The following patches were integrated upstream:
* target/linux/ipq40xx/patches-4.14/050-0006-mtd-nand-qcom-Add-a-NULL-check-for-devm_kasprintf.patch
* target/linux/mediatek/patches-4.14/0177-phy-phy-mtk-tphy-use-auto-instead-of-force-to-bypass.patch
This fixes tries to work around the following security problems:
* CVE-2018-3620 L1 Terminal Fault OS, SMM related aspects
* CVE-2018-3646 L1 Terminal Fault Virtualization related aspects
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
In 4.14.57, a new symbol for Spectre v4 mitigation was introduced for
ARM64. Add this symbol to all ARM64 targets using kernel 4.14.
This mitigates CVE-2018-3639 on ARM64.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
(cherry picked from commit 77e3e706ce0dfe653a28e088bdcf0acddead0091)
Drop the parallel-unsafe custom Build/dtb macro and use the .dtb artifacts
produced by the generic image build code.
Also remove unused .dtb references in the mt7623 subtarget.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(backported from commit 8194f9ef4a5ab4587e8f6cf1aec96ba89c5766fd)
Refreshed all patches
Reworked patches to match upstream:
335-v4.16-netfilter-nf_tables-add-single-table-list-for-all-fa.patch
Compile-tested on: cns3xxx, imx6, x86_64
Runtime-tested on: cns3xxx, imx6, x86_64
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
zram.ko needs CONFIG_BLK_DEV activated and it is by default for all
other targets in OpenWrt.
This makes zram.ko compile again.
Compile tested only.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 6745af9a0de28171b45c0e8584e393bd80f0a377)
Neon and vfpv4 are mandatory extensions in the ARM64 instruction set
now, do not activate them explicitly. GCC will make use of these
extension now by default.
This makes it possible to share the toolchain with other Cortex A53
SoCs.
Compile tested only.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 10ce015c652b1e48c1c113604e26481626fa6059)
Refreshed patches. The following patches were upstreamed and have been deleted:
* target/linux/lantiq/patches-4.14/0025-MIPS-lantiq-gphy-Remove-reboot-remove-reset-asserts.patch
* target/linux/generic/pending-4.14/101-clocksource-mips-gic-timer-fix-clocksource-counter-w.patch
* target/linux/generic/pending-4.14/103-MIPS-c-r4k-fix-data-corruption-related-to-cache-coherence.patch
* target/linux/generic/pending-4.14/181-net-usb-add-lte-modem-wistron-neweb-d18q1.patch
Compile-tested: ramips/mt7621, x86/64
Run-tested: ramips/mt7621
Signed-off-by: Stijn Segers <foss@volatilesystems.org>
THIN_ARCHIVES option is enabled by default in the kernel configuration
and no one target config disables it. So enable it by default and remove
this symbol from target specific configs to keep them light.
Signed-off-by: Sergey Ryazanov <ryazanov.s.a@gmail.com>
(cherry picked from commit 67a3cdcbb05559549985a189eabaf2df92559ed7)
New FUTEX_PI configuration symbol enabled if FUTEX and RT_MUTEX symbols
are enabled. Both of these symbols are enabled by default in the
generic config, so enable FUTEX_PI by default too to keep platform
specific configs minimal.
Signed-off-by: Sergey Ryazanov <ryazanov.s.a@gmail.com>
(cherry picked from commit bdc2b58c4bccb50242af853dc80b50f9324b841c)
OVERLAY_FS config symbol selects EXPORTFS since 4.12 kernel, we have
OVERLAY_FS enabled by default, so enable EXPORTFS in the generic config
of 4.14 and remove this option from platform specific configs.
Signed-off-by: Sergey Ryazanov <ryazanov.s.a@gmail.com>
(cherry picked from commit a08b0d0c3149060f1585ad3ea2ea3edfde71bce4)
DRM_LIB_RANDOM config symbol selected only by DRM_DEBUG_MM_SELFTEST
which is disable by default, so disable DRM_LIB_RANDOM by default too.
Signed-off-by: Sergey Ryazanov <ryazanov.s.a@gmail.com>
(cherry picked from commit 978543a246c6badb5e5e1c2430211e01f005af27)
These options do not used by any supported arch, so disable them by
default to make arch configs a bit more clean.
Signed-off-by: Sergey Ryazanov <ryazanov.s.a@gmail.com>
(cherry picked from commit ead26e9db649a508ba93e7e8193ada70322620b1)
Only one arch (x86_64) enables this option. So disable
ARCH_WANTS_THP_SWAP by default and remove referencies to it from all
configs (except x86_64) to make them clean.
Signed-off-by: Sergey Ryazanov <ryazanov.s.a@gmail.com>
(cherry picked from commit f928c338ad6c8215a5fe280473e37786157a2d05)
This reverts commit 5555545494c876adedf4f0038db49c1d85527e78.
The target supports both NEON and VFPv4, but for this to work properly,
a few more changes are needed:
- enable NEON support in the kernel config
- add the fpu feature flag to the makefile
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Right patch version this time, sorry!
* Patch 180-usb-xhci-add-support-for-performing-fake-doorbell.patch had to be adjusted slightly because of upstream adapted code.
* Refreshed patches.
Compile-tested: ramips/mt7621, x86/64
Run-tested: ramips/mt7621, x86/64
Signed-off-by: Stijn Segers <foss@volatilesystems.org>
Tested-by: Rosen Penev <rosenp@gmail.com>
This patch bumps the 4.14 kernel to .23.
- Refreshed patches.
- Deleted bcm53xx/patches-4.14/089-PCI-iproc-Fix-NULL-pointer-dereference-for-BCMA.patch. Has been accepted upstream.
- Deleted generic/pending-4.14/821-usb-Remove-annoying-warning-about-bogus-URB.patch. The upstream URB code was changed,
the patch no longer applies. I discussed this with the patch author and removed it for now, we'll see how it goes.
Compile-tested on: ramips/mt7621, x86/64
Run-tested on: ramips/mt7621, x86/64
Signed-off-by: Stijn Segers <foss@volatilesystems.org>
This caused v4.14.20 based builds so fail on mediatek.
Fixes: 6112abf186bf ("kernel: enable CONFIG_USB_PCI for PCI usb modules").
Signed-off-by: Mathias Kresin <dev@kresin.me>
Calling nand_do_upgrade() from platform_pre_upgrade() was deprecated
with 30f61a34b4cf ("base-files: always use staged sysupgrade").
Update the platform upgrade code to use platform_do_upgrade() for NAND
images as well.
Signed-off-by: Mathias Kresin <dev@kresin.me>
This drops support for all the !emmc EVB and adds banannaPi-R2
Also drop mtkhnat until the nftables offoad driver is ready
Signed-off-by: John Crispin <john@phrozen.org>
This reverts commit 3594447a7d0398c55ea78f658b52b7d8084ae9f9.
This causes the userland to not come up properly
Signed-off-by: John Crispin <john@phrozen.org>
The arm CPUs uses in the supported Mediatket SoCs have a FPU accordingly
to the datasheet, activate it also. The CPU subtype "neon-vfpv4" is
selected, but the toolcahin generated for this SoC will still be
compiled with soft float and not with the hard float ABI as we haven't
the fpu feature flag set. If this toolchain is reused by other targets
this will even affect other targets.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Refresh patches.
Compile-tested on octeon and x86/64.
Runtime-tested on octeon and x86/64.
Fixes the following CVEs:
- CVE-2017-14106
- CVE-2017-14497
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Refresh patches.
Compile-tested on ipq8065/nbg6817 and x86/64.
Runtime-tested on ipq8065/nbg6817 and x86/64.
Fixes CVE-2017-1000251.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
[adapt qcom_nandc.c patches to match upstream changes, test ipq8065/nbg6817]
Signed-off-by: Stefan Lippers-Hollmann <s.l-h@gmx.de>
Refresh patches.
Compile-tested on octeon and x86/64.
Runtime-tested on octeon and x86/64.
Fixes CVE-2017-11600.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Refresh patches.
Compile-tested on ramips/mt7621 and x86/64.
Runtime-tested on ramips/mt7621 and x86/64.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* fixes default affinity
* adds a napi watchdog - we were seeing stalled TX queues
* adds up/down locking
Signed-off-by: John Crispin <john@phrozen.org>
