When running OpenWrt inside an LXC container no shell is opend as LXC
defaults to a virtual /dev/console.
This patch allows to enter a shell after starting the container via
`lxc-start`, without it is only posible to access a shell on tty1 via
`lxc-console`.
Signed-off-by: Paul Spooren <mail@aparcar.org>
This activates "Supervisor Mode Access Prevention". modern CPUs will
prevent the kernel code from accessing any data from the userspace
without the usage of copy_to_user() or copy_from_user()
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
CONFIG_BINFMT_MISC allows it to add support for new executable formats
to the kernel from user space, the kernel will then detect for example a
java binary and call the java execution program automatically. I am not
aware that this feature is used in OpenWrt and this could be used to
exploit something. Deactivate it for all targets for now.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
If the target supports a newer kernel version that is not used by default
yet, it can be enabled with this option
Signed-off-by: Felix Fietkau <nbd@nbd.name>
builtin driver can't access the /lib/firmware while booting,
module driver will be able to read and load the firmware files
Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com>
It was previously added in 546fced, which was part of "intel-microcode:
load as early as possible" series.
Unfortunately the conditionals added to GRUB config caused error on boot,
because on sysupgrade, bootloader is not updated and is left with old
features/modules. Since this module is needed for early microcode load
and transition to this needs to be done step by step, enable the test
module now, so that every newly created image has it already embedded.
Signed-off-by: Tomasz Maciej Nowak <tomek_n@o2.pl>
VBoxManage is not used and the image is created with proper permisions:
0f5d0f6 image: use internal qemu-img for vmdk and vdi images drop host
dependencies on qemu-utils and VirtualBox
Unreachable config symbols:
9e0759e x86: merge all geode based subtargets into one
No need to define those symbols since x86_64 is subtarget of x86:
196fb76 x86: make x86_64 a subtarget instead of a standalone target
Unreachable config symbols, so remove GRUB_ROOT:
371b382 x86: remove the xen_domu subtarget
Signed-off-by: Tomasz Maciej Nowak <tomek_n@o2.pl>
This adds initial support for kernel 4.19 to the x86 target.
The patches and the kernel configurations were copied from kernel 4.14
and then refreshed.
The legacy and the genode target will not support PAE any more because
they use a CPU type which does not support PAE, the generic sub target
still supports PAE.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
This refreshes the kernel configuration for kernel 4.14.
First this was run for the legacy target:
make kernel_oldconfig
Then for all targets including the legacy target this was run:
make kernel_oldconfig CONFIG_TARGET=subtarget
The option CONFIG_104_QUAD_8 was added to the generic configuration
because it would have been automatically removed.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
This makes it possible to use different sub target configurations for
kernel 4.19 for example.
To support kernel 4.9 and kernel 4.14 with the same configuration file
already needed some extra work this will not be needed for kernel 4.19
any more.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Gigabit ethernet adapters using BCM5706/5708/5709/5716 chipset are
common on servers and as easy/cheap to get as Intel based ones.
Signed-off-by: Alberto Bursi <alberto.bursi@outlook.it>
Moving binding mount before check for saved sysupgrade configuration
made it unreachable. Fix it by moving binding mount after the check.
Fixes: f78b2616 (x86: mount writable bootfs)
Reported-by: Lucian Cristian <luci@powerneth.ro>
Signed-off-by: Tomasz Maciej Nowak <tomek_n@o2.pl>
Create initrd enries for x86 images, that'll load amd microcode as early
as possible. Also remove the preinit script responsible for late load of
microcode.
Signed-off-by: Tomasz Maciej Nowak <tomek_n@o2.pl>
Create initrd enries for x86 images, that'll load intel microcode as
early as possible. To achieve that the test module for grub is enabled
which provides shell-like conditionals. Also restrict the late load of
microcode to AMD processors.
Signed-off-by: Tomasz Maciej Nowak <tomek_n@o2.pl>
Add files to bootfs image from selected as built-in packages, which want
to install files to targets boot file system.
Signed-off-by: Tomasz Maciej Nowak <tomek_n@o2.pl>
Mount boot file system with rw option to allow installation of packages
which install files to /boot directory.
Signed-off-by: Tomasz Maciej Nowak <tomek_n@o2.pl>
Add out of the box support for 802.11r and 802.11w to all targets not
suffering from small flash.
Signed-off-by: Mathias Kresin <dev@kresin.me>
Mathias did all the heavy lifting on this, but I'm the one who should
get shouted at for committing.
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Compaction is the only memory management component to form high order (larger
physically contiguous) memory blocks reliably. The page allocator relies on
compaction heavily and the lack of the feature can lead to unexpected OOM
killer invocations for high order memory requests. You shouldn't disable this
option unless there really is a strong reason for it.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Signed-off-by: Michal Hrusecky <michal.hrusecky@nic.cz>
Optimized inlining was disabled by default when gcc 4 was still
relatively new. By now, all gcc versions handle this well and there
seems to be no real reason to keep it x86-only.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
This adds a configuration options which is needed now.
Without this patch the geode build will fail.
Fixes: 4eda2fddf2 ("x86/geode: enable X86_INTEL_LPSS to select PINCTRL")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Without UHCI a non-trivial number of machines will have no keyboard
without BIOS assistance.
Add XHCI as well in case there are chipsets which don't support legacy
interfaces, and support PCI OHCI controllers also.
Signed-off-by: Alex Maclean <monkeh@monkeh.net>
THIN_ARCHIVES option is enabled by default in the kernel configuration
and no one target config disables it. So enable it by default and remove
this symbol from target specific configs to keep them light.
Signed-off-by: Sergey Ryazanov <ryazanov.s.a@gmail.com>
New FUTEX_PI configuration symbol enabled if FUTEX and RT_MUTEX symbols
are enabled. Both of these symbols are enabled by default in the
generic config, so enable FUTEX_PI by default too to keep platform
specific configs minimal.
Signed-off-by: Sergey Ryazanov <ryazanov.s.a@gmail.com>
OVERLAY_FS config symbol selects EXPORTFS since 4.12 kernel, we have
OVERLAY_FS enabled by default, so enable EXPORTFS in the generic config
of 4.14 and remove this option from platform specific configs.
Signed-off-by: Sergey Ryazanov <ryazanov.s.a@gmail.com>
DRM_LIB_RANDOM config symbol selected only by DRM_DEBUG_MM_SELFTEST
which is disable by default, so disable DRM_LIB_RANDOM by default too.
Signed-off-by: Sergey Ryazanov <ryazanov.s.a@gmail.com>
These options do not used by any supported arch, so disable them by
default to make arch configs a bit more clean.
Signed-off-by: Sergey Ryazanov <ryazanov.s.a@gmail.com>
Only one arch (x86_64) enables this option. So disable
ARCH_WANTS_THP_SWAP by default and remove referencies to it from all
configs (except x86_64) to make them clean.
Signed-off-by: Sergey Ryazanov <ryazanov.s.a@gmail.com>
Disable CONFIG_EFI_VARS, since it suffers from sysfs limitation (no
support for variable longer than 1024 bytes).
kmod-fs-efivarfs is the replacement of this, which enables mounting
efivarfs file system and doesn't suffer from 1024 bytes limitation.
Signed-off-by: Alif M. Ahmad <alive4ever@live.com>
There is a new APU-model available, APU3. The device is configured in
the same way as the APU1 and APU2, so the same LED/network setup can be
used.
I considered changing the case to pc-engines-apu*, but I chose to follow
the existing pattern and add the full board name.
Signed-off-by: Kristian Evensen <kristian.evensen@gmail.com>
Support for kernel 4.14 was added 2 months ago, make it now the default
kernel to use for the x86 target.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Tested-by: Stijn Segers <francesco.borromini@inventati.org>
This adds support for the new configuration option CONFIG_RETPOLINE and
refreshes the configuration.
Fixes: d8565a06dc ("kernel: bump 4.9 to 4.9.77")
Fixes: 9ddfac8015 ("kernel: bump 4.14 to 4.14.14")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
The KEXEC_FILE symbol exists for X86 since kernel 3.17, and since 4.10
for PPC64. Add it to x86/config-4.9 and to generic/config-4.14.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
While working on a new target (meson), the kernel build failed due to
missing DRM_DEBUG_MM_SELFTEST symbol. This can potentially happen on all
targets that enable DRM drivers in the kernel config or via kmod
packages, so add it to the generic config and remove it from x86
subtarget configs, together with DRM_DEBUG_MM.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Supermicro puts "Super Server" into their product_name DMI value
for a whole slew of products, making this value about as useful
as not having been filled in at all. Instead, fall back on the
board_name instead.
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
There might be other places (such as vendor-supplied preinit scripts)
where we wish to take a DMI name and clean it up in a consistent way,
so make the sed command into a function.
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>