The swconfig kernel infrastructure fails to do any permissions checks when
changing settings. As such an ordinary user account on a device with a
switch can change switch settings without any special permissions.
Routers generally have few non-admin users so this isn't a big hole, but it
is a security hole. Likely the greatest danger is for multifunction devices
which have a lot of extra daemons, compromising a low-security daemon would
allow one to modify switch settings and cause the router/switch to appear to
lock-up (or cause other sorts of troublesome nyetwork behavior).
Implement a check for CAP_NET_ADMIN in swconfig_set_attr() and deny any
requests originating from user contexts lacking this capability.
Reported-by: Elliott Mitchell <ehem+openwrt@m5p.com>
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
OpenWRT changed the default fq_codel sch->limit from 10240 to 1024,
without also adjusting q->flows_cnt. Eric Dumazet explains below that
you must also adjust the buckets (q->flows_cnt) for this not to break.
Eric explains: Limit of 1024 packets and 1024 flows is not wise I think.
(If all buckets are in use, each bucket has a virtual queue of 1 packet,
which is almost the same than having no queue at all)
I suggest to have at least 8 packets per bucket, to let Codel have a
chance to trigger. So you could either reduce number of buckets to 128
(if memory is tight), or increase limit to 8192.
flows_cnt is now set to 1024/8=128
Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
Building for octeon fails with
'arch/mips/vdso/vdso-n32.so.dbg' already contains a '.MIPS.abiflags'
section
if the file already exists from a prior build.
Use the same workaround as the one for vdso.so.dbg committed in
9eb155353a.
Commit 91f205acaf extended the workaround
to cover vdso-o32.so.dbg but missed the vdso-n32.so.dbg which is added
now by this change.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Building for octeon fails with
'arch/mips/vdso/vdso-o32.so.dbg' already contains a '.MIPS.abiflags'
section
if the file already exists from a prior build.
Use the same workaround as the one for vdso.so.dbg committed in
9eb155353a.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Currently the build fails with
'arch/mips/vdso/vdso.so.dbg' already contains a '.MIPS.abiflags' section
if the file already exists from a prior build.
Add a makefile rule to force the rebuild of vdso.so.dbg if genvdso has
has been changed to workaround the failure.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
This enables misaligned access handling by software in Linux kernel.
With some wireless drivers (ath9k-htc and mt7601u for example) we see
misaligned accesses here and there and to cope with that without
fixing stuff in the drivers we're just gracefully handling it on ARC.
Signed-off-by: Alexey Brodkin <abrodkin@synopsys.com>
SVN-Revision: 49134
The current code only partially invalidates both caches
because the cache size and cache-line size values are
incorrectly passed to the C code.
Fix the assembly code to pass the arguments in the correct
order.
Tested on RB532.
Signed-off-by: Gabor Juhos <juhosg@openwrt.org>
SVN-Revision: 49056
The function memblock_insert_region() is in the section
__init_memblock, also put crashlog_init_memblock there.
This fixes this section mismatch warning:
The function memblock_insert_region.isra.1() references
the function __meminit crashlog_init_memblock().
This is often because memblock_insert_region.isra.1 lacks a __meminit
annotation or the annotation of crashlog_init_memblock is wrong.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
SVN-Revision: 48931
The buildbots complained about these config options being missing for arm64:
CONFIG_DUMMY_CONSOLE_COLUMNS=80
CONFIG_DUMMY_CONSOLE_ROWS=25
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
SVN-Revision: 48929
Combine all bus operations for one MMD access in one function.
Protecting all these bus operations with one lock also helps
to avoid potential issues due to bus operations intercepting
the register and data write.
Signed-off-by: Heiner Kallweit <hkallweit1@gmail.com>
SVN-Revision: 48914
The default TTL for address resolution table entries is 5 minutes
for all members of the AR8216 family. This can cause issues if
e.g. Wifi clients roam to another AP and their MAC appears on
another switch port suddenly. Then the client may not be reachable
until the old ARL entry expires.
I would have expected the switch to invalidate old entries if it
detects the same MAC on another port. But that's not the case.
Therefore make the TTL for ARL entries configurable.
The effective TTL will always be a multiple of 7 seconds.
Signed-off-by: Heiner Kallweit <hkallweit1@gmail.com>
SVN-Revision: 48913
The line before includes the port number anyway so there's no need
to duplicate the port number in the MIB info header.
Signed-off-by: Heiner Kallweit <hkallweit1@gmail.com>
SVN-Revision: 48912
The decimal values especially for TxByte and RxGoodByte are hard to read
once bigger amounts of data have been transferred.
Therefore complement the decimal values with info in GiB / MiB / KiB.
Signed-off-by: Heiner Kallweit <hkallweit1@gmail.com>
SVN-Revision: 48911
For unused switch ports all MIB values are zero. Displaying ~40 empty
MIB counters is just confusing and makes it hard to read the output of
swconfig dev <dev> show.
Therefore, if all MIB counters for a port are zero, just display
an info that the MIB counters are empty.
Signed-off-by: Heiner Kallweit <hkallweit1@gmail.com>
SVN-Revision: 48910
Enable platform-supplied WLAN LED name for ath9k device.
Signed-off-by: Michal Cieslakiewicz <michal.cieslakiewicz@wp.pl>
Acked-by: Hartmut Knaack <knaack.h@gmx.de>
SVN-Revision: 48879
The vdso version of this function has some problems with the cache.
Very often it works on dated data which causes problem. We are
currently working on fixing this in upstream Linux kernel.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
SVN-Revision: 48787
This patch adds speed_mask special file to LEDs connected to switch ports
via 'switch' trigger. It allows to choose which speeds to signal when link
is up. If router has more than one LED per port, they may light up
differently depending on how fast connection is. Default setting is 'all
speeds' so backward compatibility with system scripts (for example uci) is
maintained.
Signed-off-by: Michal Cieslakiewicz <michal.cieslakiewicz@wp.pl>
SVN-Revision: 48775
This patch changes swconfig_trig_port_mask_store() handler to utilize
kstrtoul() function instead of call to obsolete simple_strtoul(). Thanks
to this change, new handler takes less memory and makes port_mask special
file accept not only hexadecimal, but also decimal and octal numbers.
Signed-off-by: Michal Cieslakiewicz <michal.cieslakiewicz@wp.pl>
SVN-Revision: 48774
Seama format has 2 similar headers: container (seal) header and entity
header. The first one has size always set to 0 and doesn't contain MD5
digest.
When dealing with Seama on a flash we deal directly with an entity. You
can see mtdsplit_parse_seama reads from offset 0 and expects entity to
be there. Seama container is used by bootloader / interface only which
extract entity out of it and flash it.
That said we should fix our header struct. This is important as we
calculate possible rootfs offset assuming it may be placed right after
Seama entity. So far calculate offset was always 16B too low.
Signed-off-by: Rafał Miłecki <zajec5@gmail.com>
SVN-Revision: 48754
When dealing with Broadcom hardware we can simply use swconfig's generic
helper, we just need to do some validation of requested state.
Signed-off-by: Rafał Miłecki <zajec5@gmail.com>
SVN-Revision: 48623
Thanks to this change swconfig can access port PHYs e.g. when setting
port link state with a generic helper.
Signed-off-by: Rafał Miłecki <zajec5@gmail.com>
SVN-Revision: 48622
It's quite common for switches to have PHY per port so adding a generic
helper setting link state will help many drivers. It just needs an API
to access PHYs which this patch also adds.
Signed-off-by: Rafał Miłecki <zajec5@gmail.com>
SVN-Revision: 48621
Some D-Link routers (e.g. DIR-885L) have NAND and use Seama format. It
means OpenWrt will want to have UBI in Sseama entity and should be able
to detect it.
Signed-off-by: Rafał Miłecki <zajec5@gmail.com>
SVN-Revision: 48600
Our mtdsplit parsers may want to create partition with name choice based
on partition file system (e.g. SquashFS vs. JFFS2). This patch allows
passing extra argument pointing to variable that will be set properly.
Signed-off-by: Rafał Miłecki <zajec5@gmail.com>
SVN-Revision: 48598
Rename kernel_size variable as it includes whole entity size, not just a
kernel size. Also update comments to match it and describe better what
are we checking/looking for.
Signed-off-by: Rafał Miłecki <zajec5@gmail.com>
SVN-Revision: 48480
The new .abiflags section was kept, pushing the appended arguments to
the wrong offset and causing it to read the section instead, making
it fail on boot.
Fix this by dropping this section as well as the other sections.
Closes#21679.
Signed-off-by: Jonas Gorski <jogo@openwrt.org>
SVN-Revision: 48474
Directly return the return value of genl_register_family_with_ops()
instead of storing it in a temporary variable, then returning it.
Signed-off-by: Jonas Gorski <jogo@openwrt.org>
SVN-Revision: 48472
This reverts commit r48335
The workaround is incomplete and cannot cover all possible cases. The
only real solution to this problem is to disable this feature on
ARM11MPcore entirely.
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
SVN-Revision: 48460
BCM531x5 has two pontential cpu ports, and header mode can be enabled
independently on both.
Signed-off-by: Jonas Gorski <jogo@openwrt.org>
SVN-Revision: 48302
This add support for IGMP Snooping on atheros switches (disabled by default),
which avoids flooding the network with multicast data.
Tested on TL-WDR4300: disabling IGMP Snooping results in multicast flooding
on each specific port, enabling it back again prevents each port from
receiving all multicast packets.
Partially based on: http://patchwork.ozlabs.org/patch/418122/
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
SVN-Revision: 48268
On most image types the rootfs ends at an erase-block. However, at least
with brnImages this is not the case: while the partitions are aligned
with the erase-block size there is a 12 byte footer at the end of the
partition which must not be touched by any filesystem. This lead to a
rootfs_data partition which was not aligned properly (and thus ended up
being readonly):
0x000000480000-0x00000085a800 : "rootfs_data" (128 KiB EB)
Signed-off-by: Martin Blumenstingl <martin.blumenstingl@googlemail.com>
SVN-Revision: 48263
This allows splitting EVA images (usually found in fritz devices). The
firmware will be split into a kernel and a separate rootfs partition.
Signed-off-by: Martin Blumenstingl <martin.blumenstingl@googlemail.com>
SVN-Revision: 48262
This adds brnImage (used with the brnboot bootloader) firmware parsing
support. brnboot verifies the integrity of the firmware stored on the
"Code Image" partitions by looking at the 12 byte footer at the very end
of the partition. This footer contains the checksum of the original
brnImage (kernel + rootfs/squashfs) and must not be touched (by our JFFS2
rootfs_data - otherwise the image will not be bootable anymore).
Big thanks to Mathias Kresin for analyzing the brnImage structure and
finding out the information how to keep images valid even when adding a
nested rootfs_data partition.
Signed-off-by: Martin Blumenstingl <martin.blumenstingl@googlemail.com>
SVN-Revision: 48261
Given those patches are relevant to any ARC platform and even
ISA version it makes perfect sense for patches to exist
in one place instead of being duplicated for each new ARC-based ASIC.
Note this is a prerequisite for upstreaming of ARC HS38 support in
OpenWRT.
Signed-off-by: Alexey Brodkin <abrodkin@synopsys.com>
Cc: Felix Fietkau <nbd@openwrt.org>
Cc: Jo-Philipp Wich <jow@openwrt.org>
Cc: Jonas Gorski <jogo@openwrt.org>
SVN-Revision: 48241
This removes one patch which was applied upstream with commit
67b9bcd36906e12a15ffec19463afbbd6a41660e. All other patches were
refreshed.
Signed-off-by: Martin Blumenstingl <martin.blumenstingl@googlemail.com>
SVN-Revision: 48203
Some switches can force link speed for a port. Let's add API that will
allow drivers to export this feature.
Signed-off-by: Rafał Miłecki <zajec5@gmail.com>
SVN-Revision: 48142
This fixes regression introduced in my recent ledtrig-netdev commit.
Events triggered by different interfaces were stopping timer so it
wasn't working for tx/rx mode.
Signed-off-by: Rafał Miłecki <zajec5@gmail.com>
SVN-Revision: 48072
It was never tested, most likely not working (because of le32_to_cpu)
and not upstreamed.
Signed-off-by: Rafał Miłecki <zajec5@gmail.com>
SVN-Revision: 48060
The ppp0 interface is renamed after the connection is established. Due
to a missing NETDEV_REGISTER event, the ledtrig-netdev isn't aware of
the renamed interface and literally ignores the device
(no tx/rx indication, led isn't switched off with 'ifdown wan').
Signed-off-by: Mathias Kresin <openwrt@kresin.me>
SVN-Revision: 48048
As explained earlier, using SWITCH_TYPE_LINK gives more flexibility,
it doesn't require e.g. string parsing to read some data.
Signed-off-by: Rafał Miłecki <zajec5@gmail.com>
SVN-Revision: 47999
So far we were sending link data as a string. It got some drawbacks:
1) Didn't allow writing clean user space apps reading link state. It was
needed to do some screen scraping.
2) Forced whole PORT_LINK communication to be string based. Adding
support for *setting* port link required passing string and parting
it in the kernel space.
Signed-off-by: Rafał Miłecki <zajec5@gmail.com>
SVN-Revision: 47997
Previously switching to non-existing device (interface) could result in
leaving LED on.
Signed-off-by: Rafał Miłecki <zajec5@gmail.com>
SVN-Revision: 47990
We may just delete timer on every trigger update and then start it again
if needed. This will let us avoid both: races and locking in frequently
called timer callback.
Signed-off-by: Rafał Miłecki <zajec5@gmail.com>
SVN-Revision: 47987
Read/write lock was adding useless complexity, there wasn't any real
gain in case of this driver.
Also switch to _bh variants to avoid deadlocks.
Signed-off-by: Rafał Miłecki <zajec5@gmail.com>
SVN-Revision: 47986
All supported kernels require patching ledtrig-netdev in the same way,
so it's safe to just move these changes to the base version of this
driver. We needed these patches for some old kernels 2.6.36 and 3.11.
Signed-off-by: Rafał Miłecki <zajec5@gmail.com>
SVN-Revision: 47962