aboutsummaryrefslogtreecommitdiffstats
path: root/target/linux/generic/hack-4.14
Commit message (Collapse)AuthorAgeFilesLines
* kernel: bump 4.14 to 4.14.79Koen Vandeputte2018-11-053-3/+3
| | | | | | | | | Refreshed all patches. Compile-tested on: ar71xx, cns3xxx, imx6, x86_64 Runtime-tested on: ar71xx, cns3xxx, imx6, x86_64 Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* kernel: bump 4.14 to 4.14.77Koen Vandeputte2018-10-193-3/+3
| | | | | | | | | | | | | | | Refreshed all patches. Altered patches: - 666-Add-support-for-MAP-E-FMRs-mesh-mode.patch New symbol for arm targets: - HARDEN_BRANCH_PREDICTOR Compile-tested on: ar71xx, cns3xxx, imx6 Runtime-tested on: ar71xx, cns3xxx, imx6 Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* kernel: bump 4.14 to 4.14.76Koen Vandeputte2018-10-161-1/+1
| | | | | | | | | Refreshed all patches. Compile-tested on: ar71xx, cns3xxx, imx6 Runtime-tested on: ar71xx, cns3xxx, imx6 Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* Revert "kernel: add a RPS balancer"Stijn Tintel2018-10-081-93/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This reverts commit 7af1fb9faafbc842fc727c49108f5fc4edc08601. With the RPS balancer patch, both my APU2s are crashing, sometimes just after a few minutes of uptime. [ 6241.170132] BUG: unable to handle kernel paging request at ffffffffa20a75a8 [ 6241.177248] IP: get_rps_cpu+0x41c/0x440 [ 6241.181140] PGD 2012067 P4D 2012067 PUD 2013063 PMD 0 [ 6241.186370] Oops: 0000 [#1] SMP NOPTI [ 6241.190080] Modules linked in: pppoe ppp_async pptp pppox ppp_mppe ppp_generic nf_nat_pptp nf_flow_table_ipv6 nf_flow_table_ipv4 nf_flow_table_inet nf_conntrack_pptp lzo iptable_nat ipt_REJECT ipt_MASQUERADE ftdi_sio xt_time xt_tcpudp xt_tcpmss xt_string xt_statistic xt_state xt_recent xt_quota xt_policy xt_pkttype xt_owner xt_nat xt_multiport xt_mark xt_mac xt_limit xt_length xt_hl xt_helper xt_esp xt_ecn xt_dscp xt_conntrack xt_connmark xt_connlimit xt_connbytes xt_comment xt_bpf xt_addrtype xt_TCPMSS xt_REDIRECT xt_NFQUEUE xt_LOG xt_HL xt_FLOWOFFLOAD xt_DSCP xt_CT xt_CLASSIFY wireguard usbserial ts_fsm ts_bm spidev slhc rfcomm nft_set_rbtree nft_set_hash nft_reject_ipv6 nft_reject_ipv4 nft_reject_inet nft_reject nft_redir_ipv4 nft_redir nft_quota nft_numgen nft_nat nft_meta nft_masq_ipv4 nft_masq [ 6241.261735] nft_log nft_limit nft_flow_offload nft_exthdr nft_ct nft_counter nft_chain_route_ipv6 nft_chain_route_ipv4 nft_chain_nat_ipv4 nfnetlink_queue nf_tables_ipv6 nf_tables_ipv4 nf_tables_inet nf_tables nf_reject_ipv4 nf_nat_tftp nf_nat_snmp_basic nf_nat_sip nf_nat_redirect nf_nat_proto_gre nf_nat_masquerade_ipv6 nf_nat_masquerade_ipv4 nf_nat_irc nf_conntrack_ipv6 nf_nat_ipv6 nf_conntrack_ipv4 nf_nat_ipv4 nf_nat_h323 nf_nat_ftp nf_nat_amanda nf_nat nf_log_ipv4 nf_flow_table_hw nf_flow_table nf_defrag_ipv6 nf_defrag_ipv4 nf_conntrack_tftp nf_conntrack_snmp nf_conntrack_sip nf_conntrack_rtcache nf_conntrack_proto_gre nf_conntrack_netlink nf_conntrack_irc nf_conntrack_h323 nf_conntrack_ftp nf_conntrack_broadcast ts_kmp nf_conntrack_amanda macvlan lzo_decompress lzo_compress libcrc32c kvm irqbypass [ 6241.333427] iptable_raw iptable_mangle iptable_filter ipt_ah ipt_ECN ip_tables hidp hci_uart crc_ccitt cdc_acm btusb btintel br_netfilter bnep bluetooth sch_cake tcp_bbr sch_teql em_nbyte sch_codel sch_prio sch_pie act_ipt em_meta sch_gred sch_dsmark cls_basic em_cmp em_text act_police sch_sfq sch_fq sch_multiq sch_red act_connmark nf_conntrack act_skbedit act_mirred em_u32 cls_u32 cls_tcindex cls_flow cls_route cls_fw sch_tbf sch_htb sch_hfsc sch_ingress configs evdev i2c_piix4 kfifo_buf industrialio i2c_dev xt_set ip_set_list_set ip_set_hash_netiface ip_set_hash_netport ip_set_hash_netnet ip_set_hash_net ip_set_hash_netportnet ip_set_hash_mac ip_set_hash_ipportnet ip_set_hash_ipportip ip_set_hash_ipport ip_set_hash_ipmark ip_set_hash_ip ip_set_bitmap_port ip_set_bitmap_ipmac ip_set_bitmap_ip ip_set [ 6241.405252] nfnetlink ip6t_REJECT nf_reject_ipv6 nf_log_ipv6 nf_log_common ip6table_mangle ip6table_filter ip6_tables x_tables ip_gre gre igb i2c_algo_bit ifb ip6_vti ip_vti sit l2tp_netlink l2tp_core ipcomp6 xfrm6_tunnel xfrm6_mode_tunnel xfrm6_mode_transport xfrm6_mode_beet esp6 ah6 ipcomp xfrm4_tunnel xfrm4_mode_tunnel xfrm4_mode_transport xfrm4_mode_beet esp4 ah4 ip6_tunnel tunnel6 tunnel4 ip_tunnel veth snd_compress snd_pcm_oss snd_mixer_oss snd_pcm snd_timer snd_rawmidi snd_seq_device snd_hwdep snd soundcore mpls_gso mpls_iptunnel mpls_router af_key xfrm_user xfrm_ipcomp xfrm_algo br2684 atm regmap_mmio vxlan udp_tunnel ip6_udp_tunnel ecdh_generic sha512_ssse3 sha512_generic sha256_ssse3 sha1_ssse3 seqiv jitterentropy_rng drbg md5 kpp ccp_crypto rsa_generic mpi asn1_decoder akcipher ccp sha256_generic [ 6241.477726] sha1_generic hmac ghash_generic gcm echainiv des_generic deflate zlib_deflate ctr cmac ccm cbc authenc crypto_acompress sdhci_pltfm pf_ring sp5100_tco leds_apu2 gpio_nct5104d button_hotplug ptp pps_core [ 6241.497122] CPU: 3 PID: 0 Comm: swapper/3 Not tainted 4.14.73 #0 [ 6241.503198] Hardware name: PC Engines apu2/apu2, BIOS v4.8.0.2 20180705 [ 6241.509858] task: ffff88012a0d8000 task.stack: ffffc90000070000 [ 6241.515841] RIP: 0010:get_rps_cpu+0x41c/0x440 [ 6241.520246] RSP: 0018:ffff88012ed83db0 EFLAGS: 00010286 [ 6241.525511] RAX: 00000000ffffffff RBX: 0000000000011ae8 RCX: 0000000000000001 [ 6241.532737] RDX: 00000000ffffffff RSI: ffff88012a0d8788 RDI: 0000000000000282 [ 6241.539956] RBP: ffff88012ed83e00 R08: 0000000000000001 R09: 0000000000000000 [ 6241.547183] R10: 0000000000000000 R11: 0000000000000000 R12: ffffffff82dae2e0 [ 6241.554403] R13: ffff880124de4480 R14: 0000000000000000 R15: ffff880128120000 [ 6241.561625] FS: 0000000000000000(0000) GS:ffff88012ed80000(0000) knlGS:0000000000000000 [ 6241.569820] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 6241.575651] CR2: ffffffffa20a75a8 CR3: 00000001251da000 CR4: 00000000000406e0 [ 6241.582830] Call Trace: [ 6241.585322] <IRQ> [ 6241.587372] ? lock_acquire+0x59/0x80 [ 6241.591102] netif_receive_skb_internal+0x1e4/0x2d0 [ 6241.596037] napi_gro_receive+0x48/0x90 [ 6241.599948] igb_alloc_rx_buffers+0xc97/0x1b60 [igb] [ 6241.604981] ? note_gp_changes+0x76/0xc0 [ 6241.608963] net_rx_action+0x10c/0x280 [ 6241.612752] __do_softirq+0xf0/0x22d [ 6241.616375] irq_exit+0x5e/0xa0 [ 6241.619573] do_IRQ+0xee/0x110 [ 6241.622682] common_interrupt+0x8b/0x8b [ 6241.626556] </IRQ> [ 6241.628699] RIP: 0010:native_safe_halt+0x6/0x10 [ 6241.633260] RSP: 0018:ffffc90000073e10 EFLAGS: 00000202 ORIG_RAX: ffffffffffffff3d [ 6241.640910] RAX: ffff88012a0d8000 RBX: ffff88012a190c00 RCX: 0000000000000000 [ 6241.648110] RDX: ffff88012a0d8000 RSI: 0000000000000001 RDI: ffff88012a0d8000 [ 6241.655354] RBP: ffffc90000073e10 R08: 0000000000000006 R09: 0000000000000000 [ 6241.662554] R10: 0000000000000000 R11: 0000000000000000 R12: ffff88012a190c64 [ 6241.669791] R13: 0000000000000001 R14: 0000000000000001 R15: 0000000000000001 [ 6241.676986] acpi_safe_halt.part.9+0xe/0x20 [ 6241.681226] acpi_idle_do_entry+0x2c/0x40 [ 6241.685325] acpi_idle_enter+0x1ee/0x2b0 [ 6241.689298] ? sched_clock+0x9/0x10 [ 6241.692839] cpuidle_enter_state+0x1f2/0x230 [ 6241.697162] cpuidle_enter+0x12/0x20 [ 6241.700803] call_cpuidle+0x38/0x40 [ 6241.704335] do_idle+0xed/0x160 [ 6241.707557] cpu_startup_entry+0x6e/0x70 [ 6241.711557] start_secondary+0x1b4/0x1d0 [ 6241.715536] secondary_startup_64+0xa5/0xb0 [ 6241.719777] Code: d4 48 8d 04 9b 48 8b 35 53 a7 ac 00 48 8d 1c 43 48 83 c6 64 48 c1 e3 03 48 8d bb e8 e2 da 82 e8 cb a9 ba ff 41 8b 14 1c 48 89 d0 <48> 0f a3 15 dc dc b6 00 0f 83 46 fc ff ff 48 83 c4 28 5b 41 5c [ 6241.739100] RIP: get_rps_cpu+0x41c/0x440 RSP: ffff88012ed83db0 [ 6241.744993] CR2: ffffffffa20a75a8 [ 6241.748373] ---[ end trace 77367d9f9830d5bc ]--- Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* kernel: bump 4.14 to 4.14.74Koen Vandeputte2018-10-041-1/+1
| | | | | | | | | | | | | Refreshed all patches. Fixes CVE: - CVE-2018-7755 Compile-tested on: cns3xxx, imx6 Runtime-tested on: cns3xxx, imx6 Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* kernel: generic: Fix nftables inet table breakageBrett Mastbergen2018-09-223-9/+9
| | | | | | | | | | | | | | | | | | | | | | | | | | Commit b7265c59ab7d ("kernel: backport a series of netfilter cleanup patches to 4.14") added patch 302-netfilter-nf_tables_inet-don-t-use- multihook-infrast.patch. That patch switches the netfilter core in the kernel to use the new native NFPROTO_INET support. Unfortunately, the new native NFPROTO_INET support does not exist in 4.14 and was not backported along with this patchset. As such, nftables inet tables never see any traffic. As an example the following nft counter rule should increment for every packet coming into the box, but never will: nft add table inet foo nft add chain inet foo bar { type filter hook input priority 0\; } nft add rule inet foo bar counter This commit pulls in the required backport patches to add the new native NFPROTO_INET support, and thus restore nftables inet table functionality. Tested on Turris Omnia (mvebu) Fixes: b7265c59ab7d ("kernel: backport a series of netfilter cleanup ...") Signed-off-by: Brett Mastbergen <bmastbergen@untangle.com>
* kernel: bump 4.14 to 4.14.71Koen Vandeputte2018-09-212-3/+3
| | | | | | | | | Refreshed all patches. Compile-tested on: cns3xxx, imx6 Runtime-tested on: cns3xxx, imx6 Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* kernel: bump 4.14 to 4.14.68Koen Vandeputte2018-09-072-3/+3
| | | | | | | | | | | | | | | | Refreshed all patches. Remove upstream accepted: - 330-Revert-MIPS-BCM47XX-Enable-74K-Core-ExternalSync-for.patch Altered: - 303-v4.16-netfilter-nf_tables-remove-multihook-chains-and-fami.patch - 308-mips32r2_tune.patch Compile-tested on: cns3xxx, imx6 Runtime-tested on: cns3xxx, imx6 Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* generic: add flow_offload accountingJohn Crispin2018-08-281-0/+70
| | | | | | | This patch makes the flow offloading layer account for the traffic inside the conntack entries. Signed-off-by: John Crispin <john@phrozen.org>
* kernel: add a RPS balancerJohn Crispin2018-08-281-0/+93
| | | | | | | | | By default the RPS delegation will happen by masking the last few bits of skb->hash. This patch adds an inermediate hash bucket that maps the masked hash to a RPS core. This makes RPS results much more deterministic on SMP systems. Signed-off-by: John Crispin <john@phrozen.org>
* kernel: modules: fix kmod-regmap reduxChristian Lamparter2018-08-061-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Jonas Gorski commented on the previous patch: |This is actually the wrong fix and papers over an issue in one of our |local patches. | |We intentionally allow regmap to be built as a module, see | |/target/linux/generic/hack-4.14/259-regmap_dynamic.patch |[...] |[The regulator code] optionally supports regmap thanks to the stubs |provided if regmap is disabled - which breaks if you compile regmap |as a module. In order to mitigate this issue, this patch reverts the previous patch and replaces the existing IS_ENABLED(CONFIG_REGMAP) with IS_REACHABLE(CONFIG_REGMAP). This solves this particular issue as the regulator code will now automatically fallback to the regmap stubs in case the kmod-regmap module is enabled, but nothing else sets CONFIG_REGMAP=y. Note: There's still a potential issue that this patch doesn't solve: If someone ever wants to make a OpenWrt kernel package for a regulator module that requires the REGMAP feature for a target that doesn't set CONFIG_REGMAP=y but has CONFIG_REGULATOR=y, the resulting kmod-regulator-xyz package will not work on the target. Luckily, there aren't any in-tree OpenWrt kernel module packages for regulators at the moment. On the bright side: regmap is a critical part nowadays and all new and upcoming architectures require it by default. This will likely only ever be a problem for legacy targets and devices that cannot afford to enable REGMAP. Cc: Jonas Gorski <jonas.gorski@gmail.com> Cc: John Crispin <john@phrozen.org> Fixes: d00913d1215b ("kernel: modules: fix kmod-regmap") Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
* kernel: bump 4.14 to 4.14.60Koen Vandeputte2018-08-031-1/+1
| | | | | | | | | | | | Refreshed all patches Removed upstreamed patches: - 500-ext4-fix-check-to-prevent-initializing-reserved-inod.patch Compile-tested on: cns3xxx, imx6, x86_64 Runtime-tested on: cns3xxx, imx6, x86_64 Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* kernel: bump 4.14 to 4.14.59Stijn Tintel2018-07-314-5/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Drop patch that was superseded upstream: ramips/0036-mtd-fix-cfi-cmdset-0002-erase-status-check.patch Drop upstreamed patches: - apm821xx/020-0001-crypto-crypto4xx-remove-bad-list_del.patch - apm821xx/020-0011-crypto-crypto4xx-fix-crypto4xx_build_pdr-crypto4xx_b.patch - ath79/0011-MIPS-ath79-fix-register-address-in-ath79_ddr_wb_flus.patch - brcm63xx/001-4.15-08-bcm63xx_enet-correct-clock-usage.patch - brcm63xx/001-4.15-09-bcm63xx_enet-do-not-write-to-random-DMA-channel-on-B.patch - generic/backport/080-net-convert-sock.sk_wmem_alloc-from-atomic_t-to-refc.patch - generic/pending/170-usb-dwc2-Fix-DMA-alignment-to-start-at-allocated-boun.patch - generic/pending/900-gen_stats-fix-netlink-stats-padding.patch In 4.14.55, a patch was introduced that breaks ext4 images in some cases. The newly introduced patch backport-4.14/500-ext4-fix-check-to-prevent-initializing-reserved-inod.patch addresses this breakage. Fixes the following CVEs: - CVE-2018-10876 - CVE-2018-10877 - CVE-2018-10879 - CVE-2018-10880 - CVE-2018-10881 - CVE-2018-10882 - CVE-2018-10883 Compile-tested: ath79, octeon, x86/64 Runtime-tested: ath79, octeon, x86/64 Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* kernel: replace bridge port isolate hack with upstream patch backport on 4.14Felix Fietkau2018-07-112-80/+3
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* kernel: adjust bridge port isolate patch to match upstream attribute namingFelix Fietkau2018-07-111-2/+2
| | | | | | | | Newer kernels have a patch that implements compatible functionality directly. Adjust the attribute of our own patch in preparation for dropping it later Signed-off-by: Felix Fietkau <nbd@nbd.name>
* kernel: bump 4.14 to 4.14.54Koen Vandeputte2018-07-111-1/+1
| | | | | | | | | | | | Rereshed all patches Reworked patches to match upstream: 335-v4.16-netfilter-nf_tables-add-single-table-list-for-all-fa.patch Compile-tested on: cns3xxx, imx6, x86_64 Runtime-tested on: cns3xxx, imx6, x86_64 Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* kernel: bump 4.14 to 4.14.52Koen Vandeputte2018-07-021-7/+2
| | | | | | | | | Refreshed all patches Compile-tested on: cns3xxx, imx6, x86_64 Runtime-tested on: cns3xxx, imx6, x86_64 Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* kernel: bump 4.14 to 4.14.51Kevin Darbyshire-Bryant2018-06-261-2/+2
| | | | | | | | | | | | | | | | | | | | | | | The sender domain has a DMARC Reject/Quarantine policy which disallows sending mailing list messages using the original "From" header. To mitigate this problem, the original message has been wrapped automatically by the mailing list software. Refresh patches. Remove patch that can be reverse applied: mvebu/patches-4.14/530-ATA-ahci_mvebu-enable-stop_engine-override.patch mvebu/patches-4.14/531-ATA-ahci_mvebu-pmp-stop-errata-226.patch Update patch that no longer applied: ipq806x/patches-4.14/0035-clk-mux-Split-out-register-accessors-for-reuse.patch Compiled-tested-for: lantiq, ramips Run-tested-on: lantiq BT hh5a, ramips MIR3g Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk> Tested-by: Michael Yartys <michael.yartys@protonmail.com> Tested-by: Rosen Penev <rosenp@gmail.com>
* kernel: cleanup offload hooks on netdev unregisterChen Minqiang2018-06-221-0/+96
| | | | Signed-off-by: Chen Minqiang <ptpt52@gmail.com>
* kernel: avoid flow offload for connections with xfrm on the dst entry ↵Felix Fietkau2018-06-131-1/+4
| | | | | | (should fix IPSec) Signed-off-by: Felix Fietkau <nbd@nbd.name>
* kernel: bump 4.14 to 4.14.48Stijn Tintel2018-06-055-8/+8
| | | | | | | | | | | | | | | | | | Remove upstreamed patches: generic/pending/101-clocksource-mips-gic-timer-fix-clocksource-counter-w.patch generic/pending/103-MIPS-c-r4k-fix-data-corruption-related-to-cache-coherence.patch generic/pending/182-net-qmi_wwan-add-BroadMobi-BM806U-2020-2033.patch lantiq/0025-MIPS-lantiq-gphy-Remove-reboot-remove-reset-asserts.patch Update patches that no longer apply: generic/pending/811-pci_disable_usb_common_quirks.patch ath79/0009-MIPS-ath79-add-lots-of-missing-registers.patch Fixes CVE-2018-6412. Compile-tested: octeon, x86/64. Runtime-tested: octeon, x86/64. Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* kernel: bump 4.14 to 4.14.44Stijn Tintel2018-05-291-1/+1
| | | | | | | | | | | | | | Refresh patches. Remove upstreamed patch: generic/pending/181-net-usb-add-lte-modem-wistron-neweb-d18q1.patch Update patches that no longer applies: generic/hack/901-debloat_sock_diag.patch Compile-tested on: x86/64. Runtime-tested on: x86/64. Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* kernel: bump 4.14 to 4.14.34Stijn Tintel2018-04-162-5/+5
| | | | | | | | | | | | | Refresh patches. Update patches that no longer apply: - backport/313-netfilter-remove-defensive-check-on-malformed-packet.patch - pending/642-net-8021q-support-hardware-flow-table-offload.patch Compile-tested: x86/64. Runtime-tested: x86/64. Signed-off-by: Stefan Lippers-Hollmann <s.l-h@gmx.de> Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* kernel: fix xtables flow offload issuesFelix Fietkau2018-04-051-4/+5
| | | | | | | - avoid using garbage stack values as dst pointer if lookup fails - provide the source address for ipv6 dst lookup Signed-off-by: Felix Fietkau <nbd@nbd.name>
* kernel: add support for enabling hardware flow offload via iptablesFelix Fietkau2018-04-051-1/+34
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* kernel: update kernel 4.14 to 4.14.32Hauke Mehrtens2018-04-032-3/+3
| | | | | | | | | | | | | The following patches are now included upstream: * 0052-MIPS-lantiq-fix-usb-clocks.patch * 0053-MIPS-lantiq-enable-AHB-Bus-for-USB.patch * 0060-lantiq-ase-enable-MFD-SYSCON.patch Closes: FS#1466 Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> Tested-by: Stijn Segers <foss@volatilesystems.org> Tested-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* Kernel: bump 4.14 to 4.14.29Stijn Segers2018-03-233-4/+4
| | | | | | | | | | | | Right patch version this time, sorry! * Patch 180-usb-xhci-add-support-for-performing-fake-doorbell.patch had to be adjusted slightly because of upstream adapted code. * Refreshed patches. Compile-tested: ramips/mt7621, x86/64 Run-tested: ramips/mt7621, x86/64 Signed-off-by: Stijn Segers <foss@volatilesystems.org> Tested-by: Rosen Penev <rosenp@gmail.com>
* kernel: netfilter: fix dst entries in flowtable offloadFelix Fietkau2018-03-231-11/+22
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* kernel: fix crash in flow offload when removing net devicesFelix Fietkau2018-03-231-3/+5
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* kernel: flow-offload: only offload connections that have been fully establishedFelix Fietkau2018-03-231-1/+4
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* kernel: bump 4.14 to 4.14.27Stijn Segers2018-03-174-9/+9
| | | | | | | | | | * Refreshed patches. * Deleted 812-pci-dwc-fix-enumeration.patch (was accepted upstream) Compile-tested: ramips/mt7621, x86/64 Run-tested: ramips/mt7621, x86/64 Signed-off-by: Stijn Segers <foss@volatilesystems.org>
* kernel: merge a pending fix for HFSC warnings/slowdowns (fixes FS#1136)Felix Fietkau2018-03-112-3/+3
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* kernel: unroll MIPS r4k cache blast functionFelix Fietkau2018-03-101-0/+66
| | | | | | | | | | | Optimize the compiler output for larger cache blast cases that are common for DMA-based networking. On ar71xx, I measured a routing throughput increase of ~8% Signed-off-by: Ben Menchaca <ben.menchaca@qca.qualcomm.com> Signed-off-by: Rosen Penev <rosenp@gmail.com> Signed-off-by: Felix Fietkau <nbd@nbd.name>
* kernel: bump to version 4.14.25Kabuli Chana2018-03-093-3/+3
| | | | | | compile/test target mvebu/rango Signed-off-by: Kabuli Chana <newtownBuild@gmail.com>
* kernel: bump 4.14 to 4.14.23Stijn Segers2018-03-023-7/+7
| | | | | | | | | | | | | This patch bumps the 4.14 kernel to .23. - Refreshed patches. - Deleted bcm53xx/patches-4.14/089-PCI-iproc-Fix-NULL-pointer-dereference-for-BCMA.patch. Has been accepted upstream. - Deleted generic/pending-4.14/821-usb-Remove-annoying-warning-about-bogus-URB.patch. The upstream URB code was changed, the patch no longer applies. I discussed this with the patch author and removed it for now, we'll see how it goes. Compile-tested on: ramips/mt7621, x86/64 Run-tested on: ramips/mt7621, x86/64 Signed-off-by: Stijn Segers <foss@volatilesystems.org>
* kernel: fix crash in flow offload code when cleaning up unregistered hooksFelix Fietkau2018-02-251-1/+1
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* kernel: remove nf_flow_table hardware offload patch (it is not ready yet)Felix Fietkau2018-02-253-7/+7
| | | | | | | It also does not have any users yet. It will be addde back when the core API issues have been sorted out Signed-off-by: Felix Fietkau <nbd@nbd.name>
* kernel: refresh patchesKoen Vandeputte2018-02-222-5/+5
| | | | | | Some fuzz was introduced due to the netfilter-offload series Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* kernel: avoid stripping retpoline flag with CONFIG_MODULE_STRIPPEDFelix Fietkau2018-02-211-11/+4
| | | | | | Fixes kernel warning when loading modules Signed-off-by: Felix Fietkau <nbd@nbd.name>
* netfilter: add a xt_FLOWOFFLOAD target for NAT/routing offload supportFelix Fietkau2018-02-211-0/+446
| | | | | | | | | | This makes it possible to add an iptables rule that offloads routing/NAT packet processing to a software fast path. This fast path is much quicker than running packets through the regular tables/chains. Requires Linux 4.14 Signed-off-by: Felix Fietkau <nbd@nbd.name>
* kernel: bump 4.14 to 4.14.20Stijn Tintel2018-02-183-4/+4
| | | | | | | | | | | | | | | | Refresh patches. Remove upstreamed patches: - backport/080-v4.15-0001-arch-define-weak-abort.patch - backport/081-v4.15-0002-kernel-exit.c-export-abort-to-modules.patch Update patch that no longer applies: pending/493-ubi-set-ROOT_DEV-to-ubiblock-rootfs-if-unset.patch Fixes CVE-2017-8824. Compile-tested: octeon, x86/64. Runtime-tested: octeon, x86/64. Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* ramips: preliminary support for 4.14Roman Yeryomin2018-02-151-6/+6
| | | | | | | | - removed upstreamed patches - 0901-spansion_nand_id_fix.patch is disabled, not clear if it's needed Signed-off-by: Roman Yeryomin <roman@advem.lv> Signed-off-by: John Crispin <john@phrozen.org>
* kernel: bump 4.14 to 4.14.18Stijn Tintel2018-02-082-9/+19
| | | | | | | | | | | | | | | | Refresh patches. Remove upstreamed patches: - apm821xx/010-crypto-gcm-add-GCM-IV-size-constant.patch - backport/040-crypto-fix-typo-in-KPP-dependency-of-CRYPTO_ECDH.patch Remove pending-4.14/650-pppoe_header_pad.patch, it is superseded by upstream commit d32e5740001972c1bb193dd60af02721d047a17e. Update patch that no longer applies: hack/204-module_strip.patch Compile-tested: octeon, x86/64. Runtime-tested: octeon, x86/64. Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* kernel: fix forwarding locally generated packages in bridge isolation patchDaniel Danzberger2018-02-051-1/+1
| | | | | | | | | Locally generated packets weren't forwarded to the isolated interfaces in a bridge. Isolation should only prevent the flooding of incomming packets to other interfaces in the bridge. Signed-off-by: Daniel Danzberger <daniel@dd-wrt.com> Signed-off-by: Felix Fietkau <nbd@nbd.name>
* kernel: bump 4.14 to 4.14.14Kevin Darbyshire-Bryant2018-01-201-1/+1
| | | | | | | | | | | | | | Refresh patches. CVEs completely or partially addressed: CVE-2017-5715 CVE-2017-5753 CVE-2017-17741 CVE-2017-1000410 Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk> Tested-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* kernel: bump 4.14 to 4.14.11Stijn Tintel2018-01-035-14/+14
| | | | | | | | | | | | | | | Rename unwinder config symbols to match upstream changes. Refresh patches. Update patch that no longer applies: 202-reduce_module_size.patch Also enable CONFIG_PAGE_TABLE_ISOLATION. This feature was backported from 4.15 to the 4.14 stable series. It is enabled by default, so enable it in OpenWrt as well. Compile-tested on x86/64. Runtime-tested on x86/64. Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* linux: unbreak host tools build for 4.14Jonas Gorski2017-12-251-1/+1
| | | | | | | | Remove a stray -Wp left in host_c_flags causing build failures for newer 4.14 versions. Reported-by: Michael Marley <michael@michaelmarley.com> Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
* kernel: generic: Add kernel 4.14 supportHauke Mehrtens2017-12-1636-0/+7474
This adds initial support for kernel 4.14 based on the patches for kernel 4.9. In the configuration I deactivated some of the new possible security features like: CONFIG_REFCOUNT_FULL CONFIG_SLAB_FREELIST_HARDENED CONFIG_SOFTLOCKUP_DETECTOR CONFIG_WARN_ALL_UNSEEDED_RANDOM And these overlay FS options are also deactivated: CONFIG_OVERLAY_FS_INDEX CONFIG_OVERLAY_FS_REDIRECT_DIR I activated this: CONFIG_FORTIFY_SOURCE CONFIG_POSIX_TIMERS CONFIG_SLAB_MERGE_DEFAULT CONFIG_WATCHDOG_HANDLE_BOOT_ENABLED I am not sure if I did the porting correct for the following patches: target/linux/generic/backport-4.14/020-backport_netfilter_rtcache.patch target/linux/generic/hack-4.14/220-gc_sections.patch target/linux/generic/hack-4.14/321-powerpc_crtsavres_prereq.patch target/linux/generic/pending-4.14/305-mips_module_reloc.patch target/linux/generic/pending-4.14/611-netfilter_match_bypass_default_table.patch target/linux/generic/pending-4.14/680-NET-skip-GRO-for-foreign-MAC-addresses.patch Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>