Fixes the following security vulnerabilities:
CVE-2017-8890
The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the
Linux kernel through 4.10.15 allows attackers to cause a denial of service
(double free) or possibly have unspecified other impact by leveraging use
of the accept system call.
CVE-2017-9074
The IPv6 fragmentation implementation in the Linux kernel through 4.11.1
does not consider that the nexthdr field may be associated with an invalid
option, which allows local users to cause a denial of service (out-of-bounds
read and BUG) or possibly have unspecified other impact via crafted socket
and send system calls.
CVE-2017-9075
The sctp_v6_create_accept_sk function in net/sctp/ipv6.c in the Linux kernel
through 4.11.1 mishandles inheritance, which allows local users to cause a
denial of service or possibly have unspecified other impact via crafted
system calls, a related issue to CVE-2017-8890.
CVE-2017-9076
The dccp_v6_request_recv_sock function in net/dccp/ipv6.c in the Linux
kernel through 4.11.1 mishandles inheritance, which allows local users to
cause a denial of service or possibly have unspecified other impact via
crafted system calls, a related issue to CVE-2017-8890.
CVE-2017-9077
The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c in the Linux kernel
through 4.11.1 mishandles inheritance, which allows local users to cause a
denial of service or possibly have unspecified other impact via crafted
system calls, a related issue to CVE-2017-8890.
CVE-2017-9242
The __ip6_append_data function in net/ipv6/ip6_output.c in the Linux kernel
through 4.11.3 is too late in checking whether an overwrite of an skb data
structure may occur, which allows local users to cause a denial of service
(system crash) via crafted system calls.
Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8890
Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9074
Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9075
Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9076
Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9077
Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9242
Ref: https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.71
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
x86 board.d only contains a case for the APU2, not the APU1. This
causes, for example, network configuration not to be created correctly.
Even though the APU1 seems to reaching EOL, there a still a lot of them
out there.
The APU1 and APU2 is configured in the same way and this patch should
also be considered for stable, as the error also exists there.
Signed-off-by: Kristian Evensen <kristian.evensen@gmail.com>
The two phy operation mode where one phy is assigned to an interface
without lantiq,* device tree property and the other phy is assigned to
an interface with the lantiq,wan device property was broken with the
multicast package leaks between vlans fixes.
Move the multicast packages relevant portmap settings to the condition
which handles multicast packages for better readability.
Replace the priv->port_map based port_map only for the interface which
has the lantiq,switch device tree property set, to allow tagged
multicast packages in two phy mode where the lantiq,switch device tree
property isn't used.
Signed-off-by: Mathias Kresin <dev@kresin.me>
The port is labeled as wan and was only used as lan port because of the
"tx ring full" issues fixed with 8f02f7c.
Signed-off-by: Mathias Kresin <dev@kresin.me>
Using the lantiq,wan device tree property for one interface node and
the lantiq,switch device tree property for another interface node at
the same time was never intended/isn't supported at the moment.
The property is meant to be used in two phy operation mode where one
phy is assigned to an interface without lantiq,* device tree property
and the other phy is assigned to an interface with the lantiq,wan
device property to have two netdevs.
If both properties are used at the same time, the lantiq,wan interface
is shown as independent netdev but not able to operate independent. The
port needs to be managed via swconfig. These dependency is not obvious
and fooled already a lot of users.
Add a default WAN vlan for xrx200 devices having an ethernet WAN port
and remove the lantiq,wan device tree property. Leave it up to the user
to set the ethernet WAN port as default WAN interface or to use this
port as additional LAN port.
Signed-off-by: Mathias Kresin <dev@kresin.me>
Explicitely disable X2APIC support on legacy targets since the targeted
processor types do not support it anyway there.
Fixes FS#285.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
This fixes wrong GPIO numbers for LEDs and button in Wallys DR344 board
and sets color of all LEDs to green as the mass production boards have
only green one.
Actually, DR344 has 6 GPIO-connected LEDs and one button:
- GPIO11: status
- GPIO12: sig1
- GPIO13: sig2
- GPIO14: sig3
- GPIO15: sig4
- GPIO16: reset button
- GPIO17: lan
WAN LED is connected directly with AR8035 PHY.
Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
This aligns default network interfaces configuration with vendor
firmware: GE (eth0) -> wan, FE (eth1) -> lan.
Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
GMAC0 interface of AR9344 SOC in Wallys DR344 board is connected with
AR8035, not with AR8327. Without this fix, GE interface doesn't work at
all or shows high packet loss ratio.
Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
Netgear X4 R7500 comes with a QCA988X. Select a firmware that matches
the ath10k chipset
Signed-off-by: Thomas Reifferscheid <thomas@reifferscheid.org>
Bump the 17.01 tree kernel to 4.4.69. Trunk 4.4 and 17.01 4.4 have diverged, talked this
through with jow, he was okay with a clean diff against 17.01 and not a backported trunk
patch.
The following patches were applied upstream:
* 062-[1-6]-MIPS-* series
* 042-0004-mtd-bcm47xxpart-fix-parsing-first-block
Reintroduced lantiq/patches-4.4/0050-MIPS-Lantiq-Fix-cascaded-IRQ-setup, as
it was incorrectly included upstream thus dropped from LEDE, but subsequently
reverted upstream. Thanks to Kevin Darbyshire-Bryant for pointing me to it.
Compile-tested on: ar71xx, ramips/mt7621, x86/64.
Run-tested on: ar71xx, ramips/mt7621, x86/64.
Signed-off-by: Stijn Segers <francesco.borromini@inventati.org>
This model also contains few partitions non-discoverable partitions we
need to "protect". Othen than that it uses non-deprecated serial entry
in DTS that doesn't work with LEDE so we need to workaround it as well.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Refer to LINUX_KARCH instead of ARCH when bundling DTS files in the image
builder tarball.
While we're at it, also dereference symbolic links when copying as some
kernel architectures contain symbolic links in their DTS directories.
This fixes aarch64 imagebuilders such as brcm2708/bcm2710 ones in particular
as the kernel refers to "aarch64" as "arm64" internally.
Ref: https://forum.lede-project.org/t/lede-image-builder-problem/3680
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Add missing include of ramips.sh in order to import the missing
ramips_board_name() procedure.
Fixes FS#774.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Build profile for Asmax AR 1004g refers to an invalid DTS "rg100a". The
correct DTS for this device is "ar1004g".
Signed-off-by: Marcin Jurkowski <marcin1j@gmail.com>
It has been shown that the Fritz boxes have the correct mac address set
in the wireless calibration data/eeeprom. Use this mac address as base
for the ethernet and xdsl interface increment/decrement the address to
match the values stored in the tffs.
Signed-off-by: Mathias Kresin <dev@kresin.me>
Do not assign the CPU port twice, this confuses LuCI and possible other
programs relying on topology information in board.json.
Ref: https://github.com/openwrt/luci/issues/1086
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
The WN3000RPv3 is a repeater with a single ethernet port. Setting up the
switch, even to disable it, is unnecessary and possibly confusing.
Configure LAN as eth0 instead.
Signed-off-by: Thibaut VARENE <hacks@slashdirt.org>
Add support for the Observa Telecom VH4032N router.
This is another BCM6368 router, 128 MB RAM, 32MB flash and 3 USB
host ports.
The wifi chip is an onboard Broadcom BCM43222.
Signed-off-by: Daniel Gonzalez Cabanelas <dgcbueu@gmail.com>
[jonas.gorski: use gpio-hog instead of abusing ephy-reset]
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
The Sanlinking Technologies D240
(http://www.sanlinking.com/en/29-dual-4g-wifi-router.html) is basically the same
device as the ZBT WE826, so adding support for it in LEDE is straight forward.
The differences is that the D240 has two mini-PCIe slots (instead of one), blue
LEDs and supports PoE.
Specification:
* CPU: MT7620A
* 1x 10/100Mbps POE (802.3af/802.3at) Ethernet, 4x 10/100Mbps.
* 16 MB Flash.
* 128 MB RAM.
* 1x USB 2.0 port.
* 2x mini-PCIe slots.
* 2x SIM slots.
* 1x 2.4Ghz WIFI.
* 1x button.
Wifi, USB, switch and both mini-PCIe slots are working. I have not been able to
test the SD card reader.
The device comes pre-installed with an older version of OpenWRT, including Luci.
In order to install LEDE, you need to follow the existing procedure for updating
OpenWRT/LEDE using Luci. I.e., you need to access the UI and update the firmware
using the sysupgrade-image. Remember to select that you do not want to keep
existing settings. The default router address is 192.168.10.1 and
username/password admin/root (at least on my devices).
If you brick the device, the procedure for recovery is the same as for the
WE826. Please see the wiki page for that device for instructions.
Signed-off-by: Kristian Evensen <kristian.evensen@gmail.com>
The comptible string is neither added by any LEDE patch nor exists in
in the kernel. Drop the sound node which was obviously added
accidentally with 9195d8da ("ramips: DTS rework").
Signed-off-by: Mathias Kresin <dev@kresin.me>
Use only the jedec,spi-nor compatible string. Everything else either
never worked or is only support to keep compatibility.
Remove the linux,modalias property. It is obsolete since kernel 4.4.
Signed-off-by: Mathias Kresin <dev@kresin.me>
ramips/rt288x WLI-TX4-AG300N was missing support for its 100Mbit switch which
should be included by default.
Signed-off-by: Yo Abe <abe.geel@gmail.com>
[Jo-Philipp Wich: picked from OpenWrt PR#359, rewrap commit msg, fix Sob]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
On some EX2700 devices, the MAC address from the eeprom data differs
from the actual MAC address. Fix that, and cleanup the DTS file
while we're at it.
Signed-off-by: Joseph C. Lehner <joseph.c.lehner@gmail.com>
This patch adds support for the Netgear WN3000RPv3
http://www.netgear.com/support/product/wn3000rpv3.aspx
Specifications:
- SoC: MediaTek MT7620A (580MHz, ramips)
- RAM: 32MB DDR
- Storage: 8MB NOR SPI flash
- Wireless: builtin MT7620A, 2x2:2 with u.FL connectors
- Ethernet: 1x100M
- Serial: JP1 header, 57600-8N1
- Stock firmware based on OpenWRT Kamikaze
Like the EX2700, the bootloader expects a secondary image signature,
see https://forum.openwrt.org/viewtopic.php?pid=312577#p312577
This is why the same fakeroot image is used for the WN3000
Signed-off-by: Thibaut VARENE <hacks@slashdirt.org>
For the miwifi-mini, the offset of ethernet mac should be 0x28
which you can easyily dump from 'Factory' partition.
Signed-off-by: BangLang Huang <banglang.huang@foxmail.com>
The WN3000RPv3 is a repeater with a single ethernet port. Setting up the
switch, even to disable it, is unnecessary and possibly confusing.
Configure LAN as eth0 instead.
Signed-off-by: Thibaut VARENE <hacks@slashdirt.org>
We need to ensure there is enough headroom to push extra header,
but we also need to check if we are allowed to change headers.
skb_cow_head() is the proper helper to deal with this.
Fixes Ethernet<->WiFi bridge for Raspberry Pi and probably other devices.
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
Fix a '==' that should be a '=' in a test condition. Busybox fortunately
doesn't care.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
This fixes GIC interrupts (required before switching to 4.9), adds few
new entires & introduces DTS for Archer C5.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
This router has the same hardware as TP-LINK TL-WR841N/ND v11 (same FCC
ID, same TFTP image name...).
If the stock firmware web interface doesn't accept LEDE factory image,
it can be flashed via the U-Boot TFTP recovery mode, by long-pressing
the reset button after power on.
The TFTP image name is wr841nv11_tp_recovery.bin (yes, v11, not v12).
Signed-off-by: Vittorio Gambaletta <openwrt@vittgam.net>
Fix the PCIe 5GHz wireless by using the on flash eeprom/caldata.
Disable the 2.4GHz band as this band has no antennas attached but is
enabled in the eeprom/caldata.
Fixes: FS#691
Signed-off-by: Mathias Kresin <dev@kresin.me>
Fix the PCIe 5GHz wireless by using the ralink mtd-eeprom property as
this board have a RT5592 and uses the rt2x00 driver. The mediathek
device tree bindings do not work here.
Fixes: FS#691
Fixes: d8dd207ea6 ("ramips: use the ralink,mtd-eeprom device tree property")
Signed-off-by: Mathias Kresin <dev@kresin.me>
The problem is caused by the incorrect handling of the parent inode's
i_nlink count for the dentry to be RENAME_EXCHANGED. There are 3 cases
to consider. Assume we want to RENAME_EXCHANGE struct dentry *a and
struct dentry *b, and inode_a is pointed to by dentry_a, inode_b is
pointed to by dentry_b:
1. If inode_a is a directory, but inode_b isn't, then we must decrease
the i_nlink count of old_dir_i, and increase the i_nlink of new_dir_i.
2. If inode_a isn't a directory, but inode_b is a directory, then we
must increase the i_nlink of old_dir_i, and decrease the i_nlink count
of new_dir_i.
3. If the types of inode_a and inode_b are the same, we don't change the
i_nlink for either old_dir_i or new_dir_i.
Signed-off-by: Jing Qiu <aqiu0720@gmail.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
As usual these patches were extracted and rebased from the raspberry pi repo:
https://github.com/raspberrypi/linux/tree/rpi-4.4.y
- led1 can't be controlled on rpi-3 for linux 4.4, remove it.
- Fix modules.mk typos.
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
Initial idea was to use package with this PHY driver for devices that
need it. Unfortunately this can't work as bgmac is built-in and PHY
probing happens before loading modules - it results in PHY subsystem
picking default (generic) PHY driver.
There were two ways of solving this:
1) Making bcm53xx use bgmac as module
xor
2) Built-in Broadcom PHY driver
After some quick discussion it seems we can simply built-in the driver
as increased kenel size is relatively small (1805 B).
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
the mtd_get_mac_ascii function called within this script requires the inclusion of /lib/functions/system.sh
Signed-off-by: Alberto Bursi <alberto.bursi@outlook.it>
platform_find_rootfspart() fails if the kernel partition comes before the
rootfs partition. The proposed patch fixes this while preserving what I
understand was the original idea: stop at first match.
Signed-off-by: Thibaut VARENE <hacks@slashdirt.org>
The following changes enables GPIO sysfs as well as the LEDS_GPIO option
within the kernel. This is required to enable LEDs over a GPIO
interface.
Signed-off-by: Chris Blake <chrisrblake93@gmail.com>
The ethernet driver uses a port map override via special tag to control
the ports on which multicast packets are sent. This was added to work
around an issue in the switch that was occasionally leaking packets onto
the wrong vlan.
Unfortunately the change had some leftover lines that were overwrting
the port map with a list of all ports, thus always leaking packets onto
the wront vlan.
Fix this by only enabling the override with the VLAN port map and only
if a matching VLAN port map was actually found
Signed-off-by: Felix Fietkau <nbd@nbd.name>
This reverts commit ec1a695daa.
Revert the workaround, the problem was properly fixed in
2374549916.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
(cherry picked from commit 5c49fecf72)
commit 33b72b8e0f
"ar8216: adjust ATU flushing in case of link changes"
introduced portwise flushing on link down events. Now the ARL table could
be in a chaotic state after boot where ar8xxx_sw_get_arl_table looped
forever (depending on the entries collected while booting).
Fixes FS#384.
Signed-off-by: Günther Kelleter <guenther.kelleter@devolo.de>
(cherry picked from commit 2374549916)
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
The code that generates this image is broken in many ways.
The new code currently in master generates images that will not be compatible
with the ones in 17.01. To avoid a migration nightmare, this patch removes
image generation for this device in 17.01
Signed-off-by: Thibaut VARENE <hacks@slashdirt.org>
Properly resolve symbolic tag names when constructing the base feed Git url
and avoid emitting "HEAD" references when building from detached commits.
Fixes#495, #501.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Use the nas0 interface for the netdev trigger as default. Use the ptm0
interface for xRX200 boards to match the default wan interface set in
02_network.
Signed-off-by: Mathias Kresin <dev@kresin.me>
Move the code to check if the current system is a system with vdsl
support to a dedicate function to make it reusable.
Signed-off-by: Mathias Kresin <dev@kresin.me>
QCA956x is configured like AR934x, not like the older chips.
Should fix ethernet hangs when using the WAN port without SGMII
Signed-off-by: Felix Fietkau <nbd@nbd.name>
This makes the Geode images actually useful again. The Geos profile
should include the relevant hardware for that board, and the Default
profile adds the via-rhine adapter which seems to have been present in
the net5501 and alix targets killed in commit 9e0759ea26 ("x86: merge
all geode based subtargets into one").
Signed-off-by: David Woodhouse <dwmw2@infradead.org>
This adds the default LED and network settings for the PC Engines APU2
when running under the x86 target.
[dwmw2: Change Ethernet port setup]
Signed-off-by: Chris Blake <chrisrblake93@gmail.com>
Based on a patch from Chris Blake <chrisrblake93@gmail.com>, except let's
do it by using the LED configuration instead of hard-coding it for each
board type. And try using /bin/board_detect to do the default behaviour,
on the first boot where the config hasn't yet been generated.
Signed-off-by: David Woodhouse <dwmw2@infradead.org>
This change moves the files in 657418d to the root of the x86 target.
This is done in preperation for adding more devices under other
subtargets.
CC: David Woodhouse <dwmw2@infradead.org>
Signed-off-by: Chris Blake <chrisrblake93@gmail.com>
When we merged all the Geode boards into one generic target, the default
network and LED configuration was lost. Put it back.
Fixes: 9e0759ea26 ("x86: merge all geode based subtargets into one")
Signed-off-by: David Woodhouse <dwmw2@infradead.org>
We're past v17.01.0-rc2 phase and these few targets are stuck at 3.18
kernel. We obviously don't want to have targets like this built for the
release, especially with 3.18 being EOL.
It may be not too late for bringing these targets back for the next
minor release, so just mark them as source-only instead of dropping
completely.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>