Some targets deactivated CONFIG_SYN_COOKIES, for unknown reasons, use
the default setting from the generic configuration which activates
CONFIG_SYN_COOKIES.
This should prevent SYN flooding.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
This removes support for executing old 32 bit applications on 64 bit ARM
and MIPS kernels.
On OpenWrt we normally compile all the user space applications on our
own and do not support third party binary only modules especial not 32
bit applications on 64 bit CPUs.
This reduces the attack surface on such systems and should also save
some memory.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
This activates "Emulate Privileged Access Never using TTBR0_EL1
switching" on ARM64.
This should prevent the kernel from reading code from user space in
kernel context.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Traverse LS1043 boards are set up with a dual-system layout, rootfs{1,2} and kernel{1,2}.
nand_do_upgrade can do the image replacement work we were doing before as long as we give it the partition names.
This greatly simplifies the /lib/upgrade/platform.sh.
Signed-off-by: Mathew McBride <matt@traverse.com.au>
Upcoming product specification and branding changes mean that the names in tree do not accurately reflect released products.
To reduce any confusion, sort our boards by SoC family, e.g traverse-ls1043. Any future boards using Layerscape family SoC's
will be treated the same way, e.g Device/traverse-ls/lx/laXXXX.
The affected boards so far have only been available through OEM channels and those aren't using the provided sysupgrade.
Signed-off-by: Mathew McBride <matt@traverse.com.au>
The linux-4.14.99 had introduced below upstream patch.
6636dc5e01c6 arm64: io: Ensure value passed to __iormb() is held in a 64-bit register
It was causing VFIO driver build issue. This patch is to fix it.
CC drivers/vfio/fsl-mc/vfio_fsl_mc.o
In file included from ./include/linux/scatterlist.h:9:0,
from ./include/linux/iommu.h:22,
from drivers/vfio/fsl-mc/vfio_fsl_mc.c:14:
drivers/vfio/fsl-mc/vfio_fsl_mc.c: In function 'vfio_fsl_mc_dprc_wait_for_response':
./arch/arm64/include/asm/io.h:122:45: error: expected expression before ')' token
: "=r" (tmp) : "r" ((unsigned long)(v)) \
^
drivers/vfio/fsl-mc/vfio_fsl_mc.c:334:3: note: in expansion of macro '__iormb'
__iormb();
^~~~~~~
./arch/arm64/include/asm/io.h:122:45: error: expected expression before ')' token
: "=r" (tmp) : "r" ((unsigned long)(v)) \
^
drivers/vfio/fsl-mc/vfio_fsl_mc.c:336:3: note: in expansion of macro '__iormb'
__iormb();
^~~~~~~
Reported-by: Mathew McBride <matt@traverse.com.au>
Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
CONFIG_COMPAT_BRK disables the heap randomization which is only needed
for very old and ancient user space applications, I am not aware that we
run any of these, just deactivate this option for these targets to allow
heap randomization.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Refresh all patches
Remove upstream patch:
backport-4.14/424-v4.20-net-dsa-fix-88e6060-roaming.patch
Minor tweak to generic/hack-4.14/902-debloat_proc.patch to cleanly apply
after upstream changes.
Tested-on: ath79
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
The LS1021A-IoT gateway reference design based on the
QorIQ LS1021A processor is a purpose-built, small
footprint hardware platform with a wide array of
high-speed connectivity and low-speed serial interfaces
to support secure delivery of IoT services for home,
business or other commercial location.
- Combines standards-based, open source software with a
feature-rich IoT gateway design to establish a common,
open framework for secured IoT service delivery and
management.
- Provides a wide assortment of high-speed and serial-based
connectivity in a compact, highly secure design.
- High efficiency through the use of the Arm-based QorIQ
LS1021A embedded processor.
Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
Signed-off-by: Biwen Li <biwen.li@nxp.com>
This patch is to upgrade kernel to 4.14 for layerscape.
patches-4.14 for layerscape included two categories.
- NXP Layerscape SDK kernel-4.14 patches
All patches on tag LSDK-18.09-V4.14 were ported to OpenWrt
kernel. Since there were hundreds patches, we had to make
an all-in-one patch for each IP/feature.
See below links for LSDK kernel.
https://lsdk.github.io/components.htmlhttps://source.codeaurora.org/external/qoriq/qoriq-components/linux
- Non-LSDK kernel patches
Other patches which were not in LSDK were just put in patches-4.14.
Kept below patches from patches-4.9.
303-dts-layerscape-add-traverse-ls1043.patch
821-add-esdhc-vsel-to-ls1043.patch
822-rgmii-fixed-link.patch
Renamed and rebase them as below in patches-4.14,
303-add-DTS-for-Traverse-LS1043-Boards.patch
712-sdk-dpaa-rgmii-fixed-link.patch
824-mmc-sdhci-of-esdhc-add-voltage-switch-support-for-ls.patch
Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
Signed-off-by: Biwen Li <biwen.li@nxp.com>
Buildbot revealed some subtargets are still missing the new symbol.
Fixes: dfbf836a52 ("kernel: bump 4.9 to 4.9.143")
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
Compaction is the only memory management component to form high order (larger
physically contiguous) memory blocks reliably. The page allocator relies on
compaction heavily and the lack of the feature can lead to unexpected OOM
killer invocations for high order memory requests. You shouldn't disable this
option unless there really is a strong reason for it.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Signed-off-by: Michal Hrusecky <michal.hrusecky@nic.cz>
Patch 303 is required for Traverse LS1043 targets when using the NXP DPAA1 driver.
The recent refresh of 4.9 patches on layerscape changed how FMan/BMan memory regions
were defined and meant Ethernet stopped working on these boards.
(Note that these definitions are only required for NXP's Ethernet driver, the new
upstream driver in >=4.15 works using the DTS provided in files/)
Signed-off-by: Mathew McBride <matt@traverse.com.au>
The feature flags say that this target supports USB so packages
depending on USB are being build, but actually the kernel configuration
misses USB support. It looks like this SoC supports USB, so activate it.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
The CONFIG_FSL_PPFE and the CONFIG_FSL_PPFE_UTIL_DISABLED are boolean,
so they should be selected with an =y in OpenWrt, otherwise OpenWrt will
select them as =m. These options will make pfe.ko being build as a
module even if this is boolean.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
ls1012afrdm was no longer supported in NXP Layerscape SDK.
Instead a new board ls1012afrwy was introduced in LSDK.
This patch is to drop ls1012afrdm and add ls1012afrwy support.
Since only 2MB NOR flash could be used, we just put u-boot
and firmware on NOR flash, and put kernel/dtb/rootfs on SD
card.
The Layerscape FRWY-LS1012A board is an ultra-low-cost
development platform for LS1012A Series Communication
Processors built on Arm Cortex-A53. This tool refines the
FRDM-LS1012A with more features for a better hands-on experience
for IoT, edge computing, and various advanced embedded
applications. Features include easy access to processor I/O,
low-power operation, micro SD card storage, an M2 connector, a
small form factor, and expansion board options via mikroBUS Click
Module. The MicroBUS Module provides easy expansion via hundreds
of powerful modules supporting sensors, actuators, memories,
and displays.
Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
NOR/QSPI Flash on Layerscape board only has limited 64MB memory size.
Since some boards (ls1043ardb/ls1046ardb/ls1088ardb/ls1021atwr)
could support SD card boot, we added SD boot support for them to put
all things on SD card to meet large memory requirement.
Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
The NXP TWR-LS1021A module is a development system based
on the QorIQ LS1021A processor.
- This feature-rich, high-performance processor module can
be used standalone or as part of an assembled Tower System
development platform.
- Incorporating dual Arm Cortex-A7 cores running up to 1 GHz,
the TWR-LS1021A delivers an outstanding level of performance.
- The TWR-LS1021A offers HDMI, SATA3 and USB3 connectors as
well as a complete Linux software developer's package.
- The module provides a comprehensive level of security that
includes support for secure boot, Trust Architecture and
tamper detection in both standby and active power modes,
safeguarding the device from manufacture to deployment.
Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>