /* some way to identify domains */
> }
>
> so that we could make IPC access to other Landlock domains
> configurable.
>
> If the scoped bit and the FS RESOLVE_UNIX bit were both
> conflated in RESOLVE_UNIX, it would not be possible to make
> UNIX connections configurable in such a way.
This exact API would no longer work, but if we give up the equivalence
between scope bits and the landlock_scope_attr struct, then we can do
something like:
struct landlock_scope_attr {
__u64 ptrace:1; /* Note that this is not a (user controllable) scope bit! */
__u64 abstract_unix_socket:1;
__u64 pathname_unix_socket:1;
/* ... */
__u64 allowed_signals;
/*
* some way to identify domains, maybe we could use the audit domain
* ID, with 0 denoting "allow access to non-Landlocked processes?
*/
}
>
> (con2) Consistent behaviour between scoped flags and their
> interactions with other access rights:
>
> The existing scoped access rights (signal, abstract sockets)
> could hypothetically be extended with a related access right of
> another type. For instance, there could be an access right type
>
> __u64 handled_signal_number;
>
> and then you could add a rule to permit the use of certain
> signal numbers. The interaction between the scoped flags and
> other access rights should work the same.
>
>
> Constructive Proposal for consideration: Why not both?
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
I will think about the following a bit more but I'm afraid that I feel
like it might get slightly confusing. With this, the only reason for
having LANDLOCK_SCOPE_PATHNAME_UNIX_SOCKET is for API consistency when we
later enable allowing access to other domains (if I understood correctly),
in which case I personally feel like the suggestion on landlock_scope_attr
above, where we essentially accept that it is decoupled with the scope
bits in the ruleset, might be simpler...?
>
> Why not do both what Tingmao proposed in [1] **and** reserve the
> option to add the matching "scoped flag" later?
>
> * Introduce LANDLOCK_ACCESS_FS_RESOLVE_UNIX.
>
> If it is handled, UNIX connections are allowed either:
>
> (1) if the connection is to a service in the same scope, or
> (2) if the path was allow-listed with a "path beneath" rule.
>
> * Add LANDLOCK_SCOPE_PATHNAME_UNIX_SOCKET later, if needed.
>
>
> Let's go through the arguments again:
>
> We have observed that it is harmless to allow connections to services
> in the same scope (1), and that if users absolutely don't want that,
> they can actually prohibit it through LANDLOCK_ACCESS_FS_MAKE_SOCK
> (pro1).
>
> (con1): Can we still implement the feature idea where we poke a hole
> to get UNIX-connect() access to other Landlock domains?
>
> I think the answer is yes. The implementation strategy is:
>
> * Add the scoped bit LANDLOCK_SCOPE_PATHNAME_UNIX_SOCKET
> * The scoped bit can now be used to allow-list connections to
> other Landlock domains.
>
> For users, just setting the scoped bit on its own does the same as
> handling LANDLOCK_ACCESS_FS_RESOLVE_UNIX. That way, the kernel-side
> implementation can also stay simple. The only reason why the scoped
> bit is needed is because it makes it possible to allow-list
> connections to other Landlock domains, but at the same time, it is
> safe if libraries set the scoped bit once it exists, as it does not
> have any bad runtime impact either.
>
> (con2): Consistency: Do all the scoped flags interact with their
> corresponding access rights in the same way?
>
> The other scope flags do not have corresponding access rights, so
> far.
>
> If we were to add corresponding access rights for the other scope
> flags, I would argue that we could apply a consistent logic there,
> because IPC access within the same scope is always safe:
>
> - A hypothetical access right type for "signal numbers" would only
> restrict signals that go beyond the current scope.
>
> - A hypothetical access right type for "abstract UNIX domain socket
> names" would only restrict connections to abstract UNIX domain
> servers that go beyond the current scope.
>
> I can not come up with a scenario where this doesn't work.
>
>
> In conclusion, I think the approach has significant upsides:
>
> * Simpler UAPI: Users only have one access bit to deal with, in the
> near future. Once we do add a scope flag for UNIX connections, it
> does not interact in a surprising way with the corresponding FS
> access right, because with either of these, scoped access is
> allowed.
>
> If users absolutely need to restrict scoped access, they can
> restrict LANDLOCK_ACCESS_FS_MAKE_SOCK. It is a slightly obscure
> API, but in line with the "make easy things easy, make hard things
> possible" API philosophy. And needing this should be the
> exception rather than the norm, after all.
>
> * Consistent behaviour between scoped flags and regular access
> rights, also for speculative access rights affecting the existing
> scoped flags for signals and abstract UNIX domain sockets.
>
> I know this was a slightly long mail, but I thought long and tried to
> be structured. Please let me know what you think.
>
> —Günther
>
>
> [1] https://lore.kernel.org/all/f07fe41a-96c5-4d3a-9966-35b30b3a71f1@maowtm.org/
^ permalink raw reply related
* Re: [PATCH] man/man7/kernel_lockdown.7: remove Secure Boot untruth
From: Heinrich Schuchardt @ 2026-02-03 20:47 UTC (permalink / raw)
To: Alejandro Colomar, Alyssa Ross
Cc: David Howells, Nicolas Bouchinet, Xiu Jianfeng,
linux-security-module, linux-man
In-Reply-To: <aYJZ31jO5ZE1Z6Xp@devuan>
Am 3. Februar 2026 21:27:44 MEZ schrieb Alejandro Colomar <alx@kernel.org>:
>Hi Alyssa,
>
>On 2026-02-03T20:53:33+0100, Alyssa Ross wrote:
>> On Tue, Feb 03, 2026 at 08:50:01PM +0100, Alyssa Ross wrote:
>> > This is true for Fedora, where this page was sourced from, but I don't
>> > believe it has ever been true for the mainline kernel, because Linus
>> > rejected it.
>> >
>> > Link: https://bbs.archlinux.org/viewtopic.php?pid=2088704#p2088704
>> > Link: https://lore.kernel.org/lkml/CA+55aFzYbpRAdma0PvqE+9ygySuKzNKByqOzzMufBoovXVnfPw@mail.gmail.com/
>> > Fixes: bb509e6fc ("kernel_lockdown.7: New page documenting the Kernel Lockdown feature")
>
>I've now CCed you in an email documenting the format we use for these.
>It should be:
>
>Fixes: bb509e6fcbae (2020-10-16; "kernel_lockdown.7: New page documenting the Kernel Lockdown feature")
>
>I'll amend that myself.
>
>> > Signed-off-by: Alyssa Ross <hi@alyssa.is>
>>
>> Just noticed there's a long-open bug for this as well, so additionally:
>>
>> Closes: https://bugzilla.kernel.org/show_bug.cgi?id=213577
>
>Thanks! I'll keep the patch for a few days, in case anyone wants to
>comment.
>
>
>Have a lovely night!
>Alex
>
Can we move the information from the Notes section to replace the removed statement? What causes lockdown is central for users.
Best regards
Heinrich
^ permalink raw reply
* Re: [PATCH] man/man7/kernel_lockdown.7: remove Secure Boot untruth
From: Alejandro Colomar @ 2026-02-03 20:27 UTC (permalink / raw)
To: Alyssa Ross
Cc: Heinrich Schuchardt, David Howells, Nicolas Bouchinet,
Xiu Jianfeng, linux-security-module, linux-man
In-Reply-To: <aYJSDDwK1T9xxca1@mbp.qyliss.net>
[-- Attachment #1: Type: text/plain, Size: 1148 bytes --]
Hi Alyssa,
On 2026-02-03T20:53:33+0100, Alyssa Ross wrote:
> On Tue, Feb 03, 2026 at 08:50:01PM +0100, Alyssa Ross wrote:
> > This is true for Fedora, where this page was sourced from, but I don't
> > believe it has ever been true for the mainline kernel, because Linus
> > rejected it.
> >
> > Link: https://bbs.archlinux.org/viewtopic.php?pid=2088704#p2088704
> > Link: https://lore.kernel.org/lkml/CA+55aFzYbpRAdma0PvqE+9ygySuKzNKByqOzzMufBoovXVnfPw@mail.gmail.com/
> > Fixes: bb509e6fc ("kernel_lockdown.7: New page documenting the Kernel Lockdown feature")
I've now CCed you in an email documenting the format we use for these.
It should be:
Fixes: bb509e6fcbae (2020-10-16; "kernel_lockdown.7: New page documenting the Kernel Lockdown feature")
I'll amend that myself.
> > Signed-off-by: Alyssa Ross <hi@alyssa.is>
>
> Just noticed there's a long-open bug for this as well, so additionally:
>
> Closes: https://bugzilla.kernel.org/show_bug.cgi?id=213577
Thanks! I'll keep the patch for a few days, in case anyone wants to
comment.
Have a lovely night!
Alex
--
<https://www.alejandro-colomar.es>
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]
^ permalink raw reply
* Re: [PATCH] man/man7/kernel_lockdown.7: remove Secure Boot untruth
From: Alyssa Ross @ 2026-02-03 19:53 UTC (permalink / raw)
To: Alejandro Colomar
Cc: Heinrich Schuchardt, David Howells, Nicolas Bouchinet,
Xiu Jianfeng, linux-security-module, linux-man
In-Reply-To: <20260203195001.20131-1-hi@alyssa.is>
[-- Attachment #1: Type: text/plain, Size: 664 bytes --]
On Tue, Feb 03, 2026 at 08:50:01PM +0100, Alyssa Ross wrote:
> This is true for Fedora, where this page was sourced from, but I don't
> believe it has ever been true for the mainline kernel, because Linus
> rejected it.
>
> Link: https://bbs.archlinux.org/viewtopic.php?pid=2088704#p2088704
> Link: https://lore.kernel.org/lkml/CA+55aFzYbpRAdma0PvqE+9ygySuKzNKByqOzzMufBoovXVnfPw@mail.gmail.com/
> Fixes: bb509e6fc ("kernel_lockdown.7: New page documenting the Kernel Lockdown feature")
> Signed-off-by: Alyssa Ross <hi@alyssa.is>
Just noticed there's a long-open bug for this as well, so additionally:
Closes: https://bugzilla.kernel.org/show_bug.cgi?id=213577
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 228 bytes --]
^ permalink raw reply
* [PATCH] man/man7/kernel_lockdown.7: remove Secure Boot untruth
From: Alyssa Ross @ 2026-02-03 19:50 UTC (permalink / raw)
To: Alejandro Colomar
Cc: Heinrich Schuchardt, David Howells, Nicolas Bouchinet,
Xiu Jianfeng, linux-security-module, linux-man
This is true for Fedora, where this page was sourced from, but I don't
believe it has ever been true for the mainline kernel, because Linus
rejected it.
Link: https://bbs.archlinux.org/viewtopic.php?pid=2088704#p2088704
Link: https://lore.kernel.org/lkml/CA+55aFzYbpRAdma0PvqE+9ygySuKzNKByqOzzMufBoovXVnfPw@mail.gmail.com/
Fixes: bb509e6fc ("kernel_lockdown.7: New page documenting the Kernel Lockdown feature")
Signed-off-by: Alyssa Ross <hi@alyssa.is>
---
man/man7/kernel_lockdown.7 | 3 ---
1 file changed, 3 deletions(-)
diff --git a/man/man7/kernel_lockdown.7 b/man/man7/kernel_lockdown.7
index 5090484ea..5986c8f01 100644
--- a/man/man7/kernel_lockdown.7
+++ b/man/man7/kernel_lockdown.7
@@ -23,9 +23,6 @@ Lockdown: X: Y is restricted, see man kernel_lockdown.7
.in
.P
where X indicates the process name and Y indicates what is restricted.
-.P
-On an EFI-enabled x86 or arm64 machine, lockdown will be automatically enabled
-if the system boots in EFI Secure Boot mode.
.\"
.SS Coverage
When lockdown is in effect, a number of features are disabled or have their
--
2.52.0
^ permalink raw reply related
* Re: [PATCH v2 0/6] Landlock: Implement scope control for pathname Unix sockets
From: Günther Noack @ 2026-02-03 17:54 UTC (permalink / raw)
To: Tingmao Wang
Cc: Justin Suess, Mickaël Salaün, Günther Noack,
Demi Marie Obenour, Alyssa Ross, Jann Horn, Tahera Fahimi,
linux-security-module
In-Reply-To: <16129d76-b6d3-4959-b241-dc79a32dd0cd@maowtm.org>
On Tue, Feb 03, 2026 at 01:26:31AM +0000, Tingmao Wang wrote:
> On 2/2/26 22:03, Justin Suess wrote:
> > Regardless if you merge the patch series now in 7.0 or a later version, I think there is something to be said
> > about having the filesystem and scoped unix access right merged in the same ABI version / merge window.
> >
> > As you pointed out earlier, the combination of the two flags is much flexible and useful to userspace
> > consumers than one or the other, and if the features were merged separately, there would be an
> > awkward middle ABI where user space consumers may have to make compromises or changes to
> > sandbox between different versions or change application behavior.
> > [...]
>
> Given that the scope bit and RESOLVE_UNIX access right are in some sense
> part of the same system (they interact in an OR manner, after all), there
> is some positive for having them introduced in the same version, but on
> the other hand, with my above reasoning, I don't think these two
> mechanisms (scope bit and RESOLVE_UNIX access) being in different ABI
> versions would be too much of a problem. In either case, for applications
> which require access to more "privileged" sockets, when running on a
> kernel without the RESOLVE_UNIX access right support, no pathname socket
> restrictions can be applied (i.e. it won't use the scope bit either, there
> isn't much "compromise" it can make here). On the other hand, if
> RESOLVE_UNIX is supported, then it knows that the scope bit is also
> supported, and can just use it.
Yes, but that does require additional subtle backwards compatibility
logic in userspace libraries, to implement the "best effort" fallbacks.
Assuming the scoped bit is added in v8 and the FS_RESOLVE_UNIX right in v9,
if a user does this (in Go-landlock syntax):
// restrict both scoped bit and FS RESOLVE_UNIX right, if possible
landlock.V9.BestEffort().RestrictPaths(
landlock.ResolveUnix("/tmp/socket"), // allow to connect to /tmp/socket
)
then if the system only supports ABI v8, it will have to clear both
bits so that connections to /tmp/socket work,
even though the scoped bit is technically supported on v8.
**This requires additional logic in client libraries**,
similar to our "refer" semantics (which users often get wrong):
if (there is a rule that allows connections by path name)
clear_the_scoped_bit_as_well();
// even though the path name rule normally only affects a different bit
In contrast, if both the scoped bit and FS_RESOLVE_UNIX were added in
the same ABI version, then if a user does the above call, we are
either equal-or-above that ABI version, in which case it works, or we
are below that ABI version, in which case the two bits already get
cleared from the landlock_ruleset_attr through the existing backwards
compatibility mechanism.
**In my mind, Justin is right that we should ideally introduce these
together.** We have seen users implementing the "Refer" special case
wrongly very often, it will likely happen here too, if we require
extra logic in userspace libraries.
BTW, regarding the implementation: To have *OR* semantics for "within
scope" and "allow-listed path", the implementation will be
non-trivial, and I suspect we won't hit the merge window if we try to
get them both in for 7.0. But in my mind, a simple UAPI is more
important than trying to make it in time for the next merge window.
(The implementation is difficult because the path-based and
scope-based check currently happen in different LSM hooks, and none of
the two hooks has enough information to make the decision alone. The
second hook only gets called if the first returns 0. It'll require
some further discussion to make it work together.)
> Furthermore, an application / Landlock config etc can always opt to not
> use the scope bit at all, if it "knows" all the locations where the
> application's sockets would be placed, and just use RESOLVE_UNIX access
> right (or nothing if it is not supported).
>
> (The following is a bit of a side note, not terribly relevant if we're
> deciding to go with the patch as is.)
>
> >> [...]
> >> Another way to put it is that, if FS-based and scope-based controls
> >> interacts in the above proposed way, both mechanisms feel like "poking
> >> holes" in the other. But as Mickaël said, one can think of the two
> >> mechanisms not as independent controls, but rather as two interfaces for
> >> the same control. The socket access control is "enabled" if either the
> >> LANDLOCK_ACCESS_FS_RESOLVE_UNIX access is handled, or the scope bit
> >> proposed in this patch is enabled.
> >>
> >> With that said, I can think of some alternative ways that might make this
> >> API look "better" (from a subjective point of view, feedback welcome),
> >> however it does mean more delays, and specifically, these will depend on
> >> LANDLOCK_ACCESS_FS_RESOLVE_UNIX:
> >>
> >> One possibility is to simply always allow a Landlock domain to connect to
> >> its own sockets (in the case where LANDLOCK_ACCESS_FS_RESOLVE_UNIX is
> >> handled, otherwise all sockets are allowed). This might be reasonable, as
> >> one can only connect to a socket it creates if it has the permission to
> >> create it in the first place, which is already controlled by
> >> LANDLOCK_ACCESS_FS_MAKE_SOCK, so we don't really lose any policy
> >> flexibility here - if for some reason the sandboxer don't want to allow
> >> access to any (pathname) sockets, even the sandboxed app's own ones, it
> >> can just not allow LANDLOCK_ACCESS_FS_MAKE_SOCK anywhere.
> >
> > LANDLOCK_ACCESS_FS_MAKE_SOCK is only required to bind/listen to a
> > socket, not to connect. I guess you was thinking about
> > LANDLOCK_ACCESS_FS_RESOLVE_UNIX in this case?
>
> In this "allow same-scope connect unconditionally" proposal, the
> application would still be able to (bind to and) connect to its own
> sockets, even if LANDLOCK_ACCESS_FS_RESOLVE_UNIX is handled and nothing is
> allowed to have LANDLOCK_ACCESS_FS_RESOLVE_UNIX access. But a sandboxer
> which for whatever reason doesn't want this "allow same scope" default can
> still prevent the use of (pathname) sockets by restricting
> LANDLOCK_ACCESS_FS_MAKE_SOCK, because if an app can't connect to any
> sockets it doesn't own, and can't create any sockets itself either, then
> it effectively can't connect to any sockets at all.
>
> (Although on second thought, I guess there could be a case where an app
> first creates some socket files before doing landlock_restrict_self(),
> then it might still be able to bind to these even without
> LANDLOCK_ACCESS_FS_MAKE_SOCK?)
FWIW, I also really liked Tingmao's first of the two listed
possibilities in [1], where she proposed to introduce both rights
together. In my understanding, the arguments we have discussed so far
for that are:
IN FAVOR:
(pro1) Connecting to a UNIX socket in the same scope is always safe,
and it makes it possible to use named UNIX sockets between the
processes within a Landlock domains. (Mickaël convinced me in
discussion at FOSDEM that this is true.)
If someone absolutely does not want that, they can restrict
LANDLOCK_ACCESS_FS_MAKE_SOCK and achieve the same effect (as
Tingmao said above).
(pro2) The implementation of this is simpler.
(I attempted to understand how the "or" semantics would be
implemented, and I found it non-trivial when you try to do it
for all layers at once. (Kernighan's Law applies, IMHO))
AGAINST:
(con1) It would work differently than the other scoped access rights
that we already have.
A speculative feature that could potentially be built with the
scoped access rights is that we could add a rule to permit IPC
to other Landlock scopes, e.g. introducing a new rule type
struct landlock_scope_attr {
__u64 allowed_access; /* for "scoped" bits */
/* some way to identify domains */
}
so that we could make IPC access to other Landlock domains
configurable.
If the scoped bit and the FS RESOLVE_UNIX bit were both
conflated in RESOLVE_UNIX, it would not be possible to make
UNIX connections configurable in such a way.
(con2) Consistent behaviour between scoped flags and their
interactions with other access rights:
The existing scoped access rights (signal, abstract sockets)
could hypothetically be extended with a related access right of
another type. For instance, there could be an access right type
__u64 handled_signal_number;
and then you could add a rule to permit the use of certain
signal numbers. The interaction between the scoped flags and
other access rights should work the same.
Constructive Proposal for consideration: Why not both?
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Why not do both what Tingmao proposed in [1] **and** reserve the
option to add the matching "scoped flag" later?
* Introduce LANDLOCK_ACCESS_FS_RESOLVE_UNIX.
If it is handled, UNIX connections are allowed either:
(1) if the connection is to a service in the same scope, or
(2) if the path was allow-listed with a "path beneath" rule.
* Add LANDLOCK_SCOPE_PATHNAME_UNIX_SOCKET later, if needed.
Let's go through the arguments again:
We have observed that it is harmless to allow connections to services
in the same scope (1), and that if users absolutely don't want that,
they can actually prohibit it through LANDLOCK_ACCESS_FS_MAKE_SOCK
(pro1).
(con1): Can we still implement the feature idea where we poke a hole
to get UNIX-connect() access to other Landlock domains?
I think the answer is yes. The implementation strategy is:
* Add the scoped bit LANDLOCK_SCOPE_PATHNAME_UNIX_SOCKET
* The scoped bit can now be used to allow-list connections to
other Landlock domains.
For users, just setting the scoped bit on its own does the same as
handling LANDLOCK_ACCESS_FS_RESOLVE_UNIX. That way, the kernel-side
implementation can also stay simple. The only reason why the scoped
bit is needed is because it makes it possible to allow-list
connections to other Landlock domains, but at the same time, it is
safe if libraries set the scoped bit once it exists, as it does not
have any bad runtime impact either.
(con2): Consistency: Do all the scoped flags interact with their
corresponding access rights in the same way?
The other scope flags do not have corresponding access rights, so
far.
If we were to add corresponding access rights for the other scope
flags, I would argue that we could apply a consistent logic there,
because IPC access within the same scope is always safe:
- A hypothetical access right type for "signal numbers" would only
restrict signals that go beyond the current scope.
- A hypothetical access right type for "abstract UNIX domain socket
names" would only restrict connections to abstract UNIX domain
servers that go beyond the current scope.
I can not come up with a scenario where this doesn't work.
In conclusion, I think the approach has significant upsides:
* Simpler UAPI: Users only have one access bit to deal with, in the
near future. Once we do add a scope flag for UNIX connections, it
does not interact in a surprising way with the corresponding FS
access right, because with either of these, scoped access is
allowed.
If users absolutely need to restrict scoped access, they can
restrict LANDLOCK_ACCESS_FS_MAKE_SOCK. It is a slightly obscure
API, but in line with the "make easy things easy, make hard things
possible" API philosophy. And needing this should be the
exception rather than the norm, after all.
* Consistent behaviour between scoped flags and regular access
rights, also for speculative access rights affecting the existing
scoped flags for signals and abstract UNIX domain sockets.
I know this was a slightly long mail, but I thought long and tried to
be structured. Please let me know what you think.
—Günther
[1] https://lore.kernel.org/all/f07fe41a-96c5-4d3a-9966-35b30b3a71f1@maowtm.org/
^ permalink raw reply
* Re: [PATCH v4 15/17] module: Introduce hash-based integrity checking
From: Thomas Weißschuh @ 2026-02-03 12:59 UTC (permalink / raw)
To: Petr Pavlu
Cc: Nathan Chancellor, Arnd Bergmann, Luis Chamberlain, Sami Tolvanen,
Daniel Gomez, Paul Moore, James Morris, Serge E. Hallyn,
Jonathan Corbet, Madhavan Srinivasan, Michael Ellerman,
Nicholas Piggin, Naveen N Rao, Mimi Zohar, Roberto Sassu,
Dmitry Kasatkin, Eric Snowberg, Nicolas Schier, Daniel Gomez,
Aaron Tomlin, Christophe Leroy (CS GROUP), Nicolas Schier,
Nicolas Bouchinet, Xiu Jianfeng, Fabian Grünbichler,
Arnout Engelen, Mattia Rizzolo, kpcyrd, Christian Heusel,
Câju Mihai-Drosi, Sebastian Andrzej Siewior, linux-kbuild,
linux-kernel, linux-arch, linux-modules, linux-security-module,
linux-doc, linuxppc-dev, linux-integrity
In-Reply-To: <fab2af64-e396-45f9-8876-feff4002e04b@suse.com>
On 2026-02-03 13:19:20+0100, Petr Pavlu wrote:
> On 1/13/26 1:28 PM, Thomas Weißschuh wrote:
> > The current signature-based module integrity checking has some drawbacks
> > in combination with reproducible builds. Either the module signing key
> > is generated at build time, which makes the build unreproducible, or a
> > static signing key is used, which precludes rebuilds by third parties
> > and makes the whole build and packaging process much more complicated.
> >
> > The goal is to reach bit-for-bit reproducibility. Excluding certain
> > parts of the build output from the reproducibility analysis would be
> > error-prone and force each downstream consumer to introduce new tooling.
> >
> > Introduce a new mechanism to ensure only well-known modules are loaded
> > by embedding a merkle tree root of all modules built as part of the full
> > kernel build into vmlinux.
> >
> > Non-builtin modules can be validated as before through signatures.
> >
> > Normally the .ko module files depend on a fully built vmlinux to be
> > available for modpost validation and BTF generation. With
> > CONFIG_MODULE_HASHES, vmlinux now depends on the modules
> > to build a merkle tree. This introduces a dependency cycle which is
> > impossible to satisfy. Work around this by building the modules during
> > link-vmlinux.sh, after vmlinux is complete enough for modpost and BTF
> > but before the final module hashes are
> >
> > The PKCS7 format which is used for regular module signatures can not
> > represent Merkle proofs, so a new kind of module signature is
> > introduced. As this signature type is only ever used for builtin
> > modules, no compatibility issues can arise.
>
> Nit: The description uses the term "builtin modules" in a misleading
> way. Typically, "builtin modules" refers to modules that are linked
> directly into vmlinux. However, this text uses the term to refer to
> loadable modules that are built together with the main kernel image,
> which is something different.
Agreed. I'll go through everything again, to consistently use "in-tree".
(...)
> > +
> > + while (fgets(line, PATH_MAX, in)) {
> > + struct file_entry *entry;
> > +
> > + fh_list = xreallocarray(fh_list, num_files + 1, sizeof(*fh_list));
>
> It might be useful to not reallocate this array for each file, although
> I don't immediately see that it contributes any significant time to the
> runtime.
The libc implementation should optimize this internally to not actually
grow one elemet at a time. I'd like to keep this as-is.
(...)
Ack to everything else.
^ permalink raw reply
* Re: [PATCH v4 15/17] module: Introduce hash-based integrity checking
From: Thomas Weißschuh @ 2026-02-03 12:55 UTC (permalink / raw)
To: Petr Pavlu
Cc: Nathan Chancellor, Arnd Bergmann, Luis Chamberlain, Sami Tolvanen,
Daniel Gomez, Paul Moore, James Morris, Serge E. Hallyn,
Jonathan Corbet, Madhavan Srinivasan, Michael Ellerman,
Nicholas Piggin, Naveen N Rao, Mimi Zohar, Roberto Sassu,
Dmitry Kasatkin, Eric Snowberg, Nicolas Schier, Daniel Gomez,
Aaron Tomlin, Christophe Leroy (CS GROUP), Nicolas Schier,
Nicolas Bouchinet, Xiu Jianfeng, Fabian Grünbichler,
Arnout Engelen, Mattia Rizzolo, kpcyrd, Christian Heusel,
Câju Mihai-Drosi, Sebastian Andrzej Siewior, linux-kbuild,
linux-kernel, linux-arch, linux-modules, linux-security-module,
linux-doc, linuxppc-dev, linux-integrity
In-Reply-To: <db1ed045-d7b6-49dc-b111-9fea7c30f8ab@suse.com>
On 2026-01-30 18:06:20+0100, Petr Pavlu wrote:
> On 1/13/26 1:28 PM, Thomas Weißschuh wrote:
> > Normally the .ko module files depend on a fully built vmlinux to be
> > available for modpost validation and BTF generation. With
> > CONFIG_MODULE_HASHES, vmlinux now depends on the modules
> > to build a merkle tree. This introduces a dependency cycle which is
> > impossible to satisfy. Work around this by building the modules during
> > link-vmlinux.sh, after vmlinux is complete enough for modpost and BTF
> > but before the final module hashes are
>
> I wonder if this dependency cycle could be resolved by utilizing the
> split into vmlinux.unstripped and vmlinux that occurred last year.
>
> The idea is to create the following ordering: vmlinux.unstripped ->
> modules -> vmlinux, and to patch in .module_hashes only when building
> the final vmlinux.
>
> This would require the following:
> * Split scripts/Makefile.vmlinux into two Makefiles, one that builds the
> current vmlinux.unstripped and the second one that builds the final
> vmlinux from it.
> * Modify the top Makefile to recognize vmlinux.unstripped and update the
> BTF generation rule 'modules: vmlinux' to
> 'modules: vmlinux.unstripped'.
> * Add the 'vmlinux: modules' ordering in the top Makefile for
> CONFIG_MODULE_HASHES=y.
> * Remove the patching of vmlinux.unstripped in scripts/link-vmlinux.sh
> and instead move it into scripts/Makefile.vmlinux when running objcopy
> to produce the final vmlinux.
>
> I think this approach has two main advantages:
> * CONFIG_MODULE_HASHES can be made orthogonal to
> CONFIG_DEBUG_INFO_BTF_MODULES.
> * All dependencies are expressed at the Makefile level instead of having
> scripts/link-vmlinux.sh invoke 'make -f Makefile modules'.
>
> Below is a rough prototype that applies on top of this series. It is a
> bit verbose due to the splitting of part of scripts/Makefile.vmlinux
> into scripts/Makefile.vmlinux_unstripped.
That looks like a feasible alternative. Before adopting it, I'd like to
hear the preference of the kbuild folks.
> diff --git a/Makefile b/Makefile
> index 841772a5a260..19a3beb82fa7 100644
> --- a/Makefile
> +++ b/Makefile
> @@ -1259,7 +1259,7 @@ vmlinux_o: vmlinux.a $(KBUILD_VMLINUX_LIBS)
> vmlinux.o modules.builtin.modinfo modules.builtin: vmlinux_o
> @:
>
> -PHONY += vmlinux
> +PHONY += vmlinux.unstripped vmlinux
> # LDFLAGS_vmlinux in the top Makefile defines linker flags for the top vmlinux,
> # not for decompressors. LDFLAGS_vmlinux in arch/*/boot/compressed/Makefile is
> # unrelated; the decompressors just happen to have the same base name,
> @@ -1270,9 +1270,11 @@ PHONY += vmlinux
> # https://savannah.gnu.org/bugs/?61463
> # For Make > 4.4, the following simple code will work:
> # vmlinux: private export LDFLAGS_vmlinux := $(LDFLAGS_vmlinux)
> -vmlinux: private _LDFLAGS_vmlinux := $(LDFLAGS_vmlinux)
> -vmlinux: export LDFLAGS_vmlinux = $(_LDFLAGS_vmlinux)
> -vmlinux: vmlinux.o $(KBUILD_LDS) modpost
> +vmlinux.unstripped: private _LDFLAGS_vmlinux := $(LDFLAGS_vmlinux)
> +vmlinux.unstripped: export LDFLAGS_vmlinux = $(_LDFLAGS_vmlinux)
> +vmlinux.unstripped: vmlinux.o $(KBUILD_LDS) modpost
> + $(Q)$(MAKE) -f $(srctree)/scripts/Makefile.vmlinux_unstripped
> +vmlinux: vmlinux.unstripped
> $(Q)$(MAKE) -f $(srctree)/scripts/Makefile.vmlinux
Maybe we could keep them together in a single Makefile,
and instead have different targets in it.
(...)
> @@ -98,70 +44,15 @@ remove-symbols := -w --strip-unneeded-symbol='__mod_device_table__*'
> # To avoid warnings: "empty loadable segment detected at ..." from GNU objcopy,
> # it is necessary to remove the PT_LOAD flag from the segment.
> quiet_cmd_strip_relocs = OBJCOPY $@
> - cmd_strip_relocs = $(OBJCOPY) $(patsubst %,--set-section-flags %=noload,$(remove-section-y)) $< $@; \
> - $(OBJCOPY) $(addprefix --remove-section=,$(remove-section-y)) $(remove-symbols) $@
> + cmd_script_relocs = $(OBJCOPY) $(patsubst %,--set-section-flags %=noload,$(remove-section-y)) $< $@; \
> + $(OBJCOPY) $(addprefix --remove-section=,$(remove-section-y)) \
> + $(remove-symbols) \
> + $(patch-module-hashes) $@
cmd_script_relocs -> cmd_strip_relocs
(...)
^ permalink raw reply
* Re: [PATCH v4 13/17] module: Report signature type to users
From: Thomas Weißschuh @ 2026-02-03 12:44 UTC (permalink / raw)
To: Petr Pavlu
Cc: Nathan Chancellor, Arnd Bergmann, Luis Chamberlain, Sami Tolvanen,
Daniel Gomez, Paul Moore, James Morris, Serge E. Hallyn,
Jonathan Corbet, Madhavan Srinivasan, Michael Ellerman,
Nicholas Piggin, Naveen N Rao, Mimi Zohar, Roberto Sassu,
Dmitry Kasatkin, Eric Snowberg, Nicolas Schier, Daniel Gomez,
Aaron Tomlin, Christophe Leroy (CS GROUP), Nicolas Schier,
Nicolas Bouchinet, Xiu Jianfeng, Fabian Grünbichler,
Arnout Engelen, Mattia Rizzolo, kpcyrd, Christian Heusel,
Câju Mihai-Drosi, Sebastian Andrzej Siewior, linux-kbuild,
linux-kernel, linux-arch, linux-modules, linux-security-module,
linux-doc, linuxppc-dev, linux-integrity
In-Reply-To: <fd19f9d3-b01c-4cc8-9fd5-642350e7b36b@suse.com>
On 2026-01-29 15:44:31+0100, Petr Pavlu wrote:
> On 1/13/26 1:28 PM, Thomas Weißschuh wrote:
> > The upcoming CONFIG_MODULE_HASHES will introduce a signature type.
> > This needs to be handled by callers differently than PKCS7 signatures.
> >
> > Report the signature type to the caller and let them verify it.
> >
> > Signed-off-by: Thomas Weißschuh <linux@weissschuh.net>
> > ---
> > [...]
> > diff --git a/kernel/module/main.c b/kernel/module/main.c
> > index d65bc300a78c..2a28a0ece809 100644
> > --- a/kernel/module/main.c
> > +++ b/kernel/module/main.c
> > @@ -3348,19 +3348,24 @@ static int module_integrity_check(struct load_info *info, int flags)
> > {
> > bool mangled_module = flags & (MODULE_INIT_IGNORE_MODVERSIONS |
> > MODULE_INIT_IGNORE_VERMAGIC);
> > + enum pkey_id_type sig_type;
> > size_t sig_len;
> > const u8 *sig;
> > int err = 0;
> >
> > if (IS_ENABLED(CONFIG_MODULE_SIG_POLICY)) {
> > err = mod_split_sig(info->hdr, &info->len, mangled_module,
> > - &sig_len, &sig, "module");
> > + &sig_type, &sig_len, &sig, "module");
> > if (err)
> > return err;
> > }
> >
> > - if (IS_ENABLED(CONFIG_MODULE_SIG))
> > + if (IS_ENABLED(CONFIG_MODULE_SIG) && sig_type == PKEY_ID_PKCS7) {
> > err = module_sig_check(info, sig, sig_len);
> > + } else {
> > + pr_err("module: not signed with expected PKCS#7 message\n");
> > + err = -ENOPKG;
> > + }
>
> The new else branch means that if the user chooses not to configure any
> module integrity policy, they will no longer be able to load any
> modules. I think this entire if-else part should be moved under the
> IS_ENABLED(CONFIG_MODULE_SIG_POLICY) block above, as I'm mentioning on
> patch #12.
Ack.
^ permalink raw reply
* Re: [PATCH v4 12/17] module: Move signature splitting up
From: Thomas Weißschuh @ 2026-02-03 12:42 UTC (permalink / raw)
To: Petr Pavlu
Cc: Nathan Chancellor, Arnd Bergmann, Luis Chamberlain, Sami Tolvanen,
Daniel Gomez, Paul Moore, James Morris, Serge E. Hallyn,
Jonathan Corbet, Madhavan Srinivasan, Michael Ellerman,
Nicholas Piggin, Naveen N Rao, Mimi Zohar, Roberto Sassu,
Dmitry Kasatkin, Eric Snowberg, Nicolas Schier, Daniel Gomez,
Aaron Tomlin, Christophe Leroy (CS GROUP), Nicolas Schier,
Nicolas Bouchinet, Xiu Jianfeng, Fabian Grünbichler,
Arnout Engelen, Mattia Rizzolo, kpcyrd, Christian Heusel,
Câju Mihai-Drosi, Sebastian Andrzej Siewior, linux-kbuild,
linux-kernel, linux-arch, linux-modules, linux-security-module,
linux-doc, linuxppc-dev, linux-integrity
In-Reply-To: <aa92ce4a-d336-4d03-b87d-1c39b1c553da@suse.com>
On 2026-01-29 15:41:43+0100, Petr Pavlu wrote:
> On 1/13/26 1:28 PM, Thomas Weißschuh wrote:
> > The signature splitting will also be used by CONFIG_MODULE_HASHES.
> >
> > Move it up the callchain, so the result can be reused.
> >
> > Signed-off-by: Thomas Weißschuh <linux@weissschuh.net>
> > ---
> > [...]
> > diff --git a/kernel/module/main.c b/kernel/module/main.c
> > index c09b25c0166a..d65bc300a78c 100644
> > --- a/kernel/module/main.c
> > +++ b/kernel/module/main.c
> > @@ -3346,10 +3346,21 @@ static int early_mod_check(struct load_info *info, int flags)
> >
> > static int module_integrity_check(struct load_info *info, int flags)
> > {
> > + bool mangled_module = flags & (MODULE_INIT_IGNORE_MODVERSIONS |
> > + MODULE_INIT_IGNORE_VERMAGIC);
> > + size_t sig_len;
> > + const u8 *sig;
> > int err = 0;
> >
> > + if (IS_ENABLED(CONFIG_MODULE_SIG_POLICY)) {
> > + err = mod_split_sig(info->hdr, &info->len, mangled_module,
> > + &sig_len, &sig, "module");
> > + if (err)
> > + return err;
> > + }
> > +
> > if (IS_ENABLED(CONFIG_MODULE_SIG))
> > - err = module_sig_check(info, flags);
> > + err = module_sig_check(info, sig, sig_len);
> >
> > if (err)
> > return err;
>
> I suggest moving the IS_ENABLED(CONFIG_MODULE_SIG) block under the
> new IS_ENABLED(CONFIG_MODULE_SIG_POLICY) section. I realize that
> CONFIG_MODULE_SIG implies CONFIG_MODULE_SIG_POLICY, but I believe this
> change makes it more apparent that this it the case. Otherwise, one
> might for example wonder if sig_len in the module_sig_check() call can
> be undefined.
>
> if (IS_ENABLED(CONFIG_MODULE_SIG_POLICY)) {
> err = mod_split_sig(info->hdr, &info->len, mangled_module,
> &sig_len, &sig, "module");
> if (err)
> return err;
>
> if (IS_ENABLED(CONFIG_MODULE_SIG))
> err = module_sig_check(info, sig, sig_len);
> }
Ack.
^ permalink raw reply
* Re: [PATCH v4 08/17] module: Deduplicate signature extraction
From: Thomas Weißschuh @ 2026-02-03 12:41 UTC (permalink / raw)
To: Petr Pavlu
Cc: Nathan Chancellor, Arnd Bergmann, Luis Chamberlain, Sami Tolvanen,
Daniel Gomez, Paul Moore, James Morris, Serge E. Hallyn,
Jonathan Corbet, Madhavan Srinivasan, Michael Ellerman,
Nicholas Piggin, Naveen N Rao, Mimi Zohar, Roberto Sassu,
Dmitry Kasatkin, Eric Snowberg, Nicolas Schier, Daniel Gomez,
Aaron Tomlin, Christophe Leroy (CS GROUP), Nicolas Schier,
Nicolas Bouchinet, Xiu Jianfeng, Fabian Grünbichler,
Arnout Engelen, Mattia Rizzolo, kpcyrd, Christian Heusel,
Câju Mihai-Drosi, Sebastian Andrzej Siewior, linux-kbuild,
linux-kernel, linux-arch, linux-modules, linux-security-module,
linux-doc, linuxppc-dev, linux-integrity
In-Reply-To: <52cbbccf-d5b6-4a33-b16a-4a09fe5e64d3@suse.com>
On 2026-01-27 16:20:15+0100, Petr Pavlu wrote:
> On 1/13/26 1:28 PM, Thomas Weißschuh wrote:
(...)
> > int module_sig_check(struct load_info *info, int flags)
> > {
> > - int err = -ENODATA;
> > - const unsigned long markerlen = sizeof(MODULE_SIG_STRING) - 1;
> > + int err;
> > const char *reason;
> > const void *mod = info->hdr;
> > + size_t sig_len;
> > + const u8 *sig;
> > bool mangled_module = flags & (MODULE_INIT_IGNORE_MODVERSIONS |
> > MODULE_INIT_IGNORE_VERMAGIC);
> > - /*
> > - * Do not allow mangled modules as a module with version information
> > - * removed is no longer the module that was signed.
> > - */
> > - if (!mangled_module &&
> > - info->len > markerlen &&
> > - memcmp(mod + info->len - markerlen, MODULE_SIG_STRING, markerlen) == 0) {
> > - /* We truncate the module to discard the signature */
> > - info->len -= markerlen;
> > - err = mod_verify_sig(mod, info);
> > +
> > + err = mod_split_sig(info->hdr, &info->len, mangled_module, &sig_len, &sig, "module");
> > + if (!err) {
> > + err = verify_pkcs7_signature(mod, info->len, sig, sig_len,
> > + VERIFY_USE_SECONDARY_KEYRING,
> > + VERIFYING_MODULE_SIGNATURE,
> > + NULL, NULL);
> > if (!err) {
> > info->sig_ok = true;
> > return 0;
>
> The patch looks to modify the behavior when mangled_module is true.
>
> Previously, module_sig_check() didn't attempt to extract the signature
> in such a case and treated the module as unsigned. The err remained set
> to -ENODATA and the function subsequently consulted module_sig_check()
> and security_locked_down() to determine an appropriate result.
>
> Newly, module_sig_check() calls mod_split_sig(), which skips the
> extraction of the marker ("~Module signature appended~\n") from the end
> of the module and instead attempts to read it as an actual
> module_signature. The value is then passed to mod_check_sig() which
> should return -EBADMSG. The error is propagated to module_sig_check()
> and treated as fatal, without consulting module_sig_check() and
> security_locked_down().
>
> I think the mangled_module flag should not be passed to mod_split_sig()
> and it should be handled solely by module_sig_check().
Ack.
(...)
> > diff --git a/security/integrity/ima/ima_modsig.c b/security/integrity/ima/ima_modsig.c
> > index 3265d744d5ce..a57342d39b07 100644
> > --- a/security/integrity/ima/ima_modsig.c
> > +++ b/security/integrity/ima/ima_modsig.c
> > @@ -40,44 +40,30 @@ struct modsig {
> > int ima_read_modsig(enum ima_hooks func, const void *buf, loff_t buf_len,
> > struct modsig **modsig)
> > {
> > - const size_t marker_len = strlen(MODULE_SIG_STRING);
> > - const struct module_signature *sig;
> > + size_t buf_len_sz = buf_len;
> > struct modsig *hdr;
> > size_t sig_len;
> > - const void *p;
> > + const u8 *sig;
> > int rc;
> >
> > - if (buf_len <= marker_len + sizeof(*sig))
> > - return -ENOENT;
> > -
> > - p = buf + buf_len - marker_len;
> > - if (memcmp(p, MODULE_SIG_STRING, marker_len))
> > - return -ENOENT;
> > -
> > - buf_len -= marker_len;
> > - sig = (const struct module_signature *)(p - sizeof(*sig));
> > -
> > - rc = mod_check_sig(sig, buf_len, func_tokens[func]);
> > + rc = mod_split_sig(buf, &buf_len_sz, true, &sig_len, &sig, func_tokens[func]);
>
> Passing mangled=true to mod_split_sig() seems incorrect here. It causes
> that the function doesn't properly extract the signature marker at the
> end of the module, no?
Indeed, thanks.
I am thinking about dropping this patch from the series for now.
It was meant for IMA modsig compatibility, which is not part of the
series anymore.
> > if (rc)
> > return rc;
> >
> > - sig_len = be32_to_cpu(sig->sig_len);
> > - buf_len -= sig_len + sizeof(*sig);
> > -
> > /* Allocate sig_len additional bytes to hold the raw PKCS#7 data. */
> > hdr = kzalloc(struct_size(hdr, raw_pkcs7, sig_len), GFP_KERNEL);
> > if (!hdr)
> > return -ENOMEM;
> >
> > hdr->raw_pkcs7_len = sig_len;
> > - hdr->pkcs7_msg = pkcs7_parse_message(buf + buf_len, sig_len);
> > + hdr->pkcs7_msg = pkcs7_parse_message(sig, sig_len);
> > if (IS_ERR(hdr->pkcs7_msg)) {
> > rc = PTR_ERR(hdr->pkcs7_msg);
> > kfree(hdr);
> > return rc;
> > }
> >
> > - memcpy(hdr->raw_pkcs7, buf + buf_len, sig_len);
> > + memcpy(hdr->raw_pkcs7, sig, sig_len);
> >
> > /* We don't know the hash algorithm yet. */
> > hdr->hash_algo = HASH_ALGO__LAST;
> >
^ permalink raw reply
* Re: [PATCH v4 15/17] module: Introduce hash-based integrity checking
From: Petr Pavlu @ 2026-02-03 12:19 UTC (permalink / raw)
To: Thomas Weißschuh
Cc: Nathan Chancellor, Arnd Bergmann, Luis Chamberlain, Sami Tolvanen,
Daniel Gomez, Paul Moore, James Morris, Serge E. Hallyn,
Jonathan Corbet, Madhavan Srinivasan, Michael Ellerman,
Nicholas Piggin, Naveen N Rao, Mimi Zohar, Roberto Sassu,
Dmitry Kasatkin, Eric Snowberg, Nicolas Schier, Daniel Gomez,
Aaron Tomlin, Christophe Leroy (CS GROUP), Nicolas Schier,
Nicolas Bouchinet, Xiu Jianfeng, Fabian Grünbichler,
Arnout Engelen, Mattia Rizzolo, kpcyrd, Christian Heusel,
Câju Mihai-Drosi, Sebastian Andrzej Siewior, linux-kbuild,
linux-kernel, linux-arch, linux-modules, linux-security-module,
linux-doc, linuxppc-dev, linux-integrity
In-Reply-To: <20260113-module-hashes-v4-15-0b932db9b56b@weissschuh.net>
On 1/13/26 1:28 PM, Thomas Weißschuh wrote:
> The current signature-based module integrity checking has some drawbacks
> in combination with reproducible builds. Either the module signing key
> is generated at build time, which makes the build unreproducible, or a
> static signing key is used, which precludes rebuilds by third parties
> and makes the whole build and packaging process much more complicated.
>
> The goal is to reach bit-for-bit reproducibility. Excluding certain
> parts of the build output from the reproducibility analysis would be
> error-prone and force each downstream consumer to introduce new tooling.
>
> Introduce a new mechanism to ensure only well-known modules are loaded
> by embedding a merkle tree root of all modules built as part of the full
> kernel build into vmlinux.
>
> Non-builtin modules can be validated as before through signatures.
>
> Normally the .ko module files depend on a fully built vmlinux to be
> available for modpost validation and BTF generation. With
> CONFIG_MODULE_HASHES, vmlinux now depends on the modules
> to build a merkle tree. This introduces a dependency cycle which is
> impossible to satisfy. Work around this by building the modules during
> link-vmlinux.sh, after vmlinux is complete enough for modpost and BTF
> but before the final module hashes are
>
> The PKCS7 format which is used for regular module signatures can not
> represent Merkle proofs, so a new kind of module signature is
> introduced. As this signature type is only ever used for builtin
> modules, no compatibility issues can arise.
Nit: The description uses the term "builtin modules" in a misleading
way. Typically, "builtin modules" refers to modules that are linked
directly into vmlinux. However, this text uses the term to refer to
loadable modules that are built together with the main kernel image,
which is something different.
> diff --git a/scripts/modules-merkle-tree.c b/scripts/modules-merkle-tree.c
> new file mode 100644
> index 000000000000..a6ec0e21213b
> --- /dev/null
> +++ b/scripts/modules-merkle-tree.c
> @@ -0,0 +1,467 @@
> +// SPDX-License-Identifier: GPL-2.0-or-later
> +/*
> + * Compute hashes for modules files and build a merkle tree.
> + *
> + * Copyright (C) 2025 Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
> + * Copyright (C) 2025 Thomas Weißschuh <linux@weissschuh.net>
> + *
> + */
> +#define _GNU_SOURCE 1
> +#include <arpa/inet.h>
> +#include <err.h>
> +#include <unistd.h>
> +#include <fcntl.h>
> +#include <stdarg.h>
> +#include <stdio.h>
> +#include <string.h>
> +#include <stdbool.h>
> +#include <stdlib.h>
> +
> +#include <sys/stat.h>
> +#include <sys/mman.h>
> +
> +#include <openssl/evp.h>
> +#include <openssl/err.h>
> +
> +#include "ssl-common.h"
> +
> +static int hash_size;
> +static EVP_MD_CTX *ctx;
> +
> +struct module_signature {
> + uint8_t algo; /* Public-key crypto algorithm [0] */
> + uint8_t hash; /* Digest algorithm [0] */
> + uint8_t id_type; /* Key identifier type [PKEY_ID_PKCS7] */
> + uint8_t signer_len; /* Length of signer's name [0] */
> + uint8_t key_id_len; /* Length of key identifier [0] */
> + uint8_t __pad[3];
> + uint32_t sig_len; /* Length of signature data */
> +};
> +
> +#define PKEY_ID_MERKLE 3
> +
> +static const char magic_number[] = "~Module signature appended~\n";
It might make sense to put these common structures into a file under
scripts/include/ so they can be shared by both scripts/sign-file.c and
scripts/modules-merkle-tree.c.
> +
> +struct file_entry {
> + char *name;
> + unsigned int pos;
> + unsigned char hash[EVP_MAX_MD_SIZE];
> +};
> +
> +static struct file_entry *fh_list;
> +static size_t num_files;
> +
> +struct leaf_hash {
> + unsigned char hash[EVP_MAX_MD_SIZE];
> +};
> +
> +struct mtree {
> + struct leaf_hash **l;
> + unsigned int *entries;
> + unsigned int levels;
> +};
> +
> +static inline void *xcalloc(size_t n, size_t size)
> +{
> + void *p;
> +
> + p = calloc(n, size);
> + if (!p)
> + errx(1, "Memory allocation failed");
> +
> + return p;
> +}
> +
> +static void *xmalloc(size_t size)
> +{
> + void *p;
> +
> + p = malloc(size);
> + if (!p)
> + errx(1, "Memory allocation failed");
> +
> + return p;
> +}
> +
> +static inline void *xreallocarray(void *oldp, size_t n, size_t size)
> +{
> + void *p;
> +
> + p = reallocarray(oldp, n, size);
> + if (!p)
> + errx(1, "Memory allocation failed");
> +
> + return p;
> +}
> +
> +static inline char *xasprintf(const char *fmt, ...)
> +{
> + va_list ap;
> + char *strp;
> + int ret;
> +
> + va_start(ap, fmt);
> + ret = vasprintf(&strp, fmt, ap);
> + va_end(ap);
> + if (ret == -1)
> + err(1, "Memory allocation failed");
> +
> + return strp;
> +}
I believe it is preferable to use xmalloc() and related functions from
scripts/include/xalloc.h, instead of defining your own variants. If
something is missing in xalloc.h, it can be extended.
> +
> +static unsigned int get_pow2(unsigned int val)
> +{
> + return 31 - __builtin_clz(val);
> +}
> +
> +static unsigned int roundup_pow2(unsigned int val)
> +{
> + return 1 << (get_pow2(val - 1) + 1);
> +}
> +
> +static unsigned int log2_roundup(unsigned int val)
> +{
> + return get_pow2(roundup_pow2(val));
> +}
In the edge case when the kernel is built with only one module, the code
calls log2_roundup(1) -> roundup_pow2(1) -> get_pow2(0) ->
__builtin_clz(0). The return value of __builtin_clz() is undefined if
the input is zero.
> +
> +static void hash_data(void *p, unsigned int pos, size_t size, void *ret_hash)
> +{
> + unsigned char magic = 0x01;
> + unsigned int pos_be;
> +
> + pos_be = htonl(pos);
> +
> + ERR(EVP_DigestInit_ex(ctx, NULL, NULL) != 1, "EVP_DigestInit_ex()");
> + ERR(EVP_DigestUpdate(ctx, &magic, sizeof(magic)) != 1, "EVP_DigestUpdate(magic)");
> + ERR(EVP_DigestUpdate(ctx, &pos_be, sizeof(pos_be)) != 1, "EVP_DigestUpdate(pos)");
> + ERR(EVP_DigestUpdate(ctx, p, size) != 1, "EVP_DigestUpdate(data)");
> + ERR(EVP_DigestFinal_ex(ctx, ret_hash, NULL) != 1, "EVP_DigestFinal_ex()");
> +}
> +
> +static void hash_entry(void *left, void *right, void *ret_hash)
> +{
> + int hash_size = EVP_MD_CTX_get_size_ex(ctx);
Nit: The local variable hash_size can be removed, as the static variable
with the same name should hold the same value.
> + unsigned char magic = 0x02;
> +
> + ERR(EVP_DigestInit_ex(ctx, NULL, NULL) != 1, "EVP_DigestInit_ex()");
> + ERR(EVP_DigestUpdate(ctx, &magic, sizeof(magic)) != 1, "EVP_DigestUpdate(magic)");
> + ERR(EVP_DigestUpdate(ctx, left, hash_size) != 1, "EVP_DigestUpdate(left)");
> + ERR(EVP_DigestUpdate(ctx, right, hash_size) != 1, "EVP_DigestUpdate(right)");
> + ERR(EVP_DigestFinal_ex(ctx, ret_hash, NULL) != 1, "EVP_DigestFinal_ex()");
> +}
> +
> +static void hash_file(struct file_entry *fe)
> +{
> + struct stat sb;
> + int fd, ret;
> + void *mem;
> +
> + fd = open(fe->name, O_RDONLY);
> + if (fd < 0)
> + err(1, "Failed to open %s", fe->name);
> +
> + ret = fstat(fd, &sb);
> + if (ret)
> + err(1, "Failed to stat %s", fe->name);
> +
> + mem = mmap(NULL, sb.st_size, PROT_READ, MAP_SHARED, fd, 0);
> + close(fd);
> +
> + if (mem == MAP_FAILED)
> + err(1, "Failed to mmap %s", fe->name);
Nit: The err() call should be moved immediately after mmap(). In theory,
the interleaving close() could change the errno value, resulting in
err() printing a misleading error message.
> +
> + hash_data(mem, fe->pos, sb.st_size, fe->hash);
> +
> + munmap(mem, sb.st_size);
> +}
> +
> +static struct mtree *build_merkle(struct file_entry *fh, size_t num)
> +{
> + struct mtree *mt;
> + unsigned int le;
> +
> + if (!num)
> + return NULL;
> +
> + mt = xmalloc(sizeof(*mt));
> + mt->levels = log2_roundup(num);
> +
> + mt->l = xcalloc(sizeof(*mt->l), mt->levels);
> +
> + mt->entries = xcalloc(sizeof(*mt->entries), mt->levels);
> + le = num / 2;
> + if (num & 1)
> + le++;
> + mt->entries[0] = le;
> + mt->l[0] = xcalloc(sizeof(**mt->l), le);
> +
> + /* First level of pairs */
> + for (unsigned int i = 0; i < num; i += 2) {
> + if (i == num - 1) {
> + /* Odd number of files, no pair. Hash with itself */
> + hash_entry(fh[i].hash, fh[i].hash, mt->l[0][i / 2].hash);
> + } else {
> + hash_entry(fh[i].hash, fh[i + 1].hash, mt->l[0][i / 2].hash);
> + }
> + }
> + for (unsigned int i = 1; i < mt->levels; i++) {
> + int odd = 0;
> +
> + if (le & 1) {
> + le++;
> + odd++;
> + }
> +
> + mt->entries[i] = le / 2;
> + mt->l[i] = xcalloc(sizeof(**mt->l), le);
l[i] is overallocated. It needs only 'le / 2' entries.
> +
> + for (unsigned int n = 0; n < le; n += 2) {
> + if (n == le - 2 && odd) {
> + /* Odd number of pairs, no pair. Hash with itself */
> + hash_entry(mt->l[i - 1][n].hash, mt->l[i - 1][n].hash,
> + mt->l[i][n / 2].hash);
> + } else {
> + hash_entry(mt->l[i - 1][n].hash, mt->l[i - 1][n + 1].hash,
> + mt->l[i][n / 2].hash);
> + }
> + }
> + le = mt->entries[i];
Nit: It might be helpful to write both the first-level and other-level
loops in the same style to make them easier to understand, perhaps by
clearly separating the number of entries at each level. I suggest
something like the following:
static struct mtree *build_merkle(struct file_entry *fh, size_t num_files)
{
struct mtree *mt;
unsigned int num_cur_le, num_prev_le;
if (!num_files)
return NULL;
mt = xmalloc(sizeof(*mt));
mt->levels = log2_roundup(num_files);
mt->l = xcalloc(sizeof(*mt->l), mt->levels);
mt->entries = xcalloc(sizeof(*mt->entries), mt->levels);
num_cur_le = (num_files + 1) / 2;
mt->entries[0] = num_cur_le;
mt->l[0] = xcalloc(sizeof(**mt->l), num_cur_le);
/* First level of pairs */
for (unsigned int i = 0; i < num_files; i += 2) {
/* Hash the pair, or the last file with itself if it's odd. */
void *right = i + 1 < num_files ? fh[i + 1].hash : fh[i].hash;
hash_entry(fh[i].hash, right, mt->l[0][i / 2].hash);
}
for (unsigned int i = 1; i < mt->levels; i++) {
num_prev_le = num_cur_le;
num_cur_le = (num_prev_le + 1) / 2;
mt->entries[i] = num_cur_le;
mt->l[i] = xcalloc(sizeof(**mt->l), num_cur_le);
for (unsigned int n = 0; n < num_prev_le; n += 2) {
/* Hash the pair, or the last with itself if it's odd. */
void *right = n + 1 < num_prev_le ?
mt->l[i - 1][n + 1].hash :
mt->l[i - 1][n].hash;
hash_entry(mt->l[i - 1][n].hash, right,
mt->l[i][n / 2].hash);
}
}
return mt;
}
> + }
> + return mt;
> +}
> +
> +static void free_mtree(struct mtree *mt)
> +{
> + if (!mt)
> + return;
> +
> + for (unsigned int i = 0; i < mt->levels; i++)
> + free(mt->l[i]);
> +
> + free(mt->l);
> + free(mt->entries);
> + free(mt);
> +}
> +
> +static void write_be_int(int fd, unsigned int v)
> +{
> + unsigned int be_val = htonl(v);
> +
> + if (write(fd, &be_val, sizeof(be_val)) != sizeof(be_val))
> + err(1, "Failed writing to file");
> +}
> +
> +static void write_hash(int fd, const void *h)
> +{
> + ssize_t wr;
> +
> + wr = write(fd, h, hash_size);
> + if (wr != hash_size)
> + err(1, "Failed writing to file");
> +}
Nit: This could be
if (write(fd, h, hash_size) != hash_size)
to keep the style of write_be_int() and write_hash() consistent.
> +
> +static void build_proof(struct mtree *mt, unsigned int n, int fd)
> +{
> + unsigned char cur[EVP_MAX_MD_SIZE];
> + unsigned char tmp[EVP_MAX_MD_SIZE];
> + struct file_entry *fe, *fe_sib;
> +
> + fe = &fh_list[n];
> +
> + if ((n & 1) == 0) {
> + /* No pair, hash with itself */
> + if (n + 1 == num_files)
> + fe_sib = fe;
> + else
> + fe_sib = &fh_list[n + 1];
> + } else {
> + fe_sib = &fh_list[n - 1];
> + }
> + /* First comes the node position into the file */
> + write_be_int(fd, n);
> +
> + if ((n & 1) == 0)
> + hash_entry(fe->hash, fe_sib->hash, cur);
> + else
> + hash_entry(fe_sib->hash, fe->hash, cur);
> +
> + /* Next is the sibling hash, followed by hashes in the tree */
> + write_hash(fd, fe_sib->hash);
> +
> + for (unsigned int i = 0; i < mt->levels - 1; i++) {
> + n >>= 1;
> + if ((n & 1) == 0) {
> + void *h;
> +
> + /* No pair, hash with itself */
> + if (n + 1 == mt->entries[i])
> + h = cur;
> + else
> + h = mt->l[i][n + 1].hash;
> +
> + hash_entry(cur, h, tmp);
> + write_hash(fd, h);
> + } else {
> + hash_entry(mt->l[i][n - 1].hash, cur, tmp);
> + write_hash(fd, mt->l[i][n - 1].hash);
> + }
> + memcpy(cur, tmp, hash_size);
> + }
> +
> + /* After all that, the end hash should match the root hash */
> + if (memcmp(cur, mt->l[mt->levels - 1][0].hash, hash_size))
> + errx(1, "hash mismatch");
> +}
> +
> +static void append_module_signature_magic(int fd, unsigned int sig_len)
> +{
> + struct module_signature sig_info = {
> + .id_type = PKEY_ID_MERKLE,
> + .sig_len = htonl(sig_len),
> + };
> +
> + if (write(fd, &sig_info, sizeof(sig_info)) < 0)
> + err(1, "write(sig_info) failed");
> +
> + if (write(fd, &magic_number, sizeof(magic_number) - 1) < 0)
> + err(1, "write(magic_number) failed");
Nit: Checking that the written size exactly matches the size of the
input data would be safer and consistent with other uses of write() in
write_be_int() and write_hash(). Additionally, it would be good to make
the error messages consistent in all cases.
> +}
> +
> +static void write_merkle_root(struct mtree *mt, const char *fp)
> +{
> + char buf[1024];
> + unsigned int levels;
> + unsigned char *h;
> + FILE *f;
> +
> + if (mt) {
> + levels = mt->levels;
> + h = mt->l[mt->levels - 1][0].hash;
> + } else {
> + levels = 0;
> + h = xcalloc(1, hash_size);
> + }
> +
> + f = fopen(fp, "w");
> + if (!f)
> + err(1, "Failed to create %s", buf);
The last parameter to err() should be fp. The buf variable is then
unused and can be removed.
> +
> + fprintf(f, "#include <linux/module_hashes.h>\n\n");
> + fprintf(f, "const struct module_hashes_root module_hashes_root __module_hashes_section = {\n");
> +
> + fprintf(f, "\t.levels = %u,\n", levels);
> + fprintf(f, "\t.hash = {");
> + for (unsigned int i = 0; i < hash_size; i++) {
> + char *space = "";
> +
> + if (!(i % 8))
> + fprintf(f, "\n\t\t");
> +
> + if ((i + 1) % 8)
> + space = " ";
> +
> + fprintf(f, "0x%02x,%s", h[i], space);
> + }
> + fprintf(f, "\n\t},");
> +
> + fprintf(f, "\n};\n");
> + fclose(f);
Is it ok not to check the return values when writing to this output
file? Other code checks that its output was successful.
> +
> + if (!mt)
> + free(h);
> +}
> +
> +static char *xstrdup_replace_suffix(const char *str, const char *new_suffix)
> +{
> + const char *current_suffix;
> + size_t base_len;
> +
> + current_suffix = strchr(str, '.');
It is safer to use strrchr() in case the module path happens to contain
a dot.
> + if (!current_suffix)
> + errx(1, "No existing suffix in '%s'", str);
> +
> + base_len = current_suffix - str;
> +
> + return xasprintf("%.*s%s", (int)base_len, str, new_suffix);
> +}
> +
> +static void read_modules_order(const char *fname, const char *suffix)
> +{
> + char line[PATH_MAX];
<limits.h> should be included at the top to provide the definition of
PATH_MAX.
> + FILE *in;
> +
> + in = fopen(fname, "r");
> + if (!in)
> + err(1, "fopen(%s)", fname);
Nit: The error message could be "Failed to open %s" to maintain
consistency with a similar error in write_merkle_root().
> +
> + while (fgets(line, PATH_MAX, in)) {
> + struct file_entry *entry;
> +
> + fh_list = xreallocarray(fh_list, num_files + 1, sizeof(*fh_list));
It might be useful to not reallocate this array for each file, although
I don't immediately see that it contributes any significant time to the
runtime.
> + entry = &fh_list[num_files];
> +
> + entry->pos = num_files;
> + entry->name = xstrdup_replace_suffix(line, suffix);
> + hash_file(entry);
> +
> + num_files++;
> + }
> +
> + fclose(in);
> +}
> +
> +static __attribute__((noreturn))
> +void format(void)
> +{
> + fprintf(stderr,
> + "Usage: scripts/modules-merkle-tree <root definition>\n");
The usage string should mention the second parameter, which is the
module suffix.
> + exit(2);
> +}
> +
> +int main(int argc, char *argv[])
> +{
> + const EVP_MD *hash_evp;
> + struct mtree *mt;
> +
> + if (argc != 3)
> + format();
> +
> + hash_evp = EVP_get_digestbyname("sha256");
> + ERR(!hash_evp, "EVP_get_digestbyname");
> +
> + ctx = EVP_MD_CTX_new();
> + ERR(!ctx, "EVP_MD_CTX_new()");
> +
> + hash_size = EVP_MD_get_size(hash_evp);
> + ERR(hash_size <= 0, "EVP_get_digestbyname");
> +
> + if (EVP_DigestInit_ex(ctx, hash_evp, NULL) != 1)
> + ERR(1, "EVP_DigestInit_ex()");
> +
> + read_modules_order("modules.order", argv[2]);
> +
> + mt = build_merkle(fh_list, num_files);
> + write_merkle_root(mt, argv[1]);
> + for (unsigned int i = 0; i < num_files; i++) {
> + char *signame;
> + int fd;
> +
> + signame = xstrdup_replace_suffix(fh_list[i].name, ".merkle");
> +
> + fd = open(signame, O_WRONLY | O_CREAT | O_TRUNC, 0644);
> + if (fd < 0)
> + err(1, "Can't create %s", signame);
> +
> + build_proof(mt, i, fd);
> + append_module_signature_magic(fd, lseek(fd, 0, SEEK_CUR));
> + close(fd);
The return code of close() should be checked, otherwise it is
meaningless to check the write() calls in
append_module_signature_magic().
> + }
> +
> + free_mtree(mt);
> + for (unsigned int i = 0; i < num_files; i++)
> + free(fh_list[i].name);
> + free(fh_list);
> +
> + EVP_MD_CTX_free(ctx);
> + return 0;
> +}
--
Thanks,
Petr
^ permalink raw reply
* Re: [PATCH net-next v2 0/4] net: uapi: Provide an UAPI definition of 'struct sockaddr'
From: Thomas Weißschuh @ 2026-02-03 11:42 UTC (permalink / raw)
To: Jakub Kicinski
Cc: Eric Dumazet, Kuniyuki Iwashima, Paolo Abeni, Willem de Bruijn,
David S. Miller, Simon Horman, Shuah Khan, Matthieu Baerts,
Mat Martineau, Geliang Tang, Mickaël Salaün,
Günther Noack, Alexei Starovoitov, Daniel Borkmann,
Jesper Dangaard Brouer, John Fastabend, Stanislav Fomichev,
Andrii Nakryiko, Martin KaFai Lau, Eduard Zingerman, Song Liu,
Yonghong Song, KP Singh, Hao Luo, Jiri Olsa, netdev, linux-kernel,
linux-api, Arnd Bergmann, linux-kselftest, mptcp,
linux-security-module, bpf, libc-alpha, Carlos O'Donell,
Adhemerval Zanella, Rich Felker, klibc, Florian Weimer
In-Reply-To: <20260131092517.6639d84c@kernel.org>
On Sat, Jan 31, 2026 at 09:25:17AM -0800, Jakub Kicinski wrote:
> On Sat, 31 Jan 2026 11:26:32 +0100 Thomas Weißschuh wrote:
> > Jan 30, 2026 17:17:46 Jakub Kicinski <kuba@kernel.org>:
> >
> > > On Fri, 30 Jan 2026 11:34:15 +0100 Thomas Weißschuh wrote:
> > >> Some of them get broken by the new 'struct sockaddr', but some others are
> > >> already broken just by the new transitive inclusion of libc-compat.h.
> > >> So any header starting to use the compatibility machinery may trigger breakage
> > >> in code including UAPI headers before libc header, even for completely new type
> > >> definitions which themselves would not conflict with libc.
> > >
> > > Let's split the uAPI header changes from any selftest changes.
> > > If you're saying the the selftests no longer build after the uAPI
> > > header changes then of course we can't apply the patches.
> >
> > Yes, the selftests don't build anymore after the uAPI changes.
> >
> > "can't apply" as in
> > * "can't apply separately"
> > * "are unacceptable in general"
>
> this one
>
> > * "are too late for this cycle"
> > ?
> >
> > None of this is urgent.
> > We can do the selftests in one cycle and the uAPI in another one.
> > Feel free to pick up the patches as you see fit.
> > (The mptcp changes already go through their tree, so need to be dropped here)
> > I can also resubmit the patches differently if preferred.
>
> The selftests are just a canary in the coalmine. If we break a bunch of
> selftests chances are we'll also break compilation of real applications
> for people. Subjective, but I don't see a sufficient upside here to do
> that.
Okay. We'll have around this inconsistency then.
> FWIW the typelimits change broke compilation of ethtool, we'll see if
> anyone "outside kernel community itself" complains.
Can you point me to that breakage? I was unable to find it.
Thomas
^ permalink raw reply
* Re: [PATCH v4 00/17] module: Introduce hash-based integrity checking
From: David Howells @ 2026-02-03 8:22 UTC (permalink / raw)
To: James Bottomley
Cc: dhowells, Mihai-Drosi Câju, linux, arnd, arnout, atomlin,
bigeasy, chleroy, christian, corbet, coxu, da.gomez, da.gomez,
dmitry.kasatkin, eric.snowberg, f.gruenbichler, jmorris, kpcyrd,
linux-arch, linux-doc, linux-integrity, linux-kbuild,
linux-kernel, linux-modules, linux-security-module, linuxppc-dev,
lkp, maddy, mattia, mcgrof, mpe, nathan, naveen,
nicolas.bouchinet, nicolas.schier, npiggin, nsc, paul, petr.pavlu,
roberto.sassu, samitolvanen, serge, xiujianfeng, zohar
In-Reply-To: <8b12f1d28d3859467c3b5f6bc352038ce7627e54.camel@HansenPartnership.com>
James Bottomley <James.Bottomley@HansenPartnership.com> wrote:
> > There is another issue too: If you have a static private key that you
> > use to sign modules (and probably other things), someone will likely
> > give you a GPL request to get it.
>
> The SFC just lost that exact point in the Vizio trial, so I think
> you're wrong on this under US law at least. There's no general ability
> under GPLv2 to demand long lived signing keys.
Cool :-). I just know that I've been sent GPL requests for kernel keys.
David
^ permalink raw reply
* Re: [PATCH v4 00/17] module: Introduce hash-based integrity checking
From: James Bottomley @ 2026-02-03 8:18 UTC (permalink / raw)
To: David Howells, Mihai-Drosi Câju
Cc: linux, arnd, arnout, atomlin, bigeasy, chleroy, christian, corbet,
coxu, da.gomez, da.gomez, dmitry.kasatkin, eric.snowberg,
f.gruenbichler, jmorris, kpcyrd, linux-arch, linux-doc,
linux-integrity, linux-kbuild, linux-kernel, linux-modules,
linux-security-module, linuxppc-dev, lkp, maddy, mattia, mcgrof,
mpe, nathan, naveen, nicolas.bouchinet, nicolas.schier, npiggin,
nsc, paul, petr.pavlu, roberto.sassu, samitolvanen, serge,
xiujianfeng, zohar
In-Reply-To: <2316630.1769965788@warthog.procyon.org.uk>
On Sun, 2026-02-01 at 17:09 +0000, David Howells wrote:
> Mihai-Drosi Câju <mcaju95@gmail.com> wrote:
>
> > > The current signature-based module integrity checking has some
> > > drawbacks
> > in combination with reproducible builds. Either the module signing
> > key is generated at build time, which makes the build
> > unreproducible, or a static signing key is used, which precludes
> > rebuilds by third parties and makes the whole build and packaging
> > process much more complicated.
>
> There is another issue too: If you have a static private key that you
> use to sign modules (and probably other things), someone will likely
> give you a GPL request to get it.
The SFC just lost that exact point in the Vizio trial, so I think
you're wrong on this under US law at least. There's no general ability
under GPLv2 to demand long lived signing keys.
Regards,
James
^ permalink raw reply
* [PATCH v2 2/3] evm: Don't enable fix mode when secure boot is enabled
From: Coiby Xu @ 2026-02-03 4:14 UTC (permalink / raw)
To: linux-integrity
Cc: Heiko Carstens, Alexander Egorenkov, Ard Biesheuvel, Dave Hansen,
Mimi Zohar, Roberto Sassu, Dmitry Kasatkin, Eric Snowberg,
Paul Moore, James Morris, Serge E. Hallyn,
open list:SECURITY SUBSYSTEM, open list
In-Reply-To: <20260203041434.872784-1-coxu@redhat.com>
Similar to IMA fix mode, forbid EVM fix mode when secure boot is
enabled.
Reported-and-suggested-by: Mimi Zohar <zohar@linux.ibm.com>
Suggested-by: Roberto Sassu <roberto.sassu@huawei.com>
Signed-off-by: Coiby Xu <coxu@redhat.com>
---
security/integrity/evm/evm_main.c | 24 +++++++++++++++++-------
1 file changed, 17 insertions(+), 7 deletions(-)
diff --git a/security/integrity/evm/evm_main.c b/security/integrity/evm/evm_main.c
index 73d500a375cb..a54cb73b51ee 100644
--- a/security/integrity/evm/evm_main.c
+++ b/security/integrity/evm/evm_main.c
@@ -72,17 +72,25 @@ static struct xattr_list evm_config_default_xattrnames[] = {
LIST_HEAD(evm_config_xattrnames);
+static char *evm_cmdline __initdata;
+core_param(evm, evm_cmdline, charp, 0);
+
static int evm_fixmode __ro_after_init;
-static int __init evm_set_fixmode(char *str)
+static void __init evm_set_fixmode(void)
{
- if (strncmp(str, "fix", 3) == 0)
- evm_fixmode = 1;
- else
- pr_err("invalid \"%s\" mode", str);
+ if (!evm_cmdline)
+ return;
- return 1;
+ if (strncmp(evm_cmdline, "fix", 3) == 0) {
+ if (arch_get_secureboot()) {
+ pr_info("Secure boot enabled: ignoring evm=fix");
+ return;
+ }
+ evm_fixmode = 1;
+ } else {
+ pr_err("invalid \"%s\" mode", evm_cmdline);
+ }
}
-__setup("evm=", evm_set_fixmode);
static void __init evm_init_config(void)
{
@@ -1119,6 +1127,8 @@ static int __init init_evm(void)
evm_init_config();
+ evm_set_fixmode();
+
error = integrity_init_keyring(INTEGRITY_KEYRING_EVM);
if (error)
goto error;
--
2.52.0
^ permalink raw reply related
* [PATCH v2 1/3] integrity: Make arch_ima_get_secureboot integrity-wide
From: Coiby Xu @ 2026-02-03 4:14 UTC (permalink / raw)
To: linux-integrity
Cc: Heiko Carstens, Alexander Egorenkov, Ard Biesheuvel, Dave Hansen,
Mimi Zohar, Roberto Sassu, Madhavan Srinivasan, Michael Ellerman,
Nicholas Piggin, Christophe Leroy (CS GROUP), Vasily Gorbik,
Alexander Gordeev, Christian Borntraeger, Sven Schnelle,
Thomas Gleixner, Ingo Molnar, Borislav Petkov, Dave Hansen,
maintainer:X86 ARCHITECTURE (32-BIT AND 64-BIT), H. Peter Anvin,
Dmitry Kasatkin, Eric Snowberg, Paul Moore, James Morris,
Serge E. Hallyn, Jarkko Sakkinen, open list,
open list:LINUX FOR POWERPC (32-BIT AND 64-BIT),
open list:S390 ARCHITECTURE,
open list:EXTENSIBLE FIRMWARE INTERFACE (EFI),
open list:SECURITY SUBSYSTEM, open list:KEYS/KEYRINGS_INTEGRITY
In-Reply-To: <20260203041434.872784-1-coxu@redhat.com>
EVM and other LSMs need the ability to query the secure boot status of
the system, without directly calling the IMA arch_ima_get_secureboot
function. Refactor the secure boot status check into a general function
named arch_get_secureboot.
Reported-and-suggested-by: Mimi Zohar <zohar@linux.ibm.com>
Suggested-by: Roberto Sassu <roberto.sassu@huawei.com>
Signed-off-by: Coiby Xu <coxu@redhat.com>
---
MAINTAINERS | 1 +
arch/powerpc/kernel/ima_arch.c | 5 --
arch/powerpc/kernel/secure_boot.c | 6 ++
arch/s390/kernel/ima_arch.c | 6 --
arch/s390/kernel/ipl.c | 5 ++
arch/x86/include/asm/efi.h | 4 +-
arch/x86/platform/efi/efi.c | 2 +-
include/linux/ima.h | 7 +--
include/linux/secure_boot.h | 19 +++++++
security/integrity/Makefile | 3 +-
security/integrity/efi_secureboot.c | 56 +++++++++++++++++++
security/integrity/ima/ima_appraise.c | 2 +-
security/integrity/ima/ima_efi.c | 48 +---------------
security/integrity/ima/ima_main.c | 4 +-
security/integrity/integrity.h | 1 +
security/integrity/platform_certs/load_uefi.c | 2 +-
security/integrity/secure_boot.c | 16 ++++++
17 files changed, 117 insertions(+), 70 deletions(-)
create mode 100644 include/linux/secure_boot.h
create mode 100644 security/integrity/efi_secureboot.c
create mode 100644 security/integrity/secure_boot.c
diff --git a/MAINTAINERS b/MAINTAINERS
index 67db88b04537..1f963a621a99 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -12519,6 +12519,7 @@ R: Eric Snowberg <eric.snowberg@oracle.com>
L: linux-integrity@vger.kernel.org
S: Supported
T: git git://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity.git
+F: include/linux/secure_boot.h
F: security/integrity/
F: security/integrity/ima/
diff --git a/arch/powerpc/kernel/ima_arch.c b/arch/powerpc/kernel/ima_arch.c
index b7029beed847..0d8892a03526 100644
--- a/arch/powerpc/kernel/ima_arch.c
+++ b/arch/powerpc/kernel/ima_arch.c
@@ -7,11 +7,6 @@
#include <linux/ima.h>
#include <asm/secure_boot.h>
-bool arch_ima_get_secureboot(void)
-{
- return is_ppc_secureboot_enabled();
-}
-
/*
* The "secure_rules" are enabled only on "secureboot" enabled systems.
* These rules verify the file signatures against known good values.
diff --git a/arch/powerpc/kernel/secure_boot.c b/arch/powerpc/kernel/secure_boot.c
index 3a28795b4ed8..28436c1599e0 100644
--- a/arch/powerpc/kernel/secure_boot.c
+++ b/arch/powerpc/kernel/secure_boot.c
@@ -5,6 +5,7 @@
*/
#include <linux/types.h>
#include <linux/of.h>
+#include <linux/secure_boot.h>
#include <linux/string_choices.h>
#include <asm/secure_boot.h>
@@ -44,6 +45,11 @@ bool is_ppc_secureboot_enabled(void)
return enabled;
}
+bool arch_get_secureboot(void)
+{
+ return is_ppc_secureboot_enabled();
+}
+
bool is_ppc_trustedboot_enabled(void)
{
struct device_node *node;
diff --git a/arch/s390/kernel/ima_arch.c b/arch/s390/kernel/ima_arch.c
index f3c3e6e1c5d3..6ccbe34ce408 100644
--- a/arch/s390/kernel/ima_arch.c
+++ b/arch/s390/kernel/ima_arch.c
@@ -1,12 +1,6 @@
// SPDX-License-Identifier: GPL-2.0
#include <linux/ima.h>
-#include <asm/boot_data.h>
-
-bool arch_ima_get_secureboot(void)
-{
- return ipl_secure_flag;
-}
const char * const *arch_get_ima_policy(void)
{
diff --git a/arch/s390/kernel/ipl.c b/arch/s390/kernel/ipl.c
index dcdc7e274848..781deb588557 100644
--- a/arch/s390/kernel/ipl.c
+++ b/arch/s390/kernel/ipl.c
@@ -2504,6 +2504,11 @@ void *ipl_report_finish(struct ipl_report *report)
return buf;
}
+bool arch_get_secureboot(void)
+{
+ return ipl_secure_flag;
+}
+
int ipl_report_free(struct ipl_report *report)
{
struct ipl_report_component *comp, *ncomp;
diff --git a/arch/x86/include/asm/efi.h b/arch/x86/include/asm/efi.h
index f227a70ac91f..ee382b56dd7b 100644
--- a/arch/x86/include/asm/efi.h
+++ b/arch/x86/include/asm/efi.h
@@ -401,9 +401,9 @@ extern int __init efi_memmap_split_count(efi_memory_desc_t *md,
extern void __init efi_memmap_insert(struct efi_memory_map *old_memmap,
void *buf, struct efi_mem_range *mem);
-extern enum efi_secureboot_mode __x86_ima_efi_boot_mode(void);
+enum efi_secureboot_mode __x86_efi_boot_mode(void);
-#define arch_ima_efi_boot_mode __x86_ima_efi_boot_mode()
+#define arch_efi_boot_mode __x86_efi_boot_mode()
#ifdef CONFIG_EFI_RUNTIME_MAP
int efi_get_runtime_map_size(void);
diff --git a/arch/x86/platform/efi/efi.c b/arch/x86/platform/efi/efi.c
index 463b784499a8..d8b25ae7af1e 100644
--- a/arch/x86/platform/efi/efi.c
+++ b/arch/x86/platform/efi/efi.c
@@ -921,7 +921,7 @@ umode_t efi_attr_is_visible(struct kobject *kobj, struct attribute *attr, int n)
return attr->mode;
}
-enum efi_secureboot_mode __x86_ima_efi_boot_mode(void)
+enum efi_secureboot_mode __x86_efi_boot_mode(void)
{
return boot_params.secure_boot;
}
diff --git a/include/linux/ima.h b/include/linux/ima.h
index 8e29cb4e6a01..b3927b795a60 100644
--- a/include/linux/ima.h
+++ b/include/linux/ima.h
@@ -11,6 +11,7 @@
#include <linux/fs.h>
#include <linux/security.h>
#include <linux/kexec.h>
+#include <linux/secure_boot.h>
#include <crypto/hash_info.h>
struct linux_binprm;
@@ -72,14 +73,8 @@ int __init ima_get_kexec_buffer(void **addr, size_t *size);
#endif
#ifdef CONFIG_IMA_SECURE_AND_OR_TRUSTED_BOOT
-extern bool arch_ima_get_secureboot(void);
extern const char * const *arch_get_ima_policy(void);
#else
-static inline bool arch_ima_get_secureboot(void)
-{
- return false;
-}
-
static inline const char * const *arch_get_ima_policy(void)
{
return NULL;
diff --git a/include/linux/secure_boot.h b/include/linux/secure_boot.h
new file mode 100644
index 000000000000..3ded3f03655c
--- /dev/null
+++ b/include/linux/secure_boot.h
@@ -0,0 +1,19 @@
+/* SPDX-License-Identifier: GPL-2.0-only */
+/*
+ * Copyright (C) 2026 Red Hat, Inc. All Rights Reserved.
+ *
+ * Author: Coiby Xu <coxu@redhat.com>
+ */
+
+#ifndef _LINUX_SECURE_BOOT_H
+#define _LINUX_SECURE_BOOT_H
+
+#include <linux/types.h>
+
+/*
+ * Returns true if the platform secure boot is enabled.
+ * Returns false if disabled or not supported.
+ */
+bool arch_get_secureboot(void);
+
+#endif /* _LINUX_SECURE_BOOT_H */
diff --git a/security/integrity/Makefile b/security/integrity/Makefile
index 92b63039c654..548665e2b702 100644
--- a/security/integrity/Makefile
+++ b/security/integrity/Makefile
@@ -5,7 +5,7 @@
obj-$(CONFIG_INTEGRITY) += integrity.o
-integrity-y := iint.o
+integrity-y := iint.o secure_boot.o
integrity-$(CONFIG_INTEGRITY_AUDIT) += integrity_audit.o
integrity-$(CONFIG_INTEGRITY_SIGNATURE) += digsig.o
integrity-$(CONFIG_INTEGRITY_ASYMMETRIC_KEYS) += digsig_asymmetric.o
@@ -18,6 +18,7 @@ integrity-$(CONFIG_LOAD_IPL_KEYS) += platform_certs/load_ipl_s390.o
integrity-$(CONFIG_LOAD_PPC_KEYS) += platform_certs/efi_parser.o \
platform_certs/load_powerpc.o \
platform_certs/keyring_handler.o
+integrity-$(CONFIG_EFI) += efi_secureboot.o
# The relative order of the 'ima' and 'evm' LSMs depends on the order below.
obj-$(CONFIG_IMA) += ima/
obj-$(CONFIG_EVM) += evm/
diff --git a/security/integrity/efi_secureboot.c b/security/integrity/efi_secureboot.c
new file mode 100644
index 000000000000..bfd4260a83a3
--- /dev/null
+++ b/security/integrity/efi_secureboot.c
@@ -0,0 +1,56 @@
+// SPDX-License-Identifier: GPL-1.0+
+/*
+ * Copyright (C) 2018 IBM Corporation
+ */
+#include <linux/efi.h>
+#include <linux/secure_boot.h>
+#include <asm/efi.h>
+
+#ifndef arch_efi_boot_mode
+#define arch_efi_boot_mode efi_secureboot_mode_unset
+#endif
+
+static enum efi_secureboot_mode get_sb_mode(void)
+{
+ enum efi_secureboot_mode mode;
+
+ if (!efi_rt_services_supported(EFI_RT_SUPPORTED_GET_VARIABLE)) {
+ pr_info("integrity: secureboot mode unknown, no efi\n");
+ return efi_secureboot_mode_unknown;
+ }
+
+ mode = efi_get_secureboot_mode(efi.get_variable);
+ if (mode == efi_secureboot_mode_disabled)
+ pr_info("integrity: secureboot mode disabled\n");
+ else if (mode == efi_secureboot_mode_unknown)
+ pr_info("integrity: secureboot mode unknown\n");
+ else
+ pr_info("integrity: secureboot mode enabled\n");
+ return mode;
+}
+
+/*
+ * Query secure boot status
+ *
+ * Note don't call this function too early e.g. in __setup hook otherwise the
+ * kernel may hang when calling efi_get_secureboot_mode.
+ *
+ */
+bool arch_get_secureboot(void)
+{
+ static enum efi_secureboot_mode sb_mode;
+ static bool initialized;
+
+ if (!initialized && efi_enabled(EFI_BOOT)) {
+ sb_mode = arch_efi_boot_mode;
+
+ if (sb_mode == efi_secureboot_mode_unset)
+ sb_mode = get_sb_mode();
+ initialized = true;
+ }
+
+ if (sb_mode == efi_secureboot_mode_enabled)
+ return true;
+ else
+ return false;
+}
diff --git a/security/integrity/ima/ima_appraise.c b/security/integrity/ima/ima_appraise.c
index 5149ff4fd50d..9737bf76ce17 100644
--- a/security/integrity/ima/ima_appraise.c
+++ b/security/integrity/ima/ima_appraise.c
@@ -27,7 +27,7 @@ core_param(ima_appraise, ima_appraise_cmdline_default, charp, 0);
void __init ima_appraise_parse_cmdline(void)
{
const char *str = ima_appraise_cmdline_default;
- bool sb_state = arch_ima_get_secureboot();
+ bool sb_state = arch_get_secureboot();
int appraisal_state = ima_appraise;
if (!str)
diff --git a/security/integrity/ima/ima_efi.c b/security/integrity/ima/ima_efi.c
index 138029bfcce1..27521d665d33 100644
--- a/security/integrity/ima/ima_efi.c
+++ b/security/integrity/ima/ima_efi.c
@@ -2,52 +2,9 @@
/*
* Copyright (C) 2018 IBM Corporation
*/
-#include <linux/efi.h>
#include <linux/module.h>
#include <linux/ima.h>
-#include <asm/efi.h>
-
-#ifndef arch_ima_efi_boot_mode
-#define arch_ima_efi_boot_mode efi_secureboot_mode_unset
-#endif
-
-static enum efi_secureboot_mode get_sb_mode(void)
-{
- enum efi_secureboot_mode mode;
-
- if (!efi_rt_services_supported(EFI_RT_SUPPORTED_GET_VARIABLE)) {
- pr_info("ima: secureboot mode unknown, no efi\n");
- return efi_secureboot_mode_unknown;
- }
-
- mode = efi_get_secureboot_mode(efi.get_variable);
- if (mode == efi_secureboot_mode_disabled)
- pr_info("ima: secureboot mode disabled\n");
- else if (mode == efi_secureboot_mode_unknown)
- pr_info("ima: secureboot mode unknown\n");
- else
- pr_info("ima: secureboot mode enabled\n");
- return mode;
-}
-
-bool arch_ima_get_secureboot(void)
-{
- static enum efi_secureboot_mode sb_mode;
- static bool initialized;
-
- if (!initialized && efi_enabled(EFI_BOOT)) {
- sb_mode = arch_ima_efi_boot_mode;
-
- if (sb_mode == efi_secureboot_mode_unset)
- sb_mode = get_sb_mode();
- initialized = true;
- }
-
- if (sb_mode == efi_secureboot_mode_enabled)
- return true;
- else
- return false;
-}
+#include <linux/secure_boot.h>
/* secureboot arch rules */
static const char * const sb_arch_rules[] = {
@@ -67,7 +24,8 @@ static const char * const sb_arch_rules[] = {
const char * const *arch_get_ima_policy(void)
{
- if (IS_ENABLED(CONFIG_IMA_ARCH_POLICY) && arch_ima_get_secureboot()) {
+ if (IS_ENABLED(CONFIG_IMA_ARCH_POLICY) &&
+ arch_get_secureboot()) {
if (IS_ENABLED(CONFIG_MODULE_SIG))
set_module_sig_enforced();
if (IS_ENABLED(CONFIG_KEXEC_SIG))
diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c
index 5770cf691912..6d093ac82a45 100644
--- a/security/integrity/ima/ima_main.c
+++ b/security/integrity/ima/ima_main.c
@@ -949,8 +949,8 @@ static int ima_load_data(enum kernel_load_data_id id, bool contents)
switch (id) {
case LOADING_KEXEC_IMAGE:
- if (IS_ENABLED(CONFIG_KEXEC_SIG)
- && arch_ima_get_secureboot()) {
+ if (IS_ENABLED(CONFIG_KEXEC_SIG) &&
+ arch_get_secureboot()) {
pr_err("impossible to appraise a kernel image without a file descriptor; try using kexec_file_load syscall.\n");
return -EACCES;
}
diff --git a/security/integrity/integrity.h b/security/integrity/integrity.h
index 7b388b66cf80..4636629533af 100644
--- a/security/integrity/integrity.h
+++ b/security/integrity/integrity.h
@@ -14,6 +14,7 @@
#include <linux/types.h>
#include <linux/integrity.h>
+#include <linux/secure_boot.h>
#include <crypto/sha1.h>
#include <crypto/hash.h>
#include <linux/key.h>
diff --git a/security/integrity/platform_certs/load_uefi.c b/security/integrity/platform_certs/load_uefi.c
index d1fdd113450a..c0d6948446c3 100644
--- a/security/integrity/platform_certs/load_uefi.c
+++ b/security/integrity/platform_certs/load_uefi.c
@@ -212,7 +212,7 @@ static int __init load_uefi_certs(void)
}
/* the MOK/MOKx can not be trusted when secure boot is disabled */
- if (!arch_ima_get_secureboot())
+ if (!arch_get_secureboot())
return 0;
mokx = get_cert_list(L"MokListXRT", &mok_var, &mokxsize, &status);
diff --git a/security/integrity/secure_boot.c b/security/integrity/secure_boot.c
new file mode 100644
index 000000000000..fc2693c286f8
--- /dev/null
+++ b/security/integrity/secure_boot.c
@@ -0,0 +1,16 @@
+// SPDX-License-Identifier: GPL-2.0-only
+/*
+ * Copyright (C) 2026 Red Hat, Inc. All Rights Reserved.
+ *
+ * Author: Coiby Xu <coxu@redhat.com>
+ */
+#include <linux/secure_boot.h>
+
+/*
+ * Default weak implementation.
+ * Architectures that support secure boot must override this.
+ */
+__weak bool arch_get_secureboot(void)
+{
+ return false;
+}
--
2.52.0
^ permalink raw reply related
* Re: [PATCH] xfrm: kill xfrm_dev_{state,policy}_flush_secctx_check()
From: Tetsuo Handa @ 2026-02-03 3:47 UTC (permalink / raw)
To: Paul Moore, SELinux, linux-security-module
Cc: Steffen Klassert, Herbert Xu, David S. Miller, Eric Dumazet,
Jakub Kicinski, Paolo Abeni, Simon Horman, Network Development
In-Reply-To: <CAHC9VhQPKU5DqG-ryZsiCV2vZeGGf_a-JStR_LVVCCn03C4usQ@mail.gmail.com>
[-- Attachment #1: Type: text/plain, Size: 2686 bytes --]
On 2026/02/02 13:07, Paul Moore wrote:
> I'm asking you to verify that we have the LSM xfrm hooks in all of the
> necessary locations to ensure that we are safely and comprehensively
> gating all of the operations that result in removal of SPD and SAD
> entries.
That is impossible. We can't have the LSM xfrm hooks in all locations
that result in removal of SPD and SAD entries. We must give up trying
to have the LSM xfrm hooks in NETDEV_UNREGISTER event handler despite
NETDEV_UNREGISTER event handler results in removal of SPD and SAD entries.
>> No authorization can be placed during must-not-fail operation.
>
> Of course, but that means that we simply need to make sure we have the
> authorization hooks placed elsewhere to ensure that users can not
> remove SPD and SAD entries if they are not allowed. I'm not arguing
> about if returning an error in a place that can not handle an error
> condition is correct or not, I'm arguing that you should audit the SPD
> and SAD removal code paths to ensure that they all have the proper LSM
> xfrm hook authorizations.
This patch just removes error-returning LSM xfrm hook calls from one of
must-not-fail locations. I attach two syzbot reports that demonstrate
a result of having LSM xfrm hook calls from NETDEV_UNREGISTER event
( https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/net/xfrm?h=next-20260202&id=638361ad7ab20c5740d9637d3a51306f9b2e1461 ) .
As you can see, this must-not-fail operation is triggered by both
"sendmsg() system call (i.e. sending netlink message) by a userspace process"
and "the cleanup_net kernel WQ thread".
You might be able to call LSM xfrm hooks before netlink_sendmsg() is authorized
(assuming that that LSM hook can examine what SPD and SAD entries will be deleted
by allow processing netlink_sendmsg() request), but I guess that it will be
subjected to TOCTOU problem; can we have such giant lock that can serialize all
operations that might be triggered by allow calling netlink_sendmsg()? Even if
you had such giant lock, what about cleanup_net() path that happens without
explicit request from userspace?
It is your role (not my role) to verify that we have the LSM xfrm hooks in all
of the necessary locations, for it is you who is wishing to ensure that we are
safely and comprehensively gating all of the operations that result in removal
of SPD and SAD entries. The reports I attached are suggesting you that we can't
safely and comprehensively gate all of the operations that result in removal of
SPD and SAD entries.
Reported-by: syzbot+881d65229ca4f9ae8c84@syzkaller.appspotmail.com
Closes: https://syzkaller.appspot.com/bug?extid=881d65229ca4f9ae8c84
[-- Attachment #2: report-20260202-cleanup_net.txt --]
[-- Type: text/plain, Size: 73840 bytes --]
ret_from_fork+0x51e/0xb90 arch/x86/kernel/process.c:158
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
</TASK>
unregister_netdevice: waiting for netdevsim0 to become free. Usage count = 2
ref_tracker: netdev@ffff88807ddc4630 has 1/1 users at
xfrm_dev_state_add+0x6f4/0xc40 net/xfrm/xfrm_device.c:316
xfrm_state_construct net/xfrm/xfrm_user.c:986 [inline]
xfrm_add_sa+0x34ca/0x4230 net/xfrm/xfrm_user.c:1022
xfrm_user_rcv_msg+0x746/0xb20 net/xfrm/xfrm_user.c:3507
netlink_rcv_skb+0x232/0x4b0 net/netlink/af_netlink.c:2550
xfrm_netlink_rcv+0x79/0x90 net/xfrm/xfrm_user.c:3529
netlink_unicast_kernel net/netlink/af_netlink.c:1318 [inline]
netlink_unicast+0x80f/0x9b0 net/netlink/af_netlink.c:1344
netlink_sendmsg+0x813/0xb40 net/netlink/af_netlink.c:1894
sock_sendmsg_nosec+0x18f/0x1d0 net/socket.c:737
__sock_sendmsg net/socket.c:752 [inline]
____sys_sendmsg+0x589/0x8c0 net/socket.c:2610
___sys_sendmsg+0x2a5/0x360 net/socket.c:2664
__sys_sendmsg net/socket.c:2696 [inline]
__do_sys_sendmsg net/socket.c:2701 [inline]
__se_sys_sendmsg net/socket.c:2699 [inline]
__x64_sys_sendmsg+0x1bd/0x2a0 net/socket.c:2699
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0x14d/0xf80 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
infiniband: balance for netdevsim0@ib_gid_table_entry is 0
balance for netdevsim0@j1939_priv is 0
Call trace for netdevsim0[1] +1 at
__dev_hold include/linux/netdevice.h:4403 [inline]
netdev_hold include/linux/netdevice.h:4446 [inline]
rx_queue_add_kobject net/core/net-sysfs.c:1257 [inline]
net_rx_queue_update_kobjects+0x148/0x750 net/core/net-sysfs.c:1322
register_queue_kobjects net/core/net-sysfs.c:2114 [inline]
netdev_register_kobject+0x21f/0x310 net/core/net-sysfs.c:2362
register_netdevice+0x12c0/0x1cf0 net/core/dev.c:11409
nsim_init_netdevsim drivers/net/netdevsim/netdev.c:1064 [inline]
nsim_create+0xb92/0x1100 drivers/net/netdevsim/netdev.c:1146
__nsim_dev_port_add+0x72a/0xb50 drivers/net/netdevsim/dev.c:1494
nsim_dev_port_add_all+0x37/0xf0 drivers/net/netdevsim/dev.c:1550
nsim_drv_probe+0x905/0xc20 drivers/net/netdevsim/dev.c:1711
call_driver_probe drivers/base/dd.c:-1 [inline]
really_probe+0x267/0xaf0 drivers/base/dd.c:661
__driver_probe_device+0x18c/0x320 drivers/base/dd.c:803
driver_probe_device+0x4f/0x240 drivers/base/dd.c:833
__device_attach_driver+0x2d4/0x4c0 drivers/base/dd.c:961
bus_for_each_drv+0x258/0x2f0 drivers/base/bus.c:500
__device_attach+0x2c5/0x450 drivers/base/dd.c:1033
device_initial_probe+0xa1/0xd0 drivers/base/dd.c:1088
bus_probe_device+0x12a/0x220 drivers/base/bus.c:574
device_add+0x7b6/0xb70 drivers/base/core.c:3689
nsim_bus_dev_new drivers/net/netdevsim/bus.c:471 [inline]
new_device_store+0x37b/0x710 drivers/net/netdevsim/bus.c:191
kernfs_fop_write_iter+0x3af/0x540 fs/kernfs/file.c:352
new_sync_write fs/read_write.c:595 [inline]
vfs_write+0x61d/0xb90 fs/read_write.c:688
ksys_write+0x150/0x270 fs/read_write.c:740
Call trace for netdevsim0[2] +1 at
__dev_hold include/linux/netdevice.h:4403 [inline]
netdev_hold include/linux/netdevice.h:4446 [inline]
netdev_queue_add_kobject net/core/net-sysfs.c:1994 [inline]
netdev_queue_update_kobjects+0x170/0x6d0 net/core/net-sysfs.c:2056
register_queue_kobjects net/core/net-sysfs.c:2119 [inline]
netdev_register_kobject+0x258/0x310 net/core/net-sysfs.c:2362
register_netdevice+0x12c0/0x1cf0 net/core/dev.c:11409
nsim_init_netdevsim drivers/net/netdevsim/netdev.c:1064 [inline]
nsim_create+0xb92/0x1100 drivers/net/netdevsim/netdev.c:1146
__nsim_dev_port_add+0x72a/0xb50 drivers/net/netdevsim/dev.c:1494
nsim_dev_port_add_all+0x37/0xf0 drivers/net/netdevsim/dev.c:1550
nsim_drv_probe+0x905/0xc20 drivers/net/netdevsim/dev.c:1711
call_driver_probe drivers/base/dd.c:-1 [inline]
really_probe+0x267/0xaf0 drivers/base/dd.c:661
__driver_probe_device+0x18c/0x320 drivers/base/dd.c:803
driver_probe_device+0x4f/0x240 drivers/base/dd.c:833
__device_attach_driver+0x2d4/0x4c0 drivers/base/dd.c:961
bus_for_each_drv+0x258/0x2f0 drivers/base/bus.c:500
__device_attach+0x2c5/0x450 drivers/base/dd.c:1033
device_initial_probe+0xa1/0xd0 drivers/base/dd.c:1088
bus_probe_device+0x12a/0x220 drivers/base/bus.c:574
device_add+0x7b6/0xb70 drivers/base/core.c:3689
nsim_bus_dev_new drivers/net/netdevsim/bus.c:471 [inline]
new_device_store+0x37b/0x710 drivers/net/netdevsim/bus.c:191
kernfs_fop_write_iter+0x3af/0x540 fs/kernfs/file.c:352
new_sync_write fs/read_write.c:595 [inline]
vfs_write+0x61d/0xb90 fs/read_write.c:688
ksys_write+0x150/0x270 fs/read_write.c:740
Call trace for netdevsim0[3] +1 at
__dev_hold include/linux/netdevice.h:4403 [inline]
netdev_hold+0x27/0xc0 include/linux/netdevice.h:4446
register_netdevice+0x15cc/0x1cf0 net/core/dev.c:11433
nsim_init_netdevsim drivers/net/netdevsim/netdev.c:1064 [inline]
nsim_create+0xb92/0x1100 drivers/net/netdevsim/netdev.c:1146
__nsim_dev_port_add+0x72a/0xb50 drivers/net/netdevsim/dev.c:1494
nsim_dev_port_add_all+0x37/0xf0 drivers/net/netdevsim/dev.c:1550
nsim_drv_probe+0x905/0xc20 drivers/net/netdevsim/dev.c:1711
call_driver_probe drivers/base/dd.c:-1 [inline]
really_probe+0x267/0xaf0 drivers/base/dd.c:661
__driver_probe_device+0x18c/0x320 drivers/base/dd.c:803
driver_probe_device+0x4f/0x240 drivers/base/dd.c:833
__device_attach_driver+0x2d4/0x4c0 drivers/base/dd.c:961
bus_for_each_drv+0x258/0x2f0 drivers/base/bus.c:500
__device_attach+0x2c5/0x450 drivers/base/dd.c:1033
device_initial_probe+0xa1/0xd0 drivers/base/dd.c:1088
bus_probe_device+0x12a/0x220 drivers/base/bus.c:574
device_add+0x7b6/0xb70 drivers/base/core.c:3689
nsim_bus_dev_new drivers/net/netdevsim/bus.c:471 [inline]
new_device_store+0x37b/0x710 drivers/net/netdevsim/bus.c:191
kernfs_fop_write_iter+0x3af/0x540 fs/kernfs/file.c:352
new_sync_write fs/read_write.c:595 [inline]
vfs_write+0x61d/0xb90 fs/read_write.c:688
ksys_write+0x150/0x270 fs/read_write.c:740
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0x14d/0xf80 arch/x86/entry/syscall_64.c:94
Call trace for netdevsim0[4] +3 at
__dev_hold include/linux/netdevice.h:4403 [inline]
netdev_hold include/linux/netdevice.h:4446 [inline]
dev_hold include/linux/netdevice.h:4469 [inline]
netdevice_queue_work drivers/infiniband/core/roce_gid_mgmt.c:698 [inline]
netdevice_event+0x4ea/0x8d0 drivers/infiniband/core/roce_gid_mgmt.c:849
notifier_call_chain+0x1be/0x400 kernel/notifier.c:85
call_netdevice_notifiers_extack net/core/dev.c:2281 [inline]
call_netdevice_notifiers net/core/dev.c:2295 [inline]
register_netdevice+0x173a/0x1cf0 net/core/dev.c:11447
nsim_init_netdevsim drivers/net/netdevsim/netdev.c:1064 [inline]
nsim_create+0xb92/0x1100 drivers/net/netdevsim/netdev.c:1146
__nsim_dev_port_add+0x72a/0xb50 drivers/net/netdevsim/dev.c:1494
nsim_dev_port_add_all+0x37/0xf0 drivers/net/netdevsim/dev.c:1550
nsim_drv_probe+0x905/0xc20 drivers/net/netdevsim/dev.c:1711
call_driver_probe drivers/base/dd.c:-1 [inline]
really_probe+0x267/0xaf0 drivers/base/dd.c:661
__driver_probe_device+0x18c/0x320 drivers/base/dd.c:803
driver_probe_device+0x4f/0x240 drivers/base/dd.c:833
__device_attach_driver+0x2d4/0x4c0 drivers/base/dd.c:961
bus_for_each_drv+0x258/0x2f0 drivers/base/bus.c:500
__device_attach+0x2c5/0x450 drivers/base/dd.c:1033
device_initial_probe+0xa1/0xd0 drivers/base/dd.c:1088
bus_probe_device+0x12a/0x220 drivers/base/bus.c:574
device_add+0x7b6/0xb70 drivers/base/core.c:3689
nsim_bus_dev_new drivers/net/netdevsim/bus.c:471 [inline]
new_device_store+0x37b/0x710 drivers/net/netdevsim/bus.c:191
kernfs_fop_write_iter+0x3af/0x540 fs/kernfs/file.c:352
new_sync_write fs/read_write.c:595 [inline]
vfs_write+0x61d/0xb90 fs/read_write.c:688
ksys_write+0x150/0x270 fs/read_write.c:740
Call trace for netdevsim0[5] +3 at
__dev_hold include/linux/netdevice.h:4403 [inline]
netdev_hold include/linux/netdevice.h:4446 [inline]
dev_hold include/linux/netdevice.h:4469 [inline]
netdevice_queue_work drivers/infiniband/core/roce_gid_mgmt.c:699 [inline]
netdevice_event+0x593/0x8d0 drivers/infiniband/core/roce_gid_mgmt.c:849
notifier_call_chain+0x1be/0x400 kernel/notifier.c:85
call_netdevice_notifiers_extack net/core/dev.c:2281 [inline]
call_netdevice_notifiers net/core/dev.c:2295 [inline]
register_netdevice+0x173a/0x1cf0 net/core/dev.c:11447
nsim_init_netdevsim drivers/net/netdevsim/netdev.c:1064 [inline]
nsim_create+0xb92/0x1100 drivers/net/netdevsim/netdev.c:1146
__nsim_dev_port_add+0x72a/0xb50 drivers/net/netdevsim/dev.c:1494
nsim_dev_port_add_all+0x37/0xf0 drivers/net/netdevsim/dev.c:1550
nsim_drv_probe+0x905/0xc20 drivers/net/netdevsim/dev.c:1711
call_driver_probe drivers/base/dd.c:-1 [inline]
really_probe+0x267/0xaf0 drivers/base/dd.c:661
__driver_probe_device+0x18c/0x320 drivers/base/dd.c:803
driver_probe_device+0x4f/0x240 drivers/base/dd.c:833
__device_attach_driver+0x2d4/0x4c0 drivers/base/dd.c:961
bus_for_each_drv+0x258/0x2f0 drivers/base/bus.c:500
__device_attach+0x2c5/0x450 drivers/base/dd.c:1033
device_initial_probe+0xa1/0xd0 drivers/base/dd.c:1088
bus_probe_device+0x12a/0x220 drivers/base/bus.c:574
device_add+0x7b6/0xb70 drivers/base/core.c:3689
nsim_bus_dev_new drivers/net/netdevsim/bus.c:471 [inline]
new_device_store+0x37b/0x710 drivers/net/netdevsim/bus.c:191
kernfs_fop_write_iter+0x3af/0x540 fs/kernfs/file.c:352
new_sync_write fs/read_write.c:595 [inline]
vfs_write+0x61d/0xb90 fs/read_write.c:688
ksys_write+0x150/0x270 fs/read_write.c:740
Call trace for netdevsim0[6] -7 at
__dev_put include/linux/netdevice.h:4389 [inline]
netdev_put include/linux/netdevice.h:4456 [inline]
dev_put include/linux/netdevice.h:4481 [inline]
netdevice_event_work_handler+0x12c/0x260 drivers/infiniband/core/roce_gid_mgmt.c:675
process_one_work+0x949/0x1650 kernel/workqueue.c:3279
Call trace for netdevsim0[7] -7 at
__dev_put include/linux/netdevice.h:4389 [inline]
netdev_put include/linux/netdevice.h:4456 [inline]
dev_put include/linux/netdevice.h:4481 [inline]
netdevice_event_work_handler+0x1b2/0x260 drivers/infiniband/core/roce_gid_mgmt.c:676
process_one_work+0x949/0x1650 kernel/workqueue.c:3279
Call trace for netdevsim0[8] +1 at
__dev_hold include/linux/netdevice.h:4403 [inline]
netdev_hold include/linux/netdevice.h:4446 [inline]
neigh_parms_alloc+0x192/0x530 net/core/neighbour.c:1778
inetdev_init+0x118/0x4f0 net/ipv4/devinet.c:280
inetdev_event+0x30d/0x1610 net/ipv4/devinet.c:1590
notifier_call_chain+0x1be/0x400 kernel/notifier.c:85
call_netdevice_notifiers_extack net/core/dev.c:2281 [inline]
call_netdevice_notifiers net/core/dev.c:2295 [inline]
register_netdevice+0x173a/0x1cf0 net/core/dev.c:11447
nsim_init_netdevsim drivers/net/netdevsim/netdev.c:1064 [inline]
nsim_create+0xb92/0x1100 drivers/net/netdevsim/netdev.c:1146
__nsim_dev_port_add+0x72a/0xb50 drivers/net/netdevsim/dev.c:1494
nsim_dev_port_add_all+0x37/0xf0 drivers/net/netdevsim/dev.c:1550
nsim_drv_probe+0x905/0xc20 drivers/net/netdevsim/dev.c:1711
call_driver_probe drivers/base/dd.c:-1 [inline]
really_probe+0x267/0xaf0 drivers/base/dd.c:661
__driver_probe_device+0x18c/0x320 drivers/base/dd.c:803
driver_probe_device+0x4f/0x240 drivers/base/dd.c:833
__device_attach_driver+0x2d4/0x4c0 drivers/base/dd.c:961
bus_for_each_drv+0x258/0x2f0 drivers/base/bus.c:500
__device_attach+0x2c5/0x450 drivers/base/dd.c:1033
device_initial_probe+0xa1/0xd0 drivers/base/dd.c:1088
bus_probe_device+0x12a/0x220 drivers/base/bus.c:574
device_add+0x7b6/0xb70 drivers/base/core.c:3689
nsim_bus_dev_new drivers/net/netdevsim/bus.c:471 [inline]
new_device_store+0x37b/0x710 drivers/net/netdevsim/bus.c:191
kernfs_fop_write_iter+0x3af/0x540 fs/kernfs/file.c:352
Call trace for netdevsim0[9] +1 at
__dev_hold include/linux/netdevice.h:4403 [inline]
netdev_hold include/linux/netdevice.h:4446 [inline]
inetdev_init+0x19f/0x4f0 net/ipv4/devinet.c:286
inetdev_event+0x30d/0x1610 net/ipv4/devinet.c:1590
notifier_call_chain+0x1be/0x400 kernel/notifier.c:85
call_netdevice_notifiers_extack net/core/dev.c:2281 [inline]
call_netdevice_notifiers net/core/dev.c:2295 [inline]
register_netdevice+0x173a/0x1cf0 net/core/dev.c:11447
nsim_init_netdevsim drivers/net/netdevsim/netdev.c:1064 [inline]
nsim_create+0xb92/0x1100 drivers/net/netdevsim/netdev.c:1146
__nsim_dev_port_add+0x72a/0xb50 drivers/net/netdevsim/dev.c:1494
nsim_dev_port_add_all+0x37/0xf0 drivers/net/netdevsim/dev.c:1550
nsim_drv_probe+0x905/0xc20 drivers/net/netdevsim/dev.c:1711
call_driver_probe drivers/base/dd.c:-1 [inline]
really_probe+0x267/0xaf0 drivers/base/dd.c:661
__driver_probe_device+0x18c/0x320 drivers/base/dd.c:803
driver_probe_device+0x4f/0x240 drivers/base/dd.c:833
__device_attach_driver+0x2d4/0x4c0 drivers/base/dd.c:961
bus_for_each_drv+0x258/0x2f0 drivers/base/bus.c:500
__device_attach+0x2c5/0x450 drivers/base/dd.c:1033
device_initial_probe+0xa1/0xd0 drivers/base/dd.c:1088
bus_probe_device+0x12a/0x220 drivers/base/bus.c:574
device_add+0x7b6/0xb70 drivers/base/core.c:3689
nsim_bus_dev_new drivers/net/netdevsim/bus.c:471 [inline]
new_device_store+0x37b/0x710 drivers/net/netdevsim/bus.c:191
kernfs_fop_write_iter+0x3af/0x540 fs/kernfs/file.c:352
new_sync_write fs/read_write.c:595 [inline]
vfs_write+0x61d/0xb90 fs/read_write.c:688
Call trace for netdevsim0[10] +1 at
__dev_hold include/linux/netdevice.h:4403 [inline]
netdev_hold include/linux/netdevice.h:4446 [inline]
neigh_parms_alloc+0x192/0x530 net/core/neighbour.c:1778
ipv6_add_dev+0x40d/0x13c0 net/ipv6/addrconf.c:403
addrconf_notify+0x771/0x1050 net/ipv6/addrconf.c:3655
notifier_call_chain+0x1be/0x400 kernel/notifier.c:85
call_netdevice_notifiers_extack net/core/dev.c:2281 [inline]
call_netdevice_notifiers net/core/dev.c:2295 [inline]
register_netdevice+0x173a/0x1cf0 net/core/dev.c:11447
nsim_init_netdevsim drivers/net/netdevsim/netdev.c:1064 [inline]
nsim_create+0xb92/0x1100 drivers/net/netdevsim/netdev.c:1146
__nsim_dev_port_add+0x72a/0xb50 drivers/net/netdevsim/dev.c:1494
nsim_dev_port_add_all+0x37/0xf0 drivers/net/netdevsim/dev.c:1550
nsim_drv_probe+0x905/0xc20 drivers/net/netdevsim/dev.c:1711
call_driver_probe drivers/base/dd.c:-1 [inline]
really_probe+0x267/0xaf0 drivers/base/dd.c:661
__driver_probe_device+0x18c/0x320 drivers/base/dd.c:803
driver_probe_device+0x4f/0x240 drivers/base/dd.c:833
__device_attach_driver+0x2d4/0x4c0 drivers/base/dd.c:961
bus_for_each_drv+0x258/0x2f0 drivers/base/bus.c:500
__device_attach+0x2c5/0x450 drivers/base/dd.c:1033
device_initial_probe+0xa1/0xd0 drivers/base/dd.c:1088
bus_probe_device+0x12a/0x220 drivers/base/bus.c:574
device_add+0x7b6/0xb70 drivers/base/core.c:3689
nsim_bus_dev_new drivers/net/netdevsim/bus.c:471 [inline]
new_device_store+0x37b/0x710 drivers/net/netdevsim/bus.c:191
kernfs_fop_write_iter+0x3af/0x540 fs/kernfs/file.c:352
Call trace for netdevsim0[11] +1 at
__dev_hold include/linux/netdevice.h:4403 [inline]
netdev_hold include/linux/netdevice.h:4446 [inline]
ipv6_add_dev+0x4ae/0x13c0 net/ipv6/addrconf.c:411
addrconf_notify+0x771/0x1050 net/ipv6/addrconf.c:3655
notifier_call_chain+0x1be/0x400 kernel/notifier.c:85
call_netdevice_notifiers_extack net/core/dev.c:2281 [inline]
call_netdevice_notifiers net/core/dev.c:2295 [inline]
register_netdevice+0x173a/0x1cf0 net/core/dev.c:11447
nsim_init_netdevsim drivers/net/netdevsim/netdev.c:1064 [inline]
nsim_create+0xb92/0x1100 drivers/net/netdevsim/netdev.c:1146
__nsim_dev_port_add+0x72a/0xb50 drivers/net/netdevsim/dev.c:1494
nsim_dev_port_add_all+0x37/0xf0 drivers/net/netdevsim/dev.c:1550
nsim_drv_probe+0x905/0xc20 drivers/net/netdevsim/dev.c:1711
call_driver_probe drivers/base/dd.c:-1 [inline]
really_probe+0x267/0xaf0 drivers/base/dd.c:661
__driver_probe_device+0x18c/0x320 drivers/base/dd.c:803
driver_probe_device+0x4f/0x240 drivers/base/dd.c:833
__device_attach_driver+0x2d4/0x4c0 drivers/base/dd.c:961
bus_for_each_drv+0x258/0x2f0 drivers/base/bus.c:500
__device_attach+0x2c5/0x450 drivers/base/dd.c:1033
device_initial_probe+0xa1/0xd0 drivers/base/dd.c:1088
bus_probe_device+0x12a/0x220 drivers/base/bus.c:574
device_add+0x7b6/0xb70 drivers/base/core.c:3689
nsim_bus_dev_new drivers/net/netdevsim/bus.c:471 [inline]
new_device_store+0x37b/0x710 drivers/net/netdevsim/bus.c:191
kernfs_fop_write_iter+0x3af/0x540 fs/kernfs/file.c:352
new_sync_write fs/read_write.c:595 [inline]
vfs_write+0x61d/0xb90 fs/read_write.c:688
Call trace for netdevsim0[12] +1 at
__dev_hold include/linux/netdevice.h:4403 [inline]
netdev_hold include/linux/netdevice.h:4446 [inline]
batadv_hardif_add_interface net/batman-adv/hard-interface.c:878 [inline]
batadv_hard_if_event+0xb47/0x1240 net/batman-adv/hard-interface.c:958
notifier_call_chain+0x1be/0x400 kernel/notifier.c:85
call_netdevice_notifiers_extack net/core/dev.c:2281 [inline]
call_netdevice_notifiers net/core/dev.c:2295 [inline]
register_netdevice+0x173a/0x1cf0 net/core/dev.c:11447
nsim_init_netdevsim drivers/net/netdevsim/netdev.c:1064 [inline]
nsim_create+0xb92/0x1100 drivers/net/netdevsim/netdev.c:1146
__nsim_dev_port_add+0x72a/0xb50 drivers/net/netdevsim/dev.c:1494
nsim_dev_port_add_all+0x37/0xf0 drivers/net/netdevsim/dev.c:1550
nsim_drv_probe+0x905/0xc20 drivers/net/netdevsim/dev.c:1711
call_driver_probe drivers/base/dd.c:-1 [inline]
really_probe+0x267/0xaf0 drivers/base/dd.c:661
__driver_probe_device+0x18c/0x320 drivers/base/dd.c:803
driver_probe_device+0x4f/0x240 drivers/base/dd.c:833
__device_attach_driver+0x2d4/0x4c0 drivers/base/dd.c:961
bus_for_each_drv+0x258/0x2f0 drivers/base/bus.c:500
__device_attach+0x2c5/0x450 drivers/base/dd.c:1033
device_initial_probe+0xa1/0xd0 drivers/base/dd.c:1088
bus_probe_device+0x12a/0x220 drivers/base/bus.c:574
device_add+0x7b6/0xb70 drivers/base/core.c:3689
nsim_bus_dev_new drivers/net/netdevsim/bus.c:471 [inline]
new_device_store+0x37b/0x710 drivers/net/netdevsim/bus.c:191
kernfs_fop_write_iter+0x3af/0x540 fs/kernfs/file.c:352
new_sync_write fs/read_write.c:595 [inline]
vfs_write+0x61d/0xb90 fs/read_write.c:688
ksys_write+0x150/0x270 fs/read_write.c:740
Call trace for netdevsim0[13] +1 at
__dev_hold include/linux/netdevice.h:4403 [inline]
netdev_hold include/linux/netdevice.h:4446 [inline]
dev_hold include/linux/netdevice.h:4469 [inline]
udp_tunnel_nic_register net/ipv4/udp_tunnel_nic.c:850 [inline]
udp_tunnel_nic_netdevice_event+0xaea/0x17e0 net/ipv4/udp_tunnel_nic.c:931
notifier_call_chain+0x1be/0x400 kernel/notifier.c:85
call_netdevice_notifiers_extack net/core/dev.c:2281 [inline]
call_netdevice_notifiers net/core/dev.c:2295 [inline]
register_netdevice+0x173a/0x1cf0 net/core/dev.c:11447
nsim_init_netdevsim drivers/net/netdevsim/netdev.c:1064 [inline]
nsim_create+0xb92/0x1100 drivers/net/netdevsim/netdev.c:1146
__nsim_dev_port_add+0x72a/0xb50 drivers/net/netdevsim/dev.c:1494
nsim_dev_port_add_all+0x37/0xf0 drivers/net/netdevsim/dev.c:1550
nsim_drv_probe+0x905/0xc20 drivers/net/netdevsim/dev.c:1711
call_driver_probe drivers/base/dd.c:-1 [inline]
really_probe+0x267/0xaf0 drivers/base/dd.c:661
__driver_probe_device+0x18c/0x320 drivers/base/dd.c:803
driver_probe_device+0x4f/0x240 drivers/base/dd.c:833
__device_attach_driver+0x2d4/0x4c0 drivers/base/dd.c:961
bus_for_each_drv+0x258/0x2f0 drivers/base/bus.c:500
__device_attach+0x2c5/0x450 drivers/base/dd.c:1033
device_initial_probe+0xa1/0xd0 drivers/base/dd.c:1088
bus_probe_device+0x12a/0x220 drivers/base/bus.c:574
device_add+0x7b6/0xb70 drivers/base/core.c:3689
nsim_bus_dev_new drivers/net/netdevsim/bus.c:471 [inline]
new_device_store+0x37b/0x710 drivers/net/netdevsim/bus.c:191
kernfs_fop_write_iter+0x3af/0x540 fs/kernfs/file.c:352
new_sync_write fs/read_write.c:595 [inline]
vfs_write+0x61d/0xb90 fs/read_write.c:688
ksys_write+0x150/0x270 fs/read_write.c:740
Call trace for netdevsim0[14] +1 at
__dev_hold include/linux/netdevice.h:4403 [inline]
netdev_hold include/linux/netdevice.h:4446 [inline]
qdisc_alloc+0x631/0x910 net/sched/sch_generic.c:985
qdisc_create_dflt+0x8e/0x510 net/sched/sch_generic.c:1008
attach_one_default_qdisc net/sched/sch_generic.c:1174 [inline]
netdev_for_each_tx_queue include/linux/netdevice.h:2688 [inline]
attach_default_qdiscs net/sched/sch_generic.c:1192 [inline]
dev_activate+0x378/0x1150 net/sched/sch_generic.c:1251
__dev_open+0x67a/0x830 net/core/dev.c:1704
__dev_change_flags+0x1f7/0x690 net/core/dev.c:9749
netif_change_flags+0x88/0x1a0 net/core/dev.c:9812
do_setlink+0xf82/0x4590 net/core/rtnetlink.c:3158
rtnl_changelink net/core/rtnetlink.c:3776 [inline]
__rtnl_newlink net/core/rtnetlink.c:3935 [inline]
rtnl_newlink+0x15a9/0x1be0 net/core/rtnetlink.c:4072
rtnetlink_rcv_msg+0x7d5/0xbe0 net/core/rtnetlink.c:6958
netlink_rcv_skb+0x232/0x4b0 net/netlink/af_netlink.c:2550
netlink_unicast_kernel net/netlink/af_netlink.c:1318 [inline]
netlink_unicast+0x80f/0x9b0 net/netlink/af_netlink.c:1344
netlink_sendmsg+0x813/0xb40 net/netlink/af_netlink.c:1894
sock_sendmsg_nosec+0x18f/0x1d0 net/socket.c:737
Call trace for netdevsim0[15] +3 at
__dev_hold include/linux/netdevice.h:4403 [inline]
netdev_hold include/linux/netdevice.h:4446 [inline]
dev_hold include/linux/netdevice.h:4469 [inline]
netdevice_queue_work drivers/infiniband/core/roce_gid_mgmt.c:698 [inline]
netdevice_event+0x4ea/0x8d0 drivers/infiniband/core/roce_gid_mgmt.c:849
notifier_call_chain+0x1be/0x400 kernel/notifier.c:85
call_netdevice_notifiers_extack net/core/dev.c:2281 [inline]
call_netdevice_notifiers net/core/dev.c:2295 [inline]
__dev_notify_flags+0x1a9/0x310 net/core/dev.c:9788
netif_change_flags+0xe8/0x1a0 net/core/dev.c:9817
do_setlink+0xf82/0x4590 net/core/rtnetlink.c:3158
rtnl_changelink net/core/rtnetlink.c:3776 [inline]
__rtnl_newlink net/core/rtnetlink.c:3935 [inline]
rtnl_newlink+0x15a9/0x1be0 net/core/rtnetlink.c:4072
rtnetlink_rcv_msg+0x7d5/0xbe0 net/core/rtnetlink.c:6958
netlink_rcv_skb+0x232/0x4b0 net/netlink/af_netlink.c:2550
netlink_unicast_kernel net/netlink/af_netlink.c:1318 [inline]
netlink_unicast+0x80f/0x9b0 net/netlink/af_netlink.c:1344
netlink_sendmsg+0x813/0xb40 net/netlink/af_netlink.c:1894
sock_sendmsg_nosec+0x18f/0x1d0 net/socket.c:737
Call trace for netdevsim0[16] +3 at
__dev_hold include/linux/netdevice.h:4403 [inline]
netdev_hold include/linux/netdevice.h:4446 [inline]
dev_hold include/linux/netdevice.h:4469 [inline]
netdevice_queue_work drivers/infiniband/core/roce_gid_mgmt.c:699 [inline]
netdevice_event+0x593/0x8d0 drivers/infiniband/core/roce_gid_mgmt.c:849
notifier_call_chain+0x1be/0x400 kernel/notifier.c:85
call_netdevice_notifiers_extack net/core/dev.c:2281 [inline]
call_netdevice_notifiers net/core/dev.c:2295 [inline]
__dev_notify_flags+0x1a9/0x310 net/core/dev.c:9788
netif_change_flags+0xe8/0x1a0 net/core/dev.c:9817
do_setlink+0xf82/0x4590 net/core/rtnetlink.c:3158
rtnl_changelink net/core/rtnetlink.c:3776 [inline]
__rtnl_newlink net/core/rtnetlink.c:3935 [inline]
rtnl_newlink+0x15a9/0x1be0 net/core/rtnetlink.c:4072
rtnetlink_rcv_msg+0x7d5/0xbe0 net/core/rtnetlink.c:6958
netlink_rcv_skb+0x232/0x4b0 net/netlink/af_netlink.c:2550
netlink_unicast_kernel net/netlink/af_netlink.c:1318 [inline]
netlink_unicast+0x80f/0x9b0 net/netlink/af_netlink.c:1344
netlink_sendmsg+0x813/0xb40 net/netlink/af_netlink.c:1894
sock_sendmsg_nosec+0x18f/0x1d0 net/socket.c:737
Call trace for netdevsim0[17] +1 at
__dev_hold include/linux/netdevice.h:4403 [inline]
netdev_hold include/linux/netdevice.h:4446 [inline]
dev_hold include/linux/netdevice.h:4469 [inline]
dev_get_by_index+0x1b3/0x2f0 net/core/dev.c:995
netdev_get_by_index+0x25/0xb0 net/core/dev.c:1018
fib6_nh_init+0x1f2/0x2010 net/ipv6/route.c:3598
ip6_route_info_create_nh+0x16a/0xad0 net/ipv6/route.c:3898
ip6_route_add+0x6e/0x1b0 net/ipv6/route.c:3950
addrconf_add_mroute+0x2d1/0x370 net/ipv6/addrconf.c:2552
addrconf_add_dev net/ipv6/addrconf.c:2570 [inline]
addrconf_dev_config net/ipv6/addrconf.c:3484 [inline]
addrconf_init_auto_addrs+0x4d7/0xa50 net/ipv6/addrconf.c:3572
addrconf_notify+0xb1e/0x1050 net/ipv6/addrconf.c:3745
notifier_call_chain+0x1be/0x400 kernel/notifier.c:85
call_netdevice_notifiers_extack net/core/dev.c:2281 [inline]
call_netdevice_notifiers net/core/dev.c:2295 [inline]
__dev_notify_flags+0x1a9/0x310 net/core/dev.c:9788
netif_change_flags+0xe8/0x1a0 net/core/dev.c:9817
do_setlink+0xf82/0x4590 net/core/rtnetlink.c:3158
rtnl_changelink net/core/rtnetlink.c:3776 [inline]
__rtnl_newlink net/core/rtnetlink.c:3935 [inline]
rtnl_newlink+0x15a9/0x1be0 net/core/rtnetlink.c:4072
rtnetlink_rcv_msg+0x7d5/0xbe0 net/core/rtnetlink.c:6958
netlink_rcv_skb+0x232/0x4b0 net/netlink/af_netlink.c:2550
netlink_unicast_kernel net/netlink/af_netlink.c:1318 [inline]
netlink_unicast+0x80f/0x9b0 net/netlink/af_netlink.c:1344
netlink_sendmsg+0x813/0xb40 net/netlink/af_netlink.c:1894
sock_sendmsg_nosec+0x18f/0x1d0 net/socket.c:737
Call trace for netdevsim0[18] +1 at
__dev_hold include/linux/netdevice.h:4403 [inline]
netdev_hold include/linux/netdevice.h:4446 [inline]
dev_hold include/linux/netdevice.h:4469 [inline]
dev_get_by_index+0x1b3/0x2f0 net/core/dev.c:995
netdev_get_by_index+0x25/0xb0 net/core/dev.c:1018
fib6_nh_init+0x1f2/0x2010 net/ipv6/route.c:3598
ip6_route_info_create_nh+0x16a/0xad0 net/ipv6/route.c:3898
addrconf_f6i_alloc+0x3b7/0x630 net/ipv6/route.c:4690
ipv6_add_addr+0x59c/0x1100 net/ipv6/addrconf.c:1126
addrconf_add_linklocal+0x20c/0x460 net/ipv6/addrconf.c:3311
addrconf_addr_gen+0x2f8/0x360 net/ipv6/addrconf.c:3447
addrconf_notify+0xb1e/0x1050 net/ipv6/addrconf.c:3745
notifier_call_chain+0x1be/0x400 kernel/notifier.c:85
call_netdevice_notifiers_extack net/core/dev.c:2281 [inline]
call_netdevice_notifiers net/core/dev.c:2295 [inline]
__dev_notify_flags+0x1a9/0x310 net/core/dev.c:9788
netif_change_flags+0xe8/0x1a0 net/core/dev.c:9817
do_setlink+0xf82/0x4590 net/core/rtnetlink.c:3158
rtnl_changelink net/core/rtnetlink.c:3776 [inline]
__rtnl_newlink net/core/rtnetlink.c:3935 [inline]
rtnl_newlink+0x15a9/0x1be0 net/core/rtnetlink.c:4072
rtnetlink_rcv_msg+0x7d5/0xbe0 net/core/rtnetlink.c:6958
netlink_rcv_skb+0x232/0x4b0 net/netlink/af_netlink.c:2550
netlink_unicast_kernel net/netlink/af_netlink.c:1318 [inline]
netlink_unicast+0x80f/0x9b0 net/netlink/af_netlink.c:1344
netlink_sendmsg+0x813/0xb40 net/netlink/af_netlink.c:1894
sock_sendmsg_nosec+0x18f/0x1d0 net/socket.c:737
Call trace for netdevsim0[19] +1 at
__dev_hold include/linux/netdevice.h:4403 [inline]
netdev_hold include/linux/netdevice.h:4446 [inline]
dev_hold include/linux/netdevice.h:4469 [inline]
addr_event+0x302/0x480 drivers/infiniband/core/roce_gid_mgmt.c:897
inet6addr_event+0x9f/0xd0 drivers/infiniband/core/roce_gid_mgmt.c:930
notifier_call_chain+0x1be/0x400 kernel/notifier.c:85
atomic_notifier_call_chain+0xda/0x180 kernel/notifier.c:223
ipv6_add_addr+0xe08/0x1100 net/ipv6/addrconf.c:1186
addrconf_add_linklocal+0x20c/0x460 net/ipv6/addrconf.c:3311
addrconf_addr_gen+0x2f8/0x360 net/ipv6/addrconf.c:3447
addrconf_notify+0xb1e/0x1050 net/ipv6/addrconf.c:3745
notifier_call_chain+0x1be/0x400 kernel/notifier.c:85
call_netdevice_notifiers_extack net/core/dev.c:2281 [inline]
call_netdevice_notifiers net/core/dev.c:2295 [inline]
__dev_notify_flags+0x1a9/0x310 net/core/dev.c:9788
netif_change_flags+0xe8/0x1a0 net/core/dev.c:9817
do_setlink+0xf82/0x4590 net/core/rtnetlink.c:3158
rtnl_changelink net/core/rtnetlink.c:3776 [inline]
__rtnl_newlink net/core/rtnetlink.c:3935 [inline]
rtnl_newlink+0x15a9/0x1be0 net/core/rtnetlink.c:4072
rtnetlink_rcv_msg+0x7d5/0xbe0 net/core/rtnetlink.c:6958
netlink_rcv_skb+0x232/0x4b0 net/netlink/af_netlink.c:2550
netlink_unicast_kernel net/netlink/af_netlink.c:1318 [inline]
netlink_unicast+0x80f/0x9b0 net/netlink/af_netlink.c:1344
netlink_sendmsg+0x813/0xb40 net/netlink/af_netlink.c:1894
sock_sendmsg_nosec+0x18f/0x1d0 net/socket.c:737
Call trace for netdevsim0[20] -2 at
__dev_put include/linux/netdevice.h:4389 [inline]
netdev_put include/linux/netdevice.h:4456 [inline]
dev_put include/linux/netdevice.h:4481 [inline]
update_gid_event_work_handler+0x84/0xf0 drivers/infiniband/core/roce_gid_mgmt.c:861
process_one_work+0x949/0x1650 kernel/workqueue.c:3279
Call trace for netdevsim0[21] +1 at
__dev_hold include/linux/netdevice.h:4403 [inline]
netdev_hold include/linux/netdevice.h:4446 [inline]
dev_hold include/linux/netdevice.h:4469 [inline]
dev_get_by_index+0x1b3/0x2f0 net/core/dev.c:995
netdev_get_by_index+0x25/0xb0 net/core/dev.c:1018
fib6_nh_init+0x1f2/0x2010 net/ipv6/route.c:3598
ip6_route_info_create_nh+0x16a/0xad0 net/ipv6/route.c:3898
ip6_route_add+0x6e/0x1b0 net/ipv6/route.c:3950
addrconf_prefix_route+0x3a2/0x480 net/ipv6/addrconf.c:2488
addrconf_add_linklocal+0x266/0x460 net/ipv6/addrconf.c:3313
addrconf_addr_gen+0x2f8/0x360 net/ipv6/addrconf.c:3447
addrconf_notify+0xb1e/0x1050 net/ipv6/addrconf.c:3745
notifier_call_chain+0x1be/0x400 kernel/notifier.c:85
call_netdevice_notifiers_extack net/core/dev.c:2281 [inline]
call_netdevice_notifiers net/core/dev.c:2295 [inline]
__dev_notify_flags+0x1a9/0x310 net/core/dev.c:9788
netif_change_flags+0xe8/0x1a0 net/core/dev.c:9817
do_setlink+0xf82/0x4590 net/core/rtnetlink.c:3158
rtnl_changelink net/core/rtnetlink.c:3776 [inline]
__rtnl_newlink net/core/rtnetlink.c:3935 [inline]
rtnl_newlink+0x15a9/0x1be0 net/core/rtnetlink.c:4072
rtnetlink_rcv_msg+0x7d5/0xbe0 net/core/rtnetlink.c:6958
netlink_rcv_skb+0x232/0x4b0 net/netlink/af_netlink.c:2550
netlink_unicast_kernel net/netlink/af_netlink.c:1318 [inline]
netlink_unicast+0x80f/0x9b0 net/netlink/af_netlink.c:1344
netlink_sendmsg+0x813/0xb40 net/netlink/af_netlink.c:1894
sock_sendmsg_nosec+0x18f/0x1d0 net/socket.c:737
Call trace for netdevsim0[22] +2 at
__dev_hold include/linux/netdevice.h:4403 [inline]
netdev_hold include/linux/netdevice.h:4446 [inline]
dst_init+0x6f/0x490 net/core/dst.c:52
dst_alloc+0x12a/0x170 net/core/dst.c:94
ip6_dst_alloc net/ipv6/route.c:342 [inline]
icmp6_dst_alloc+0x75/0x440 net/ipv6/route.c:3333
mld_sendpack+0x6ba/0xe40 net/ipv6/mcast.c:1844
mld_send_cr net/ipv6/mcast.c:2154 [inline]
mld_ifc_work+0x835/0xe70 net/ipv6/mcast.c:2693
process_one_work+0x949/0x1650 kernel/workqueue.c:3279
Call trace for netdevsim0[23] +1 at
__dev_hold include/linux/netdevice.h:4403 [inline]
netdev_hold include/linux/netdevice.h:4446 [inline]
___neigh_create+0xc3d/0x2290 net/core/neighbour.c:664
ip6_finish_output2+0x1038/0x1360 net/ipv6/ip6_output.c:128
NF_HOOK_COND include/linux/netfilter.h:307 [inline]
ip6_output+0x340/0x550 net/ipv6/ip6_output.c:247
NF_HOOK+0xa2/0x3a0 include/linux/netfilter.h:318
mld_sendpack+0x8b4/0xe40 net/ipv6/mcast.c:1855
mld_send_cr net/ipv6/mcast.c:2154 [inline]
mld_ifc_work+0x835/0xe70 net/ipv6/mcast.c:2693
process_one_work+0x949/0x1650 kernel/workqueue.c:3279
Call trace for netdevsim0[24] -12 at
__dev_put include/linux/netdevice.h:4389 [inline]
netdev_put include/linux/netdevice.h:4456 [inline]
dst_destroy+0x117/0x360 net/core/dst.c:115
rcu_do_batch kernel/rcu/tree.c:2617 [inline]
rcu_core+0x7cd/0x1070 kernel/rcu/tree.c:2869
handle_softirqs+0x22a/0x870 kernel/softirq.c:626
Call trace for netdevsim0[25] +1 at
__dev_hold include/linux/netdevice.h:4403 [inline]
netdev_hold include/linux/netdevice.h:4446 [inline]
dst_init+0x6f/0x490 net/core/dst.c:52
dst_alloc+0x12a/0x170 net/core/dst.c:94
ip6_dst_alloc net/ipv6/route.c:342 [inline]
icmp6_dst_alloc+0x75/0x440 net/ipv6/route.c:3333
ndisc_send_skb+0x42d/0x14e0 net/ipv6/ndisc.c:491
ndisc_send_ns+0xd7/0x160 net/ipv6/ndisc.c:670
addrconf_dad_work+0xac4/0x14c0 net/ipv6/addrconf.c:4287
process_one_work+0x949/0x1650 kernel/workqueue.c:3279
Call trace for netdevsim0[26] +1 at
__dev_hold include/linux/netdevice.h:4403 [inline]
netdev_hold include/linux/netdevice.h:4446 [inline]
___neigh_create+0xc3d/0x2290 net/core/neighbour.c:664
ip6_finish_output2+0x1038/0x1360 net/ipv6/ip6_output.c:128
NF_HOOK_COND include/linux/netfilter.h:307 [inline]
ip6_output+0x340/0x550 net/ipv6/ip6_output.c:247
NF_HOOK include/linux/netfilter.h:318 [inline]
ndisc_send_skb+0xbaa/0x14e0 net/ipv6/ndisc.c:512
ndisc_send_ns+0xd7/0x160 net/ipv6/ndisc.c:670
addrconf_dad_work+0xac4/0x14c0 net/ipv6/addrconf.c:4287
process_one_work+0x949/0x1650 kernel/workqueue.c:3279
Call trace for netdevsim0[27] +1 at
__dev_hold include/linux/netdevice.h:4403 [inline]
netdev_hold include/linux/netdevice.h:4446 [inline]
dst_init+0x6f/0x490 net/core/dst.c:52
dst_alloc+0x12a/0x170 net/core/dst.c:94
ip6_dst_alloc net/ipv6/route.c:342 [inline]
icmp6_dst_alloc+0x75/0x440 net/ipv6/route.c:3333
mld_sendpack+0x6ba/0xe40 net/ipv6/mcast.c:1844
ipv6_mc_dad_complete+0x88/0x540 net/ipv6/mcast.c:2279
addrconf_dad_completed+0x8a7/0xe60 net/ipv6/addrconf.c:4345
addrconf_dad_work+0xc5e/0x14c0 net/ipv6/addrconf.c:-1
process_one_work+0x949/0x1650 kernel/workqueue.c:3279
Call trace for netdevsim0[28] +1 at
__dev_hold include/linux/netdevice.h:4403 [inline]
netdev_hold include/linux/netdevice.h:4446 [inline]
dst_init+0x6f/0x490 net/core/dst.c:52
dst_alloc+0x12a/0x170 net/core/dst.c:94
ip6_dst_alloc net/ipv6/route.c:342 [inline]
icmp6_dst_alloc+0x75/0x440 net/ipv6/route.c:3333
ndisc_send_skb+0x42d/0x14e0 net/ipv6/ndisc.c:491
addrconf_dad_completed+0x909/0xe60 net/ipv6/addrconf.c:4365
addrconf_dad_work+0xc5e/0x14c0 net/ipv6/addrconf.c:-1
process_one_work+0x949/0x1650 kernel/workqueue.c:3279
Call trace for netdevsim0[29] +1 at
__dev_hold include/linux/netdevice.h:4403 [inline]
netdev_hold include/linux/netdevice.h:4446 [inline]
___neigh_create+0xc3d/0x2290 net/core/neighbour.c:664
ip6_finish_output2+0x1038/0x1360 net/ipv6/ip6_output.c:128
NF_HOOK_COND include/linux/netfilter.h:307 [inline]
ip6_output+0x340/0x550 net/ipv6/ip6_output.c:247
NF_HOOK include/linux/netfilter.h:318 [inline]
ndisc_send_skb+0xbaa/0x14e0 net/ipv6/ndisc.c:512
addrconf_dad_completed+0x909/0xe60 net/ipv6/addrconf.c:4365
addrconf_dad_work+0xc5e/0x14c0 net/ipv6/addrconf.c:-1
process_one_work+0x949/0x1650 kernel/workqueue.c:3279
Call trace for netdevsim0[30] +1 at
__dev_hold include/linux/netdevice.h:4403 [inline]
netdev_hold include/linux/netdevice.h:4446 [inline]
dst_init+0x6f/0x490 net/core/dst.c:52
dst_alloc+0x12a/0x170 net/core/dst.c:94
ip6_dst_alloc net/ipv6/route.c:342 [inline]
icmp6_dst_alloc+0x75/0x440 net/ipv6/route.c:3333
mld_sendpack+0x6ba/0xe40 net/ipv6/mcast.c:1844
mld_dad_work+0x45/0x5b0 net/ipv6/mcast.c:2294
process_one_work+0x949/0x1650 kernel/workqueue.c:3279
Call trace for netdevsim0[31] +6 at
__dev_hold include/linux/netdevice.h:4403 [inline]
netdev_hold include/linux/netdevice.h:4446 [inline]
dst_init+0x6f/0x490 net/core/dst.c:52
dst_alloc+0x12a/0x170 net/core/dst.c:94
ip6_dst_alloc net/ipv6/route.c:342 [inline]
icmp6_dst_alloc+0x75/0x440 net/ipv6/route.c:3333
ndisc_send_skb+0x42d/0x14e0 net/ipv6/ndisc.c:491
addrconf_rs_timer+0x395/0x6d0 net/ipv6/addrconf.c:4042
call_timer_fn+0x192/0x640 kernel/time/timer.c:1748
expire_timers kernel/time/timer.c:1799 [inline]
__run_timers kernel/time/timer.c:2373 [inline]
__run_timer_base+0x652/0x8b0 kernel/time/timer.c:2385
run_timer_base kernel/time/timer.c:2394 [inline]
run_timer_softirq+0xb7/0x170 kernel/time/timer.c:2404
handle_softirqs+0x22a/0x870 kernel/softirq.c:626
Call trace for netdevsim0[32] -4 at
__dev_put include/linux/netdevice.h:4389 [inline]
netdev_put include/linux/netdevice.h:4456 [inline]
neigh_destroy+0x35c/0x5d0 net/core/neighbour.c:940
neigh_periodic_work+0xb4f/0xe50 net/core/neighbour.c:1029
process_one_work+0x949/0x1650 kernel/workqueue.c:3279
process_scheduled_works kernel/workqueue.c:3362 [inline]
worker_thread+0xb46/0x1140 kernel/workqueue.c:3443
kthread+0x388/0x470 kernel/kthread.c:467
ret_from_fork+0x51e/0xb90 arch/x86/kernel/process.c:158
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
Call trace for netdevsim0[33] +1 at
__dev_hold include/linux/netdevice.h:4403 [inline]
netdev_hold include/linux/netdevice.h:4446 [inline]
dev_hold include/linux/netdevice.h:4469 [inline]
dev_get_by_index+0x1b3/0x2f0 net/core/dev.c:995
xfrm_dev_state_add+0x33a/0xc40 net/xfrm/xfrm_device.c:268
xfrm_state_construct net/xfrm/xfrm_user.c:986 [inline]
xfrm_add_sa+0x34ca/0x4230 net/xfrm/xfrm_user.c:1022
xfrm_user_rcv_msg+0x746/0xb20 net/xfrm/xfrm_user.c:3507
netlink_rcv_skb+0x232/0x4b0 net/netlink/af_netlink.c:2550
xfrm_netlink_rcv+0x79/0x90 net/xfrm/xfrm_user.c:3529
netlink_unicast_kernel net/netlink/af_netlink.c:1318 [inline]
netlink_unicast+0x80f/0x9b0 net/netlink/af_netlink.c:1344
netlink_sendmsg+0x813/0xb40 net/netlink/af_netlink.c:1894
sock_sendmsg_nosec+0x18f/0x1d0 net/socket.c:737
Call trace for netdevsim0[34] +2 at
__dev_hold include/linux/netdevice.h:4403 [inline]
netdev_hold include/linux/netdevice.h:4446 [inline]
___neigh_create+0xc3d/0x2290 net/core/neighbour.c:664
ip6_finish_output2+0x1038/0x1360 net/ipv6/ip6_output.c:128
NF_HOOK_COND include/linux/netfilter.h:307 [inline]
ip6_output+0x340/0x550 net/ipv6/ip6_output.c:247
NF_HOOK include/linux/netfilter.h:318 [inline]
ndisc_send_skb+0xbaa/0x14e0 net/ipv6/ndisc.c:512
addrconf_rs_timer+0x395/0x6d0 net/ipv6/addrconf.c:4042
call_timer_fn+0x192/0x640 kernel/time/timer.c:1748
expire_timers kernel/time/timer.c:1799 [inline]
__run_timers kernel/time/timer.c:2373 [inline]
__run_timer_base+0x652/0x8b0 kernel/time/timer.c:2385
run_timer_base kernel/time/timer.c:2394 [inline]
run_timer_softirq+0xb7/0x170 kernel/time/timer.c:2404
handle_softirqs+0x22a/0x870 kernel/softirq.c:626
Call trace for netdevsim0[35] +1 at
__dev_hold include/linux/netdevice.h:4403 [inline]
netdev_hold include/linux/netdevice.h:4446 [inline]
dev_hold include/linux/netdevice.h:4469 [inline]
dev_get_by_name+0xdb/0x210 net/core/dev.c:909
netdev_get_by_name+0x27/0xb0 net/core/dev.c:933
ethnl_parse_header_dev_get+0x445/0x8b0 net/ethtool/netlink.c:194
ethnl_default_parse net/ethtool/netlink.c:457 [inline]
ethnl_default_set_doit+0x224/0xae0 net/ethtool/netlink.c:895
genl_family_rcv_msg_doit+0x22a/0x330 net/netlink/genetlink.c:1115
genl_family_rcv_msg net/netlink/genetlink.c:1195 [inline]
genl_rcv_msg+0x61c/0x7a0 net/netlink/genetlink.c:1210
netlink_rcv_skb+0x232/0x4b0 net/netlink/af_netlink.c:2550
genl_rcv+0x28/0x40 net/netlink/genetlink.c:1219
netlink_unicast_kernel net/netlink/af_netlink.c:1318 [inline]
netlink_unicast+0x80f/0x9b0 net/netlink/af_netlink.c:1344
netlink_sendmsg+0x813/0xb40 net/netlink/af_netlink.c:1894
sock_sendmsg_nosec+0x18f/0x1d0 net/socket.c:737
Call trace for netdevsim0[36] -1 at
__dev_put include/linux/netdevice.h:4389 [inline]
netdev_put include/linux/netdevice.h:4456 [inline]
ethnl_parse_header_dev_put net/ethtool/netlink.h:274 [inline]
ethnl_default_set_doit+0x92e/0xae0 net/ethtool/netlink.c:940
genl_family_rcv_msg_doit+0x22a/0x330 net/netlink/genetlink.c:1115
genl_family_rcv_msg net/netlink/genetlink.c:1195 [inline]
genl_rcv_msg+0x61c/0x7a0 net/netlink/genetlink.c:1210
netlink_rcv_skb+0x232/0x4b0 net/netlink/af_netlink.c:2550
genl_rcv+0x28/0x40 net/netlink/genetlink.c:1219
netlink_unicast_kernel net/netlink/af_netlink.c:1318 [inline]
netlink_unicast+0x80f/0x9b0 net/netlink/af_netlink.c:1344
netlink_sendmsg+0x813/0xb40 net/netlink/af_netlink.c:1894
sock_sendmsg_nosec+0x18f/0x1d0 net/socket.c:737
Call trace for netdevsim0[37] +1 at
__dev_hold include/linux/netdevice.h:4403 [inline]
netdev_hold include/linux/netdevice.h:4446 [inline]
linkwatch_add_event net/core/link_watch.c:131 [inline]
linkwatch_fire_event+0x166/0x220 net/core/link_watch.c:314
nsim_stop+0x88/0x430 drivers/net/netdevsim/netdev.c:595
__dev_close_many+0x368/0x6d0 net/core/dev.c:1768
netif_close_many+0x225/0x420 net/core/dev.c:1793
netif_close_many_and_unlock net/core/dev.c:12317 [inline]
unregister_netdevice_many_notify+0x81f/0x2380 net/core/dev.c:12381
unregister_netdevice_many net/core/dev.c:12480 [inline]
unregister_netdevice_queue+0x31f/0x360 net/core/dev.c:12294
unregister_netdevice include/linux/netdevice.h:3414 [inline]
nsim_destroy+0x1e5/0x680 drivers/net/netdevsim/netdev.c:1183
__nsim_dev_port_del+0x14d/0x1b0 drivers/net/netdevsim/dev.c:1529
nsim_dev_port_del_all drivers/net/netdevsim/dev.c:1541 [inline]
nsim_dev_reload_destroy+0x288/0x490 drivers/net/netdevsim/dev.c:1765
nsim_dev_reload_down+0x8a/0xc0 drivers/net/netdevsim/dev.c:1039
devlink_reload+0x1d1/0x8e0 net/devlink/dev.c:461
devlink_pernet_pre_exit+0x1e6/0x3f0 net/devlink/core.c:509
ops_pre_exit_list net/core/net_namespace.c:161 [inline]
ops_undo_list+0x187/0x940 net/core/net_namespace.c:234
cleanup_net+0x4df/0x7b0 net/core/net_namespace.c:696
process_one_work+0x949/0x1650 kernel/workqueue.c:3279
Call trace for netdevsim0[38] -1 at
__dev_put include/linux/netdevice.h:4389 [inline]
netdev_put include/linux/netdevice.h:4456 [inline]
neigh_destroy+0x35c/0x5d0 net/core/neighbour.c:940
neigh_flush_dev net/core/neighbour.c:433 [inline]
__neigh_ifdown+0x1e8/0x8c0 net/core/neighbour.c:467
neigh_ifdown+0x1f/0x30 net/core/neighbour.c:491
rt6_disable_ip+0x776/0x7f0 net/ipv6/route.c:5018
addrconf_ifdown+0x161/0x1a40 net/ipv6/addrconf.c:3858
addrconf_notify+0x1bc/0x1050 net/ipv6/addrconf.c:-1
notifier_call_chain+0x1be/0x400 kernel/notifier.c:85
call_netdevice_notifiers_extack net/core/dev.c:2281 [inline]
call_netdevice_notifiers net/core/dev.c:2295 [inline]
netif_close_many+0x2ae/0x420 net/core/dev.c:1797
netif_close_many_and_unlock net/core/dev.c:12317 [inline]
unregister_netdevice_many_notify+0x81f/0x2380 net/core/dev.c:12381
unregister_netdevice_many net/core/dev.c:12480 [inline]
unregister_netdevice_queue+0x31f/0x360 net/core/dev.c:12294
unregister_netdevice include/linux/netdevice.h:3414 [inline]
nsim_destroy+0x1e5/0x680 drivers/net/netdevsim/netdev.c:1183
__nsim_dev_port_del+0x14d/0x1b0 drivers/net/netdevsim/dev.c:1529
nsim_dev_port_del_all drivers/net/netdevsim/dev.c:1541 [inline]
nsim_dev_reload_destroy+0x288/0x490 drivers/net/netdevsim/dev.c:1765
nsim_dev_reload_down+0x8a/0xc0 drivers/net/netdevsim/dev.c:1039
devlink_reload+0x1d1/0x8e0 net/devlink/dev.c:461
devlink_pernet_pre_exit+0x1e6/0x3f0 net/devlink/core.c:509
ops_pre_exit_list net/core/net_namespace.c:161 [inline]
ops_undo_list+0x187/0x940 net/core/net_namespace.c:234
cleanup_net+0x4df/0x7b0 net/core/net_namespace.c:696
process_one_work+0x949/0x1650 kernel/workqueue.c:3279
process_scheduled_works kernel/workqueue.c:3362 [inline]
worker_thread+0xb46/0x1140 kernel/workqueue.c:3443
Call trace for netdevsim0[39] +1 at
__dev_hold include/linux/netdevice.h:4403 [inline]
netdev_hold include/linux/netdevice.h:4446 [inline]
dev_hold include/linux/netdevice.h:4469 [inline]
addr_event+0x302/0x480 drivers/infiniband/core/roce_gid_mgmt.c:897
inet6addr_event+0x9f/0xd0 drivers/infiniband/core/roce_gid_mgmt.c:930
notifier_call_chain+0x1be/0x400 kernel/notifier.c:85
atomic_notifier_call_chain+0xda/0x180 kernel/notifier.c:223
addrconf_ifdown+0xeb3/0x1a40 net/ipv6/addrconf.c:3983
addrconf_notify+0x1bc/0x1050 net/ipv6/addrconf.c:-1
notifier_call_chain+0x1be/0x400 kernel/notifier.c:85
call_netdevice_notifiers_extack net/core/dev.c:2281 [inline]
call_netdevice_notifiers net/core/dev.c:2295 [inline]
netif_close_many+0x2ae/0x420 net/core/dev.c:1797
netif_close_many_and_unlock net/core/dev.c:12317 [inline]
unregister_netdevice_many_notify+0x81f/0x2380 net/core/dev.c:12381
unregister_netdevice_many net/core/dev.c:12480 [inline]
unregister_netdevice_queue+0x31f/0x360 net/core/dev.c:12294
unregister_netdevice include/linux/netdevice.h:3414 [inline]
nsim_destroy+0x1e5/0x680 drivers/net/netdevsim/netdev.c:1183
__nsim_dev_port_del+0x14d/0x1b0 drivers/net/netdevsim/dev.c:1529
nsim_dev_port_del_all drivers/net/netdevsim/dev.c:1541 [inline]
nsim_dev_reload_destroy+0x288/0x490 drivers/net/netdevsim/dev.c:1765
nsim_dev_reload_down+0x8a/0xc0 drivers/net/netdevsim/dev.c:1039
devlink_reload+0x1d1/0x8e0 net/devlink/dev.c:461
devlink_pernet_pre_exit+0x1e6/0x3f0 net/devlink/core.c:509
ops_pre_exit_list net/core/net_namespace.c:161 [inline]
ops_undo_list+0x187/0x940 net/core/net_namespace.c:234
cleanup_net+0x4df/0x7b0 net/core/net_namespace.c:696
process_one_work+0x949/0x1650 kernel/workqueue.c:3279
Call trace for netdevsim0[40] -3 at
__dev_put include/linux/netdevice.h:4389 [inline]
netdev_put include/linux/netdevice.h:4456 [inline]
fib_nh_common_release+0x5c/0x430 net/ipv4/fib_semantics.c:204
fib6_info_destroy_rcu+0xca/0x1c0 net/ipv6/ip6_fib.c:177
rcu_do_batch kernel/rcu/tree.c:2617 [inline]
rcu_core+0x7cd/0x1070 kernel/rcu/tree.c:2869
handle_softirqs+0x22a/0x870 kernel/softirq.c:626
Call trace for netdevsim0[41] -1 at
__dev_put include/linux/netdevice.h:4389 [inline]
netdev_put include/linux/netdevice.h:4456 [inline]
__qdisc_destroy+0x1c9/0x450 net/sched/sch_generic.c:1081
qdisc_put net/sched/sch_generic.c:1105 [inline]
dev_shutdown+0x34c/0x440 net/sched/sch_generic.c:1493
unregister_netdevice_many_notify+0x11a9/0x2380 net/core/dev.c:12405
unregister_netdevice_many net/core/dev.c:12480 [inline]
unregister_netdevice_queue+0x31f/0x360 net/core/dev.c:12294
unregister_netdevice include/linux/netdevice.h:3414 [inline]
nsim_destroy+0x1e5/0x680 drivers/net/netdevsim/netdev.c:1183
__nsim_dev_port_del+0x14d/0x1b0 drivers/net/netdevsim/dev.c:1529
nsim_dev_port_del_all drivers/net/netdevsim/dev.c:1541 [inline]
nsim_dev_reload_destroy+0x288/0x490 drivers/net/netdevsim/dev.c:1765
nsim_dev_reload_down+0x8a/0xc0 drivers/net/netdevsim/dev.c:1039
devlink_reload+0x1d1/0x8e0 net/devlink/dev.c:461
devlink_pernet_pre_exit+0x1e6/0x3f0 net/devlink/core.c:509
ops_pre_exit_list net/core/net_namespace.c:161 [inline]
ops_undo_list+0x187/0x940 net/core/net_namespace.c:234
cleanup_net+0x4df/0x7b0 net/core/net_namespace.c:696
process_one_work+0x949/0x1650 kernel/workqueue.c:3279
Call trace for netdevsim0[42] +1 at
__dev_hold include/linux/netdevice.h:4403 [inline]
netdev_hold include/linux/netdevice.h:4446 [inline]
dev_hold include/linux/netdevice.h:4469 [inline]
netdevice_queue_work drivers/infiniband/core/roce_gid_mgmt.c:698 [inline]
netdevice_event+0x4ea/0x8d0 drivers/infiniband/core/roce_gid_mgmt.c:849
notifier_call_chain+0x1be/0x400 kernel/notifier.c:85
call_netdevice_notifiers_extack net/core/dev.c:2281 [inline]
call_netdevice_notifiers net/core/dev.c:2295 [inline]
unregister_netdevice_many_notify+0x186a/0x2380 net/core/dev.c:12417
unregister_netdevice_many net/core/dev.c:12480 [inline]
unregister_netdevice_queue+0x31f/0x360 net/core/dev.c:12294
unregister_netdevice include/linux/netdevice.h:3414 [inline]
nsim_destroy+0x1e5/0x680 drivers/net/netdevsim/netdev.c:1183
__nsim_dev_port_del+0x14d/0x1b0 drivers/net/netdevsim/dev.c:1529
nsim_dev_port_del_all drivers/net/netdevsim/dev.c:1541 [inline]
nsim_dev_reload_destroy+0x288/0x490 drivers/net/netdevsim/dev.c:1765
nsim_dev_reload_down+0x8a/0xc0 drivers/net/netdevsim/dev.c:1039
devlink_reload+0x1d1/0x8e0 net/devlink/dev.c:461
devlink_pernet_pre_exit+0x1e6/0x3f0 net/devlink/core.c:509
ops_pre_exit_list net/core/net_namespace.c:161 [inline]
ops_undo_list+0x187/0x940 net/core/net_namespace.c:234
cleanup_net+0x4df/0x7b0 net/core/net_namespace.c:696
process_one_work+0x949/0x1650 kernel/workqueue.c:3279
Call trace for netdevsim0[43] +1 at
__dev_hold include/linux/netdevice.h:4403 [inline]
netdev_hold include/linux/netdevice.h:4446 [inline]
dev_hold include/linux/netdevice.h:4469 [inline]
netdevice_queue_work drivers/infiniband/core/roce_gid_mgmt.c:699 [inline]
netdevice_event+0x593/0x8d0 drivers/infiniband/core/roce_gid_mgmt.c:849
notifier_call_chain+0x1be/0x400 kernel/notifier.c:85
call_netdevice_notifiers_extack net/core/dev.c:2281 [inline]
call_netdevice_notifiers net/core/dev.c:2295 [inline]
unregister_netdevice_many_notify+0x186a/0x2380 net/core/dev.c:12417
unregister_netdevice_many net/core/dev.c:12480 [inline]
unregister_netdevice_queue+0x31f/0x360 net/core/dev.c:12294
unregister_netdevice include/linux/netdevice.h:3414 [inline]
nsim_destroy+0x1e5/0x680 drivers/net/netdevsim/netdev.c:1183
__nsim_dev_port_del+0x14d/0x1b0 drivers/net/netdevsim/dev.c:1529
nsim_dev_port_del_all drivers/net/netdevsim/dev.c:1541 [inline]
nsim_dev_reload_destroy+0x288/0x490 drivers/net/netdevsim/dev.c:1765
nsim_dev_reload_down+0x8a/0xc0 drivers/net/netdevsim/dev.c:1039
devlink_reload+0x1d1/0x8e0 net/devlink/dev.c:461
devlink_pernet_pre_exit+0x1e6/0x3f0 net/devlink/core.c:509
ops_pre_exit_list net/core/net_namespace.c:161 [inline]
ops_undo_list+0x187/0x940 net/core/net_namespace.c:234
cleanup_net+0x4df/0x7b0 net/core/net_namespace.c:696
process_one_work+0x949/0x1650 kernel/workqueue.c:3279
Call trace for netdevsim0[44] -1 at
__dev_put include/linux/netdevice.h:4389 [inline]
netdev_put include/linux/netdevice.h:4456 [inline]
neigh_parms_release+0x170/0x200 net/core/neighbour.c:1817
inetdev_destroy net/ipv4/devinet.c:335 [inline]
inetdev_event+0x7f4/0x1610 net/ipv4/devinet.c:1655
notifier_call_chain+0x1be/0x400 kernel/notifier.c:85
call_netdevice_notifiers_extack net/core/dev.c:2281 [inline]
call_netdevice_notifiers net/core/dev.c:2295 [inline]
unregister_netdevice_many_notify+0x186a/0x2380 net/core/dev.c:12417
unregister_netdevice_many net/core/dev.c:12480 [inline]
unregister_netdevice_queue+0x31f/0x360 net/core/dev.c:12294
unregister_netdevice include/linux/netdevice.h:3414 [inline]
nsim_destroy+0x1e5/0x680 drivers/net/netdevsim/netdev.c:1183
__nsim_dev_port_del+0x14d/0x1b0 drivers/net/netdevsim/dev.c:1529
nsim_dev_port_del_all drivers/net/netdevsim/dev.c:1541 [inline]
nsim_dev_reload_destroy+0x288/0x490 drivers/net/netdevsim/dev.c:1765
nsim_dev_reload_down+0x8a/0xc0 drivers/net/netdevsim/dev.c:1039
devlink_reload+0x1d1/0x8e0 net/devlink/dev.c:461
devlink_pernet_pre_exit+0x1e6/0x3f0 net/devlink/core.c:509
ops_pre_exit_list net/core/net_namespace.c:161 [inline]
ops_undo_list+0x187/0x940 net/core/net_namespace.c:234
cleanup_net+0x4df/0x7b0 net/core/net_namespace.c:696
process_one_work+0x949/0x1650 kernel/workqueue.c:3279
Call trace for netdevsim0[45] -1 at
__dev_put include/linux/netdevice.h:4389 [inline]
netdev_put include/linux/netdevice.h:4456 [inline]
in_dev_finish_destroy+0xa7/0x1a0 net/ipv4/devinet.c:258
in_dev_put include/linux/inetdevice.h:290 [inline]
inetdev_destroy net/ipv4/devinet.c:338 [inline]
inetdev_event+0x83b/0x1610 net/ipv4/devinet.c:1655
notifier_call_chain+0x1be/0x400 kernel/notifier.c:85
call_netdevice_notifiers_extack net/core/dev.c:2281 [inline]
call_netdevice_notifiers net/core/dev.c:2295 [inline]
unregister_netdevice_many_notify+0x186a/0x2380 net/core/dev.c:12417
unregister_netdevice_many net/core/dev.c:12480 [inline]
unregister_netdevice_queue+0x31f/0x360 net/core/dev.c:12294
unregister_netdevice include/linux/netdevice.h:3414 [inline]
nsim_destroy+0x1e5/0x680 drivers/net/netdevsim/netdev.c:1183
__nsim_dev_port_del+0x14d/0x1b0 drivers/net/netdevsim/dev.c:1529
nsim_dev_port_del_all drivers/net/netdevsim/dev.c:1541 [inline]
nsim_dev_reload_destroy+0x288/0x490 drivers/net/netdevsim/dev.c:1765
nsim_dev_reload_down+0x8a/0xc0 drivers/net/netdevsim/dev.c:1039
devlink_reload+0x1d1/0x8e0 net/devlink/dev.c:461
devlink_pernet_pre_exit+0x1e6/0x3f0 net/devlink/core.c:509
ops_pre_exit_list net/core/net_namespace.c:161 [inline]
ops_undo_list+0x187/0x940 net/core/net_namespace.c:234
cleanup_net+0x4df/0x7b0 net/core/net_namespace.c:696
process_one_work+0x949/0x1650 kernel/workqueue.c:3279
Call trace for netdevsim0[46] -1 at
__dev_put include/linux/netdevice.h:4389 [inline]
netdev_put include/linux/netdevice.h:4456 [inline]
neigh_parms_release+0x170/0x200 net/core/neighbour.c:1817
addrconf_ifdown+0x177b/0x1a40 net/ipv6/addrconf.c:4012
addrconf_notify+0x1bc/0x1050 net/ipv6/addrconf.c:-1
notifier_call_chain+0x1be/0x400 kernel/notifier.c:85
call_netdevice_notifiers_extack net/core/dev.c:2281 [inline]
call_netdevice_notifiers net/core/dev.c:2295 [inline]
unregister_netdevice_many_notify+0x186a/0x2380 net/core/dev.c:12417
unregister_netdevice_many net/core/dev.c:12480 [inline]
unregister_netdevice_queue+0x31f/0x360 net/core/dev.c:12294
unregister_netdevice include/linux/netdevice.h:3414 [inline]
nsim_destroy+0x1e5/0x680 drivers/net/netdevsim/netdev.c:1183
__nsim_dev_port_del+0x14d/0x1b0 drivers/net/netdevsim/dev.c:1529
nsim_dev_port_del_all drivers/net/netdevsim/dev.c:1541 [inline]
nsim_dev_reload_destroy+0x288/0x490 drivers/net/netdevsim/dev.c:1765
nsim_dev_reload_down+0x8a/0xc0 drivers/net/netdevsim/dev.c:1039
devlink_reload+0x1d1/0x8e0 net/devlink/dev.c:461
devlink_pernet_pre_exit+0x1e6/0x3f0 net/devlink/core.c:509
ops_pre_exit_list net/core/net_namespace.c:161 [inline]
ops_undo_list+0x187/0x940 net/core/net_namespace.c:234
cleanup_net+0x4df/0x7b0 net/core/net_namespace.c:696
process_one_work+0x949/0x1650 kernel/workqueue.c:3279
Call trace for netdevsim0[47] -1 at
__dev_put include/linux/netdevice.h:4389 [inline]
netdev_put include/linux/netdevice.h:4456 [inline]
in6_dev_finish_destroy+0xdd/0x1e0 net/ipv6/addrconf_core.c:273
in6_dev_put include/net/addrconf.h:422 [inline]
addrconf_ifdown+0x17d1/0x1a40 net/ipv6/addrconf.c:4014
addrconf_notify+0x1bc/0x1050 net/ipv6/addrconf.c:-1
notifier_call_chain+0x1be/0x400 kernel/notifier.c:85
call_netdevice_notifiers_extack net/core/dev.c:2281 [inline]
call_netdevice_notifiers net/core/dev.c:2295 [inline]
unregister_netdevice_many_notify+0x186a/0x2380 net/core/dev.c:12417
unregister_netdevice_many net/core/dev.c:12480 [inline]
unregister_netdevice_queue+0x31f/0x360 net/core/dev.c:12294
unregister_netdevice include/linux/netdevice.h:3414 [inline]
nsim_destroy+0x1e5/0x680 drivers/net/netdevsim/netdev.c:1183
__nsim_dev_port_del+0x14d/0x1b0 drivers/net/netdevsim/dev.c:1529
nsim_dev_port_del_all drivers/net/netdevsim/dev.c:1541 [inline]
nsim_dev_reload_destroy+0x288/0x490 drivers/net/netdevsim/dev.c:1765
nsim_dev_reload_down+0x8a/0xc0 drivers/net/netdevsim/dev.c:1039
devlink_reload+0x1d1/0x8e0 net/devlink/dev.c:461
devlink_pernet_pre_exit+0x1e6/0x3f0 net/devlink/core.c:509
ops_pre_exit_list net/core/net_namespace.c:161 [inline]
ops_undo_list+0x187/0x940 net/core/net_namespace.c:234
cleanup_net+0x4df/0x7b0 net/core/net_namespace.c:696
process_one_work+0x949/0x1650 kernel/workqueue.c:3279
Call trace for netdevsim0[48] -1 at
__dev_put include/linux/netdevice.h:4389 [inline]
netdev_put include/linux/netdevice.h:4456 [inline]
batadv_hardif_release net/batman-adv/hard-interface.c:55 [inline]
kref_put include/linux/kref.h:65 [inline]
batadv_hardif_put+0x8f/0x140 net/batman-adv/hard-interface.h:94
batadv_hard_if_event+0x624/0x1240 net/batman-adv/hard-interface.c:1008
notifier_call_chain+0x1be/0x400 kernel/notifier.c:85
call_netdevice_notifiers_extack net/core/dev.c:2281 [inline]
call_netdevice_notifiers net/core/dev.c:2295 [inline]
unregister_netdevice_many_notify+0x186a/0x2380 net/core/dev.c:12417
unregister_netdevice_many net/core/dev.c:12480 [inline]
unregister_netdevice_queue+0x31f/0x360 net/core/dev.c:12294
unregister_netdevice include/linux/netdevice.h:3414 [inline]
nsim_destroy+0x1e5/0x680 drivers/net/netdevsim/netdev.c:1183
__nsim_dev_port_del+0x14d/0x1b0 drivers/net/netdevsim/dev.c:1529
nsim_dev_port_del_all drivers/net/netdevsim/dev.c:1541 [inline]
nsim_dev_reload_destroy+0x288/0x490 drivers/net/netdevsim/dev.c:1765
nsim_dev_reload_down+0x8a/0xc0 drivers/net/netdevsim/dev.c:1039
devlink_reload+0x1d1/0x8e0 net/devlink/dev.c:461
devlink_pernet_pre_exit+0x1e6/0x3f0 net/devlink/core.c:509
ops_pre_exit_list net/core/net_namespace.c:161 [inline]
ops_undo_list+0x187/0x940 net/core/net_namespace.c:234
cleanup_net+0x4df/0x7b0 net/core/net_namespace.c:696
process_one_work+0x949/0x1650 kernel/workqueue.c:3279
Call trace for netdevsim0[49] -1 at
__dev_put include/linux/netdevice.h:4389 [inline]
netdev_put include/linux/netdevice.h:4456 [inline]
dev_put include/linux/netdevice.h:4481 [inline]
udp_tunnel_nic_unregister net/ipv4/udp_tunnel_nic.c:913 [inline]
udp_tunnel_nic_netdevice_event+0x1582/0x17e0 net/ipv4/udp_tunnel_nic.c:942
notifier_call_chain+0x1be/0x400 kernel/notifier.c:85
call_netdevice_notifiers_extack net/core/dev.c:2281 [inline]
call_netdevice_notifiers net/core/dev.c:2295 [inline]
unregister_netdevice_many_notify+0x186a/0x2380 net/core/dev.c:12417
unregister_netdevice_many net/core/dev.c:12480 [inline]
unregister_netdevice_queue+0x31f/0x360 net/core/dev.c:12294
unregister_netdevice include/linux/netdevice.h:3414 [inline]
nsim_destroy+0x1e5/0x680 drivers/net/netdevsim/netdev.c:1183
__nsim_dev_port_del+0x14d/0x1b0 drivers/net/netdevsim/dev.c:1529
nsim_dev_port_del_all drivers/net/netdevsim/dev.c:1541 [inline]
nsim_dev_reload_destroy+0x288/0x490 drivers/net/netdevsim/dev.c:1765
nsim_dev_reload_down+0x8a/0xc0 drivers/net/netdevsim/dev.c:1039
devlink_reload+0x1d1/0x8e0 net/devlink/dev.c:461
devlink_pernet_pre_exit+0x1e6/0x3f0 net/devlink/core.c:509
ops_pre_exit_list net/core/net_namespace.c:161 [inline]
ops_undo_list+0x187/0x940 net/core/net_namespace.c:234
cleanup_net+0x4df/0x7b0 net/core/net_namespace.c:696
process_one_work+0x949/0x1650 kernel/workqueue.c:3279
Call trace for netdevsim0[50] -1 at
__dev_put include/linux/netdevice.h:4389 [inline]
netdev_put include/linux/netdevice.h:4456 [inline]
rx_queue_release+0x126/0x1a0 net/core/net-sysfs.c:1181
kobject_cleanup lib/kobject.c:689 [inline]
kobject_release lib/kobject.c:720 [inline]
kref_put include/linux/kref.h:65 [inline]
kobject_put+0x228/0x560 lib/kobject.c:737
net_rx_queue_update_kobjects+0x6a6/0x750 net/core/net-sysfs.c:1338
remove_queue_kobjects net/core/net-sysfs.c:2169 [inline]
netdev_unregister_kobject+0x113/0x450 net/core/net-sysfs.c:2325
unregister_netdevice_many_notify+0x1e0e/0x2380 net/core/dev.c:12452
unregister_netdevice_many net/core/dev.c:12480 [inline]
unregister_netdevice_queue+0x31f/0x360 net/core/dev.c:12294
unregister_netdevice include/linux/netdevice.h:3414 [inline]
nsim_destroy+0x1e5/0x680 drivers/net/netdevsim/netdev.c:1183
__nsim_dev_port_del+0x14d/0x1b0 drivers/net/netdevsim/dev.c:1529
nsim_dev_port_del_all drivers/net/netdevsim/dev.c:1541 [inline]
nsim_dev_reload_destroy+0x288/0x490 drivers/net/netdevsim/dev.c:1765
nsim_dev_reload_down+0x8a/0xc0 drivers/net/netdevsim/dev.c:1039
devlink_reload+0x1d1/0x8e0 net/devlink/dev.c:461
devlink_pernet_pre_exit+0x1e6/0x3f0 net/devlink/core.c:509
ops_pre_exit_list net/core/net_namespace.c:161 [inline]
ops_undo_list+0x187/0x940 net/core/net_namespace.c:234
cleanup_net+0x4df/0x7b0 net/core/net_namespace.c:696
process_one_work+0x949/0x1650 kernel/workqueue.c:3279
Call trace for netdevsim0[51] -1 at
__dev_put include/linux/netdevice.h:4389 [inline]
netdev_put include/linux/netdevice.h:4456 [inline]
netdev_queue_release+0x6a/0xd0 net/core/net-sysfs.c:1931
kobject_cleanup lib/kobject.c:689 [inline]
kobject_release lib/kobject.c:720 [inline]
kref_put include/linux/kref.h:65 [inline]
kobject_put+0x228/0x560 lib/kobject.c:737
netdev_queue_update_kobjects+0x5e8/0x6d0 net/core/net-sysfs.c:2073
remove_queue_kobjects net/core/net-sysfs.c:2170 [inline]
netdev_unregister_kobject+0x11f/0x450 net/core/net-sysfs.c:2325
unregister_netdevice_many_notify+0x1e0e/0x2380 net/core/dev.c:12452
unregister_netdevice_many net/core/dev.c:12480 [inline]
unregister_netdevice_queue+0x31f/0x360 net/core/dev.c:12294
unregister_netdevice include/linux/netdevice.h:3414 [inline]
nsim_destroy+0x1e5/0x680 drivers/net/netdevsim/netdev.c:1183
__nsim_dev_port_del+0x14d/0x1b0 drivers/net/netdevsim/dev.c:1529
nsim_dev_port_del_all drivers/net/netdevsim/dev.c:1541 [inline]
nsim_dev_reload_destroy+0x288/0x490 drivers/net/netdevsim/dev.c:1765
nsim_dev_reload_down+0x8a/0xc0 drivers/net/netdevsim/dev.c:1039
devlink_reload+0x1d1/0x8e0 net/devlink/dev.c:461
devlink_pernet_pre_exit+0x1e6/0x3f0 net/devlink/core.c:509
ops_pre_exit_list net/core/net_namespace.c:161 [inline]
ops_undo_list+0x187/0x940 net/core/net_namespace.c:234
cleanup_net+0x4df/0x7b0 net/core/net_namespace.c:696
process_one_work+0x949/0x1650 kernel/workqueue.c:3279
Call trace for netdevsim0[52] -1 at
__dev_put include/linux/netdevice.h:4389 [inline]
netdev_put include/linux/netdevice.h:4456 [inline]
unregister_netdevice_many_notify+0x2068/0x2380 net/core/dev.c:12462
unregister_netdevice_many net/core/dev.c:12480 [inline]
unregister_netdevice_queue+0x31f/0x360 net/core/dev.c:12294
unregister_netdevice include/linux/netdevice.h:3414 [inline]
nsim_destroy+0x1e5/0x680 drivers/net/netdevsim/netdev.c:1183
__nsim_dev_port_del+0x14d/0x1b0 drivers/net/netdevsim/dev.c:1529
nsim_dev_port_del_all drivers/net/netdevsim/dev.c:1541 [inline]
nsim_dev_reload_destroy+0x288/0x490 drivers/net/netdevsim/dev.c:1765
nsim_dev_reload_down+0x8a/0xc0 drivers/net/netdevsim/dev.c:1039
devlink_reload+0x1d1/0x8e0 net/devlink/dev.c:461
devlink_pernet_pre_exit+0x1e6/0x3f0 net/devlink/core.c:509
ops_pre_exit_list net/core/net_namespace.c:161 [inline]
ops_undo_list+0x187/0x940 net/core/net_namespace.c:234
cleanup_net+0x4df/0x7b0 net/core/net_namespace.c:696
process_one_work+0x949/0x1650 kernel/workqueue.c:3279
Call trace for netdevsim0[53] -1 at
__dev_put include/linux/netdevice.h:4389 [inline]
linkwatch_do_dev+0x89/0x180 net/core/link_watch.c:191
linkwatch_sync_dev+0x27f/0x390 net/core/link_watch.c:289
netdev_run_todo+0x3fe/0x1130 net/core/dev.c:11705
nsim_destroy+0x3ae/0x680 drivers/net/netdevsim/netdev.c:1190
__nsim_dev_port_del+0x14d/0x1b0 drivers/net/netdevsim/dev.c:1529
nsim_dev_port_del_all drivers/net/netdevsim/dev.c:1541 [inline]
nsim_dev_reload_destroy+0x288/0x490 drivers/net/netdevsim/dev.c:1765
nsim_dev_reload_down+0x8a/0xc0 drivers/net/netdevsim/dev.c:1039
devlink_reload+0x1d1/0x8e0 net/devlink/dev.c:461
devlink_pernet_pre_exit+0x1e6/0x3f0 net/devlink/core.c:509
ops_pre_exit_list net/core/net_namespace.c:161 [inline]
ops_undo_list+0x187/0x940 net/core/net_namespace.c:234
cleanup_net+0x4df/0x7b0 net/core/net_namespace.c:696
process_one_work+0x949/0x1650 kernel/workqueue.c:3279
balance as of netdevsim0[53] is 1
xfrm_dev_state_flush_secctx_check: LSM policy is rejecting this operation.
CPU: 1 UID: 0 PID: 11340 Comm: kworker/u8:17 Tainted: G L syzkaller #0 PREEMPT(full)
Tainted: [L]=SOFTLOCKUP
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026
Workqueue: netns cleanup_net
Call Trace:
<TASK>
dump_stack_lvl+0xe8/0x150 lib/dump_stack.c:120
xfrm_dev_state_flush_secctx_check net/xfrm/xfrm_state.c:900 [inline]
xfrm_dev_state_flush+0x5fa/0x740 net/xfrm/xfrm_state.c:971
xfrm_dev_unregister net/xfrm/xfrm_device.c:549 [inline]
xfrm_dev_event+0x1bc/0x3f0 net/xfrm/xfrm_device.c:570
notifier_call_chain+0x1be/0x400 kernel/notifier.c:85
call_netdevice_notifiers_extack net/core/dev.c:2281 [inline]
call_netdevice_notifiers net/core/dev.c:2295 [inline]
netdev_wait_allrefs_any net/core/dev.c:11589 [inline]
netdev_run_todo+0x778/0x1130 net/core/dev.c:11710
nsim_destroy+0x3ae/0x680 drivers/net/netdevsim/netdev.c:1190
__nsim_dev_port_del+0x14d/0x1b0 drivers/net/netdevsim/dev.c:1529
nsim_dev_port_del_all drivers/net/netdevsim/dev.c:1541 [inline]
nsim_dev_reload_destroy+0x288/0x490 drivers/net/netdevsim/dev.c:1765
nsim_dev_reload_down+0x8a/0xc0 drivers/net/netdevsim/dev.c:1039
devlink_reload+0x1d1/0x8e0 net/devlink/dev.c:461
devlink_pernet_pre_exit+0x1e6/0x3f0 net/devlink/core.c:509
ops_pre_exit_list net/core/net_namespace.c:161 [inline]
ops_undo_list+0x187/0x940 net/core/net_namespace.c:234
cleanup_net+0x4df/0x7b0 net/core/net_namespace.c:696
process_one_work+0x949/0x1650 kernel/workqueue.c:3279
process_scheduled_works kernel/workqueue.c:3362 [inline]
worker_thread+0xb46/0x1140 kernel/workqueue.c:3443
kthread+0x388/0x470 kernel/kthread.c:467
ret_from_fork+0x51e/0xb90 arch/x86/kernel/process.c:158
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
</TASK>
xfrm_dev_state_flush_secctx_check: LSM policy is rejecting this operation.
CPU: 1 UID: 0 PID: 11340 Comm: kworker/u8:17 Tainted: G L syzkaller #0 PREEMPT(full)
Tainted: [L]=SOFTLOCKUP
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026
Workqueue: netns cleanup_net
Call Trace:
<TASK>
dump_stack_lvl+0xe8/0x150 lib/dump_stack.c:120
xfrm_dev_state_flush_secctx_check net/xfrm/xfrm_state.c:900 [inline]
xfrm_dev_state_flush+0x5fa/0x740 net/xfrm/xfrm_state.c:971
xfrm_dev_unregister net/xfrm/xfrm_device.c:549 [inline]
xfrm_dev_event+0x1bc/0x3f0 net/xfrm/xfrm_device.c:570
notifier_call_chain+0x1be/0x400 kernel/notifier.c:85
call_netdevice_notifiers_extack net/core/dev.c:2281 [inline]
call_netdevice_notifiers net/core/dev.c:2295 [inline]
netdev_wait_allrefs_any net/core/dev.c:11589 [inline]
netdev_run_todo+0x778/0x1130 net/core/dev.c:11710
nsim_destroy+0x3ae/0x680 drivers/net/netdevsim/netdev.c:1190
__nsim_dev_port_del+0x14d/0x1b0 drivers/net/netdevsim/dev.c:1529
nsim_dev_port_del_all drivers/net/netdevsim/dev.c:1541 [inline]
nsim_dev_reload_destroy+0x288/0x490 drivers/net/netdevsim/dev.c:1765
nsim_dev_reload_down+0x8a/0xc0 drivers/net/netdevsim/dev.c:1039
devlink_reload+0x1d1/0x8e0 net/devlink/dev.c:461
devlink_pernet_pre_exit+0x1e6/0x3f0 net/devlink/core.c:509
ops_pre_exit_list net/core/net_namespace.c:161 [inline]
ops_undo_list+0x187/0x940 net/core/net_namespace.c:234
cleanup_net+0x4df/0x7b0 net/core/net_namespace.c:696
process_one_work+0x949/0x1650 kernel/workqueue.c:3279
process_scheduled_works kernel/workqueue.c:3362 [inline]
worker_thread+0xb46/0x1140 kernel/workqueue.c:3443
kthread+0x388/0x470 kernel/kthread.c:467
ret_from_fork+0x51e/0xb90 arch/x86/kernel/process.c:158
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
</TASK>
xfrm_dev_state_flush_secctx_check: LSM policy is rejecting this operation.
CPU: 1 UID: 0 PID: 11340 Comm: kworker/u8:17 Tainted: G L syzkaller #0 PREEMPT(full)
Tainted: [L]=SOFTLOCKUP
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026
Workqueue: netns cleanup_net
Call Trace:
<TASK>
dump_stack_lvl+0xe8/0x150 lib/dump_stack.c:120
xfrm_dev_state_flush_secctx_check net/xfrm/xfrm_state.c:900 [inline]
xfrm_dev_state_flush+0x5fa/0x740 net/xfrm/xfrm_state.c:971
xfrm_dev_unregister net/xfrm/xfrm_device.c:549 [inline]
xfrm_dev_event+0x1bc/0x3f0 net/xfrm/xfrm_device.c:570
notifier_call_chain+0x1be/0x400 kernel/notifier.c:85
call_netdevice_notifiers_extack net/core/dev.c:2281 [inline]
call_netdevice_notifiers net/core/dev.c:2295 [inline]
netdev_wait_allrefs_any net/core/dev.c:11589 [inline]
netdev_run_todo+0x778/0x1130 net/core/dev.c:11710
nsim_destroy+0x3ae/0x680 drivers/net/netdevsim/netdev.c:1190
__nsim_dev_port_del+0x14d/0x1b0 drivers/net/netdevsim/dev.c:1529
nsim_dev_port_del_all drivers/net/netdevsim/dev.c:1541 [inline]
nsim_dev_reload_destroy+0x288/0x490 drivers/net/netdevsim/dev.c:1765
nsim_dev_reload_down+0x8a/0xc0 drivers/net/netdevsim/dev.c:1039
devlink_reload+0x1d1/0x8e0 net/devlink/dev.c:461
devlink_pernet_pre_exit+0x1e6/0x3f0 net/devlink/core.c:509
ops_pre_exit_list net/core/net_namespace.c:161 [inline]
ops_undo_list+0x187/0x940 net/core/net_namespace.c:234
cleanup_net+0x4df/0x7b0 net/core/net_namespace.c:696
process_one_work+0x949/0x1650 kernel/workqueue.c:3279
process_scheduled_works kernel/workqueue.c:3362 [inline]
worker_thread+0xb46/0x1140 kernel/workqueue.c:3443
kthread+0x388/0x470 kernel/kthread.c:467
ret_from_fork+0x51e/0xb90 arch/x86/kernel/process.c:158
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
</TASK>
xfrm_dev_state_flush_secctx_check: LSM policy is rejecting this operation.
CPU: 1 UID: 0 PID: 11340 Comm: kworker/u8:17 Tainted: G L syzkaller #0 PREEMPT(full)
Tainted: [L]=SOFTLOCKUP
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026
Workqueue: netns cleanup_net
Call Trace:
<TASK>
dump_stack_lvl+0xe8/0x150 lib/dump_stack.c:120
xfrm_dev_state_flush_secctx_check net/xfrm/xfrm_state.c:900 [inline]
xfrm_dev_state_flush+0x5fa/0x740 net/xfrm/xfrm_state.c:971
xfrm_dev_unregister net/xfrm/xfrm_device.c:549 [inline]
xfrm_dev_event+0x1bc/0x3f0 net/xfrm/xfrm_device.c:570
notifier_call_chain+0x1be/0x400 kernel/notifier.c:85
call_netdevice_notifiers_extack net/core/dev.c:2281 [inline]
call_netdevice_notifiers net/core/dev.c:2295 [inline]
netdev_wait_allrefs_any net/core/dev.c:11589 [inline]
netdev_run_todo+0x778/0x1130 net/core/dev.c:11710
nsim_destroy+0x3ae/0x680 drivers/net/netdevsim/netdev.c:1190
__nsim_dev_port_del+0x14d/0x1b0 drivers/net/netdevsim/dev.c:1529
nsim_dev_port_del_all drivers/net/netdevsim/dev.c:1541 [inline]
nsim_dev_reload_destroy+0x288/0x490 drivers/net/netdevsim/dev.c:1765
nsim_dev_reload_down+0x8a/0xc0 drivers/net/netdevsim/dev.c:1039
devlink_reload+0x1d1/0x8e0 net/devlink/dev.c:461
devlink_pernet_pre_exit+0x1e6/0x3f0 net/devlink/core.c:509
ops_pre_exit_list net/core/net_namespace.c:161 [inline]
ops_undo_list+0x187/0x940 net/core/net_namespace.c:234
cleanup_net+0x4df/0x7b0 net/core/net_namespace.c:696
process_one_work+0x949/0x1650 kernel/workqueue.c:3279
process_scheduled_works kernel/workqueue.c:3362 [inline]
worker_thread+0xb46/0x1140 kernel/workqueue.c:3443
kthread+0x388/0x470 kernel/kthread.c:467
ret_from_fork+0x51e/0xb90 arch/x86/kernel/process.c:158
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
</TASK>
[-- Attachment #3: report-20260202-netlink_sendmsg.txt --]
[-- Type: text/plain, Size: 76858 bytes --]
unregister_netdevice: waiting for netdevsim0 to become free. Usage count = 2
ref_tracker: netdev@ffff88805b5fc630 has 1/1 users at
xfrm_dev_state_add+0x6f4/0xc40 net/xfrm/xfrm_device.c:316
xfrm_state_construct net/xfrm/xfrm_user.c:986 [inline]
xfrm_add_sa+0x34ca/0x4230 net/xfrm/xfrm_user.c:1022
xfrm_user_rcv_msg+0x746/0xb20 net/xfrm/xfrm_user.c:3507
netlink_rcv_skb+0x232/0x4b0 net/netlink/af_netlink.c:2550
xfrm_netlink_rcv+0x79/0x90 net/xfrm/xfrm_user.c:3529
netlink_unicast_kernel net/netlink/af_netlink.c:1318 [inline]
netlink_unicast+0x80f/0x9b0 net/netlink/af_netlink.c:1344
netlink_sendmsg+0x813/0xb40 net/netlink/af_netlink.c:1894
sock_sendmsg_nosec+0x18f/0x1d0 net/socket.c:737
__sock_sendmsg net/socket.c:752 [inline]
____sys_sendmsg+0x589/0x8c0 net/socket.c:2610
___sys_sendmsg+0x2a5/0x360 net/socket.c:2664
__sys_sendmsg net/socket.c:2696 [inline]
__do_sys_sendmsg net/socket.c:2701 [inline]
__se_sys_sendmsg net/socket.c:2699 [inline]
__x64_sys_sendmsg+0x1bd/0x2a0 net/socket.c:2699
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0x14d/0xf80 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
infiniband: balance for netdevsim0@ib_gid_table_entry is 0
balance for netdevsim0@j1939_priv is 0
Call trace for netdevsim0[1] +1 at
__dev_hold include/linux/netdevice.h:4403 [inline]
netdev_hold include/linux/netdevice.h:4446 [inline]
rx_queue_add_kobject net/core/net-sysfs.c:1257 [inline]
net_rx_queue_update_kobjects+0x148/0x750 net/core/net-sysfs.c:1322
register_queue_kobjects net/core/net-sysfs.c:2114 [inline]
netdev_register_kobject+0x21f/0x310 net/core/net-sysfs.c:2362
register_netdevice+0x12c0/0x1cf0 net/core/dev.c:11409
nsim_init_netdevsim drivers/net/netdevsim/netdev.c:1064 [inline]
nsim_create+0xb92/0x1100 drivers/net/netdevsim/netdev.c:1146
__nsim_dev_port_add+0x72a/0xb50 drivers/net/netdevsim/dev.c:1494
nsim_dev_port_add_all+0x37/0xf0 drivers/net/netdevsim/dev.c:1550
nsim_drv_probe+0x905/0xc20 drivers/net/netdevsim/dev.c:1711
call_driver_probe drivers/base/dd.c:-1 [inline]
really_probe+0x267/0xaf0 drivers/base/dd.c:661
__driver_probe_device+0x18c/0x320 drivers/base/dd.c:803
driver_probe_device+0x4f/0x240 drivers/base/dd.c:833
__device_attach_driver+0x2d4/0x4c0 drivers/base/dd.c:961
bus_for_each_drv+0x258/0x2f0 drivers/base/bus.c:500
__device_attach+0x2c5/0x450 drivers/base/dd.c:1033
device_initial_probe+0xa1/0xd0 drivers/base/dd.c:1088
bus_probe_device+0x12a/0x220 drivers/base/bus.c:574
device_add+0x7b6/0xb70 drivers/base/core.c:3689
nsim_bus_dev_new drivers/net/netdevsim/bus.c:471 [inline]
new_device_store+0x37b/0x710 drivers/net/netdevsim/bus.c:191
kernfs_fop_write_iter+0x3af/0x540 fs/kernfs/file.c:352
new_sync_write fs/read_write.c:595 [inline]
vfs_write+0x61d/0xb90 fs/read_write.c:688
ksys_write+0x150/0x270 fs/read_write.c:740
Call trace for netdevsim0[2] +1 at
__dev_hold include/linux/netdevice.h:4403 [inline]
netdev_hold include/linux/netdevice.h:4446 [inline]
netdev_queue_add_kobject net/core/net-sysfs.c:1994 [inline]
netdev_queue_update_kobjects+0x170/0x6d0 net/core/net-sysfs.c:2056
register_queue_kobjects net/core/net-sysfs.c:2119 [inline]
netdev_register_kobject+0x258/0x310 net/core/net-sysfs.c:2362
register_netdevice+0x12c0/0x1cf0 net/core/dev.c:11409
nsim_init_netdevsim drivers/net/netdevsim/netdev.c:1064 [inline]
nsim_create+0xb92/0x1100 drivers/net/netdevsim/netdev.c:1146
__nsim_dev_port_add+0x72a/0xb50 drivers/net/netdevsim/dev.c:1494
nsim_dev_port_add_all+0x37/0xf0 drivers/net/netdevsim/dev.c:1550
nsim_drv_probe+0x905/0xc20 drivers/net/netdevsim/dev.c:1711
call_driver_probe drivers/base/dd.c:-1 [inline]
really_probe+0x267/0xaf0 drivers/base/dd.c:661
__driver_probe_device+0x18c/0x320 drivers/base/dd.c:803
driver_probe_device+0x4f/0x240 drivers/base/dd.c:833
__device_attach_driver+0x2d4/0x4c0 drivers/base/dd.c:961
bus_for_each_drv+0x258/0x2f0 drivers/base/bus.c:500
__device_attach+0x2c5/0x450 drivers/base/dd.c:1033
device_initial_probe+0xa1/0xd0 drivers/base/dd.c:1088
bus_probe_device+0x12a/0x220 drivers/base/bus.c:574
device_add+0x7b6/0xb70 drivers/base/core.c:3689
nsim_bus_dev_new drivers/net/netdevsim/bus.c:471 [inline]
new_device_store+0x37b/0x710 drivers/net/netdevsim/bus.c:191
kernfs_fop_write_iter+0x3af/0x540 fs/kernfs/file.c:352
new_sync_write fs/read_write.c:595 [inline]
vfs_write+0x61d/0xb90 fs/read_write.c:688
ksys_write+0x150/0x270 fs/read_write.c:740
Call trace for netdevsim0[3] +1 at
__dev_hold include/linux/netdevice.h:4403 [inline]
netdev_hold+0x27/0xc0 include/linux/netdevice.h:4446
register_netdevice+0x15cc/0x1cf0 net/core/dev.c:11433
nsim_init_netdevsim drivers/net/netdevsim/netdev.c:1064 [inline]
nsim_create+0xb92/0x1100 drivers/net/netdevsim/netdev.c:1146
__nsim_dev_port_add+0x72a/0xb50 drivers/net/netdevsim/dev.c:1494
nsim_dev_port_add_all+0x37/0xf0 drivers/net/netdevsim/dev.c:1550
nsim_drv_probe+0x905/0xc20 drivers/net/netdevsim/dev.c:1711
call_driver_probe drivers/base/dd.c:-1 [inline]
really_probe+0x267/0xaf0 drivers/base/dd.c:661
__driver_probe_device+0x18c/0x320 drivers/base/dd.c:803
driver_probe_device+0x4f/0x240 drivers/base/dd.c:833
__device_attach_driver+0x2d4/0x4c0 drivers/base/dd.c:961
bus_for_each_drv+0x258/0x2f0 drivers/base/bus.c:500
__device_attach+0x2c5/0x450 drivers/base/dd.c:1033
device_initial_probe+0xa1/0xd0 drivers/base/dd.c:1088
bus_probe_device+0x12a/0x220 drivers/base/bus.c:574
device_add+0x7b6/0xb70 drivers/base/core.c:3689
nsim_bus_dev_new drivers/net/netdevsim/bus.c:471 [inline]
new_device_store+0x37b/0x710 drivers/net/netdevsim/bus.c:191
kernfs_fop_write_iter+0x3af/0x540 fs/kernfs/file.c:352
new_sync_write fs/read_write.c:595 [inline]
vfs_write+0x61d/0xb90 fs/read_write.c:688
ksys_write+0x150/0x270 fs/read_write.c:740
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0x14d/0xf80 arch/x86/entry/syscall_64.c:94
Call trace for netdevsim0[4] +3 at
__dev_hold include/linux/netdevice.h:4403 [inline]
netdev_hold include/linux/netdevice.h:4446 [inline]
dev_hold include/linux/netdevice.h:4469 [inline]
netdevice_queue_work drivers/infiniband/core/roce_gid_mgmt.c:698 [inline]
netdevice_event+0x4ea/0x8d0 drivers/infiniband/core/roce_gid_mgmt.c:849
notifier_call_chain+0x1be/0x400 kernel/notifier.c:85
call_netdevice_notifiers_extack net/core/dev.c:2281 [inline]
call_netdevice_notifiers net/core/dev.c:2295 [inline]
register_netdevice+0x173a/0x1cf0 net/core/dev.c:11447
nsim_init_netdevsim drivers/net/netdevsim/netdev.c:1064 [inline]
nsim_create+0xb92/0x1100 drivers/net/netdevsim/netdev.c:1146
__nsim_dev_port_add+0x72a/0xb50 drivers/net/netdevsim/dev.c:1494
nsim_dev_port_add_all+0x37/0xf0 drivers/net/netdevsim/dev.c:1550
nsim_drv_probe+0x905/0xc20 drivers/net/netdevsim/dev.c:1711
call_driver_probe drivers/base/dd.c:-1 [inline]
really_probe+0x267/0xaf0 drivers/base/dd.c:661
__driver_probe_device+0x18c/0x320 drivers/base/dd.c:803
driver_probe_device+0x4f/0x240 drivers/base/dd.c:833
__device_attach_driver+0x2d4/0x4c0 drivers/base/dd.c:961
bus_for_each_drv+0x258/0x2f0 drivers/base/bus.c:500
__device_attach+0x2c5/0x450 drivers/base/dd.c:1033
device_initial_probe+0xa1/0xd0 drivers/base/dd.c:1088
bus_probe_device+0x12a/0x220 drivers/base/bus.c:574
device_add+0x7b6/0xb70 drivers/base/core.c:3689
nsim_bus_dev_new drivers/net/netdevsim/bus.c:471 [inline]
new_device_store+0x37b/0x710 drivers/net/netdevsim/bus.c:191
kernfs_fop_write_iter+0x3af/0x540 fs/kernfs/file.c:352
new_sync_write fs/read_write.c:595 [inline]
vfs_write+0x61d/0xb90 fs/read_write.c:688
ksys_write+0x150/0x270 fs/read_write.c:740
Call trace for netdevsim0[5] +3 at
__dev_hold include/linux/netdevice.h:4403 [inline]
netdev_hold include/linux/netdevice.h:4446 [inline]
dev_hold include/linux/netdevice.h:4469 [inline]
netdevice_queue_work drivers/infiniband/core/roce_gid_mgmt.c:699 [inline]
netdevice_event+0x593/0x8d0 drivers/infiniband/core/roce_gid_mgmt.c:849
notifier_call_chain+0x1be/0x400 kernel/notifier.c:85
call_netdevice_notifiers_extack net/core/dev.c:2281 [inline]
call_netdevice_notifiers net/core/dev.c:2295 [inline]
register_netdevice+0x173a/0x1cf0 net/core/dev.c:11447
nsim_init_netdevsim drivers/net/netdevsim/netdev.c:1064 [inline]
nsim_create+0xb92/0x1100 drivers/net/netdevsim/netdev.c:1146
__nsim_dev_port_add+0x72a/0xb50 drivers/net/netdevsim/dev.c:1494
nsim_dev_port_add_all+0x37/0xf0 drivers/net/netdevsim/dev.c:1550
nsim_drv_probe+0x905/0xc20 drivers/net/netdevsim/dev.c:1711
call_driver_probe drivers/base/dd.c:-1 [inline]
really_probe+0x267/0xaf0 drivers/base/dd.c:661
__driver_probe_device+0x18c/0x320 drivers/base/dd.c:803
driver_probe_device+0x4f/0x240 drivers/base/dd.c:833
__device_attach_driver+0x2d4/0x4c0 drivers/base/dd.c:961
bus_for_each_drv+0x258/0x2f0 drivers/base/bus.c:500
__device_attach+0x2c5/0x450 drivers/base/dd.c:1033
device_initial_probe+0xa1/0xd0 drivers/base/dd.c:1088
bus_probe_device+0x12a/0x220 drivers/base/bus.c:574
device_add+0x7b6/0xb70 drivers/base/core.c:3689
nsim_bus_dev_new drivers/net/netdevsim/bus.c:471 [inline]
new_device_store+0x37b/0x710 drivers/net/netdevsim/bus.c:191
kernfs_fop_write_iter+0x3af/0x540 fs/kernfs/file.c:352
new_sync_write fs/read_write.c:595 [inline]
vfs_write+0x61d/0xb90 fs/read_write.c:688
ksys_write+0x150/0x270 fs/read_write.c:740
Call trace for netdevsim0[6] -7 at
__dev_put include/linux/netdevice.h:4389 [inline]
netdev_put include/linux/netdevice.h:4456 [inline]
dev_put include/linux/netdevice.h:4481 [inline]
netdevice_event_work_handler+0x12c/0x260 drivers/infiniband/core/roce_gid_mgmt.c:675
process_one_work+0x949/0x1650 kernel/workqueue.c:3279
Call trace for netdevsim0[7] -7 at
__dev_put include/linux/netdevice.h:4389 [inline]
netdev_put include/linux/netdevice.h:4456 [inline]
dev_put include/linux/netdevice.h:4481 [inline]
netdevice_event_work_handler+0x1b2/0x260 drivers/infiniband/core/roce_gid_mgmt.c:676
process_one_work+0x949/0x1650 kernel/workqueue.c:3279
Call trace for netdevsim0[8] +1 at
__dev_hold include/linux/netdevice.h:4403 [inline]
netdev_hold include/linux/netdevice.h:4446 [inline]
neigh_parms_alloc+0x192/0x530 net/core/neighbour.c:1778
inetdev_init+0x118/0x4f0 net/ipv4/devinet.c:280
inetdev_event+0x30d/0x1610 net/ipv4/devinet.c:1590
notifier_call_chain+0x1be/0x400 kernel/notifier.c:85
call_netdevice_notifiers_extack net/core/dev.c:2281 [inline]
call_netdevice_notifiers net/core/dev.c:2295 [inline]
register_netdevice+0x173a/0x1cf0 net/core/dev.c:11447
nsim_init_netdevsim drivers/net/netdevsim/netdev.c:1064 [inline]
nsim_create+0xb92/0x1100 drivers/net/netdevsim/netdev.c:1146
__nsim_dev_port_add+0x72a/0xb50 drivers/net/netdevsim/dev.c:1494
nsim_dev_port_add_all+0x37/0xf0 drivers/net/netdevsim/dev.c:1550
nsim_drv_probe+0x905/0xc20 drivers/net/netdevsim/dev.c:1711
call_driver_probe drivers/base/dd.c:-1 [inline]
really_probe+0x267/0xaf0 drivers/base/dd.c:661
__driver_probe_device+0x18c/0x320 drivers/base/dd.c:803
driver_probe_device+0x4f/0x240 drivers/base/dd.c:833
__device_attach_driver+0x2d4/0x4c0 drivers/base/dd.c:961
bus_for_each_drv+0x258/0x2f0 drivers/base/bus.c:500
__device_attach+0x2c5/0x450 drivers/base/dd.c:1033
device_initial_probe+0xa1/0xd0 drivers/base/dd.c:1088
bus_probe_device+0x12a/0x220 drivers/base/bus.c:574
device_add+0x7b6/0xb70 drivers/base/core.c:3689
nsim_bus_dev_new drivers/net/netdevsim/bus.c:471 [inline]
new_device_store+0x37b/0x710 drivers/net/netdevsim/bus.c:191
kernfs_fop_write_iter+0x3af/0x540 fs/kernfs/file.c:352
Call trace for netdevsim0[9] +1 at
__dev_hold include/linux/netdevice.h:4403 [inline]
netdev_hold include/linux/netdevice.h:4446 [inline]
inetdev_init+0x19f/0x4f0 net/ipv4/devinet.c:286
inetdev_event+0x30d/0x1610 net/ipv4/devinet.c:1590
notifier_call_chain+0x1be/0x400 kernel/notifier.c:85
call_netdevice_notifiers_extack net/core/dev.c:2281 [inline]
call_netdevice_notifiers net/core/dev.c:2295 [inline]
register_netdevice+0x173a/0x1cf0 net/core/dev.c:11447
nsim_init_netdevsim drivers/net/netdevsim/netdev.c:1064 [inline]
nsim_create+0xb92/0x1100 drivers/net/netdevsim/netdev.c:1146
__nsim_dev_port_add+0x72a/0xb50 drivers/net/netdevsim/dev.c:1494
nsim_dev_port_add_all+0x37/0xf0 drivers/net/netdevsim/dev.c:1550
nsim_drv_probe+0x905/0xc20 drivers/net/netdevsim/dev.c:1711
call_driver_probe drivers/base/dd.c:-1 [inline]
really_probe+0x267/0xaf0 drivers/base/dd.c:661
__driver_probe_device+0x18c/0x320 drivers/base/dd.c:803
driver_probe_device+0x4f/0x240 drivers/base/dd.c:833
__device_attach_driver+0x2d4/0x4c0 drivers/base/dd.c:961
bus_for_each_drv+0x258/0x2f0 drivers/base/bus.c:500
__device_attach+0x2c5/0x450 drivers/base/dd.c:1033
device_initial_probe+0xa1/0xd0 drivers/base/dd.c:1088
bus_probe_device+0x12a/0x220 drivers/base/bus.c:574
device_add+0x7b6/0xb70 drivers/base/core.c:3689
nsim_bus_dev_new drivers/net/netdevsim/bus.c:471 [inline]
new_device_store+0x37b/0x710 drivers/net/netdevsim/bus.c:191
kernfs_fop_write_iter+0x3af/0x540 fs/kernfs/file.c:352
new_sync_write fs/read_write.c:595 [inline]
vfs_write+0x61d/0xb90 fs/read_write.c:688
Call trace for netdevsim0[10] +1 at
__dev_hold include/linux/netdevice.h:4403 [inline]
netdev_hold include/linux/netdevice.h:4446 [inline]
neigh_parms_alloc+0x192/0x530 net/core/neighbour.c:1778
ipv6_add_dev+0x40d/0x13c0 net/ipv6/addrconf.c:403
addrconf_notify+0x771/0x1050 net/ipv6/addrconf.c:3655
notifier_call_chain+0x1be/0x400 kernel/notifier.c:85
call_netdevice_notifiers_extack net/core/dev.c:2281 [inline]
call_netdevice_notifiers net/core/dev.c:2295 [inline]
register_netdevice+0x173a/0x1cf0 net/core/dev.c:11447
nsim_init_netdevsim drivers/net/netdevsim/netdev.c:1064 [inline]
nsim_create+0xb92/0x1100 drivers/net/netdevsim/netdev.c:1146
__nsim_dev_port_add+0x72a/0xb50 drivers/net/netdevsim/dev.c:1494
nsim_dev_port_add_all+0x37/0xf0 drivers/net/netdevsim/dev.c:1550
nsim_drv_probe+0x905/0xc20 drivers/net/netdevsim/dev.c:1711
call_driver_probe drivers/base/dd.c:-1 [inline]
really_probe+0x267/0xaf0 drivers/base/dd.c:661
__driver_probe_device+0x18c/0x320 drivers/base/dd.c:803
driver_probe_device+0x4f/0x240 drivers/base/dd.c:833
__device_attach_driver+0x2d4/0x4c0 drivers/base/dd.c:961
bus_for_each_drv+0x258/0x2f0 drivers/base/bus.c:500
__device_attach+0x2c5/0x450 drivers/base/dd.c:1033
device_initial_probe+0xa1/0xd0 drivers/base/dd.c:1088
bus_probe_device+0x12a/0x220 drivers/base/bus.c:574
device_add+0x7b6/0xb70 drivers/base/core.c:3689
nsim_bus_dev_new drivers/net/netdevsim/bus.c:471 [inline]
new_device_store+0x37b/0x710 drivers/net/netdevsim/bus.c:191
kernfs_fop_write_iter+0x3af/0x540 fs/kernfs/file.c:352
Call trace for netdevsim0[11] +1 at
__dev_hold include/linux/netdevice.h:4403 [inline]
netdev_hold include/linux/netdevice.h:4446 [inline]
ipv6_add_dev+0x4ae/0x13c0 net/ipv6/addrconf.c:411
addrconf_notify+0x771/0x1050 net/ipv6/addrconf.c:3655
notifier_call_chain+0x1be/0x400 kernel/notifier.c:85
call_netdevice_notifiers_extack net/core/dev.c:2281 [inline]
call_netdevice_notifiers net/core/dev.c:2295 [inline]
register_netdevice+0x173a/0x1cf0 net/core/dev.c:11447
nsim_init_netdevsim drivers/net/netdevsim/netdev.c:1064 [inline]
nsim_create+0xb92/0x1100 drivers/net/netdevsim/netdev.c:1146
__nsim_dev_port_add+0x72a/0xb50 drivers/net/netdevsim/dev.c:1494
nsim_dev_port_add_all+0x37/0xf0 drivers/net/netdevsim/dev.c:1550
nsim_drv_probe+0x905/0xc20 drivers/net/netdevsim/dev.c:1711
call_driver_probe drivers/base/dd.c:-1 [inline]
really_probe+0x267/0xaf0 drivers/base/dd.c:661
__driver_probe_device+0x18c/0x320 drivers/base/dd.c:803
driver_probe_device+0x4f/0x240 drivers/base/dd.c:833
__device_attach_driver+0x2d4/0x4c0 drivers/base/dd.c:961
bus_for_each_drv+0x258/0x2f0 drivers/base/bus.c:500
__device_attach+0x2c5/0x450 drivers/base/dd.c:1033
device_initial_probe+0xa1/0xd0 drivers/base/dd.c:1088
bus_probe_device+0x12a/0x220 drivers/base/bus.c:574
device_add+0x7b6/0xb70 drivers/base/core.c:3689
nsim_bus_dev_new drivers/net/netdevsim/bus.c:471 [inline]
new_device_store+0x37b/0x710 drivers/net/netdevsim/bus.c:191
kernfs_fop_write_iter+0x3af/0x540 fs/kernfs/file.c:352
new_sync_write fs/read_write.c:595 [inline]
vfs_write+0x61d/0xb90 fs/read_write.c:688
Call trace for netdevsim0[12] +1 at
__dev_hold include/linux/netdevice.h:4403 [inline]
netdev_hold include/linux/netdevice.h:4446 [inline]
batadv_hardif_add_interface net/batman-adv/hard-interface.c:878 [inline]
batadv_hard_if_event+0xb47/0x1240 net/batman-adv/hard-interface.c:958
notifier_call_chain+0x1be/0x400 kernel/notifier.c:85
call_netdevice_notifiers_extack net/core/dev.c:2281 [inline]
call_netdevice_notifiers net/core/dev.c:2295 [inline]
register_netdevice+0x173a/0x1cf0 net/core/dev.c:11447
nsim_init_netdevsim drivers/net/netdevsim/netdev.c:1064 [inline]
nsim_create+0xb92/0x1100 drivers/net/netdevsim/netdev.c:1146
__nsim_dev_port_add+0x72a/0xb50 drivers/net/netdevsim/dev.c:1494
nsim_dev_port_add_all+0x37/0xf0 drivers/net/netdevsim/dev.c:1550
nsim_drv_probe+0x905/0xc20 drivers/net/netdevsim/dev.c:1711
call_driver_probe drivers/base/dd.c:-1 [inline]
really_probe+0x267/0xaf0 drivers/base/dd.c:661
__driver_probe_device+0x18c/0x320 drivers/base/dd.c:803
driver_probe_device+0x4f/0x240 drivers/base/dd.c:833
__device_attach_driver+0x2d4/0x4c0 drivers/base/dd.c:961
bus_for_each_drv+0x258/0x2f0 drivers/base/bus.c:500
__device_attach+0x2c5/0x450 drivers/base/dd.c:1033
device_initial_probe+0xa1/0xd0 drivers/base/dd.c:1088
bus_probe_device+0x12a/0x220 drivers/base/bus.c:574
device_add+0x7b6/0xb70 drivers/base/core.c:3689
nsim_bus_dev_new drivers/net/netdevsim/bus.c:471 [inline]
new_device_store+0x37b/0x710 drivers/net/netdevsim/bus.c:191
kernfs_fop_write_iter+0x3af/0x540 fs/kernfs/file.c:352
new_sync_write fs/read_write.c:595 [inline]
vfs_write+0x61d/0xb90 fs/read_write.c:688
ksys_write+0x150/0x270 fs/read_write.c:740
Call trace for netdevsim0[13] +1 at
__dev_hold include/linux/netdevice.h:4403 [inline]
netdev_hold include/linux/netdevice.h:4446 [inline]
dev_hold include/linux/netdevice.h:4469 [inline]
udp_tunnel_nic_register net/ipv4/udp_tunnel_nic.c:850 [inline]
udp_tunnel_nic_netdevice_event+0xaea/0x17e0 net/ipv4/udp_tunnel_nic.c:931
notifier_call_chain+0x1be/0x400 kernel/notifier.c:85
call_netdevice_notifiers_extack net/core/dev.c:2281 [inline]
call_netdevice_notifiers net/core/dev.c:2295 [inline]
register_netdevice+0x173a/0x1cf0 net/core/dev.c:11447
nsim_init_netdevsim drivers/net/netdevsim/netdev.c:1064 [inline]
nsim_create+0xb92/0x1100 drivers/net/netdevsim/netdev.c:1146
__nsim_dev_port_add+0x72a/0xb50 drivers/net/netdevsim/dev.c:1494
nsim_dev_port_add_all+0x37/0xf0 drivers/net/netdevsim/dev.c:1550
nsim_drv_probe+0x905/0xc20 drivers/net/netdevsim/dev.c:1711
call_driver_probe drivers/base/dd.c:-1 [inline]
really_probe+0x267/0xaf0 drivers/base/dd.c:661
__driver_probe_device+0x18c/0x320 drivers/base/dd.c:803
driver_probe_device+0x4f/0x240 drivers/base/dd.c:833
__device_attach_driver+0x2d4/0x4c0 drivers/base/dd.c:961
bus_for_each_drv+0x258/0x2f0 drivers/base/bus.c:500
__device_attach+0x2c5/0x450 drivers/base/dd.c:1033
device_initial_probe+0xa1/0xd0 drivers/base/dd.c:1088
bus_probe_device+0x12a/0x220 drivers/base/bus.c:574
device_add+0x7b6/0xb70 drivers/base/core.c:3689
nsim_bus_dev_new drivers/net/netdevsim/bus.c:471 [inline]
new_device_store+0x37b/0x710 drivers/net/netdevsim/bus.c:191
kernfs_fop_write_iter+0x3af/0x540 fs/kernfs/file.c:352
new_sync_write fs/read_write.c:595 [inline]
vfs_write+0x61d/0xb90 fs/read_write.c:688
ksys_write+0x150/0x270 fs/read_write.c:740
Call trace for netdevsim0[14] +1 at
__dev_hold include/linux/netdevice.h:4403 [inline]
netdev_hold include/linux/netdevice.h:4446 [inline]
qdisc_alloc+0x631/0x910 net/sched/sch_generic.c:985
qdisc_create_dflt+0x8e/0x510 net/sched/sch_generic.c:1008
attach_one_default_qdisc net/sched/sch_generic.c:1174 [inline]
netdev_for_each_tx_queue include/linux/netdevice.h:2688 [inline]
attach_default_qdiscs net/sched/sch_generic.c:1192 [inline]
dev_activate+0x378/0x1150 net/sched/sch_generic.c:1251
__dev_open+0x67a/0x830 net/core/dev.c:1704
__dev_change_flags+0x1f7/0x690 net/core/dev.c:9749
netif_change_flags+0x88/0x1a0 net/core/dev.c:9812
do_setlink+0xf82/0x4590 net/core/rtnetlink.c:3158
rtnl_changelink net/core/rtnetlink.c:3776 [inline]
__rtnl_newlink net/core/rtnetlink.c:3935 [inline]
rtnl_newlink+0x15a9/0x1be0 net/core/rtnetlink.c:4072
rtnetlink_rcv_msg+0x7d5/0xbe0 net/core/rtnetlink.c:6958
netlink_rcv_skb+0x232/0x4b0 net/netlink/af_netlink.c:2550
netlink_unicast_kernel net/netlink/af_netlink.c:1318 [inline]
netlink_unicast+0x80f/0x9b0 net/netlink/af_netlink.c:1344
netlink_sendmsg+0x813/0xb40 net/netlink/af_netlink.c:1894
sock_sendmsg_nosec+0x18f/0x1d0 net/socket.c:737
Call trace for netdevsim0[15] +3 at
__dev_hold include/linux/netdevice.h:4403 [inline]
netdev_hold include/linux/netdevice.h:4446 [inline]
dev_hold include/linux/netdevice.h:4469 [inline]
netdevice_queue_work drivers/infiniband/core/roce_gid_mgmt.c:698 [inline]
netdevice_event+0x4ea/0x8d0 drivers/infiniband/core/roce_gid_mgmt.c:849
notifier_call_chain+0x1be/0x400 kernel/notifier.c:85
call_netdevice_notifiers_extack net/core/dev.c:2281 [inline]
call_netdevice_notifiers net/core/dev.c:2295 [inline]
__dev_notify_flags+0x1a9/0x310 net/core/dev.c:9788
netif_change_flags+0xe8/0x1a0 net/core/dev.c:9817
do_setlink+0xf82/0x4590 net/core/rtnetlink.c:3158
rtnl_changelink net/core/rtnetlink.c:3776 [inline]
__rtnl_newlink net/core/rtnetlink.c:3935 [inline]
rtnl_newlink+0x15a9/0x1be0 net/core/rtnetlink.c:4072
rtnetlink_rcv_msg+0x7d5/0xbe0 net/core/rtnetlink.c:6958
netlink_rcv_skb+0x232/0x4b0 net/netlink/af_netlink.c:2550
netlink_unicast_kernel net/netlink/af_netlink.c:1318 [inline]
netlink_unicast+0x80f/0x9b0 net/netlink/af_netlink.c:1344
netlink_sendmsg+0x813/0xb40 net/netlink/af_netlink.c:1894
sock_sendmsg_nosec+0x18f/0x1d0 net/socket.c:737
Call trace for netdevsim0[16] +3 at
__dev_hold include/linux/netdevice.h:4403 [inline]
netdev_hold include/linux/netdevice.h:4446 [inline]
dev_hold include/linux/netdevice.h:4469 [inline]
netdevice_queue_work drivers/infiniband/core/roce_gid_mgmt.c:699 [inline]
netdevice_event+0x593/0x8d0 drivers/infiniband/core/roce_gid_mgmt.c:849
notifier_call_chain+0x1be/0x400 kernel/notifier.c:85
call_netdevice_notifiers_extack net/core/dev.c:2281 [inline]
call_netdevice_notifiers net/core/dev.c:2295 [inline]
__dev_notify_flags+0x1a9/0x310 net/core/dev.c:9788
netif_change_flags+0xe8/0x1a0 net/core/dev.c:9817
do_setlink+0xf82/0x4590 net/core/rtnetlink.c:3158
rtnl_changelink net/core/rtnetlink.c:3776 [inline]
__rtnl_newlink net/core/rtnetlink.c:3935 [inline]
rtnl_newlink+0x15a9/0x1be0 net/core/rtnetlink.c:4072
rtnetlink_rcv_msg+0x7d5/0xbe0 net/core/rtnetlink.c:6958
netlink_rcv_skb+0x232/0x4b0 net/netlink/af_netlink.c:2550
netlink_unicast_kernel net/netlink/af_netlink.c:1318 [inline]
netlink_unicast+0x80f/0x9b0 net/netlink/af_netlink.c:1344
netlink_sendmsg+0x813/0xb40 net/netlink/af_netlink.c:1894
sock_sendmsg_nosec+0x18f/0x1d0 net/socket.c:737
Call trace for netdevsim0[17] +1 at
__dev_hold include/linux/netdevice.h:4403 [inline]
netdev_hold include/linux/netdevice.h:4446 [inline]
dev_hold include/linux/netdevice.h:4469 [inline]
dev_get_by_index+0x1b3/0x2f0 net/core/dev.c:995
netdev_get_by_index+0x25/0xb0 net/core/dev.c:1018
fib6_nh_init+0x1f2/0x2010 net/ipv6/route.c:3598
ip6_route_info_create_nh+0x16a/0xad0 net/ipv6/route.c:3898
ip6_route_add+0x6e/0x1b0 net/ipv6/route.c:3950
addrconf_add_mroute+0x2d1/0x370 net/ipv6/addrconf.c:2552
addrconf_add_dev net/ipv6/addrconf.c:2570 [inline]
addrconf_dev_config net/ipv6/addrconf.c:3484 [inline]
addrconf_init_auto_addrs+0x4d7/0xa50 net/ipv6/addrconf.c:3572
addrconf_notify+0xb1e/0x1050 net/ipv6/addrconf.c:3745
notifier_call_chain+0x1be/0x400 kernel/notifier.c:85
call_netdevice_notifiers_extack net/core/dev.c:2281 [inline]
call_netdevice_notifiers net/core/dev.c:2295 [inline]
__dev_notify_flags+0x1a9/0x310 net/core/dev.c:9788
netif_change_flags+0xe8/0x1a0 net/core/dev.c:9817
do_setlink+0xf82/0x4590 net/core/rtnetlink.c:3158
rtnl_changelink net/core/rtnetlink.c:3776 [inline]
__rtnl_newlink net/core/rtnetlink.c:3935 [inline]
rtnl_newlink+0x15a9/0x1be0 net/core/rtnetlink.c:4072
rtnetlink_rcv_msg+0x7d5/0xbe0 net/core/rtnetlink.c:6958
netlink_rcv_skb+0x232/0x4b0 net/netlink/af_netlink.c:2550
netlink_unicast_kernel net/netlink/af_netlink.c:1318 [inline]
netlink_unicast+0x80f/0x9b0 net/netlink/af_netlink.c:1344
netlink_sendmsg+0x813/0xb40 net/netlink/af_netlink.c:1894
sock_sendmsg_nosec+0x18f/0x1d0 net/socket.c:737
Call trace for netdevsim0[18] +1 at
__dev_hold include/linux/netdevice.h:4403 [inline]
netdev_hold include/linux/netdevice.h:4446 [inline]
dev_hold include/linux/netdevice.h:4469 [inline]
dev_get_by_index+0x1b3/0x2f0 net/core/dev.c:995
netdev_get_by_index+0x25/0xb0 net/core/dev.c:1018
fib6_nh_init+0x1f2/0x2010 net/ipv6/route.c:3598
ip6_route_info_create_nh+0x16a/0xad0 net/ipv6/route.c:3898
addrconf_f6i_alloc+0x3b7/0x630 net/ipv6/route.c:4690
ipv6_add_addr+0x59c/0x1100 net/ipv6/addrconf.c:1126
addrconf_add_linklocal+0x20c/0x460 net/ipv6/addrconf.c:3311
addrconf_addr_gen+0x2f8/0x360 net/ipv6/addrconf.c:3447
addrconf_notify+0xb1e/0x1050 net/ipv6/addrconf.c:3745
notifier_call_chain+0x1be/0x400 kernel/notifier.c:85
call_netdevice_notifiers_extack net/core/dev.c:2281 [inline]
call_netdevice_notifiers net/core/dev.c:2295 [inline]
__dev_notify_flags+0x1a9/0x310 net/core/dev.c:9788
netif_change_flags+0xe8/0x1a0 net/core/dev.c:9817
do_setlink+0xf82/0x4590 net/core/rtnetlink.c:3158
rtnl_changelink net/core/rtnetlink.c:3776 [inline]
__rtnl_newlink net/core/rtnetlink.c:3935 [inline]
rtnl_newlink+0x15a9/0x1be0 net/core/rtnetlink.c:4072
rtnetlink_rcv_msg+0x7d5/0xbe0 net/core/rtnetlink.c:6958
netlink_rcv_skb+0x232/0x4b0 net/netlink/af_netlink.c:2550
netlink_unicast_kernel net/netlink/af_netlink.c:1318 [inline]
netlink_unicast+0x80f/0x9b0 net/netlink/af_netlink.c:1344
netlink_sendmsg+0x813/0xb40 net/netlink/af_netlink.c:1894
sock_sendmsg_nosec+0x18f/0x1d0 net/socket.c:737
Call trace for netdevsim0[19] +1 at
__dev_hold include/linux/netdevice.h:4403 [inline]
netdev_hold include/linux/netdevice.h:4446 [inline]
dev_hold include/linux/netdevice.h:4469 [inline]
addr_event+0x302/0x480 drivers/infiniband/core/roce_gid_mgmt.c:897
inet6addr_event+0x9f/0xd0 drivers/infiniband/core/roce_gid_mgmt.c:930
notifier_call_chain+0x1be/0x400 kernel/notifier.c:85
atomic_notifier_call_chain+0xda/0x180 kernel/notifier.c:223
ipv6_add_addr+0xe08/0x1100 net/ipv6/addrconf.c:1186
addrconf_add_linklocal+0x20c/0x460 net/ipv6/addrconf.c:3311
addrconf_addr_gen+0x2f8/0x360 net/ipv6/addrconf.c:3447
addrconf_notify+0xb1e/0x1050 net/ipv6/addrconf.c:3745
notifier_call_chain+0x1be/0x400 kernel/notifier.c:85
call_netdevice_notifiers_extack net/core/dev.c:2281 [inline]
call_netdevice_notifiers net/core/dev.c:2295 [inline]
__dev_notify_flags+0x1a9/0x310 net/core/dev.c:9788
netif_change_flags+0xe8/0x1a0 net/core/dev.c:9817
do_setlink+0xf82/0x4590 net/core/rtnetlink.c:3158
rtnl_changelink net/core/rtnetlink.c:3776 [inline]
__rtnl_newlink net/core/rtnetlink.c:3935 [inline]
rtnl_newlink+0x15a9/0x1be0 net/core/rtnetlink.c:4072
rtnetlink_rcv_msg+0x7d5/0xbe0 net/core/rtnetlink.c:6958
netlink_rcv_skb+0x232/0x4b0 net/netlink/af_netlink.c:2550
netlink_unicast_kernel net/netlink/af_netlink.c:1318 [inline]
netlink_unicast+0x80f/0x9b0 net/netlink/af_netlink.c:1344
netlink_sendmsg+0x813/0xb40 net/netlink/af_netlink.c:1894
sock_sendmsg_nosec+0x18f/0x1d0 net/socket.c:737
Call trace for netdevsim0[20] -2 at
__dev_put include/linux/netdevice.h:4389 [inline]
netdev_put include/linux/netdevice.h:4456 [inline]
dev_put include/linux/netdevice.h:4481 [inline]
update_gid_event_work_handler+0x84/0xf0 drivers/infiniband/core/roce_gid_mgmt.c:861
process_one_work+0x949/0x1650 kernel/workqueue.c:3279
Call trace for netdevsim0[21] +1 at
__dev_hold include/linux/netdevice.h:4403 [inline]
netdev_hold include/linux/netdevice.h:4446 [inline]
dev_hold include/linux/netdevice.h:4469 [inline]
dev_get_by_index+0x1b3/0x2f0 net/core/dev.c:995
netdev_get_by_index+0x25/0xb0 net/core/dev.c:1018
fib6_nh_init+0x1f2/0x2010 net/ipv6/route.c:3598
ip6_route_info_create_nh+0x16a/0xad0 net/ipv6/route.c:3898
ip6_route_add+0x6e/0x1b0 net/ipv6/route.c:3950
addrconf_prefix_route+0x3a2/0x480 net/ipv6/addrconf.c:2488
addrconf_add_linklocal+0x266/0x460 net/ipv6/addrconf.c:3313
addrconf_addr_gen+0x2f8/0x360 net/ipv6/addrconf.c:3447
addrconf_notify+0xb1e/0x1050 net/ipv6/addrconf.c:3745
notifier_call_chain+0x1be/0x400 kernel/notifier.c:85
call_netdevice_notifiers_extack net/core/dev.c:2281 [inline]
call_netdevice_notifiers net/core/dev.c:2295 [inline]
__dev_notify_flags+0x1a9/0x310 net/core/dev.c:9788
netif_change_flags+0xe8/0x1a0 net/core/dev.c:9817
do_setlink+0xf82/0x4590 net/core/rtnetlink.c:3158
rtnl_changelink net/core/rtnetlink.c:3776 [inline]
__rtnl_newlink net/core/rtnetlink.c:3935 [inline]
rtnl_newlink+0x15a9/0x1be0 net/core/rtnetlink.c:4072
rtnetlink_rcv_msg+0x7d5/0xbe0 net/core/rtnetlink.c:6958
netlink_rcv_skb+0x232/0x4b0 net/netlink/af_netlink.c:2550
netlink_unicast_kernel net/netlink/af_netlink.c:1318 [inline]
netlink_unicast+0x80f/0x9b0 net/netlink/af_netlink.c:1344
netlink_sendmsg+0x813/0xb40 net/netlink/af_netlink.c:1894
sock_sendmsg_nosec+0x18f/0x1d0 net/socket.c:737
Call trace for netdevsim0[22] +2 at
__dev_hold include/linux/netdevice.h:4403 [inline]
netdev_hold include/linux/netdevice.h:4446 [inline]
dst_init+0x6f/0x490 net/core/dst.c:52
dst_alloc+0x12a/0x170 net/core/dst.c:94
ip6_dst_alloc net/ipv6/route.c:342 [inline]
icmp6_dst_alloc+0x75/0x440 net/ipv6/route.c:3333
mld_sendpack+0x6ba/0xe40 net/ipv6/mcast.c:1844
mld_send_cr net/ipv6/mcast.c:2154 [inline]
mld_ifc_work+0x835/0xe70 net/ipv6/mcast.c:2693
process_one_work+0x949/0x1650 kernel/workqueue.c:3279
Call trace for netdevsim0[23] +1 at
__dev_hold include/linux/netdevice.h:4403 [inline]
netdev_hold include/linux/netdevice.h:4446 [inline]
___neigh_create+0xc3d/0x2290 net/core/neighbour.c:664
ip6_finish_output2+0x1038/0x1360 net/ipv6/ip6_output.c:128
NF_HOOK_COND include/linux/netfilter.h:307 [inline]
ip6_output+0x340/0x550 net/ipv6/ip6_output.c:247
NF_HOOK+0xa2/0x3a0 include/linux/netfilter.h:318
mld_sendpack+0x8b4/0xe40 net/ipv6/mcast.c:1855
mld_send_cr net/ipv6/mcast.c:2154 [inline]
mld_ifc_work+0x835/0xe70 net/ipv6/mcast.c:2693
process_one_work+0x949/0x1650 kernel/workqueue.c:3279
Call trace for netdevsim0[24] -11 at
__dev_put include/linux/netdevice.h:4389 [inline]
netdev_put include/linux/netdevice.h:4456 [inline]
dst_destroy+0x117/0x360 net/core/dst.c:115
rcu_do_batch kernel/rcu/tree.c:2617 [inline]
rcu_core+0x7cd/0x1070 kernel/rcu/tree.c:2869
handle_softirqs+0x22a/0x870 kernel/softirq.c:626
Call trace for netdevsim0[25] +1 at
__dev_hold include/linux/netdevice.h:4403 [inline]
netdev_hold include/linux/netdevice.h:4446 [inline]
dst_init+0x6f/0x490 net/core/dst.c:52
dst_alloc+0x12a/0x170 net/core/dst.c:94
ip6_dst_alloc net/ipv6/route.c:342 [inline]
icmp6_dst_alloc+0x75/0x440 net/ipv6/route.c:3333
ndisc_send_skb+0x42d/0x14e0 net/ipv6/ndisc.c:491
ndisc_send_ns+0xd7/0x160 net/ipv6/ndisc.c:670
addrconf_dad_work+0xac4/0x14c0 net/ipv6/addrconf.c:4287
process_one_work+0x949/0x1650 kernel/workqueue.c:3279
Call trace for netdevsim0[26] +1 at
__dev_hold include/linux/netdevice.h:4403 [inline]
netdev_hold include/linux/netdevice.h:4446 [inline]
___neigh_create+0xc3d/0x2290 net/core/neighbour.c:664
ip6_finish_output2+0x1038/0x1360 net/ipv6/ip6_output.c:128
NF_HOOK_COND include/linux/netfilter.h:307 [inline]
ip6_output+0x340/0x550 net/ipv6/ip6_output.c:247
NF_HOOK include/linux/netfilter.h:318 [inline]
ndisc_send_skb+0xbaa/0x14e0 net/ipv6/ndisc.c:512
ndisc_send_ns+0xd7/0x160 net/ipv6/ndisc.c:670
addrconf_dad_work+0xac4/0x14c0 net/ipv6/addrconf.c:4287
process_one_work+0x949/0x1650 kernel/workqueue.c:3279
Call trace for netdevsim0[27] +1 at
__dev_hold include/linux/netdevice.h:4403 [inline]
netdev_hold include/linux/netdevice.h:4446 [inline]
dst_init+0x6f/0x490 net/core/dst.c:52
dst_alloc+0x12a/0x170 net/core/dst.c:94
ip6_dst_alloc net/ipv6/route.c:342 [inline]
icmp6_dst_alloc+0x75/0x440 net/ipv6/route.c:3333
mld_sendpack+0x6ba/0xe40 net/ipv6/mcast.c:1844
ipv6_mc_dad_complete+0x88/0x540 net/ipv6/mcast.c:2279
addrconf_dad_completed+0x8a7/0xe60 net/ipv6/addrconf.c:4345
addrconf_dad_work+0xc5e/0x14c0 net/ipv6/addrconf.c:-1
process_one_work+0x949/0x1650 kernel/workqueue.c:3279
Call trace for netdevsim0[28] +1 at
__dev_hold include/linux/netdevice.h:4403 [inline]
netdev_hold include/linux/netdevice.h:4446 [inline]
dst_init+0x6f/0x490 net/core/dst.c:52
dst_alloc+0x12a/0x170 net/core/dst.c:94
ip6_dst_alloc net/ipv6/route.c:342 [inline]
icmp6_dst_alloc+0x75/0x440 net/ipv6/route.c:3333
ndisc_send_skb+0x42d/0x14e0 net/ipv6/ndisc.c:491
addrconf_dad_completed+0x909/0xe60 net/ipv6/addrconf.c:4365
addrconf_dad_work+0xc5e/0x14c0 net/ipv6/addrconf.c:-1
process_one_work+0x949/0x1650 kernel/workqueue.c:3279
Call trace for netdevsim0[29] +1 at
__dev_hold include/linux/netdevice.h:4403 [inline]
netdev_hold include/linux/netdevice.h:4446 [inline]
___neigh_create+0xc3d/0x2290 net/core/neighbour.c:664
ip6_finish_output2+0x1038/0x1360 net/ipv6/ip6_output.c:128
NF_HOOK_COND include/linux/netfilter.h:307 [inline]
ip6_output+0x340/0x550 net/ipv6/ip6_output.c:247
NF_HOOK include/linux/netfilter.h:318 [inline]
ndisc_send_skb+0xbaa/0x14e0 net/ipv6/ndisc.c:512
addrconf_dad_completed+0x909/0xe60 net/ipv6/addrconf.c:4365
addrconf_dad_work+0xc5e/0x14c0 net/ipv6/addrconf.c:-1
process_one_work+0x949/0x1650 kernel/workqueue.c:3279
Call trace for netdevsim0[30] +1 at
__dev_hold include/linux/netdevice.h:4403 [inline]
netdev_hold include/linux/netdevice.h:4446 [inline]
dst_init+0x6f/0x490 net/core/dst.c:52
dst_alloc+0x12a/0x170 net/core/dst.c:94
ip6_dst_alloc net/ipv6/route.c:342 [inline]
icmp6_dst_alloc+0x75/0x440 net/ipv6/route.c:3333
mld_sendpack+0x6ba/0xe40 net/ipv6/mcast.c:1844
mld_dad_work+0x45/0x5b0 net/ipv6/mcast.c:2294
process_one_work+0x949/0x1650 kernel/workqueue.c:3279
Call trace for netdevsim0[31] +5 at
__dev_hold include/linux/netdevice.h:4403 [inline]
netdev_hold include/linux/netdevice.h:4446 [inline]
dst_init+0x6f/0x490 net/core/dst.c:52
dst_alloc+0x12a/0x170 net/core/dst.c:94
ip6_dst_alloc net/ipv6/route.c:342 [inline]
icmp6_dst_alloc+0x75/0x440 net/ipv6/route.c:3333
ndisc_send_skb+0x42d/0x14e0 net/ipv6/ndisc.c:491
addrconf_rs_timer+0x395/0x6d0 net/ipv6/addrconf.c:4042
call_timer_fn+0x192/0x640 kernel/time/timer.c:1748
expire_timers kernel/time/timer.c:1799 [inline]
__run_timers kernel/time/timer.c:2373 [inline]
__run_timer_base+0x652/0x8b0 kernel/time/timer.c:2385
run_timer_base kernel/time/timer.c:2394 [inline]
run_timer_softirq+0xb7/0x170 kernel/time/timer.c:2404
handle_softirqs+0x22a/0x870 kernel/softirq.c:626
Call trace for netdevsim0[32] -3 at
__dev_put include/linux/netdevice.h:4389 [inline]
netdev_put include/linux/netdevice.h:4456 [inline]
neigh_destroy+0x35c/0x5d0 net/core/neighbour.c:940
neigh_remove_one+0x46d/0x4c0 net/core/neighbour.c:249
neigh_forced_gc net/core/neighbour.c:280 [inline]
neigh_alloc net/core/neighbour.c:512 [inline]
___neigh_create+0x485/0x2290 net/core/neighbour.c:655
ip6_finish_output2+0x1038/0x1360 net/ipv6/ip6_output.c:128
NF_HOOK_COND include/linux/netfilter.h:307 [inline]
ip6_output+0x340/0x550 net/ipv6/ip6_output.c:247
NF_HOOK include/linux/netfilter.h:318 [inline]
ndisc_send_skb+0xbaa/0x14e0 net/ipv6/ndisc.c:512
addrconf_rs_timer+0x395/0x6d0 net/ipv6/addrconf.c:4042
call_timer_fn+0x192/0x640 kernel/time/timer.c:1748
expire_timers kernel/time/timer.c:1799 [inline]
__run_timers kernel/time/timer.c:2373 [inline]
__run_timer_base+0x652/0x8b0 kernel/time/timer.c:2385
run_timer_base kernel/time/timer.c:2394 [inline]
run_timer_softirq+0xb7/0x170 kernel/time/timer.c:2404
handle_softirqs+0x22a/0x870 kernel/softirq.c:626
Call trace for netdevsim0[33] +1 at
__dev_hold include/linux/netdevice.h:4403 [inline]
netdev_hold include/linux/netdevice.h:4446 [inline]
ethnl_default_dumpit+0x1ed/0x630 net/ethtool/netlink.c:626
genl_dumpit+0x10b/0x1b0 net/netlink/genetlink.c:1027
netlink_dump+0x722/0xe80 net/netlink/af_netlink.c:2325
__netlink_dump_start+0x5cb/0x7e0 net/netlink/af_netlink.c:2440
genl_family_rcv_msg_dumpit+0x213/0x310 net/netlink/genetlink.c:1076
genl_family_rcv_msg net/netlink/genetlink.c:1192 [inline]
genl_rcv_msg+0x5e8/0x7a0 net/netlink/genetlink.c:1210
netlink_rcv_skb+0x232/0x4b0 net/netlink/af_netlink.c:2550
genl_rcv+0x28/0x40 net/netlink/genetlink.c:1219
netlink_unicast_kernel net/netlink/af_netlink.c:1318 [inline]
netlink_unicast+0x80f/0x9b0 net/netlink/af_netlink.c:1344
netlink_sendmsg+0x813/0xb40 net/netlink/af_netlink.c:1894
sock_sendmsg_nosec+0x18f/0x1d0 net/socket.c:737
Call trace for netdevsim0[34] -1 at
__dev_put include/linux/netdevice.h:4389 [inline]
netdev_put include/linux/netdevice.h:4456 [inline]
ethnl_default_dumpit+0x404/0x630 net/ethtool/netlink.c:632
genl_dumpit+0x10b/0x1b0 net/netlink/genetlink.c:1027
netlink_dump+0x722/0xe80 net/netlink/af_netlink.c:2325
__netlink_dump_start+0x5cb/0x7e0 net/netlink/af_netlink.c:2440
genl_family_rcv_msg_dumpit+0x213/0x310 net/netlink/genetlink.c:1076
genl_family_rcv_msg net/netlink/genetlink.c:1192 [inline]
genl_rcv_msg+0x5e8/0x7a0 net/netlink/genetlink.c:1210
netlink_rcv_skb+0x232/0x4b0 net/netlink/af_netlink.c:2550
genl_rcv+0x28/0x40 net/netlink/genetlink.c:1219
netlink_unicast_kernel net/netlink/af_netlink.c:1318 [inline]
netlink_unicast+0x80f/0x9b0 net/netlink/af_netlink.c:1344
netlink_sendmsg+0x813/0xb40 net/netlink/af_netlink.c:1894
sock_sendmsg_nosec+0x18f/0x1d0 net/socket.c:737
Call trace for netdevsim0[35] +2 at
__dev_hold include/linux/netdevice.h:4403 [inline]
netdev_hold include/linux/netdevice.h:4446 [inline]
___neigh_create+0xc3d/0x2290 net/core/neighbour.c:664
ip6_finish_output2+0x1038/0x1360 net/ipv6/ip6_output.c:128
NF_HOOK_COND include/linux/netfilter.h:307 [inline]
ip6_output+0x340/0x550 net/ipv6/ip6_output.c:247
NF_HOOK include/linux/netfilter.h:318 [inline]
ndisc_send_skb+0xbaa/0x14e0 net/ipv6/ndisc.c:512
addrconf_rs_timer+0x395/0x6d0 net/ipv6/addrconf.c:4042
call_timer_fn+0x192/0x640 kernel/time/timer.c:1748
expire_timers kernel/time/timer.c:1799 [inline]
__run_timers kernel/time/timer.c:2373 [inline]
__run_timer_base+0x652/0x8b0 kernel/time/timer.c:2385
run_timer_base kernel/time/timer.c:2394 [inline]
run_timer_softirq+0xb7/0x170 kernel/time/timer.c:2404
handle_softirqs+0x22a/0x870 kernel/softirq.c:626
Call trace for netdevsim0[36] +1 at
__dev_hold include/linux/netdevice.h:4403 [inline]
netdev_hold include/linux/netdevice.h:4446 [inline]
dev_hold include/linux/netdevice.h:4469 [inline]
dev_get_by_index+0x1b3/0x2f0 net/core/dev.c:995
xfrm_dev_state_add+0x33a/0xc40 net/xfrm/xfrm_device.c:268
xfrm_state_construct net/xfrm/xfrm_user.c:986 [inline]
xfrm_add_sa+0x34ca/0x4230 net/xfrm/xfrm_user.c:1022
xfrm_user_rcv_msg+0x746/0xb20 net/xfrm/xfrm_user.c:3507
netlink_rcv_skb+0x232/0x4b0 net/netlink/af_netlink.c:2550
xfrm_netlink_rcv+0x79/0x90 net/xfrm/xfrm_user.c:3529
netlink_unicast_kernel net/netlink/af_netlink.c:1318 [inline]
netlink_unicast+0x80f/0x9b0 net/netlink/af_netlink.c:1344
netlink_sendmsg+0x813/0xb40 net/netlink/af_netlink.c:1894
sock_sendmsg_nosec+0x18f/0x1d0 net/socket.c:737
Call trace for netdevsim0[37] -1 at
__dev_put include/linux/netdevice.h:4389 [inline]
netdev_put include/linux/netdevice.h:4456 [inline]
neigh_destroy+0x35c/0x5d0 net/core/neighbour.c:940
neigh_periodic_work+0xb4f/0xe50 net/core/neighbour.c:1029
process_one_work+0x949/0x1650 kernel/workqueue.c:3279
process_scheduled_works kernel/workqueue.c:3362 [inline]
worker_thread+0xb46/0x1140 kernel/workqueue.c:3443
kthread+0x388/0x470 kernel/kthread.c:467
ret_from_fork+0x51e/0xb90 arch/x86/kernel/process.c:158
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
Call trace for netdevsim0[38] +1 at
__dev_hold include/linux/netdevice.h:4403 [inline]
netdev_hold include/linux/netdevice.h:4446 [inline]
linkwatch_add_event net/core/link_watch.c:131 [inline]
linkwatch_fire_event+0x166/0x220 net/core/link_watch.c:314
nsim_stop+0x88/0x430 drivers/net/netdevsim/netdev.c:595
__dev_close_many+0x368/0x6d0 net/core/dev.c:1768
netif_close_many+0x225/0x420 net/core/dev.c:1793
netif_close_many_and_unlock net/core/dev.c:12317 [inline]
unregister_netdevice_many_notify+0x81f/0x2380 net/core/dev.c:12381
unregister_netdevice_many net/core/dev.c:12480 [inline]
unregister_netdevice_queue+0x31f/0x360 net/core/dev.c:12294
unregister_netdevice include/linux/netdevice.h:3414 [inline]
nsim_destroy+0x1e5/0x680 drivers/net/netdevsim/netdev.c:1183
__nsim_dev_port_del+0x14d/0x1b0 drivers/net/netdevsim/dev.c:1529
nsim_dev_port_del_all drivers/net/netdevsim/dev.c:1541 [inline]
nsim_dev_reload_destroy+0x288/0x490 drivers/net/netdevsim/dev.c:1765
nsim_dev_reload_down+0x8a/0xc0 drivers/net/netdevsim/dev.c:1039
devlink_reload+0x1d1/0x8e0 net/devlink/dev.c:461
devlink_nl_reload_doit+0xaaa/0xc80 net/devlink/dev.c:584
genl_family_rcv_msg_doit+0x22a/0x330 net/netlink/genetlink.c:1115
genl_family_rcv_msg net/netlink/genetlink.c:1195 [inline]
genl_rcv_msg+0x61c/0x7a0 net/netlink/genetlink.c:1210
netlink_rcv_skb+0x232/0x4b0 net/netlink/af_netlink.c:2550
genl_rcv+0x28/0x40 net/netlink/genetlink.c:1219
netlink_unicast_kernel net/netlink/af_netlink.c:1318 [inline]
netlink_unicast+0x80f/0x9b0 net/netlink/af_netlink.c:1344
netlink_sendmsg+0x813/0xb40 net/netlink/af_netlink.c:1894
sock_sendmsg_nosec+0x18f/0x1d0 net/socket.c:737
Call trace for netdevsim0[39] -1 at
__dev_put include/linux/netdevice.h:4389 [inline]
netdev_put include/linux/netdevice.h:4456 [inline]
neigh_destroy+0x35c/0x5d0 net/core/neighbour.c:940
neigh_flush_dev net/core/neighbour.c:433 [inline]
__neigh_ifdown+0x1e8/0x8c0 net/core/neighbour.c:467
neigh_ifdown+0x1f/0x30 net/core/neighbour.c:491
rt6_disable_ip+0x776/0x7f0 net/ipv6/route.c:5018
addrconf_ifdown+0x161/0x1a40 net/ipv6/addrconf.c:3858
addrconf_notify+0x1bc/0x1050 net/ipv6/addrconf.c:-1
notifier_call_chain+0x1be/0x400 kernel/notifier.c:85
call_netdevice_notifiers_extack net/core/dev.c:2281 [inline]
call_netdevice_notifiers net/core/dev.c:2295 [inline]
netif_close_many+0x2ae/0x420 net/core/dev.c:1797
netif_close_many_and_unlock net/core/dev.c:12317 [inline]
unregister_netdevice_many_notify+0x81f/0x2380 net/core/dev.c:12381
unregister_netdevice_many net/core/dev.c:12480 [inline]
unregister_netdevice_queue+0x31f/0x360 net/core/dev.c:12294
unregister_netdevice include/linux/netdevice.h:3414 [inline]
nsim_destroy+0x1e5/0x680 drivers/net/netdevsim/netdev.c:1183
__nsim_dev_port_del+0x14d/0x1b0 drivers/net/netdevsim/dev.c:1529
nsim_dev_port_del_all drivers/net/netdevsim/dev.c:1541 [inline]
nsim_dev_reload_destroy+0x288/0x490 drivers/net/netdevsim/dev.c:1765
nsim_dev_reload_down+0x8a/0xc0 drivers/net/netdevsim/dev.c:1039
devlink_reload+0x1d1/0x8e0 net/devlink/dev.c:461
devlink_nl_reload_doit+0xaaa/0xc80 net/devlink/dev.c:584
genl_family_rcv_msg_doit+0x22a/0x330 net/netlink/genetlink.c:1115
genl_family_rcv_msg net/netlink/genetlink.c:1195 [inline]
genl_rcv_msg+0x61c/0x7a0 net/netlink/genetlink.c:1210
netlink_rcv_skb+0x232/0x4b0 net/netlink/af_netlink.c:2550
genl_rcv+0x28/0x40 net/netlink/genetlink.c:1219
Call trace for netdevsim0[40] +1 at
__dev_hold include/linux/netdevice.h:4403 [inline]
netdev_hold include/linux/netdevice.h:4446 [inline]
dev_hold include/linux/netdevice.h:4469 [inline]
addr_event+0x302/0x480 drivers/infiniband/core/roce_gid_mgmt.c:897
inet6addr_event+0x9f/0xd0 drivers/infiniband/core/roce_gid_mgmt.c:930
notifier_call_chain+0x1be/0x400 kernel/notifier.c:85
atomic_notifier_call_chain+0xda/0x180 kernel/notifier.c:223
addrconf_ifdown+0xeb3/0x1a40 net/ipv6/addrconf.c:3983
addrconf_notify+0x1bc/0x1050 net/ipv6/addrconf.c:-1
notifier_call_chain+0x1be/0x400 kernel/notifier.c:85
call_netdevice_notifiers_extack net/core/dev.c:2281 [inline]
call_netdevice_notifiers net/core/dev.c:2295 [inline]
netif_close_many+0x2ae/0x420 net/core/dev.c:1797
netif_close_many_and_unlock net/core/dev.c:12317 [inline]
unregister_netdevice_many_notify+0x81f/0x2380 net/core/dev.c:12381
unregister_netdevice_many net/core/dev.c:12480 [inline]
unregister_netdevice_queue+0x31f/0x360 net/core/dev.c:12294
unregister_netdevice include/linux/netdevice.h:3414 [inline]
nsim_destroy+0x1e5/0x680 drivers/net/netdevsim/netdev.c:1183
__nsim_dev_port_del+0x14d/0x1b0 drivers/net/netdevsim/dev.c:1529
nsim_dev_port_del_all drivers/net/netdevsim/dev.c:1541 [inline]
nsim_dev_reload_destroy+0x288/0x490 drivers/net/netdevsim/dev.c:1765
nsim_dev_reload_down+0x8a/0xc0 drivers/net/netdevsim/dev.c:1039
devlink_reload+0x1d1/0x8e0 net/devlink/dev.c:461
devlink_nl_reload_doit+0xaaa/0xc80 net/devlink/dev.c:584
genl_family_rcv_msg_doit+0x22a/0x330 net/netlink/genetlink.c:1115
genl_family_rcv_msg net/netlink/genetlink.c:1195 [inline]
genl_rcv_msg+0x61c/0x7a0 net/netlink/genetlink.c:1210
netlink_rcv_skb+0x232/0x4b0 net/netlink/af_netlink.c:2550
genl_rcv+0x28/0x40 net/netlink/genetlink.c:1219
Call trace for netdevsim0[41] -1 at
__dev_put include/linux/netdevice.h:4389 [inline]
netdev_put include/linux/netdevice.h:4456 [inline]
__qdisc_destroy+0x1c9/0x450 net/sched/sch_generic.c:1081
qdisc_put net/sched/sch_generic.c:1105 [inline]
dev_shutdown+0x34c/0x440 net/sched/sch_generic.c:1493
unregister_netdevice_many_notify+0x11a9/0x2380 net/core/dev.c:12405
unregister_netdevice_many net/core/dev.c:12480 [inline]
unregister_netdevice_queue+0x31f/0x360 net/core/dev.c:12294
unregister_netdevice include/linux/netdevice.h:3414 [inline]
nsim_destroy+0x1e5/0x680 drivers/net/netdevsim/netdev.c:1183
__nsim_dev_port_del+0x14d/0x1b0 drivers/net/netdevsim/dev.c:1529
nsim_dev_port_del_all drivers/net/netdevsim/dev.c:1541 [inline]
nsim_dev_reload_destroy+0x288/0x490 drivers/net/netdevsim/dev.c:1765
nsim_dev_reload_down+0x8a/0xc0 drivers/net/netdevsim/dev.c:1039
devlink_reload+0x1d1/0x8e0 net/devlink/dev.c:461
devlink_nl_reload_doit+0xaaa/0xc80 net/devlink/dev.c:584
genl_family_rcv_msg_doit+0x22a/0x330 net/netlink/genetlink.c:1115
genl_family_rcv_msg net/netlink/genetlink.c:1195 [inline]
genl_rcv_msg+0x61c/0x7a0 net/netlink/genetlink.c:1210
netlink_rcv_skb+0x232/0x4b0 net/netlink/af_netlink.c:2550
genl_rcv+0x28/0x40 net/netlink/genetlink.c:1219
netlink_unicast_kernel net/netlink/af_netlink.c:1318 [inline]
netlink_unicast+0x80f/0x9b0 net/netlink/af_netlink.c:1344
netlink_sendmsg+0x813/0xb40 net/netlink/af_netlink.c:1894
sock_sendmsg_nosec+0x18f/0x1d0 net/socket.c:737
Call trace for netdevsim0[42] +1 at
__dev_hold include/linux/netdevice.h:4403 [inline]
netdev_hold include/linux/netdevice.h:4446 [inline]
dev_hold include/linux/netdevice.h:4469 [inline]
netdevice_queue_work drivers/infiniband/core/roce_gid_mgmt.c:698 [inline]
netdevice_event+0x4ea/0x8d0 drivers/infiniband/core/roce_gid_mgmt.c:849
notifier_call_chain+0x1be/0x400 kernel/notifier.c:85
call_netdevice_notifiers_extack net/core/dev.c:2281 [inline]
call_netdevice_notifiers net/core/dev.c:2295 [inline]
unregister_netdevice_many_notify+0x186a/0x2380 net/core/dev.c:12417
unregister_netdevice_many net/core/dev.c:12480 [inline]
unregister_netdevice_queue+0x31f/0x360 net/core/dev.c:12294
unregister_netdevice include/linux/netdevice.h:3414 [inline]
nsim_destroy+0x1e5/0x680 drivers/net/netdevsim/netdev.c:1183
__nsim_dev_port_del+0x14d/0x1b0 drivers/net/netdevsim/dev.c:1529
nsim_dev_port_del_all drivers/net/netdevsim/dev.c:1541 [inline]
nsim_dev_reload_destroy+0x288/0x490 drivers/net/netdevsim/dev.c:1765
nsim_dev_reload_down+0x8a/0xc0 drivers/net/netdevsim/dev.c:1039
devlink_reload+0x1d1/0x8e0 net/devlink/dev.c:461
devlink_nl_reload_doit+0xaaa/0xc80 net/devlink/dev.c:584
genl_family_rcv_msg_doit+0x22a/0x330 net/netlink/genetlink.c:1115
genl_family_rcv_msg net/netlink/genetlink.c:1195 [inline]
genl_rcv_msg+0x61c/0x7a0 net/netlink/genetlink.c:1210
netlink_rcv_skb+0x232/0x4b0 net/netlink/af_netlink.c:2550
genl_rcv+0x28/0x40 net/netlink/genetlink.c:1219
netlink_unicast_kernel net/netlink/af_netlink.c:1318 [inline]
netlink_unicast+0x80f/0x9b0 net/netlink/af_netlink.c:1344
netlink_sendmsg+0x813/0xb40 net/netlink/af_netlink.c:1894
sock_sendmsg_nosec+0x18f/0x1d0 net/socket.c:737
Call trace for netdevsim0[43] +1 at
__dev_hold include/linux/netdevice.h:4403 [inline]
netdev_hold include/linux/netdevice.h:4446 [inline]
dev_hold include/linux/netdevice.h:4469 [inline]
netdevice_queue_work drivers/infiniband/core/roce_gid_mgmt.c:699 [inline]
netdevice_event+0x593/0x8d0 drivers/infiniband/core/roce_gid_mgmt.c:849
notifier_call_chain+0x1be/0x400 kernel/notifier.c:85
call_netdevice_notifiers_extack net/core/dev.c:2281 [inline]
call_netdevice_notifiers net/core/dev.c:2295 [inline]
unregister_netdevice_many_notify+0x186a/0x2380 net/core/dev.c:12417
unregister_netdevice_many net/core/dev.c:12480 [inline]
unregister_netdevice_queue+0x31f/0x360 net/core/dev.c:12294
unregister_netdevice include/linux/netdevice.h:3414 [inline]
nsim_destroy+0x1e5/0x680 drivers/net/netdevsim/netdev.c:1183
__nsim_dev_port_del+0x14d/0x1b0 drivers/net/netdevsim/dev.c:1529
nsim_dev_port_del_all drivers/net/netdevsim/dev.c:1541 [inline]
nsim_dev_reload_destroy+0x288/0x490 drivers/net/netdevsim/dev.c:1765
nsim_dev_reload_down+0x8a/0xc0 drivers/net/netdevsim/dev.c:1039
devlink_reload+0x1d1/0x8e0 net/devlink/dev.c:461
devlink_nl_reload_doit+0xaaa/0xc80 net/devlink/dev.c:584
genl_family_rcv_msg_doit+0x22a/0x330 net/netlink/genetlink.c:1115
genl_family_rcv_msg net/netlink/genetlink.c:1195 [inline]
genl_rcv_msg+0x61c/0x7a0 net/netlink/genetlink.c:1210
netlink_rcv_skb+0x232/0x4b0 net/netlink/af_netlink.c:2550
genl_rcv+0x28/0x40 net/netlink/genetlink.c:1219
netlink_unicast_kernel net/netlink/af_netlink.c:1318 [inline]
netlink_unicast+0x80f/0x9b0 net/netlink/af_netlink.c:1344
netlink_sendmsg+0x813/0xb40 net/netlink/af_netlink.c:1894
sock_sendmsg_nosec+0x18f/0x1d0 net/socket.c:737
Call trace for netdevsim0[44] -1 at
__dev_put include/linux/netdevice.h:4389 [inline]
netdev_put include/linux/netdevice.h:4456 [inline]
neigh_parms_release+0x170/0x200 net/core/neighbour.c:1817
inetdev_destroy net/ipv4/devinet.c:335 [inline]
inetdev_event+0x7f4/0x1610 net/ipv4/devinet.c:1655
notifier_call_chain+0x1be/0x400 kernel/notifier.c:85
call_netdevice_notifiers_extack net/core/dev.c:2281 [inline]
call_netdevice_notifiers net/core/dev.c:2295 [inline]
unregister_netdevice_many_notify+0x186a/0x2380 net/core/dev.c:12417
unregister_netdevice_many net/core/dev.c:12480 [inline]
unregister_netdevice_queue+0x31f/0x360 net/core/dev.c:12294
unregister_netdevice include/linux/netdevice.h:3414 [inline]
nsim_destroy+0x1e5/0x680 drivers/net/netdevsim/netdev.c:1183
__nsim_dev_port_del+0x14d/0x1b0 drivers/net/netdevsim/dev.c:1529
nsim_dev_port_del_all drivers/net/netdevsim/dev.c:1541 [inline]
nsim_dev_reload_destroy+0x288/0x490 drivers/net/netdevsim/dev.c:1765
nsim_dev_reload_down+0x8a/0xc0 drivers/net/netdevsim/dev.c:1039
devlink_reload+0x1d1/0x8e0 net/devlink/dev.c:461
devlink_nl_reload_doit+0xaaa/0xc80 net/devlink/dev.c:584
genl_family_rcv_msg_doit+0x22a/0x330 net/netlink/genetlink.c:1115
genl_family_rcv_msg net/netlink/genetlink.c:1195 [inline]
genl_rcv_msg+0x61c/0x7a0 net/netlink/genetlink.c:1210
netlink_rcv_skb+0x232/0x4b0 net/netlink/af_netlink.c:2550
genl_rcv+0x28/0x40 net/netlink/genetlink.c:1219
netlink_unicast_kernel net/netlink/af_netlink.c:1318 [inline]
netlink_unicast+0x80f/0x9b0 net/netlink/af_netlink.c:1344
netlink_sendmsg+0x813/0xb40 net/netlink/af_netlink.c:1894
sock_sendmsg_nosec+0x18f/0x1d0 net/socket.c:737
Call trace for netdevsim0[45] -1 at
__dev_put include/linux/netdevice.h:4389 [inline]
netdev_put include/linux/netdevice.h:4456 [inline]
in_dev_finish_destroy+0xa7/0x1a0 net/ipv4/devinet.c:258
in_dev_put include/linux/inetdevice.h:290 [inline]
inetdev_destroy net/ipv4/devinet.c:338 [inline]
inetdev_event+0x83b/0x1610 net/ipv4/devinet.c:1655
notifier_call_chain+0x1be/0x400 kernel/notifier.c:85
call_netdevice_notifiers_extack net/core/dev.c:2281 [inline]
call_netdevice_notifiers net/core/dev.c:2295 [inline]
unregister_netdevice_many_notify+0x186a/0x2380 net/core/dev.c:12417
unregister_netdevice_many net/core/dev.c:12480 [inline]
unregister_netdevice_queue+0x31f/0x360 net/core/dev.c:12294
unregister_netdevice include/linux/netdevice.h:3414 [inline]
nsim_destroy+0x1e5/0x680 drivers/net/netdevsim/netdev.c:1183
__nsim_dev_port_del+0x14d/0x1b0 drivers/net/netdevsim/dev.c:1529
nsim_dev_port_del_all drivers/net/netdevsim/dev.c:1541 [inline]
nsim_dev_reload_destroy+0x288/0x490 drivers/net/netdevsim/dev.c:1765
nsim_dev_reload_down+0x8a/0xc0 drivers/net/netdevsim/dev.c:1039
devlink_reload+0x1d1/0x8e0 net/devlink/dev.c:461
devlink_nl_reload_doit+0xaaa/0xc80 net/devlink/dev.c:584
genl_family_rcv_msg_doit+0x22a/0x330 net/netlink/genetlink.c:1115
genl_family_rcv_msg net/netlink/genetlink.c:1195 [inline]
genl_rcv_msg+0x61c/0x7a0 net/netlink/genetlink.c:1210
netlink_rcv_skb+0x232/0x4b0 net/netlink/af_netlink.c:2550
genl_rcv+0x28/0x40 net/netlink/genetlink.c:1219
netlink_unicast_kernel net/netlink/af_netlink.c:1318 [inline]
netlink_unicast+0x80f/0x9b0 net/netlink/af_netlink.c:1344
netlink_sendmsg+0x813/0xb40 net/netlink/af_netlink.c:1894
sock_sendmsg_nosec+0x18f/0x1d0 net/socket.c:737
Call trace for netdevsim0[46] -3 at
__dev_put include/linux/netdevice.h:4389 [inline]
netdev_put include/linux/netdevice.h:4456 [inline]
fib_nh_common_release+0x5c/0x430 net/ipv4/fib_semantics.c:204
fib6_info_destroy_rcu+0xca/0x1c0 net/ipv6/ip6_fib.c:177
rcu_do_batch kernel/rcu/tree.c:2617 [inline]
rcu_core+0x7cd/0x1070 kernel/rcu/tree.c:2869
handle_softirqs+0x22a/0x870 kernel/softirq.c:626
Call trace for netdevsim0[47] -1 at
__dev_put include/linux/netdevice.h:4389 [inline]
netdev_put include/linux/netdevice.h:4456 [inline]
neigh_parms_release+0x170/0x200 net/core/neighbour.c:1817
addrconf_ifdown+0x177b/0x1a40 net/ipv6/addrconf.c:4012
addrconf_notify+0x1bc/0x1050 net/ipv6/addrconf.c:-1
notifier_call_chain+0x1be/0x400 kernel/notifier.c:85
call_netdevice_notifiers_extack net/core/dev.c:2281 [inline]
call_netdevice_notifiers net/core/dev.c:2295 [inline]
unregister_netdevice_many_notify+0x186a/0x2380 net/core/dev.c:12417
unregister_netdevice_many net/core/dev.c:12480 [inline]
unregister_netdevice_queue+0x31f/0x360 net/core/dev.c:12294
unregister_netdevice include/linux/netdevice.h:3414 [inline]
nsim_destroy+0x1e5/0x680 drivers/net/netdevsim/netdev.c:1183
__nsim_dev_port_del+0x14d/0x1b0 drivers/net/netdevsim/dev.c:1529
nsim_dev_port_del_all drivers/net/netdevsim/dev.c:1541 [inline]
nsim_dev_reload_destroy+0x288/0x490 drivers/net/netdevsim/dev.c:1765
nsim_dev_reload_down+0x8a/0xc0 drivers/net/netdevsim/dev.c:1039
devlink_reload+0x1d1/0x8e0 net/devlink/dev.c:461
devlink_nl_reload_doit+0xaaa/0xc80 net/devlink/dev.c:584
genl_family_rcv_msg_doit+0x22a/0x330 net/netlink/genetlink.c:1115
genl_family_rcv_msg net/netlink/genetlink.c:1195 [inline]
genl_rcv_msg+0x61c/0x7a0 net/netlink/genetlink.c:1210
netlink_rcv_skb+0x232/0x4b0 net/netlink/af_netlink.c:2550
genl_rcv+0x28/0x40 net/netlink/genetlink.c:1219
netlink_unicast_kernel net/netlink/af_netlink.c:1318 [inline]
netlink_unicast+0x80f/0x9b0 net/netlink/af_netlink.c:1344
netlink_sendmsg+0x813/0xb40 net/netlink/af_netlink.c:1894
sock_sendmsg_nosec+0x18f/0x1d0 net/socket.c:737
Call trace for netdevsim0[48] -1 at
__dev_put include/linux/netdevice.h:4389 [inline]
netdev_put include/linux/netdevice.h:4456 [inline]
in6_dev_finish_destroy+0xdd/0x1e0 net/ipv6/addrconf_core.c:273
in6_dev_put include/net/addrconf.h:422 [inline]
addrconf_ifdown+0x17d1/0x1a40 net/ipv6/addrconf.c:4014
addrconf_notify+0x1bc/0x1050 net/ipv6/addrconf.c:-1
notifier_call_chain+0x1be/0x400 kernel/notifier.c:85
call_netdevice_notifiers_extack net/core/dev.c:2281 [inline]
call_netdevice_notifiers net/core/dev.c:2295 [inline]
unregister_netdevice_many_notify+0x186a/0x2380 net/core/dev.c:12417
unregister_netdevice_many net/core/dev.c:12480 [inline]
unregister_netdevice_queue+0x31f/0x360 net/core/dev.c:12294
unregister_netdevice include/linux/netdevice.h:3414 [inline]
nsim_destroy+0x1e5/0x680 drivers/net/netdevsim/netdev.c:1183
__nsim_dev_port_del+0x14d/0x1b0 drivers/net/netdevsim/dev.c:1529
nsim_dev_port_del_all drivers/net/netdevsim/dev.c:1541 [inline]
nsim_dev_reload_destroy+0x288/0x490 drivers/net/netdevsim/dev.c:1765
nsim_dev_reload_down+0x8a/0xc0 drivers/net/netdevsim/dev.c:1039
devlink_reload+0x1d1/0x8e0 net/devlink/dev.c:461
devlink_nl_reload_doit+0xaaa/0xc80 net/devlink/dev.c:584
genl_family_rcv_msg_doit+0x22a/0x330 net/netlink/genetlink.c:1115
genl_family_rcv_msg net/netlink/genetlink.c:1195 [inline]
genl_rcv_msg+0x61c/0x7a0 net/netlink/genetlink.c:1210
netlink_rcv_skb+0x232/0x4b0 net/netlink/af_netlink.c:2550
genl_rcv+0x28/0x40 net/netlink/genetlink.c:1219
netlink_unicast_kernel net/netlink/af_netlink.c:1318 [inline]
netlink_unicast+0x80f/0x9b0 net/netlink/af_netlink.c:1344
netlink_sendmsg+0x813/0xb40 net/netlink/af_netlink.c:1894
sock_sendmsg_nosec+0x18f/0x1d0 net/socket.c:737
Call trace for netdevsim0[49] -1 at
__dev_put include/linux/netdevice.h:4389 [inline]
netdev_put include/linux/netdevice.h:4456 [inline]
batadv_hardif_release net/batman-adv/hard-interface.c:55 [inline]
kref_put include/linux/kref.h:65 [inline]
batadv_hardif_put+0x8f/0x140 net/batman-adv/hard-interface.h:94
batadv_hard_if_event+0x624/0x1240 net/batman-adv/hard-interface.c:1008
notifier_call_chain+0x1be/0x400 kernel/notifier.c:85
call_netdevice_notifiers_extack net/core/dev.c:2281 [inline]
call_netdevice_notifiers net/core/dev.c:2295 [inline]
unregister_netdevice_many_notify+0x186a/0x2380 net/core/dev.c:12417
unregister_netdevice_many net/core/dev.c:12480 [inline]
unregister_netdevice_queue+0x31f/0x360 net/core/dev.c:12294
unregister_netdevice include/linux/netdevice.h:3414 [inline]
nsim_destroy+0x1e5/0x680 drivers/net/netdevsim/netdev.c:1183
__nsim_dev_port_del+0x14d/0x1b0 drivers/net/netdevsim/dev.c:1529
nsim_dev_port_del_all drivers/net/netdevsim/dev.c:1541 [inline]
nsim_dev_reload_destroy+0x288/0x490 drivers/net/netdevsim/dev.c:1765
nsim_dev_reload_down+0x8a/0xc0 drivers/net/netdevsim/dev.c:1039
devlink_reload+0x1d1/0x8e0 net/devlink/dev.c:461
devlink_nl_reload_doit+0xaaa/0xc80 net/devlink/dev.c:584
genl_family_rcv_msg_doit+0x22a/0x330 net/netlink/genetlink.c:1115
genl_family_rcv_msg net/netlink/genetlink.c:1195 [inline]
genl_rcv_msg+0x61c/0x7a0 net/netlink/genetlink.c:1210
netlink_rcv_skb+0x232/0x4b0 net/netlink/af_netlink.c:2550
genl_rcv+0x28/0x40 net/netlink/genetlink.c:1219
netlink_unicast_kernel net/netlink/af_netlink.c:1318 [inline]
netlink_unicast+0x80f/0x9b0 net/netlink/af_netlink.c:1344
netlink_sendmsg+0x813/0xb40 net/netlink/af_netlink.c:1894
sock_sendmsg_nosec+0x18f/0x1d0 net/socket.c:737
Call trace for netdevsim0[50] -1 at
__dev_put include/linux/netdevice.h:4389 [inline]
netdev_put include/linux/netdevice.h:4456 [inline]
dev_put include/linux/netdevice.h:4481 [inline]
udp_tunnel_nic_unregister net/ipv4/udp_tunnel_nic.c:913 [inline]
udp_tunnel_nic_netdevice_event+0x1582/0x17e0 net/ipv4/udp_tunnel_nic.c:942
notifier_call_chain+0x1be/0x400 kernel/notifier.c:85
call_netdevice_notifiers_extack net/core/dev.c:2281 [inline]
call_netdevice_notifiers net/core/dev.c:2295 [inline]
unregister_netdevice_many_notify+0x186a/0x2380 net/core/dev.c:12417
unregister_netdevice_many net/core/dev.c:12480 [inline]
unregister_netdevice_queue+0x31f/0x360 net/core/dev.c:12294
unregister_netdevice include/linux/netdevice.h:3414 [inline]
nsim_destroy+0x1e5/0x680 drivers/net/netdevsim/netdev.c:1183
__nsim_dev_port_del+0x14d/0x1b0 drivers/net/netdevsim/dev.c:1529
nsim_dev_port_del_all drivers/net/netdevsim/dev.c:1541 [inline]
nsim_dev_reload_destroy+0x288/0x490 drivers/net/netdevsim/dev.c:1765
nsim_dev_reload_down+0x8a/0xc0 drivers/net/netdevsim/dev.c:1039
devlink_reload+0x1d1/0x8e0 net/devlink/dev.c:461
devlink_nl_reload_doit+0xaaa/0xc80 net/devlink/dev.c:584
genl_family_rcv_msg_doit+0x22a/0x330 net/netlink/genetlink.c:1115
genl_family_rcv_msg net/netlink/genetlink.c:1195 [inline]
genl_rcv_msg+0x61c/0x7a0 net/netlink/genetlink.c:1210
netlink_rcv_skb+0x232/0x4b0 net/netlink/af_netlink.c:2550
genl_rcv+0x28/0x40 net/netlink/genetlink.c:1219
netlink_unicast_kernel net/netlink/af_netlink.c:1318 [inline]
netlink_unicast+0x80f/0x9b0 net/netlink/af_netlink.c:1344
netlink_sendmsg+0x813/0xb40 net/netlink/af_netlink.c:1894
sock_sendmsg_nosec+0x18f/0x1d0 net/socket.c:737
Call trace for netdevsim0[51] -1 at
__dev_put include/linux/netdevice.h:4389 [inline]
netdev_put include/linux/netdevice.h:4456 [inline]
rx_queue_release+0x126/0x1a0 net/core/net-sysfs.c:1181
kobject_cleanup lib/kobject.c:689 [inline]
kobject_release lib/kobject.c:720 [inline]
kref_put include/linux/kref.h:65 [inline]
kobject_put+0x228/0x560 lib/kobject.c:737
net_rx_queue_update_kobjects+0x6a6/0x750 net/core/net-sysfs.c:1338
remove_queue_kobjects net/core/net-sysfs.c:2169 [inline]
netdev_unregister_kobject+0x113/0x450 net/core/net-sysfs.c:2325
unregister_netdevice_many_notify+0x1e0e/0x2380 net/core/dev.c:12452
unregister_netdevice_many net/core/dev.c:12480 [inline]
unregister_netdevice_queue+0x31f/0x360 net/core/dev.c:12294
unregister_netdevice include/linux/netdevice.h:3414 [inline]
nsim_destroy+0x1e5/0x680 drivers/net/netdevsim/netdev.c:1183
__nsim_dev_port_del+0x14d/0x1b0 drivers/net/netdevsim/dev.c:1529
nsim_dev_port_del_all drivers/net/netdevsim/dev.c:1541 [inline]
nsim_dev_reload_destroy+0x288/0x490 drivers/net/netdevsim/dev.c:1765
nsim_dev_reload_down+0x8a/0xc0 drivers/net/netdevsim/dev.c:1039
devlink_reload+0x1d1/0x8e0 net/devlink/dev.c:461
devlink_nl_reload_doit+0xaaa/0xc80 net/devlink/dev.c:584
genl_family_rcv_msg_doit+0x22a/0x330 net/netlink/genetlink.c:1115
genl_family_rcv_msg net/netlink/genetlink.c:1195 [inline]
genl_rcv_msg+0x61c/0x7a0 net/netlink/genetlink.c:1210
netlink_rcv_skb+0x232/0x4b0 net/netlink/af_netlink.c:2550
genl_rcv+0x28/0x40 net/netlink/genetlink.c:1219
netlink_unicast_kernel net/netlink/af_netlink.c:1318 [inline]
netlink_unicast+0x80f/0x9b0 net/netlink/af_netlink.c:1344
netlink_sendmsg+0x813/0xb40 net/netlink/af_netlink.c:1894
sock_sendmsg_nosec+0x18f/0x1d0 net/socket.c:737
Call trace for netdevsim0[52] -1 at
__dev_put include/linux/netdevice.h:4389 [inline]
netdev_put include/linux/netdevice.h:4456 [inline]
netdev_queue_release+0x6a/0xd0 net/core/net-sysfs.c:1931
kobject_cleanup lib/kobject.c:689 [inline]
kobject_release lib/kobject.c:720 [inline]
kref_put include/linux/kref.h:65 [inline]
kobject_put+0x228/0x560 lib/kobject.c:737
netdev_queue_update_kobjects+0x5e8/0x6d0 net/core/net-sysfs.c:2073
remove_queue_kobjects net/core/net-sysfs.c:2170 [inline]
netdev_unregister_kobject+0x11f/0x450 net/core/net-sysfs.c:2325
unregister_netdevice_many_notify+0x1e0e/0x2380 net/core/dev.c:12452
unregister_netdevice_many net/core/dev.c:12480 [inline]
unregister_netdevice_queue+0x31f/0x360 net/core/dev.c:12294
unregister_netdevice include/linux/netdevice.h:3414 [inline]
nsim_destroy+0x1e5/0x680 drivers/net/netdevsim/netdev.c:1183
__nsim_dev_port_del+0x14d/0x1b0 drivers/net/netdevsim/dev.c:1529
nsim_dev_port_del_all drivers/net/netdevsim/dev.c:1541 [inline]
nsim_dev_reload_destroy+0x288/0x490 drivers/net/netdevsim/dev.c:1765
nsim_dev_reload_down+0x8a/0xc0 drivers/net/netdevsim/dev.c:1039
devlink_reload+0x1d1/0x8e0 net/devlink/dev.c:461
devlink_nl_reload_doit+0xaaa/0xc80 net/devlink/dev.c:584
genl_family_rcv_msg_doit+0x22a/0x330 net/netlink/genetlink.c:1115
genl_family_rcv_msg net/netlink/genetlink.c:1195 [inline]
genl_rcv_msg+0x61c/0x7a0 net/netlink/genetlink.c:1210
netlink_rcv_skb+0x232/0x4b0 net/netlink/af_netlink.c:2550
genl_rcv+0x28/0x40 net/netlink/genetlink.c:1219
netlink_unicast_kernel net/netlink/af_netlink.c:1318 [inline]
netlink_unicast+0x80f/0x9b0 net/netlink/af_netlink.c:1344
netlink_sendmsg+0x813/0xb40 net/netlink/af_netlink.c:1894
sock_sendmsg_nosec+0x18f/0x1d0 net/socket.c:737
Call trace for netdevsim0[53] -1 at
__dev_put include/linux/netdevice.h:4389 [inline]
netdev_put include/linux/netdevice.h:4456 [inline]
unregister_netdevice_many_notify+0x2068/0x2380 net/core/dev.c:12462
unregister_netdevice_many net/core/dev.c:12480 [inline]
unregister_netdevice_queue+0x31f/0x360 net/core/dev.c:12294
unregister_netdevice include/linux/netdevice.h:3414 [inline]
nsim_destroy+0x1e5/0x680 drivers/net/netdevsim/netdev.c:1183
__nsim_dev_port_del+0x14d/0x1b0 drivers/net/netdevsim/dev.c:1529
nsim_dev_port_del_all drivers/net/netdevsim/dev.c:1541 [inline]
nsim_dev_reload_destroy+0x288/0x490 drivers/net/netdevsim/dev.c:1765
nsim_dev_reload_down+0x8a/0xc0 drivers/net/netdevsim/dev.c:1039
devlink_reload+0x1d1/0x8e0 net/devlink/dev.c:461
devlink_nl_reload_doit+0xaaa/0xc80 net/devlink/dev.c:584
genl_family_rcv_msg_doit+0x22a/0x330 net/netlink/genetlink.c:1115
genl_family_rcv_msg net/netlink/genetlink.c:1195 [inline]
genl_rcv_msg+0x61c/0x7a0 net/netlink/genetlink.c:1210
netlink_rcv_skb+0x232/0x4b0 net/netlink/af_netlink.c:2550
genl_rcv+0x28/0x40 net/netlink/genetlink.c:1219
netlink_unicast_kernel net/netlink/af_netlink.c:1318 [inline]
netlink_unicast+0x80f/0x9b0 net/netlink/af_netlink.c:1344
netlink_sendmsg+0x813/0xb40 net/netlink/af_netlink.c:1894
sock_sendmsg_nosec+0x18f/0x1d0 net/socket.c:737
Call trace for netdevsim0[54] -1 at
__dev_put include/linux/netdevice.h:4389 [inline]
linkwatch_do_dev+0x89/0x180 net/core/link_watch.c:191
__linkwatch_run_queue+0x572/0x7f0 net/core/link_watch.c:244
linkwatch_event+0x4c/0x60 net/core/link_watch.c:304
process_one_work+0x949/0x1650 kernel/workqueue.c:3279
balance as of netdevsim0[54] is 1
xfrm_dev_state_flush_secctx_check: LSM policy is rejecting this operation.
CPU: 1 UID: 0 PID: 16195 Comm: syz.3.3878 Tainted: G L syzkaller #0 PREEMPT(full)
Tainted: [L]=SOFTLOCKUP
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026
Call Trace:
<TASK>
dump_stack_lvl+0xe8/0x150 lib/dump_stack.c:120
xfrm_dev_state_flush_secctx_check net/xfrm/xfrm_state.c:900 [inline]
xfrm_dev_state_flush+0x5fa/0x740 net/xfrm/xfrm_state.c:971
xfrm_dev_unregister net/xfrm/xfrm_device.c:549 [inline]
xfrm_dev_event+0x1bc/0x3f0 net/xfrm/xfrm_device.c:570
notifier_call_chain+0x1be/0x400 kernel/notifier.c:85
call_netdevice_notifiers_extack net/core/dev.c:2281 [inline]
call_netdevice_notifiers net/core/dev.c:2295 [inline]
netdev_wait_allrefs_any net/core/dev.c:11589 [inline]
netdev_run_todo+0x778/0x1130 net/core/dev.c:11710
nsim_destroy+0x3ae/0x680 drivers/net/netdevsim/netdev.c:1190
__nsim_dev_port_del+0x14d/0x1b0 drivers/net/netdevsim/dev.c:1529
nsim_dev_port_del_all drivers/net/netdevsim/dev.c:1541 [inline]
nsim_dev_reload_destroy+0x288/0x490 drivers/net/netdevsim/dev.c:1765
nsim_dev_reload_down+0x8a/0xc0 drivers/net/netdevsim/dev.c:1039
devlink_reload+0x1d1/0x8e0 net/devlink/dev.c:461
devlink_nl_reload_doit+0xaaa/0xc80 net/devlink/dev.c:584
genl_family_rcv_msg_doit+0x22a/0x330 net/netlink/genetlink.c:1115
genl_family_rcv_msg net/netlink/genetlink.c:1195 [inline]
genl_rcv_msg+0x61c/0x7a0 net/netlink/genetlink.c:1210
netlink_rcv_skb+0x232/0x4b0 net/netlink/af_netlink.c:2550
genl_rcv+0x28/0x40 net/netlink/genetlink.c:1219
netlink_unicast_kernel net/netlink/af_netlink.c:1318 [inline]
netlink_unicast+0x80f/0x9b0 net/netlink/af_netlink.c:1344
netlink_sendmsg+0x813/0xb40 net/netlink/af_netlink.c:1894
sock_sendmsg_nosec+0x18f/0x1d0 net/socket.c:737
__sock_sendmsg net/socket.c:752 [inline]
____sys_sendmsg+0x589/0x8c0 net/socket.c:2610
___sys_sendmsg+0x2a5/0x360 net/socket.c:2664
__sys_sendmsg net/socket.c:2696 [inline]
__do_sys_sendmsg net/socket.c:2701 [inline]
__se_sys_sendmsg net/socket.c:2699 [inline]
__x64_sys_sendmsg+0x1bd/0x2a0 net/socket.c:2699
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0x14d/0xf80 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7feb10f9aeb9
Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007feb11efc028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 00007feb11215fa0 RCX: 00007feb10f9aeb9
RDX: 0000000006048800 RSI: 0000200000000080 RDI: 0000000000000005
RBP: 00007feb11008c1f R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007feb11216038 R14: 00007feb11215fa0 R15: 00007ffdd0b07b18
</TASK>
xfrm_dev_state_flush_secctx_check: LSM policy is rejecting this operation.
CPU: 0 UID: 0 PID: 16195 Comm: syz.3.3878 Tainted: G L syzkaller #0 PREEMPT(full)
Tainted: [L]=SOFTLOCKUP
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026
Call Trace:
<TASK>
dump_stack_lvl+0xe8/0x150 lib/dump_stack.c:120
xfrm_dev_state_flush_secctx_check net/xfrm/xfrm_state.c:900 [inline]
xfrm_dev_state_flush+0x5fa/0x740 net/xfrm/xfrm_state.c:971
xfrm_dev_unregister net/xfrm/xfrm_device.c:549 [inline]
xfrm_dev_event+0x1bc/0x3f0 net/xfrm/xfrm_device.c:570
notifier_call_chain+0x1be/0x400 kernel/notifier.c:85
call_netdevice_notifiers_extack net/core/dev.c:2281 [inline]
call_netdevice_notifiers net/core/dev.c:2295 [inline]
netdev_wait_allrefs_any net/core/dev.c:11589 [inline]
netdev_run_todo+0x778/0x1130 net/core/dev.c:11710
nsim_destroy+0x3ae/0x680 drivers/net/netdevsim/netdev.c:1190
__nsim_dev_port_del+0x14d/0x1b0 drivers/net/netdevsim/dev.c:1529
nsim_dev_port_del_all drivers/net/netdevsim/dev.c:1541 [inline]
nsim_dev_reload_destroy+0x288/0x490 drivers/net/netdevsim/dev.c:1765
nsim_dev_reload_down+0x8a/0xc0 drivers/net/netdevsim/dev.c:1039
devlink_reload+0x1d1/0x8e0 net/devlink/dev.c:461
devlink_nl_reload_doit+0xaaa/0xc80 net/devlink/dev.c:584
genl_family_rcv_msg_doit+0x22a/0x330 net/netlink/genetlink.c:1115
genl_family_rcv_msg net/netlink/genetlink.c:1195 [inline]
genl_rcv_msg+0x61c/0x7a0 net/netlink/genetlink.c:1210
netlink_rcv_skb+0x232/0x4b0 net/netlink/af_netlink.c:2550
genl_rcv+0x28/0x40 net/netlink/genetlink.c:1219
netlink_unicast_kernel net/netlink/af_netlink.c:1318 [inline]
netlink_unicast+0x80f/0x9b0 net/netlink/af_netlink.c:1344
netlink_sendmsg+0x813/0xb40 net/netlink/af_netlink.c:1894
sock_sendmsg_nosec+0x18f/0x1d0 net/socket.c:737
__sock_sendmsg net/socket.c:752 [inline]
____sys_sendmsg+0x589/0x8c0 net/socket.c:2610
___sys_sendmsg+0x2a5/0x360 net/socket.c:2664
__sys_sendmsg net/socket.c:2696 [inline]
__do_sys_sendmsg net/socket.c:2701 [inline]
__se_sys_sendmsg net/socket.c:2699 [inline]
__x64_sys_sendmsg+0x1bd/0x2a0 net/socket.c:2699
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0x14d/0xf80 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7feb10f9aeb9
Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007feb11efc028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 00007feb11215fa0 RCX: 00007feb10f9aeb9
RDX: 0000000006048800 RSI: 0000200000000080 RDI: 0000000000000005
RBP: 00007feb11008c1f R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007feb11216038 R14: 00007feb11215fa0 R15: 00007ffdd0b07b18
</TASK>
^ permalink raw reply
* Re: [PATCH v2 0/6] Landlock: Implement scope control for pathname Unix sockets
From: Tingmao Wang @ 2026-02-03 1:26 UTC (permalink / raw)
To: Justin Suess, Mickaël Salaün
Cc: Günther Noack, Demi Marie Obenour, Günther Noack,
Alyssa Ross, Jann Horn, Tahera Fahimi, linux-security-module
In-Reply-To: <8093547c-ab40-4814-ac9a-8dff6f2a2a90@gmail.com>
Hi Mickaël,
Thanks for the feedback and explanations :)
On 2/2/26 20:32, Mickaël Salaün wrote:
> On Sat, Jan 31, 2026 at 05:41:14PM +0000, Tingmao Wang wrote:
>> [...]
>> What do folks think?
>
> I'd like to keep a clean API, with a "scoped" field handling IPC
> scoping, and an "handled_access_fs" field handling filesystem-related
> accesses.
>
> One thing to keep in mind is that we could add a new kind of "handled"
> field that would enable to add rules identifying e.g. processes,
> cgroups, or Landlock domains, and that could be used to add exceptions
> to the current scopes. This means that we need to have a generic way to
> handle this case.
>
> What is the issue with two complementary interfaces (scope and access)
> used to express a policy about connecting to UNIX sockets? We just need
> to make sure that scopes and handled_access_fs dealing with UNIX sockets
> are like binary OR: if the scope is set, then the domain can communicate
> with peers which are in the same domain, and if the handled_access_fs
> right is set, then the domain can only communicate with matching sockets
> (OR scoped ones if the scope is set).
Right, I see what you're saying, especially with the "additional access
rules for other scopes" example, and I think I'm happy with this. I guess
my attempt at trying to make the API more "elegant" would introduce
complexity and also create future inconsistency if other existing scope
bits are combined with handled_access rules.
> [...]
> Anyway, we need to decide if this should be merged in Linux 7.0 (next
> week) or not. I'd prefer to merge it now because I think it works well
> and it's not a new concept wrt the abstract UNIX socket scoping.
> However, if there are any concern, I'd like to hear them now and I can
> delay this merge if needed. This patch series still need a new version
> but that should only be about cosmetic fixes. WDYT?
I ended up being pretty busy today but I can definitely send the next
version tomorrow with your formatting changes and comments. I'm happy
with it going into the next merge window if you are. Justin raises a
point about having these two mechanisms in the same ABI version - see
below for consideration.
>> [...]
>
> My main concern is about user space libraries and users that may want to
> have conditional enforcement for compatibility reasons e.g., only
> enforce LANDLOCK_SCOPE_PATHNAME_UNIX_SOCKET (let's say ABI v8) if it can
> also set LANDLOCK_ACCESS_FS_RESOLVE_UNIX (let's say ABI v9). I see two
> ways to deal with this case (if needed):
> - add synthetic access right to easily let users "combine" two access
> rigths or none;
> - have a more generic way to AND and OR access rights. I'm thinking
> about updating the Rust library in this direction.
I'm not sure I fully understand the complexity here, but I think, assuming
these land in separate kernel versions, it will have to be that if both
the scope bit and LANDLOCK_ACCESS_FS_RESOLVE_UNIX is requested (maybe if
the user actually adds rules containing RESOLVE_UNIX access), but only the
scope bit is supported, then it will have to skip enforcing pathname UNIX
socket restrictions altogether by skipping both the scope bit and the
RESOLVE_UNIX access (if in best effort mode), or fail (if in hard
requirement mode).
I don't immediately see how further customization ability (e.g. synthetic
access rights or other AND/OR combination) could be used - if an app needs
access to a privileged socket and can't pre-open it before
landlock_restrict_self(), then the only realistic choice is to not use the
scope bits if LANDLOCK_ACCESS_FS_RESOLVE_UNIX is not supported.
On 2/2/26 22:03, Justin Suess wrote:
> Regardless if you merge the patch series now in 7.0 or a later version, I think there is something to be said
> about having the filesystem and scoped unix access right merged in the same ABI version / merge window.
>
> As you pointed out earlier, the combination of the two flags is much flexible and useful to userspace
> consumers than one or the other, and if the features were merged separately, there would be an
> awkward middle ABI where user space consumers may have to make compromises or changes to
> sandbox between different versions or change application behavior.
> [...]
Given that the scope bit and RESOLVE_UNIX access right are in some sense
part of the same system (they interact in an OR manner, after all), there
is some positive for having them introduced in the same version, but on
the other hand, with my above reasoning, I don't think these two
mechanisms (scope bit and RESOLVE_UNIX access) being in different ABI
versions would be too much of a problem. In either case, for applications
which require access to more "privileged" sockets, when running on a
kernel without the RESOLVE_UNIX access right support, no pathname socket
restrictions can be applied (i.e. it won't use the scope bit either, there
isn't much "compromise" it can make here). On the other hand, if
RESOLVE_UNIX is supported, then it knows that the scope bit is also
supported, and can just use it.
Furthermore, an application / Landlock config etc can always opt to not
use the scope bit at all, if it "knows" all the locations where the
application's sockets would be placed, and just use RESOLVE_UNIX access
right (or nothing if it is not supported).
(The following is a bit of a side note, not terribly relevant if we're
deciding to go with the patch as is.)
>> [...]
>> Another way to put it is that, if FS-based and scope-based controls
>> interacts in the above proposed way, both mechanisms feel like "poking
>> holes" in the other. But as Mickaël said, one can think of the two
>> mechanisms not as independent controls, but rather as two interfaces for
>> the same control. The socket access control is "enabled" if either the
>> LANDLOCK_ACCESS_FS_RESOLVE_UNIX access is handled, or the scope bit
>> proposed in this patch is enabled.
>>
>> With that said, I can think of some alternative ways that might make this
>> API look "better" (from a subjective point of view, feedback welcome),
>> however it does mean more delays, and specifically, these will depend on
>> LANDLOCK_ACCESS_FS_RESOLVE_UNIX:
>>
>> One possibility is to simply always allow a Landlock domain to connect to
>> its own sockets (in the case where LANDLOCK_ACCESS_FS_RESOLVE_UNIX is
>> handled, otherwise all sockets are allowed). This might be reasonable, as
>> one can only connect to a socket it creates if it has the permission to
>> create it in the first place, which is already controlled by
>> LANDLOCK_ACCESS_FS_MAKE_SOCK, so we don't really lose any policy
>> flexibility here - if for some reason the sandboxer don't want to allow
>> access to any (pathname) sockets, even the sandboxed app's own ones, it
>> can just not allow LANDLOCK_ACCESS_FS_MAKE_SOCK anywhere.
>
> LANDLOCK_ACCESS_FS_MAKE_SOCK is only required to bind/listen to a
> socket, not to connect. I guess you was thinking about
> LANDLOCK_ACCESS_FS_RESOLVE_UNIX in this case?
In this "allow same-scope connect unconditionally" proposal, the
application would still be able to (bind to and) connect to its own
sockets, even if LANDLOCK_ACCESS_FS_RESOLVE_UNIX is handled and nothing is
allowed to have LANDLOCK_ACCESS_FS_RESOLVE_UNIX access. But a sandboxer
which for whatever reason doesn't want this "allow same scope" default can
still prevent the use of (pathname) sockets by restricting
LANDLOCK_ACCESS_FS_MAKE_SOCK, because if an app can't connect to any
sockets it doesn't own, and can't create any sockets itself either, then
it effectively can't connect to any sockets at all.
(Although on second thought, I guess there could be a case where an app
first creates some socket files before doing landlock_restrict_self(),
then it might still be able to bind to these even without
LANDLOCK_ACCESS_FS_MAKE_SOCK?)
^ permalink raw reply
* Re: [PATCH v2 0/6] Landlock: Implement scope control for pathname Unix sockets
From: Justin Suess @ 2026-02-02 22:03 UTC (permalink / raw)
To: Mickaël Salaün, Tingmao Wang
Cc: Günther Noack, Demi Marie Obenour, Günther Noack,
Alyssa Ross, Jann Horn, Tahera Fahimi, linux-security-module
In-Reply-To: <20260202.uu0oCheexahY@digikod.net>
On 2/2/26 15:32, Mickaël Salaün wrote:
> On Sat, Jan 31, 2026 at 05:41:14PM +0000, Tingmao Wang wrote:
>> On 1/9/26 12:01, Mickaël Salaün wrote:
>>> On Wed, Dec 31, 2025 at 11:54:27AM -0500, Demi Marie Obenour wrote:
>>>> On 12/30/25 18:16, Günther Noack wrote:
>>>>> [...]
>>>>> On Tue, Dec 30, 2025 at 05:20:18PM +0000, Tingmao Wang wrote:
>>>>>> [...]
>>>>> What is unclear to me from the examples and the description is: Why is
>>>>> the boundary between allowed and denied connection targets drawn at
>>>>> the border of the Landlock domain (the "scope") and why don't we solve
>>>>> this with the file-system-based approach described in [1]?
>>>>>
>>>>> **Do we have existing use cases where a service is both offered and
>>>>> connected to all from within the same Landlock domain, and where the
>>>>> process enforcing the policy does not control the child process enough
>>>>> so that it would be possible to allow-list it with a
>>>>> LANDLOCK_ACCESS_FS_CONNECT_UNIX rule?**
>>> Yes, with the sandboxer use case. It's similar to a container that
>>> doesn't know all programs that could be run in it. We should be able to
>>> create sandboxes that don't assume (nor restrict) internal IPCs (or any
>>> kind of direct process I/O).
>>>
>>> Landlock should make it possible to scope any kind of IPC. It's a
>>> mental model which is easy to understand and that should be enforced by
>>> default. Of course, we need some ways to add exceptions to this
>>> deny-by-default policy, and that's why we also need the FS-based control
>>> mechanism.
>>>
>>>>> If we do not have such a use case, it seems that the planned FS-based
>>>>> control mechanism from [1] would do the same job? Long term, we might
>>>>> be better off if we only have only one control -- as we have discussed
>>>>> in [2], having two of these might mean that they interact in
>>>>> unconventional and possibly confusing ways.
>>>> I agree with this.
>>> Both approaches are complementary/orthogonal and make sense long term
>>> too. This might be the first time we can restrict the same operations,
>>> but I'm pretty sure it will not be the last, and it's OK. Handled FS
>>> access and scoped restrictions are two ways to describe a part of the
>>> security policy. Having different ways makes the interface much simpler
>>> than a generic one that would have to take into account all potential
>>> future access controls.
>>>
>>> One thing to keep in mind is that UAPI doesn't have to map 1:1 to the
>>> kernel implementation, but the UAPI is stable and future proof, whereas
>>> the kernel implementation can change a lot.
>>>
>>> The ruleset's handled fields serve two purposes: define what should be
>>> denied by default, and define which type of rules are valid
>>> (compatibility). The ruleset's scoped field serve similar purposes but
>>> it also implies implicit rules (i.e. communications with processes
>>> inside the sandbox are allowed). Without the soped field, we would have
>>> to create dedicated handled field per type (i.e. scope's bit) and
>>> dedicated rule type for the related handled field, which would make the
>>> interface more generic but also more complex, for something which is not
>>> needed.
>>>
>>> In a nutshell, in the case of the FS-based and scope-based unix socket
>>> control, we should see one kind of restrictions (e.g. connect to unix
>>> socket), which can accept two types of rules: (explicit) file path, or
>>> (implicit) peer's scope. Access should be granted as long as a rule
>>> matches, whatever its type.
>>>
>>> This rationale should be explained in a commit message.
>>>
>>>>> Apart from that, there are some other weaker hints that make me
>>>>> slightly critical of this patch set:
>>>>>
>>>>> * We discussed the idea that a FS-based path_beneath rule would act
>>>>> implicitly also as an exception for
>>>>> LANDLOCK_SCOPE_PATHNAME_UNIX_SOCKET, in [2] - one possible way to
>>>>> interpret this is that the gravity of the system's logic pulls us
>>>>> back towards a FS-based control, and we would have to swim less
>>>>> against the stream if we integrated the Unix connect() control in
>>>>> that way?
>> While I do think being able to control UNIX socket access via domain
>> scoping is useful (after all, it is an additional bit of information /
>> relationship that "normal" filesystem objects doesn't have, and
>> applications using Landlock might find it useful to control access based
>> on this extra information, either to simplify the policy, or because a
>> generic sandboxer can't come up with a pre-determined list of UNIX socket
>> fs rules, e.g. for applications which places socket in hard-coded "/tmp"),
>> I do share the worry about how this might get confusing from an API
>> perspective, as discussed in my GitHub comment [1].
>>
>> Another way to put it is that, if FS-based and scope-based controls
>> interacts in the above proposed way, both mechanisms feel like "poking
>> holes" in the other. But as Mickaël said, one can think of the two
>> mechanisms not as independent controls, but rather as two interfaces for
>> the same control. The socket access control is "enabled" if either the
>> LANDLOCK_ACCESS_FS_RESOLVE_UNIX access is handled, or the scope bit
>> proposed in this patch is enabled.
>>
>> With that said, I can think of some alternative ways that might make this
>> API look "better" (from a subjective point of view, feedback welcome),
>> however it does mean more delays, and specifically, these will depend on
>> LANDLOCK_ACCESS_FS_RESOLVE_UNIX:
>>
>> One possibility is to simply always allow a Landlock domain to connect to
>> its own sockets (in the case where LANDLOCK_ACCESS_FS_RESOLVE_UNIX is
>> handled, otherwise all sockets are allowed). This might be reasonable, as
>> one can only connect to a socket it creates if it has the permission to
>> create it in the first place, which is already controlled by
>> LANDLOCK_ACCESS_FS_MAKE_SOCK, so we don't really lose any policy
>> flexibility here - if for some reason the sandboxer don't want to allow
>> access to any (pathname) sockets, even the sandboxed app's own ones, it
>> can just not allow LANDLOCK_ACCESS_FS_MAKE_SOCK anywhere.
> LANDLOCK_ACCESS_FS_MAKE_SOCK is only required to bind/listen to a
> socket, not to connect. I guess you was thinking about
> LANDLOCK_ACCESS_FS_RESOLVE_UNIX in this case?
>
>> Another possibility is to have this scope control as part of the
>> LANDLOCK_ACCESS_FS_RESOLVE_UNIX rule itself, rather than as a separate
>> scope bit, via introducing a "rule flag" (which is a new mechanism
>> proposed in [2]) which I will tentatively call
>> (LANDLOCK_ADD_RULE_)SAME_SCOPE_ONLY. So for example:
>>
>> - If the sandboxer wants to allow all socket access, don't handle
>> LANDLOCK_ACCESS_FS_RESOLVE_UNIX at all, or handle it but have an allow
>> rule at / with no flags.
>>
>> - If it wants to allow access to only the sandboxed app's own sockets,
>> handle LANDLOCK_ACCESS_FS_RESOLVE_UNIX, then place one allow rule on /
>> with the rule flag SAME_SCOPE_ONLY. This means that the allow rule
>> "UNIX socket under /" only allows connecting to sockets in the same
>> domain scope. Additional rules without this rule flag can be placed on
>> more specific places to add "exceptions" to allow access to more
>> privileged sockets.
>>
>> - To allow access to specific sockets only, not even the sandboxed app's
>> own sockets, just use LANDLOCK_ACCESS_FS_RESOLVE_UNIX without this new
>> rule flag.
>>
>> This is slightly more flexible than just the LANDLOCK_SCOPE_PATHNAME_UNIX_SOCKET
>> scope bit plus LANDLOCK_ACCESS_FS_RESOLVE_UNIX, as it allows the sandboxer
>> to specify where an application can connect, even with sockets in its own
>> domain, and it also nicely avoids the "what feels like two independent
>> controls poking holes in each other" problem. But it does mean more
>> complexity (although hopefully not too much), as we now need to introduce
>> the rule flags concept, but that is required for some other proposed stuff
>> anyway - quiet flags [3] and no_inherit [4] rules, and the rule flags
>> design is in a good state I think.
> This looks too complex and would intertwine both concept, which is more
> confusing IMO.
>
>> What do folks think?
> I'd like to keep a clean API, with a "scoped" field handling IPC
> scoping, and an "handled_access_fs" field handling filesystem-related
> accesses.
>
> One thing to keep in mind is that we could add a new kind of "handled"
> field that would enable to add rules identifying e.g. processes,
> cgroups, or Landlock domains, and that could be used to add exceptions
> to the current scopes. This means that we need to have a generic way to
> handle this case.
>
> What is the issue with two complementary interfaces (scope and access)
> used to express a policy about connecting to UNIX sockets? We just need
> to make sure that scopes and handled_access_fs dealing with UNIX sockets
> are like binary OR: if the scope is set, then the domain can communicate
> with peers which are in the same domain, and if the handled_access_fs
> right is set, then the domain can only communicate with matching sockets
> (OR scoped ones if the scope is set).
>
> My main concern is about user space libraries and users that may want to
> have conditional enforcement for compatibility reasons e.g., only
> enforce LANDLOCK_SCOPE_PATHNAME_UNIX_SOCKET (let's say ABI v8) if it can
> also set LANDLOCK_ACCESS_FS_RESOLVE_UNIX (let's say ABI v9). I see two
> ways to deal with this case (if needed):
> - add synthetic access right to easily let users "combine" two access
> rigths or none;
> - have a more generic way to AND and OR access rights. I'm thinking
> about updating the Rust library in this direction.
>
> Anyway, we need to decide if this should be merged in Linux 7.0 (next
> week) or not. I'd prefer to merge it now because I think it works well
> and it's not a new concept wrt the abstract UNIX socket scoping.
> However, if there are any concern, I'd like to hear them now and I can
> delay this merge if needed. This patch series still need a new version
> but that should only be about cosmetic fixes. WDYT?
Regardless if you merge the patch series now in 7.0 or a later version, I think there is something to be said
about having the filesystem and scoped unix access right merged in the same ABI version / merge window.
As you pointed out earlier, the combination of the two flags is much flexible and useful to userspace
consumers than one or the other, and if the features were merged separately, there would be an
awkward middle ABI where user space consumers may have to make compromises or changes to
sandbox between different versions or change application behavior.
I think the discussion has died down on the security_unix_find hook for
LANDLOCK_ACCESS_FS_RESOLVE_UNIX [1] [2], and it seemed the general consensus was favorable.
The series for LANDLOCK_ACCESS_FS_RESOLVE_UNIX is pretty small, and feedback on the last version
was pretty quiet as well. So maybe it's worth a final look into. [3]
(PS: I do think if they are merged together, there should be tests specifically for the combination of the
two access rights. I'd be happy to draft some)
Justin
[1] : https://lore.kernel.org/linux-security-module/4bc22faa-2927-4ef9-b5dc-67a7575177e9@gmail.com/
[2] : https://lore.kernel.org/linux-security-module/20260110143300.71048-4-gnoack3000@gmail.com/
[3] : https://lore.kernel.org/linux-security-module/20260119203457.97676-2-gnoack3000@gmail.com/
>
>> (btw, when I say "sandboxed app" this can of course also mean multiple
>> applications in the same sandbox, e.g. like a container runtime as Mickaël
>> pointed out, which raises the probability that just having
>> LANDLOCK_ACCESS_FS_RESOLVE_UNIX would be insufficient, e.g. when bind
>> mounts are involved, or other cases which I haven't thought of right now)
>>
>> [1]: https://github.com/landlock-lsm/linux/issues/36#issuecomment-3693123942
>> [2]: https://lore.kernel.org/all/f238931bc813fc50fc8e11a007a8ad2136024df3.1766330134.git.m@maowtm.org/
>> [3]: https://lore.kernel.org/all/cover.1766330134.git.m@maowtm.org/
>> [4]: https://lore.kernel.org/all/20251221194301.247484-1-utilityemal77@gmail.com/
>>
^ permalink raw reply
page: next (older) | prev (newer) | latest
- recent:[subjects (threaded)|topics (new)|topics (active)]
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox