Commit Graph

135 Commits

Author SHA1 Message Date
Hauke Mehrtens
467aa08f8a
kernel: Activate CONFIG_SLAB_FREELIST_RANDOM
This activates CONFIG_SLAB_FREELIST_RANDOM.
This option make the free list less predictable. This makes it harder to
exploit heap based security vulnerabilities.

This adds a little bit more code to the kernel and a small additional
compute overhead.

This option is activated in Debian by default.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2023-05-03 15:13:26 +02:00
Hauke Mehrtens
1f41b6bb83 kernel: Activate CONFIG_SCHED_STACK_END_CHECK
This activates the CONFIG_SCHED_STACK_END_CHECK option.

The kernel will check if the kernel stack overflowed in the schedule()
function. This just adds a very small computational overhead.

This option is activated in Debian by default.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2023-04-29 12:40:10 +02:00
Hauke Mehrtens
ff536eca58 kernel: Activate CONFIG_SLAB_FREELIST_HARDENED
This activates some extra checks in SLAB or SLUB to make it harder to
execute kernel heap exploits. This adds a minor performance
degradation which I haven't measured-.

Many mainstream Linux distributions also activate this option.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2023-04-29 12:38:09 +02:00
Hauke Mehrtens
2bab7d273e kernel: Initialize RNG using CPU RNG and bootloader
This activates the following kernel options by default:
* CONFIG_RANDOM_TRUST_CPU
* CONFIG_RANDOM_TRUST_BOOTLOADER

With these option Linux will also use data from the CPU RNG e.g. RDRAND
and the bootloader to initialize the Linux RNG if such sources are
available.
These random bits are used in addition to the other sources, no other
sources are getting deactivated. I read that the Chacha mixer isn't
vulnerable to injected entropy, so this should not be a problem even if
these sources might inject bad random data.

The Linux kernel suggests to activate both options, Debian also
activates them. This does not increase kernel code size.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2023-04-29 12:35:44 +02:00
Rafał Miłecki
323072f3a6 kernel: backport NVMEM patches queued for the v6.4
They add NVMEM layouts support. It allows handling NVMEM content
independently of NVMEM device access.

Skip U-Boot env data patch for now as it break our downstream MAC hacks.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2023-04-06 12:13:22 +02:00
John Audia
bd2103e9bc kernel: tcindex classifier has been retired
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/net/sched?h=v5.10.173&id=18c3fa7a7fdbb4d21dafc8a7710ae2c1680930f6

Signed-off-by: John Audia <therealgraysky@proton.me>
2023-03-20 22:44:28 +01:00
Nick Hainke
7c5e847827 kernel: move CONFIG_PAGE_POOL to generic
Move "# CONFIG_PAGE_POOL is not set" to generic.

Suggested-by: Hauke Mehrtens <hauke@hauke-m.de>
Signed-off-by: Nick Hainke <vincent@systemli.org>
2023-03-04 10:20:58 +01:00
Rafał Miłecki
457cc59795 kernel: 5.10: update nvmem subsystem to the 5.15 state
This allows cleanly backporting more recent stuff that's important for
OpenWrt.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2023-01-06 14:34:37 +01:00
Hauke Mehrtens
92eb787d08 kernel: Move CONFIG_PWM_IMG and CONFIG_PWM_MEDIATEK to generic configuration
In the build of the ramips/mt76x8 target the user gets asked about these
two configuration options, add them to the generic kernel configuration.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2022-12-23 00:43:33 +01:00
Hauke Mehrtens
f620eb70f1 kernel: Add missing kernel configuration options
This fixes compile of the bmips target.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2022-12-21 15:15:00 +01:00
Hauke Mehrtens
fbd5573dca kernel: Reorder kernel configuration options
./scripts/kconfig.pl '+' target/linux/generic/config-5.10 /dev/null > target/linux/generic/config-5.10-new
mv target/linux/generic/config-5.10-new target/linux/generic/config-5.10

./scripts/kconfig.pl '+' target/linux/generic/config-5.15 /dev/null > target/linux/generic/config-5.15-new
mv target/linux/generic/config-5.15-new target/linux/generic/config-5.15

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2022-12-21 15:14:51 +01:00
Stijn Tintel
b3dd15ca0a kernel: add missing symbol to 5.10 config
Kernel 5.10.158 added a prompt for the FUNCTION_ERROR_INJECTION symbol.
This is exposed in builds with CONFIG_KERNEL_KPROBES enabled, causing
those builds to fail due to a missing symbol. Add the symbol to fix
this.

Fixes: 6801c460b6 ("kernel: bump 5.10 to 5.10.158")
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2022-12-14 20:29:36 +02:00
Chukun Pan
b40a047f1f sunxi: fix sunxi-ir kconfig and description
Removed a20 in description, since it
only works for a10, a13 and a31.
Also refreshed kernel config.

Fixes: #10466
Signed-off-by: Chukun Pan <amadeus@jmu.edu.cn>
(moved fixes, refreshed, added CONFIG_DVB_USB=n)
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2022-12-12 09:06:17 +01:00
John Audia
f83a8329a3 kernel: add symbol in generic config for 5.10.157
Add CONFIG_INET_TABLE_PERTURB_ORDER=16 to generic config

Signed-off-by: John Audia <therealgraysky@proton.me>
2022-12-11 02:43:28 +01:00
Pawel Dembicki
f74275c936 kernel: add missing symbol in generic config
Found during work on qoriq target.

Signed-off-by: Pawel Dembicki <paweldembicki@gmail.com>
[improve commit message, remove from target configs]
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2022-11-16 20:23:34 +02:00
Martin Schiller
1e028ac51e kernel: further cleanup of xfrm[4|6]_mode*
In my commit da5c45f4d8 ("kernel: remove handling of xfrm[4|6]_mode_*
modules") I missed a few default config options and description entries.
Those should be gone as well.

Fixes: da5c45f4d8 ("kernel: remove handling of xfrm[4|6]_mode_* modules")
Signed-off-by: Martin Schiller <ms@dev.tdt.de>
2022-11-05 16:28:33 +01:00
Martin Schiller
da5c45f4d8 kernel: remove handling of xfrm[4|6]_mode_* modules
For kernel versions before 5.2, the required IPsec modes have to be
enabled explicitly (they are built-in for newer kernels).

Commit 1556ed155a ("kernel: mode_beet mode_transport mode_tunnel xfram
modules") tried to handle this, but it does not really work.

Since we don't support these kernel versions anymore and the code is
also broken, let's remove it.

Signed-off-by: Martin Schiller <ms@dev.tdt.de>
[Remove old generic config options too]
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2022-10-31 21:58:15 +01:00
Florian Eckert
29ae20519a kernel: remove CONFIG_GPIO_MCP23S08 from default kernel configs
The kernel config option 'CONFIG_GPIO_MCP23S08' no longer exists.
Therefore, it is removed from the generic kernel configuration for
linux-5.10 and linux-5.15.

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
2022-10-30 23:14:45 +01:00
Aleksander Jan Bajkowski
9226f1e419
kernel: disable CONFIG_CPU_LITTLE_ENDIAN in generic config
Endianness depends on CPU architecture. CONFIG_CPU_(BIG/LITTLE)_ENDIAN should
be enabled on target or subtarget based on SoC architecture.

Fixes warning:
$ make kernel_oldconfig CONFIG_TARGET=subtarget
...
.config:1008:warning: override: CPU_LITTLE_ENDIAN changes choice state
....

Summary:
- ARC - only the CONFIG_CPU_BIG_ENDIAN symbol is defined for this architeture.
  If it is disabled then the processor operates in LITTLE_ENDIAN mode (default),
- ARM32 - CONFIG_CPU_LITTLE_ENDIAN symbol available since kernel 5.19. This
  option should be enabled after OpenWRT moves to kernel 6.x. After refreshing
  the kernel, the symbol disappears,
- ARM64 - enabled CONFIG_CPU_LITTLE_ENDIAN,
- MIPS - enabled relevant symbols,
- POWERPC -  enabled CONFIG_CPU_BIG_ENDIAN,
- UML - Symbols are not defined for this architecture,
- X86 - always little endian. Symbols are not defined for this architecture.

Signed-off-by: Aleksander Jan Bajkowski <olek2@wp.pl>
2022-10-21 13:47:01 +02:00
Felix Fietkau
36f2ab4bfd kernel: move kernel image cmdline hack to the octeon target
It is the only remaining user of this hack

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2022-09-30 13:13:51 +02:00
Felix Fietkau
4363faef8a kernel: move ubnt ledbar driver to a separate package
Simplifies the tree by removing a non-upstream kernel patch and related kconfig
symbols

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2022-09-30 11:28:51 +02:00
Hauke Mehrtens
f08f7e88c9 kernel: Move some IOMMU options to generic
This adds some missing IOMMU related options for x86/64 and moves some
of them to generic for all targets.

On x86 IOMMU_DEFAULT_DMA_LAZY is used by default, on all other platforms
IOMMU_DEFAULT_DMA_STRICT is the default. we just follow the default
kernel configuration here.

Fixes: 8fea4a102c ("x86/64: enable IOMMU support")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2022-09-24 13:49:47 +02:00
Felix Fietkau
6eeb5d4564 kernel: disable wireless extensions only when needed
They are only needed by a few very old drivers

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2022-09-22 15:26:58 +02:00
Hauke Mehrtens
fa578335c9 kernel: Deactivate CONFIG_DEFAULT_FQ_PIE by default
When building OpenWrt with CONFIG_ALL_KMODS the kernel build will ask
for CONFIG_DEFAULT_FQ_PIE option. This deactivates it by default.

Fixes: c3e4a0d99b ("kernel: netsupport: Add FQ-PIE as an optional sched kmod and extract PIE")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2022-09-22 11:46:48 +02:00
Sven Wegener
53fc987b25 generic: move ledbar driver from mediatek target
This moves the ledbar driver to generic, to be also used by the ramips target.

Signed-off-by: Sven Wegener <sven.wegener@stealer.net>
2022-09-11 20:26:42 +01:00
Rafał Miłecki
d79048e9e5 kernel: add CONFIG_NVMEM_U_BOOT_ENV symbol to configs
This fixes:
  U-Boot environment variables support (NVMEM_U_BOOT_ENV) [N/m/y/?] (NEW)

Fixes: 34cf310435 ("kernel: backport U-Boot environment data NVMEM driver")
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2022-08-17 22:46:19 +02:00
Tomas Lara
24307b0351 kernel: remove CONFIG_MMC_BLOCK_BOUNCE
CONFIG_MMC_BLOCK_BOUNCE was removed in kernel v4.13-rc1
 c3dccb74be

Signed-off-by: Tomas Lara <tl849670@gmail.com>
2022-08-13 21:02:35 +02:00
Alexandru Gagniuc
c5fbd49d3f kernel: add upstream patches for tps23861 PoE controller
These patches support the tps23861 PoE controller found on a number of
managed switches. The TPS23861 is an I2C-based quad IEEE 802.3at (PoE+)
Power-over-Ethernet PSE controller. It's also found on some Realtek
based switches, where we expect the bulk of the users to reside.

Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
[Disable driver in generic/config-5.10]
Signed-off-by: Sander Vanheule <sander@svanheule.net>
2022-08-13 19:59:15 +02:00
Hauke Mehrtens
b75425370d kernel: kmod-nft-nat6: Remove package
The nft NAT packages for IPv4 and IPv6 were merged into the common
packages with kernel 5.1. The kmod-nft-nat6 package was empty in our
build, remove it.

Multiple kernel configuration options were also removed, remove them
from our generic kernel configuration too.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2022-08-10 21:36:17 +02:00
Hauke Mehrtens
ff06edd1f0 kernel: Activate CONFIG_GPIOLIB in generic configuration
All targets expect the malta target already activate the CONFIG_GPIOLIB
option. Move it to generic kernel configuration and also activate it for
malta.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2022-08-10 21:36:17 +02:00
Jan Hoffmann
3b1261224a kernel: mtdsplit: add support for H3C VFS filesystem
The bootloader on some H3C devices (for example HPE 1920 switches) only
supports booting from flash by reading an image from an "VFS" filesystem
which spans most of the available flash. The filesystem size is hard-
coded in the bootloader. However, as long as no write operations are
performed in the bootloader menu, it is sufficient if the start of the
partition contains a valid filesystem with the kernel image.

This mtdsplit parser reads the size and location of the kernel image and
finds the location of the rootfs stored after it. It assumes that the
filesystem image matches the layout of one generated by mkh3cvfs, with
a filename of "openwrt-kernel.bin" for the kernel image.

Signed-off-by: Jan Hoffmann <jan@3e8.eu>
2022-07-28 14:08:56 +02:00
Hauke Mehrtens
dcc0fe24ea kernel: Add missing mediatek configuration options
When building the mediatek/mt7629 target in OpenWrt 22.03 the kernel
does not have a configuration option for CONFIG_CRYPTO_DEV_MEDIATEK. Add
this option to the generic kernel configuration and also add two other
configuration options which are removed when we refresh the mt7629
kernel configuration.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2022-07-06 20:32:11 +02:00
John Thomson
ef69ab7a35 kernel: cut broken SPI_NOR 4K eraseblock LIMIT patch
Since 4e0c54bc5b ("kernel: add support for kernel 5.4"),
the spi-nor limit 4k erasesize to spi-nor chips below a configured size
patch has not functioned as intended.

For uniform erasesize SPI-NOR devices, both
nor->erase_opcode & mtd->erasesize are used in erase operations.
These are set before, and not modified by, this
CONFIG_MTD_SPI_NOR_USE_4K_SECTORS_LIMIT patch.
Thus, an SPI-NOR device with CONFIG_MTD_SPI_NOR_USE_4K_SECTORS will
always use 4k erasesize (where the device supports it).

If this patch was fixed to function as intended, there would be
cases where devices change from a 4K to a 64K erasesize.

Signed-off-by: John Thomson <git@johnthomson.fastmail.com.au>
2022-06-29 12:34:49 +02:00
Stijn Tintel
f3caba679b kernel: add missing symbol to 5.10 config
Kernel 5.10.124 introduced a new symbol 'LIB_MEMNEQ'. Add it to the
generic 5.10 config.

Fixes: 9e5d743422 ("kernel: bump 5.10 to 5.10.124")
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2022-06-29 00:09:53 +03:00
Tomasz Maciej Nowak
539e60539a generic: enable CRYPTO_LIB_BLAKE2S[_X86|_ARM]
This is now built-in, enable so it won't propagate on target configs.

Link: https://lkml.org/lkml/2022/1/3/168
Fixes: 79e7a2552e ("kernel: bump 5.15 to 5.15.44")
Fixes: 0ca9367069 ("kernel: bump 5.10 to 5.10.119")
Signed-off-by: Tomasz Maciej Nowak <tmn505@gmail.com>
(Link to Kernel's commit taht made it built-in,
CRYPTO_LIB_BLAKE2S[_ARM|_X86] as it's selectable, 5.10 backport)
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2022-06-24 17:10:24 +02:00
Rafał Miłecki
77692d6112 kernel: backport mtd parser for Sercomm partitions
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2022-06-19 22:10:03 +02:00
John Audia
cd634afe6c kernel: bump 5.10 to 5.10.119
Delete the crypto-lib-blake2s kmod package, as BLAKE2s is now built-in.
Patches automatically rebased.

Build system: x86_64
Build-tested: ipq806x/R7800, x86/64

Signed-off-by: John Audia <therealgraysky@proton.me>
2022-06-06 19:20:02 +02:00
Rui Salvaterra
4eed715694 kernel: add two ksyms to the generic kconfigs
These will be prompted for with GCC 12.

Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
2022-06-01 15:03:40 +02:00
Stijn Tintel
44bcad24b6 kernel: add DEBUG_INFO_REDUCED config option
Add DEBUG_INFO_REDUCED as a kernel config option and remove it from the
kernel configs. This is in preparation of the upcoming option to enable
BTF typeinfo, which is incompatible with DEBUG_INFO_REDUCED.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2022-05-18 13:32:06 +03:00
Felix Fietkau
92add80414 kernel: add missing config symbols
MPLS feature symbols are normally only set when kmod-mpls is enabled, but the
CONFIG_MPLS symbol they depend on could also have been selected by openvswitch
instead

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2022-04-20 10:04:19 +02:00
Aleksander Jan Bajkowski
26e7c22757
kernel: sort generic configuration
This was done by executing these commands:

$ ./scripts/kconfig.pl '+' target/linux/generic/config-5.10 /dev/null > target/linux/generic/config-5.10-new
$ mv target/linux/generic/config-5.10-new target/linux/generic/config-5.10

$ ./scripts/kconfig.pl '+' target/linux/generic/config-5.15 /dev/null > target/linux/generic/config-5.15-new
$ mv target/linux/generic/config-5.15-new target/linux/generic/config-5.15

Signed-off-by: Aleksander Jan Bajkowski <olek2@wp.pl>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2022-03-27 15:50:14 +01:00
Christian Lamparter
de4879c1ae kernel: mark CONFIG_PSTORE_COMPRESS_DEFAULT as "is not set"
# CONFIG_PSTORE_COMPRESS_DEFAULT="deflate"
this can lead to confusion. Thankfully, in the KConfig
world this setting is still interpreted as disabled.

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2022-03-26 02:02:45 +01:00
Christian Lamparter
6387715093 kernel: add (disabled) ASYMMETRIC_TPM_KEY_SUBTYPE symbol
at91/sama7 fails to build due to:

| Asymmetric (public-key cryptographic) key type (ASYMMETRIC_KEY_TYPE) [Y/?] y
|  Asymmetric public-key crypto algorithm subtype (ASYMMETRIC_PUBLIC_KEY_SUBTYPE) [Y/?] y
|  Asymmetric TPM backed private key subtype (ASYMMETRIC_TPM_KEY_SUBTYPE) [N/m/?] (NEW)
|Error in reading or end of file.

please note that asym_tpm (module) has been removed in 5.17:
<https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=d3cff4a9>

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2022-03-26 02:02:44 +01:00
Christian Lamparter
b034a9e569 kernel: add missing (disabled) GOOGLE_* symbols
ARM Builds like sunxi/cortexa53 or the rpi family failed
to build due to a new symbols showing up:

|Google Firmware Drivers (GOOGLE_FIRMWARE) [Y/n/?] y
|  Coreboot Table Access (GOOGLE_COREBOOT_TABLE) [M/n/y/?] m
|  Coreboot Framebuffer (GOOGLE_FRAMEBUFFER_COREBOOT) [N/m/?] (NEW)
|Error in reading or end of file.

Fixes: e5b009e532 ("kernel: Package GOOGLE_FIRMWARE drivers")
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2022-03-26 02:02:44 +01:00
John Audia
048f0b1702 kernel: bump 5.10 to 5.10.105
Updated default config with new sym (CONFIG_MITIGATE_SPECTRE_BRANCH_HISTORY=y).

Manually rebased:
    generic/hack-5.10/220-arm-gc_sections.patch

All other patches automatically rebased.

Build system: x86_64
Build-tested: bcm2711/RPi4B, mt7622/RT3200
Run-tested: bcm2711/RPi4B, mt7622/RT3200

Signed-off-by: John Audia <graysky@archlinux.us>
2022-03-19 16:13:58 +01:00
Stijn Tintel
4ecf8346c0 kernel: enable SERIAL_8250_16550A_VARIANTS
Kernel 5.6 introduced a new config symbol SERIAL_8250_16550A_VARIANTS.
In kernel 5.8, this symbol was changed to default to on on !x86, as some
embedded devices still use 16650A variants. Let's play safe here and
enable this symbol in the generic config, to avoid others from running
into this problem and having to spend several hours trying to bisect
this problem. While we could disable the symbol in the x86 target
configs, a 20ms boot time reduction really isn't worth the time wasted
on bisecting this issue.

Matt discovered this problem while working on adding support for the
WatchGuard Firebox M200 to the qoriq target, where it caused some
characters to be missing on the console output.

Reported-by: Matt Fawcett <mattytap@icloud.com>
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Reviewed-by: Rui Salvaterra <rsalvaterra@gmail.com>
2022-03-18 14:44:39 +02:00
Philip Prindeville
23f94aa330 kernel: include CONFIG_KEXEC_SIG in configs
Seeing failure to build because of missing symbols related to provisioning
CONFIG_KEXEC and signed images.  Without this, if you set
CONFIG_KERNEL_KEXEC=y and try to build, target/linux will hang at:

scripts/kconfig/conf  --syncconfig Kconfig
...
kexec system call (KEXEC) [Y/n/?] y
kexec file based system call (KEXEC_FILE) [Y/n/?] y
Verify kernel signature during kexec_file_load() syscall (KEXEC_SIG) [N/y/?] (NEW)

Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
2022-03-15 08:33:45 +01:00
INAGAKI Hiroshi
cc49abc06b kernel: move parser_trx patches of custom magic to generic
This patch moves the patches of parser_trx in mediatek target to
generic/backport-5.10 to use the changes from ramips target and
backport the additional patch of the parser.

Signed-off-by: INAGAKI Hiroshi <musashino.open@gmail.com>
2022-03-06 20:40:07 +01:00
John Audia
4a956a06f2 kernel: move CONFIG_ASN1 to generic config
Rather than populating this symbol in the individual configs, move it to the
generic config.

Signed-off-by: John Audia <graysky@archlinux.us>
2022-02-28 21:52:01 +01:00
Rui Salvaterra
3c561cff0b kernel: generic: add missing 5.10 symbols
Add the following kconfig symbols (disabled):

CONFIG_DEFAULT_FQ
CONFIG_DEFAULT_CODEL
CONFIG_DEFAULT_SFQ

Also resort the config with the kconfig.pl script.

Fixes: f39872d966 ("kernel: generic: select the fq_codel qdisc by default")

Tested-by: Christian Lamparter <chunkeey@gmail.com>
Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
2022-02-25 08:30:14 +00:00