This adds initial support for kernel 4.14 based on the patches for
kernel 4.9.
In the configuration I deactivated some of the new possible security
features like:
CONFIG_REFCOUNT_FULL
CONFIG_SLAB_FREELIST_HARDENED
CONFIG_SOFTLOCKUP_DETECTOR
CONFIG_WARN_ALL_UNSEEDED_RANDOM
And these overlay FS options are also deactivated:
CONFIG_OVERLAY_FS_INDEX
CONFIG_OVERLAY_FS_REDIRECT_DIR
I activated this:
CONFIG_FORTIFY_SOURCE
CONFIG_POSIX_TIMERS
CONFIG_SLAB_MERGE_DEFAULT
CONFIG_WATCHDOG_HANDLE_BOOT_ENABLED
I am not sure if I did the porting correct for the following patches:
target/linux/generic/backport-4.14/020-backport_netfilter_rtcache.patch
target/linux/generic/hack-4.14/220-gc_sections.patch
target/linux/generic/hack-4.14/321-powerpc_crtsavres_prereq.patch
target/linux/generic/pending-4.14/305-mips_module_reloc.patch
target/linux/generic/pending-4.14/611-netfilter_match_bypass_default_table.patch
target/linux/generic/pending-4.14/680-NET-skip-GRO-for-foreign-MAC-addresses.patch
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Just refresh the kernel configuration, some options are removed because
they are now in the generic kernel configuration.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
These are taken from the x86 target and should make support kernel 4.9
and 4.14 in the x86 target easier.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
The default e1000e parameters (interrupt throttling rate, MSI/MSI-X
mode) are optimized for desktop and server computers to optimize
user-space execution (i.e. what's typically referred to as "useful"
work). This assumption breaks on a router under load where most of
the "useful" work actually takes place either in hardware interrupt
handlers (IRQ) or at software IRQ (swirq) modes, so we try to reflect
that by overriding these parameters with more appropriate values.
Patch-by: Philip Prindeville <philipp@redfish-solutions.com>
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Cover temperature sensors for all mainstream 64-bit processors, including
AMD 10h and 15h families, Intel iCore, Xeon, Atom, and Via Nano. Also
add CPUID support for user-space applications to detect CPU type.
Include the on-chip sensors for 64-bit CPU's in the generic profile
in case someone builds a 32-bit kernel to run on a Xeon SoC, etc.
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
Backport the mdio-bus reset gpio support from 4.12 and use it instead
of toggling the reset ourself.
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
Add support for the Sercomm AD1018 router
This a BCM6328 based board, 128 MB RAM, 128 MiB NAND flash,
with an onboard BCM43217 wifi, 4 ethernet ports and 1 USB
host port (not soldered). The board also has an FXS chip (Si32177)
connected via SPI (SS2#), without support in LEDE.
Since NAND flash chips aren't still supported in brcm63xx, the
support is for now added to work only with SPI flash chips. Therefore
hardware modding, soldering a new SPI flash chip, is required
to make the board work with LEDE (tested and working OK).
The flash at dts is intentionally left without partitioning to let
the user choose a NOR chip of any size (8, 16 or 32 MB).
Signed-off-by: Daniel Gonzalez Cabanelas <dgcbueu@gmail.com>
[jonas.gorski: renamed ad1018 to ad1018-nor to signify the modification]
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
Since Linux 4.6, mtd->priv no longer points to the NAND specific
structure. Under 4.9 it contains NULL, thus using it to access
chip->options causes an invalid pointer dereference (FS#1200).
Update the code to use the mtd_to_nand() helper under 4.9 to obtain
the address of the chip specific data.
Fixes: 7bbf4117c6 ("ar71xx: Add kernel 4.9 support")
Signed-off-by: Gabor Juhos <juhosg@freemail.hu>
Since Linux 4.6, mtd->priv no longer points to the NAND specific
structure. Under 4.9 it contains NULL, thus using it to access
the fields of the nand_chip structure causes an invalid pointer
dereference.
Update the code to use the mtd_to_nand() helper under 4.9 to obtain
the address of the chip specific data.
Compile tested only.
Fixes: 7bbf4117c6 ("ar71xx: Add kernel 4.9 support")
Signed-off-by: Gabor Juhos <juhosg@freemail.hu>
Tested-by: Christian Lamparter <chunkeey@gmail.com>
When mtdsplit_minor.c is compiled under Linux 4.4, the compiler
drops the following warning:
CC drivers/mtd/mtdsplit/mtdsplit_minor.o
drivers/mtd/mtdsplit/mtdsplit_minor.c:106:14: warning: initialization from incompatible pointer type [-Wincompatible-pointer-types]
.parse_fn = mtdsplit_parse_minor,
^
drivers/mtd/mtdsplit/mtdsplit_minor.c:106:14: note: (near initialization for 'mtdsplit_minor_parser.parse_fn')
The second parameter of the parser function must not have a 'const'
qualifier in 4.4. The 001-mtdsplit_backport.patch removes the qualifier
from other partition parsers. Update it to handle mtdsplit_minor.c as
well.
Signed-off-by: Gabor Juhos <juhosg@freemail.hu>
There has been recent significant activity with the cake qdisc of late
Some of that effort is related to upstreaming to kernel & iproute2
mainline but we're not quite there yet. This commit teaches tc how to
activate and interprete the latest cake operating modes, namely:
ingress mode: Instead of only counting packets that make it past the
shaper, include packets we've decided to drop as well, since they did
arrive with us on the link and took link capacity.
This mode is more suitable for shaping the ingress of a link
(e.g. from ISP) rather than the more normal egress.
ack-filter/ack-filter-aggressive: Filter excessive TCP ACKS. Useful in
highly assymetric links (downstream v upstream capacity) where the
majority of upstream link capacity is occupied with ACKS for downstream
traffic.
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
There has been recent significant activity with the cake qdisc of late
but in the cobalt branch. Some of that effort is related to upstreaming
to kernel & iproute2 mainline but we're not quite there yet. Relevant
feature changes:
ingress mode: Instead of only counting packets that make it past the
shaper, include packets we've decided to drop as well, since they did
arrive with us on the link and took link capacity.
This mode is more suitable for shaping the ingress of a link
(e.g. from ISP) rather than the more normal egress.
ptm mode: Minor optimisation in packet overhead calculation.
dual-src/dsthost/triple-isolate: Optimise only calculating src or dst
host hashes only if required.
ack-filter/ack-filter-aggressive: Filter excessive TCP ACKS. Useful in
highly assymetric links (downstream v upstream capacity) where the
majority of upstream link capacity is occupied with ACKS for downstream
traffic.
A separate iproute2 patch to teach it about Cake's new features will
follow.
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Remove PACKAGE_uhttpd_debug config as this is an unused leftover
Add CONFIG_uhttpd_lua to PKG_CONFIG_DEPENDS
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
This reverts commit 256990cbc0.
this commit caused a compile error
"TL_WR1043_V5_GPIO_LED_WANORANGE" is undefined.
Signed-off-by: John Crispin <john@phrozen.org>
Including version.mk sets PKG_CONFIG_DEPENDS to config entries used for
VERSION_SED command. We should keep these configs to make sure package
gets refreshed when needed.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
When calling a download target, hash verification is now completely
skipped if we set PKG_HASH=skip.
This allows to easily bump package version:
$ make package/<mypackage>/download PKG_HASH=skip V=s
$ make package/<mypackage>/check FIXUP=1 V=s
This will download the new version of the package, and then automatically
update PKG_HASH with the hash of the new version. Of course, it is still
the responsibility of the packager to ensure that the new tarball is
legitimate, because it is downloaded from a possibly untrusted source.
Fixes: b30ba14e ("scripts/download.pl: fail loudly if provided hash is unsupported")
Signed-off-by: Baptiste Jonglez <git@bitsofnetworks.org>
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Acked-by: Stijn Tintel <stijn@linux-ipv6.be>
Signed-off-by: John Crispin <john@phrozen.org>
Add missing definitions for the orange WAN LED on the TL-WR1043N(D) v4 and
v5. Minor format correction on a constant for consistency.
Signed-off-by: Tim Thorpe <tim@tfthorpe.net>
mktplinkfw/mktplinkfw2 utilities put JFFS2 EOF market only at 64KB
boundary, this could lead to current device configuration lost during
the sysupgrade on a device, which is equpped with flash with the 4KB
erase block size (e.g. TP-Link Archer C20).
This happens when 64KB and 4KB alignments do not match, so the JFFS2
data is written not exactly at the partition beginnig and startup
scripts can not find the JFFS2 during the first boot just after the
sysupgrade.
Fix this by placing additional JFFS2 EOF marker at a 4KB boundary. Also
keep the marker at 64KB intact, so the utilities will produce images
suitable for devices with both 4KB and 64KB erase blocks.
Fixes: 29a2c2ea80 (add ability to put
jffs2 eof marker into the image)
Signed-off-by: Sergey Ryazanov <ryazanov.s.a@gmail.com>
This patch fixes the switch port numbering on Mikrotik RB951Ui-2nD (hAP).
Also fixes the switch port numbering shown on LuCI for Mikrotik RB493G.
Signed-off-by: João Chaínho <joaochainho@gmail.com>
Since /overlay/upper appeared, -b ignored -c silently (cause it was
still checking for /overlay/etc). Now, if /overlay/upper is absent,
sysupgrade -c will fail and exit verbosely.
Fix -l to consider -c (it never did).
Clean up to always use /overlay/upper/xxx instead of still checking
for /overlay/xxx.
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
Advantages:
- preserves existing partition layout. On the hard-drive.
Only the boot and rootfs partition will be overwritten.
Disadvantages:
- The upgrade process takes much longer to run.
from 2-3 seconds to 15-25 seconds.
Please note that sysupgrade will refuse to upgrade, if the existing
installation has an incompatible partition layout. Future changes
to the bootfs and/or rootfs partition size will likely cause breakage
to the sysupgrade procedure. In these cases, the ext4-rootfs.img.gz
has to be written manually onto the disk. Please don't forget to backup
your configuration in this cases.
Note2: This patch requires
"base-files: upgrade: make get_partitions() endian agnostic"
Note3: If your current installation does not host the two
changes, sysupgrading will wipe the existing partition
layout. Don't forget to backup your data!
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
Please note that users with a Netgear WNDR4700
will need to update the device-tree partition
manually.
For instructions, please refere to commit 49856a4bb5
("apm821xx: make it possible to update the dtb partition on the WNDR4700")
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
Lantiq and IPQ806X (which includes IPQ40XX) both define the
same custom function {ipq806x|lantiq}_get_dt_led.
This patch moves the function into the base-file package at
lib/functions/leds.sh to make it more accessible for other
targets as well.
Cc: Mathias Kresin <dev@kresin.me>
Cc: John Crispin <john@phrozen.org>
Cc: Hannu Nyman <hannu.nyman@iki.fi>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
The bcm6368 pinctrl driver passed the wrong variable to
devm_regmap_field_alloc, causing it to blow up when later trying to
access the field.
Fixes#1211.
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
To not clutter the system when building an opkg free image, generate the
distfeeds.conf only if CLEAN_IPKG is unset.
Since opkg is now a shared package, we can't rely on PACKAGE_opkg, but
since opkg is not reasonably usable without the status information, we
can tie the distfeeds.conf to it.
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
Ensure /etc/opkg exists before trying to write there. This fixes a build
failure if SIGNED_PACKAGES is disabled.
Reported-by: Matthias Schiffer <mschiffer@universe-factory.net>
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
All the relevant options used for distfeeds.conf are part of base-files,
so it makes more sense to move the file there as well.
This has the added benefit that the we can share the opkg package again,
reducing the amount of target specific packages.
Acked-by: Jo-Philipp Wich <jo@mein.io>
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
For an unknown reason gcc tries to link in crti.o when building with a
glibc toolchain (this does not happen with other targets). Prevent this
by telling gcc explicitly to not do that.
Fixes the following build error:
/home/jonas/git/lede/staging_dir/toolchain-mips_24kc_gcc-5.5.0_glibc/lib/gcc/mips-openwrt-linux-gnu/5.5.0/../../../../mips-openwrt-linux-gnu/lib/crti.o: In function `_init':
(.init+0x18): relocation truncated to fit: R_MIPS_GOT16 against `__gmon_start__'
/home/jonas/git/lede/staging_dir/toolchain-mips_24kc_gcc-5.5.0_glibc/lib/gcc/mips-openwrt-linux-gnu/5.5.0/../../../../mips-openwrt-linux-gnu/lib/crti.o: In function `_init':
(.init+0x28): relocation truncated to fit: R_MIPS_CALL16 against `__gmon_start__'
collect2: error: ld returned 1 exit status
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
Bump to latest WireGuard snapshot release:
44f8e4d version: bump snapshot
bbe2f94 chacha20poly1305: wire up avx512vl for skylake-x
679e53a chacha20: avx512vl implementation
10b1232 poly1305: fix avx512f alignment bug
5fce163 chacha20poly1305: cleaner generic code
63a0031 blake2s-x86_64: fix spacing
d2e13a8 global: add SPDX tags to all files
d94f3dc chacha20-arm: fix with clang -fno-integrated-as.
3004f6b poly1305: update x86-64 kernel to AVX512F only
d452d86 tools: no need to put this on the stack
0ff098f tools: remove undocumented unused syntax
b1aa43c contrib: keygen-html for generating keys in the browser
e35e45a kernel-tree: jury rig is the more common spelling
210845c netlink: rename symbol to avoid clashes
fcf568e device: clear last handshake timer on ifdown
d698467 compat: fix 3.10 backport
5342867 device: do not clear keys during sleep on Android
88624d4 curve25519: explictly depend on AS_AVX
c45ed55 compat: support RAP in assembly
7f29cf9 curve25519: modularize dispatch
Refresh patches.
Compile-test-for: ar71xx
Run-tested-on: ar71xx Archer C7 v2
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
As MD5 is known weak for many years and more and more
penetration test tools complain about enabled MD5 HMAC
I think it's time to drop it.
By disabling the MD5 HMAC support dropbear will also
automatically use SHA1 for fingerprints.
This shouldn't be a problem too.
Signed-off-by: Martin Schiller <ms@dev.tdt.de>
This will avoid some conflicts when doing a git rebase or merge,
specially when adding support to a new device.
Signed-off-by: Luis Araneda <luaraneda@gmail.com>
[drop brcm47xx changes which rename the images]
Signed-off-by: Mathias Kresin <dev@kresin.me>
Set TMPDIR to the same value as the existing TMP_DIR variable in order to
let gcc and various other utilities use the local temporary directory
instead of the system-wide one.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
