Commit Graph

401 Commits

Author SHA1 Message Date
Kevin Darbyshire-Bryant
0b4e3b1bed generic: swconfig: reduce lock duration on sysfs files
sysfs attributes 'port_mask' & 'speed_mask' held locks whilst doing
mundane tasks such as sprintf.  Refactor code to reduce length of time
locks are held unnecessarily.

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2018-02-14 07:54:24 +01:00
Kevin Darbyshire-Bryant
eb8fbc4318 generic: swconfig: add mode led attribute
Add sysfs 'mode' attribute to swconfig controlled LEDs.

swconfig 'link state' LEDs blink in the presence of port traffic.  This
behaviour becomes more obvious as switches start to support
get_port_stats() e.g. commits 0369e35891,
3056d09b40,
4ddbc43cc1,
4d8a66d934.

This blinking can be confusing/distracting if the switch has other LEDs
used to indicate traffic.  Provide a 'mode' sysfs attribute that
controls the blink on traffic behaviour.

mode - either "none" (LED is off) or a space separated list of one or more:

link: LED's normal state reflects whether the link is up (has carrier) or not
tx:   LED blinks on transmitted data
rx:   LED blinks on receive data

Note that 'link' considers any port speed mask that may be applicable.
e.g. if an LED is configured to indicate 1Gbit link speed and mode is
set to 'link rx tx' but the port is connected at 100Mbit then the LED
will not light or blink. A mode of 'tx rx' will blink in the presence of
traffic only if the port matches the rate (if configured)
This maintains compatibility with existing behaviour.

Attribute is 'link tx rx' by default for backwards compatible behaviour.

Many thanks to Thibaut Varene for providing a more sensible led_event
routine after I had mangled the original, and other coding style hints.

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Acked-by: Thibaut VARENE <hacks@slashdirt.org>
2018-02-14 07:54:24 +01:00
Hauke Mehrtens
b3f95490b9 kernel: generic: Add kernel 4.14 support
This adds initial support for kernel 4.14 based on the patches for
kernel 4.9.

In the configuration I deactivated some of the new possible security
features like:
CONFIG_REFCOUNT_FULL
CONFIG_SLAB_FREELIST_HARDENED
CONFIG_SOFTLOCKUP_DETECTOR
CONFIG_WARN_ALL_UNSEEDED_RANDOM

And these overlay FS options are also deactivated:
CONFIG_OVERLAY_FS_INDEX
CONFIG_OVERLAY_FS_REDIRECT_DIR

I activated this:
CONFIG_FORTIFY_SOURCE
CONFIG_POSIX_TIMERS
CONFIG_SLAB_MERGE_DEFAULT
CONFIG_WATCHDOG_HANDLE_BOOT_ENABLED

I am not sure if I did the porting correct for the following patches:
target/linux/generic/backport-4.14/020-backport_netfilter_rtcache.patch
target/linux/generic/hack-4.14/220-gc_sections.patch
target/linux/generic/hack-4.14/321-powerpc_crtsavres_prereq.patch
target/linux/generic/pending-4.14/305-mips_module_reloc.patch
target/linux/generic/pending-4.14/611-netfilter_match_bypass_default_table.patch
target/linux/generic/pending-4.14/680-NET-skip-GRO-for-foreign-MAC-addresses.patch

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-12-16 22:11:19 +01:00
Thibaut VARENE
eff3549c58 generic: drop support for get_port_stats() on ar8xxx
The implementation is not efficient on ar8xxx switches. It triggers high
CPU load and degrades device performance.

The high CPU load has been traced down to the ar8xxx_reg_wait() call in
ar8xxx_mib_op(), which has to usleep_range() till the MIB busy flag set
by the request to update the MIB counter is cleared.

This commit removes the get_port_stats() code introduced in 4d8a66d and
leaves a note for future hacker's beware.

Fixes: FS#1004

Signed-off-by: Thibaut VARENE <hacks@slashdirt.org>
2017-09-13 08:07:54 +02:00
Mathias Kresin
096dff8fcd kernel: rtl8306: fix port link status
In case the link changes from down to up, the register is only updated
on read. If the link failed/was down, this bit will be 0 until after
reading this bit again.

Fixes a reported link down by swconfig alebit the link is up (query for
the link again will show the correct link status)

Signed-off-by: Mathias Kresin <dev@kresin.me>
2017-09-08 21:52:38 +02:00
Thibaut VARENE
c30a70fc9f generic: make switch_port_stats tx/rx_bytes long long
This generic structure defines tx_bytes and rx_bytes as unsigned long (u32),
while several devices would typically report unsigned long long (u64).

The code can work as is, but there's a chance that with a sufficiently fast
interface the overflow might happen too fast to be correctly noticed by the
consumers of this data.

This patch makes both field unsigned long long and updates the only known
consumer of this data: swconfig_leds.c

Signed-off-by: Thibaut VARENE <hacks@slashdirt.org>
2017-09-01 09:30:35 +02:00
Thibaut VARENE
0369e35891 generic: provide get_port_stats() on rtl836x switches
This patch provides a generic switch_dev_ops 'get_port_stats()' callback by
taping into the relevant port MIB counters.

This callback is used by swconfig_leds led trigger to blink LEDs with port
network traffic.

Signed-off-by: Thibaut VARENE <hacks@slashdirt.org>
2017-09-01 09:30:35 +02:00
Thibaut VARENE
3056d09b40 generic: provide get_port_stats() on b53 switches
This patch provides a generic switch_dev_ops 'get_port_stats()' callback by
taping into the relevant port MIB counters.

This callback is used by swconfig_leds led trigger to blink LEDs with port
network traffic.

Signed-off-by: Thibaut VARENE <hacks@slashdirt.org>
2017-09-01 09:30:35 +02:00
Thibaut VARENE
4ddbc43cc1 generic: provide get_port_stats() on adm6996 switches
This patch provides a generic switch_dev_ops 'get_port_stats()' callback by
taping into the relevant port MIB counters.

This callback is used by swconfig_leds led trigger to blink LEDs with port
network traffic.

Signed-off-by: Thibaut VARENE <hacks@slashdirt.org>
2017-09-01 09:30:35 +02:00
Thibaut VARENE
4d8a66d934 generic: provide get_port_stats() on ar8xxx switches
This patch provides a generic switch_dev_ops 'get_port_stats()' callback by
taping into the relevant port MIB counters.

The implementation uses a generic callback that select the correct MIB counter
index based on chip version.

This callback is used by swconfig_leds led trigger to blink LEDs with port
network traffic.

Signed-off-by: Thibaut VARENE <hacks@slashdirt.org>
2017-09-01 09:30:35 +02:00
Mirko Parthey
1dace8cbe0 brcm47xx: resolve GPIO conflict for WRT54GSv1
On the Linksys WRT54GSv1, the adm6996 switch driver and the
gpio_button_hotplug module both claim GPIO 6, which is connected to the
Reset button.  When the switch driver's request wins, the Reset button
cannot work. This makes it impossible to enter failsafe mode without a
serial console.

Stop requesting the "adm_rc" GPIO in the switch driver, since it is not
used anywhere.

Fixes FS#792.

Signed-off-by: Mirko Parthey <mirko.parthey@web.de>
2017-07-02 22:44:06 +02:00
Alexander Couzens
878cd77026 linux/swconfig_get_attr: fix leak of msg in case of error
Found-by: Coverity Scan #1330102
Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
2017-06-11 14:22:44 +02:00
Jonas Gorski
5df15c06cc b53: allow configuration through device tree
Add support for the same binding as upstream b53 to allow an
easy switch.

Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
2017-06-10 12:40:38 +02:00
Sergey Ryazanov
2cc61e6e8e ip17xx: correct aneg_done return value
PHY core treats any positive return value as the auto-negotiation done
indication. Since we do not actually check any device register in this
callback then update it to return positive value with a neutral meaning
instead of the register flag to avoid  confusing for future readers.

Signed-off-by: Sergey Ryazanov <ryazanov.s.a@gmail.com>
2017-06-07 11:06:29 +02:00
Sergey Ryazanov
913b2290ca mvswitch: fix autonegotiation issue
The Marvel 88E6060 switch has an MDIO interface, but does not emulate
regular PHY behavior for the host. The network core can not detect using
the generic code, whether the connection via the attached PHY can be
used or not. The PHY's state machine is stuck in a state of
auto-negotiation and does not go any further so the Ethernet interface
of the router stay forever in the not-runing state.

Fix this issue by implementing the aneg_done callback to be able to
inform the network core that the Ethernet interface link to which the
switch is connected can be marked as RUNNING.

Signed-off-by: Sergey Ryazanov <ryazanov.s.a@gmail.com>
2017-06-07 11:06:12 +02:00
Kevin Darbyshire-Bryant
f4ae444f3e generic: rtl8366rb: add support for initvals from DTS
Allow per-device initvals in the DTS file for rlt8366rb
switches.

Shamelessly copies 30494598f8

Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
2017-04-25 19:29:59 +02:00
Vittorio Gambaletta
967b6be118 ar8327: Add workarounds for AR8337 switch.
RGMII RX delay setting needs to be always specified for AR8337 to
avoid port 5 RX hang on high traffic / flood conditions.

Also, the HOL registers that set per-port and per-packet-priority
buffer sizes are updated with the reduced values suggested by the
QCA switch team.

Finally, AR8327 reserved register fixups are disabled for the AR8337.

This patch is adapted from the Code Aurora QSDK, but with magic
values mapped to proper defines.

Signed-off-by: Vittorio Gambaletta <openwrt@vittgam.net>
2017-03-30 09:48:52 +02:00
Stijn Tintel
5c49fecf72 Revert "kernel: ar8327/ar8337: disable ARL access code to avoid lockups (FS#384)"
This reverts commit ec1a695daa.

Revert the workaround, the problem was properly fixed in
2374549916.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2017-02-22 11:56:27 +01:00
Günther Kelleter
2374549916 ar8216: flush ARL table during reset after init_globals
commit 33b72b8e0f
"ar8216: adjust ATU flushing in case of link changes"
introduced portwise flushing on link down events. Now the ARL table could
be in a chaotic state after boot where ar8xxx_sw_get_arl_table looped
forever (depending on the entries collected while booting).

Signed-off-by: Günther Kelleter <guenther.kelleter@devolo.de>
2017-02-16 17:17:05 +01:00
Rafał Miłecki
b008357960 kernel: port b53 to use kernel 4.5+ API
For backward 4.4 compatibility I added patch reverting my changes.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2017-02-06 11:28:54 +01:00
Felix Fietkau
1a52d11d38 kernel: update phy drivers for 4.9
add backport patches for older kernels

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-02-03 12:35:44 +01:00
Mathias Kresin
a0888ecbaf generic: rtl8366rb: fix compatible string
Use a vendor prefix as it has to be for all not core driver. Update the
compatible string in the device tree files accordingly.

Signed-off-by: Mathias Kresin <dev@kresin.me>
2017-02-03 00:46:03 +01:00
Felix Fietkau
0f19c1d6cf rtl8366_smi: add linux 4.4 compatibility
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-02-01 17:49:54 +01:00
Tobias Wolf
e2bd8b900f generic: rtl836x: add support for Green Feature
The GPL licensed source code of Belkin contains an ASIC based "Green
Feature". This change adds support for this Green Feature that can be
activated with an DTS option or swconfig.

Signed-off-by: Tobias Wolf <github-NTEO@vplace.de>
2017-01-27 11:10:10 +01:00
Tobias Wolf
30494598f8 generic: rtl8366s: add support support for initvals from DTS
This change provides the possibility to define per-device initvals in
the DTS file for a rlt8366s switch.

Signed-off-by: Tobias Wolf <github-NTEO@vplace.de>
2017-01-27 11:10:10 +01:00
Jo-Philipp Wich
ec1a695daa kernel: ar8327/ar8337: disable ARL access code to avoid lockups (FS#384)
Running ar8327_get_arl_entry() early after boot leads to MDIO related system
lockups on several devices using this driver.

Since dumping the ARL table contens is an optional, uncritical feature, simply
disable the code for now.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2017-01-16 19:39:42 +01:00
Imre Kaloz
f24ffb901e mvsw61xx: add support for MV88E6352
MV88E6352 is used on Linksys WRT3200ACM

Signed-off-by: Imre Kaloz <kaloz@openwrt.org>
2017-01-13 17:12:40 +01:00
Jo-Philipp Wich
29cc927ef5 generic: ar8216: fix invalid bounds check imported from ChromeOS (FS#347)
The priv->vlan_id member is of size AR8X16_MAX_VLANS, not AR8X16_MAX_PORTS,
so check for the proper maximum value in order to avoid capping valid VLAN IDs
to 7 (AR8X16_MAX_PORTS - 1).

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2016-12-23 19:24:14 +01:00
Pavel Kubelun
94e4ee5395 net: ar8327: modify some configuration of switch
Imported from https://source.codeaurora.org/quic/qsdk/system/openwrt/commit/?h=korg/linux-3.4.y/release/arugula_bb_cs&id=2be4f8a8b205ae1a37db44839864451ebe893e6e
Signed-off-by: Pavel Kubelun <be.dissent@gmail.com>

Enable flow control of LAN and WAN ports to
get better performance.
Setup pvid as 0 for all ports during initialisation
to avoid confusion during system or switch INIT.
Disable PORT MAC before config MAC to avoid it work abnormal.
This change is for IR-054144, IR-057315.

Change-Id: I345f3dffa59ad3f97150e09692723da12a7b1067
Signed-off-by: Zou Shunxiang <shunxian@codeaurora.org>
Signed-off-by: xiaofeis <xiaofeis@codeaurora.org>
2016-12-01 15:47:43 +01:00
Pavel Kubelun
5a69f59602 net: ar8216: address security vulnerabilities in swconfig & ar8216
Imported from e1aaf7ec00%5E%21/#F0
Signed-off-by: Pavel Kubelun <be.dissent@gmail.com>

CHROMIUM: net: ar8216: address security vulnerabilities in swconfig & ar8216

This patch does the following changes:
*address the security vulnerabilities in both swconfig framework and in
 ar8216 driver (many bound check additions, and turned swconfig structure
 signed element into unsigned when applicable)
*address a couple of whitespaces and indendation issues

BUG=chrome-os-partner:33096
TEST=none

Change-Id: I94ea78fcce8c1932cc584d1508c6e3b5dfb93ce9
Signed-off-by: Mathieu Olivari <mathieu@codeaurora.org>
Reviewed-on: https://chromium-review.googlesource.com/236490
Reviewed-by: Toshi Kikuchi <toshik@chromium.org>
Commit-Queue: Toshi Kikuchi <toshik@chromium.org>
Tested-by: Toshi Kikuchi <toshik@chromium.org>
2016-12-01 15:47:43 +01:00
Pavel Kubelun
a3454d1929 net: ar8216: prevent device duplication in ar8xxx_dev_list
Import from fd7b89dd46%5E%21/#F0
Signed-off-by: Pavel Kubelun <be.dissent@gmail.com>

CHROMIUM: drivers: ar8216: prevent device duplication in ar8xxx_dev_list

If probe is called twice, once for PHY0 and a second time for PHY4,
the same switch device will be added twice to ar8xxx_dev_list, while
supposedly this list should have one element per hardware switch present
in the system.

While no negative impact have been observed, it does happen if a
platform instanciates these two PHYs from device-tree, as an example.

Change-Id: Iddcbdf7d4adacb0af01975b73f8e56b4582e894e
Signed-off-by: Mathieu Olivari <mathieu@codeaurora.org>
Reviewed-on: https://chromium-review.googlesource.com/234790
Reviewed-by: Matthias Kaehlcke <mka@chromium.org>
Reviewed-by: Toshi Kikuchi <toshik@chromium.org>
Tested-by: Toshi Kikuchi <toshik@chromium.org>
2016-12-01 15:47:43 +01:00
Pavel Kubelun
eb049d3777 net: ar8216: hold ar8xxx_dev_list_lock during use_count--
Import from c3fd96a7b8%5E%21/#F0
Signed-off-by: Pavel Kubelun <be.dissent@gmail.com>

CHROMIUM: drivers: ar8216: hold ar8xxx_dev_list_lock during use_count--

It is possible for the remove() callback to run twice in parallel, which
could result into --use_count returning only 1 in both cases and the
rest of the unregistration path to never be reached.

This case has never been observed in practice, but we will fix
preventively to make the code more robust.

BUG=chrome-os-partner:33096
TEST=none

Change-Id: If09abe27fdb2037f514f8674418bafaab3cbdef6
Signed-off-by: Mathieu Olivari <mathieu@codeaurora.org>
Reviewed-on: https://chromium-review.googlesource.com/232870
Reviewed-by: Matthias Kaehlcke <mka@chromium.org>
Reviewed-by: Toshi Kikuchi <toshik@chromium.org>
Tested-by: Toshi Kikuchi <toshik@chromium.org>
2016-12-01 15:47:43 +01:00
Pavel Kubelun
65b20d8b64 net: ar8327: replace sprintf() by scnprintf()
Import from fd0c41c7b9%5E%21/#F0
Signed-off-by: Pavel Kubelun <be.dissent@gmail.com>

CHROMIUM: drivers: ar8216: replace sprintf() by scnprintf()

BUG=chrome-os-partner:33096
TEST=none

Change-Id: Ib82035c9f2769a86d3e90f9573a09e5700ff5676
Signed-off-by: Mathieu Olivari <mathieu@codeaurora.org>
Reviewed-on: https://chromium-review.googlesource.com/232829
Reviewed-by: Matthias Kaehlcke <mka@chromium.org>
Tested-by: Toshi Kikuchi <toshik@chromium.org>
Reviewed-by: Toshi Kikuchi <toshik@chromium.org>
2016-12-01 15:47:43 +01:00
Pavel Kubelun
9aa734f8f5 net: ar8327: remove unnecessary spinlocks
Import from 541c15f8dd%5E%21/#F0
Signed-off-by: Pavel Kubelun <be.dissent@gmail.com>

CHROMIUM: drivers: ar8216: remove unnecessary spinlocks

BUG=chrome-os-partner:33096
TEST=none

Change-Id: Ia1b51258504501863fd3298717cc923a1baf34ca
Signed-off-by: Mathieu Olivari <mathieu@codeaurora.org>
Reviewed-on: https://chromium-review.googlesource.com/232828
Reviewed-by: Matthias Kaehlcke <mka@chromium.org>
Reviewed-by: Toshi Kikuchi <toshik@chromium.org>
Tested-by: Toshi Kikuchi <toshik@chromium.org>
2016-12-01 15:47:43 +01:00
Pavel Kubelun
7de8d5322e net: ar8216: sync mib_work cancellation
Import from c05af20272
Signed-off-by: Pavel Kubelun <be.dissent@gmail.com>

CHROMIUM: drivers: ar8216: sync mib_work cancellation

ar8xxx_mib_stop() is called from ar8xxx_phy_remove(), so we want to make
sure the work doesn't run after priv is freed / the device ceases to
exist.

BUG=chrome-os-partner:33096
TEST=none

Change-Id: Iafb44ce93a87433adc4576e5fea5fda58d1f43a9
Signed-off-by: Mathieu Olivari <mathieu@codeaurora.org>
Reviewed-on: https://chromium-review.googlesource.com/232827
Reviewed-by: Matthias Kaehlcke <mka@chromium.org>
Reviewed-by: Toshi Kikuchi <toshik@chromium.org>
Reviewed-by: Grant Grundler <grundler@chromium.org>
Tested-by: Toshi Kikuchi <toshik@chromium.org>
2016-12-01 15:47:43 +01:00
Mathias Kresin
369317ce48 kernel: rtl8367(b): fix build error
Fix build on targets not using CONFIG_MODULE_STRIPPED.

Neither RTL8367_DRIVER_DESC nor RTL8367B_DRIVER_DESC are defined
anywhere. It worked for targets using CONFIG_MODULE_STRIPPED since our
module stripper no-ops the various module info macros.

Signed-off-by: Mathias Kresin <dev@kresin.me>
2016-11-19 17:57:04 +01:00
Christian Lamparter
e9455c561d generic: ar8216: improve ar8xxx_is_possible check
The commit "generic: ar8216: add sanity check to ar8216_probe"
(774da6c7a4) stated that PHY IDs
should be checked at address 0-4. However, the PHY 4 was
never check by the loop. This patch extends the check to be
similar to the Atheors SDK. It tries all 4 ports and skips
unconnected PHYs if necessary. If it cannot find any familiar
PHYs, it will prevent the phy driver from initializing.

This patch is necessary for the C-60. It doesn't have a
PHY at port 3, so this caused the check in ar8xxx_is_possible
to fail. As a result, the ethernet ports on the C-60 didn't
work.

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2016-10-15 11:36:50 +02:00
Jonas Gorski
167763837b mvsw61xx: enable SerDes on 6176 if required
If the cpu port is connected through SGMII we need to enable SerDes for
it to work.

Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
Acked-by: Felix Fietkau <nbd@nbd.name>
2016-09-26 13:04:04 +02:00
Jonas Gorski
92dcaecee3 mvsw61xx: reset phys on probe to enable switch ports on clearfog pro
The clearfog u-boot does not initialize the switch at all, so we need to
power up the phys ourselves.

Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
Acked-by: Felix Fietkau <nbd@nbd.name>
2016-09-26 13:03:58 +02:00
Rafał Miłecki
8072223347 kernel: b53: force BCM531x5 port 5 link state if enabled
Some devices (e.g. Tenda AC9 based on BCM47189B0) have BCM53125 with
port 5 connected to the second Ethernet interface on the SoC. In such
case there is no PHY and we need to force link manually.

This assumes port 5 can be marked as enabled for such devices. It's not
implemented yet unfortunately.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2016-09-08 23:03:46 +02:00
John Crispin
99a1888287 swconfig: revert the portmapping patches, they seem to cause a segfault
Revert "kernel/swconfig: remove obsolete portmapping feature from swconfig"

This reverts commit 675407baa4.

Revert "swconfig: remove obsolete portmapping feature"

This reverts commit fca1eb349e.

Signed-off-by: John Crispin <john@phrozen.org>
2016-08-16 10:20:01 +02:00
John Crispin
675407baa4 kernel/swconfig: remove obsolete portmapping feature from swconfig
Signed-off-by: John Crispin <john@phrozen.org>
2016-08-15 15:18:35 +02:00
Mathias Kresin
7f22580078 kernel: adm6996: set carrier status
Due to the missing carrier status set, the interface wasn't usable on a
BTHOMEHUB2B after ip link down and up as it is done in preinit.

Signed-off-by: Mathias Kresin <dev@kresin.me>
2016-08-10 03:04:08 +02:00
Rafał Miłecki
846eca673f b53: allow ports with higher numbers than CPU port
Our code was assuming CPU port uses the highest number. My BCM53573
device has eth0 connected to port 8 and eth1 connected to port 5. While
working on support for it I tried to:
1) Enable all ports (including port 8)
2) Set CPU port to 5

I noticed port 8 is not accessible anymore. It was just a development
process but it seems like something worth fixing anyway.

Signed-off-by: Rafał Miłecki <zajec5@gmail.com>
Acked-by: Jonas Gorski <jonas.gorski@gmail.com>
2016-07-24 06:38:30 +02:00
Rafał Miłecki
cf6d9d97fb kernel: rename B53 symbols to avoid upstream kernel conflict
In kernel 4.7 there is upstreamed b53 driver using (mostly?) the same
symbols as our b53 does. Change our symbols so both drivers can coexist
in kernel tree.

Signed-off-by: Rafał Miłecki <zajec5@gmail.com>
Acked-by: Jonas Gorski <jonas.gorski@gmail.com>
2016-06-20 08:00:14 +02:00
Felix Fietkau
37cfc23cb7 kernel: require admin permissions for swconfig set operations
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-06-12 12:03:20 +02:00
Jo-Philipp Wich
442db0d6d8 kernel: deny swconfig set requests for unprivileged users
The swconfig kernel infrastructure fails to do any permissions checks when
changing settings. As such an ordinary user account on a device with a
switch can change switch settings without any special permissions.
Routers generally have few non-admin users so this isn't a big hole, but it
is a security hole. Likely the greatest danger is for multifunction devices
which have a lot of extra daemons, compromising a low-security daemon would
allow one to modify switch settings and cause the router/switch to appear to
lock-up (or cause other sorts of troublesome nyetwork behavior).

Implement a check for CAP_NET_ADMIN in swconfig_set_attr() and deny any
requests originating from user contexts lacking this capability.

Reported-by: Elliott Mitchell <ehem+openwrt@m5p.com>
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2016-06-11 00:53:19 +02:00
Felix Fietkau
7eeb254cc4 treewide: replace nbd@openwrt.org with nbd@nbd.name
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-06-07 08:58:42 +02:00
John Crispin
3a03c08c82 AR8216: improve mmd register access
Combine all bus operations for one MMD access in one function.
Protecting all these bus operations with one lock also helps
to avoid potential issues due to bus operations intercepting
the register and data write.

Signed-off-by: Heiner Kallweit <hkallweit1@gmail.com>

SVN-Revision: 48914
2016-03-04 08:33:33 +00:00
John Crispin
d3776bdfc9 AR8216: make ARL age time configurable
The default TTL for address resolution table entries is 5 minutes
for all members of the AR8216 family. This can cause issues if
e.g. Wifi clients roam to another AP and their MAC appears on
another switch port suddenly. Then the client may not be reachable
until the old ARL entry expires.
I would have expected the switch to invalidate old entries if it
detects the same MAC on another port. But that's not the case.

Therefore make the TTL for ARL entries configurable.
The effective TTL will always be a multiple of 7 seconds.

Signed-off-by: Heiner Kallweit <hkallweit1@gmail.com>

SVN-Revision: 48913
2016-03-04 08:33:30 +00:00