Move the IRQ fix from generic to ar71xx specific.
Other targets like ath79 have specific pathes to delete this code.
This resulted in a build failure on ath79
While at it, wipe the 4.19 version, as ar71xx will never reach this.
Fixes: 530f76708cef ("ar71xx: Fix potentially missed IRQ handling during
dispatch")
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
If both interrupts are set in the current implementation
only the 1st will be handled and the 2nd will be skipped
due to the "if else" condition.
Fix this by using the same approach as done for QCA955x
just below it.
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
The net pointer in struct xt_tgdtor_param is not explicitly
initialized therefore is still NULL when dereferencing it.
So we have to find a way to pass the correct net pointer to
ipt_destroy_target().
The best way I find is just saving the net pointer inside the per
netns struct tcf_idrinfo, which could make this patch smaller.
Fixes: 0c66dc1ea3f0 ("netfilter: conntrack: register hooks in netns when needed by ruleset")
Reported-and-tested-by: Tony Ambardar <itugrok@xxxxxxxxx>
Cc: Jamal Hadi Salim <jhs@xxxxxxxxxxxx>
Cc: Jiri Pirko <jiri@xxxxxxxxxxx>
Signed-off-by: Cong Wang <xiyou.wangcong@gmail.com>
[Backport for kernel v4.19 and v4.14]
[Bug Link: https://bugzilla.kernel.org/show_bug.cgi?id=204681]
Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
We are not sure if 640-bridge-only-accept-EAP-locally.patch is still needed
as a first step, add disable_eap_hack sysfs config to allow to disable it
Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
Refreshed all patches.
Also add a missing symbol for x86 which got used now in this bump.
- ISCSI_IBFT
Compile-tested on: cns3xxx
Runtime-tested on: cns3xxx
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
Refreshed all patches.
Also add a missing symbol for x86 which got used now in this bump.
- ISCSI_IBFT
Compile-tested on: cns3xxx
Runtime-tested on: cns3xxx
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
Revert "mac80211: add new minstrel_ht patches to improve probing on mt76x2" (9861050b85)
Revert "kernel: use bulk free in kfree_skb_list to improve performance" (98b654de2e)
Revert "ramips: add preliminary support for WIO ONE" (085141dc5b)
Revert "ramips: add preliminary support for SGE AP-MTKH7-0006 developer board" (b1db6d0539)
Revert "build: use config.site generated by autoconf-lean, drop hardcoded sitefiles" (363ce4329d)
Revert "toolchain: add autoconf-lean" (fdb30eed03)
Revert "build: allow overriding the filename on the remote server when downloading" (6fa0e07758)
Signed-off-by: Felix Fietkau <nbd@nbd.name>
This adds support for uImage used by OpenWrt kernel loader.
The parser searches for uImage header at flash eraseblock boundary
and it might attempt to split any firmware with loader, therefore
this entry doesn't have MTD_PARSER_TYPE_FIRMWARE so that this parser
is only used when explicitly defined in dts.
Signed-off-by: Chuanhong Guo <gch981213@gmail.com>
This parser's matching function appears to be too generic as it matches
e.g. Buffalo WZR-HP-G300NH. That results in incorrect parts parsing.
Luckily this parser is needed by Fon FON2601 only which uses DT-based
ramips target. It means we can depend on mtd subsystem matching of
"fonfxc,uimage" string.
That said triggering this parser based on the "firmware" (or whatever
MTD_SPLIT_FIRMWARE_NAME is) partiiton name is not needed. It can be
dropped which will automatically fix the Buffalo WZR-HP-G300NH case.
Fixes: a1c6a316d2 ("ramips: add support for Fon FON2601")
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
This reverts commit e92a14709d.
mtdsplit_uimage_parse_fonfxc() gets called in two situations:
1) It was /requested/ from DT using "fonfxc,uimage" compatible string
2) It was called by parsing code after finding "firmware"
(MTD_SPLIT_FIRMWARE_NAME) due to the parser's type
Code added in the /fix/ commit basically just disabled the second case.
If that's the real goal it could be achieved by simply dropping type
MTD_PARSER_TYPE_FIRMWARE. It may however require another solution as
it's possible that some non-DT target actually needs fonfxc uImage
parsing.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
This is already enabled as kernel built-in feature in mvebu target and
none other target will use it.
Signed-off-by: Tomasz Maciej Nowak <tomek_n@o2.pl>
We cannot distinguish between fonfxc uImage and generic uImage because
fonfxc uImage header is almost same as generic uImage, except padding
length after image name.
The fonfxc uImage parser is available when specifying directly with DT
compatible property. So this patch adds check if the partition DT node
is compatible with the parser.
Ref: https://bugs.openwrt.org/index.php?do=details&task_id=2413
Fixes: a1c6a316d2 ("ramips: add support for Fon FON2601")
Signed-off-by: NOGUCHI Hiroshi <drvlabo@gmail.com>
[commit light touches and removed C code comment]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
savedscp is a method of storing the DSCP of an ip packet into conntrack
mark. In combination with a suitable tc filter action (conndscp but may
end up being integrated into connmark) DSCP values are able to be stored
on egress and restored on ingress across links that otherwise alter or
bleach DSCP.
This is useful for qdiscs such as CAKE which are able to shape according
to policies based on DSCP.
Ingress classification is traditionally a challenging task since
iptables rules haven't yet run and tc filter/eBPF programs are pre-NAT
lookups, hence are unable to see internal IPv4 addresses as used on the
typical home masquerading gateway.
The ingress problem is solved by the tc filter, but the tc people didn't
like the idea of tc setting conntrack mark values, though they are ok
with reading conntrack values and hence restoring DSCP from conntrack
marks.
x_tables CONNMARK with the new savedscp action solves the problem of
storing the DSCP to the conntrack mark.
It accepts 2 parameters. The mark is a 32bit value with usually one 1
bit set. This bit is set when savedscp saves the DSCP to the mark.
This is useful to implement a 'one shot'
iptables based classification where the 'complicated' iptables rules are
only run once to classify the connection on initial (egress) packet and
subsequent packets are all marked/restored with the same DSCP. A mark
of zero disables the setting of a status bit/s.
The mask is a 32bit value of at least 6 contiguous bits and represents
the area where the DSCP will be stored.
e.g.
iptables -A QOS_MARK_eth0 -t mangle -j CONNMARK --savedscp-mark 0xfc000000/0x01000000
Would store the DSCP in the top 6 bits of the 32bit mark field, and use
the LSB of the top byte as the 'DSCP has been stored' marker.
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
This updates mac80211 to version 5.2-rc7, this contains all the changes
to the wireless subsystem up to Linux 5.2-rc7.
* The removed patches are applied upstream
* b43 now uses kmod-lib-cordic
* Update the nl80211.h file in iw to match backports version.
* Remove the two backports from kernel 4.9, they were needed for mt76,
but that can use the version from backports now, otherwise they
collide and cause compile errors.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Drop 211-host_tools_portability.patch which is breaking perf build on
4.19 kernels by removing the include directory from the host's CFLAGS
leading to the following build breakage:
pmu-events/jevents.c:48:10: fatal error: linux/list.h: No such file or directory
#include <linux/list.h>
^~~~~~~~~~~~~~
Signed-off-by: Petr Štetiar <ynezz@true.cz>
This is already included in newer upstream. Needed to build BPF programs
using the MIPS kernel include files.
Without this patch, clang fails with "#error Use a Linux compiler or
give up." in sgidefs.h when building BPF programs.
Signed-off-by: Fredrik Olofsson <fredrik.olofsson@anyfinetworks.com>
CAKE made it to kernel 4.19 and since OpenWrt now at kernel 4.19 we can
drop the out of tree cake package in base repository.
Add kmod-sched-cake to netsupport so package dependencies are still met.
Similarly CAKE is retained as an optional qdisc module to avoid base
scheduler package size implications.
Backport upstream patches from k5.1 to address some small bugs and
support fwmark usage.
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
This fixes the following compile problem with kernel 4.9 on lantiq:
drivers/mtd/mtdsplit/mtdsplit_uimage.c:244:34: error: array type has incomplete element type 'struct of_device_id'
static const struct of_device_id mtdsplit_uimage_of_match_table[] = {
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
drivers/mtd/mtdsplit/mtdsplit_uimage.c:245:4: error: field name not in record or union initializer
{ .compatible = "denx,uimage" },
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
This is pending to get into the upstream kernel.
This fixes a bug in the upstream kernel which was added to stable some
time ago.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
This patch backports verbatim the commit from Linux 5.2-rc7 that fixes
the warnings about invalid lpm related parameters on hardware which
don't that.
This is the case for e.g. lantiq xrx200 targets.
Supported only in Linux 4.17 an later.
Signed-off-by: Martin Schiller <ms@dev.tdt.de>
[refresh patches, fix commit title]
Signed-off-by: Mathias Kresin <dev@kresin.me>
Fixes following kernel build issue on ath79 with CONFIG_KERNEL_FTRACE=y
enabled:
Tracers (FTRACE) [Y/n/?] y
Kernel Function Tracer (FUNCTION_TRACER) [Y/n/?] y
Kernel Function Graph Tracer (FUNCTION_GRAPH_TRACER) [Y/n/?] y
Enable trace events for preempt and irq disable/enable (PREEMPTIRQ_EVENTS) [N/y/?] (NEW)
...
Preempt / IRQ disable delay thread to test latency tracers (PREEMPTIRQ_DELAY_TEST) [N/m/?] (NEW)
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Commit fcb41decf6 ("config: enable some useful features on
!SMALL_FLASH devices") enabled netns, which in turn lead to the crash in
the flow offload target.
When the flow offloading framework intends to delete a flow from the
hardware table, it is necessary to retrieve the namespace from
nf_flowtable->ft_net. However, no one ever wrote the namespace into
nf_flowtable->ft_net in advance. So the framework will mistakenly use a
NULL namespace to execute dev_get_by_index_rcu(net, ifindex), leading to
the kernel panic.
Ref: FS#2321
Fixes: fcb41decf6 ("config: enable some useful features on !SMALL_FLASH devices")
Tested-by: Simon Tretter <simon@mediaarchitectu.re>
Signed-off-by: HsiuWen Yen <y.hsiuwen@gmail.com>
[merged patch into offload patch, fix for 4.19, SOB fix, commit subj/msg touches]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
This patch adds a promising upstream patch that claims
to help for the treated I/O errors happening on f2fs
or ext4 on real block devices.
|print_req_error: I/O error, dev loop1, sector 1334
Link: <https://patchwork.kernel.org/cover/10931787/>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
bnx2x driver support for the x86 architecture. Includes module and
firmware for Broadcom QLogic 5771x/578xx 10/20-Gigabit ethernet
adapters.
Signed-off-by: Petko Bordjukov <bordjukov@gmail.com>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
[added +kmod-lib-zlib-inflate as well]
calc_vmlinuz_load_addr.c requires SZ_64K to be defined for alignment
purposes. It included "../../../../include/linux/sizes.h" to define
that size, however "sizes.h" tries to include <linux/const.h> which
assumes linux system headers. These may not exist eg. the following
error was encountered when building Linux for OpenWrt under macOS:
In file included from arch/mips/boot/compressed/calc_vmlinuz_load_addr.c:16:
arch/mips/boot/compressed/../../../../include/linux/sizes.h:11:10: fatal error: 'linux/const.h' file not found
Change makefile to force building on local linux headers instead of
system headers. Also change eye-watering relative reference in include
file spec.
Thanks to Jo-Philip Wich & Petr Štetiar for assistance in tracking this
down & fixing.
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Fixes following kernel build issue on ath79/generic:
Enable support for latency based cgroup IO protection (BLK_CGROUP_IOLATENCY) [N/y/?] (NEW)
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Refreshed all patches.
Fixes:
- CVE-2019-11479
- CVE-2019-11478
- CVE-2019-11477
Also fix a malformed patch issue caught during refresh.
It was caused by removing a whitespace without altering
the index values in a patch which alters a patch.
Compile-tested on: cns3xxx
Runtime-tested on: cns3xxx
Fixes: cf65262492 ("kernel: bump 4.19 to 4.19.51")
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
Refreshed all patches.
Altered patches:
- 370-netfilter-nf_flow_table-fix-offloaded-connection-tim.patch
- 220-optimize_inlining.patch
- 640-netfilter-nf_flow_table-add-hardware-offload-support.patch
This patch also restores the initial implementation
of the ath79 perfcount IRQ issue. (78ee6b1a40)
It was wrongfully backported upstream initially and got reverted now.
Compile-tested on: cns3xxx, imx6
Runtime-tested on: cns3xxx, imx6
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Refreshed all patches.
Altered patches:
- 220-optimize_inlining.patch
- 816-pcie-support-layerscape.patch
This patch also restores the initial implementation
of the ath79 perfcount IRQ issue. (78ee6b1a40)
It was wrongfully backported upstream initially and got reverted now.
Compile-tested on: ar71xx, cns3xxx, imx6, x86_64
Runtime-tested on: ar71xx, cns3xxx, imx6
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
It's needed for applying some hardware quirks. This fixes:
drivers/net/wireless/broadcom/brcm80211/brcmfmac/dmi.c:60:20: error: 'DMI_PRODUCT_SKU' undeclared here (not in a function); did you mean 'DMI_PRODUCT_UUID'?
DMI_EXACT_MATCH(DMI_PRODUCT_SKU, "T8"),
Fixes: 8888cb725d ("mac80211: brcm: backport remaining brcmfmac 5.2 patches")
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
This will reduce the size of the kernel if CONFIG_CC_OPTIMIZE_FOR_SIZE is
set like for all targets with small_flash feature flag.
I haven't seen any changes for an ARM64 target which optimizes the
kernel for speed instead.
On the ath79/tiny target the uncompressed kernel size was reduced by
3.2% and the compressed kernel size by 2.1%
kernel size with CONFIG_OPTIMIZE_INLINING=n
4346412 build_dir/target-mips_24kc_musl/linux-ath79_tiny/vmlinux
1391169 build_dir/target-mips_24kc_musl/linux-ath79_tiny/tplink_tl-wr941-v4-kernel.bin
Kernel size with CONFIG_OPTIMIZE_INLINING=y
4212396 build_dir/target-mips_24kc_musl/linux-ath79_tiny/vmlinux
1362051 build_dir/target-mips_24kc_musl/linux-ath79_tiny/tplink_tl-wr941-v4-kernel.bin
This change is currently pending for kernel 5.2 and already in
linux-next, this updates our patch to match the upstream version.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Memory is allocated with devm_kzalloc() on every page program
and leaks until device is closed (which never happens).
Convert to kzalloc() and handle error paths manually.
Signed-off-by: Mantas Pucka <mantas@8devices.com>
Kernel 4.19.47 added a new kernel config symbol ARM64_ERRATUM_1463225.
This causes a build failure for sunxi/cortexa53. Add the symbol to the
generic config to fix this, and avoid future build failures on other
arm64 targets that expose this symbol. As the erratum only affects
Cortex-A76 cores, we can safely disable it.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Refreshed all patches.
This bump contains upstream commits which seem to avoid (not properly fix)
the errors as seen in FS#2305 and FS#2297
Altered patches:
- 403-net-mvneta-convert-to-phylink.patch
- 410-sfp-hack-allow-marvell-10G-phy-support-to-use-SFP.patch
Compile-tested on: ar71xx, cns3xxx, imx6, mvebu, x86_64
Runtime-tested on: ar71xx, cns3xxx, imx6, x86_64
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
Converts the TP-Link WDR4900 v1 to use the simpleImage in the
hopes of prolonging the life of the device. While at it,
the patch makes the fdt.bin an ARTIFACT and sets the KERNEL_SIZE
to 2684 KiB as a precaution since the stock u-boot is using a
fixed kernel size.
Note: Give the image some time, it will take much longer to
extract and boot.
[tested for 4.14/4.19]
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
Co-authored-by: Pawel Dembicki <paweldembicki@gmail.com>
Signed-off-by: Pawel Dembicki <paweldembicki@gmail.com>
The "bridge allow reception on disabled port" implementation
was broken after these commits:
08802d93e2 ("kernel: bump 4.19 to 4.19.37")
b765f4be40 ("kernel: bump 4.14 to 4.14.114")
456f486b53 ("kernel: bump 4.9 to 4.9.171")
This leads to issues when for example WDS is used, tied to a bridge:
[ 96.503771] wlan1: send auth to d4:5f:25:eb:09:82 (try 1/3)
[ 96.517956] wlan1: authenticated
[ 96.526209] wlan1: associate with d4:5f:25:eb:09:82 (try 1/3)
[ 97.086156] wlan1: associate with d4:5f:25:eb:09:82 (try 2/3)
[ 97.200919] wlan1: RX AssocResp from d4:5f:25:eb:09:82 (capab=0x11 status=0 aid=1)
[ 97.208706] wlan1: associated
[ 101.312913] wlan1: deauthenticated from d4:5f:25:eb:09:82 (Reason: 2=PREV_AUTH_NOT_VALID)
It seems upstream introduced a new patch, [1]
so we have to reimplement these patches properly:
target/linux/generic/pending-4.9/150-bridge_allow_receiption_on_disabled_port.patch
target/linux/generic/pending-4.14/150-bridge_allow_receiption_on_disabled_port.patch
target/linux/generic/pending-4.19/150-bridge_allow_receiption_on_disabled_port.patch
[1] https://lkml.org/lkml/2019/4/24/1228
Fixes: 08802d93e2 ("kernel: bump 4.19 to 4.19.37")
Fixes: b765f4be40 ("kernel: bump 4.14 to 4.14.114")
Fixes: 456f486b53 ("kernel: bump 4.9 to 4.9.171")
Signed-off-by: Chen Minqiang <ptpt52@gmail.com>
[updated commit message and title]
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
ctinfo is a new tc filter action module. It is designed to restore
information contained in firewall conntrack marks to other packet fields
and is typically used on packet ingress paths. At present it has two
independent sub-functions or operating modes, DSCP restoration mode &
skb mark restoration mode.
The DSCP restore mode:
This mode copies DSCP values that have been placed in the firewall
conntrack mark back into the IPv4/v6 diffserv fields of relevant
packets.
The DSCP restoration is intended for use and has been found useful for
restoring ingress classifications based on egress classifications across
links that bleach or otherwise change DSCP, typically home ISP Internet
links. Restoring DSCP on ingress on the WAN link allows qdiscs such as
but by no means limited to CAKE to shape inbound packets according to
policies that are easier to set & mark on egress.
Ingress classification is traditionally a challenging task since
iptables rules haven't yet run and tc filter/eBPF programs are pre-NAT
lookups, hence are unable to see internal IPv4 addresses as used on the
typical home masquerading gateway. Thus marking the connection in some
manner on egress for later restoration of classification on ingress is
easier to implement.
Parameters related to DSCP restore mode:
dscpmask - a 32 bit mask of 6 contiguous bits and indicate bits of the
conntrack mark field contain the DSCP value to be restored.
statemask - a 32 bit mask of (usually) 1 bit length, outside the area
specified by dscpmask. This represents a conditional operation flag
whereby the DSCP is only restored if the flag is set. This is useful to
implement a 'one shot' iptables based classification where the
'complicated' iptables rules are only run once to classify the
connection on initial (egress) packet and subsequent packets are all
marked/restored with the same DSCP. A mask of zero disables the
conditional behaviour ie. the conntrack mark DSCP bits are always
restored to the ip diffserv field (assuming the conntrack entry is found
& the skb is an ipv4/ipv6 type)
e.g. dscpmask 0xfc000000 statemask 0x01000000
|----0xFC----conntrack mark----000000---|
| Bits 31-26 | bit 25 | bit24 |~~~ Bit 0|
| DSCP | unused | flag |unused |
|-----------------------0x01---000000---|
| |
| |
---| Conditional flag
v only restore if set
|-ip diffserv-|
| 6 bits |
|-------------|
The skb mark restore mode (cpmark):
This mode copies the firewall conntrack mark to the skb's mark field.
It is completely the functional equivalent of the existing act_connmark
action with the additional feature of being able to apply a mask to the
restored value.
Parameters related to skb mark restore mode:
mask - a 32 bit mask applied to the firewall conntrack mark to mask out
bits unwanted for restoration. This can be useful where the conntrack
mark is being used for different purposes by different applications. If
not specified and by default the whole mark field is copied (i.e.
default mask of 0xffffffff)
e.g. mask 0x00ffffff to mask out the top 8 bits being used by the
aforementioned DSCP restore mode.
|----0x00----conntrack mark----ffffff---|
| Bits 31-24 | |
| DSCP & flag| some value here |
|---------------------------------------|
|
|
v
|------------skb mark-------------------|
| | |
| zeroed | |
|---------------------------------------|
Overall parameters:
zone - conntrack zone
control - action related control (reclassify | pipe | drop | continue |
ok | goto chain <CHAIN_INDEX>)
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Reviewed-by: Toke Høiland-Jørgensen <toke@redhat.com>
Acked-by: Cong Wang <xiyou.wangcong@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Make suitable adjustments for backporting to 4.14 & 4.19
and add to SCHED_MODULES_FILTER
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
This reverts commit 7c50182e0c.
Produces build error:
Package kmod-sched is missing dependencies for the following libraries:
nf_conntrack.ko
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
ctinfo is a new tc filter action module. It is designed to restore
information contained in firewall conntrack marks to other packet fields
and is typically used on packet ingress paths. At present it has two
independent sub-functions or operating modes, DSCP restoration mode &
skb mark restoration mode.
The DSCP restore mode:
This mode copies DSCP values that have been placed in the firewall
conntrack mark back into the IPv4/v6 diffserv fields of relevant
packets.
The DSCP restoration is intended for use and has been found useful for
restoring ingress classifications based on egress classifications across
links that bleach or otherwise change DSCP, typically home ISP Internet
links. Restoring DSCP on ingress on the WAN link allows qdiscs such as
but by no means limited to CAKE to shape inbound packets according to
policies that are easier to set & mark on egress.
Ingress classification is traditionally a challenging task since
iptables rules haven't yet run and tc filter/eBPF programs are pre-NAT
lookups, hence are unable to see internal IPv4 addresses as used on the
typical home masquerading gateway. Thus marking the connection in some
manner on egress for later restoration of classification on ingress is
easier to implement.
Parameters related to DSCP restore mode:
dscpmask - a 32 bit mask of 6 contiguous bits and indicate bits of the
conntrack mark field contain the DSCP value to be restored.
statemask - a 32 bit mask of (usually) 1 bit length, outside the area
specified by dscpmask. This represents a conditional operation flag
whereby the DSCP is only restored if the flag is set. This is useful to
implement a 'one shot' iptables based classification where the
'complicated' iptables rules are only run once to classify the
connection on initial (egress) packet and subsequent packets are all
marked/restored with the same DSCP. A mask of zero disables the
conditional behaviour ie. the conntrack mark DSCP bits are always
restored to the ip diffserv field (assuming the conntrack entry is found
& the skb is an ipv4/ipv6 type)
e.g. dscpmask 0xfc000000 statemask 0x01000000
|----0xFC----conntrack mark----000000---|
| Bits 31-26 | bit 25 | bit24 |~~~ Bit 0|
| DSCP | unused | flag |unused |
|-----------------------0x01---000000---|
| |
| |
---| Conditional flag
v only restore if set
|-ip diffserv-|
| 6 bits |
|-------------|
The skb mark restore mode (cpmark):
This mode copies the firewall conntrack mark to the skb's mark field.
It is completely the functional equivalent of the existing act_connmark
action with the additional feature of being able to apply a mask to the
restored value.
Parameters related to skb mark restore mode:
mask - a 32 bit mask applied to the firewall conntrack mark to mask out
bits unwanted for restoration. This can be useful where the conntrack
mark is being used for different purposes by different applications. If
not specified and by default the whole mark field is copied (i.e.
default mask of 0xffffffff)
e.g. mask 0x00ffffff to mask out the top 8 bits being used by the
aforementioned DSCP restore mode.
|----0x00----conntrack mark----ffffff---|
| Bits 31-24 | |
| DSCP & flag| some value here |
|---------------------------------------|
|
|
v
|------------skb mark-------------------|
| | |
| zeroed | |
|---------------------------------------|
Overall parameters:
zone - conntrack zone
control - action related control (reclassify | pipe | drop | continue |
ok | goto chain <CHAIN_INDEX>)
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Reviewed-by: Toke Høiland-Jørgensen <toke@redhat.com>
Acked-by: Cong Wang <xiyou.wangcong@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Make suitable adjustments for backporting to 4.14 & 4.19
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
This patch removes 202-reduce_module_size.patch which is causing missing
debug symbols in kernel modules, leading to unusable
kernel-debug.tar.bz2 on all platforms, making debugging of release
kernel crashes difficult.
Cc: Felix Fietkau <nbd@nbd.name>
Acked-by: Jonas Gorski <jonas.gorski@gmail.com>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Remove 701-phy_extension.patch from 4.14 and 4.19 kernel, as it's
currenlty broken and fixing doesn't make sense as most of it is
deprecated anyway.
Cc: John Crispin <john@phrozen.org>
Ref: https://bugs.openwrt.org/index.php?do=details&task_id=1982
Signed-off-by: Petr Štetiar <ynezz@true.cz>
This adds support for kernel 4.14 to the target and directly make it the
default kernel version to use.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Tested-by: Sandeep Sheriker <sandeepsheriker.mallikarjun@microchip.com>
There are too many MIB counters that almost nobody needs since commit
d6366ce366 ("generic: ar8216: mib_work_func: read all port mibs
everytime").
In the worker function to poll MIB data, it deals with all ports instead
of only one port every time, which introduces too many mdio operations
that it becomes a heavy CPU load even on not-emulated MDIO bus.
This commit groups MIB counters and enable only TxBytes and RxGoodBytes
by default (both of which are necessary to get swconfig led working.)
and adds an swconfig attribute to allow enabling all counters if users
need them.
Signed-off-by: Chuanhong Guo <gch981213@gmail.com>
This allows specifying interval of polling MIB counters from userspace
and allow completely turning off MIB counter support by setting
mib_poll_interval to 0.
Since MIB counter polling is a heavy CPU load for GPIO emulated MDIO
bus, disable this behavior by default. Those who wants to use swconfig
LEDs can enable them with qca,mib-poll-interval dts property or with
swconfig command.
Fixes: FS#2230 ("kworker spikes 100% cpu every 2 second.")
Signed-off-by: Chuanhong Guo <gch981213@gmail.com>
This moves some new configuration options to the generic kernel
configuration instead of configuring them for each target on our own.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
CONFIG_HW_RANDOM_OMAP is not set to any value after kmod-random-omap was
removed, add the configuration option to the generic configuration.
Fixes: cd3b298533 ("omap24xx: Remove unmaintained target")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
This patch backports verbatim the commits from Linux 5.0 and 5.1
that implemented support for GigaDevice SPI NAND A and E variants.
Supported only in Linux 4.19 and later as based on the upstream
drivers/mtd/nand/spi/ framework.
mtd-spinand-add-support-for-GigaDevice-GD5FxGQ4xA.patch
commit c93c613214ac (5.0)
mtd-spinand-Add-support-for-GigaDevice-GD5F1GQ4UExxG.patch
commit c40c7a990a46 (5.1)
Run-tested-on: GL.iNet AR750S
Signed-off-by: Jeff Kletsky <git-commits@allycomm.com>
This removes support for executing old 32 bit applications on 64 bit ARM
and MIPS kernels.
On OpenWrt we normally compile all the user space applications on our
own and do not support third party binary only modules especial not 32
bit applications on 64 bit CPUs.
This reduces the attack surface on such systems and should also save
some memory.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
These were renamed to CONFIG_STRICT_KERNEL_RWX and CONFIG_STRICT_MODULE_RWX and are
activated in kernel 4.14 and later by default.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
This activates "Emulate Privileged Access Never using TTBR0_EL1
switching" on ARM64.
This should prevent the kernel from reading code from user space in
kernel context.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
This adds additional checks to the copy_from_user() and copy_to_user()
functions. The details are described in this article:
https://lwn.net/Articles/695991/
This should only have a very small performance impact on system calls
and should not affect routing performance.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Upstream has renamed UPROBE_EVENT to UPROBE_EVENTS in the following
commit:
commit 6b0b7551428e4caae1e2c023a529465a9a9ae2d4
Author: Anton Blanchard <anton@samba.org>
Date: Thu Feb 16 17:00:50 2017 +1100
perf/core: Rename CONFIG_[UK]PROBE_EVENT to CONFIG_[UK]PROBE_EVENTS
We have uses of CONFIG_UPROBE_EVENT and CONFIG_KPROBE_EVENT as
well as CONFIG_UPROBE_EVENTS and CONFIG_KPROBE_EVENTS.
Consistently use the plurals.
So I'm changing it to this plural option in order to make kconfig happy
and stop asking about it if kernel is compiled with verbose logging:
Enable uprobes-based dynamic events (UPROBE_EVENTS) [Y/n/?] (NEW)
Signed-off-by: Petr Štetiar <ynezz@true.cz>
No target is using kernel 3.18 anymore, remove all the generic
support for kernel 3.18.
The removed packages are depending on kernel 3.18 only and are not used on
any recent kernel.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Since ct->proto.tcp.last_win isn't updated when nf_ct_tcp_no_window_check is
enabled, the retransmission timeout check needs to be bypassed.
Based on patch by Rob Mosher
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Refreshed all patches.
New symbols:
- CONFIG_LDISC_AUTOLOAD
- CONFIG_PPC_BARRIER_NOSPEC
Compile-tested on: ar7
Runtime-tested on: none
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
Currently it's not possible to use perf on ath79 due to genirq flags
mismatch happening on static virtual IRQ 13 which is used for
performance counters hardware IRQ 5.
On TP-Link Archer C7v5:
CPU0
2: 0 MIPS 2 ath9k
4: 318 MIPS 4 19000000.eth
7: 55034 MIPS 7 timer
8: 1236 MISC 3 ttyS0
12: 0 INTC 1 ehci_hcd:usb1
13: 0 gpio-ath79 2 keys
14: 0 gpio-ath79 5 keys
15: 31 AR724X PCI 1 ath10k_pci
$ perf top
genirq: Flags mismatch irq 13. 00014c83 (mips_perf_pmu) vs. 00002003 (keys)
On TP-Link Archer C7v4:
CPU0
4: 0 MIPS 4 19000000.eth
5: 7135 MIPS 5 1a000000.eth
7: 98379 MIPS 7 timer
8: 30 MISC 3 ttyS0
12: 90028 INTC 0 ath9k
13: 5520 INTC 1 ehci_hcd:usb1
14: 4623 INTC 2 ehci_hcd:usb2
15: 32844 AR724X PCI 1 ath10k_pci
16: 0 gpio-ath79 16 keys
23: 0 gpio-ath79 23 keys
$ perf top
genirq: Flags mismatch irq 13. 00014c80 (mips_perf_pmu) vs. 00000080 (ehci_hcd:usb1)
This problem is happening, because currently statically assigned virtual
IRQ 13 for performance counters is not claimed during the initialization
of MIPS PMU during the bootup, so the IRQ subsystem doesn't know, that
this interrupt isn't available for further use.
So this patch fixes the issue by simply booking hardware IRQ 5 for MIPS PMU.
Signed-off-by: Petr Štetiar <ynezz@true.cz>
New target introduces initial support for NVIDIA Tegra SoC based devices.
It focuses on Tegra 2 CPUs, for successors supporting NEON instruction
set the target should be split in two subtargets.
This initial commit doesn't create any device image, it's groundwork
for further additions.
Signed-off-by: Tomasz Maciej Nowak <tomek_n@o2.pl>
It adjusts b53 code to upstream changes from the commit 3c1bcc8614db
("net: ethernet: Convert phydev advertize and supported from u32 to link
mode").
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Please note that modified code isn't currently being compiled with
kernels 4.19+ due to the dropped CONFIG_NF_CONNTRACK_IPV6 in upstream
Linux. That requires a separated fix.
This fixes:
net/netfilter/nf_conntrack_rtcache.c: In function 'nf_rtcache_get_cookie':
net/netfilter/nf_conntrack_rtcache.c:82:11: error: 'const struct rt6_info' has no member named 'rt6i_node'; did you mean 'rt6i_idev'?
if (rt->rt6i_node)
^~~~~~~~~
rt6i_idev
IPv6 structs were reworked in upstream kernel by:
commit a64efe142f5e ("net/ipv6: introduce fib6_info struct and helpers")
commit 77634cc67dc1 ("net/ipv6: Remove unused code and variables for rt6_info")
commit 93c2fb253d17 ("net/ipv6: Rename fib6_info struct elements")
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
This allows users to specify a shorter mib poll interval so that the
swconfig leds could behave normal with current get_port_stats()
implementation.
Signed-off-by: Chuanhong Guo <gch981213@gmail.com>
This applies to ar8216 and ar8236. QCA's newer U-boot will enable
the switch mdio master for FE switches which makes phy inaccessible
from CPU mdio. (e.g. on TP-Link TL-WR941N v7 Chinese version which
uses QCA9558+AR8236.) For these devices PHY probing is broken and
mdio device probing is a must. We also need to disable switch mdio
master in driver for later PHY initialization.
Do a soft reset during hw_init so that mdio master can be disabled
and expose PHYs to CPU mdio for later PHY accessing.
Signed-off-by: Chuanhong Guo <gch981213@gmail.com>
ar8xxx_mib_capture will update mib counters for all ports. Current
code only update one port at a time and the data for other ports
are lost.
Signed-off-by: Chuanhong Guo <gch981213@gmail.com>
Partially reverts commit eff3549c58.
AR7240 and AR9341 have buggy hardware switch LED trigger. The AR7240
one doesn't blink and the blinking of port0/port5 is reversed on
AR9341 if we swap PHY0 and PHY4. (Only blinking is reversed, which
means LED for PHY0 will lit when PHY0 is link up and will blink when
PHY4 has active link and vice versa.) On these two chips a software
swconfig LED trigger is required.
This commit adds swconfig port stats back but:
1. move checking of mib_t/rxb_id into ar8xxx_chip since we can't
distinguish ar7240sw and ar8216 using only chip id.
2. don't update mib counter in get_port_stat. This function is called
every 0.01s and this capturing procedure will take up a lot of CPU.
We already have a mib_work_func updating mib counters every 2s so
return the saved counter instead of fetching new data. The blinking
rate will be weird but it should solve the previously mentioned CPU
time problem.
Signed-off-by: Chuanhong Guo <gch981213@gmail.com>
This builtin switch is a bugless ar8216 with different mib counters
and gigabit cpu port.
Atheros uses the same device ID and it's impossible to distinguish
the standalone one and the builtin one. So we add support to mdio
device probe only.
This switch doesn't have buggy vlan tag so it's not needed to enable
atheros header. This commit changed ar8216_setup_port so that it can
be reused for this switch.
Signed-off-by: Chuanhong Guo <gch981213@gmail.com>
Atheros FE switches have a builtin mdio master available for PHY
accessing and on ar724x/ar933x builtin switches this mdio master
is the only way of accessing PHYs.
After this patch if there is phy_read/phy_write method available
in ar8xxx_chip we register a separated mdio bus for accessing PHYs.
Still adds support for mdio device probing only since this isn't
needed for those switches registered using PHY probing.
Signed-off-by: Chuanhong Guo <gch981213@gmail.com>
ar8229 is the builtin switch in ar934x and later chips. There is
also a standalone version available and their registers/functions
are the same.
This commit added support for the builtin ar8229. The only thing
missing for standalone ar8229 should be phy modes. Since I don't
have a router using that, this commit doesn't add support for
other phy modes.
Only add its support for mdio-device probing method because the
current PHY probing can't return 1G speed when it's a FE switch.
Signed-off-by: Chuanhong Guo <gch981213@gmail.com>
ar8xxx_id_chip is used to determine current ar8xxx_chip using switch
id and this isn't needed during mdiodev probing.
Move it out of ar8xxx_probe_switch so that we can skip it.
Signed-off-by: Chuanhong Guo <gch981213@gmail.com>
for mdio-device probing we still need to read chip id but ar8xxx_chip
can be determined using drvdata. We can't distinguish the buggy
standalone ar8216 and the builtin ar8216 in ar724x/ar933x using chip
id.
Signed-off-by: Chuanhong Guo <gch981213@gmail.com>
The PCIe DWC host controller is now using MSI
(Message-signaled-interrupts) by default.
While ath9k itself does support MSI here, a lot of wlan adapters do not.
Avoid non-functioning cards by simply continue to disable MSI for now.
This can be done by appending "pci=nomsi" to the boot cmdline.
Also an extra fix needs to be backported which avoids MSI initialization
which prevented legacy IRQ's init from taking over.
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
Andrey has reported on OpenWrt's bug tracking system[1], that he
currently can't use ar93xx_uart as pure serial UART without console
(CONFIG_SERIAL_8250_CONSOLE and CONFIG_SERIAL_AR933X_CONSOLE undefined),
because compilation ends with following error:
ar933x_uart.c: In function 'ar933x_uart_console_write':
ar933x_uart.c:550:14: error: 'struct uart_port' has no
member named 'sysrq'
1. https://bugs.openwrt.org/index.php?do=details&task_id=2152
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Building tda1997x fails now unless V4L2_FWNODE is selected:
drivers/media/i2c/tda1997x.o: in function `tda1997x_parse_dt'
undefined reference to `v4l2_fwnode_endpoint_parse'
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
The WRGG images exist in both big and little endian variants,
as can be seen from the image generator in
tools/firmware-utils/src/mkwrggimg.c, you either pass
the "-b" flag or not. The D-Link DIR-685 is using little
endian images so we need to support splitting these.
Detect endianness like this: if the kernel entity size
gets silly big (bigger than the flash memory) we are
probably using the wrong endianness.
Example: my kernel of 0x0067ff64 was switched around by
wrong endianness and detected as 0x64ff67a0 (the actual
size in swapped endianness + header 0xa0).
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
This patch fixes a crash that occured on the
BT Home Hub v5a (lantiq/xrx200) which resulted
in the device bootlooping.
Reported-by: Ryan Mounce <ryan@mounce.com.au>
Tested-by: Vitalij Alshevsky <v_alshevsky@tut.by>
Fixes: ddece08bf4 ("kernel: owl-loader: fix sparse endian warnings")
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
This fixes a possible unbalanced dev_hold():
> iw dev bar del
[ 237.355366] unregister_netdevice: waiting for bar to become free. Usage count = 1
[ 247.435362] unregister_netdevice: waiting for bar to become free. Usage count = 1
[ 257.545366] unregister_netdevice: waiting for bar to become free. Usage count = 1
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
This patch adds more disabled DRM config symbols from the
x86' config to the generic target configs. The existing
symbols in the x86' configs are kept for now, until we
know whenever we want to remove such symbols or not
(see Github PR #1831, #1825, #1828).
THis patch also contains a squashed patch from
Daniel Engberg <daniel.engberg.lists@pyret.net> titled
"kernel: Fix config for 4.14" which fixes a duplicated line
added by: commit 8bdc241d01 ("x86: fix geode image builds")
Fixes: 8bdc241d01 ("x86: fix geode image builds")
Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
This patch removes the obsolete touchscreen config symbols
and all disables all remaining ones in the generic config.
Generated by running drivers/input/touchscreen/Kconfig
sed -n 's/^config[[:space:]]\(.*\)/# CONFIG_\1 is not set/p' Kconfig |\
sort -d
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
This patch adds the disabled DRM_RADEON and DRM_AMDGPU
config symbols from the x86' config to the generic target
configs. The existing symbols in the x86' configs are kept
for now, until we know whenever we want to remove such
symbols or not (see Github PR #1831, #1825, #1828).
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
The addition of kmod-input-touchscreen-ads7846 enabled
INPUT_TOUCHSCREEN, which exposes several other symbols on various
targets. Add those symbols to the generic kernel configs to fix build.
Fixes: 77a54bbf13 ("kernel: add kmod-input-touchscreen-ads7846")
Reported-by: Hannu Nyman <hannu.nyman@iki.fi>
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
This module adds support for small TFT LCD display modules. While this
module also exists in the 4.9 kernel, we are not going to support this
kernel in the next major release, so don't make it available for 4.9.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
DRM packages break modules compilation for sunxi target,
cortexa7 and cortexa8 subtargets.
This patch add missing symbol to generic config.
Signed-off-by: Pawel Dembicki <paweldembicki@gmail.com>
CONFIG_USB_IMX21_HCD should be handled in generic config and
module package. So moved it into generic config.
This also fixed build issue (kernel config question) of layerscape
armv8_32b since it also used ARCH_MXC.
Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
[Deactivate CONFIG_USB_IMX21_HCD also for kernel 4.19]
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Enable the built-in BPF JIT compiler for all 4.9, 4.14 and 4.19 kernels,
which should speed up cBPF and eBPF-based packet filtering (tc, iptables)
and packet sniffing (libpcap, tcpdump, fwknopd, etc).
This has minimal kernel size impact, increasing the size of uImage-lzma
(normally ~2 MB on mips_24kc or mips64el_mips64) by 5 KB for the MIPS32
arch cBPF JIT and by 9 KB for the MIPS64 arch eBPF JIT, on kernel 4.14.
With JIT enabled (cBPF only), the standard BPF test module (test_bpf.ko)
running on a DIR-835 (mips_24kc) used 33 CPU seconds, but 68 without JIT.
This change aligns with the notion of OpenWRT as the network go-to swiss
army knife for packet handling, especially on CPU-constrained platforms.
Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
This patch uses nfct_help() to detect whether an established connection
needs conntrack helper instead of using test_bit(IPS_HELPER_BIT,
&ct->status).
The reason for this modification is that IPS_HELPER_BIT is only set when
the conntrack helper is attached by explicit CT target.
However, in the case that a device enables conntrack helper via the other
ways (e.g., command "echo 1 > /proc/sys/net/netfilter/nf_conntrack_helper")
, the status of IPS_HELPER_BIT will not present any change. That means the
IPS_HELPER_BIT might lose the checking ability in the context.
Signed-off-by: HsiuWen Yen <y.hsiuwen@gmail.com>
While preparing 4.19 for imx6 and test building it with
CONFIG_ALL_KMODS=y with verbose mode enabled, I was asked by kernel
config about few missing symbols/modules
Let's add them to the generic config.
Signed-off-by: Petr Štetiar <ynezz@true.cz>
[slight rewrite of commit log]
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
Kernel 4.14.96 got the new configuration option
CIFS_ALLOW_INSECURE_LEGACY which allows to deactivate support for old
and insecure SMB versions like 1.0 and 2.0. Still allow these old SMB
version and fix build problems which occurred because this option was
not defined.
This was found by build bot.
Fixes: 3662157d8b ("kernel: bump 4.14 to 4.14.96")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
upstream commit 802b7c06adc7 ("ARM: cns3xxx: Convert PCI to use generic config accessors")
reimplemented cns3xxx_pci_read_config() using pci_generic_config_read32(),
which preserved the property of only doing 32-bit reads.
It also replaced cns3xxx_pci_write_config() with pci_generic_config_write(),
so it changed writes from always being 32 bits to being the actual size,
which works just fine.
Due to:
- The documentation does not mention that only 32 bit access is allowed.
- Writes are already executed using the actual size
- Extensive testing shows that 8b, 16b and 32b reads work as intended
It makes perfectly sense to also swap 32 bit reading in favor of actual size.
also backport this patch to kernel 4.19
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
