Commit Graph

44 Commits

Author SHA1 Message Date
Stijn Tintel
9fe68b4369 kernel: move e1000e patches to backports
They're already in linux.git, so they shouldn't be in pending.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
(cherry picked from commit 14b6c72541)
2018-08-09 11:49:56 +02:00
Stijn Segers
9ce7aa325e kernel: bump 4.14 to 4.14.60 for 18.06
* Refreshed patches.
* Patches made redundant by changes upstream:
  - target/linux/ramips/patches-4.14/0036-mtd-fix-cfi-cmdset-0002-erase-status-check.patch
* Patches accepted upstream:
  - target/linux/apm821xx/patches-4.14/020-0001-crypto-crypto4xx-remove-bad-list_del.patch
  - target/linux/apm821xx/patches-4.14/020-0011-crypto-crypto4xx-fix-crypto4xx_build_pdr-crypto4xx_b.patch
  - target/linux/brcm63xx/patches-4.14/001-4.15-08-bcm63xx_enet-correct-clock-usage.patch
  - target/linux/brcm63xx/patches-4.14/001-4.15-09-bcm63xx_enet-do-not-write-to-random-DMA-channel-on-B.patch
  - target/linux/generic/backport-4.14/080-net-convert-sock.sk_wmem_alloc-from-atomic_t-to-refc.patch
  - target/linux/generic/pending-4.14/900-gen_stats-fix-netlink-stats-padding.patch

The ext4 regression introduced in 4.14.55 has been fixed by 4.14.60 (commit f547aa20b4f61662ad3e1a2040bb3cc5778f19b0).

Fixes the following CVEs:
- CVE-2018-10876
- CVE-2018-10877
- CVE-2018-10879
- CVE-2018-10880
- CVE-2018-10881
- CVE-2018-10882
- CVE-2018-10883

Thanks to Stijn Tintel for the CVE list :-).

Compile-tested on: ramips/mt7621, x86/64
Run-tested on: ramips/mt7621, x86/64

Signed-off-by: Stijn Segers <foss@volatilesystems.org>
2018-08-06 07:30:41 +02:00
Rafał Miłecki
b5b5f5dfa6 kernel: backport mtd support for subpartitions in DT
This is a new & warm feature that allows nesting partiitons in DT and
mixing their types (e.g. static vs. dynamic). It's very useful for
boards that have most partitions static but some of them require extra
parsing (e.g. a "firmware" partition).

It's required to successfully backport support for new devices using
that new syntax in their DT files.

Since brcm63xx has a custom alternative patch the upstream one is being
reverted for it. The plan is to make brcm63xx use the upstream
implementation.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit 2a598bbaa3)
2018-07-31 10:14:47 +02:00
Rafał Miłecki
f8e57f450d kernel: backport mtd patches with Broadcom of_match_table-s
Two tiny & trivial patches with no regression risk. One simplifies
bcm53xx downstream patch.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit 6bcafea2c0)
2018-07-31 10:14:46 +02:00
Koen Vandeputte
ca903c73c7 kernel: bump 4.14 to 4.14.54 for 18.06
Refreshed all patches

Reworked patches to match upstream:
335-v4.16-netfilter-nf_tables-add-single-table-list-for-all-fa.patch

Compile-tested on: cns3xxx, imx6, x86_64
Runtime-tested on: cns3xxx, imx6, x86_64

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-07-12 13:54:24 +02:00
Stijn Segers
ab7cabd09d kernel: bump 4.14 to 4.14.52 for 18.06
Compile-tested on: ramips/mt7621, x86/64.
Run-tested on: ramips/mt7621.

Signed-off-by: Stijn Segers <foss@volatilesystems.org>
2018-07-02 07:06:23 +02:00
Kevin Darbyshire-Bryant
8af649756f kernel: atm: pppoatm fix vc-mux connection failures
Backport a hot off the press upstream kernel ATM fix:

Preserve value of skb->truesize when accounting to vcc

"There's a hack in pskb_expand_head() to avoid adjusting skb->truesize
for certain skbs. Ideally it would cover ATM too. It doesn't. Just
stashing the accounted value and using it in atm_raw_pop() is probably
the easiest way to cope."

The issue was exposed by upstream with:

commit 14afee4b6092fde451ee17604e5f5c89da33e71e
Author: Reshetova, Elena <elena.reshetova@intel.com>
Date:   Fri Jun 30 13:08:00 2017 +0300

    net: convert sock.sk_wmem_alloc from atomic_t to refcount_t

But an earlier commit left the ticking timebomb:

158f323b9868 ("net: adjust skb->truesize in pskb_expand_head()

Sincerest thanks to Mathias Kresin <dev@kresin.me> for debugging
assistance and to David Woodhouse <dwmw2@infradead.org> for further
guidance, cajoling & patience in interpreting the debug I was giving him
and producing a fix!

Fixes FS#1567

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
(cherry picked from commit d600de3ddd)
2018-06-18 21:29:34 +02:00
Koen Vandeputte
6cf00dcf7d kernel: bump 4.14 to 4.14.49 for 18.06
Refreshed all patches

Compile-tested on: cns3xxx, imx6, x86-64
Runtime-tested on: cns3xxx, imx6, x86-64

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-06-18 06:42:29 +02:00
Felix Fietkau
18f18a2054 kernel: fix conntrack fixup of offloaded flows on timeout
Fixes excessively long conntrack timeout of short lived connections

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-06-14 11:48:05 +02:00
Felix Fietkau
244fd1aac6 kernel: fix conntrack leak for flow_offload connections
This was caused by a race condition between offload teardown and
conntrack gc bumping the timeout of offloaded connections

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-06-14 11:47:58 +02:00
Stijn Segers
1199a91095 kernel: bump 4.14 to 4.14.48 for 18.06
Refreshed patches. The following patches were upstreamed and have been deleted:

* target/linux/lantiq/patches-4.14/0025-MIPS-lantiq-gphy-Remove-reboot-remove-reset-asserts.patch
* target/linux/generic/pending-4.14/101-clocksource-mips-gic-timer-fix-clocksource-counter-w.patch
* target/linux/generic/pending-4.14/103-MIPS-c-r4k-fix-data-corruption-related-to-cache-coherence.patch
* target/linux/generic/pending-4.14/181-net-usb-add-lte-modem-wistron-neweb-d18q1.patch

Compile-tested: ramips/mt7621, x86/64
Run-tested: ramips/mt7621

Signed-off-by: Stijn Segers <foss@volatilesystems.org>
2018-06-07 09:03:24 +02:00
Felix Fietkau
b295e3a18d kernel: backport patch to fix dst handling for offloaded connections
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-06-05 10:19:35 +02:00
Koen Vandeputte
e39414ed07 kernel: bump 4.14 to 4.14.43 for 18.06
Refreshed all patches

Dropped upstreamed patches:
522-PCI-aardvark-fix-logic-in-PCI-configuration-read-write-functions.patch
523-PCI-aardvark-set-PIO_ADDR_LS-correctly-in-advk_pcie_rd_conf.patch
525-PCI-aardvark-use-isr1-instead-of-isr0-interrupt-in-legacy-irq-mode.patch
527-PCI-aardvark-fix-PCIe-max-read-request-size-setting.patch

updated patches:
524-PCI-aardvark-set-host-and-device-to-the-same-MAX-payload-size.patch
030-USB-serial-option-fix-dwm-158-3g-modem-interface.patch

Added new ARM64 symbol: CONFIG_ARM64_ERRATUM_1024718

Compile-tested on: cns3xxx, imx6, mvebu (arm64), x86_64
Runtime-tested on: cns3xxx, imx6, x86_64

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-05-24 16:04:09 +02:00
Rafał Miłecki
404508001e kernel: use accepted version of bcm47xxpart fix commit
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2018-05-12 23:53:44 +02:00
Rafał Miłecki
070693477a kernel: backport mtd patch for minor partitioning cleanup
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2018-05-12 23:14:07 +02:00
Rafał Miłecki
f9dcdc7fef kernel: mark source kernel for netfilter backports
This helps keeping track on patches & adding new kernels in the future.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2018-05-08 09:42:07 +02:00
Koen Vandeputte
3435dbdc1c kernel: bump 4.14 to 4.14.37
Refreshed all patches

Compile-tested on: cns3xxx, imx6, octeon, ramips/mt7621, x86/64
Runtime-tested on: cns3xxx, imx6, octeon, ramips/mt7621, x86/64

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
Tested-by: Stijn Segers <foss@volatilesystems.org>
[add extra tested targets to commit msg]
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2018-04-30 09:07:53 +03:00
Giuseppe Lippolis
78666c7ba0 kernel: fix usb interface on 3G dwm-158 modem
The current option driver binds to the usb interface 2,3,4,5.
But the interface 4 and 5 doesn't answer to the AT commands.
On the new openwrt configuration the wwan script select the 5th
interface as control interface, failing to establish the
3G connection.

Backport the fix for the problem.

Signed-off-by: Giuseppe Lippolis <giu.lippolis@gmail.com>
2018-04-23 22:07:22 +02:00
Stijn Tintel
ec1d7b9461 kernel: bump 4.14 to 4.14.34
Refresh patches.
Update patches that no longer apply:
- backport/313-netfilter-remove-defensive-check-on-malformed-packet.patch
- pending/642-net-8021q-support-hardware-flow-table-offload.patch

Compile-tested: x86/64.
Runtime-tested: x86/64.

Signed-off-by: Stefan Lippers-Hollmann <s.l-h@gmx.de>
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2018-04-16 00:22:57 +03:00
Rafał Miłecki
cdcd5c93d7 kernel: use accepted mtd patchset adding support for "compatible" string
These patches were finally accepted and are already present in the
Linus's tree. This should be good enough to make is "backport" material.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2018-04-09 07:16:48 +02:00
Stijn Segers
41a881a8d9 Kernel: bump 4.14 to 4.14.29
Right patch version this time, sorry!

* Patch 180-usb-xhci-add-support-for-performing-fake-doorbell.patch had to be adjusted slightly because of upstream adapted code.
* Refreshed patches.

Compile-tested: ramips/mt7621, x86/64
Run-tested: ramips/mt7621, x86/64
Signed-off-by: Stijn Segers <foss@volatilesystems.org>
Tested-by: Rosen Penev <rosenp@gmail.com>
2018-03-23 23:49:55 +01:00
Felix Fietkau
c89e338fe6 kernel: netfilter: fix dst entries in flowtable offload
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-03-23 20:56:34 +01:00
Felix Fietkau
99d511dcd3 kernel: fix offloading connections with SNAT + DNAT
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-03-23 19:16:23 +01:00
Felix Fietkau
48d17551b6 kernel: fix flow offload UDP handling issue
Only run the TCP state check for TCP connections

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-03-23 19:16:12 +01:00
Stijn Segers
9899ffcfd3 kernel: bump 4.14 to 4.14.27
* Refreshed patches.
* Deleted 812-pci-dwc-fix-enumeration.patch (was accepted upstream)

Compile-tested: ramips/mt7621, x86/64
Run-tested: ramips/mt7621, x86/64

Signed-off-by: Stijn Segers <foss@volatilesystems.org>
2018-03-17 22:15:38 +01:00
Rafał Miłecki
ac9bcefa3b kernel: use V10 of mtd patchset adding support for "compatible" string
In the commit bde5e7a632 ("kernel: backport mtd implementation for
"compatible" in "partitions" subnode") patches that got accepted into
l2-mtd.git were backported to the kernels 4.9 and 4.14. Unfortunately
there was a regression report, patches were dropped and never reached
4.16.

This commit replaces these pseudo-backports with the latest version
that includes regression fix and futher changes that were requested.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2018-03-14 15:13:39 +01:00
Kabuli Chana
7c1dae6e26 kernel: bump to version 4.14.25
compile/test target mvebu/rango

Signed-off-by: Kabuli Chana <newtownBuild@gmail.com>
2018-03-09 22:12:48 +01:00
Stijn Segers
b5469b38cd kernel: bump 4.14 to 4.14.23
This patch bumps the 4.14 kernel to .23.
- Refreshed patches.
- Deleted bcm53xx/patches-4.14/089-PCI-iproc-Fix-NULL-pointer-dereference-for-BCMA.patch. Has been accepted upstream.
- Deleted generic/pending-4.14/821-usb-Remove-annoying-warning-about-bogus-URB.patch. The upstream URB code was changed,
  the patch no longer applies. I discussed this with the patch author and removed it for now, we'll see how it goes.

Compile-tested on: ramips/mt7621, x86/64
Run-tested on: ramips/mt7621, x86/64

Signed-off-by: Stijn Segers <foss@volatilesystems.org>
2018-03-02 21:33:08 +01:00
Felix Fietkau
a5aee46fb7 kernel: more fixes for flow offload
- fix TCP connection state
- fix checksum error on DNAT

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-02-25 18:32:02 +01:00
Felix Fietkau
28a74f3076 kernel: remove nf_flow_table hardware offload patch (it is not ready yet)
It also does not have any users yet. It will be addde back when the core
API issues have been sorted out

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-02-25 16:24:02 +01:00
Felix Fietkau
a86e6b5a9f kernel: add minimal TCP state tracking to flow offload support
Fixes issues with connections hanging after >30 seconds idle time

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-02-25 16:14:23 +01:00
Koen Vandeputte
aad1f11efe kernel: refresh patches
Some fuzz was introduced due to the netfilter-offload series

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-02-22 12:46:25 +01:00
Felix Fietkau
1033356442 kernel: backport netfilter NAT offload support to 4.14
This only works with nftables for now, iptables support will be added
later. Includes a number of related upstream nftables improvements to
simplify backporting follow-up changes

Signed-off-by: John Crispin <john@phrozen.org>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-02-21 20:12:42 +01:00
Felix Fietkau
b7265c59ab kernel: backport a series of netfilter cleanup patches to 4.14
Preparation for backporting upstream NAT offload support

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-02-21 20:12:42 +01:00
Rafał Miłecki
8651f1149d kernel: backport patches simplifying mtd_device_parse_register code
These 2 patches were recently queued for 4.17.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2018-02-19 16:01:44 +01:00
Stijn Tintel
88ba41453d kernel: bump 4.14 to 4.14.20
Refresh patches.
Remove upstreamed patches:
- backport/080-v4.15-0001-arch-define-weak-abort.patch
- backport/081-v4.15-0002-kernel-exit.c-export-abort-to-modules.patch
Update patch that no longer applies:
pending/493-ubi-set-ROOT_DEV-to-ubiblock-rootfs-if-unset.patch

Fixes CVE-2017-8824.

Compile-tested: octeon, x86/64.
Runtime-tested: octeon, x86/64.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2018-02-18 02:59:48 +01:00
Roman Yeryomin
f4e5880d0f ramips: preliminary support for 4.14
- removed upstreamed patches
- 0901-spansion_nand_id_fix.patch is disabled, not clear if it's needed

Signed-off-by: Roman Yeryomin <roman@advem.lv>
Signed-off-by: John Crispin <john@phrozen.org>
2018-02-15 10:46:39 +01:00
Evgeniy Didin
b38758d4d4 kernel: backport fix undefined abort
While building mpi.ko module with stable Linux v4.14.14 an error occured:
>ERROR: "abort" [lib/mpi/mpi.ko] undefined!
In upstream Linux 4.15 this issue is fixed:
Commit 7c2c11b208be ("arch: define weak abort()")
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=7c2c11b208be09c156573fc0076b7b3646e05219

Commit dc8635b78cd8 ("kernel/exit.c: export abort() to modules")
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=dc8635b78cd8669c37e230058d18c33af7451ab1

So lets add backport patches until these fixes
are not applied in stable version.

Signed-off-by: Evgeniy Didin <Evgeniy.Didin@synopsys.com>
Cc: Alexey Brodkin <abrodkin@synopsys.com>
CC: John Crispin <john@phrozen.org>
CC: Hauke Mehrtens <hauke@hauke-m.de>
2018-02-10 20:58:39 +01:00
Stijn Tintel
3072908d0d kernel: bump 4.14 to 4.14.18
Refresh patches.

Remove upstreamed patches:
- apm821xx/010-crypto-gcm-add-GCM-IV-size-constant.patch
- backport/040-crypto-fix-typo-in-KPP-dependency-of-CRYPTO_ECDH.patch
Remove pending-4.14/650-pppoe_header_pad.patch, it is superseded by
upstream commit d32e5740001972c1bb193dd60af02721d047a17e.
Update patch that no longer applies: hack/204-module_strip.patch

Compile-tested: octeon, x86/64.
Runtime-tested: octeon, x86/64.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2018-02-08 18:43:13 +01:00
Hauke Mehrtens
4336efe14b kernel: use upstream patches for musl
This replaces the current patches used to make the kernel headers
compatible with musl with the version which was accepted upstream. This
is included in upstream kernel 4.15.
This was compile tested with iproute2 build on all supported kernel
versions with musl and one one with glibc.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-01-20 22:11:33 +01:00
Rafał Miłecki
bde5e7a632 kernel: backport mtd implementation for "compatible" in "partitions" subnode
This backports upstream support for "compatible" DT property set for the
"partitions" subnode of flash node. It allows specifying how partitions
should be created/parsed. Right now only "fixed-partitions" is
supported.

It should eventually replace our downstream "linux,part-probe" solution.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2018-01-11 12:07:49 +01:00
Stijn Tintel
c5ca1c9ab6 kernel: bump 4.14 to 4.14.11
Rename unwinder config symbols to match upstream changes.
Refresh patches.
Update patch that no longer applies: 202-reduce_module_size.patch

Also enable CONFIG_PAGE_TABLE_ISOLATION. This feature was backported
from 4.15 to the 4.14 stable series. It is enabled by default, so enable
it in OpenWrt as well.

Compile-tested on x86/64.
Runtime-tested on x86/64.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2018-01-03 00:07:10 +02:00
Hauke Mehrtens
199273324e kernel: add kmod-crypto-ecdh
In kernel 4.14 kmod-bluetooth depends on kmod-crypto-ecdh, add
kmod-crypto-ecdh to LEDE.
Both packages also depend on the kmod-crypto-kpp package. To build this
we have to fix the dependency of CRYPTO_ECDH which has a typo.
This patch is already accepted upstream.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-12-16 22:13:04 +01:00
Hauke Mehrtens
b3f95490b9 kernel: generic: Add kernel 4.14 support
This adds initial support for kernel 4.14 based on the patches for
kernel 4.9.

In the configuration I deactivated some of the new possible security
features like:
CONFIG_REFCOUNT_FULL
CONFIG_SLAB_FREELIST_HARDENED
CONFIG_SOFTLOCKUP_DETECTOR
CONFIG_WARN_ALL_UNSEEDED_RANDOM

And these overlay FS options are also deactivated:
CONFIG_OVERLAY_FS_INDEX
CONFIG_OVERLAY_FS_REDIRECT_DIR

I activated this:
CONFIG_FORTIFY_SOURCE
CONFIG_POSIX_TIMERS
CONFIG_SLAB_MERGE_DEFAULT
CONFIG_WATCHDOG_HANDLE_BOOT_ENABLED

I am not sure if I did the porting correct for the following patches:
target/linux/generic/backport-4.14/020-backport_netfilter_rtcache.patch
target/linux/generic/hack-4.14/220-gc_sections.patch
target/linux/generic/hack-4.14/321-powerpc_crtsavres_prereq.patch
target/linux/generic/pending-4.14/305-mips_module_reloc.patch
target/linux/generic/pending-4.14/611-netfilter_match_bypass_default_table.patch
target/linux/generic/pending-4.14/680-NET-skip-GRO-for-foreign-MAC-addresses.patch

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-12-16 22:11:19 +01:00