Fixes:
- CVE-2020-10757
The "mtd: rawnand: Pass a nand_chip object to nand_release()" commit was
backported which needed some adaptations to other code.
Run tested: ath79
Build tested: ath79
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
From upstream:
b8392808eb3f sch_cake: add RFC 8622 LE PHB support to CAKE diffserv handling
3f608f0c4136 sch_cake: fix a few style nits
8c95eca0bb8c sch_cake: don't call diffserv parsing code when it is not needed
9208d2863ac6 sch_cake: don't try to reallocate or unshare skb unconditionally
From netdev not yet accepted:
sch_cake: fix IP protocol handling in the presence of VLAN tags
The VLAN tag handling is actually wider than just cake so upstream are
working out how to fix it generically. We fix it here just for cake.
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
I'm having another attempt at trying to getting the 'store dscp into
conntrack connmark' functionality into upstream kernel, since the
restore function (act_ctinfo) has been accepted.
The syntax has changed from 'savedscp' to 'set-dscpmark' since that
conforms more closely with existing functionality.
4.14 backport is more of a hack since the structure versioning
mechanism isn't in place.
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Add support for Methode DM7052 NBASE-T module to OpenWRT. These
patches are taken from my "phy" branch, and will be sent for the
next kernel merge window.
Signed-off-by: Russell King <linux@armlinux.org.uk>
[jonas.gorski: move patches to pending, refresh patches]
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
This reverts commit de80424f70 which needs
more work and testing as it broke at least jffs2 overlays at least on
ath79 platform, marking them as read-only, thus unusable:
jffs2_build_filesystem(): erasing all blocks after the end marker...
jffs2: Erase at 0x009e0000 failed immediately: -EROFS. Is the sector locked?
Ref: http://lists.infradead.org/pipermail/openwrt-devel/2020-January/021344.html
Reported-by: Steve Brown <sbrown@ewol.com>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Currently it's not possible to effectively mark a "firmware" partition
as read-only. The sub-partitions "kernel", "rootfs" and "rootfs_data"
are always created as read-write (ignoring the parent access mode).
This patch enforces the access mode of sub-partitions to match the
parent partition, which is useful for recovery images that are meant
to be fully read-only to avoid accidental damage from end-user.
An example of such implementation (read-only firmware image) is the
recovery image used on the Zsun-SD100 [1].
Please note the related patch for fstools [2] to enable this read-only
concept.
[1] https://github.com/brunompena/zsun-resources
[2] http://lists.infradead.org/pipermail/openwrt-devel/2020-January/021043.html
Signed-off-by: Bruno Pena <brunompena@gmail.com>
[removed already obsolete 4.9 kernel patch]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
The Owl Loader (named after the codename that Atheros gave
these devices back in the day) has been accepted upstream.
This patch removes the "misc" driver OpenWrt had and adds
the remaining differences against the version that ships
with 5.4-rc1 into a separate "120-owl-loader-compat.patch"
file that can be cut down once AR71XX is being dealt with.
Note: I decided to keep the existing (kmod-)owl-loader
package name around for now. The kernel module file in
the kmod package will be called ath9k_pci_owl_loader.ko
though.
Acked-by: Hauke Mehrtens <hauke@hauke-m.de>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
Replace an old cleanup patch that never made it upstream with the proper
upstream fix. This patch was incompatible with the recent changes that
affected the way that the flow tuple dst entry was used.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
We are not sure if 640-bridge-only-accept-EAP-locally.patch is still needed
as a first step, add disable_eap_hack sysfs config to allow to disable it
Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
Refreshed all patches.
Also add a missing symbol for x86 which got used now in this bump.
- ISCSI_IBFT
Compile-tested on: cns3xxx
Runtime-tested on: cns3xxx
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
savedscp is a method of storing the DSCP of an ip packet into conntrack
mark. In combination with a suitable tc filter action (conndscp but may
end up being integrated into connmark) DSCP values are able to be stored
on egress and restored on ingress across links that otherwise alter or
bleach DSCP.
This is useful for qdiscs such as CAKE which are able to shape according
to policies based on DSCP.
Ingress classification is traditionally a challenging task since
iptables rules haven't yet run and tc filter/eBPF programs are pre-NAT
lookups, hence are unable to see internal IPv4 addresses as used on the
typical home masquerading gateway.
The ingress problem is solved by the tc filter, but the tc people didn't
like the idea of tc setting conntrack mark values, though they are ok
with reading conntrack values and hence restoring DSCP from conntrack
marks.
x_tables CONNMARK with the new savedscp action solves the problem of
storing the DSCP to the conntrack mark.
It accepts 2 parameters. The mark is a 32bit value with usually one 1
bit set. This bit is set when savedscp saves the DSCP to the mark.
This is useful to implement a 'one shot'
iptables based classification where the 'complicated' iptables rules are
only run once to classify the connection on initial (egress) packet and
subsequent packets are all marked/restored with the same DSCP. A mark
of zero disables the setting of a status bit/s.
The mask is a 32bit value of at least 6 contiguous bits and represents
the area where the DSCP will be stored.
e.g.
iptables -A QOS_MARK_eth0 -t mangle -j CONNMARK --savedscp-mark 0xfc000000/0x01000000
Would store the DSCP in the top 6 bits of the 32bit mark field, and use
the LSB of the top byte as the 'DSCP has been stored' marker.
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Drop 211-host_tools_portability.patch which is breaking perf build on
4.19 kernels by removing the include directory from the host's CFLAGS
leading to the following build breakage:
pmu-events/jevents.c:48:10: fatal error: linux/list.h: No such file or directory
#include <linux/list.h>
^~~~~~~~~~~~~~
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Commit fcb41decf6 ("config: enable some useful features on
!SMALL_FLASH devices") enabled netns, which in turn lead to the crash in
the flow offload target.
When the flow offloading framework intends to delete a flow from the
hardware table, it is necessary to retrieve the namespace from
nf_flowtable->ft_net. However, no one ever wrote the namespace into
nf_flowtable->ft_net in advance. So the framework will mistakenly use a
NULL namespace to execute dev_get_by_index_rcu(net, ifindex), leading to
the kernel panic.
Ref: FS#2321
Fixes: fcb41decf6 ("config: enable some useful features on !SMALL_FLASH devices")
Tested-by: Simon Tretter <simon@mediaarchitectu.re>
Signed-off-by: HsiuWen Yen <y.hsiuwen@gmail.com>
[merged patch into offload patch, fix for 4.19, SOB fix, commit subj/msg touches]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
This patch adds a promising upstream patch that claims
to help for the treated I/O errors happening on f2fs
or ext4 on real block devices.
|print_req_error: I/O error, dev loop1, sector 1334
Link: <https://patchwork.kernel.org/cover/10931787/>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
Refreshed all patches.
Fixes:
- CVE-2019-11479
- CVE-2019-11478
- CVE-2019-11477
Also fix a malformed patch issue caught during refresh.
It was caused by removing a whitespace without altering
the index values in a patch which alters a patch.
Compile-tested on: cns3xxx
Runtime-tested on: cns3xxx
Fixes: cf65262492 ("kernel: bump 4.19 to 4.19.51")
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
Refreshed all patches.
Altered patches:
- 370-netfilter-nf_flow_table-fix-offloaded-connection-tim.patch
- 220-optimize_inlining.patch
- 640-netfilter-nf_flow_table-add-hardware-offload-support.patch
This patch also restores the initial implementation
of the ath79 perfcount IRQ issue. (78ee6b1a40)
It was wrongfully backported upstream initially and got reverted now.
Compile-tested on: cns3xxx, imx6
Runtime-tested on: cns3xxx, imx6
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
This patch removes 202-reduce_module_size.patch which is causing missing
debug symbols in kernel modules, leading to unusable
kernel-debug.tar.bz2 on all platforms, making debugging of release
kernel crashes difficult.
Cc: Felix Fietkau <nbd@nbd.name>
Acked-by: Jonas Gorski <jonas.gorski@gmail.com>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
