Commit graph

47 commits

Author SHA1 Message Date
André Draszik
584b2a26f5 ramips: mt7620: eMMC: remove unused variable
msdc_6575_host[] is unused, just remove it. Also, it
was the source of memory corruption up until the
previous fix to this driver.

Signed-off-by: André Draszik <git@andred.net>
2018-04-04 08:29:17 +02:00
André Draszik
ace1686200 ramips: mt7620: eMMC: stop invalid memory access if only one device is defined
pdev->id is -1 when only one device exists, and is used:
* as an index into drv_mode[] to determine whether to use
  PIO or DMA mode (via host->id)
* as an index into msdc_6575_host[], to store the
  mmc_priv() data.

Obviously, -1 is not a valid index in either case, causing
us to read invalid memory, and memory corruption,
respectively.

The invalid memory read is causing non-deterministic
behaviour, in particular in the v4.4 kernel it still
picked DMA mode, but in the v4.9 it now always picks
PIO mode.
Also, PIO mode doesn't work, causing the following:

/ # echo 3 > /proc/sys/vm/drop_caches
[ 3845.249237] sh (128): drop_caches: 3

/ # /root/usr/lib/libc.so
[ 3846.096070] do_page_fault(): sending SIGSEGV to libc.so for invalid read access from 7f9cb5a0
[ 3846.104758] epc = 779b0ea4 in libc.so[7792f000+c3000]
[ 3846.109907] ra  = 779a8004 in libc.so[7792f000+c3000]
Segmentation fault

/ # /root/usr/lib/libc.so
musl libc (mipsel-sf)
Version 1.1.16-git-40-g54807d47
Dynamic Program Loader
Usage: /root/usr/lib/libc.so [options] [--] pathname [args]

(i.e. initial page-in of any binary causes a segfault,
subsequent access works.)

While this change doesn't fix PIO mode, it at least makes
us deterministically use DMA (which works), and it also
stops us from corrupting memory.

Signed-off-by: André Draszik <git@andred.net>
2018-04-04 08:29:17 +02:00
André Draszik
dcbf6284e5 ramips: mt7620: eMMC: fix MODULE_DEVICE_TABLE
This was referencing an undefined symbol, probably
due to copy/paste error.

Signed-off-by: André Draszik <git@andred.net>
2018-04-04 08:29:16 +02:00
André Draszik
7d44b36c98 ramips: mt7620: eMMC: fix compiler warning (misleading indentation)
drivers/mmc/host/mtk-mmc/sd.c:2782:5: warning: this 'if' clause does not guard... [-Wmisleading-indentation]
     if ((hw->flags & MSDC_SDIO_IRQ) || (hw->flags & MSDC_EXT_SDIO_IRQ))
     ^~
drivers/mmc/host/mtk-mmc/sd.c:2785:2: note: ...this statement, but the latter is misleadingly indented as if it is guarded by the 'if'
  cd_active_low = !of_property_read_bool(pdev->dev.of_node, "mediatek,cd-high");
  ^~~~~~~~~~~~~

Signed-off-by: André Draszik <git@andred.net>
2018-04-04 08:29:16 +02:00
André Draszik
bbbd71e3ea ramips: mt7620: eMMC: clear owner field
a) This is not needed in recent kernels anymore (> 3.x ??)
b) this allows driver unloading now

Signed-off-by: André Draszik <git@andred.net>
2018-04-04 08:29:16 +02:00
Hauke Mehrtens
aed03d5d0f kernel: update kernel 4.9 to version 4.9.91
* Refreshed patches.
 * Deleted 210-Revert-led-core-Fix-brightness-setting-when-setting-.patch (was accepted upstream)
 * Deleted 812-pci-dwc-fix-enumeration.patch (was accepted upstream)

Compile and run tested on lantiq

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-03-31 16:31:26 +02:00
John Crispin
d57ca53ff9 Revert "ramips: gpio: fix compilation if CONFIG_GPIO_SYSFS=n"
This reverts commit cff2dedebc.

This patch causes build issues

Signed-off-by: John Crispin <john@phrozen.org>
2018-03-13 13:10:21 +01:00
André Draszik
cff2dedebc ramips: gpio: fix compilation if CONFIG_GPIO_SYSFS=n
If CONFIG_GPIO_SYSFS=n, compilation fails with
  drivers/built-in.o: In function `gpio_export_with_name':
  include/asm-generic/gpio.h:128: undefined reference to `__gpiod_export'

This is because the stub in that case has the wrong name,
_gpiod_export() - note the missing underscore (_) at the
start.

Fix the stub, and add the correct prototype for the real
implementation.

Signed-off-by: André Draszik <git@andred.net>
2018-03-13 08:34:58 +01:00
Magnus Kroken
5af85dab22 kernel: bump 4.9 to 4.9.85
Signed-off-by: Magnus Kroken <mkroken@gmail.com>
2018-03-03 12:58:55 +01:00
Stijn Tintel
f621b53951 kernel: bump 4.9 to 4.9.82
Refresh patches.
Remove upstreamed patches:
- ar7/002-MIPS-AR7-ensure-the-port-type-s-FCR-value-is-used.patch
- backport/040-crypto-fix-typo-in-KPP-dependency-of-CRYPTO_ECDH.patch
Remove layerscape/819-Revert-dmaengine-dmatest-move-callback-wait-queue-to.patch,
it is superseded by upstream commit 297c7cc4b5651b174a62925b6c961085f04979fd.
Remove pending/650-pppoe_header_pad.patch, it is superseded by
upstream commit 1bd21b158e07e0b8c5a2ce832305a0ebfe42c480.
Update patches that no longer apply:
- ar71xx/004-register_gpio_driver_earlier.patch
- hack/204-module_strip.patch
- pending/493-ubi-set-ROOT_DEV-to-ubiblock-rootfs-if-unset.patch

Fixes CVE-2017-8824.

Compile-tested: ar71xx.
Runtime-tested: ar71xx.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2018-02-18 02:59:57 +01:00
Kevin Darbyshire-Bryant
d8565a06dc kernel: bump 4.9 to 4.9.77
Refresh patches.
Remove upstreamed patches:

target/linux/generic/backport-4.9/023-2-smsc75xx-use-skb_cow_head-to-deal-with-cloned-skbs.patch
target/linux/generic/backport-4.9/023-3-cx82310_eth-use-skb_cow_head-to-deal-with-cloned-skb.patch
target/linux/generic/backport-4.9/023-4-sr9700-use-skb_cow_head-to-deal-with-cloned-skbs.patch
target/linux/generic/backport-4.9/023-5-lan78xx-use-skb_cow_head-to-deal-with-cloned-skbs.patch

CVEs completely or partially addressed:

CVE-2017-5715
CVE-2017-5753
CVE-2017-17741
CVE-2017-1000410

Compile-tested: ar71xx Archer C7 v2
Run-tested: ar71xx Archer C7 v2

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Tested-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-01-20 20:22:01 +01:00
Kevin Darbyshire-Bryant
7b6e01d389 kernel: bump 4.9 to 4.9.72
Refresh patches.

Runtime tested: ar71xx - Archer C7 v2

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2017-12-26 23:31:00 +01:00
Hauke Mehrtens
f704b643b9 kernel: Update kernel 4.9 to 4.9.70
Runtime tested on lantiq.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-12-19 22:45:27 +01:00
Stijn Tintel
f997478655 kernel: bump 4.9 to 4.9.67
Refresh patches.
Remove upstreamed patches:
- generic/190-1-5-e1000e-Fix-error-path-in-link-detection.patch
- generic/190-3-5-e1000e-Fix-return-value-test.patch
- generic/190-4-5-e1000e-Separate-signaling-for-link-check-link-up.patch
- generic/190-5-5-e1000e-Avoid-receiver-overrun-interrupt-bursts.patch
- ramips/0102-MIPS-ralink-Fix-MT7628-pinmux.patch
- ramips/0103-MIPS-ralink-Fix-typo-in-mt7628-pinmux-function
Update patches that no longer apply:
- layerscape/815-spi-support-layerscape.patch
- ramips/0099-pci-mt7620.patch

Compile-tested on ar71xx, brcm2708/bcm2708, octeon and x86/64.
Runtime-tested on ar71xx, brcm2708/bcm2708, octeon and x86/64.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2017-12-07 01:41:09 +02:00
Stijn Tintel
9fe59abef8 kernel: bump 4.9 to 4.9.65
Refresh patches.
Compile-tested: ar71xx, octeon, x86/64.
Runtime-tested: ar71xx, octeon, x86/64.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2017-11-24 14:09:11 +02:00
Koen Vandeputte
62ede4f783 kernel: bump 4.9 to 4.9.63
Refreshed all patches.

Removed upstreamed parts.

Compile-tested: cns3xxx, imx6, mvebu, layerscape
Run-tested: cns3xxx, imx6

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2017-11-22 20:45:52 +01:00
Mathias Kresin
e142173e8d ramips: backport MT7628 pinmux fixes
According to the datasheet the REFCLK pin is shared with GPIO#37 and
the PERST pin is shared with GPIO#36.

While at it fix a typo inside the pinmux setup code. The function is called
refclk and not reclk.

Update device tree source files accordingly.

Signed-off-by: Mathias Kresin <dev@kresin.me>
2017-11-22 08:21:52 +01:00
Felix Fietkau
22d982ea00 ramips: add support for switching between 3-byte and 4-byte addressing on w25q256 flash
On some devices the flash chip needs to be in 3-byte addressing mode during
reboot, otherwise the boot loader will fail to start.
This mode however does not allow regular reads/writes onto the upper 16M
half. W25Q256 has separate read commands for reading from >16M, however
it does not have any separate write commands.
This patch changes the code to leave the chip in 3-byte mode most of the
time and only switch during erase/write cycles that go to >16M
addresses.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-11-02 15:58:45 +01:00
Kevin Darbyshire-Bryant
886d66abcd kernel: bump 4.9 to 4.9.57
Refresh patches.
Compile-tested for ar71xx - Archer C7 v2
Runtime-tested on  ar71xx - Archer C7 v2

Fixes the following CVEs:

- CVE-2017-7518
- CVE-2017-0786
- CVE-2017-1000255
- CVE-2017-12188
- CVE-2017-15265

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2017-10-18 19:44:09 +03:00
Felix Fietkau
fe3c3aed44 ramips: fix typo in MT7621 NAND driver
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-10-16 12:15:17 +02:00
Stijn Tintel
f12c42940d kernel: bump 4.9 to 4.9.54
Refresh patches.
Remove upstreamed patches:
- ramips/0067-enable-mt7621-xhci.patch
- ramips/0085-pinmux-util.patch
- ramips/301-fix-rt3883.patch

Compile-tested on brcm2708/bcm2708, octeon, ramips/mt7621, x86/64.
Runtime-tested on brcm2708/bcm2708, octeon, ramips/mt7621, x86/64.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2017-10-08 20:51:03 +03:00
Stijn Tintel
f625df7ab8 kernel: update 4.9 to 4.9.53
Refresh patches.
Compile-tested on brcm2708/bcm2708, octeon and x86/64.
Runtime-tested on brcm2708/bcm2708, octeon and x86/64.

Fixes the following CVEs:
- CVE-2017-1000252
- CVE-2017-12153
- CVE-2017-12154

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2017-10-07 20:53:21 +03:00
Roman Yeryomin
bcb89fcca8 ramips: mt7621: add MT29F2G08ABAE NAND flash support
Signed-off-by: Roman Yeryomin <roman@advem.lv>
2017-09-28 09:21:57 +02:00
Stijn Tintel
6e48eb22b8 kernel: update 4.9 to 4.9.51
Refresh patches.
Compile-tested on octeon and x86/64.
Runtime-tested on octeon and x86/64.

Fixes the following CVEs:
- CVE-2017-14106
- CVE-2017-14497

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2017-09-20 23:50:55 +03:00
Koen Vandeputte
40213cc154 kernel: update 4.9 to 4.9.45
Refreshed all patches

Compiled & run-tested on targets: cns3xxx, imx6

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2017-08-30 17:05:10 +02:00
John Crispin
a3f52f6165 ramips: refresh kernel patches
the reordering patch fixes random kernel hangs. bug/fix was reported by MTK/WCN.

Signed-off-by: John Crispin <john@phrozen.org>
2017-08-24 10:09:46 +02:00
John Crispin
5c971cd6fd ramips: make mt7621 select WEAK_REORDERING_BEYOND_LLSC
Signed-off-by: John Crispin <john@phrozen.org>
2017-08-24 08:32:54 +02:00
Stijn Tintel
2d02a4f5bd kernel: update 4.9 to 4.9.44
Refresh patches.
Adapt 704-phy-no-genphy-soft-reset.patch.
Remove brcm2708/950-0005-mm-Remove-the-PFN-busy-warning.patch.
Compile-tested on brcm2708/bcm2708 and x86/64.
Runtime-tested on brcm2708/bcm2708 and x86/64.

Fixes the following vulnerabilities:
- CVE-2017-7533
- CVE-2017-1000111
- CVE-2017-1000112

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2017-08-17 12:34:34 +02:00
Qin Wie
de350550ef ramips: fix cd-poll sd card remove randomly
Fix when add 'mediatek,cd-poll' to dts cause the sd card be removed randomly.
Special for the device without card-detect pin.

Signed-off-by: Qin Wie <me@vonger.cn>
2017-08-04 23:13:18 +02:00
Ilya Katsnelson
bb4d5006c0 ramips: fix PCI init on MT7620 with Linux 4.9+
So, this is kind of complicated. This has been upstream for a while,
imported from OpenWRT/LEDE with some cleanups. LEDE ramips has stayed
on linux-4.4 this whole time, with the old(er) version of the patch
that had correct behavior[0], while upstream got changed[1].

When LEDE updated to kernel 4.9, the older version of the code from
the patch got replaced with the upstream version containing the bug.

The original behavior, however, seems to be correct here, as the
official programming guide[2] indicates that bit 31 (PDRV_SW_SET)
in register PPLL_CFG1 is reserved, but bit 23 (added as PPLL_LD)
is the PPLL lock state (which also happens to line up with the
error message).

The original confusion probably comes from the double definition
of PDRV_SW_SET[3, 4] in the upstream code, with one correct definition
(31) and one incorrect one (23).

I've also used the opportunity to clean up the error message a bit -
it's still not really helpful to anyone who doesn't already know what
the PPLL is, but at least it's slightly more readable now.

This will probably need to be upstreamed as well, since with the way
it's currently set up, it's unlikely PCI ever worked for anyone who's
running an upstream kernel on that SoC.

[0]: 05d6e92594/target/linux/ramips/patches-4.4/0009-PCI-MIPS-adds-mt7620a-pcie-driver.patch (L259)
[1]: 026d15f6b9/arch/mips/pci/pci-mt7620.c (L246)
[2]: http://www.anz.ru/files/mediatek/MT7620_ProgrammingGuide.pdf
[3]: 026d15f6b9/arch/mips/pci/pci-mt7620.c (L36)
[4]: 026d15f6b9/arch/mips/pci/pci-mt7620.c (L39)

Signed-off-by: Ilya Katsnelson <me@0upti.me>
2017-07-31 21:28:37 +02:00
Mathias Kresin
0a17d2970a ramips: add NULL clock fix send upstream
Make the behaviour of clk_get_rate consistent with common clk's
clk_get_rate by accepting NULL clocks as parameter. Some device
drivers rely on this, and will cause an OOPS otherwise.

Fixes: FS#735

Signed-off-by: Mathias Kresin <dev@kresin.me>
2017-07-29 09:24:23 +02:00
Mathias Kresin
a3995a6785 ramips: pinctrl: return proper error if pinctrl0 is empty
Children of the pinctrl0 node are optional. Return EINVAL (=missing)
instead of 0. Fixes a hang if the pinctrl0 has no children.

Signed-off-by: Mathias Kresin <dev@kresin.me>
Acked-by: John Crispin <john@phrozen.org>
2017-07-27 09:12:15 +02:00
John Crispin
9551d91b1d ramips: refresh the rcu_sched patch and remove debug info
Signed-off-by: John Crispin <john@phrozen.org>
2017-07-26 09:32:22 +02:00
John Crispin
6acb53c526 ralink: fix rcu_sched stalls on mt7621
there were 2 bugs
*) core1 came up with a bad bogo mips, looks like the clock needed time to stabilize
*) HPT frequency was not set making r4k timers not come up properly

Signed-off-by: John Crispin <john@phrozen.org>
2017-07-26 09:14:20 +02:00
Koen Vandeputte
cd54b2d42b kernel: update kernel 4.9 to 4.9.37
- Refreshed all patches
- Removed upstreamed
- Adapted 4 patches:

473-fix-marvell-phy-initialization-issues.patch
-----------------------------------------------
Removed hunk 5 which got upstreamed

403-net-phy-avoid-setting-unsupported-EEE-advertisments.patch
404-net-phy-restart-phy-autonegotiation-after-EEE-advert.patch
--------------------------------------------------------------
Adapted these 2 RFC patches, merging the delta's from an upstream commit
(see below) which made it before these 2.

https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-
stable.git/commit/?h=v4.9.36&id=97ace183074d306942b903a148aebd5d061758f0

180-usb-xhci-add-support-for-performing-fake-doorbell.patch
-----------------------------------------------------------
- Moved fake_doorbell bitmask due to new item

Compile tested on: cns3xxx, imx6
Run tested on: cns3xxx, imx6

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2017-07-15 00:13:05 +02:00
Jo-Philipp Wich
55623a9c83 kernel: update kernel 4.9 to 4.9.31
Fixes the following security vulnerabilities:

CVE-2017-8890
The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the
Linux kernel through 4.10.15 allows attackers to cause a denial of service
(double free) or possibly have unspecified other impact by leveraging use
of the accept system call.

CVE-2017-9074
The IPv6 fragmentation implementation in the Linux kernel through 4.11.1
does not consider that the nexthdr field may be associated with an invalid
option, which allows local users to cause a denial of service (out-of-bounds
read and BUG) or possibly have unspecified other impact via crafted socket
and send system calls.

CVE-2017-9075
The sctp_v6_create_accept_sk function in net/sctp/ipv6.c in the Linux kernel
through 4.11.1 mishandles inheritance, which allows local users to cause a
denial of service or possibly have unspecified other impact via crafted
system calls, a related issue to CVE-2017-8890.

CVE-2017-9076
The dccp_v6_request_recv_sock function in net/dccp/ipv6.c in the Linux
kernel through 4.11.1 mishandles inheritance, which allows local users to
cause a denial of service or possibly have unspecified other impact via
crafted system calls, a related issue to CVE-2017-8890.

CVE-2017-9077
The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c in the Linux kernel
through 4.11.1 mishandles inheritance, which allows local users to cause a
denial of service or possibly have unspecified other impact via crafted
system calls, a related issue to CVE-2017-8890.

CVE-2017-9242
The __ip6_append_data function in net/ipv6/ip6_output.c in the Linux kernel
through 4.11.3 is too late in checking whether an overwrite of an skb data
structure may occur, which allows local users to cause a denial of service
(system crash) via crafted system calls.

Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8890
Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9074
Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9075
Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9076
Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9077
Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9242
Ref: https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.31

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2017-06-08 01:03:39 +02:00
Daniel Golle
bfa2e945de ramips: enable PCIe on MT7688
Submitted upstream as well, see
patchwork https://patchwork.linux-mips.org/patch/16223/

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2017-06-03 20:45:38 +02:00
John Crispin
9bc9457b85 ramips: fixup nand support on v4.9
Signed-off-by: John Crispin <john@phrozen.org>
2017-06-01 12:30:17 +02:00
Hauke Mehrtens
0b17375931 kernel: update kernel 4.9 to 4.9.30
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-05-27 00:48:37 +02:00
Koen Vandeputte
e842e16f45 kernel: update kernel 4.9 to 4.9.29
- Refresh all patches
- Removed upstreamed
- Adapted 1

Compile tested on: bcm53xx, cns3xxx, imx6, lantiq
Run tested on: cns3xxx & imx6

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
[update from 4.9.28 to 4.9.29]
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-05-21 21:51:22 +02:00
Hauke Mehrtens
b26e34214c kernel: update kernel 4.9 to 4.9.20
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-04-02 12:47:55 +02:00
John Crispin
0f4600c275 ramips: fix pcie irq mapping for mt7621 on v4.9
Signed-off-by: John Crispin <john@phrozen.org>
2017-03-28 08:50:13 +02:00
Hauke Mehrtens
fb7ea71c15 kernel: update kernel 4.9 to 4.9.17
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-03-26 12:23:19 +02:00
John Crispin
dce3b0057b ramips: fix mt7621 boot on v4.9
v4.9 CM code has a few bugs on this HW. Disable the GCR register access
during boot. This caused a cpu stall.

Signed-off-by: John Crispin <john@phrozen.org>
2017-03-23 09:18:42 +01:00
Furong Xu
b65718ae14 ramips: rename patch file suffix from .c to .patch
Signed-off-by: Furong Xu <xfr@outlook.com>
2017-03-01 22:29:57 +01:00
Hauke Mehrtens
236840eb47 kernel: update kernel 4.9 to version 4.9.10
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-02-16 00:46:23 +01:00
John Crispin
9c24227090 ramips: add v4.9 support
NAND support is missing

Signed-off-by: John Crispin <john@phrozen.org>
2017-02-14 12:17:52 +01:00