Fixes the following security vulnerabilities:
CVE-2017-8890
The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the
Linux kernel through 4.10.15 allows attackers to cause a denial of service
(double free) or possibly have unspecified other impact by leveraging use
of the accept system call.
CVE-2017-9074
The IPv6 fragmentation implementation in the Linux kernel through 4.11.1
does not consider that the nexthdr field may be associated with an invalid
option, which allows local users to cause a denial of service (out-of-bounds
read and BUG) or possibly have unspecified other impact via crafted socket
and send system calls.
CVE-2017-9075
The sctp_v6_create_accept_sk function in net/sctp/ipv6.c in the Linux kernel
through 4.11.1 mishandles inheritance, which allows local users to cause a
denial of service or possibly have unspecified other impact via crafted
system calls, a related issue to CVE-2017-8890.
CVE-2017-9076
The dccp_v6_request_recv_sock function in net/dccp/ipv6.c in the Linux
kernel through 4.11.1 mishandles inheritance, which allows local users to
cause a denial of service or possibly have unspecified other impact via
crafted system calls, a related issue to CVE-2017-8890.
CVE-2017-9077
The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c in the Linux kernel
through 4.11.1 mishandles inheritance, which allows local users to cause a
denial of service or possibly have unspecified other impact via crafted
system calls, a related issue to CVE-2017-8890.
CVE-2017-9242
The __ip6_append_data function in net/ipv6/ip6_output.c in the Linux kernel
through 4.11.3 is too late in checking whether an overwrite of an skb data
structure may occur, which allows local users to cause a denial of service
(system crash) via crafted system calls.
Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8890
Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9074
Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9075
Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9076
Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9077
Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9242
Ref: https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.31
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Fixes the following security vulnerabilities:
CVE-2017-8890
The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the
Linux kernel through 4.10.15 allows attackers to cause a denial of service
(double free) or possibly have unspecified other impact by leveraging use
of the accept system call.
CVE-2017-9074
The IPv6 fragmentation implementation in the Linux kernel through 4.11.1
does not consider that the nexthdr field may be associated with an invalid
option, which allows local users to cause a denial of service (out-of-bounds
read and BUG) or possibly have unspecified other impact via crafted socket
and send system calls.
CVE-2017-9075
The sctp_v6_create_accept_sk function in net/sctp/ipv6.c in the Linux kernel
through 4.11.1 mishandles inheritance, which allows local users to cause a
denial of service or possibly have unspecified other impact via crafted
system calls, a related issue to CVE-2017-8890.
CVE-2017-9076
The dccp_v6_request_recv_sock function in net/dccp/ipv6.c in the Linux
kernel through 4.11.1 mishandles inheritance, which allows local users to
cause a denial of service or possibly have unspecified other impact via
crafted system calls, a related issue to CVE-2017-8890.
CVE-2017-9077
The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c in the Linux kernel
through 4.11.1 mishandles inheritance, which allows local users to cause a
denial of service or possibly have unspecified other impact via crafted
system calls, a related issue to CVE-2017-8890.
CVE-2017-9242
The __ip6_append_data function in net/ipv6/ip6_output.c in the Linux kernel
through 4.11.3 is too late in checking whether an overwrite of an skb data
structure may occur, which allows local users to cause a denial of service
(system crash) via crafted system calls.
Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8890
Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9074
Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9075
Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9076
Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9077
Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9242
Ref: https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.71
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
CONFIG_SG_POOL symbol is selected only by CONFIG_SCSI, since the last
one is disabled by default then disable CONFIG_SG_POOL by default too.
And explicitly enable it only for platforms that use CONFIG_SCSI.
Signed-off-by: Sergey Ryazanov <ryazanov.s.a@gmail.com>
Add block device sd to kernel config otherwise AHCI/eSATA devices won't get enumerated in /dev
Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
mvebu was modifying RAMFS_COPY_BIN and RAMFS_COPY_DATA from a
sysupgrade_pre_upgrade hook. As the ramfs is created from stage2, this
did not have an effect anymore after the staged sysupgrade changes.
As it doesn't really hurt to copy fw_printenv and fw_setenv
unconditionally, simply add them in /lib/upgrade/platform.sh, so stage2
will see them.
Config copying is moved to a function called by platform_copy_config, where
it belongs.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
Fixes: FS#821
Fixes: 30f61a34b4 "base-files: always use staged sysupgrade"
The single SFP port is meant for direct media access to WAN, such as
VDSL2, GPON). While it could also be used for in-home fiber, it is much
more likely that the LAN is standard ethernet, especially considering
that SFP is the onmly port that can go beyond 1Gbps.
Signed-off-by: Josua Mayer <josua.mayer97@gmail.com>
Take explicit note of what physical ports eth{0,1,2} refer to.
Also repair port assignment:
At some point between 4.9.20 and 4.9.29 the numbering changed.
Keep previous port assignment that was:
LAN = SFP+Switch
WAN = standalone ethernet
Also use the same assignment for Clearfog-Base to avoid confusion.
Signed-off-by: Josua Mayer <josua.mayer97@gmail.com>
Installing all armada-388-clearfog-* DTBs in the same sdcard image,
it now becomes much easier to swap sdcards between different device variants.
Signed-off-by: Josua Mayer <josua.mayer97@gmail.com>
U-Boot provides standard variables for load addresses, and
filesystem-agnostic load-commands. Furthermore thanks to distro-boot,
the device and partition from which the system boots is known.
The new boot-script makes use of all this information.
Tested on the only board that uses this boot-script: Clearfog Pro
Signed-off-by: Josua Mayer <josua.mayer97@gmail.com>
Add support for SolidRun ClearFog Base board.
The base model is a smaller version of ClearFog Pro without
the DSA switch, replacing it with a second copper gigabit
port, and only one PCIe socket.
Signed-off-by: Marko Ratkaj <marko.ratkaj@sartura.hr>
Add device tree files for Solidrun ClearFog Base board.
We also need to backport some improvements for Armada
388 MicroSoM.
The base model is a smaller version of ClearFog Pro without
the DSA switch, replacing it with a second copper gigabit
port, and only one PCIe socket.
Signed-off-by: Marko Ratkaj <marko.ratkaj@sartura.hr>
The conventional model is now known as the "Clearfog Pro".
We keep the old armada-388-clearfog.dts file for compatibility reasons.
Signed-off-by: Marko Ratkaj <marko.ratkaj@sartura.hr>
This reverts commit 51397d7d95.
There are some unresolved random crashes on WRT1900AC v1 that still need
to be sorted out
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Change dts file to add default sata trigger to sata led.
Backport upstream accepted patch to add sata trigger to device tree
source files already upstreamed.
Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com>
[backport upstream accepted patch]
Signed-off-by: Mathias Kresin <dev@kresin.me>
Fixes the following issue:
root@LEDE:/# sysupgrade /tmp/lede-mvebu-armada-388-clearfog-sdcard.img.gz
Saving metaconfig...
Image metadata not found
Use sysupgrade -F to override this check when downgrading or flashing to vendor firmware
Image check 'fwtool_check_image' failed.
root@LEDE:/#
Acked-by: Felix Fietkau <nbd@nbd.name>
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
After "73d923e base-files: emit tagged switch configuration by default"
some default network configurations are broken because the lan and wan
ifnames are forcibly set to untagged netdevs.
Adjust the offending set_interfaces_lan_wan() calls to use the proper
tagged device names.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
All mvebu boards have three USB LEDs. The first one is used for the
USB1 port.
There are two LEDs related to the second USB port. The top (bar) LED
gets bright in case any USB device is connected to the second USB port.
If the connected device is an USB 3 (SuperSpeed) device, the small dot
LED bellow the "bar" LED gets also bright.
While at it, use a name for the USB LEDs that matches the names printed
on the case.
Fixes: FS#423, FS#425
Signed-off-by: Kabuli Chana <newtownbuild@gmail.com>
Signed-off-by: Mathias Kresin <dev@kresin.me>
Do not put the u-boot images into the kernel build directory as this directory
might get removed after kernel updates while the u-boot packages InstallDev
recipe is not getting re-executed because it is still considered current,
leading to image build failures later on due to missing u-boot images.
To ensure that built bootloader images persist over kernel version updates in
the buildroot, put them into the new STAGING_DIR_IMAGE directory.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Unify switch configuration on Linksys WRTxx00AC series.
LAN = eth0, WAN = eth1
Signed-off-by: Paul Wassi <p.wassi@gmx.at>
[Álvaro]: also change WAN LEDs
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
The hardware queue scheduling is apparently configured with fixed
priorities, which creates a nasty fairness issue where traffic from one
CPU can starve traffic from all other CPUs.
Work around this issue by forcing all tx packets to go through one CPU,
until this issue is fixed properly.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
sysupgrade command fails due to missing U-Boot environment-processing
binaries on sysupgrade ramdisk. The missing binaries result in the
following output:
Switching to ramdisk...
Performing system upgrade...
ash: /usr/sbin/fw_printenv: not found
ash: fw_setenv: not found
ash: touch: not found
cannot find target partition
Signed-off-by: Vignesh Balasubramaniam <vigneshb.hp@gmail.com>
The name from the Device define will be used in the metadata. Due to
typo/different spelling, this name might not match the one exported in
/lib/mvebu.sh.
Signed-off-by: Mathias Kresin <dev@kresin.me>
This adds the patch submitted to upstream that adds BQL to the mvneta
driver: https://patchwork.kernel.org/patch/9328413/. Helps latency under
load when the physical link is saturated.
Signed-off-by: Toke Høiland-Jørgensen <toke@toke.dk>
The marvell,88e6352 and marvell,88e6172 compatible strings are used in
target/linux/generic/files/drivers/net/phy/mvsw61xx.c. No idea why grep
missed them when I searched for them.
Thanks to Syrone Wong for noticing and reporting my mistake.
Signed-off-by: Mathias Kresin <dev@kresin.me>
Fixes invalid device tree parameters.
Drop the mvsw61xx node used in mvebu device tree source files. It looks
like some kind of ethernet switch cargo cult. Neither the
marvell,88e6352 nor the marvell,88e6172 compatible strings can be found
in any LEDE file or in the kernel sources.
Signed-off-by: Mathias Kresin <dev@kresin.me>
This patch bumps the 4.4 kernel from .28 to .30 and refreshes the patches.
Compile-tested on ar71xx, x86/64, ramips/mt7621, brcm47xx and kirkwood.
Run-tested on ar71xx & ramips/mt7621, brcm47xx and kirkwood (last two confirmed
by P. Wassi).
Signed-off-by: Stijn Segers <francesco.borromini@inventati.org>
This makes init.d script handle existing UCI entries using the new
trigger. It also switches all targets to use its package.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
sysupgrade command fails due to missing U-Boot environment-processing binaries on sysupgrade ramdisk. The missing binaries result in the following output:
Switching to ramdisk...
Performing system upgrade...
ash: /usr/sbin/fw_printenv: not found
ash: fw_setenv: not found
ash: touch: not found
cannot find target partition
Fixes FS#197.
Signed-off-by: Aaron Curley <accwebs@gmail.com>
Refresh patches for all targets that support kernel 4.4.
compile/run-tested on brcm2708/bcm2710 only.
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
Add patches for SFP support and package it for ClearFog. Tested with a
Juniper SFP module.
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
Acked-by: Felix Fietkau <nbd@nbd.name>
MSI interrupts do not seem to be working on mvebu, and they break
ath10k. Since nothing else seems to be using them, especially not
mwlwifi, disable them until we can fix MSI interrupts.
Works around the following issue:
[ 9.001457] ath10k_pci 0000:02:00.0: failed to receive control response completion, polling..
[ 10.001453] ath10k_pci 0000:02:00.0: Service connect timeout
[ 10.007126] ath10k_pci 0000:02:00.0: failed to connect htt (-110)
[ 10.092224] ath10k_pci 0000:02:00.0: could not init core (-110)
[ 10.098177] ath10k_pci 0000:02:00.0: could not probe fw (-110)
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
Acked-by: Felix Fietkau <nbd@nbd.name>
Add and enable sysupgrade support for clearfog boards, based on how the
brcm2708 target does it.
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
Acked-by: Felix Fietkau <nbd@nbd.name>
Add a switch node to clearfog to probe and initialize it on Clearfog
Pro. This make the switch work and allows using all six switch ports.
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
Acked-by: Felix Fietkau <nbd@nbd.name>
Make the dts file match with what is upstream, to ensure it has the
latest changes and switching to newer kernels is easier.
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
Acked-by: Felix Fietkau <nbd@nbd.name>
Some of the PCIe and USB signals use a GPIO expander on I2C on ClearFog,
so enable the driver so that they can be configured to their required
values.
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
Acked-by: Felix Fietkau <nbd@nbd.name>
Uboot-mvebu isn't a real package, which will break the image builder
when it tries to install it during the packing step. Instead of cleafog
selecting it through its default packages, make it default to m if the
clearfog profile is selected.
This will ensure it is always build, but never added to the rootfs. This
fixes creating images for clearfog with IB.
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
Acked-by: Felix Fietkau <nbd@nbd.name>
The clearfog image requires u-boot, so package it into KDIR to make sure
it is available in imageBuilder.
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
Acked-by: Felix Fietkau <nbd@nbd.name>
Using pad-to instead of passing the optional padding to append-kernel
or append-rootfs. It could be that the value of a variable is passed.
In case the variable is empty no error is thrown.
Furthermore the purpose of the extra parameter is hard to get without
reading the code.
Signed-off-by: Mathias Kresin <dev@kresin.me>
Only add them where they are actually required.
Should help with compatibility issues with stock U-Boot images that
access UBI
Signed-off-by: Felix Fietkau <nbd@nbd.name>
The KERNEL_SIZE variable is unset and no padding is applied. This looks
like a typo to me since the ubinized image need to be aligned to the
flash blocksize.
Signed-off-by: Mathias Kresin <dev@kresin.me>
Added gen_mvebu_sdcard_img.sh to facilitate creating an fixed-size sdcard image,
adding the bootloader and populating it with actual data.
Added the required rules for creating a 4GB sdcard image according to this layout:
p0: boot (fat32)
p1: rootfs (squashfs)
p2: rootfs_data (ext4)
This should be generic to any mvebu boards that can boot from block storage.
Added the new sdcard image to the Clearfog image profile.
Signed-off-by: Josua Mayer <josua.mayer97@gmail.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name> [cleanup]
The u-boot variant for the clearfog is provided by the uboot-mvebu-clearfog,
and not by the generic uboot-mvebu packae.
Make sure the clearfog variant is selected when building for it.
Signed-off-by: Josua Mayer <josua.mayer97@gmail.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
This triggers HAS_FPU=y, and unsets CONFIG_SOFT_FLOAT.
Considering all mvebu boards have an fpu, this is the desirable behaviour.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
microSD is the primary boot media for the Clearfog Pro board, and should
work unconditionally.
Signed-off-by: Josua Mayer <josua.mayer97@gmail.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name> [cleanup]
Refresh patches for all targets that support kernel 4.4.
Compile-tested on all targets that use kernel 4.4 and aren't marked broken.
Runtime-tested on ar71xx, octeon and x86/64.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Instead of introducing a fake filesystem type, move the tar generation step
directly into the image build step.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
The previous image building code rework removed the rootfs.tar.gz with embedded
kernel and dtb build artifact which is required to build suitable SD images.
Reintroduce a .tar.gz artifact locally which embeds kernel and dtb, similar to
how the old code handled it.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Remove the previous PIO delay patch and add a revert patch for a faulty
upstream commit, which seems to have introduced this issue in the first
place
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Now that the "sysupgrade-nand" step is used by non-NAND targets as well,
rename it to "sysupgrade-tar" to make it more generic.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Disable marvell,nand-keep-config property on WRT1900AC to allow the
flash driver to properly probe the chip
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Update OpenWRT build tree to reflect changes in TLC-591xx LED family driver.
In kernels < 4.0 the driver was present in form of a patch for the TLC-59116 chip,
and was upstreamed later in kernels > 4.0 to support the entire chip family.
Signed-off-by: Sebastian Careba <nitroshift@yahoo.com>
[jow: fix Kconfig symbol name]
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
SVN-Revision: 48684
Replace former uci-defaults.sh implementation with the uci-defaults-new.sh one
and update all users accordingly.
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
SVN-Revision: 47867
This changes uci-defaults-new.sh, config_generate and all relevant board.d
files in order combine ucidef_add_switch() and ucidef_add_switch_ports() into
a single function.
Also removes now superfluous enable and reset arguments.
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
SVN-Revision: 47721
Roll back the mvebu conversion to board detection code as we need to fix
some strcutural issues first.
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
SVN-Revision: 47597
Now that the switch driver can handle two devices with
the same MAC address in separate VLANs we can go back
to using the same address on both interfaces.
This is the Linksys firmware's default behavior.
Signed-off-by: Claudio Leite <leitec@staticky.com>
Signed-off-by: Imre Kaloz <kaloz@openwrt.org>
SVN-Revision: 46700
The u-boot boot counter was never reset after a successful boot,
which sometimes could make some variables become out of sync.
This patch adds support for the boot counter and enables
auto_recovery unconditionally.
Signed-off-by: Jonas Gorski <jogo@openwrt.org>
Signed-off-by: Rob Mosher <nyt-openwrt@countercultured.net>
Signed-off-by: Imre Kaloz <kaloz@openwrt.org>
SVN-Revision: 46690
Instead of each target defining it the same, move the KDIR_TMP
definition to include/image.mk. In addition Image/Build/SysupgradeNAND
already requires KDIR_TMP to be set, so it makes sense to have it
globally defined.
Signed-off-by: Jonas Gorski <jogo@openwrt.org>
SVN-Revision: 46592
Variables dependend on JFFS2_BLOCKSIZE and NANDBLOCK_SIZE are used
for template generation, so need to be present before inclusion of
image.mk in target image Makefiles.
So move all declarations to before any includes.
Fixes: r42878 ("image.mk: clean up and parallelize mkfs calls")
Signed-off-by: Jonas Gorski <jogo@openwrt.org>
SVN-Revision: 46564
Fix for default button states in WRT1900AC dts files.
This prevents overlay wipe when reset is pressed.
Signed-off-by: Rob Mosher <nyt-openwrt@countercultured.net>
SVN-Revision: 46530
commit r46299 broke the mvebu target because one patch does not apply
any more. This commit closes#20070.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
SVN-Revision: 46303
Turn on the auto recovery feature when flashing
and turn it off on successful bootup.
Signed-off-by: Imre Kaloz <kaloz@openwrt.org>
SVN-Revision: 45792