This removes support for executing old 32 bit applications on 64 bit ARM
and MIPS kernels.
On OpenWrt we normally compile all the user space applications on our
own and do not support third party binary only modules especial not 32
bit applications on 64 bit CPUs.
This reduces the attack surface on such systems and should also save
some memory.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
This activates "Emulate Privileged Access Never using TTBR0_EL1
switching" on ARM64.
This should prevent the kernel from reading code from user space in
kernel context.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Refreshed all patches.
Altered patches:
- 666-Add-support-for-MAP-E-FMRs-mesh-mode.patch
New symbol for arm targets:
- HARDEN_BRANCH_PREDICTOR
Compile-tested on: ar71xx, cns3xxx, imx6
Runtime-tested on: ar71xx, cns3xxx, imx6
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
Add out of the box support for 802.11r and 802.11w to all targets not
suffering from small flash.
Signed-off-by: Mathias Kresin <dev@kresin.me>
Mathias did all the heavy lifting on this, but I'm the one who should
get shouted at for committing.
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Compaction is the only memory management component to form high order (larger
physically contiguous) memory blocks reliably. The page allocator relies on
compaction heavily and the lack of the feature can lead to unexpected OOM
killer invocations for high order memory requests. You shouldn't disable this
option unless there really is a strong reason for it.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Signed-off-by: Michal Hrusecky <michal.hrusecky@nic.cz>
Commit 7af1fb9faa ("kernel: add a RPS balancer") introduces a RPS balancer
for all targets.
In the past however, this patch was already introduced for target "mediatek"
in commit 7762c07c88 ("mediatek: bump to v4.14")
Remove the separate copy of the patch within the mediatek target,
which otherwise is applied twice and results in a build error.
Fixes: 7af1fb9faa ("kernel: add a RPS balancer")
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
The following patches were integrated upstream:
* target/linux/ipq40xx/patches-4.14/050-0006-mtd-nand-qcom-Add-a-NULL-check-for-devm_kasprintf.patch
* target/linux/mediatek/patches-4.14/0177-phy-phy-mtk-tphy-use-auto-instead-of-force-to-bypass.patch
This fixes tries to work around the following security problems:
* CVE-2018-3620 L1 Terminal Fault OS, SMM related aspects
* CVE-2018-3646 L1 Terminal Fault Virtualization related aspects
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
While finalizing support for the U7623 with 512MB, I made an embarresing
error and configured 1GB RAM for the board. I also forgot to move memory
from the dtsi and to the dts. This commit takes care of my mistakes.
While I am confessing my mistakes, I also note that I made a mistake in
the commit message of the initial U7623 commit. It is the .bin-file, and
not the .gz file that shall be sent to the device via tftp.
v1->v2:
* Remove redundant memory node (thanks Jonas Gorski)
Signed-off-by: Kristian Evensen <kristian.evensen@gmail.com>
In 4.14.57, a new symbol for Spectre v4 mitigation was introduced for
ARM64. Add this symbol to all ARM64 targets using kernel 4.14.
This mitigates CVE-2018-3639 on ARM64.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Drop the parallel-unsafe custom Build/dtb macro and use the .dtb artifacts
produced by the generic image build code.
Also remove unused .dtb references in the mt7623 subtarget.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Add a new config option to allow to select the default compile
optimization level for the kernel.
Select the optimization for size by default if the small_flash feature is
set. Otherwise "Optimize for performance" is set.
Add the small_flash feature flag to all (sub)targets which had the
optimization for size in their default kernel config.
Remove CC_OPTIMIZE_FOR_* symbols from all kernel configs to apply the new
setting.
Exceptions to the above are:
- lantiq, where the optimization for size is only required for the
xway_legacy subtarget but was set for the whole target
- mediatek, ramips/mt7620 & ramips/mt76x8 where boards should have
plenty of space and an optimization for size doesn't make much sense
- rb532, which has 128MByte flash
Signed-off-by: Mathias Kresin <dev@kresin.me>
The changed applied to BananaPi R2 in upstream commit c0b0d540db1a,
which was backported to 4.14 in 4.14.53, is also required for the U7623.
Without updating the memory node, the board refuses to boot.
Fixes: d0839e020d ("kernel: bump 4.14 to 4.14.53")
Signed-off-by: Kristian Evensen <kristian.evensen@gmail.com>
CONFIG_USB_MTU3 is not visible for the mediatek target by default, but
only when CONFIG_USB_GADGET is set. This will config option will be
remove with when running "make kernel_oldconfig", move this option to
the generic config to prevent this.
This fixes the build of the mt7623 subtarget of the mediatek target.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
The sender domain has a DMARC Reject/Quarantine policy which disallows
sending mailing list messages using the original "From" header.
To mitigate this problem, the original message has been wrapped
automatically by the mailing list software.
Refresh patches.
Remove patch that can be reverse applied:
mvebu/patches-4.14/530-ATA-ahci_mvebu-enable-stop_engine-override.patch
mvebu/patches-4.14/531-ATA-ahci_mvebu-pmp-stop-errata-226.patch
Update patch that no longer applied:
ipq806x/patches-4.14/0035-clk-mux-Split-out-register-accessors-for-reuse.patch
Compiled-tested-for: lantiq, ramips
Run-tested-on: lantiq BT hh5a, ramips MIR3g
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Tested-by: Michael Yartys <michael.yartys@protonmail.com>
Tested-by: Rosen Penev <rosenp@gmail.com>
This commit adds support for the MT7623A-based UniElec U7623-02 router,
with eMMC storage and 512MB RAM. The router can be delivered with NAND
Flash and more memory, but I only have access to the one configuration.
The DTS is structured in such a way that adding support for
more/different storage/memory should be straight forward.
The device has the following specifications:
* MT7623A (quad-core, 1.3 GHz)
* 512MB RAM (DDR3)
* 8GB storage (eMMC 4.5)
* 2x normal miniPCIe slots
* 1x miniPCIe slot that is connected via an internal USB OTG port
* 5x 1Gbps Ethernet (MT7530 switch)
* 1x UART header
* 1x USB 3.0 port
* 1x SATA 3.0
* 1x 40P*0.5mm FPC for MIPI LCD
* 1x SIM slot
* 12x LEDs (2 GPIO controlled)
* 1x reset button
* 1x DC jack for main power (12V)
The following has been tested and is working:
* Ethernet switch
* miniPCIe slots (tested with Wi-Fi cards)
* USB 3.0 port
* sysupgrade
* reset button
Not working:
* The miniPCIe connected via USB OTG. For the port to work, some MUSB
glue must be added. I am currently in the process of porting the glue
from the vendor SDK.
Not tested:
* SATA 3.0
* MIPI LCD
Installation:
The board ships with u-boot, and the first installation needs to be done
via the bootloader using tftp. Step number one is to update the MBR of
the eMMC, as the one that ships with the device is broken. Since the
device can ship with different storage sizes, I will not provide the
exact steps for creating a valid MBR. However, I have made some
assumptions about the disk layout - there must be one 8MB recovery
partition (FAT32) and a partition for the rootfs (Linux).
The board loads the kernel from block 0xA00 (2560) and I have reserved
32MB for the kernel (65536 blocks). I have aligned the partitions on the
erase block size (4096 byte), so the recovery partition must start on
block 69632 and end on 86016 (16385 sectors). The rootfs is assumed to
start on sector 90112.
In order to install the mbr, you run the following commands from the
u-boot command line:
* tftpboot ${loadaddr} <name of mbr file>
* mmc device 0
* mmc write ${loadaddr} 0x00 1
Run the following commands to install + boot OpenWRT:
* tftpboot ${loadaddr} openwrt-mediatek-mt7623-7623a-unielec-u7623-02-emmc-512m-squashfs-sysupgrade-emmc.bin.gz
* run boot_wr_img
* run boot_rd_img
* bootm
Recovery:
In order to recover the router, you need to follow the installation
steps above (no need to replace MBR).
Notes:
* F2FS is used as the overlay filesystem.
* The device does not ship with any valid MAC address, so a random
address has to be generated. As a work-around, I write the initial
random MAC to a file on the recovery partition. The MAC of the WAN
interface is set to the MAC-address contained in this file on each boot,
and the address of the LAN-interfaces are WAN + 1. The MAC file is kept
across sysupgrade/firstboot.
My approach is slightly different than what the stock image does. The
first fives bytes of the MAC addresses in the stock image are static,
and then the last byte is random. I believe it is better to create fully
random MAC addresses.
* In order to support the miniPCIe-slots, I needed to add missing
pcie-nodes to mt7623.dtsi. The nodes are just c&p from the upstream
dtsi.
* One of the USB3.0 phys (u3phy2) on the board can be used as either USB
or PCI, and one of the wifi-cards is connected to this phy. In order to
support switching the phy from USB to PCI, I needed to patch the
phy-driver. The patch is based on a rejected (at least last time I
checked) PCI-driver submitted to the linux-mediatek mailing list.
* The eMMC is configured to boot from the user area, and according to
the data sheet of the eMMC this value can't be changed.
* I tried to structure the MBR more nicely and use for example a
FAT32-parition for the kernel, so that we don't need to write/read from
some offset. The bootloader does not support reading from
FAT32-paritions. While the command (fatload) is there, it just throws an
error when I try to use it.
* I will submit and hope to get the DTS for the device accepted
upstream. If and when that happens, I will update the patches
accordingly.
Signed-off-by: Kristian Evensen <kristian.evensen@gmail.com>
zram.ko needs CONFIG_BLK_DEV activated and it is by default for all
other targets in OpenWrt.
This makes zram.ko compile again.
Compile tested only.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Neon and vfpv4 are mandatory extensions in the ARM64 instruction set
now, do not activate them explicitly. GCC will make use of these
extension now by default.
This makes it possible to share the toolchain with other Cortex A53
SoCs.
Compile tested only.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
THIN_ARCHIVES option is enabled by default in the kernel configuration
and no one target config disables it. So enable it by default and remove
this symbol from target specific configs to keep them light.
Signed-off-by: Sergey Ryazanov <ryazanov.s.a@gmail.com>
New FUTEX_PI configuration symbol enabled if FUTEX and RT_MUTEX symbols
are enabled. Both of these symbols are enabled by default in the
generic config, so enable FUTEX_PI by default too to keep platform
specific configs minimal.
Signed-off-by: Sergey Ryazanov <ryazanov.s.a@gmail.com>
OVERLAY_FS config symbol selects EXPORTFS since 4.12 kernel, we have
OVERLAY_FS enabled by default, so enable EXPORTFS in the generic config
of 4.14 and remove this option from platform specific configs.
Signed-off-by: Sergey Ryazanov <ryazanov.s.a@gmail.com>
DRM_LIB_RANDOM config symbol selected only by DRM_DEBUG_MM_SELFTEST
which is disable by default, so disable DRM_LIB_RANDOM by default too.
Signed-off-by: Sergey Ryazanov <ryazanov.s.a@gmail.com>
These options do not used by any supported arch, so disable them by
default to make arch configs a bit more clean.
Signed-off-by: Sergey Ryazanov <ryazanov.s.a@gmail.com>
Only one arch (x86_64) enables this option. So disable
ARCH_WANTS_THP_SWAP by default and remove referencies to it from all
configs (except x86_64) to make them clean.
Signed-off-by: Sergey Ryazanov <ryazanov.s.a@gmail.com>
This reverts commit 5555545494.
The target supports both NEON and VFPv4, but for this to work properly,
a few more changes are needed:
- enable NEON support in the kernel config
- add the fpu feature flag to the makefile
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Right patch version this time, sorry!
* Patch 180-usb-xhci-add-support-for-performing-fake-doorbell.patch had to be adjusted slightly because of upstream adapted code.
* Refreshed patches.
Compile-tested: ramips/mt7621, x86/64
Run-tested: ramips/mt7621, x86/64
Signed-off-by: Stijn Segers <foss@volatilesystems.org>
Tested-by: Rosen Penev <rosenp@gmail.com>
This patch bumps the 4.14 kernel to .23.
- Refreshed patches.
- Deleted bcm53xx/patches-4.14/089-PCI-iproc-Fix-NULL-pointer-dereference-for-BCMA.patch. Has been accepted upstream.
- Deleted generic/pending-4.14/821-usb-Remove-annoying-warning-about-bogus-URB.patch. The upstream URB code was changed,
the patch no longer applies. I discussed this with the patch author and removed it for now, we'll see how it goes.
Compile-tested on: ramips/mt7621, x86/64
Run-tested on: ramips/mt7621, x86/64
Signed-off-by: Stijn Segers <foss@volatilesystems.org>
This caused v4.14.20 based builds so fail on mediatek.
Fixes: 6112abf186 ("kernel: enable CONFIG_USB_PCI for PCI usb modules").
Signed-off-by: Mathias Kresin <dev@kresin.me>
Calling nand_do_upgrade() from platform_pre_upgrade() was deprecated
with 30f61a34b4 ("base-files: always use staged sysupgrade").
Update the platform upgrade code to use platform_do_upgrade() for NAND
images as well.
Signed-off-by: Mathias Kresin <dev@kresin.me>
This drops support for all the !emmc EVB and adds banannaPi-R2
Also drop mtkhnat until the nftables offoad driver is ready
Signed-off-by: John Crispin <john@phrozen.org>
The arm CPUs uses in the supported Mediatket SoCs have a FPU accordingly
to the datasheet, activate it also. The CPU subtype "neon-vfpv4" is
selected, but the toolcahin generated for this SoC will still be
compiled with soft float and not with the hard float ABI as we haven't
the fpu feature flag set. If this toolchain is reused by other targets
this will even affect other targets.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Refresh patches.
Compile-tested on octeon and x86/64.
Runtime-tested on octeon and x86/64.
Fixes the following CVEs:
- CVE-2017-14106
- CVE-2017-14497
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Refresh patches.
Compile-tested on ipq8065/nbg6817 and x86/64.
Runtime-tested on ipq8065/nbg6817 and x86/64.
Fixes CVE-2017-1000251.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
[adapt qcom_nandc.c patches to match upstream changes, test ipq8065/nbg6817]
Signed-off-by: Stefan Lippers-Hollmann <s.l-h@gmx.de>
Refresh patches.
Compile-tested on octeon and x86/64.
Runtime-tested on octeon and x86/64.
Fixes CVE-2017-11600.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Refresh patches.
Compile-tested on ramips/mt7621 and x86/64.
Runtime-tested on ramips/mt7621 and x86/64.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* fixes default affinity
* adds a napi watchdog - we were seeing stalled TX queues
* adds up/down locking
Signed-off-by: John Crispin <john@phrozen.org>
Refresh patches.
Adapt 704-phy-no-genphy-soft-reset.patch.
Remove brcm2708/950-0005-mm-Remove-the-PFN-busy-warning.patch.
Compile-tested on brcm2708/bcm2708 and x86/64.
Runtime-tested on brcm2708/bcm2708 and x86/64.
Fixes the following vulnerabilities:
- CVE-2017-7533
- CVE-2017-1000111
- CVE-2017-1000112
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Do not parse /tmp/sysinfo/board_name, /proc/cpuinfo or the device tree
compatible string directly. Always use the board_name function to get
the board name.
The admswconfig package still reads /proc/cpuinfo directly. The code
looks somehow broken and the whole adm5120 which uses this package
looks unmaintained. Leave it as it is for now.
Signed-off-by: Mathias Kresin <dev@kresin.me>
- Refreshed all patches
- Removed upstreamed
- Adapted 4 patches:
473-fix-marvell-phy-initialization-issues.patch
-----------------------------------------------
Removed hunk 5 which got upstreamed
403-net-phy-avoid-setting-unsupported-EEE-advertisments.patch
404-net-phy-restart-phy-autonegotiation-after-EEE-advert.patch
--------------------------------------------------------------
Adapted these 2 RFC patches, merging the delta's from an upstream commit
(see below) which made it before these 2.
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-
stable.git/commit/?h=v4.9.36&id=97ace183074d306942b903a148aebd5d061758f0
180-usb-xhci-add-support-for-performing-fake-doorbell.patch
-----------------------------------------------------------
- Moved fake_doorbell bitmask due to new item
Compile tested on: cns3xxx, imx6
Run tested on: cns3xxx, imx6
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
CONFIG_SG_POOL symbol is selected only by CONFIG_SCSI, since the last
one is disabled by default then disable CONFIG_SG_POOL by default too.
And explicitly enable it only for platforms that use CONFIG_SCSI.
Signed-off-by: Sergey Ryazanov <ryazanov.s.a@gmail.com>
Early SoC versions with an ECO of 1 required the gpio reset.
Mass production SoCs no longer need this work around.
Signed-off-by: John Crispin <john@phrozen.org>
boardnames were changed with the recent target update. the sysupgrade board
detection was not updated properly.
Signed-off-by: John Crispin <john@phrozen.org>
* adds MT7530 DSA support
* backport latest ethernet driver
* add PMIC leds
* add auxadc support
* add efuse support
* add thermal sensor support
* add irq affinity support for ethernet
still todo
* DSA multi cpu support
Signed-off-by: John Crispin <john@phrozen.org>
After "73d923e base-files: emit tagged switch configuration by default"
some default network configurations are broken because the lan and wan
ifnames are forcibly set to untagged netdevs.
Adjust the offending set_interfaces_lan_wan() calls to use the proper
tagged device names.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Bump kernel to 4.4.44. Compile-tested on ar71xx, ramips/mt7621 and x86/64.
.44 has been run-tested on the 17.01 branch here on ar71xx and mt7621.
Signed-off-by: Stijn Segers <francesco.borromini@inventati.org>
This flag was added to 4.9 with upstream commit
76a4707de5e18dc32d9cb4e990686140c5664a15.
Signed-off-by: Victor Shyba <victor1984@riseup.net>
[refresh and adjust platform patches, fix commit message]
Signed-off-by: Mathias Kresin <dev@kresin.me>
While researching for the armvirt target, I looked at the
existing arm platforms. It turns out that the mediatek target
with its sole MT7623N/A chip is sold as a "highly integrated
multimedia network router system-on-chip". To that end, it
lists support for the "NEON multimedia processing engine with
SIMDv2 / VFPv4 ISA support".
<http://topics.mediatek.com/en/products/connectivity/wifi/home-network/wifi-ap/mt7623na/>
So this patch enables the CPU_SUBTYPE to use this information.
This should have the nice side effect that LEDE's phase2 builders
no longer need to built a separate "cortex-a7" target, so this
should free up some resources.
Cc: John Crispin <john@phrozen.org>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
This patch bumps the 4.4 kernel from .28 to .30 and refreshes the patches.
Compile-tested on ar71xx, x86/64, ramips/mt7621, brcm47xx and kirkwood.
Run-tested on ar71xx & ramips/mt7621, brcm47xx and kirkwood (last two confirmed
by P. Wassi).
Signed-off-by: Stijn Segers <francesco.borromini@inventati.org>
This makes init.d script handle existing UCI entries using the new
trigger. It also switches all targets to use its package.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Refresh patches for all targets that support kernel 4.4.
compile/run-tested on brcm2708/bcm2710 only.
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
Forgot to update kernel-version.mk, so updated patch. Compile-tested on x86/64 and ar71xx; run-tested on x86/64 and ar71xx.
Signed-off-by: Stijn Segers <francesco.borromini@inventati.org>
Refresh patches for all targets that support kernel 4.4.
Compile-tested on all targets that use kernel 4.4 and aren't marked broken.
Runtime-tested on ar71xx, octeon and x86/64.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
most symbols should be in Kernel packages
depending on HW the removal of
CONFIG_REALTEK_PHY
and USB symbols might be wrong
compile tested only
Signed-off-by: Dirk Neukirchen <dirkneukirchen@web.de>
the support is still WIP. next steps are to make the pmic and ethernet work.
this is the first commit to make sure nothing gets lost.
Signed-off-by: John Crispin <blogic@openwrt.org>
SVN-Revision: 47354