CONFIG_BINFMT_MISC allows it to add support for new executable formats
to the kernel from user space, the kernel will then detect for example a
java binary and call the java execution program automatically. I am not
aware that this feature is used in OpenWrt and this could be used to
exploit something. Deactivate it for all targets for now.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Some targets deactivated CONFIG_SYN_COOKIES, for unknown reasons, use
the default setting from the generic configuration which activates
CONFIG_SYN_COOKIES.
This should prevent SYN flooding.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
This removes support for executing old 32 bit applications on 64 bit ARM
and MIPS kernels.
On OpenWrt we normally compile all the user space applications on our
own and do not support third party binary only modules especial not 32
bit applications on 64 bit CPUs.
This reduces the attack surface on such systems and should also save
some memory.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
These were renamed to CONFIG_STRICT_KERNEL_RWX and CONFIG_STRICT_MODULE_RWX and are
activated in kernel 4.14 and later by default.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
This activates "Emulate Privileged Access Never using TTBR0_EL1
switching" on ARM64.
This should prevent the kernel from reading code from user space in
kernel context.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
This adds additional checks to the copy_from_user() and copy_to_user()
functions. The details are described in this article:
https://lwn.net/Articles/695991/
This should only have a very small performance impact on system calls
and should not affect routing performance.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Add some read-only properties to protect partitions from
accidental changes.
Also fixed two whitespaces error on the way.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
The factory firmware omits the JFFS2 end-marker while flashing via
web-interface. Add a 64k padding after the marker fixes this problem.
When the end-marker is not present, OpenWRT won't save the overlayfs
after initial flash.
Reported-by: Andreas Ziegler <dev@andreas-ziegler.de>
Signed-off-by: David Bauer <mail@david-bauer.net>
The correct board_name for the Turris Omnia is armada-385-turris-omnia.
Fixes: 4e8345ff68 ("mvebu: base-files: autodetect upgrade device")
Signed-off-by: Klaus Kudielka <klaus.kudielka@gmail.com>
Recently, upgrade device autodetection has been added to the mvebu target.
This exposes some shortcomings of the generic export_bootdevice function,
e.g. on the Turris Omnia: export_bootdevice silently reports the root
partition to be the boot device. This makes the sysupgrade process fail at
several places.
Fix this by clearly distinguishing between /proc/cmdline arguments which
specify the boot disk, and those which specify the root partition. Only in
the latter case, strip off the partition, and do it consistently.
root=PARTUUID=<pseudo PARTUUID for MBR> (any partition) and root=/dev/*
(any partition) are accepted.
The root of the problem is that the *existing* export_bootdevice in
/lib/upgrade/common.sh behaves differently, if the kernel is booted with
root=/dev/..., or if it is booted with root=PARTUUID=...
In the former case, it reports back major/minor of the root partition,
in the latter case it reports back major/minor of the complete boot disk.
Targets, which boot with root=/dev/... *and* use export_bootdevice /
export_partdevice, have added workarounds to this behaviour, by specifying
*negative* increments to the export_partdevice function.
Consequently, those targets have to be adapted to use positive increments,
otherwise they are broken by the change to export_bootdevice.
Fixes: 4e8345ff68 ("mvebu: base-files: autodetect upgrade device")
Signed-off-by: Klaus Kudielka <klaus.kudielka@gmail.com>
Tested-by: Tomasz Maciej Nowak <tomek_n@o2.pl>
Extended mksenaofw to support new "capwap" header structure.
This supports flashing from factory 3.0.0, 3.0.1, 3.1.0 and 3.5.5
firmware.
Note that the factory image format changes for 3.1 and later firmware,
and that the 3.1.0 and 3.5.5 Engenius firmware will refuse the
factory_30.bin file. Similarly, the 3.0.0 and 3.0.1 Engenius firmware
will refuse the factory_35.bin file.
Flashing from the Engenius 3.1.0 firmware with the factory_35.bin
firmware has not been tested, as 3.1.0 firmware (Engenius "middleFW")
is only intended as part of the upgrade path to 3.5.5 firmware.
Modified ipq40xx image Makefile to appropriately invoke mksenaofw
with new parameters to configure the capwap header.
Note that there is currently no method to return to factory firmware,
so this is a one-way street.
Path from factory 3.0.0 and 3.0.1 (EnGenius) software to OpenWrt is
to navigate to 192.168.1.1 on the stock firmware and navigate to the
firmware menu. Then copy the URL you have for that page, something like
http://192.168.1.1/cgi-bin/luci/;stok=12345abcdef/admin/system/flashops
and replace the trailing /admin/system/flashops with just /easyflashops
You should then be presented with a simple "Firmware Upgrade" page.
On that page, BE SURE TO CLEAR the "Keep Settings:" checkbox.
Choose the openwrt-ipq40xx-engenius_ens620ext-squashfs-factory_30.bin,
click "Upgrade" and on the following page select "Proceed".
Path from factory 3.5.5 (EnGenius) software to OpenWrt is simply to
use the stock firmware update menu. Choose the
openwrt-ipq40xx-engenius_ens620ext-squashfs-factory_35.bin and click
"Upload" and "Proceed".
The device should then flash the OpenWrt firmware and reboot. Note
that this resets the device to a default configuration with Wi-Fi
disabled, LAN1/PoE acting as a WAN port (running DHCP client) and LAN2
acting as a LAN port with a DHCP server on 192.168.1.x (AP is at
192.168.1.1)
Signed-off-by: Steve Glennon <s.glennon@cablelabs.com>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
[sorry, for unfixing the 80-lines eyesores.]
This patch works around an issue where reboot would cause the AP
to power down and not reboot.
The ipq4019 restart controller reboot causes the system
to power down and not recover. Fix is to disable the restart
controller in the device tree and the device reverts to
using the watchdog to perform the reset.
The real problem is due to the buggy bootloader that ships
with the device. Steve Glennon reported in the PR for this
patch: <https://github.com/openwrt/openwrt/pull/2009> that:
"the problem was due to a bad u-boot that ships with the device.
Using the u-boot that comes with 3.5.5.3 EnGenius factory
software now allows the old code (using the do_msm_reboot)
to reboot successfully.
On to the bad news:
Well 3.5.5.3 is a bad path. Finally managed to recover. You
CANNOT use prior EnGenius firmware to downgrade.
Findings:
* They now password protect the serial console with a new, unkown
password.
* They changed the protection on their walled-garden. I have to
use the ssh admin@ip /bin/sh --login to get out of their
walled-garden.
* Attempts to flash the original 3.0.0 or 3.0.1 EnGenius firmware
fail through the UI and sysupgrade. Their firmware update GUI now
seem to detect regular openwrt images, but they fail to flash
Attempts to flash a normal OpenWrt image with sysupgrade fail.
[..]
Attempts to sysupgrade with EnGenius firmware fail with the same
"mandatory section(s) missing" error, so you cannot downgrade to
3.0.0 or 3.0.1."
Signed-off-by: Steve Glennon <s.glennon@cablelabs.com>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com> [added valuable
findings from github discussion]
Marvell sata controllers in all kirkwood SoCs support
sata port multipliers, just like mvebu.
Enable this feature in the default kernel config
so it is available in normal builds.
tested and working on nsa310b
Signed-off-by: Alberto Bursi <alberto.bursi@outlook.it>
If the target supports a newer kernel version that is not used by default
yet, it can be enabled with this option
Signed-off-by: Felix Fietkau <nbd@nbd.name>
MT7620 integrated WMAC does not need RT2x00 PCI driver or firmware
Also corrected kmod-eeprom-93cx6 and kmod-lib-crc-itu-t dependencies
according to original Kconfig and lsmod output
This will remove some unnecessary packages from MT7620 target to
save some space
Signed-off-by: Deng Qingfang <dengqf6@mail2.sysu.edu.cn>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
[75 characters per line in the commit message]
Switches failsafe mode interface from WAN to LAN ports.
Tested on TL-WR940Nv6.0 and TL-WR940Nv6.1
Signed-off-by: Joachim Fünfer <joachim.fuenfer@stusta.net>
This corrects the PLL value for 10 Mbit/s links on the OCEDO Raccoon.
Prior to this patch, 10 Mbit/s links would not transmit data.
It is worth mentioning that the vendor firmware used the same PLL
settings and 10Mbit/s was also not working there.
All other link-modes are working correctly without any packet loss.
Signed-off-by: David Bauer <mail@david-bauer.net>
This commit fixes following script error in syslog:
cat: can't open '/sys/devices/platform/ehci-platform/usb1/1-1/1-1.2/1-1.2:1.4/ieee80211/phy*/name': No such file or directory
sh: add: unknown operand
sh: add: unknown operand
Signed-off-by: Rosy Song <rosysong@rosinson.com>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
[commit subject and message tweaks]
Upstream has renamed UPROBE_EVENT to UPROBE_EVENTS in the following
commit:
commit 6b0b7551428e4caae1e2c023a529465a9a9ae2d4
Author: Anton Blanchard <anton@samba.org>
Date: Thu Feb 16 17:00:50 2017 +1100
perf/core: Rename CONFIG_[UK]PROBE_EVENT to CONFIG_[UK]PROBE_EVENTS
We have uses of CONFIG_UPROBE_EVENT and CONFIG_KPROBE_EVENT as
well as CONFIG_UPROBE_EVENTS and CONFIG_KPROBE_EVENTS.
Consistently use the plurals.
So I'm changing it to this plural option in order to make kconfig happy
and stop asking about it if kernel is compiled with verbose logging:
Enable uprobes-based dynamic events (UPROBE_EVENTS) [Y/n/?] (NEW)
Signed-off-by: Petr Štetiar <ynezz@true.cz>
No target is using kernel 3.18 anymore, remove all the generic
support for kernel 3.18.
The removed packages are depending on kernel 3.18 only and are not used on
any recent kernel.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
This target only supports kernel 3.18, which is not supported in OpenWrt
any more for multiple releases. It also looks like there is no active
maintainer for this target.
Remove the code and all the packages which are only used by this target.
To add this target to OpenWrt again port it to a recent and supported
kernel version.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
This target only supports kernel 4.1, which is not supported in OpenWrt
any more for multiple releases. It also looks like there is no active
maintainer for this target.
Remove the code and all the packages which are only used by this target.
To add this target to OpenWrt again port it to a recent and supported
kernel version.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
This target only supports kernel 3.18, which is not supported in OpenWrt
any more for multiple releases. It also looks like there is no active
maintainer for this target.
Remove the code and all the packages which are only used by this target.
To add this target to OpenWrt again port it to a recent and supported
kernel version.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
This target only supports kernel 3.18, which is not supported in OpenWrt
any more for multiple releases. It also looks like there is no active
maintainer for this target.
Remove the code and all the packages which are only used by this target.
To add this target to OpenWrt again port it to a recent and supported
kernel version.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
This target only supports kernel 3.18, which is not supported in OpenWrt
any more for multiple releases. It also looks like there is no active
maintainer for this target.
Remove the code and all the packages which are only used by this target.
To add this target to OpenWrt again port it to a recent and supported
kernel version.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
This target only supports kernel 3.18, which is not supported in OpenWrt
any more for multiple releases. It also looks like there is no active
maintainer for this target.
Remove the code and all the packages which are only used by this target.
To add this target to OpenWrt again port it to a recent and supported
kernel version.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
This target only supports kernel 3.18, which is not supported in OpenWrt
any more for multiple releases. It also looks like there is no active
maintainer for this target.
Remove the code and all the packages which are only used by this target.
To add this target to OpenWrt again port it to a recent and supported
kernel version.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
This target only supports kernel 3.18, which is not supported in OpenWrt
any more for multiple releases. It also looks like there is no active
maintainer for this target.
Remove the code and all the packages which are only used by this target.
To add this target to OpenWrt again port it to a recent and supported
kernel version.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
This target adds an alternative mmc driver using a patch.
Within this patch, a definition got renamed upstream.
Change it to fix following compile error:
CC drivers/mmc/host/bcm2835-mmc.o
In file included from ./include/linux/kernel.h:14:0,
from ./include/linux/delay.h:22,
from drivers/mmc/host/bcm2835-mmc.c:25:
drivers/mmc/host/bcm2835-mmc.c: In function 'bcm2835_mmc_dumpregs':
drivers/mmc/host/bcm2835-mmc.c:254:27: error: 'SDHCI_ACMD12_ERR' undeclared (first use in this function); did you mean 'SDHCI_CMD_CRC'?
bcm2835_mmc_readw(host, SDHCI_ACMD12_ERR),
^
./include/linux/printk.h:137:18: note: in definition of macro 'no_printk'
printk(fmt, ##__VA_ARGS__); \
^~~~~~~~~~~
drivers/mmc/host/bcm2835-mmc.c:253:2: note: in expansion of macro 'pr_debug'
pr_debug(DRIVER_NAME ": AC12 err: 0x%08x | Slot int: 0x%08x\n",
^~~~~~~~
drivers/mmc/host/bcm2835-mmc.c:254:27: note: each undeclared identifier is reported only once for each function it appears in
bcm2835_mmc_readw(host, SDHCI_ACMD12_ERR),
^
./include/linux/printk.h:137:18: note: in definition of macro 'no_printk'
printk(fmt, ##__VA_ARGS__); \
^~~~~~~~~~~
drivers/mmc/host/bcm2835-mmc.c:253:2: note: in expansion of macro 'pr_debug'
pr_debug(DRIVER_NAME ": AC12 err: 0x%08x | Slot int: 0x%08x\n",
^~~~~~~~
scripts/Makefile.build:326: recipe for target 'drivers/mmc/host/bcm2835-mmc.o' failed
make[8]: *** [drivers/mmc/host/bcm2835-mmc.o] Error 1
Upstream commit:
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v4.14.114&id=45fd8679ea86bffb352132a1df4917c3d11375aa
Fixes: b765f4be40 ("kernel: bump 4.14 to 4.14.114")
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
Since ct->proto.tcp.last_win isn't updated when nf_ct_tcp_no_window_check is
enabled, the retransmission timeout check needs to be bypassed.
Based on patch by Rob Mosher
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Refreshed all patches.
New symbols:
- CONFIG_LDISC_AUTOLOAD
- CONFIG_PPC_BARRIER_NOSPEC
Compile-tested on: ar7
Runtime-tested on: none
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
This patch fixes disfunctional WLAN LED on TP-Link W8970. The LED was
reported working in the CC release[1], but doesn't work anymore in 18.06.2.
1. 420cb24d41
Tested-by: Damian Janarek <dzanar18@o2.pl>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Both targets have their own idea of how to use ehci-fsl.
This patch reverts part of commit
68b8d3b079 ("kernel: usb: add FSL EHCI package") and moves
ehci-fsl back into kmod-usb2, while also making it hopefully
useable for the mpc85xx target.
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>