aboutsummaryrefslogtreecommitdiffstats
path: root/target/linux/generic
Commit message (Collapse)AuthorAgeFilesLines
* kernel: bump 4.14 to 4.14.130Koen Vandeputte2019-06-251-1/+1
| | | | | | | | | Refreshed all patches. Compile-tested on: cns3xxx Runtime-tested on: cns3xxx Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* kernel: bump 4.14 to 4.14.129Koen Vandeputte2019-06-244-23/+5
| | | | | | | | | Refreshed all patches. Compile-tested on: cns3xxx Runtime-tested on: cns3xxx Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* kernel: update act_ctinfoKevin Darbyshire-Bryant2019-06-201-10/+28
| | | | | | | | Follow upstream changes - header file changes no executable difference at all Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk> (cherry picked from commit 5273fb6b21b953428e2f9ea5892872db5aaf22c1)
* kernel: bump 4.14 to 4.14.128Koen Vandeputte2019-06-206-15/+15
| | | | | | | | | Refreshed all patches. Compile-tested on: cns3xxx Runtime-tested on: cns3xxx Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* kernel: bump 4.14 to 4.14.127Koen Vandeputte2019-06-182-3/+3
| | | | | | | | | | | | | | | Refreshed all patches. Fixes: - CVE-2019-11479 - CVE-2019-11478 - CVE-2019-11477 Compile-tested on: cns3xxx Runtime-tested on: cns3xxx Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* kernel: bump 4.14 to 4.14.126Koen Vandeputte2019-06-182-1/+111
| | | | | | | | | | | | | | | | | | Refreshed all patches. Altered patches: - 816-pcie-support-layerscape.patch This patch also restores the initial implementation of the ath79 perfcount IRQ issue. (78ee6b1a40b5) It was wrongfully backported upstream initially and got reverted now. Compile-tested on: cns3xxx Runtime-tested on: cns3xxx Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com> Signed-off-by: Petr Štetiar <ynezz@true.cz> Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
* kernel: backport 4.18 patch adding DMI_PRODUCT_SKURafał Miłecki2019-06-171-0/+57
| | | | | | | | | | It's needed for applying some hardware quirks. This fixes: drivers/net/wireless/broadcom/brcm80211/brcmfmac/dmi.c:60:20: error: 'DMI_PRODUCT_SKU' undeclared here (not in a function); did you mean 'DMI_PRODUCT_UUID'? DMI_EXACT_MATCH(DMI_PRODUCT_SKU, "T8"), Fixes: c52054e568d1 ("mac80211: brcm: backport remaining brcmfmac 5.2 patches") Signed-off-by: Rafał Miłecki <rafal@milecki.pl> (cherry picked from commit 4d11c4c3784196ed3e5b5a1f81fa415d99ef32b0)
* kernel: mt29f_spinand: fix memory leak during page programMantas Pucka2019-06-151-0/+90
| | | | | | | | | Memory is allocated with devm_kzalloc() on every page program and leaks until device is closed (which never happens). Convert to kzalloc() and handle error paths manually. Signed-off-by: Mantas Pucka <mantas@8devices.com>
* kernel: bump 4.14 to 4.14.125 (FS#2305 FS#2297)Koen Vandeputte2019-06-124-25/+3
| | | | | | | | | | | | | | | | Refreshed all patches. This bump contains upstream commits which seem to avoid (not properly fix) the errors as seen in FS#2305 and FS#2297 Altered patches: - 403-net-mvneta-convert-to-phylink.patch - 410-sfp-hack-allow-marvell-10G-phy-support-to-use-SFP.patch Compile-tested on: ar71xx, cns3xxx, imx6, mvebu, x86_64 Runtime-tested on: ar71xx, cns3xxx, imx6, x86_64 Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* kernel: drop everything not on kernel version 4.14Daniel Golle2019-06-12380-66506/+0
| | | | | | | | | | * Remove testing patches for kernel version 4.19 * remove targets ar7, ixp4xx, orion Those targets are still on kernel 4.9, patches for 4.14 were not ready in time. They may be readded once people prepare and test patches for kernel 4.14. Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* mpc85xx: convert TL-WDR4900 v1 to simpleImageChristian Lamparter2019-06-102-0/+59
| | | | | | | | | | | | | | | | | Converts the TP-Link WDR4900 v1 to use the simpleImage in the hopes of prolonging the life of the device. While at it, the patch makes the fdt.bin an ARTIFACT and sets the KERNEL_SIZE to 2684 KiB as a precaution since the stock u-boot is using a fixed kernel size. Note: Give the image some time, it will take much longer to extract and boot. [tested for 4.14/4.19] Signed-off-by: Christian Lamparter <chunkeey@gmail.com> Co-authored-by: Pawel Dembicki <paweldembicki@gmail.com> Signed-off-by: Pawel Dembicki <paweldembicki@gmail.com>
* kernel: re-add bridge allow reception on disabled portChen Minqiang2019-06-073-9/+15
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The "bridge allow reception on disabled port" implementation was broken after these commits: 08802d93e2c1 ("kernel: bump 4.19 to 4.19.37") b765f4be407c ("kernel: bump 4.14 to 4.14.114") 456f486b53a7 ("kernel: bump 4.9 to 4.9.171") This leads to issues when for example WDS is used, tied to a bridge: [ 96.503771] wlan1: send auth to d4:5f:25:eb:09:82 (try 1/3) [ 96.517956] wlan1: authenticated [ 96.526209] wlan1: associate with d4:5f:25:eb:09:82 (try 1/3) [ 97.086156] wlan1: associate with d4:5f:25:eb:09:82 (try 2/3) [ 97.200919] wlan1: RX AssocResp from d4:5f:25:eb:09:82 (capab=0x11 status=0 aid=1) [ 97.208706] wlan1: associated [ 101.312913] wlan1: deauthenticated from d4:5f:25:eb:09:82 (Reason: 2=PREV_AUTH_NOT_VALID) It seems upstream introduced a new patch, [1] so we have to reimplement these patches properly: target/linux/generic/pending-4.9/150-bridge_allow_receiption_on_disabled_port.patch target/linux/generic/pending-4.14/150-bridge_allow_receiption_on_disabled_port.patch target/linux/generic/pending-4.19/150-bridge_allow_receiption_on_disabled_port.patch [1] https://lkml.org/lkml/2019/4/24/1228 Fixes: 08802d93e2c1 ("kernel: bump 4.19 to 4.19.37") Fixes: b765f4be407c ("kernel: bump 4.14 to 4.14.114") Fixes: 456f486b53a7 ("kernel: bump 4.9 to 4.9.171") Signed-off-by: Chen Minqiang <ptpt52@gmail.com> [updated commit message and title] Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* kernel: backport act_ctinfoKevin Darbyshire-Bryant2019-06-062-0/+1201
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | ctinfo is a new tc filter action module. It is designed to restore information contained in firewall conntrack marks to other packet fields and is typically used on packet ingress paths. At present it has two independent sub-functions or operating modes, DSCP restoration mode & skb mark restoration mode. The DSCP restore mode: This mode copies DSCP values that have been placed in the firewall conntrack mark back into the IPv4/v6 diffserv fields of relevant packets. The DSCP restoration is intended for use and has been found useful for restoring ingress classifications based on egress classifications across links that bleach or otherwise change DSCP, typically home ISP Internet links. Restoring DSCP on ingress on the WAN link allows qdiscs such as but by no means limited to CAKE to shape inbound packets according to policies that are easier to set & mark on egress. Ingress classification is traditionally a challenging task since iptables rules haven't yet run and tc filter/eBPF programs are pre-NAT lookups, hence are unable to see internal IPv4 addresses as used on the typical home masquerading gateway. Thus marking the connection in some manner on egress for later restoration of classification on ingress is easier to implement. Parameters related to DSCP restore mode: dscpmask - a 32 bit mask of 6 contiguous bits and indicate bits of the conntrack mark field contain the DSCP value to be restored. statemask - a 32 bit mask of (usually) 1 bit length, outside the area specified by dscpmask. This represents a conditional operation flag whereby the DSCP is only restored if the flag is set. This is useful to implement a 'one shot' iptables based classification where the 'complicated' iptables rules are only run once to classify the connection on initial (egress) packet and subsequent packets are all marked/restored with the same DSCP. A mask of zero disables the conditional behaviour ie. the conntrack mark DSCP bits are always restored to the ip diffserv field (assuming the conntrack entry is found & the skb is an ipv4/ipv6 type) e.g. dscpmask 0xfc000000 statemask 0x01000000 |----0xFC----conntrack mark----000000---| | Bits 31-26 | bit 25 | bit24 |~~~ Bit 0| | DSCP | unused | flag |unused | |-----------------------0x01---000000---| | | | | ---| Conditional flag v only restore if set |-ip diffserv-| | 6 bits | |-------------| The skb mark restore mode (cpmark): This mode copies the firewall conntrack mark to the skb's mark field. It is completely the functional equivalent of the existing act_connmark action with the additional feature of being able to apply a mask to the restored value. Parameters related to skb mark restore mode: mask - a 32 bit mask applied to the firewall conntrack mark to mask out bits unwanted for restoration. This can be useful where the conntrack mark is being used for different purposes by different applications. If not specified and by default the whole mark field is copied (i.e. default mask of 0xffffffff) e.g. mask 0x00ffffff to mask out the top 8 bits being used by the aforementioned DSCP restore mode. |----0x00----conntrack mark----ffffff---| | Bits 31-24 | | | DSCP & flag| some value here | |---------------------------------------| | | v |------------skb mark-------------------| | | | | zeroed | | |---------------------------------------| Overall parameters: zone - conntrack zone control - action related control (reclassify | pipe | drop | continue | ok | goto chain <CHAIN_INDEX>) Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk> Reviewed-by: Toke Høiland-Jørgensen <toke@redhat.com> Acked-by: Cong Wang <xiyou.wangcong@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net> Make suitable adjustments for backporting to 4.14 & 4.19 and add to SCHED_MODULES_FILTER Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
* kernel: handle CFQ_GROUP_IOSCHED/CGROUP_HUGETLB in config-4.14Yangbo Lu2019-06-061-0/+2
| | | | | | | | The generic config-4.14 should handle below configs. - CONFIG_CFQ_GROUP_IOSCHED - CONFIG_CGROUP_HUGETLB Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
* Revert "kernel: backport act_ctinfo"Kevin Darbyshire-Bryant2019-06-062-1201/+0
| | | | | | | | | | This reverts commit 7c50182e0cdce0366715082872a2afbcf208bbf8. Produces build error: Package kmod-sched is missing dependencies for the following libraries: nf_conntrack.ko Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
* kernel: backport act_ctinfoKevin Darbyshire-Bryant2019-06-062-0/+1201
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | ctinfo is a new tc filter action module. It is designed to restore information contained in firewall conntrack marks to other packet fields and is typically used on packet ingress paths. At present it has two independent sub-functions or operating modes, DSCP restoration mode & skb mark restoration mode. The DSCP restore mode: This mode copies DSCP values that have been placed in the firewall conntrack mark back into the IPv4/v6 diffserv fields of relevant packets. The DSCP restoration is intended for use and has been found useful for restoring ingress classifications based on egress classifications across links that bleach or otherwise change DSCP, typically home ISP Internet links. Restoring DSCP on ingress on the WAN link allows qdiscs such as but by no means limited to CAKE to shape inbound packets according to policies that are easier to set & mark on egress. Ingress classification is traditionally a challenging task since iptables rules haven't yet run and tc filter/eBPF programs are pre-NAT lookups, hence are unable to see internal IPv4 addresses as used on the typical home masquerading gateway. Thus marking the connection in some manner on egress for later restoration of classification on ingress is easier to implement. Parameters related to DSCP restore mode: dscpmask - a 32 bit mask of 6 contiguous bits and indicate bits of the conntrack mark field contain the DSCP value to be restored. statemask - a 32 bit mask of (usually) 1 bit length, outside the area specified by dscpmask. This represents a conditional operation flag whereby the DSCP is only restored if the flag is set. This is useful to implement a 'one shot' iptables based classification where the 'complicated' iptables rules are only run once to classify the connection on initial (egress) packet and subsequent packets are all marked/restored with the same DSCP. A mask of zero disables the conditional behaviour ie. the conntrack mark DSCP bits are always restored to the ip diffserv field (assuming the conntrack entry is found & the skb is an ipv4/ipv6 type) e.g. dscpmask 0xfc000000 statemask 0x01000000 |----0xFC----conntrack mark----000000---| | Bits 31-26 | bit 25 | bit24 |~~~ Bit 0| | DSCP | unused | flag |unused | |-----------------------0x01---000000---| | | | | ---| Conditional flag v only restore if set |-ip diffserv-| | 6 bits | |-------------| The skb mark restore mode (cpmark): This mode copies the firewall conntrack mark to the skb's mark field. It is completely the functional equivalent of the existing act_connmark action with the additional feature of being able to apply a mask to the restored value. Parameters related to skb mark restore mode: mask - a 32 bit mask applied to the firewall conntrack mark to mask out bits unwanted for restoration. This can be useful where the conntrack mark is being used for different purposes by different applications. If not specified and by default the whole mark field is copied (i.e. default mask of 0xffffffff) e.g. mask 0x00ffffff to mask out the top 8 bits being used by the aforementioned DSCP restore mode. |----0x00----conntrack mark----ffffff---| | Bits 31-24 | | | DSCP & flag| some value here | |---------------------------------------| | | v |------------skb mark-------------------| | | | | zeroed | | |---------------------------------------| Overall parameters: zone - conntrack zone control - action related control (reclassify | pipe | drop | continue | ok | goto chain <CHAIN_INDEX>) Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk> Reviewed-by: Toke Høiland-Jørgensen <toke@redhat.com> Acked-by: Cong Wang <xiyou.wangcong@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net> Make suitable adjustments for backporting to 4.14 & 4.19 Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
* kernel: bump 4.19 to 4.19.48Koen Vandeputte2019-06-059-17/+17
| | | | | | | | | Refreshed all patches. Compile-tested on: cns3xxx, imx6 Runtime-tested on: cns3xxx, imx6 Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* kernel: generic: make kernel-debug.tar.bz2 usable againPetr Štetiar2019-06-053-72/+0
| | | | | | | | | | | This patch removes 202-reduce_module_size.patch which is causing missing debug symbols in kernel modules, leading to unusable kernel-debug.tar.bz2 on all platforms, making debugging of release kernel crashes difficult. Cc: Felix Fietkau <nbd@nbd.name> Acked-by: Jonas Gorski <jonas.gorski@gmail.com> Signed-off-by: Petr Štetiar <ynezz@true.cz>
* kernel: generic: remove broken and obsolete phy_ethtool_ioctlPetr Štetiar2019-06-052-190/+0
| | | | | | | | | | Remove 701-phy_extension.patch from 4.14 and 4.19 kernel, as it's currenlty broken and fixing doesn't make sense as most of it is deprecated anyway. Cc: John Crispin <john@phrozen.org> Ref: https://bugs.openwrt.org/index.php?do=details&task_id=1982 Signed-off-by: Petr Štetiar <ynezz@true.cz>
* kernel: bump 4.19 to 4.19.47Koen Vandeputte2019-06-032-3/+3
| | | | | | | | | Refreshed all patches. Compile-tested on: imx6 Runtime-tested on: imx6 Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* kernel: bump 4.14 to 4.14.123Koen Vandeputte2019-06-031-1/+1
| | | | | | | | | Refreshed all patches. Compile-tested on: ar71xx, cns3xxx, imx6, x86_64 Runtime-tested on: ar71xx, cns3xxx, imx6 Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* kernel: bump 4.19 to 4.19.46Koen Vandeputte2019-06-035-15/+15
| | | | | | | | | Refreshed all patches. Compile-tested on: cns3xxx, imx6 Runtime-tested on: cns3xxx, imx6 Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* kernel: bump 4.14 to 4.14.122Koen Vandeputte2019-06-034-7/+7
| | | | | | | | | Refreshed all patches. Compile-tested on: ar71xx, cns3xxx, imx6, x86_64 Runtime-tested on: ar71xx, cns3xxx, imx6, x86_64 Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* kernel: bump 4.9 to 4.9.179Koen Vandeputte2019-06-031-3/+3
| | | | | | | | | Refreshed all patches. Compile-tested: ar7 Runtime-tested: none Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* at91: Update kernel to version 4.14Hauke Mehrtens2019-05-302-0/+4
| | | | | | | | This adds support for kernel 4.14 to the target and directly make it the default kernel version to use. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> Tested-by: Sandeep Sheriker <sandeepsheriker.mallikarjun@microchip.com>
* kernel: bump 4.19 to 4.19.44Koen Vandeputte2019-05-214-117/+7
| | | | | | | | | | | | Refreshed all patches. Remove upstreamed: - 103-MIPS-perf-ath79-Fix-perfcount-IRQ-assignment.patch Compile-tested on: cns3xxx, imx6 Runtime-tested on: cns3xxx, imx6 Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* kernel: bump 4.14 to 4.14.120Koen Vandeputte2019-05-2126-345/+235
| | | | | | | | | | | | | | | | | | Refreshed all patches. Remove upstreamed: - 103-MIPS-perf-ath79-Fix-perfcount-IRQ-assignment.patch - 060-fix-oxnas-rps-dt-match.patch Altered patches: - 0067-generic-Mangle-bootloader-s-kernel-arguments.patch - 006-mvebu-Mangle-bootloader-s-kernel-arguments.patch - 996-generic-Mangle-bootloader-s-kernel-arguments.patch Compile-tested on: ar71xx, cns3xxx, imx6, mvebu, x86_64 Runtime-tested on: ar71xx, cns3xxx, imx6, x86_64 Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* generic: ar8216: group MIB counters and use two basic ones only by defaultChuanhong Guo2019-05-203-81/+150
| | | | | | | | | | | | | | | | | There are too many MIB counters that almost nobody needs since commit d6366ce3665f ("generic: ar8216: mib_work_func: read all port mibs everytime"). In the worker function to poll MIB data, it deals with all ports instead of only one port every time, which introduces too many mdio operations that it becomes a heavy CPU load even on not-emulated MDIO bus. This commit groups MIB counters and enable only TxBytes and RxGoodBytes by default (both of which are necessary to get swconfig led working.) and adds an swconfig attribute to allow enabling all counters if users need them. Signed-off-by: Chuanhong Guo <gch981213@gmail.com>
* generic: ar8216: add mib_poll_interval switch attributeChuanhong Guo2019-05-203-8/+63
| | | | | | | | | | | | | | This allows specifying interval of polling MIB counters from userspace and allow completely turning off MIB counter support by setting mib_poll_interval to 0. Since MIB counter polling is a heavy CPU load for GPIO emulated MDIO bus, disable this behavior by default. Those who wants to use swconfig LEDs can enable them with qca,mib-poll-interval dts property or with swconfig command. Fixes: FS#2230 ("kworker spikes 100% cpu every 2 second.") Signed-off-by: Chuanhong Guo <gch981213@gmail.com>
* kernel: Move some DSA config options to generic configHauke Mehrtens2019-05-141-0/+4
| | | | | | | This moves some new configuration options to the generic kernel configuration instead of configuring them for each target on our own. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* kernel: bump 4.19 to 4.19.42Koen Vandeputte2019-05-136-178/+15
| | | | | | | | | | | | | Refreshed all patches. Remove upstreamed: - 060-v5.1-serial-ar933x_uart-Fix-build-failure-with-disabled-c.patch - 400-v5.2-leds-trigger-netdev-fix-refcnt-leak-on-interface-ren.patch Compile-tested on: cns3xxx, imx6 Runtime-tested on: cns3xxx, imx6 Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* kernel: bump 4.14 to 4.14.118Koen Vandeputte2019-05-134-100/+6
| | | | | | | | | | | | | | | Refreshed all patches. Remove upstreamed: - 060-v5.1-serial-ar933x_uart-Fix-build-failure-with-disabled-c.patch Altered: - 143-gpio-fix-device-tree-gpio-hogs-on-dual-role-gpio-pin.patch Compile-tested on: ar71xx, cns3xxx, imx6, x86_64 Runtime-tested on: ar71xx, cns3xxx, imx6 Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* kernel: bump 4.9 to 4.9.175Koen Vandeputte2019-05-132-5/+5
| | | | | | | | | Refreshed all patches. Compile-tested on: ar7 Runtime-tested on: none Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* kernel: Fix build of omap targetHauke Mehrtens2019-05-122-0/+2
| | | | | | | | CONFIG_HW_RANDOM_OMAP is not set to any value after kmod-random-omap was removed, add the configuration option to the generic configuration. Fixes: cd3b29853380 ("omap24xx: Remove unmaintained target") Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* generic-4.19: Backport spi-nand support for GigaDevice A/EJeff Kletsky2019-05-112-0/+325
| | | | | | | | | | | | | | | | | | This patch backports verbatim the commits from Linux 5.0 and 5.1 that implemented support for GigaDevice SPI NAND A and E variants. Supported only in Linux 4.19 and later as based on the upstream drivers/mtd/nand/spi/ framework. mtd-spinand-add-support-for-GigaDevice-GD5FxGQ4xA.patch commit c93c613214ac (5.0) mtd-spinand-Add-support-for-GigaDevice-GD5F1GQ4UExxG.patch commit c40c7a990a46 (5.1) Run-tested-on: GL.iNet AR750S Signed-off-by: Jeff Kletsky <git-commits@allycomm.com>
* kernel: Reorder generic configurationHauke Mehrtens2019-05-112-10/+10
| | | | | | | | This was done like this: ./scripts/kconfig.pl '+' target/linux/generic/config-4.14 /dev/null > target/linux/generic/config-4.14-new mv target/linux/generic/config-4.14-new target/linux/generic/config-4.14 Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* kernel: Remove CONFIG_COMPATHauke Mehrtens2019-05-113-0/+3
| | | | | | | | | | | | | This removes support for executing old 32 bit applications on 64 bit ARM and MIPS kernels. On OpenWrt we normally compile all the user space applications on our own and do not support third party binary only modules especial not 32 bit applications on 64 bit CPUs. This reduces the attack surface on such systems and should also save some memory. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* kernel: Remove CONFIG_DEBUG_RODATA and CONFIG_DEBUG_SET_MODULE_RONXHauke Mehrtens2019-05-112-4/+0
| | | | | | | These were renamed to CONFIG_STRICT_KERNEL_RWX and CONFIG_STRICT_MODULE_RWX and are activated in kernel 4.14 and later by default. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* kernel: Activate CONFIG_ARM64_SW_TTBR0_PANHauke Mehrtens2019-05-112-0/+2
| | | | | | | | | | This activates "Emulate Privileged Access Never using TTBR0_EL1 switching" on ARM64. This should prevent the kernel from reading code from user space in kernel context. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* Kernel: Activate CONFIG_HARDENED_USERCOPYHauke Mehrtens2019-05-113-3/+7
| | | | | | | | | | | This adds additional checks to the copy_from_user() and copy_to_user() functions. The details are described in this article: https://lwn.net/Articles/695991/ This should only have a very small performance impact on system calls and should not affect routing performance. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* kernel: bump 4.19 to 4.19.38Koen Vandeputte2019-05-061-3/+3
| | | | | | | | | Refreshed all patches. Compile-tested on: cns3xxx, imx6 Runtime-tested on: cns3xxx, imx6 Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* kernel: bump 4.9 to 4.9.172Koen Vandeputte2019-05-061-1/+1
| | | | | | | | | Refreshed all patches. Compile-tested on: ar7 Runtime-tested on: none Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* kernel: Rename UPROBE_EVENT to UPROBE_EVENTSPetr Štetiar2019-05-052-2/+2
| | | | | | | | | | | | | | | | | | | | | | | Upstream has renamed UPROBE_EVENT to UPROBE_EVENTS in the following commit: commit 6b0b7551428e4caae1e2c023a529465a9a9ae2d4 Author: Anton Blanchard <anton@samba.org> Date: Thu Feb 16 17:00:50 2017 +1100 perf/core: Rename CONFIG_[UK]PROBE_EVENT to CONFIG_[UK]PROBE_EVENTS We have uses of CONFIG_UPROBE_EVENT and CONFIG_KPROBE_EVENT as well as CONFIG_UPROBE_EVENTS and CONFIG_KPROBE_EVENTS. Consistently use the plurals. So I'm changing it to this plural option in order to make kconfig happy and stop asking about it if kernel is compiled with verbose logging: Enable uprobes-based dynamic events (UPROBE_EVENTS) [Y/n/?] (NEW) Signed-off-by: Petr Štetiar <ynezz@true.cz>
* kernel: Remove support for kernel 3.18Hauke Mehrtens2019-05-03244-40439/+0
| | | | | | | | | | No target is using kernel 3.18 anymore, remove all the generic support for kernel 3.18. The removed packages are depending on kernel 3.18 only and are not used on any recent kernel. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* kernel: bump 4.19 to 4.19.37Koen Vandeputte2019-05-028-38/+38
| | | | | | | | | | | | | Refreshed all patches. Altered patches: - 150-bridge_allow_receiption_on_disabled_port.patch - 201-extra_optimization.patch Compile-tested on: cns3xxx, imx6 Runtime-tested on: cns3xxx, imx6 Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* kernel: bump 4.14 to 4.14.114Koen Vandeputte2019-05-027-16/+18
| | | | | | | | | | | | | | | | Refreshed all patches. Altered patches: - 150-bridge_allow_receiption_on_disabled_port.patch - 201-extra_optimization.patch Remove upstreamed: - 022-0006-crypto-crypto4xx-properly-set-IV-after-de-and-encryp.patch Compile-tested on: ar71xx, cns3xxx, imx6, x86_64 Runtime-tested on: ar71xx, cns3xxx, imx6 Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* kernel: bump 4.9 to 4.9.171Koen Vandeputte2019-05-025-15/+17
| | | | | | | | | | | | | Refreshed all patches. Altered patches: - 150-bridge_allow_receiption_on_disabled_port.patch - 201-extra_optimization.patch Compile-tested on: ar7 Runtime-tested on: none Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* kernel: add missing symbol in 4.19 configKoen Vandeputte2019-04-291-0/+1
| | | | | | Intel AtomISP2 dummy / power-management driver (INTEL_ATOMISP2_PM) [N/m/y/?] (NEW) Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* kernel: fix regression on 4.19 with ↵Felix Fietkau2019-04-271-0/+9
| | | | | | | | | | | 613-netfilter_optional_tcp_window_check.patch (FS#2253) Since ct->proto.tcp.last_win isn't updated when nf_ct_tcp_no_window_check is enabled, the retransmission timeout check needs to be bypassed. Based on patch by Rob Mosher Signed-off-by: Felix Fietkau <nbd@nbd.name>
* kernel: bump 4.19 to 4.19.36Koen Vandeputte2019-04-232-3/+3
| | | | | | | | | Refreshed all patches. Compile-tested on: cns3xxx, imx6 Runtime-tested on: cns3xxx, imx6 Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>