24 Commits

Author SHA1 Message Date
Koen Vandeputte
0232f57e1a kernel: bump 4.14 to 4.14.176
Refreshed all patches.

Remove upstreamed:
- 0001-net-thunderx-workaround-BGX-TX-Underflow-issue.patch
- 600-ipv6-addrconf-call-ipv6_mc_up-for-non-Ethernet-inter.patch
- 003-ARM-dts-oxnas-Fix-clear-mask-property.patch

Fixes:
- CVE-2020-8647
- CVE-2020-8648 (potentially)
- CVE-2020-8649

Compile-tested on: cns3xxx, octeontx
Runtime-tested on: cns3xxx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2020-04-16 13:23:52 +02:00
Hauke Mehrtens
d13c6d078e kernel: bump 4.14 to 4.14.160
Refreshed all patches.

Compile-tested on: ipq40xx, ath79
Runtime-tested on: ipq40xx

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-12-25 15:51:43 +01:00
Hauke Mehrtens
46af22de16 kernel: Remove CONFIG_COMPAT
This removes support for executing old 32 bit applications on 64 bit ARM
and MIPS kernels.
On OpenWrt we normally compile all the user space applications on our
own and do not support third party binary only modules especial not 32
bit applications on 64 bit CPUs.

This reduces the attack surface on such systems and should also save
some memory.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-05-11 17:15:41 +02:00
Hauke Mehrtens
32eb66881c kernel: Activate CONFIG_ARM64_SW_TTBR0_PAN
This activates "Emulate Privileged Access Never using TTBR0_EL1
switching" on ARM64.

This should prevent the kernel from reading code from user space in
kernel context.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-05-11 17:15:41 +02:00
Felix Fietkau
212aa33226 kernel: enable memory compaction
Compaction is the only memory management component to form high order (larger
physically contiguous) memory blocks reliably. The page allocator relies on
compaction heavily and the lack of the feature can lead to unexpected OOM
killer invocations for high order memory requests. You shouldn't disable this
option unless there really is a strong reason for it.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
Signed-off-by: Michal Hrusecky <michal.hrusecky@nic.cz>
2018-10-09 14:29:55 +02:00
Stijn Tintel
77e3e706ce kernel: add missing ARM64_SSBD symbol
In 4.14.57, a new symbol for Spectre v4 mitigation was introduced for
ARM64. Add this symbol to all ARM64 targets using kernel 4.14.

This mitigates CVE-2018-3639 on ARM64.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2018-07-31 12:22:11 +03:00
Sergey Ryazanov
67a3cdcbb0 kernel: enable THIN_ARCHIVES by default
THIN_ARCHIVES option is enabled by default in the kernel configuration
and no one target config disables it. So enable it by default and remove
this symbol from target specific configs to keep them light.

Signed-off-by: Sergey Ryazanov <ryazanov.s.a@gmail.com>
2018-05-22 07:55:20 +02:00
Sergey Ryazanov
bdc2b58c4b kernel: enable FUTEX_PI by default
New FUTEX_PI configuration symbol enabled if FUTEX and RT_MUTEX symbols
are enabled. Both of these symbols are enabled by default in the
generic config, so enable FUTEX_PI by default too to keep platform
specific configs minimal.

Signed-off-by: Sergey Ryazanov <ryazanov.s.a@gmail.com>
2018-05-22 07:55:12 +02:00
Sergey Ryazanov
a08b0d0c31 kernel: enable EXPORTFS by default
OVERLAY_FS config symbol selects EXPORTFS since 4.12 kernel, we have
OVERLAY_FS enabled by default, so enable EXPORTFS in the generic config
of 4.14 and remove this option from platform specific configs.

Signed-off-by: Sergey Ryazanov <ryazanov.s.a@gmail.com>
2018-05-22 07:55:05 +02:00
Sergey Ryazanov
978543a246 kernel: disable DRM_LIB_RANDOM by default
DRM_LIB_RANDOM config symbol selected only by DRM_DEBUG_MM_SELFTEST
which is disable by default, so disable DRM_LIB_RANDOM by default too.

Signed-off-by: Sergey Ryazanov <ryazanov.s.a@gmail.com>
2018-05-22 07:54:57 +02:00
Sergey Ryazanov
ead26e9db6 kernel: disable DMA_{NOOP|VIRT}_OPS by default
These options do not used by any supported arch, so disable them by
default to make arch configs a bit more clean.

Signed-off-by: Sergey Ryazanov <ryazanov.s.a@gmail.com>
2018-05-22 07:54:49 +02:00
Sergey Ryazanov
f928c338ad kernel: disable ARCH_WANTS_THP_SWAP by default
Only one arch (x86_64) enables this option. So disable
ARCH_WANTS_THP_SWAP by default and remove referencies to it from all
configs (except x86_64) to make them clean.

Signed-off-by: Sergey Ryazanov <ryazanov.s.a@gmail.com>
2018-05-22 07:54:42 +02:00
Mathias Kresin
a181781bf8 octeontx: make board.d files executable
Add the executable permission to the files to ensure they run on
firstboot.

Signed-off-by: Mathias Kresin <dev@kresin.me>
2018-05-17 07:40:19 +02:00
Mathias Kresin
3877550114 arm64: enable harden branch predictor
Enable the harden branch predictor for arm64 as it is recommend.

Signed-off-by: Mathias Kresin <dev@kresin.me>
2018-04-27 21:34:18 +02:00
Mathias Kresin
50641a0f9a octeontx: use the generic board detection
Use the generic board detection based on the device tree compatible
string instead of a target specific one.

Signed-off-by: Mathias Kresin <dev@kresin.me>
2018-02-23 08:21:50 +01:00
Felix Fietkau
94a3af88f3 octeontx: remove lots of bogus kernel config overrides
Some of them break when building with all modules enabled

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-02-22 13:12:17 +01:00
Tim Harvey
d83ce3ff50 octeontx: remove undefs of CONFIG_NET_VENDOR_*
Signed-off-by: Tim Harvey <tharvey@gateworks.com>
2018-02-22 13:12:06 +01:00
Tim Harvey
b63b18dffc octeontx: remove unnecessary CONFIG_DEBUG_INFO
Cc: Hauke Mehrtens <hauke@hauke-m.de>
Signed-off-by: Tim Harvey <tharvey@gateworks.com>
2018-02-22 13:12:06 +01:00
Tim Harvey
ef627cb0f5 octeontx: add fpu support
Cc: Hauke Mehrtens <hauke@hauke-m.de>
Signed-off-by: Tim Harvey <tharvey@gateworks.com>
2018-02-22 13:12:06 +01:00
Tim Harvey
10280d9e22 octeontx: remove CFLAGS
You should not define CFLAGS for the toolchain as this will also leak
into other targets if they share the same toolchain.

Cc: Hauke Mehrtens <hauke@hauke-m.de>
Signed-off-by: Tim Harvey <tharvey@gateworks.com>
2018-02-22 13:12:06 +01:00
Tim Harvey
c0470e7917 octeontx: add FAT FS support to kernel
The CN80XX Boot firmware uses an embedded FAT12 filesystem. For some reason
busybox can't mount this unless its enabled static in the kernel.

Signed-off-by: Tim Harvey <tharvey@gateworks.com>
2018-02-22 13:12:06 +01:00
Tim Harvey
4294b79e0a octeontx: add USB_PCI support
The CN80XX XHCI is supported through PCI

Signed-off-by: Tim Harvey <tharvey@gateworks.com>
2018-02-22 13:12:06 +01:00
Stijn Tintel
88ba41453d kernel: bump 4.14 to 4.14.20
Refresh patches.
Remove upstreamed patches:
- backport/080-v4.15-0001-arch-define-weak-abort.patch
- backport/081-v4.15-0002-kernel-exit.c-export-abort-to-modules.patch
Update patch that no longer applies:
pending/493-ubi-set-ROOT_DEV-to-ubiblock-rootfs-if-unset.patch

Fixes CVE-2017-8824.

Compile-tested: octeon, x86/64.
Runtime-tested: octeon, x86/64.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2018-02-18 02:59:48 +01:00
Tim Harvey
fc03b3aa16 octeontx: add support for OCTEON TX target
The Cavium OCTEON TX is an ARM 64-bit SoC leveraging CPU cores and
periperhals from the Cavium ThunderX SoC.

This initial support provides a 4.14 kernel and kernel+initramfs that is
bootable on the Gateworks Newport GW630x as well as the Cavium sff8104
reference board.

Signed-off-by: Tim Harvey <tharvey@gateworks.com>
2018-02-13 10:01:52 +01:00