Commit Graph

113 Commits

Author SHA1 Message Date
Hauke Mehrtens
a2662309aa kernel: Enable CONFIG_ARM64_PAN to restrict kernel access to user space memory
Enable the CONFIG_ARM64_PAN kernel security option, which leverages the
ARMv8.1 Privileged Access Never (PAN) extension to prevent the kernel
from directly accessing user space memory.

Instead, copy_to_user and similar functions must be used for data
transfer between kernel and user space. This feature is automatically
disabled at runtime on CPUs without PAN support, making it a no-op in
those cases.

Link: https://github.com/openwrt/openwrt/pull/16189
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2024-08-21 00:21:05 +02:00
Marek Behún
b51abacb5f config: kernel: Add support for configuring BTRFS to be built-in
Add the KERNEL_BTRFS_FS config option so that targets can select
whether BTRFS support must be built-in.

Select this option (alongside KERNEL_BTRFS_FS_POSIX_ACL) from the
layerscape/armv8_64b subtarget instead of enabling it in
target/linux/layerscape/armv8_64b/config-* files.

Move disabling of CONFIG_BTRFS_FS_CHECK_INTEGRITY into generic configs.

This makes it possible for OpenWRT to be built with built-in BTRFS
support on specific boards, instead of whole targets.

Signed-off-by: Marek Behún <kabel@kernel.org>
Link: https://github.com/openwrt/openwrt/pull/15990
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2024-08-15 00:35:17 +02:00
Qingfang Deng
e5dc16e60d kernel: switch crc32 implementation back to default
Commit ec885796c0 switched the crc32 implementation from default to
byte-at-a-time algorithm, which runs slower but consumes less memory.
A decade has passed, and we have already abandoned targets that had
small memory, so switch it back to default for faster speed.

Signed-off-by: Qingfang Deng <qingfang.deng@siflower.com.cn>
2024-08-06 21:52:05 +02:00
Hauke Mehrtens
84d0b0b925 kernel: bump 5.15 to 5.15.157
Removed because they are upstream:
   generic/backport-5.15/741-v6.9-01-netfilter-flowtable-validate-pppoe-header.patch
   https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=linux-5.15.y&id=d06977b9a4109f8738bb276125eb6a0b772bc433

Removed because they are upstream:
   generic/backport-5.15/741-v6.9-02-netfilter-flowtable-incorrect-pppoe-tuple.patch
   https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=linux-5.15.y&id=e719b52d0c56989b0f3475a03a6d64f182c85b56

Manual adapted the following patches:
   generic/pending-5.15/700-netfilter-nft_flow_offload-handle-netdevice-events-f.patch
   generic/pending-5.15/723-net-mt7531-ensure-all-MACs-are-powered-down-before-r.patch

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2024-05-11 18:30:30 +02:00
Hauke Mehrtens
9693ed6a9e kernel: bump 5.15 to 5.15.155
Manual adapted the following patches:
   generic/hack-5.15/221-module_exports.patch
   octeontx/patches-5.15/0004-PCI-add-quirk-for-Gateworks-PLX-PEX860x-switch-with-.patch

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2024-04-16 23:11:25 +02:00
Hauke Mehrtens
fb2c6e9d4d kernel: bump 5.15 to 5.15.153
Removed because they are upstream:
generic/backport-5.15/704-15-v5.19-net-mtk_eth_soc-move-MAC_MCR-setting-to-mac_finish.patch
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=linux-5.15.y&id=c5c0760adc260d55265c086b9efb350ea6dda38b

generic/pending-5.15/735-net-mediatek-mtk_eth_soc-release-MAC_MCR_FORCE_LINK-.patch
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=linux-5.15.y&id=448cc8b5f743985f6d1d98aa4efb386fef4c3bf2

generic/pending-5.15/736-net-ethernet-mtk_eth_soc-fix-PPE-hanging-issue.patch
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=linux-5.15.y&id=9fcadd125044007351905d40c405fadc2d3bb6d6

Add new configuration symbols for tegra target.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2024-03-31 18:34:04 +02:00
Pawel Dembicki
ceee14ea3a kernel: generic: add missing symbol
Found durring 'make kernel_oldconfig'.

Signed-off-by: Pawel Dembicki <paweldembicki@gmail.com>
2024-03-24 21:20:46 +01:00
Zoltan HERPAI
db0d7cf6a1 usb: add cdns3 support
CDNS3 is a SuperSpeed (SS) USB 3.0 Dual-Role-Device (DRD) controller from
Cadence. Add support for this device, and add the required symbols into
the generic configs.

Compile-tested: apm821xx, bcm4908, imx, mpc85xx, pistachio, starfive

Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>
2024-03-10 18:21:41 +01:00
Hauke Mehrtens
cd450923ab kernel: Remove unused schedulers
These schedulers were removed in kernel 5.15.150 and 6.1.180.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2024-03-07 19:30:54 +01:00
Daniel Golle
548c383bdf kernel: move uImage.FIT partition parser to mediatek target
The partition parser approach has been rejected upstream, it will be
replaced by a small block driver which is the solution suggestion by
upstream maintainers.
As the partition parser has only been used by the mediatek target, as
a first step, move it there.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2024-02-15 19:06:36 +00:00
INAGAKI Hiroshi
c6e71b34b2 kernel: add seil-fw mtdsplit driver for IIJ SEIL devices
This mtdsplit parser driver parses firmware partition on Internet
Initiative Japan Inc. (IIJ) SEIL series devices.

Structure of header:

  0x0 - 0x7 : Identifier            (hex)
  0x8 - 0x57: Copyright             (ascii)
 0x58 - 0x5b: Data CRC              (hex)
 0x5c - 0x5f: Image Format Version  (hex)
 0x60 - 0x63: Image Major Version   (hex)
 0x64 - 0x67: Image Minor Version   (hex)
 0x68 - 0x87: Image Release Version (ascii)
 0x88 - 0x8b: Xor value for Data?   (hex)
 0x8c - 0x8f: Data Length           (hex)

Properties:

- compatible      : "iij,seil-firmware"
- iij,seil-id     : ID of SEIL firmware for the device (8 bytes)
  - examples:
    - SA-W2       : <0x5345494c 0x32303135> ("SEIL2015")
    - SEIL/X1     : <0x5345494c 0x2F582020> ("SEIL/X  ")
- iij,bootdev-name: boot device name assigned to the partition
                    (optional)

Signed-off-by: INAGAKI Hiroshi <musashino.open@gmail.com>
2023-10-31 14:02:01 +01:00
John Audia
64782497db kernel: bump 5.15 to 5.15.126
1. Disable unneeded errata Kconfig symbols
2. Update kernel

Changelog: https://lore.kernel.org/stable/2023081111-unlocking-synopsis-d7d5@gregkh/

All patches automatically rebased.

Build system: x86_64
Build-tested: ramips/tplink_archer-a6-v3
Run-tested: ramips/tplink_archer-a6-v3

Signed-off-by: John Audia <therealgraysky@proton.me>
2023-08-13 13:03:43 +02:00
Christian Svensson
c170fc78ba kernel: remove CRYPTO_BLAKE2S from all >=5.15
This option was removed from upstream kernel back in 2022.
See commits:
 2d16803c562ecc644803d42ba98a8e0aef9c014e (>=6.0)
 3dd33a09f5dc12ccb0902923c4c784eb0f8c7554 (>=5.15.61 backport)

Signed-off-by: Christian Svensson <blue@cmd.nu>
2023-07-08 16:54:01 +02:00
Koen Vandeputte
02c1acbfba kernel: add missing symbols in 5.15
Found these while playing with video pci media adapter support

Signed-off-by: Koen Vandeputte <koen.vandeputte@citymesh.com>
2023-07-07 08:20:59 +02:00
Petr Štetiar
ce8c639a6c
kernel: introduce KERNEL_WERROR config option
In commit b2d1eb717b ("generic: 5.15: enable Werror by default for
kernel compile") CONFIG_WERROR=y was enabled and all warnings/errors
reported with GCC 12 were fixed.

Keeping this in sync with past/future GCC versions is going to be uphill
battle, so lets introduce new KERNEL_WERROR config option, enable it by
default only for tested/known working combinations and on buildbots.

References: #12687
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2023-07-04 07:14:22 +02:00
John Audia
fc3383a558 kernel: add CONFIG_DRM_RCAR_USE_LVDS is not set
Added missing symbol.

Signed-off-by: John Audia <therealgraysky@proton.me>
2023-06-12 20:39:38 +02:00
Christian Marangi
0a4b309f41
generic: backport initial LEDs hw control support
Backport initial LEDs hw control support. Currently this is limited to
only rx/tx and link events for the netdev trigger but the API got
accepted and the additional modes are working on and will be backported
later.

Refresh every patch and add the additional config flag for QCA8K new
LEDs support.

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
2023-06-06 11:01:31 +02:00
Hauke Mehrtens
16a20512d8
kernel: Set CONFIG_FRAME_WARN depending on target
This set the CONFIG_FRAME_WARN option depending on some target settings.
It will use the default from the upstream kernel and not the hard coded
value of 1024 now.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2023-06-02 11:19:32 +02:00
Christian Lamparter
fd9dc10530 apm821xx: make ata-dwc as a standalone module
In order to cut down on the Netgear WNDR4700, the ata
driver can be outsourced. This helps other apm821xx
devices too to save up on kernel size (~200 kb).

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2023-05-30 01:58:20 +02:00
Tony Ambardar
c2d194a34e kernel: enable (ARM|ARM64)_MODULE_PLTS in generic config
This allows loading modules with large memory requirements, recently needed
while testing on armvirt/32. Past forum discussions [1] and bug reports [2]
also raised this and the ipq806x target already set it in response [3].
Given this increases kernel image size by only ~1KB, is generally useful on
multi-platform kernels, and enabled by default on upstream arm32 Linux, add
it to the generic config.

The setting has similar utility on arm64, is a requirement for KASLR, and
already enabled on most OpenWrt aarch64 targets, so pull this into the
top-level generic config.

[1]: https://forum.openwrt.org/t/vmap-allocation-for-size-442368-failed-use-vmalloc-size-to-increase-size/34545/7
[2]: https://github.com/openwrt/openwrt/issues/8282
[3]: f81e148eb6 ("ipq806x: update 4.19 kernel config").

Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
2023-05-23 05:49:46 -07:00
Aleksander Jan Bajkowski
4f197f9134
kernel: sort generic configuration
This was done by executing these commands:

$ ./scripts/kconfig.pl '+' target/linux/generic/config-5.15 /dev/null > target/linux/generic/config-5.15-new
$ mv target/linux/generic/config-5.15-new target/linux/generic/config-5.15

$ ./scripts/kconfig.pl '+' target/linux/generic/config-6.1 /dev/null > target/linux/generic/config-6.1-new
$ mv target/linux/generic/config-6.1-new target/linux/generic/config-6.1

Signed-off-by: Aleksander Jan Bajkowski <olek2@wp.pl>
2023-05-23 14:26:07 +02:00
Tiago Gaspar
3f99b2b3f7 kernel: net: add support for kernel tls
Add ktls (Kernel TLS) kmods to enable TLS support
in kernel (allowing TLS offload when the network
card supports it)

Signed-off-by: Tiago Gaspar <tiagogaspar8@gmail.com>
(added disabled symbols)
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2023-05-20 15:19:14 +02:00
Christian Marangi
b2d1eb717b
generic: 5.15: enable Werror by default for kernel compile
From 5.15 and up linux kernel introduced CONFIG_WERROR to flag any
warning as error. To improve code quality, enable this by default to
catch any warning and fix it.

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
2023-05-12 03:15:32 +02:00
Nick Hainke
bbc7de3b16
generic: 5.15: remove outdated symbols
Remove symbols that are no longer present in 5.15:
- CONFIG_CRYPTO_RMD128
- CONFIG_CRYPTO_RMD256
- CONFIG_CRYPTO_RMD320
- CONFIG_CRYPTO_SALSA20
- CONFIG_CRYPTO_TGR192
- CONFIG_RAW_DRIVER
- CONFIG_ENABLE_MUST_CHECK

Signed-off-by: Nick Hainke <vincent@systemli.org>
2023-05-05 15:48:21 +02:00
Tony Ambardar
3980dfcd05 kernel: fix handling of CONFIG_DYNAMIC_DEBUG
Since CONFIG_DYNAMIC_DEBUG is already managed via the KERNEL_DYNAMIC_DEBUG
setting in Config-kernel.in (default N), remove or disable it in target
configs which unconditionally enable it, along with the related setting
CONFIG_DYNAMIC_DEBUG_CORE. This saves several KB in the kernels for
ipq40xx, ipq806x, filogic, mt7622, qoriq, and sunxi.

Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
2023-05-03 10:26:17 -07:00
Hauke Mehrtens
467aa08f8a
kernel: Activate CONFIG_SLAB_FREELIST_RANDOM
This activates CONFIG_SLAB_FREELIST_RANDOM.
This option make the free list less predictable. This makes it harder to
exploit heap based security vulnerabilities.

This adds a little bit more code to the kernel and a small additional
compute overhead.

This option is activated in Debian by default.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2023-05-03 15:13:26 +02:00
Hauke Mehrtens
1f41b6bb83 kernel: Activate CONFIG_SCHED_STACK_END_CHECK
This activates the CONFIG_SCHED_STACK_END_CHECK option.

The kernel will check if the kernel stack overflowed in the schedule()
function. This just adds a very small computational overhead.

This option is activated in Debian by default.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2023-04-29 12:40:10 +02:00
Hauke Mehrtens
ff536eca58 kernel: Activate CONFIG_SLAB_FREELIST_HARDENED
This activates some extra checks in SLAB or SLUB to make it harder to
execute kernel heap exploits. This adds a minor performance
degradation which I haven't measured-.

Many mainstream Linux distributions also activate this option.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2023-04-29 12:38:09 +02:00
Hauke Mehrtens
2bab7d273e kernel: Initialize RNG using CPU RNG and bootloader
This activates the following kernel options by default:
* CONFIG_RANDOM_TRUST_CPU
* CONFIG_RANDOM_TRUST_BOOTLOADER

With these option Linux will also use data from the CPU RNG e.g. RDRAND
and the bootloader to initialize the Linux RNG if such sources are
available.
These random bits are used in addition to the other sources, no other
sources are getting deactivated. I read that the Chacha mixer isn't
vulnerable to injected entropy, so this should not be a problem even if
these sources might inject bad random data.

The Linux kernel suggests to activate both options, Debian also
activates them. This does not increase kernel code size.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2023-04-29 12:35:44 +02:00
Álvaro Fernández Rojas
f5adc5bafb kernel: disable CONFIG_HW_RANDOM_BCM2835
This HW RNG is present on some Broadcom 63XX SoCs, but not all of them.

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2023-04-10 10:04:08 +02:00
Rafał Miłecki
323072f3a6 kernel: backport NVMEM patches queued for the v6.4
They add NVMEM layouts support. It allows handling NVMEM content
independently of NVMEM device access.

Skip U-Boot env data patch for now as it break our downstream MAC hacks.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2023-04-06 12:13:22 +02:00
Kazuki H
0d0928f587
kernel: Update MGLRU patchset
The current patches are old, update them from mainline.
Backports taken from https://github.com/yuzhaogoogle/linux/commits/mglru-5.15

Tested-by: Kazuki H <kazukih0205@gmail.com> #mt7622/Linksys E8450 UBI
Signed-off-by: Kazuki H <kazukih0205@gmail.com>
2023-03-27 14:16:10 +02:00
Koen Vandeputte
fe69010b1d kernel: add missing symbols in 5.15
Found these while playing around with video support

Signed-off-by: Koen Vandeputte <koen.vandeputte@citymesh.com>
2023-03-21 16:38:23 +01:00
Hauke Mehrtens
b844716158 kernel: Add CONFIG_KERNEL_HARDLOCKUP_DETECTOR
Make it possible to change the kernel configuration option
CONFIG_HARDLOCKUP_DETECTOR from OpenWrt.

Signed-off-by: Hauke Mehrtens <hmehrtens@maxlinear.com>
2023-03-19 18:44:46 +01:00
Hauke Mehrtens
0f5ba14791 kernel: Deactivate options shown with CONFIG_KERNEL_KCOV=y
This sets the CONFIG_KCOV_IRQ_AREA_SIZE kernel configuration option to its default value.
This is shown when I set CONFIG_KERNEL_KCOV=y in the OpenWrt configuration on x86/64.

Signed-off-by: Hauke Mehrtens <hmehrtens@maxlinear.com>
2023-03-19 18:44:46 +01:00
Hauke Mehrtens
2213bf5e83 kernel: Deactivate options shown with CONFIG_KERNEL_KASAN=y
This deactivates some kernel configuration options I see when
CONFIG_KERNEL_KASAN=y is set in the OpenWrt configuration on x86/64.

Set CONFIG_STACK_HASH_ORDER to its default value.

Signed-off-by: Hauke Mehrtens <hmehrtens@maxlinear.com>
2023-03-19 18:44:46 +01:00
Hauke Mehrtens
85661be9df kernel: Set some options to default shown with CONFIG_KERNEL_UBSAN=y
This sets some kernel configuration options to their default values. I saw
these as warnings when I set CONFIG_KERNEL_UBSAN=y is set in the OpenWrt
configuration on x86/64.

Signed-off-by: Hauke Mehrtens <hmehrtens@maxlinear.com>
2023-03-19 18:44:46 +01:00
Hauke Mehrtens
2d5b761838 kernel: Deactivate options shown with CONFIG_KERNEL_DYNAMIC_FTRACE=y
This deactivates some kernel configuration options I see when
CONFIG_KERNEL_DYNAMIC_FTRACE=y is set in the OpenWrt configuration on x86/64.

Signed-off-by: Hauke Mehrtens <hmehrtens@maxlinear.com>
2023-03-19 18:44:46 +01:00
Hauke Mehrtens
e291a38d7f kernel: Deactivate options shown with CONFIG_KERNEL_HIST_TRIGGERS=y
This deactivates some kernel configuration options I see when
CONFIG_KERNEL_HIST_TRIGGERS=y is set in the OpenWrt configuration on x86/64.

Signed-off-by: Hauke Mehrtens <hmehrtens@maxlinear.com>
2023-03-19 18:44:46 +01:00
Hauke Mehrtens
e850045c76 kernel: Deactivate options shown with CONFIG_KERNEL_DEBUG_VIRTUAL=y
This deactivates some kernel configuration options I see when
CONFIG_KERNEL_DEBUG_VIRTUAL=y is set in the OpenWrt configuration on x86/64.

Signed-off-by: Hauke Mehrtens <hmehrtens@maxlinear.com>
2023-03-19 18:44:46 +01:00
Hauke Mehrtens
582f6fb8cd kernel: Deactivate options shown with CONFIG_KERNEL_DEBUG_VM=y
This deactivates some kernel configuratoion options I see when
CONFIG_KERNEL_DEBUG_VM=y is set in the OpenWrt configuration on x86/64.

Signed-off-by: Hauke Mehrtens <hmehrtens@maxlinear.com>
2023-03-19 18:44:46 +01:00
John Audia
fbfec3286e kernel: tcindex classifier has been retired
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/net/sched?h=v5.15.100&id=7c183dc0af472dec33d2c0786a5e356baa8cad19

Signed-off-by: John Audia <therealgraysky@proton.me>
2023-03-18 12:48:27 +01:00
Nick Hainke
7c5e847827 kernel: move CONFIG_PAGE_POOL to generic
Move "# CONFIG_PAGE_POOL is not set" to generic.

Suggested-by: Hauke Mehrtens <hauke@hauke-m.de>
Signed-off-by: Nick Hainke <vincent@systemli.org>
2023-03-04 10:20:58 +01:00
Hauke Mehrtens
218f425b61 kernel: Add CONFIG_PPC_QUEUED_SPINLOCKS configuration option
The CONFIG_PPC_QUEUED_SPINLOCKS configuration option is not defined for
kernel 5.15, it is defined for kernel 5.10.

This fixes the compilation of mpc85xx/p2020 with kernel 5.15.

Reviewed-by: Robert Marko <robimarko@gmail.com>
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2023-02-23 22:22:27 +01:00
Tony Butler
a7f3a51982 kernel: add kmod-lib-842
"842" is a compression scheme and this is the software implementation
which is too slow to really use beyond a proof of concept.  It can be
selected in ZRAM, ZSWAP, or `fs/pstore`, and is here for completeness.
In general you need a Power8 or better with 842-in-hardware for it to
be fast, but other 842-accelerators are emerging.

Signed-off-by: Tony Butler <spudz76@gmail.com>
2023-01-28 21:19:17 +01:00
Robert Marko
4359d10b01 kernel: 5.15: add missing kernel configuration options
Found during compilation of ipq807x with ALL_NONSHARED.

Signed-off-by: Robert Marko <robimarko@gmail.com>
2023-01-16 12:42:23 +01:00
Hauke Mehrtens
92eb787d08 kernel: Move CONFIG_PWM_IMG and CONFIG_PWM_MEDIATEK to generic configuration
In the build of the ramips/mt76x8 target the user gets asked about these
two configuration options, add them to the generic kernel configuration.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2022-12-23 00:43:33 +01:00
Hauke Mehrtens
259c014555 kernel: Move CONFIG_DRM_XEN_FRONTEND to generic configuration
The CONFIG_DRM_XEN_FRONTEND configuration symbol is also used by the
layerscape target, move it to the generic kernel configuration.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2022-12-23 00:43:23 +01:00
Hauke Mehrtens
f620eb70f1 kernel: Add missing kernel configuration options
This fixes compile of the bmips target.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2022-12-21 15:15:00 +01:00
Hauke Mehrtens
fbd5573dca kernel: Reorder kernel configuration options
./scripts/kconfig.pl '+' target/linux/generic/config-5.10 /dev/null > target/linux/generic/config-5.10-new
mv target/linux/generic/config-5.10-new target/linux/generic/config-5.10

./scripts/kconfig.pl '+' target/linux/generic/config-5.15 /dev/null > target/linux/generic/config-5.15-new
mv target/linux/generic/config-5.15-new target/linux/generic/config-5.15

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2022-12-21 15:14:51 +01:00