net: Implement fault injection forcing skb reallocation

	failslab=

	fail_usercopy=

	fail_page_alloc=

	fail_skb_realloc=

	fail_make_request=[KNL]

			General fault injection mechanism.

			Format: <interval>,<probability>,<space>,<times>

  ALLOW_ERROR_INJECTION() macro, by setting debugfs entries

  under /sys/kernel/debug/fail_function. No boot option supported.

- fail_skb_realloc

  inject skb (socket buffer) reallocation events into the network path. The

  primary goal is to identify and prevent issues related to pointer

  mismanagement in the network subsystem.  By forcing skb reallocation at

  strategic points, this feature creates scenarios where existing pointers to

  skb headers become invalid.

  When the fault is injected and the reallocation is triggered, cached pointers

  to skb headers and data no longer reference valid memory locations. This

  deliberate invalidation helps expose code paths where proper pointer updating

  is neglected after a reallocation event.

  By creating these controlled fault scenarios, the system can catch instances

  where stale pointers are used, potentially leading to memory corruption or

  system instability.

  To select the interface to act on, write the network name to

  /sys/kernel/debug/fail_skb_realloc/devname.

  If this field is left empty (which is the default value), skb reallocation

  will be forced on all network interfaces.

  The effectiveness of this fault detection is enhanced when KASAN is

  enabled, as it helps identify invalid memory references and use-after-free

  (UAF) issues.

- NVMe fault injection

  inject NVMe status code and retry flag on devices permitted by setting

	use a negative errno, you better use 'printf' instead of 'echo', e.g.:

	$ printf %#x -12 > retval

- /sys/kernel/debug/fail_skb_realloc/devname:

        Specifies the network interface on which to force SKB reallocation.  If

        left empty, SKB reallocation will be applied to all network interfaces.

        Example usage::

          # Force skb reallocation on eth0

          echo "eth0" > /sys/kernel/debug/fail_skb_realloc/devname

          # Clear the selection and force skb reallocation on all interfaces

          echo "" > /sys/kernel/debug/fail_skb_realloc/devname

Boot option

^^^^^^^^^^^

	fail_usercopy=

	fail_make_request=

	fail_futex=

	fail_skb_realloc=

	mmc_core.fail_request=<interval>,<probability>,<space>,<times>

proc entries

#endif /* CONFIG_DEBUG_NET */

}

#if defined(CONFIG_FAIL_SKB_REALLOC)

void skb_might_realloc(struct sk_buff *skb);

#else

static inline void skb_might_realloc(struct sk_buff *skb) {}

#endif

/*

 *	Add data to an sk_buff

 */

pskb_may_pull_reason(struct sk_buff *skb, unsigned int len)

{

	DEBUG_NET_WARN_ON_ONCE(len > INT_MAX);

	skb_might_realloc(skb);

	if (likely(len <= skb_headlen(skb)))

		return SKB_NOT_DROPPED_YET;

static inline int pskb_trim(struct sk_buff *skb, unsigned int len)

{

	skb_might_realloc(skb);

	return (len < skb->len) ? __pskb_trim(skb, len) : 0;

}

static inline int pskb_trim_rcsum(struct sk_buff *skb, unsigned int len)

{

	skb_might_realloc(skb);

	if (likely(len >= skb->len))

		return 0;

	return pskb_trim_rcsum_slow(skb, len);

	  Provide fault-injection capability for SunRPC and

	  its consumers.

config FAIL_SKB_REALLOC

	bool "Fault-injection capability forcing skb to reallocate"

	depends on FAULT_INJECTION_DEBUG_FS

	help

	  Provide fault-injection capability that forces the skb to be

	  reallocated, catching possible invalid pointers to the skb.

	  For more information, check

	  Documentation/dev-tools/fault-injection/fault-injection.rst

config FAULT_INJECTION_CONFIGFS

	bool "Configfs interface for fault-injection capabilities"

	depends on FAULT_INJECTION

obj-$(CONFIG_NET_TEST) += net_test.o

obj-$(CONFIG_NET_DEVMEM) += devmem.o

obj-$(CONFIG_DEBUG_NET_SMALL_RTNL) += rtnl_net_debug.o

obj-$(CONFIG_FAIL_SKB_REALLOC) += skb_fault_injection.o