Refresh nand subtarget kernel config and enable kernel support for
boards which belong to this subtarget only.
Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
Refresh target kernel config and disable kernel support for all boards
which belong to nand and mikrotik subtargets only.
Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
I tested this on a WRT54GS and a WRT610N V1.
The WRT610N does not boot when the kernel is too big, so I deactivated KALLSYMS
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
On the Linksys WRT54GSv1, the Power LED flickers in the "off" state.
Indicate status using the DMZ LED if available, since it has solid "on" and
"off" states.
This change was tested on the WRT54GSv1, but may also affect other brcm47xx
devices.
Fixes FS#793.
Signed-off-by: Mirko Parthey <mirko.parthey@web.de>
On the Linksys WRT54GSv1, the adm6996 switch driver and the
gpio_button_hotplug module both claim GPIO 6, which is connected to the
Reset button. When the switch driver's request wins, the Reset button
cannot work. This makes it impossible to enter failsafe mode without a
serial console.
Stop requesting the "adm_rc" GPIO in the switch driver, since it is not
used anywhere.
Fixes FS#792.
Signed-off-by: Mirko Parthey <mirko.parthey@web.de>
SOC: Broadcom BCM6368 (2 * Broadcom BMIPS4350 V3.1 / 400 MHz)
Flash size: 32MB (split 16/16 dual boot)
RAM size: 64MB
Wireless: BCM432x 802.11a/b/g/n(pci)
Ethernet: Broadcom BCM53115
USB: 1 x USB 2.0
Known issues:
- Unable to detect 53115 switch attached to MDIO. Not supported
- No support for the cable port
More info on the device and the research can be found at:
http://www.actiontec.com/212.html
Same FCC ID as:
https://wikidevi.com/wiki/Actiontec_V1000H_(Telus)
Signed-off-by: Anthony Sepa <anthonysepa@yahoo.ca>
[jonas.gorski: fix commit subject/message]
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
The pinmux register is at relative offset 0x8, not 0xc. Fixes hang
when trying to modify pins >= 32.
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
Commit 9fec39a (ar71xx: add support for TP-Link TL-WA855RE v1) introduced a
typo in 02_network, fix it by removing the stray paren.
Reported-by: Henryk Heisig <hyniu@o2.pl>
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
TPLINK_HWID hasn't been specified for TP-Link RE450 since the begin.
As we don't want to break sysupgrade (all existing LEDE release images
for this board have TPLINK_HWID set to 0x0), set it explicitly to 0x0.
Fixes FS#852
Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
TP-Link TL-WR840N v4 and TL-WR841N v13 are simple N300 routers with
5-port FE switch and non-detachable antennas. Both are very similar
and are based on MediaTek MT7628NN (aka MT7628N) WiSoC.
The difference between these two models is in number of available
LEDs, buttons and power input switch.
This work is partially based on GitHub PR#974.
Specification:
- MT7628N/N (580 MHz)
- 64 MB of RAM (DDR2)
- 8 MB of FLASH
- 2T2R 2.4 GHz
- 5x 10/100 Mbps Ethernet
- 2x external, non-detachable antennas
- UART (J1) header on PCB (115200 8n1)
- TL-WR840N v4: 5x LED (GPIO-controlled), 1x button
- TL-WR841N v13: 8x LED (GPIO-controlled*), 2x button, power input
switch
* WAN LED in TL-WR841N v13 is a dual-color, dual-leads type which isn't
(fully) supported by gpio-leds driver. This type of LED requires both
GPIOs state change at the same time to select color or turn it off.
For now, we support/use only the green part of the LED.
Factory image notes:
These devices use version 3 of TP-Link header, fortunately without RSA
signature (at least in case of devices sold in Europe). The difference
lays in the requirement for a non-zero value in "Additional Hardware
Version" field. Ideally, it should match the value stored in vendor
firmware header on device ("0x4"/"0x13" for these devices) but it seems
that anything other than "0" is correct.
We are able to prepare factory firwmare file which is accepted and
(almost) correctly flashed from the vendor GUI. As it turned out, it
accepts files without U-Boot image with second header at the beginning
but due to some kind of bug in upgrade routine, flashed image gets
corrupted before it's written to flash.
Tests showed that the GUI upgrade routine copies value of "Additional
Hardware Version" from existing firmware into offset "0x2023c" in
provided file, _before_ storing it in flash. In case of vendor firmware
upgrade files (which all include U-Boot image and two headers), this
offset points to the matching field in kernel+rootfs firmware part
header. Unfortunately, in case of LEDE factory image file which contains
only one header, it points to the offset "0x2023c" in kernel image. This
leads to a corrupted kernel and ends up with a "soft-bricked" device.
The good news is that U-Boot in these devices contains well known tftp
recovery mode, which can be triggered with "reset" button. What's more,
in comparison to some of older MediaTek based TP-Link devices, this
recovery mode doesn't write whole file at offset "0x0" in flash, without
verifying provided file in advance. In case of recovery mode in these
devices, first "0x20000" bytes are always skipped and "0x7a0000" bytes
from rest of the file are stored in flash at offset "0x20000".
Flash instruction:
Until (if at all) TP-Link fixes described problem, the only way to flash
LEDE image in these devices is to use tftp recovery mode in U-Boot:
1. Configure PC with static IP 192.168.0.66/24 and tftp server.
2. Rename "lede-ramips-mt7628-tl-wr84...-squashfs-tftp-recovery.bin"
to "tp_recovery.bin" and place it in tftp server directory.
3. Connect PC with one of LAN ports, press the reset button, power up
the router and keep button pressed for around 6-7 seconds, until
device starts downloading the file.
4. Router will download file from server, write it to flash and reboot.
To access U-Boot CLI, keep pressed "4" key during boot.
Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
There are already two targets (lantiq, ramips) which use mktplinkfw2
tool for creating images. This de-duplicates code, introduces two new
build commands: tplink-v2-header, tplink-v2-image and makes use of
them in place of old, (sub)target specific ones.
Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
TP-Link Archer C58 v1 is a dual-band AC1350 router, based on Qualcomm
QCA9561 + QCA9886. It looks like Archer C59 v1 without USB port.
Specification:
- 775/650/258 MHz (CPU/DDR/AHB)
- 64 MB of RAM (DDR2)
- 8 MB of FLASH (SPI NOR)
- 3T3R 2.4 GHz
- 2T2R 5 GHz
- 5x 10/100 Mbps Ethernet
- 6x LED, 3x button
- UART header on PCB, RX, TX at TP4+5 (backside)
QCA9886 wlan needs pre_cal_data file and enable ieee80211 phy hotplug to
patch macaddress.
Flash instruction:
Use "factory" image directly in vendor GUI.
Recovery method:
1. Set PC to fixed ip address 192.168.0.66/24.
2. Download "lede-ar71xx-generic-archer-c58-v1-squashfs-factory.bin" and
rename it to "tp_recovery.bin".
3. Start a tftp server with the file "tp_recovery.bin" in its root
directory.
4. Turn off the router.
5. Press and hold Reset button.
6. Turn on router with the reset button pressed and wait ~15 seconds.
7. Release the reset button and after a short time the firmware should
be transferred from the tftp server.
8. Wait ~30 second to complete recovery.
Flash instruction under U-Boot, using UART:
tftp 0x81000000 lede-ar71xx-...-sysupgrade.bin
erase 0x9f020000 +$filesize
cp.b $fileaddr 0x9f020000 $filesize
reset
This commit is based on GitHub PR#1112
Signed-off-by: Henryk Heisig <hyniu@o2.pl>
TP-Link TL-WA855RE v1 is a wall-plug N300 Wi-Fi range extender,
based on Qualcomm/Atheros QCA9533 v2.
Short specification:
- 550/397/198 MHz (CPU/DDR/AHB)
- 1x 10/100 Mbps Ethernet
- 32 MB of RAM (DDR1)
- 4 MB of FLASH
- 2T2R 2.4 GHz
- 2x external antennas
- 2x LED (green and orange in the same package), 2x button
- UART: TP5(TX) and TP4(RX) test points on PCB
Flash instruction: use "factory" image directly in vendor GUI.
Warning: this device does not include any kind of recovery mechanism
in the bootloader and disassembling process is not trivial.
You can access vendor firmware over serial line using:
- login: root
- password: sohoadmin
Image was tested only in EU version of the device, but should work
also with the same device version sold in other countries.
Signed-off-by: Federico Cappon <dududede371@gmail.com>
Use statically defined sizes for kernel and rootfs mtd partitions.
Vendor upgrade script writes both firmware parts independently which
ends up in a gap between kernel and rootfs images. This results in
incorrectly calculated rootfs_data start offset.
Also, fix IMAGE_SIZE, DEVICE_PACKAGES and drop redundant KERNEL
definition.
Fixes FS#835
Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
Migrate Arduino Yun from legacy to generic building code.
Note: the mtd partitioning is changed to adopt the LEDE default
partitioning. It allows to have a kernel bigger than 1280k. It is
necessary as kernel > 4.4 with default LEDE configuration grows
bigger.
To use the new partitioning, you need to update your U-Boot env in
advance:
setenv mtdparts "spi0.0:256k(u-boot)ro,64k(u-boot-env),15936k(firmware),64k(nvram),64k(art)ro"
setenv bootcmd "run addboard; run addtty; run addparts; run addrootfs; bootm 0x9f050000 || bootm 0x9fea0000"
saveenv
Signed-off-by: Camille Bilodeau <camille.bilodeau@protonmail.com>
This way, the assigned addresses match those on the barcode labels.
Otherwise, the addresses appear to vary on boot.
Signed-off-by: Leon M. George <leon@georgemail.eu>
The kernel configs for all targets should have the version in the
filename, for clearness and consistency across all targets.
It is also expected by the update_kernel.sh script.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
I did not port the regulator and power patches from Stefan Wahren
because I talked to him and he told me that work on this is currently
stalled. And since AFAIK nothing depends on these patches, leaving them
out seems reasonable.
I build minimum default configurations and run-tested them on both
I2SE Duckbill devices and Olimex Olinuxino Maxi boards successfully [1].
[1] Tested:
- debug uart is working
- boot without any obvious kernel problem
- network is coming up and data transfer is possible
- Olinuxino: USB detects a plugged-in pen drive
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
[refreshed config and patches]
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
In preparation for bumping mxs target to 4.9, disable a bunch of configuration
symbols that provoked config prompts.
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
- Refreshed all patches
- Adapted 1 (0031-mtd-add-SMEM-parser-for-QCOM-platforms.patch)
Compile tested on: brcm2708, cns3xxx, imx6
Run tested on: brcm2708, cns3xxx, imx6
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
[Compile and run tested on brcm2708]
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Use --mtime when SOURCE_DATE_EPOCH is set.
Use gzip -n9z instead of tar z to remove
timestamp in gzip header.
Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
To mitigate this problem, the original message has been wrapped
automatically by the mailing list software.
This patch fixes a problem where the AR8035 PHY can't be
detected on the Cisco Meraki MR24, when the ethernet cable
is not connected during boot.
Russell Senior reported:
|This appears to be a problem during probing of the AR8035
|phy chip. When ethernet has no link, the phy detection fails,
|and eth0 is not created. Plugging ethernet later has no effect,
|because there is no interface as far as the kernel is
|concerned. The relevant part of the boot log looks like this:
|
|[ 0.876611] /plb/opb/emac-rgmii@ef601500: input 0 in RGMII mode
|[ 0.882532] /plb/opb/ethernet@ef600c00: reset timeout
|[ 0.888546] /plb/opb/ethernet@ef600c00: can't find PHY!
(<https://bugs.lede-project.org/index.php?do=details&task_id=687>)
Fixes FS#687
Cc: Chris Blake <chrisrblake93@gmail.com>
Reported-by: Russell Senior <russell@personaltelco.net>
Fixes: 23fbb5a87c56e98 ("emac: Fix EMAC soft reset on 460EX/GT")
Signed-off-by: Christian Lamparter <chunkeey@googlemail.com>
Specifications:
* SoC: AR7242 (Virian 400MHz)
* RAM: 64 MB DDR (W9751G6JB-25)
* Flash: 16MB SPI flash (S25FL129PIF)
* WiFi: AR9382 (2.4/5GHz) + 2x SE2595L
* LAN: 1x1000M (PEF7071V)
To install LEDE via EVA bootloader, a FTP connection need to be
established to 192.168.178.1 within the first seconds after power on:
ftp> quote USER adam2
ftp> quote PASS adam2
ftp> binary
ftp> debug
ftp> passive
ftp> quote MEDIA FLSH
ftp> put lede-ar71xx-generic-fritz300e-squashfs-sysupgrade.bin mtd1
Signed-off-by: Mathias Kresin <dev@kresin.me>
Add upstream send AR724x PCIe patches to get the PCIe controller out of
reset during driver init.
The AVM Fritz 300E bootloader doesn't take care of releasing the
different PCIe controller related resets which causes an endless hang
as soon as either the PCIE Reset register (0x180f0018) or the PCI
Application Control register (0x180f0000) is read from.
Signed-off-by: Mathias Kresin <dev@kresin.me>
The driver is used for boards outside the lantiq target as well. Move
it to generic to make it available for more targets.
The phy driver is included in kernel 4.8 as INTEL_XWAY_PHY.
Signed-off-by: Mathias Kresin <dev@kresin.me>
Except for renames and line changes the only conflict was in
allocate_partition in handling MTD_WRITEABLE. Hopefully it was handled
correctly.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
This mtd_roundup_to_eb helper was introduced years ago in the commit
daec7ad768 ("kernel/3.10: add separate rootfs partition parser") and
it was probably supposed to simplify code a bit.
With the recent upstream commit 1eeef2d7483a7 ("mtd: handle partitioning
on devices with 0 erasesize") the logic in allocate_partition got
slightly more complex and we can't use this simple helper anymore as it
doesn't support MTD_NO_ERASE properly.
There also isn't any real gain from this helper, so it's probably easier
to just don't use it *or* work on upstreaming it to avoid maintenance
cost.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
On boards which don't have a distinct internet and dsl led, use the
shared LED to indicate the xdsl line state and any traffic that is
send/received via the netdev. This traffic doesn't necessarily need to
be internet traffic.
Rename the shared LED of existing configs to "dsl", to match the new
defaults. The configuration of the to be renamed LED is identical with
the new defaults.
Signed-off-by: Mathias Kresin <dev@kresin.me>
Allows to use a single LED for line init status indication and to show
any rx/tx activity on a synchronized dsl line.
Signed-off-by: Martin Schiller <ms@dev.tdt.de>
Signed-off-by: Mathias Kresin <dev@kresin.me>
As of now OTP is being correctly parsed and the driver requires to parse pre-caldata to follow corresponding routine.
Rename cal file into pre-calfile so the board initialized correctly with API 2 board data (board-2.bin).
Also remove the now unneeded for qca9984 board.bin symlink to 5GHz calfile.
Signed-off-by: Pavel Kubelun <be.dissent@gmail.com>
The Cisco ON100 device is a Kirkwood based router:
SoC: Marvell 88F6282 1600Mhz
SDRAM memory: 512MB DDR3 1333Mhz
Gigabit ethernet: 2x Marvell 88E1310 (over RGMII)
Flash memory: 512MB
2 bi-colour status LEDs (green/red)
1 Reset button
1 USB 2.0 port (on back)
1 SDIO slot (on back)
This commit adds a target profile of "Cisco Systems ON100" under the target
system "Marvell Kirkwood".
Flashing can be performed over tftp, once "dhcp" has been issued:
tftpboot ${loadaddr} lede-kirkwood-on100-squashfs-factory.bin
nand erase 0x0c0000 ${filesize}
nand write ${loadaddr} 0x0c0000 ${filesize}
Once flashed, set environment variables to boot:
setenv bootcmd nand read \${loadaddr} 0x0c0000 0x540000\; setenv bootargs
\; bootm
saveenv
Signed-off-by: Makoto Takeuchi <mak0@lxsys.co.uk>
Evaluation boards are left in component form to ease flashing
using vendor tooling and instructions. These boards also do
not include the EOF marker in the UBIFS as the bootloaders
are recent and easily upgradeable.
The end product boards use factory.bin images based on the
dts layout and include EOF markers as bootloader UBI support
is not determined.
Signed-off-by: Ben Whitten <ben.whitten@gmail.com>
Signed-off-by: Mathias Kresin <dev@kresin.me>
All TP-Link TL-WR710N versions share the same machine code.
This has been working since the beginning as we don't use double-quotes
to protect spaces inside command line values. Thus, kernel interprets
'board=TL-WR710N v2' as 'board=TL-WR710N' and separate parameter 'v2'.
Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
Keep TP-Link devices definitions in alphabetical order whenever it's
possible. Also group together similar devices or devices from the same
series.
Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
TP-Link TL-WR942N v1 is a 2.4 GHz single-band N450 router, based on
Qualcomm/Atheros QCA9561.
Specification:
- 775/650/258 MHz (CPU/DDR/AHB)
- 128 MB of RAM (DDR2)
- 16 MB of FLASH (SPI NOR)
- 3T3R 2.4 GHz
- 5x 10/100 Mbps Ethernet
- 2x USB 2.0
- 11x LED (most are controlled by 74HC595)
- 2x button
- UART header on PCB*
* Serial console is disabled in OEM non-beta firmwares and corresponding
GPIO pins 14 and 15 are assigned to control USB1 and USB2 LEDs by
production (non-beta) U-Boot and firmware.
Currently not working:
1. USB1 and USB2 LEDs if UART RX and TX pins are assigned to their GPIOs
by some U-Boot versions.
Flash instruction under vendor GUI:
1. Download "lede-ar71xx-generic-tl-wr942n-v1-squashfs-factory.bin".
2. Go to WEB interface and perform usual firmware upgrade.
FLash instruction under U-Boot recovery mode (doesn't work in beta
firmware):
1. Setup PC with static IP "192.168.0.66/24" and tftp server.
2. Change "*-factory" image filename to "WR942v1_recovery.bin" and make
it available to download from your tftp server.
3. Press "reset" button and power up the router, wait till "WPS" LED
turns on.
Flash instruction under U-Boot, using UART (can be done only with
preinstalled UART-enabled U-Boot version!):
1. Use "tpl" to stop autobooting and obtain U-Boot CLI access.
2. Setup ip addresses for U-Boot and your tftp server.
3. Issue below commands:
tftp 0x81000000 lede-ar71xx-generic-tl-wr942n-v1-sysupgrade.bin
erase 0x9f020000 +$filesize
cp.b 0x81000000 0x9f020000 $filesize
reset
Signed-off-by: Serg Studzinskii <serguzhg@gmail.com>
[minor code style fixes, extended commit message]
Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
Use "GL.iNet" as vendor name (based on information from the vendor, this
is registered name of the company) and align model names with official
website.
Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
Most of the custom Build/* functions in ar71xx target are rarely used by
image building code for devices from more than one subtarget. As they
don't need to be always included, move them to corresponding *.mk files.
Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
ag71xx_ethtool_set_ringparam() will return an uninitialized value on
success.
Found-by: Coverity Scan #1330877
Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
Instead of bit banging SPI to talk to the GPIO chip, use the hardware
led controllers intended for controlling the LEDs.
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
Fixes the following security vulnerabilities:
CVE-2017-8890
The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the
Linux kernel through 4.10.15 allows attackers to cause a denial of service
(double free) or possibly have unspecified other impact by leveraging use
of the accept system call.
CVE-2017-9074
The IPv6 fragmentation implementation in the Linux kernel through 4.11.1
does not consider that the nexthdr field may be associated with an invalid
option, which allows local users to cause a denial of service (out-of-bounds
read and BUG) or possibly have unspecified other impact via crafted socket
and send system calls.
CVE-2017-9075
The sctp_v6_create_accept_sk function in net/sctp/ipv6.c in the Linux kernel
through 4.11.1 mishandles inheritance, which allows local users to cause a
denial of service or possibly have unspecified other impact via crafted
system calls, a related issue to CVE-2017-8890.
CVE-2017-9076
The dccp_v6_request_recv_sock function in net/dccp/ipv6.c in the Linux
kernel through 4.11.1 mishandles inheritance, which allows local users to
cause a denial of service or possibly have unspecified other impact via
crafted system calls, a related issue to CVE-2017-8890.
CVE-2017-9077
The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c in the Linux kernel
through 4.11.1 mishandles inheritance, which allows local users to cause a
denial of service or possibly have unspecified other impact via crafted
system calls, a related issue to CVE-2017-8890.
CVE-2017-9242
The __ip6_append_data function in net/ipv6/ip6_output.c in the Linux kernel
through 4.11.3 is too late in checking whether an overwrite of an skb data
structure may occur, which allows local users to cause a denial of service
(system crash) via crafted system calls.
Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8890
Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9074
Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9075
Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9076
Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9077
Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9242
Ref: https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.31
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Fixes the following security vulnerabilities:
CVE-2017-8890
The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the
Linux kernel through 4.10.15 allows attackers to cause a denial of service
(double free) or possibly have unspecified other impact by leveraging use
of the accept system call.
CVE-2017-9074
The IPv6 fragmentation implementation in the Linux kernel through 4.11.1
does not consider that the nexthdr field may be associated with an invalid
option, which allows local users to cause a denial of service (out-of-bounds
read and BUG) or possibly have unspecified other impact via crafted socket
and send system calls.
CVE-2017-9075
The sctp_v6_create_accept_sk function in net/sctp/ipv6.c in the Linux kernel
through 4.11.1 mishandles inheritance, which allows local users to cause a
denial of service or possibly have unspecified other impact via crafted
system calls, a related issue to CVE-2017-8890.
CVE-2017-9076
The dccp_v6_request_recv_sock function in net/dccp/ipv6.c in the Linux
kernel through 4.11.1 mishandles inheritance, which allows local users to
cause a denial of service or possibly have unspecified other impact via
crafted system calls, a related issue to CVE-2017-8890.
CVE-2017-9077
The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c in the Linux kernel
through 4.11.1 mishandles inheritance, which allows local users to cause a
denial of service or possibly have unspecified other impact via crafted
system calls, a related issue to CVE-2017-8890.
CVE-2017-9242
The __ip6_append_data function in net/ipv6/ip6_output.c in the Linux kernel
through 4.11.3 is too late in checking whether an overwrite of an skb data
structure may occur, which allows local users to cause a denial of service
(system crash) via crafted system calls.
Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8890
Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9074
Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9075
Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9076
Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9077
Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9242
Ref: https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.71
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
CONFIG_SG_POOL symbol is selected only by CONFIG_SCSI, since the last
one is disabled by default then disable CONFIG_SG_POOL by default too.
And explicitly enable it only for platforms that use CONFIG_SCSI.
Signed-off-by: Sergey Ryazanov <ryazanov.s.a@gmail.com>
Add HAVE_IRQ_EXIT_ON_IRQ_STACK kernel configuration symbol that was
missed during backporting separate IRQ stack for MIPS from upstream.
Signed-off-by: Sergey Ryazanov <ryazanov.s.a@gmail.com>