Commit Graph

2949 Commits

Author SHA1 Message Date
HsiuWen Yen
ac04be82c4 netfilter: fix crash in flow offload by adding netns support
Commit fcb41decf6 ("config: enable some useful features on
!SMALL_FLASH devices") enabled netns, which in turn lead to the crash in
the flow offload target.

When the flow offloading framework intends to delete a flow from the
hardware table, it is necessary to retrieve the namespace from
nf_flowtable->ft_net. However, no one ever wrote the namespace into
nf_flowtable->ft_net in advance. So the framework will mistakenly use a
NULL namespace to execute dev_get_by_index_rcu(net, ifindex), leading to
the kernel panic.

Ref: FS#2321
Fixes: fcb41decf6 ("config: enable some useful features on !SMALL_FLASH devices")
Tested-by: Simon Tretter <simon@mediaarchitectu.re>
Signed-off-by: HsiuWen Yen <y.hsiuwen@gmail.com>
[merged patch into offload patch, fix for 4.19, SOB fix, commit subj/msg touches]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry-picked from commit d344591e72)
2019-09-26 10:22:13 +02:00
Koen Vandeputte
8a26f2a0a1 kernel: bump 4.14 to 4.14.146
Refreshed all patches.

Fixes:
- CVE-2019-14814
- CVE-2019-14815
- CVE-2019-14816
- CVE-2019-14821

Compile-tested on: ar71xx, cns3xxx, imx6, x86_64
Runtime-tested on: ar71xx, cns3xxx, imx6

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-09-24 12:52:52 +02:00
Etienne Champetier
d897b32139 kernel: add disable_eap_hack sysfs attribute
We are not sure if 640-bridge-only-accept-EAP-locally.patch is still needed
as a first step, add disable_eap_hack sysfs config to allow to disable it

Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
(cherry picked from commit 7d542dc804)
2019-09-23 07:42:46 +02:00
Koen Vandeputte
cd96cdaa60 kernel: bump 4.14 to 4.14.145
Refreshed all patches.

Compile-tested on: ar71xx, cns3xxx, imx6, x86_64
Runtime-tested on: ar71xx, cns3xxx, imx6

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-09-20 15:52:25 +02:00
Koen Vandeputte
d14aa19904 kernel: bump 4.14 to 4.14.144
Refreshed all patches.

Altered patches:
- 816-pcie-support-layerscape.patch

Fixes:
- CVE-2019-15030

Compile-tested on: ar71xx, cns3xxx, imx6, x86_64
Runtime-tested on: ar71xx, cns3xxx, imx6

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-09-20 13:16:45 +02:00
Koen Vandeputte
cf3b50377e ar71xx: make IRQ fixes target specific
Move the IRQ fix from generic to ar71xx specific.
Other targets like ath79 have specific pathes to delete this code.
This resulted in a build failure on ath79

Fixes: 00d48bcac0 ("ar71xx: Fix potentially missed IRQ handling during
dispatch")

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-09-14 17:10:41 +02:00
Koen Vandeputte
ca3c7a8868 ar71xx: Fix potentially missed IRQ handling during dispatch
If both interrupts are set in the current implementation
only the 1st will be handled and the 2nd will be skipped
due to the "if else" condition.

Fix this by using the same approach as done for QCA955x
just below it.

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-09-13 16:39:44 +02:00
Koen Vandeputte
63c0a08d49 kernel: bump 4.14 to 4.14.143
Refreshed all patches.

Remove upstreamed:
- 390-v5.3-net-sched-fix-action-ipt-crash.patch

Compile-tested on: ar71xx, cns3xxx, imx6, x86_64
Runtime-tested on: ar71xx, cns3xxx, imx6

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-09-13 16:39:44 +02:00
Cong Wang
16985d2aab kernel: net_sched: fix a NULL pointer deref in ipt action
The net pointer in struct xt_tgdtor_param is not explicitly
initialized therefore is still NULL when dereferencing it.
So we have to find a way to pass the correct net pointer to
ipt_destroy_target().

The best way I find is just saving the net pointer inside the per
netns struct tcf_idrinfo, which could make this patch smaller.

Fixes: 0c66dc1ea3f0 ("netfilter: conntrack: register hooks in netns when needed by ruleset")
Reported-and-tested-by: Tony Ambardar <itugrok@xxxxxxxxx>
Cc: Jamal Hadi Salim <jhs@xxxxxxxxxxxx>
Cc: Jiri Pirko <jiri@xxxxxxxxxxx>
Signed-off-by: Cong Wang <xiyou.wangcong@gmail.com>

[Backport for kernel v4.19 and v4.14]
[Bug Link: https://bugzilla.kernel.org/show_bug.cgi?id=204681]
Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
(cherry picked from commit 7735cce0c5)
2019-09-08 17:42:39 +02:00
Koen Vandeputte
9e837873e7 kernel: bump 4.14 to 4.14.140
Refreshed all patches.

Compile-tested on: cns3xxx
Runtime-tested on: cns3xxx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-08-28 13:09:41 +02:00
Koen Vandeputte
8fba3ebe88 kernel: bump 4.14 to 4.14.139
Refreshed all patches.

Also add a missing symbol for x86 which got used now in this bump.
- ISCSI_IBFT

Compile-tested on: cns3xxx, x86_64
Runtime-tested on: cns3xxx, x86_64

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-08-27 10:31:06 +02:00
Hauke Mehrtens
6db454e9b6 kernel: Activate CONFIG_OPTIMIZE_INLINING
This will reduce the size of the kernel if CONFIG_CC_OPTIMIZE_FOR_SIZE is
set like for all targets with small_flash feature flag.
I haven't seen any changes for an ARM64 target which optimizes the
kernel for speed instead.

On the ath79/tiny target the uncompressed kernel size was reduced by
3.2% and the compressed kernel size by 2.1%

kernel size with CONFIG_OPTIMIZE_INLINING=n
4346412 build_dir/target-mips_24kc_musl/linux-ath79_tiny/vmlinux
1391169 build_dir/target-mips_24kc_musl/linux-ath79_tiny/tplink_tl-wr941-v4-kernel.bin

Kernel size with CONFIG_OPTIMIZE_INLINING=y
4212396 build_dir/target-mips_24kc_musl/linux-ath79_tiny/vmlinux
1362051 build_dir/target-mips_24kc_musl/linux-ath79_tiny/tplink_tl-wr941-v4-kernel.bin

This change is currently pending for kernel 5.2 and already in
linux-next, this updates our patch to match the upstream version.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 6dac1c0a9b)
2019-08-17 00:18:29 +02:00
Koen Vandeputte
bc138c5b72 kernel: bump 4.14 to 4.14.138
Refreshed all patches.

Compile-tested on: cns3xxx
Runtime-tested on: cns3xxx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-08-14 18:24:11 +02:00
Koen Vandeputte
33af038bec kernel: bump 4.14 to 4.14.137
Refreshed all patches.

Compile-tested on: cns3xxx
Runtime-tested on: cns3xxx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-08-09 18:32:38 +02:00
Koen Vandeputte
bcbc7ba768 kernel: bump 4.14 to 4.14.136
Refreshed all patches.

Altered patches:
- 306-v4.16-netfilter-remove-saveroute-indirection-in-struct-nf_.patch

Remove upstreamed:
- 100-powerpc-4xx-uic-clear-pending-interrupt-after-irq-ty.patch
- 088-0002-i2c-qup-fixed-releasing-dma-without-flush-operation.patch
- 500-arm64-dts-marvell-Fix-A37xx-UART0-register-size.patch

Fixes:
- CVE-2019-13648
- CVE-2019-10207

Compile-tested on: ar71xx, cns3xxx, imx6, x86_64
Runtime-tested on: ar71xx, cns3xxx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-08-06 11:54:50 +02:00
Koen Vandeputte
4fd61b6220 kernel: bump 4.14 to 4.14.134
Refreshed all patches.

Remove upstreamed:
- 049-v4.20-mips-remove-superfluous-check-for-linux.patch

Fixes:
- CVE-2019-3846
- CVE-2019-3900

Compile-tested on: ar71xx, cns3xxx, imx6, x86_64
Runtime-tested on: ar71xx, cns3xxx, imx6

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-07-31 16:56:19 +02:00
Fredrik Olofsson
955b393cf0 kernel: cherry pick patch removing __linux__ check
This is already included in newer upstream. Needed to build BPF programs
using the MIPS kernel include files.

Without this patch, clang fails with "#error Use a Linux compiler or
give up." in sgidefs.h when building BPF programs.

Signed-off-by: Fredrik Olofsson <fredrik.olofsson@anyfinetworks.com>
(cherry-picked from commit 7d96c301d6)
2019-07-10 18:05:32 +02:00
Koen Vandeputte
7f4510a251 kernel: bump 4.14 to 4.14.132
Refreshed all patches.

Compile-tested on: cns3xxx
Runtime-tested on: cns3xxx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-07-09 17:02:09 +02:00
Koen Vandeputte
eee336ee4a kernel: bump 4.14 to 4.14.130
Refreshed all patches.

Compile-tested on: cns3xxx
Runtime-tested on: cns3xxx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-06-25 16:48:50 +02:00
Koen Vandeputte
b8fc9c1580 kernel: bump 4.14 to 4.14.129
Refreshed all patches.

Compile-tested on: cns3xxx
Runtime-tested on: cns3xxx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-06-24 16:40:01 +02:00
Kevin Darbyshire-Bryant
7888adb0aa kernel: update act_ctinfo
Follow upstream changes - header file changes
no executable  difference at all

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
(cherry picked from commit 5273fb6b21)
2019-06-20 21:18:19 +01:00
Koen Vandeputte
9ed98198cb kernel: bump 4.14 to 4.14.128
Refreshed all patches.

Compile-tested on: cns3xxx
Runtime-tested on: cns3xxx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-06-20 15:50:00 +02:00
Koen Vandeputte
17fc5375f0 kernel: bump 4.14 to 4.14.127
Refreshed all patches.

Fixes:

- CVE-2019-11479
- CVE-2019-11478
- CVE-2019-11477

Compile-tested on: cns3xxx
Runtime-tested on: cns3xxx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-06-18 14:49:13 +02:00
Koen Vandeputte
c26420b914 kernel: bump 4.14 to 4.14.126
Refreshed all patches.

Altered patches:
- 816-pcie-support-layerscape.patch

This patch also restores the initial implementation
of the ath79 perfcount IRQ issue. (78ee6b1a40)
It was wrongfully backported upstream initially and got reverted now.

Compile-tested on: cns3xxx
Runtime-tested on: cns3xxx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2019-06-18 11:41:38 +02:00
Rafał Miłecki
4fce09c1ec kernel: backport 4.18 patch adding DMI_PRODUCT_SKU
It's needed for applying some hardware quirks. This fixes:
drivers/net/wireless/broadcom/brcm80211/brcmfmac/dmi.c:60:20: error: 'DMI_PRODUCT_SKU' undeclared here (not in a function); did you mean 'DMI_PRODUCT_UUID'?
    DMI_EXACT_MATCH(DMI_PRODUCT_SKU, "T8"),

Fixes: c52054e568 ("mac80211: brcm: backport remaining brcmfmac 5.2 patches")
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit 4d11c4c378)
2019-06-17 06:57:09 +02:00
Mantas Pucka
8386f975a9 kernel: mt29f_spinand: fix memory leak during page program
Memory is allocated with devm_kzalloc() on every page program
and leaks until device is closed (which never happens).

Convert to kzalloc() and handle error paths manually.

Signed-off-by: Mantas Pucka <mantas@8devices.com>
2019-06-15 00:27:08 +02:00
Koen Vandeputte
4089df4f4b kernel: bump 4.14 to 4.14.125 (FS#2305 FS#2297)
Refreshed all patches.

This bump contains upstream commits which seem to avoid (not properly fix)
the errors as seen in FS#2305 and FS#2297

Altered patches:
- 403-net-mvneta-convert-to-phylink.patch
- 410-sfp-hack-allow-marvell-10G-phy-support-to-use-SFP.patch

Compile-tested on: ar71xx, cns3xxx, imx6, mvebu, x86_64
Runtime-tested on: ar71xx, cns3xxx, imx6, x86_64

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-06-12 15:25:41 +02:00
Daniel Golle
000d400baa kernel: drop everything not on kernel version 4.14
* Remove testing patches for kernel version 4.19
 * remove targets ar7, ixp4xx, orion
Those targets are still on kernel 4.9, patches for 4.14 were not ready
in time. They may be readded once people prepare and test patches for
kernel 4.14.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2019-06-12 01:18:52 +02:00
Christian Lamparter
1e41de2f48 mpc85xx: convert TL-WDR4900 v1 to simpleImage
Converts the TP-Link WDR4900 v1 to use the simpleImage in the
hopes of prolonging the life of the device. While at it,
the patch makes the fdt.bin an ARTIFACT and sets the KERNEL_SIZE
to 2684 KiB as a precaution since the stock u-boot is using a
fixed kernel size.

Note: Give the image some time, it will take much longer to
extract and boot.

[tested for 4.14/4.19]

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
Co-authored-by: Pawel Dembicki <paweldembicki@gmail.com>
Signed-off-by: Pawel Dembicki <paweldembicki@gmail.com>
2019-06-10 11:21:35 +02:00
Chen Minqiang
de1431b589 kernel: re-add bridge allow reception on disabled port
The "bridge allow reception on disabled port" implementation
was broken after these commits:

08802d93e2 ("kernel: bump 4.19 to 4.19.37")
b765f4be40 ("kernel: bump 4.14 to 4.14.114")
456f486b53 ("kernel: bump 4.9 to 4.9.171")

This leads to issues when for example WDS is used, tied to a bridge:

[ 96.503771] wlan1: send auth to d4:5f:25:eb:09:82 (try 1/3)
[ 96.517956] wlan1: authenticated
[ 96.526209] wlan1: associate with d4:5f:25:eb:09:82 (try 1/3)
[ 97.086156] wlan1: associate with d4:5f:25:eb:09:82 (try 2/3)
[ 97.200919] wlan1: RX AssocResp from d4:5f:25:eb:09:82 (capab=0x11 status=0 aid=1)
[ 97.208706] wlan1: associated
[ 101.312913] wlan1: deauthenticated from d4:5f:25:eb:09:82 (Reason: 2=PREV_AUTH_NOT_VALID)

It seems upstream introduced a new patch, [1]
so we have to reimplement these patches properly:

target/linux/generic/pending-4.9/150-bridge_allow_receiption_on_disabled_port.patch
target/linux/generic/pending-4.14/150-bridge_allow_receiption_on_disabled_port.patch
target/linux/generic/pending-4.19/150-bridge_allow_receiption_on_disabled_port.patch

[1] https://lkml.org/lkml/2019/4/24/1228

Fixes: 08802d93e2 ("kernel: bump 4.19 to 4.19.37")
Fixes: b765f4be40 ("kernel: bump 4.14 to 4.14.114")
Fixes: 456f486b53 ("kernel: bump 4.9 to 4.9.171")
Signed-off-by: Chen Minqiang <ptpt52@gmail.com>
[updated commit message and title]
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-06-07 18:22:20 +02:00
Kevin Darbyshire-Bryant
b8a72dfd28 kernel: backport act_ctinfo
ctinfo is a new tc filter action module.  It is designed to restore
information contained in firewall conntrack marks to other packet fields
and is typically used on packet ingress paths.  At present it has two
independent sub-functions or operating modes, DSCP restoration mode &
skb mark restoration mode.

The DSCP restore mode:

This mode copies DSCP values that have been placed in the firewall
conntrack mark back into the IPv4/v6 diffserv fields of relevant
packets.

The DSCP restoration is intended for use and has been found useful for
restoring ingress classifications based on egress classifications across
links that bleach or otherwise change DSCP, typically home ISP Internet
links.  Restoring DSCP on ingress on the WAN link allows qdiscs such as
but by no means limited to CAKE to shape inbound packets according to
policies that are easier to set & mark on egress.

Ingress classification is traditionally a challenging task since
iptables rules haven't yet run and tc filter/eBPF programs are pre-NAT
lookups, hence are unable to see internal IPv4 addresses as used on the
typical home masquerading gateway.  Thus marking the connection in some
manner on egress for later restoration of classification on ingress is
easier to implement.

Parameters related to DSCP restore mode:

dscpmask - a 32 bit mask of 6 contiguous bits and indicate bits of the
conntrack mark field contain the DSCP value to be restored.

statemask - a 32 bit mask of (usually) 1 bit length, outside the area
specified by dscpmask.  This represents a conditional operation flag
whereby the DSCP is only restored if the flag is set.  This is useful to
implement a 'one shot' iptables based classification where the
'complicated' iptables rules are only run once to classify the
connection on initial (egress) packet and subsequent packets are all
marked/restored with the same DSCP.  A mask of zero disables the
conditional behaviour ie. the conntrack mark DSCP bits are always
restored to the ip diffserv field (assuming the conntrack entry is found
& the skb is an ipv4/ipv6 type)

e.g. dscpmask 0xfc000000 statemask 0x01000000

|----0xFC----conntrack mark----000000---|
| Bits 31-26 | bit 25 | bit24 |~~~ Bit 0|
| DSCP       | unused | flag  |unused   |
|-----------------------0x01---000000---|
      |                   |
      |                   |
      ---|             Conditional flag
         v             only restore if set
|-ip diffserv-|
| 6 bits      |
|-------------|

The skb mark restore mode (cpmark):

This mode copies the firewall conntrack mark to the skb's mark field.
It is completely the functional equivalent of the existing act_connmark
action with the additional feature of being able to apply a mask to the
restored value.

Parameters related to skb mark restore mode:

mask - a 32 bit mask applied to the firewall conntrack mark to mask out
bits unwanted for restoration.  This can be useful where the conntrack
mark is being used for different purposes by different applications.  If
not specified and by default the whole mark field is copied (i.e.
default mask of 0xffffffff)

e.g. mask 0x00ffffff to mask out the top 8 bits being used by the
aforementioned DSCP restore mode.

|----0x00----conntrack mark----ffffff---|
| Bits 31-24 |                          |
| DSCP & flag|      some value here     |
|---------------------------------------|
			|
			|
			v
|------------skb mark-------------------|
|            |                          |
|  zeroed    |                          |
|---------------------------------------|

Overall parameters:

zone - conntrack zone

control - action related control (reclassify | pipe | drop | continue |
ok | goto chain <CHAIN_INDEX>)

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Reviewed-by: Toke Høiland-Jørgensen <toke@redhat.com>
Acked-by: Cong Wang <xiyou.wangcong@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

Make suitable adjustments for backporting to 4.14 & 4.19
and add to SCHED_MODULES_FILTER

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2019-06-06 15:41:07 +01:00
Yangbo Lu
65adf759b5 kernel: handle CFQ_GROUP_IOSCHED/CGROUP_HUGETLB in config-4.14
The generic config-4.14 should handle below configs.
- CONFIG_CFQ_GROUP_IOSCHED
- CONFIG_CGROUP_HUGETLB

Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
2019-06-06 15:40:08 +02:00
Kevin Darbyshire-Bryant
24e09bac48 Revert "kernel: backport act_ctinfo"
This reverts commit 7c50182e0c.

Produces build error:
Package kmod-sched is missing dependencies for the following libraries:
nf_conntrack.ko

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2019-06-06 10:45:15 +01:00
Kevin Darbyshire-Bryant
7c50182e0c kernel: backport act_ctinfo
ctinfo is a new tc filter action module.  It is designed to restore
information contained in firewall conntrack marks to other packet fields
and is typically used on packet ingress paths.  At present it has two
independent sub-functions or operating modes, DSCP restoration mode &
skb mark restoration mode.

The DSCP restore mode:

This mode copies DSCP values that have been placed in the firewall
conntrack mark back into the IPv4/v6 diffserv fields of relevant
packets.

The DSCP restoration is intended for use and has been found useful for
restoring ingress classifications based on egress classifications across
links that bleach or otherwise change DSCP, typically home ISP Internet
links.  Restoring DSCP on ingress on the WAN link allows qdiscs such as
but by no means limited to CAKE to shape inbound packets according to
policies that are easier to set & mark on egress.

Ingress classification is traditionally a challenging task since
iptables rules haven't yet run and tc filter/eBPF programs are pre-NAT
lookups, hence are unable to see internal IPv4 addresses as used on the
typical home masquerading gateway.  Thus marking the connection in some
manner on egress for later restoration of classification on ingress is
easier to implement.

Parameters related to DSCP restore mode:

dscpmask - a 32 bit mask of 6 contiguous bits and indicate bits of the
conntrack mark field contain the DSCP value to be restored.

statemask - a 32 bit mask of (usually) 1 bit length, outside the area
specified by dscpmask.  This represents a conditional operation flag
whereby the DSCP is only restored if the flag is set.  This is useful to
implement a 'one shot' iptables based classification where the
'complicated' iptables rules are only run once to classify the
connection on initial (egress) packet and subsequent packets are all
marked/restored with the same DSCP.  A mask of zero disables the
conditional behaviour ie. the conntrack mark DSCP bits are always
restored to the ip diffserv field (assuming the conntrack entry is found
& the skb is an ipv4/ipv6 type)

e.g. dscpmask 0xfc000000 statemask 0x01000000

|----0xFC----conntrack mark----000000---|
| Bits 31-26 | bit 25 | bit24 |~~~ Bit 0|
| DSCP       | unused | flag  |unused   |
|-----------------------0x01---000000---|
      |                   |
      |                   |
      ---|             Conditional flag
         v             only restore if set
|-ip diffserv-|
| 6 bits      |
|-------------|

The skb mark restore mode (cpmark):

This mode copies the firewall conntrack mark to the skb's mark field.
It is completely the functional equivalent of the existing act_connmark
action with the additional feature of being able to apply a mask to the
restored value.

Parameters related to skb mark restore mode:

mask - a 32 bit mask applied to the firewall conntrack mark to mask out
bits unwanted for restoration.  This can be useful where the conntrack
mark is being used for different purposes by different applications.  If
not specified and by default the whole mark field is copied (i.e.
default mask of 0xffffffff)

e.g. mask 0x00ffffff to mask out the top 8 bits being used by the
aforementioned DSCP restore mode.

|----0x00----conntrack mark----ffffff---|
| Bits 31-24 |                          |
| DSCP & flag|      some value here     |
|---------------------------------------|
			|
			|
			v
|------------skb mark-------------------|
|            |                          |
|  zeroed    |                          |
|---------------------------------------|

Overall parameters:

zone - conntrack zone

control - action related control (reclassify | pipe | drop | continue |
ok | goto chain <CHAIN_INDEX>)

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Reviewed-by: Toke Høiland-Jørgensen <toke@redhat.com>
Acked-by: Cong Wang <xiyou.wangcong@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

Make suitable adjustments for backporting to 4.14 & 4.19

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2019-06-06 09:41:26 +01:00
Koen Vandeputte
66d1c29655 kernel: bump 4.19 to 4.19.48
Refreshed all patches.

Compile-tested on: cns3xxx, imx6
Runtime-tested on: cns3xxx, imx6

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-06-05 12:12:59 +02:00
Petr Štetiar
df34f29fcc kernel: generic: make kernel-debug.tar.bz2 usable again
This patch removes 202-reduce_module_size.patch which is causing missing
debug symbols in kernel modules, leading to unusable
kernel-debug.tar.bz2 on all platforms, making debugging of release
kernel crashes difficult.

Cc: Felix Fietkau <nbd@nbd.name>
Acked-by: Jonas Gorski <jonas.gorski@gmail.com>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-06-05 10:26:34 +02:00
Petr Štetiar
52156b4968 kernel: generic: remove broken and obsolete phy_ethtool_ioctl
Remove 701-phy_extension.patch from 4.14 and 4.19 kernel, as it's
currenlty broken and fixing doesn't make sense as most of it is
deprecated anyway.

Cc: John Crispin <john@phrozen.org>
Ref: https://bugs.openwrt.org/index.php?do=details&task_id=1982
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-06-05 10:12:30 +02:00
Koen Vandeputte
3209f5ae3d kernel: bump 4.19 to 4.19.47
Refreshed all patches.

Compile-tested on: imx6
Runtime-tested on: imx6

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-06-03 17:00:29 +02:00
Koen Vandeputte
794771afde kernel: bump 4.14 to 4.14.123
Refreshed all patches.

Compile-tested on: ar71xx, cns3xxx, imx6, x86_64
Runtime-tested on: ar71xx, cns3xxx, imx6

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-06-03 17:00:29 +02:00
Koen Vandeputte
405e08bee6 kernel: bump 4.19 to 4.19.46
Refreshed all patches.

Compile-tested on: cns3xxx, imx6
Runtime-tested on: cns3xxx, imx6

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-06-03 12:40:53 +02:00
Koen Vandeputte
8f6fd53db9 kernel: bump 4.14 to 4.14.122
Refreshed all patches.

Compile-tested on: ar71xx, cns3xxx, imx6, x86_64
Runtime-tested on: ar71xx, cns3xxx, imx6, x86_64

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-06-03 12:40:53 +02:00
Koen Vandeputte
a0f7bdfc71 kernel: bump 4.9 to 4.9.179
Refreshed all patches.

Compile-tested: ar7
Runtime-tested: none

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-06-03 12:40:53 +02:00
Hauke Mehrtens
ed224b1880 at91: Update kernel to version 4.14
This adds support for kernel 4.14 to the target and directly make it the
default kernel version to use.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Tested-by: Sandeep Sheriker <sandeepsheriker.mallikarjun@microchip.com>
2019-05-30 12:12:37 +02:00
Koen Vandeputte
8eb7cf0cd7 kernel: bump 4.19 to 4.19.44
Refreshed all patches.

Remove upstreamed:
- 103-MIPS-perf-ath79-Fix-perfcount-IRQ-assignment.patch

Compile-tested on: cns3xxx, imx6
Runtime-tested on: cns3xxx, imx6

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-05-21 09:45:15 +02:00
Koen Vandeputte
f442b306f9 kernel: bump 4.14 to 4.14.120
Refreshed all patches.

Remove upstreamed:
- 103-MIPS-perf-ath79-Fix-perfcount-IRQ-assignment.patch
- 060-fix-oxnas-rps-dt-match.patch

Altered patches:
- 0067-generic-Mangle-bootloader-s-kernel-arguments.patch
- 006-mvebu-Mangle-bootloader-s-kernel-arguments.patch
- 996-generic-Mangle-bootloader-s-kernel-arguments.patch

Compile-tested on: ar71xx, cns3xxx, imx6, mvebu, x86_64
Runtime-tested on: ar71xx, cns3xxx, imx6, x86_64

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-05-21 09:45:15 +02:00
Chuanhong Guo
01c0d7f86f generic: ar8216: group MIB counters and use two basic ones only by default
There are too many MIB counters that almost nobody needs since commit
d6366ce366 ("generic: ar8216: mib_work_func: read all port mibs
everytime").

In the worker function to poll MIB data, it deals with all ports instead
of only one port every time, which introduces too many mdio operations
that it becomes a heavy CPU load even on not-emulated MDIO bus.

This commit groups MIB counters and enable only TxBytes and RxGoodBytes
by default (both of which are necessary to get swconfig led working.)
and adds an swconfig attribute to allow enabling all counters if users
need them.

Signed-off-by: Chuanhong Guo <gch981213@gmail.com>
2019-05-20 21:17:57 +02:00
Chuanhong Guo
107dc4326c generic: ar8216: add mib_poll_interval switch attribute
This allows specifying interval of polling MIB counters from userspace
and allow completely turning off MIB counter support by setting
mib_poll_interval to 0.

Since MIB counter polling is a heavy CPU load for GPIO emulated MDIO
bus, disable this behavior by default. Those who wants to use swconfig
LEDs can enable them with qca,mib-poll-interval dts property or with
swconfig command.

Fixes: FS#2230 ("kworker spikes 100% cpu every 2 second.")
Signed-off-by: Chuanhong Guo <gch981213@gmail.com>
2019-05-20 21:17:45 +02:00
Hauke Mehrtens
9ab4d74b5f kernel: Move some DSA config options to generic config
This moves some new configuration options to the generic kernel
configuration instead of configuring them for each target on our own.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-05-14 21:11:58 +02:00
Koen Vandeputte
86fd8cb435 kernel: bump 4.19 to 4.19.42
Refreshed all patches.

Remove upstreamed:
- 060-v5.1-serial-ar933x_uart-Fix-build-failure-with-disabled-c.patch
- 400-v5.2-leds-trigger-netdev-fix-refcnt-leak-on-interface-ren.patch

Compile-tested on: cns3xxx, imx6
Runtime-tested on: cns3xxx, imx6

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-05-13 19:17:41 +02:00
Koen Vandeputte
09050b6fe2 kernel: bump 4.14 to 4.14.118
Refreshed all patches.

Remove upstreamed:
- 060-v5.1-serial-ar933x_uart-Fix-build-failure-with-disabled-c.patch

Altered:
- 143-gpio-fix-device-tree-gpio-hogs-on-dual-role-gpio-pin.patch

Compile-tested on: ar71xx, cns3xxx, imx6, x86_64
Runtime-tested on: ar71xx, cns3xxx, imx6

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-05-13 19:17:41 +02:00