Backport https://git.kernel.org/pub/scm/linux/kernel/git/mips/linux.git/commit/?id=adcc81f148d733b7e8e641300c5590a2cdc13bf3
"Mapping the delay slot emulation page as both writeable & executable
presents a security risk, in that if an exploit can write to & jump into
the page then it can be used as an easy way to execute arbitrary code.
Prevent this by mapping the page read-only for userland, and using
access_process_vm() with the FOLL_FORCE flag to write to it from
mips_dsemul().
This will likely be less efficient due to copy_to_user_page() performing
cache maintenance on a whole page, rather than a single line as in the
previous use of flush_cache_sigtramp(). However this delay slot
emulation code ought not to be running in any performance critical paths
anyway so this isn't really a problem, and we can probably do better in
copy_to_user_page() anyway in future.
A major advantage of this approach is that the fix is small & simple to
backport to stable kernels.
Reported-by: Andy Lutomirski <luto@kernel.org>
Signed-off-by: Paul Burton <paul.burton@mips.com>
Fixes: 432c6bacbd0c ("MIPS: Use per-mm page to execute branch delay slot instructions")"
Without patch:
cat /proc/self/maps
00400000-0047a000 r-xp 00000000 1f:03 1823 /bin/busybox
00489000-0048a000 r-xp 00079000 1f:03 1823 /bin/busybox
0048a000-0048b000 rwxp 0007a000 1f:03 1823 /bin/busybox
77ec8000-77eed000 r-xp 00000000 1f:03 2296 /lib/libgcc_s.so.1
77eed000-77eee000 rwxp 00015000 1f:03 2296 /lib/libgcc_s.so.1
77eee000-77f81000 r-xp 00000000 1f:03 2470 /lib/libc.so
77f90000-77f92000 rwxp 00092000 1f:03 2470 /lib/libc.so
77f92000-77f94000 rwxp 00000000 00:00 0
7f946000-7f967000 rw-p 00000000 00:00 0 [stack]
7fefb000-7fefc000 rwxp 00000000 00:00 0
7ffac000-7ffad000 r--p 00000000 00:00 0 [vvar]
7ffad000-7ffae000 r-xp 00000000 00:00 0 [vdso]
Patch applied:
cat /proc/self/maps
00400000-0047a000 r-xp 00000000 1f:03 1825 /bin/busybox
00489000-0048a000 r-xp 00079000 1f:03 1825 /bin/busybox
0048a000-0048b000 rwxp 0007a000 1f:03 1825 /bin/busybox
77ed0000-77ef5000 r-xp 00000000 1f:03 2298 /lib/libgcc_s.so.1
77ef5000-77ef6000 rwxp 00015000 1f:03 2298 /lib/libgcc_s.so.1
77ef6000-77f89000 r-xp 00000000 1f:03 2474 /lib/libc.so
77f98000-77f9a000 rwxp 00092000 1f:03 2474 /lib/libc.so
77f9a000-77f9c000 rwxp 00000000 00:00 0
7fbed000-7fc0e000 rw-p 00000000 00:00 0 [stack]
7fefb000-7fefc000 r-xp 00000000 00:00 0
7fff6000-7fff7000 r--p 00000000 00:00 0 [vvar]
7fff7000-7fff8000 r-xp 00000000 00:00 0 [vdso]
Note lack of write permission to 7fefb000-7fefc000
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
The range of pinmux reg property "<0x1804002c 0x40>" for QCA955x
SoC does not includes GPIO_FUNCTION register.
Reported-by: INAGAKI Hiroshi <musashino.open@gmail.com>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
NEC Aterm WG800HP is a 2.4/5 GHz band 11ac router, based on Qualcomm
Atheros QCA9563.
Specification:
- Qualcomm Atheros QCA9563
- 64 MB of RAM (DDR2)
- 8 MB of Flash (SPI-NOR)
- 2.4/5 GHz wifi
- 2.4 GHz: 2T2R (SoC internal)
- 5 GHz: 1T1R (QCA9887)
- 4x 10/100/1000 Mbps Ethernet
- 8x LEDs, 3x keys (2x buttons, 1x slide-switch)
- UART through-hole on PCB (J2)
- Vcc, GND, NC, TX, RX from SoC side
- 115200n8
Flash instruction using factory image:
1. Connect the computer to the LAN port on WG800HP
2. Connect power cable to WG800HP and turn on it
3. Access to "http://192.168.10.1/" and open firmware update page
("ファームウェア更新")
4. Select the OpenWrt factory image and click update ("更新") button
5. Wait ~150 seconds to complete flashing
Signed-off-by: INAGAKI Hiroshi <musashino.open@gmail.com>
I moved xor-image into image-commands.mk to use it in ath79 target.
It required for NEC WG800HP.
Signed-off-by: INAGAKI Hiroshi <musashino.open@gmail.com>
The range of pinmux reg property "<0x1804002c 0x40>" for QCA956x SoC
does not includes GPIO_FUNCTION register.
If the device uses "&jtag_disable_pins", this causes the following
errors:
[ 1.982937] pinctrl-single 1804002c.pinmux: mux offset out of range: 0x40 (0x40)
[ 1.990622] pinctrl-single 1804002c.pinmux: could not add functions for pinmux_jtag_disable_pins 64x
Signed-off-by: INAGAKI Hiroshi <musashino.open@gmail.com>
Refresh all patches
Remove upstream patch:
backport-4.14/424-v4.20-net-dsa-fix-88e6060-roaming.patch
Minor tweak to generic/hack-4.14/902-debloat_proc.patch to cleanly apply
after upstream changes.
Tested-on: ath79
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
The ZyXEL NBG6617 USB LED was not working with the default images.
It turned out that kmod-usb-ledtrig-usbport was missing from the
default installation.
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
In the past, the MX60(W)'s recovery images always had problems
with the size restriction and never really worked without manual
intervention. But starting with 4.19, the MX60(W)'s kernel image
outgrew the allocated space for sysupgrade images as well. Hence
This patch reworks the initramfs, which allows the device to ease
up on the impossible tight kernel size requirements for the
sysupgrade creation and packaging. And as a result, the now
orphaned special ramdisk setup is removed in the process.
This new initramfs can be loaded through the MX60(W) U-boot
in the following way:
=> setenv bootargs console=ttyS0,$baudrate
=> tftpboot $meraki_loadaddr meraki_mx60-initramfs-kernel.bin
[...]
Load address: 0x800000
Loading: ################################################ [...]
done
[...]
=> bootm $fileaddr
\## Booting kernel from Legacy Image at 00800000 ...
...
Updated Flashing instructions for new installations which integrates
the new recovery method. Users of existing installations that only
want to sysupgrade don't need to update their existing u-boot env.
=> setenv owrt_load1 ubi read \${meraki_loadaddr} kernel
=> setenv owrt_load2 ubi read \${meraki_loadaddr} recovery
=> setenv lede_bootkernel bootm \${meraki_loadaddr_kernel} - \${meraki_loadaddr_fdt}
=> setenv owrt_bootkernel bootm \${meraki_loadaddr}
=> setenv owrt_bootargs setenv bootargs console=ttyS0,\${baudrate} rootfstype=squashfs mtdoops.mtddev=oops
=> setenv owrt_boot run meraki_ubi owrt_bootargs\; run owrt_load1 meraki_checkpart lede_bootkernel\; run owrt_load2 owrt_bootkernel
=> setenv bootcmd run owrt_boot
=> saveenv
For more information and the latest flashing guide:
please visit the OpenWrt Wiki Page for the MR60:
<https://openwrt.org/toh/meraki/mx60#flashing>
Signed-off-by: Chris Blake <chrisrblake93@gmail.com>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
This commit removes the fixed kernel size-padding for the Netgear
DNI image creation as it is not necessary for a working image.
The fake rootfs still needs to be padded to the blocksize.
Tested-by: Christian Lamparter <chunkeey@gmail.com>
Signed-off-by: David Bauer <mail@david-bauer.net>
Without this patch PowerCloud CR5000 AR9382 PCIe 5GHz Wifi uses
the mac address from eeprom instead the one specified when
initializing the PCIe chip. There were two issues:
1) ap94_pci_init on the second PCIe wmac is wrong as there is only one
PCIe wmac on this device (the other wmac is the AR1022/AR9342 SoC wmac).
2) Without specifying pdata->use_eeprom there is a failure to load
firmware and caldata.
Thanks to Christian Lamparter (@chunkeey) for the heavy lifting and
help. [0]
[0] <https://github.com/openwrt/openwrt/pull/1613>
Signed-off-by: Daniel F. Dickinson <cshored@thecshore.com>
This patch, in a variety of forms, has been around since beginning 2016
as e756c2bb07, ending up in present form 0aa6c7df60 (kernel 4.4.13 bump)
and carried forward ever since.
There have been a number of MIPS kernel memory handling changes since,
including VDSO fixes that meant openwrt patches have been dropped with
no apparent fallout.
Simple tests (ntfs-3g) on a HIGHMEM 512MB mt7621 device have not turned
up data corruption issues which would otherwise be expected. Similarly
running on other MIPS based devices for the past 2 months hasn't turned
up anything obvious to retain this out of tree patch.
With thanks to Rosen Penev for testing on the known 'highmem' device and
Felix Fietkau for testing advice. Not putting acked-by as it's my fault
if it breaks :-)
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Patch generation process:
- rebase rpi/rpi-4.14.y on v4.14.89 from linux-stable
- git format-patch v4.14.89
Patches skipped during rebase:
- lan78xx: Read MAC address from DT if present
- lan78xx: Enable LEDs and auto-negotiation
- Revert "softirq: Let ksoftirqd do its job"
- sc16is7xx: Fix for multi-channel stall
- lan78xx: Ignore DT MAC address if already valid
- lan78xx: Simple patch to prevent some crashes
- tcp_write_queue_purge clears all the SKBs in the write queue
- Revert "lan78xx: Simple patch to prevent some crashes"
- lan78xx: Connect phy early
- Arm: mm: ftrace: Only set text back to ro after kernel has been marked ro
- Revert "Revert "softirq: Let ksoftirqd do its job""
- ASoC: cs4265: SOC_SINGLE register value error fix
- Revert "ASoC: cs4265: SOC_SINGLE register value error fix"
- Revert "net: pskb_trim_rcsum() and CHECKSUM_COMPLETE are friends"
- Revert "Revert "net: pskb_trim_rcsum() and CHECKSUM_COMPLETE are friends""
Patches dropped after rebase:
- net: Add non-mainline source for rtl8192cu wlan
- net: Fix rtl8192cu build errors on other platforms
- brcm: adds support for BCM43341 wifi
- brcmfmac: Mute expected startup 'errors'
- ARM64: Fix build break for RTL8187/RTL8192CU wifi
- ARM64: Enable RTL8187/RTL8192CU wifi in build config
- This is the driver for Sony CXD2880 DVB-T2/T tuner + demodulator
- brcmfmac: add CLM download support
- brcmfmac: request_firmware_direct is quieter
- Sets the BCDC priority to constant 0
- brcmfmac: Disable ARP offloading when promiscuous
- brcmfmac: Avoid possible out-of-bounds read
- brcmfmac: Delete redundant length check
- net: rtl8192cu: Normalize indentation
- net: rtl8192cu: Fix implicit fallthrough warnings
- Revert "Sets the BCDC priority to constant 0"
- media: cxd2880: Bump to match 4.18.y version
- media: cxd2880-spi: Bump to match 4.18.y version
- Revert "mm: alloc_contig: re-allow CMA to compact FS pages"
- Revert "Revert "mm: alloc_contig: re-allow CMA to compact FS pages""
- cxd2880: CXD2880_SPI_DRV should select DVB_CXD2880 with
MEDIA_SUBDRV_AUTOSELECT
- 950-0421-HID-hid-bigbenff-driver-for-BigBen-Interactive-PS3OF.patch
- 950-0453-Add-hid-bigbenff-to-list-of-have_special_driver-for-.patch
Make I2C built-in instead of modular as in upstream defconfig; also the
easiest way to get MFD_ARIZONA enabled, which is required by
kmod-sound-soc-rpi-cirrus.
Add missing compatible strings from
4.9/960-add-rasbperrypi-compatible.patch, using upstream names for
compute modules.
Add extra patch to enable the LEDs on lan78xx.
Compile-tested: bcm2708, bcm2709, bcm2710 (with CONFIG_ALL_KMODS=y)
Runtime-tested: bcm2708, bcm2710
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Add kernel module for the fan on the PoE HAT for the 3B+ model in kernel
4.14. Without this, the fan will not turn on.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
It requires sound card support in the new kernel. HDMI CEC support is
disabled for now; enabling it turned out to be non-trivial.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Since kernel 4.12, this driver appeared in staging. The rpi-4.14.y
kernel tree uses these as well.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Support for RaspiDac3 has been removed from the rpi-4.14.y kernel tree.
Make the kmod package depend on kernel 4.9.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Since kernel 4.12, this driver appeared in staging. The rpi-4.14.y
kernel tree uses these as well.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
The LS1021A-IoT gateway reference design based on the
QorIQ LS1021A processor is a purpose-built, small
footprint hardware platform with a wide array of
high-speed connectivity and low-speed serial interfaces
to support secure delivery of IoT services for home,
business or other commercial location.
- Combines standards-based, open source software with a
feature-rich IoT gateway design to establish a common,
open framework for secured IoT service delivery and
management.
- Provides a wide assortment of high-speed and serial-based
connectivity in a compact, highly secure design.
- High efficiency through the use of the Arm-based QorIQ
LS1021A embedded processor.
Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
Signed-off-by: Biwen Li <biwen.li@nxp.com>
This patch is to upgrade kernel to 4.14 for layerscape.
patches-4.14 for layerscape included two categories.
- NXP Layerscape SDK kernel-4.14 patches
All patches on tag LSDK-18.09-V4.14 were ported to OpenWrt
kernel. Since there were hundreds patches, we had to make
an all-in-one patch for each IP/feature.
See below links for LSDK kernel.
https://lsdk.github.io/components.htmlhttps://source.codeaurora.org/external/qoriq/qoriq-components/linux
- Non-LSDK kernel patches
Other patches which were not in LSDK were just put in patches-4.14.
Kept below patches from patches-4.9.
303-dts-layerscape-add-traverse-ls1043.patch
821-add-esdhc-vsel-to-ls1043.patch
822-rgmii-fixed-link.patch
Renamed and rebase them as below in patches-4.14,
303-add-DTS-for-Traverse-LS1043-Boards.patch
712-sdk-dpaa-rgmii-fixed-link.patch
824-mmc-sdhci-of-esdhc-add-voltage-switch-support-for-ls.patch
Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
Signed-off-by: Biwen Li <biwen.li@nxp.com>
While building 4.19 for ath79 with CONFIG_ALL_KMODS=y with verbose mode
enabled I was asked by kernel config about few symbols/modules so I'm
adding those missing symbols to the generic config.
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Originally, cns3xxx used it's own functions for mapping, reading and writing registers.
Upstream commit 802b7c06adc7 ("ARM: cns3xxx: Convert PCI to use generic config accessors")
removed the internal PCI config write function in favor of the generic one:
cns3xxx_pci_write_config() --> pci_generic_config_write()
cns3xxx_pci_write_config() expected aligned addresses, being produced by cns3xxx_pci_map_bus()
while the generic one pci_generic_config_write() actually expects the real address
as both the function and hardware are capable of byte-aligned writes.
This currently leads to pci_generic_config_write() writing
to the wrong registers on some ocasions.
First issue seen due to this:
- driver ath9k gets loaded
- The driver wants to write value 0xA8 to register PCI_LATENCY_TIMER, located at 0x0D
- cns3xxx_pci_map_bus() aligns the address to 0x0C
- pci_generic_config_write() effectively writes 0xA8 into register 0x0C (CACHE_LINE_SIZE)
This seems to cause some slight instability when certain PCI devices are used.
Another issue example caused by this this is the PCI bus numbering,
where the primary bus is higher than the secondary, which is impossible.
Before:
00:00.0 PCI bridge: Cavium, Inc. Device 3400 (rev 01) (prog-if 00 [Normal decode])
Flags: bus master, fast devsel, latency 0, IRQ 255
Bus: primary=02, secondary=01, subordinate=ff, sec-latency=0
After fix:
00:00.0 PCI bridge: Cavium, Inc. Device 3400 (rev 01) (prog-if 00 [Normal decode])
Flags: bus master, fast devsel, latency 0, IRQ 255
Bus: primary=00, secondary=01, subordinate=02, sec-latency=0
And very likely some more ..
Fix all by omitting the alignment being done in the mapping function.
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
Use pad-offset and append-string to create the cameo factory images for
the D-LINK DIR-825 C1/DIR-835 A1 factory images.
Tested-by: Sebastian Kemper <sebastian_ml@gmx.net>
Signed-off-by: Mathias Kresin <dev@kresin.me>
Backort upstream patch which preserves oif of IPv6 link scoped packets.
The outgoing interface of IPv6 link scope packets can be changed by the
function ip6_route_me_harder. This is unwanted behavior for link local
packets and multicast packets as the outgoing interface is fixed and must
not be altered as it can break neighbor discovery and multicast listener
discovery.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Alberto Bursi reported:
>The patch "ipq40xx: specify "firmware" partition format for GL.iNet GL-B1300"
>prevents boot on my B1300. I compiled from latest sources.
The GL-B1300 was using the discouraged direct subnodes method to declare
the partitions on the flash.
|The partition table should be a subnode of the flash node and should be named
|'partitions'. This node should have the following property:
|- compatible : (required) must be "fixed-partitions"
|Partitions are then defined in subnodes of the partitions node.
|
|For backwards compatibility partitions as direct subnodes of the flash device are
|supported. This use is discouraged.
|NOTE: also for backwards compatibility, direct subnodes that have a compatible
|string are not considered partitions, as they may be used for other bindings.
<https://www.kernel.org/doc/Documentation/devicetree/bindings/mtd/partition.txt>
Hence, this patch converts the device to the "partitions" layout.
Fixes: 1cbe457cf9 ("ipq40xx: specify "firmware" partition format for GL.iNet GL-B1300")
Reported-by: Alberto Bursi <bobafetthotmail@gmail.com>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
Since commit 61b5b4971e ("mac80211: make ath10k-ct the default ath10k")
select ath10k-ct and the -ct firmwares by default.
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
Backport net: Allow class-e address assignment via ifconfig ioctl
While most distributions long ago switched to the iproute2 suite
of utilities, which allow class-e (240.0.0.0/4) address assignment,
distributions relying on busybox, toybox and other forms of
ifconfig cannot assign class-e addresses without this kernel patch.
While CIDR has been obsolete for 2 decades, and a survey of all the
open source code in the world shows the IN_whatever macros are also
obsolete... rather than obsolete CIDR from this ioctl entirely, this
patch merely enables class-e assignment, sanely.
https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=65cab850f0eeaa9180bd2e10a231964f33743edf
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
>From the Documentation/devicetree/bindings/leds/common.txt:
- default-state : The initial state of the LED. Valid values are "on", "off",
and "keep". If the LED is already on or off and the default-state property is
set the to same value, then no glitch should be produced where the LED
momentarily turns off (or on). The "keep" setting will keep the LED at
whatever its current state is, without producing a glitch. The default is
off if this property is not present.
So setting the default-state of the LEDs to `off` is redundant as `off`
is default LED state anyway. We should remove it as almost every new
PR/patch submission contains this property by default which seems to be
just copy&paste from some DTS file already present in the tree.
Signed-off-by: Petr Štetiar <ynezz@true.cz>
This patch adds support for TP-Link Archer A7
Specification:
- SOC: QCA9563
- Flash: 16 MiB (SPI)
- RAM: 128 MiB (DDR2)
- Ethernet: 4x 1Gbps LAN + 1x 1Gbps WAN
- Wireless:
- 2.4GHz (bgn) SoC internal
- 5GHz (ac) QCA988x
- USB: 1x USB 2.0 port
- Button: 1x power, 1x reset, 1x wps
- LED: 10x LEDs
- UART: holes in PCB
- Vcc, GND, RX, TX from ethernet port side
- 115200n8
Flash instructions:
Upload openwrt-ath79-generic-tplink_archer-a7-v5-squashfs-factory.bin
via the Webinterface.
Flash instruction using tftp recovery:
1. Connect the computer to one of the LAN ports of the Archer A7
2. Set the computer IP to 192.168.0.66
3. Start a tftp server with the OpenWrt factory image in the tftp
root directory renamed to ArcherC7v5_tp_recovery.bin
2. Connect power cable to Archer A7, press and hold the reset button
and turn the router on
3. Keep the reset button pressed for ~5 seconds
4. Wait ~150 seconds to complete flashing
Changes since first revision:
- Flash instructions using stock image webinterface
- Changed "Version 5" in model string to "v5"
- Split DTS file in qca9563_tplink_archer-x7-v5.dtsi
and qca9563_tplink_archer-a7-v5.dts
- Firmware image is now build with dynamic partitioning
- Default to ath10k-ct
Changes since second revision:
- Changed uboot@0 to uboot@20000 in DTS file
- Fixed ordering issue in board led script
- Specify firmware partition format in DTS file
- Rebased Makefile device definition on common
Device/tplink-safeloader-uimage definition
- Merged switch section in network script
(same configuration as tplink,tl-wdr3600
and tplink,tl-wdr4300)
Signed-off-by: Karl-Felix Glatzer <karl.glatzer@gmx.de>
This patch fixes wrong usage of debounce-interval subnode property of
gpio-keys-polled nodes, which was used inproperly in parent node, but it
belongs to the subnodes, excerpt from the docs:
Optional subnode-properties:
- debounce-interval: Debouncing interval time in milliseconds.
If not specified defaults to 5.
And the docs are up to date as the source code matches that description
as well:
if (fwnode_property_read_u32(child, "debounce-interval",
&button->debounce_interval))
button->debounce_interval = 5;
While at it, I've also re-formatted gpio-keys-polled nodes, usually just
adding new lines after every key subnode.
Cc: Tomasz Maciej Nowak <tomek_n@o2.pl>
Cc: Matt Merhar <mattmerhar@protonmail.com>
Cc: Jonas Gorski <jonas.gorski@gmail.com>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Currently it's quite hard to diff debugging output between ar71xx and
ath79, so this patch tries to improve it by adding the same
ag71xx_dump_regs function and placing debugging output from the
registers to relatively same places.
Signed-off-by: Petr Štetiar <ynezz@true.cz>