Import from fd7b89dd46%5E%21/#F0
Signed-off-by: Pavel Kubelun <be.dissent@gmail.com>
CHROMIUM: drivers: ar8216: prevent device duplication in ar8xxx_dev_list
If probe is called twice, once for PHY0 and a second time for PHY4,
the same switch device will be added twice to ar8xxx_dev_list, while
supposedly this list should have one element per hardware switch present
in the system.
While no negative impact have been observed, it does happen if a
platform instanciates these two PHYs from device-tree, as an example.
Change-Id: Iddcbdf7d4adacb0af01975b73f8e56b4582e894e
Signed-off-by: Mathieu Olivari <mathieu@codeaurora.org>
Reviewed-on: https://chromium-review.googlesource.com/234790
Reviewed-by: Matthias Kaehlcke <mka@chromium.org>
Reviewed-by: Toshi Kikuchi <toshik@chromium.org>
Tested-by: Toshi Kikuchi <toshik@chromium.org>
Import from c3fd96a7b8%5E%21/#F0
Signed-off-by: Pavel Kubelun <be.dissent@gmail.com>
CHROMIUM: drivers: ar8216: hold ar8xxx_dev_list_lock during use_count--
It is possible for the remove() callback to run twice in parallel, which
could result into --use_count returning only 1 in both cases and the
rest of the unregistration path to never be reached.
This case has never been observed in practice, but we will fix
preventively to make the code more robust.
BUG=chrome-os-partner:33096
TEST=none
Change-Id: If09abe27fdb2037f514f8674418bafaab3cbdef6
Signed-off-by: Mathieu Olivari <mathieu@codeaurora.org>
Reviewed-on: https://chromium-review.googlesource.com/232870
Reviewed-by: Matthias Kaehlcke <mka@chromium.org>
Reviewed-by: Toshi Kikuchi <toshik@chromium.org>
Tested-by: Toshi Kikuchi <toshik@chromium.org>
Import from c05af20272
Signed-off-by: Pavel Kubelun <be.dissent@gmail.com>
CHROMIUM: drivers: ar8216: sync mib_work cancellation
ar8xxx_mib_stop() is called from ar8xxx_phy_remove(), so we want to make
sure the work doesn't run after priv is freed / the device ceases to
exist.
BUG=chrome-os-partner:33096
TEST=none
Change-Id: Iafb44ce93a87433adc4576e5fea5fda58d1f43a9
Signed-off-by: Mathieu Olivari <mathieu@codeaurora.org>
Reviewed-on: https://chromium-review.googlesource.com/232827
Reviewed-by: Matthias Kaehlcke <mka@chromium.org>
Reviewed-by: Toshi Kikuchi <toshik@chromium.org>
Reviewed-by: Grant Grundler <grundler@chromium.org>
Tested-by: Toshi Kikuchi <toshik@chromium.org>
Refresh patches on all 4.4 supported platforms.
077-0005-bgmac-stop-clearing-DMA-receive-control-register-rig.patch
removed as now upstream.
Compile & run tested: ar71xx - Archer C7 v2
Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
Update patch to remove pipetypes var declaration which was throwing
unused variable warning due to the original patch removing the only use.
Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
This fixes parsing partition placed after TRX with block-aligned length.
It's important e.g. for Archer C9 which has TRX with kernel only and
rootfs as separated partition.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Fix build on targets not using CONFIG_MODULE_STRIPPED.
Neither RTL8367_DRIVER_DESC nor RTL8367B_DRIVER_DESC are defined
anywhere. It worked for targets using CONFIG_MODULE_STRIPPED since our
module stripper no-ops the various module info macros.
Signed-off-by: Mathias Kresin <dev@kresin.me>
This is a powerful API for parallel crypto from which many other modules
can benefit. It only winds up being turned on on SMP systems, which
means this adds 0 bytes to the kernel on tiny machines, while only
adding a small bit to SMP systems for big performance improvements.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Refresh patches for all targets that support kernel 4.4.
Compile-tested on all targets that use kernel 4.4 and aren't marked broken.
Runtime-tested on ar71xx, octeon.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Without setting the HSR to the selected channel, the WLAN of the UAP
Outdoor+ will exhibit high packet loss in RX.
Based-on-patch-by: Stefan Rompf <stefan@loplof.de>
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
The patch 615-rt2x00-fix_20mhz_clk.patch fixes code introduced by
611-rt2x00-rf_vals-rt3352-xtal20.patch and makes the the platform data
property clk_is_20mhz obsolete.
Signed-off-by: Mathias Kresin <dev@kresin.me>
It's supposed to significantly improve performance but doesn't seem to
affect Northstar unfortunately. It seems only some other platforms were
limited because of this DMA setup mistake.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
This patch bumps the 4.4 kernel from .28 to .30 and refreshes the patches.
Compile-tested on ar71xx, x86/64, ramips/mt7621, brcm47xx and kirkwood.
Run-tested on ar71xx & ramips/mt7621, brcm47xx and kirkwood (last two confirmed
by P. Wassi).
Signed-off-by: Stijn Segers <francesco.borromini@inventati.org>
Refresh patches for all targets that support kernel 4.4.
compile/run-tested on ar71xx, brcm47xx, kirkwood.
Signed-off-by: Paul Wassi <p.wassi@gmx.at>
Tested-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
Support splitting WRGG images, found in some D-Link devices (e.g.
DAP-2695).
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Acked-by: John Crispin <john@phrozen.org>
Refresh patches for all targets supporting 3.18 and not marked broken.
Compile-tested on all targets using 3.18 and not marked broken.
Changes to generic/610-netfilter_match_bypass_default_checks.patch based
on 84d489f64f.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Refresh patches for all targets supporting 4.1 and not marked broken.
Compile-tested on all targets using 4.1 and not marked broken.
Changes to generic/610-netfilter_match_bypass_default_checks.patch based
on 84d489f64f.
Changes to generic/666-Add-support-for-MAP-E-FMRs-mesh-mode.patch based
on a90ee92337.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Refresh patches for all targets that support kernel 4.4.
compile/run-tested on brcm2708/bcm2710 only.
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
The commit "generic: ar8216: add sanity check to ar8216_probe"
(774da6c7a4) stated that PHY IDs
should be checked at address 0-4. However, the PHY 4 was
never check by the loop. This patch extends the check to be
similar to the Atheors SDK. It tries all 4 ports and skips
unconnected PHYs if necessary. If it cannot find any familiar
PHYs, it will prevent the phy driver from initializing.
This patch is necessary for the C-60. It doesn't have a
PHY at port 3, so this caused the check in ar8xxx_is_possible
to fail. As a result, the ethernet ports on the C-60 didn't
work.
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
According to the author the code was added to in preparation for adding
support for a new board. The patch for the board was never send and the
code never really tested.
The edimax header starting with the edimax magic is put in front of the
uImage header. There is no special uImage header used. Means, default
magic and the type field is set to kernel as usual.
Signed-off-by: Mathias Kresin <dev@kresin.me>
edimax parser fix
The return value of the find_header function need to be added to the
uimage_size, otherwise mtd_find_rootfs_from() might search for a rootfs
within a custom header and fails.
Signed-off-by: Mathias Kresin <dev@kresin.me>
Add some missing symbols to the generic 4.1 kernel config which got triggered
by the introduction of the hda-intel sound module.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
The nf_reject_* and nf_nat_masquerade_* modules are moved into the
corresponding kmod-nf- packages. Appropriate dependencies are added to the
kmod-nft- packages.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
Refresh patches for all targets that support kernel 4.4.
compile/run-tested on brcm2708/bcm2710 only.
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
Forgot to update kernel-version.mk, so updated patch. Compile-tested on x86/64 and ar71xx; run-tested on x86/64 and ar71xx.
Signed-off-by: Stijn Segers <francesco.borromini@inventati.org>
If the cpu port is connected through SGMII we need to enable SerDes for
it to work.
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
Acked-by: Felix Fietkau <nbd@nbd.name>
The clearfog u-boot does not initialize the switch at all, so we need to
power up the phys ourselves.
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
Acked-by: Felix Fietkau <nbd@nbd.name>
Some devices (like the Cisco Meraki Z1 Cloud Managed Teleworker Gateway)
need to be able to initialize the PCIe wifi device. Normally, this is done
during the early stages of booting linux, because the necessary init code
is read from the memory mapped SPI and passed to pci_enable_ath9k_fixup.
However,this isn't possible for devices which have the init code for the
Atheros chip stored on NAND in an UBI volume. Hence, this module can be
used to initialze the chip when the user-space is ready to extract the
init code.
Martin Blumenstingl made a few fixes and added support for lantiq:
kernel: owl-loader: add support for OWL emulation PCI devices
kernel: owl-loader: don't re-scan the bus when ath9k_pci_fixup failed
kernel: owl-loader: use dev_* instead of pr_* logging functions
kernel: owl-loader: auto-generate the eeprom filename as fallback
kernel: owl-loader: add a debug message when swapping the eeprom data
kernel: owl-loader: add missing newlines in log messages
kernel: owl-loader: add support for the lantiq platform
These patches have been integrated. Thanks!
Signed-off-by: Martin Blumenstingl <martin.blumenstingl@googlemail.com>
Signed-off-by: Christian Lamparter <chunkeey@googlemail.com>
Backport patches from upstream Linux kernel which are making the
kernel stores the appended dtb not in the same resisters as defined in
the UHI specification, use a separate variable on MIPS.
Signed-off-by: Daniel Gimpelevich <daniel@gimpelevich.san-francisco.ca.us>
[some modifications]
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Some devices (e.g. Tenda AC9 based on BCM47189B0) have BCM53125 with
port 5 connected to the second Ethernet interface on the SoC. In such
case there is no PHY and we need to force link manually.
This assumes port 5 can be marked as enabled for such devices. It's not
implemented yet unfortunately.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
First two patches weren't marked for stable but are dependencies for
laters ones. The rest of patches was marked for stable but most likely
will be backported to 4.5+ only so we need to get them on our own.
An important fix is eea2fb4851e9d ("ovl: proper cleanup of workdir") as
it allows mounting overlayfs with dirty workdir, e.g. after power cut.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Add a patch to backport 5185c91385d73cdf79836eb8548e4726e43ae831
from Linux 4.8 adding USB2380 support to the NET2280 driver and
create an OpenWrt menu option to select it as a module.
Signed-off-by: Tim Harvey <tharvey@gateworks.com>
Add Support for the ESMT_F25L32QA and ESMT_F25L64QA.
These are 4MB and 8MB SPI NOR Chips from Elite Semiconductor Memory Technology
Signed-off-by: L. D. Pinney <ldpinney@gmail.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Drivers have been modified to use it and new ones have to be written
this way, so we need it for backporting code.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
This allows referencing USB ports/devices that are always present in a
device. This applies to some internal devices, root hub ports and
internal USB hubs.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Refresh patches for all targets that support kernel 4.4.
Compile-tested on all targets that use kernel 4.4 and aren't marked broken.
Runtime-tested on ar71xx, octeon and x86/64.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
It was needed upstream to avoid bcma references in the main code. To
match this new code our patch adding SRAB was also updated.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Instead of using off-the-tree .dts files for ARC boards we're
switching to use in-tree ones. And for that to work properly
we apply upstream patch that adds currently missing "model"
property.
Upstream patch and discussion could be found here:
http://lists.infradead.org/pipermail/linux-snps-arc/2016-August/001394.html
Signed-off-by: Alexey Brodkin <abrodkin@synopsys.com>
Cc: Jonas Gorski <jonas.gorski@gmail.com>
Cc: John Crispin <john@phrozen.org>
These 2 trivial patches will be followed by a bigger bgmac rework so
they are worth backporting in a separated patch.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
This fixes flash corruptions. It touches bcm47xxsflash driver shared
between brcm47xx and bcm53xx so put it in generic.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
The bootmem area reserved for crashlog might be smaller than CRASHLOG_OFFSET
bytes, leading to an integer underflow when calculating the memory address
in crashlog_set_addr() which subsequently causes the kernel to crash when
attempting to vmap() the crashlog pages.
Change the logic to only consider the offset when the size of the used memory
area is sufficient.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Yue Cao claims that current host rate limiting of challenge ACKS
(RFC 5961) could leak enough information to allow a patient attacker
to hijack TCP sessions. He will soon provide details in an academic
paper.
Backports upstream commit 75ff39ccc1bd5d3c455b6822ab09e533c551f758
to the used LEDE kernel versions.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Due to the missing carrier status set, the interface wasn't usable on a
BTHOMEHUB2B after ip link down and up as it is done in preinit.
Signed-off-by: Mathias Kresin <dev@kresin.me>
Check memblock regions for sufficient size before attempting to use
them. Allow checks for multiple memblock regions until a suitable one is
found.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Our code was assuming CPU port uses the highest number. My BCM53573
device has eth0 connected to port 8 and eth1 connected to port 5. While
working on support for it I tried to:
1) Enable all ports (including port 8)
2) Set CPU port to 5
I noticed port 8 is not accessible anymore. It was just a development
process but it seems like something worth fixing anyway.
Signed-off-by: Rafał Miłecki <zajec5@gmail.com>
Acked-by: Jonas Gorski <jonas.gorski@gmail.com>
With that patch in place for initramfs no additional options are
reported for "/" partition. What's really important is missing
info about sizes. Which in its turn makes opkg think that there's
no space on "/" partition to install software.
I understand that's a sort of corner-case, people rarely install
packages on ramfs but anyways why not?
Just in case that's what I see with the patch:
---------------------->8--------------------
root@lede:/# cat /proc/mounts
rootfs / rootfs rw 0 0
proc /proc proc rw,nosuid,nodev,noexec,noatime 0 0
sysfs /sys sysfs rw,nosuid,nodev,noexec,noatime 0 0
tmpfs /tmp tmpfs rw,nosuid,nodev,noatime 0 0
tmpfs /dev tmpfs rw,nosuid,relatime,size=512k,mode=755 0 0
devpts /dev/pts devpts rw,nosuid,noexec,relatime,mode=600 0 0
debugfs /sys/kernel/debug debugfs rw,noatime 0 0
---------------------->8--------------------
And without:
---------------------->8--------------------
root@lede:/# cat /proc/mounts
rootfs / rootfs rw,size=256168k,nr_inodes=32021 0 0
proc /proc proc rw,nosuid,nodev,noexec,noatime 0 0
sysfs /sys sysfs rw,nosuid,nodev,noexec,noatime 0 0
tmpfs /tmp tmpfs rw,nosuid,nodev,noatime 0 0
tmpfs /dev tmpfs rw,nosuid,relatime,size=512k,mode=755 0 0
devpts /dev/pts devpts rw,nosuid,noexec,relatime,mode=600 0 0
debugfs /sys/kernel/debug debugfs rw,noatime 0 0
---------------------->8--------------------
Note how different is entry for rootfs.
And given there's no known rationale for that patch we're
getting rid of it.
Signed-off-by: Alexey Brodkin <abrodkin@synopsys.com>
Cc: Jonas Gorski <jonas.gorski@gmail.com>
Cc: Rafał Miłecki <zajec5@gmail.com>
Cc: John Crispin <john@phrozen.org>
Cc: Felix Fietkau <nbd@nbd.name>
This is required to update bcma without build breakage. One of bcma
patches changes BCMA_SFLASH dependency.
Signed-off-by: Rafał Miłecki <zajec5@gmail.com>
On UBI-enabled devices using squashfs as their rootfs an error
message like
UBIFS error (ubi0:3 pid 1): init_constants_early: too few LEBs (12), min. is 17
was thrown while probe-mounting the rootfs which later on succeeds and
thus shouldn't alert the user.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Instead of disabling unwinding entirely this upstream patch
just disables generation of async unwind tables.
Once the patch in question lands in stable 4.4 tree this change
essentially must be removed (otherwise patch application will fail).
Signed-off-by: Alexey Brodkin <abrodkin@synopsys.com>
When USB Wi-Fi dongle based on Atheros AR9271 is connected to OHCI
(USB 1.1) controller following warnings flood debug console:
------------------------>8---------------------------
usb 1-1: new full-speed USB device number 2 using ohci-platform
usb 1-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
usb 1-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
------------[ cut here ]------------
WARNING: CPU: 0 PID: 4 at drivers/usb/core/urb.c:450
usb_submit_urb+0x162/0x404
usb 1-1: BOGUS urb xfer, pipe 1 != type 3
Modules linked in:
CPU: 0 PID: 4 Comm: kworker/0:0 Not tainted 4.6.3 #10
Workqueue: events request_firmware_work_func
Stack Trace:
arc_unwind_core.constprop.1+0x94/0x10c
---[ end trace 2249b79eac9991d1 ]---
------------[ cut here ]------------
WARNING: CPU: 0 PID: 4 at drivers/usb/core/urb.c:450 usb_submit_urb+0x162/0x404
usb 1-1: BOGUS urb xfer, pipe 1 != type 3
Modules linked in:
CPU: 0 PID: 4 Comm: kworker/0:0 Tainted: G W 4.6.3 #10
Workqueue: events request_firmware_work_func
Stack Trace:
arc_unwind_core.constprop.1+0x94/0x10c
---[ end trace 2249b79eac9991d2 ]---
------------[ cut here ]------------
WARNING: CPU: 0 PID: 4 at drivers/usb/core/urb.c:450 usb_submit_urb+0x162/0x404
usb 1-1: BOGUS urb xfer, pipe 1 != type 3
Modules linked in:
CPU: 0 PID: 4 Comm: kworker/0:0 Tainted: G W 4.6.3 #10
Workqueue: events request_firmware_work_func
Stack Trace:
arc_unwind_core.constprop.1+0x94/0x10c
---[ end trace 2249b79eac9991d3 ]---
...
------------------------>8---------------------------
With removed warning Wi-Fi dongle works properly.
Even though this is not the best solution it gets us a working Wireless
AP. Anyways new discussion was started in linux-usb mailing list to find
a proper solution instead of that hack.
Signed-off-by: Alexey Brodkin <abrodkin@synopsys.com>
The kernel config option CONFIG_NET_UDP_TUNNEL is not visible and can
not directly be activated. When kmod-udptunnel4 or kmod-udptunnel6 are
build these packages could be empty when no other kernel module selects
CONFIG_NET_UDP_TUNNEL.
Reported-by: Baptiste Jonglez <baptiste@bitsofnetworks.org>
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
This patch is a backport for current LEDE 4.4 Kernels.
It is already upstream, for linux-next and stable.
The initial commit message is below:
The bridge is falsly dropping ipv6 mulitcast packets if there is:
1. No ipv6 address assigned on the brigde.
2. No external mld querier present.
3. The internal querier enabled.
When the bridge fails to build mld queries, because it has no
ipv6 address, it slilently returns, but keeps the local querier enabled.
This specific case causes confusing packet loss.
Ipv6 multicast snooping can only work if:
a) An external querier is present
OR
b) The bridge has an ipv6 address an is capable of sending own queries
Otherwise it has to forward/flood the ipv6 multicast traffic,
because snooping cannot work.
This patch fixes the issue by adding a flag to the bridge struct that
indicates that there is currently no ipv6 address assinged to the bridge
and returns a false state for the local querier in
__br_multicast_querier_exists().
Special thanks to Linus Lüssing.
Signed-off-by: Daniel Danzberger <daniel@dd-wrt.com>
This adds a configuration options that allows to make filesystem ACL support
the default in the kernel, except for old nfs.
Signed-off-by: Daniel Dickinson <openwrt@daniel.thecshore.com>
This patch is already included in the Linux mainline kernel since
v3.15, remove it from LEDE, see the lines directly before this patch.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
This patch was introduced in commit r16412 for the brcm47xx target only
and then moved to generic in commit r32395. It was initially added
because of ticket #5186 and should fix some problems with fuse file
systems and MIPS caches. The commit comment in r32395 says that this a
generic problem in MIPS CPUs, but does not name any specifics about
that. There was a fix added to kernel 2.6.21 in commit commit
7575a49f20 "[MIPS] Implement flush_anon_page()." that should fix this
problem, but that was already available before both commits were done
to OpenWrt.
I just tested fuse with ntfs.3g without this patch on a BCM4704
(BMIPS3300 V0.6) SoC and haven't seen any problems. Someone reported
that removing this patch improves some fuse operations by 5 times on
some modern MIPS cores.
My test was only a simple "dd if=/dev/zero of=/mnt/zero bs=5000" to an
USB stick.
This patch removes the patch to OpenWrt, because I assume that it is
not needed any more and Felix, the orginal author, also thinks so.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
In the upstream kernel and the upstream squashfs4 tools the xz
compression header looks the following:
struct disk_comp_opts {
__le32 dictionary_size;
__le32 flags;
};
We added some other members and also moved some existing members. Place
the members which are already in upstream header at the same position
as in that kernel and add our own at the end. The kernel should not
have a problem when there are some additional members and just ignore
them.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
In kernel 4.7 there is upstreamed b53 driver using (mostly?) the same
symbols as our b53 does. Change our symbols so both drivers can coexist
in kernel tree.
Signed-off-by: Rafał Miłecki <zajec5@gmail.com>
Acked-by: Jonas Gorski <jonas.gorski@gmail.com>
So far "kernel" partition didn't contain just a kernel. It also included
Seama header and meta data. This was making kernel update complex and it
wasn't trivial to read kernel size.
Fix it by making "kernel" parition contain just a kernel image.
Signed-off-by: Rafał Miłecki <zajec5@gmail.com>
Despite the MS_SILENT flag being set when probing for ubifs rootfs a
logline indicating an error is generated during boot:
UBIFS error (pid: 1): cannot open "ubi0:rootfs", error -19
This leads to confusion and there shouldn't be lines containing
the word 'error' twice in a bootlog if actually everything is fine
(just the rootfs happens to be something else than ubifs)
The patch added has been submitted and was accepted upstream, see:
http://lists.infradead.org/pipermail/linux-mtd/2016-June/068056.htmlhttp://patchwork.ozlabs.org/patch/637491
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
This can be used to prevent double compression for platforms where the
boot loader already expects compressed images.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
The swconfig kernel infrastructure fails to do any permissions checks when
changing settings. As such an ordinary user account on a device with a
switch can change switch settings without any special permissions.
Routers generally have few non-admin users so this isn't a big hole, but it
is a security hole. Likely the greatest danger is for multifunction devices
which have a lot of extra daemons, compromising a low-security daemon would
allow one to modify switch settings and cause the router/switch to appear to
lock-up (or cause other sorts of troublesome nyetwork behavior).
Implement a check for CAP_NET_ADMIN in swconfig_set_attr() and deny any
requests originating from user contexts lacking this capability.
Reported-by: Elliott Mitchell <ehem+openwrt@m5p.com>
Signed-off-by: Jo-Philipp Wich <jo@mein.io>