Commit Graph

250 Commits

Author SHA1 Message Date
Koen Vandeputte
bcd7644007 kernel: bump 4.9 to 4.9.143
Refreshed all patches.

Altered patches:
- 950-0063-Improve-__copy_to_user-and-__copy_from_user-performa.patch
- 950-0149-Update-vfpmodule.c.patch
- 201-extra_optimization.patch

New symbol:
- CONFIG_HARDEN_BRANCH_PREDICTOR

Compile-tested on: ar71xx, ar7, arc770, at91, brcm2708, brcm63xx, ixp4xx, lantiq, layerscape, mpc85xx, orion, rb532, uml
Runtime-tested on: ar71xx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-12-13 13:28:41 +01:00
Koen Vandeputte
6f388adef8 kernel: bump 4.9 to 4.9.137
Refreshed all patches.

Removed upstreamed hunks:
- 703-phy-support-layerscape.patch

Compile-tested on: ar71xx
Runtime-tested on: ar71xx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-11-14 16:27:43 +01:00
Koen Vandeputte
235148b077 kernel: bump 4.9 to 4.9.133
Refreshed all patches.

Compile-tested on: ar71xx
Runtime-tested on: ar71xx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-10-15 16:54:30 +02:00
Koen Vandeputte
2e946ca366 kernel: bump 4.9 to 4.9.129
Refreshed all patches.

Removed upstreamed:
- 203-MIPS-ath79-fix-restart.patch

Compile-tested on: ar71xx
Runtime-tested on: ar71xx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-09-26 15:55:23 +02:00
Koen Vandeputte
e4a5750931 kernel: bump 4.9 to 4.9.119
Refreshed all patches.

Delete upstreamed patch:
- 100-tcp-add-tcp_ooo_try_coalesce-helper.patch

Compile-tested on: ar71xx
Runtime-tested on: ar71xx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-08-10 18:43:59 +02:00
John Crispin
be4ab7e178 brcm2708: fix w1 patch
this is now part of generic

Signed-off-by: John Crispin <john@phrozen.org>
(cherry picked from commit 5f5d812881)
2018-08-08 15:42:22 +02:00
Stijn Segers
9e1530b2a3 kernel: bump 4.9 to 4.9.117 for 18.06
* Refreshed patches.
* Removed patches:
  - target/linux/ar71xx/patches-4.9/103-MIPS-ath79-fix-register-address-in-ath79_ddr_wb_flus.patch superseded by upstream
  - target/linux/ar71xx/patches-4.9/403-mtd_fix_cfi_cmdset_0002_status_check.patch superseded by upstream
  - target/linux/brcm63xx/patches-4.9/001-4.11-01-mtd-m25p80-consider-max-message-size-in-m25p80_read.patch accepted upstream
  - target/linux/brcm63xx/patches-4.9/001-4.15-08-bcm63xx_enet-correct-clock-usage.patch accepted upstream
  - target/linux/brcm63xx/patches-4.9/001-4.15-09-bcm63xx_enet-do-not-write-to-random-DMA-channel-on-B.patch accepted upstream
  - target/linux/generic/pending-4.9/900-gen_stats-fix-netlink-stats-padding.patch

* New backported patch to address ext4 breakage, introduced in 4.9.112:
  - backport-4.9/500-ext4-fix-check-to-prevent-initializing-reserved-inod.patch

Also add ARM64_SSBD symbol to ARM64 targets still running kernel 4.9

Thanks to Koen Vandeputte for pointing out the need to add the ARM64_SSBD symbol, and the ext4 patch.

Compile-tested on: ar71xx
Run-tested on: ar71xx

Signed-off-by: Stijn Segers <foss@volatilesystems.org>
2018-08-06 07:30:32 +02:00
Christian Lamparter
4dc0ff8183 brcm2708: split sdcard.img.gz into a sysupgrade and factory image
@vahid-dan reported a issue with extracting the rpi images with
Gnome's Archive Manager:
"Ubuntu Archive Manager cannot extract the file and it just
throws a general error message: "An error occurred while
extracting files".
<https://forum.lede-project.org/t/corrupted-pre-built-v18-06-0-rc2-image-for-rpi>

@blogic told me to split the single sdcard.img.gz for the RPi
into a sysupgrade and a factory image for all brcm2708 targets.
The factory images will have no metadata attached, this way
these utilities that can't deal with the attached metadata will
not fail for no reason.

Cc: John Crispin <john@phrozen.org>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
(cherry picked from commit 7516a96011)
2018-07-30 14:00:59 +02:00
Koen Vandeputte
3a5498c5e5 kernel: bump 4.9 to 4.9.111 for 18.06
Refreshed all patches

Compile-tested on: ar71xx
Runtime-tested on: ar71xx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-07-12 13:54:24 +02:00
Koen Vandeputte
4f765922f0 kernel: bump 4.9 to 4.9.109 for 18.06
Refreshed all patches

Compile-tested on: ar71xx
Runtime-tested on: ar71xx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-06-18 15:28:48 +02:00
Koen Vandeputte
4121018b3f kernel: bump 4.9 to 4.9.108 for 18.06
Refreshed all patches

Compile-tested on: ar71xx
Runtime-tested on: ar71xx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-06-18 06:42:18 +02:00
Stijn Segers
6f8eb1b50f kernel: bump 4.9 to 4.9.106 for 18.06
Refreshed patches. The following patches were upstreamed and have been deleted:

* target/linux/ar71xx/patches-4.9/106-01-MIPS-ath79-fix-AR724X_PLL_REG_PCIE_CONFIG-offset.patch
* target/linux/generic/pending-4.9/180-net-phy-at803x-add-support-for-AT8032.patch
* target/linux/generic/pending-4.9/181-net-usb-add-lte-modem-wistron-neweb-d18q1.patch
* target/linux/generic/pending-4.9/182-net-qmi_wwan-add-BroadMobi-BM806U-2020-2033.patch

Signed-off-by: Stijn Segers <foss@volatilesystems.org>
2018-06-07 09:03:05 +02:00
Christian Lamparter
fff02093e6 brcm2708: add squashfs rootfs image
This patch adds a image with squashfs as the root filesystem.
A rootfs_data partition will be generated on the first boot
and placed inside the rootfs partition (just after the squashfs
image).

advantages:
 - it is possible to migrate from an existing -ext4
   installation and back via sysupgrade.
 - existing partition layout will not be lost.
 - slightly smaller image size.
 - support for attendedsysupgrade

disadvantages:
 - needs f2fs + tools as well. This is because fs-tools decides on the
   blocksize of the sdcard. So either f2fs or ext4 can get choosen as
   the rootfs_data filesystem (depends on the size of the root partition).
 - rootfs_data is placed into the rootfs partition. This makes
   it difficult for tools that expect a /dev/mmc0pX device.
   It also makes it difficult for data recovery tools since they
   might not expect to find a embedded partition or will be
   confused.

For people with existing build configurations: make sure to include mkf2fs
and f2fsck package into the image... Otherwise the new -squashfs image will
boot of a ram-overlay and won't keep the configurations after a reboot.

Cc: Álvaro Fernández Rojas <noltari@gmail.com>
Cc: Paul Spooren <spooren@informatik.uni-leipzig.de>
Cc: Daniel Golle <daniel@makrotopia.org>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
Acked-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit 707b6c815b)
2018-05-24 17:24:30 +02:00
Koen Vandeputte
2b7289cd3b kernel: bump 4.9 to 4.9.102 for 18.06
Refreshed all patches

Added new ARM64 symbol: ARM64_ERRATUM_1024718

Compile-tested on: ar71xx
Runtime-tested on: ar71xx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-05-24 16:03:58 +02:00
Mathias Kresin
25f47c7bf9 kernel: add missing config symbols
The harden branch predictor was backported for arm64 with 4.9.92-96.

Fixes: 9aa196e0f2 ("kernel: bump 4.9 to bump 4.9.96")

Signed-off-by: Mathias Kresin <dev@kresin.me>
2018-04-27 21:34:00 +02:00
Christo Nedev
50b0919628 brcm2708: Add support for raspberry pi 3 b+.
Signed-off-by: Christo Nedev <christo.nedev@me.com>
2018-04-27 09:59:33 +02:00
Kevin Darbyshire-Bryant
9aa196e0f2 kernel: bump 4.9 to 4.9.96
Refresh patches, following required reworking:

ar71xx/patches-4.9/930-chipidea-pullup.patch
layerscape/patches-4.9/302-dts-support-layercape.patch
sunxi/patches-4.9/0052-stmmac-form-4-12.patch

Fixes for CVEs:
CVE-2018-1108
CVE-2018-1092

Tested on: ar71xx Archer C7 v2

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Tested-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
Tested-by: Arjen de Korte <build+openwrt@de-korte.org>
2018-04-26 08:53:54 +02:00
Hauke Mehrtens
aed03d5d0f kernel: update kernel 4.9 to version 4.9.91
* Refreshed patches.
 * Deleted 210-Revert-led-core-Fix-brightness-setting-when-setting-.patch (was accepted upstream)
 * Deleted 812-pci-dwc-fix-enumeration.patch (was accepted upstream)

Compile and run tested on lantiq

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-03-31 16:31:26 +02:00
Koen Vandeputte
cfc5867bce kernel: bump 4.9 to 4.9.86
- Refreshed all patches
- Removed 1 patch which got upstreamed

Compile tested on: ar71xx (Rocket M5, Mikrotik RB2011)
Runtime tested on: ar71xx (Rocket M5, Mikrotik RB2011)

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-03-09 22:13:19 +01:00
Magnus Kroken
5af85dab22 kernel: bump 4.9 to 4.9.85
Signed-off-by: Magnus Kroken <mkroken@gmail.com>
2018-03-03 12:58:55 +01:00
Stijn Tintel
858ff4f3e1 Revert "brcm2708: fix sdcard image"
This reverts commit 6c2e1ff80f.

GNU gzip does not fail when the image filename already contains the .gz
extension, this is a problem specific to pigz. Revert the commit, as we
now gzip the image twice.

Reported-by: Martin Schleier <drahemmaps@gmx.net>
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2018-02-19 23:52:45 +01:00
Hauke Mehrtens
47c5415023 brcm2708: Fix compile after adding kernel 4.9.82
Fixes: f621b53951 ("kernel: bump 4.9 to 4.9.82")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-02-18 19:52:06 +01:00
Stijn Tintel
f621b53951 kernel: bump 4.9 to 4.9.82
Refresh patches.
Remove upstreamed patches:
- ar7/002-MIPS-AR7-ensure-the-port-type-s-FCR-value-is-used.patch
- backport/040-crypto-fix-typo-in-KPP-dependency-of-CRYPTO_ECDH.patch
Remove layerscape/819-Revert-dmaengine-dmatest-move-callback-wait-queue-to.patch,
it is superseded by upstream commit 297c7cc4b5651b174a62925b6c961085f04979fd.
Remove pending/650-pppoe_header_pad.patch, it is superseded by
upstream commit 1bd21b158e07e0b8c5a2ce832305a0ebfe42c480.
Update patches that no longer apply:
- ar71xx/004-register_gpio_driver_earlier.patch
- hack/204-module_strip.patch
- pending/493-ubi-set-ROOT_DEV-to-ubiblock-rootfs-if-unset.patch

Fixes CVE-2017-8824.

Compile-tested: ar71xx.
Runtime-tested: ar71xx.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2018-02-18 02:59:57 +01:00
Stijn Tintel
6c2e1ff80f brcm2708: fix sdcard image
The gzip step in the sdcard image build fails because the image filename
already has the gzip extension. This results in an empty image file, to
which the metadata is finally appended.

Remove the .gz extension from the image filename to fix this.

Fixes: e79b096ee1 ("brcm2708: convert to metadata")

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2018-02-17 21:00:49 +01:00
Jo-Philipp Wich
7e99a6ba69 target: disable CONFIG_PROC_PAGE_MONITOR on most targets
Disable CONFIG_PROC_PAGE_MONITOR in most places and only keep it enabled
for virtual targets such as malta or potent ones like x86.

This saves up to 4KB of uncompressed kernel size and significantly
decreases CPU load under certain workloads.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-01-13 15:04:15 +01:00
Stijn Tintel
8b35da1552 kernel: move CONFIG_KASAN to generic config
While bumping 4.14, the kernel build failed due to missing CONFIG_KASAN
symbol. Move it to generic config instead of defining it for all arm64
and x86/64 targets.

It was only added in 4.0, so not needed in config-3.18.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2018-01-02 21:55:46 +02:00
Kevin Darbyshire-Bryant
7b6e01d389 kernel: bump 4.9 to 4.9.72
Refresh patches.

Runtime tested: ar71xx - Archer C7 v2

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2017-12-26 23:31:00 +01:00
Christian Lamparter
246916ddf4 brcm2708: use x86's upgrade scripts for all rpi targets
Advantages:
 - preserves existing partition layout on the sd-card.
   Only the boot and rootfs partition will be overwritten.

Please note that sysupgrade will refuse to upgrade, if the existing
installation  has an incompatible partition layout. Future changes
to the bootfs and/or rootfs partition size will likely cause breakage
to the sysupgrade procedure. In these cases, the ext4-sdcard.img.gz
will have to be written to the sdcard manually.
Please don't forget to backup your configuration in this case.

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2017-12-25 12:19:43 +01:00
Christian Lamparter
6f04128892 brcm2708: convert to dt-based board-detection
Use the values populated by the generic board detect function. The
first compatible from the device tree source file will be the board
name in userspace. The model property from the device tree source file
will be the model name.

Change the board name where used in the userspace and drop the target
specific board detect, to use the generic one.

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2017-12-25 12:19:41 +01:00
Christian Lamparter
778543dab4 brcm2708: add compatible strings
This patch adds the compatible string for the various RPIs from
4.14 upstream.

Note: The 4.14 upstream does not include the compute modules.
If the CM* would just house the SoC, it could in theory use the
"raw" chip compatible string. However, these CM boards also come
with RAM and eMMC. So they have to have a proper comaptible.

For now, "raspberrypi,compute-module-{1|3}" will be good enough.

Note2: The original CM was renamed to CM1 when CM3 was released.

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2017-12-25 12:19:37 +01:00
Christian Lamparter
e79b096ee1 brcm2708: convert to metadata
This patch converts all the raspberrypi images to utilize
the common metadata-based image verification.

Note: the CM1 and CM3 currently use the same "rpi-cm"
boardname.

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2017-12-25 12:19:36 +01:00
Hauke Mehrtens
f704b643b9 kernel: Update kernel 4.9 to 4.9.70
Runtime tested on lantiq.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-12-19 22:45:27 +01:00
Koen Vandeputte
62ede4f783 kernel: bump 4.9 to 4.9.63
Refreshed all patches.

Removed upstreamed parts.

Compile-tested: cns3xxx, imx6, mvebu, layerscape
Run-tested: cns3xxx, imx6

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2017-11-22 20:45:52 +01:00
Stijn Tintel
834810617e kernel: bump 4.9 to 4.9.58
Refresh patches.
Compile-tested: ar71xx, octeon, x86/64.
Runtime-tested: octeon, x86/64.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2017-10-23 17:23:34 +03:00
Stijn Tintel
a48e5bea12 brcm2708: restore /boot/config.txt before reboot
The Raspberry Pi bootloader reads configuration values from config.txt
in the boot partition. This file allows to specify the amount of memory
to assign to the GPU, the license keys for hardware MPEG-2 and VC-1
decoding, Device Tree parameters and overlays, and lots of other things.

Since sysupgrade only restores the configuration after booting the newly
flashed image, these values will not be active, even if sysupgrade would
save /boot/config.txt. To solve this, add the file to the files to be
backed up, and restore it in platform_copy_config, before reboot.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2017-10-23 12:50:30 +03:00
Kevin Darbyshire-Bryant
886d66abcd kernel: bump 4.9 to 4.9.57
Refresh patches.
Compile-tested for ar71xx - Archer C7 v2
Runtime-tested on  ar71xx - Archer C7 v2

Fixes the following CVEs:

- CVE-2017-7518
- CVE-2017-0786
- CVE-2017-1000255
- CVE-2017-12188
- CVE-2017-15265

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2017-10-18 19:44:09 +03:00
Stijn Tintel
f12c42940d kernel: bump 4.9 to 4.9.54
Refresh patches.
Remove upstreamed patches:
- ramips/0067-enable-mt7621-xhci.patch
- ramips/0085-pinmux-util.patch
- ramips/301-fix-rt3883.patch

Compile-tested on brcm2708/bcm2708, octeon, ramips/mt7621, x86/64.
Runtime-tested on brcm2708/bcm2708, octeon, ramips/mt7621, x86/64.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2017-10-08 20:51:03 +03:00
Hauke Mehrtens
e9aec15911 brcm2708: bcm2710: do not activate neon-vfpv4 manually
Neon and vfpv4 support are activated by GCC on all ARMv8 CPUs because
this is now a mandatory part of the architecture. There is not need to
activate is manually.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-08-26 12:35:44 +02:00
Stijn Tintel
2d02a4f5bd kernel: update 4.9 to 4.9.44
Refresh patches.
Adapt 704-phy-no-genphy-soft-reset.patch.
Remove brcm2708/950-0005-mm-Remove-the-PFN-busy-warning.patch.
Compile-tested on brcm2708/bcm2708 and x86/64.
Runtime-tested on brcm2708/bcm2708 and x86/64.

Fixes the following vulnerabilities:
- CVE-2017-7533
- CVE-2017-1000111
- CVE-2017-1000112

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2017-08-17 12:34:34 +02:00
Mathias Kresin
e0b9ec8e96 treewide: drop target board_name functions
They are not used any longer.

Signed-off-by: Mathias Kresin <dev@kresin.me>
2017-07-15 23:13:34 +02:00
Mathias Kresin
f12a32630f treewide: use the generic board_name function
Use the generic function instead ot the target specific ones.

Signed-off-by: Mathias Kresin <dev@kresin.me>
2017-07-15 23:13:34 +02:00
Mathias Kresin
ac3e05c5d7 treewide: populate boardname and model earlier
For targets using the generic board detection and board specific
settings in diag.sh, the board name is still unset at the time the
set_state() provided by diag.sh is called by 10_indicate_preinit.

Change the execution order to ensure the boardname is populated before
required the first time. Do the target specific board detection as
early as possible, directly followed by the generic one to allow a
seamless switch to the generic function for populating /tmp/sysinfo/.

Signed-off-by: Mathias Kresin <dev@kresin.me>
2017-07-15 23:13:34 +02:00
Koen Vandeputte
cd54b2d42b kernel: update kernel 4.9 to 4.9.37
- Refreshed all patches
- Removed upstreamed
- Adapted 4 patches:

473-fix-marvell-phy-initialization-issues.patch
-----------------------------------------------
Removed hunk 5 which got upstreamed

403-net-phy-avoid-setting-unsupported-EEE-advertisments.patch
404-net-phy-restart-phy-autonegotiation-after-EEE-advert.patch
--------------------------------------------------------------
Adapted these 2 RFC patches, merging the delta's from an upstream commit
(see below) which made it before these 2.

https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-
stable.git/commit/?h=v4.9.36&id=97ace183074d306942b903a148aebd5d061758f0

180-usb-xhci-add-support-for-performing-fake-doorbell.patch
-----------------------------------------------------------
- Moved fake_doorbell bitmask due to new item

Compile tested on: cns3xxx, imx6
Run tested on: cns3xxx, imx6

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2017-07-15 00:13:05 +02:00
Stijn Tintel
880f73c327 kernel: cleanup CONFIG_SCHED_HRTICK
Remove CONFIG_SCHED_HRTICK from target configs, as it was added to the
generic config in b47fd76563.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2017-06-29 04:46:59 +02:00
Koen Vandeputte
69649a1b45 kernel: update kernel 4.9 to 4.9.34
- Refreshed all patches
- Adapted 1 (0031-mtd-add-SMEM-parser-for-QCOM-platforms.patch)

Compile tested on: brcm2708, cns3xxx, imx6
Run tested on: brcm2708, cns3xxx, imx6

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
[Compile and run tested on brcm2708]
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2017-06-27 07:21:03 +02:00
Jo-Philipp Wich
55623a9c83 kernel: update kernel 4.9 to 4.9.31
Fixes the following security vulnerabilities:

CVE-2017-8890
The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the
Linux kernel through 4.10.15 allows attackers to cause a denial of service
(double free) or possibly have unspecified other impact by leveraging use
of the accept system call.

CVE-2017-9074
The IPv6 fragmentation implementation in the Linux kernel through 4.11.1
does not consider that the nexthdr field may be associated with an invalid
option, which allows local users to cause a denial of service (out-of-bounds
read and BUG) or possibly have unspecified other impact via crafted socket
and send system calls.

CVE-2017-9075
The sctp_v6_create_accept_sk function in net/sctp/ipv6.c in the Linux kernel
through 4.11.1 mishandles inheritance, which allows local users to cause a
denial of service or possibly have unspecified other impact via crafted
system calls, a related issue to CVE-2017-8890.

CVE-2017-9076
The dccp_v6_request_recv_sock function in net/dccp/ipv6.c in the Linux
kernel through 4.11.1 mishandles inheritance, which allows local users to
cause a denial of service or possibly have unspecified other impact via
crafted system calls, a related issue to CVE-2017-8890.

CVE-2017-9077
The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c in the Linux kernel
through 4.11.1 mishandles inheritance, which allows local users to cause a
denial of service or possibly have unspecified other impact via crafted
system calls, a related issue to CVE-2017-8890.

CVE-2017-9242
The __ip6_append_data function in net/ipv6/ip6_output.c in the Linux kernel
through 4.11.3 is too late in checking whether an overwrite of an skb data
structure may occur, which allows local users to cause a denial of service
(system crash) via crafted system calls.

Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8890
Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9074
Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9075
Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9076
Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9077
Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9242
Ref: https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.31

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2017-06-08 01:03:39 +02:00
Sergey Ryazanov
68e7a2a0b7 kernel: disable CONFIG_SG_POOL by default
CONFIG_SG_POOL symbol is selected only by CONFIG_SCSI, since the last
one is disabled by default then disable CONFIG_SG_POOL by default too.
And explicitly enable it only for platforms that use CONFIG_SCSI.

Signed-off-by: Sergey Ryazanov <ryazanov.s.a@gmail.com>
2017-06-07 18:31:10 +02:00
Hauke Mehrtens
0b17375931 kernel: update kernel 4.9 to 4.9.30
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-05-27 00:48:37 +02:00
Stijn Tintel
c454fab0f2 brcm2708: enable cpufreq
With cpufreq disabled, the CPU stays locked at the frequency set by the
bootloader. This severely degrades performance as the bootloader sets
the CPU at the lowest frequency by default.

Enable cpufreq for all subtargets and use the ondemand governor.

Tested bcm2708 on RPi0W. Tested bcm2709 and bcm2710 on RPi3.

Reported-by: Bryan Mayland <bmayland@capnbry.net>
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2017-05-23 17:32:49 +02:00
Koen Vandeputte
e842e16f45 kernel: update kernel 4.9 to 4.9.29
- Refresh all patches
- Removed upstreamed
- Adapted 1

Compile tested on: bcm53xx, cns3xxx, imx6, lantiq
Run tested on: cns3xxx & imx6

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
[update from 4.9.28 to 4.9.29]
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-05-21 21:51:22 +02:00