Commit Graph

31 Commits

Author SHA1 Message Date
Koen Vandeputte
e31d158c4d kernel: bump 4.14 to 4.14.176
Refreshed all patches.

Remove upstreamed:
- 0001-net-thunderx-workaround-BGX-TX-Underflow-issue.patch
- 600-ipv6-addrconf-call-ipv6_mc_up-for-non-Ethernet-inter.patch
- 184-USB-serial-option-add-Wistron-Neweb-D19Q1.patch

Fixes:
- CVE-2020-8648 (potentially)
- CVE-2020-8647
- CVE-2020-8649

Compile-tested on: cns3xxx, octeontx
Runtime-tested on: cns3xxx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2020-04-16 13:23:11 +02:00
Tim Harvey
4298339b23 octeontx: switch to kernel 5.4
5.4 is stable on Gateworks Newport GW610x/GW620x/GW630x/GW640x

Signed-off-by: Tim Harvey <tharvey@gateworks.com>
2020-04-03 12:17:45 +02:00
Petr Štetiar
5ecc0cfd6f kernel: bump 5.4 to 5.4.28
Changelog since 5.4.24 mentions CVE-2019-19769, CVE-2020-8648,
CVE-2020-8649 and CVE-2020-8647.

Removed upstreamed:

 generic: 507-v5.6-iio-chemical-sps30-fix-missing-triggered-buffer-depe.patch
 generic: 600-ipv6-addrconf-call-ipv6_mc_up-for-non-Ethernet-inter.patch
 bcm27xx: 950-0435-ASoC-pcm512x-Fix-unbalanced-regulator-enable-call-in.patch
 ipq806x: 701-stmmac-fix-notifier-registration.patch
 lantiq: 002-pinctrl-falcon-fix-syntax-error.patch
 octeontx: 0002-net-thunderx-workaround-BGX-TX-Underflow-issue.patch

Run tested: apu2, qemu-x86-64, apalis, a64-olinuxino, nbg6617
Build tested: sunxi/a53, imx6, x86/64, ipq40xx

Tested-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk> [apu2]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-03-28 13:03:02 +01:00
Tomasz Maciej Nowak
ddc0e87fae kernel: move TEO governor to generic config
This new symbol popped up in few places. Disable it in generic config.

Signed-off-by: Tomasz Maciej Nowak <tomek_n@o2.pl>
[fixed merge conflict in generic/config-5.4]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-03-17 00:51:48 +01:00
Petr Štetiar
9ba09653ad treewide: remove maintainer variable from targets
There is no such role as target maintainer anymore, one should always
send corresponding changes for the review and anyone from the commiters
is allowed to merge them or eventually use the hand break and NACK them.

Lets make it clear, that it is solely a community doing the maintenance
tasks.

Signed-off-by: Petr Štetiar <ynezz@true.cz>
Acked-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Acked-by: Piotr Dymacz <pepe2k@gmail.com>
2020-03-16 22:21:45 +01:00
Yousong Zhou
1d03283eb2 kernel: 5.4: remove some dup config options already set in generic
This furthers 860652f4b9 ("kernel: 5.4: move some kconfig options to
generic")

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2020-03-10 14:45:36 +08:00
Tim Harvey
bcb4ac2539 octeontx: add support for Linux 5.4
Signed-off-by: Tim Harvey <tharvey@gateworks.com>
[add KERNEL_TESTING_PATCHVER]
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2020-03-09 11:13:02 +01:00
Hauke Mehrtens
25b422a041 kernel: bump 4.14 to 4.14.160
Refreshed all patches.

Compile-tested on: ipq40xx, apm821xx
Runtime-tested on: ipq40xx

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-12-24 17:45:54 +01:00
Tim Harvey
d3d06f1500 octeontx: fix thunderx BGX underflow irq name
request_irq requires irq names to be static/allocated and not on the stack

Signed-off-by: Tim Harvey <tharvey@gateworks.com>
2019-10-27 12:13:59 +01:00
Hauke Mehrtens
46af22de16 kernel: Remove CONFIG_COMPAT
This removes support for executing old 32 bit applications on 64 bit ARM
and MIPS kernels.
On OpenWrt we normally compile all the user space applications on our
own and do not support third party binary only modules especial not 32
bit applications on 64 bit CPUs.

This reduces the attack surface on such systems and should also save
some memory.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-05-11 17:15:41 +02:00
Hauke Mehrtens
32eb66881c kernel: Activate CONFIG_ARM64_SW_TTBR0_PAN
This activates "Emulate Privileged Access Never using TTBR0_EL1
switching" on ARM64.

This should prevent the kernel from reading code from user space in
kernel context.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-05-11 17:15:41 +02:00
Felix Fietkau
212aa33226 kernel: enable memory compaction
Compaction is the only memory management component to form high order (larger
physically contiguous) memory blocks reliably. The page allocator relies on
compaction heavily and the lack of the feature can lead to unexpected OOM
killer invocations for high order memory requests. You shouldn't disable this
option unless there really is a strong reason for it.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
Signed-off-by: Michal Hrusecky <michal.hrusecky@nic.cz>
2018-10-09 14:29:55 +02:00
Stijn Tintel
77e3e706ce kernel: add missing ARM64_SSBD symbol
In 4.14.57, a new symbol for Spectre v4 mitigation was introduced for
ARM64. Add this symbol to all ARM64 targets using kernel 4.14.

This mitigates CVE-2018-3639 on ARM64.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2018-07-31 12:22:11 +03:00
Sergey Ryazanov
67a3cdcbb0 kernel: enable THIN_ARCHIVES by default
THIN_ARCHIVES option is enabled by default in the kernel configuration
and no one target config disables it. So enable it by default and remove
this symbol from target specific configs to keep them light.

Signed-off-by: Sergey Ryazanov <ryazanov.s.a@gmail.com>
2018-05-22 07:55:20 +02:00
Sergey Ryazanov
bdc2b58c4b kernel: enable FUTEX_PI by default
New FUTEX_PI configuration symbol enabled if FUTEX and RT_MUTEX symbols
are enabled. Both of these symbols are enabled by default in the
generic config, so enable FUTEX_PI by default too to keep platform
specific configs minimal.

Signed-off-by: Sergey Ryazanov <ryazanov.s.a@gmail.com>
2018-05-22 07:55:12 +02:00
Sergey Ryazanov
a08b0d0c31 kernel: enable EXPORTFS by default
OVERLAY_FS config symbol selects EXPORTFS since 4.12 kernel, we have
OVERLAY_FS enabled by default, so enable EXPORTFS in the generic config
of 4.14 and remove this option from platform specific configs.

Signed-off-by: Sergey Ryazanov <ryazanov.s.a@gmail.com>
2018-05-22 07:55:05 +02:00
Sergey Ryazanov
978543a246 kernel: disable DRM_LIB_RANDOM by default
DRM_LIB_RANDOM config symbol selected only by DRM_DEBUG_MM_SELFTEST
which is disable by default, so disable DRM_LIB_RANDOM by default too.

Signed-off-by: Sergey Ryazanov <ryazanov.s.a@gmail.com>
2018-05-22 07:54:57 +02:00
Sergey Ryazanov
ead26e9db6 kernel: disable DMA_{NOOP|VIRT}_OPS by default
These options do not used by any supported arch, so disable them by
default to make arch configs a bit more clean.

Signed-off-by: Sergey Ryazanov <ryazanov.s.a@gmail.com>
2018-05-22 07:54:49 +02:00
Sergey Ryazanov
f928c338ad kernel: disable ARCH_WANTS_THP_SWAP by default
Only one arch (x86_64) enables this option. So disable
ARCH_WANTS_THP_SWAP by default and remove referencies to it from all
configs (except x86_64) to make them clean.

Signed-off-by: Sergey Ryazanov <ryazanov.s.a@gmail.com>
2018-05-22 07:54:42 +02:00
Mathias Kresin
a181781bf8 octeontx: make board.d files executable
Add the executable permission to the files to ensure they run on
firstboot.

Signed-off-by: Mathias Kresin <dev@kresin.me>
2018-05-17 07:40:19 +02:00
Mathias Kresin
3877550114 arm64: enable harden branch predictor
Enable the harden branch predictor for arm64 as it is recommend.

Signed-off-by: Mathias Kresin <dev@kresin.me>
2018-04-27 21:34:18 +02:00
Mathias Kresin
50641a0f9a octeontx: use the generic board detection
Use the generic board detection based on the device tree compatible
string instead of a target specific one.

Signed-off-by: Mathias Kresin <dev@kresin.me>
2018-02-23 08:21:50 +01:00
Felix Fietkau
94a3af88f3 octeontx: remove lots of bogus kernel config overrides
Some of them break when building with all modules enabled

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-02-22 13:12:17 +01:00
Tim Harvey
d83ce3ff50 octeontx: remove undefs of CONFIG_NET_VENDOR_*
Signed-off-by: Tim Harvey <tharvey@gateworks.com>
2018-02-22 13:12:06 +01:00
Tim Harvey
b63b18dffc octeontx: remove unnecessary CONFIG_DEBUG_INFO
Cc: Hauke Mehrtens <hauke@hauke-m.de>
Signed-off-by: Tim Harvey <tharvey@gateworks.com>
2018-02-22 13:12:06 +01:00
Tim Harvey
ef627cb0f5 octeontx: add fpu support
Cc: Hauke Mehrtens <hauke@hauke-m.de>
Signed-off-by: Tim Harvey <tharvey@gateworks.com>
2018-02-22 13:12:06 +01:00
Tim Harvey
10280d9e22 octeontx: remove CFLAGS
You should not define CFLAGS for the toolchain as this will also leak
into other targets if they share the same toolchain.

Cc: Hauke Mehrtens <hauke@hauke-m.de>
Signed-off-by: Tim Harvey <tharvey@gateworks.com>
2018-02-22 13:12:06 +01:00
Tim Harvey
c0470e7917 octeontx: add FAT FS support to kernel
The CN80XX Boot firmware uses an embedded FAT12 filesystem. For some reason
busybox can't mount this unless its enabled static in the kernel.

Signed-off-by: Tim Harvey <tharvey@gateworks.com>
2018-02-22 13:12:06 +01:00
Tim Harvey
4294b79e0a octeontx: add USB_PCI support
The CN80XX XHCI is supported through PCI

Signed-off-by: Tim Harvey <tharvey@gateworks.com>
2018-02-22 13:12:06 +01:00
Stijn Tintel
88ba41453d kernel: bump 4.14 to 4.14.20
Refresh patches.
Remove upstreamed patches:
- backport/080-v4.15-0001-arch-define-weak-abort.patch
- backport/081-v4.15-0002-kernel-exit.c-export-abort-to-modules.patch
Update patch that no longer applies:
pending/493-ubi-set-ROOT_DEV-to-ubiblock-rootfs-if-unset.patch

Fixes CVE-2017-8824.

Compile-tested: octeon, x86/64.
Runtime-tested: octeon, x86/64.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2018-02-18 02:59:48 +01:00
Tim Harvey
fc03b3aa16 octeontx: add support for OCTEON TX target
The Cavium OCTEON TX is an ARM 64-bit SoC leveraging CPU cores and
periperhals from the Cavium ThunderX SoC.

This initial support provides a 4.14 kernel and kernel+initramfs that is
bootable on the Gateworks Newport GW630x as well as the Cavium sff8104
reference board.

Signed-off-by: Tim Harvey <tharvey@gateworks.com>
2018-02-13 10:01:52 +01:00