This adds initial support for kernel 4.14 based on the patches for
kernel 4.9.
In the configuration I deactivated some of the new possible security
features like:
CONFIG_REFCOUNT_FULL
CONFIG_SLAB_FREELIST_HARDENED
CONFIG_SOFTLOCKUP_DETECTOR
CONFIG_WARN_ALL_UNSEEDED_RANDOM
And these overlay FS options are also deactivated:
CONFIG_OVERLAY_FS_INDEX
CONFIG_OVERLAY_FS_REDIRECT_DIR
I activated this:
CONFIG_FORTIFY_SOURCE
CONFIG_POSIX_TIMERS
CONFIG_SLAB_MERGE_DEFAULT
CONFIG_WATCHDOG_HANDLE_BOOT_ENABLED
I am not sure if I did the porting correct for the following patches:
target/linux/generic/backport-4.14/020-backport_netfilter_rtcache.patch
target/linux/generic/hack-4.14/220-gc_sections.patch
target/linux/generic/hack-4.14/321-powerpc_crtsavres_prereq.patch
target/linux/generic/pending-4.14/305-mips_module_reloc.patch
target/linux/generic/pending-4.14/611-netfilter_match_bypass_default_table.patch
target/linux/generic/pending-4.14/680-NET-skip-GRO-for-foreign-MAC-addresses.patch
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Imported from e1aaf7ec00%5E%21/#F0
Signed-off-by: Pavel Kubelun <be.dissent@gmail.com>
CHROMIUM: net: ar8216: address security vulnerabilities in swconfig & ar8216
This patch does the following changes:
*address the security vulnerabilities in both swconfig framework and in
ar8216 driver (many bound check additions, and turned swconfig structure
signed element into unsigned when applicable)
*address a couple of whitespaces and indendation issues
BUG=chrome-os-partner:33096
TEST=none
Change-Id: I94ea78fcce8c1932cc584d1508c6e3b5dfb93ce9
Signed-off-by: Mathieu Olivari <mathieu@codeaurora.org>
Reviewed-on: https://chromium-review.googlesource.com/236490
Reviewed-by: Toshi Kikuchi <toshik@chromium.org>
Commit-Queue: Toshi Kikuchi <toshik@chromium.org>
Tested-by: Toshi Kikuchi <toshik@chromium.org>
The swconfig kernel infrastructure fails to do any permissions checks when
changing settings. As such an ordinary user account on a device with a
switch can change switch settings without any special permissions.
Routers generally have few non-admin users so this isn't a big hole, but it
is a security hole. Likely the greatest danger is for multifunction devices
which have a lot of extra daemons, compromising a low-security daemon would
allow one to modify switch settings and cause the router/switch to appear to
lock-up (or cause other sorts of troublesome nyetwork behavior).
Implement a check for CAP_NET_ADMIN in swconfig_set_attr() and deny any
requests originating from user contexts lacking this capability.
Reported-by: Elliott Mitchell <ehem+openwrt@m5p.com>
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
It's quite common for switches to have PHY per port so adding a generic
helper setting link state will help many drivers. It just needs an API
to access PHYs which this patch also adds.
Signed-off-by: Rafał Miłecki <zajec5@gmail.com>
SVN-Revision: 48621
Directly return the return value of genl_register_family_with_ops()
instead of storing it in a temporary variable, then returning it.
Signed-off-by: Jonas Gorski <jogo@openwrt.org>
SVN-Revision: 48472
Some switches can force link speed for a port. Let's add API that will
allow drivers to export this feature.
Signed-off-by: Rafał Miłecki <zajec5@gmail.com>
SVN-Revision: 48142
As explained earlier, using SWITCH_TYPE_LINK gives more flexibility,
it doesn't require e.g. string parsing to read some data.
Signed-off-by: Rafał Miłecki <zajec5@gmail.com>
SVN-Revision: 47999
So far we were sending link data as a string. It got some drawbacks:
1) Didn't allow writing clean user space apps reading link state. It was
needed to do some screen scraping.
2) Forced whole PORT_LINK communication to be string based. Adding
support for *setting* port link required passing string and parting
it in the kernel space.
Signed-off-by: Rafał Miłecki <zajec5@gmail.com>
SVN-Revision: 47997
AR8327/AR8337 allow to read the result of EEE autonegotiation.
If EEE is autonegotiated between the link partners, display
this as part of the swconfig get_link attribute.
eee100: 100MBit EEE supported by both link partners
eee1000: 1GBit EEE supported by both link partners
Signed-off-by: Heiner Kallweit <hkallweit1@gmail.com>
SVN-Revision: 44022
Boards that have more than one swconfig enabled switch will show the devices in
reverse order when call swconfig list. Fix this by using list_add_tail().
Signed-off-by: John Crispin <blogic@openwrt.org>
SVN-Revision: 43106
swconfig does not compile with 3.7 because
struct netlink_notify->pid has been renamed to
struct netlink_notify->portid
and
struct genl_info->snd_pid has been renamed to
struct genl_info->snd_portid
Use the new names and add compatibility patches
to 3.3 and 3.6.
Signed-off-by: Gabor Juhos <juhosg@openwrt.org>
SVN-Revision: 34288
Also make switches available under a generic name "switch<num>" for device
name agnostic access. The old device name is used as an alias for backward
compatibility.
SVN-Revision: 27800
SPIN_LOCK_UNLOCKED has been deprecated since 2.6.19 and will get removed
in 2.6.39, so replace it with DEFINE_SPINLOCK().
Signed-off-by: Jonas Gorski <jonas.gorski+openwrt@gmail.com>
SVN-Revision: 26770
SWITCH_PORT_FLAG_TAGGED is a bit index, not a bit mask.
Signed-off-by: Martin Mares <mj@ucw.cz>
Signed-off-by: Patrick Horn <patrick.horn@gmail.com>
SVN-Revision: 21708
Let swconfig provide the cpu port index in its help page. This is
needed as e.g. Atheros switches have their cpu port at port 0, not
port 5.
This could allow e.g. luci to get a rough overview of the layout of
the switch.
Signed-off-by: Jonas Gorski <jonas.gorski+openwrt@gmail.com>
SVN-Revision: 20939
Swconfig needs to make sure that requested vlans/ports actually exist,
else it might read or modify memory not belonging to itself.
This patch adds a quick range check in swconfig's kernel part to
prevent accidential or intentional memory modification.
Signed-off-by: Jonas Gorski <jonas.gorski+openwrt@gmail.com>
SVN-Revision: 20811