Commit Graph

2072 Commits

Author SHA1 Message Date
Jo-Philipp Wich
442db0d6d8 kernel: deny swconfig set requests for unprivileged users
The swconfig kernel infrastructure fails to do any permissions checks when
changing settings. As such an ordinary user account on a device with a
switch can change switch settings without any special permissions.
Routers generally have few non-admin users so this isn't a big hole, but it
is a security hole. Likely the greatest danger is for multifunction devices
which have a lot of extra daemons, compromising a low-security daemon would
allow one to modify switch settings and cause the router/switch to appear to
lock-up (or cause other sorts of troublesome nyetwork behavior).

Implement a check for CAP_NET_ADMIN in swconfig_set_attr() and deny any
requests originating from user contexts lacking this capability.

Reported-by: Elliott Mitchell <ehem+openwrt@m5p.com>
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2016-06-11 00:53:19 +02:00
Jo-Philipp Wich
67f0c93e28 kernel: add missing config symbols for 4.4
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2016-06-08 14:50:26 +02:00
Ben Whitten
7509658220 generic: remove brcmfmac-sdio.h
This file is present in the kernel so no point overlaying it.

Signed-off-by: Ben Whitten <ben.whitten@gmail.com>
2016-06-08 00:28:41 +02:00
Jo-Philipp Wich
24a7ccb056 treewide: replace jow@openwrt.org with jo@mein.io
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2016-06-07 11:42:52 +02:00
Felix Fietkau
7eeb254cc4 treewide: replace nbd@openwrt.org with nbd@nbd.name
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-06-07 08:58:42 +02:00
Ash Benz
35c0328119 kernel/mtd: Add support for Macronix mx25u25635f, used in Archer C2600 v1.1
Signed-off-by: Ash Benz <ash.benz@bk.ru>
2016-06-05 23:23:57 +02:00
Alexander Couzens
21208f5d43 linux/generic: add missing config symbols
unset following config symbols
- INPUT_PALMAS_PWRBUTTON
- INPUT_TPS65218_PWRBUTTON
- INPUT_TWL4030_PWRBUTTON
- INPUT_TWL4030_VIBRA
- INPUT_TWL6040_VIBRA
- KEYBOARD_TWL4030
- TWL4030_MADC

Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
2016-06-02 21:58:10 +02:00
Álvaro Fernández Rojas
a105eac4dd kernel: update kernel 4.4 to version 4.4.12
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2016-06-02 15:34:34 +02:00
Daniel Gimpelevich
2b4e5d478b kernel: remove a hack that was obsoleted upstream
Signed-off-by: Daniel Gimpelevich <daniel@gimpelevich.san-francisco.ca.us>
2016-05-27 16:08:47 +02:00
Ash Benz
d517d8691a kernel/mtd: Add support for Macronix mx25u25635f, used in C2600 v1.1
Signed-off-by: Ash Benz <ash.benz@bk.ru>
2016-05-27 15:50:18 +02:00
Felix Fietkau
647e6379af kernel: add missing config symbols for 4.4
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-05-20 14:25:40 +02:00
Álvaro Fernández Rojas
c4664b0f91 kernel: update kernel 4.4 to version 4.4.11
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2016-05-19 21:08:06 +02:00
Felix Fietkau
2c83003143 kernel: fix unaligned access issue in the bridge multicast-to-unicast patch
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-05-19 17:55:54 +02:00
Felix Fietkau
b8a129638e kernel: add back the macronix software protection disable patch
It was accidentally left out when 4.4 support was added

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-05-18 15:22:26 +02:00
Felix Fietkau
17de501daa kernel: backport patches for fq_codel queue memory limit support
Use it to replace the reduction in max packets/flows

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-05-16 19:54:50 +02:00
Jo-Philipp Wich
d4e552ba16 kernel: fix yaffs2 build with kernel 4.4
Fix YAFFS2 build after upstream nd_set_link() removal by importing
http://permalink.gmane.org/gmane.linux.embedded.yocto.linux-yocto/4373

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2016-05-16 15:49:25 +02:00
Felix Fietkau
acd7a34494 kernel: enable CONFIG_PANIC_ON_OOPS by default
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-05-15 21:28:41 +02:00
Felix Fietkau
2ecf3af576 kernel: set CONFIG_PANIC_TIMEOUT by default
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-05-15 21:28:41 +02:00
Felix Fietkau
df93d53a4b mac80211: update to wireless-testing 2016-05-12
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-05-15 20:55:39 +02:00
Felix Fietkau
ce21e18d57 kernel: fix a compiler warning on 64 bit systems
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-05-15 17:12:01 +02:00
Felix Fietkau
bceafad7c2 kernel: add missing config symbol
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-05-14 17:58:43 +02:00
Felix Fietkau
fad8bdfa40 kernel: backport patches improving fq_codel drop behavior
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-05-12 21:04:50 +02:00
Felix Fietkau
26c137621f kernel: remove out-of-tree patches for reducing qdisc truesize
The copy overhead can be quite expensive

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-05-12 20:51:55 +02:00
Felix Fietkau
75b069f505 kernel: fold codel default fix into main patch
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-05-12 20:44:16 +02:00
Felix Fietkau
98010ab489 kernel: remove ocf support, cryptodev-linux should be used instead
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-05-12 19:35:32 +02:00
Kevin Darbyshire-Bryant
e288e1bd32 kernel: fq_codel match flows_cnt to limit sizing
OpenWRT changed the default fq_codel sch->limit from 10240 to 1024,
without also adjusting q->flows_cnt.  Eric Dumazet explains below that
you must also adjust the buckets (q->flows_cnt) for this not to break.

Eric explains: Limit of 1024 packets and 1024 flows is not wise I think.
(If all buckets are in use, each bucket has a virtual queue of 1 packet,
which is almost the same than having no queue at all)

I suggest to have at least 8 packets per bucket, to let Codel have a
chance to trigger.  So you could either reduce number of buckets to 128
(if memory is tight), or increase limit to 8192.

flows_cnt is now set to 1024/8=128

Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
2016-05-12 03:29:36 +02:00
Felix Fietkau
05459a004a kernel: move the old gpio watchdog driver from generic to brcm47xx
brcm47xx is the only user

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-05-12 18:10:09 +02:00
Jo-Philipp Wich
33d9d6c375 kernel: add workaround to rebuild vdso-n32.so.dbg too
Building for octeon fails with

  'arch/mips/vdso/vdso-n32.so.dbg' already contains a '.MIPS.abiflags'
  section

if the file already exists from a prior build.

Use the same workaround as the one for vdso.so.dbg committed in
9eb155353a.

Commit 91f205acaf extended the workaround
to cover vdso-o32.so.dbg but missed the vdso-n32.so.dbg which is added
now by this change.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2016-05-12 00:27:47 +02:00
Álvaro Fernández Rojas
e32b2f92b1 kernel: update kernel 4.4 to version 4.4.10
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2016-05-11 21:34:27 +02:00
Álvaro Fernández Rojas
e042e0d50f kernel: remove linux 4.3 config
When linux 4.3 support was removed the config was left.

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2016-05-11 21:34:27 +02:00
Álvaro Fernández Rojas
b062266ad6 kernel: update kernel 4.4 to version 4.4.9
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2016-05-10 10:43:17 +02:00
blogic
23596ca527 mediatek: sync patches and add more ethernet stability fixes
Signed-off-by: John Crispin <blogic@openwrt.org>

SVN-Revision: 49265
2016-05-10 10:43:11 +02:00
Stijn Tintel
91f205acaf kernel: add workaround to rebuild vdso-o32.so.dbg
Building for octeon fails with

  'arch/mips/vdso/vdso-o32.so.dbg' already contains a '.MIPS.abiflags'
  section

if the file already exists from a prior build.

Use the same workaround as the one for vdso.so.dbg committed in
9eb155353a.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2016-05-09 02:31:04 +02:00
Jo-Philipp Wich
9eb155353a kernel: add a workaround to rebuild vdso.so.dbg after genvdso
Currently the build fails with

  'arch/mips/vdso/vdso.so.dbg' already contains a '.MIPS.abiflags' section

if the file already exists from a prior build.

Add a makefile rule to force the rebuild of vdso.so.dbg if genvdso has
has been changed to workaround the failure.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2016-04-29 09:58:39 +02:00
Álvaro Fernández Rojas
a90ee92337 kernel: fix ip6_tunnel compilation
Replace undefined iph for ip_hdr(skb)

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2016-04-24 12:56:07 +02:00
Álvaro Fernández Rojas
3faf65e928 kernel: update kernel 4.4 to version 4.4.8
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2016-04-24 11:32:17 +02:00
Rafał Miłecki
83ca0efb3e kernel: backport support for accelerated SPI flash read
Signed-off-by: Rafał Miłecki <zajec5@gmail.com>

SVN-Revision: 49233
2016-04-26 09:23:12 +00:00
Hauke Mehrtens
f0b3964f1b kernel: update kernel 4.4 to version 4.4.7
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>

SVN-Revision: 49176
2016-04-16 21:05:48 +00:00
Rafał Miłecki
e920824fdd kernel: backport patch making bcm47xxsflash arch independent
This will be needed to use bcm47xxsflash on ARM for BCM53573.

Signed-off-by: Rafał Miłecki <zajec5@gmail.com>

SVN-Revision: 49168
2016-04-15 10:11:44 +00:00
Rafał Miłecki
490861a3f5 kernel: use upstream fixes for bgmac and BCM4709(4)
Signed-off-by: Rafał Miłecki <zajec5@gmail.com>

SVN-Revision: 49167
2016-04-15 10:11:31 +00:00
John Crispin
9ef282cd96 arc770: enable unaligned access handling simulation in software
This enables misaligned access handling by software in Linux kernel.

With some wireless drivers (ath9k-htc and mt7601u for example) we see
misaligned accesses here and there and to cope with that without
fixing stuff in the drivers we're just gracefully handling it on ARC.

Signed-off-by: Alexey Brodkin <abrodkin@synopsys.com>

SVN-Revision: 49134
2016-04-09 10:25:16 +00:00
Rafał Miłecki
53a74644b0 kernel: update kernel 3.18 to version 3.18.29
Signed-off-by: Rafał Miłecki <zajec5@gmail.com>

SVN-Revision: 49096
2016-03-30 16:41:26 +00:00
Gabor Juhos
c8a6c583fc generic/4.4: remove ISSI SI25CD512 SPI flash support patch
The flash is already supported in mainline kernel since 4.3-rc1.

Signed-off-by: Gabor Juhos <juhosg@openwrt.org>

SVN-Revision: 49063
2016-03-21 14:18:53 +00:00
Gabor Juhos
8cd8698b6f generic: lzma-loader: fix cache invalidation
The current code only partially invalidates both caches
because the cache size and cache-line size values are
incorrectly passed to the C code.

Fix the assembly code to pass the arguments in the correct
order.

Tested on RB532.

Signed-off-by: Gabor Juhos <juhosg@openwrt.org>

SVN-Revision: 49056
2016-03-21 13:15:09 +00:00
Gabor Juhos
479a0ef957 generic: lzma-loader: remove trailing whitespaces from start.S
Signed-off-by: Gabor Juhos <juhosg@openwrt.org>

SVN-Revision: 49055
2016-03-21 13:15:05 +00:00
Hauke Mehrtens
fcbc97ad78 kernel: update kernel 4.1 to version 4.1.20
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>

SVN-Revision: 49035
2016-03-18 23:41:21 +00:00
Hauke Mehrtens
7ed9ee6f30 kernel: add missing kernel options
This was found by the build bot.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>

SVN-Revision: 49033
2016-03-17 22:36:27 +00:00
Hauke Mehrtens
b3aae4c672 kernel: update kernel 4.4 to version 4.4.6
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>

SVN-Revision: 49032
2016-03-17 21:41:07 +00:00
Rafał Miłecki
0e2f0196a2 kernel: backport bcma 4.6 changes for flashes
Signed-off-by: Rafał Miłecki <zajec5@gmail.com>

SVN-Revision: 48960
2016-03-07 23:09:26 +00:00
Felix Fietkau
b9f52b6b86 kernel: add MIPS kernel fix for an uninitialized CPU map
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 48956
2016-03-07 21:00:46 +00:00