This is related to the upstream kernel change 3b0f31f2b8c9 ("genetlink:
make policy common to family").
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
This adds initial support for kernel 4.14 based on the patches for
kernel 4.9.
In the configuration I deactivated some of the new possible security
features like:
CONFIG_REFCOUNT_FULL
CONFIG_SLAB_FREELIST_HARDENED
CONFIG_SOFTLOCKUP_DETECTOR
CONFIG_WARN_ALL_UNSEEDED_RANDOM
And these overlay FS options are also deactivated:
CONFIG_OVERLAY_FS_INDEX
CONFIG_OVERLAY_FS_REDIRECT_DIR
I activated this:
CONFIG_FORTIFY_SOURCE
CONFIG_POSIX_TIMERS
CONFIG_SLAB_MERGE_DEFAULT
CONFIG_WATCHDOG_HANDLE_BOOT_ENABLED
I am not sure if I did the porting correct for the following patches:
target/linux/generic/backport-4.14/020-backport_netfilter_rtcache.patch
target/linux/generic/hack-4.14/220-gc_sections.patch
target/linux/generic/hack-4.14/321-powerpc_crtsavres_prereq.patch
target/linux/generic/pending-4.14/305-mips_module_reloc.patch
target/linux/generic/pending-4.14/611-netfilter_match_bypass_default_table.patch
target/linux/generic/pending-4.14/680-NET-skip-GRO-for-foreign-MAC-addresses.patch
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Imported from e1aaf7ec00%5E%21/#F0
Signed-off-by: Pavel Kubelun <be.dissent@gmail.com>
CHROMIUM: net: ar8216: address security vulnerabilities in swconfig & ar8216
This patch does the following changes:
*address the security vulnerabilities in both swconfig framework and in
ar8216 driver (many bound check additions, and turned swconfig structure
signed element into unsigned when applicable)
*address a couple of whitespaces and indendation issues
BUG=chrome-os-partner:33096
TEST=none
Change-Id: I94ea78fcce8c1932cc584d1508c6e3b5dfb93ce9
Signed-off-by: Mathieu Olivari <mathieu@codeaurora.org>
Reviewed-on: https://chromium-review.googlesource.com/236490
Reviewed-by: Toshi Kikuchi <toshik@chromium.org>
Commit-Queue: Toshi Kikuchi <toshik@chromium.org>
Tested-by: Toshi Kikuchi <toshik@chromium.org>
The swconfig kernel infrastructure fails to do any permissions checks when
changing settings. As such an ordinary user account on a device with a
switch can change switch settings without any special permissions.
Routers generally have few non-admin users so this isn't a big hole, but it
is a security hole. Likely the greatest danger is for multifunction devices
which have a lot of extra daemons, compromising a low-security daemon would
allow one to modify switch settings and cause the router/switch to appear to
lock-up (or cause other sorts of troublesome nyetwork behavior).
Implement a check for CAP_NET_ADMIN in swconfig_set_attr() and deny any
requests originating from user contexts lacking this capability.
Reported-by: Elliott Mitchell <ehem+openwrt@m5p.com>
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
It's quite common for switches to have PHY per port so adding a generic
helper setting link state will help many drivers. It just needs an API
to access PHYs which this patch also adds.
Signed-off-by: Rafał Miłecki <zajec5@gmail.com>
SVN-Revision: 48621
Directly return the return value of genl_register_family_with_ops()
instead of storing it in a temporary variable, then returning it.
Signed-off-by: Jonas Gorski <jogo@openwrt.org>
SVN-Revision: 48472
Some switches can force link speed for a port. Let's add API that will
allow drivers to export this feature.
Signed-off-by: Rafał Miłecki <zajec5@gmail.com>
SVN-Revision: 48142
As explained earlier, using SWITCH_TYPE_LINK gives more flexibility,
it doesn't require e.g. string parsing to read some data.
Signed-off-by: Rafał Miłecki <zajec5@gmail.com>
SVN-Revision: 47999
So far we were sending link data as a string. It got some drawbacks:
1) Didn't allow writing clean user space apps reading link state. It was
needed to do some screen scraping.
2) Forced whole PORT_LINK communication to be string based. Adding
support for *setting* port link required passing string and parting
it in the kernel space.
Signed-off-by: Rafał Miłecki <zajec5@gmail.com>
SVN-Revision: 47997
AR8327/AR8337 allow to read the result of EEE autonegotiation.
If EEE is autonegotiated between the link partners, display
this as part of the swconfig get_link attribute.
eee100: 100MBit EEE supported by both link partners
eee1000: 1GBit EEE supported by both link partners
Signed-off-by: Heiner Kallweit <hkallweit1@gmail.com>
SVN-Revision: 44022
Boards that have more than one swconfig enabled switch will show the devices in
reverse order when call swconfig list. Fix this by using list_add_tail().
Signed-off-by: John Crispin <blogic@openwrt.org>
SVN-Revision: 43106
swconfig does not compile with 3.7 because
struct netlink_notify->pid has been renamed to
struct netlink_notify->portid
and
struct genl_info->snd_pid has been renamed to
struct genl_info->snd_portid
Use the new names and add compatibility patches
to 3.3 and 3.6.
Signed-off-by: Gabor Juhos <juhosg@openwrt.org>
SVN-Revision: 34288
Also make switches available under a generic name "switch<num>" for device
name agnostic access. The old device name is used as an alias for backward
compatibility.
SVN-Revision: 27800
SPIN_LOCK_UNLOCKED has been deprecated since 2.6.19 and will get removed
in 2.6.39, so replace it with DEFINE_SPINLOCK().
Signed-off-by: Jonas Gorski <jonas.gorski+openwrt@gmail.com>
SVN-Revision: 26770