Refreshed all patches and removed upstreamed:
oxnas/001-irqchip-versatile-fpga-Handle-chained-IRQs-properly.patch
oxnas/002-irqchip-versatile-fpga-Apply-clear-mask-earlier.patch
Fixes: CVE-2020-12114 and CVE-2020-11669
Runtime-tested on: qemu-x86-64
Compile-tested on: ath79/generic, x86/64, imx6
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Fixes a significant amount of leaked memory with lots of connections
Ref: PR#2721
Tested-by: Jerome Benoit <jerome.benoit@sap.com> [WRT1900AC v1]
Signed-off-by: Felix Fietkau <nbd@nbd.name>
[removed 4.19 patch during cherry-pick]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit c6c4701def)
Replace an old cleanup patch that never made it upstream with the proper
upstream fix. This patch was incompatible with the recent changes that
affected the way that the flow tuple dst entry was used.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry-picked from commits 442ecce761 and c8933ce533)
Commit fcb41decf6 ("config: enable some useful features on
!SMALL_FLASH devices") enabled netns, which in turn lead to the crash in
the flow offload target.
When the flow offloading framework intends to delete a flow from the
hardware table, it is necessary to retrieve the namespace from
nf_flowtable->ft_net. However, no one ever wrote the namespace into
nf_flowtable->ft_net in advance. So the framework will mistakenly use a
NULL namespace to execute dev_get_by_index_rcu(net, ifindex), leading to
the kernel panic.
Ref: FS#2321
Fixes: fcb41decf6 ("config: enable some useful features on !SMALL_FLASH devices")
Tested-by: Simon Tretter <simon@mediaarchitectu.re>
Signed-off-by: HsiuWen Yen <y.hsiuwen@gmail.com>
[merged patch into offload patch, fix for 4.19, SOB fix, commit subj/msg touches]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry-picked from commit d344591e72)
We are not sure if 640-bridge-only-accept-EAP-locally.patch is still needed
as a first step, add disable_eap_hack sysfs config to allow to disable it
Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
(cherry picked from commit 7d542dc804)
Refreshed all patches.
Also add a missing symbol for x86 which got used now in this bump.
- ISCSI_IBFT
Compile-tested on: cns3xxx, x86_64
Runtime-tested on: cns3xxx, x86_64
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
Memory is allocated with devm_kzalloc() on every page program
and leaks until device is closed (which never happens).
Convert to kzalloc() and handle error paths manually.
Signed-off-by: Mantas Pucka <mantas@8devices.com>
This patch removes 202-reduce_module_size.patch which is causing missing
debug symbols in kernel modules, leading to unusable
kernel-debug.tar.bz2 on all platforms, making debugging of release
kernel crashes difficult.
Cc: Felix Fietkau <nbd@nbd.name>
Acked-by: Jonas Gorski <jonas.gorski@gmail.com>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
This patch uses nfct_help() to detect whether an established connection
needs conntrack helper instead of using test_bit(IPS_HELPER_BIT,
&ct->status).
The reason for this modification is that IPS_HELPER_BIT is only set when
the conntrack helper is attached by explicit CT target.
However, in the case that a device enables conntrack helper via the other
ways (e.g., command "echo 1 > /proc/sys/net/netfilter/nf_conntrack_helper")
, the status of IPS_HELPER_BIT will not present any change. That means the
IPS_HELPER_BIT might lose the checking ability in the context.
Signed-off-by: HsiuWen Yen <y.hsiuwen@gmail.com>
This reduces the needed modifications to the mainline Linux kernel and
also makes the regmap package work with an out of tree kernel which
does not have these modifications.
The regmap-core is only added when it is really build as a module.
The regmap-core is normally bool so it cannot be built as a module in an
unmodified kernel. When it is selected by on other kernel module it will
always be selected as build in and it also does not show up in
$(LINUX_DIR)/modules.builtin as it is not supposed to be a kernel module.
When it is not in $(LINUX_DIR)/modules.builtin the build system expects
it to be built as a .ko file.
Just check if the module is really there and only add it in that case.
This splits the regmap package into multiple packages, one for each bus type.
This way only the bus maps which are really needed have to be added.
This also splits the I2C, SPI and MMIO regmap into separate packages to not
require all these subsystems to build them, on an unmodified upstream kernel
this also causes problems in some situations.
Signed-off-by: Hauke Mehrtens <hauke.mehrtens@intel.com>
Refresh all patches
Remove upstream patch:
backport-4.14/424-v4.20-net-dsa-fix-88e6060-roaming.patch
Minor tweak to generic/hack-4.14/902-debloat_proc.patch to cleanly apply
after upstream changes.
Tested-on: ath79
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
The b53 driver was added as a dsa driver into the mainline Linux kernel,
but we still use the swconfig based driver. The header file b53.h is
used by both drivers, but the swconfig one needs an extra member, add
this one in a patch to not overwrite the version shipped with the
mainline kernel.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
