22 Dec, 2014
1 commit
-
If a request is backlogged, it's complete() handler will get called
twice: once with -EINPROGRESS, and once with the final error code.af_alg's complete handler, unlike other users, does not handle the
-EINPROGRESS but instead always completes the completion that recvmsg()
is waiting on. This can lead to a return to user space while the
request is still pending in the driver. If userspace closes the sockets
before the requests are handled by the driver, this will lead to
use-after-frees (and potential crashes) in the kernel due to the tfm
having been freed.The crashes can be easily reproduced (for example) by reducing the max
queue length in cryptod.c and running the following (from
http://www.chronox.de/libkcapi.html) on AES-NI capable hardware:$ while true; do kcapi -x 1 -e -c '__ecb-aes-aesni' \
-k 00000000000000000000000000000000 \
-p 00000000000000000000000000000000 >/dev/null & doneCc: stable@vger.kernel.org
Signed-off-by: Rabin Vincent
Signed-off-by: Herbert Xu
14 Dec, 2014
1 commit
-
Pull crypto update from Herbert Xu:
- The crypto API is now documented :)
- Disallow arbitrary module loading through crypto API.
- Allow get request with empty driver name through crypto_user.
- Allow speed testing of arbitrary hash functions.
- Add caam support for ctr(aes), gcm(aes) and their derivatives.
- nx now supports concurrent hashing properly.
- Add sahara support for SHA1/256.
- Add ARM64 version of CRC32.
- Misc fixes.* git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6: (77 commits)
crypto: tcrypt - Allow speed testing of arbitrary hash functions
crypto: af_alg - add user space interface for AEAD
crypto: qat - fix problem with coalescing enable logic
crypto: sahara - add support for SHA1/256
crypto: sahara - replace tasklets with kthread
crypto: sahara - add support for i.MX53
crypto: sahara - fix spinlock initialization
crypto: arm - replace memset by memzero_explicit
crypto: powerpc - replace memset by memzero_explicit
crypto: sha - replace memset by memzero_explicit
crypto: sparc - replace memset by memzero_explicit
crypto: algif_skcipher - initialize upon init request
crypto: algif_skcipher - removed unneeded code
crypto: algif_skcipher - Fixed blocking recvmsg
crypto: drbg - use memzero_explicit() for clearing sensitive data
crypto: drbg - use MODULE_ALIAS_CRYPTO
crypto: include crypto- module prefix in template
crypto: user - add MODULE_ALIAS
crypto: sha-mb - remove a bogus NULL check
crytpo: qat - Fix 64 bytes requests
...
11 Dec, 2014
1 commit
-
Introduce helper macro for_each_cmsghdr as a wrapper of the enumerating
cmsghdr from msghdr, just cleanup.Signed-off-by: Gu Zheng
Signed-off-by: David S. Miller
10 Dec, 2014
1 commit
-
Note that the code _using_ ->msg_iter at that point will be very
unhappy with anything other than unshifted iovec-backed iov_iter.
We still need to convert users to proper primitives.Signed-off-by: Al Viro
05 Dec, 2014
2 commits
-
This patch allows the testing of arbitrary hash functions specified
by the alg module parameter by using them in mode 300 (for sync hash)
and mode 400 (for async hash).For example, you could do
modprobe tcrypt mode=300 alg='vmac(aes)'Signed-off-by: Herbert Xu
-
AEAD requires the caller to specify the following information separate
from the data stream. This information allows the AEAD interface handler
to identify the AAD, ciphertext/plaintext and the authentication tag:* Associated authentication data of arbitrary length and
length* Length of authentication tag for encryption
Signed-off-by: Stephan Mueller
Signed-off-by: Herbert Xu
02 Dec, 2014
1 commit
-
When using the algif_skcipher, the following call sequence causess a
re-initialization:1. sendmsg with ALG_SET_OP and iov == NULL, iovlen == 0 (i.e
initializing the cipher, but not sending data)2. sendmsg with msg->msg-controllen == 0 and iov != NULL (using the initalized
cipher handle by sending data)In step 2, the cipher operation type (encryption or decryption) is reset
to always decryption, because the local variable of enc is put into
ctx->enc as ctx->user is still zero.The same applies when all send data is processed and ctx->used falls to
zero followed by user space to send new data.This patch changes the behavior to only reset the cipher operation type
(and the IV) if such configuration request is received.Signed-off-by: Stephan Mueller
Signed-off-by: Herbert Xu
01 Dec, 2014
1 commit
-
Remover unneeded code.
Signed-off-by: Tadeusz Struk
Signed-off-by: Herbert Xu
28 Nov, 2014
1 commit
-
As most (all?) users of algif_skcipher are single-threaded and
therefore always write before reading from an algif_skcipher
socket, they never block and exercise that code-path.It turns out that code path doesn't even work because we never
reload ctx->used after waking up so we never even see the new
data and immediately return an error (and a loud WARN_ON).This patch fixes this by always reloading ctx->used.
Reported-by: Stephan Mueller
Signed-off-by: Herbert Xu
Acked-by: Stephan Mueller
27 Nov, 2014
1 commit
-
Compiler dead store optimization can sometimes remove final calls
to memset() used to clear sensitive data at the end of a function.
Replace trailing memset() calls with memzero_explicit() to
preclude unwanted removal.Signed-off-by: Nickolaus Woodruff
Signed-off-by: Herbert Xu
26 Nov, 2014
3 commits
-
Use the crypto- prefix for the DRBG implementations.
Signed-off-by: Stephan Mueller
Signed-off-by: Herbert Xu -
This adds the module loading prefix "crypto-" to the template lookup
as well.For example, attempting to load 'vfat(blowfish)' via AF_ALG now correctly
includes the "crypto-" prefix at every level, correctly rejecting "vfat":net-pf-38
algif-hash
crypto-vfat(blowfish)
crypto-vfat(blowfish)-all
crypto-vfatReported-by: Mathias Krause
Signed-off-by: Kees Cook
Acked-by: Mathias Krause
Signed-off-by: Herbert Xu -
To allow automatic loading of the crypto_user kernel module, the netlink
MODULE_ALIAS is added.Signed-off-by: Stephan Mueller
Signed-off-by: Herbert Xu
25 Nov, 2014
1 commit
-
Commit e1bd95bf7c25 ("crypto: algif - zeroize IV buffer") and
2a6af25befd0 ("crypto: algif - zeroize message digest buffer")
added memzero_explicit() calls on buffers that are later on
passed back to sock_kfree_s().This is a discussed follow-up that, instead, extends the sock
API and adds sock_kzfree_s(), which internally uses kzfree()
instead of kfree() for passing the buffers back to slab.Having sock_kzfree_s() allows to keep the changes more minimal
by just having a drop-in replacement instead of adding
memzero_explicit() calls everywhere before sock_kfree_s().In kzfree(), the compiler is not allowed to optimize the memset()
away and thus there's no need for memzero_explicit(). Both,
sock_kfree_s() and sock_kzfree_s() are wrappers for
__sock_kfree_s() and call into kfree() resp. kzfree(); here,
__sock_kfree_s() needs to be explicitly inlined as we want the
compiler to optimize the call and condition away and thus it
produces e.g. on x86_64 the _same_ assembler output for
sock_kfree_s() before and after, and thus also allows for
avoiding code duplication.Cc: David S. Miller
Signed-off-by: Daniel Borkmann
Signed-off-by: Herbert Xu
24 Nov, 2014
4 commits
-
This prefixes all crypto module loading with "crypto-" so we never run
the risk of exposing module auto-loading to userspace via a crypto API,
as demonstrated by Mathias Krause:https://lkml.org/lkml/2013/3/4/70
Signed-off-by: Kees Cook
Signed-off-by: Herbert Xu -
Currently all get requests with an empty driver name fail with
EINVAL. Since most users actually want to supply an empty driver
name this patch removes this check.Signed-off-by: Herbert Xu
-
Signed-off-by: Al Viro
-
Signed-off-by: Al Viro
12 Nov, 2014
3 commits
-
Zeroize the buffer holding the IV used for the completed
cipher operation before the buffer is released by the
skcipher AF_ALG interface handler.Signed-off-by: Stephan Mueller
Signed-off-by: Herbert Xu -
Zeroize the buffer holding the message digest calculated for the
consumer before the buffer is released by the hash AF_ALG interface
handler.Signed-off-by: Stephan Mueller
Signed-off-by: Herbert Xu -
Merging 3.18-rc4 in order to pick up the memzero_explicit helper.
10 Nov, 2014
1 commit
-
The kernel module drbg.ko is currently not loaded automatically when a
DRBG is requested by a consumer. This is due to missing MODULE_ALIAS
flags for each of the implemented DRBG types.This patch adds aliases for each of the 22 defined DRBGs.
Signed-off-by: Stephan Mueller
Signed-off-by: Herbert Xu
25 Oct, 2014
1 commit
-
Pull /dev/random updates from Ted Ts'o:
"This adds a memzero_explicit() call which is guaranteed not to be
optimized away by GCC. This is important when we are wiping
cryptographically sensitive material"* tag 'random_for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tytso/random:
crypto: memzero_explicit - make sure to clear out sensitive data
random: add and use memzero_explicit() for clearing data
24 Oct, 2014
2 commits
-
The DRBG internal buffer addition function is replaced with crypto_inc when
a buffer is to be incremented by one.The function drbg_add_buf is moved to the CONFIG_CRYPTO_DRBG_HASH ifdef
area as it is now only needed for the Hash DRBG.Signed-off-by: Stephan Mueller
Signed-off-by: Herbert Xu -
This patch remove unncessary KERN_INFO from pr_info within testmgr.c
Signed-off-by: Masanari Iida
Acked-by: David S. Miller
Signed-off-by: Herbert Xu
17 Oct, 2014
1 commit
-
Recently, in commit 13aa93c70e71 ("random: add and use memzero_explicit()
for clearing data"), we have found that GCC may optimize some memset()
cases away when it detects a stack variable is not being used anymore
and going out of scope. This can happen, for example, in cases when we
are clearing out sensitive information such as keying material or any
e.g. intermediate results from crypto computations, etc.With the help of Coccinelle, we can figure out and fix such occurences
in the crypto subsytem as well. Julia Lawall provided the following
Coccinelle program:@@
type T;
identifier x;
@@T x;
... when exists
when any
-memset
+memzero_explicit
(&x,
-0,
...)
... when != x
when strict@@
type T;
identifier x;
@@T x[...];
... when exists
when any
-memset
+memzero_explicit
(x,
-0,
...)
... when != x
when strictTherefore, make use of the drop-in replacement memzero_explicit() for
exactly such cases instead of using memset().Signed-off-by: Daniel Borkmann
Cc: Julia Lawall
Cc: Herbert Xu
Cc: Theodore Ts'o
Cc: Hannes Frederic Sowa
Acked-by: Hannes Frederic Sowa
Acked-by: Herbert Xu
Signed-off-by: Theodore Ts'o
14 Oct, 2014
2 commits
-
Replaced the use of a Variable Length Array In Struct (VLAIS) with a C99
compliant equivalent. This patch allocates the appropriate amount of memory
using a char array using the SHASH_DESC_ON_STACK macro.The new code can be compiled with both gcc and clang.
Signed-off-by: Jan-Simon Möller
Signed-off-by: Behan Webster
Reviewed-by: Mark Charlebois
Acked-by: Herbert Xu
Cc: pageexec@freemail.hu -
Replaced the use of a Variable Length Array In Struct (VLAIS) with a C99
compliant equivalent. This patch allocates the appropriate amount of memory
using a char array using the SHASH_DESC_ON_STACK macro.The new code can be compiled with both gcc and clang.
Signed-off-by: Jan-Simon Möller
Signed-off-by: Behan Webster
Reviewed-by: Mark Charlebois
Acked-by: Herbert Xu
Cc: pageexec@freemail.hu
12 Oct, 2014
1 commit
-
Pull security subsystem updates from James Morris.
Mostly ima, selinux, smack and key handling updates.
* 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security: (65 commits)
integrity: do zero padding of the key id
KEYS: output last portion of fingerprint in /proc/keys
KEYS: strip 'id:' from ca_keyid
KEYS: use swapped SKID for performing partial matching
KEYS: Restore partial ID matching functionality for asymmetric keys
X.509: If available, use the raw subjKeyId to form the key description
KEYS: handle error code encoded in pointer
selinux: normalize audit log formatting
selinux: cleanup error reporting in selinux_nlmsg_perm()
KEYS: Check hex2bin()'s return when generating an asymmetric key ID
ima: detect violations for mmaped files
ima: fix race condition on ima_rdwr_violation_check and process_measurement
ima: added ima_policy_flag variable
ima: return an error code from ima_add_boot_aggregate()
ima: provide 'ima_appraise=log' kernel option
ima: move keyring initialization to ima_init()
PKCS#7: Handle PKCS#7 messages that contain no X.509 certs
PKCS#7: Better handling of unsupported crypto
KEYS: Overhaul key identification when searching for asymmetric keys
KEYS: Implement binary asymmetric key ID handling
...
08 Oct, 2014
3 commits
-
Pull crypto update from Herbert Xu:
- add multibuffer infrastructure (single_task_running scheduler helper,
OKed by Peter on lkml.
- add SHA1 multibuffer implementation for AVX2.
- reenable "by8" AVX CTR optimisation after fixing counter overflow.
- add APM X-Gene SoC RNG support.
- SHA256/SHA512 now handles unaligned input correctly.
- set lz4 decompressed length correctly.
- fix algif socket buffer allocation failure for 64K page machines.
- misc fixes* git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6: (47 commits)
crypto: sha - Handle unaligned input data in generic sha256 and sha512.
Revert "crypto: aesni - disable "by8" AVX CTR optimization"
crypto: aesni - remove unused defines in "by8" variant
crypto: aesni - fix counter overflow handling in "by8" variant
hwrng: printk replacement
crypto: qat - Removed unneeded partial state
crypto: qat - Fix typo in name of tasklet_struct
crypto: caam - Dynamic allocation of addresses for various memory blocks in CAAM.
crypto: mcryptd - Fix typos in CRYPTO_MCRYPTD description
crypto: algif - avoid excessive use of socket buffer in skcipher
arm64: dts: add random number generator dts node to APM X-Gene platform.
Documentation: rng: Add X-Gene SoC RNG driver documentation
hwrng: xgene - add support for APM X-Gene SoC RNG support
crypto: mv_cesa - Add missing #define
crypto: testmgr - add test for lz4 and lz4hc
crypto: lz4,lz4hc - fix decompression
crypto: qat - Use pci_enable_msix_exact() instead of pci_enable_msix()
crypto: drbg - fix maximum value checks on 32 bit systems
crypto: drbg - fix sparse warning for cpu_to_be[32|64]
crypto: sha-mb - sha1_mb_alg_state can be static
... -
Pull ARM updates from Russell King:
"Included in these updates are:
- Performance optimisation to avoid writing the control register at
every exception.
- Use static inline instead of extern inline in ftrace code.
- Crypto ARM assembly updates for big endian
- Alignment of initrd/.init memory to page sizes when freeing to
ensure that we fully free the regions
- Add gcov support
- A couple of preparatory patches for VDSO support: use
_install_special_mapping, and randomize the sigpage placement above
stack.
- Add L2 ePAPR DT cache properties so that DT can specify the cache
geometry.
- Preparatory patch for FIQ (NMI) kernel C code for things like
spinlock lockup debug. Following on from this are a couple of my
patches cleaning up show_regs() and removing an unused (probably
since 1.x days) do_unexp_fiq() function.
- Use pr_warn() rather than pr_warning().
- A number of cleanups (smp, footbridge, return_address)"* 'for-linus' of git://ftp.arm.linux.org.uk/~rmk/linux-arm: (21 commits)
ARM: 8167/1: extend the reserved memory for initrd to be page aligned
ARM: 8168/1: extend __init_end to a page align address
ARM: 8169/1: l2c: parse cache properties from ePAPR definitions
ARM: 8160/1: drop warning about return_address not using unwind tables
ARM: 8161/1: footbridge: select machine dir based on ARCH_FOOTBRIDGE
ARM: 8158/1: LLVMLinux: use static inline in ARM ftrace.h
ARM: 8155/1: place sigpage at a random offset above stack
ARM: 8154/1: use _install_special_mapping for sigpage
ARM: 8153/1: Enable gcov support on the ARM architecture
ARM: Avoid writing to control register on every exception
ARM: 8152/1: Convert pr_warning to pr_warn
ARM: remove unused do_unexp_fiq() function
ARM: remove extraneous newline in show_regs()
ARM: 8150/3: fiq: Replace default FIQ handler
ARM: 8140/1: ep93xx: Enable DEBUG_LL_UART_PL01X
ARM: 8139/1: versatile: Enable DEBUG_LL_UART_PL01X
ARM: 8138/1: drop ISAR0 workaround for B15
ARM: 8136/1: sa1100: add Micro ASIC platform device
ARM: 8131/1: arm/smp: Absorb boot_secondary()
ARM: 8126/1: crypto: enable NEON SHA-384/SHA-512 for big endian
... -
Pull dmaengine updates from Dan Williams:
"Even though this has fixes marked for -stable, given the size and the
needed conflict resolutions this is 3.18-rc1/merge-window material.These patches have been languishing in my tree for a long while. The
fact that I do not have the time to do proper/prompt maintenance of
this tree is a primary factor in the decision to step down as
dmaengine maintainer. That and the fact that the bulk of drivers/dma/
activity is going through Vinod these days.The net_dma removal has not been in -next. It has developed simple
conflicts against mainline and net-next (for-3.18).Continuing thanks to Vinod for staying on top of drivers/dma/.
Summary:
1/ Step down as dmaengine maintainer see commit 08223d80df38
"dmaengine maintainer update"2/ Removal of net_dma, as it has been marked 'broken' since 3.13
(commit 77873803363c "net_dma: mark broken"), without reports of
performance regression.3/ Miscellaneous fixes"
* tag 'dmaengine-3.17' of git://git.kernel.org/pub/scm/linux/kernel/git/djbw/dmaengine:
net: make tcp_cleanup_rbuf private
net_dma: revert 'copied_early'
net_dma: simple removal
dmaengine maintainer update
dmatest: prevent memory leakage on error path in thread
ioat: Use time_before_jiffies()
dmaengine: fix xor sources continuation
dma: mv_xor: Rename __mv_xor_slot_cleanup() to mv_xor_slot_cleanup()
dma: mv_xor: Remove all callers of mv_xor_slot_cleanup()
dma: mv_xor: Remove unneeded mv_xor_clean_completed_slots() call
ioat: Use pci_enable_msix_exact() instead of pci_enable_msix()
drivers: dma: Include appropriate header file in dca.c
drivers: dma: Mark functions as static in dma_v3.c
dma: mv_xor: Add DMA API error checks
ioat/dca: Use dev_is_pci() to check whether it is pci device
07 Oct, 2014
2 commits
-
Previous version of KEYS used to output last 4 bytes of fingerprint.
Now it outputs 8 last bytes of raw subject, which does not make any
visual meaning at all. This patch restores old behavior.Signed-off-by: Dmitry Kasatkin
Signed-off-by: David Howells -
The 'id:' prefix must be stripped for asymmetric_key_hex_to_key_id() to be
able to process ca_keyid.Signed-off-by: Dmitry Kasatkin
Signed-off-by: David Howells
06 Oct, 2014
2 commits
-
Earlier KEYS code used pure subject key identifiers (fingerprint)
for searching keys. Latest merged code removed that and broke
compatibility with integrity subsytem signatures and original
format of module signatures.This patch returns back partial matching on SKID.
Reported-by: Dmitry Kasatkin
Signed-off-by: Dmitry Kasatkin
Signed-off-by: David Howells -
Bring back the functionality whereby an asymmetric key can be matched with a
partial match on one of its IDs.Whilst we're at it, allow for the possibility of having an increased number of
IDs.Reported-by: Dmitry Kasatkin
Signed-off-by: Dmitry Kasatkin
Signed-off-by: David Howells
03 Oct, 2014
3 commits
-
Module signing matches keys by comparing against the key description exactly.
However, the way the key description gets constructed got changed to be
composed of the subject name plus the certificate serial number instead of the
subject name and the subjectKeyId. I changed this to avoid problems with
certificates that don't *have* a subjectKeyId.Instead, if available, use the raw subjectKeyId to form the key description
and only use the serial number if the subjectKeyId doesn't exist.Reported-by: Dmitry Kasatkin
Signed-off-by: David Howells -
If hexlen is odd then function returns an error.
Use IS_ERR to check for error, otherwise invalid pointer
is used and kernel gives oops:[ 132.816522] BUG: unable to handle kernel paging request at
ffffffffffffffea
[ 132.819902] IP: [] asymmetric_key_id_same+0x14/0x36
[ 132.820302] PGD 1a12067 PUD 1a14067 PMD 0
[ 132.820302] Oops: 0000 [#1] SMP
[ 132.820302] Modules linked in: bridge(E) stp(E) llc(E) evdev(E)
serio_raw(E) i2c_piix4(E) button(E) fuse(E)
[ 132.820302] CPU: 0 PID: 2993 Comm: cat Tainted: G E
3.16.0-kds+ #2847
[ 132.820302] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011
[ 132.820302] task: ffff88004249a430 ti: ffff880056640000 task.ti:
ffff880056640000
[ 132.820302] RIP: 0010:[] []
asymmetric_key_id_same+0x14/0x36
[ 132.820302] RSP: 0018:ffff880056643930 EFLAGS: 00010246
[ 132.820302] RAX: 0000000000000000 RBX: ffffffffffffffea RCX:
ffff880056643ae0
[ 132.820302] RDX: 000000000000005e RSI: ffffffffffffffea RDI:
ffff88005bac9300
[ 132.820302] RBP: ffff880056643948 R08: 0000000000000003 R09:
00000007504aa01a
[ 132.820302] R10: 0000000000000000 R11: 0000000000000000 R12:
ffff88005d68ca40
[ 132.820302] R13: 0000000000000101 R14: 0000000000000000 R15:
ffff88005bac5280
[ 132.820302] FS: 00007f67a153c740(0000) GS:ffff88005da00000(0000)
knlGS:0000000000000000
[ 132.820302] CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b
[ 132.820302] CR2: ffffffffffffffea CR3: 000000002e663000 CR4:
00000000000006f0
[ 132.820302] Stack:
[ 132.820302] ffffffff812bfc66 ffff880056643ae0 ffff88005bac5280
ffff880056643958
[ 132.820302] ffffffff812bfc9d ffff880056643980 ffffffff812971d9
ffff88005ce930c1
[ 132.820302] ffff88005ce930c0 0000000000000000 ffff8800566439c8
ffffffff812fb753
[ 132.820302] Call Trace:
[ 132.820302] [] ? asymmetric_match_key_ids+0x24/0x42
[ 132.820302] [] asymmetric_key_cmp+0x19/0x1b
[ 132.820302] [] keyring_search_iterator+0x74/0xd7
[ 132.820302] [] assoc_array_subtree_iterate+0x67/0xd2
[ 132.820302] [] ? key_default_cmp+0x20/0x20
[ 132.820302] [] assoc_array_iterate+0x19/0x1e
[ 132.820302] [] search_nested_keyrings+0xf6/0x2b6
[ 132.820302] [] ? sched_clock_cpu+0x91/0xa2
[ 132.820302] [] ? mark_held_locks+0x58/0x6e
[ 132.820302] [] ? current_kernel_time+0x77/0xb8
[ 132.820302] [] keyring_search_aux+0xe1/0x14c
[ 132.820302] [] ? keyring_search_aux+0x6c/0x14c
[ 132.820302] [] keyring_search+0x8f/0xb6
[ 132.820302] [] ? asymmetric_match_key_ids+0x42/0x42
[ 132.820302] [] ? key_default_cmp+0x20/0x20
[ 132.820302] [] asymmetric_verify+0xa4/0x214
[ 132.820302] [] integrity_digsig_verify+0xb1/0xe2
[ 132.820302] [] ? evm_verifyxattr+0x6a/0x7a
[ 132.820302] [] ima_appraise_measurement+0x160/0x370
[ 132.820302] [] ? d_absolute_path+0x5b/0x7a
[ 132.820302] [] process_measurement+0x322/0x404Reported-by: Dmitry Kasatkin
Signed-off-by: Dmitry Kasatkin
Signed-off-by: David Howells
02 Oct, 2014
1 commit
-
Like SHA1, use get_unaligned_be*() on the raw input data.
Reported-by: Bob Picco
Signed-off-by: David S. Miller
Signed-off-by: Herbert Xu
