The swconfig kernel infrastructure fails to do any permissions checks when
changing settings. As such an ordinary user account on a device with a
switch can change switch settings without any special permissions.
Routers generally have few non-admin users so this isn't a big hole, but it
is a security hole. Likely the greatest danger is for multifunction devices
which have a lot of extra daemons, compromising a low-security daemon would
allow one to modify switch settings and cause the router/switch to appear to
lock-up (or cause other sorts of troublesome nyetwork behavior).
Implement a check for CAP_NET_ADMIN in swconfig_set_attr() and deny any
requests originating from user contexts lacking this capability.
Reported-by: Elliott Mitchell <ehem+openwrt@m5p.com>
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
OpenWRT changed the default fq_codel sch->limit from 10240 to 1024,
without also adjusting q->flows_cnt. Eric Dumazet explains below that
you must also adjust the buckets (q->flows_cnt) for this not to break.
Eric explains: Limit of 1024 packets and 1024 flows is not wise I think.
(If all buckets are in use, each bucket has a virtual queue of 1 packet,
which is almost the same than having no queue at all)
I suggest to have at least 8 packets per bucket, to let Codel have a
chance to trigger. So you could either reduce number of buckets to 128
(if memory is tight), or increase limit to 8192.
flows_cnt is now set to 1024/8=128
Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
Building for octeon fails with
'arch/mips/vdso/vdso-n32.so.dbg' already contains a '.MIPS.abiflags'
section
if the file already exists from a prior build.
Use the same workaround as the one for vdso.so.dbg committed in
9eb155353a.
Commit 91f205acaf extended the workaround
to cover vdso-o32.so.dbg but missed the vdso-n32.so.dbg which is added
now by this change.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Building for octeon fails with
'arch/mips/vdso/vdso-o32.so.dbg' already contains a '.MIPS.abiflags'
section
if the file already exists from a prior build.
Use the same workaround as the one for vdso.so.dbg committed in
9eb155353a.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Currently the build fails with
'arch/mips/vdso/vdso.so.dbg' already contains a '.MIPS.abiflags' section
if the file already exists from a prior build.
Add a makefile rule to force the rebuild of vdso.so.dbg if genvdso has
has been changed to workaround the failure.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
This enables misaligned access handling by software in Linux kernel.
With some wireless drivers (ath9k-htc and mt7601u for example) we see
misaligned accesses here and there and to cope with that without
fixing stuff in the drivers we're just gracefully handling it on ARC.
Signed-off-by: Alexey Brodkin <abrodkin@synopsys.com>
SVN-Revision: 49134
The current code only partially invalidates both caches
because the cache size and cache-line size values are
incorrectly passed to the C code.
Fix the assembly code to pass the arguments in the correct
order.
Tested on RB532.
Signed-off-by: Gabor Juhos <juhosg@openwrt.org>
SVN-Revision: 49056