From tech at tootai.net Tue Aug 1 08:33:03 2023 From: tech at tootai.net (Daniel) Date: Tue, 1 Aug 2023 10:33:03 +0200 Subject: Endpoint failover ip In-Reply-To: <20230731222744.5wej7mv5sef57w46@House.clients.dxld.at> References: <20230731222744.5wej7mv5sef57w46@House.clients.dxld.at> Message-ID: Hi Daniel Le 01/08/2023 ? 00:27, Daniel Gr?ber a ?crit?: > Hi Daniel, > > On Mon, Jul 31, 2023 at 11:39:35PM +0200, Daniel wrote: >> I create a hostname with few IPs v4 & v6 for my wireguard server. I faced >> today a problem that after a failure with the ip a customer wg was >> registered, it continue to try to register with this ip insteed to fallback >> to another one. > [...] > [1]: Supporting multiple active endpoints is where we have to head to fix > this properly IMO, see my recent proposal > https://lists.zx2c4.com/pipermail/wireguard/2023-July/008111.html Yes, that's exactly the problem. Will see with babeld but hope that something native can be done in wireguard. Thanks for your feedback -- Daniel From dxld at darkboxed.org Tue Aug 1 09:07:07 2023 From: dxld at darkboxed.org (Daniel =?utf-8?Q?Gr=C3=B6ber?=) Date: Tue, 1 Aug 2023 11:07:07 +0200 Subject: Endpoint failover ip In-Reply-To: References: <20230731222744.5wej7mv5sef57w46@House.clients.dxld.at> Message-ID: <20230801090707.lrsxcpwjkrwftarc@House.clients.dxld.at> On Tue, Aug 01, 2023 at 10:33:03AM +0200, Daniel wrote: > > On Mon, Jul 31, 2023 at 11:39:35PM +0200, Daniel wrote: > > > I create a hostname with few IPs v4 & v6 for my wireguard server. I faced > > > today a problem that after a failure with the ip a customer wg was > > > registered, it continue to try to register with this ip insteed to fallback > > > to another one. > > [...] > > [1]: Supporting multiple active endpoints is where we have to head to fix > > this properly IMO, see my recent proposal > > https://lists.zx2c4.com/pipermail/wireguard/2023-July/008111.html > > Yes, that's exactly the problem. Will see with babeld but hope that > something native can be done in wireguard. I'm on the babel-users ML (babel-users at alioth-lists.debian.net) if it gives you any trouble. Getting the filtering setup just right for the VPN use-case can be a bit daunting if you've never used a routing daemon before. https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/babel-users --Daniel From syzbot+1ef6522091226898343f at syzkaller.appspotmail.com Thu Aug 3 12:42:01 2023 From: syzbot+1ef6522091226898343f at syzkaller.appspotmail.com (syzbot) Date: Thu, 03 Aug 2023 05:42:01 -0700 Subject: [syzbot] [wireguard?] KASAN: null-ptr-deref Write in wg_packet_send_staged_packets Message-ID: <00000000000054df9f0602041ba8@google.com> Hello, syzbot found the following issue on: HEAD commit: d7b3af5a77e8 Add linux-next specific files for 20230728 git tree: linux-next console output: https://syzkaller.appspot.com/x/log.txt?x=10774fa1a80000 kernel config: https://syzkaller.appspot.com/x/.config?x=62dd327c382e3fe dashboard link: https://syzkaller.appspot.com/bug?extid=1ef6522091226898343f compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 Unfortunately, I don't have any reproducer for this issue yet. Downloadable assets: disk image: https://storage.googleapis.com/syzbot-assets/5efa5e68267f/disk-d7b3af5a.raw.xz vmlinux: https://storage.googleapis.com/syzbot-assets/b1f5d3e10263/vmlinux-d7b3af5a.xz kernel image: https://storage.googleapis.com/syzbot-assets/57cab469d186/bzImage-d7b3af5a.xz IMPORTANT: if you fix the issue, please add the following tag to the commit: Reported-by: syzbot+1ef6522091226898343f at syzkaller.appspotmail.com ================================================================== BUG: KASAN: null-ptr-deref in instrument_atomic_read_write include/linux/instrumented.h:96 [inline] BUG: KASAN: null-ptr-deref in atomic_fetch_add_relaxed include/linux/atomic/atomic-instrumented.h:252 [inline] BUG: KASAN: null-ptr-deref in __refcount_add include/linux/refcount.h:193 [inline] BUG: KASAN: null-ptr-deref in __refcount_inc include/linux/refcount.h:250 [inline] BUG: KASAN: null-ptr-deref in refcount_inc include/linux/refcount.h:267 [inline] BUG: KASAN: null-ptr-deref in kref_get include/linux/kref.h:45 [inline] BUG: KASAN: null-ptr-deref in wg_peer_get drivers/net/wireguard/peer.h:76 [inline] BUG: KASAN: null-ptr-deref in wg_packet_send_staged_packets+0xd10/0x1860 drivers/net/wireguard/send.c:385 Write of size 4 at addr 0000000000000710 by task syz-executor.2/22201 CPU: 1 PID: 22201 Comm: syz-executor.2 Not tainted 6.5.0-rc3-next-20230728-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2023 Call Trace: __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0xd9/0x1b0 lib/dump_stack.c:106 kasan_report+0xda/0x110 mm/kasan/report.c:588 check_region_inline mm/kasan/generic.c:181 [inline] kasan_check_range+0xef/0x190 mm/kasan/generic.c:187 instrument_atomic_read_write include/linux/instrumented.h:96 [inline] atomic_fetch_add_relaxed include/linux/atomic/atomic-instrumented.h:252 [inline] __refcount_add include/linux/refcount.h:193 [inline] __refcount_inc include/linux/refcount.h:250 [inline] refcount_inc include/linux/refcount.h:267 [inline] kref_get include/linux/kref.h:45 [inline] wg_peer_get drivers/net/wireguard/peer.h:76 [inline] wg_packet_send_staged_packets+0xd10/0x1860 drivers/net/wireguard/send.c:385 wg_packet_send_keepalive+0x48/0x300 drivers/net/wireguard/send.c:239 wg_expired_send_persistent_keepalive+0x5e/0x70 drivers/net/wireguard/timers.c:141 call_timer_fn+0x1a0/0x580 kernel/time/timer.c:1700 expire_timers kernel/time/timer.c:1751 [inline] __run_timers+0x764/0xb10 kernel/time/timer.c:2022 run_timer_softirq+0x58/0xd0 kernel/time/timer.c:2035 __do_softirq+0x218/0x965 kernel/softirq.c:553 invoke_softirq kernel/softirq.c:427 [inline] __irq_exit_rcu kernel/softirq.c:632 [inline] irq_exit_rcu+0xb7/0x120 kernel/softirq.c:644 sysvec_apic_timer_interrupt+0x93/0xc0 arch/x86/kernel/apic/apic.c:1109 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:645 RIP: 0010:write_comp_data+0x3c/0x90 kernel/kcov.c:236 Code: 01 00 00 49 89 f8 65 48 8b 14 25 40 ba 03 00 a9 00 01 ff 00 74 0e 85 f6 74 59 8b 82 04 16 00 00 85 c0 74 4f 8b 82 e0 15 00 00 <83> f8 03 75 44 48 8b 82 e8 15 00 00 8b 92 e4 15 00 00 48 8b 38 48 RSP: 0018:ffffc900038bfa80 EFLAGS: 00000246 RAX: 0000000000000000 RBX: 1ffff92000717f51 RCX: ffffffff882281ad RDX: ffff888020b1bb80 RSI: 0000000000000000 RDI: 0000000000000005 RBP: 0000000000000000 R08: 0000000000000005 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000000 R12: ffffc900038bfdb0 R13: ffffc900038bfbb0 R14: ffffc900038bfb90 R15: ffffc900038bfaa8 copy_msghdr_from_user+0xcd/0x160 net/socket.c:2430 recvmsg_copy_msghdr net/socket.c:2681 [inline] ___sys_recvmsg+0xdc/0x1a0 net/socket.c:2753 do_recvmmsg+0x2af/0x740 net/socket.c:2851 __sys_recvmmsg net/socket.c:2930 [inline] __do_sys_recvmmsg net/socket.c:2953 [inline] __se_sys_recvmmsg net/socket.c:2946 [inline] __x64_sys_recvmmsg+0x235/0x290 net/socket.c:2946 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x38/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd RIP: 0033:0x7fcbf367cb29 Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007fcbf43d00c8 EFLAGS: 00000246 ORIG_RAX: 000000000000012b RAX: ffffffffffffffda RBX: 00007fcbf379c050 RCX: 00007fcbf367cb29 RDX: 0000000000010106 RSI: 00000000200000c0 RDI: 0000000000000003 RBP: 00007fcbf36c847a R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000000 R13: 000000000000000b R14: 00007fcbf379c050 R15: 00007ffdfffbc408 ================================================================== ---------------- Code disassembly (best guess): 0: 01 00 add %eax,(%rax) 2: 00 49 89 add %cl,-0x77(%rcx) 5: f8 clc 6: 65 48 8b 14 25 40 ba mov %gs:0x3ba40,%rdx d: 03 00 f: a9 00 01 ff 00 test $0xff0100,%eax 14: 74 0e je 0x24 16: 85 f6 test %esi,%esi 18: 74 59 je 0x73 1a: 8b 82 04 16 00 00 mov 0x1604(%rdx),%eax 20: 85 c0 test %eax,%eax 22: 74 4f je 0x73 24: 8b 82 e0 15 00 00 mov 0x15e0(%rdx),%eax * 2a: 83 f8 03 cmp $0x3,%eax <-- trapping instruction 2d: 75 44 jne 0x73 2f: 48 8b 82 e8 15 00 00 mov 0x15e8(%rdx),%rax 36: 8b 92 e4 15 00 00 mov 0x15e4(%rdx),%edx 3c: 48 8b 38 mov (%rax),%rdi 3f: 48 rex.W --- This report is generated by a bot. It may contain errors. See https://goo.gl/tpsmEJ for more information about syzbot. syzbot engineers can be reached at syzkaller at googlegroups.com. syzbot will keep track of this issue. See: https://goo.gl/tpsmEJ#status for how to communicate with syzbot. If the bug is already fixed, let syzbot know by replying with: #syz fix: exact-commit-title If you want to change bug's subsystems, reply with: #syz set subsystems: new-subsystem (See the list of subsystem names on the web dashboard) If the bug is a duplicate of another bug, reply with: #syz dup: exact-subject-of-another-report If you want to undo deduplication, reply with: #syz undup From kuba at kernel.org Wed Aug 9 18:26:43 2023 From: kuba at kernel.org (Jakub Kicinski) Date: Wed, 9 Aug 2023 11:26:43 -0700 Subject: [PATCH net-next 05/10] genetlink: use attrs from struct genl_info In-Reply-To: <20230809182648.1816537-1-kuba@kernel.org> References: <20230809182648.1816537-1-kuba@kernel.org> Message-ID: <20230809182648.1816537-6-kuba@kernel.org> Since dumps carry struct genl_info now, use the attrs pointer use the attr pointer from genl_info and remove the one in struct genl_dumpit_info. Signed-off-by: Jakub Kicinski --- CC: Jason at zx2c4.com CC: jiri at resnulli.us CC: alex.aring at gmail.com CC: stefan at datenfreihafen.org CC: miquel.raynal at bootlin.com CC: krzysztof.kozlowski at linaro.org CC: jmaloy at redhat.com CC: ying.xue at windriver.com CC: floridsleeves at gmail.com CC: leon at kernel.org CC: jacob.e.keller at intel.com CC: wireguard at lists.zx2c4.com CC: linux-wpan at vger.kernel.org CC: tipc-discussion at lists.sourceforge.net --- drivers/net/wireguard/netlink.c | 2 +- include/net/genetlink.h | 1 - net/devlink/health.c | 2 +- net/devlink/leftover.c | 6 +++--- net/ethtool/netlink.c | 3 ++- net/ethtool/tunnels.c | 2 +- net/ieee802154/nl802154.c | 4 ++-- net/netlink/genetlink.c | 7 +++---- net/nfc/netlink.c | 4 ++-- net/tipc/netlink_compat.c | 2 +- net/tipc/node.c | 4 ++-- net/tipc/socket.c | 2 +- net/tipc/udp_media.c | 2 +- 13 files changed, 20 insertions(+), 21 deletions(-) diff --git a/drivers/net/wireguard/netlink.c b/drivers/net/wireguard/netlink.c index 6d1bd9f52d02..dc09b75a3248 100644 --- a/drivers/net/wireguard/netlink.c +++ b/drivers/net/wireguard/netlink.c @@ -200,7 +200,7 @@ static int wg_get_device_start(struct netlink_callback *cb) { struct wg_device *wg; - wg = lookup_interface(genl_dumpit_info(cb)->attrs, cb->skb); + wg = lookup_interface(genl_info_dump(cb)->attrs, cb->skb); if (IS_ERR(wg)) return PTR_ERR(wg); DUMP_CTX(cb)->wg = wg; diff --git a/include/net/genetlink.h b/include/net/genetlink.h index 86c8eaaa3a43..a8a15b9c22c8 100644 --- a/include/net/genetlink.h +++ b/include/net/genetlink.h @@ -255,7 +255,6 @@ struct genl_split_ops { struct genl_dumpit_info { const struct genl_family *family; struct genl_split_ops op; - struct nlattr **attrs; struct genl_info info; }; diff --git a/net/devlink/health.c b/net/devlink/health.c index 194340a8bb86..b8b3c09eea9e 100644 --- a/net/devlink/health.c +++ b/net/devlink/health.c @@ -1250,7 +1250,7 @@ devlink_health_reporter_get_from_cb(struct netlink_callback *cb) { const struct genl_dumpit_info *info = genl_dumpit_info(cb); struct devlink_health_reporter *reporter; - struct nlattr **attrs = info->attrs; + struct nlattr **attrs = info->info.attrs; struct devlink *devlink; devlink = devlink_get_from_attrs_lock(sock_net(cb->skb->sk), attrs); diff --git a/net/devlink/leftover.c b/net/devlink/leftover.c index 3bf42f5335ed..98ee57a490e9 100644 --- a/net/devlink/leftover.c +++ b/net/devlink/leftover.c @@ -5172,7 +5172,7 @@ static int devlink_nl_cmd_region_read_dumpit(struct sk_buff *skb, struct devlink_nl_dump_state *state = devlink_dump_state(cb); struct nlattr *chunks_attr, *region_attr, *snapshot_attr; u64 ret_offset, start_offset, end_offset = U64_MAX; - struct nlattr **attrs = info->attrs; + struct nlattr **attrs = info->info.attrs; struct devlink_port *port = NULL; devlink_chunk_fill_t *region_cb; struct devlink_region *region; @@ -5195,8 +5195,8 @@ static int devlink_nl_cmd_region_read_dumpit(struct sk_buff *skb, goto out_unlock; } - if (info->attrs[DEVLINK_ATTR_PORT_INDEX]) { - index = nla_get_u32(info->attrs[DEVLINK_ATTR_PORT_INDEX]); + if (attrs[DEVLINK_ATTR_PORT_INDEX]) { + index = nla_get_u32(attrs[DEVLINK_ATTR_PORT_INDEX]); port = devlink_port_get_by_index(devlink, index); if (!port) { diff --git a/net/ethtool/netlink.c b/net/ethtool/netlink.c index ae344f1b0bbd..9fc7c41f4786 100644 --- a/net/ethtool/netlink.c +++ b/net/ethtool/netlink.c @@ -538,7 +538,8 @@ static int ethnl_default_start(struct netlink_callback *cb) goto free_req_info; } - ret = ethnl_default_parse(req_info, info->attrs, sock_net(cb->skb->sk), + ret = ethnl_default_parse(req_info, info->info.attrs, + sock_net(cb->skb->sk), ops, cb->extack, false); if (req_info->dev) { /* We ignore device specification in dump requests but as the diff --git a/net/ethtool/tunnels.c b/net/ethtool/tunnels.c index 05f752557b5e..b4ce47dd2aa6 100644 --- a/net/ethtool/tunnels.c +++ b/net/ethtool/tunnels.c @@ -219,7 +219,7 @@ int ethnl_tunnel_info_start(struct netlink_callback *cb) { const struct genl_dumpit_info *info = genl_dumpit_info(cb); struct ethnl_tunnel_info_dump_ctx *ctx = (void *)cb->ctx; - struct nlattr **tb = info->attrs; + struct nlattr **tb = info->info.attrs; int ret; BUILD_BUG_ON(sizeof(*ctx) > sizeof(cb->ctx)); diff --git a/net/ieee802154/nl802154.c b/net/ieee802154/nl802154.c index d610c1886160..1a265a421308 100644 --- a/net/ieee802154/nl802154.c +++ b/net/ieee802154/nl802154.c @@ -262,7 +262,7 @@ nl802154_prepare_wpan_dev_dump(struct sk_buff *skb, if (!cb->args[0]) { *wpan_dev = __cfg802154_wpan_dev_from_attrs(sock_net(skb->sk), - info->attrs); + info->info.attrs); if (IS_ERR(*wpan_dev)) { err = PTR_ERR(*wpan_dev); goto out_unlock; @@ -570,7 +570,7 @@ static int nl802154_dump_wpan_phy_parse(struct sk_buff *skb, struct nl802154_dump_wpan_phy_state *state) { const struct genl_dumpit_info *info = genl_dumpit_info(cb); - struct nlattr **tb = info->attrs; + struct nlattr **tb = info->info.attrs; if (tb[NL802154_ATTR_WPAN_PHY]) state->filter_wpan_phy = nla_get_u32(tb[NL802154_ATTR_WPAN_PHY]); diff --git a/net/netlink/genetlink.c b/net/netlink/genetlink.c index 82ad26970b9b..d47879d5a74c 100644 --- a/net/netlink/genetlink.c +++ b/net/netlink/genetlink.c @@ -846,7 +846,6 @@ static int genl_start(struct netlink_callback *cb) } info->family = ctx->family; info->op = *ops; - info->attrs = attrs; info->info.snd_seq = cb->nlh->nlmsg_seq; info->info.snd_portid = NETLINK_CB(cb->skb).portid; info->info.nlhdr = cb->nlh; @@ -864,7 +863,7 @@ static int genl_start(struct netlink_callback *cb) } if (rc) { - genl_family_rcv_msg_attrs_free(info->attrs); + genl_family_rcv_msg_attrs_free(info->info.attrs); genl_dumpit_info_free(info); cb->data = NULL; } @@ -898,7 +897,7 @@ static int genl_done(struct netlink_callback *cb) rc = ops->done(cb); genl_op_unlock(info->family); } - genl_family_rcv_msg_attrs_free(info->attrs); + genl_family_rcv_msg_attrs_free(info->info.attrs); genl_dumpit_info_free(info); return rc; } @@ -1387,7 +1386,7 @@ static int ctrl_dumppolicy_start(struct netlink_callback *cb) { const struct genl_dumpit_info *info = genl_dumpit_info(cb); struct ctrl_dump_policy_ctx *ctx = (void *)cb->ctx; - struct nlattr **tb = info->attrs; + struct nlattr **tb = info->info.attrs; const struct genl_family *rt; struct genl_op_iter i; int err; diff --git a/net/nfc/netlink.c b/net/nfc/netlink.c index e9ac6a6f934e..aa1dbf654c3e 100644 --- a/net/nfc/netlink.c +++ b/net/nfc/netlink.c @@ -110,10 +110,10 @@ static struct nfc_dev *__get_device_from_cb(struct netlink_callback *cb) struct nfc_dev *dev; u32 idx; - if (!info->attrs[NFC_ATTR_DEVICE_INDEX]) + if (!info->info.attrs[NFC_ATTR_DEVICE_INDEX]) return ERR_PTR(-EINVAL); - idx = nla_get_u32(info->attrs[NFC_ATTR_DEVICE_INDEX]); + idx = nla_get_u32(info->info.attrs[NFC_ATTR_DEVICE_INDEX]); dev = nfc_get_device(idx); if (!dev) diff --git a/net/tipc/netlink_compat.c b/net/tipc/netlink_compat.c index 299cd6754f14..5bc076f2fa74 100644 --- a/net/tipc/netlink_compat.c +++ b/net/tipc/netlink_compat.c @@ -208,7 +208,7 @@ static int __tipc_nl_compat_dumpit(struct tipc_nl_compat_cmd_dump *cmd, goto err_out; } - info.attrs = attrbuf; + info.info.attrs = attrbuf; if (nlmsg_len(cb.nlh) > 0) { err = nlmsg_parse_deprecated(cb.nlh, GENL_HDRLEN, attrbuf, diff --git a/net/tipc/node.c b/net/tipc/node.c index a9c5b6594889..3105abe97bb9 100644 --- a/net/tipc/node.c +++ b/net/tipc/node.c @@ -2662,7 +2662,7 @@ static int __tipc_nl_add_node_links(struct net *net, struct tipc_nl_msg *msg, int tipc_nl_node_dump_link(struct sk_buff *skb, struct netlink_callback *cb) { struct net *net = sock_net(skb->sk); - struct nlattr **attrs = genl_dumpit_info(cb)->attrs; + struct nlattr **attrs = genl_dumpit_info(cb)->info.attrs; struct nlattr *link[TIPC_NLA_LINK_MAX + 1]; struct tipc_net *tn = net_generic(net, tipc_net_id); struct tipc_node *node; @@ -2870,7 +2870,7 @@ int tipc_nl_node_dump_monitor_peer(struct sk_buff *skb, int err; if (!prev_node) { - struct nlattr **attrs = genl_dumpit_info(cb)->attrs; + struct nlattr **attrs = genl_dumpit_info(cb)->info.attrs; struct nlattr *mon[TIPC_NLA_MON_MAX + 1]; if (!attrs[TIPC_NLA_MON]) diff --git a/net/tipc/socket.c b/net/tipc/socket.c index ef8e5139a873..bb1118d02f95 100644 --- a/net/tipc/socket.c +++ b/net/tipc/socket.c @@ -3791,7 +3791,7 @@ int tipc_nl_publ_dump(struct sk_buff *skb, struct netlink_callback *cb) struct tipc_sock *tsk; if (!tsk_portid) { - struct nlattr **attrs = genl_dumpit_info(cb)->attrs; + struct nlattr **attrs = genl_dumpit_info(cb)->info.attrs; struct nlattr *sock[TIPC_NLA_SOCK_MAX + 1]; if (!attrs[TIPC_NLA_SOCK]) diff --git a/net/tipc/udp_media.c b/net/tipc/udp_media.c index 926232557e77..f892b0903dba 100644 --- a/net/tipc/udp_media.c +++ b/net/tipc/udp_media.c @@ -465,7 +465,7 @@ int tipc_udp_nl_dump_remoteip(struct sk_buff *skb, struct netlink_callback *cb) int i; if (!bid && !skip_cnt) { - struct nlattr **attrs = genl_dumpit_info(cb)->attrs; + struct nlattr **attrs = genl_dumpit_info(cb)->info.attrs; struct net *net = sock_net(skb->sk); struct nlattr *battrs[TIPC_NLA_BEARER_MAX + 1]; char *bname; -- 2.41.0 From johannes at sipsolutions.net Wed Aug 9 21:04:47 2023 From: johannes at sipsolutions.net (Johannes Berg) Date: Wed, 09 Aug 2023 23:04:47 +0200 Subject: [PATCH net-next 05/10] genetlink: use attrs from struct genl_info In-Reply-To: <20230809182648.1816537-6-kuba@kernel.org> References: <20230809182648.1816537-1-kuba@kernel.org> <20230809182648.1816537-6-kuba@kernel.org> Message-ID: <4e0b764736eafde134e52e7609c6ad351a5282ad.camel@sipsolutions.net> On Wed, 2023-08-09 at 11:26 -0700, Jakub Kicinski wrote: > Since dumps carry struct genl_info now, use the attrs pointer > use the attr pointer from genl_info and remove the one in > struct genl_dumpit_info. Some parts of that commit message got duplicated. Otherwise looks fine, Reviewed-by: Johannes Berg johannes From liuhangbin at gmail.com Thu Aug 10 03:51:35 2023 From: liuhangbin at gmail.com (Hangbin Liu) Date: Thu, 10 Aug 2023 11:51:35 +0800 Subject: What's the wireguard-tools Message-ID: Hi Jason, I'm maintaining the RHEL wireguard-tools rpm. Recently, There is a request to convert the license tag in the spec file to SPDX format[1]. The current License tag in wireguard-tools spec file is GPLv2, which is the same with the COPYING in upstream. But when I searched the src files, I found there are kinds of license identifier. e.g. GPL-2.0, LGPL-2.1+, MIT, GPL-2.0 OR MIT, etc. Do you know which one I should use at the end? Should we unify the src files? [1] https://fedoraproject.org/wiki/Changes/SPDX_Licenses_Phase_1 Thanks Hangbin From jiri at resnulli.us Thu Aug 10 08:35:04 2023 From: jiri at resnulli.us (Jiri Pirko) Date: Thu, 10 Aug 2023 10:35:04 +0200 Subject: [PATCH net-next 05/10] genetlink: use attrs from struct genl_info In-Reply-To: <20230809182648.1816537-6-kuba@kernel.org> References: <20230809182648.1816537-1-kuba@kernel.org> <20230809182648.1816537-6-kuba@kernel.org> Message-ID: Wed, Aug 09, 2023 at 08:26:43PM CEST, kuba at kernel.org wrote: >Since dumps carry struct genl_info now, use the attrs pointer >use the attr pointer from genl_info and remove the one in >struct genl_dumpit_info. > >Signed-off-by: Jakub Kicinski Reviewed-by: Jiri Pirko From Jason at zx2c4.com Thu Aug 10 10:46:57 2023 From: Jason at zx2c4.com (Jason A. Donenfeld) Date: Thu, 10 Aug 2023 12:46:57 +0200 Subject: What's the wireguard-tools In-Reply-To: References: Message-ID: Hi Hangbin, On Thu, Aug 10, 2023 at 11:51:35AM +0800, Hangbin Liu wrote: > Hi Jason, > > I'm maintaining the RHEL wireguard-tools rpm. Recently, There is a request to > convert the license tag in the spec file to SPDX format[1]. The current License > tag in wireguard-tools spec file is GPLv2, which is the same with the COPYING > in upstream. But when I searched the src files, I found there are kinds of > license identifier. e.g. GPL-2.0, LGPL-2.1+, MIT, GPL-2.0 OR MIT, etc. > > Do you know which one I should use at the end? Should we unify the src files? The license is GPL-2.0. Jason From kuba at kernel.org Thu Aug 10 23:38:40 2023 From: kuba at kernel.org (Jakub Kicinski) Date: Thu, 10 Aug 2023 16:38:40 -0700 Subject: [PATCH net-next v2 05/10] genetlink: use attrs from struct genl_info In-Reply-To: <20230810233845.2318049-1-kuba@kernel.org> References: <20230810233845.2318049-1-kuba@kernel.org> Message-ID: <20230810233845.2318049-6-kuba@kernel.org> Since dumps carry struct genl_info now, use the attrs pointer from genl_info and remove the one in struct genl_dumpit_info. Reviewed-by: Johannes Berg Reviewed-by: Miquel Raynal Reviewed-by: Jiri Pirko Signed-off-by: Jakub Kicinski --- CC: Jason at zx2c4.com CC: jiri at resnulli.us CC: alex.aring at gmail.com CC: stefan at datenfreihafen.org CC: krzysztof.kozlowski at linaro.org CC: jmaloy at redhat.com CC: ying.xue at windriver.com CC: floridsleeves at gmail.com CC: leon at kernel.org CC: jacob.e.keller at intel.com CC: wireguard at lists.zx2c4.com CC: linux-wpan at vger.kernel.org CC: tipc-discussion at lists.sourceforge.net --- drivers/net/wireguard/netlink.c | 2 +- include/net/genetlink.h | 1 - net/devlink/health.c | 2 +- net/devlink/leftover.c | 6 +++--- net/ethtool/netlink.c | 3 ++- net/ethtool/tunnels.c | 2 +- net/ieee802154/nl802154.c | 4 ++-- net/netlink/genetlink.c | 7 +++---- net/nfc/netlink.c | 4 ++-- net/tipc/netlink_compat.c | 2 +- net/tipc/node.c | 4 ++-- net/tipc/socket.c | 2 +- net/tipc/udp_media.c | 2 +- 13 files changed, 20 insertions(+), 21 deletions(-) diff --git a/drivers/net/wireguard/netlink.c b/drivers/net/wireguard/netlink.c index 6d1bd9f52d02..dc09b75a3248 100644 --- a/drivers/net/wireguard/netlink.c +++ b/drivers/net/wireguard/netlink.c @@ -200,7 +200,7 @@ static int wg_get_device_start(struct netlink_callback *cb) { struct wg_device *wg; - wg = lookup_interface(genl_dumpit_info(cb)->attrs, cb->skb); + wg = lookup_interface(genl_info_dump(cb)->attrs, cb->skb); if (IS_ERR(wg)) return PTR_ERR(wg); DUMP_CTX(cb)->wg = wg; diff --git a/include/net/genetlink.h b/include/net/genetlink.h index 86c8eaaa3a43..a8a15b9c22c8 100644 --- a/include/net/genetlink.h +++ b/include/net/genetlink.h @@ -255,7 +255,6 @@ struct genl_split_ops { struct genl_dumpit_info { const struct genl_family *family; struct genl_split_ops op; - struct nlattr **attrs; struct genl_info info; }; diff --git a/net/devlink/health.c b/net/devlink/health.c index 194340a8bb86..b8b3c09eea9e 100644 --- a/net/devlink/health.c +++ b/net/devlink/health.c @@ -1250,7 +1250,7 @@ devlink_health_reporter_get_from_cb(struct netlink_callback *cb) { const struct genl_dumpit_info *info = genl_dumpit_info(cb); struct devlink_health_reporter *reporter; - struct nlattr **attrs = info->attrs; + struct nlattr **attrs = info->info.attrs; struct devlink *devlink; devlink = devlink_get_from_attrs_lock(sock_net(cb->skb->sk), attrs); diff --git a/net/devlink/leftover.c b/net/devlink/leftover.c index e7900d9fa205..39538fb61008 100644 --- a/net/devlink/leftover.c +++ b/net/devlink/leftover.c @@ -5172,7 +5172,7 @@ static int devlink_nl_cmd_region_read_dumpit(struct sk_buff *skb, struct devlink_nl_dump_state *state = devlink_dump_state(cb); struct nlattr *chunks_attr, *region_attr, *snapshot_attr; u64 ret_offset, start_offset, end_offset = U64_MAX; - struct nlattr **attrs = info->attrs; + struct nlattr **attrs = info->info.attrs; struct devlink_port *port = NULL; devlink_chunk_fill_t *region_cb; struct devlink_region *region; @@ -5195,8 +5195,8 @@ static int devlink_nl_cmd_region_read_dumpit(struct sk_buff *skb, goto out_unlock; } - if (info->attrs[DEVLINK_ATTR_PORT_INDEX]) { - index = nla_get_u32(info->attrs[DEVLINK_ATTR_PORT_INDEX]); + if (attrs[DEVLINK_ATTR_PORT_INDEX]) { + index = nla_get_u32(attrs[DEVLINK_ATTR_PORT_INDEX]); port = devlink_port_get_by_index(devlink, index); if (!port) { diff --git a/net/ethtool/netlink.c b/net/ethtool/netlink.c index ae344f1b0bbd..9fc7c41f4786 100644 --- a/net/ethtool/netlink.c +++ b/net/ethtool/netlink.c @@ -538,7 +538,8 @@ static int ethnl_default_start(struct netlink_callback *cb) goto free_req_info; } - ret = ethnl_default_parse(req_info, info->attrs, sock_net(cb->skb->sk), + ret = ethnl_default_parse(req_info, info->info.attrs, + sock_net(cb->skb->sk), ops, cb->extack, false); if (req_info->dev) { /* We ignore device specification in dump requests but as the diff --git a/net/ethtool/tunnels.c b/net/ethtool/tunnels.c index 05f752557b5e..b4ce47dd2aa6 100644 --- a/net/ethtool/tunnels.c +++ b/net/ethtool/tunnels.c @@ -219,7 +219,7 @@ int ethnl_tunnel_info_start(struct netlink_callback *cb) { const struct genl_dumpit_info *info = genl_dumpit_info(cb); struct ethnl_tunnel_info_dump_ctx *ctx = (void *)cb->ctx; - struct nlattr **tb = info->attrs; + struct nlattr **tb = info->info.attrs; int ret; BUILD_BUG_ON(sizeof(*ctx) > sizeof(cb->ctx)); diff --git a/net/ieee802154/nl802154.c b/net/ieee802154/nl802154.c index d610c1886160..1a265a421308 100644 --- a/net/ieee802154/nl802154.c +++ b/net/ieee802154/nl802154.c @@ -262,7 +262,7 @@ nl802154_prepare_wpan_dev_dump(struct sk_buff *skb, if (!cb->args[0]) { *wpan_dev = __cfg802154_wpan_dev_from_attrs(sock_net(skb->sk), - info->attrs); + info->info.attrs); if (IS_ERR(*wpan_dev)) { err = PTR_ERR(*wpan_dev); goto out_unlock; @@ -570,7 +570,7 @@ static int nl802154_dump_wpan_phy_parse(struct sk_buff *skb, struct nl802154_dump_wpan_phy_state *state) { const struct genl_dumpit_info *info = genl_dumpit_info(cb); - struct nlattr **tb = info->attrs; + struct nlattr **tb = info->info.attrs; if (tb[NL802154_ATTR_WPAN_PHY]) state->filter_wpan_phy = nla_get_u32(tb[NL802154_ATTR_WPAN_PHY]); diff --git a/net/netlink/genetlink.c b/net/netlink/genetlink.c index 82ad26970b9b..d47879d5a74c 100644 --- a/net/netlink/genetlink.c +++ b/net/netlink/genetlink.c @@ -846,7 +846,6 @@ static int genl_start(struct netlink_callback *cb) } info->family = ctx->family; info->op = *ops; - info->attrs = attrs; info->info.snd_seq = cb->nlh->nlmsg_seq; info->info.snd_portid = NETLINK_CB(cb->skb).portid; info->info.nlhdr = cb->nlh; @@ -864,7 +863,7 @@ static int genl_start(struct netlink_callback *cb) } if (rc) { - genl_family_rcv_msg_attrs_free(info->attrs); + genl_family_rcv_msg_attrs_free(info->info.attrs); genl_dumpit_info_free(info); cb->data = NULL; } @@ -898,7 +897,7 @@ static int genl_done(struct netlink_callback *cb) rc = ops->done(cb); genl_op_unlock(info->family); } - genl_family_rcv_msg_attrs_free(info->attrs); + genl_family_rcv_msg_attrs_free(info->info.attrs); genl_dumpit_info_free(info); return rc; } @@ -1387,7 +1386,7 @@ static int ctrl_dumppolicy_start(struct netlink_callback *cb) { const struct genl_dumpit_info *info = genl_dumpit_info(cb); struct ctrl_dump_policy_ctx *ctx = (void *)cb->ctx; - struct nlattr **tb = info->attrs; + struct nlattr **tb = info->info.attrs; const struct genl_family *rt; struct genl_op_iter i; int err; diff --git a/net/nfc/netlink.c b/net/nfc/netlink.c index e9ac6a6f934e..aa1dbf654c3e 100644 --- a/net/nfc/netlink.c +++ b/net/nfc/netlink.c @@ -110,10 +110,10 @@ static struct nfc_dev *__get_device_from_cb(struct netlink_callback *cb) struct nfc_dev *dev; u32 idx; - if (!info->attrs[NFC_ATTR_DEVICE_INDEX]) + if (!info->info.attrs[NFC_ATTR_DEVICE_INDEX]) return ERR_PTR(-EINVAL); - idx = nla_get_u32(info->attrs[NFC_ATTR_DEVICE_INDEX]); + idx = nla_get_u32(info->info.attrs[NFC_ATTR_DEVICE_INDEX]); dev = nfc_get_device(idx); if (!dev) diff --git a/net/tipc/netlink_compat.c b/net/tipc/netlink_compat.c index 299cd6754f14..5bc076f2fa74 100644 --- a/net/tipc/netlink_compat.c +++ b/net/tipc/netlink_compat.c @@ -208,7 +208,7 @@ static int __tipc_nl_compat_dumpit(struct tipc_nl_compat_cmd_dump *cmd, goto err_out; } - info.attrs = attrbuf; + info.info.attrs = attrbuf; if (nlmsg_len(cb.nlh) > 0) { err = nlmsg_parse_deprecated(cb.nlh, GENL_HDRLEN, attrbuf, diff --git a/net/tipc/node.c b/net/tipc/node.c index a9c5b6594889..3105abe97bb9 100644 --- a/net/tipc/node.c +++ b/net/tipc/node.c @@ -2662,7 +2662,7 @@ static int __tipc_nl_add_node_links(struct net *net, struct tipc_nl_msg *msg, int tipc_nl_node_dump_link(struct sk_buff *skb, struct netlink_callback *cb) { struct net *net = sock_net(skb->sk); - struct nlattr **attrs = genl_dumpit_info(cb)->attrs; + struct nlattr **attrs = genl_dumpit_info(cb)->info.attrs; struct nlattr *link[TIPC_NLA_LINK_MAX + 1]; struct tipc_net *tn = net_generic(net, tipc_net_id); struct tipc_node *node; @@ -2870,7 +2870,7 @@ int tipc_nl_node_dump_monitor_peer(struct sk_buff *skb, int err; if (!prev_node) { - struct nlattr **attrs = genl_dumpit_info(cb)->attrs; + struct nlattr **attrs = genl_dumpit_info(cb)->info.attrs; struct nlattr *mon[TIPC_NLA_MON_MAX + 1]; if (!attrs[TIPC_NLA_MON]) diff --git a/net/tipc/socket.c b/net/tipc/socket.c index ef8e5139a873..bb1118d02f95 100644 --- a/net/tipc/socket.c +++ b/net/tipc/socket.c @@ -3791,7 +3791,7 @@ int tipc_nl_publ_dump(struct sk_buff *skb, struct netlink_callback *cb) struct tipc_sock *tsk; if (!tsk_portid) { - struct nlattr **attrs = genl_dumpit_info(cb)->attrs; + struct nlattr **attrs = genl_dumpit_info(cb)->info.attrs; struct nlattr *sock[TIPC_NLA_SOCK_MAX + 1]; if (!attrs[TIPC_NLA_SOCK]) diff --git a/net/tipc/udp_media.c b/net/tipc/udp_media.c index 926232557e77..f892b0903dba 100644 --- a/net/tipc/udp_media.c +++ b/net/tipc/udp_media.c @@ -465,7 +465,7 @@ int tipc_udp_nl_dump_remoteip(struct sk_buff *skb, struct netlink_callback *cb) int i; if (!bid && !skip_cnt) { - struct nlattr **attrs = genl_dumpit_info(cb)->attrs; + struct nlattr **attrs = genl_dumpit_info(cb)->info.attrs; struct net *net = sock_net(skb->sk); struct nlattr *battrs[TIPC_NLA_BEARER_MAX + 1]; char *bname; -- 2.41.0 From liuhangbin at gmail.com Fri Aug 11 01:53:43 2023 From: liuhangbin at gmail.com (Hangbin Liu) Date: Fri, 11 Aug 2023 09:53:43 +0800 Subject: What's the wireguard-tools In-Reply-To: References: Message-ID: On Thu, Aug 10, 2023 at 12:46:57PM +0200, Jason A. Donenfeld wrote: > Hi Hangbin, > > On Thu, Aug 10, 2023 at 11:51:35AM +0800, Hangbin Liu wrote: > > Hi Jason, > > > > I'm maintaining the RHEL wireguard-tools rpm. Recently, There is a request to > > convert the license tag in the spec file to SPDX format[1]. The current License > > tag in wireguard-tools spec file is GPLv2, which is the same with the COPYING > > in upstream. But when I searched the src files, I found there are kinds of > > license identifier. e.g. GPL-2.0, LGPL-2.1+, MIT, GPL-2.0 OR MIT, etc. > > > > Do you know which one I should use at the end? Should we unify the src files? > > The license is GPL-2.0. Thanks for the confirmation. Hangbin From kuba at kernel.org Mon Aug 14 21:47:18 2023 From: kuba at kernel.org (Jakub Kicinski) Date: Mon, 14 Aug 2023 14:47:18 -0700 Subject: [PATCH net-next v3 05/10] genetlink: use attrs from struct genl_info In-Reply-To: <20230814214723.2924989-1-kuba@kernel.org> References: <20230814214723.2924989-1-kuba@kernel.org> Message-ID: <20230814214723.2924989-6-kuba@kernel.org> Since dumps carry struct genl_info now, use the attrs pointer from genl_info and remove the one in struct genl_dumpit_info. Reviewed-by: Johannes Berg Reviewed-by: Miquel Raynal Reviewed-by: Jiri Pirko Signed-off-by: Jakub Kicinski --- CC: Jason at zx2c4.com CC: jiri at resnulli.us CC: alex.aring at gmail.com CC: stefan at datenfreihafen.org CC: krzysztof.kozlowski at linaro.org CC: jmaloy at redhat.com CC: ying.xue at windriver.com CC: floridsleeves at gmail.com CC: leon at kernel.org CC: jacob.e.keller at intel.com CC: wireguard at lists.zx2c4.com CC: linux-wpan at vger.kernel.org CC: tipc-discussion at lists.sourceforge.net --- drivers/net/wireguard/netlink.c | 2 +- include/net/genetlink.h | 1 - net/devlink/health.c | 2 +- net/devlink/leftover.c | 6 +++--- net/ethtool/netlink.c | 3 ++- net/ethtool/tunnels.c | 2 +- net/ieee802154/nl802154.c | 4 ++-- net/netlink/genetlink.c | 7 +++---- net/nfc/netlink.c | 4 ++-- net/tipc/netlink_compat.c | 2 +- net/tipc/node.c | 4 ++-- net/tipc/socket.c | 2 +- net/tipc/udp_media.c | 2 +- 13 files changed, 20 insertions(+), 21 deletions(-) diff --git a/drivers/net/wireguard/netlink.c b/drivers/net/wireguard/netlink.c index 6d1bd9f52d02..dc09b75a3248 100644 --- a/drivers/net/wireguard/netlink.c +++ b/drivers/net/wireguard/netlink.c @@ -200,7 +200,7 @@ static int wg_get_device_start(struct netlink_callback *cb) { struct wg_device *wg; - wg = lookup_interface(genl_dumpit_info(cb)->attrs, cb->skb); + wg = lookup_interface(genl_info_dump(cb)->attrs, cb->skb); if (IS_ERR(wg)) return PTR_ERR(wg); DUMP_CTX(cb)->wg = wg; diff --git a/include/net/genetlink.h b/include/net/genetlink.h index 86c8eaaa3a43..a8a15b9c22c8 100644 --- a/include/net/genetlink.h +++ b/include/net/genetlink.h @@ -255,7 +255,6 @@ struct genl_split_ops { struct genl_dumpit_info { const struct genl_family *family; struct genl_split_ops op; - struct nlattr **attrs; struct genl_info info; }; diff --git a/net/devlink/health.c b/net/devlink/health.c index a85bdec34801..59e7cff22d97 100644 --- a/net/devlink/health.c +++ b/net/devlink/health.c @@ -1266,7 +1266,7 @@ devlink_health_reporter_get_from_cb(struct netlink_callback *cb) { const struct genl_dumpit_info *info = genl_dumpit_info(cb); struct devlink_health_reporter *reporter; - struct nlattr **attrs = info->attrs; + struct nlattr **attrs = info->info.attrs; struct devlink *devlink; devlink = devlink_get_from_attrs_lock(sock_net(cb->skb->sk), attrs); diff --git a/net/devlink/leftover.c b/net/devlink/leftover.c index 3883a90d32bb..72ba8a716525 100644 --- a/net/devlink/leftover.c +++ b/net/devlink/leftover.c @@ -5201,7 +5201,7 @@ static int devlink_nl_cmd_region_read_dumpit(struct sk_buff *skb, struct devlink_nl_dump_state *state = devlink_dump_state(cb); struct nlattr *chunks_attr, *region_attr, *snapshot_attr; u64 ret_offset, start_offset, end_offset = U64_MAX; - struct nlattr **attrs = info->attrs; + struct nlattr **attrs = info->info.attrs; struct devlink_port *port = NULL; devlink_chunk_fill_t *region_cb; struct devlink_region *region; @@ -5224,8 +5224,8 @@ static int devlink_nl_cmd_region_read_dumpit(struct sk_buff *skb, goto out_unlock; } - if (info->attrs[DEVLINK_ATTR_PORT_INDEX]) { - index = nla_get_u32(info->attrs[DEVLINK_ATTR_PORT_INDEX]); + if (attrs[DEVLINK_ATTR_PORT_INDEX]) { + index = nla_get_u32(attrs[DEVLINK_ATTR_PORT_INDEX]); port = devlink_port_get_by_index(devlink, index); if (!port) { diff --git a/net/ethtool/netlink.c b/net/ethtool/netlink.c index ae344f1b0bbd..9fc7c41f4786 100644 --- a/net/ethtool/netlink.c +++ b/net/ethtool/netlink.c @@ -538,7 +538,8 @@ static int ethnl_default_start(struct netlink_callback *cb) goto free_req_info; } - ret = ethnl_default_parse(req_info, info->attrs, sock_net(cb->skb->sk), + ret = ethnl_default_parse(req_info, info->info.attrs, + sock_net(cb->skb->sk), ops, cb->extack, false); if (req_info->dev) { /* We ignore device specification in dump requests but as the diff --git a/net/ethtool/tunnels.c b/net/ethtool/tunnels.c index 05f752557b5e..b4ce47dd2aa6 100644 --- a/net/ethtool/tunnels.c +++ b/net/ethtool/tunnels.c @@ -219,7 +219,7 @@ int ethnl_tunnel_info_start(struct netlink_callback *cb) { const struct genl_dumpit_info *info = genl_dumpit_info(cb); struct ethnl_tunnel_info_dump_ctx *ctx = (void *)cb->ctx; - struct nlattr **tb = info->attrs; + struct nlattr **tb = info->info.attrs; int ret; BUILD_BUG_ON(sizeof(*ctx) > sizeof(cb->ctx)); diff --git a/net/ieee802154/nl802154.c b/net/ieee802154/nl802154.c index d610c1886160..1a265a421308 100644 --- a/net/ieee802154/nl802154.c +++ b/net/ieee802154/nl802154.c @@ -262,7 +262,7 @@ nl802154_prepare_wpan_dev_dump(struct sk_buff *skb, if (!cb->args[0]) { *wpan_dev = __cfg802154_wpan_dev_from_attrs(sock_net(skb->sk), - info->attrs); + info->info.attrs); if (IS_ERR(*wpan_dev)) { err = PTR_ERR(*wpan_dev); goto out_unlock; @@ -570,7 +570,7 @@ static int nl802154_dump_wpan_phy_parse(struct sk_buff *skb, struct nl802154_dump_wpan_phy_state *state) { const struct genl_dumpit_info *info = genl_dumpit_info(cb); - struct nlattr **tb = info->attrs; + struct nlattr **tb = info->info.attrs; if (tb[NL802154_ATTR_WPAN_PHY]) state->filter_wpan_phy = nla_get_u32(tb[NL802154_ATTR_WPAN_PHY]); diff --git a/net/netlink/genetlink.c b/net/netlink/genetlink.c index 82ad26970b9b..d47879d5a74c 100644 --- a/net/netlink/genetlink.c +++ b/net/netlink/genetlink.c @@ -846,7 +846,6 @@ static int genl_start(struct netlink_callback *cb) } info->family = ctx->family; info->op = *ops; - info->attrs = attrs; info->info.snd_seq = cb->nlh->nlmsg_seq; info->info.snd_portid = NETLINK_CB(cb->skb).portid; info->info.nlhdr = cb->nlh; @@ -864,7 +863,7 @@ static int genl_start(struct netlink_callback *cb) } if (rc) { - genl_family_rcv_msg_attrs_free(info->attrs); + genl_family_rcv_msg_attrs_free(info->info.attrs); genl_dumpit_info_free(info); cb->data = NULL; } @@ -898,7 +897,7 @@ static int genl_done(struct netlink_callback *cb) rc = ops->done(cb); genl_op_unlock(info->family); } - genl_family_rcv_msg_attrs_free(info->attrs); + genl_family_rcv_msg_attrs_free(info->info.attrs); genl_dumpit_info_free(info); return rc; } @@ -1387,7 +1386,7 @@ static int ctrl_dumppolicy_start(struct netlink_callback *cb) { const struct genl_dumpit_info *info = genl_dumpit_info(cb); struct ctrl_dump_policy_ctx *ctx = (void *)cb->ctx; - struct nlattr **tb = info->attrs; + struct nlattr **tb = info->info.attrs; const struct genl_family *rt; struct genl_op_iter i; int err; diff --git a/net/nfc/netlink.c b/net/nfc/netlink.c index e9ac6a6f934e..aa1dbf654c3e 100644 --- a/net/nfc/netlink.c +++ b/net/nfc/netlink.c @@ -110,10 +110,10 @@ static struct nfc_dev *__get_device_from_cb(struct netlink_callback *cb) struct nfc_dev *dev; u32 idx; - if (!info->attrs[NFC_ATTR_DEVICE_INDEX]) + if (!info->info.attrs[NFC_ATTR_DEVICE_INDEX]) return ERR_PTR(-EINVAL); - idx = nla_get_u32(info->attrs[NFC_ATTR_DEVICE_INDEX]); + idx = nla_get_u32(info->info.attrs[NFC_ATTR_DEVICE_INDEX]); dev = nfc_get_device(idx); if (!dev) diff --git a/net/tipc/netlink_compat.c b/net/tipc/netlink_compat.c index 299cd6754f14..5bc076f2fa74 100644 --- a/net/tipc/netlink_compat.c +++ b/net/tipc/netlink_compat.c @@ -208,7 +208,7 @@ static int __tipc_nl_compat_dumpit(struct tipc_nl_compat_cmd_dump *cmd, goto err_out; } - info.attrs = attrbuf; + info.info.attrs = attrbuf; if (nlmsg_len(cb.nlh) > 0) { err = nlmsg_parse_deprecated(cb.nlh, GENL_HDRLEN, attrbuf, diff --git a/net/tipc/node.c b/net/tipc/node.c index a9c5b6594889..3105abe97bb9 100644 --- a/net/tipc/node.c +++ b/net/tipc/node.c @@ -2662,7 +2662,7 @@ static int __tipc_nl_add_node_links(struct net *net, struct tipc_nl_msg *msg, int tipc_nl_node_dump_link(struct sk_buff *skb, struct netlink_callback *cb) { struct net *net = sock_net(skb->sk); - struct nlattr **attrs = genl_dumpit_info(cb)->attrs; + struct nlattr **attrs = genl_dumpit_info(cb)->info.attrs; struct nlattr *link[TIPC_NLA_LINK_MAX + 1]; struct tipc_net *tn = net_generic(net, tipc_net_id); struct tipc_node *node; @@ -2870,7 +2870,7 @@ int tipc_nl_node_dump_monitor_peer(struct sk_buff *skb, int err; if (!prev_node) { - struct nlattr **attrs = genl_dumpit_info(cb)->attrs; + struct nlattr **attrs = genl_dumpit_info(cb)->info.attrs; struct nlattr *mon[TIPC_NLA_MON_MAX + 1]; if (!attrs[TIPC_NLA_MON]) diff --git a/net/tipc/socket.c b/net/tipc/socket.c index ef8e5139a873..bb1118d02f95 100644 --- a/net/tipc/socket.c +++ b/net/tipc/socket.c @@ -3791,7 +3791,7 @@ int tipc_nl_publ_dump(struct sk_buff *skb, struct netlink_callback *cb) struct tipc_sock *tsk; if (!tsk_portid) { - struct nlattr **attrs = genl_dumpit_info(cb)->attrs; + struct nlattr **attrs = genl_dumpit_info(cb)->info.attrs; struct nlattr *sock[TIPC_NLA_SOCK_MAX + 1]; if (!attrs[TIPC_NLA_SOCK]) diff --git a/net/tipc/udp_media.c b/net/tipc/udp_media.c index 926232557e77..f892b0903dba 100644 --- a/net/tipc/udp_media.c +++ b/net/tipc/udp_media.c @@ -465,7 +465,7 @@ int tipc_udp_nl_dump_remoteip(struct sk_buff *skb, struct netlink_callback *cb) int i; if (!bid && !skip_cnt) { - struct nlattr **attrs = genl_dumpit_info(cb)->attrs; + struct nlattr **attrs = genl_dumpit_info(cb)->info.attrs; struct net *net = sock_net(skb->sk); struct nlattr *battrs[TIPC_NLA_BEARER_MAX + 1]; char *bname; -- 2.41.0 From lkp at intel.com Tue Aug 15 21:46:49 2023 From: lkp at intel.com (kernel test robot) Date: Wed, 16 Aug 2023 05:46:49 +0800 Subject: [PATCH net-next v3 05/10] genetlink: use attrs from struct genl_info In-Reply-To: <20230814214723.2924989-6-kuba@kernel.org> References: <20230814214723.2924989-6-kuba@kernel.org> Message-ID: <202308160545.9cpmjvz9-lkp@intel.com> Hi Jakub, kernel test robot noticed the following build errors: [auto build test ERROR on net-next/main] url: https://github.com/intel-lab-lkp/linux/commits/Jakub-Kicinski/genetlink-push-conditional-locking-into-dumpit-done/20230815-055212 base: net-next/main patch link: https://lore.kernel.org/r/20230814214723.2924989-6-kuba%40kernel.org patch subject: [PATCH net-next v3 05/10] genetlink: use attrs from struct genl_info config: i386-debian-10.3 (https://download.01.org/0day-ci/archive/20230816/202308160545.9cpmjvz9-lkp at intel.com/config) compiler: gcc-12 (Debian 12.2.0-14) 12.2.0 reproduce: (https://download.01.org/0day-ci/archive/20230816/202308160545.9cpmjvz9-lkp at intel.com/reproduce) If you fix the issue in a separate patch/commit (i.e. not just a new version of the same patch/commit), kindly add following tags | Reported-by: kernel test robot | Closes: https://lore.kernel.org/oe-kbuild-all/202308160545.9cpmjvz9-lkp at intel.com/ All errors (new ones prefixed by >>): net/devlink/netlink.c: In function 'devlink_nl_dumpit': >> net/devlink/netlink.c:232:37: error: 'const struct genl_dumpit_info' has no member named 'attrs' 232 | struct nlattr **attrs = info->attrs; | ^~ -- net/devlink/health.c: In function 'devlink_nl_health_reporter_get_dump_one': >> net/devlink/health.c:396:37: error: 'const struct genl_dumpit_info' has no member named 'attrs' 396 | struct nlattr **attrs = info->attrs; | ^~ vim +232 net/devlink/netlink.c 07f3af66089e20 Jakub Kicinski 2023-01-04 227 4a1b5aa8b5c743 Jiri Pirko 2023-08-11 228 int devlink_nl_dumpit(struct sk_buff *msg, struct netlink_callback *cb, 4a1b5aa8b5c743 Jiri Pirko 2023-08-11 229 devlink_nl_dump_one_func_t *dump_one) 4a1b5aa8b5c743 Jiri Pirko 2023-08-11 230 { 4a1b5aa8b5c743 Jiri Pirko 2023-08-11 231 const struct genl_dumpit_info *info = genl_dumpit_info(cb); 4a1b5aa8b5c743 Jiri Pirko 2023-08-11 @232 struct nlattr **attrs = info->attrs; 4a1b5aa8b5c743 Jiri Pirko 2023-08-11 233 int flags = NLM_F_MULTI; 4a1b5aa8b5c743 Jiri Pirko 2023-08-11 234 4a1b5aa8b5c743 Jiri Pirko 2023-08-11 235 if (attrs && 4a1b5aa8b5c743 Jiri Pirko 2023-08-11 236 (attrs[DEVLINK_ATTR_BUS_NAME] || attrs[DEVLINK_ATTR_DEV_NAME])) 4a1b5aa8b5c743 Jiri Pirko 2023-08-11 237 return devlink_nl_inst_single_dumpit(msg, cb, flags, dump_one, 4a1b5aa8b5c743 Jiri Pirko 2023-08-11 238 attrs); 4a1b5aa8b5c743 Jiri Pirko 2023-08-11 239 else 4a1b5aa8b5c743 Jiri Pirko 2023-08-11 240 return devlink_nl_inst_iter_dumpit(msg, cb, flags, dump_one); 4a1b5aa8b5c743 Jiri Pirko 2023-08-11 241 } 4a1b5aa8b5c743 Jiri Pirko 2023-08-11 242 -- 0-DAY CI Kernel Test Service https://github.com/intel/lkp-tests/wiki From rdunlap at infradead.org Wed Aug 16 05:50:10 2023 From: rdunlap at infradead.org (Randy Dunlap) Date: Tue, 15 Aug 2023 22:50:10 -0700 Subject: [PATCH] treewide: drop CONFIG_EMBEDDED Message-ID: <20230816055010.31534-1-rdunlap@infradead.org> There is only one Kconfig user of CONFIG_EMBEDDED and it can be switched to EXPERT or "if !ARCH_MULTIPLATFORM" (suggested by Arnd). Signed-off-by: Randy Dunlap Cc: Russell King Cc: linux-arm-kernel at lists.infradead.org Cc: Arnd Bergmann Cc: Jason A. Donenfeld Cc: wireguard at lists.zx2c4.com Cc: linux-arch at vger.kernel.org Cc: linux-snps-arc at lists.infradead.org Cc: Vineet Gupta Cc: Brian Cain Cc: linux-hexagon at vger.kernel.org Cc: Greg Ungerer Cc: Geert Uytterhoeven Cc: linux-m68k at lists.linux-m68k.org Cc: Michal Simek Cc: Thomas Bogendoerfer Cc: Dinh Nguyen Cc: Jonas Bonn Cc: Stefan Kristiansson Cc: Stafford Horne Cc: linux-openrisc at vger.kernel.org Cc: linux-mips at vger.kernel.org Cc: Michael Ellerman Cc: Nicholas Piggin Cc: Christophe Leroy Cc: linuxppc-dev at lists.ozlabs.org Cc: linux-riscv at lists.infradead.org Cc: Paul Walmsley Cc: Palmer Dabbelt Cc: Albert Ou Cc: Yoshinori Sato Cc: Rich Felker Cc: John Paul Adrian Glaubitz Cc: linux-sh at vger.kernel.org Cc: Max Filippov Cc: Josh Triplett Cc: Masahiro Yamada Cc: linux-kbuild at vger.kernel.org Cc: Andrew Morton --- arch/arc/configs/axs101_defconfig | 2 +- arch/arc/configs/axs103_defconfig | 2 +- arch/arc/configs/axs103_smp_defconfig | 2 +- arch/arc/configs/haps_hs_smp_defconfig | 2 +- arch/arc/configs/hsdk_defconfig | 2 +- arch/arc/configs/nsim_700_defconfig | 2 +- arch/arc/configs/nsimosci_defconfig | 2 +- arch/arc/configs/nsimosci_hs_defconfig | 2 +- arch/arc/configs/tb10x_defconfig | 2 +- arch/arc/configs/vdk_hs38_defconfig | 2 +- arch/arc/configs/vdk_hs38_smp_defconfig | 2 +- arch/arm/Kconfig | 2 +- arch/arm/configs/aspeed_g4_defconfig | 2 +- arch/arm/configs/aspeed_g5_defconfig | 2 +- arch/arm/configs/at91_dt_defconfig | 2 +- arch/arm/configs/axm55xx_defconfig | 2 +- arch/arm/configs/bcm2835_defconfig | 2 +- arch/arm/configs/clps711x_defconfig | 2 +- arch/arm/configs/keystone_defconfig | 2 +- arch/arm/configs/lpc18xx_defconfig | 2 +- arch/arm/configs/lpc32xx_defconfig | 2 +- arch/arm/configs/milbeaut_m10v_defconfig | 2 +- arch/arm/configs/moxart_defconfig | 2 +- arch/arm/configs/multi_v4t_defconfig | 2 +- arch/arm/configs/multi_v7_defconfig | 2 +- arch/arm/configs/pxa_defconfig | 2 +- arch/arm/configs/qcom_defconfig | 2 +- arch/arm/configs/sama5_defconfig | 2 +- arch/arm/configs/sama7_defconfig | 2 +- arch/arm/configs/socfpga_defconfig | 2 +- arch/arm/configs/stm32_defconfig | 2 +- arch/arm/configs/tegra_defconfig | 2 +- arch/arm/configs/vf610m4_defconfig | 2 +- arch/hexagon/configs/comet_defconfig | 2 +- arch/m68k/configs/amcore_defconfig | 2 +- arch/m68k/configs/m5475evb_defconfig | 2 +- arch/m68k/configs/stmark2_defconfig | 2 +- arch/microblaze/configs/mmu_defconfig | 2 +- arch/mips/configs/ath25_defconfig | 2 +- arch/mips/configs/ath79_defconfig | 2 +- arch/mips/configs/bcm47xx_defconfig | 2 +- arch/mips/configs/ci20_defconfig | 2 +- arch/mips/configs/cu1000-neo_defconfig | 2 +- arch/mips/configs/cu1830-neo_defconfig | 2 +- arch/mips/configs/db1xxx_defconfig | 2 +- arch/mips/configs/gcw0_defconfig | 2 +- arch/mips/configs/generic_defconfig | 2 +- arch/mips/configs/loongson2k_defconfig | 2 +- arch/mips/configs/loongson3_defconfig | 2 +- arch/mips/configs/malta_qemu_32r6_defconfig | 2 +- arch/mips/configs/maltaaprp_defconfig | 2 +- arch/mips/configs/maltasmvp_defconfig | 2 +- arch/mips/configs/maltasmvp_eva_defconfig | 2 +- arch/mips/configs/maltaup_defconfig | 2 +- arch/mips/configs/omega2p_defconfig | 2 +- arch/mips/configs/pic32mzda_defconfig | 2 +- arch/mips/configs/qi_lb60_defconfig | 2 +- arch/mips/configs/rs90_defconfig | 2 +- arch/mips/configs/rt305x_defconfig | 2 +- arch/mips/configs/vocore2_defconfig | 2 +- arch/mips/configs/xway_defconfig | 2 +- arch/nios2/configs/10m50_defconfig | 2 +- arch/nios2/configs/3c120_defconfig | 2 +- arch/openrisc/configs/or1klitex_defconfig | 2 +- arch/powerpc/configs/40x/klondike_defconfig | 2 +- arch/powerpc/configs/44x/fsp2_defconfig | 2 +- arch/powerpc/configs/52xx/tqm5200_defconfig | 2 +- arch/powerpc/configs/mgcoge_defconfig | 2 +- arch/powerpc/configs/microwatt_defconfig | 2 +- arch/powerpc/configs/ps3_defconfig | 2 +- arch/riscv/configs/nommu_k210_defconfig | 2 +- arch/riscv/configs/nommu_k210_sdcard_defconfig | 2 +- arch/sh/configs/rsk7264_defconfig | 2 +- arch/sh/configs/rsk7269_defconfig | 2 +- arch/xtensa/configs/cadence_csp_defconfig | 2 +- init/Kconfig | 8 -------- kernel/configs/tiny-base.config | 2 +- tools/testing/selftests/wireguard/qemu/kernel.config | 1 - 78 files changed, 76 insertions(+), 85 deletions(-) diff -- a/arch/arm/Kconfig b/arch/arm/Kconfig --- a/arch/arm/Kconfig +++ b/arch/arm/Kconfig @@ -250,7 +250,7 @@ config ARCH_MTD_XIP bool config ARM_PATCH_PHYS_VIRT - bool "Patch physical to virtual translations at runtime" if EMBEDDED + bool "Patch physical to virtual translations at runtime" if !ARCH_MULTIPLATFORM default y depends on MMU help diff -- a/init/Kconfig b/init/Kconfig --- a/init/Kconfig +++ b/init/Kconfig @@ -1790,14 +1790,6 @@ config DEBUG_RSEQ If unsure, say N. -config EMBEDDED - bool "Embedded system" - select EXPERT - help - This option should be enabled if compiling the kernel for - an embedded system so certain expert options are available - for configuration. - config HAVE_PERF_EVENTS bool help diff -- a/arch/powerpc/configs/40x/klondike_defconfig b/arch/powerpc/configs/40x/klondike_defconfig --- a/arch/powerpc/configs/40x/klondike_defconfig +++ b/arch/powerpc/configs/40x/klondike_defconfig @@ -4,7 +4,7 @@ CONFIG_LOG_BUF_SHIFT=14 CONFIG_SYSFS_DEPRECATED=y CONFIG_SYSFS_DEPRECATED_V2=y CONFIG_BLK_DEV_INITRD=y -CONFIG_EMBEDDED=y +CONFIG_EXPERT=y CONFIG_MODULES=y CONFIG_MODULE_UNLOAD=y CONFIG_APM8018X=y diff -- a/arch/powerpc/configs/44x/fsp2_defconfig b/arch/powerpc/configs/44x/fsp2_defconfig --- a/arch/powerpc/configs/44x/fsp2_defconfig +++ b/arch/powerpc/configs/44x/fsp2_defconfig @@ -15,7 +15,7 @@ CONFIG_BLK_DEV_INITRD=y # CONFIG_RD_LZ4 is not set CONFIG_KALLSYMS_ALL=y CONFIG_BPF_SYSCALL=y -CONFIG_EMBEDDED=y +CONFIG_EXPERT=y CONFIG_PROFILING=y CONFIG_MODULES=y CONFIG_MODULE_UNLOAD=y diff -- a/arch/powerpc/configs/52xx/tqm5200_defconfig b/arch/powerpc/configs/52xx/tqm5200_defconfig --- a/arch/powerpc/configs/52xx/tqm5200_defconfig +++ b/arch/powerpc/configs/52xx/tqm5200_defconfig @@ -3,7 +3,7 @@ CONFIG_LOG_BUF_SHIFT=14 CONFIG_BLK_DEV_INITRD=y # CONFIG_KALLSYMS is not set # CONFIG_EPOLL is not set -CONFIG_EMBEDDED=y +CONFIG_EXPERT=y CONFIG_MODULES=y CONFIG_MODULE_UNLOAD=y CONFIG_MODVERSIONS=y diff -- a/arch/arc/configs/axs101_defconfig b/arch/arc/configs/axs101_defconfig --- a/arch/arc/configs/axs101_defconfig +++ b/arch/arc/configs/axs101_defconfig @@ -9,7 +9,7 @@ CONFIG_NAMESPACES=y # CONFIG_UTS_NS is not set # CONFIG_PID_NS is not set CONFIG_BLK_DEV_INITRD=y -CONFIG_EMBEDDED=y +CONFIG_EXPERT=y CONFIG_PERF_EVENTS=y # CONFIG_VM_EVENT_COUNTERS is not set # CONFIG_SLUB_DEBUG is not set diff -- a/arch/arc/configs/axs103_defconfig b/arch/arc/configs/axs103_defconfig --- a/arch/arc/configs/axs103_defconfig +++ b/arch/arc/configs/axs103_defconfig @@ -9,7 +9,7 @@ CONFIG_NAMESPACES=y # CONFIG_UTS_NS is not set # CONFIG_PID_NS is not set CONFIG_BLK_DEV_INITRD=y -CONFIG_EMBEDDED=y +CONFIG_EXPERT=y CONFIG_PERF_EVENTS=y # CONFIG_VM_EVENT_COUNTERS is not set # CONFIG_SLUB_DEBUG is not set diff -- a/arch/arc/configs/axs103_smp_defconfig b/arch/arc/configs/axs103_smp_defconfig --- a/arch/arc/configs/axs103_smp_defconfig +++ b/arch/arc/configs/axs103_smp_defconfig @@ -9,7 +9,7 @@ CONFIG_NAMESPACES=y # CONFIG_UTS_NS is not set # CONFIG_PID_NS is not set CONFIG_BLK_DEV_INITRD=y -CONFIG_EMBEDDED=y +CONFIG_EXPERT=y CONFIG_PERF_EVENTS=y # CONFIG_VM_EVENT_COUNTERS is not set # CONFIG_COMPAT_BRK is not set diff -- a/arch/arc/configs/haps_hs_smp_defconfig b/arch/arc/configs/haps_hs_smp_defconfig --- a/arch/arc/configs/haps_hs_smp_defconfig +++ b/arch/arc/configs/haps_hs_smp_defconfig @@ -11,7 +11,7 @@ CONFIG_NAMESPACES=y # CONFIG_UTS_NS is not set # CONFIG_PID_NS is not set CONFIG_BLK_DEV_INITRD=y -CONFIG_EMBEDDED=y +CONFIG_EXPERT=y CONFIG_PERF_EVENTS=y # CONFIG_VM_EVENT_COUNTERS is not set # CONFIG_COMPAT_BRK is not set diff -- a/arch/arc/configs/hsdk_defconfig b/arch/arc/configs/hsdk_defconfig --- a/arch/arc/configs/hsdk_defconfig +++ b/arch/arc/configs/hsdk_defconfig @@ -9,7 +9,7 @@ CONFIG_NAMESPACES=y # CONFIG_PID_NS is not set CONFIG_BLK_DEV_INITRD=y CONFIG_BLK_DEV_RAM=y -CONFIG_EMBEDDED=y +CONFIG_EXPERT=y CONFIG_PERF_EVENTS=y # CONFIG_VM_EVENT_COUNTERS is not set # CONFIG_COMPAT_BRK is not set diff -- a/arch/arc/configs/nsim_700_defconfig b/arch/arc/configs/nsim_700_defconfig --- a/arch/arc/configs/nsim_700_defconfig +++ b/arch/arc/configs/nsim_700_defconfig @@ -12,7 +12,7 @@ CONFIG_NAMESPACES=y # CONFIG_PID_NS is not set CONFIG_BLK_DEV_INITRD=y CONFIG_KALLSYMS_ALL=y -CONFIG_EMBEDDED=y +CONFIG_EXPERT=y CONFIG_PERF_EVENTS=y # CONFIG_SLUB_DEBUG is not set # CONFIG_COMPAT_BRK is not set diff -- a/arch/arc/configs/nsimosci_defconfig b/arch/arc/configs/nsimosci_defconfig --- a/arch/arc/configs/nsimosci_defconfig +++ b/arch/arc/configs/nsimosci_defconfig @@ -11,7 +11,7 @@ CONFIG_NAMESPACES=y # CONFIG_PID_NS is not set CONFIG_BLK_DEV_INITRD=y CONFIG_KALLSYMS_ALL=y -CONFIG_EMBEDDED=y +CONFIG_EXPERT=y CONFIG_PERF_EVENTS=y # CONFIG_SLUB_DEBUG is not set # CONFIG_COMPAT_BRK is not set diff -- a/arch/arc/configs/nsimosci_hs_defconfig b/arch/arc/configs/nsimosci_hs_defconfig --- a/arch/arc/configs/nsimosci_hs_defconfig +++ b/arch/arc/configs/nsimosci_hs_defconfig @@ -11,7 +11,7 @@ CONFIG_NAMESPACES=y # CONFIG_PID_NS is not set CONFIG_BLK_DEV_INITRD=y CONFIG_KALLSYMS_ALL=y -CONFIG_EMBEDDED=y +CONFIG_EXPERT=y CONFIG_PERF_EVENTS=y # CONFIG_SLUB_DEBUG is not set # CONFIG_COMPAT_BRK is not set diff -- a/arch/arc/configs/tb10x_defconfig b/arch/arc/configs/tb10x_defconfig --- a/arch/arc/configs/tb10x_defconfig +++ b/arch/arc/configs/tb10x_defconfig @@ -16,7 +16,7 @@ CONFIG_INITRAMFS_ROOT_GID=501 # CONFIG_RD_GZIP is not set CONFIG_KALLSYMS_ALL=y # CONFIG_AIO is not set -CONFIG_EMBEDDED=y +CONFIG_EXPERT=y # CONFIG_COMPAT_BRK is not set CONFIG_ISA_ARCOMPACT=y CONFIG_MODULES=y diff -- a/arch/arc/configs/vdk_hs38_defconfig b/arch/arc/configs/vdk_hs38_defconfig --- a/arch/arc/configs/vdk_hs38_defconfig +++ b/arch/arc/configs/vdk_hs38_defconfig @@ -4,7 +4,7 @@ CONFIG_HIGH_RES_TIMERS=y CONFIG_IKCONFIG=y CONFIG_IKCONFIG_PROC=y CONFIG_BLK_DEV_INITRD=y -CONFIG_EMBEDDED=y +CONFIG_EXPERT=y CONFIG_PERF_EVENTS=y # CONFIG_VM_EVENT_COUNTERS is not set # CONFIG_SLUB_DEBUG is not set diff -- a/arch/arc/configs/vdk_hs38_smp_defconfig b/arch/arc/configs/vdk_hs38_smp_defconfig --- a/arch/arc/configs/vdk_hs38_smp_defconfig +++ b/arch/arc/configs/vdk_hs38_smp_defconfig @@ -4,7 +4,7 @@ CONFIG_HIGH_RES_TIMERS=y CONFIG_IKCONFIG=y CONFIG_IKCONFIG_PROC=y CONFIG_BLK_DEV_INITRD=y -CONFIG_EMBEDDED=y +CONFIG_EXPERT=y CONFIG_PERF_EVENTS=y # CONFIG_VM_EVENT_COUNTERS is not set # CONFIG_SLUB_DEBUG is not set diff -- a/arch/hexagon/configs/comet_defconfig b/arch/hexagon/configs/comet_defconfig --- a/arch/hexagon/configs/comet_defconfig +++ b/arch/hexagon/configs/comet_defconfig @@ -14,7 +14,7 @@ CONFIG_IKCONFIG=y CONFIG_IKCONFIG_PROC=y CONFIG_LOG_BUF_SHIFT=18 CONFIG_BLK_DEV_INITRD=y -CONFIG_EMBEDDED=y +CONFIG_EXPERT=y # CONFIG_VM_EVENT_COUNTERS is not set # CONFIG_BLK_DEV_BSG is not set CONFIG_UEVENT_HELPER_PATH="/sbin/hotplug" diff -- a/arch/m68k/configs/amcore_defconfig b/arch/m68k/configs/amcore_defconfig --- a/arch/m68k/configs/amcore_defconfig +++ b/arch/m68k/configs/amcore_defconfig @@ -8,7 +8,7 @@ CONFIG_CC_OPTIMIZE_FOR_SIZE=y # CONFIG_AIO is not set # CONFIG_ADVISE_SYSCALLS is not set # CONFIG_MEMBARRIER is not set -CONFIG_EMBEDDED=y +CONFIG_EXPERT=y # CONFIG_VM_EVENT_COUNTERS is not set # CONFIG_SLUB_DEBUG is not set # CONFIG_COMPAT_BRK is not set diff -- a/arch/m68k/configs/m5475evb_defconfig b/arch/m68k/configs/m5475evb_defconfig --- a/arch/m68k/configs/m5475evb_defconfig +++ b/arch/m68k/configs/m5475evb_defconfig @@ -8,7 +8,7 @@ CONFIG_LOG_BUF_SHIFT=14 # CONFIG_EVENTFD is not set # CONFIG_SHMEM is not set # CONFIG_AIO is not set -CONFIG_EMBEDDED=y +CONFIG_EXPERT=y CONFIG_MODULES=y # CONFIG_BLK_DEV_BSG is not set CONFIG_COLDFIRE=y diff -- a/arch/m68k/configs/stmark2_defconfig b/arch/m68k/configs/stmark2_defconfig --- a/arch/m68k/configs/stmark2_defconfig +++ b/arch/m68k/configs/stmark2_defconfig @@ -9,7 +9,7 @@ CONFIG_CC_OPTIMIZE_FOR_SIZE=y # CONFIG_AIO is not set # CONFIG_ADVISE_SYSCALLS is not set # CONFIG_MEMBARRIER is not set -CONFIG_EMBEDDED=y +CONFIG_EXPERT=y # CONFIG_VM_EVENT_COUNTERS is not set # CONFIG_COMPAT_BRK is not set CONFIG_COLDFIRE=y diff -- a/arch/microblaze/configs/mmu_defconfig b/arch/microblaze/configs/mmu_defconfig --- a/arch/microblaze/configs/mmu_defconfig +++ b/arch/microblaze/configs/mmu_defconfig @@ -7,7 +7,7 @@ CONFIG_SYSFS_DEPRECATED=y CONFIG_SYSFS_DEPRECATED_V2=y # CONFIG_BASE_FULL is not set CONFIG_KALLSYMS_ALL=y -CONFIG_EMBEDDED=y +CONFIG_EXPERT=y CONFIG_XILINX_MICROBLAZE0_USE_MSR_INSTR=1 CONFIG_XILINX_MICROBLAZE0_USE_PCMP_INSTR=1 CONFIG_XILINX_MICROBLAZE0_USE_BARREL=1 diff -- a/arch/nios2/configs/10m50_defconfig b/arch/nios2/configs/10m50_defconfig --- a/arch/nios2/configs/10m50_defconfig +++ b/arch/nios2/configs/10m50_defconfig @@ -9,7 +9,7 @@ CONFIG_LOG_BUF_SHIFT=14 # CONFIG_EVENTFD is not set # CONFIG_SHMEM is not set # CONFIG_AIO is not set -CONFIG_EMBEDDED=y +CONFIG_EXPERT=y CONFIG_MODULES=y CONFIG_MODULE_UNLOAD=y CONFIG_NIOS2_MEM_BASE=0x8000000 diff -- a/arch/nios2/configs/3c120_defconfig b/arch/nios2/configs/3c120_defconfig --- a/arch/nios2/configs/3c120_defconfig +++ b/arch/nios2/configs/3c120_defconfig @@ -9,7 +9,7 @@ CONFIG_LOG_BUF_SHIFT=14 # CONFIG_EVENTFD is not set # CONFIG_SHMEM is not set # CONFIG_AIO is not set -CONFIG_EMBEDDED=y +CONFIG_EXPERT=y CONFIG_MODULES=y CONFIG_MODULE_UNLOAD=y CONFIG_NIOS2_MEM_BASE=0x10000000 diff -- a/arch/openrisc/configs/or1klitex_defconfig b/arch/openrisc/configs/or1klitex_defconfig --- a/arch/openrisc/configs/or1klitex_defconfig +++ b/arch/openrisc/configs/or1klitex_defconfig @@ -6,7 +6,7 @@ CONFIG_USER_NS=y CONFIG_BLK_DEV_INITRD=y CONFIG_CC_OPTIMIZE_FOR_SIZE=y CONFIG_SGETMASK_SYSCALL=y -CONFIG_EMBEDDED=y +CONFIG_EXPERT=y CONFIG_OPENRISC_BUILTIN_DTB="or1klitex" CONFIG_HZ_100=y CONFIG_OPENRISC_HAVE_SHADOW_GPRS=y diff -- a/arch/powerpc/configs/mgcoge_defconfig b/arch/powerpc/configs/mgcoge_defconfig --- a/arch/powerpc/configs/mgcoge_defconfig +++ b/arch/powerpc/configs/mgcoge_defconfig @@ -9,7 +9,7 @@ CONFIG_BLK_DEV_INITRD=y # CONFIG_RD_GZIP is not set CONFIG_KALLSYMS_ALL=y # CONFIG_PCSPKR_PLATFORM is not set -CONFIG_EMBEDDED=y +CONFIG_EXPERT=y CONFIG_PARTITION_ADVANCED=y # CONFIG_PPC_PMAC is not set CONFIG_PPC_82xx=y diff -- a/arch/powerpc/configs/microwatt_defconfig b/arch/powerpc/configs/microwatt_defconfig --- a/arch/powerpc/configs/microwatt_defconfig +++ b/arch/powerpc/configs/microwatt_defconfig @@ -8,7 +8,7 @@ CONFIG_CGROUPS=y CONFIG_BLK_DEV_INITRD=y CONFIG_CC_OPTIMIZE_FOR_SIZE=y CONFIG_KALLSYMS_ALL=y -CONFIG_EMBEDDED=y +CONFIG_EXPERT=y # CONFIG_VM_EVENT_COUNTERS is not set # CONFIG_SLUB_DEBUG is not set # CONFIG_COMPAT_BRK is not set diff -- a/arch/powerpc/configs/ps3_defconfig b/arch/powerpc/configs/ps3_defconfig --- a/arch/powerpc/configs/ps3_defconfig +++ b/arch/powerpc/configs/ps3_defconfig @@ -3,7 +3,7 @@ CONFIG_POSIX_MQUEUE=y CONFIG_HIGH_RES_TIMERS=y CONFIG_BLK_DEV_INITRD=y CONFIG_CC_OPTIMIZE_FOR_SIZE=y -CONFIG_EMBEDDED=y +CONFIG_EXPERT=y # CONFIG_PERF_EVENTS is not set CONFIG_PROFILING=y CONFIG_PPC64=y diff -- a/arch/riscv/configs/nommu_k210_defconfig b/arch/riscv/configs/nommu_k210_defconfig --- a/arch/riscv/configs/nommu_k210_defconfig +++ b/arch/riscv/configs/nommu_k210_defconfig @@ -21,7 +21,7 @@ CONFIG_CC_OPTIMIZE_FOR_SIZE=y # CONFIG_IO_URING is not set # CONFIG_ADVISE_SYSCALLS is not set # CONFIG_KALLSYMS is not set -CONFIG_EMBEDDED=y +CONFIG_EXPERT=y # CONFIG_VM_EVENT_COUNTERS is not set # CONFIG_COMPAT_BRK is not set CONFIG_SLUB=y diff -- a/arch/riscv/configs/nommu_k210_sdcard_defconfig b/arch/riscv/configs/nommu_k210_sdcard_defconfig --- a/arch/riscv/configs/nommu_k210_sdcard_defconfig +++ b/arch/riscv/configs/nommu_k210_sdcard_defconfig @@ -13,7 +13,7 @@ CONFIG_CC_OPTIMIZE_FOR_SIZE=y # CONFIG_IO_URING is not set # CONFIG_ADVISE_SYSCALLS is not set # CONFIG_KALLSYMS is not set -CONFIG_EMBEDDED=y +CONFIG_EXPERT=y # CONFIG_VM_EVENT_COUNTERS is not set # CONFIG_COMPAT_BRK is not set CONFIG_SLUB=y diff -- a/arch/sh/configs/rsk7264_defconfig b/arch/sh/configs/rsk7264_defconfig --- a/arch/sh/configs/rsk7264_defconfig +++ b/arch/sh/configs/rsk7264_defconfig @@ -9,7 +9,7 @@ CONFIG_SYSFS_DEPRECATED=y CONFIG_SYSFS_DEPRECATED_V2=y CONFIG_CC_OPTIMIZE_FOR_SIZE=y CONFIG_KALLSYMS_ALL=y -CONFIG_EMBEDDED=y +CONFIG_EXPERT=y CONFIG_PERF_COUNTERS=y # CONFIG_VM_EVENT_COUNTERS is not set CONFIG_MMAP_ALLOW_UNINITIALIZED=y diff -- a/arch/sh/configs/rsk7269_defconfig b/arch/sh/configs/rsk7269_defconfig --- a/arch/sh/configs/rsk7269_defconfig +++ b/arch/sh/configs/rsk7269_defconfig @@ -1,6 +1,6 @@ CONFIG_LOG_BUF_SHIFT=14 CONFIG_CC_OPTIMIZE_FOR_SIZE=y -CONFIG_EMBEDDED=y +CONFIG_EXPERT=y # CONFIG_VM_EVENT_COUNTERS is not set # CONFIG_BLK_DEV_BSG is not set CONFIG_SWAP_IO_SPACE=y diff -- a/arch/xtensa/configs/cadence_csp_defconfig b/arch/xtensa/configs/cadence_csp_defconfig --- a/arch/xtensa/configs/cadence_csp_defconfig +++ b/arch/xtensa/configs/cadence_csp_defconfig @@ -21,7 +21,7 @@ CONFIG_INITRAMFS_SOURCE="$$KERNEL_INITRA # CONFIG_RD_LZO is not set # CONFIG_RD_LZ4 is not set CONFIG_CC_OPTIMIZE_FOR_SIZE=y -CONFIG_EMBEDDED=y +CONFIG_EXPERT=y CONFIG_PROFILING=y CONFIG_MODULES=y CONFIG_MODULE_FORCE_LOAD=y diff -- a/arch/arm/configs/aspeed_g4_defconfig b/arch/arm/configs/aspeed_g4_defconfig --- a/arch/arm/configs/aspeed_g4_defconfig +++ b/arch/arm/configs/aspeed_g4_defconfig @@ -15,7 +15,7 @@ CONFIG_BLK_DEV_INITRD=y # CONFIG_UID16 is not set # CONFIG_SYSFS_SYSCALL is not set # CONFIG_AIO is not set -CONFIG_EMBEDDED=y +CONFIG_EXPERT=y CONFIG_PERF_EVENTS=y # CONFIG_ARCH_MULTI_V7 is not set CONFIG_ARCH_ASPEED=y diff -- a/arch/arm/configs/aspeed_g5_defconfig b/arch/arm/configs/aspeed_g5_defconfig --- a/arch/arm/configs/aspeed_g5_defconfig +++ b/arch/arm/configs/aspeed_g5_defconfig @@ -15,7 +15,7 @@ CONFIG_BLK_DEV_INITRD=y # CONFIG_UID16 is not set # CONFIG_SYSFS_SYSCALL is not set # CONFIG_AIO is not set -CONFIG_EMBEDDED=y +CONFIG_EXPERT=y CONFIG_PERF_EVENTS=y CONFIG_ARCH_MULTI_V6=y CONFIG_ARCH_ASPEED=y diff -- a/arch/arm/configs/at91_dt_defconfig b/arch/arm/configs/at91_dt_defconfig --- a/arch/arm/configs/at91_dt_defconfig +++ b/arch/arm/configs/at91_dt_defconfig @@ -7,7 +7,7 @@ CONFIG_CGROUPS=y CONFIG_BLK_DEV_INITRD=y CONFIG_CC_OPTIMIZE_FOR_SIZE=y CONFIG_KALLSYMS_ALL=y -CONFIG_EMBEDDED=y +CONFIG_EXPERT=y CONFIG_ARCH_MULTI_V4T=y CONFIG_ARCH_MULTI_V5=y # CONFIG_ARCH_MULTI_V7 is not set diff -- a/arch/arm/configs/axm55xx_defconfig b/arch/arm/configs/axm55xx_defconfig --- a/arch/arm/configs/axm55xx_defconfig +++ b/arch/arm/configs/axm55xx_defconfig @@ -21,7 +21,7 @@ CONFIG_NAMESPACES=y CONFIG_SCHED_AUTOGROUP=y CONFIG_RELAY=y CONFIG_BLK_DEV_INITRD=y -CONFIG_EMBEDDED=y +CONFIG_EXPERT=y CONFIG_PROFILING=y CONFIG_ARCH_AXXIA=y CONFIG_ARM_LPAE=y diff -- a/arch/arm/configs/bcm2835_defconfig b/arch/arm/configs/bcm2835_defconfig --- a/arch/arm/configs/bcm2835_defconfig +++ b/arch/arm/configs/bcm2835_defconfig @@ -19,7 +19,7 @@ CONFIG_RELAY=y CONFIG_BLK_DEV_INITRD=y CONFIG_CC_OPTIMIZE_FOR_SIZE=y CONFIG_KALLSYMS_ALL=y -CONFIG_EMBEDDED=y +CONFIG_EXPERT=y CONFIG_PROFILING=y CONFIG_CC_STACKPROTECTOR_REGULAR=y CONFIG_ARCH_MULTI_V6=y diff -- a/arch/arm/configs/clps711x_defconfig b/arch/arm/configs/clps711x_defconfig --- a/arch/arm/configs/clps711x_defconfig +++ b/arch/arm/configs/clps711x_defconfig @@ -3,7 +3,7 @@ CONFIG_SYSVIPC=y CONFIG_LOG_BUF_SHIFT=14 CONFIG_BLK_DEV_INITRD=y CONFIG_RD_LZMA=y -CONFIG_EMBEDDED=y +CONFIG_EXPERT=y CONFIG_JUMP_LABEL=y CONFIG_PARTITION_ADVANCED=y CONFIG_ARCH_CLPS711X=y diff -- a/arch/arm/configs/keystone_defconfig b/arch/arm/configs/keystone_defconfig --- a/arch/arm/configs/keystone_defconfig +++ b/arch/arm/configs/keystone_defconfig @@ -14,7 +14,7 @@ CONFIG_BLK_DEV_INITRD=y # CONFIG_ELF_CORE is not set # CONFIG_BASE_FULL is not set CONFIG_KALLSYMS_ALL=y -CONFIG_EMBEDDED=y +CONFIG_EXPERT=y CONFIG_PROFILING=y CONFIG_ARCH_KEYSTONE=y CONFIG_ARM_LPAE=y diff -- a/arch/arm/configs/lpc18xx_defconfig b/arch/arm/configs/lpc18xx_defconfig --- a/arch/arm/configs/lpc18xx_defconfig +++ b/arch/arm/configs/lpc18xx_defconfig @@ -14,7 +14,7 @@ CONFIG_CC_OPTIMIZE_FOR_SIZE=y # CONFIG_SIGNALFD is not set # CONFIG_EVENTFD is not set # CONFIG_AIO is not set -CONFIG_EMBEDDED=y +CONFIG_EXPERT=y # CONFIG_MMU is not set CONFIG_ARCH_LPC18XX=y CONFIG_SET_MEM_PARAM=y diff -- a/arch/arm/configs/lpc32xx_defconfig b/arch/arm/configs/lpc32xx_defconfig --- a/arch/arm/configs/lpc32xx_defconfig +++ b/arch/arm/configs/lpc32xx_defconfig @@ -9,7 +9,7 @@ CONFIG_SYSFS_DEPRECATED=y CONFIG_SYSFS_DEPRECATED_V2=y CONFIG_BLK_DEV_INITRD=y CONFIG_CC_OPTIMIZE_FOR_SIZE=y -CONFIG_EMBEDDED=y +CONFIG_EXPERT=y # CONFIG_ARCH_MULTI_V7 is not set CONFIG_ARCH_LPC32XX=y CONFIG_AEABI=y diff -- a/arch/arm/configs/milbeaut_m10v_defconfig b/arch/arm/configs/milbeaut_m10v_defconfig --- a/arch/arm/configs/milbeaut_m10v_defconfig +++ b/arch/arm/configs/milbeaut_m10v_defconfig @@ -3,7 +3,7 @@ CONFIG_NO_HZ_IDLE=y CONFIG_HIGH_RES_TIMERS=y CONFIG_CGROUPS=y CONFIG_BLK_DEV_INITRD=y -CONFIG_EMBEDDED=y +CONFIG_EXPERT=y CONFIG_PERF_EVENTS=y CONFIG_ARCH_MILBEAUT=y CONFIG_ARCH_MILBEAUT_M10V=y diff -- a/arch/arm/configs/moxart_defconfig b/arch/arm/configs/moxart_defconfig --- a/arch/arm/configs/moxart_defconfig +++ b/arch/arm/configs/moxart_defconfig @@ -10,7 +10,7 @@ CONFIG_IKCONFIG_PROC=y # CONFIG_TIMERFD is not set # CONFIG_EVENTFD is not set # CONFIG_AIO is not set -CONFIG_EMBEDDED=y +CONFIG_EXPERT=y # CONFIG_BLK_DEV_BSG is not set CONFIG_ARCH_MULTI_V4=y # CONFIG_ARCH_MULTI_V7 is not set diff -- a/arch/arm/configs/multi_v4t_defconfig b/arch/arm/configs/multi_v4t_defconfig --- a/arch/arm/configs/multi_v4t_defconfig +++ b/arch/arm/configs/multi_v4t_defconfig @@ -2,7 +2,7 @@ CONFIG_KERNEL_LZMA=y CONFIG_SYSVIPC=y CONFIG_LOG_BUF_SHIFT=14 CONFIG_BLK_DEV_INITRD=y -CONFIG_EMBEDDED=y +CONFIG_EXPERT=y CONFIG_ARCH_MULTI_V4T=y # CONFIG_ARCH_MULTI_V7 is not set CONFIG_ARCH_AT91=y diff -- a/arch/arm/configs/multi_v7_defconfig b/arch/arm/configs/multi_v7_defconfig --- a/arch/arm/configs/multi_v7_defconfig +++ b/arch/arm/configs/multi_v7_defconfig @@ -3,7 +3,7 @@ CONFIG_NO_HZ_IDLE=y CONFIG_HIGH_RES_TIMERS=y CONFIG_CGROUPS=y CONFIG_BLK_DEV_INITRD=y -CONFIG_EMBEDDED=y +CONFIG_EXPERT=y CONFIG_PERF_EVENTS=y CONFIG_ARCH_VIRT=y CONFIG_ARCH_AIROHA=y diff -- a/arch/arm/configs/pxa_defconfig b/arch/arm/configs/pxa_defconfig --- a/arch/arm/configs/pxa_defconfig +++ b/arch/arm/configs/pxa_defconfig @@ -11,7 +11,7 @@ CONFIG_IKCONFIG_PROC=y CONFIG_LOG_BUF_SHIFT=13 CONFIG_BLK_DEV_INITRD=y CONFIG_KALLSYMS_ALL=y -CONFIG_EMBEDDED=y +CONFIG_EXPERT=y CONFIG_PROFILING=y # CONFIG_ARCH_MULTI_V7 is not set CONFIG_ARCH_PXA=y diff -- a/arch/arm/configs/qcom_defconfig b/arch/arm/configs/qcom_defconfig --- a/arch/arm/configs/qcom_defconfig +++ b/arch/arm/configs/qcom_defconfig @@ -7,7 +7,7 @@ CONFIG_IKCONFIG_PROC=y CONFIG_CGROUPS=y CONFIG_BLK_DEV_INITRD=y CONFIG_KALLSYMS_ALL=y -CONFIG_EMBEDDED=y +CONFIG_EXPERT=y CONFIG_PROFILING=y CONFIG_ARCH_QCOM=y CONFIG_ARCH_MSM8X60=y diff -- a/arch/arm/configs/sama5_defconfig b/arch/arm/configs/sama5_defconfig --- a/arch/arm/configs/sama5_defconfig +++ b/arch/arm/configs/sama5_defconfig @@ -5,7 +5,7 @@ CONFIG_HIGH_RES_TIMERS=y CONFIG_LOG_BUF_SHIFT=14 CONFIG_CGROUPS=y CONFIG_BLK_DEV_INITRD=y -CONFIG_EMBEDDED=y +CONFIG_EXPERT=y CONFIG_ARCH_AT91=y CONFIG_SOC_SAMA5D2=y CONFIG_SOC_SAMA5D3=y diff -- a/arch/arm/configs/sama7_defconfig b/arch/arm/configs/sama7_defconfig --- a/arch/arm/configs/sama7_defconfig +++ b/arch/arm/configs/sama7_defconfig @@ -12,7 +12,7 @@ CONFIG_BLK_DEV_INITRD=y # CONFIG_FHANDLE is not set # CONFIG_IO_URING is not set CONFIG_KALLSYMS_ALL=y -CONFIG_EMBEDDED=y +CONFIG_EXPERT=y CONFIG_ARCH_AT91=y CONFIG_SOC_SAMA7G5=y CONFIG_ATMEL_CLOCKSOURCE_TCB=y diff -- a/arch/arm/configs/socfpga_defconfig b/arch/arm/configs/socfpga_defconfig --- a/arch/arm/configs/socfpga_defconfig +++ b/arch/arm/configs/socfpga_defconfig @@ -7,7 +7,7 @@ CONFIG_CGROUPS=y CONFIG_CPUSETS=y CONFIG_NAMESPACES=y CONFIG_BLK_DEV_INITRD=y -CONFIG_EMBEDDED=y +CONFIG_EXPERT=y CONFIG_PROFILING=y CONFIG_ARCH_INTEL_SOCFPGA=y CONFIG_ARM_THUMBEE=y diff -- a/arch/arm/configs/stm32_defconfig b/arch/arm/configs/stm32_defconfig --- a/arch/arm/configs/stm32_defconfig +++ b/arch/arm/configs/stm32_defconfig @@ -11,7 +11,7 @@ CONFIG_CC_OPTIMIZE_FOR_SIZE=y # CONFIG_SIGNALFD is not set # CONFIG_EVENTFD is not set # CONFIG_AIO is not set -CONFIG_EMBEDDED=y +CONFIG_EXPERT=y # CONFIG_BLK_DEV_BSG is not set # CONFIG_MMU is not set CONFIG_ARCH_STM32=y diff -- a/arch/arm/configs/tegra_defconfig b/arch/arm/configs/tegra_defconfig --- a/arch/arm/configs/tegra_defconfig +++ b/arch/arm/configs/tegra_defconfig @@ -14,7 +14,7 @@ CONFIG_NAMESPACES=y CONFIG_USER_NS=y CONFIG_BLK_DEV_INITRD=y # CONFIG_ELF_CORE is not set -CONFIG_EMBEDDED=y +CONFIG_EXPERT=y CONFIG_PERF_EVENTS=y CONFIG_ARCH_TEGRA=y CONFIG_SMP=y diff -- a/arch/arm/configs/vf610m4_defconfig b/arch/arm/configs/vf610m4_defconfig --- a/arch/arm/configs/vf610m4_defconfig +++ b/arch/arm/configs/vf610m4_defconfig @@ -5,7 +5,7 @@ CONFIG_BLK_DEV_INITRD=y # CONFIG_RD_XZ is not set # CONFIG_RD_LZ4 is not set CONFIG_KALLSYMS_ALL=y -CONFIG_EMBEDDED=y +CONFIG_EXPERT=y # CONFIG_MMU is not set CONFIG_ARCH_MXC=y CONFIG_SOC_VF610=y diff -- a/arch/mips/configs/ath25_defconfig b/arch/mips/configs/ath25_defconfig --- a/arch/mips/configs/ath25_defconfig +++ b/arch/mips/configs/ath25_defconfig @@ -11,7 +11,7 @@ CONFIG_BLK_DEV_INITRD=y CONFIG_CC_OPTIMIZE_FOR_SIZE=y # CONFIG_FHANDLE is not set # CONFIG_AIO is not set -CONFIG_EMBEDDED=y +CONFIG_EXPERT=y # CONFIG_VM_EVENT_COUNTERS is not set # CONFIG_SLUB_DEBUG is not set # CONFIG_COMPAT_BRK is not set diff -- a/arch/mips/configs/ath79_defconfig b/arch/mips/configs/ath79_defconfig --- a/arch/mips/configs/ath79_defconfig +++ b/arch/mips/configs/ath79_defconfig @@ -5,7 +5,7 @@ CONFIG_BLK_DEV_INITRD=y # CONFIG_RD_GZIP is not set # CONFIG_AIO is not set # CONFIG_KALLSYMS is not set -CONFIG_EMBEDDED=y +CONFIG_EXPERT=y # CONFIG_VM_EVENT_COUNTERS is not set # CONFIG_SLUB_DEBUG is not set # CONFIG_COMPAT_BRK is not set diff -- a/arch/mips/configs/bcm47xx_defconfig b/arch/mips/configs/bcm47xx_defconfig --- a/arch/mips/configs/bcm47xx_defconfig +++ b/arch/mips/configs/bcm47xx_defconfig @@ -2,7 +2,7 @@ CONFIG_SYSVIPC=y CONFIG_HIGH_RES_TIMERS=y CONFIG_BLK_DEV_INITRD=y CONFIG_CC_OPTIMIZE_FOR_SIZE=y -CONFIG_EMBEDDED=y +CONFIG_EXPERT=y CONFIG_BCM47XX=y CONFIG_PCI=y # CONFIG_SUSPEND is not set diff -- a/arch/mips/configs/ci20_defconfig b/arch/mips/configs/ci20_defconfig --- a/arch/mips/configs/ci20_defconfig +++ b/arch/mips/configs/ci20_defconfig @@ -18,7 +18,7 @@ CONFIG_NAMESPACES=y CONFIG_USER_NS=y CONFIG_CC_OPTIMIZE_FOR_SIZE=y CONFIG_KALLSYMS_ALL=y -CONFIG_EMBEDDED=y +CONFIG_EXPERT=y CONFIG_MACH_INGENIC_SOC=y CONFIG_JZ4780_CI20=y CONFIG_HIGHMEM=y diff -- a/arch/mips/configs/cu1000-neo_defconfig b/arch/mips/configs/cu1000-neo_defconfig --- a/arch/mips/configs/cu1000-neo_defconfig +++ b/arch/mips/configs/cu1000-neo_defconfig @@ -15,7 +15,7 @@ CONFIG_NAMESPACES=y CONFIG_USER_NS=y CONFIG_CC_OPTIMIZE_FOR_SIZE=y CONFIG_KALLSYMS_ALL=y -CONFIG_EMBEDDED=y +CONFIG_EXPERT=y # CONFIG_VM_EVENT_COUNTERS is not set # CONFIG_COMPAT_BRK is not set CONFIG_MACH_INGENIC_SOC=y diff -- a/arch/mips/configs/cu1830-neo_defconfig b/arch/mips/configs/cu1830-neo_defconfig --- a/arch/mips/configs/cu1830-neo_defconfig +++ b/arch/mips/configs/cu1830-neo_defconfig @@ -15,7 +15,7 @@ CONFIG_NAMESPACES=y CONFIG_USER_NS=y CONFIG_CC_OPTIMIZE_FOR_SIZE=y CONFIG_KALLSYMS_ALL=y -CONFIG_EMBEDDED=y +CONFIG_EXPERT=y # CONFIG_VM_EVENT_COUNTERS is not set # CONFIG_COMPAT_BRK is not set CONFIG_MACH_INGENIC_SOC=y diff -- a/arch/mips/configs/db1xxx_defconfig b/arch/mips/configs/db1xxx_defconfig --- a/arch/mips/configs/db1xxx_defconfig +++ b/arch/mips/configs/db1xxx_defconfig @@ -17,7 +17,7 @@ CONFIG_CGROUP_FREEZER=y CONFIG_CGROUP_DEVICE=y CONFIG_CGROUP_CPUACCT=y CONFIG_KALLSYMS_ALL=y -CONFIG_EMBEDDED=y +CONFIG_EXPERT=y CONFIG_MIPS_ALCHEMY=y CONFIG_HZ_100=y CONFIG_PCI=y diff -- a/arch/mips/configs/gcw0_defconfig b/arch/mips/configs/gcw0_defconfig --- a/arch/mips/configs/gcw0_defconfig +++ b/arch/mips/configs/gcw0_defconfig @@ -2,7 +2,7 @@ CONFIG_DEFAULT_HOSTNAME="gcw0" CONFIG_NO_HZ_IDLE=y CONFIG_HIGH_RES_TIMERS=y CONFIG_PREEMPT_VOLUNTARY=y -CONFIG_EMBEDDED=y +CONFIG_EXPERT=y CONFIG_PROFILING=y CONFIG_MACH_INGENIC_SOC=y CONFIG_JZ4770_GCW0=y diff -- a/arch/mips/configs/generic_defconfig b/arch/mips/configs/generic_defconfig --- a/arch/mips/configs/generic_defconfig +++ b/arch/mips/configs/generic_defconfig @@ -17,7 +17,7 @@ CONFIG_SCHED_AUTOGROUP=y CONFIG_BLK_DEV_INITRD=y CONFIG_BPF_SYSCALL=y CONFIG_USERFAULTFD=y -CONFIG_EMBEDDED=y +CONFIG_EXPERT=y # CONFIG_SLUB_DEBUG is not set # CONFIG_COMPAT_BRK is not set CONFIG_CPU_LITTLE_ENDIAN=y diff -- a/arch/mips/configs/loongson2k_defconfig b/arch/mips/configs/loongson2k_defconfig --- a/arch/mips/configs/loongson2k_defconfig +++ b/arch/mips/configs/loongson2k_defconfig @@ -18,7 +18,7 @@ CONFIG_SCHED_AUTOGROUP=y CONFIG_SYSFS_DEPRECATED=y CONFIG_RELAY=y CONFIG_BLK_DEV_INITRD=y -CONFIG_EMBEDDED=y +CONFIG_EXPERT=y CONFIG_MACH_LOONGSON64=y # CONFIG_CPU_LOONGSON3_CPUCFG_EMULATION is not set CONFIG_HZ_256=y diff -- a/arch/mips/configs/loongson3_defconfig b/arch/mips/configs/loongson3_defconfig --- a/arch/mips/configs/loongson3_defconfig +++ b/arch/mips/configs/loongson3_defconfig @@ -26,7 +26,7 @@ CONFIG_SYSFS_DEPRECATED=y CONFIG_RELAY=y CONFIG_BLK_DEV_INITRD=y CONFIG_BPF_SYSCALL=y -CONFIG_EMBEDDED=y +CONFIG_EXPERT=y CONFIG_PERF_EVENTS=y CONFIG_MACH_LOONGSON64=y CONFIG_CPU_HAS_MSA=y diff -- a/arch/mips/configs/maltaaprp_defconfig b/arch/mips/configs/maltaaprp_defconfig --- a/arch/mips/configs/maltaaprp_defconfig +++ b/arch/mips/configs/maltaaprp_defconfig @@ -5,7 +5,7 @@ CONFIG_AUDIT=y CONFIG_IKCONFIG=y CONFIG_IKCONFIG_PROC=y CONFIG_LOG_BUF_SHIFT=15 -CONFIG_EMBEDDED=y +CONFIG_EXPERT=y CONFIG_MIPS_MALTA=y CONFIG_CPU_LITTLE_ENDIAN=y CONFIG_CPU_MIPS32_R2=y diff -- a/arch/mips/configs/malta_qemu_32r6_defconfig b/arch/mips/configs/malta_qemu_32r6_defconfig --- a/arch/mips/configs/malta_qemu_32r6_defconfig +++ b/arch/mips/configs/malta_qemu_32r6_defconfig @@ -5,7 +5,7 @@ CONFIG_NO_HZ=y CONFIG_IKCONFIG=y CONFIG_IKCONFIG_PROC=y CONFIG_LOG_BUF_SHIFT=15 -CONFIG_EMBEDDED=y +CONFIG_EXPERT=y CONFIG_MIPS_MALTA=y CONFIG_CPU_LITTLE_ENDIAN=y CONFIG_CPU_MIPS32_R6=y diff -- a/arch/mips/configs/maltasmvp_defconfig b/arch/mips/configs/maltasmvp_defconfig --- a/arch/mips/configs/maltasmvp_defconfig +++ b/arch/mips/configs/maltasmvp_defconfig @@ -5,7 +5,7 @@ CONFIG_NO_HZ=y CONFIG_IKCONFIG=y CONFIG_IKCONFIG_PROC=y CONFIG_LOG_BUF_SHIFT=15 -CONFIG_EMBEDDED=y +CONFIG_EXPERT=y CONFIG_MIPS_MALTA=y CONFIG_CPU_LITTLE_ENDIAN=y CONFIG_CPU_MIPS32_R2=y diff -- a/arch/mips/configs/maltasmvp_eva_defconfig b/arch/mips/configs/maltasmvp_eva_defconfig --- a/arch/mips/configs/maltasmvp_eva_defconfig +++ b/arch/mips/configs/maltasmvp_eva_defconfig @@ -5,7 +5,7 @@ CONFIG_NO_HZ=y CONFIG_IKCONFIG=y CONFIG_IKCONFIG_PROC=y CONFIG_LOG_BUF_SHIFT=15 -CONFIG_EMBEDDED=y +CONFIG_EXPERT=y CONFIG_MIPS_MALTA=y CONFIG_CPU_LITTLE_ENDIAN=y CONFIG_CPU_MIPS32_R2=y diff -- a/arch/mips/configs/maltaup_defconfig b/arch/mips/configs/maltaup_defconfig --- a/arch/mips/configs/maltaup_defconfig +++ b/arch/mips/configs/maltaup_defconfig @@ -6,7 +6,7 @@ CONFIG_NO_HZ=y CONFIG_IKCONFIG=y CONFIG_IKCONFIG_PROC=y CONFIG_LOG_BUF_SHIFT=15 -CONFIG_EMBEDDED=y +CONFIG_EXPERT=y CONFIG_MIPS_MALTA=y CONFIG_CPU_LITTLE_ENDIAN=y CONFIG_CPU_MIPS32_R2=y diff -- a/arch/mips/configs/omega2p_defconfig b/arch/mips/configs/omega2p_defconfig --- a/arch/mips/configs/omega2p_defconfig +++ b/arch/mips/configs/omega2p_defconfig @@ -17,7 +17,7 @@ CONFIG_NAMESPACES=y CONFIG_USER_NS=y CONFIG_CC_OPTIMIZE_FOR_SIZE=y CONFIG_KALLSYMS_ALL=y -CONFIG_EMBEDDED=y +CONFIG_EXPERT=y # CONFIG_VM_EVENT_COUNTERS is not set # CONFIG_SLUB_DEBUG is not set # CONFIG_COMPAT_BRK is not set diff -- a/arch/mips/configs/pic32mzda_defconfig b/arch/mips/configs/pic32mzda_defconfig --- a/arch/mips/configs/pic32mzda_defconfig +++ b/arch/mips/configs/pic32mzda_defconfig @@ -7,7 +7,7 @@ CONFIG_IKCONFIG_PROC=y CONFIG_LOG_BUF_SHIFT=14 CONFIG_RELAY=y CONFIG_CC_OPTIMIZE_FOR_SIZE=y -CONFIG_EMBEDDED=y +CONFIG_EXPERT=y # CONFIG_COMPAT_BRK is not set CONFIG_MACH_PIC32=y CONFIG_DTB_PIC32_MZDA_SK=y diff -- a/arch/mips/configs/qi_lb60_defconfig b/arch/mips/configs/qi_lb60_defconfig --- a/arch/mips/configs/qi_lb60_defconfig +++ b/arch/mips/configs/qi_lb60_defconfig @@ -3,7 +3,7 @@ CONFIG_SYSVIPC=y # CONFIG_CROSS_MEMORY_ATTACH is not set CONFIG_LOG_BUF_SHIFT=14 CONFIG_KALLSYMS_ALL=y -CONFIG_EMBEDDED=y +CONFIG_EXPERT=y # CONFIG_VM_EVENT_COUNTERS is not set # CONFIG_COMPAT_BRK is not set CONFIG_MACH_INGENIC_SOC=y diff -- a/arch/mips/configs/rs90_defconfig b/arch/mips/configs/rs90_defconfig --- a/arch/mips/configs/rs90_defconfig +++ b/arch/mips/configs/rs90_defconfig @@ -15,7 +15,7 @@ CONFIG_LD_DEAD_CODE_DATA_ELIMINATION=y # CONFIG_IO_URING is not set # CONFIG_ADVISE_SYSCALLS is not set # CONFIG_KALLSYMS is not set -CONFIG_EMBEDDED=y +CONFIG_EXPERT=y # CONFIG_PERF_EVENTS is not set CONFIG_PROFILING=y CONFIG_MACH_INGENIC_SOC=y diff -- a/arch/mips/configs/rt305x_defconfig b/arch/mips/configs/rt305x_defconfig --- a/arch/mips/configs/rt305x_defconfig +++ b/arch/mips/configs/rt305x_defconfig @@ -7,7 +7,7 @@ CONFIG_BLK_DEV_INITRD=y CONFIG_CC_OPTIMIZE_FOR_SIZE=y # CONFIG_AIO is not set CONFIG_KALLSYMS_ALL=y -CONFIG_EMBEDDED=y +CONFIG_EXPERT=y # CONFIG_VM_EVENT_COUNTERS is not set # CONFIG_SLUB_DEBUG is not set # CONFIG_COMPAT_BRK is not set diff -- a/arch/mips/configs/vocore2_defconfig b/arch/mips/configs/vocore2_defconfig --- a/arch/mips/configs/vocore2_defconfig +++ b/arch/mips/configs/vocore2_defconfig @@ -17,7 +17,7 @@ CONFIG_NAMESPACES=y CONFIG_USER_NS=y CONFIG_CC_OPTIMIZE_FOR_SIZE=y CONFIG_KALLSYMS_ALL=y -CONFIG_EMBEDDED=y +CONFIG_EXPERT=y # CONFIG_VM_EVENT_COUNTERS is not set # CONFIG_SLUB_DEBUG is not set # CONFIG_COMPAT_BRK is not set diff -- a/arch/mips/configs/xway_defconfig b/arch/mips/configs/xway_defconfig --- a/arch/mips/configs/xway_defconfig +++ b/arch/mips/configs/xway_defconfig @@ -7,7 +7,7 @@ CONFIG_BLK_DEV_INITRD=y CONFIG_CC_OPTIMIZE_FOR_SIZE=y # CONFIG_AIO is not set CONFIG_KALLSYMS_ALL=y -CONFIG_EMBEDDED=y +CONFIG_EXPERT=y # CONFIG_VM_EVENT_COUNTERS is not set # CONFIG_SLUB_DEBUG is not set # CONFIG_COMPAT_BRK is not set diff -- a/kernel/configs/tiny-base.config b/kernel/configs/tiny-base.config --- a/kernel/configs/tiny-base.config +++ b/kernel/configs/tiny-base.config @@ -1 +1 @@ -CONFIG_EMBEDDED=y +CONFIG_EXPERT=y diff -- a/tools/testing/selftests/wireguard/qemu/kernel.config b/tools/testing/selftests/wireguard/qemu/kernel.config --- a/tools/testing/selftests/wireguard/qemu/kernel.config +++ b/tools/testing/selftests/wireguard/qemu/kernel.config @@ -41,7 +41,6 @@ CONFIG_KALLSYMS=y CONFIG_BUG=y CONFIG_CC_OPTIMIZE_FOR_PERFORMANCE=y CONFIG_JUMP_LABEL=y -CONFIG_EMBEDDED=n CONFIG_BASE_FULL=y CONFIG_FUTEX=y CONFIG_SHMEM=y From geert at linux-m68k.org Wed Aug 16 07:41:15 2023 From: geert at linux-m68k.org (Geert Uytterhoeven) Date: Wed, 16 Aug 2023 09:41:15 +0200 Subject: [PATCH] treewide: drop CONFIG_EMBEDDED In-Reply-To: <20230816055010.31534-1-rdunlap@infradead.org> References: <20230816055010.31534-1-rdunlap@infradead.org> Message-ID: Hi Randy, On Wed, Aug 16, 2023 at 7:50?AM Randy Dunlap wrote: > There is only one Kconfig user of CONFIG_EMBEDDED and it can be > switched to EXPERT or "if !ARCH_MULTIPLATFORM" (suggested by Arnd). > > Signed-off-by: Randy Dunlap Makes perfect sense to me. Acked-by: Geert Uytterhoeven Gr{oetje,eeting}s, Geert -- Geert Uytterhoeven -- There's lots of Linux beyond ia32 -- geert at linux-m68k.org In personal conversations with technical people, I call myself a hacker. But when I'm talking to journalists I just say "programmer" or something like that. -- Linus Torvalds From arnd at arndb.de Wed Aug 16 13:11:35 2023 From: arnd at arndb.de (Arnd Bergmann) Date: Wed, 16 Aug 2023 15:11:35 +0200 Subject: [PATCH] treewide: drop CONFIG_EMBEDDED In-Reply-To: <20230816055010.31534-1-rdunlap@infradead.org> References: <20230816055010.31534-1-rdunlap@infradead.org> Message-ID: <0681968f-743d-4b55-bb1e-dbd665ea8783@app.fastmail.com> On Wed, Aug 16, 2023, at 07:50, Randy Dunlap wrote: > There is only one Kconfig user of CONFIG_EMBEDDED and it can be > switched to EXPERT or "if !ARCH_MULTIPLATFORM" (suggested by Arnd). > > Signed-off-by: Randy Dunlap > Cc: Russell King > Cc: linux-arm-kernel at lists.infradead.org > Cc: Arnd Bergmann > Cc: Jason A. Donenfeld Acked-by: Arnd Bergmann From miquel.raynal at bootlin.com Thu Aug 10 06:17:43 2023 From: miquel.raynal at bootlin.com (Miquel Raynal) Date: Thu, 10 Aug 2023 08:17:43 +0200 Subject: [PATCH net-next 05/10] genetlink: use attrs from struct genl_info In-Reply-To: <20230809182648.1816537-6-kuba@kernel.org> References: <20230809182648.1816537-1-kuba@kernel.org> <20230809182648.1816537-6-kuba@kernel.org> Message-ID: <20230810081743.567abd78@xps-13> Hi Jakub, kuba at kernel.org wrote on Wed, 9 Aug 2023 11:26:43 -0700: > Since dumps carry struct genl_info now, use the attrs pointer > use the attr pointer from genl_info and remove the one in "use the attr pointer" is present twice > struct genl_dumpit_info. > > Signed-off-by: Jakub Kicinski > net/ieee802154/nl802154.c | 4 ++-- Otherwise for wpan: Reviewed-by: Miquel Raynal Thanks, Miqu?l From alexey at ridge.co Fri Aug 11 16:04:23 2023 From: alexey at ridge.co (Alexey Feldgendler) Date: Fri, 11 Aug 2023 18:04:23 +0200 Subject: [PATCH] bump gvisor to release-20230807.0 (brings go 1.21 compatibility) Message-ID: <20230811160423.689355-1-alexey@ridge.co> wireguard-go depends on a specific version of gvisor.dev/gvisor, and that version is explicitly incompatible with Go 1.21. Updating gvisor to its latest release fixes the issue. gvisor produces and compiles generated code in a way that makes its master branch unusable as a Go module. They maintain a "go" branch parallel to master to provide a version that can be imported directly. The new gvisor module version reference in go.mod is the commit on the "go" branch that corresponds to release-20230807.0, the latest release that's tagged on the master branch at the time of this writing. Trivial fixes were necessary in wireguard-go to accomodate gvisor API changes. --- go.mod | 4 ++-- go.sum | 8 ++++---- tun/netstack/tun.go | 14 +++++++------- tun/tcp_offload_linux_test.go | 12 ++++-------- 4 files changed, 17 insertions(+), 21 deletions(-) diff --git a/go.mod b/go.mod index c04e1bb..35cfcb6 100644 --- a/go.mod +++ b/go.mod @@ -7,10 +7,10 @@ require ( golang.org/x/net v0.7.0 golang.org/x/sys v0.5.1-0.20230222185716-a3b23cc77e89 golang.zx2c4.com/wintun v0.0.0-20230126152724-0fa3db229ce2 - gvisor.dev/gvisor v0.0.0-20221203005347-703fd9b7fbc0 + gvisor.dev/gvisor v0.0.0-20230806223740-1b6e502fedca ) require ( github.com/google/btree v1.0.1 // indirect - golang.org/x/time v0.0.0-20191024005414-555d28b269f0 // indirect + golang.org/x/time v0.0.0-20220210224613-90d013bbcef8 // indirect ) diff --git a/go.sum b/go.sum index cfeaee6..e9acfe8 100644 --- a/go.sum +++ b/go.sum @@ -6,9 +6,9 @@ golang.org/x/net v0.7.0 h1:rJrUqqhjsgNp7KqAIc25s9pZnjU7TUcSY7HcVZjdn1g= golang.org/x/net v0.7.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= golang.org/x/sys v0.5.1-0.20230222185716-a3b23cc77e89 h1:260HNjMTPDya+jq5AM1zZLgG9pv9GASPAGiEEJUbRg4= golang.org/x/sys v0.5.1-0.20230222185716-a3b23cc77e89/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/time v0.0.0-20191024005414-555d28b269f0 h1:/5xXl8Y5W96D+TtHSlonuFqGHIWVuyCkGJLwGh9JJFs= -golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= +golang.org/x/time v0.0.0-20220210224613-90d013bbcef8 h1:vVKdlvoWBphwdxWKrFZEuM0kGgGLxUOYcY4U/2Vjg44= +golang.org/x/time v0.0.0-20220210224613-90d013bbcef8/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.zx2c4.com/wintun v0.0.0-20230126152724-0fa3db229ce2 h1:B82qJJgjvYKsXS9jeunTOisW56dUokqW/FOteYJJ/yg= golang.zx2c4.com/wintun v0.0.0-20230126152724-0fa3db229ce2/go.mod h1:deeaetjYA+DHMHg+sMSMI58GrEteJUUzzw7en6TJQcI= -gvisor.dev/gvisor v0.0.0-20221203005347-703fd9b7fbc0 h1:Wobr37noukisGxpKo5jAsLREcpj61RxrWYzD8uwveOY= -gvisor.dev/gvisor v0.0.0-20221203005347-703fd9b7fbc0/go.mod h1:Dn5idtptoW1dIos9U6A2rpebLs/MtTwFacjKb8jLdQA= +gvisor.dev/gvisor v0.0.0-20230806223740-1b6e502fedca h1:7ny3LuaRJFcPuCi2mc9/tv0ybe02o7cKA2qI/edjWuE= +gvisor.dev/gvisor v0.0.0-20230806223740-1b6e502fedca/go.mod h1:lYEMhXbxgudVhALYsMQrBaUAjM3NMinh8mKL1CJv7rc= diff --git a/tun/netstack/tun.go b/tun/netstack/tun.go index 596cfcd..2b73054 100644 --- a/tun/netstack/tun.go +++ b/tun/netstack/tun.go @@ -25,7 +25,7 @@ import ( "golang.zx2c4.com/wireguard/tun" "golang.org/x/net/dns/dnsmessage" - "gvisor.dev/gvisor/pkg/bufferv2" + "gvisor.dev/gvisor/pkg/buffer" "gvisor.dev/gvisor/pkg/tcpip" "gvisor.dev/gvisor/pkg/tcpip/adapters/gonet" "gvisor.dev/gvisor/pkg/tcpip/header" @@ -43,7 +43,7 @@ type netTun struct { ep *channel.Endpoint stack *stack.Stack events chan tun.Event - incomingPacket chan *bufferv2.View + incomingPacket chan *buffer.View mtu int dnsServers []netip.Addr hasV4, hasV6 bool @@ -61,7 +61,7 @@ func CreateNetTUN(localAddresses, dnsServers []netip.Addr, mtu int) (tun.Device, ep: channel.New(1024, uint32(mtu), ""), stack: stack.New(opts), events: make(chan tun.Event, 10), - incomingPacket: make(chan *bufferv2.View), + incomingPacket: make(chan *buffer.View), dnsServers: dnsServers, mtu: mtu, } @@ -84,7 +84,7 @@ func CreateNetTUN(localAddresses, dnsServers []netip.Addr, mtu int) (tun.Device, } protoAddr := tcpip.ProtocolAddress{ Protocol: protoNumber, - AddressWithPrefix: tcpip.Address(ip.AsSlice()).WithPrefix(), + AddressWithPrefix: tcpip.AddrFromSlice(ip.AsSlice()).WithPrefix(), } tcpipErr := dev.stack.AddProtocolAddress(1, protoAddr, stack.AddressProperties{}) if tcpipErr != nil { @@ -140,7 +140,7 @@ func (tun *netTun) Write(buf [][]byte, offset int) (int, error) { continue } - pkb := stack.NewPacketBuffer(stack.PacketBufferOptions{Payload: bufferv2.MakeWithData(packet)}) + pkb := stack.NewPacketBuffer(stack.PacketBufferOptions{Payload: buffer.MakeWithData(packet)}) switch packet[0] >> 4 { case 4: tun.ep.InjectInbound(header.IPv4ProtocolNumber, pkb) @@ -198,7 +198,7 @@ func convertToFullAddr(endpoint netip.AddrPort) (tcpip.FullAddress, tcpip.Networ } return tcpip.FullAddress{ NIC: 1, - Addr: tcpip.Address(endpoint.Addr().AsSlice()), + Addr: tcpip.AddrFromSlice(endpoint.Addr().AsSlice()), Port: endpoint.Port(), }, protoNumber } @@ -453,7 +453,7 @@ func (pc *PingConn) ReadFrom(p []byte) (n int, addr net.Addr, err error) { return 0, nil, fmt.Errorf("ping read: %s", tcpipErr) } - remoteAddr, _ := netip.AddrFromSlice([]byte(res.RemoteAddr.Addr)) + remoteAddr, _ := netip.AddrFromSlice(res.RemoteAddr.Addr.AsSlice()) return res.Count, &PingAddr{remoteAddr}, nil } diff --git a/tun/tcp_offload_linux_test.go b/tun/tcp_offload_linux_test.go index 9160e18..ffb4592 100644 --- a/tun/tcp_offload_linux_test.go +++ b/tun/tcp_offload_linux_test.go @@ -32,11 +32,9 @@ func tcp4PacketMutateIPFields(srcIPPort, dstIPPort netip.AddrPort, flags header. totalLen := 40 + segmentSize b := make([]byte, offset+int(totalLen), 65535) ipv4H := header.IPv4(b[offset:]) - srcAs4 := srcIPPort.Addr().As4() - dstAs4 := dstIPPort.Addr().As4() ipFields := &header.IPv4Fields{ - SrcAddr: tcpip.Address(srcAs4[:]), - DstAddr: tcpip.Address(dstAs4[:]), + SrcAddr: tcpip.AddrFrom4(srcIPPort.Addr().As4()), + DstAddr: tcpip.AddrFrom4(dstIPPort.Addr().As4()), Protocol: unix.IPPROTO_TCP, TTL: 64, TotalLength: uint16(totalLen), @@ -69,11 +67,9 @@ func tcp6PacketMutateIPFields(srcIPPort, dstIPPort netip.AddrPort, flags header. totalLen := 60 + segmentSize b := make([]byte, offset+int(totalLen), 65535) ipv6H := header.IPv6(b[offset:]) - srcAs16 := srcIPPort.Addr().As16() - dstAs16 := dstIPPort.Addr().As16() ipFields := &header.IPv6Fields{ - SrcAddr: tcpip.Address(srcAs16[:]), - DstAddr: tcpip.Address(dstAs16[:]), + SrcAddr: tcpip.AddrFrom16(srcIPPort.Addr().As16()), + DstAddr: tcpip.AddrFrom16(dstIPPort.Addr().As16()), TransportProtocol: unix.IPPROTO_TCP, HopLimit: 64, PayloadLength: uint16(segmentSize + 20), -- 2.39.2 From henrik at eossweden.org Wed Aug 16 05:06:53 2023 From: henrik at eossweden.org (Henrik Hautakoski) Date: Wed, 16 Aug 2023 07:06:53 +0200 Subject: [PATCH] wg-quick: linux: add restart command. Message-ID: <20230816050653.28972-1-henrik@eossweden.org> Add a simple "restart" command that just do cmd_down followed by an cmd_up. Saves abit of typing :) Signed-off-by: Henrik Hautakoski --- src/wg-quick/linux.bash | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/src/wg-quick/linux.bash b/src/wg-quick/linux.bash index 69e5bef..cc9f288 100755 --- a/src/wg-quick/linux.bash +++ b/src/wg-quick/linux.bash @@ -298,7 +298,7 @@ execute_hooks() { cmd_usage() { cat >&2 <<-_EOF - Usage: $PROGRAM [ up | down | save | strip ] [ CONFIG_FILE | INTERFACE ] + Usage: $PROGRAM [ up | down | restart | save | strip ] [ CONFIG_FILE | INTERFACE ] CONFIG_FILE is a configuration file, whose filename is the interface name followed by \`.conf'. Otherwise, INTERFACE is an interface name, with @@ -373,6 +373,11 @@ elif [[ $# -eq 2 && $1 == down ]]; then auto_su parse_options "$2" cmd_down +elif [[ $# -eq 2 && $1 == restart ]]; then + auto_su + parse_options "$2" + cmd_down + cmd_up elif [[ $# -eq 2 && $1 == save ]]; then auto_su parse_options "$2" -- 2.40.1 From palmer at dabbelt.com Wed Aug 16 14:32:40 2023 From: palmer at dabbelt.com (Palmer Dabbelt) Date: Wed, 16 Aug 2023 07:32:40 -0700 (PDT) Subject: [PATCH] treewide: drop CONFIG_EMBEDDED In-Reply-To: <20230816055010.31534-1-rdunlap@infradead.org> Message-ID: On Tue, 15 Aug 2023 22:50:10 PDT (-0700), rdunlap at infradead.org wrote: > There is only one Kconfig user of CONFIG_EMBEDDED and it can be > switched to EXPERT or "if !ARCH_MULTIPLATFORM" (suggested by Arnd). > > Signed-off-by: Randy Dunlap > Cc: Russell King > Cc: linux-arm-kernel at lists.infradead.org > Cc: Arnd Bergmann > Cc: Jason A. Donenfeld > Cc: wireguard at lists.zx2c4.com > Cc: linux-arch at vger.kernel.org > Cc: linux-snps-arc at lists.infradead.org > Cc: Vineet Gupta > Cc: Brian Cain > Cc: linux-hexagon at vger.kernel.org > Cc: Greg Ungerer > Cc: Geert Uytterhoeven > Cc: linux-m68k at lists.linux-m68k.org > Cc: Michal Simek > Cc: Thomas Bogendoerfer > Cc: Dinh Nguyen > Cc: Jonas Bonn > Cc: Stefan Kristiansson > Cc: Stafford Horne > Cc: linux-openrisc at vger.kernel.org > Cc: linux-mips at vger.kernel.org > Cc: Michael Ellerman > Cc: Nicholas Piggin > Cc: Christophe Leroy > Cc: linuxppc-dev at lists.ozlabs.org > Cc: linux-riscv at lists.infradead.org > Cc: Paul Walmsley > Cc: Palmer Dabbelt > Cc: Albert Ou > Cc: Yoshinori Sato > Cc: Rich Felker > Cc: John Paul Adrian Glaubitz > Cc: linux-sh at vger.kernel.org > Cc: Max Filippov > Cc: Josh Triplett > Cc: Masahiro Yamada > Cc: linux-kbuild at vger.kernel.org > Cc: Andrew Morton > --- > arch/arc/configs/axs101_defconfig | 2 +- > arch/arc/configs/axs103_defconfig | 2 +- > arch/arc/configs/axs103_smp_defconfig | 2 +- > arch/arc/configs/haps_hs_smp_defconfig | 2 +- > arch/arc/configs/hsdk_defconfig | 2 +- > arch/arc/configs/nsim_700_defconfig | 2 +- > arch/arc/configs/nsimosci_defconfig | 2 +- > arch/arc/configs/nsimosci_hs_defconfig | 2 +- > arch/arc/configs/tb10x_defconfig | 2 +- > arch/arc/configs/vdk_hs38_defconfig | 2 +- > arch/arc/configs/vdk_hs38_smp_defconfig | 2 +- > arch/arm/Kconfig | 2 +- > arch/arm/configs/aspeed_g4_defconfig | 2 +- > arch/arm/configs/aspeed_g5_defconfig | 2 +- > arch/arm/configs/at91_dt_defconfig | 2 +- > arch/arm/configs/axm55xx_defconfig | 2 +- > arch/arm/configs/bcm2835_defconfig | 2 +- > arch/arm/configs/clps711x_defconfig | 2 +- > arch/arm/configs/keystone_defconfig | 2 +- > arch/arm/configs/lpc18xx_defconfig | 2 +- > arch/arm/configs/lpc32xx_defconfig | 2 +- > arch/arm/configs/milbeaut_m10v_defconfig | 2 +- > arch/arm/configs/moxart_defconfig | 2 +- > arch/arm/configs/multi_v4t_defconfig | 2 +- > arch/arm/configs/multi_v7_defconfig | 2 +- > arch/arm/configs/pxa_defconfig | 2 +- > arch/arm/configs/qcom_defconfig | 2 +- > arch/arm/configs/sama5_defconfig | 2 +- > arch/arm/configs/sama7_defconfig | 2 +- > arch/arm/configs/socfpga_defconfig | 2 +- > arch/arm/configs/stm32_defconfig | 2 +- > arch/arm/configs/tegra_defconfig | 2 +- > arch/arm/configs/vf610m4_defconfig | 2 +- > arch/hexagon/configs/comet_defconfig | 2 +- > arch/m68k/configs/amcore_defconfig | 2 +- > arch/m68k/configs/m5475evb_defconfig | 2 +- > arch/m68k/configs/stmark2_defconfig | 2 +- > arch/microblaze/configs/mmu_defconfig | 2 +- > arch/mips/configs/ath25_defconfig | 2 +- > arch/mips/configs/ath79_defconfig | 2 +- > arch/mips/configs/bcm47xx_defconfig | 2 +- > arch/mips/configs/ci20_defconfig | 2 +- > arch/mips/configs/cu1000-neo_defconfig | 2 +- > arch/mips/configs/cu1830-neo_defconfig | 2 +- > arch/mips/configs/db1xxx_defconfig | 2 +- > arch/mips/configs/gcw0_defconfig | 2 +- > arch/mips/configs/generic_defconfig | 2 +- > arch/mips/configs/loongson2k_defconfig | 2 +- > arch/mips/configs/loongson3_defconfig | 2 +- > arch/mips/configs/malta_qemu_32r6_defconfig | 2 +- > arch/mips/configs/maltaaprp_defconfig | 2 +- > arch/mips/configs/maltasmvp_defconfig | 2 +- > arch/mips/configs/maltasmvp_eva_defconfig | 2 +- > arch/mips/configs/maltaup_defconfig | 2 +- > arch/mips/configs/omega2p_defconfig | 2 +- > arch/mips/configs/pic32mzda_defconfig | 2 +- > arch/mips/configs/qi_lb60_defconfig | 2 +- > arch/mips/configs/rs90_defconfig | 2 +- > arch/mips/configs/rt305x_defconfig | 2 +- > arch/mips/configs/vocore2_defconfig | 2 +- > arch/mips/configs/xway_defconfig | 2 +- > arch/nios2/configs/10m50_defconfig | 2 +- > arch/nios2/configs/3c120_defconfig | 2 +- > arch/openrisc/configs/or1klitex_defconfig | 2 +- > arch/powerpc/configs/40x/klondike_defconfig | 2 +- > arch/powerpc/configs/44x/fsp2_defconfig | 2 +- > arch/powerpc/configs/52xx/tqm5200_defconfig | 2 +- > arch/powerpc/configs/mgcoge_defconfig | 2 +- > arch/powerpc/configs/microwatt_defconfig | 2 +- > arch/powerpc/configs/ps3_defconfig | 2 +- > arch/riscv/configs/nommu_k210_defconfig | 2 +- > arch/riscv/configs/nommu_k210_sdcard_defconfig | 2 +- Acked-by: Palmer Dabbelt # RISC-V > arch/sh/configs/rsk7264_defconfig | 2 +- > arch/sh/configs/rsk7269_defconfig | 2 +- > arch/xtensa/configs/cadence_csp_defconfig | 2 +- > init/Kconfig | 8 -------- > kernel/configs/tiny-base.config | 2 +- > tools/testing/selftests/wireguard/qemu/kernel.config | 1 - > 78 files changed, 76 insertions(+), 85 deletions(-) > > diff -- a/arch/arm/Kconfig b/arch/arm/Kconfig > --- a/arch/arm/Kconfig > +++ b/arch/arm/Kconfig > @@ -250,7 +250,7 @@ config ARCH_MTD_XIP > bool > > config ARM_PATCH_PHYS_VIRT > - bool "Patch physical to virtual translations at runtime" if EMBEDDED > + bool "Patch physical to virtual translations at runtime" if !ARCH_MULTIPLATFORM > default y > depends on MMU > help > diff -- a/init/Kconfig b/init/Kconfig > --- a/init/Kconfig > +++ b/init/Kconfig > @@ -1790,14 +1790,6 @@ config DEBUG_RSEQ > > If unsure, say N. > > -config EMBEDDED > - bool "Embedded system" > - select EXPERT > - help > - This option should be enabled if compiling the kernel for > - an embedded system so certain expert options are available > - for configuration. > - > config HAVE_PERF_EVENTS > bool > help > diff -- a/arch/powerpc/configs/40x/klondike_defconfig b/arch/powerpc/configs/40x/klondike_defconfig > --- a/arch/powerpc/configs/40x/klondike_defconfig > +++ b/arch/powerpc/configs/40x/klondike_defconfig > @@ -4,7 +4,7 @@ CONFIG_LOG_BUF_SHIFT=14 > CONFIG_SYSFS_DEPRECATED=y > CONFIG_SYSFS_DEPRECATED_V2=y > CONFIG_BLK_DEV_INITRD=y > -CONFIG_EMBEDDED=y > +CONFIG_EXPERT=y > CONFIG_MODULES=y > CONFIG_MODULE_UNLOAD=y > CONFIG_APM8018X=y > diff -- a/arch/powerpc/configs/44x/fsp2_defconfig b/arch/powerpc/configs/44x/fsp2_defconfig > --- a/arch/powerpc/configs/44x/fsp2_defconfig > +++ b/arch/powerpc/configs/44x/fsp2_defconfig > @@ -15,7 +15,7 @@ CONFIG_BLK_DEV_INITRD=y > # CONFIG_RD_LZ4 is not set > CONFIG_KALLSYMS_ALL=y > CONFIG_BPF_SYSCALL=y > -CONFIG_EMBEDDED=y > +CONFIG_EXPERT=y > CONFIG_PROFILING=y > CONFIG_MODULES=y > CONFIG_MODULE_UNLOAD=y > diff -- a/arch/powerpc/configs/52xx/tqm5200_defconfig b/arch/powerpc/configs/52xx/tqm5200_defconfig > --- a/arch/powerpc/configs/52xx/tqm5200_defconfig > +++ b/arch/powerpc/configs/52xx/tqm5200_defconfig > @@ -3,7 +3,7 @@ CONFIG_LOG_BUF_SHIFT=14 > CONFIG_BLK_DEV_INITRD=y > # CONFIG_KALLSYMS is not set > # CONFIG_EPOLL is not set > -CONFIG_EMBEDDED=y > +CONFIG_EXPERT=y > CONFIG_MODULES=y > CONFIG_MODULE_UNLOAD=y > CONFIG_MODVERSIONS=y > diff -- a/arch/arc/configs/axs101_defconfig b/arch/arc/configs/axs101_defconfig > --- a/arch/arc/configs/axs101_defconfig > +++ b/arch/arc/configs/axs101_defconfig > @@ -9,7 +9,7 @@ CONFIG_NAMESPACES=y > # CONFIG_UTS_NS is not set > # CONFIG_PID_NS is not set > CONFIG_BLK_DEV_INITRD=y > -CONFIG_EMBEDDED=y > +CONFIG_EXPERT=y > CONFIG_PERF_EVENTS=y > # CONFIG_VM_EVENT_COUNTERS is not set > # CONFIG_SLUB_DEBUG is not set > diff -- a/arch/arc/configs/axs103_defconfig b/arch/arc/configs/axs103_defconfig > --- a/arch/arc/configs/axs103_defconfig > +++ b/arch/arc/configs/axs103_defconfig > @@ -9,7 +9,7 @@ CONFIG_NAMESPACES=y > # CONFIG_UTS_NS is not set > # CONFIG_PID_NS is not set > CONFIG_BLK_DEV_INITRD=y > -CONFIG_EMBEDDED=y > +CONFIG_EXPERT=y > CONFIG_PERF_EVENTS=y > # CONFIG_VM_EVENT_COUNTERS is not set > # CONFIG_SLUB_DEBUG is not set > diff -- a/arch/arc/configs/axs103_smp_defconfig b/arch/arc/configs/axs103_smp_defconfig > --- a/arch/arc/configs/axs103_smp_defconfig > +++ b/arch/arc/configs/axs103_smp_defconfig > @@ -9,7 +9,7 @@ CONFIG_NAMESPACES=y > # CONFIG_UTS_NS is not set > # CONFIG_PID_NS is not set > CONFIG_BLK_DEV_INITRD=y > -CONFIG_EMBEDDED=y > +CONFIG_EXPERT=y > CONFIG_PERF_EVENTS=y > # CONFIG_VM_EVENT_COUNTERS is not set > # CONFIG_COMPAT_BRK is not set > diff -- a/arch/arc/configs/haps_hs_smp_defconfig b/arch/arc/configs/haps_hs_smp_defconfig > --- a/arch/arc/configs/haps_hs_smp_defconfig > +++ b/arch/arc/configs/haps_hs_smp_defconfig > @@ -11,7 +11,7 @@ CONFIG_NAMESPACES=y > # CONFIG_UTS_NS is not set > # CONFIG_PID_NS is not set > CONFIG_BLK_DEV_INITRD=y > -CONFIG_EMBEDDED=y > +CONFIG_EXPERT=y > CONFIG_PERF_EVENTS=y > # CONFIG_VM_EVENT_COUNTERS is not set > # CONFIG_COMPAT_BRK is not set > diff -- a/arch/arc/configs/hsdk_defconfig b/arch/arc/configs/hsdk_defconfig > --- a/arch/arc/configs/hsdk_defconfig > +++ b/arch/arc/configs/hsdk_defconfig > @@ -9,7 +9,7 @@ CONFIG_NAMESPACES=y > # CONFIG_PID_NS is not set > CONFIG_BLK_DEV_INITRD=y > CONFIG_BLK_DEV_RAM=y > -CONFIG_EMBEDDED=y > +CONFIG_EXPERT=y > CONFIG_PERF_EVENTS=y > # CONFIG_VM_EVENT_COUNTERS is not set > # CONFIG_COMPAT_BRK is not set > diff -- a/arch/arc/configs/nsim_700_defconfig b/arch/arc/configs/nsim_700_defconfig > --- a/arch/arc/configs/nsim_700_defconfig > +++ b/arch/arc/configs/nsim_700_defconfig > @@ -12,7 +12,7 @@ CONFIG_NAMESPACES=y > # CONFIG_PID_NS is not set > CONFIG_BLK_DEV_INITRD=y > CONFIG_KALLSYMS_ALL=y > -CONFIG_EMBEDDED=y > +CONFIG_EXPERT=y > CONFIG_PERF_EVENTS=y > # CONFIG_SLUB_DEBUG is not set > # CONFIG_COMPAT_BRK is not set > diff -- a/arch/arc/configs/nsimosci_defconfig b/arch/arc/configs/nsimosci_defconfig > --- a/arch/arc/configs/nsimosci_defconfig > +++ b/arch/arc/configs/nsimosci_defconfig > @@ -11,7 +11,7 @@ CONFIG_NAMESPACES=y > # CONFIG_PID_NS is not set > CONFIG_BLK_DEV_INITRD=y > CONFIG_KALLSYMS_ALL=y > -CONFIG_EMBEDDED=y > +CONFIG_EXPERT=y > CONFIG_PERF_EVENTS=y > # CONFIG_SLUB_DEBUG is not set > # CONFIG_COMPAT_BRK is not set > diff -- a/arch/arc/configs/nsimosci_hs_defconfig b/arch/arc/configs/nsimosci_hs_defconfig > --- a/arch/arc/configs/nsimosci_hs_defconfig > +++ b/arch/arc/configs/nsimosci_hs_defconfig > @@ -11,7 +11,7 @@ CONFIG_NAMESPACES=y > # CONFIG_PID_NS is not set > CONFIG_BLK_DEV_INITRD=y > CONFIG_KALLSYMS_ALL=y > -CONFIG_EMBEDDED=y > +CONFIG_EXPERT=y > CONFIG_PERF_EVENTS=y > # CONFIG_SLUB_DEBUG is not set > # CONFIG_COMPAT_BRK is not set > diff -- a/arch/arc/configs/tb10x_defconfig b/arch/arc/configs/tb10x_defconfig > --- a/arch/arc/configs/tb10x_defconfig > +++ b/arch/arc/configs/tb10x_defconfig > @@ -16,7 +16,7 @@ CONFIG_INITRAMFS_ROOT_GID=501 > # CONFIG_RD_GZIP is not set > CONFIG_KALLSYMS_ALL=y > # CONFIG_AIO is not set > -CONFIG_EMBEDDED=y > +CONFIG_EXPERT=y > # CONFIG_COMPAT_BRK is not set > CONFIG_ISA_ARCOMPACT=y > CONFIG_MODULES=y > diff -- a/arch/arc/configs/vdk_hs38_defconfig b/arch/arc/configs/vdk_hs38_defconfig > --- a/arch/arc/configs/vdk_hs38_defconfig > +++ b/arch/arc/configs/vdk_hs38_defconfig > @@ -4,7 +4,7 @@ CONFIG_HIGH_RES_TIMERS=y > CONFIG_IKCONFIG=y > CONFIG_IKCONFIG_PROC=y > CONFIG_BLK_DEV_INITRD=y > -CONFIG_EMBEDDED=y > +CONFIG_EXPERT=y > CONFIG_PERF_EVENTS=y > # CONFIG_VM_EVENT_COUNTERS is not set > # CONFIG_SLUB_DEBUG is not set > diff -- a/arch/arc/configs/vdk_hs38_smp_defconfig b/arch/arc/configs/vdk_hs38_smp_defconfig > --- a/arch/arc/configs/vdk_hs38_smp_defconfig > +++ b/arch/arc/configs/vdk_hs38_smp_defconfig > @@ -4,7 +4,7 @@ CONFIG_HIGH_RES_TIMERS=y > CONFIG_IKCONFIG=y > CONFIG_IKCONFIG_PROC=y > CONFIG_BLK_DEV_INITRD=y > -CONFIG_EMBEDDED=y > +CONFIG_EXPERT=y > CONFIG_PERF_EVENTS=y > # CONFIG_VM_EVENT_COUNTERS is not set > # CONFIG_SLUB_DEBUG is not set > diff -- a/arch/hexagon/configs/comet_defconfig b/arch/hexagon/configs/comet_defconfig > --- a/arch/hexagon/configs/comet_defconfig > +++ b/arch/hexagon/configs/comet_defconfig > @@ -14,7 +14,7 @@ CONFIG_IKCONFIG=y > CONFIG_IKCONFIG_PROC=y > CONFIG_LOG_BUF_SHIFT=18 > CONFIG_BLK_DEV_INITRD=y > -CONFIG_EMBEDDED=y > +CONFIG_EXPERT=y > # CONFIG_VM_EVENT_COUNTERS is not set > # CONFIG_BLK_DEV_BSG is not set > CONFIG_UEVENT_HELPER_PATH="/sbin/hotplug" > diff -- a/arch/m68k/configs/amcore_defconfig b/arch/m68k/configs/amcore_defconfig > --- a/arch/m68k/configs/amcore_defconfig > +++ b/arch/m68k/configs/amcore_defconfig > @@ -8,7 +8,7 @@ CONFIG_CC_OPTIMIZE_FOR_SIZE=y > # CONFIG_AIO is not set > # CONFIG_ADVISE_SYSCALLS is not set > # CONFIG_MEMBARRIER is not set > -CONFIG_EMBEDDED=y > +CONFIG_EXPERT=y > # CONFIG_VM_EVENT_COUNTERS is not set > # CONFIG_SLUB_DEBUG is not set > # CONFIG_COMPAT_BRK is not set > diff -- a/arch/m68k/configs/m5475evb_defconfig b/arch/m68k/configs/m5475evb_defconfig > --- a/arch/m68k/configs/m5475evb_defconfig > +++ b/arch/m68k/configs/m5475evb_defconfig > @@ -8,7 +8,7 @@ CONFIG_LOG_BUF_SHIFT=14 > # CONFIG_EVENTFD is not set > # CONFIG_SHMEM is not set > # CONFIG_AIO is not set > -CONFIG_EMBEDDED=y > +CONFIG_EXPERT=y > CONFIG_MODULES=y > # CONFIG_BLK_DEV_BSG is not set > CONFIG_COLDFIRE=y > diff -- a/arch/m68k/configs/stmark2_defconfig b/arch/m68k/configs/stmark2_defconfig > --- a/arch/m68k/configs/stmark2_defconfig > +++ b/arch/m68k/configs/stmark2_defconfig > @@ -9,7 +9,7 @@ CONFIG_CC_OPTIMIZE_FOR_SIZE=y > # CONFIG_AIO is not set > # CONFIG_ADVISE_SYSCALLS is not set > # CONFIG_MEMBARRIER is not set > -CONFIG_EMBEDDED=y > +CONFIG_EXPERT=y > # CONFIG_VM_EVENT_COUNTERS is not set > # CONFIG_COMPAT_BRK is not set > CONFIG_COLDFIRE=y > diff -- a/arch/microblaze/configs/mmu_defconfig b/arch/microblaze/configs/mmu_defconfig > --- a/arch/microblaze/configs/mmu_defconfig > +++ b/arch/microblaze/configs/mmu_defconfig > @@ -7,7 +7,7 @@ CONFIG_SYSFS_DEPRECATED=y > CONFIG_SYSFS_DEPRECATED_V2=y > # CONFIG_BASE_FULL is not set > CONFIG_KALLSYMS_ALL=y > -CONFIG_EMBEDDED=y > +CONFIG_EXPERT=y > CONFIG_XILINX_MICROBLAZE0_USE_MSR_INSTR=1 > CONFIG_XILINX_MICROBLAZE0_USE_PCMP_INSTR=1 > CONFIG_XILINX_MICROBLAZE0_USE_BARREL=1 > diff -- a/arch/nios2/configs/10m50_defconfig b/arch/nios2/configs/10m50_defconfig > --- a/arch/nios2/configs/10m50_defconfig > +++ b/arch/nios2/configs/10m50_defconfig > @@ -9,7 +9,7 @@ CONFIG_LOG_BUF_SHIFT=14 > # CONFIG_EVENTFD is not set > # CONFIG_SHMEM is not set > # CONFIG_AIO is not set > -CONFIG_EMBEDDED=y > +CONFIG_EXPERT=y > CONFIG_MODULES=y > CONFIG_MODULE_UNLOAD=y > CONFIG_NIOS2_MEM_BASE=0x8000000 > diff -- a/arch/nios2/configs/3c120_defconfig b/arch/nios2/configs/3c120_defconfig > --- a/arch/nios2/configs/3c120_defconfig > +++ b/arch/nios2/configs/3c120_defconfig > @@ -9,7 +9,7 @@ CONFIG_LOG_BUF_SHIFT=14 > # CONFIG_EVENTFD is not set > # CONFIG_SHMEM is not set > # CONFIG_AIO is not set > -CONFIG_EMBEDDED=y > +CONFIG_EXPERT=y > CONFIG_MODULES=y > CONFIG_MODULE_UNLOAD=y > CONFIG_NIOS2_MEM_BASE=0x10000000 > diff -- a/arch/openrisc/configs/or1klitex_defconfig b/arch/openrisc/configs/or1klitex_defconfig > --- a/arch/openrisc/configs/or1klitex_defconfig > +++ b/arch/openrisc/configs/or1klitex_defconfig > @@ -6,7 +6,7 @@ CONFIG_USER_NS=y > CONFIG_BLK_DEV_INITRD=y > CONFIG_CC_OPTIMIZE_FOR_SIZE=y > CONFIG_SGETMASK_SYSCALL=y > -CONFIG_EMBEDDED=y > +CONFIG_EXPERT=y > CONFIG_OPENRISC_BUILTIN_DTB="or1klitex" > CONFIG_HZ_100=y > CONFIG_OPENRISC_HAVE_SHADOW_GPRS=y > diff -- a/arch/powerpc/configs/mgcoge_defconfig b/arch/powerpc/configs/mgcoge_defconfig > --- a/arch/powerpc/configs/mgcoge_defconfig > +++ b/arch/powerpc/configs/mgcoge_defconfig > @@ -9,7 +9,7 @@ CONFIG_BLK_DEV_INITRD=y > # CONFIG_RD_GZIP is not set > CONFIG_KALLSYMS_ALL=y > # CONFIG_PCSPKR_PLATFORM is not set > -CONFIG_EMBEDDED=y > +CONFIG_EXPERT=y > CONFIG_PARTITION_ADVANCED=y > # CONFIG_PPC_PMAC is not set > CONFIG_PPC_82xx=y > diff -- a/arch/powerpc/configs/microwatt_defconfig b/arch/powerpc/configs/microwatt_defconfig > --- a/arch/powerpc/configs/microwatt_defconfig > +++ b/arch/powerpc/configs/microwatt_defconfig > @@ -8,7 +8,7 @@ CONFIG_CGROUPS=y > CONFIG_BLK_DEV_INITRD=y > CONFIG_CC_OPTIMIZE_FOR_SIZE=y > CONFIG_KALLSYMS_ALL=y > -CONFIG_EMBEDDED=y > +CONFIG_EXPERT=y > # CONFIG_VM_EVENT_COUNTERS is not set > # CONFIG_SLUB_DEBUG is not set > # CONFIG_COMPAT_BRK is not set > diff -- a/arch/powerpc/configs/ps3_defconfig b/arch/powerpc/configs/ps3_defconfig > --- a/arch/powerpc/configs/ps3_defconfig > +++ b/arch/powerpc/configs/ps3_defconfig > @@ -3,7 +3,7 @@ CONFIG_POSIX_MQUEUE=y > CONFIG_HIGH_RES_TIMERS=y > CONFIG_BLK_DEV_INITRD=y > CONFIG_CC_OPTIMIZE_FOR_SIZE=y > -CONFIG_EMBEDDED=y > +CONFIG_EXPERT=y > # CONFIG_PERF_EVENTS is not set > CONFIG_PROFILING=y > CONFIG_PPC64=y > diff -- a/arch/riscv/configs/nommu_k210_defconfig b/arch/riscv/configs/nommu_k210_defconfig > --- a/arch/riscv/configs/nommu_k210_defconfig > +++ b/arch/riscv/configs/nommu_k210_defconfig > @@ -21,7 +21,7 @@ CONFIG_CC_OPTIMIZE_FOR_SIZE=y > # CONFIG_IO_URING is not set > # CONFIG_ADVISE_SYSCALLS is not set > # CONFIG_KALLSYMS is not set > -CONFIG_EMBEDDED=y > +CONFIG_EXPERT=y > # CONFIG_VM_EVENT_COUNTERS is not set > # CONFIG_COMPAT_BRK is not set > CONFIG_SLUB=y > diff -- a/arch/riscv/configs/nommu_k210_sdcard_defconfig b/arch/riscv/configs/nommu_k210_sdcard_defconfig > --- a/arch/riscv/configs/nommu_k210_sdcard_defconfig > +++ b/arch/riscv/configs/nommu_k210_sdcard_defconfig > @@ -13,7 +13,7 @@ CONFIG_CC_OPTIMIZE_FOR_SIZE=y > # CONFIG_IO_URING is not set > # CONFIG_ADVISE_SYSCALLS is not set > # CONFIG_KALLSYMS is not set > -CONFIG_EMBEDDED=y > +CONFIG_EXPERT=y > # CONFIG_VM_EVENT_COUNTERS is not set > # CONFIG_COMPAT_BRK is not set > CONFIG_SLUB=y > diff -- a/arch/sh/configs/rsk7264_defconfig b/arch/sh/configs/rsk7264_defconfig > --- a/arch/sh/configs/rsk7264_defconfig > +++ b/arch/sh/configs/rsk7264_defconfig > @@ -9,7 +9,7 @@ CONFIG_SYSFS_DEPRECATED=y > CONFIG_SYSFS_DEPRECATED_V2=y > CONFIG_CC_OPTIMIZE_FOR_SIZE=y > CONFIG_KALLSYMS_ALL=y > -CONFIG_EMBEDDED=y > +CONFIG_EXPERT=y > CONFIG_PERF_COUNTERS=y > # CONFIG_VM_EVENT_COUNTERS is not set > CONFIG_MMAP_ALLOW_UNINITIALIZED=y > diff -- a/arch/sh/configs/rsk7269_defconfig b/arch/sh/configs/rsk7269_defconfig > --- a/arch/sh/configs/rsk7269_defconfig > +++ b/arch/sh/configs/rsk7269_defconfig > @@ -1,6 +1,6 @@ > CONFIG_LOG_BUF_SHIFT=14 > CONFIG_CC_OPTIMIZE_FOR_SIZE=y > -CONFIG_EMBEDDED=y > +CONFIG_EXPERT=y > # CONFIG_VM_EVENT_COUNTERS is not set > # CONFIG_BLK_DEV_BSG is not set > CONFIG_SWAP_IO_SPACE=y > diff -- a/arch/xtensa/configs/cadence_csp_defconfig b/arch/xtensa/configs/cadence_csp_defconfig > --- a/arch/xtensa/configs/cadence_csp_defconfig > +++ b/arch/xtensa/configs/cadence_csp_defconfig > @@ -21,7 +21,7 @@ CONFIG_INITRAMFS_SOURCE="$$KERNEL_INITRA > # CONFIG_RD_LZO is not set > # CONFIG_RD_LZ4 is not set > CONFIG_CC_OPTIMIZE_FOR_SIZE=y > -CONFIG_EMBEDDED=y > +CONFIG_EXPERT=y > CONFIG_PROFILING=y > CONFIG_MODULES=y > CONFIG_MODULE_FORCE_LOAD=y > diff -- a/arch/arm/configs/aspeed_g4_defconfig b/arch/arm/configs/aspeed_g4_defconfig > --- a/arch/arm/configs/aspeed_g4_defconfig > +++ b/arch/arm/configs/aspeed_g4_defconfig > @@ -15,7 +15,7 @@ CONFIG_BLK_DEV_INITRD=y > # CONFIG_UID16 is not set > # CONFIG_SYSFS_SYSCALL is not set > # CONFIG_AIO is not set > -CONFIG_EMBEDDED=y > +CONFIG_EXPERT=y > CONFIG_PERF_EVENTS=y > # CONFIG_ARCH_MULTI_V7 is not set > CONFIG_ARCH_ASPEED=y > diff -- a/arch/arm/configs/aspeed_g5_defconfig b/arch/arm/configs/aspeed_g5_defconfig > --- a/arch/arm/configs/aspeed_g5_defconfig > +++ b/arch/arm/configs/aspeed_g5_defconfig > @@ -15,7 +15,7 @@ CONFIG_BLK_DEV_INITRD=y > # CONFIG_UID16 is not set > # CONFIG_SYSFS_SYSCALL is not set > # CONFIG_AIO is not set > -CONFIG_EMBEDDED=y > +CONFIG_EXPERT=y > CONFIG_PERF_EVENTS=y > CONFIG_ARCH_MULTI_V6=y > CONFIG_ARCH_ASPEED=y > diff -- a/arch/arm/configs/at91_dt_defconfig b/arch/arm/configs/at91_dt_defconfig > --- a/arch/arm/configs/at91_dt_defconfig > +++ b/arch/arm/configs/at91_dt_defconfig > @@ -7,7 +7,7 @@ CONFIG_CGROUPS=y > CONFIG_BLK_DEV_INITRD=y > CONFIG_CC_OPTIMIZE_FOR_SIZE=y > CONFIG_KALLSYMS_ALL=y > -CONFIG_EMBEDDED=y > +CONFIG_EXPERT=y > CONFIG_ARCH_MULTI_V4T=y > CONFIG_ARCH_MULTI_V5=y > # CONFIG_ARCH_MULTI_V7 is not set > diff -- a/arch/arm/configs/axm55xx_defconfig b/arch/arm/configs/axm55xx_defconfig > --- a/arch/arm/configs/axm55xx_defconfig > +++ b/arch/arm/configs/axm55xx_defconfig > @@ -21,7 +21,7 @@ CONFIG_NAMESPACES=y > CONFIG_SCHED_AUTOGROUP=y > CONFIG_RELAY=y > CONFIG_BLK_DEV_INITRD=y > -CONFIG_EMBEDDED=y > +CONFIG_EXPERT=y > CONFIG_PROFILING=y > CONFIG_ARCH_AXXIA=y > CONFIG_ARM_LPAE=y > diff -- a/arch/arm/configs/bcm2835_defconfig b/arch/arm/configs/bcm2835_defconfig > --- a/arch/arm/configs/bcm2835_defconfig > +++ b/arch/arm/configs/bcm2835_defconfig > @@ -19,7 +19,7 @@ CONFIG_RELAY=y > CONFIG_BLK_DEV_INITRD=y > CONFIG_CC_OPTIMIZE_FOR_SIZE=y > CONFIG_KALLSYMS_ALL=y > -CONFIG_EMBEDDED=y > +CONFIG_EXPERT=y > CONFIG_PROFILING=y > CONFIG_CC_STACKPROTECTOR_REGULAR=y > CONFIG_ARCH_MULTI_V6=y > diff -- a/arch/arm/configs/clps711x_defconfig b/arch/arm/configs/clps711x_defconfig > --- a/arch/arm/configs/clps711x_defconfig > +++ b/arch/arm/configs/clps711x_defconfig > @@ -3,7 +3,7 @@ CONFIG_SYSVIPC=y > CONFIG_LOG_BUF_SHIFT=14 > CONFIG_BLK_DEV_INITRD=y > CONFIG_RD_LZMA=y > -CONFIG_EMBEDDED=y > +CONFIG_EXPERT=y > CONFIG_JUMP_LABEL=y > CONFIG_PARTITION_ADVANCED=y > CONFIG_ARCH_CLPS711X=y > diff -- a/arch/arm/configs/keystone_defconfig b/arch/arm/configs/keystone_defconfig > --- a/arch/arm/configs/keystone_defconfig > +++ b/arch/arm/configs/keystone_defconfig > @@ -14,7 +14,7 @@ CONFIG_BLK_DEV_INITRD=y > # CONFIG_ELF_CORE is not set > # CONFIG_BASE_FULL is not set > CONFIG_KALLSYMS_ALL=y > -CONFIG_EMBEDDED=y > +CONFIG_EXPERT=y > CONFIG_PROFILING=y > CONFIG_ARCH_KEYSTONE=y > CONFIG_ARM_LPAE=y > diff -- a/arch/arm/configs/lpc18xx_defconfig b/arch/arm/configs/lpc18xx_defconfig > --- a/arch/arm/configs/lpc18xx_defconfig > +++ b/arch/arm/configs/lpc18xx_defconfig > @@ -14,7 +14,7 @@ CONFIG_CC_OPTIMIZE_FOR_SIZE=y > # CONFIG_SIGNALFD is not set > # CONFIG_EVENTFD is not set > # CONFIG_AIO is not set > -CONFIG_EMBEDDED=y > +CONFIG_EXPERT=y > # CONFIG_MMU is not set > CONFIG_ARCH_LPC18XX=y > CONFIG_SET_MEM_PARAM=y > diff -- a/arch/arm/configs/lpc32xx_defconfig b/arch/arm/configs/lpc32xx_defconfig > --- a/arch/arm/configs/lpc32xx_defconfig > +++ b/arch/arm/configs/lpc32xx_defconfig > @@ -9,7 +9,7 @@ CONFIG_SYSFS_DEPRECATED=y > CONFIG_SYSFS_DEPRECATED_V2=y > CONFIG_BLK_DEV_INITRD=y > CONFIG_CC_OPTIMIZE_FOR_SIZE=y > -CONFIG_EMBEDDED=y > +CONFIG_EXPERT=y > # CONFIG_ARCH_MULTI_V7 is not set > CONFIG_ARCH_LPC32XX=y > CONFIG_AEABI=y > diff -- a/arch/arm/configs/milbeaut_m10v_defconfig b/arch/arm/configs/milbeaut_m10v_defconfig > --- a/arch/arm/configs/milbeaut_m10v_defconfig > +++ b/arch/arm/configs/milbeaut_m10v_defconfig > @@ -3,7 +3,7 @@ CONFIG_NO_HZ_IDLE=y > CONFIG_HIGH_RES_TIMERS=y > CONFIG_CGROUPS=y > CONFIG_BLK_DEV_INITRD=y > -CONFIG_EMBEDDED=y > +CONFIG_EXPERT=y > CONFIG_PERF_EVENTS=y > CONFIG_ARCH_MILBEAUT=y > CONFIG_ARCH_MILBEAUT_M10V=y > diff -- a/arch/arm/configs/moxart_defconfig b/arch/arm/configs/moxart_defconfig > --- a/arch/arm/configs/moxart_defconfig > +++ b/arch/arm/configs/moxart_defconfig > @@ -10,7 +10,7 @@ CONFIG_IKCONFIG_PROC=y > # CONFIG_TIMERFD is not set > # CONFIG_EVENTFD is not set > # CONFIG_AIO is not set > -CONFIG_EMBEDDED=y > +CONFIG_EXPERT=y > # CONFIG_BLK_DEV_BSG is not set > CONFIG_ARCH_MULTI_V4=y > # CONFIG_ARCH_MULTI_V7 is not set > diff -- a/arch/arm/configs/multi_v4t_defconfig b/arch/arm/configs/multi_v4t_defconfig > --- a/arch/arm/configs/multi_v4t_defconfig > +++ b/arch/arm/configs/multi_v4t_defconfig > @@ -2,7 +2,7 @@ CONFIG_KERNEL_LZMA=y > CONFIG_SYSVIPC=y > CONFIG_LOG_BUF_SHIFT=14 > CONFIG_BLK_DEV_INITRD=y > -CONFIG_EMBEDDED=y > +CONFIG_EXPERT=y > CONFIG_ARCH_MULTI_V4T=y > # CONFIG_ARCH_MULTI_V7 is not set > CONFIG_ARCH_AT91=y > diff -- a/arch/arm/configs/multi_v7_defconfig b/arch/arm/configs/multi_v7_defconfig > --- a/arch/arm/configs/multi_v7_defconfig > +++ b/arch/arm/configs/multi_v7_defconfig > @@ -3,7 +3,7 @@ CONFIG_NO_HZ_IDLE=y > CONFIG_HIGH_RES_TIMERS=y > CONFIG_CGROUPS=y > CONFIG_BLK_DEV_INITRD=y > -CONFIG_EMBEDDED=y > +CONFIG_EXPERT=y > CONFIG_PERF_EVENTS=y > CONFIG_ARCH_VIRT=y > CONFIG_ARCH_AIROHA=y > diff -- a/arch/arm/configs/pxa_defconfig b/arch/arm/configs/pxa_defconfig > --- a/arch/arm/configs/pxa_defconfig > +++ b/arch/arm/configs/pxa_defconfig > @@ -11,7 +11,7 @@ CONFIG_IKCONFIG_PROC=y > CONFIG_LOG_BUF_SHIFT=13 > CONFIG_BLK_DEV_INITRD=y > CONFIG_KALLSYMS_ALL=y > -CONFIG_EMBEDDED=y > +CONFIG_EXPERT=y > CONFIG_PROFILING=y > # CONFIG_ARCH_MULTI_V7 is not set > CONFIG_ARCH_PXA=y > diff -- a/arch/arm/configs/qcom_defconfig b/arch/arm/configs/qcom_defconfig > --- a/arch/arm/configs/qcom_defconfig > +++ b/arch/arm/configs/qcom_defconfig > @@ -7,7 +7,7 @@ CONFIG_IKCONFIG_PROC=y > CONFIG_CGROUPS=y > CONFIG_BLK_DEV_INITRD=y > CONFIG_KALLSYMS_ALL=y > -CONFIG_EMBEDDED=y > +CONFIG_EXPERT=y > CONFIG_PROFILING=y > CONFIG_ARCH_QCOM=y > CONFIG_ARCH_MSM8X60=y > diff -- a/arch/arm/configs/sama5_defconfig b/arch/arm/configs/sama5_defconfig > --- a/arch/arm/configs/sama5_defconfig > +++ b/arch/arm/configs/sama5_defconfig > @@ -5,7 +5,7 @@ CONFIG_HIGH_RES_TIMERS=y > CONFIG_LOG_BUF_SHIFT=14 > CONFIG_CGROUPS=y > CONFIG_BLK_DEV_INITRD=y > -CONFIG_EMBEDDED=y > +CONFIG_EXPERT=y > CONFIG_ARCH_AT91=y > CONFIG_SOC_SAMA5D2=y > CONFIG_SOC_SAMA5D3=y > diff -- a/arch/arm/configs/sama7_defconfig b/arch/arm/configs/sama7_defconfig > --- a/arch/arm/configs/sama7_defconfig > +++ b/arch/arm/configs/sama7_defconfig > @@ -12,7 +12,7 @@ CONFIG_BLK_DEV_INITRD=y > # CONFIG_FHANDLE is not set > # CONFIG_IO_URING is not set > CONFIG_KALLSYMS_ALL=y > -CONFIG_EMBEDDED=y > +CONFIG_EXPERT=y > CONFIG_ARCH_AT91=y > CONFIG_SOC_SAMA7G5=y > CONFIG_ATMEL_CLOCKSOURCE_TCB=y > diff -- a/arch/arm/configs/socfpga_defconfig b/arch/arm/configs/socfpga_defconfig > --- a/arch/arm/configs/socfpga_defconfig > +++ b/arch/arm/configs/socfpga_defconfig > @@ -7,7 +7,7 @@ CONFIG_CGROUPS=y > CONFIG_CPUSETS=y > CONFIG_NAMESPACES=y > CONFIG_BLK_DEV_INITRD=y > -CONFIG_EMBEDDED=y > +CONFIG_EXPERT=y > CONFIG_PROFILING=y > CONFIG_ARCH_INTEL_SOCFPGA=y > CONFIG_ARM_THUMBEE=y > diff -- a/arch/arm/configs/stm32_defconfig b/arch/arm/configs/stm32_defconfig > --- a/arch/arm/configs/stm32_defconfig > +++ b/arch/arm/configs/stm32_defconfig > @@ -11,7 +11,7 @@ CONFIG_CC_OPTIMIZE_FOR_SIZE=y > # CONFIG_SIGNALFD is not set > # CONFIG_EVENTFD is not set > # CONFIG_AIO is not set > -CONFIG_EMBEDDED=y > +CONFIG_EXPERT=y > # CONFIG_BLK_DEV_BSG is not set > # CONFIG_MMU is not set > CONFIG_ARCH_STM32=y > diff -- a/arch/arm/configs/tegra_defconfig b/arch/arm/configs/tegra_defconfig > --- a/arch/arm/configs/tegra_defconfig > +++ b/arch/arm/configs/tegra_defconfig > @@ -14,7 +14,7 @@ CONFIG_NAMESPACES=y > CONFIG_USER_NS=y > CONFIG_BLK_DEV_INITRD=y > # CONFIG_ELF_CORE is not set > -CONFIG_EMBEDDED=y > +CONFIG_EXPERT=y > CONFIG_PERF_EVENTS=y > CONFIG_ARCH_TEGRA=y > CONFIG_SMP=y > diff -- a/arch/arm/configs/vf610m4_defconfig b/arch/arm/configs/vf610m4_defconfig > --- a/arch/arm/configs/vf610m4_defconfig > +++ b/arch/arm/configs/vf610m4_defconfig > @@ -5,7 +5,7 @@ CONFIG_BLK_DEV_INITRD=y > # CONFIG_RD_XZ is not set > # CONFIG_RD_LZ4 is not set > CONFIG_KALLSYMS_ALL=y > -CONFIG_EMBEDDED=y > +CONFIG_EXPERT=y > # CONFIG_MMU is not set > CONFIG_ARCH_MXC=y > CONFIG_SOC_VF610=y > diff -- a/arch/mips/configs/ath25_defconfig b/arch/mips/configs/ath25_defconfig > --- a/arch/mips/configs/ath25_defconfig > +++ b/arch/mips/configs/ath25_defconfig > @@ -11,7 +11,7 @@ CONFIG_BLK_DEV_INITRD=y > CONFIG_CC_OPTIMIZE_FOR_SIZE=y > # CONFIG_FHANDLE is not set > # CONFIG_AIO is not set > -CONFIG_EMBEDDED=y > +CONFIG_EXPERT=y > # CONFIG_VM_EVENT_COUNTERS is not set > # CONFIG_SLUB_DEBUG is not set > # CONFIG_COMPAT_BRK is not set > diff -- a/arch/mips/configs/ath79_defconfig b/arch/mips/configs/ath79_defconfig > --- a/arch/mips/configs/ath79_defconfig > +++ b/arch/mips/configs/ath79_defconfig > @@ -5,7 +5,7 @@ CONFIG_BLK_DEV_INITRD=y > # CONFIG_RD_GZIP is not set > # CONFIG_AIO is not set > # CONFIG_KALLSYMS is not set > -CONFIG_EMBEDDED=y > +CONFIG_EXPERT=y > # CONFIG_VM_EVENT_COUNTERS is not set > # CONFIG_SLUB_DEBUG is not set > # CONFIG_COMPAT_BRK is not set > diff -- a/arch/mips/configs/bcm47xx_defconfig b/arch/mips/configs/bcm47xx_defconfig > --- a/arch/mips/configs/bcm47xx_defconfig > +++ b/arch/mips/configs/bcm47xx_defconfig > @@ -2,7 +2,7 @@ CONFIG_SYSVIPC=y > CONFIG_HIGH_RES_TIMERS=y > CONFIG_BLK_DEV_INITRD=y > CONFIG_CC_OPTIMIZE_FOR_SIZE=y > -CONFIG_EMBEDDED=y > +CONFIG_EXPERT=y > CONFIG_BCM47XX=y > CONFIG_PCI=y > # CONFIG_SUSPEND is not set > diff -- a/arch/mips/configs/ci20_defconfig b/arch/mips/configs/ci20_defconfig > --- a/arch/mips/configs/ci20_defconfig > +++ b/arch/mips/configs/ci20_defconfig > @@ -18,7 +18,7 @@ CONFIG_NAMESPACES=y > CONFIG_USER_NS=y > CONFIG_CC_OPTIMIZE_FOR_SIZE=y > CONFIG_KALLSYMS_ALL=y > -CONFIG_EMBEDDED=y > +CONFIG_EXPERT=y > CONFIG_MACH_INGENIC_SOC=y > CONFIG_JZ4780_CI20=y > CONFIG_HIGHMEM=y > diff -- a/arch/mips/configs/cu1000-neo_defconfig b/arch/mips/configs/cu1000-neo_defconfig > --- a/arch/mips/configs/cu1000-neo_defconfig > +++ b/arch/mips/configs/cu1000-neo_defconfig > @@ -15,7 +15,7 @@ CONFIG_NAMESPACES=y > CONFIG_USER_NS=y > CONFIG_CC_OPTIMIZE_FOR_SIZE=y > CONFIG_KALLSYMS_ALL=y > -CONFIG_EMBEDDED=y > +CONFIG_EXPERT=y > # CONFIG_VM_EVENT_COUNTERS is not set > # CONFIG_COMPAT_BRK is not set > CONFIG_MACH_INGENIC_SOC=y > diff -- a/arch/mips/configs/cu1830-neo_defconfig b/arch/mips/configs/cu1830-neo_defconfig > --- a/arch/mips/configs/cu1830-neo_defconfig > +++ b/arch/mips/configs/cu1830-neo_defconfig > @@ -15,7 +15,7 @@ CONFIG_NAMESPACES=y > CONFIG_USER_NS=y > CONFIG_CC_OPTIMIZE_FOR_SIZE=y > CONFIG_KALLSYMS_ALL=y > -CONFIG_EMBEDDED=y > +CONFIG_EXPERT=y > # CONFIG_VM_EVENT_COUNTERS is not set > # CONFIG_COMPAT_BRK is not set > CONFIG_MACH_INGENIC_SOC=y > diff -- a/arch/mips/configs/db1xxx_defconfig b/arch/mips/configs/db1xxx_defconfig > --- a/arch/mips/configs/db1xxx_defconfig > +++ b/arch/mips/configs/db1xxx_defconfig > @@ -17,7 +17,7 @@ CONFIG_CGROUP_FREEZER=y > CONFIG_CGROUP_DEVICE=y > CONFIG_CGROUP_CPUACCT=y > CONFIG_KALLSYMS_ALL=y > -CONFIG_EMBEDDED=y > +CONFIG_EXPERT=y > CONFIG_MIPS_ALCHEMY=y > CONFIG_HZ_100=y > CONFIG_PCI=y > diff -- a/arch/mips/configs/gcw0_defconfig b/arch/mips/configs/gcw0_defconfig > --- a/arch/mips/configs/gcw0_defconfig > +++ b/arch/mips/configs/gcw0_defconfig > @@ -2,7 +2,7 @@ CONFIG_DEFAULT_HOSTNAME="gcw0" > CONFIG_NO_HZ_IDLE=y > CONFIG_HIGH_RES_TIMERS=y > CONFIG_PREEMPT_VOLUNTARY=y > -CONFIG_EMBEDDED=y > +CONFIG_EXPERT=y > CONFIG_PROFILING=y > CONFIG_MACH_INGENIC_SOC=y > CONFIG_JZ4770_GCW0=y > diff -- a/arch/mips/configs/generic_defconfig b/arch/mips/configs/generic_defconfig > --- a/arch/mips/configs/generic_defconfig > +++ b/arch/mips/configs/generic_defconfig > @@ -17,7 +17,7 @@ CONFIG_SCHED_AUTOGROUP=y > CONFIG_BLK_DEV_INITRD=y > CONFIG_BPF_SYSCALL=y > CONFIG_USERFAULTFD=y > -CONFIG_EMBEDDED=y > +CONFIG_EXPERT=y > # CONFIG_SLUB_DEBUG is not set > # CONFIG_COMPAT_BRK is not set > CONFIG_CPU_LITTLE_ENDIAN=y > diff -- a/arch/mips/configs/loongson2k_defconfig b/arch/mips/configs/loongson2k_defconfig > --- a/arch/mips/configs/loongson2k_defconfig > +++ b/arch/mips/configs/loongson2k_defconfig > @@ -18,7 +18,7 @@ CONFIG_SCHED_AUTOGROUP=y > CONFIG_SYSFS_DEPRECATED=y > CONFIG_RELAY=y > CONFIG_BLK_DEV_INITRD=y > -CONFIG_EMBEDDED=y > +CONFIG_EXPERT=y > CONFIG_MACH_LOONGSON64=y > # CONFIG_CPU_LOONGSON3_CPUCFG_EMULATION is not set > CONFIG_HZ_256=y > diff -- a/arch/mips/configs/loongson3_defconfig b/arch/mips/configs/loongson3_defconfig > --- a/arch/mips/configs/loongson3_defconfig > +++ b/arch/mips/configs/loongson3_defconfig > @@ -26,7 +26,7 @@ CONFIG_SYSFS_DEPRECATED=y > CONFIG_RELAY=y > CONFIG_BLK_DEV_INITRD=y > CONFIG_BPF_SYSCALL=y > -CONFIG_EMBEDDED=y > +CONFIG_EXPERT=y > CONFIG_PERF_EVENTS=y > CONFIG_MACH_LOONGSON64=y > CONFIG_CPU_HAS_MSA=y > diff -- a/arch/mips/configs/maltaaprp_defconfig b/arch/mips/configs/maltaaprp_defconfig > --- a/arch/mips/configs/maltaaprp_defconfig > +++ b/arch/mips/configs/maltaaprp_defconfig > @@ -5,7 +5,7 @@ CONFIG_AUDIT=y > CONFIG_IKCONFIG=y > CONFIG_IKCONFIG_PROC=y > CONFIG_LOG_BUF_SHIFT=15 > -CONFIG_EMBEDDED=y > +CONFIG_EXPERT=y > CONFIG_MIPS_MALTA=y > CONFIG_CPU_LITTLE_ENDIAN=y > CONFIG_CPU_MIPS32_R2=y > diff -- a/arch/mips/configs/malta_qemu_32r6_defconfig b/arch/mips/configs/malta_qemu_32r6_defconfig > --- a/arch/mips/configs/malta_qemu_32r6_defconfig > +++ b/arch/mips/configs/malta_qemu_32r6_defconfig > @@ -5,7 +5,7 @@ CONFIG_NO_HZ=y > CONFIG_IKCONFIG=y > CONFIG_IKCONFIG_PROC=y > CONFIG_LOG_BUF_SHIFT=15 > -CONFIG_EMBEDDED=y > +CONFIG_EXPERT=y > CONFIG_MIPS_MALTA=y > CONFIG_CPU_LITTLE_ENDIAN=y > CONFIG_CPU_MIPS32_R6=y > diff -- a/arch/mips/configs/maltasmvp_defconfig b/arch/mips/configs/maltasmvp_defconfig > --- a/arch/mips/configs/maltasmvp_defconfig > +++ b/arch/mips/configs/maltasmvp_defconfig > @@ -5,7 +5,7 @@ CONFIG_NO_HZ=y > CONFIG_IKCONFIG=y > CONFIG_IKCONFIG_PROC=y > CONFIG_LOG_BUF_SHIFT=15 > -CONFIG_EMBEDDED=y > +CONFIG_EXPERT=y > CONFIG_MIPS_MALTA=y > CONFIG_CPU_LITTLE_ENDIAN=y > CONFIG_CPU_MIPS32_R2=y > diff -- a/arch/mips/configs/maltasmvp_eva_defconfig b/arch/mips/configs/maltasmvp_eva_defconfig > --- a/arch/mips/configs/maltasmvp_eva_defconfig > +++ b/arch/mips/configs/maltasmvp_eva_defconfig > @@ -5,7 +5,7 @@ CONFIG_NO_HZ=y > CONFIG_IKCONFIG=y > CONFIG_IKCONFIG_PROC=y > CONFIG_LOG_BUF_SHIFT=15 > -CONFIG_EMBEDDED=y > +CONFIG_EXPERT=y > CONFIG_MIPS_MALTA=y > CONFIG_CPU_LITTLE_ENDIAN=y > CONFIG_CPU_MIPS32_R2=y > diff -- a/arch/mips/configs/maltaup_defconfig b/arch/mips/configs/maltaup_defconfig > --- a/arch/mips/configs/maltaup_defconfig > +++ b/arch/mips/configs/maltaup_defconfig > @@ -6,7 +6,7 @@ CONFIG_NO_HZ=y > CONFIG_IKCONFIG=y > CONFIG_IKCONFIG_PROC=y > CONFIG_LOG_BUF_SHIFT=15 > -CONFIG_EMBEDDED=y > +CONFIG_EXPERT=y > CONFIG_MIPS_MALTA=y > CONFIG_CPU_LITTLE_ENDIAN=y > CONFIG_CPU_MIPS32_R2=y > diff -- a/arch/mips/configs/omega2p_defconfig b/arch/mips/configs/omega2p_defconfig > --- a/arch/mips/configs/omega2p_defconfig > +++ b/arch/mips/configs/omega2p_defconfig > @@ -17,7 +17,7 @@ CONFIG_NAMESPACES=y > CONFIG_USER_NS=y > CONFIG_CC_OPTIMIZE_FOR_SIZE=y > CONFIG_KALLSYMS_ALL=y > -CONFIG_EMBEDDED=y > +CONFIG_EXPERT=y > # CONFIG_VM_EVENT_COUNTERS is not set > # CONFIG_SLUB_DEBUG is not set > # CONFIG_COMPAT_BRK is not set > diff -- a/arch/mips/configs/pic32mzda_defconfig b/arch/mips/configs/pic32mzda_defconfig > --- a/arch/mips/configs/pic32mzda_defconfig > +++ b/arch/mips/configs/pic32mzda_defconfig > @@ -7,7 +7,7 @@ CONFIG_IKCONFIG_PROC=y > CONFIG_LOG_BUF_SHIFT=14 > CONFIG_RELAY=y > CONFIG_CC_OPTIMIZE_FOR_SIZE=y > -CONFIG_EMBEDDED=y > +CONFIG_EXPERT=y > # CONFIG_COMPAT_BRK is not set > CONFIG_MACH_PIC32=y > CONFIG_DTB_PIC32_MZDA_SK=y > diff -- a/arch/mips/configs/qi_lb60_defconfig b/arch/mips/configs/qi_lb60_defconfig > --- a/arch/mips/configs/qi_lb60_defconfig > +++ b/arch/mips/configs/qi_lb60_defconfig > @@ -3,7 +3,7 @@ CONFIG_SYSVIPC=y > # CONFIG_CROSS_MEMORY_ATTACH is not set > CONFIG_LOG_BUF_SHIFT=14 > CONFIG_KALLSYMS_ALL=y > -CONFIG_EMBEDDED=y > +CONFIG_EXPERT=y > # CONFIG_VM_EVENT_COUNTERS is not set > # CONFIG_COMPAT_BRK is not set > CONFIG_MACH_INGENIC_SOC=y > diff -- a/arch/mips/configs/rs90_defconfig b/arch/mips/configs/rs90_defconfig > --- a/arch/mips/configs/rs90_defconfig > +++ b/arch/mips/configs/rs90_defconfig > @@ -15,7 +15,7 @@ CONFIG_LD_DEAD_CODE_DATA_ELIMINATION=y > # CONFIG_IO_URING is not set > # CONFIG_ADVISE_SYSCALLS is not set > # CONFIG_KALLSYMS is not set > -CONFIG_EMBEDDED=y > +CONFIG_EXPERT=y > # CONFIG_PERF_EVENTS is not set > CONFIG_PROFILING=y > CONFIG_MACH_INGENIC_SOC=y > diff -- a/arch/mips/configs/rt305x_defconfig b/arch/mips/configs/rt305x_defconfig > --- a/arch/mips/configs/rt305x_defconfig > +++ b/arch/mips/configs/rt305x_defconfig > @@ -7,7 +7,7 @@ CONFIG_BLK_DEV_INITRD=y > CONFIG_CC_OPTIMIZE_FOR_SIZE=y > # CONFIG_AIO is not set > CONFIG_KALLSYMS_ALL=y > -CONFIG_EMBEDDED=y > +CONFIG_EXPERT=y > # CONFIG_VM_EVENT_COUNTERS is not set > # CONFIG_SLUB_DEBUG is not set > # CONFIG_COMPAT_BRK is not set > diff -- a/arch/mips/configs/vocore2_defconfig b/arch/mips/configs/vocore2_defconfig > --- a/arch/mips/configs/vocore2_defconfig > +++ b/arch/mips/configs/vocore2_defconfig > @@ -17,7 +17,7 @@ CONFIG_NAMESPACES=y > CONFIG_USER_NS=y > CONFIG_CC_OPTIMIZE_FOR_SIZE=y > CONFIG_KALLSYMS_ALL=y > -CONFIG_EMBEDDED=y > +CONFIG_EXPERT=y > # CONFIG_VM_EVENT_COUNTERS is not set > # CONFIG_SLUB_DEBUG is not set > # CONFIG_COMPAT_BRK is not set > diff -- a/arch/mips/configs/xway_defconfig b/arch/mips/configs/xway_defconfig > --- a/arch/mips/configs/xway_defconfig > +++ b/arch/mips/configs/xway_defconfig > @@ -7,7 +7,7 @@ CONFIG_BLK_DEV_INITRD=y > CONFIG_CC_OPTIMIZE_FOR_SIZE=y > # CONFIG_AIO is not set > CONFIG_KALLSYMS_ALL=y > -CONFIG_EMBEDDED=y > +CONFIG_EXPERT=y > # CONFIG_VM_EVENT_COUNTERS is not set > # CONFIG_SLUB_DEBUG is not set > # CONFIG_COMPAT_BRK is not set > diff -- a/kernel/configs/tiny-base.config b/kernel/configs/tiny-base.config > --- a/kernel/configs/tiny-base.config > +++ b/kernel/configs/tiny-base.config > @@ -1 +1 @@ > -CONFIG_EMBEDDED=y > +CONFIG_EXPERT=y > diff -- a/tools/testing/selftests/wireguard/qemu/kernel.config b/tools/testing/selftests/wireguard/qemu/kernel.config > --- a/tools/testing/selftests/wireguard/qemu/kernel.config > +++ b/tools/testing/selftests/wireguard/qemu/kernel.config > @@ -41,7 +41,6 @@ CONFIG_KALLSYMS=y > CONFIG_BUG=y > CONFIG_CC_OPTIMIZE_FOR_PERFORMANCE=y > CONFIG_JUMP_LABEL=y > -CONFIG_EMBEDDED=n > CONFIG_BASE_FULL=y > CONFIG_FUTEX=y > CONFIG_SHMEM=y From gerg at linux-m68k.org Wed Aug 16 22:11:44 2023 From: gerg at linux-m68k.org (Greg Ungerer) Date: Thu, 17 Aug 2023 08:11:44 +1000 Subject: [PATCH] treewide: drop CONFIG_EMBEDDED In-Reply-To: <20230816055010.31534-1-rdunlap@infradead.org> References: <20230816055010.31534-1-rdunlap@infradead.org> Message-ID: On 16/8/23 15:50, Randy Dunlap wrote: > There is only one Kconfig user of CONFIG_EMBEDDED and it can be > switched to EXPERT or "if !ARCH_MULTIPLATFORM" (suggested by Arnd). > > Signed-off-by: Randy Dunlap > Cc: Russell King > Cc: linux-arm-kernel at lists.infradead.org > Cc: Arnd Bergmann > Cc: Jason A. Donenfeld > Cc: wireguard at lists.zx2c4.com > Cc: linux-arch at vger.kernel.org > Cc: linux-snps-arc at lists.infradead.org > Cc: Vineet Gupta > Cc: Brian Cain > Cc: linux-hexagon at vger.kernel.org > Cc: Greg Ungerer Acked-by: Greg Ungerer > Cc: Geert Uytterhoeven > Cc: linux-m68k at lists.linux-m68k.org > Cc: Michal Simek > Cc: Thomas Bogendoerfer > Cc: Dinh Nguyen > Cc: Jonas Bonn > Cc: Stefan Kristiansson > Cc: Stafford Horne > Cc: linux-openrisc at vger.kernel.org > Cc: linux-mips at vger.kernel.org > Cc: Michael Ellerman > Cc: Nicholas Piggin > Cc: Christophe Leroy > Cc: linuxppc-dev at lists.ozlabs.org > Cc: linux-riscv at lists.infradead.org > Cc: Paul Walmsley > Cc: Palmer Dabbelt > Cc: Albert Ou > Cc: Yoshinori Sato > Cc: Rich Felker > Cc: John Paul Adrian Glaubitz > Cc: linux-sh at vger.kernel.org > Cc: Max Filippov > Cc: Josh Triplett > Cc: Masahiro Yamada > Cc: linux-kbuild at vger.kernel.org > Cc: Andrew Morton > --- > arch/arc/configs/axs101_defconfig | 2 +- > arch/arc/configs/axs103_defconfig | 2 +- > arch/arc/configs/axs103_smp_defconfig | 2 +- > arch/arc/configs/haps_hs_smp_defconfig | 2 +- > arch/arc/configs/hsdk_defconfig | 2 +- > arch/arc/configs/nsim_700_defconfig | 2 +- > arch/arc/configs/nsimosci_defconfig | 2 +- > arch/arc/configs/nsimosci_hs_defconfig | 2 +- > arch/arc/configs/tb10x_defconfig | 2 +- > arch/arc/configs/vdk_hs38_defconfig | 2 +- > arch/arc/configs/vdk_hs38_smp_defconfig | 2 +- > arch/arm/Kconfig | 2 +- > arch/arm/configs/aspeed_g4_defconfig | 2 +- > arch/arm/configs/aspeed_g5_defconfig | 2 +- > arch/arm/configs/at91_dt_defconfig | 2 +- > arch/arm/configs/axm55xx_defconfig | 2 +- > arch/arm/configs/bcm2835_defconfig | 2 +- > arch/arm/configs/clps711x_defconfig | 2 +- > arch/arm/configs/keystone_defconfig | 2 +- > arch/arm/configs/lpc18xx_defconfig | 2 +- > arch/arm/configs/lpc32xx_defconfig | 2 +- > arch/arm/configs/milbeaut_m10v_defconfig | 2 +- > arch/arm/configs/moxart_defconfig | 2 +- > arch/arm/configs/multi_v4t_defconfig | 2 +- > arch/arm/configs/multi_v7_defconfig | 2 +- > arch/arm/configs/pxa_defconfig | 2 +- > arch/arm/configs/qcom_defconfig | 2 +- > arch/arm/configs/sama5_defconfig | 2 +- > arch/arm/configs/sama7_defconfig | 2 +- > arch/arm/configs/socfpga_defconfig | 2 +- > arch/arm/configs/stm32_defconfig | 2 +- > arch/arm/configs/tegra_defconfig | 2 +- > arch/arm/configs/vf610m4_defconfig | 2 +- > arch/hexagon/configs/comet_defconfig | 2 +- > arch/m68k/configs/amcore_defconfig | 2 +- > arch/m68k/configs/m5475evb_defconfig | 2 +- > arch/m68k/configs/stmark2_defconfig | 2 +- > arch/microblaze/configs/mmu_defconfig | 2 +- > arch/mips/configs/ath25_defconfig | 2 +- > arch/mips/configs/ath79_defconfig | 2 +- > arch/mips/configs/bcm47xx_defconfig | 2 +- > arch/mips/configs/ci20_defconfig | 2 +- > arch/mips/configs/cu1000-neo_defconfig | 2 +- > arch/mips/configs/cu1830-neo_defconfig | 2 +- > arch/mips/configs/db1xxx_defconfig | 2 +- > arch/mips/configs/gcw0_defconfig | 2 +- > arch/mips/configs/generic_defconfig | 2 +- > arch/mips/configs/loongson2k_defconfig | 2 +- > arch/mips/configs/loongson3_defconfig | 2 +- > arch/mips/configs/malta_qemu_32r6_defconfig | 2 +- > arch/mips/configs/maltaaprp_defconfig | 2 +- > arch/mips/configs/maltasmvp_defconfig | 2 +- > arch/mips/configs/maltasmvp_eva_defconfig | 2 +- > arch/mips/configs/maltaup_defconfig | 2 +- > arch/mips/configs/omega2p_defconfig | 2 +- > arch/mips/configs/pic32mzda_defconfig | 2 +- > arch/mips/configs/qi_lb60_defconfig | 2 +- > arch/mips/configs/rs90_defconfig | 2 +- > arch/mips/configs/rt305x_defconfig | 2 +- > arch/mips/configs/vocore2_defconfig | 2 +- > arch/mips/configs/xway_defconfig | 2 +- > arch/nios2/configs/10m50_defconfig | 2 +- > arch/nios2/configs/3c120_defconfig | 2 +- > arch/openrisc/configs/or1klitex_defconfig | 2 +- > arch/powerpc/configs/40x/klondike_defconfig | 2 +- > arch/powerpc/configs/44x/fsp2_defconfig | 2 +- > arch/powerpc/configs/52xx/tqm5200_defconfig | 2 +- > arch/powerpc/configs/mgcoge_defconfig | 2 +- > arch/powerpc/configs/microwatt_defconfig | 2 +- > arch/powerpc/configs/ps3_defconfig | 2 +- > arch/riscv/configs/nommu_k210_defconfig | 2 +- > arch/riscv/configs/nommu_k210_sdcard_defconfig | 2 +- > arch/sh/configs/rsk7264_defconfig | 2 +- > arch/sh/configs/rsk7269_defconfig | 2 +- > arch/xtensa/configs/cadence_csp_defconfig | 2 +- > init/Kconfig | 8 -------- > kernel/configs/tiny-base.config | 2 +- > tools/testing/selftests/wireguard/qemu/kernel.config | 1 - > 78 files changed, 76 insertions(+), 85 deletions(-) > > diff -- a/arch/arm/Kconfig b/arch/arm/Kconfig > --- a/arch/arm/Kconfig > +++ b/arch/arm/Kconfig > @@ -250,7 +250,7 @@ config ARCH_MTD_XIP > bool > > config ARM_PATCH_PHYS_VIRT > - bool "Patch physical to virtual translations at runtime" if EMBEDDED > + bool "Patch physical to virtual translations at runtime" if !ARCH_MULTIPLATFORM > default y > depends on MMU > help > diff -- a/init/Kconfig b/init/Kconfig > --- a/init/Kconfig > +++ b/init/Kconfig > @@ -1790,14 +1790,6 @@ config DEBUG_RSEQ > > If unsure, say N. > > -config EMBEDDED > - bool "Embedded system" > - select EXPERT > - help > - This option should be enabled if compiling the kernel for > - an embedded system so certain expert options are available > - for configuration. > - > config HAVE_PERF_EVENTS > bool > help > diff -- a/arch/powerpc/configs/40x/klondike_defconfig b/arch/powerpc/configs/40x/klondike_defconfig > --- a/arch/powerpc/configs/40x/klondike_defconfig > +++ b/arch/powerpc/configs/40x/klondike_defconfig > @@ -4,7 +4,7 @@ CONFIG_LOG_BUF_SHIFT=14 > CONFIG_SYSFS_DEPRECATED=y > CONFIG_SYSFS_DEPRECATED_V2=y > CONFIG_BLK_DEV_INITRD=y > -CONFIG_EMBEDDED=y > +CONFIG_EXPERT=y > CONFIG_MODULES=y > CONFIG_MODULE_UNLOAD=y > CONFIG_APM8018X=y > diff -- a/arch/powerpc/configs/44x/fsp2_defconfig b/arch/powerpc/configs/44x/fsp2_defconfig > --- a/arch/powerpc/configs/44x/fsp2_defconfig > +++ b/arch/powerpc/configs/44x/fsp2_defconfig > @@ -15,7 +15,7 @@ CONFIG_BLK_DEV_INITRD=y > # CONFIG_RD_LZ4 is not set > CONFIG_KALLSYMS_ALL=y > CONFIG_BPF_SYSCALL=y > -CONFIG_EMBEDDED=y > +CONFIG_EXPERT=y > CONFIG_PROFILING=y > CONFIG_MODULES=y > CONFIG_MODULE_UNLOAD=y > diff -- a/arch/powerpc/configs/52xx/tqm5200_defconfig b/arch/powerpc/configs/52xx/tqm5200_defconfig > --- a/arch/powerpc/configs/52xx/tqm5200_defconfig > +++ b/arch/powerpc/configs/52xx/tqm5200_defconfig > @@ -3,7 +3,7 @@ CONFIG_LOG_BUF_SHIFT=14 > CONFIG_BLK_DEV_INITRD=y > # CONFIG_KALLSYMS is not set > # CONFIG_EPOLL is not set > -CONFIG_EMBEDDED=y > +CONFIG_EXPERT=y > CONFIG_MODULES=y > CONFIG_MODULE_UNLOAD=y > CONFIG_MODVERSIONS=y > diff -- a/arch/arc/configs/axs101_defconfig b/arch/arc/configs/axs101_defconfig > --- a/arch/arc/configs/axs101_defconfig > +++ b/arch/arc/configs/axs101_defconfig > @@ -9,7 +9,7 @@ CONFIG_NAMESPACES=y > # CONFIG_UTS_NS is not set > # CONFIG_PID_NS is not set > CONFIG_BLK_DEV_INITRD=y > -CONFIG_EMBEDDED=y > +CONFIG_EXPERT=y > CONFIG_PERF_EVENTS=y > # CONFIG_VM_EVENT_COUNTERS is not set > # CONFIG_SLUB_DEBUG is not set > diff -- a/arch/arc/configs/axs103_defconfig b/arch/arc/configs/axs103_defconfig > --- a/arch/arc/configs/axs103_defconfig > +++ b/arch/arc/configs/axs103_defconfig > @@ -9,7 +9,7 @@ CONFIG_NAMESPACES=y > # CONFIG_UTS_NS is not set > # CONFIG_PID_NS is not set > CONFIG_BLK_DEV_INITRD=y > -CONFIG_EMBEDDED=y > +CONFIG_EXPERT=y > CONFIG_PERF_EVENTS=y > # CONFIG_VM_EVENT_COUNTERS is not set > # CONFIG_SLUB_DEBUG is not set > diff -- a/arch/arc/configs/axs103_smp_defconfig b/arch/arc/configs/axs103_smp_defconfig > --- a/arch/arc/configs/axs103_smp_defconfig > +++ b/arch/arc/configs/axs103_smp_defconfig > @@ -9,7 +9,7 @@ CONFIG_NAMESPACES=y > # CONFIG_UTS_NS is not set > # CONFIG_PID_NS is not set > CONFIG_BLK_DEV_INITRD=y > -CONFIG_EMBEDDED=y > +CONFIG_EXPERT=y > CONFIG_PERF_EVENTS=y > # CONFIG_VM_EVENT_COUNTERS is not set > # CONFIG_COMPAT_BRK is not set > diff -- a/arch/arc/configs/haps_hs_smp_defconfig b/arch/arc/configs/haps_hs_smp_defconfig > --- a/arch/arc/configs/haps_hs_smp_defconfig > +++ b/arch/arc/configs/haps_hs_smp_defconfig > @@ -11,7 +11,7 @@ CONFIG_NAMESPACES=y > # CONFIG_UTS_NS is not set > # CONFIG_PID_NS is not set > CONFIG_BLK_DEV_INITRD=y > -CONFIG_EMBEDDED=y > +CONFIG_EXPERT=y > CONFIG_PERF_EVENTS=y > # CONFIG_VM_EVENT_COUNTERS is not set > # CONFIG_COMPAT_BRK is not set > diff -- a/arch/arc/configs/hsdk_defconfig b/arch/arc/configs/hsdk_defconfig > --- a/arch/arc/configs/hsdk_defconfig > +++ b/arch/arc/configs/hsdk_defconfig > @@ -9,7 +9,7 @@ CONFIG_NAMESPACES=y > # CONFIG_PID_NS is not set > CONFIG_BLK_DEV_INITRD=y > CONFIG_BLK_DEV_RAM=y > -CONFIG_EMBEDDED=y > +CONFIG_EXPERT=y > CONFIG_PERF_EVENTS=y > # CONFIG_VM_EVENT_COUNTERS is not set > # CONFIG_COMPAT_BRK is not set > diff -- a/arch/arc/configs/nsim_700_defconfig b/arch/arc/configs/nsim_700_defconfig > --- a/arch/arc/configs/nsim_700_defconfig > +++ b/arch/arc/configs/nsim_700_defconfig > @@ -12,7 +12,7 @@ CONFIG_NAMESPACES=y > # CONFIG_PID_NS is not set > CONFIG_BLK_DEV_INITRD=y > CONFIG_KALLSYMS_ALL=y > -CONFIG_EMBEDDED=y > +CONFIG_EXPERT=y > CONFIG_PERF_EVENTS=y > # CONFIG_SLUB_DEBUG is not set > # CONFIG_COMPAT_BRK is not set > diff -- a/arch/arc/configs/nsimosci_defconfig b/arch/arc/configs/nsimosci_defconfig > --- a/arch/arc/configs/nsimosci_defconfig > +++ b/arch/arc/configs/nsimosci_defconfig > @@ -11,7 +11,7 @@ CONFIG_NAMESPACES=y > # CONFIG_PID_NS is not set > CONFIG_BLK_DEV_INITRD=y > CONFIG_KALLSYMS_ALL=y > -CONFIG_EMBEDDED=y > +CONFIG_EXPERT=y > CONFIG_PERF_EVENTS=y > # CONFIG_SLUB_DEBUG is not set > # CONFIG_COMPAT_BRK is not set > diff -- a/arch/arc/configs/nsimosci_hs_defconfig b/arch/arc/configs/nsimosci_hs_defconfig > --- a/arch/arc/configs/nsimosci_hs_defconfig > +++ b/arch/arc/configs/nsimosci_hs_defconfig > @@ -11,7 +11,7 @@ CONFIG_NAMESPACES=y > # CONFIG_PID_NS is not set > CONFIG_BLK_DEV_INITRD=y > CONFIG_KALLSYMS_ALL=y > -CONFIG_EMBEDDED=y > +CONFIG_EXPERT=y > CONFIG_PERF_EVENTS=y > # CONFIG_SLUB_DEBUG is not set > # CONFIG_COMPAT_BRK is not set > diff -- a/arch/arc/configs/tb10x_defconfig b/arch/arc/configs/tb10x_defconfig > --- a/arch/arc/configs/tb10x_defconfig > +++ b/arch/arc/configs/tb10x_defconfig > @@ -16,7 +16,7 @@ CONFIG_INITRAMFS_ROOT_GID=501 > # CONFIG_RD_GZIP is not set > CONFIG_KALLSYMS_ALL=y > # CONFIG_AIO is not set > -CONFIG_EMBEDDED=y > +CONFIG_EXPERT=y > # CONFIG_COMPAT_BRK is not set > CONFIG_ISA_ARCOMPACT=y > CONFIG_MODULES=y > diff -- a/arch/arc/configs/vdk_hs38_defconfig b/arch/arc/configs/vdk_hs38_defconfig > --- a/arch/arc/configs/vdk_hs38_defconfig > +++ b/arch/arc/configs/vdk_hs38_defconfig > @@ -4,7 +4,7 @@ CONFIG_HIGH_RES_TIMERS=y > CONFIG_IKCONFIG=y > CONFIG_IKCONFIG_PROC=y > CONFIG_BLK_DEV_INITRD=y > -CONFIG_EMBEDDED=y > +CONFIG_EXPERT=y > CONFIG_PERF_EVENTS=y > # CONFIG_VM_EVENT_COUNTERS is not set > # CONFIG_SLUB_DEBUG is not set > diff -- a/arch/arc/configs/vdk_hs38_smp_defconfig b/arch/arc/configs/vdk_hs38_smp_defconfig > --- a/arch/arc/configs/vdk_hs38_smp_defconfig > +++ b/arch/arc/configs/vdk_hs38_smp_defconfig > @@ -4,7 +4,7 @@ CONFIG_HIGH_RES_TIMERS=y > CONFIG_IKCONFIG=y > CONFIG_IKCONFIG_PROC=y > CONFIG_BLK_DEV_INITRD=y > -CONFIG_EMBEDDED=y > +CONFIG_EXPERT=y > CONFIG_PERF_EVENTS=y > # CONFIG_VM_EVENT_COUNTERS is not set > # CONFIG_SLUB_DEBUG is not set > diff -- a/arch/hexagon/configs/comet_defconfig b/arch/hexagon/configs/comet_defconfig > --- a/arch/hexagon/configs/comet_defconfig > +++ b/arch/hexagon/configs/comet_defconfig > @@ -14,7 +14,7 @@ CONFIG_IKCONFIG=y > CONFIG_IKCONFIG_PROC=y > CONFIG_LOG_BUF_SHIFT=18 > CONFIG_BLK_DEV_INITRD=y > -CONFIG_EMBEDDED=y > +CONFIG_EXPERT=y > # CONFIG_VM_EVENT_COUNTERS is not set > # CONFIG_BLK_DEV_BSG is not set > CONFIG_UEVENT_HELPER_PATH="/sbin/hotplug" > diff -- a/arch/m68k/configs/amcore_defconfig b/arch/m68k/configs/amcore_defconfig > --- a/arch/m68k/configs/amcore_defconfig > +++ b/arch/m68k/configs/amcore_defconfig > @@ -8,7 +8,7 @@ CONFIG_CC_OPTIMIZE_FOR_SIZE=y > # CONFIG_AIO is not set > # CONFIG_ADVISE_SYSCALLS is not set > # CONFIG_MEMBARRIER is not set > -CONFIG_EMBEDDED=y > +CONFIG_EXPERT=y > # CONFIG_VM_EVENT_COUNTERS is not set > # CONFIG_SLUB_DEBUG is not set > # CONFIG_COMPAT_BRK is not set > diff -- a/arch/m68k/configs/m5475evb_defconfig b/arch/m68k/configs/m5475evb_defconfig > --- a/arch/m68k/configs/m5475evb_defconfig > +++ b/arch/m68k/configs/m5475evb_defconfig > @@ -8,7 +8,7 @@ CONFIG_LOG_BUF_SHIFT=14 > # CONFIG_EVENTFD is not set > # CONFIG_SHMEM is not set > # CONFIG_AIO is not set > -CONFIG_EMBEDDED=y > +CONFIG_EXPERT=y > CONFIG_MODULES=y > # CONFIG_BLK_DEV_BSG is not set > CONFIG_COLDFIRE=y > diff -- a/arch/m68k/configs/stmark2_defconfig b/arch/m68k/configs/stmark2_defconfig > --- a/arch/m68k/configs/stmark2_defconfig > +++ b/arch/m68k/configs/stmark2_defconfig > @@ -9,7 +9,7 @@ CONFIG_CC_OPTIMIZE_FOR_SIZE=y > # CONFIG_AIO is not set > # CONFIG_ADVISE_SYSCALLS is not set > # CONFIG_MEMBARRIER is not set > -CONFIG_EMBEDDED=y > +CONFIG_EXPERT=y > # CONFIG_VM_EVENT_COUNTERS is not set > # CONFIG_COMPAT_BRK is not set > CONFIG_COLDFIRE=y > diff -- a/arch/microblaze/configs/mmu_defconfig b/arch/microblaze/configs/mmu_defconfig > --- a/arch/microblaze/configs/mmu_defconfig > +++ b/arch/microblaze/configs/mmu_defconfig > @@ -7,7 +7,7 @@ CONFIG_SYSFS_DEPRECATED=y > CONFIG_SYSFS_DEPRECATED_V2=y > # CONFIG_BASE_FULL is not set > CONFIG_KALLSYMS_ALL=y > -CONFIG_EMBEDDED=y > +CONFIG_EXPERT=y > CONFIG_XILINX_MICROBLAZE0_USE_MSR_INSTR=1 > CONFIG_XILINX_MICROBLAZE0_USE_PCMP_INSTR=1 > CONFIG_XILINX_MICROBLAZE0_USE_BARREL=1 > diff -- a/arch/nios2/configs/10m50_defconfig b/arch/nios2/configs/10m50_defconfig > --- a/arch/nios2/configs/10m50_defconfig > +++ b/arch/nios2/configs/10m50_defconfig > @@ -9,7 +9,7 @@ CONFIG_LOG_BUF_SHIFT=14 > # CONFIG_EVENTFD is not set > # CONFIG_SHMEM is not set > # CONFIG_AIO is not set > -CONFIG_EMBEDDED=y > +CONFIG_EXPERT=y > CONFIG_MODULES=y > CONFIG_MODULE_UNLOAD=y > CONFIG_NIOS2_MEM_BASE=0x8000000 > diff -- a/arch/nios2/configs/3c120_defconfig b/arch/nios2/configs/3c120_defconfig > --- a/arch/nios2/configs/3c120_defconfig > +++ b/arch/nios2/configs/3c120_defconfig > @@ -9,7 +9,7 @@ CONFIG_LOG_BUF_SHIFT=14 > # CONFIG_EVENTFD is not set > # CONFIG_SHMEM is not set > # CONFIG_AIO is not set > -CONFIG_EMBEDDED=y > +CONFIG_EXPERT=y > CONFIG_MODULES=y > CONFIG_MODULE_UNLOAD=y > CONFIG_NIOS2_MEM_BASE=0x10000000 > diff -- a/arch/openrisc/configs/or1klitex_defconfig b/arch/openrisc/configs/or1klitex_defconfig > --- a/arch/openrisc/configs/or1klitex_defconfig > +++ b/arch/openrisc/configs/or1klitex_defconfig > @@ -6,7 +6,7 @@ CONFIG_USER_NS=y > CONFIG_BLK_DEV_INITRD=y > CONFIG_CC_OPTIMIZE_FOR_SIZE=y > CONFIG_SGETMASK_SYSCALL=y > -CONFIG_EMBEDDED=y > +CONFIG_EXPERT=y > CONFIG_OPENRISC_BUILTIN_DTB="or1klitex" > CONFIG_HZ_100=y > CONFIG_OPENRISC_HAVE_SHADOW_GPRS=y > diff -- a/arch/powerpc/configs/mgcoge_defconfig b/arch/powerpc/configs/mgcoge_defconfig > --- a/arch/powerpc/configs/mgcoge_defconfig > +++ b/arch/powerpc/configs/mgcoge_defconfig > @@ -9,7 +9,7 @@ CONFIG_BLK_DEV_INITRD=y > # CONFIG_RD_GZIP is not set > CONFIG_KALLSYMS_ALL=y > # CONFIG_PCSPKR_PLATFORM is not set > -CONFIG_EMBEDDED=y > +CONFIG_EXPERT=y > CONFIG_PARTITION_ADVANCED=y > # CONFIG_PPC_PMAC is not set > CONFIG_PPC_82xx=y > diff -- a/arch/powerpc/configs/microwatt_defconfig b/arch/powerpc/configs/microwatt_defconfig > --- a/arch/powerpc/configs/microwatt_defconfig > +++ b/arch/powerpc/configs/microwatt_defconfig > @@ -8,7 +8,7 @@ CONFIG_CGROUPS=y > CONFIG_BLK_DEV_INITRD=y > CONFIG_CC_OPTIMIZE_FOR_SIZE=y > CONFIG_KALLSYMS_ALL=y > -CONFIG_EMBEDDED=y > +CONFIG_EXPERT=y > # CONFIG_VM_EVENT_COUNTERS is not set > # CONFIG_SLUB_DEBUG is not set > # CONFIG_COMPAT_BRK is not set > diff -- a/arch/powerpc/configs/ps3_defconfig b/arch/powerpc/configs/ps3_defconfig > --- a/arch/powerpc/configs/ps3_defconfig > +++ b/arch/powerpc/configs/ps3_defconfig > @@ -3,7 +3,7 @@ CONFIG_POSIX_MQUEUE=y > CONFIG_HIGH_RES_TIMERS=y > CONFIG_BLK_DEV_INITRD=y > CONFIG_CC_OPTIMIZE_FOR_SIZE=y > -CONFIG_EMBEDDED=y > +CONFIG_EXPERT=y > # CONFIG_PERF_EVENTS is not set > CONFIG_PROFILING=y > CONFIG_PPC64=y > diff -- a/arch/riscv/configs/nommu_k210_defconfig b/arch/riscv/configs/nommu_k210_defconfig > --- a/arch/riscv/configs/nommu_k210_defconfig > +++ b/arch/riscv/configs/nommu_k210_defconfig > @@ -21,7 +21,7 @@ CONFIG_CC_OPTIMIZE_FOR_SIZE=y > # CONFIG_IO_URING is not set > # CONFIG_ADVISE_SYSCALLS is not set > # CONFIG_KALLSYMS is not set > -CONFIG_EMBEDDED=y > +CONFIG_EXPERT=y > # CONFIG_VM_EVENT_COUNTERS is not set > # CONFIG_COMPAT_BRK is not set > CONFIG_SLUB=y > diff -- a/arch/riscv/configs/nommu_k210_sdcard_defconfig b/arch/riscv/configs/nommu_k210_sdcard_defconfig > --- a/arch/riscv/configs/nommu_k210_sdcard_defconfig > +++ b/arch/riscv/configs/nommu_k210_sdcard_defconfig > @@ -13,7 +13,7 @@ CONFIG_CC_OPTIMIZE_FOR_SIZE=y > # CONFIG_IO_URING is not set > # CONFIG_ADVISE_SYSCALLS is not set > # CONFIG_KALLSYMS is not set > -CONFIG_EMBEDDED=y > +CONFIG_EXPERT=y > # CONFIG_VM_EVENT_COUNTERS is not set > # CONFIG_COMPAT_BRK is not set > CONFIG_SLUB=y > diff -- a/arch/sh/configs/rsk7264_defconfig b/arch/sh/configs/rsk7264_defconfig > --- a/arch/sh/configs/rsk7264_defconfig > +++ b/arch/sh/configs/rsk7264_defconfig > @@ -9,7 +9,7 @@ CONFIG_SYSFS_DEPRECATED=y > CONFIG_SYSFS_DEPRECATED_V2=y > CONFIG_CC_OPTIMIZE_FOR_SIZE=y > CONFIG_KALLSYMS_ALL=y > -CONFIG_EMBEDDED=y > +CONFIG_EXPERT=y > CONFIG_PERF_COUNTERS=y > # CONFIG_VM_EVENT_COUNTERS is not set > CONFIG_MMAP_ALLOW_UNINITIALIZED=y > diff -- a/arch/sh/configs/rsk7269_defconfig b/arch/sh/configs/rsk7269_defconfig > --- a/arch/sh/configs/rsk7269_defconfig > +++ b/arch/sh/configs/rsk7269_defconfig > @@ -1,6 +1,6 @@ > CONFIG_LOG_BUF_SHIFT=14 > CONFIG_CC_OPTIMIZE_FOR_SIZE=y > -CONFIG_EMBEDDED=y > +CONFIG_EXPERT=y > # CONFIG_VM_EVENT_COUNTERS is not set > # CONFIG_BLK_DEV_BSG is not set > CONFIG_SWAP_IO_SPACE=y > diff -- a/arch/xtensa/configs/cadence_csp_defconfig b/arch/xtensa/configs/cadence_csp_defconfig > --- a/arch/xtensa/configs/cadence_csp_defconfig > +++ b/arch/xtensa/configs/cadence_csp_defconfig > @@ -21,7 +21,7 @@ CONFIG_INITRAMFS_SOURCE="$$KERNEL_INITRA > # CONFIG_RD_LZO is not set > # CONFIG_RD_LZ4 is not set > CONFIG_CC_OPTIMIZE_FOR_SIZE=y > -CONFIG_EMBEDDED=y > +CONFIG_EXPERT=y > CONFIG_PROFILING=y > CONFIG_MODULES=y > CONFIG_MODULE_FORCE_LOAD=y > diff -- a/arch/arm/configs/aspeed_g4_defconfig b/arch/arm/configs/aspeed_g4_defconfig > --- a/arch/arm/configs/aspeed_g4_defconfig > +++ b/arch/arm/configs/aspeed_g4_defconfig > @@ -15,7 +15,7 @@ CONFIG_BLK_DEV_INITRD=y > # CONFIG_UID16 is not set > # CONFIG_SYSFS_SYSCALL is not set > # CONFIG_AIO is not set > -CONFIG_EMBEDDED=y > +CONFIG_EXPERT=y > CONFIG_PERF_EVENTS=y > # CONFIG_ARCH_MULTI_V7 is not set > CONFIG_ARCH_ASPEED=y > diff -- a/arch/arm/configs/aspeed_g5_defconfig b/arch/arm/configs/aspeed_g5_defconfig > --- a/arch/arm/configs/aspeed_g5_defconfig > +++ b/arch/arm/configs/aspeed_g5_defconfig > @@ -15,7 +15,7 @@ CONFIG_BLK_DEV_INITRD=y > # CONFIG_UID16 is not set > # CONFIG_SYSFS_SYSCALL is not set > # CONFIG_AIO is not set > -CONFIG_EMBEDDED=y > +CONFIG_EXPERT=y > CONFIG_PERF_EVENTS=y > CONFIG_ARCH_MULTI_V6=y > CONFIG_ARCH_ASPEED=y > diff -- a/arch/arm/configs/at91_dt_defconfig b/arch/arm/configs/at91_dt_defconfig > --- a/arch/arm/configs/at91_dt_defconfig > +++ b/arch/arm/configs/at91_dt_defconfig > @@ -7,7 +7,7 @@ CONFIG_CGROUPS=y > CONFIG_BLK_DEV_INITRD=y > CONFIG_CC_OPTIMIZE_FOR_SIZE=y > CONFIG_KALLSYMS_ALL=y > -CONFIG_EMBEDDED=y > +CONFIG_EXPERT=y > CONFIG_ARCH_MULTI_V4T=y > CONFIG_ARCH_MULTI_V5=y > # CONFIG_ARCH_MULTI_V7 is not set > diff -- a/arch/arm/configs/axm55xx_defconfig b/arch/arm/configs/axm55xx_defconfig > --- a/arch/arm/configs/axm55xx_defconfig > +++ b/arch/arm/configs/axm55xx_defconfig > @@ -21,7 +21,7 @@ CONFIG_NAMESPACES=y > CONFIG_SCHED_AUTOGROUP=y > CONFIG_RELAY=y > CONFIG_BLK_DEV_INITRD=y > -CONFIG_EMBEDDED=y > +CONFIG_EXPERT=y > CONFIG_PROFILING=y > CONFIG_ARCH_AXXIA=y > CONFIG_ARM_LPAE=y > diff -- a/arch/arm/configs/bcm2835_defconfig b/arch/arm/configs/bcm2835_defconfig > --- a/arch/arm/configs/bcm2835_defconfig > +++ b/arch/arm/configs/bcm2835_defconfig > @@ -19,7 +19,7 @@ CONFIG_RELAY=y > CONFIG_BLK_DEV_INITRD=y > CONFIG_CC_OPTIMIZE_FOR_SIZE=y > CONFIG_KALLSYMS_ALL=y > -CONFIG_EMBEDDED=y > +CONFIG_EXPERT=y > CONFIG_PROFILING=y > CONFIG_CC_STACKPROTECTOR_REGULAR=y > CONFIG_ARCH_MULTI_V6=y > diff -- a/arch/arm/configs/clps711x_defconfig b/arch/arm/configs/clps711x_defconfig > --- a/arch/arm/configs/clps711x_defconfig > +++ b/arch/arm/configs/clps711x_defconfig > @@ -3,7 +3,7 @@ CONFIG_SYSVIPC=y > CONFIG_LOG_BUF_SHIFT=14 > CONFIG_BLK_DEV_INITRD=y > CONFIG_RD_LZMA=y > -CONFIG_EMBEDDED=y > +CONFIG_EXPERT=y > CONFIG_JUMP_LABEL=y > CONFIG_PARTITION_ADVANCED=y > CONFIG_ARCH_CLPS711X=y > diff -- a/arch/arm/configs/keystone_defconfig b/arch/arm/configs/keystone_defconfig > --- a/arch/arm/configs/keystone_defconfig > +++ b/arch/arm/configs/keystone_defconfig > @@ -14,7 +14,7 @@ CONFIG_BLK_DEV_INITRD=y > # CONFIG_ELF_CORE is not set > # CONFIG_BASE_FULL is not set > CONFIG_KALLSYMS_ALL=y > -CONFIG_EMBEDDED=y > +CONFIG_EXPERT=y > CONFIG_PROFILING=y > CONFIG_ARCH_KEYSTONE=y > CONFIG_ARM_LPAE=y > diff -- a/arch/arm/configs/lpc18xx_defconfig b/arch/arm/configs/lpc18xx_defconfig > --- a/arch/arm/configs/lpc18xx_defconfig > +++ b/arch/arm/configs/lpc18xx_defconfig > @@ -14,7 +14,7 @@ CONFIG_CC_OPTIMIZE_FOR_SIZE=y > # CONFIG_SIGNALFD is not set > # CONFIG_EVENTFD is not set > # CONFIG_AIO is not set > -CONFIG_EMBEDDED=y > +CONFIG_EXPERT=y > # CONFIG_MMU is not set > CONFIG_ARCH_LPC18XX=y > CONFIG_SET_MEM_PARAM=y > diff -- a/arch/arm/configs/lpc32xx_defconfig b/arch/arm/configs/lpc32xx_defconfig > --- a/arch/arm/configs/lpc32xx_defconfig > +++ b/arch/arm/configs/lpc32xx_defconfig > @@ -9,7 +9,7 @@ CONFIG_SYSFS_DEPRECATED=y > CONFIG_SYSFS_DEPRECATED_V2=y > CONFIG_BLK_DEV_INITRD=y > CONFIG_CC_OPTIMIZE_FOR_SIZE=y > -CONFIG_EMBEDDED=y > +CONFIG_EXPERT=y > # CONFIG_ARCH_MULTI_V7 is not set > CONFIG_ARCH_LPC32XX=y > CONFIG_AEABI=y > diff -- a/arch/arm/configs/milbeaut_m10v_defconfig b/arch/arm/configs/milbeaut_m10v_defconfig > --- a/arch/arm/configs/milbeaut_m10v_defconfig > +++ b/arch/arm/configs/milbeaut_m10v_defconfig > @@ -3,7 +3,7 @@ CONFIG_NO_HZ_IDLE=y > CONFIG_HIGH_RES_TIMERS=y > CONFIG_CGROUPS=y > CONFIG_BLK_DEV_INITRD=y > -CONFIG_EMBEDDED=y > +CONFIG_EXPERT=y > CONFIG_PERF_EVENTS=y > CONFIG_ARCH_MILBEAUT=y > CONFIG_ARCH_MILBEAUT_M10V=y > diff -- a/arch/arm/configs/moxart_defconfig b/arch/arm/configs/moxart_defconfig > --- a/arch/arm/configs/moxart_defconfig > +++ b/arch/arm/configs/moxart_defconfig > @@ -10,7 +10,7 @@ CONFIG_IKCONFIG_PROC=y > # CONFIG_TIMERFD is not set > # CONFIG_EVENTFD is not set > # CONFIG_AIO is not set > -CONFIG_EMBEDDED=y > +CONFIG_EXPERT=y > # CONFIG_BLK_DEV_BSG is not set > CONFIG_ARCH_MULTI_V4=y > # CONFIG_ARCH_MULTI_V7 is not set > diff -- a/arch/arm/configs/multi_v4t_defconfig b/arch/arm/configs/multi_v4t_defconfig > --- a/arch/arm/configs/multi_v4t_defconfig > +++ b/arch/arm/configs/multi_v4t_defconfig > @@ -2,7 +2,7 @@ CONFIG_KERNEL_LZMA=y > CONFIG_SYSVIPC=y > CONFIG_LOG_BUF_SHIFT=14 > CONFIG_BLK_DEV_INITRD=y > -CONFIG_EMBEDDED=y > +CONFIG_EXPERT=y > CONFIG_ARCH_MULTI_V4T=y > # CONFIG_ARCH_MULTI_V7 is not set > CONFIG_ARCH_AT91=y > diff -- a/arch/arm/configs/multi_v7_defconfig b/arch/arm/configs/multi_v7_defconfig > --- a/arch/arm/configs/multi_v7_defconfig > +++ b/arch/arm/configs/multi_v7_defconfig > @@ -3,7 +3,7 @@ CONFIG_NO_HZ_IDLE=y > CONFIG_HIGH_RES_TIMERS=y > CONFIG_CGROUPS=y > CONFIG_BLK_DEV_INITRD=y > -CONFIG_EMBEDDED=y > +CONFIG_EXPERT=y > CONFIG_PERF_EVENTS=y > CONFIG_ARCH_VIRT=y > CONFIG_ARCH_AIROHA=y > diff -- a/arch/arm/configs/pxa_defconfig b/arch/arm/configs/pxa_defconfig > --- a/arch/arm/configs/pxa_defconfig > +++ b/arch/arm/configs/pxa_defconfig > @@ -11,7 +11,7 @@ CONFIG_IKCONFIG_PROC=y > CONFIG_LOG_BUF_SHIFT=13 > CONFIG_BLK_DEV_INITRD=y > CONFIG_KALLSYMS_ALL=y > -CONFIG_EMBEDDED=y > +CONFIG_EXPERT=y > CONFIG_PROFILING=y > # CONFIG_ARCH_MULTI_V7 is not set > CONFIG_ARCH_PXA=y > diff -- a/arch/arm/configs/qcom_defconfig b/arch/arm/configs/qcom_defconfig > --- a/arch/arm/configs/qcom_defconfig > +++ b/arch/arm/configs/qcom_defconfig > @@ -7,7 +7,7 @@ CONFIG_IKCONFIG_PROC=y > CONFIG_CGROUPS=y > CONFIG_BLK_DEV_INITRD=y > CONFIG_KALLSYMS_ALL=y > -CONFIG_EMBEDDED=y > +CONFIG_EXPERT=y > CONFIG_PROFILING=y > CONFIG_ARCH_QCOM=y > CONFIG_ARCH_MSM8X60=y > diff -- a/arch/arm/configs/sama5_defconfig b/arch/arm/configs/sama5_defconfig > --- a/arch/arm/configs/sama5_defconfig > +++ b/arch/arm/configs/sama5_defconfig > @@ -5,7 +5,7 @@ CONFIG_HIGH_RES_TIMERS=y > CONFIG_LOG_BUF_SHIFT=14 > CONFIG_CGROUPS=y > CONFIG_BLK_DEV_INITRD=y > -CONFIG_EMBEDDED=y > +CONFIG_EXPERT=y > CONFIG_ARCH_AT91=y > CONFIG_SOC_SAMA5D2=y > CONFIG_SOC_SAMA5D3=y > diff -- a/arch/arm/configs/sama7_defconfig b/arch/arm/configs/sama7_defconfig > --- a/arch/arm/configs/sama7_defconfig > +++ b/arch/arm/configs/sama7_defconfig > @@ -12,7 +12,7 @@ CONFIG_BLK_DEV_INITRD=y > # CONFIG_FHANDLE is not set > # CONFIG_IO_URING is not set > CONFIG_KALLSYMS_ALL=y > -CONFIG_EMBEDDED=y > +CONFIG_EXPERT=y > CONFIG_ARCH_AT91=y > CONFIG_SOC_SAMA7G5=y > CONFIG_ATMEL_CLOCKSOURCE_TCB=y > diff -- a/arch/arm/configs/socfpga_defconfig b/arch/arm/configs/socfpga_defconfig > --- a/arch/arm/configs/socfpga_defconfig > +++ b/arch/arm/configs/socfpga_defconfig > @@ -7,7 +7,7 @@ CONFIG_CGROUPS=y > CONFIG_CPUSETS=y > CONFIG_NAMESPACES=y > CONFIG_BLK_DEV_INITRD=y > -CONFIG_EMBEDDED=y > +CONFIG_EXPERT=y > CONFIG_PROFILING=y > CONFIG_ARCH_INTEL_SOCFPGA=y > CONFIG_ARM_THUMBEE=y > diff -- a/arch/arm/configs/stm32_defconfig b/arch/arm/configs/stm32_defconfig > --- a/arch/arm/configs/stm32_defconfig > +++ b/arch/arm/configs/stm32_defconfig > @@ -11,7 +11,7 @@ CONFIG_CC_OPTIMIZE_FOR_SIZE=y > # CONFIG_SIGNALFD is not set > # CONFIG_EVENTFD is not set > # CONFIG_AIO is not set > -CONFIG_EMBEDDED=y > +CONFIG_EXPERT=y > # CONFIG_BLK_DEV_BSG is not set > # CONFIG_MMU is not set > CONFIG_ARCH_STM32=y > diff -- a/arch/arm/configs/tegra_defconfig b/arch/arm/configs/tegra_defconfig > --- a/arch/arm/configs/tegra_defconfig > +++ b/arch/arm/configs/tegra_defconfig > @@ -14,7 +14,7 @@ CONFIG_NAMESPACES=y > CONFIG_USER_NS=y > CONFIG_BLK_DEV_INITRD=y > # CONFIG_ELF_CORE is not set > -CONFIG_EMBEDDED=y > +CONFIG_EXPERT=y > CONFIG_PERF_EVENTS=y > CONFIG_ARCH_TEGRA=y > CONFIG_SMP=y > diff -- a/arch/arm/configs/vf610m4_defconfig b/arch/arm/configs/vf610m4_defconfig > --- a/arch/arm/configs/vf610m4_defconfig > +++ b/arch/arm/configs/vf610m4_defconfig > @@ -5,7 +5,7 @@ CONFIG_BLK_DEV_INITRD=y > # CONFIG_RD_XZ is not set > # CONFIG_RD_LZ4 is not set > CONFIG_KALLSYMS_ALL=y > -CONFIG_EMBEDDED=y > +CONFIG_EXPERT=y > # CONFIG_MMU is not set > CONFIG_ARCH_MXC=y > CONFIG_SOC_VF610=y > diff -- a/arch/mips/configs/ath25_defconfig b/arch/mips/configs/ath25_defconfig > --- a/arch/mips/configs/ath25_defconfig > +++ b/arch/mips/configs/ath25_defconfig > @@ -11,7 +11,7 @@ CONFIG_BLK_DEV_INITRD=y > CONFIG_CC_OPTIMIZE_FOR_SIZE=y > # CONFIG_FHANDLE is not set > # CONFIG_AIO is not set > -CONFIG_EMBEDDED=y > +CONFIG_EXPERT=y > # CONFIG_VM_EVENT_COUNTERS is not set > # CONFIG_SLUB_DEBUG is not set > # CONFIG_COMPAT_BRK is not set > diff -- a/arch/mips/configs/ath79_defconfig b/arch/mips/configs/ath79_defconfig > --- a/arch/mips/configs/ath79_defconfig > +++ b/arch/mips/configs/ath79_defconfig > @@ -5,7 +5,7 @@ CONFIG_BLK_DEV_INITRD=y > # CONFIG_RD_GZIP is not set > # CONFIG_AIO is not set > # CONFIG_KALLSYMS is not set > -CONFIG_EMBEDDED=y > +CONFIG_EXPERT=y > # CONFIG_VM_EVENT_COUNTERS is not set > # CONFIG_SLUB_DEBUG is not set > # CONFIG_COMPAT_BRK is not set > diff -- a/arch/mips/configs/bcm47xx_defconfig b/arch/mips/configs/bcm47xx_defconfig > --- a/arch/mips/configs/bcm47xx_defconfig > +++ b/arch/mips/configs/bcm47xx_defconfig > @@ -2,7 +2,7 @@ CONFIG_SYSVIPC=y > CONFIG_HIGH_RES_TIMERS=y > CONFIG_BLK_DEV_INITRD=y > CONFIG_CC_OPTIMIZE_FOR_SIZE=y > -CONFIG_EMBEDDED=y > +CONFIG_EXPERT=y > CONFIG_BCM47XX=y > CONFIG_PCI=y > # CONFIG_SUSPEND is not set > diff -- a/arch/mips/configs/ci20_defconfig b/arch/mips/configs/ci20_defconfig > --- a/arch/mips/configs/ci20_defconfig > +++ b/arch/mips/configs/ci20_defconfig > @@ -18,7 +18,7 @@ CONFIG_NAMESPACES=y > CONFIG_USER_NS=y > CONFIG_CC_OPTIMIZE_FOR_SIZE=y > CONFIG_KALLSYMS_ALL=y > -CONFIG_EMBEDDED=y > +CONFIG_EXPERT=y > CONFIG_MACH_INGENIC_SOC=y > CONFIG_JZ4780_CI20=y > CONFIG_HIGHMEM=y > diff -- a/arch/mips/configs/cu1000-neo_defconfig b/arch/mips/configs/cu1000-neo_defconfig > --- a/arch/mips/configs/cu1000-neo_defconfig > +++ b/arch/mips/configs/cu1000-neo_defconfig > @@ -15,7 +15,7 @@ CONFIG_NAMESPACES=y > CONFIG_USER_NS=y > CONFIG_CC_OPTIMIZE_FOR_SIZE=y > CONFIG_KALLSYMS_ALL=y > -CONFIG_EMBEDDED=y > +CONFIG_EXPERT=y > # CONFIG_VM_EVENT_COUNTERS is not set > # CONFIG_COMPAT_BRK is not set > CONFIG_MACH_INGENIC_SOC=y > diff -- a/arch/mips/configs/cu1830-neo_defconfig b/arch/mips/configs/cu1830-neo_defconfig > --- a/arch/mips/configs/cu1830-neo_defconfig > +++ b/arch/mips/configs/cu1830-neo_defconfig > @@ -15,7 +15,7 @@ CONFIG_NAMESPACES=y > CONFIG_USER_NS=y > CONFIG_CC_OPTIMIZE_FOR_SIZE=y > CONFIG_KALLSYMS_ALL=y > -CONFIG_EMBEDDED=y > +CONFIG_EXPERT=y > # CONFIG_VM_EVENT_COUNTERS is not set > # CONFIG_COMPAT_BRK is not set > CONFIG_MACH_INGENIC_SOC=y > diff -- a/arch/mips/configs/db1xxx_defconfig b/arch/mips/configs/db1xxx_defconfig > --- a/arch/mips/configs/db1xxx_defconfig > +++ b/arch/mips/configs/db1xxx_defconfig > @@ -17,7 +17,7 @@ CONFIG_CGROUP_FREEZER=y > CONFIG_CGROUP_DEVICE=y > CONFIG_CGROUP_CPUACCT=y > CONFIG_KALLSYMS_ALL=y > -CONFIG_EMBEDDED=y > +CONFIG_EXPERT=y > CONFIG_MIPS_ALCHEMY=y > CONFIG_HZ_100=y > CONFIG_PCI=y > diff -- a/arch/mips/configs/gcw0_defconfig b/arch/mips/configs/gcw0_defconfig > --- a/arch/mips/configs/gcw0_defconfig > +++ b/arch/mips/configs/gcw0_defconfig > @@ -2,7 +2,7 @@ CONFIG_DEFAULT_HOSTNAME="gcw0" > CONFIG_NO_HZ_IDLE=y > CONFIG_HIGH_RES_TIMERS=y > CONFIG_PREEMPT_VOLUNTARY=y > -CONFIG_EMBEDDED=y > +CONFIG_EXPERT=y > CONFIG_PROFILING=y > CONFIG_MACH_INGENIC_SOC=y > CONFIG_JZ4770_GCW0=y > diff -- a/arch/mips/configs/generic_defconfig b/arch/mips/configs/generic_defconfig > --- a/arch/mips/configs/generic_defconfig > +++ b/arch/mips/configs/generic_defconfig > @@ -17,7 +17,7 @@ CONFIG_SCHED_AUTOGROUP=y > CONFIG_BLK_DEV_INITRD=y > CONFIG_BPF_SYSCALL=y > CONFIG_USERFAULTFD=y > -CONFIG_EMBEDDED=y > +CONFIG_EXPERT=y > # CONFIG_SLUB_DEBUG is not set > # CONFIG_COMPAT_BRK is not set > CONFIG_CPU_LITTLE_ENDIAN=y > diff -- a/arch/mips/configs/loongson2k_defconfig b/arch/mips/configs/loongson2k_defconfig > --- a/arch/mips/configs/loongson2k_defconfig > +++ b/arch/mips/configs/loongson2k_defconfig > @@ -18,7 +18,7 @@ CONFIG_SCHED_AUTOGROUP=y > CONFIG_SYSFS_DEPRECATED=y > CONFIG_RELAY=y > CONFIG_BLK_DEV_INITRD=y > -CONFIG_EMBEDDED=y > +CONFIG_EXPERT=y > CONFIG_MACH_LOONGSON64=y > # CONFIG_CPU_LOONGSON3_CPUCFG_EMULATION is not set > CONFIG_HZ_256=y > diff -- a/arch/mips/configs/loongson3_defconfig b/arch/mips/configs/loongson3_defconfig > --- a/arch/mips/configs/loongson3_defconfig > +++ b/arch/mips/configs/loongson3_defconfig > @@ -26,7 +26,7 @@ CONFIG_SYSFS_DEPRECATED=y > CONFIG_RELAY=y > CONFIG_BLK_DEV_INITRD=y > CONFIG_BPF_SYSCALL=y > -CONFIG_EMBEDDED=y > +CONFIG_EXPERT=y > CONFIG_PERF_EVENTS=y > CONFIG_MACH_LOONGSON64=y > CONFIG_CPU_HAS_MSA=y > diff -- a/arch/mips/configs/maltaaprp_defconfig b/arch/mips/configs/maltaaprp_defconfig > --- a/arch/mips/configs/maltaaprp_defconfig > +++ b/arch/mips/configs/maltaaprp_defconfig > @@ -5,7 +5,7 @@ CONFIG_AUDIT=y > CONFIG_IKCONFIG=y > CONFIG_IKCONFIG_PROC=y > CONFIG_LOG_BUF_SHIFT=15 > -CONFIG_EMBEDDED=y > +CONFIG_EXPERT=y > CONFIG_MIPS_MALTA=y > CONFIG_CPU_LITTLE_ENDIAN=y > CONFIG_CPU_MIPS32_R2=y > diff -- a/arch/mips/configs/malta_qemu_32r6_defconfig b/arch/mips/configs/malta_qemu_32r6_defconfig > --- a/arch/mips/configs/malta_qemu_32r6_defconfig > +++ b/arch/mips/configs/malta_qemu_32r6_defconfig > @@ -5,7 +5,7 @@ CONFIG_NO_HZ=y > CONFIG_IKCONFIG=y > CONFIG_IKCONFIG_PROC=y > CONFIG_LOG_BUF_SHIFT=15 > -CONFIG_EMBEDDED=y > +CONFIG_EXPERT=y > CONFIG_MIPS_MALTA=y > CONFIG_CPU_LITTLE_ENDIAN=y > CONFIG_CPU_MIPS32_R6=y > diff -- a/arch/mips/configs/maltasmvp_defconfig b/arch/mips/configs/maltasmvp_defconfig > --- a/arch/mips/configs/maltasmvp_defconfig > +++ b/arch/mips/configs/maltasmvp_defconfig > @@ -5,7 +5,7 @@ CONFIG_NO_HZ=y > CONFIG_IKCONFIG=y > CONFIG_IKCONFIG_PROC=y > CONFIG_LOG_BUF_SHIFT=15 > -CONFIG_EMBEDDED=y > +CONFIG_EXPERT=y > CONFIG_MIPS_MALTA=y > CONFIG_CPU_LITTLE_ENDIAN=y > CONFIG_CPU_MIPS32_R2=y > diff -- a/arch/mips/configs/maltasmvp_eva_defconfig b/arch/mips/configs/maltasmvp_eva_defconfig > --- a/arch/mips/configs/maltasmvp_eva_defconfig > +++ b/arch/mips/configs/maltasmvp_eva_defconfig > @@ -5,7 +5,7 @@ CONFIG_NO_HZ=y > CONFIG_IKCONFIG=y > CONFIG_IKCONFIG_PROC=y > CONFIG_LOG_BUF_SHIFT=15 > -CONFIG_EMBEDDED=y > +CONFIG_EXPERT=y > CONFIG_MIPS_MALTA=y > CONFIG_CPU_LITTLE_ENDIAN=y > CONFIG_CPU_MIPS32_R2=y > diff -- a/arch/mips/configs/maltaup_defconfig b/arch/mips/configs/maltaup_defconfig > --- a/arch/mips/configs/maltaup_defconfig > +++ b/arch/mips/configs/maltaup_defconfig > @@ -6,7 +6,7 @@ CONFIG_NO_HZ=y > CONFIG_IKCONFIG=y > CONFIG_IKCONFIG_PROC=y > CONFIG_LOG_BUF_SHIFT=15 > -CONFIG_EMBEDDED=y > +CONFIG_EXPERT=y > CONFIG_MIPS_MALTA=y > CONFIG_CPU_LITTLE_ENDIAN=y > CONFIG_CPU_MIPS32_R2=y > diff -- a/arch/mips/configs/omega2p_defconfig b/arch/mips/configs/omega2p_defconfig > --- a/arch/mips/configs/omega2p_defconfig > +++ b/arch/mips/configs/omega2p_defconfig > @@ -17,7 +17,7 @@ CONFIG_NAMESPACES=y > CONFIG_USER_NS=y > CONFIG_CC_OPTIMIZE_FOR_SIZE=y > CONFIG_KALLSYMS_ALL=y > -CONFIG_EMBEDDED=y > +CONFIG_EXPERT=y > # CONFIG_VM_EVENT_COUNTERS is not set > # CONFIG_SLUB_DEBUG is not set > # CONFIG_COMPAT_BRK is not set > diff -- a/arch/mips/configs/pic32mzda_defconfig b/arch/mips/configs/pic32mzda_defconfig > --- a/arch/mips/configs/pic32mzda_defconfig > +++ b/arch/mips/configs/pic32mzda_defconfig > @@ -7,7 +7,7 @@ CONFIG_IKCONFIG_PROC=y > CONFIG_LOG_BUF_SHIFT=14 > CONFIG_RELAY=y > CONFIG_CC_OPTIMIZE_FOR_SIZE=y > -CONFIG_EMBEDDED=y > +CONFIG_EXPERT=y > # CONFIG_COMPAT_BRK is not set > CONFIG_MACH_PIC32=y > CONFIG_DTB_PIC32_MZDA_SK=y > diff -- a/arch/mips/configs/qi_lb60_defconfig b/arch/mips/configs/qi_lb60_defconfig > --- a/arch/mips/configs/qi_lb60_defconfig > +++ b/arch/mips/configs/qi_lb60_defconfig > @@ -3,7 +3,7 @@ CONFIG_SYSVIPC=y > # CONFIG_CROSS_MEMORY_ATTACH is not set > CONFIG_LOG_BUF_SHIFT=14 > CONFIG_KALLSYMS_ALL=y > -CONFIG_EMBEDDED=y > +CONFIG_EXPERT=y > # CONFIG_VM_EVENT_COUNTERS is not set > # CONFIG_COMPAT_BRK is not set > CONFIG_MACH_INGENIC_SOC=y > diff -- a/arch/mips/configs/rs90_defconfig b/arch/mips/configs/rs90_defconfig > --- a/arch/mips/configs/rs90_defconfig > +++ b/arch/mips/configs/rs90_defconfig > @@ -15,7 +15,7 @@ CONFIG_LD_DEAD_CODE_DATA_ELIMINATION=y > # CONFIG_IO_URING is not set > # CONFIG_ADVISE_SYSCALLS is not set > # CONFIG_KALLSYMS is not set > -CONFIG_EMBEDDED=y > +CONFIG_EXPERT=y > # CONFIG_PERF_EVENTS is not set > CONFIG_PROFILING=y > CONFIG_MACH_INGENIC_SOC=y > diff -- a/arch/mips/configs/rt305x_defconfig b/arch/mips/configs/rt305x_defconfig > --- a/arch/mips/configs/rt305x_defconfig > +++ b/arch/mips/configs/rt305x_defconfig > @@ -7,7 +7,7 @@ CONFIG_BLK_DEV_INITRD=y > CONFIG_CC_OPTIMIZE_FOR_SIZE=y > # CONFIG_AIO is not set > CONFIG_KALLSYMS_ALL=y > -CONFIG_EMBEDDED=y > +CONFIG_EXPERT=y > # CONFIG_VM_EVENT_COUNTERS is not set > # CONFIG_SLUB_DEBUG is not set > # CONFIG_COMPAT_BRK is not set > diff -- a/arch/mips/configs/vocore2_defconfig b/arch/mips/configs/vocore2_defconfig > --- a/arch/mips/configs/vocore2_defconfig > +++ b/arch/mips/configs/vocore2_defconfig > @@ -17,7 +17,7 @@ CONFIG_NAMESPACES=y > CONFIG_USER_NS=y > CONFIG_CC_OPTIMIZE_FOR_SIZE=y > CONFIG_KALLSYMS_ALL=y > -CONFIG_EMBEDDED=y > +CONFIG_EXPERT=y > # CONFIG_VM_EVENT_COUNTERS is not set > # CONFIG_SLUB_DEBUG is not set > # CONFIG_COMPAT_BRK is not set > diff -- a/arch/mips/configs/xway_defconfig b/arch/mips/configs/xway_defconfig > --- a/arch/mips/configs/xway_defconfig > +++ b/arch/mips/configs/xway_defconfig > @@ -7,7 +7,7 @@ CONFIG_BLK_DEV_INITRD=y > CONFIG_CC_OPTIMIZE_FOR_SIZE=y > # CONFIG_AIO is not set > CONFIG_KALLSYMS_ALL=y > -CONFIG_EMBEDDED=y > +CONFIG_EXPERT=y > # CONFIG_VM_EVENT_COUNTERS is not set > # CONFIG_SLUB_DEBUG is not set > # CONFIG_COMPAT_BRK is not set > diff -- a/kernel/configs/tiny-base.config b/kernel/configs/tiny-base.config > --- a/kernel/configs/tiny-base.config > +++ b/kernel/configs/tiny-base.config > @@ -1 +1 @@ > -CONFIG_EMBEDDED=y > +CONFIG_EXPERT=y > diff -- a/tools/testing/selftests/wireguard/qemu/kernel.config b/tools/testing/selftests/wireguard/qemu/kernel.config > --- a/tools/testing/selftests/wireguard/qemu/kernel.config > +++ b/tools/testing/selftests/wireguard/qemu/kernel.config > @@ -41,7 +41,6 @@ CONFIG_KALLSYMS=y > CONFIG_BUG=y > CONFIG_CC_OPTIMIZE_FOR_PERFORMANCE=y > CONFIG_JUMP_LABEL=y > -CONFIG_EMBEDDED=n > CONFIG_BASE_FULL=y > CONFIG_FUTEX=y > CONFIG_SHMEM=y From rm at romanrm.net Wed Aug 16 22:29:02 2023 From: rm at romanrm.net (Roman Mamedov) Date: Thu, 17 Aug 2023 03:29:02 +0500 Subject: [PATCH] wg-quick: linux: add restart command. In-Reply-To: <20230816050653.28972-1-henrik@eossweden.org> References: <20230816050653.28972-1-henrik@eossweden.org> Message-ID: <20230817032902.0d2f7a29@nvm> On Wed, 16 Aug 2023 07:06:53 +0200 Henrik Hautakoski wrote: > Add a simple "restart" command that just do cmd_down followed by an cmd_up. Saves abit of typing :) > > Signed-off-by: Henrik Hautakoski > --- > src/wg-quick/linux.bash | 7 ++++++- > 1 file changed, 6 insertions(+), 1 deletion(-) > > diff --git a/src/wg-quick/linux.bash b/src/wg-quick/linux.bash > index 69e5bef..cc9f288 100755 > --- a/src/wg-quick/linux.bash > +++ b/src/wg-quick/linux.bash > @@ -298,7 +298,7 @@ execute_hooks() { > > cmd_usage() { > cat >&2 <<-_EOF > - Usage: $PROGRAM [ up | down | save | strip ] [ CONFIG_FILE | INTERFACE ] > + Usage: $PROGRAM [ up | down | restart | save | strip ] [ CONFIG_FILE | INTERFACE ] > > CONFIG_FILE is a configuration file, whose filename is the interface name > followed by \`.conf'. Otherwise, INTERFACE is an interface name, with > @@ -373,6 +373,11 @@ elif [[ $# -eq 2 && $1 == down ]]; then > auto_su > parse_options "$2" > cmd_down > +elif [[ $# -eq 2 && $1 == restart ]]; then > + auto_su > + parse_options "$2" > + cmd_down > + cmd_up cmd_down and the lines prior use a TAB to indent, but cmd_up uses 4 spaces instead. -- With respect, Roman From Jason at zx2c4.com Wed Aug 16 22:58:18 2023 From: Jason at zx2c4.com (Jason A. Donenfeld) Date: Thu, 17 Aug 2023 00:58:18 +0200 Subject: [PATCH] treewide: drop CONFIG_EMBEDDED In-Reply-To: <20230816055010.31534-1-rdunlap@infradead.org> References: <20230816055010.31534-1-rdunlap@infradead.org> Message-ID: On Wed, Aug 16, 2023 at 7:50?AM Randy Dunlap wrote: > > There is only one Kconfig user of CONFIG_EMBEDDED and it can be > switched to EXPERT or "if !ARCH_MULTIPLATFORM" (suggested by Arnd). > > Signed-off-by: Randy Dunlap > Cc: Russell King > Cc: linux-arm-kernel at lists.infradead.org > Cc: Arnd Bergmann > Cc: Jason A. Donenfeld > Cc: wireguard at lists.zx2c4.com > Cc: linux-arch at vger.kernel.org > Cc: linux-snps-arc at lists.infradead.org > Cc: Vineet Gupta > Cc: Brian Cain > Cc: linux-hexagon at vger.kernel.org > Cc: Greg Ungerer > Cc: Geert Uytterhoeven > Cc: linux-m68k at lists.linux-m68k.org > Cc: Michal Simek > Cc: Thomas Bogendoerfer > Cc: Dinh Nguyen > Cc: Jonas Bonn > Cc: Stefan Kristiansson > Cc: Stafford Horne > Cc: linux-openrisc at vger.kernel.org > Cc: linux-mips at vger.kernel.org > Cc: Michael Ellerman > Cc: Nicholas Piggin > Cc: Christophe Leroy > Cc: linuxppc-dev at lists.ozlabs.org > Cc: linux-riscv at lists.infradead.org > Cc: Paul Walmsley > Cc: Palmer Dabbelt > Cc: Albert Ou > Cc: Yoshinori Sato > Cc: Rich Felker > Cc: John Paul Adrian Glaubitz > Cc: linux-sh at vger.kernel.org > Cc: Max Filippov > Cc: Josh Triplett > Cc: Masahiro Yamada > Cc: linux-kbuild at vger.kernel.org > Cc: Andrew Morton > --- > diff -- a/tools/testing/selftests/wireguard/qemu/kernel.config b/tools/testing/selftests/wireguard/qemu/kernel.config > --- a/tools/testing/selftests/wireguard/qemu/kernel.config > +++ b/tools/testing/selftests/wireguard/qemu/kernel.config > @@ -41,7 +41,6 @@ CONFIG_KALLSYMS=y > CONFIG_BUG=y > CONFIG_CC_OPTIMIZE_FOR_PERFORMANCE=y > CONFIG_JUMP_LABEL=y > -CONFIG_EMBEDDED=n > CONFIG_BASE_FULL=y > CONFIG_FUTEX=y > CONFIG_SHMEM=y Acked-by: Jason A. Donenfeld From henrik at eossweden.org Thu Aug 17 01:52:11 2023 From: henrik at eossweden.org (Henrik Hautakoski) Date: Thu, 17 Aug 2023 03:52:11 +0200 Subject: [PATCH v1] wg-quick: linux: add restart command. In-Reply-To: <20230817032902.0d2f7a29@nvm> References: <20230817032902.0d2f7a29@nvm> Message-ID: <20230817015211.82114-1-henrik@eossweden.org> --- v1: indent fix. src/wg-quick/linux.bash | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/src/wg-quick/linux.bash b/src/wg-quick/linux.bash index 69e5bef..4300268 100755 --- a/src/wg-quick/linux.bash +++ b/src/wg-quick/linux.bash @@ -298,7 +298,7 @@ execute_hooks() { cmd_usage() { cat >&2 <<-_EOF - Usage: $PROGRAM [ up | down | save | strip ] [ CONFIG_FILE | INTERFACE ] + Usage: $PROGRAM [ up | down | restart | save | strip ] [ CONFIG_FILE | INTERFACE ] CONFIG_FILE is a configuration file, whose filename is the interface name followed by \`.conf'. Otherwise, INTERFACE is an interface name, with @@ -373,6 +373,11 @@ elif [[ $# -eq 2 && $1 == down ]]; then auto_su parse_options "$2" cmd_down +elif [[ $# -eq 2 && $1 == restart ]]; then + auto_su + parse_options "$2" + cmd_down + cmd_up elif [[ $# -eq 2 && $1 == save ]]; then auto_su parse_options "$2" -- 2.41.0 From rdunlap at infradead.org Thu Aug 17 03:15:09 2023 From: rdunlap at infradead.org (Randy Dunlap) Date: Wed, 16 Aug 2023 20:15:09 -0700 Subject: [PATCH] treewide: drop CONFIG_EMBEDDED In-Reply-To: <38e1a01b-1e8b-7c66-bafc-fc5861f08da9@gmail.com> References: <38e1a01b-1e8b-7c66-bafc-fc5861f08da9@gmail.com> Message-ID: <86e329b1-c8d7-47bf-8be8-3326daf74eb5@infradead.org> Hi Jesse, On 8/16/23 15:45, Jesse Taube wrote: > Hi, Randy > >> diff -- a/init/Kconfig b/init/Kconfig >> --- a/init/Kconfig >> +++ b/init/Kconfig >> @@ -1790,14 +1790,6 @@ config DEBUG_RSEQ >> >>??????? If unsure, say N. >> >> -config EMBEDDED >> -??? bool "Embedded system" >> -??? select EXPERT >> -??? help >> -????? This option should be enabled if compiling the kernel for >> -????? an embedded system so certain expert options are available >> -????? for configuration. > > Wouldn't removing this break many out of tree configs? I'm not familiar with out-of-tree configs. Do you have some examples of some that use CONFIG_EMBEDDED? (not distros) > Should there be a warning here to update change it instead of removal? kconfig doesn't have a warning mechanism AFAIK. Do you have an idea of how this would work? We could make a smaller change to init/Kconfig, like so: config EMBEDDED - bool "Embedded system" + bool "Embedded system (DEPRECATED)" select EXPERT help - This option should be enabled if compiling the kernel for - an embedded system so certain expert options are available - for configuration. + This option is being removed after Linux 6.6. + Use EXPERT instead of EMBEDDED. but there is no way to produce a warning message. I.e., even with this change, the message will probably be overlooked. --- ~Randy From syzbot+c1cc0083f159b67cb192 at syzkaller.appspotmail.com Thu Aug 17 09:15:07 2023 From: syzbot+c1cc0083f159b67cb192 at syzkaller.appspotmail.com (syzbot) Date: Thu, 17 Aug 2023 02:15:07 -0700 Subject: [syzbot] [wireguard?] INFO: rcu detected stall in wg_ratelimiter_gc_entries (2) Message-ID: <00000000000021dc2806031ad901@google.com> Hello, syzbot found the following issue on: HEAD commit: ace0ab3a4b54 Revert "vlan: Fix VLAN 0 memory leak" git tree: net console output: https://syzkaller.appspot.com/x/log.txt?x=16153769a80000 kernel config: https://syzkaller.appspot.com/x/.config?x=3e670757e16affb dashboard link: https://syzkaller.appspot.com/bug?extid=c1cc0083f159b67cb192 compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 syz repro: https://syzkaller.appspot.com/x/repro.syz?x=1227599ba80000 C reproducer: https://syzkaller.appspot.com/x/repro.c?x=17414927a80000 Downloadable assets: disk image: https://storage.googleapis.com/syzbot-assets/e03bf2f0ff9c/disk-ace0ab3a.raw.xz vmlinux: https://storage.googleapis.com/syzbot-assets/ad6e79c01723/vmlinux-ace0ab3a.xz kernel image: https://storage.googleapis.com/syzbot-assets/617319e5afb7/bzImage-ace0ab3a.xz The issue was bisected to: commit c2368b19807affd7621f7c4638cd2e17fec13021 Author: Jiri Pirko Date: Fri Jul 29 07:10:35 2022 +0000 net: devlink: introduce "unregistering" mark and use it during devlinks iteration bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=17901617a80000 final oops: https://syzkaller.appspot.com/x/report.txt?x=14501617a80000 console output: https://syzkaller.appspot.com/x/log.txt?x=10501617a80000 IMPORTANT: if you fix the issue, please add the following tag to the commit: Reported-by: syzbot+c1cc0083f159b67cb192 at syzkaller.appspotmail.com Fixes: c2368b19807a ("net: devlink: introduce "unregistering" mark and use it during devlinks iteration") rcu: INFO: rcu_preempt self-detected stall on CPU rcu: 1-....: (10499 ticks this GP) idle=2d5c/1/0x4000000000000000 softirq=8994/8995 fqs=4737 rcu: hardirqs softirqs csw/system rcu: number: 0 0 0 rcu: cputime: 32198 20291 25 ==> 52490(ms) rcu: (t=10500 jiffies g=7889 q=546 ncpus=2) CPU: 1 PID: 5075 Comm: kworker/1:6 Not tainted 6.5.0-rc5-syzkaller-00194-gace0ab3a4b54 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/26/2023 Workqueue: events_power_efficient wg_ratelimiter_gc_entries RIP: 0010:taprio_next_tc_txq net/sched/sch_taprio.c:771 [inline] RIP: 0010:taprio_dequeue_tc_priority+0x2fb/0x4b0 net/sched/sch_taprio.c:801 Code: 01 00 00 48 be 00 00 00 00 00 fc ff df 48 8b 4c 24 28 48 89 c8 48 c1 e8 03 0f b6 14 30 48 89 c8 83 e0 07 83 c0 01 38 d0 7c 08 <84> d2 0f 85 da 00 00 00 48 8b 04 24 45 0f b7 75 fe 0f b6 00 38 44 RSP: 0000:ffffc900001e0d60 EFLAGS: 00000202 RAX: 0000000000000007 RBX: ffff88806f6f6394 RCX: ffff88807b860b5e RDX: 0000000000000000 RSI: dffffc0000000000 RDI: dffffc0000000000 RBP: 000000000000000b R08: 0000000000000005 R09: 0000000000000000 R10: 0000000000000000 R11: 000000000000004e R12: 0000000000000008 R13: ffff88807b860b60 R14: 0000000000000000 R15: 0000000000000001 FS: 0000000000000000(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f5ace99f5c0 CR3: 000000006f75b000 CR4: 00000000003506e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: taprio_dequeue+0x12e/0x5f0 net/sched/sch_taprio.c:868 dequeue_skb net/sched/sch_generic.c:292 [inline] qdisc_restart net/sched/sch_generic.c:397 [inline] __qdisc_run+0x1c4/0x19d0 net/sched/sch_generic.c:415 qdisc_run include/net/pkt_sched.h:125 [inline] qdisc_run include/net/pkt_sched.h:122 [inline] net_tx_action+0x71e/0xc80 net/core/dev.c:5049 __do_softirq+0x218/0x965 kernel/softirq.c:553 invoke_softirq kernel/softirq.c:427 [inline] __irq_exit_rcu kernel/softirq.c:632 [inline] irq_exit_rcu+0xb7/0x120 kernel/softirq.c:644 sysvec_apic_timer_interrupt+0x93/0xc0 arch/x86/kernel/apic/apic.c:1109 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:645 RIP: 0010:lock_acquire+0x1ef/0x510 kernel/locking/lockdep.c:5729 Code: c1 05 d5 6e 9b 7e 83 f8 01 0f 85 b0 02 00 00 9c 58 f6 c4 02 0f 85 9b 02 00 00 48 85 ed 74 01 fb 48 b8 00 00 00 00 00 fc ff df <48> 01 c3 48 c7 03 00 00 00 00 48 c7 43 08 00 00 00 00 48 8b 84 24 RSP: 0000:ffffc90003e1fb98 EFLAGS: 00000206 RAX: dffffc0000000000 RBX: 1ffff920007c3f75 RCX: 0000000000000001 RDX: 1ffff11003f03c80 RSI: ffffffff8a6c83a0 RDI: ffffffff8ac811a0 RBP: 0000000000000200 R08: 0000000000000000 R09: fffffbfff2309dea R10: ffffffff9184ef57 R11: 0000000000000000 R12: 0000000000000001 R13: 0000000000000000 R14: ffffffff8d89afb8 R15: 0000000000000000 __raw_spin_lock include/linux/spinlock_api_smp.h:133 [inline] _raw_spin_lock+0x2e/0x40 kernel/locking/spinlock.c:154 spin_lock include/linux/spinlock.h:351 [inline] wg_ratelimiter_gc_entries+0xc6/0x520 drivers/net/wireguard/ratelimiter.c:63 process_one_work+0xaa2/0x16f0 kernel/workqueue.c:2600 worker_thread+0x687/0x1110 kernel/workqueue.c:2751 kthread+0x33a/0x430 kernel/kthread.c:389 ret_from_fork+0x2c/0x70 arch/x86/kernel/process.c:145 ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:304 --- This report is generated by a bot. It may contain errors. See https://goo.gl/tpsmEJ for more information about syzbot. syzbot engineers can be reached at syzkaller at googlegroups.com. syzbot will keep track of this issue. See: https://goo.gl/tpsmEJ#status for how to communicate with syzbot. For information about bisection process see: https://goo.gl/tpsmEJ#bisection If the bug is already fixed, let syzbot know by replying with: #syz fix: exact-commit-title If you want syzbot to run the reproducer, reply with: #syz test: git://repo/address.git branch-or-commit-hash If you attach or paste a git patch, syzbot will apply it before testing. If you want to overwrite bug's subsystems, reply with: #syz set subsystems: new-subsystem (See the list of subsystem names on the web dashboard) If the bug is a duplicate of another bug, reply with: #syz dup: exact-subject-of-another-report If you want to undo deduplication, reply with: #syz undup From dxld at darkboxed.org Thu Aug 17 20:02:02 2023 From: dxld at darkboxed.org (=?UTF-8?q?Daniel=20Gr=C3=B6ber?=) Date: Thu, 17 Aug 2023 22:02:02 +0200 Subject: [PATCH] wireguard: Fix leaking sockets in wg_socket_init error paths Message-ID: <20230817200202.917382-1-dxld@darkboxed.org> --- drivers/net/wireguard/socket.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/drivers/net/wireguard/socket.c b/drivers/net/wireguard/socket.c index 0414d7a6ce74..c35163f503e7 100644 --- a/drivers/net/wireguard/socket.c +++ b/drivers/net/wireguard/socket.c @@ -387,7 +387,7 @@ int wg_socket_init(struct wg_device *wg, u16 port) ret = udp_sock_create(net, &port4, &new4); if (ret < 0) { pr_err("%s: Could not create IPv4 socket\n", wg->dev->name); - goto out; + goto err; } set_sock_opts(new4); setup_udp_tunnel_sock(net, new4, &cfg); @@ -402,7 +402,7 @@ int wg_socket_init(struct wg_device *wg, u16 port) goto retry; pr_err("%s: Could not create IPv6 socket\n", wg->dev->name); - goto out; + goto err; } set_sock_opts(new6); setup_udp_tunnel_sock(net, new6, &cfg); @@ -414,6 +414,11 @@ int wg_socket_init(struct wg_device *wg, u16 port) out: put_net(net); return ret; + +err: + sock_free(new4 ? new4->sk : NULL); + sock_free(new6 ? new6->sk : NULL); + goto out; } void wg_socket_reinit(struct wg_device *wg, struct sock *new4, -- 2.39.2 From dxld at darkboxed.org Thu Aug 17 20:02:18 2023 From: dxld at darkboxed.org (=?UTF-8?q?Daniel=20Gr=C3=B6ber?=) Date: Thu, 17 Aug 2023 22:02:18 +0200 Subject: [PATCH] wireguard: Add netlink attrs for binding to address and netdev Message-ID: <20230817200218.917665-1-dxld@darkboxed.org> Multihomed hosts may want to run distinct wg tunnels across all their uplinks for redundant connectivity. Currently this entails picking different ports for each wg tunnel since we allow only binding to the wildcard address. Sharing a single port-number for all uplink connections (but bound to a particular IP/netdev) simplifies managment considerably. A closely related use-case that also touches the socket binding code is having a wg socket be part of a VRF. This mirrors how we support socket and wg device in distinct namespaces. To make using VRFs with wg easy we want to be able to bind to a particular device as this will cause the kernel to automatically route all outgoing packets with the VRF's routing table and (in the default udp_l3mdev_accept=0 config) only accept packets from interfaces in the VRF without the need for netfilter rules. While users can currently use VRFs for wg tunnel traffic by configuring fwmark ip-rules and setting sysctl udp_l3mdev_accept=1 (with or without additional nft filtering) this is at best a cludge. When VRF membership changes it becomes a major hassle to keep ip-rules up to date. --- drivers/net/wireguard/device.c | 4 +-- drivers/net/wireguard/device.h | 3 +- drivers/net/wireguard/netlink.c | 51 ++++++++++++++++++++++++++++----- drivers/net/wireguard/socket.c | 41 +++++++++++++++++--------- drivers/net/wireguard/socket.h | 3 +- include/uapi/linux/wireguard.h | 6 ++++ 6 files changed, 83 insertions(+), 25 deletions(-) diff --git a/drivers/net/wireguard/device.c b/drivers/net/wireguard/device.c index 258dcc103921..fdaaf0238a49 100644 --- a/drivers/net/wireguard/device.c +++ b/drivers/net/wireguard/device.c @@ -48,7 +48,7 @@ static int wg_open(struct net_device *dev) dev_v6->cnf.addr_gen_mode = IN6_ADDR_GEN_MODE_NONE; mutex_lock(&wg->device_update_lock); - ret = wg_socket_init(wg, wg->incoming_port); + ret = wg_socket_init(wg, wg->port_cfg); if (ret < 0) goto out; list_for_each_entry(peer, &wg->peer_list, peer_list) { @@ -249,7 +249,7 @@ static void wg_destruct(struct net_device *dev) rtnl_unlock(); mutex_lock(&wg->device_update_lock); rcu_assign_pointer(wg->creating_net, NULL); - wg->incoming_port = 0; + memzero_explicit(&wg->port_cfg, sizeof(wg->port_cfg)); wg_socket_reinit(wg, NULL, NULL); /* The final references are cleared in the below calls to destroy_workqueue. */ wg_peer_remove_all(wg); diff --git a/drivers/net/wireguard/device.h b/drivers/net/wireguard/device.h index 43c7cebbf50b..ac4092d8c9d0 100644 --- a/drivers/net/wireguard/device.h +++ b/drivers/net/wireguard/device.h @@ -17,6 +17,7 @@ #include #include #include +#include struct wg_device; @@ -53,7 +54,7 @@ struct wg_device { atomic_t handshake_queue_len; unsigned int num_peers, device_update_gen; u32 fwmark; - u16 incoming_port; + struct udp_port_cfg port_cfg; }; int wg_device_init(void); diff --git a/drivers/net/wireguard/netlink.c b/drivers/net/wireguard/netlink.c index 6d1bd9f52d02..ff9c9d9c8ac5 100644 --- a/drivers/net/wireguard/netlink.c +++ b/drivers/net/wireguard/netlink.c @@ -26,6 +26,8 @@ static const struct nla_policy device_policy[WGDEVICE_A_MAX + 1] = { [WGDEVICE_A_PUBLIC_KEY] = NLA_POLICY_EXACT_LEN(NOISE_PUBLIC_KEY_LEN), [WGDEVICE_A_FLAGS] = { .type = NLA_U32 }, [WGDEVICE_A_LISTEN_PORT] = { .type = NLA_U16 }, + [WGDEVICE_A_LISTEN_ADDR] = NLA_POLICY_MIN_LEN(sizeof(struct in_addr)), + [WGDEVICE_A_LISTEN_IFINDEX] = { .type = NLA_U32 }, [WGDEVICE_A_FWMARK] = { .type = NLA_U32 }, [WGDEVICE_A_PEERS] = { .type = NLA_NESTED } }; @@ -230,11 +232,20 @@ static int wg_get_device_dump(struct sk_buff *skb, struct netlink_callback *cb) if (!ctx->next_peer) { if (nla_put_u16(skb, WGDEVICE_A_LISTEN_PORT, - wg->incoming_port) || + ntohs(wg->port_cfg.local_udp_port)) || + nla_put_u32(skb, WGDEVICE_A_LISTEN_IFINDEX, wg->port_cfg.bind_ifindex) || nla_put_u32(skb, WGDEVICE_A_FWMARK, wg->fwmark) || nla_put_u32(skb, WGDEVICE_A_IFINDEX, wg->dev->ifindex) || nla_put_string(skb, WGDEVICE_A_IFNAME, wg->dev->name)) goto out; + if (wg->port_cfg.family == AF_INET && + nla_put_in_addr(skb, WGDEVICE_A_LISTEN_ADDR, + wg->port_cfg.local_ip.s_addr)) + goto out; + if (wg->port_cfg.family == AF_INET6 && + nla_put_in6_addr(skb, WGDEVICE_A_LISTEN_ADDR, + &wg->port_cfg.local_ip6)) + goto out; down_read(&wg->static_identity.lock); if (wg->static_identity.has_identity) { @@ -311,19 +322,46 @@ static int wg_get_device_done(struct netlink_callback *cb) return 0; } -static int set_port(struct wg_device *wg, u16 port) +static int set_port_cfg(struct wg_device *wg, struct nlattr **attrs) { struct wg_peer *peer; + struct udp_port_cfg port_cfg = { + .family = AF_UNSPEC, + }; + + if (attrs[WGDEVICE_A_LISTEN_PORT]) + port_cfg.local_udp_port = + htons(nla_get_u16(attrs[WGDEVICE_A_LISTEN_PORT])); + if (attrs[WGDEVICE_A_LISTEN_ADDR]) { + union { + struct in_addr addr4; + struct in6_addr addr6; + } *u_addr = nla_data(attrs[WGDEVICE_A_LISTEN_ADDR]); + size_t len = nla_len(attrs[WGDEVICE_A_LISTEN_ADDR]); + if (len == sizeof(struct in_addr)) { + port_cfg.family = AF_INET; + port_cfg.local_ip = u_addr->addr4; + } else if (len == sizeof(struct in6_addr)) { + if (!IS_ENABLED(CONFIG_IPV6)) + return -EAFNOSUPPORT; + port_cfg.family = AF_INET6; + port_cfg.local_ip6 = u_addr->addr6; + } + } + if (attrs[WGDEVICE_A_LISTEN_IFINDEX]) { + port_cfg.bind_ifindex = + nla_get_u32(attrs[WGDEVICE_A_LISTEN_IFINDEX]); + } - if (wg->incoming_port == port) + if (memcmp(&port_cfg, &wg->port_cfg, sizeof(port_cfg)) == 0) return 0; list_for_each_entry(peer, &wg->peer_list, peer_list) wg_socket_clear_peer_endpoint_src(peer); if (!netif_running(wg->dev)) { - wg->incoming_port = port; + wg->port_cfg = port_cfg; return 0; } - return wg_socket_init(wg, port); + return wg_socket_init(wg, port_cfg); } static int set_allowedip(struct wg_peer *peer, struct nlattr **attrs) @@ -531,8 +569,7 @@ static int wg_set_device(struct sk_buff *skb, struct genl_info *info) } if (info->attrs[WGDEVICE_A_LISTEN_PORT]) { - ret = set_port(wg, - nla_get_u16(info->attrs[WGDEVICE_A_LISTEN_PORT])); + ret = set_port_cfg(wg, info->attrs); if (ret) goto out; } diff --git a/drivers/net/wireguard/socket.c b/drivers/net/wireguard/socket.c index c35163f503e7..cbd3958af890 100644 --- a/drivers/net/wireguard/socket.c +++ b/drivers/net/wireguard/socket.c @@ -346,7 +346,7 @@ static void set_sock_opts(struct socket *sock) sk_set_memalloc(sock->sk); } -int wg_socket_init(struct wg_device *wg, u16 port) +int wg_socket_init(struct wg_device *wg, struct udp_port_cfg port_cfg) { struct net *net; int ret; @@ -356,12 +356,7 @@ int wg_socket_init(struct wg_device *wg, u16 port) .encap_rcv = wg_receive }; struct socket *new4 = NULL, *new6 = NULL; - struct udp_port_cfg port4 = { - .family = AF_INET, - .local_ip.s_addr = htonl(INADDR_ANY), - .local_udp_port = htons(port), - .use_udp_checksums = true - }; + struct udp_port_cfg port4; #if IS_ENABLED(CONFIG_IPV6) int retries = 0; struct udp_port_cfg port6 = { @@ -373,6 +368,23 @@ int wg_socket_init(struct wg_device *wg, u16 port) }; #endif + if (port_cfg.family == AF_UNSPEC) { + port4 = (struct udp_port_cfg) { + .family = AF_INET, + .local_ip.s_addr = htonl(INADDR_ANY), + .local_udp_port = port_cfg.local_udp_port, + .use_udp_checksums = true + }; + } else { + port4 = port_cfg; + port4.use_udp_checksums = true; + if (IS_ENABLED(CONFIG_IPV6) && port_cfg.family == AF_INET6) { + port4.use_udp6_tx_checksums = true; + port4.use_udp6_rx_checksums = true; + port4.ipv6_v6only = true; + } + } + rcu_read_lock(); net = rcu_dereference(wg->creating_net); net = net ? maybe_get_net(net) : NULL; @@ -380,10 +392,6 @@ int wg_socket_init(struct wg_device *wg, u16 port) if (unlikely(!net)) return -ENONET; -#if IS_ENABLED(CONFIG_IPV6) -retry: -#endif - ret = udp_sock_create(net, &port4, &new4); if (ret < 0) { pr_err("%s: Could not create IPv4 socket\n", wg->dev->name); @@ -392,13 +400,18 @@ int wg_socket_init(struct wg_device *wg, u16 port) set_sock_opts(new4); setup_udp_tunnel_sock(net, new4, &cfg); + if (port_cfg.family != AF_UNSPEC) + goto reinit; + #if IS_ENABLED(CONFIG_IPV6) +retry: if (ipv6_mod_enabled()) { port6.local_udp_port = inet_sk(new4->sk)->inet_sport; ret = udp_sock_create(net, &port6, &new6); if (ret < 0) { udp_tunnel_sock_release(new4); - if (ret == -EADDRINUSE && !port && retries++ < 100) + if (ret == -EADDRINUSE && !port_cfg.local_udp_port && + retries++ < 100) goto retry; pr_err("%s: Could not create IPv6 socket\n", wg->dev->name); @@ -409,6 +422,8 @@ int wg_socket_init(struct wg_device *wg, u16 port) } #endif +reinit: + wg->port_cfg = port_cfg; wg_socket_reinit(wg, new4->sk, new6 ? new6->sk : NULL); ret = 0; out: @@ -433,8 +448,6 @@ void wg_socket_reinit(struct wg_device *wg, struct sock *new4, lockdep_is_held(&wg->socket_update_lock)); rcu_assign_pointer(wg->sock4, new4); rcu_assign_pointer(wg->sock6, new6); - if (new4) - wg->incoming_port = ntohs(inet_sk(new4)->inet_sport); mutex_unlock(&wg->socket_update_lock); synchronize_net(); sock_free(old4); diff --git a/drivers/net/wireguard/socket.h b/drivers/net/wireguard/socket.h index bab5848efbcd..1532a263c518 100644 --- a/drivers/net/wireguard/socket.h +++ b/drivers/net/wireguard/socket.h @@ -10,8 +10,9 @@ #include #include #include +#include -int wg_socket_init(struct wg_device *wg, u16 port); +int wg_socket_init(struct wg_device *wg, struct udp_port_cfg port); void wg_socket_reinit(struct wg_device *wg, struct sock *new4, struct sock *new6); int wg_socket_send_buffer_to_peer(struct wg_peer *peer, void *data, diff --git a/include/uapi/linux/wireguard.h b/include/uapi/linux/wireguard.h index ae88be14c947..240d1c850dfd 100644 --- a/include/uapi/linux/wireguard.h +++ b/include/uapi/linux/wireguard.h @@ -28,6 +28,8 @@ * WGDEVICE_A_PRIVATE_KEY: NLA_EXACT_LEN, len WG_KEY_LEN * WGDEVICE_A_PUBLIC_KEY: NLA_EXACT_LEN, len WG_KEY_LEN * WGDEVICE_A_LISTEN_PORT: NLA_U16 + * WGDEVICE_A_LISTEN_ADDR : NLA_MIN_LEN(struct sockaddr), struct sockaddr_in or struct sockaddr_in6 + * WGDEVICE_A_LISTEN_IFINDEX : NLA_U32 * WGDEVICE_A_FWMARK: NLA_U32 * WGDEVICE_A_PEERS: NLA_NESTED * 0: NLA_NESTED @@ -82,6 +84,8 @@ * peers should be removed prior to adding the list below. * WGDEVICE_A_PRIVATE_KEY: len WG_KEY_LEN, all zeros to remove * WGDEVICE_A_LISTEN_PORT: NLA_U16, 0 to choose randomly + * WGDEVICE_A_LISTEN_ADDR : struct sockaddr_in or struct sockaddr_in6. + * WGDEVICE_A_LISTEN_IFINDEX : NLA_U32 * WGDEVICE_A_FWMARK: NLA_U32, 0 to disable * WGDEVICE_A_PEERS: NLA_NESTED * 0: NLA_NESTED @@ -157,6 +161,8 @@ enum wgdevice_attribute { WGDEVICE_A_LISTEN_PORT, WGDEVICE_A_FWMARK, WGDEVICE_A_PEERS, + WGDEVICE_A_LISTEN_ADDR, + WGDEVICE_A_LISTEN_IFINDEX, __WGDEVICE_A_LAST }; #define WGDEVICE_A_MAX (__WGDEVICE_A_LAST - 1) -- 2.39.2 From dxld at darkboxed.org Thu Aug 17 20:11:34 2023 From: dxld at darkboxed.org (=?UTF-8?q?Daniel=20Gr=C3=B6ber?=) Date: Thu, 17 Aug 2023 22:11:34 +0200 Subject: [PATCH 1/5] wg: Support restricting address family of DNS resolved Endpoint Message-ID: <20230817201138.930780-1-dxld@darkboxed.org> When using wireguard tunnels for providing IPv6 connectivity to machines it can be important to pin which IP address family should be used. Consider a peer using a DNS name with both A/AAAA records, wg will currently blindly follow system policy and use the first address returned by getaddrinfo(). In typical deployments this will cause the IPv6 address of the peer to be used, however when the whole IPv6 internet is being routed over our wg iface all this accomplishes is a traffic black hole. Naturally this can be worked around by having different DNS names for v4-only / dual-stack addresses, however this may not be possible in some situations where, say, a dynamic-DNS service is also in use. To fix this we allow users to control which address family they want using the new AddressFamily= config option, see wg.8 for details. We also update reresolve-dns to take the AddressFamily option into account. We would like to note that the not_oif patch[1] would also alleviate this problem but since this never got merged it's not a workable solution. [1]: http://marc.info/?t=145452167200014&r=1&w=2 Signed-off-by: Daniel Gr?ber --- contrib/reresolve-dns/reresolve-dns.sh | 4 ++- src/config.c | 41 ++++++++++++++++++++------ src/config.h | 2 +- src/containers.h | 5 ++++ src/man/wg.8 | 8 ++++- src/set.c | 9 +++++- src/setconf.c | 2 +- 7 files changed, 57 insertions(+), 14 deletions(-) diff --git a/contrib/reresolve-dns/reresolve-dns.sh b/contrib/reresolve-dns/reresolve-dns.sh index 711c332..bdb47ac 100755 --- a/contrib/reresolve-dns/reresolve-dns.sh +++ b/contrib/reresolve-dns/reresolve-dns.sh @@ -17,7 +17,7 @@ process_peer() { [[ $PEER_SECTION -ne 1 || -z $PUBLIC_KEY || -z $ENDPOINT ]] && return 0 [[ $(wg show "$INTERFACE" latest-handshakes) =~ ${PUBLIC_KEY//+/\\+}\ ([0-9]+) ]] || return 0 (( ($EPOCHSECONDS - ${BASH_REMATCH[1]}) > 135 )) || return 0 - wg set "$INTERFACE" peer "$PUBLIC_KEY" endpoint "$ENDPOINT" + wg set "$INTERFACE" peer "$PUBLIC_KEY" endpoint "$ENDPOINT" address-family "$FAMILY" reset_peer_section } @@ -25,6 +25,7 @@ reset_peer_section() { PEER_SECTION=0 PUBLIC_KEY="" ENDPOINT="" + FAMILY=unspec } reset_peer_section @@ -38,6 +39,7 @@ while read -r line || [[ -n $line ]]; do case "$key" in PublicKey) PUBLIC_KEY="$value"; continue ;; Endpoint) ENDPOINT="$value"; continue ;; + AddressFamily) FAMILY="$value"; continue ;; esac fi done < "$CONFIG_FILE" diff --git a/src/config.c b/src/config.c index 1e924c7..f9980fe 100644 --- a/src/config.c +++ b/src/config.c @@ -192,14 +192,14 @@ static inline int parse_dns_retries(void) return (int)ret; } -static inline bool parse_endpoint(struct sockaddr *endpoint, const char *value) +static inline bool parse_endpoint(struct sockaddr *endpoint, const char *value, int family) { char *mutable = strdup(value); char *begin, *end; int ret, retries = parse_dns_retries(); struct addrinfo *resolved; struct addrinfo hints = { - .ai_family = AF_UNSPEC, + .ai_family = family, .ai_socktype = SOCK_DGRAM, .ai_protocol = IPPROTO_UDP }; @@ -279,6 +279,20 @@ static inline bool parse_endpoint(struct sockaddr *endpoint, const char *value) return true; } +static inline bool parse_address_family(int *family, const char *value) +{ + if (strcmp(value, "inet") == 0) + *family = AF_INET; + else if (strcmp(value, "inet6") == 0) + *family = AF_INET6; + else if (strcmp(value, "unspec") == 0) + *family = AF_UNSPEC; + else + return false; + + return true; +} + static inline bool parse_persistent_keepalive(uint16_t *interval, uint32_t *flags, const char *value) { unsigned long ret; @@ -458,8 +472,10 @@ static bool process_line(struct config_ctx *ctx, const char *line) goto error; } else if (ctx->is_peer_section) { if (key_match("Endpoint")) - ret = parse_endpoint(&ctx->last_peer->endpoint.addr, value); - else if (key_match("PublicKey")) { + ctx->last_peer->endpoint_value = strdup(value); + else if (key_match("AddressFamily")) { + ret = parse_address_family(&ctx->last_peer->addr_fam, value); + } else if (key_match("PublicKey")) { ret = parse_key(ctx->last_peer->public_key, value); if (ret) ctx->last_peer->flags |= WGPEER_HAS_PUBLIC_KEY; @@ -535,19 +551,22 @@ bool config_read_init(struct config_ctx *ctx, bool append) return true; } -struct wgdevice *config_read_finish(struct config_ctx *ctx) +struct wgdevice *config_read_finish(struct wgdevice *device) { struct wgpeer *peer; - for_each_wgpeer(ctx->device, peer) { + for_each_wgpeer(device, peer) { if (!(peer->flags & WGPEER_HAS_PUBLIC_KEY)) { fprintf(stderr, "A peer is missing a public key\n"); goto err; } + + if (!parse_endpoint(&peer->endpoint.addr, peer->endpoint_value, peer->addr_fam)) + goto err; } - return ctx->device; + return device; err: - free_wgdevice(ctx->device); + free_wgdevice(device); return NULL; } @@ -619,7 +638,11 @@ struct wgdevice *config_read_cmd(const char *argv[], int argc) argv += 1; argc -= 1; } else if (!strcmp(argv[0], "endpoint") && argc >= 2 && peer) { - if (!parse_endpoint(&peer->endpoint.addr, argv[1])) + peer->endpoint_value = strdup(argv[1]); + argv += 2; + argc -= 2; + } else if (!strcmp(argv[0], "address-family") && argc >= 2 && peer) { + if (!parse_address_family(&peer->addr_fam, argv[1])) goto error; argv += 2; argc -= 2; diff --git a/src/config.h b/src/config.h index 443cf21..6f81da2 100644 --- a/src/config.h +++ b/src/config.h @@ -22,6 +22,6 @@ struct config_ctx { struct wgdevice *config_read_cmd(const char *argv[], int argc); bool config_read_init(struct config_ctx *ctx, bool append); bool config_read_line(struct config_ctx *ctx, const char *line); -struct wgdevice *config_read_finish(struct config_ctx *ctx); +struct wgdevice *config_read_finish(struct wgdevice *device); #endif diff --git a/src/containers.h b/src/containers.h index a82e8dd..c111621 100644 --- a/src/containers.h +++ b/src/containers.h @@ -52,12 +52,15 @@ struct wgpeer { uint8_t public_key[WG_KEY_LEN]; uint8_t preshared_key[WG_KEY_LEN]; + char *endpoint_value; union { struct sockaddr addr; struct sockaddr_in addr4; struct sockaddr_in6 addr6; } endpoint; + int addr_fam; + struct timespec64 last_handshake_time; uint64_t rx_bytes, tx_bytes; uint16_t persistent_keepalive_interval; @@ -99,6 +102,8 @@ static inline void free_wgdevice(struct wgdevice *dev) for (struct wgpeer *peer = dev->first_peer, *np = peer ? peer->next_peer : NULL; peer; peer = np, np = peer ? peer->next_peer : NULL) { for (struct wgallowedip *allowedip = peer->first_allowedip, *na = allowedip ? allowedip->next_allowedip : NULL; allowedip; allowedip = na, na = allowedip ? allowedip->next_allowedip : NULL) free(allowedip); + if (peer->endpoint_value) + free(peer->endpoint_value); free(peer); } free(dev); diff --git a/src/man/wg.8 b/src/man/wg.8 index a5d8bcf..48f084d 100644 --- a/src/man/wg.8 +++ b/src/man/wg.8 @@ -55,7 +55,7 @@ transfer-rx, transfer-tx, persistent-keepalive. Shows the current configuration of \fI\fP in the format described by \fICONFIGURATION FILE FORMAT\fP below. .TP -\fBset\fP \fI\fP [\fIlisten-port\fP \fI\fP] [\fIfwmark\fP \fI\fP] [\fIprivate-key\fP \fI\fP] [\fIpeer\fP \fI\fP [\fIremove\fP] [\fIpreshared-key\fP \fI\fP] [\fIendpoint\fP \fI:\fP] [\fIpersistent-keepalive\fP \fI\fP] [\fIallowed-ips\fP \fI/\fP[,\fI/\fP]...] ]... +\fBset\fP \fI\fP [\fIlisten-port\fP \fI\fP] [\fIfwmark\fP \fI\fP] [\fIprivate-key\fP \fI\fP] [\fIpeer\fP \fI\fP [\fIremove\fP] [\fIpreshared-key\fP \fI\fP] [\fIendpoint\fP \fI:\fP] [\fIaddress-family\fP \fI\fP] [\fIpersistent-keepalive\fP \fI\fP] [\fIallowed-ips\fP \fI/\fP[,\fI/\fP]...] ]... Sets configuration values for the specified \fI\fP. Multiple \fIpeer\fPs may be specified, and if the \fIremove\fP argument is given for a peer, that peer is removed, not configured. If \fIlisten-port\fP @@ -167,6 +167,12 @@ port number. This endpoint will be updated automatically to the most recent source IP address and port of correctly authenticated packets from the peer. Optional. .IP \(bu +AddressFamily \(em one of \fIinet\fP, \fIinet6\fP or \fIunspec\fP. When a +hostname is given for \fIEndpoint\fP, setting this to \fIinet\fP or +\fIinet6\fP will allow only addresses of the given family to be +used. Defaults to \fIunspec\fP, which causes the first returned address of +any type to be used. +.IP \(bu PersistentKeepalive \(em a seconds interval, between 1 and 65535 inclusive, of how often to send an authenticated empty packet to the peer for the purpose of keeping a stateful firewall or NAT mapping valid persistently. For example, if the interface diff --git a/src/set.c b/src/set.c index 75560fd..20ee85e 100644 --- a/src/set.c +++ b/src/set.c @@ -18,13 +18,20 @@ int set_main(int argc, const char *argv[]) int ret = 1; if (argc < 3) { - fprintf(stderr, "Usage: %s %s [listen-port ] [fwmark ] [private-key ] [peer [remove] [preshared-key ] [endpoint :] [persistent-keepalive ] [allowed-ips /[,/]...] ]...\n", PROG_NAME, argv[0]); + fprintf(stderr, "Usage: %s %s [listen-port ] [fwmark ] [private-key ] [peer [remove] [preshared-key ] [endpoint :] [address-family ] [persistent-keepalive ] [allowed-ips /[,/]...] ]...\n", PROG_NAME, argv[0]); return 1; } device = config_read_cmd(argv + 2, argc - 2); if (!device) goto cleanup; + + device = config_read_finish(device); + if (!device) { + fprintf(stderr, "Invalid configuration\n"); + goto cleanup; + } + strncpy(device->name, argv[1], IFNAMSIZ - 1); device->name[IFNAMSIZ - 1] = '\0'; diff --git a/src/setconf.c b/src/setconf.c index 1c5b138..c90fd30 100644 --- a/src/setconf.c +++ b/src/setconf.c @@ -127,7 +127,7 @@ int setconf_main(int argc, const char *argv[]) goto cleanup; } } - device = config_read_finish(&ctx); + device = config_read_finish(ctx.device); if (!device) { fprintf(stderr, "Invalid configuration\n"); goto cleanup; -- 2.39.2 From dxld at darkboxed.org Thu Aug 17 20:11:35 2023 From: dxld at darkboxed.org (=?UTF-8?q?Daniel=20Gr=C3=B6ber?=) Date: Thu, 17 Aug 2023 22:11:35 +0200 Subject: [PATCH 2/5] uapi/linux: Add definitions for address/netdev bound listen sockets In-Reply-To: <20230817201138.930780-1-dxld@darkboxed.org> References: <20230817201138.930780-1-dxld@darkboxed.org> Message-ID: <20230817201138.930780-2-dxld@darkboxed.org> Signed-off-by: Daniel Gr?ber --- src/uapi/linux/linux/wireguard.h | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/src/uapi/linux/linux/wireguard.h b/src/uapi/linux/linux/wireguard.h index 0efd52c..36afb66 100644 --- a/src/uapi/linux/linux/wireguard.h +++ b/src/uapi/linux/linux/wireguard.h @@ -28,6 +28,8 @@ * WGDEVICE_A_PRIVATE_KEY: NLA_EXACT_LEN, len WG_KEY_LEN * WGDEVICE_A_PUBLIC_KEY: NLA_EXACT_LEN, len WG_KEY_LEN * WGDEVICE_A_LISTEN_PORT: NLA_U16 + * WGDEVICE_A_LISTEN_ADDR : NLA_MIN_LEN(struct sockaddr), struct sockaddr_in or struct sockaddr_in6 + * WGDEVICE_A_LISTEN_IFINDEX : NLA_U32 * WGDEVICE_A_FWMARK: NLA_U32 * WGDEVICE_A_PEERS: NLA_NESTED * 0: NLA_NESTED @@ -82,6 +84,8 @@ * peers should be removed prior to adding the list below. * WGDEVICE_A_PRIVATE_KEY: len WG_KEY_LEN, all zeros to remove * WGDEVICE_A_LISTEN_PORT: NLA_U16, 0 to choose randomly + * WGDEVICE_A_LISTEN_ADDR : struct sockaddr_in or struct sockaddr_in6. + * WGDEVICE_A_LISTEN_IFINDEX : NLA_U32 * WGDEVICE_A_FWMARK: NLA_U32, 0 to disable * WGDEVICE_A_PEERS: NLA_NESTED * 0: NLA_NESTED @@ -157,6 +161,8 @@ enum wgdevice_attribute { WGDEVICE_A_LISTEN_PORT, WGDEVICE_A_FWMARK, WGDEVICE_A_PEERS, + WGDEVICE_A_LISTEN_ADDR, + WGDEVICE_A_LISTEN_IFINDEX, __WGDEVICE_A_LAST }; #define WGDEVICE_A_MAX (__WGDEVICE_A_LAST - 1) -- 2.39.2 From dxld at darkboxed.org Thu Aug 17 20:11:36 2023 From: dxld at darkboxed.org (=?UTF-8?q?Daniel=20Gr=C3=B6ber?=) Date: Thu, 17 Aug 2023 22:11:36 +0200 Subject: [PATCH 3/5] Support binding sockets to address and netdev for multihomed hosts In-Reply-To: <20230817201138.930780-1-dxld@darkboxed.org> References: <20230817201138.930780-1-dxld@darkboxed.org> Message-ID: <20230817201138.930780-3-dxld@darkboxed.org> Signed-off-by: Daniel Gr?ber --- src/config.c | 116 +++++++++++++++++++++++++++------------------- src/containers.h | 33 +++++++++++-- src/ipc-freebsd.h | 4 ++ src/ipc-linux.h | 38 ++++++++++++++- src/ipc-openbsd.h | 4 ++ src/ipc-uapi.h | 2 + src/ipc-windows.h | 4 ++ src/man/wg.8 | 27 +++++++---- src/set.c | 2 +- src/show.c | 65 +++++++++++++++++++++++--- src/show.h | 13 ++++++ src/showconf.c | 12 +++-- 12 files changed, 246 insertions(+), 74 deletions(-) create mode 100644 src/show.h diff --git a/src/config.c b/src/config.c index f9980fe..01c73f9 100644 --- a/src/config.c +++ b/src/config.c @@ -36,44 +36,6 @@ static const char *get_value(const char *line, const char *key) return line + keylen; } -static inline bool parse_port(uint16_t *port, uint32_t *flags, const char *value) -{ - int ret; - struct addrinfo *resolved; - struct addrinfo hints = { - .ai_family = AF_UNSPEC, - .ai_socktype = SOCK_DGRAM, - .ai_protocol = IPPROTO_UDP, - .ai_flags = AI_PASSIVE - }; - - if (!strlen(value)) { - fprintf(stderr, "Unable to parse empty port\n"); - return false; - } - - ret = getaddrinfo(NULL, value, &hints, &resolved); - if (ret) { - fprintf(stderr, "%s: `%s'\n", ret == EAI_SYSTEM ? strerror(errno) : gai_strerror(ret), value); - return false; - } - - ret = -1; - if (resolved->ai_family == AF_INET && resolved->ai_addrlen == sizeof(struct sockaddr_in)) { - *port = ntohs(((struct sockaddr_in *)resolved->ai_addr)->sin_port); - ret = 0; - } else if (resolved->ai_family == AF_INET6 && resolved->ai_addrlen == sizeof(struct sockaddr_in6)) { - *port = ntohs(((struct sockaddr_in6 *)resolved->ai_addr)->sin6_port); - ret = 0; - } else - fprintf(stderr, "Neither IPv4 nor IPv6 address found: `%s'\n", value); - - freeaddrinfo(resolved); - if (!ret) - *flags |= WGDEVICE_HAS_LISTEN_PORT; - return ret == 0; -} - static inline bool parse_fwmark(uint32_t *fwmark, uint32_t *flags, const char *value) { unsigned long ret; @@ -192,10 +154,12 @@ static inline int parse_dns_retries(void) return (int)ret; } -static inline bool parse_endpoint(struct sockaddr *endpoint, const char *value, int family) +static inline bool parse_endpoint(struct sockaddr_inet *endpoint, const char *value, int family, int allow_retry) { + bool ok; char *mutable = strdup(value); char *begin, *end; + char *scope = NULL; int ret, retries = parse_dns_retries(); struct addrinfo *resolved; struct addrinfo hints = { @@ -203,6 +167,8 @@ static inline bool parse_endpoint(struct sockaddr *endpoint, const char *value, .ai_socktype = SOCK_DGRAM, .ai_protocol = IPPROTO_UDP }; + if (!allow_retry) + retries = 0; if (!mutable) { perror("strdup"); return false; @@ -214,16 +180,20 @@ static inline bool parse_endpoint(struct sockaddr *endpoint, const char *value, } if (mutable[0] == '[') { begin = &mutable[1]; + + scope = strchr(begin, '%'); + if (scope) + scope++; end = strchr(mutable, ']'); if (!end) { free(mutable); - fprintf(stderr, "Unable to find matching brace of endpoint: `%s'\n", value); + fprintf(stderr, "Unable to find matching brace in address: `%s'\n", value); return false; } *end++ = '\0'; if (*end++ != ':' || !*end) { free(mutable); - fprintf(stderr, "Unable to find port of endpoint: `%s'\n", value); + fprintf(stderr, "Unable to find port in address: `%s'\n", value); return false; } } else { @@ -231,7 +201,7 @@ static inline bool parse_endpoint(struct sockaddr *endpoint, const char *value, end = strrchr(mutable, ':'); if (!end || !*(end + 1)) { free(mutable); - fprintf(stderr, "Unable to find port of endpoint: `%s'\n", value); + fprintf(stderr, "Unable to find port in address: `%s'\n", value); return false; } *end++ = '\0'; @@ -269,16 +239,59 @@ static inline bool parse_endpoint(struct sockaddr *endpoint, const char *value, (resolved->ai_family == AF_INET6 && resolved->ai_addrlen == sizeof(struct sockaddr_in6))) memcpy(endpoint, resolved->ai_addr, resolved->ai_addrlen); else { - freeaddrinfo(resolved); - free(mutable); + ok = false; fprintf(stderr, "Neither IPv4 nor IPv6 address found: `%s'\n", value); - return false; + goto out; + } + if(scope) { + unsigned ifindex = if_nametoindex(scope); + if (resolved->ai_family == AF_INET) + endpoint->sin_scope_id = ifindex; + else if (resolved->ai_family == AF_INET6) + endpoint->sin6_scope_id = ifindex; } + + ok = true; +out: freeaddrinfo(resolved); free(mutable); + return ok; +} + + +static inline bool parse_listen(struct sockaddr_inet *listen, uint32_t *flags, const char *value) +{ + if (!parse_endpoint(listen, value, AF_UNSPEC, /*allow_retry=*/0)) + return false; + + listen->sinet_port = ntohs(listen->sinet_port); + + *flags |= WGDEVICE_HAS_LISTEN; return true; } +static inline bool parse_port(struct sockaddr_inet *listen, uint32_t *flags, const char *value) +{ + bool err; + char *addr_str = NULL; + asprintf(&addr_str, "[::]:%s", value); + if (!addr_str) { + perror("asprintf"); + return false; + } + + err = parse_listen(listen, flags, addr_str); + free(addr_str); + + listen->sinet_family = AF_UNSPEC; + + if (!err) { + *flags |= WGDEVICE_HAS_LISTEN_PORT; + *flags &= ~WGDEVICE_HAS_LISTEN; + } + return err; +} + static inline bool parse_address_family(int *family, const char *value) { if (strcmp(value, "inet") == 0) @@ -457,7 +470,9 @@ static bool process_line(struct config_ctx *ctx, const char *line) if (ctx->is_device_section) { if (key_match("ListenPort")) - ret = parse_port(&ctx->device->listen_port, &ctx->device->flags, value); + ret = parse_port(&ctx->device->listen_inet, &ctx->device->flags, value); + else if (key_match("Listen")) + ret = parse_listen(&ctx->device->listen_inet, &ctx->device->flags, value); else if (key_match("FwMark")) ret = parse_fwmark(&ctx->device->fwmark, &ctx->device->flags, value); else if (key_match("PrivateKey")) { @@ -561,7 +576,7 @@ struct wgdevice *config_read_finish(struct wgdevice *device) goto err; } - if (!parse_endpoint(&peer->endpoint.addr, peer->endpoint_value, peer->addr_fam)) + if (!parse_endpoint(&peer->endpoint.addr_inet, peer->endpoint_value, peer->addr_fam, /*allow_retry=*/1)) goto err; } return device; @@ -600,7 +615,12 @@ struct wgdevice *config_read_cmd(const char *argv[], int argc) } while (argc > 0) { if (!strcmp(argv[0], "listen-port") && argc >= 2 && !peer) { - if (!parse_port(&device->listen_port, &device->flags, argv[1])) + if (!parse_port(&device->listen_inet, &device->flags, argv[1])) + goto error; + argv += 2; + argc -= 2; + } else if (!strcmp(argv[0], "listen") && argc >= 2 && !peer) { + if (!parse_listen(&device->listen_inet, &device->flags, argv[1])) goto error; argv += 2; argc -= 2; diff --git a/src/containers.h b/src/containers.h index c111621..2f3d88f 100644 --- a/src/containers.h +++ b/src/containers.h @@ -13,7 +13,7 @@ #include #include #if defined(__linux__) -#include +#include "uapi/linux/linux/wireguard.h" #elif defined(__OpenBSD__) #include #endif @@ -28,6 +28,22 @@ struct timespec64 { int64_t tv_nsec; }; +struct sockaddr_inet { + sa_family_t sinet_family; + in_port_t sinet_port; + union { + struct { + struct in_addr sin_addr; + uint32_t sin_scope_id; // on top of sockaddr_in padding + }; + struct { + uint32_t sin6_flowinfo; + struct in6_addr sin6_addr; + uint32_t sin6_scope_id; + }; + }; +}; + struct wgallowedip { uint16_t family; union { @@ -57,6 +73,7 @@ struct wgpeer { struct sockaddr addr; struct sockaddr_in addr4; struct sockaddr_in6 addr6; + struct sockaddr_inet addr_inet; } endpoint; int addr_fam; @@ -74,7 +91,8 @@ enum { WGDEVICE_HAS_PRIVATE_KEY = 1U << 1, WGDEVICE_HAS_PUBLIC_KEY = 1U << 2, WGDEVICE_HAS_LISTEN_PORT = 1U << 3, - WGDEVICE_HAS_FWMARK = 1U << 4 + WGDEVICE_HAS_LISTEN = 1U << 4, + WGDEVICE_HAS_FWMARK = 1U << 5, }; struct wgdevice { @@ -87,7 +105,16 @@ struct wgdevice { uint8_t private_key[WG_KEY_LEN]; uint32_t fwmark; - uint16_t listen_port; + union { + struct sockaddr listen; + struct sockaddr_in listen4; + struct sockaddr_in6 listen6; + struct sockaddr_inet listen_inet; + struct { + sa_family_t listen_family; + in_port_t listen_port; + }; + }; struct wgpeer *first_peer, *last_peer; }; diff --git a/src/ipc-freebsd.h b/src/ipc-freebsd.h index fa74edd..a06b245 100644 --- a/src/ipc-freebsd.h +++ b/src/ipc-freebsd.h @@ -272,6 +272,10 @@ static int kernel_set_device(struct wgdevice *dev) nvlist_add_binary(nvl_device, "private-key", dev->private_key, sizeof(dev->private_key)); if (dev->flags & WGDEVICE_HAS_LISTEN_PORT) nvlist_add_number(nvl_device, "listen-port", dev->listen_port); + if (dev->flags & WGDEVICE_HAS_LISTEN) { + errno = EOPNOTSUPP; + goto err; + } if (dev->flags & WGDEVICE_HAS_FWMARK) nvlist_add_number(nvl_device, "user-cookie", dev->fwmark); if (dev->flags & WGDEVICE_REPLACE_PEERS) diff --git a/src/ipc-linux.h b/src/ipc-linux.h index d29c0c5..3e3f27c 100644 --- a/src/ipc-linux.h +++ b/src/ipc-linux.h @@ -17,11 +17,11 @@ #include #include #include -#include #include #include "containers.h" #include "encoding.h" #include "netlink.h" +#include "uapi/linux/linux/wireguard.h" #define IPC_SUPPORTS_KERNEL_INTERFACE @@ -163,6 +163,17 @@ again: mnl_attr_put(nlh, WGDEVICE_A_PRIVATE_KEY, sizeof(dev->private_key), dev->private_key); if (dev->flags & WGDEVICE_HAS_LISTEN_PORT) mnl_attr_put_u16(nlh, WGDEVICE_A_LISTEN_PORT, dev->listen_port); + if (dev->flags & WGDEVICE_HAS_LISTEN) { + mnl_attr_put_u16(nlh, WGDEVICE_A_LISTEN_PORT, dev->listen_port); + if (dev->listen_family == AF_INET) { + mnl_attr_put(nlh, WGDEVICE_A_LISTEN_ADDR, sizeof(struct in_addr), &dev->listen4.sin_addr); + mnl_attr_put_u32(nlh, WGDEVICE_A_LISTEN_IFINDEX, dev->listen_inet.sin_scope_id); + } else if (dev->listen_family == AF_INET6) { + mnl_attr_put(nlh, WGDEVICE_A_LISTEN_ADDR, sizeof(struct in6_addr), &dev->listen6.sin6_addr); + mnl_attr_put_u32(nlh, WGDEVICE_A_LISTEN_IFINDEX, dev->listen_inet.sin6_scope_id); + } + } + if (dev->flags & WGDEVICE_HAS_FWMARK) mnl_attr_put_u32(nlh, WGDEVICE_A_FWMARK, dev->fwmark); if (dev->flags & WGDEVICE_REPLACE_PEERS) @@ -406,6 +417,8 @@ static int parse_device(const struct nlattr *attr, void *data) { struct wgdevice *device = data; + uint32_t listen_ifindex = 0; + switch (mnl_attr_get_type(attr)) { case WGDEVICE_A_UNSPEC: break; @@ -435,6 +448,24 @@ static int parse_device(const struct nlattr *attr, void *data) if (!mnl_attr_validate(attr, MNL_TYPE_U16)) device->listen_port = mnl_attr_get_u16(attr); break; + case WGDEVICE_A_LISTEN_ADDR: { + union { + struct in_addr addr4; + struct in6_addr addr6; + } *u = mnl_attr_get_payload(attr); + if (mnl_attr_get_payload_len(attr) == sizeof(u->addr4)) { + device->listen4.sin_family = AF_INET; + memcpy(&device->listen4.sin_addr, &u->addr4, sizeof(device->listen4.sin_addr)); + } else if (mnl_attr_get_payload_len(attr) == sizeof(u->addr6)) { + device->listen6.sin6_family = AF_INET6; + memcpy(&device->listen6.sin6_addr, &u->addr6, sizeof(device->listen6.sin6_addr)); + } + break; + } + case WGDEVICE_A_LISTEN_IFINDEX: + if (!mnl_attr_validate(attr, MNL_TYPE_U32)) + listen_ifindex = mnl_attr_get_u32(attr); + break; case WGDEVICE_A_FWMARK: if (!mnl_attr_validate(attr, MNL_TYPE_U32)) device->fwmark = mnl_attr_get_u32(attr); @@ -443,6 +474,11 @@ static int parse_device(const struct nlattr *attr, void *data) return mnl_attr_parse_nested(attr, parse_peers, device); } + if (listen_ifindex && device->listen_family == AF_INET) + device->listen_inet.sin_scope_id = listen_ifindex; + else if (listen_ifindex && device->listen_family == AF_INET6) + device->listen6.sin6_scope_id = listen_ifindex; + return MNL_CB_OK; } diff --git a/src/ipc-openbsd.h b/src/ipc-openbsd.h index 03fbdb5..eddec45 100644 --- a/src/ipc-openbsd.h +++ b/src/ipc-openbsd.h @@ -212,6 +212,10 @@ static int kernel_set_device(struct wgdevice *dev) wg_iface->i_port = dev->listen_port; wg_iface->i_flags |= WG_INTERFACE_HAS_PORT; } + if (dev->flags & WGDEVICE_HAS_LISTEN) { + errno = EOPNOTSUPP; + goto out; + } if (dev->flags & WGDEVICE_HAS_FWMARK) { wg_iface->i_rtable = dev->fwmark; diff --git a/src/ipc-uapi.h b/src/ipc-uapi.h index f582916..7079fbd 100644 --- a/src/ipc-uapi.h +++ b/src/ipc-uapi.h @@ -47,6 +47,8 @@ static int userspace_set_device(struct wgdevice *dev) } if (dev->flags & WGDEVICE_HAS_LISTEN_PORT) fprintf(f, "listen_port=%u\n", dev->listen_port); + if (dev->flags & WGDEVICE_HAS_LISTEN) + return -EOPNOTSUPP; if (dev->flags & WGDEVICE_HAS_FWMARK) fprintf(f, "fwmark=%u\n", dev->fwmark); if (dev->flags & WGDEVICE_REPLACE_PEERS) diff --git a/src/ipc-windows.h b/src/ipc-windows.h index d237fc9..77e32b3 100644 --- a/src/ipc-windows.h +++ b/src/ipc-windows.h @@ -381,6 +381,10 @@ static int kernel_set_device(struct wgdevice *dev) wg_iface->ListenPort = dev->listen_port; wg_iface->Flags |= WG_IOCTL_INTERFACE_HAS_LISTEN_PORT; } + if (dev->flags & WGDEVICE_HAS_LISTEN) { + errno = EOPNOTSUPP; + goto out; + } if (dev->flags & WGDEVICE_REPLACE_PEERS) wg_iface->Flags |= WG_IOCTL_INTERFACE_REPLACE_PEERS; diff --git a/src/man/wg.8 b/src/man/wg.8 index 48f084d..0310fd0 100644 --- a/src/man/wg.8 +++ b/src/man/wg.8 @@ -36,7 +36,7 @@ Sub-commands that take an INTERFACE must be passed a WireGuard interface. .SH COMMANDS .TP -\fBshow\fP { \fI\fP | \fIall\fP | \fIinterfaces\fP } [\fIpublic-key\fP | \fIprivate-key\fP | \fIlisten-port\fP | \fIfwmark\fP | \fIpeers\fP | \fIpreshared-keys\fP | \fIendpoints\fP | \fIallowed-ips\fP | \fIlatest-handshakes\fP | \fIpersistent-keepalive\fP | \fItransfer\fP | \fIdump\fP] +\fBshow\fP { \fI\fP | \fIall\fP | \fIinterfaces\fP } [\fIpublic-key\fP | \fIprivate-key\fP | \fIlisten-port\fP | \fIlisten\fP | \fIfwmark\fP | \fIpeers\fP | \fIpreshared-keys\fP | \fIendpoints\fP | \fIallowed-ips\fP | \fIlatest-handshakes\fP | \fIpersistent-keepalive\fP | \fItransfer\fP | \fIdump\fP] Shows current WireGuard configuration and runtime information of specified \fI\fP. If no \fI\fP is specified, \fI\fP defaults to \fIall\fP. If \fIinterfaces\fP is specified, prints a list of all WireGuard interfaces, @@ -46,7 +46,7 @@ meant for the terminal. Otherwise, prints specified information grouped by newlines and tabs, meant to be used in scripts. For this script-friendly display, if \fIall\fP is specified, then the first field for all categories of information is the interface name. If \fPdump\fP is specified, then several lines are printed; -the first contains in order separated by tab: private-key, public-key, listen-port, +the first contains in order separated by tab: private-key, public-key, listen(-port), fwmark. Subsequent lines are printed for each peer and contain in order separated by tab: public-key, preshared-key, endpoint, allowed-ips, latest-handshake, transfer-rx, transfer-tx, persistent-keepalive. @@ -55,11 +55,13 @@ transfer-rx, transfer-tx, persistent-keepalive. Shows the current configuration of \fI\fP in the format described by \fICONFIGURATION FILE FORMAT\fP below. .TP -\fBset\fP \fI\fP [\fIlisten-port\fP \fI\fP] [\fIfwmark\fP \fI\fP] [\fIprivate-key\fP \fI\fP] [\fIpeer\fP \fI\fP [\fIremove\fP] [\fIpreshared-key\fP \fI\fP] [\fIendpoint\fP \fI:\fP] [\fIaddress-family\fP \fI\fP] [\fIpersistent-keepalive\fP \fI\fP] [\fIallowed-ips\fP \fI/\fP[,\fI/\fP]...] ]... +\fBset\fP \fI\fP [\fIlisten-port\fP \fI\fP] [\fIlisten\fP \fI[%]:\fP] [\fIfwmark\fP \fI\fP] [\fIprivate-key\fP \fI\fP] [\fIpeer\fP \fI\fP [\fIremove\fP] [\fIpreshared-key\fP \fI\fP] [\fIendpoint\fP \fI:\fP] [\fIaddress-family\fP \fI\fP] [\fIpersistent-keepalive\fP \fI\fP] [\fIallowed-ips\fP \fI/\fP[,\fI/\fP]...] ]... Sets configuration values for the specified \fI\fP. Multiple \fIpeer\fPs may be specified, and if the \fIremove\fP argument is given -for a peer, that peer is removed, not configured. If \fIlisten-port\fP -is not specified, or set to 0, the port will be chosen randomly when the +for a peer, that peer is removed, not configured. The \fIlisten-port\fP +and \fIlisten\fP options override each other. If a \fIport\fP is not set +using either after the interface is created, or is set to 0, the port will +be chosen randomly when the interface comes up. Both \fIprivate-key\fP and \fIpreshared-key\fP must be files, because command line arguments are not considered private on most systems but if you are using @@ -139,6 +141,13 @@ PrivateKeyFile \(em path to a file containing a base64 private key. May be used ListenPort \(em a 16-bit port for listening. Optional; if not specified, chosen randomly. .IP \(bu +Listen \(em an address:port tupel to use for listening. A network interface +to bind to may be specified using the [address%iface]:port form. Note that +an IPv4 address may be spcified inside square brackets, even together with an +iface. A hostname may be used instead of a numeric IP but no resolution +retries will be done so use of DNS is discouraged here. Optional. Overrides +ListenPort. +.IP \(bu FwMark \(em a 32-bit fwmark for outgoing packets. If set to 0 or "off", this option is disabled. May be specified in hexadecimal by prepending "0x". Optional. .P @@ -162,10 +171,10 @@ which outgoing traffic for this peer is directed. The catch-all \fI::/0\fP may be specified for matching all IPv6 addresses. May be specified multiple times. .IP \(bu -Endpoint \(em an endpoint IP or hostname, followed by a colon, and then a -port number. This endpoint will be updated automatically to the most recent -source IP address and port of correctly authenticated packets from the peer. -Optional. +Endpoint \(em an endpoint IP (optionally enclosed in) or hostname, +followed by a colon, and then a port number. This endpoint will be updated +automatically to the most recent source IP address and port of correctly +authenticated packets from the peer. Optional. .IP \(bu AddressFamily \(em one of \fIinet\fP, \fIinet6\fP or \fIunspec\fP. When a hostname is given for \fIEndpoint\fP, setting this to \fIinet\fP or diff --git a/src/set.c b/src/set.c index 20ee85e..30482bd 100644 --- a/src/set.c +++ b/src/set.c @@ -18,7 +18,7 @@ int set_main(int argc, const char *argv[]) int ret = 1; if (argc < 3) { - fprintf(stderr, "Usage: %s %s [listen-port ] [fwmark ] [private-key ] [peer [remove] [preshared-key ] [endpoint :] [address-family ] [persistent-keepalive ] [allowed-ips /[,/]...] ]...\n", PROG_NAME, argv[0]); + fprintf(stderr, "Usage: %s %s [listen-port ] [listen %%:] [fwmark ] [private-key ] [peer [remove] [preshared-key ] [endpoint :] [address-family ] [persistent-keepalive ] [allowed-ips /[,/]...] ]...\n", PROG_NAME, argv[0]); return 1; } diff --git a/src/show.c b/src/show.c index 13777cf..754f952 100644 --- a/src/show.c +++ b/src/show.c @@ -18,6 +18,7 @@ #include #include +#include "show.h" #include "containers.h" #include "ipc.h" #include "terminal.h" @@ -103,7 +104,7 @@ static char *ip(const struct wgallowedip *ip) return buf; } -static char *endpoint(const struct sockaddr *addr) +char *print_endpoint(const struct sockaddr *addr) { char host[4096 + 1]; char service[512 + 1]; @@ -126,6 +127,47 @@ static char *endpoint(const struct sockaddr *addr) return buf; } +char *print_sockaddr_inet(const struct sockaddr_inet *sa_const) +{ + char host[4096 + 1], service[512 + 1], ifname_buf[IF_NAMESIZE+10] = "%"; + static char buf[sizeof(host) + sizeof(service) + sizeof(ifname_buf) + 4]; + struct sockaddr_inet sa = *sa_const; + socklen_t sa_len = 0; + unsigned int ifindex = 0; + int ret; + + sa.sinet_port = htons(sa.sinet_port); + + if (sa.sinet_family == AF_INET) { + sa_len = sizeof(struct sockaddr_in); + ifindex = sa.sin_scope_id; + } else if (sa.sinet_family == AF_INET6) { + sa_len = sizeof(struct sockaddr_in6); + ifindex = sa.sin6_scope_id; + } + ret = getnameinfo((struct sockaddr*)&sa, sa_len, host, sizeof(host), service, sizeof(service), NI_DGRAM | NI_NUMERICSERV | NI_NUMERICHOST); + if (ret) { + buf[0] = '\0'; + goto out; + } + + const char *ifname = ""; + if (ifindex) { + ifname = if_indextoname(ifindex , ifname_buf+1); + if (!ifname) { + snprintf(ifname_buf, sizeof(ifname_buf), "%%%u", ifindex); + ifname = ifname_buf; + } + } + + if ((sa.sinet_family == AF_INET6 && strchr(host, ':')) || ifindex) + snprintf(buf, sizeof(buf), "[%s%s]:%s", host, ifname, service); + else + snprintf(buf, sizeof(buf), "%s:%s", host, service); +out: + return buf; +} + static size_t pretty_time(char *buf, const size_t len, unsigned long long left) { size_t offset = 0; @@ -202,7 +244,7 @@ static char *bytes(uint64_t b) static const char *COMMAND_NAME; static void show_usage(void) { - fprintf(stderr, "Usage: %s %s { | all | interfaces } [public-key | private-key | listen-port | fwmark | peers | preshared-keys | endpoints | allowed-ips | latest-handshakes | transfer | persistent-keepalive | dump]\n", PROG_NAME, COMMAND_NAME); + fprintf(stderr, "Usage: %s %s { | all | interfaces } [public-key | private-key | listen-port | listen | fwmark | peers | preshared-keys | endpoints | allowed-ips | latest-handshakes | transfer | persistent-keepalive | dump]\n", PROG_NAME, COMMAND_NAME); } static void pretty_print(struct wgdevice *device) @@ -216,7 +258,9 @@ static void pretty_print(struct wgdevice *device) terminal_printf(" " TERMINAL_BOLD "public key" TERMINAL_RESET ": %s\n", key(device->public_key)); if (device->flags & WGDEVICE_HAS_PRIVATE_KEY) terminal_printf(" " TERMINAL_BOLD "private key" TERMINAL_RESET ": %s\n", masked_key(device->private_key)); - if (device->listen_port) + if (device->listen_family != AF_UNSPEC) + terminal_printf(" " TERMINAL_BOLD "listening on" TERMINAL_RESET ": %s\n", print_sockaddr_inet(&device->listen_inet)); + else if (device->listen_port) terminal_printf(" " TERMINAL_BOLD "listening port" TERMINAL_RESET ": %u\n", device->listen_port); if (device->fwmark) terminal_printf(" " TERMINAL_BOLD "fwmark" TERMINAL_RESET ": 0x%x\n", device->fwmark); @@ -229,7 +273,7 @@ static void pretty_print(struct wgdevice *device) if (peer->flags & WGPEER_HAS_PRESHARED_KEY) terminal_printf(" " TERMINAL_BOLD "preshared key" TERMINAL_RESET ": %s\n", masked_key(peer->preshared_key)); if (peer->endpoint.addr.sa_family == AF_INET || peer->endpoint.addr.sa_family == AF_INET6) - terminal_printf(" " TERMINAL_BOLD "endpoint" TERMINAL_RESET ": %s\n", endpoint(&peer->endpoint.addr)); + terminal_printf(" " TERMINAL_BOLD "endpoint" TERMINAL_RESET ": %s\n", print_endpoint(&peer->endpoint.addr)); terminal_printf(" " TERMINAL_BOLD "allowed ips" TERMINAL_RESET ": "); if (peer->first_allowedip) { for_each_wgallowedip(peer, allowedip) @@ -259,7 +303,10 @@ static void dump_print(struct wgdevice *device, bool with_interface) printf("%s\t", device->name); printf("%s\t", maybe_key(device->private_key, device->flags & WGDEVICE_HAS_PRIVATE_KEY)); printf("%s\t", maybe_key(device->public_key, device->flags & WGDEVICE_HAS_PUBLIC_KEY)); - printf("%u\t", device->listen_port); + if (device->listen_family != AF_UNSPEC) + printf("%s\t", print_sockaddr_inet(&device->listen_inet)); + else + printf("%u\t", device->listen_port); if (device->fwmark) printf("0x%x\n", device->fwmark); else @@ -270,7 +317,7 @@ static void dump_print(struct wgdevice *device, bool with_interface) printf("%s\t", key(peer->public_key)); printf("%s\t", maybe_key(peer->preshared_key, peer->flags & WGPEER_HAS_PRESHARED_KEY)); if (peer->endpoint.addr.sa_family == AF_INET || peer->endpoint.addr.sa_family == AF_INET6) - printf("%s\t", endpoint(&peer->endpoint.addr)); + printf("%s\t", print_endpoint(&peer->endpoint.addr)); else printf("(none)\t"); if (peer->first_allowedip) { @@ -304,6 +351,10 @@ static bool ugly_print(struct wgdevice *device, const char *param, bool with_int if (with_interface) printf("%s\t", device->name); printf("%u\n", device->listen_port); + } else if (!strcmp(param, "listen")) { + if (with_interface) + printf("%s\t", device->name); + printf("%s\n", print_sockaddr_inet(&device->listen_inet)); } else if (!strcmp(param, "fwmark")) { if (with_interface) printf("%s\t", device->name); @@ -317,7 +368,7 @@ static bool ugly_print(struct wgdevice *device, const char *param, bool with_int printf("%s\t", device->name); printf("%s\t", key(peer->public_key)); if (peer->endpoint.addr.sa_family == AF_INET || peer->endpoint.addr.sa_family == AF_INET6) - printf("%s\n", endpoint(&peer->endpoint.addr)); + printf("%s\n", print_endpoint(&peer->endpoint.addr)); else printf("(none)\n"); } diff --git a/src/show.h b/src/show.h new file mode 100644 index 0000000..3673b65 --- /dev/null +++ b/src/show.h @@ -0,0 +1,13 @@ +/* SPDX-License-Identifier: GPL-2.0 OR MIT */ +/* + * Copyright (C) 2015-2020 Jason A. Donenfeld . All Rights Reserved. + */ + +#ifndef SHOW_H +#define SHOW_H +struct sockaddr_inet; + +char *print_endpoint(const struct sockaddr *addr); +char *print_sockaddr_inet(const struct sockaddr_inet *addr); + +#endif diff --git a/src/showconf.c b/src/showconf.c index 62070dc..d165eb2 100644 --- a/src/showconf.c +++ b/src/showconf.c @@ -13,6 +13,7 @@ #include #include +#include "show.h" #include "containers.h" #include "encoding.h" #include "ipc.h" @@ -22,6 +23,8 @@ int showconf_main(int argc, const char *argv[]) { char base64[WG_KEY_LEN_BASE64]; char ip[INET6_ADDRSTRLEN]; + char host[4096 + 1], service[512 + 1]; + socklen_t addr_len = 0; struct wgdevice *device = NULL; struct wgpeer *peer; struct wgallowedip *allowedip; @@ -38,7 +41,9 @@ int showconf_main(int argc, const char *argv[]) } printf("[Interface]\n"); - if (device->listen_port) + if (device->listen_family != AF_UNSPEC) + printf("Listen = %s", print_sockaddr_inet(&device->listen_inet)); + else if (device->listen_port) printf("ListenPort = %u\n", device->listen_port); if (device->fwmark) printf("FwMark = 0x%x\n", device->fwmark); @@ -72,11 +77,8 @@ int showconf_main(int argc, const char *argv[]) if (peer->first_allowedip) printf("\n"); + // TODO: use print_endpoint if (peer->endpoint.addr.sa_family == AF_INET || peer->endpoint.addr.sa_family == AF_INET6) { - char host[4096 + 1]; - char service[512 + 1]; - socklen_t addr_len = 0; - if (peer->endpoint.addr.sa_family == AF_INET) addr_len = sizeof(struct sockaddr_in); else if (peer->endpoint.addr.sa_family == AF_INET6) -- 2.39.2 From dxld at darkboxed.org Thu Aug 17 20:11:37 2023 From: dxld at darkboxed.org (=?UTF-8?q?Daniel=20Gr=C3=B6ber?=) Date: Thu, 17 Aug 2023 22:11:37 +0200 Subject: [PATCH 4/5] Store sockaddr listen port in net-byte-order as is conventional In-Reply-To: <20230817201138.930780-1-dxld@darkboxed.org> References: <20230817201138.930780-1-dxld@darkboxed.org> Message-ID: <20230817201138.930780-4-dxld@darkboxed.org> This will allow more codesharing with code dealing with the peer endpoints. Signed-off-by: Daniel Gr?ber --- src/config.c | 2 -- src/ipc-freebsd.h | 2 +- src/ipc-linux.h | 6 +++--- src/ipc-openbsd.h | 4 ++-- src/ipc-uapi.h | 2 +- src/ipc-windows.h | 4 ++-- src/show.c | 24 +++++++++++------------- src/showconf.c | 2 +- 8 files changed, 21 insertions(+), 25 deletions(-) diff --git a/src/config.c b/src/config.c index 01c73f9..5c8594b 100644 --- a/src/config.c +++ b/src/config.c @@ -264,8 +264,6 @@ static inline bool parse_listen(struct sockaddr_inet *listen, uint32_t *flags, c if (!parse_endpoint(listen, value, AF_UNSPEC, /*allow_retry=*/0)) return false; - listen->sinet_port = ntohs(listen->sinet_port); - *flags |= WGDEVICE_HAS_LISTEN; return true; } diff --git a/src/ipc-freebsd.h b/src/ipc-freebsd.h index a06b245..75f692b 100644 --- a/src/ipc-freebsd.h +++ b/src/ipc-freebsd.h @@ -271,7 +271,7 @@ static int kernel_set_device(struct wgdevice *dev) if (dev->flags & WGDEVICE_HAS_PRIVATE_KEY) nvlist_add_binary(nvl_device, "private-key", dev->private_key, sizeof(dev->private_key)); if (dev->flags & WGDEVICE_HAS_LISTEN_PORT) - nvlist_add_number(nvl_device, "listen-port", dev->listen_port); + nvlist_add_number(nvl_device, "listen-port", ntohs(dev->listen_port)); if (dev->flags & WGDEVICE_HAS_LISTEN) { errno = EOPNOTSUPP; goto err; diff --git a/src/ipc-linux.h b/src/ipc-linux.h index 3e3f27c..735c49f 100644 --- a/src/ipc-linux.h +++ b/src/ipc-linux.h @@ -162,9 +162,9 @@ again: if (dev->flags & WGDEVICE_HAS_PRIVATE_KEY) mnl_attr_put(nlh, WGDEVICE_A_PRIVATE_KEY, sizeof(dev->private_key), dev->private_key); if (dev->flags & WGDEVICE_HAS_LISTEN_PORT) - mnl_attr_put_u16(nlh, WGDEVICE_A_LISTEN_PORT, dev->listen_port); + mnl_attr_put_u16(nlh, WGDEVICE_A_LISTEN_PORT, ntohs(dev->listen_port)); if (dev->flags & WGDEVICE_HAS_LISTEN) { - mnl_attr_put_u16(nlh, WGDEVICE_A_LISTEN_PORT, dev->listen_port); + mnl_attr_put_u16(nlh, WGDEVICE_A_LISTEN_PORT, ntohs(dev->listen_port)); if (dev->listen_family == AF_INET) { mnl_attr_put(nlh, WGDEVICE_A_LISTEN_ADDR, sizeof(struct in_addr), &dev->listen4.sin_addr); mnl_attr_put_u32(nlh, WGDEVICE_A_LISTEN_IFINDEX, dev->listen_inet.sin_scope_id); @@ -446,7 +446,7 @@ static int parse_device(const struct nlattr *attr, void *data) break; case WGDEVICE_A_LISTEN_PORT: if (!mnl_attr_validate(attr, MNL_TYPE_U16)) - device->listen_port = mnl_attr_get_u16(attr); + device->listen_port = htons(mnl_attr_get_u16(attr)); break; case WGDEVICE_A_LISTEN_ADDR: { union { diff --git a/src/ipc-openbsd.h b/src/ipc-openbsd.h index eddec45..478b4c6 100644 --- a/src/ipc-openbsd.h +++ b/src/ipc-openbsd.h @@ -96,7 +96,7 @@ static int kernel_get_device(struct wgdevice **device, const char *iface) } if (wg_iface->i_flags & WG_INTERFACE_HAS_PORT) { - dev->listen_port = wg_iface->i_port; + dev->listen_port = htons(wg_iface->i_port); dev->flags |= WGDEVICE_HAS_LISTEN_PORT; } @@ -209,7 +209,7 @@ static int kernel_set_device(struct wgdevice *dev) } if (dev->flags & WGDEVICE_HAS_LISTEN_PORT) { - wg_iface->i_port = dev->listen_port; + wg_iface->i_port = ntohs(dev->listen_port); wg_iface->i_flags |= WG_INTERFACE_HAS_PORT; } if (dev->flags & WGDEVICE_HAS_LISTEN) { diff --git a/src/ipc-uapi.h b/src/ipc-uapi.h index 7079fbd..0fc1524 100644 --- a/src/ipc-uapi.h +++ b/src/ipc-uapi.h @@ -46,7 +46,7 @@ static int userspace_set_device(struct wgdevice *dev) fprintf(f, "private_key=%s\n", hex); } if (dev->flags & WGDEVICE_HAS_LISTEN_PORT) - fprintf(f, "listen_port=%u\n", dev->listen_port); + fprintf(f, "listen_port=%u\n", ntohs(dev->listen_port)); if (dev->flags & WGDEVICE_HAS_LISTEN) return -EOPNOTSUPP; if (dev->flags & WGDEVICE_HAS_FWMARK) diff --git a/src/ipc-windows.h b/src/ipc-windows.h index 77e32b3..fb8f35c 100644 --- a/src/ipc-windows.h +++ b/src/ipc-windows.h @@ -249,7 +249,7 @@ static int kernel_get_device(struct wgdevice **device, const char *iface) dev->name[sizeof(dev->name) - 1] = '\0'; if (wg_iface->Flags & WG_IOCTL_INTERFACE_HAS_LISTEN_PORT) { - dev->listen_port = wg_iface->ListenPort; + dev->listen_port = htons(wg_iface->ListenPort); dev->flags |= WGDEVICE_HAS_LISTEN_PORT; } @@ -378,7 +378,7 @@ static int kernel_set_device(struct wgdevice *dev) } if (dev->flags & WGDEVICE_HAS_LISTEN_PORT) { - wg_iface->ListenPort = dev->listen_port; + wg_iface->ListenPort = ntohs(dev->listen_port); wg_iface->Flags |= WG_IOCTL_INTERFACE_HAS_LISTEN_PORT; } if (dev->flags & WGDEVICE_HAS_LISTEN) { diff --git a/src/show.c b/src/show.c index 754f952..3048183 100644 --- a/src/show.c +++ b/src/show.c @@ -127,26 +127,24 @@ char *print_endpoint(const struct sockaddr *addr) return buf; } -char *print_sockaddr_inet(const struct sockaddr_inet *sa_const) +char *print_sockaddr_inet(const struct sockaddr_inet *sa) { char host[4096 + 1], service[512 + 1], ifname_buf[IF_NAMESIZE+10] = "%"; static char buf[sizeof(host) + sizeof(service) + sizeof(ifname_buf) + 4]; - struct sockaddr_inet sa = *sa_const; socklen_t sa_len = 0; unsigned int ifindex = 0; int ret; - sa.sinet_port = htons(sa.sinet_port); - - if (sa.sinet_family == AF_INET) { + if (sa->sinet_family == AF_INET) { sa_len = sizeof(struct sockaddr_in); - ifindex = sa.sin_scope_id; - } else if (sa.sinet_family == AF_INET6) { + ifindex = sa->sin_scope_id; + } else if (sa->sinet_family == AF_INET6) { sa_len = sizeof(struct sockaddr_in6); - ifindex = sa.sin6_scope_id; + ifindex = sa->sin6_scope_id; } - ret = getnameinfo((struct sockaddr*)&sa, sa_len, host, sizeof(host), service, sizeof(service), NI_DGRAM | NI_NUMERICSERV | NI_NUMERICHOST); + ret = getnameinfo((struct sockaddr*)sa, sa_len, host, sizeof(host), service, sizeof(service), NI_DGRAM | NI_NUMERICSERV | NI_NUMERICHOST); if (ret) { + fprintf(stderr, "error: print_sockaddr_inet: %s", gai_strerror(ret)); buf[0] = '\0'; goto out; } @@ -160,7 +158,7 @@ char *print_sockaddr_inet(const struct sockaddr_inet *sa_const) } } - if ((sa.sinet_family == AF_INET6 && strchr(host, ':')) || ifindex) + if ((sa->sinet_family == AF_INET6 && strchr(host, ':')) || ifindex) snprintf(buf, sizeof(buf), "[%s%s]:%s", host, ifname, service); else snprintf(buf, sizeof(buf), "%s:%s", host, service); @@ -261,7 +259,7 @@ static void pretty_print(struct wgdevice *device) if (device->listen_family != AF_UNSPEC) terminal_printf(" " TERMINAL_BOLD "listening on" TERMINAL_RESET ": %s\n", print_sockaddr_inet(&device->listen_inet)); else if (device->listen_port) - terminal_printf(" " TERMINAL_BOLD "listening port" TERMINAL_RESET ": %u\n", device->listen_port); + terminal_printf(" " TERMINAL_BOLD "listening port" TERMINAL_RESET ": %u\n", ntohs(device->listen_port)); if (device->fwmark) terminal_printf(" " TERMINAL_BOLD "fwmark" TERMINAL_RESET ": 0x%x\n", device->fwmark); if (device->first_peer) { @@ -306,7 +304,7 @@ static void dump_print(struct wgdevice *device, bool with_interface) if (device->listen_family != AF_UNSPEC) printf("%s\t", print_sockaddr_inet(&device->listen_inet)); else - printf("%u\t", device->listen_port); + printf("%u\t", ntohs(device->listen_port)); if (device->fwmark) printf("0x%x\n", device->fwmark); else @@ -350,7 +348,7 @@ static bool ugly_print(struct wgdevice *device, const char *param, bool with_int } else if (!strcmp(param, "listen-port")) { if (with_interface) printf("%s\t", device->name); - printf("%u\n", device->listen_port); + printf("%u\n", ntohs(device->listen_port)); } else if (!strcmp(param, "listen")) { if (with_interface) printf("%s\t", device->name); diff --git a/src/showconf.c b/src/showconf.c index d165eb2..c99a6a0 100644 --- a/src/showconf.c +++ b/src/showconf.c @@ -44,7 +44,7 @@ int showconf_main(int argc, const char *argv[]) if (device->listen_family != AF_UNSPEC) printf("Listen = %s", print_sockaddr_inet(&device->listen_inet)); else if (device->listen_port) - printf("ListenPort = %u\n", device->listen_port); + printf("ListenPort = %u\n", ntohs(device->listen_port)); if (device->fwmark) printf("FwMark = 0x%x\n", device->fwmark); if (device->flags & WGDEVICE_HAS_PRIVATE_KEY) { -- 2.39.2 From dxld at darkboxed.org Thu Aug 17 20:11:38 2023 From: dxld at darkboxed.org (=?UTF-8?q?Daniel=20Gr=C3=B6ber?=) Date: Thu, 17 Aug 2023 22:11:38 +0200 Subject: [PATCH 5/5] Replace print_endpoint with print_sockaddr_inet In-Reply-To: <20230817201138.930780-1-dxld@darkboxed.org> References: <20230817201138.930780-1-dxld@darkboxed.org> Message-ID: <20230817201138.930780-5-dxld@darkboxed.org> Note this changes the commandline behaviour slightly. Previously we would output the gai_strerror message instead of the address when getnameinfo fails. I don't think this behaviour is very useful for scripts as it's hard to match for since we're missing, say, an "error: " prefix. Instead print the error to stderr and just don't print anything on stdout in this case. Empty string is easier to detect than an arbitrary set of (possibly localised!) error messages. Signed-off-by: Daniel Gr?ber --- src/show.c | 29 +++-------------------------- 1 file changed, 3 insertions(+), 26 deletions(-) diff --git a/src/show.c b/src/show.c index 3048183..ec830d1 100644 --- a/src/show.c +++ b/src/show.c @@ -104,29 +104,6 @@ static char *ip(const struct wgallowedip *ip) return buf; } -char *print_endpoint(const struct sockaddr *addr) -{ - char host[4096 + 1]; - char service[512 + 1]; - static char buf[sizeof(host) + sizeof(service) + 4]; - int ret; - socklen_t addr_len = 0; - - memset(buf, 0, sizeof(buf)); - if (addr->sa_family == AF_INET) - addr_len = sizeof(struct sockaddr_in); - else if (addr->sa_family == AF_INET6) - addr_len = sizeof(struct sockaddr_in6); - - ret = getnameinfo(addr, addr_len, host, sizeof(host), service, sizeof(service), NI_DGRAM | NI_NUMERICSERV | NI_NUMERICHOST); - if (ret) { - strncpy(buf, gai_strerror(ret), sizeof(buf) - 1); - buf[sizeof(buf) - 1] = '\0'; - } else - snprintf(buf, sizeof(buf), (addr->sa_family == AF_INET6 && strchr(host, ':')) ? "[%s]:%s" : "%s:%s", host, service); - return buf; -} - char *print_sockaddr_inet(const struct sockaddr_inet *sa) { char host[4096 + 1], service[512 + 1], ifname_buf[IF_NAMESIZE+10] = "%"; @@ -271,7 +248,7 @@ static void pretty_print(struct wgdevice *device) if (peer->flags & WGPEER_HAS_PRESHARED_KEY) terminal_printf(" " TERMINAL_BOLD "preshared key" TERMINAL_RESET ": %s\n", masked_key(peer->preshared_key)); if (peer->endpoint.addr.sa_family == AF_INET || peer->endpoint.addr.sa_family == AF_INET6) - terminal_printf(" " TERMINAL_BOLD "endpoint" TERMINAL_RESET ": %s\n", print_endpoint(&peer->endpoint.addr)); + terminal_printf(" " TERMINAL_BOLD "endpoint" TERMINAL_RESET ": %s\n", print_sockaddr_inet(&peer->endpoint.addr_inet)); terminal_printf(" " TERMINAL_BOLD "allowed ips" TERMINAL_RESET ": "); if (peer->first_allowedip) { for_each_wgallowedip(peer, allowedip) @@ -315,7 +292,7 @@ static void dump_print(struct wgdevice *device, bool with_interface) printf("%s\t", key(peer->public_key)); printf("%s\t", maybe_key(peer->preshared_key, peer->flags & WGPEER_HAS_PRESHARED_KEY)); if (peer->endpoint.addr.sa_family == AF_INET || peer->endpoint.addr.sa_family == AF_INET6) - printf("%s\t", print_endpoint(&peer->endpoint.addr)); + printf("%s\t", print_sockaddr_inet(&peer->endpoint.addr_inet)); else printf("(none)\t"); if (peer->first_allowedip) { @@ -366,7 +343,7 @@ static bool ugly_print(struct wgdevice *device, const char *param, bool with_int printf("%s\t", device->name); printf("%s\t", key(peer->public_key)); if (peer->endpoint.addr.sa_family == AF_INET || peer->endpoint.addr.sa_family == AF_INET6) - printf("%s\n", print_endpoint(&peer->endpoint.addr)); + printf("%s\n", print_sockaddr_inet(&peer->endpoint.addr_inet)); else printf("(none)\n"); } -- 2.39.2 From dxld at darkboxed.org Fri Aug 18 11:49:57 2023 From: dxld at darkboxed.org (=?UTF-8?q?Daniel=20Gr=C3=B6ber?=) Date: Fri, 18 Aug 2023 13:49:57 +0200 Subject: [PATCH v2 RESEND] wg: Allow config to read secret keys from file Message-ID: <20230818114957.982705-1-dxld@darkboxed.org> This adds two new config keys PrivateKeyFile= and PresharedKeyFile= that simply hook up the existing code for the `wg set ... private-key /file` codepath. By using the new options wireguard configs can become a lot easier to manage and deploy as we don't have to treat them as secrets anymore. This way they can, for example, be tracked in public git repos while the secret keys can be provisioned using an out of band system or with a manual one-time step instead. Before this patch we were using an ugly hack: it's possible to simply omit PrivateKey= and set it using `PostUp = wg set %i private-key /some/file`. However this breaks when we try to use setconf or synconf as they will (rightly) unset the private key when it's missing in the underlying config file breaking connectivity. Reviewed-By: Michael Tokarev Signed-off-by: Daniel Gr?ber --- src/config.c | 8 ++++++++ src/man/wg.8 | 4 ++++ 2 files changed, 12 insertions(+) diff --git a/src/config.c b/src/config.c index 81ccb47..1e924c7 100644 --- a/src/config.c +++ b/src/config.c @@ -450,6 +450,10 @@ static bool process_line(struct config_ctx *ctx, const char *line) ret = parse_key(ctx->device->private_key, value); if (ret) ctx->device->flags |= WGDEVICE_HAS_PRIVATE_KEY; + } else if (key_match("PrivateKeyFile")) { + ret = parse_keyfile(ctx->device->private_key, value); + if (ret) + ctx->device->flags |= WGDEVICE_HAS_PRIVATE_KEY; } else goto error; } else if (ctx->is_peer_section) { @@ -467,6 +471,10 @@ static bool process_line(struct config_ctx *ctx, const char *line) ret = parse_key(ctx->last_peer->preshared_key, value); if (ret) ctx->last_peer->flags |= WGPEER_HAS_PRESHARED_KEY; + } else if (key_match("PresharedKeyFile")) { + ret = parse_keyfile(ctx->last_peer->preshared_key, value); + if (ret) + ctx->last_peer->flags |= WGPEER_HAS_PRESHARED_KEY; } else goto error; } else diff --git a/src/man/wg.8 b/src/man/wg.8 index 7984539..a5d8bcf 100644 --- a/src/man/wg.8 +++ b/src/man/wg.8 @@ -134,6 +134,8 @@ The \fIInterface\fP section may contain the following fields: .IP \(bu PrivateKey \(em a base64 private key generated by \fIwg genkey\fP. Required. .IP \(bu +PrivateKeyFile \(em path to a file containing a base64 private key. May be used instead of \fIPrivateKey\fP. Optional. +.IP \(bu ListenPort \(em a 16-bit port for listening. Optional; if not specified, chosen randomly. .IP \(bu @@ -151,6 +153,8 @@ and may be omitted. This option adds an additional layer of symmetric-key cryptography to be mixed into the already existing public-key cryptography, for post-quantum resistance. .IP \(bu +PresharedKeyFile \(em path to a file containing a base64 preshared key. May be used instead of \fIPresharedKey\fP. Optional. +.IP \(bu AllowedIPs \(em a comma-separated list of IP (v4 or v6) addresses with CIDR masks from which incoming traffic for this peer is allowed and to which outgoing traffic for this peer is directed. The catch-all -- 2.39.2 From rdunlap at infradead.org Fri Aug 18 23:44:26 2023 From: rdunlap at infradead.org (Randy Dunlap) Date: Fri, 18 Aug 2023 16:44:26 -0700 Subject: [PATCH] treewide: drop CONFIG_EMBEDDED In-Reply-To: <86e329b1-c8d7-47bf-8be8-3326daf74eb5@infradead.org> References: <38e1a01b-1e8b-7c66-bafc-fc5861f08da9@gmail.com> <86e329b1-c8d7-47bf-8be8-3326daf74eb5@infradead.org> Message-ID: <78a802c5-3f0d-e199-d974-e586c00180eb@infradead.org> Hi Jesse, I replied to your comment a few days ago, but for some reason your email to me contains: Reply-To: 20230816055010.31534-1-rdunlap at infradead.org so it wasn't sent directly to you. My former reply is below. On 8/16/23 20:15, Randy Dunlap wrote: > Hi Jesse, > > On 8/16/23 15:45, Jesse Taube wrote: >> Hi, Randy >> >>> diff -- a/init/Kconfig b/init/Kconfig >>> --- a/init/Kconfig >>> +++ b/init/Kconfig >>> @@ -1790,14 +1790,6 @@ config DEBUG_RSEQ >>> >>> ??????? If unsure, say N. >>> >>> -config EMBEDDED >>> -??? bool "Embedded system" >>> -??? select EXPERT >>> -??? help >>> -????? This option should be enabled if compiling the kernel for >>> -????? an embedded system so certain expert options are available >>> -????? for configuration. >> >> Wouldn't removing this break many out of tree configs? > > I'm not familiar with out-of-tree configs. > Do you have some examples of some that use CONFIG_EMBEDDED? > (not distros) > >> Should there be a warning here to update change it instead of removal? > > kconfig doesn't have a warning mechanism AFAIK. > Do you have an idea of how this would work? > > We could make a smaller change to init/Kconfig, like so: > > config EMBEDDED > - bool "Embedded system" > + bool "Embedded system (DEPRECATED)" > select EXPERT > help > - This option should be enabled if compiling the kernel for > - an embedded system so certain expert options are available > - for configuration. > + This option is being removed after Linux 6.6. > + Use EXPERT instead of EMBEDDED. > > but there is no way to produce a warning message. I.e., even with this > change, the message will probably be overlooked. > > --- > ~Randy -- ~Randy From dxld at darkboxed.org Sat Aug 19 07:22:45 2023 From: dxld at darkboxed.org (Daniel =?utf-8?Q?Gr=C3=B6ber?=) Date: Sat, 19 Aug 2023 09:22:45 +0200 Subject: IPv6-only flag set on v6 sockets prevents the use of v4-mapped addresses In-Reply-To: References: Message-ID: <20230819072245.bj7giu7lk4zqib2h@House.clients.dxld.at> Hi Nathaniel, On Mon, May 22, 2023 at 07:48:04AM +0100, Nathaniel Filardo wrote: > This means that v4-mapped v6 addresses (::ffff:a.b.c.d) can be > registered as peer endpoints, but the kernel very silently won't try > to reach out. Is that deliberate for some reason that eludes me? If > it is, could the userspace tooling be educated about v4-mapped > addresses and translate them accordingly before handing them up to the > kernel; if it isn't, could we drop the v6-only flag on the kernel > socket? Since I recently sent some patches touching the socket binding code I'm worndering what the exact use case is here? DNS will never return these addressess, I've only ever seen them used (internally to programs) when the kernel returns them in non-v6only sockets. Is there some other context these get returned in I'm missing? I considered dropping the v6only flag for the new bind-to-address code path I introduced but couldn't convince myself that there really is a good reason to deviate from established wg behaviour here. --Daniel From dxld at darkboxed.org Sat Aug 19 14:02:18 2023 From: dxld at darkboxed.org (Daniel =?utf-8?Q?Gr=C3=B6ber?=) Date: Sat, 19 Aug 2023 16:02:18 +0200 Subject: [RFC] Replace WireGuard AllowedIPs with IP route attribute Message-ID: <20230819140218.5algu2nfmfostngh@House.clients.dxld.at> Hi wireguard, birds, and babelers, tl;dr I want to add a new Linux route attribute (think "via $wgpeer") to supplement wireguard's internal AllowedIPs logic for both routing and source address filtering. I've been pondering how to better integrate wireguard into dynamic routing daemons, particularly BIRD and babeld. Essentially we want to be able to dynamically add/remove AllowedIPs depending on current reachability and/or link quality stats. Looking at the wg netlink API I see two major efficiency/scalability problems: 1) there is no way to be notified of changes in AllowedIPs made by other processes meaning we have to do periodic scans and 2) a peer's AllowedIPs set can only be replaced wholesale, not modified incrementally. This is problematic as "someone" might, in the worst case, want to install an entire internet routing table's worth of AllowedIPs and the set will likely change frequently. FYI: The IPv4 table has ~1M entries at present, yikes. Assuming external AllowedIPs changes are infrequent occationally dumping them all to keep a consistent view of the state shouldn't be too much of an issue as long as the netlink interface is performant enoug, so I'm going to concentrate on the add/remove API for now. Instead of doing the obvious thing and adding a more efficient incremental AllowedIPs netlink interface I figure why not just add a route attribute to select a target wg peer on a device. That way we could not only save memory (no separate AllowedIPs trie) but also simplify routing daemon implementation considerably. This would mirror how on ethernet you can have `dev eth0 via $router_ip`. I'm still reviewing the net/ code to find the best way to do this, but I'm thinking either a new RTA_WGPEER, like: `default dev wg0 via-wgpeer $peer_pubkey` or perhaps re-using RTA_VIA and keying off a statically configured AllowedIP addresses. To start I'd make this an opt-in replacement for our usual AllowedIPs logic, making sure to only activate it if any via* RTAs are active on a particular device, but if it proves to work well I don't see why we couldn't adapt the netlink code to maintain AllowedIPs using this RTA (but invisible to userspace) to re-use the same code and get rid of allowedips.c altogether. That's assuming this ends up being less code overall or perhaps more performant. Happy to hear your thoughts, --Daniel From nwfilardo at gmail.com Sat Aug 19 16:34:00 2023 From: nwfilardo at gmail.com (Nathaniel Filardo) Date: Sat, 19 Aug 2023 17:34:00 +0100 Subject: IPv6-only flag set on v6 sockets prevents the use of v4-mapped addresses In-Reply-To: <20230819072245.bj7giu7lk4zqib2h@House.clients.dxld.at> References: <20230819072245.bj7giu7lk4zqib2h@House.clients.dxld.at> Message-ID: Hi Daniel, DNS absolutely can and does store and return those addresses; look at mapped46.test.ietfng.org for an example (AAAA ::ffff:1.2.3.4). In my use case they arise because I have scripts that take wireguard peer addresses and register them with my DNS service provider, and it's simpler to update a single AAAA record per peer regardless of address family than it is to switch between having an AAAA and A record for the name. At the very least, the radio silence after the kernel accepts a v4-mapped v6 address is unexpected behavior. More generally, I don't see what good setting the v6only flag here is doing (in fact, that's true in general; there are very few circumstances, and most of those are for *listening* sockets, where v6only seems remotely sensible; the v4 to v6 migration is such a mess), so "the established wg behavior" makes no sense to me. (It's also plausibly true that I'm the first to *notice* this aspect of the established behavior!) In any case, in decreasing order of preference, I'd suggest: 1. Drop the v6only flag on peer sockets and allow the kernel speak to v4-mapped v6 addresses. 2. I missed something and v6only does serve a purpose; add special handling for v4-mapped v6 addresses to the wg kernel interface, bending them into v4 sockaddrs internally. 3. For some reason 2 isn't acceptable either, so add special handling to the wg userspace tools and do the transmogrification there. 4. For some reason none of that is tolerable, so have the kernel reject v4-mapped v6 addresses rather than silently accept them and fail to speak. Cheers, --nwf; On Sat, Aug 19, 2023 at 8:22?AM Daniel Gr?ber wrote: > > Hi Nathaniel, > > On Mon, May 22, 2023 at 07:48:04AM +0100, Nathaniel Filardo wrote: > > This means that v4-mapped v6 addresses (::ffff:a.b.c.d) can be > > registered as peer endpoints, but the kernel very silently won't try > > to reach out. Is that deliberate for some reason that eludes me? If > > it is, could the userspace tooling be educated about v4-mapped > > addresses and translate them accordingly before handing them up to the > > kernel; if it isn't, could we drop the v6-only flag on the kernel > > socket? > > Since I recently sent some patches touching the socket binding code I'm > worndering what the exact use case is here? DNS will never return these > addressess, I've only ever seen them used (internally to programs) when the > kernel returns them in non-v6only sockets. Is there some other context > these get returned in I'm missing? > > I considered dropping the v6only flag for the new bind-to-address code path > I introduced but couldn't convince myself that there really is a good > reason to deviate from established wg behaviour here. > > --Daniel From dxld at darkboxed.org Sat Aug 19 18:17:05 2023 From: dxld at darkboxed.org (Daniel =?utf-8?Q?Gr=C3=B6ber?=) Date: Sat, 19 Aug 2023 20:17:05 +0200 Subject: [RFC] Replace WireGuard AllowedIPs with IP route attribute In-Reply-To: <5112ea1f-0f67-4907-a3c5-b6c7b9e591ca@kr217.de> References: <20230819140218.5algu2nfmfostngh@House.clients.dxld.at> <5112ea1f-0f67-4907-a3c5-b6c7b9e591ca@kr217.de> Message-ID: <20230819181705.soor7bivakzyndc7@House.clients.dxld.at> Hi Bernd, On Sat, Aug 19, 2023 at 07:50:38PM +0200, Bernd Naumann wrote: > Chances are high I do miss something, but I've just set AllowedIPs to > 0.0.0.0/0 and ::/0 and just used the routing protocol of my choice and > filters to select which routes got exported and imported... :shrug: Right, let me expand a bit. You are absolutely right, right now if you want to use wg with dynamic routing daemons you essentially have to have one wg tunnel per remote node with AllowedIPs=::/0 and that works just fine at small scales. The idea here is that we would like to go back to having just one tunnel for all nodes involved in this particular network instead, due to general operations scalability, mine is a mesh network so the number of tunnels gets rather large quickly :) Lots of tunnels suck for various reasons, monitoring if they're all up and configured properly is one example but my understanding from previous discussions is the performance is probably not ideal either. --Daniel From dxld at darkboxed.org Sat Aug 19 19:16:32 2023 From: dxld at darkboxed.org (Daniel =?utf-8?Q?Gr=C3=B6ber?=) Date: Sat, 19 Aug 2023 21:16:32 +0200 Subject: IPv6-only flag set on v6 sockets prevents the use of v4-mapped addresses In-Reply-To: References: <20230819072245.bj7giu7lk4zqib2h@House.clients.dxld.at> Message-ID: <20230819191632.hjwjyan5kiz6gwyu@House.clients.dxld.at> Hi Nathaniel, On Sat, Aug 19, 2023 at 05:34:00PM +0100, Nathaniel Filardo wrote: > DNS absolutely can and does I mean I can (and used to) enter fe80::/64 link local addressess into DNS but it turns out this is actually forbidden by the RFCs but nothing will stop you. I'm not convinced putting ::ffff: into DNS is a legitimate use-case given that it it entirely up to an application whether it uses the IPV6_V6ONLY socket option or dual-stack sockets instead as you've noticed. This is supported by my reading of RFC4038. I checked RFC4291/5156 for mentions of how IPv4-mapped v6 addresses are to be treated but they don't mention any restrictions. So I guess it's up to us to decide whether it's a legitimate use-case or not. Unless anyone else has a reference to the contrary? > In my use case they arise because I have scripts that take wireguard peer > addresses and register them with my DNS service provider, and it's > simpler to update a single AAAA record per peer regardless of address > family than it is to switch between having an AAAA and A record for the > name. > > At the very least, the radio silence after the kernel accepts a > v4-mapped v6 address is unexpected behavior. Not really, in networking traffic black holes are pretty common. I'd expect the ::ffff:0.0.0.0/96 traffic to get sent via the default route and being filtered somewhere. Expected behaviour, some people might want to use ::ffff:0.0.0.0/96 as their NAT64 prefix for example. Though that might be ill advised when a standardized local prefix exists ;) > More generally, I don't see what good setting the v6only flag here is > doing (in fact, that's true in general; there are very few > circumstances, and most of those are for *listening* sockets, where > v6only seems remotely sensible; the v4 to v6 migration is such a > mess), so "the established wg behavior" makes no sense to me. What you're probably not seeing is that there's a technical reason wg doesn't use a single socket: The code currently supports CONFIG_IPV6 not being set, so then it can't rely on being able to create a v6 socket! The way it's written it's just easier to have two sockets and not switch between v4-only and v6-mapped sockets. I'm a IPv6-only-or-bust kind of guy so IMO we should just mandate CONFIG_IPV6 and get rid of a whole bunch of legacy IPv4 code (yey), but eh. someones probably going to complain about code-size for their v4-only legacy use-case then :] > (It's also plausibly true that I'm the first to *notice* this aspect > of the established behavior!) You're not, I noticed too when I was working-around the lack of the AddressFamily= option with a PostUp= script using `getent ahostsv6` and while the additional `| sed -n '/^::ffff:/d;s/\s*DGRAM.*$//p'` pushed the PostUp= line over 80 characters I don't consider it an overly onerous requirement :) > In any case, in decreasing order of preference, I'd suggest: > 1. Drop the v6only flag on peer sockets and allow the kernel speak to > v4-mapped v6 addresses. > 2. I missed something and v6only does serve a purpose; add special > handling for v4-mapped v6 addresses to the wg kernel interface, > bending them into v4 sockaddrs internally. > 3. For some reason 2 isn't acceptable either, so add special handling > to the wg userspace tools and do the transmogrification there. > 4. For some reason none of that is tolerable, so have the kernel > reject v4-mapped v6 addresses rather than silently accept them and > fail to speak. I don't like any of those. The way I see it your DynDNS approach is broken please use the appropriate rrtype for each address-family. Note my opinion is not authoritive here, Jason likely has the final say or, recently, more likely lack of say ;) In userspace we ask getaddrinfo() not to return v4-mapped addressess by having AI_V4MAPPED unset, unfortunately this doesn't work when you enter those addresses into DNS (a libc bug perhaps? *hint* *hint*). I would suggest filtering them on our side if they get returned anyway and emitting a warning so this is less of a stumbling block for the next poor soul. I do wonder what the behavoir of the other wg implementations is on this point, if it's inconsistent with the kernel impl. that's even more reason to warn about it. --Daniel From post at steffenvogel.de Sat Aug 19 20:00:17 2023 From: post at steffenvogel.de (Steffen Vogel) Date: Sat, 19 Aug 2023 22:00:17 +0200 Subject: =?utf-8?q?Re=3A?= [Babel-users] [RFC] Replace WireGuard AllowedIPs with IP route attribute In-Reply-To: <20230819140218.5algu2nfmfostngh@House.clients.dxld.at> Message-ID: <4b-64e11f80-13-5e880900@8744214> Hi Daniel, Interesting ideas! I am wondering if this complexity is really necessary? How many routes do you have per peer? In my personal setup I have maximum of 1-100 routes per peer which I can handle with the current API quite comfortably. My biggest concern about the introduction of a route attribute is that this adds complexity for users. WireGuard's simplicity (and portability) have been important factors for its success. A route attribute would introduce another source for the crypto-routing peer selection process. What happens if the two mechanisms select different peers? Which one would have precedence? Similarly also for incoming packets. WireGuard's current principle is really easy to understand. If the source address in in the peers AllowedIP list, we will accept the packet. If not its discarded. This is a central part of WireGuard's crypto-key routing feature which would become more complex. Also implementation wise I would have doubts: Should WireGuard itself perform route lookups to determine which packets will be accepted? Or does WireGuard needs to synchronize the kernel routing table with its internal data structures itself? A second concern I have with the use of route attributes is limited portability. Not all platforms support them. How do we handle WireGuard userspace implementations? I've tackled this problem in a userspace daemon. The synchronisation of a kernel routing table with a WireGuard AllowedIPs settings can be done by cunicu's route synchronization feature: https://cunicu.li/docs/features/rtsync The route synchronization feature keeps the kernel routing table in sync with WireGuard's AllowedIPs setting. This synchronization is bi-directional: - Networks which are found in a Peers AllowedIP list will be installed as a kernel route - Kernel routes with the peers unique IP address as next-hop will be added to the Peers AllowedIPs list. This rather simple feature allows user to pair cunicu with a software routing daemon like Bird2 while using a single WireGuard interface with multiple peer-to-peer links. I am assigning each WireGuard interface a link-local address which is derived from the peers public key. I am using the peers link-local address as the next-hop in my routing daemon to differentiate to which Peer the AllowedIP entry must be added. I am keeping track of the kernel's routing table and AllowedIPs by regularly polling the kernel. As the route synchronisation is just one of cunicu's features [1], I have a central "watcher" routine in cunicu which observes any modification the the WireGuard interfaces and dispatches events which the individual features then can hook into. These observations are not limited to the AllowedIPs but basically any state of the WireGuard interface. E.g. last handshake time or per/peer traffic counters. In my setup a periodic synchronization worked fine. But I agree that it would be nice if we could have a Netlink multicast group for subscribing to changes like we also have for other parts of the Linux network stack like routing tables, or link states. This feature was already discussed on the WireGuard mailing list [7]. But unfortunately the patch was never accepted. Maybe we can revisit this patch? I would also be a big supported of extending the netlink API for supporting incremental updates the AllowedIP lists. The netlink APIs are already different for each platform. So extending it for one platform wouldn't hurt here. Unfortunately, I have far too many ideas for cunicu and limited time to realize them all. So I've recently moved the whole cunicu project into its own organization at GitHub/Codeberg [6] in attempt to find more contributors. Best regards, Steffen (stv0g) [1] Others planned features are: - Endpoint discovery via ICE/STUN/TURN - Peer discovery - IP-autoconfiguration by deriving link-local addresses from peers public keys I have a lot more ideas here like integrating my - Go babel routing implementation [2] - or Rosenpass PQC key-exchange [3] - or performing proper path-MTU discovery using DPLPMTUD [4] - or using hardware tokens, TPMs, secure enclaves to rotate pre-shared keys backed by a hardware source-of-trust [5] [2] https://github.com/cunicu/go-babel [3] https://github.com/cunicu/go-rosenpass [4] https://github.com/cunicu/go-pmtud [5] https://github.com/cunicu/go-skes [6] https://codeberg.org/cunicu [7] https://lists.zx2c4.com/pipermail/wireguard/2021-January/006318.html On Saturday, August 19, 2023 16:02 CEST, Daniel Gr?ber wrote: > Hi wireguard, birds, and babelers, > > tl;dr I want to add a new Linux route attribute (think "via $wgpeer") to > supplement wireguard's internal AllowedIPs logic for both routing and > source address filtering. > > I've been pondering how to better integrate wireguard into dynamic routing > daemons, particularly BIRD and babeld. Essentially we want to be able to > dynamically add/remove AllowedIPs depending on current reachability and/or > link quality stats. > > Looking at the wg netlink API I see two major efficiency/scalability > problems: 1) there is no way to be notified of changes in AllowedIPs made > by other processes meaning we have to do periodic scans and 2) a peer's > AllowedIPs set can only be replaced wholesale, not modified > incrementally. This is problematic as "someone" might, in the worst case, > want to install an entire internet routing table's worth of AllowedIPs and > the set will likely change frequently. FYI: The IPv4 table has ~1M entries > at present, yikes. > > Assuming external AllowedIPs changes are infrequent occationally dumping > them all to keep a consistent view of the state shouldn't be too much of an > issue as long as the netlink interface is performant enoug, so I'm going to > concentrate on the add/remove API for now. > > Instead of doing the obvious thing and adding a more efficient incremental > AllowedIPs netlink interface I figure why not just add a route attribute to > select a target wg peer on a device. That way we could not only save memory > (no separate AllowedIPs trie) but also simplify routing daemon > implementation considerably. > > This would mirror how on ethernet you can have `dev eth0 via $router_ip`. > I'm still reviewing the net/ code to find the best way to do this, but I'm > thinking either a new RTA_WGPEER, like: `default dev wg0 via-wgpeer > $peer_pubkey` or perhaps re-using RTA_VIA and keying off a statically > configured AllowedIP addresses. > > To start I'd make this an opt-in replacement for our usual AllowedIPs > logic, making sure to only activate it if any via* RTAs are active on a > particular device, but if it proves to work well I don't see why we > couldn't adapt the netlink code to maintain AllowedIPs using this RTA (but > invisible to userspace) to re-use the same code and get rid of allowedips.c > altogether. That's assuming this ends up being less code overall or perhaps > more performant. > > Happy to hear your thoughts, > --Daniel > > _______________________________________________ > Babel-users mailing list > Babel-users at alioth-lists.debian.net > https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/babel-users From diyaa at diyaa.ca Mon Aug 14 16:27:37 2023 From: diyaa at diyaa.ca (Diyaa Alkanakre) Date: Mon, 14 Aug 2023 18:27:37 +0200 (CEST) Subject: Wireguard Dynamic ARP entries Message-ID: Hello everyone, I am seeing lots of ARP dynamic entries on Windows when typing "arp -a" on the command line on windows. I am wondering if that is a normal behavior? when I set a wireguard peer with a default route "0.0.0.0/0, ::/0" I end up spending about 2 minutes to get to the bottom of the CLI when I type "arp -a". I am just wondering if that is a normal behavior? why is this happening?? Thank you in advance, Diyaa From mr.bossman075 at gmail.com Wed Aug 16 22:45:12 2023 From: mr.bossman075 at gmail.com (Jesse Taube) Date: Wed, 16 Aug 2023 18:45:12 -0400 Subject: [PATCH] treewide: drop CONFIG_EMBEDDED Message-ID: <38e1a01b-1e8b-7c66-bafc-fc5861f08da9@gmail.com> Hi, Randy > diff -- a/init/Kconfig b/init/Kconfig > --- a/init/Kconfig > +++ b/init/Kconfig > @@ -1790,14 +1790,6 @@ config DEBUG_RSEQ > > If unsure, say N. > > -config EMBEDDED > - bool "Embedded system" > - select EXPERT > - help > - This option should be enabled if compiling the kernel for > - an embedded system so certain expert options are available > - for configuration. Wouldn't removing this break many out of tree configs? Should there be a warning here to update change it instead of removal? Thanks, Jesse Taube From mpe at ellerman.id.au Thu Aug 17 04:38:05 2023 From: mpe at ellerman.id.au (Michael Ellerman) Date: Thu, 17 Aug 2023 14:38:05 +1000 Subject: [PATCH] treewide: drop CONFIG_EMBEDDED In-Reply-To: <20230816055010.31534-1-rdunlap@infradead.org> References: <20230816055010.31534-1-rdunlap@infradead.org> Message-ID: <875y5e707m.fsf@mail.lhotse> Randy Dunlap writes: > There is only one Kconfig user of CONFIG_EMBEDDED and it can be > switched to EXPERT or "if !ARCH_MULTIPLATFORM" (suggested by Arnd). > > Signed-off-by: Randy Dunlap ... > arch/powerpc/configs/40x/klondike_defconfig | 2 +- > arch/powerpc/configs/44x/fsp2_defconfig | 2 +- > arch/powerpc/configs/52xx/tqm5200_defconfig | 2 +- > arch/powerpc/configs/mgcoge_defconfig | 2 +- > arch/powerpc/configs/microwatt_defconfig | 2 +- > arch/powerpc/configs/ps3_defconfig | 2 +- Acked-by: Michael Ellerman (powerpc) ... > diff -- a/init/Kconfig b/init/Kconfig > --- a/init/Kconfig > +++ b/init/Kconfig > @@ -1790,14 +1790,6 @@ config DEBUG_RSEQ > > If unsure, say N. > > -config EMBEDDED > - bool "Embedded system" > - select EXPERT This is a crucial detail that could be mentioned in the change log. ie. that all defconfigs that currently have EMBEDDED=y are currently selecting EXPERT already. cheers From mr.bossman075 at gmail.com Sat Aug 19 03:33:49 2023 From: mr.bossman075 at gmail.com (Jesse T) Date: Fri, 18 Aug 2023 23:33:49 -0400 Subject: [PATCH] treewide: drop CONFIG_EMBEDDED In-Reply-To: <78a802c5-3f0d-e199-d974-e586c00180eb@infradead.org> References: <38e1a01b-1e8b-7c66-bafc-fc5861f08da9@gmail.com> <86e329b1-c8d7-47bf-8be8-3326daf74eb5@infradead.org> <78a802c5-3f0d-e199-d974-e586c00180eb@infradead.org> Message-ID: On Fri, Aug 18, 2023 at 7:44?PM Randy Dunlap wrote: > > Hi Jesse, > > I replied to your comment a few days ago, but for some reason > your email to me contains: > Reply-To: 20230816055010.31534-1-rdunlap at infradead.org > so it wasn't sent directly to you. Sorry about that I messed up the email headers... > > My former reply is below. > > On 8/16/23 20:15, Randy Dunlap wrote: > > Hi Jesse, > > > > On 8/16/23 15:45, Jesse Taube wrote: > >> Hi, Randy > >> > >>> diff -- a/init/Kconfig b/init/Kconfig > >>> --- a/init/Kconfig > >>> +++ b/init/Kconfig > >>> @@ -1790,14 +1790,6 @@ config DEBUG_RSEQ > >>> > >>> If unsure, say N. > >>> > >>> -config EMBEDDED > >>> - bool "Embedded system" > >>> - select EXPERT > >>> - help > >>> - This option should be enabled if compiling the kernel for > >>> - an embedded system so certain expert options are available > >>> - for configuration. > >> > >> Wouldn't removing this break many out of tree configs? > > > > I'm not familiar with out-of-tree configs. > > Do you have some examples of some that use CONFIG_EMBEDDED? > > (not distros) Buildroot has a few. It won't immediately break Buildroot and Yocto as they have a set version, but it could be confusing for anyone updating the kernel. > > > >> Should there be a warning here to update change it instead of removal? > > > > kconfig doesn't have a warning mechanism AFAIK. > > Do you have an idea of how this would work? No, unfortunately. As you said without a warning it would be overlooked so a change would not be necessary. A possible solution is to check in a header file with: #ifdef CONFIG_EMBEDDED #warning "CONFIG_EMBEDDED has changed to CONFIG_EXPERT" #endif Does anyone else have an opinion on this? Since kconfig doesn't have a warning mechanism the patch seems fine as is. Thanks, Jesse Taube > > > > We could make a smaller change to init/Kconfig, like so: > > > > config EMBEDDED > > - bool "Embedded system" > > + bool "Embedded system (DEPRECATED)" > > select EXPERT > > help > > - This option should be enabled if compiling the kernel for > > - an embedded system so certain expert options are available > > - for configuration. > > + This option is being removed after Linux 6.6. > > + Use EXPERT instead of EMBEDDED. > > > > but there is no way to produce a warning message. I.e., even with this > > change, the message will probably be overlooked. > > > > --- > > ~Randy > > -- > ~Randy From christophe.leroy at csgroup.eu Sat Aug 19 08:53:25 2023 From: christophe.leroy at csgroup.eu (Christophe Leroy) Date: Sat, 19 Aug 2023 08:53:25 +0000 Subject: [PATCH] treewide: drop CONFIG_EMBEDDED In-Reply-To: References: <38e1a01b-1e8b-7c66-bafc-fc5861f08da9@gmail.com> <86e329b1-c8d7-47bf-8be8-3326daf74eb5@infradead.org> <78a802c5-3f0d-e199-d974-e586c00180eb@infradead.org> Message-ID: Hi, Le 19/08/2023 ? 05:33, Jesse T a ?crit?: >>> >>>> Should there be a warning here to update change it instead of removal? >>> >>> kconfig doesn't have a warning mechanism AFAIK. >>> Do you have an idea of how this would work? > > No, unfortunately. As you said without a warning it would be overlooked so > a change would not be necessary. > > A possible solution is to check in a header file with: > > #ifdef CONFIG_EMBEDDED > #warning "CONFIG_EMBEDDED has changed to CONFIG_EXPERT" > #endif > > Does anyone else have an opinion on this? My opinion is that has happen several times in the past and will happen again. It is not a big deal, whoever updates to a new kernel will make a savedefconfig and compare with previous defconfig and see what has changed. Once you see that CONFIG_EMBEDDED is disappearing you look at kernel history to find out why CONFIG_EMBEDDED disappears, and you understand from the commit message that you have to select CONFIG_EXPERT instead. A couple examples I have in mind from the past: - CONFIG_FORCE_MAX_ZONEORDER became CONFIG_ARCH_FORCE_MAX_ORDER - CONFIG_MTD_NAND became CONFIG_MTD_RAW_NAND > Since kconfig doesn't have a warning mechanism the patch seems fine as is. So yes the patch is fine as is IMHO. Christophe From kim at wayoftao.net Sat Aug 19 15:08:27 2023 From: kim at wayoftao.net (Kim Nilsson) Date: Sat, 19 Aug 2023 17:08:27 +0200 Subject: allowed-ips: separation of concerns, routing and firewalling Message-ID: Hello wireguard project, I am currently working on several projects that make use of wireguard as part of a larger networking scheme. Since there are many details about tunneling, network routing, and firewalling that are considered must-know for many of my coworkers I recently had to make a presentation on how packets move through the network stack and, for example, how they end up on the receiving end of a wireguard tunnel. During the presentation a question arose on what happens when an IP packet is routed through a gateway and what wireguard does. When an IP packet is to be sent over e.g. ethernet, the link layer destination address is usually discovered using ARP. In the case of wireguard, a lookup is performed into a table which maps the entries of allowed-ips to their corresponding wireguard peer. This behavior is relatively straightforward and does what one would expect from a link layer. However, when an IP packet is to be routed through a gateway the interaction with link layer processes such ARP is usually performed using the gateway address as opposed to the actual destination address of the packet (in Linux this is attached to a given skb as dst info). From what I understand, wireguard completely ignores the presence of such routing information and instead requires the user to manually populate a particular peer with all possible destination addresses. In effect, the concern of packet routing is placed inside the wireguard implementation instead of being left to the routing subsystem. As for possible motivations for this design choice, I can think of security as one that could be considered motivating enough - A packet cannot travel to a wireguard peer unless its destination address is in the set of allowed-ips. Looking at the implementation it is also evident that wireguard also will not receive packets with source addresses not present in allowed-ips (and complain that there is a "dishonest peer"). However, is this not also a case of the concerns of another subsystem viz. the firewall being placed inside the wireguard implementation? As it stands, what is traditionally considered routing and firewall information has to be shared with wireguard in order to maintain a working tunnel. Would it not be more reasonable if wireguard acted as a common link layer and respected the boundaries of internet layer routing and firewalling? To this effect I have created and tested a small patch which does two things, namely; 1. Checks for the presence of routing information on outgoing payloads and, if present, uses the specified gateway address as input to the peer lookup. 2. Removes the restriction w.r.t. the source address of incoming payloads. I'm sure it is not possible at this stage to just fundamentally alter the semantics of allowed-ips, but, if you agree with my observations, perhaps the patch can serve as the foundation of something new which can begin to deprecatee allowed-ips as we know it today? Regards, Kim Nilsson P.S. Apologies if this has already been discussed before. -------------- next part -------------- A non-text attachment was scrubbed... Name: wireguard_routing.patch Type: text/x-patch Size: 3627 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: OpenPGP_signature Type: application/pgp-signature Size: 840 bytes Desc: OpenPGP digital signature URL: From krose at krose.org Sat Aug 19 20:05:57 2023 From: krose at krose.org (Kyle Rose) Date: Sat, 19 Aug 2023 16:05:57 -0400 Subject: [RFC] Replace WireGuard AllowedIPs with IP route attribute In-Reply-To: <20230819140218.5algu2nfmfostngh@House.clients.dxld.at> References: <20230819140218.5algu2nfmfostngh@House.clients.dxld.at> Message-ID: Daniel, I attempted several times to send the following message to the mailing list nearly two months ago, but they all landed in moderation for some reason and were silently dropped after a few days. You are not the only one who wants this functionality for mesh VPNs. I note the email you subsequently replied to (by Bernd) also didn't show up on the list, suggesting I am not the only one whose messages are being inexplicably jailed. Kyle ==== I really like the straightforward configurability of Wireguard out-of-the-box. It was astonishingly easy to configure a mesh to replace my previous hub-and-spoke OpenVPN setup. Thank you for making this easy. That said, I'd like the ability to use Linux's policy routing engine to allow for more complex packet flows across the VPN that are currently incompatible with Wireguard's internal packet handling. For example, let's say I have 4 nodes and want to be able to use each of the nodes as the default gateway for different types of flows. Modifying the sender side to respect a route's gateway is straightforward: --- a/drivers/net/wireguard/allowe dips.c +++ b/drivers/net/wireguard/allowe dips.c @@ -6,6 +6,8 @@ #include "allowedips.h" #include "peer.h" +#include + enum { MAX_ALLOWEDIPS_BITS = 128 }; static struct kmem_cache *node_cache; @@ -356,10 +358,18 @@ int wg_allowedips_read_node(struct allowedips_node *node, u8 ip[16], u8 *cidr) struct wg_peer *wg_allowedips_lookup_dst(stru ct allowedips *table, struct sk_buff *skb) { - if (skb->protocol == htons(ETH_P_IP)) - return lookup(table->root4, 32, &ip_hdr(skb)->daddr); - else if (skb->protocol == htons(ETH_P_IPV6)) - return lookup(table->root6, 128, &ipv6_hdr(skb)->daddr); + struct rtable *rt = skb_rtable(skb); + if (rt->rt_uses_gateway) { + if (rt->rt_gw_family == AF_INET) + return lookup(table->root4, 32, &rt->rt_gw4); + else if (rt->rt_gw_family == AF_INET6) + return lookup(table->root6, 128, &rt->rt_gw6); + } else { + if (skb->protocol == htons(ETH_P_IP)) + return lookup(table->root4, 32, &ip_hdr(skb)->daddr); + else if (skb->protocol == htons(ETH_P_IPV6)) + return lookup(table->root6, 128, &ipv6_hdr(skb)->daddr); + } return NULL; } The problem is that reply packets will be dropped via the source address check for all but the peer with the default route listed in AllowedIPs. The way the trie code works means a highly-invasive change would be needed to allow for multiple peers to be associated with a given prefix: I suspect any further complication (not to mention possible additional data structure bloat) is undesirable, and anyway I am looking to bypass most of the complexity created by Wireguard's parallel packet routing infrastructure and instead leverage the far more flexible Linux policy routing engine. At this point, what I'd like to do is be able to skip the source address check by configuration, instead relying on rp_filter and firewall rules to reject bogus or unwanted packets. With such a config knob, AllowedIPs would be used only for selecting the destination peer based on the packet daddr or the route's gateway. For a mesh like I described above, I would configure only a gateway IP for each peer in AllowedIPs and use the policy routing engine for all other packet routing behavior. I appreciate that Wireguard works the way it does most likely because routing is configured differently across the wide variety of devices it supports (and in some cases may be unavailable to users), so I don't think the AllowedIPs source address check should be removed by default; but it would be nice if I could turn it off and rely on other mechanisms in the kernel that would allow for more flexibility. On Sat, Aug 19, 2023 at 10:05?AM Daniel Gr?ber wrote: > > Hi wireguard, birds, and babelers, > > tl;dr I want to add a new Linux route attribute (think "via $wgpeer") to > supplement wireguard's internal AllowedIPs logic for both routing and > source address filtering. > > I've been pondering how to better integrate wireguard into dynamic routing > daemons, particularly BIRD and babeld. Essentially we want to be able to > dynamically add/remove AllowedIPs depending on current reachability and/or > link quality stats. > > Looking at the wg netlink API I see two major efficiency/scalability > problems: 1) there is no way to be notified of changes in AllowedIPs made > by other processes meaning we have to do periodic scans and 2) a peer's > AllowedIPs set can only be replaced wholesale, not modified > incrementally. This is problematic as "someone" might, in the worst case, > want to install an entire internet routing table's worth of AllowedIPs and > the set will likely change frequently. FYI: The IPv4 table has ~1M entries > at present, yikes. > > Assuming external AllowedIPs changes are infrequent occationally dumping > them all to keep a consistent view of the state shouldn't be too much of an > issue as long as the netlink interface is performant enoug, so I'm going to > concentrate on the add/remove API for now. > > Instead of doing the obvious thing and adding a more efficient incremental > AllowedIPs netlink interface I figure why not just add a route attribute to > select a target wg peer on a device. That way we could not only save memory > (no separate AllowedIPs trie) but also simplify routing daemon > implementation considerably. > > This would mirror how on ethernet you can have `dev eth0 via $router_ip`. > I'm still reviewing the net/ code to find the best way to do this, but I'm > thinking either a new RTA_WGPEER, like: `default dev wg0 via-wgpeer > $peer_pubkey` or perhaps re-using RTA_VIA and keying off a statically > configured AllowedIP addresses. > > To start I'd make this an opt-in replacement for our usual AllowedIPs > logic, making sure to only activate it if any via* RTAs are active on a > particular device, but if it proves to work well I don't see why we > couldn't adapt the netlink code to maintain AllowedIPs using this RTA (but > invisible to userspace) to re-use the same code and get rid of allowedips.c > altogether. That's assuming this ends up being less code overall or perhaps > more performant. > > Happy to hear your thoughts, > --Daniel From dxld at darkboxed.org Sat Aug 19 21:23:57 2023 From: dxld at darkboxed.org (Daniel =?utf-8?Q?Gr=C3=B6ber?=) Date: Sat, 19 Aug 2023 23:23:57 +0200 Subject: [Babel-users] [RFC] Replace WireGuard AllowedIPs with IP route attribute In-Reply-To: <4b-64e11f80-13-5e880900@8744214> References: <20230819140218.5algu2nfmfostngh@House.clients.dxld.at> <4b-64e11f80-13-5e880900@8744214> Message-ID: <20230819212357.lkshcpslkgbeaq4e@House.clients.dxld.at> Hi Steffen, from the questions you ask I fear you've misunderstood my intention to "replace" AllowedIPs. I'm strictly talking of the _implementation_ (allowedips.c) in Linux particular. The netlink interface would naturally stay unchanged. On Sat, Aug 19, 2023 at 10:00:17PM +0200, Steffen Vogel wrote: > Interesting ideas! I am wondering if this complexity is really necessary? I think so, right now wg's behaviour just prevents a number of advanced use-cases which is a pitty. > My biggest concern about the introduction of a route attribute is that > this adds complexity for users. WireGuard's simplicity (and portability) > have been important factors for its success. Nothing would change for users that don't use this feature. > A route attribute would introduce another source for the crypto-routing > peer selection process. What happens if the two mechanisms select > different peers? Which one would have precedence? If you read my previous mail carefully you'll find I specified how this would shake out. The rt approach will necessarily have to override AllowedIPs to be useful. > Similarly also for incoming packets. WireGuard's current principle is > really easy to understand. If the source address in in the peers > AllowedIP list, we will accept the packet. If not its discarded. This is > a central part of WireGuard's crypto-key routing feature which would > become more complex. Having read Kyle's use-case I'm thinking my original plan to extend the wg internal source-address filtering to use a rt lookup with our new attribute would not be maximally useful so now my thinking is we should just have a boolean toggle to disable it explicitly per device. Then users can do whatever fancy rt (reverse-path) lookups they want with nft. I'm particularly happy that nft rt lookups will actually do the right thing with multipath/ECMP routes (any of the involved devices satisfies the lookup) so this should actually work out fine in my case at least. Mmore prototyping is required here though. > A second concern I have with the use of route attributes is limited > portability. Not all platforms support them. How do we handle WireGuard > userspace implementations? No need. The Linux's rt table is Linux specific I have no plans to introduce this on other platforms, that's for other intersted souls to tackle. Again "replace" was referring to implementation concerns. > - Networks which are found in a Peers AllowedIP list will be installed as a kernel route That's configurable. I always turn this off when dealing with rt daemons. > - Kernel routes with the peers unique IP address as next-hop will be added to the Peers AllowedIPs list. > > This rather simple feature allows user to pair cunicu with a software > routing daemon like Bird2 while using a single WireGuard interface with > multiple peer-to-peer links. Sounds like you do what I want to do at kernel level in userspace, then at least we can agree this is a useful thing :) > In my setup a periodic synchronization worked fine. But I agree that it > would be nice if we could have a Netlink multicast group for subscribing > to changes like we also have for other parts of the Linux network stack > like routing tables, or link states. This feature was already discussed > on the WireGuard mailing list [7]. But unfortunately the patch was never > accepted. Maybe we can revisit this patch? Sounds like a plan, I'll have a look at it. > [1] Others planned features are: > - IP-autoconfiguration by deriving link-local addresses from peers public keys That's been discussed so many times before on the ML and someone always realises Jason is right and there's no point to this in the end. Key distribution is the crux of the problem. --Daniel From dxld at darkboxed.org Sun Aug 20 18:10:34 2023 From: dxld at darkboxed.org (=?UTF-8?q?Daniel=20Gr=C3=B6ber?=) Date: Sun, 20 Aug 2023 20:10:34 +0200 Subject: [PATCH] Check sockaddr_inet field offsets against system sockaddr structs Message-ID: <20230820181034.2385772-1-dxld@darkboxed.org> Some systems may have the sockaddr fields in a different arrangement and need #ifdef'ing this makes this obvious to any future porters. Signed-off-by: Daniel Gr?ber --- src/containers.h | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/src/containers.h b/src/containers.h index 2f3d88f..357df77 100644 --- a/src/containers.h +++ b/src/containers.h @@ -8,6 +8,8 @@ #include #include +#include +#include #include #include #include @@ -44,6 +46,25 @@ struct sockaddr_inet { }; }; +#if defined(_MSC_VER) +#define static_assert(x) static_assert(x, #x) +#elif !defined(static_assert) +#define static_assert(x) _Static_assert((x), #x) +#endif + +static_assert(offsetof(struct sockaddr_in, sin_port) == + offsetof(struct sockaddr_inet, sinet_port)); +static_assert(offsetof(struct sockaddr_in6, sin6_port) == + offsetof(struct sockaddr_inet, sinet_port)); + +#define assert_offsets_match(tyx, tyy, field) \ + static_assert(offsetof(tyx, field) == offsetof(tyy, field)) + +assert_offsets_match(struct sockaddr_in, struct sockaddr_inet, sin_addr); +assert_offsets_match(struct sockaddr_in6, struct sockaddr_inet, sin6_flowinfo); +assert_offsets_match(struct sockaddr_in6, struct sockaddr_inet, sin6_addr); +assert_offsets_match(struct sockaddr_in6, struct sockaddr_inet, sin6_scope_id); + struct wgallowedip { uint16_t family; union { -- 2.39.2 From leon at sidebranch.com Mon Aug 21 19:42:31 2023 From: leon at sidebranch.com (Leon Woestenberg) Date: Mon, 21 Aug 2023 21:42:31 +0200 Subject: WireGuard FPGA RTL open-source implementation Message-ID: Hello all, Our FPGA (RTL) implementation of WireGuard* is now released as open source, here: https://github.com/brightai-nl/BlackwireOverview The implementation reaches 100 Gbit/s on AMD (formerly Xilinx) Alveo U50 per direction and is currently limited to 1K sessions. This is a true *inline* accelerator where one end of the FPGA (Ethernet) is encrypted and the other is plaintext (Ethernet or PCIe depending on FPGA board). The full protocol is implemented on the FPGA. The data path with symmetric crypto is implemented in RTL (using SpinalHDL). The session management is currently mostly implemented in software on a RISC-V SoC, but we already had the x25519 crypto accelerated, as well as some handshake primitives, and are moving this more and more into RTL. *It is not finished, but we think we started with all the hard parts (i.e. non-trivial ports) and have 25% left to do before we can call this WireGuard. Our current release is targeted at developers, not end-users. We decided not to release any integration code yet, as we cannot support an in-rush of "issues" where people cannot get this to run on their favorite FPGA board. We hope the project gets some sponsorship from FPGA (board) vendors to support their platforms. I would like to thank contributors to SpinalHDL and Corundum, especially Charles Papon and Alex Forencich as they have been our (indirect) main contributors of the project by providing an excellent FPGA HDL/RTL development language resp. an excellent Ethernet/PCIe FPGA NIC, as a starting point for our development. Regards, Leon Woestenberg leon at sidebranch.com From syzbot+listd934ed408c9f32a4a743 at syzkaller.appspotmail.com Mon Aug 21 20:40:51 2023 From: syzbot+listd934ed408c9f32a4a743 at syzkaller.appspotmail.com (syzbot) Date: Mon, 21 Aug 2023 13:40:51 -0700 Subject: [syzbot] Monthly wireguard report (Aug 2023) Message-ID: <000000000000e8eb14060374e429@google.com> Hello wireguard maintainers/developers, This is a 31-day syzbot report for the wireguard subsystem. All related reports/information can be found at: https://syzkaller.appspot.com/upstream/s/wireguard During the period, 2 new issues were detected and 0 were fixed. In total, 6 issues are still open and 14 have been fixed so far. Some of the still happening issues: Ref Crashes Repro Title <1> 763 No KCSAN: data-race in wg_packet_send_staged_packets / wg_packet_send_staged_packets (3) https://syzkaller.appspot.com/bug?extid=6ba34f16b98fe40daef1 <2> 511 No KCSAN: data-race in wg_packet_decrypt_worker / wg_packet_rx_poll (2) https://syzkaller.appspot.com/bug?extid=d1de830e4ecdaac83d89 <3> 3 Yes INFO: rcu detected stall in wg_ratelimiter_gc_entries (2) https://syzkaller.appspot.com/bug?extid=c1cc0083f159b67cb192 --- This report is generated by a bot. It may contain errors. See https://goo.gl/tpsmEJ for more information about syzbot. syzbot engineers can be reached at syzkaller at googlegroups.com. To disable reminders for individual bugs, reply with the following command: #syz set no-reminders To change bug's subsystems, reply with: #syz set subsystems: new-subsystem You may send multiple commands in a single email message. From luizluca at gmail.com Tue Aug 22 20:39:23 2023 From: luizluca at gmail.com (Luiz Angelo Daros de Luca) Date: Tue, 22 Aug 2023 17:39:23 -0300 Subject: IPv6 and PPPoE with MSSFIX Message-ID: Hello, We noticed an issue with clients that use PPPoE and connect to WG using IPv6. Both sides start to fragment the encrypted packet leading to a severe degradation in performance. We reduced the wireguard MTU from the default 1420 to 1400 and the issue was solved. However, I wonder if it could be fixed with MSSFIX (in my case, nftables equivalent). The server does know that the remote address has a smaller MTU as it fragments the packet accordingly when any VPN peer sends some traffic. The traffic inside the VPN does adjust the TCP MSS to fit into vpn interface MTU (1420 by default, now 1400). I could dynamically add firewall rules to clamp MSS per authorized_ips but, theoretically, the kernel has all the info to do that automatically. I wonder if MSSFIX could detect the best MTU for a specific address through the wireguard. It should consider the peer-to-peer PMTU, the IP protocol wireguard is using and the normal wireguard headers. Regards, --- Luiz Angelo Daros de Luca luizluca at gmail.com From matteofranzil at gmail.com Thu Aug 10 14:50:30 2023 From: matteofranzil at gmail.com (Matteo Franzil) Date: Thu, 10 Aug 2023 16:50:30 +0200 Subject: wg-quick down not reverting DNS parameters on MacOS In-Reply-To: <7cde2e10-b27d-0502-1b97-bacdbd9dd4a4@gmail.com> References: <7cde2e10-b27d-0502-1b97-bacdbd9dd4a4@gmail.com> Message-ID: <83adf492-e8b7-40e2-95c8-76a72cff69d4@gmail.com> Hi! I extensively searched for any discussion on this bug (or at least, I hope so), which has been bugging me for a while. I am a Wireguard user on macOS Ventura (version 13.4.1 (c)), and installed wireguard via the wireguard-tools (version 1.0.20210914) and wireguard-go (0.0.20230223) commands on brew. Assume I have set my DNS servers either via GUI or via DHCP (doesn't matter how), and I use wg-quick to connect to a wg conf file (also irrelevant what is the target server). The moment I: - use wg-quick to bring up the VPN, - put my Mac to sleep, - reopen the lid, - use wg-quick to stop the VPN, then DNS servers are not updated back to the original value, and instead stick to what the previous VPN configuration had commanded. The workaround is just to verify what DNS servers are set with scutil --dns and cat /etc/resolv.conf, but editing them is a pain. I often work with an open VPN and closing the lid without remembering to turn it of is common. Let me know if I also need to provide further details. See also this GitHub issue, which was posted on an unrelated repository but perfectly matches what I have just said: https://github.com/StreisandEffect/streisand/issues/1334 Matteo From wireguard at rtlblus.de Fri Aug 11 11:37:06 2023 From: wireguard at rtlblus.de (wireguard at rtlblus.de) Date: Fri, 11 Aug 2023 13:37:06 +0200 Subject: Is there a simplified Android User Interfaces on FireTV ? Message-ID: <88b63760dfb5fce218eb696d7048663a@rtlblus.de> Hi, I'm not quite sure if this is a real bug, but I only get to a simplified GUI on the FireTV instead of the one I'm usually used to from Andoird. Only when I reinstall the apk and open it right after, I get the usual GUI with settings options. ???????????????????????????????????????????????????????????????????????????????????????? ? ?????????????????????????????????????????? ? ? ? WireGuard ? ? ? ? FAST, MODERN, SECURE VPN TUNNEL ? ? ? ?????????????????????????????????????????? ? ? ???????????????????????? ? ? ? NAME ? ? ? ? x MB/ y MB ? ? ? ? ? ? ? ???????????????????????? ? ? ? ? ? ? ? ? ? ? ? ? ????????? ???????? ? ? ? Trash ? ? + ? ? ? ????????? ???????? ? ???????????????????????????????????????????????????????????????????????????????????????? https://ibb.co/fn17PwD but i want/need the "normal" GUI (https://ibb.co/qW0BG7B) with the Split Option for specific apps (https://ibb.co/chCb7sY) Thanks in advance From blurt_overkill882 at simplelogin.com Thu Aug 17 20:14:52 2023 From: blurt_overkill882 at simplelogin.com (blurt_overkill882 at simplelogin.com) Date: Thu, 17 Aug 2023 20:14:52 +0000 Subject: [WireGuard] Header / MTU sizes for Wireguard Message-ID: <169230331253.7.2936868369217934671.167170975@simplelogin.com> Hello, I hope this is the right place. I see here[1] that if you're using IPv4 exclusively, you can get away with an MTU of 1440. If my client only has IPv4 internet, however the server issues an IPv6 address for use by the client, can the client still use 1440 without fragmentation, or must the client use 1420, because even though their connection is IPv4, they are issued an IPv6 address within the tunnel? [1] https://lists.zx2c4.com/pipermail/wireguard/2017-December/002201.html Thanks in advance! From e at y7.local Sun Aug 20 06:57:32 2023 From: e at y7.local (Endre Szabo) Date: Sun, 20 Aug 2023 08:57:32 +0200 Subject: Wireguard Dynamic ARP entries In-Reply-To: References: Message-ID: <18a11bc0f60.28a6.38ae7defbc00cf30cde15e5f7bfb2d02@y7.local> I guess it is a normal thing on windows as Cisco VPN Client works the same way. -- Endre On August 19, 2023 22:31:33 Diyaa Alkanakre wrote: > Hello everyone, > > I am seeing lots of ARP dynamic entries on Windows when typing "arp -a" on > the command line on windows. I am wondering if that is a normal behavior? > when I set a wireguard peer with a default route "0.0.0.0/0, ::/0" I end up > spending about 2 minutes to get to the bottom of the CLI when I type "arp -a". > > I am just wondering if that is a normal behavior? why is this happening?? > > Thank you in advance, > > Diyaa From billowtongroup at gmail.com Tue Aug 22 17:26:31 2023 From: billowtongroup at gmail.com (Kat Liny) Date: Wed, 23 Aug 2023 00:26:31 +0700 Subject: Disconnection Bug on Win 11 with Intel adapter Message-ID: There appears to be a bug that causes the network adapter "Intel(R) Wi-Fi 6E AX211 160MHz" on Windows 11 (with all current updates) to disconnect and re-connect to the WiFi network a few times AFTER disconnecting a WireGuard client profile. If the WireGuardTunnel service can be either set to automatic startup or be started later after Windows loads. The WireGuard connection will remain stable and connected until the WireGuardTunnel service is stopped, that is when the connection issues begin, the Internet will be lost for about 20 seconds each time, sometimes more, then reconnects (and usually last 5-15 minutes while the adapter disconnects and reconnects to the normal network). The issue could be lasting longer than that, I did not have the patience after each test with reboot. Have tried: -Disabling windows firewall and windows defender -Disable/enable the Intel network adapter quickly after disabling the WireGuard tunnel service. -Changing many of the adapter settings. After each test, I rebooted. It seems only a reboot solves the issue, and the intermittent disconnection issue will start again after connecting/disconnecting the WireGuard profile. If the WireGuardTunnel service is kept to Disabled status and I never try to connect to a WireGuard client config during the test, then the disconnection issue does not happen. In the Event Viewer logs, it shows this a few times, only during the issue which seems related: ----- The description for Event ID 7021 from source Netwtw12 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. ---- Tested using the WireGuard installer wireguard-amd64-0.5.3.msi. There are no other security/networking products on the machine that could be conflicting. From m-k-mailling-list at mk16.de Wed Aug 23 14:58:40 2023 From: m-k-mailling-list at mk16.de (Marek =?UTF-8?B?S8O8dGhl?=) Date: Wed, 23 Aug 2023 16:58:40 +0200 Subject: IPv6 and PPPoE with MSSFIX In-Reply-To: References: Message-ID: <20230823165840.7bf3b910@parrot> On Tue, 22 Aug 2023 17:39:23 -0300 Luiz Angelo Daros de Luca wrote: > Hello, > > We noticed an issue with clients that use PPPoE and connect to WG > using IPv6. Both sides start to fragment the encrypted packet leading > to a severe degradation in performance. We reduced the wireguard MTU > from the default 1420 to 1400 and the issue was solved. However, I > wonder if it could be fixed with MSSFIX (in my case, nftables > equivalent). PPPoE adds 8 bytes of overhead so that an MTU of 1432 can be used. I also have to do this at home with my DSL line for example. The MTU should be set on each side (on both peers) for this to work. > The server does know that the remote address has a smaller MTU as it > fragments the packet accordingly when any VPN peer sends some traffic. Presumably the OS on the server does this and not WireGuard itself. I could imagine that the server first receives an ICMP Too big message and only then performs the fragmentation. > The traffic inside the VPN does adjust the TCP MSS to fit into vpn > interface MTU (1420 by default, now 1400). Keep in mind that TCP MSSFIX only applies to TCP and other Layer 4 protocols like UDP might still have problems. > I could dynamically add firewall rules to clamp MSS per authorized_ips > but, theoretically, the kernel has all the info to do that > automatically. I wonder if MSSFIX could detect the best MTU for a > specific address through the wireguard. It should consider the > peer-to-peer PMTU, the IP protocol wireguard is using and the normal > wireguard headers. As far as I know WireGuard does not do PMTU. -- Marek K?the m.k at mk16.de er/ihm he/him -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 833 bytes Desc: OpenPGP digital signature URL: From rm at romanrm.net Wed Aug 23 16:15:44 2023 From: rm at romanrm.net (Roman Mamedov) Date: Wed, 23 Aug 2023 21:15:44 +0500 Subject: [WireGuard] Header / MTU sizes for Wireguard In-Reply-To: <169230331253.7.2936868369217934671.167170975@simplelogin.com> References: <169230331253.7.2936868369217934671.167170975@simplelogin.com> Message-ID: <20230823211544.7f3252ec@nvm> On Thu, 17 Aug 2023 20:14:52 +0000 blurt_overkill882 at simplelogin.com wrote: > I see here[1] that if you're using IPv4 exclusively, you can get away with > an MTU of 1440. If my client only has IPv4 internet, however the server > issues an IPv6 address for use by the client, can the client still use 1440 > without fragmentation, or must the client use 1420, because even though > their connection is IPv4, they are issued an IPv6 address within the tunnel? > > [1] https://lists.zx2c4.com/pipermail/wireguard/2017-December/002201.html Yes they can. This is only affected by whether or not WG itself runs over v4/v6, not whether you use v4 or v6 inside WG. Be aware though that some residential Internet connections use MTU-reducing tunnels for ISP authentication. The most popular one would be PPPoE with 8 bytes that you need to substract, but there also can be L2TP or PPTP with larger overheads. -- With respect, Roman From dxld at darkboxed.org Wed Aug 23 17:07:40 2023 From: dxld at darkboxed.org (Daniel =?utf-8?Q?Gr=C3=B6ber?=) Date: Wed, 23 Aug 2023 19:07:40 +0200 Subject: IPv6 and PPPoE with MSSFIX In-Reply-To: References: Message-ID: <20230823170740.ie5ro6eswgus3x2l@House.clients.dxld.at> Hi Luiz, On Tue, Aug 22, 2023 at 05:39:23PM -0300, Luiz Angelo Daros de Luca wrote: > We noticed an issue with clients that use PPPoE and connect to WG > using IPv6. Both sides start to fragment the encrypted packet leading > to a severe degradation in performance. We reduced the wireguard MTU > from the default 1420 to 1400 and the issue was solved. However, I > wonder if it could be fixed with MSSFIX (in my case, nftables > equivalent). > > The server does know that the remote address has a smaller MTU as it > fragments the packet accordingly when any VPN peer sends some traffic. > The traffic inside the VPN does adjust the TCP MSS to fit into vpn > interface MTU (1420 by default, now 1400). Debug note: you can dump the current PMTU info on linux using $ ip -6 route show cache Look at the "mtu" field of the route corresponding to the destination host you're looking at. IIRC `ip route get` will also print the PMTU currently in effect. > I could dynamically add firewall rules to clamp MSS per authorized_ips > but, theoretically, the kernel has all the info to do that > automatically. I wonder if MSSFIX could detect the best MTU for a > specific address through the wireguard. It should consider the > peer-to-peer PMTU, the IP protocol wireguard is using and the normal > wireguard headers. Interesting idea Luiz, so if I understand correctly you have a wg device with multiple peers where only some of them need the reduced MTU and you'd like to use the maximum possible MTU for all peers. As things are this won't "just work" with MSSFIX because the wg device won't generate ICMP packet-too-big errors for packets sent to it for encapsulation regardless of the underlying PMTU, rather the wg device will always fragment when the resulting encapsulated packet doesn't fit as you've observed. AFAIK MSSFIX will only look at the actual outgoing route MTU and calculate the MSS from that. Since wg never causes (dynamic) PMTU entries to be created that won't work. However we can also just create "static" PMTU entries. As we've seen above linux uses the "mtu" route attribute to determine the actual PMTU behind a route, as opposed to the netdev MTU, which you should think of as the upper limit of what a link can support. So you can try adding a route specific for the peer that's behind PPPoE with the reduced PMTU. Assuming 2001:db8:1432::/64 is this peer's AllowedIPs: $ ip route add 2001:db8:1432::/64 dev wg0 mtu 1432 proto static You should be able to add this in PostUp in your wg.conf. The "proto static" is optional, I just like to use that to mark administratively created routes. You're still going to want to set the peer's wg device MTU to 1432 or you can create "mtu" routes in a similar fashion there. Up to you. Also note MSSFIX or the nft equivalent mouthful `tcp flags syn tcp option maxseg size set rt mtu` is really only appropriate for IPv4 traffic since IPv4-PMTU is broken by too many networks. However over in always-sunny IPv6 land PMTU does work and should be preferred to mangling TCP headers. The static PTMU route we created should cause the kernel to start sending the appropriate ICMPv6 packet-too-big errors when it's configured for IPv6 forwarding. You can test the PTB behaviour with `ping 2001:db8:1432::1 -s3000 -M do`. The -s3000 sends large packets, careful with the size that's the ICMP _payload size_ so it's not equivalent to MTU, and `-M do` disables local fragmentation so you can see when PMTU is doing it's job. You'll get something like "ping: local error: message too long, mtu: XXXX" showing the PMTU value if ICMP-PTB error generation is working along the path. --Daniel From dxld at darkboxed.org Wed Aug 23 17:14:51 2023 From: dxld at darkboxed.org (Daniel =?utf-8?Q?Gr=C3=B6ber?=) Date: Wed, 23 Aug 2023 19:14:51 +0200 Subject: IPv6 and PPPoE with MSSFIX In-Reply-To: <20230823165840.7bf3b910@parrot> References: <20230823165840.7bf3b910@parrot> Message-ID: <20230823171451.ld2fwslkl6blv6y2@House.clients.dxld.at> Hi, On Wed, Aug 23, 2023 at 04:58:40PM +0200, Marek K?the wrote: > PPPoE adds 8 bytes of overhead so that an MTU of 1432 can be used. I > also have to do this at home with my DSL line for example. > The MTU should be set on each side (on both peers) for this to work. Oh, I just realized I used the 1432 MTU in my earlier reply based on Marek's math but since Luiz's underlay network is IPv6 this is not actually correct. MTU=1440 is only correct on top of IPv4, for IPv6 the "optimal" MTU is 1420 so with PPPoE involved that's MTU=1412. 1500 Ethernet payload -40 IPv6 header -8 UDP header -32 Wg header -8 PPPoE =================== 1412 wg tunnel MTU --Daniel From luizluca at gmail.com Wed Aug 23 19:01:53 2023 From: luizluca at gmail.com (Luiz Angelo Daros de Luca) Date: Wed, 23 Aug 2023 16:01:53 -0300 Subject: IPv6 and PPPoE with MSSFIX In-Reply-To: <20230823171451.ld2fwslkl6blv6y2@House.clients.dxld.at> References: <20230823165840.7bf3b910@parrot> <20230823171451.ld2fwslkl6blv6y2@House.clients.dxld.at> Message-ID: > Hi, Hi Daniel, > On Wed, Aug 23, 2023 at 04:58:40PM +0200, Marek K?the wrote: > > PPPoE adds 8 bytes of overhead so that an MTU of 1432 can be used. I > > also have to do this at home with my DSL line for example. > > The MTU should be set on each side (on both peers) for this to work. > > Oh, I just realized I used the 1432 MTU in my earlier reply based on > Marek's math but since Luiz's underlay network is IPv6 this is not actually > correct. MTU=1440 is only correct on top of IPv4, for IPv6 the "optimal" > MTU is 1420 so with PPPoE involved that's MTU=1412. > > 1500 Ethernet payload > -40 IPv6 header > -8 UDP header > -32 Wg header > -8 PPPoE > =================== > 1412 wg tunnel MTU In my case, the PPPoE interface got MTU=1480. They might be stacking something else on top of it or PPPoE might have optional fields. I read somewhere that PPPoE might use either 8 or 20 bytes, but I'm not an expert on PPPoE. If I don't control both sides, I would use 1400 by default. > --Daniel From luizluca at gmail.com Wed Aug 23 19:55:23 2023 From: luizluca at gmail.com (Luiz Angelo Daros de Luca) Date: Wed, 23 Aug 2023 16:55:23 -0300 Subject: IPv6 and PPPoE with MSSFIX In-Reply-To: <20230823170740.ie5ro6eswgus3x2l@House.clients.dxld.at> References: <20230823170740.ie5ro6eswgus3x2l@House.clients.dxld.at> Message-ID: > > I could dynamically add firewall rules to clamp MSS per authorized_ips > > but, theoretically, the kernel has all the info to do that > > automatically. I wonder if MSSFIX could detect the best MTU for a > > specific address through the wireguard. It should consider the > > peer-to-peer PMTU, the IP protocol wireguard is using and the normal > > wireguard headers. > > Interesting idea Luiz, so if I understand correctly you have a wg device > with multiple peers where only some of them need the reduced MTU and you'd > like to use the maximum possible MTU for all peers. > > As things are this won't "just work" with MSSFIX because the wg device > won't generate ICMP packet-too-big errors for packets sent to it for > encapsulation regardless of the underlying PMTU, rather the wg device will > always fragment when the resulting encapsulated packet doesn't fit as > you've observed. > > AFAIK MSSFIX will only look at the actual outgoing route MTU and calculate > the MSS from that. Since wg never causes (dynamic) PMTU entries to be > created that won't work. > > However we can also just create "static" PMTU entries. As we've seen above > linux uses the "mtu" route attribute to determine the actual PMTU behind a > route, as opposed to the netdev MTU, which you should think of as the upper > limit of what a link can support. > > So you can try adding a route specific for the peer that's behind PPPoE > with the reduced PMTU. Assuming 2001:db8:1432::/64 is this peer's > AllowedIPs: > > $ ip route add 2001:db8:1432::/64 dev wg0 mtu 1432 proto static > > You should be able to add this in PostUp in your wg.conf. The "proto > static" is optional, I just like to use that to mark administratively > created routes. > > You're still going to want to set the peer's wg device MTU to 1432 or you > can create "mtu" routes in a similar fashion there. Up to you. > > Also note MSSFIX or the nft equivalent mouthful `tcp flags syn tcp option > maxseg size set rt mtu` is really only appropriate for IPv4 traffic since > IPv4-PMTU is broken by too many networks. However over in always-sunny IPv6 > land PMTU does work and should be preferred to mangling TCP headers. The > static PTMU route we created should cause the kernel to start sending the > appropriate ICMPv6 packet-too-big errors when it's configured for IPv6 > forwarding. > > You can test the PTB behaviour with `ping 2001:db8:1432::1 -s3000 -M do`. > The -s3000 sends large packets, careful with the size that's the ICMP > _payload size_ so it's not equivalent to MTU, and `-M do` disables local > fragmentation so you can see when PMTU is doing it's job. You'll get > something like "ping: local error: message too long, mtu: XXXX" showing the > PMTU value if ICMP-PTB error generation is working along the path. I didn't think about adding the MTU directly to the route table. Now it is more interesting. Wireguard adds a route to each allowed ips. If we detect a pmtu change pmtu for a target, we could adjust those routes to avoid fragmentation. I just don't know if we would break the connection if we modify MTU up or down during a transfer. I believe increasing it won't matter for existing connections as MSS is already negotiated and bringing it down will just fragment the traffic. Anyway, I believe it is better to fragment the plain packet than the encrypted one. And for new TCP connections, the firewall can clamp TCP MSS to the optimal value, even considering if it is using IPv4 or IPv6. From n.zhandarovich at fintech.ru Wed Aug 23 17:38:39 2023 From: n.zhandarovich at fintech.ru (Nikita Zhandarovich) Date: Wed, 23 Aug 2023 10:38:39 -0700 Subject: [PATCH net] wireguard: receive: fix data-race around receiving_counter.counter Message-ID: <20230823173839.43938-1-n.zhandarovich@fintech.ru> Syzkaller with KCSAN identified a data-race issue when accessing keypair->receiving_counter.counter. This patch uses READ_ONCE() and WRITE_ONCE() annotations to fix the problem. Fixes: a9e90d9931f3 ("wireguard: noise: separate receive counter from send counter") Reported-by: syzbot+d1de830e4ecdaac83d89 at syzkaller.appspotmail.com Signed-off-by: Nikita Zhandarovich --- drivers/net/wireguard/receive.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/net/wireguard/receive.c b/drivers/net/wireguard/receive.c index 0b3f0c843550..b5232ffa8bc7 100644 --- a/drivers/net/wireguard/receive.c +++ b/drivers/net/wireguard/receive.c @@ -251,7 +251,7 @@ static bool decrypt_packet(struct sk_buff *skb, struct noise_keypair *keypair) if (unlikely(!READ_ONCE(keypair->receiving.is_valid) || wg_birthdate_has_expired(keypair->receiving.birthdate, REJECT_AFTER_TIME) || - keypair->receiving_counter.counter >= REJECT_AFTER_MESSAGES)) { + READ_ONCE(keypair->receiving_counter.counter) >= REJECT_AFTER_MESSAGES)) { WRITE_ONCE(keypair->receiving.is_valid, false); return false; } @@ -318,7 +318,7 @@ static bool counter_validate(struct noise_replay_counter *counter, u64 their_cou for (i = 1; i <= top; ++i) counter->backtrack[(i + index_current) & ((COUNTER_BITS_TOTAL / BITS_PER_LONG) - 1)] = 0; - counter->counter = their_counter; + WRITE_ONCE(counter->counter, their_counter); } index &= (COUNTER_BITS_TOTAL / BITS_PER_LONG) - 1; -- 2.25.1 From hugo.slabbert at menlosecurity.com Wed Aug 23 20:47:25 2023 From: hugo.slabbert at menlosecurity.com (Hugo Slabbert) Date: Wed, 23 Aug 2023 13:47:25 -0700 Subject: IPv6 and PPPoE with MSSFIX In-Reply-To: References: <20230823165840.7bf3b910@parrot> <20230823171451.ld2fwslkl6blv6y2@House.clients.dxld.at> Message-ID: > In my case, the PPPoE interface got MTU=1480. They might be stacking > something else on top of it or PPPoE might have optional fields. I > read somewhere that PPPoE might use either 8 or 20 bytes, but I'm not > an expert on PPPoE. For ref, an L2TP + PPPoE stack isn't too uncommon, and gives you 20 bytes overhead from the 12 bytes L2TP + 8 bytes PPPoE. On Wed, Aug 23, 2023 at 12:02?PM Luiz Angelo Daros de Luca wrote: > > > Hi, > > Hi Daniel, > > > On Wed, Aug 23, 2023 at 04:58:40PM +0200, Marek K?the wrote: > > > PPPoE adds 8 bytes of overhead so that an MTU of 1432 can be used. I > > > also have to do this at home with my DSL line for example. > > > The MTU should be set on each side (on both peers) for this to work. > > > > Oh, I just realized I used the 1432 MTU in my earlier reply based on > > Marek's math but since Luiz's underlay network is IPv6 this is not actually > > correct. MTU=1440 is only correct on top of IPv4, for IPv6 the "optimal" > > MTU is 1420 so with PPPoE involved that's MTU=1412. > > > > 1500 Ethernet payload > > -40 IPv6 header > > -8 UDP header > > -32 Wg header > > -8 PPPoE > > =================== > > 1412 wg tunnel MTU > > In my case, the PPPoE interface got MTU=1480. They might be stacking > something else on top of it or PPPoE might have optional fields. I > read somewhere that PPPoE might use either 8 or 20 bytes, but I'm not > an expert on PPPoE. If I don't control both sides, I would use 1400 by > default. > > > --Daniel From rm at romanrm.net Thu Aug 24 13:21:11 2023 From: rm at romanrm.net (Roman Mamedov) Date: Thu, 24 Aug 2023 18:21:11 +0500 Subject: [WireGuard] Header / MTU sizes for Wireguard In-Reply-To: References: <169230331253.7.2936868369217934671.167170975@simplelogin.com> <20230823211544.7f3252ec@nvm> Message-ID: <20230824182111.4f92fdca@nvm> On Thu, 24 Aug 2023 08:50:20 -0400 Saint Michael wrote: > This is the Achiles' heel of Wireguard. It reduces the MTU too much. Other > tunneling techniques use a much larger MTU. I use Mikotik routers and one > of the supported tunnels goes up to 1472. Some apps requiere a large MTU. > Why Wireguard requieres so much space, so to speak? Because it uses encryption, and each packet is also cryptographically signed. I believe the other tunnels you have in mind will transfer data in plaintext (unencrypted). -- With respect, Roman From syzbot+80a98381230162731266 at syzkaller.appspotmail.com Mon Aug 28 14:37:59 2023 From: syzbot+80a98381230162731266 at syzkaller.appspotmail.com (syzbot) Date: Mon, 28 Aug 2023 07:37:59 -0700 Subject: [syzbot] [wireguard?] KCSAN: data-race in wg_packet_handshake_receive_worker / wg_packet_rx_poll (5) Message-ID: <000000000000178d930603fca43b@google.com> Hello, syzbot found the following issue on: HEAD commit: 93f5de5f648d Merge tag 'acpi-6.5-rc8' of git://git.kernel... git tree: upstream console output: https://syzkaller.appspot.com/x/log.txt?x=10f3d75ba80000 kernel config: https://syzkaller.appspot.com/x/.config?x=f12c32a009b80107 dashboard link: https://syzkaller.appspot.com/bug?extid=80a98381230162731266 compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 Unfortunately, I don't have any reproducer for this issue yet. Downloadable assets: disk image: https://storage.googleapis.com/syzbot-assets/1f2b512883ff/disk-93f5de5f.raw.xz vmlinux: https://storage.googleapis.com/syzbot-assets/e10aeb67696c/vmlinux-93f5de5f.xz kernel image: https://storage.googleapis.com/syzbot-assets/3e95be907cb0/bzImage-93f5de5f.xz IMPORTANT: if you fix the issue, please add the following tag to the commit: Reported-by: syzbot+80a98381230162731266 at syzkaller.appspotmail.com ================================================================== BUG: KCSAN: data-race in wg_packet_handshake_receive_worker / wg_packet_rx_poll read-write to 0xffff88813939a178 of 8 bytes by interrupt on cpu 0: wg_packet_rx_poll+0xb43/0xf80 drivers/net/wireguard/receive.c:474 __napi_poll+0x60/0x3b0 net/core/dev.c:6460 napi_poll net/core/dev.c:6527 [inline] net_rx_action+0x32b/0x750 net/core/dev.c:6660 __do_softirq+0xc1/0x265 kernel/softirq.c:553 do_softirq+0x5e/0x90 kernel/softirq.c:454 __local_bh_enable_ip+0x64/0x70 kernel/softirq.c:381 __raw_spin_unlock_bh include/linux/spinlock_api_smp.h:167 [inline] _raw_spin_unlock_bh+0x36/0x40 kernel/locking/spinlock.c:210 spin_unlock_bh include/linux/spinlock.h:396 [inline] ptr_ring_consume_bh include/linux/ptr_ring.h:367 [inline] wg_packet_handshake_receive_worker+0x184/0x5d0 drivers/net/wireguard/receive.c:212 process_one_work+0x434/0x860 kernel/workqueue.c:2600 worker_thread+0x5f2/0xa10 kernel/workqueue.c:2751 kthread+0x1d7/0x210 kernel/kthread.c:389 ret_from_fork+0x2e/0x40 arch/x86/kernel/process.c:145 ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:304 read-write to 0xffff88813939a178 of 8 bytes by task 8583 on cpu 1: update_rx_stats drivers/net/wireguard/receive.c:23 [inline] wg_receive_handshake_packet drivers/net/wireguard/receive.c:198 [inline] wg_packet_handshake_receive_worker+0x4b2/0x5d0 drivers/net/wireguard/receive.c:213 process_one_work+0x434/0x860 kernel/workqueue.c:2600 worker_thread+0x5f2/0xa10 kernel/workqueue.c:2751 kthread+0x1d7/0x210 kernel/kthread.c:389 ret_from_fork+0x2e/0x40 arch/x86/kernel/process.c:145 ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:304 value changed: 0x00000000000077a0 -> 0x00000000000077c0 Reported by Kernel Concurrency Sanitizer on: CPU: 1 PID: 8583 Comm: kworker/1:14 Tainted: G W 6.5.0-rc7-syzkaller-00024-g93f5de5f648d #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/26/2023 Workqueue: wg-kex-wg2 wg_packet_handshake_receive_worker ================================================================== --- This report is generated by a bot. It may contain errors. See https://goo.gl/tpsmEJ for more information about syzbot. syzbot engineers can be reached at syzkaller at googlegroups.com. syzbot will keep track of this issue. See: https://goo.gl/tpsmEJ#status for how to communicate with syzbot. If the bug is already fixed, let syzbot know by replying with: #syz fix: exact-commit-title If you want to overwrite bug's subsystems, reply with: #syz set subsystems: new-subsystem (See the list of subsystem names on the web dashboard) If the bug is a duplicate of another bug, reply with: #syz dup: exact-subject-of-another-report If you want to undo deduplication, reply with: #syz undup From syzbot+b1c5c1efac7273c587fe at syzkaller.appspotmail.com Mon Aug 28 14:40:02 2023 From: syzbot+b1c5c1efac7273c587fe at syzkaller.appspotmail.com (syzbot) Date: Mon, 28 Aug 2023 07:40:02 -0700 Subject: [syzbot] [wireguard?] KCSAN: data-race in wg_socket_send_skb_to_peer / wg_socket_send_skb_to_peer Message-ID: <0000000000006d22850603fcabc3@google.com> Hello, syzbot found the following issue on: HEAD commit: 4f9e7fabf864 Merge tag 'trace-v6.5-rc6' of git://git.kerne.. git tree: upstream console output: https://syzkaller.appspot.com/x/log.txt?x=13f1991fa80000 kernel config: https://syzkaller.appspot.com/x/.config?x=f12c32a009b80107 dashboard link: https://syzkaller.appspot.com/bug?extid=b1c5c1efac7273c587fe compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 Unfortunately, I don't have any reproducer for this issue yet. Downloadable assets: disk image: https://storage.googleapis.com/syzbot-assets/586c18cf5685/disk-4f9e7fab.raw.xz vmlinux: https://storage.googleapis.com/syzbot-assets/26437f4b2bc8/vmlinux-4f9e7fab.xz kernel image: https://storage.googleapis.com/syzbot-assets/6be368a4b854/bzImage-4f9e7fab.xz IMPORTANT: if you fix the issue, please add the following tag to the commit: Reported-by: syzbot+b1c5c1efac7273c587fe at syzkaller.appspotmail.com ================================================================== BUG: KCSAN: data-race in wg_socket_send_skb_to_peer / wg_socket_send_skb_to_peer read-write to 0xffff88813587e3d8 of 8 bytes by task 31333 on cpu 1: wg_socket_send_skb_to_peer+0xe4/0x130 drivers/net/wireguard/socket.c:183 wg_packet_create_data_done drivers/net/wireguard/send.c:251 [inline] wg_packet_tx_worker+0x128/0x320 drivers/net/wireguard/send.c:276 process_one_work+0x434/0x860 kernel/workqueue.c:2600 worker_thread+0x5f2/0xa10 kernel/workqueue.c:2751 kthread+0x1d7/0x210 kernel/kthread.c:389 ret_from_fork+0x2e/0x40 arch/x86/kernel/process.c:145 ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:304 read-write to 0xffff88813587e3d8 of 8 bytes by task 8119 on cpu 0: wg_socket_send_skb_to_peer+0xe4/0x130 drivers/net/wireguard/socket.c:183 wg_socket_send_buffer_to_peer+0xd6/0x100 drivers/net/wireguard/socket.c:200 wg_packet_send_handshake_initiation drivers/net/wireguard/send.c:40 [inline] wg_packet_handshake_send_worker+0x10c/0x150 drivers/net/wireguard/send.c:51 process_one_work+0x434/0x860 kernel/workqueue.c:2600 worker_thread+0x5f2/0xa10 kernel/workqueue.c:2751 kthread+0x1d7/0x210 kernel/kthread.c:389 ret_from_fork+0x2e/0x40 arch/x86/kernel/process.c:145 ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:304 value changed: 0x000000000000b4fc -> 0x000000000000b51c Reported by Kernel Concurrency Sanitizer on: CPU: 0 PID: 8119 Comm: kworker/u4:63 Not tainted 6.5.0-rc7-syzkaller-00104-g4f9e7fabf864 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/26/2023 Workqueue: wg-kex-wg0 wg_packet_handshake_send_worker ================================================================== --- This report is generated by a bot. It may contain errors. See https://goo.gl/tpsmEJ for more information about syzbot. syzbot engineers can be reached at syzkaller at googlegroups.com. syzbot will keep track of this issue. See: https://goo.gl/tpsmEJ#status for how to communicate with syzbot. If the bug is already fixed, let syzbot know by replying with: #syz fix: exact-commit-title If you want to overwrite bug's subsystems, reply with: #syz set subsystems: new-subsystem (See the list of subsystem names on the web dashboard) If the bug is a duplicate of another bug, reply with: #syz dup: exact-subject-of-another-report If you want to undo deduplication, reply with: #syz undup From krose at krose.org Mon Aug 28 15:40:48 2023 From: krose at krose.org (Kyle Rose) Date: Mon, 28 Aug 2023 11:40:48 -0400 Subject: [Babel-users] [RFC] Replace WireGuard AllowedIPs with IP route attribute In-Reply-To: <20230819212357.lkshcpslkgbeaq4e@House.clients.dxld.at> References: <20230819140218.5algu2nfmfostngh@House.clients.dxld.at> <4b-64e11f80-13-5e880900@8744214> <20230819212357.lkshcpslkgbeaq4e@House.clients.dxld.at> Message-ID: On Sat, Aug 19, 2023 at 5:25?PM Daniel Gr?ber wrote: > Having read Kyle's use-case I'm thinking my original plan to extend the wg > internal source-address filtering to use a rt lookup with our new attribute > would not be maximally useful so now my thinking is we should just have a > boolean toggle to disable it explicitly per device. If there is interest among the maintainers in eventually merging a change with a per-interface knob to turn off the source IP check, I will go through the trouble of putting together an initial pass at this. I don't want to spend the time if there is firm opposition to the idea. Thanks, Kyle From dxld at darkboxed.org Mon Aug 28 16:07:05 2023 From: dxld at darkboxed.org (Daniel =?utf-8?Q?Gr=C3=B6ber?=) Date: Mon, 28 Aug 2023 18:07:05 +0200 Subject: [Babel-users] [RFC] Replace WireGuard AllowedIPs with IP route attribute In-Reply-To: References: <20230819140218.5algu2nfmfostngh@House.clients.dxld.at> <4b-64e11f80-13-5e880900@8744214> <20230819212357.lkshcpslkgbeaq4e@House.clients.dxld.at> Message-ID: <20230828160705.a5uxv5l2zknna7yj@House.clients.dxld.at> Hi Kyle, On Mon, Aug 28, 2023 at 11:40:48AM -0400, Kyle Rose wrote: > On Sat, Aug 19, 2023 at 5:25?PM Daniel Gr?ber wrote: > > Having read Kyle's use-case I'm thinking my original plan to extend the wg > > internal source-address filtering to use a rt lookup with our new attribute > > would not be maximally useful so now my thinking is we should just have a > > boolean toggle to disable it explicitly per device. > > If there is interest among the maintainers in eventually merging a > change with a per-interface knob to turn off the source IP check, I > will go through the trouble of putting together an initial pass at > this. I don't want to spend the time if there is firm opposition to > the idea. I think just a patch to turn off the wg source IP check is not very useful at the moment. It would encourage bad source IP filtering practices when multiple peers are involved as no mechanism for identifying the sending peer is available at the policy routing or netfilter level currently. I think such a patch would have to get merged after some kind of mechanism to identify and filter based on the sending wg peer is available. So if you want to move this along I would suggest working on this first. Since I'm also interested in having this feature I'm happy collaborate. It's just hard to find the motivation for writing more wg patches when my pending ones have (mostly) been lying around for a year without a response, but if you're also keen on this feature I'm sure it's easier to stay motivated together :) If my kernel patches go ignored for too long too I'll probably just resort to getting a forked DKMS wireguard module into Debian with this work. Perhaps that approach (or a package in a different distro) would work for your use-case too? --Daniel From krose at krose.org Mon Aug 28 17:55:08 2023 From: krose at krose.org (Kyle Rose) Date: Mon, 28 Aug 2023 13:55:08 -0400 Subject: [Babel-users] [RFC] Replace WireGuard AllowedIPs with IP route attribute In-Reply-To: <87v8czqd3w.wl-jch@irif.fr> References: <20230819140218.5algu2nfmfostngh@House.clients.dxld.at> <4b-64e11f80-13-5e880900@8744214> <20230819212357.lkshcpslkgbeaq4e@House.clients.dxld.at> <20230828160705.a5uxv5l2zknna7yj@House.clients.dxld.at> <87v8czqd3w.wl-jch@irif.fr> Message-ID: On Mon, Aug 28, 2023 at 1:41?PM Juliusz Chroboczek wrote: > I've read the whole discussion, and I'm still not clear what advantages > the proposed route attribute has over having one interface per peer. Is > it because interfaces are expensive in the Linux kernel? Or is there some > other reason why it is better to run all WG tunnels over a single interface? Why manage n^2 tunnels and allocate n^2 /30 CIDRs when you can just have one tunnel and a single subnet for a full mesh? IMO, the latter should be a feature differentiating Wireguard from other solutions to creating a mesh VPN. That is, in fact, the whole reason I dropped OpenVPN for it. Kyle From dxld at darkboxed.org Mon Aug 28 22:13:12 2023 From: dxld at darkboxed.org (Daniel =?utf-8?Q?Gr=C3=B6ber?=) Date: Tue, 29 Aug 2023 00:13:12 +0200 Subject: [RFC] Replace WireGuard AllowedIPs with IP route attribute In-Reply-To: <87v8czqd3w.wl-jch@irif.fr> References: <20230819140218.5algu2nfmfostngh@House.clients.dxld.at> <4b-64e11f80-13-5e880900@8744214> <20230819212357.lkshcpslkgbeaq4e@House.clients.dxld.at> <20230828160705.a5uxv5l2zknna7yj@House.clients.dxld.at> <87v8czqd3w.wl-jch@irif.fr> Message-ID: <20230828221312.fw5pvnt4x7p2c52k@House.clients.dxld.at> Hi Juliusz, On Mon, Aug 28, 2023 at 07:40:51PM +0200, Juliusz Chroboczek wrote: > I've read the whole discussion, and I'm still not clear what advantages > the proposed route attribute has over having one interface per peer. Is > it because interfaces are expensive in the Linux kernel? Or is there some > other reason why it is better to run all WG tunnels over a single interface? Off the top of my head UDP port exhaustion is a scalability concern here, just as an example, not that I'd actually ever need that many peers in my network :) One wg-device per-peer means we need one UDP port per-peer and since currently binding to a specific IP is also not supported by wg (I have a patch pending for this though) there's no good way to work around this. Frankly having tons of interfaces is just an operational PITA in all sorts of ways. Apart from the port exhaustion having more than one wg device also means I have to _allocate_ a new port for each node in my managment system somehow instead of just using a static port for the entire network. This gets dicy fast as I want to move in the direction of dynamic peering as in tinc. Other than that my `ip -br a` output is getting unmanagably long and having more than one device means I have to keep ACL lists in sync all over the system. This is a problem for daemons that don't support automatic reload (babeld for example :P). I also have to sync the set of interface to nftables which is easy to get wrong as it's still manual in my setup. All of that could be solved, but I would also like to get my wg+babel VPN setup deployed more widely at some point and all that friction isn't going to help with that so I'd rather have this supported properly. --Daniel -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 833 bytes Desc: not available URL: From luizluca at gmail.com Mon Aug 28 22:22:05 2023 From: luizluca at gmail.com (Luiz Angelo Daros de Luca) Date: Mon, 28 Aug 2023 19:22:05 -0300 Subject: IPv6 and PPPoE with MSSFIX In-Reply-To: References: <20230823165840.7bf3b910@parrot> <20230823171451.ld2fwslkl6blv6y2@House.clients.dxld.at> Message-ID: Hello, I did some proof-of-concept tests and got nice results. Here is my current script (https://github.com/luizluca/wireguard-ipv6-pmtu) It runs as a shell script and updates allowed_ips routes (ipv4 and ipv6) when there is a cached PMTU to that endpoint (or the local interface is using a smaller MTU). It just works as expected, avoiding the fragmentation on the fly for IPv6-connected peers. It must run periodically as "ip monitor" does not emit events for cached routes. The best result is when you run it on both sides as it can only fix the traffic from that endpoint. As we have already discussed, standard IPv4 has a smaller header and the default wireguard MTU has some room to fit most tunneling protocols). I hit some interesting problems along the way: 1) "ip route get" might fail if all routes that would match also include a "from". You need to find out the source address wireguard is using before testing the route. I'm digging it from the conntrack table but I wish there was a better way. 2) PMTU runs in cycles. It generates a temporary cached route with MTU once it receives a "packet too big" answer. However, until the route is gone (expiring, for example), there is no way to generate a traffic that will retrigger that "packet too big" or refresh the route. Once the route is gone, the script will remove the MTU limitation, wireguard might eventually trigger a new "packet too big" and, on its next run, the script can adjust the MTU. We would need to add some state to the script to know that a cached route is gone and try to retrigger the PMTU before removing the MTU limitations. We could also do some brute force approach like pinging every peer using a large packet (1500-40-8) before each cycle or simply keep the MTU limitation forever as it would not hurt that much. For those who want to play with it, have fun! Regards, Luiz From john+wireguard at zlima12.com Mon Aug 28 02:54:56 2023 From: john+wireguard at zlima12.com (John A. Leuenhagen) Date: Mon, 28 Aug 2023 02:54:56 -0000 Subject: wireguard-android: Multiple Tunnel Support with Userspace Backend Message-ID: Hi all, I've just noticed that since switching to the Android userspace backend, I am unable to activate multiple tunnels at the same time. From what I was able to find with a quick search, it seems that unlike the kernel module backend, the Go backend does indeed have this limitation. Can anyone confirm that this is the case? If so, is there some limitation or other issue that is preventing the functionality from being implemented? Or is it simply a matter of the code not being written yet? Would patches be welcomed in this case? Best, John From jch at irif.fr Mon Aug 28 17:41:06 2023 From: jch at irif.fr (Juliusz Chroboczek) Date: Mon, 28 Aug 2023 17:41:06 -0000 Subject: [Babel-users] [RFC] Replace WireGuard AllowedIPs with IP route attribute In-Reply-To: <20230828160705.a5uxv5l2zknna7yj@House.clients.dxld.at> References: <20230819140218.5algu2nfmfostngh@House.clients.dxld.at> <4b-64e11f80-13-5e880900@8744214> <20230819212357.lkshcpslkgbeaq4e@House.clients.dxld.at> <20230828160705.a5uxv5l2zknna7yj@House.clients.dxld.at> Message-ID: <87v8czqd3w.wl-jch@irif.fr> Daniel, Kyle, I've read the whole discussion, and I'm still not clear what advantages the proposed route attribute has over having one interface per peer. Is it because interfaces are expensive in the Linux kernel? Or is there some other reason why it is better to run all WG tunnels over a single interface? -- Juliusz From danielo at opera.com Mon Aug 7 08:15:44 2023 From: danielo at opera.com (Daniel Lazarenko) Date: Mon, 07 Aug 2023 08:15:44 -0000 Subject: Xcode 15 wireguard-apple build errors Message-ID: Hello. We're using wireguard-apple for an iOS app. We're using this library in production, it works as expected built with Xcode 14.3, but we'd like to start testing the app on Xcode 15 to look for potential breakage before iOS 17 goes live. With the latest Xcode 15 beta 5, linking WireGuardKitGo library to the WireGuard Network Extension target produces an error: Initializer pointer must point to start of function (no addend) in '.../Library/Developer/Xcode/DerivedData/MyApp/Build/Products/Debug-iphonesimulator/WireGuardKitGo.framework/WireGuardKitGo[arm64][2](go.o)' and a warning: '.../Library/Developer/Xcode/DerivedData/MyApp/WireGuardKitGo.framework/WireGuardKitGo[arm64][2](go.o)' has malformed LC_DYSYMTAB, expected 61 undefined symbols to start at index 4624, found 73 undefined symbols starting at index 15 Is it a known issue? Are there any existing fixes or clues to help fixing the problem? From cbzhao.cn at gmail.com Sun Aug 13 13:36:30 2023 From: cbzhao.cn at gmail.com (Chengbo Zhao) Date: Sun, 13 Aug 2023 13:36:30 -0000 Subject: Upload speed slow in Windows through ipv6 Message-ID: Hello: I just changed my way back home from OpenVPN to WireGuard. Nice work, faster and easier to configure! But when I tried to connect through ipv6, I had some troubles: the download speed seems normal, but upload speed (Both to LAN and WAN) was limited to ~10Mbps (about 10~20% of full speed). I thought it was a network issue at first, so I used a process of elimination to find out what went wrong. On the mobile phone, using the same configuration, both upload and download can reach the upload rate of my broadband ~60Mbps. This indicates that the computer may not be working properly. So, I went on to test on my laptop and found that when using ipv4 for connection, the upload and download can also run at full speed. I guess that there may be a performance problem with the forwarding of ipv6 packets in WireGuard NT. By the way, I just configure ipv4 for all clients in WireGuard's internal network. Test Device ipv4-download ipv4-upload ipv6-download ipv6-upload --------------- --------------- ------------- --------------- ------------- PC-Win11 ~60Mbps ~60Mbps ~60Mbps ~10Mbps Phone-Android ~60Mbps ~60Mbps ~60Mbps ~60Mbps Can you guys do further tests to resolve this issue? --- Thanks, Chengbo Zhao From mightyguava at gmail.com Wed Aug 23 23:58:05 2023 From: mightyguava at gmail.com (Mighty Guava) Date: Wed, 23 Aug 2023 23:58:05 -0000 Subject: Issues starting Wireguard connection on Mac and iOS Message-ID: Hi all, I?ve been having issues with the iOS (iPhone 12) and Mac (MacBook M1) clients for Wireguard when starting a connection. It usually takes several attempts to start a connection. Specifically, one of the following things occur when activating Wireguard: * It shows ?Data sent: 148b?, incrementing a small amount every 5 seconds-ish with nothing showing for Data Received. * It shows ?Data received: 96b? incrementing a small amount every 5 seconds, while ?Data sent? is going up by about 20MB/s every second, effectively saturating my uplink. Statistics on my router does show the data actually going somewhere. Wireguard logs on the peer it?s connecting to though do not show anything unusual. In both cases, the connection isn?t actually successful, and I am unable to access vpn network. The connection is successful for me about 1 out of 5 times, though it?s not deterministic. I?ve had no issues connecting from an Android client. It succeeds every time. When my Mac or iOS clients succeed in making a connection, I also see no problems. The same issue occurs when connecting to 3 completely different peers from the Mac/iOS device: 1 running Raspberry Pi OS (Debian based), 1 running weejewel/wg-easy Docker container, 1 running on an Asus RT-AX86U Router using their software. All wireguard packages up to date. I?ve tried upping MTU to 1500 and shortening keep alive but neither successful. There?s a serverfault topic for this issue as well (not created by me) with several people reporting similar experiences. https://serverfault.com/questions/1129770/wireguard-clients-need-to-make-many-attempts-to-connect-before-receiving-data Client config below: [Interface] PrivateKey = Address = 10.6.0.3/32 [Peer] PublicKey = AllowedIPs = 0.0.0.0/0 Endpoint = PersistentKeepalive = 25 DNS is pointed to an internal DNS server on my intranet. I've tried removing it to not override DNS, but it does not seem to have an impact. Hoping someone on this list has leads on how I might be able to fix this. Thanks, Yunchi From andrew at furrypaws.ca Thu Aug 24 12:41:31 2023 From: andrew at furrypaws.ca (Andrew Berry) Date: Thu, 24 Aug 2023 12:41:31 -0000 Subject: Bug connecting in iOS / macOS client when using the WG UI to connect Message-ID: <2E8408F8-888B-4A21-B035-C0A2257E2491@furrypaws.ca> Are there any known issues using the toggle in the Wireguard app to connect, versus the toggle in the Settings app? I've been having trouble connecting to an OPNSesnse-hosted Wireguard VPN. Symptoms are: - No handshakes - No data going across the tunnel - Except sometimes, there are handshakes, but there is a huge amount of data shown in the counters way beyond what is possible, and no actual traffic works If I reconnect enough times, eventually it works fine. I posted about this on the OPNSense forums, and another user mentioned seeing this and that starting the VPN via Settings always worked. The same workaround seems to fix it for me too: https://forum.opnsense.org/index.php?topic=35555 While at first I thought this was an issue with the FreeBSD port of Wireguard, now I wonder if this is just an Apple client issue or an issue between the Apple client and the FreeBSD port. Has anyone else seen the same behaviour? Any suggestions on ways to get useful information for debugging? Thanks, --Andrew