Commit graph

510 commits

Author SHA1 Message Date
Thibaut VARENE
890daca9e2 kernel: mtdsplit: Add support for Mikrotik NOR firmware
The RouterBOOT bootloader does not care where the kernel lives in the SPI
flash, all that matters is that the kernel is wrapped in the custom yaffs
container as generated by kernel2minor.

This container has a fixed signature as follows:
00000000  00 00 00 01 00 00 00 01  ff ff 6b 65 72 6e 65 6c  |..........kernel|

This patch adds mtdsplit support for identifying that signature and
triggering the search for the rootfs. rootfs is expected at EB boundary since
we use wget mtd_find_rootfs_from(). We make no use of the yaffs file size
field because it contains invalid data in the image generated by kernel2minor.

Signed-off-by: Thibaut VARENE <hacks@slashdirt.org>
2017-02-22 22:52:19 +01:00
Stijn Tintel
5c49fecf72 Revert "kernel: ar8327/ar8337: disable ARL access code to avoid lockups (FS#384)"
This reverts commit ec1a695daa.

Revert the workaround, the problem was properly fixed in
2374549916.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2017-02-22 11:56:27 +01:00
Günther Kelleter
2374549916 ar8216: flush ARL table during reset after init_globals
commit 33b72b8e0f
"ar8216: adjust ATU flushing in case of link changes"
introduced portwise flushing on link down events. Now the ARL table could
be in a chaotic state after boot where ar8xxx_sw_get_arl_table looped
forever (depending on the entries collected while booting).

Signed-off-by: Günther Kelleter <guenther.kelleter@devolo.de>
2017-02-16 17:17:05 +01:00
Koen Vandeputte
4339e5ddb1 kernel: fix build error in mtdsplit driver
Add missing parentheses.
Fixes kernel build issue when using this driver.

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2017-02-07 11:39:11 +01:00
Rafał Miłecki
b008357960 kernel: port b53 to use kernel 4.5+ API
For backward 4.4 compatibility I added patch reverting my changes.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2017-02-06 11:28:54 +01:00
Felix Fietkau
1a52d11d38 kernel: update phy drivers for 4.9
add backport patches for older kernels

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-02-03 12:35:44 +01:00
Felix Fietkau
402193baa1 kernel: update mtdsplit for linux 4.9
add backport patches for older kernels

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-02-03 12:35:44 +01:00
Mathias Kresin
a0888ecbaf generic: rtl8366rb: fix compatible string
Use a vendor prefix as it has to be for all not core driver. Update the
compatible string in the device tree files accordingly.

Signed-off-by: Mathias Kresin <dev@kresin.me>
2017-02-03 00:46:03 +01:00
Felix Fietkau
0f19c1d6cf rtl8366_smi: add linux 4.4 compatibility
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-02-01 17:49:54 +01:00
Sergey Sergeev
74ea99b01d ledtrig-netdev: don't cancel work on events for different interfaces
This fixes logic bug(in function netdev_trig_notify) introduced in
0b2991a8ed commit.
Events triggered by different interfaces were stopping work queue so it
wasn't working for tx/rx mode.

Signed-off-by: Sergey Sergeev <adron@yapic.net>
2017-01-29 17:32:58 +01:00
Tobias Wolf
e2bd8b900f generic: rtl836x: add support for Green Feature
The GPL licensed source code of Belkin contains an ASIC based "Green
Feature". This change adds support for this Green Feature that can be
activated with an DTS option or swconfig.

Signed-off-by: Tobias Wolf <github-NTEO@vplace.de>
2017-01-27 11:10:10 +01:00
Tobias Wolf
30494598f8 generic: rtl8366s: add support support for initvals from DTS
This change provides the possibility to define per-device initvals in
the DTS file for a rlt8366s switch.

Signed-off-by: Tobias Wolf <github-NTEO@vplace.de>
2017-01-27 11:10:10 +01:00
Felix Fietkau
8ab057f5e4 kernel: remove yaffs2 support, it is no longer needed
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-01-16 20:40:12 +01:00
Jo-Philipp Wich
ec1a695daa kernel: ar8327/ar8337: disable ARL access code to avoid lockups (FS#384)
Running ar8327_get_arl_entry() early after boot leads to MDIO related system
lockups on several devices using this driver.

Since dumping the ARL table contens is an optional, uncritical feature, simply
disable the code for now.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2017-01-16 19:39:42 +01:00
Felix Fietkau
0b2991a8ed kernel: make ledtrig-netdev use a work queue for updates
This fixes hangs in igb that happen if the update call interrupts an
already existing dev_get_stats call. In that case the calling CPU
deadlocks because it's trying to acquire the same spinlock recursively.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-01-16 09:52:59 +01:00
Imre Kaloz
f24ffb901e mvsw61xx: add support for MV88E6352
MV88E6352 is used on Linksys WRT3200ACM

Signed-off-by: Imre Kaloz <kaloz@openwrt.org>
2017-01-13 17:12:40 +01:00
Vladimir Zahradnik
f277f45bd6 yaffs: fix to detect MLC/TLC NAND flash
Signed-off-by: Vladimir Zahradnik <vladimir.zahradnik@gmail.com>
2017-01-06 15:34:13 +01:00
Jo-Philipp Wich
29cc927ef5 generic: ar8216: fix invalid bounds check imported from ChromeOS (FS#347)
The priv->vlan_id member is of size AR8X16_MAX_VLANS, not AR8X16_MAX_PORTS,
so check for the proper maximum value in order to avoid capping valid VLAN IDs
to 7 (AR8X16_MAX_PORTS - 1).

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2016-12-23 19:24:14 +01:00
Huan Truong
fd62fa752b ar71xx: Add support for Netgear WNR2000v1
This patch adds supports for the WNR2000v1 board with 4MB flash, and
produces device-specific factory, rootfs, and sysupgrade files for the
WNR2000v1. This board is errorneously claimed as supported on the OpenWRT
wiki as AP81, but AP81 image would not work because of APT81 image
requiring having 8MB of flash, while WNR2000v1 has only 4MB.

The image requires the u-boot bootloader to be modified to fuhry's
bootloader first.

Short specification:

- CPU: Atheros AR9132
- 4x 10/100 Mbps Ethernet, 1x WAN 10/100 Mbps
- 4 MB of Flash
- 32 MB of RAM
- UART header (J1) on board
- 1x button

Factory/Initial flash instructions:

- Set up a TFTP server on your local machine.
- Download the uImage for ar71xx-generic and the rootfs image for
  ar71xx-generic-wnr2000 and save in the tftp server root.
- Gain serial access to the router via the UART port (telnetenable over
  the network only won't work!).
- Upgrade the u-boot bootloader to fuhry's version by running the
  script: http://fuhry.com/b/wnr2000/install-repart.sh
- When the router restarts, interrupt u-boot and gain access to u-boot command line.
- Repartititon the board and flash initial uImage and rootfs as follow.

Commands to type in u-boot:

	# tells u-boot that we have a tftp server on 192.168.1.10
	setenv serverip 192.168.1.10

	# tells u-boot that the router should take the address 192.168.1.1
	setenv ipaddr 192.168.1.1

	# erase the region from 0x050000-0x3f0000
	erase 0xbf050000 +0x3A0000

	# loads sqfs.bin on TFTP server, and put it to memory address 0x81000000
	tftpboot 0x81000000 sqfs.bin
	# it will tell you the length of sqfs.bin in hex, let's say ZZZZZZ
	# copy bit by bit 0xZZZZZZ bytes from offset 0x050000
	cp.b 0x81000000 0xbf050000 0xZZZZZZ

	# same to the uImage.bin, write it right next to sqfs.bin
	# again, 0xYYYYYY is the length that tftpboot reports
	tftpboot 0x81000000 uImage.bin
	cp.b 0x81000000 0xbf2a0000 0xYYYYYY

	# We need to tell the kernel what board it is booting into, and where to find the partitions
	setenv bootargs "board=WNR2000 console=ttyS0,115200 mtdparts=spi0.0:256k(u-boot)ro,64k(u-boot-env)ro,3712k(firmware),64k(art)ro rootfstype=squashfs,jffs2 noinitrd"

	# Tell u-boot where to find the uImage
	setenv bootcmd "bootm 0xbf2a0000"

	# Tell u-boot to save parameters to the u-boot-env partitions
	saveenv

	# Reset the board
	reset

Tested on:

- WNR2000v1 board.
- Initial flash works.

Known bugs:

- I don't know why factory image doesn't work on initial flash on stock
  firmware in u-boot recovery mode while it should.
- Sysupgrade does not yet work, if you do -f it will mess up your
  installation (requiring a reinstall of sqfs and uImage).

Signed-off-by: Huan Truong <htruong@tnhh.net>
2016-12-14 10:37:01 +01:00
Pavel Kubelun
94e4ee5395 net: ar8327: modify some configuration of switch
Imported from https://source.codeaurora.org/quic/qsdk/system/openwrt/commit/?h=korg/linux-3.4.y/release/arugula_bb_cs&id=2be4f8a8b205ae1a37db44839864451ebe893e6e
Signed-off-by: Pavel Kubelun <be.dissent@gmail.com>

Enable flow control of LAN and WAN ports to
get better performance.
Setup pvid as 0 for all ports during initialisation
to avoid confusion during system or switch INIT.
Disable PORT MAC before config MAC to avoid it work abnormal.
This change is for IR-054144, IR-057315.

Change-Id: I345f3dffa59ad3f97150e09692723da12a7b1067
Signed-off-by: Zou Shunxiang <shunxian@codeaurora.org>
Signed-off-by: xiaofeis <xiaofeis@codeaurora.org>
2016-12-01 15:47:43 +01:00
Pavel Kubelun
5a69f59602 net: ar8216: address security vulnerabilities in swconfig & ar8216
Imported from e1aaf7ec00%5E%21/#F0
Signed-off-by: Pavel Kubelun <be.dissent@gmail.com>

CHROMIUM: net: ar8216: address security vulnerabilities in swconfig & ar8216

This patch does the following changes:
*address the security vulnerabilities in both swconfig framework and in
 ar8216 driver (many bound check additions, and turned swconfig structure
 signed element into unsigned when applicable)
*address a couple of whitespaces and indendation issues

BUG=chrome-os-partner:33096
TEST=none

Change-Id: I94ea78fcce8c1932cc584d1508c6e3b5dfb93ce9
Signed-off-by: Mathieu Olivari <mathieu@codeaurora.org>
Reviewed-on: https://chromium-review.googlesource.com/236490
Reviewed-by: Toshi Kikuchi <toshik@chromium.org>
Commit-Queue: Toshi Kikuchi <toshik@chromium.org>
Tested-by: Toshi Kikuchi <toshik@chromium.org>
2016-12-01 15:47:43 +01:00
Pavel Kubelun
a3454d1929 net: ar8216: prevent device duplication in ar8xxx_dev_list
Import from fd7b89dd46%5E%21/#F0
Signed-off-by: Pavel Kubelun <be.dissent@gmail.com>

CHROMIUM: drivers: ar8216: prevent device duplication in ar8xxx_dev_list

If probe is called twice, once for PHY0 and a second time for PHY4,
the same switch device will be added twice to ar8xxx_dev_list, while
supposedly this list should have one element per hardware switch present
in the system.

While no negative impact have been observed, it does happen if a
platform instanciates these two PHYs from device-tree, as an example.

Change-Id: Iddcbdf7d4adacb0af01975b73f8e56b4582e894e
Signed-off-by: Mathieu Olivari <mathieu@codeaurora.org>
Reviewed-on: https://chromium-review.googlesource.com/234790
Reviewed-by: Matthias Kaehlcke <mka@chromium.org>
Reviewed-by: Toshi Kikuchi <toshik@chromium.org>
Tested-by: Toshi Kikuchi <toshik@chromium.org>
2016-12-01 15:47:43 +01:00
Pavel Kubelun
eb049d3777 net: ar8216: hold ar8xxx_dev_list_lock during use_count--
Import from c3fd96a7b8%5E%21/#F0
Signed-off-by: Pavel Kubelun <be.dissent@gmail.com>

CHROMIUM: drivers: ar8216: hold ar8xxx_dev_list_lock during use_count--

It is possible for the remove() callback to run twice in parallel, which
could result into --use_count returning only 1 in both cases and the
rest of the unregistration path to never be reached.

This case has never been observed in practice, but we will fix
preventively to make the code more robust.

BUG=chrome-os-partner:33096
TEST=none

Change-Id: If09abe27fdb2037f514f8674418bafaab3cbdef6
Signed-off-by: Mathieu Olivari <mathieu@codeaurora.org>
Reviewed-on: https://chromium-review.googlesource.com/232870
Reviewed-by: Matthias Kaehlcke <mka@chromium.org>
Reviewed-by: Toshi Kikuchi <toshik@chromium.org>
Tested-by: Toshi Kikuchi <toshik@chromium.org>
2016-12-01 15:47:43 +01:00
Pavel Kubelun
65b20d8b64 net: ar8327: replace sprintf() by scnprintf()
Import from fd0c41c7b9%5E%21/#F0
Signed-off-by: Pavel Kubelun <be.dissent@gmail.com>

CHROMIUM: drivers: ar8216: replace sprintf() by scnprintf()

BUG=chrome-os-partner:33096
TEST=none

Change-Id: Ib82035c9f2769a86d3e90f9573a09e5700ff5676
Signed-off-by: Mathieu Olivari <mathieu@codeaurora.org>
Reviewed-on: https://chromium-review.googlesource.com/232829
Reviewed-by: Matthias Kaehlcke <mka@chromium.org>
Tested-by: Toshi Kikuchi <toshik@chromium.org>
Reviewed-by: Toshi Kikuchi <toshik@chromium.org>
2016-12-01 15:47:43 +01:00
Pavel Kubelun
9aa734f8f5 net: ar8327: remove unnecessary spinlocks
Import from 541c15f8dd%5E%21/#F0
Signed-off-by: Pavel Kubelun <be.dissent@gmail.com>

CHROMIUM: drivers: ar8216: remove unnecessary spinlocks

BUG=chrome-os-partner:33096
TEST=none

Change-Id: Ia1b51258504501863fd3298717cc923a1baf34ca
Signed-off-by: Mathieu Olivari <mathieu@codeaurora.org>
Reviewed-on: https://chromium-review.googlesource.com/232828
Reviewed-by: Matthias Kaehlcke <mka@chromium.org>
Reviewed-by: Toshi Kikuchi <toshik@chromium.org>
Tested-by: Toshi Kikuchi <toshik@chromium.org>
2016-12-01 15:47:43 +01:00
Pavel Kubelun
7de8d5322e net: ar8216: sync mib_work cancellation
Import from c05af20272
Signed-off-by: Pavel Kubelun <be.dissent@gmail.com>

CHROMIUM: drivers: ar8216: sync mib_work cancellation

ar8xxx_mib_stop() is called from ar8xxx_phy_remove(), so we want to make
sure the work doesn't run after priv is freed / the device ceases to
exist.

BUG=chrome-os-partner:33096
TEST=none

Change-Id: Iafb44ce93a87433adc4576e5fea5fda58d1f43a9
Signed-off-by: Mathieu Olivari <mathieu@codeaurora.org>
Reviewed-on: https://chromium-review.googlesource.com/232827
Reviewed-by: Matthias Kaehlcke <mka@chromium.org>
Reviewed-by: Toshi Kikuchi <toshik@chromium.org>
Reviewed-by: Grant Grundler <grundler@chromium.org>
Tested-by: Toshi Kikuchi <toshik@chromium.org>
2016-12-01 15:47:43 +01:00
Mathias Kresin
369317ce48 kernel: rtl8367(b): fix build error
Fix build on targets not using CONFIG_MODULE_STRIPPED.

Neither RTL8367_DRIVER_DESC nor RTL8367B_DRIVER_DESC are defined
anywhere. It worked for targets using CONFIG_MODULE_STRIPPED since our
module stripper no-ops the various module info macros.

Signed-off-by: Mathias Kresin <dev@kresin.me>
2016-11-19 17:57:04 +01:00
Matthias Schiffer
fa845e9978
ath9k: add support for the HSR tuner of the Ubiquiti UAP Outdoor+
Without setting the HSR to the selected channel, the WLAN of the UAP
Outdoor+ will exhibit high packet loss in RX.

Based-on-patch-by: Stefan Rompf <stefan@loplof.de>
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
2016-11-15 18:54:06 +01:00
Mathias Kresin
e7c019c24d mac80211: rt2x00: fold patches
The patch 615-rt2x00-fix_20mhz_clk.patch fixes code introduced by
611-rt2x00-rf_vals-rt3352-xtal20.patch and makes the the platform data
property clk_is_20mhz obsolete.

Signed-off-by: Mathias Kresin <dev@kresin.me>
2016-11-09 20:02:18 +01:00
Stijn Tintel
136319e72d kernel: mtdsplit: add support for WRGG images
Support splitting WRGG images, found in some D-Link devices (e.g.
DAP-2695).

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Acked-by: John Crispin <john@phrozen.org>
2016-10-27 01:50:42 +03:00
Rafał Miłecki
d0b50c2770 kernel: drop usbdev LED trigger
It was LEDE's trigger that was replaced by upstream usbport one.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2016-10-19 12:09:45 +02:00
Christian Lamparter
e9455c561d generic: ar8216: improve ar8xxx_is_possible check
The commit "generic: ar8216: add sanity check to ar8216_probe"
(774da6c7a4) stated that PHY IDs
should be checked at address 0-4. However, the PHY 4 was
never check by the loop. This patch extends the check to be
similar to the Atheors SDK. It tries all 4 ports and skips
unconnected PHYs if necessary. If it cannot find any familiar
PHYs, it will prevent the phy driver from initializing.

This patch is necessary for the C-60. It doesn't have a
PHY at port 3, so this caused the check in ar8xxx_is_possible
to fail. As a result, the ethernet ports on the C-60 didn't
work.

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2016-10-15 11:36:50 +02:00
Mathias Kresin
634d690d74 kernel: mtdsplit_uimage: fix Edimax parser
According to the author the code was added to in preparation for adding
support for a new board. The patch for the board was never send and the
code never really tested.

The edimax header starting with the edimax magic is put in front of the
uImage header. There is no special uImage header used. Means, default
magic and the type field is set to kernel as usual.

Signed-off-by: Mathias Kresin <dev@kresin.me>

edimax parser fix
2016-10-15 09:01:45 +02:00
Mathias Kresin
35073d47bb kernel: mtdsplit_uimage: fix rootfs offset
The return value of the find_header function need to be added to the
uimage_size, otherwise mtd_find_rootfs_from() might search for a rootfs
within a custom header and fails.

Signed-off-by: Mathias Kresin <dev@kresin.me>
2016-10-15 09:01:45 +02:00
Jonas Gorski
167763837b mvsw61xx: enable SerDes on 6176 if required
If the cpu port is connected through SGMII we need to enable SerDes for
it to work.

Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
Acked-by: Felix Fietkau <nbd@nbd.name>
2016-09-26 13:04:04 +02:00
Jonas Gorski
92dcaecee3 mvsw61xx: reset phys on probe to enable switch ports on clearfog pro
The clearfog u-boot does not initialize the switch at all, so we need to
power up the phys ourselves.

Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
Acked-by: Felix Fietkau <nbd@nbd.name>
2016-09-26 13:03:58 +02:00
Christian Lamparter
e9401a2335 kernel: owl-loader for delayed Atheros ath9k fixup
Some devices (like the Cisco Meraki Z1 Cloud Managed Teleworker Gateway)
need to be able to initialize the PCIe wifi device. Normally, this is done
during the early stages of booting linux, because the necessary init code
is read from the memory mapped SPI and passed to pci_enable_ath9k_fixup.
However,this isn't possible for devices which have the init code for the
Atheros chip stored on NAND in an UBI volume. Hence, this module can be
used to initialze the chip when the user-space is ready to extract the
init code.

Martin Blumenstingl made a few fixes and added support for lantiq:
kernel: owl-loader: add support for OWL emulation PCI devices
kernel: owl-loader: don't re-scan the bus when ath9k_pci_fixup failed
kernel: owl-loader: use dev_* instead of pr_* logging functions
kernel: owl-loader: auto-generate the eeprom filename as fallback
kernel: owl-loader: add a debug message when swapping the eeprom data
kernel: owl-loader: add missing newlines in log messages
kernel: owl-loader: add support for the lantiq platform

These patches have been integrated. Thanks!

Signed-off-by: Martin Blumenstingl <martin.blumenstingl@googlemail.com>
Signed-off-by: Christian Lamparter <chunkeey@googlemail.com>
2016-09-19 19:32:35 +02:00
Rafał Miłecki
8072223347 kernel: b53: force BCM531x5 port 5 link state if enabled
Some devices (e.g. Tenda AC9 based on BCM47189B0) have BCM53125 with
port 5 connected to the second Ethernet interface on the SoC. In such
case there is no PHY and we need to force link manually.

This assumes port 5 can be marked as enabled for such devices. It's not
implemented yet unfortunately.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2016-09-08 23:03:46 +02:00
John Crispin
99a1888287 swconfig: revert the portmapping patches, they seem to cause a segfault
Revert "kernel/swconfig: remove obsolete portmapping feature from swconfig"

This reverts commit 675407baa4.

Revert "swconfig: remove obsolete portmapping feature"

This reverts commit fca1eb349e.

Signed-off-by: John Crispin <john@phrozen.org>
2016-08-16 10:20:01 +02:00
John Crispin
675407baa4 kernel/swconfig: remove obsolete portmapping feature from swconfig
Signed-off-by: John Crispin <john@phrozen.org>
2016-08-15 15:18:35 +02:00
Mathias Kresin
7f22580078 kernel: adm6996: set carrier status
Due to the missing carrier status set, the interface wasn't usable on a
BTHOMEHUB2B after ip link down and up as it is done in preinit.

Signed-off-by: Mathias Kresin <dev@kresin.me>
2016-08-10 03:04:08 +02:00
Felix Fietkau
577f873daf kernel: remove unused morse led trigger driver
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-08-04 20:53:02 +02:00
Felix Fietkau
ea6a3be62e kernel: silence a false positive uninitialized variable warning
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-08-01 09:52:17 +02:00
Rafał Miłecki
846eca673f b53: allow ports with higher numbers than CPU port
Our code was assuming CPU port uses the highest number. My BCM53573
device has eth0 connected to port 8 and eth1 connected to port 5. While
working on support for it I tried to:
1) Enable all ports (including port 8)
2) Set CPU port to 5

I noticed port 8 is not accessible anymore. It was just a development
process but it seems like something worth fixing anyway.

Signed-off-by: Rafał Miłecki <zajec5@gmail.com>
Acked-by: Jonas Gorski <jonas.gorski@gmail.com>
2016-07-24 06:38:30 +02:00
Felix Fietkau
8fb89f7e73 ledtrig-usbdev: fix duplicate match detection
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-07-23 10:30:45 +02:00
Rafał Miłecki
5ea8756766 ledtrig-usbdev: use upstream function for iterating USB devices
This will allow us to drop LEDE patch adding usb_find_device_by_name.

Signed-off-by: Rafał Miłecki <zajec5@gmail.com>
2016-07-20 10:13:50 +02:00
Rafał Miłecki
cf6d9d97fb kernel: rename B53 symbols to avoid upstream kernel conflict
In kernel 4.7 there is upstreamed b53 driver using (mostly?) the same
symbols as our b53 does. Change our symbols so both drivers can coexist
in kernel tree.

Signed-off-by: Rafał Miłecki <zajec5@gmail.com>
Acked-by: Jonas Gorski <jonas.gorski@gmail.com>
2016-06-20 08:00:14 +02:00
Rafał Miłecki
1aca291214 kernel: mtdsplit: calculate kernel partition precisely for Seama
So far "kernel" partition didn't contain just a kernel. It also included
Seama header and meta data. This was making kernel update complex and it
wasn't trivial to read kernel size.
Fix it by making "kernel" parition contain just a kernel image.

Signed-off-by: Rafał Miłecki <zajec5@gmail.com>
2016-06-20 07:58:29 +02:00
Felix Fietkau
37cfc23cb7 kernel: require admin permissions for swconfig set operations
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-06-12 12:03:20 +02:00
Jo-Philipp Wich
442db0d6d8 kernel: deny swconfig set requests for unprivileged users
The swconfig kernel infrastructure fails to do any permissions checks when
changing settings. As such an ordinary user account on a device with a
switch can change switch settings without any special permissions.
Routers generally have few non-admin users so this isn't a big hole, but it
is a security hole. Likely the greatest danger is for multifunction devices
which have a lot of extra daemons, compromising a low-security daemon would
allow one to modify switch settings and cause the router/switch to appear to
lock-up (or cause other sorts of troublesome nyetwork behavior).

Implement a check for CAP_NET_ADMIN in swconfig_set_attr() and deny any
requests originating from user contexts lacking this capability.

Reported-by: Elliott Mitchell <ehem+openwrt@m5p.com>
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2016-06-11 00:53:19 +02:00