| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
| |
Adds into 4.19 backported kernel module from 5.1 for Sensirion SPS30
particulate matter sensor, for kernel 5.4 backported dependency fix.
Signed-off-by: Petr Štetiar <ynezz@true.cz>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Refreshed all patches.
Fixes:
- CVE-2013-1798
- CVE-2019-3016
Compile-tested on: cns3xxx
Runtime-tested on: cns3xxx
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Refreshed all patches.
Fixes:
- CVE-2019-14896
- CVE-2019-14897
Remove upstreamed:
- 023-0007-crypto-crypto4xx-Fix-wrong-ppc4xx_trng_probe-ppc4xx_.patch
- 950-0202-staging-bcm2835-camera-fix-module-autoloading.patch
- 001-4.22-01-MIPS-BCM63XX-drop-unused-and-broken-DSP-platform-dev.patch
Compile-tested on: cns3xxx
Runtime-tested on: cns3xxx
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
[ Upstream commit 09d4f10a5e78d76a53e3e584f1e6a701b6d24108 ]
Implement a cleanup method to properly free ci->params
BUG: memory leak
unreferenced object 0xffff88811746e2c0 (size 64):
comm "syz-executor617", pid 7106, jiffies 4294943055 (age 14.250s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
c0 34 60 84 ff ff ff ff 00 00 00 00 00 00 00 00 .4`.............
backtrace:
[<0000000015aa236f>] kmemleak_alloc_recursive include/linux/kmemleak.h:43 [inline]
[<0000000015aa236f>] slab_post_alloc_hook mm/slab.h:586 [inline]
[<0000000015aa236f>] slab_alloc mm/slab.c:3320 [inline]
[<0000000015aa236f>] kmem_cache_alloc_trace+0x145/0x2c0 mm/slab.c:3549
[<000000002c946bd1>] kmalloc include/linux/slab.h:556 [inline]
[<000000002c946bd1>] kzalloc include/linux/slab.h:670 [inline]
[<000000002c946bd1>] tcf_ctinfo_init+0x21a/0x530 net/sched/act_ctinfo.c:236
[<0000000086952cca>] tcf_action_init_1+0x400/0x5b0 net/sched/act_api.c:944
[<000000005ab29bf8>] tcf_action_init+0x135/0x1c0 net/sched/act_api.c:1000
[<00000000392f56f9>] tcf_action_add+0x9a/0x200 net/sched/act_api.c:1410
[<0000000088f3c5dd>] tc_ctl_action+0x14d/0x1bb net/sched/act_api.c:1465
[<000000006b39d986>] rtnetlink_rcv_msg+0x178/0x4b0 net/core/rtnetlink.c:5424
[<00000000fd6ecace>] netlink_rcv_skb+0x61/0x170 net/netlink/af_netlink.c:2477
[<0000000047493d02>] rtnetlink_rcv+0x1d/0x30 net/core/rtnetlink.c:5442
[<00000000bdcf8286>] netlink_unicast_kernel net/netlink/af_netlink.c:1302 [inline]
[<00000000bdcf8286>] netlink_unicast+0x223/0x310 net/netlink/af_netlink.c:1328
[<00000000fc5b92d9>] netlink_sendmsg+0x2c0/0x570 net/netlink/af_netlink.c:1917
[<00000000da84d076>] sock_sendmsg_nosec net/socket.c:639 [inline]
[<00000000da84d076>] sock_sendmsg+0x54/0x70 net/socket.c:659
[<0000000042fb2eee>] ____sys_sendmsg+0x2d0/0x300 net/socket.c:2330
[<000000008f23f67e>] ___sys_sendmsg+0x8a/0xd0 net/socket.c:2384
[<00000000d838e4f6>] __sys_sendmsg+0x80/0xf0 net/socket.c:2417
[<00000000289a9cb1>] __do_sys_sendmsg net/socket.c:2426 [inline]
[<00000000289a9cb1>] __se_sys_sendmsg net/socket.c:2424 [inline]
[<00000000289a9cb1>] __x64_sys_sendmsg+0x23/0x30 net/socket.c:2424
Fixes: 24ec483cec98 ("net: sched: Introduce act_ctinfo action")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Reported-by: syzbot <syzkaller@googlegroups.com>
Cc: Kevin 'ldir' Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Cc: Cong Wang <xiyou.wangcong@gmail.com>
Cc: Toke Høiland-Jørgensen <toke@redhat.com>
Acked-by: Kevin 'ldir' Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
|
| |
|
|
|
|
|
|
|
|
| |
Backport the phy/phylink/sfp patches currently queued in netdev or in
mainline necessary to support GPON popular modules, specifically to
support Huawei and Nokia GPON modules.
Signed-off-by: Russell King <linux@armlinux.org.uk>
[jonas.gorski: include kernel version in file names, refresh patches]
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
Move two phylink patches from mvebu to generic, so that everyone can
benefit from them.
Signed-off-by: Russell King <linux@armlinux.org.uk>
[jonas.gorski: add kernel version to file names]
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Refreshed all patches.
Remove upstreamed:
- 010-dmaengine-dw-dmac-implement-dma-prot.patch
- 950-0148-Increase-firmware-call-buffer-size-to-48-bytes.patch
- 950-0206-Mailbox-firmware-calls-now-use-kmalloc-2749.patch
- 402-leds-trigger-netdev-fix-handling-on-interface-rename.patch
Fixes:
- CVE-2019-19332
Compile-tested on: cns3xxx
Runtime-tested on: cns3xxx
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
[Add 010-dt-bindings-dmaengine-dw-dmac-add-protection-control.patch]
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Refreshed all patches.
Remove upstreamed:
- 0004-boot-sq201-from-sda1.patch
- 500-v4.20-ubifs-Fix-default-compression-selection-in-ubifs.patch
- 0003-usb-dwc2-use-a-longer-core-rest-timeout-in-dwc2_core.patch
Altered patches:
- 0011-ARM-dts-Fix-up-SQ201-flash-access.patch
- 400-mtd-add-rootfs-split-support.patch
- 0101-pci-mediatek-backport-fix-pcie.patch
Compile-tested on: cns3xxx
Runtime-tested on: cns3xxx
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
|
| |
|
|
|
|
|
|
|
|
| |
Since the original backports from kernel 5.3 a few things have been
tweaked by kernel bumps & other upstream changes. Update the backport
to reflect upstream as closely as possible and remove the bitrot.
Functions remain the same, error reporting improved.
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Refreshed all patches.
Altered patches:
- 950-0064-mfd-Add-Raspberry-Pi-Sense-HAT-core-driver.patch
- 0005-mtd-physmap_of-Move-custom-initialization.patch
Remove upstreamed:
- 0001-pinctrl-gemini-Mask-and-set-properly.patch
- 0002-pinctrl-gemini-Fix-up-TVC-clock-group.patch
Compile-tested on: cns3xxx
Runtime-tested on: cns3xxx
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
|
| |
|
|
|
|
|
| |
Fixes b7c58a1ee ("kernel: nf_conntrack_rtcache: fix cleanup on netns
delete and rmmod")
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
Fixes b7c58a1ee ("kernel: nf_conntrack_rtcache: fix cleanup on netns
delete and rmmod")
Resolves FS#2624
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
|
| |
|
|
|
|
|
|
| |
Fixes FS#1472, FS#2353, FS#2426
Fixes: b3f95490 ("kernel: generic: Add kernel 4.14 support")
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
Acked-by: Hauke Mehrtens <hauke@hauke-m.de>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Refreshed all patches.
Altered patches:
- 950-0748-net-bcmgenet-Workaround-for-Pi-4B-network-issue.patch
- 950-0754-Revert-net-bcmgenet-Workaround-for-Pi-4B-network-iss.patch
- 902-debloat_proc.patch
Remove upstreamed:
- 150-MIPS-bmips-mark-exception-vectors-as-char-arrays.patch
New symbols:
X86_INTEL_MPX
X86_INTEL_MEMORY_PROTECTION_KEYS
X86_INTEL_TSX_MODE_OFF
X86_INTEL_TSX_MODE_ON
X86_INTEL_TSX_MODE_AUTO
Compile-tested on: cns3xxx, x86_64
Runtime-tested on: cns3xxx
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
|
| |
|
|
|
|
|
|
|
| |
This fixes the netdev LED trigger for interfaces, which are renamed
during initialization (e.g. ppp interfaces).
Fixes: FS#2193
Fixes: FS#2239
Signed-off-by: Martin Schiller <ms@dev.tdt.de>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
generic: Add/rename patches for upstream consistency
ipq40xx: generic-level patch replaces same-source patches-4.19/
082-v4.20-mtd-spinand-winbond-Add-support-for-W25N01GV.patch
The SPI-NAND framework from Linux uses common driver code that is then
"tuned" by a tiny struct of chip-specific data that describes
available commands, timing, and layout (data and OOB data). Several
manufacturers and chips have been added since 4.19, several of which
are used in devices already supported by OpenWrt (typically with no or
"legacy" access to their NAND memory). This commit catches up the
supported-chip definitions through Linux 5.2-rc6 and linux/next.
The driver is only compiled for platforms with CONFIG_MTD_SPI_NAND=y.
This presently includes ipq40xx and pistachio, with the addition of
ath79-nand in these commits (and not ath79-generic or ath79-tiny).
Upstream patches refreshed against 4.19.75
Build-tested-on: ipq40xx
Run-tested-on: ath79-nand
Signed-off-by: Jeff Kletsky <git-commits@allycomm.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch fixes the build of gdb and strace on arm64 targets with
kernel 4.19.
Without this patch asm/ptrace.h is including asm/sigcontext.h and this
file defines some structures which are also defined in musl header file
arch/aarch64/bits/signal.h. These two definitions then conflict with
each other and make the build fail.
This was seen locally and also by the build bot. The struct sigcontext,
struct sve_context and some others were defined twice. It looks like
this problem was introduced between 4.14 and 4.19 and it was fixed in
5.0. I already requested to backport this patch to kernel 4.19.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
|
| |
|
|
|
|
|
|
| |
Replace an old cleanup patch that never made it upstream with the proper
upstream fix. This patch was incompatible with the recent changes that
affected the way that the flow tuple dst entry was used.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Refreshed all patches.
Fixes:
- CVE-2019-14814
- CVE-2019-14815
- CVE-2019-14816
- CVE-2019-14821
Compile-tested on: cns3xxx
Runtime-tested on: cns3xxx
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Refreshed all patches.
Remove upstreamed:
- 390-v5.3-net-sched-fix-action-ipt-crash.patch
Compile-tested on: cns3xxx
Runtime-tested on: cns3xxx
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The net pointer in struct xt_tgdtor_param is not explicitly
initialized therefore is still NULL when dereferencing it.
So we have to find a way to pass the correct net pointer to
ipt_destroy_target().
The best way I find is just saving the net pointer inside the per
netns struct tcf_idrinfo, which could make this patch smaller.
Fixes: 0c66dc1ea3f0 ("netfilter: conntrack: register hooks in netns when needed by ruleset")
Reported-and-tested-by: Tony Ambardar <itugrok@xxxxxxxxx>
Cc: Jamal Hadi Salim <jhs@xxxxxxxxxxxx>
Cc: Jiri Pirko <jiri@xxxxxxxxxxx>
Signed-off-by: Cong Wang <xiyou.wangcong@gmail.com>
[Backport for kernel v4.19 and v4.14]
[Bug Link: https://bugzilla.kernel.org/show_bug.cgi?id=204681]
Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
|
| |
|
|
| |
Signed-off-by: Luka Perkov <luka.perkov@sartura.hr>
|
| |
|
|
| |
Signed-off-by: Vladimir Vid <vladimir.vid@sartura.hr>
|
| |
|
|
|
|
|
|
|
| |
Refreshed all patches.
Compile-tested on: cns3xxx
Runtime-tested on: cns3xxx
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Refreshed all patches.
Remove upstreamed:
- 023-0013-crypto-crypto4xx-fix-AES-CTR-blocksize-value.patch
- 023-0014-crypto-crypto4xx-fix-blocksize-for-cfb-and-ofb.patch
- 023-0015-crypto-crypto4xx-block-ciphers-should-only-accept-co.patch
- 950-0252-staging-bcm2835_camera-Ensure-all-buffers-are-return.patch
- 950-0253-staging-bcm2835-camera-Remove-check-of-the-number-of.patch
- 950-0254-staging-bcm2835-camera-Handle-empty-EOS-buffers-whil.patch
- 950-0489-staging-mmal-vchiq-Replace-spinlock-protecting-conte.patch
- 0021-ARM-dts-gemini-Fix-up-DNS-313-compatible-string.patch
- 049-v4.20-mips-remove-superfluous-check-for-linux.patch
- 100-MIPS-fix-build-on-non-linux-hosts.patch
- 303-MIPS-Fix-bounds-check-virt_addr_valid.patch
- 0002-usb-dwc2-use-a-longer-AHB-idle-timeout-in-dwc2_core_.patch
Altered patches:
- 950-0267-staging-vc04_services-Split-vchiq-mmal-into-a-module.patch
- 700-net-add-qualcomm-mdio-and-phy.patch
Fixes:
- CVE-2019-3846
New symbol:
- AX88796B_PHY
Compile-tested on: cns3xxx, imx6
Runtime-tested on: cns3xxx, imx6
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
|
| |
|
|
|
|
| |
This reverts commit 5c094ff660fd8e750ed1c1f38719a45065e77348.
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
|
| |
|
|
|
|
|
|
|
|
| |
This is already included in newer upstream. Needed to build BPF programs
using the MIPS kernel include files.
Without this patch, clang fails with "#error Use a Linux compiler or
give up." in sgidefs.h when building BPF programs.
Signed-off-by: Fredrik Olofsson <fredrik.olofsson@anyfinetworks.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
CAKE made it to kernel 4.19 and since OpenWrt now at kernel 4.19 we can
drop the out of tree cake package in base repository.
Add kmod-sched-cake to netsupport so package dependencies are still met.
Similarly CAKE is retained as an optional qdisc module to avoid base
scheduler package size implications.
Backport upstream patches from k5.1 to address some small bugs and
support fwmark usage.
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch backports verbatim the commit from Linux 5.2-rc7 that fixes
the warnings about invalid lpm related parameters on hardware which
don't that.
This is the case for e.g. lantiq xrx200 targets.
Supported only in Linux 4.17 an later.
Signed-off-by: Martin Schiller <ms@dev.tdt.de>
[refresh patches, fix commit title]
Signed-off-by: Mathias Kresin <dev@kresin.me>
|
| |
|
|
|
|
|
|
|
| |
Refreshed all patches.
Compile-tested on: imx6
Runtime-tested on: imx6
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
|
| |
|
|
|
|
|
| |
Follow upstream changes - header file changes
no executable difference at all
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Refreshed all patches.
Fixes:
- CVE-2019-11479
- CVE-2019-11478
- CVE-2019-11477
Also fix a malformed patch issue caught during refresh.
It was caused by removing a whitespace without altering
the index values in a patch which alters a patch.
Compile-tested on: cns3xxx
Runtime-tested on: cns3xxx
Fixes: cf6526249298 ("kernel: bump 4.19 to 4.19.51")
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Refreshed all patches.
Altered patches:
- 370-netfilter-nf_flow_table-fix-offloaded-connection-tim.patch
- 220-optimize_inlining.patch
- 640-netfilter-nf_flow_table-add-hardware-offload-support.patch
This patch also restores the initial implementation
of the ath79 perfcount IRQ issue. (78ee6b1a40b5)
It was wrongfully backported upstream initially and got reverted now.
Compile-tested on: cns3xxx, imx6
Runtime-tested on: cns3xxx, imx6
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
|
| |
|
|
|
|
|
|
|
| |
Refreshed all patches.
Compile-tested on: cns3xxx, imx6
Runtime-tested on: cns3xxx, imx6
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
ctinfo is a new tc filter action module. It is designed to restore
information contained in firewall conntrack marks to other packet fields
and is typically used on packet ingress paths. At present it has two
independent sub-functions or operating modes, DSCP restoration mode &
skb mark restoration mode.
The DSCP restore mode:
This mode copies DSCP values that have been placed in the firewall
conntrack mark back into the IPv4/v6 diffserv fields of relevant
packets.
The DSCP restoration is intended for use and has been found useful for
restoring ingress classifications based on egress classifications across
links that bleach or otherwise change DSCP, typically home ISP Internet
links. Restoring DSCP on ingress on the WAN link allows qdiscs such as
but by no means limited to CAKE to shape inbound packets according to
policies that are easier to set & mark on egress.
Ingress classification is traditionally a challenging task since
iptables rules haven't yet run and tc filter/eBPF programs are pre-NAT
lookups, hence are unable to see internal IPv4 addresses as used on the
typical home masquerading gateway. Thus marking the connection in some
manner on egress for later restoration of classification on ingress is
easier to implement.
Parameters related to DSCP restore mode:
dscpmask - a 32 bit mask of 6 contiguous bits and indicate bits of the
conntrack mark field contain the DSCP value to be restored.
statemask - a 32 bit mask of (usually) 1 bit length, outside the area
specified by dscpmask. This represents a conditional operation flag
whereby the DSCP is only restored if the flag is set. This is useful to
implement a 'one shot' iptables based classification where the
'complicated' iptables rules are only run once to classify the
connection on initial (egress) packet and subsequent packets are all
marked/restored with the same DSCP. A mask of zero disables the
conditional behaviour ie. the conntrack mark DSCP bits are always
restored to the ip diffserv field (assuming the conntrack entry is found
& the skb is an ipv4/ipv6 type)
e.g. dscpmask 0xfc000000 statemask 0x01000000
|----0xFC----conntrack mark----000000---|
| Bits 31-26 | bit 25 | bit24 |~~~ Bit 0|
| DSCP | unused | flag |unused |
|-----------------------0x01---000000---|
| |
| |
---| Conditional flag
v only restore if set
|-ip diffserv-|
| 6 bits |
|-------------|
The skb mark restore mode (cpmark):
This mode copies the firewall conntrack mark to the skb's mark field.
It is completely the functional equivalent of the existing act_connmark
action with the additional feature of being able to apply a mask to the
restored value.
Parameters related to skb mark restore mode:
mask - a 32 bit mask applied to the firewall conntrack mark to mask out
bits unwanted for restoration. This can be useful where the conntrack
mark is being used for different purposes by different applications. If
not specified and by default the whole mark field is copied (i.e.
default mask of 0xffffffff)
e.g. mask 0x00ffffff to mask out the top 8 bits being used by the
aforementioned DSCP restore mode.
|----0x00----conntrack mark----ffffff---|
| Bits 31-24 | |
| DSCP & flag| some value here |
|---------------------------------------|
|
|
v
|------------skb mark-------------------|
| | |
| zeroed | |
|---------------------------------------|
Overall parameters:
zone - conntrack zone
control - action related control (reclassify | pipe | drop | continue |
ok | goto chain <CHAIN_INDEX>)
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Reviewed-by: Toke Høiland-Jørgensen <toke@redhat.com>
Acked-by: Cong Wang <xiyou.wangcong@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Make suitable adjustments for backporting to 4.14 & 4.19
and add to SCHED_MODULES_FILTER
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
|
| |
|
|
|
|
|
|
|
|
| |
This reverts commit 7c50182e0cdce0366715082872a2afbcf208bbf8.
Produces build error:
Package kmod-sched is missing dependencies for the following libraries:
nf_conntrack.ko
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
ctinfo is a new tc filter action module. It is designed to restore
information contained in firewall conntrack marks to other packet fields
and is typically used on packet ingress paths. At present it has two
independent sub-functions or operating modes, DSCP restoration mode &
skb mark restoration mode.
The DSCP restore mode:
This mode copies DSCP values that have been placed in the firewall
conntrack mark back into the IPv4/v6 diffserv fields of relevant
packets.
The DSCP restoration is intended for use and has been found useful for
restoring ingress classifications based on egress classifications across
links that bleach or otherwise change DSCP, typically home ISP Internet
links. Restoring DSCP on ingress on the WAN link allows qdiscs such as
but by no means limited to CAKE to shape inbound packets according to
policies that are easier to set & mark on egress.
Ingress classification is traditionally a challenging task since
iptables rules haven't yet run and tc filter/eBPF programs are pre-NAT
lookups, hence are unable to see internal IPv4 addresses as used on the
typical home masquerading gateway. Thus marking the connection in some
manner on egress for later restoration of classification on ingress is
easier to implement.
Parameters related to DSCP restore mode:
dscpmask - a 32 bit mask of 6 contiguous bits and indicate bits of the
conntrack mark field contain the DSCP value to be restored.
statemask - a 32 bit mask of (usually) 1 bit length, outside the area
specified by dscpmask. This represents a conditional operation flag
whereby the DSCP is only restored if the flag is set. This is useful to
implement a 'one shot' iptables based classification where the
'complicated' iptables rules are only run once to classify the
connection on initial (egress) packet and subsequent packets are all
marked/restored with the same DSCP. A mask of zero disables the
conditional behaviour ie. the conntrack mark DSCP bits are always
restored to the ip diffserv field (assuming the conntrack entry is found
& the skb is an ipv4/ipv6 type)
e.g. dscpmask 0xfc000000 statemask 0x01000000
|----0xFC----conntrack mark----000000---|
| Bits 31-26 | bit 25 | bit24 |~~~ Bit 0|
| DSCP | unused | flag |unused |
|-----------------------0x01---000000---|
| |
| |
---| Conditional flag
v only restore if set
|-ip diffserv-|
| 6 bits |
|-------------|
The skb mark restore mode (cpmark):
This mode copies the firewall conntrack mark to the skb's mark field.
It is completely the functional equivalent of the existing act_connmark
action with the additional feature of being able to apply a mask to the
restored value.
Parameters related to skb mark restore mode:
mask - a 32 bit mask applied to the firewall conntrack mark to mask out
bits unwanted for restoration. This can be useful where the conntrack
mark is being used for different purposes by different applications. If
not specified and by default the whole mark field is copied (i.e.
default mask of 0xffffffff)
e.g. mask 0x00ffffff to mask out the top 8 bits being used by the
aforementioned DSCP restore mode.
|----0x00----conntrack mark----ffffff---|
| Bits 31-24 | |
| DSCP & flag| some value here |
|---------------------------------------|
|
|
v
|------------skb mark-------------------|
| | |
| zeroed | |
|---------------------------------------|
Overall parameters:
zone - conntrack zone
control - action related control (reclassify | pipe | drop | continue |
ok | goto chain <CHAIN_INDEX>)
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Reviewed-by: Toke Høiland-Jørgensen <toke@redhat.com>
Acked-by: Cong Wang <xiyou.wangcong@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Make suitable adjustments for backporting to 4.14 & 4.19
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Refreshed all patches.
Remove upstreamed:
- 103-MIPS-perf-ath79-Fix-perfcount-IRQ-assignment.patch
Compile-tested on: cns3xxx, imx6
Runtime-tested on: cns3xxx, imx6
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Refreshed all patches.
Remove upstreamed:
- 060-v5.1-serial-ar933x_uart-Fix-build-failure-with-disabled-c.patch
- 400-v5.2-leds-trigger-netdev-fix-refcnt-leak-on-interface-ren.patch
Compile-tested on: cns3xxx, imx6
Runtime-tested on: cns3xxx, imx6
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch backports verbatim the commits from Linux 5.0 and 5.1
that implemented support for GigaDevice SPI NAND A and E variants.
Supported only in Linux 4.19 and later as based on the upstream
drivers/mtd/nand/spi/ framework.
mtd-spinand-add-support-for-GigaDevice-GD5FxGQ4xA.patch
commit c93c613214ac (5.0)
mtd-spinand-Add-support-for-GigaDevice-GD5F1GQ4UExxG.patch
commit c40c7a990a46 (5.1)
Run-tested-on: GL.iNet AR750S
Signed-off-by: Jeff Kletsky <git-commits@allycomm.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Refreshed all patches.
Removed:
- 030-PCI-dwc-skip-MSI-init-if-MSIs-have-been-explicitly-d.patch
Altered:
- 366-netfilter-nf_flow_table-clean-up-and-fix-dst-handlin.patch
- 650-netfilter-add-xt_OFFLOAD-target.patch
- 662-remove_pfifo_fast.patch
- 332-arc-add-OWRTDTB-section.patch
- 100-clocksource-drivers-arch_timer-Workaround-for-Allwin.patch
- 702-phy_add_aneg_done_function.patch
New symbols:
- ARC_IRQ_NO_AUTOSAVE
- SUN50I_ERRATUM_UNKNOWN1
Compile-tested: cns3xxx, imx6, sunxi
Runtime-tested: cns3xxx, imx6
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
|
| |
|
|
| |
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Please note that modified code isn't currently being compiled with
kernels 4.19+ due to the dropped CONFIG_NF_CONNTRACK_IPV6 in upstream
Linux. That requires a separated fix.
This fixes:
net/netfilter/nf_conntrack_rtcache.c: In function 'nf_rtcache_get_cookie':
net/netfilter/nf_conntrack_rtcache.c:82:11: error: 'const struct rt6_info' has no member named 'rt6i_node'; did you mean 'rt6i_idev'?
if (rt->rt6i_node)
^~~~~~~~~
rt6i_idev
IPv6 structs were reworked in upstream kernel by:
commit a64efe142f5e ("net/ipv6: introduce fib6_info struct and helpers")
commit 77634cc67dc1 ("net/ipv6: Remove unused code and variables for rt6_info")
commit 93c2fb253d17 ("net/ipv6: Rename fib6_info struct elements")
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The PCIe DWC host controller is now using MSI
(Message-signaled-interrupts) by default.
While ath9k itself does support MSI here, a lot of wlan adapters do not.
Avoid non-functioning cards by simply continue to disable MSI for now.
This can be done by appending "pci=nomsi" to the boot cmdline.
Also an extra fix needs to be backported which avoids MSI initialization
which prevented legacy IRQ's init from taking over.
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Andrey has reported on OpenWrt's bug tracking system[1], that he
currently can't use ar93xx_uart as pure serial UART without console
(CONFIG_SERIAL_8250_CONSOLE and CONFIG_SERIAL_AR933X_CONSOLE undefined),
because compilation ends with following error:
ar933x_uart.c: In function 'ar933x_uart_console_write':
ar933x_uart.c:550:14: error: 'struct uart_port' has no
member named 'sysrq'
1. https://bugs.openwrt.org/index.php?do=details&task_id=2152
Signed-off-by: Petr Štetiar <ynezz@true.cz>
|
| |
|
|
|
|
|
|
|
|
| |
This fixes a possible unbalanced dev_hold():
> iw dev bar del
[ 237.355366] unregister_netdevice: waiting for bar to become free. Usage count = 1
[ 247.435362] unregister_netdevice: waiting for bar to become free. Usage count = 1
[ 257.545366] unregister_netdevice: waiting for bar to become free. Usage count = 1
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
|
| |
|
|
|
|
|
|
|
| |
Refreshed all patches.
Compile-tested on: cns3xxx
Runtime-tested on: cns3xxx
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Refreshed all patches.
Remove upstreamed:
- 100-arm-cns3xxx-fix-writing-to-wrong-PCI-registers-after.patch
Altered patches:
- 721-phy_packets.patch
Compile-tested on: imx6
Runtime-tested on: imx6
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Refreshed all patches.
Remove upstreamed patch:
- 800-v5.0-usb-leds-fix-regression-in-usbport-led-trigger.patch
Compile-tested on: cns3xxx
Runtime-tested on: cns3xxx
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Refreshed all patches.
Removed upstreamed:
- 031-v5.0-MIPS-BCM47XX-Setup-struct-device-for-the-SoC.patch
- 142-jffs2-Fix-use-of-uninitialized-delayed_work-lockdep-.patch
Removed upstreamed hunk in:
- 800-bcma-get-SoC-device-struct-copy-its-DMA-params-to-th.patch
Compile-tested on: cns3xxx
Runtime-tested on: cns3xxx
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
|
