This activates "Supervisor Mode Access Prevention". modern CPUs will
prevent the kernel code from accessing any data from the userspace
without the usage of copy_to_user() or copy_from_user()
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
CONFIG_BINFMT_MISC allows it to add support for new executable formats
to the kernel from user space, the kernel will then detect for example a
java binary and call the java execution program automatically. I am not
aware that this feature is used in OpenWrt and this could be used to
exploit something. Deactivate it for all targets for now.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Some targets deactivated CONFIG_SYN_COOKIES, for unknown reasons, use
the default setting from the generic configuration which activates
CONFIG_SYN_COOKIES.
This should prevent SYN flooding.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
This removes support for executing old 32 bit applications on 64 bit ARM
and MIPS kernels.
On OpenWrt we normally compile all the user space applications on our
own and do not support third party binary only modules especial not 32
bit applications on 64 bit CPUs.
This reduces the attack surface on such systems and should also save
some memory.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
These were renamed to CONFIG_STRICT_KERNEL_RWX and CONFIG_STRICT_MODULE_RWX and are
activated in kernel 4.14 and later by default.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
This activates "Emulate Privileged Access Never using TTBR0_EL1
switching" on ARM64.
This should prevent the kernel from reading code from user space in
kernel context.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
This adds additional checks to the copy_from_user() and copy_to_user()
functions. The details are described in this article:
https://lwn.net/Articles/695991/
This should only have a very small performance impact on system calls
and should not affect routing performance.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Jeff Kletsky noted in his patch titled:
"utils/spidev_test: Update to current source from upstream Linux"
that the spidev_test utility OpenWrt ships is severly out of date.
Instead of updating the spidev_test.c from the current kernel,
this patch replaces the package building code to utilize the
very file that gets shipped with the kernel we compiling for
anyway much like the "perf" package already does.
Reported-by: Jeff Kletsky <git-commits@allycomm.com>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
Add some read-only properties to protect partitions from
accidental changes.
Also fixed two whitespaces error on the way.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
This patch updates ath10k-ct to current version.
Changes are:
ath10k-ct: Fix printing PN in peer stats.
Previous logic was incorrect. Also add set-special API to enable
returning PN.
Patches refreshed and tested on 8devices Jalapeno dev board(IPQ4019)
Signed-off-by: Robert Marko <robimarko@gmail.com>
Release notes since last time:
Release notes for wave-1:
2019-04-02: Support some get/set API for eeprom rate power tables.
Mostly backported from 10.2
2019-04-02: Support adaptive-CCA, backported from 10.2
2019-04-02: Support adding eeprom configAddr pairs via the
set-special API. These configAddrs can be used to change
the default register settings for up to 12 registers.
2019-05-03: Fix tx-power settings for 2x2, 3x3 rates.
Original logic I put in back in 2016 set 2x2 and 3x3 lower
than the needed to be when using most NICs (very high
powered NICs would not have been affected I think, not sure
any of those exist though.)
This improves throughput for 2x2 and 3x3 devices,
especially when the signal is weaker.
Release notes for wave-2:
2019-04-08: When setting keys, if high bit of high value of
key_rsc_counter is set to 0x1, then the lower 48 bits will
be used as the PN value. By default, PN is set to 1 each
time the key is set.
2019-04-08: Pack PN into un-used 'excretries' aka
'num_pkt_loss_excess_retry' high 16 bits.
This lets us report peer PN, but *only* if driver has
previously set a PN when setting key (or set-special cmd is
used to enable PN reporting).
This is done so that we know the driver is recent
enough to deal with the PN stat reporting.
2019-04-16: Support specifying tx rate on a per-beacon packet.
See ath10k_wmi_op_gen_beacon_dma and
ath10k_convert_hw_rate_to_rate_info for API details.
Driver needs additional work to actually enable this
feature currently.
2019-04-30: Compile out tx-prefetch caching logic.
It is full of tricky bugs that cause tx hangs.
I fixed at least one, but more remain and I have wasted too
much time on this already.
2019-05-08: Start rate-ctrl at mcs-3 instead of mcs-5.
This significantly helps DHCP happen quickly, probably
because the initial rate being too high would take a while
to ramp down, especially since there are few packets sent
by the time DHCP needs to start.
This bug was triggered by me decreasing retries of 0x1e
(upstream default) to 0x4. But, I think it is better to
start with lower initial MCS instead of always having a
very high retry count.
Tested on 8devices Jalapeno dev board(IPQ4019)
Signed-off-by: Robert Marko <robimarko@gmail.com>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com> [neatify]
The factory firmware omits the JFFS2 end-marker while flashing via
web-interface. Add a 64k padding after the marker fixes this problem.
When the end-marker is not present, OpenWRT won't save the overlayfs
after initial flash.
Reported-by: Andreas Ziegler <dev@andreas-ziegler.de>
Signed-off-by: David Bauer <mail@david-bauer.net>
The correct board_name for the Turris Omnia is armada-385-turris-omnia.
Fixes: 4e8345ff68 ("mvebu: base-files: autodetect upgrade device")
Signed-off-by: Klaus Kudielka <klaus.kudielka@gmail.com>
Recently, upgrade device autodetection has been added to the mvebu target.
This exposes some shortcomings of the generic export_bootdevice function,
e.g. on the Turris Omnia: export_bootdevice silently reports the root
partition to be the boot device. This makes the sysupgrade process fail at
several places.
Fix this by clearly distinguishing between /proc/cmdline arguments which
specify the boot disk, and those which specify the root partition. Only in
the latter case, strip off the partition, and do it consistently.
root=PARTUUID=<pseudo PARTUUID for MBR> (any partition) and root=/dev/*
(any partition) are accepted.
The root of the problem is that the *existing* export_bootdevice in
/lib/upgrade/common.sh behaves differently, if the kernel is booted with
root=/dev/..., or if it is booted with root=PARTUUID=...
In the former case, it reports back major/minor of the root partition,
in the latter case it reports back major/minor of the complete boot disk.
Targets, which boot with root=/dev/... *and* use export_bootdevice /
export_partdevice, have added workarounds to this behaviour, by specifying
*negative* increments to the export_partdevice function.
Consequently, those targets have to be adapted to use positive increments,
otherwise they are broken by the change to export_bootdevice.
Fixes: 4e8345ff68 ("mvebu: base-files: autodetect upgrade device")
Signed-off-by: Klaus Kudielka <klaus.kudielka@gmail.com>
Tested-by: Tomasz Maciej Nowak <tomek_n@o2.pl>
Extended mksenaofw to support new "capwap" header structure.
This supports flashing from factory 3.0.0, 3.0.1, 3.1.0 and 3.5.5
firmware.
Note that the factory image format changes for 3.1 and later firmware,
and that the 3.1.0 and 3.5.5 Engenius firmware will refuse the
factory_30.bin file. Similarly, the 3.0.0 and 3.0.1 Engenius firmware
will refuse the factory_35.bin file.
Flashing from the Engenius 3.1.0 firmware with the factory_35.bin
firmware has not been tested, as 3.1.0 firmware (Engenius "middleFW")
is only intended as part of the upgrade path to 3.5.5 firmware.
Modified ipq40xx image Makefile to appropriately invoke mksenaofw
with new parameters to configure the capwap header.
Note that there is currently no method to return to factory firmware,
so this is a one-way street.
Path from factory 3.0.0 and 3.0.1 (EnGenius) software to OpenWrt is
to navigate to 192.168.1.1 on the stock firmware and navigate to the
firmware menu. Then copy the URL you have for that page, something like
http://192.168.1.1/cgi-bin/luci/;stok=12345abcdef/admin/system/flashops
and replace the trailing /admin/system/flashops with just /easyflashops
You should then be presented with a simple "Firmware Upgrade" page.
On that page, BE SURE TO CLEAR the "Keep Settings:" checkbox.
Choose the openwrt-ipq40xx-engenius_ens620ext-squashfs-factory_30.bin,
click "Upgrade" and on the following page select "Proceed".
Path from factory 3.5.5 (EnGenius) software to OpenWrt is simply to
use the stock firmware update menu. Choose the
openwrt-ipq40xx-engenius_ens620ext-squashfs-factory_35.bin and click
"Upload" and "Proceed".
The device should then flash the OpenWrt firmware and reboot. Note
that this resets the device to a default configuration with Wi-Fi
disabled, LAN1/PoE acting as a WAN port (running DHCP client) and LAN2
acting as a LAN port with a DHCP server on 192.168.1.x (AP is at
192.168.1.1)
Signed-off-by: Steve Glennon <s.glennon@cablelabs.com>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
[sorry, for unfixing the 80-lines eyesores.]
This patch works around an issue where reboot would cause the AP
to power down and not reboot.
The ipq4019 restart controller reboot causes the system
to power down and not recover. Fix is to disable the restart
controller in the device tree and the device reverts to
using the watchdog to perform the reset.
The real problem is due to the buggy bootloader that ships
with the device. Steve Glennon reported in the PR for this
patch: <https://github.com/openwrt/openwrt/pull/2009> that:
"the problem was due to a bad u-boot that ships with the device.
Using the u-boot that comes with 3.5.5.3 EnGenius factory
software now allows the old code (using the do_msm_reboot)
to reboot successfully.
On to the bad news:
Well 3.5.5.3 is a bad path. Finally managed to recover. You
CANNOT use prior EnGenius firmware to downgrade.
Findings:
* They now password protect the serial console with a new, unkown
password.
* They changed the protection on their walled-garden. I have to
use the ssh admin@ip /bin/sh --login to get out of their
walled-garden.
* Attempts to flash the original 3.0.0 or 3.0.1 EnGenius firmware
fail through the UI and sysupgrade. Their firmware update GUI now
seem to detect regular openwrt images, but they fail to flash
Attempts to flash a normal OpenWrt image with sysupgrade fail.
[..]
Attempts to sysupgrade with EnGenius firmware fail with the same
"mandatory section(s) missing" error, so you cannot downgrade to
3.0.0 or 3.0.1."
Signed-off-by: Steve Glennon <s.glennon@cablelabs.com>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com> [added valuable
findings from github discussion]
Marvell sata controllers in all kirkwood SoCs support
sata port multipliers, just like mvebu.
Enable this feature in the default kernel config
so it is available in normal builds.
tested and working on nsa310b
Signed-off-by: Alberto Bursi <alberto.bursi@outlook.it>
If the target supports a newer kernel version that is not used by default
yet, it can be enabled with this option
Signed-off-by: Felix Fietkau <nbd@nbd.name>
MT7620 integrated WMAC does not need RT2x00 PCI driver or firmware
Also corrected kmod-eeprom-93cx6 and kmod-lib-crc-itu-t dependencies
according to original Kconfig and lsmod output
This will remove some unnecessary packages from MT7620 target to
save some space
Signed-off-by: Deng Qingfang <dengqf6@mail2.sysu.edu.cn>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
[75 characters per line in the commit message]
Probably glibc too. argp_help takes a char *. not const char *.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
[updated with upstream version of the patch]
This version has important change for tegra boards which is reserving
32MB memory for Linux kernel instead of current 16MB.
Signed-off-by: Tomasz Maciej Nowak <tomek_n@o2.pl>
Switches failsafe mode interface from WAN to LAN ports.
Tested on TL-WR940Nv6.0 and TL-WR940Nv6.1
Signed-off-by: Joachim Fünfer <joachim.fuenfer@stusta.net>
This corrects the PLL value for 10 Mbit/s links on the OCEDO Raccoon.
Prior to this patch, 10 Mbit/s links would not transmit data.
It is worth mentioning that the vendor firmware used the same PLL
settings and 10Mbit/s was also not working there.
All other link-modes are working correctly without any packet loss.
Signed-off-by: David Bauer <mail@david-bauer.net>
Purpose of these changes is to introduce a hook for post service
shutdown in a similar fashion to the existing hook service_started. I
found it to be useful to specify a hook that is called once the service
has been stopped and not before the service is stopped like the
stop_service hook does.
The concrete use case I have for this is that I'm running a binary that
takes over the hardware watchdog timer. Said binary unfortunately can
not use ubus directly to tell procd to hand over the watchdog timer so
this has to be done in the service file for the binary in question. In
order to support a clean handover of the watchdog timer back to procd,
the service init script has to dispatch the ubus invocation once the
binary in question has been stopped.
Signed-off-by: Arthur Skowronek <ags@digineo.de>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
[added commit message, use the same form as other hooks]
This commit fixes following script error in syslog:
cat: can't open '/sys/devices/platform/ehci-platform/usb1/1-1/1-1.2/1-1.2:1.4/ieee80211/phy*/name': No such file or directory
sh: add: unknown operand
sh: add: unknown operand
Signed-off-by: Rosy Song <rosysong@rosinson.com>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
[commit subject and message tweaks]
Upstream has renamed UPROBE_EVENT to UPROBE_EVENTS in the following
commit:
commit 6b0b7551428e4caae1e2c023a529465a9a9ae2d4
Author: Anton Blanchard <anton@samba.org>
Date: Thu Feb 16 17:00:50 2017 +1100
perf/core: Rename CONFIG_[UK]PROBE_EVENT to CONFIG_[UK]PROBE_EVENTS
We have uses of CONFIG_UPROBE_EVENT and CONFIG_KPROBE_EVENT as
well as CONFIG_UPROBE_EVENTS and CONFIG_KPROBE_EVENTS.
Consistently use the plurals.
So I'm changing it to this plural option in order to make kconfig happy
and stop asking about it if kernel is compiled with verbose logging:
Enable uprobes-based dynamic events (UPROBE_EVENTS) [Y/n/?] (NEW)
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Upstream has renamed KPROBE_EVENT to KPROBE_EVENTS in the following
commit:
commit 6b0b7551428e4caae1e2c023a529465a9a9ae2d4
Author: Anton Blanchard <anton@samba.org>
Date: Thu Feb 16 17:00:50 2017 +1100
perf/core: Rename CONFIG_[UK]PROBE_EVENT to CONFIG_[UK]PROBE_EVENTS
We have uses of CONFIG_UPROBE_EVENT and CONFIG_KPROBE_EVENT as
well as CONFIG_UPROBE_EVENTS and CONFIG_KPROBE_EVENTS.
Consistently use the plurals.
So I'm adding this plural option in order to make kconfig happy and stop
asking about it if kernel is compiled with verbose logging:
Enable kprobes-based dynamic events (KPROBE_EVENTS) [Y/n/?] (NEW)
Signed-off-by: Petr Štetiar <ynezz@true.cz>
No target is using kernel 3.18 anymore, remove all the generic
support for kernel 3.18.
The removed packages are depending on kernel 3.18 only and are not used on
any recent kernel.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
This target only supports kernel 3.18, which is not supported in OpenWrt
any more for multiple releases. It also looks like there is no active
maintainer for this target.
Remove the code and all the packages which are only used by this target.
To add this target to OpenWrt again port it to a recent and supported
kernel version.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
This target only supports kernel 4.1, which is not supported in OpenWrt
any more for multiple releases. It also looks like there is no active
maintainer for this target.
Remove the code and all the packages which are only used by this target.
To add this target to OpenWrt again port it to a recent and supported
kernel version.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
This target only supports kernel 3.18, which is not supported in OpenWrt
any more for multiple releases. It also looks like there is no active
maintainer for this target.
Remove the code and all the packages which are only used by this target.
To add this target to OpenWrt again port it to a recent and supported
kernel version.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
This target only supports kernel 3.18, which is not supported in OpenWrt
any more for multiple releases. It also looks like there is no active
maintainer for this target.
Remove the code and all the packages which are only used by this target.
To add this target to OpenWrt again port it to a recent and supported
kernel version.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
This target only supports kernel 3.18, which is not supported in OpenWrt
any more for multiple releases. It also looks like there is no active
maintainer for this target.
Remove the code and all the packages which are only used by this target.
To add this target to OpenWrt again port it to a recent and supported
kernel version.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
This target only supports kernel 3.18, which is not supported in OpenWrt
any more for multiple releases. It also looks like there is no active
maintainer for this target.
Remove the code and all the packages which are only used by this target.
To add this target to OpenWrt again port it to a recent and supported
kernel version.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
This target only supports kernel 3.18, which is not supported in OpenWrt
any more for multiple releases. It also looks like there is no active
maintainer for this target.
Remove the code and all the packages which are only used by this target.
To add this target to OpenWrt again port it to a recent and supported
kernel version.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
This target only supports kernel 3.18, which is not supported in OpenWrt
any more for multiple releases. It also looks like there is no active
maintainer for this target.
Remove the code and all the packages which are only used by this target.
To add this target to OpenWrt again port it to a recent and supported
kernel version.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
This target adds an alternative mmc driver using a patch.
Within this patch, a definition got renamed upstream.
Change it to fix following compile error:
CC drivers/mmc/host/bcm2835-mmc.o
In file included from ./include/linux/kernel.h:14:0,
from ./include/linux/delay.h:22,
from drivers/mmc/host/bcm2835-mmc.c:25:
drivers/mmc/host/bcm2835-mmc.c: In function 'bcm2835_mmc_dumpregs':
drivers/mmc/host/bcm2835-mmc.c:254:27: error: 'SDHCI_ACMD12_ERR' undeclared (first use in this function); did you mean 'SDHCI_CMD_CRC'?
bcm2835_mmc_readw(host, SDHCI_ACMD12_ERR),
^
./include/linux/printk.h:137:18: note: in definition of macro 'no_printk'
printk(fmt, ##__VA_ARGS__); \
^~~~~~~~~~~
drivers/mmc/host/bcm2835-mmc.c:253:2: note: in expansion of macro 'pr_debug'
pr_debug(DRIVER_NAME ": AC12 err: 0x%08x | Slot int: 0x%08x\n",
^~~~~~~~
drivers/mmc/host/bcm2835-mmc.c:254:27: note: each undeclared identifier is reported only once for each function it appears in
bcm2835_mmc_readw(host, SDHCI_ACMD12_ERR),
^
./include/linux/printk.h:137:18: note: in definition of macro 'no_printk'
printk(fmt, ##__VA_ARGS__); \
^~~~~~~~~~~
drivers/mmc/host/bcm2835-mmc.c:253:2: note: in expansion of macro 'pr_debug'
pr_debug(DRIVER_NAME ": AC12 err: 0x%08x | Slot int: 0x%08x\n",
^~~~~~~~
scripts/Makefile.build:326: recipe for target 'drivers/mmc/host/bcm2835-mmc.o' failed
make[8]: *** [drivers/mmc/host/bcm2835-mmc.o] Error 1
Upstream commit:
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v4.14.114&id=45fd8679ea86bffb352132a1df4917c3d11375aa
Fixes: b765f4be40 ("kernel: bump 4.14 to 4.14.114")
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
This should be helpful for implementing service_running() in procd init
scripts.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Acked-by: John Crispin <john@phrozen.org>