This fixes the following security problems:
* CVE-2017-2784: Freeing of memory allocated on stack when validating a public key with a secp224k1 curve
* SLOTH vulnerability
* Denial of Service through Certificate Revocation List
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
SMP state is generally affected by
- CONFIG_SMP build-time kernel configuration option and
- 'nosmp' runtime kernel commandline option
The SMP state within vpe-mt.c is determined by CONFIG_SMP option.
A runtime check is needed if VPE functionality
should be used with a kernel image that supports SMP.
This fix introduces a check for 'nosmp' command line option
if CONFIG_SMP kernel configuration option is enabled.
Note: This patch is needed to use lantiq FXS if CONFIG_MIPS_MT_SMP
(that activates CONFIG_SMP) is enabled within kernel configuration
and the 'nosmp' command line argument is given to disable SMP at runtime.
Without this patch CONFIG_MIPS_MT_SMP must be disabled before using FXS.
With this patch setting the 'nosmp' parameter is enough.
In general, concurrent usage of FXS and SMP
is incompatible and will cause kernel panics.
Signed-off-by: Stefan Koch <stefan.koch10@gmail.com>
The available amount of coherent DMA memory is very limited. On Linux
4.4 this issue was worked around by increasing the pool size.
It turns out that using coherent memory here is completely unnecessary.
This change reworks the driver code to use kzalloc+dma_map_single
instead.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Do not patch upstream files, overwrite them entirely. The upstream files
are buggy for a number of devices and this significantly simplifies the
patch structure
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Signed-off-by: John Crispin <john@phrozen.org>
The Netgear WNDR4300, equipped with an Atheros AR8327 Gigabit Switch,
has two LEDs on each port for monitoring LAN activity, but it currently
only uses one. Fix the configuration to use both.
The patch provides this new configuration:
- green LED: 1 Gbps link, 4Hz blink frequency
- amber LED: 10/100 Mbps link. 4Hz for 100Mbps, 2Hz for 10Mbps
Signed-off-by: Daniel Gonzalez Cabanelas <dgcbueu@gmail.com>
At now there is no general rule about what part of (or whole) machine
name string should be used for board name assignment/detection and every
target handles this in a different way.
For most of the boards in ar71xx we already use only part of the string,
generally without the vendor name.
This shortens wildcards patterns in case statement for board name
assignment, wherever possible (e.g. where it won't be misleading).
Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
Be consistent and always use double quotes for case statement patterns,
as in other targets. With this approach it should be less confusing for
users adding support for new devices.
Also, be consistent with MikroTik boards wildcard pattern.
Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
This text is used by GitHub to remind important things to
people sending PRs through the GitHub's web interface.
See here for more information
https://github.com/blog/2111-issue-and-pull-request-templates
It links to the wiki page about submission rules.
Signed-off-by: Alberto Bursi <alberto.bursi@outlook.it>
It's unused since commit 7427007193 ("x86: remove the olpc subtarget,
it has been unmaintained for a long time").
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
The MV88E6176 switch is present on the GW16083 and the GW5904
As of a5c32a1f19 these drivers are to be
enabled static in per-target kernels.
Signed-off-by: Tim Harvey <tharvey@gateworks.com>
If a 'fixfdt' uboot script exists, execute it prior to bootm to allow
easy bootloader env based fdt fixups and tweaks
Signed-off-by: Tim Harvey <tharvey@gateworks.com>
The kernel unconditionally pulls in a header file that defines
'current', which conflicts with the lua extension code.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Update from 3.3.2 to 3.3.4 & refresh patches.
Remove 110-disable-assembler-support as ccache now understands the
'.incbin' directive.
Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
Fix a kernel crash caused when CONFIG_FIXED_PHY used for fixed phy drivers
in phy-add-aneg-done-function patch.
Signed-off-by: Tim Harvey <tharvey@gateworks.com>
Specifications:
* SoC: MT7620A
* RAM: 64 MB DDR
* Flash: 8MB NOR SPI flash
* WiFi: MT7612E (5Ghz) and builtin MT7620A (2.4GHz)
* LAN: 1x100M
The -factory images can be flashed from the device's web
interface or via nmrpflash.
Co-authored-by: Paul Oranje <por@xs4all.nl>
Signed-off-by: Paul Oranje <por@xs4all.nl>
Signed-off-by: Joseph C. Lehner <joseph.c.lehner@gmail.com>
This patch makes specifying NETGEAR_REGION optional, in which case
mkchkimage will default to region 1 (WW).
Signed-off-by: Joseph C. Lehner <joseph.c.lehner@gmail.com>
This patch adds support for the Netgear R6220, aka Netgear AC1200 and
R6220-100NAS.
Specification:
- SoC: MediaTek MT7621ST (880 MHz)
- Falsh: 128 MiB (Macronix MX30LF1G08AA-TI)
- RAM: 128 MiB (Nanya NT5CB64M16FP-DH)
- Wireless: MediaTek MT7603EN b/g/n , MediaTek MT7612EN an+ac
- LAN speed: 10/100/1000
- LAN ports: 4
- WAN speed: 10/100/1000
- WAN ports: 1
- Serial baud rate of Bootloader and factory firmware: 57600
Installation through telnet:
- Copy kernel.bin and rootfs.bin to a USB flash disk, plug to usb port
on the router.
- Enable telnet with link: http://192.168.1.1/setup.cgi?todo=debug
(login if required, default: admin password)
- You will see "Debug Enabled!"
- Telnet 192.168.1.1 and login with "root"
- ls /mnt/shares/ to find out path of your USB disk. 'myUdisk' for
example.
- cd /mnt/shares/myUdisk
- mtd_write write rootfs.bin Rootfs
- mtd_write write kernel.bin Kernel
- reboot
nmrpflash can be used to recover to the netgear firmware if a broken
image was flashed.
Signed-off-by: Hanqing Wong <hquu@outlook.com>
Introduce RT6352 instead of matching against RF7620.
Clean up channel setting rfvals.
Port bandwidth filter calibration.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
The port is labeled as wan and was only used as lan port because of the
"tx ring full" issues fixed with 8f02f7c.
Signed-off-by: Mathias Kresin <dev@kresin.me>
Using the lantiq,wan device tree property for one interface node and
the lantiq,switch device tree property for another interface node at
the same time was never intended/isn't supported at the moment.
The property is meant to be used in two phy operation mode where one
phy is assigned to an interface without lantiq,* device tree property
and the other phy is assigned to an interface with the lantiq,wan
device property to have two netdevs.
If both properties are used at the same time, the lantiq,wan interface
is shown as independent netdev but not able to operate independent. The
port needs to be managed via swconfig. These dependency is not obvious
and fooled already a lot of users.
Add a default WAN vlan for xrx200 devices having an ethernet WAN port
and remove the lantiq,wan device tree property. Leave it up to the user
to set the ethernet WAN port as default WAN interface or to use this
port as additional LAN port.
Signed-off-by: Mathias Kresin <dev@kresin.me>
Overwrite an already set proto if a new one is passed to
_ucidef_set_interface() similar to what is done for the interface.
It is required when using ""ucidef_set_interface_wan 'ptm0' 'pppoe'"
after some initial wan interface configuration is already done by
ucidef_add_switch.
The "json_is_a protocol string" guard is meant to not reset an earlier
set interface proto in case something like
"ucidef_set_interface_lan 'eth0'" is used afterwards.
Signed-off-by: Mathias Kresin <dev@kresin.me>