| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
| |
All patches refreshed automagically without conflicts, but upstream in
commit 48c2461f28fe ("ARM: 8800/1: use choice for kernel unwinders")
added new config options UNWINDER_ARM and UNWINDER_FRAME_POINTER so we
need to adjust default configs as well.
Run tested on ipq40xx/glinet-b1300 and mvebu/turris-omnia.
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Acked-by: Hauke Mehrtens <hauke@hauke-m.de>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Refreshed all patches.
Remove upstreamed:
- 0001-net-thunderx-workaround-BGX-TX-Underflow-issue.patch
- 600-ipv6-addrconf-call-ipv6_mc_up-for-non-Ethernet-inter.patch
- 003-ARM-dts-oxnas-Fix-clear-mask-property.patch
Fixes:
- CVE-2020-8647
- CVE-2020-8648 (potentially)
- CVE-2020-8649
Compile-tested on: cns3xxx, octeontx
Runtime-tested on: cns3xxx
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
|
|
|
|
|
|
|
|
|
| |
Refreshed all patches.
Compile-tested on: ipq40xx, ath79
Runtime-tested on: ipq40xx
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This removes support for executing old 32 bit applications on 64 bit ARM
and MIPS kernels.
On OpenWrt we normally compile all the user space applications on our
own and do not support third party binary only modules especial not 32
bit applications on 64 bit CPUs.
This reduces the attack surface on such systems and should also save
some memory.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
|
|
|
|
|
|
|
|
|
|
| |
This activates "Emulate Privileged Access Never using TTBR0_EL1
switching" on ARM64.
This should prevent the kernel from reading code from user space in
kernel context.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
|
|
|
|
|
|
|
|
|
|
|
| |
Compaction is the only memory management component to form high order (larger
physically contiguous) memory blocks reliably. The page allocator relies on
compaction heavily and the lack of the feature can lead to unexpected OOM
killer invocations for high order memory requests. You shouldn't disable this
option unless there really is a strong reason for it.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Signed-off-by: Michal Hrusecky <michal.hrusecky@nic.cz>
|
|
|
|
|
|
|
|
|
| |
In 4.14.57, a new symbol for Spectre v4 mitigation was introduced for
ARM64. Add this symbol to all ARM64 targets using kernel 4.14.
This mitigates CVE-2018-3639 on ARM64.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
|
|
|
|
|
|
|
|
| |
THIN_ARCHIVES option is enabled by default in the kernel configuration
and no one target config disables it. So enable it by default and remove
this symbol from target specific configs to keep them light.
Signed-off-by: Sergey Ryazanov <ryazanov.s.a@gmail.com>
|
|
|
|
|
|
|
|
|
| |
New FUTEX_PI configuration symbol enabled if FUTEX and RT_MUTEX symbols
are enabled. Both of these symbols are enabled by default in the
generic config, so enable FUTEX_PI by default too to keep platform
specific configs minimal.
Signed-off-by: Sergey Ryazanov <ryazanov.s.a@gmail.com>
|
|
|
|
|
|
|
|
| |
OVERLAY_FS config symbol selects EXPORTFS since 4.12 kernel, we have
OVERLAY_FS enabled by default, so enable EXPORTFS in the generic config
of 4.14 and remove this option from platform specific configs.
Signed-off-by: Sergey Ryazanov <ryazanov.s.a@gmail.com>
|
|
|
|
|
|
|
| |
DRM_LIB_RANDOM config symbol selected only by DRM_DEBUG_MM_SELFTEST
which is disable by default, so disable DRM_LIB_RANDOM by default too.
Signed-off-by: Sergey Ryazanov <ryazanov.s.a@gmail.com>
|
|
|
|
|
|
|
| |
These options do not used by any supported arch, so disable them by
default to make arch configs a bit more clean.
Signed-off-by: Sergey Ryazanov <ryazanov.s.a@gmail.com>
|
|
|
|
|
|
|
|
| |
Only one arch (x86_64) enables this option. So disable
ARCH_WANTS_THP_SWAP by default and remove referencies to it from all
configs (except x86_64) to make them clean.
Signed-off-by: Sergey Ryazanov <ryazanov.s.a@gmail.com>
|
|
|
|
|
|
|
| |
Add the executable permission to the files to ensure they run on
firstboot.
Signed-off-by: Mathias Kresin <dev@kresin.me>
|
|
|
|
|
|
| |
Enable the harden branch predictor for arm64 as it is recommend.
Signed-off-by: Mathias Kresin <dev@kresin.me>
|
|
|
|
|
|
|
| |
Use the generic board detection based on the device tree compatible
string instead of a target specific one.
Signed-off-by: Mathias Kresin <dev@kresin.me>
|
|
|
|
|
|
| |
Some of them break when building with all modules enabled
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
|
|
|
| |
Signed-off-by: Tim Harvey <tharvey@gateworks.com>
|
|
|
|
|
| |
Cc: Hauke Mehrtens <hauke@hauke-m.de>
Signed-off-by: Tim Harvey <tharvey@gateworks.com>
|
|
|
|
|
| |
Cc: Hauke Mehrtens <hauke@hauke-m.de>
Signed-off-by: Tim Harvey <tharvey@gateworks.com>
|
|
|
|
|
|
|
|
| |
You should not define CFLAGS for the toolchain as this will also leak
into other targets if they share the same toolchain.
Cc: Hauke Mehrtens <hauke@hauke-m.de>
Signed-off-by: Tim Harvey <tharvey@gateworks.com>
|
|
|
|
|
|
|
| |
The CN80XX Boot firmware uses an embedded FAT12 filesystem. For some reason
busybox can't mount this unless its enabled static in the kernel.
Signed-off-by: Tim Harvey <tharvey@gateworks.com>
|
|
|
|
|
|
| |
The CN80XX XHCI is supported through PCI
Signed-off-by: Tim Harvey <tharvey@gateworks.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Refresh patches.
Remove upstreamed patches:
- backport/080-v4.15-0001-arch-define-weak-abort.patch
- backport/081-v4.15-0002-kernel-exit.c-export-abort-to-modules.patch
Update patch that no longer applies:
pending/493-ubi-set-ROOT_DEV-to-ubiblock-rootfs-if-unset.patch
Fixes CVE-2017-8824.
Compile-tested: octeon, x86/64.
Runtime-tested: octeon, x86/64.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
|
|
The Cavium OCTEON TX is an ARM 64-bit SoC leveraging CPU cores and
periperhals from the Cavium ThunderX SoC.
This initial support provides a 4.14 kernel and kernel+initramfs that is
bootable on the Gateworks Newport GW630x as well as the Cavium sff8104
reference board.
Signed-off-by: Tim Harvey <tharvey@gateworks.com>
|