This code was marked as incompatible to Linux 4.4 well over a year ago
and nobody cared, and now it's breaking builds.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
The xt_id match was used by the firewall3 package to track its own rules but
the approach has been changed to use xt_comment instead now, so we can drop
this nonstandard extension.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Add fix for CVE-2016-5195 to kernel 3.18 and 4.1.
Kernel 4.4 is already fixed since version 4.4.26 which was committed in
32c28a78f798dffb983a7f00342b471e5e4ac177.
Patches taken from Sasha Levin's linux-stable git tree:
http://git.kernel.org/cgit/linux/kernel/git/sashal/linux-stable.git/
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Refresh patches for all targets supporting 3.18 and not marked broken.
Compile-tested on all targets using 3.18 and not marked broken.
Changes to generic/610-netfilter_match_bypass_default_checks.patch based
on 84d489f64f3b382d5544e342f66d8806e94e85d3.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Yue Cao claims that current host rate limiting of challenge ACKS
(RFC 5961) could leak enough information to allow a patient attacker
to hijack TCP sessions. He will soon provide details in an academic
paper.
Backports upstream commit 75ff39ccc1bd5d3c455b6822ab09e533c551f758
to the used LEDE kernel versions.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
With that patch in place for initramfs no additional options are
reported for "/" partition. What's really important is missing
info about sizes. Which in its turn makes opkg think that there's
no space on "/" partition to install software.
I understand that's a sort of corner-case, people rarely install
packages on ramfs but anyways why not?
Just in case that's what I see with the patch:
---------------------->8--------------------
root@lede:/# cat /proc/mounts
rootfs / rootfs rw 0 0
proc /proc proc rw,nosuid,nodev,noexec,noatime 0 0
sysfs /sys sysfs rw,nosuid,nodev,noexec,noatime 0 0
tmpfs /tmp tmpfs rw,nosuid,nodev,noatime 0 0
tmpfs /dev tmpfs rw,nosuid,relatime,size=512k,mode=755 0 0
devpts /dev/pts devpts rw,nosuid,noexec,relatime,mode=600 0 0
debugfs /sys/kernel/debug debugfs rw,noatime 0 0
---------------------->8--------------------
And without:
---------------------->8--------------------
root@lede:/# cat /proc/mounts
rootfs / rootfs rw,size=256168k,nr_inodes=32021 0 0
proc /proc proc rw,nosuid,nodev,noexec,noatime 0 0
sysfs /sys sysfs rw,nosuid,nodev,noexec,noatime 0 0
tmpfs /tmp tmpfs rw,nosuid,nodev,noatime 0 0
tmpfs /dev tmpfs rw,nosuid,relatime,size=512k,mode=755 0 0
devpts /dev/pts devpts rw,nosuid,noexec,relatime,mode=600 0 0
debugfs /sys/kernel/debug debugfs rw,noatime 0 0
---------------------->8--------------------
Note how different is entry for rootfs.
And given there's no known rationale for that patch we're
getting rid of it.
Signed-off-by: Alexey Brodkin <abrodkin@synopsys.com>
Cc: Jonas Gorski <jonas.gorski@gmail.com>
Cc: Rafał Miłecki <zajec5@gmail.com>
Cc: John Crispin <john@phrozen.org>
Cc: Felix Fietkau <nbd@nbd.name>
The kernel config option CONFIG_NET_UDP_TUNNEL is not visible and can
not directly be activated. When kmod-udptunnel4 or kmod-udptunnel6 are
build these packages could be empty when no other kernel module selects
CONFIG_NET_UDP_TUNNEL.
Reported-by: Baptiste Jonglez <baptiste@bitsofnetworks.org>
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
This patch is already included in the Linux mainline kernel since
v3.15, remove it from LEDE, see the lines directly before this patch.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
This patch was introduced in commit r16412 for the brcm47xx target only
and then moved to generic in commit r32395. It was initially added
because of ticket #5186 and should fix some problems with fuse file
systems and MIPS caches. The commit comment in r32395 says that this a
generic problem in MIPS CPUs, but does not name any specifics about
that. There was a fix added to kernel 2.6.21 in commit commit
7575a49f20 "[MIPS] Implement flush_anon_page()." that should fix this
problem, but that was already available before both commits were done
to OpenWrt.
I just tested fuse with ntfs.3g without this patch on a BCM4704
(BMIPS3300 V0.6) SoC and haven't seen any problems. Someone reported
that removing this patch improves some fuse operations by 5 times on
some modern MIPS cores.
My test was only a simple "dd if=/dev/zero of=/mnt/zero bs=5000" to an
USB stick.
This patch removes the patch to OpenWrt, because I assume that it is
not needed any more and Felix, the orginal author, also thinks so.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
In the upstream kernel and the upstream squashfs4 tools the xz
compression header looks the following:
struct disk_comp_opts {
__le32 dictionary_size;
__le32 flags;
};
We added some other members and also moved some existing members. Place
the members which are already in upstream header at the same position
as in that kernel and add our own at the end. The kernel should not
have a problem when there are some additional members and just ignore
them.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
In kernel 4.7 there is upstreamed b53 driver using (mostly?) the same
symbols as our b53 does. Change our symbols so both drivers can coexist
in kernel tree.
Signed-off-by: Rafał Miłecki <zajec5@gmail.com>
Acked-by: Jonas Gorski <jonas.gorski@gmail.com>
OpenWRT changed the default fq_codel sch->limit from 10240 to 1024,
without also adjusting q->flows_cnt. Eric Dumazet explains below that
you must also adjust the buckets (q->flows_cnt) for this not to break.
Eric explains: Limit of 1024 packets and 1024 flows is not wise I think.
(If all buckets are in use, each bucket has a virtual queue of 1 packet,
which is almost the same than having no queue at all)
I suggest to have at least 8 packets per bucket, to let Codel have a
chance to trigger. So you could either reduce number of buckets to 128
(if memory is tight), or increase limit to 8192.
flows_cnt is now set to 1024/8=128
Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
The function memblock_insert_region() is in the section
__init_memblock, also put crashlog_init_memblock there.
This fixes this section mismatch warning:
The function memblock_insert_region.isra.1() references
the function __meminit crashlog_init_memblock().
This is often because memblock_insert_region.isra.1 lacks a __meminit
annotation or the annotation of crashlog_init_memblock is wrong.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
SVN-Revision: 48931
It was never tested, most likely not working (because of le32_to_cpu)
and not upstreamed.
Signed-off-by: Rafał Miłecki <zajec5@gmail.com>
SVN-Revision: 48060
All supported kernels require patching ledtrig-netdev in the same way,
so it's safe to just move these changes to the base version of this
driver. We needed these patches for some old kernels 2.6.36 and 3.11.
Signed-off-by: Rafał Miłecki <zajec5@gmail.com>
SVN-Revision: 47962