Commit graph

362 commits

Author SHA1 Message Date
Tomasz Maciej Nowak
0ef28ea387 mvebu: unify boot.scr creation
Unify boot.scr generation so Makefile for device image generation won't
grow without a reason. Also make boot-scr step optional.

Signed-off-by: Tomasz Maciej Nowak <tomek_n@o2.pl>
2018-03-02 21:33:08 +01:00
Tomasz Maciej Nowak
e4fa22397f mvebu: make sdcard bootloader option configurable
Remove the necessity for boot loader from SD card image creation process
and make it configurable.

Signed-off-by: Tomasz Maciej Nowak <tomek_n@o2.pl>
2018-03-02 21:33:07 +01:00
Tomasz Maciej Nowak
e10ea566cc mvebu: fix partition type and signature for sdcard
Previously the partition signature was assigned from provided type. Now
both are corrected wherein signature is always generated from
SOURCE_DATE_EPOCH. With that the root file system can be identified
by PARTUUID string, without relying on static declaration of device node.
This commit also does some cosmetics, removing trailing whitespace and
replacing spaces with tab.

Signed-off-by: Tomasz Maciej Nowak <tomek_n@o2.pl>
2018-03-02 21:33:07 +01:00
Tomasz Maciej Nowak
652a13e920 mvebu: remove redefinition of image name for clearfog
The IMAGE_NAME redefinition causes overwriting of generated SD card
image when multiple root file system types are selected. In result only
single SD card image is generated. This commit fixes this behaviour.

Signed-off-by: Tomasz Maciej Nowak <tomek_n@o2.pl>
2018-03-02 21:33:07 +01:00
Josua Mayer
9a82076592 mvebu: clearfog: use partition uuid for root= bootarg
U-Boot already knows where it found the boot.scr, and
figuring out the partition UUID becomes trivial at this point.
This change allows booting OpenWrt from whatever storage it has been
flashed to: SD card, eMMC, USB disk or SATA disk.

Signed-off-by: Josua Mayer <josua.mayer97@gmail.com>
[replace lede with openwrt, redact commit message]
Signed-off-by: Tomasz Maciej Nowak <tomek_n@o2.pl>
2018-03-02 21:33:07 +01:00
Hauke Mehrtens
98aa44ce79 mvebu: Use kernel 4.14 by default
I am not aware of any regressions in kernel 4.14 compared to kernel 4.9.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-03-02 21:33:07 +01:00
Hauke Mehrtens
e54f937f51 mvebu: activate more workarounds for ARM erratas
The Armada XP uses a Marvell PJ4Bv7 Processor for which already one
workaround for an errata is activated.
The Armada 285 uses a Cortex A9 r4p1 for which the Linux kernel provides
a workaround for ERRATA_764369, activate this.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-03-02 21:33:07 +01:00
Johnny S. Lee
c8e62f830d mwlwifi: add and use individual firmware packages
As each mvebu device only uses one of the firmwares provided by mwlwifi
package, it makes sense to put them in separate packages and only install
the one that is needed.

Current mwlwifi version's firmware sizes and usages by devices:
88W8864.bin  118776  caiman, mamba, cobra, shelby
88W8897.bin  489932  (none)
88W8964.bin  449420  rango

Changes by this commit:
 * indicate in title that mwlwifi also is driver for 88W8897 and 88W8964
 * remove mwlwifi package's firmware installation rules
 * add 3 new individual firmware packages (all depends on kmod-mwlwifi):
    - mwlwifi-firmware-88w8864
    - mwlwifi-firmware-88w8897
    - mwlwifi-firmware-88w8964
 * add firmware package to mvebu devices' DEVICE_PACKAGES accordingly

Signed-off-by: Johnny S. Lee <_@jsl.io>
[Add the used FW files to the PACKAGES of default image]
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-02-26 11:23:40 +01:00
Jonas Gorski
c5b06da56c mvebu: add missing patch for reprobing SFP phys for 4.14
Add the patch for reprobing phys also for 4.14, as it is still needed.

Fixes: 4ccad92229 ("mvebu: Add support for kernel 4.14")
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
2018-02-25 22:58:40 +01:00
Jonas Gorski
39f8751cdc mvebu: fix SFP insert detection GPIO name on 4.14
When SFP support was accepted upstream, the expected GPIO names were
slightly changed, breaking SFP insert detection. Update the DTS file to
the expected name to make SFP work again.

Fixes: 4ccad92229 ("mvebu: Add support for kernel 4.14")
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
2018-02-25 22:58:35 +01:00
Koen Vandeputte
aad1f11efe kernel: refresh patches
Some fuzz was introduced due to the netfilter-offload series

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-02-22 12:46:25 +01:00
Mathias Kresin
c4ac02ffca treewide: remove obsolete sysupgrade watchdog kill
The watchdog kill command was meant for busybox watchdog. Busybox watchdog
was replaced by the procd watchdog mid 2013 with commit df7ce9301a
("busybox: disable the watchdog utility by default"), which makes the kill
command obsolete since quite some time.

Signed-off-by: Mathias Kresin <dev@kresin.me>
2018-02-16 14:44:02 +01:00
Hauke Mehrtens
0bd5aa89fc mvebu: Migrate uci config to new PCIe path
The name of the PCIe controller node in device tree changed between
kernel 4.9 and kernel 4.14. Migrate the configuration when an update
from kernel 4.9 to 4.14 or back is done to the new name to make
the existing wifi configuration compatible with the new names.

This replaces the "pcie-controller" part with "pcie" on all nodes if the
file exists in sys fs.

This is not done in the uci-defualts, because they are getting executed
to late in the boot process. The kernel module gets loaded before the
uci-defaults scripts are executed. When the mwlwifi driver gets loaded
it will trigger an event via hotplug to detect new devices and as the
paths are not in the uci configuration they will be added again.
When the migration is done before the script will detect that they are
already there.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-02-13 22:30:59 +01:00
Hauke Mehrtens
4ccad92229 mvebu: Add support for kernel 4.14
Add support for kernel 4.14 to the mvebu target.

This also replaces the old sfp and phylink patches with new versions
from Russell's clearfog-4.13 branch
http://git.arm.linux.org.uk/cgit/linux-arm.git/log/?h=clearfog-4.13

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-02-13 22:29:56 +01:00
Hauke Mehrtens
47106f55e0 mvebu: move files to files-4.9 and files-4.4 folder
This is needed to prevent copying it into kernel 4.14.
These device tree files are already integrated into kernel 4.14 and we
would like to use the upstream versions only.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-02-13 22:24:56 +01:00
Jonas Gorski
e2ec3f7550 mvebu: fix sysupgrade from 17.04 for clearfog pro
When clearfog was renamed to clearfog pro, it broke sysupgrade from
17.04 as the new images now get rejected as incompatible. Fix this by
adding the legacy boardname to the compatible devices.

Fixes: ec4a8c6dee ("mvebu: ClearFog renamed upstream to ClearFog Pro")
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
2018-02-11 23:15:05 +01:00
Kevin Darbyshire-Bryant
a30370bbf1 kernel: bump 4.4 to 4.4.112
Refresh patches.
Remove upstreamed patches:

target/linux/generic/patches-4.4/030-2-smsc75xx-use-skb_cow_head-to-deal-with-cloned-skbs.patch
target/linux/generic/patches-4.4/030-3-cx82310_eth-use-skb_cow_head-to-deal-with-cloned-skb.patch
target/linux/generic/patches-4.4/030-4-sr9700-use-skb_cow_head-to-deal-with-cloned-skbs.patch
target/linux/generic/patches-4.4/030-5-lan78xx-use-skb_cow_head-to-deal-with-cloned-skbs.patch

CVEs completely or partially addressed:

CVE-2017-5715
CVE-2017-5753
CVE-2017-17741
CVE-2017-1000410

Compile-tested: ar71xx Archer C7 v2
Run-tested: ar71xx Archer C7 v2

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2018-01-20 20:22:01 +01:00
Kevin Darbyshire-Bryant
d8565a06dc kernel: bump 4.9 to 4.9.77
Refresh patches.
Remove upstreamed patches:

target/linux/generic/backport-4.9/023-2-smsc75xx-use-skb_cow_head-to-deal-with-cloned-skbs.patch
target/linux/generic/backport-4.9/023-3-cx82310_eth-use-skb_cow_head-to-deal-with-cloned-skb.patch
target/linux/generic/backport-4.9/023-4-sr9700-use-skb_cow_head-to-deal-with-cloned-skbs.patch
target/linux/generic/backport-4.9/023-5-lan78xx-use-skb_cow_head-to-deal-with-cloned-skbs.patch

CVEs completely or partially addressed:

CVE-2017-5715
CVE-2017-5753
CVE-2017-17741
CVE-2017-1000410

Compile-tested: ar71xx Archer C7 v2
Run-tested: ar71xx Archer C7 v2

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Tested-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-01-20 20:22:01 +01:00
Kevin Darbyshire-Bryant
2228dbf4e6 kernel: bump 4.9 to 4.9.76
Refresh patches

Tested-on: ar71xx Archer C7 v2

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Tested-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-01-11 20:32:36 +01:00
Kevin Darbyshire-Bryant
efb375b579 kernel: bump 4.4 to 4.4.110
Refresh patches

Fixes:  CVE-2017-5754 aka Meltdown

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
[fix typo in commit msg, conflict after 4.14 bump]
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2018-01-10 00:11:39 +02:00
Kevin Darbyshire-Bryant
1d2590f838 kernel: bump 4.9 to 4.9.75
Refresh patches

Fixes:  CVE-2017-5754 aka Meltdown

Tested-on: ar71xx Archer C7 v2

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Tested-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
[fix conflict after 4.14 bump]
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2018-01-10 00:11:39 +02:00
Kevin Darbyshire-Bryant
4b275baf91 kernel: bump 4.9 to 4.9.73
Refresh patches.

Runtime tested: ar71xx - Archer C7 v2

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2018-01-02 07:14:09 +01:00
Luis Araneda
575178e462 treewide: add only one device when appending to TARGET_DEVICES
This will avoid some conflicts when doing a git rebase or merge,
specially when adding support to a new device.

Signed-off-by: Luis Araneda <luaraneda@gmail.com>
[drop brcm47xx changes which rename the images]
Signed-off-by: Mathias Kresin <dev@kresin.me>
2017-12-12 18:47:26 +01:00
Zoltan HERPAI
7b5c989ab9 merge: targets: update image generation and targets
Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>
2017-12-08 19:41:18 +01:00
Rosen Penev
7a318bc1a1 kernel: Update kernel 4.4 to 4.4.100
Run-tested on ramips

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2017-11-25 19:48:39 +01:00
Koen Vandeputte
62ede4f783 kernel: bump 4.9 to 4.9.63
Refreshed all patches.

Removed upstreamed parts.

Compile-tested: cns3xxx, imx6, mvebu, layerscape
Run-tested: cns3xxx, imx6

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2017-11-22 20:45:52 +01:00
Felix Fietkau
31691f9649 mvebu: backport a kernel irq fix for setting IRQ affinity
The IRQ controller can only set the affinity to a single CPU. Update the
mask in the controller data.

Suggested-by: Sebastian Gottschall <s.gottschall@dd-wrt.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-11-15 18:49:12 +01:00
Ryan Mounce
1cd3e9c07c mvebu: clean up ClearFog Base package selection
It is unclear why so many packages are selected for ClearFog Base compared
to its big brother, and there is no reason to not append metadata for Base.

Tidy this up as the only hardware difference between Base/Pro is the
presence of a switch and a different board name / device tree.

Signed-off-by: Ryan Mounce <ryan@mounce.com.au>
2017-10-15 00:24:22 +02:00
Ryan Mounce
99cf825b06 mvebu: Fix ClearFog sysupgrade board definitions
Remove redundancy for platform_do_upgrade_clearfog
Fix platform_copy_config_clearfog to reflect -base/-pro split

Signed-off-by: Ryan Mounce <ryan@mounce.com.au>
2017-10-15 00:24:22 +02:00
Ryan Mounce
233633873b mvebu: Sort 02_network alphabetically
Signed-off-by: Ryan Mounce <ryan@mounce.com.au>
2017-10-15 00:24:22 +02:00
Stijn Tintel
239dff6697 kernel: update and refresh patches
The lantiq patch 0028-NET-lantiq-various-etop-fixes.patch and sunxi
patch 0051-stmmac-form-4-11.patch no longer applied after applying the
the "generalize napi_complete_done()" patch.
Update them so they apply, and refresh patches while at it.

Fixes: 9aeb7ce8dc ("generic: net: generalize napi_complete_done")
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2017-10-08 16:31:58 +03:00
Kevin Darbyshire-Bryant
657f2a1ff8 kernel: update 4.4 to 4.4.89
Refresh patches.
Compile & run tested on ar71xx Archer C7 v2

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2017-09-29 07:42:43 +03:00
Stijn Tintel
6e48eb22b8 kernel: update 4.9 to 4.9.51
Refresh patches.
Compile-tested on octeon and x86/64.
Runtime-tested on octeon and x86/64.

Fixes the following CVEs:
- CVE-2017-14106
- CVE-2017-14497

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2017-09-20 23:50:55 +03:00
Henryk Heisig
172dfa737a mvebu: WRT3200ACM: add bluetooth module
Signed-off-by: Henryk Heisig <hyniu@o2.pl>
2017-09-17 00:59:55 +02:00
Kevin Darbyshire-Bryant
364befeccf kernel: update 4.4 to 4.4.83
Refresh patches.
Minor update 704-phy-no-genphy-soft-reset.patch which was partially
accepted upstream.
Compile-tested on ar71xx.
Runtime-tested on ar71xx.

Fixes the following vulnerabilities:
- CVE-2017-7533 (4.4.80)
- CVE-2017-1000111 (4.4.82)
- CVE-2017-1000112 (4.4.82)

Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
[cleanup commit message, add compile/runtime tested]
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2017-08-17 14:31:45 +02:00
Stijn Tintel
2d02a4f5bd kernel: update 4.9 to 4.9.44
Refresh patches.
Adapt 704-phy-no-genphy-soft-reset.patch.
Remove brcm2708/950-0005-mm-Remove-the-PFN-busy-warning.patch.
Compile-tested on brcm2708/bcm2708 and x86/64.
Runtime-tested on brcm2708/bcm2708 and x86/64.

Fixes the following vulnerabilities:
- CVE-2017-7533
- CVE-2017-1000111
- CVE-2017-1000112

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2017-08-17 12:34:34 +02:00
Hauke Mehrtens
39e8ab17d5 kernel: update kernel 4.4 to version 4.4.79
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-07-28 22:46:26 +02:00
Mathias Kresin
e0b9ec8e96 treewide: drop target board_name functions
They are not used any longer.

Signed-off-by: Mathias Kresin <dev@kresin.me>
2017-07-15 23:13:34 +02:00
Mathias Kresin
f12a32630f treewide: use the generic board_name function
Use the generic function instead ot the target specific ones.

Signed-off-by: Mathias Kresin <dev@kresin.me>
2017-07-15 23:13:34 +02:00
Mathias Kresin
78cf5eed6e treewide: do board detection during preinit
Do the board detection during preinit to unify it across all targets.

Signed-off-by: Mathias Kresin <dev@kresin.me>
2017-07-15 23:13:34 +02:00
Koen Vandeputte
cd54b2d42b kernel: update kernel 4.9 to 4.9.37
- Refreshed all patches
- Removed upstreamed
- Adapted 4 patches:

473-fix-marvell-phy-initialization-issues.patch
-----------------------------------------------
Removed hunk 5 which got upstreamed

403-net-phy-avoid-setting-unsupported-EEE-advertisments.patch
404-net-phy-restart-phy-autonegotiation-after-EEE-advert.patch
--------------------------------------------------------------
Adapted these 2 RFC patches, merging the delta's from an upstream commit
(see below) which made it before these 2.

https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-
stable.git/commit/?h=v4.9.36&id=97ace183074d306942b903a148aebd5d061758f0

180-usb-xhci-add-support-for-performing-fake-doorbell.patch
-----------------------------------------------------------
- Moved fake_doorbell bitmask due to new item

Compile tested on: cns3xxx, imx6
Run tested on: cns3xxx, imx6

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2017-07-15 00:13:05 +02:00
Matthias Schiffer
438dcbfe74
base-files: automatically handle paths and symlinks for RAMFS_COPY_BIN
Depending on busybox applet selection, paths of basic utiilties may differ,
and may not work as symlinks to busybox. Simply using whatever binary is
found in PATH and detecting symlinks automatically is more robust and
easier to maintain.

The list of binaries is also slightly cleaned up and duplicates are
removed.

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
2017-07-11 17:26:32 +02:00
Stijn Tintel
880f73c327 kernel: cleanup CONFIG_SCHED_HRTICK
Remove CONFIG_SCHED_HRTICK from target configs, as it was added to the
generic config in b47fd76563.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2017-06-29 04:46:59 +02:00
Stijn Tintel
f80963d4d1 kernel: update kernel 4.4 to 4.4.74
Refresh patches.
Compile-tested on ar71xx.
Runtime-tested on ar71xx.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2017-06-27 07:42:50 +02:00
Koen Vandeputte
69649a1b45 kernel: update kernel 4.9 to 4.9.34
- Refreshed all patches
- Adapted 1 (0031-mtd-add-SMEM-parser-for-QCOM-platforms.patch)

Compile tested on: brcm2708, cns3xxx, imx6
Run tested on: brcm2708, cns3xxx, imx6

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
[Compile and run tested on brcm2708]
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2017-06-27 07:21:03 +02:00
Jo-Philipp Wich
55623a9c83 kernel: update kernel 4.9 to 4.9.31
Fixes the following security vulnerabilities:

CVE-2017-8890
The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the
Linux kernel through 4.10.15 allows attackers to cause a denial of service
(double free) or possibly have unspecified other impact by leveraging use
of the accept system call.

CVE-2017-9074
The IPv6 fragmentation implementation in the Linux kernel through 4.11.1
does not consider that the nexthdr field may be associated with an invalid
option, which allows local users to cause a denial of service (out-of-bounds
read and BUG) or possibly have unspecified other impact via crafted socket
and send system calls.

CVE-2017-9075
The sctp_v6_create_accept_sk function in net/sctp/ipv6.c in the Linux kernel
through 4.11.1 mishandles inheritance, which allows local users to cause a
denial of service or possibly have unspecified other impact via crafted
system calls, a related issue to CVE-2017-8890.

CVE-2017-9076
The dccp_v6_request_recv_sock function in net/dccp/ipv6.c in the Linux
kernel through 4.11.1 mishandles inheritance, which allows local users to
cause a denial of service or possibly have unspecified other impact via
crafted system calls, a related issue to CVE-2017-8890.

CVE-2017-9077
The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c in the Linux kernel
through 4.11.1 mishandles inheritance, which allows local users to cause a
denial of service or possibly have unspecified other impact via crafted
system calls, a related issue to CVE-2017-8890.

CVE-2017-9242
The __ip6_append_data function in net/ipv6/ip6_output.c in the Linux kernel
through 4.11.3 is too late in checking whether an overwrite of an skb data
structure may occur, which allows local users to cause a denial of service
(system crash) via crafted system calls.

Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8890
Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9074
Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9075
Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9076
Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9077
Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9242
Ref: https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.31

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2017-06-08 01:03:39 +02:00
Jo-Philipp Wich
f4a4f324cb kernel: update kernel 4.4 to 4.4.71
Fixes the following security vulnerabilities:

CVE-2017-8890
The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the
Linux kernel through 4.10.15 allows attackers to cause a denial of service
(double free) or possibly have unspecified other impact by leveraging use
of the accept system call.

CVE-2017-9074
The IPv6 fragmentation implementation in the Linux kernel through 4.11.1
does not consider that the nexthdr field may be associated with an invalid
option, which allows local users to cause a denial of service (out-of-bounds
read and BUG) or possibly have unspecified other impact via crafted socket
and send system calls.

CVE-2017-9075
The sctp_v6_create_accept_sk function in net/sctp/ipv6.c in the Linux kernel
through 4.11.1 mishandles inheritance, which allows local users to cause a
denial of service or possibly have unspecified other impact via crafted
system calls, a related issue to CVE-2017-8890.

CVE-2017-9076
The dccp_v6_request_recv_sock function in net/dccp/ipv6.c in the Linux
kernel through 4.11.1 mishandles inheritance, which allows local users to
cause a denial of service or possibly have unspecified other impact via
crafted system calls, a related issue to CVE-2017-8890.

CVE-2017-9077
The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c in the Linux kernel
through 4.11.1 mishandles inheritance, which allows local users to cause a
denial of service or possibly have unspecified other impact via crafted
system calls, a related issue to CVE-2017-8890.

CVE-2017-9242
The __ip6_append_data function in net/ipv6/ip6_output.c in the Linux kernel
through 4.11.3 is too late in checking whether an overwrite of an skb data
structure may occur, which allows local users to cause a denial of service
(system crash) via crafted system calls.

Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8890
Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9074
Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9075
Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9076
Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9077
Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9242
Ref: https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.71

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2017-06-07 21:40:42 +02:00
Sergey Ryazanov
68e7a2a0b7 kernel: disable CONFIG_SG_POOL by default
CONFIG_SG_POOL symbol is selected only by CONFIG_SCSI, since the last
one is disabled by default then disable CONFIG_SG_POOL by default too.
And explicitly enable it only for platforms that use CONFIG_SCSI.

Signed-off-by: Sergey Ryazanov <ryazanov.s.a@gmail.com>
2017-06-07 18:31:10 +02:00
Daniel Engberg
22ac4bd555 mvebu: Add block device sd to default kernel config
Add block device sd to kernel config otherwise AHCI/eSATA devices won't get enumerated in /dev

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
2017-06-02 12:02:21 +02:00
Matthias Schiffer
5654a03768
mvebu: fix sysupgrade
mvebu was modifying RAMFS_COPY_BIN and RAMFS_COPY_DATA from a
sysupgrade_pre_upgrade hook. As the ramfs is created from stage2, this
did not have an effect anymore after the staged sysupgrade changes.

As it doesn't really hurt to copy fw_printenv and fw_setenv
unconditionally, simply add them in /lib/upgrade/platform.sh, so stage2
will see them.

Config copying is moved to a function called by platform_copy_config, where
it belongs.

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
Fixes: FS#821
Fixes: 30f61a34b4 "base-files: always use staged sysupgrade"
2017-06-01 20:41:19 +02:00