GitLab

Fixes the following security vulnerabilities:

CVE-2017-8890
The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the
Linux kernel through 4.10.15 allows attackers to cause a denial of service
(double free) or possibly have unspecified other impact by leveraging use
of the accept system call.

CVE-2017-9074
The IPv6 fragmentation implementation in the Linux kernel through 4.11.1
does not consider that the nexthdr field may be associated with an invalid
option, which allows local users to cause a denial of service (out-of-bounds
read and BUG) or possibly have unspecified other impact via crafted socket
and send system calls.

CVE-2017-9075
The sctp_v6_create_accept_sk function in net/sctp/ipv6.c in the Linux kernel
through 4.11.1 mishandles inheritance, which allows local users to cause a
denial of service or possibly have unspecified other impact via crafted
system calls, a related issue to CVE-2017-8890.

CVE-2017-9076
The dccp_v6_request_recv_sock function in net/dccp/ipv6.c in the Linux
kernel through 4.11.1 mishandles inheritance, which allows local users to
cause a denial of service or possibly have unspecified other impact via
crafted system calls, a related issue to CVE-2017-8890.

CVE-2017-9077
The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c in the Linux kernel
through 4.11.1 mishandles inheritance, which allows local users to cause a
denial of service or possibly have unspecified other impact via crafted
system calls, a related issue to CVE-2017-8890.

CVE-2017-9242
The __ip6_append_data function in net/ipv6/ip6_output.c in the Linux kernel
through 4.11.3 is too late in checking whether an overwrite of an skb data
structure may occur, which allows local users to cause a denial of service
(system crash) via crafted system calls.

Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8890
Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9074
Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9075
Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9076
Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9077
Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9242
Ref: https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.31

Signed-off-by: Jo-Philipp Wich <jo@mein.io>

The previous commit f4a4f324

 ("kernel: update kernel 4.4 to
4.4.71") missed the line which changes the kernel version, add it now.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>

Fixes the following security vulnerabilities:

CVE-2017-8890
The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the
Linux kernel through 4.10.15 allows attackers to cause a denial of service
(double free) or possibly have unspecified other impact by leveraging use
of the accept system call.

CVE-2017-9074
The IPv6 fragmentation implementation in the Linux kernel through 4.11.1
does not consider that the nexthdr field may be associated with an invalid
option, which allows local users to cause a denial of service (out-of-bounds
read and BUG) or possibly have unspecified other impact via crafted socket
and send system calls.

CVE-2017-9075
The sctp_v6_create_accept_sk function in net/sctp/ipv6.c in the Linux kernel
through 4.11.1 mishandles inheritance, which allows local users to cause a
denial of service or possibly have unspecified other impact via crafted
system calls, a related issue to CVE-2017-8890.

CVE-2017-9076
The dccp_v6_request_recv_sock function in net/dccp/ipv6.c in the Linux
kernel through 4.11.1 mishandles inheritance, which allows local users to
cause a denial of service or possibly have unspecified other impact via
crafted system calls, a related issue to CVE-2017-8890.

CVE-2017-9077
The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c in the Linux kernel
through 4.11.1 mishandles inheritance, which allows local users to cause a
denial of service or possibly have unspecified other impact via crafted
system calls, a related issue to CVE-2017-8890.

CVE-2017-9242
The __ip6_append_data function in net/ipv6/ip6_output.c in the Linux kernel
through 4.11.3 is too late in checking whether an overwrite of an skb data
structure may occur, which allows local users to cause a denial of service
(system crash) via crafted system calls.

Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8890
Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9074
Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9075
Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9076
Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9077
Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9242
Ref: https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.71

Signed-off-by: Jo-Philipp Wich <jo@mein.io>

Build broke as distributions now include Perl 5.26 and automake
triggered an "Unescaped left brace in regex" error.
Import upstream commit 13f00eb449 to fix that.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>

Error is:
```
ompile-loc2c.o compile-c-support.o inflow.o    init.o \
	  ../sim/ppc/libsim.a -lreadline ../opcodes/libopcodes.a ../bfd/libbfd.a -L./../zlib -lz  ../libiberty/libiberty.a ../libdecnumber/libdecnumber.a    -lncurses -lm     ../libiberty/libiberty.a  build-gnulib/import/libgnu.a  -ldl -Wl,--dynamic-list=./proc-service.list
../sim/ppc/libsim.a(idecode.o): In function `update_time_from_event':
idecode.c:(.text+0x170): undefined reference to `error'
../sim/ppc/libsim.a(idecode.o): In function `event_queue_tick':
idecode.c:(.text+0x1cc): undefined reference to `error'
idecode.c:(.text+0x28c): undefined reference to `error'
idecode.c:(.text+0x318): undefined reference to `error'
../sim/ppc/libsim.a(idecode.o): In function `cpu_halt.constprop.6':
idecode.c:(.text+0x398): undefined reference to `error'
../sim/ppc/libsim.a(idecode.o):idecode.c:(.text+0x4e4): more undefined references to `error' follow
collect2: error: ld returned 1 exit status
Makefile:1420: recipe for target 'gdb' failed
make[5]: *** [gdb] Error 1
```

Seems others are running into this as well.
The problem seems to be that some code may be built
as C++ and not C, which may explain the linker error.

On this thread reply:
   https://sourceware.org/ml/gdb/2016-11/msg00045.html
it mentions that the simulator should not call GDB's
"error" function directly, but rather use the "host_callback"
struct.

I have no idea about the use of the GDB simulator within
the OpenWrt/LEDE community.

So, I took the easier route, which is to disable the simulator.
(Also suggested here: https://sourceware.org/ml/gdb/2016-11/msg00047.html

 )

If needed, I can make an effort to fix the simulator for PPC.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>

Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>

There are no CONFIG_ZONE_DMA_FLAG config symbol since 4.7.
Signed-off-by: Sergey Ryazanov <ryazanov.s.a@gmail.com>

CONFIG_SG_POOL symbol is selected only by CONFIG_SCSI, since the last
one is disabled by default then disable CONFIG_SG_POOL by default too.
And explicitly enable it only for platforms that use CONFIG_SCSI.
Signed-off-by: Sergey Ryazanov <ryazanov.s.a@gmail.com>

Add HAVE_IRQ_EXIT_ON_IRQ_STACK kernel configuration symbol that was
missed during backporting separate IRQ stack for MIPS from upstream.
Signed-off-by: Sergey Ryazanov <ryazanov.s.a@gmail.com>

Signed-off-by: Felix Fietkau <nbd@nbd.name>

Helps with system performance
Signed-off-by: Felix Fietkau <nbd@nbd.name>

Helps with network stack performance
Signed-off-by: Felix Fietkau <nbd@nbd.name>

It is used by pretty much every target
Signed-off-by: Felix Fietkau <nbd@nbd.name>

Update to version 2.02
Signed-off-by: Alif M. Ahmad <alive4ever@live.com>

Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com>

Commit 86c966a8

 caused HOST_LOADLIBES to
include -lncurses. This was added for fixing build issues on macOS.
This introduces issues on Linux when wide-character ncurses is being
used for compiling, but the non-wide-character version is linked in.

Fix this by adding the extra override for HOST_LOADLIBES only on macOS.
Signed-off-by: Felix Fietkau <nbd@nbd.name>

Signed-off-by: Felix Fietkau <nbd@nbd.name>

This allows packages to use kernel make options without the forced
-C $(LINUX_DIR). It also makes it more clear that it to be called from
kernel module packages directly.
Signed-off-by: Felix Fietkau <nbd@nbd.name>

add backport patches for older kernels.
Signed-off-by: Sergey Ryazanov <ryazanov.s.a@gmail.com>

PHY core treats any positive return value as the auto-negotiation done
indication. Since we do not actually check any device register in this
callback then update it to return positive value with a neutral meaning
instead of the register flag to avoid  confusing for future readers.
Signed-off-by: Sergey Ryazanov <ryazanov.s.a@gmail.com>

The Marvel 88E6060 switch has an MDIO interface, but does not emulate
regular PHY behavior for the host. The network core can not detect using
the generic code, whether the connection via the attached PHY can be
used or not. The PHY's state machine is stuck in a state of
auto-negotiation and does not go any further so the Ethernet interface
of the router stay forever in the not-runing state.

Fix this issue by implementing the aneg_done callback to be able to
inform the network core that the Ethernet interface link to which the
switch is connected can be marked as RUNNING.
Signed-off-by: Sergey Ryazanov <ryazanov.s.a@gmail.com>

Signed-off-by: Sven Roederer <devel-sven@geroedel.de>

Signed-off-by: Sergey Ryazanov <ryazanov.s.a@gmail.com>

Signed-off-by: Sergey Ryazanov <ryazanov.s.a@gmail.com>

Drop the own PHY polling function and switch to using the kernel PHY
state machine. This change allows driver to work correctly with devices
that do not support PHY behaviour but whose driver could emulate
autonegotiation completion (e.g. MV88E6060 and IP17xx switches).

NB: earlier this driver rely on flaws in PHY core code and could use PHY
device without really starting it. But now (at least in kernel 4.9)
this trick no more work and network interface could stuck in not-running
state.
Signed-off-by: Sergey Ryazanov <ryazanov.s.a@gmail.com>

Few tiny fixes for issues caused by changes in the upstream:
 - do not touch PHY IRQ array (core code initializes it itself now)
 - add missed SET_NETDEV_DEV() invocation (causes segfault during phy
   connection)
 - use phy API inside the MDIO probe function instead of direct field
   access (consider phy structure changes in upstream and prevent
   similar issues in the future)
Signed-off-by: Sergey Ryazanov <ryazanov.s.a@gmail.com>

Consider renaming the dev field to parent in the upstream.
Signed-off-by: Sergey Ryazanov <ryazanov.s.a@gmail.com>

Copy and refresh patches and config from 4.4
Signed-off-by: Sergey Ryazanov <ryazanov.s.a@gmail.com>

This patch adds support for the Ubiquiti EdgeRouter X-SFP and
improves support for the EdgeRouter X (PoE-passthrough).

Specification:
- SoC: MediaTek MT7621AT
- Flash: 256 MiB
- RAM: 265 MiB
- Ethernet: 5 x LAN (1000 Mbps)
- UART: 1 x UART on PCB (3.3V, RX, TX, GND) - 57600 8N1
- EdgeRouter X:
  - 1 x PoE-Passtrough (Eth4)
  - powered by Wallwart or passive PoE
- EdgeRouter X-SFP:
  - 5 x PoE-Out (24V, passive)
  - 1 x SFP (unknown status)
  - powered by Wallwart (24V)

Doesn't work:
* SoC has crypto engine but no open driver.
* SoC has nat acceleration, but no open driver.
* This router has 2MB spi flash soldered in but MT
  nand/spi drivers do not support pin sharing,
  so it is not accessable and disabled. Stock
  firmware could read it and it was empty.

Installation

via vendor firmware:
- build an Initrd-image (> 3MiB) and upload the factory-image
- initrd can have luci-mod-failsafe
- flash final firmware via LuCI / sysupgrade on rebooted system

via TFTP:
- stop uboot into tftp-load into option "1"
- upload factory.bin image
Signed-off-by: Sven Roederer <devel-sven@geroedel.de>

This change add IPQ40xx AP-DK04.1-C1 board image support,
enables ubi image for IPQ40xx AP-DK04.1-C1 board and also
add sysupgrage support for AP-DK04.1-C1 and generates a
sysupgrade.tar image.

Testing:
 *Tested on IPQ40xx AP-DK04.1-C1:
   a. NAND boot
   b. ubi sysupgrade
Signed-off-by: Ram Chandra Jangir <rjangir@codeaurora.org>

This change populates default values for various GPIO functions
in ipq40xx pinctrl driver.
Signed-off-by: Ram Chandra Jangir <rjangir@codeaurora.org>

x86 board.d only contains a case for the APU2, not the APU1. This
causes, for example, network configuration not to be created correctly.
Even though the APU1 seems to reaching EOL, there a still a lot of them
out there.

The APU1 and APU2 is configured in the same way and this patch should
also be considered for stable, as the error also exists there.
Signed-off-by: Kristian Evensen <kristian.evensen@gmail.com>

The kernel needs to have PERF_EVENTS built otherwise we will run into
the following:

root@(none):/# perf top
perf_event_open(..., PERF_FLAG_FD_CLOEXEC) failed with unexpected error
89 (Function not implemented)
perf_event_open(..., 0) failed unexpectedly with error 89 (Function not
implemented)
Error:
The sys_perf_event_open() syscall returned with 89 (Function not
implemented) for event (cycles).
/bin/dmesg may provide additional information.
No CONFIG_PERF_EVENTS=y kernel support configured?

Make sure this functional dependency is captured.
Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>

Fixes build failure on hosts that do not have mdadm
installed/configured:

make[3]: Entering directory
`/local/users/fainelli/openwrt/trunk/build_dir/target-mipsel-linux-gnu_glibc/mdadm-4.0'
***** Parent of /run/mdadm does not exist.  Maybe set different RUN_DIR=
*****  e.g. make RUN_DIR=/dev/.mdadm
***** or set CHECK_RUN_DIR=0
make[3]: *** [check_rundir] Error 1
make[3]: Leaving directory
`/local/users/fainelli/openwrt/trunk/build_dir/target-mipsel-linux-gnu_glibc/mdadm-4.0'
make[2]: ***
[/local/users/fainelli/openwrt/trunk/build_dir/target-mipsel-linux-gnu_glibc/mdadm-4.0/.built]
Error 2
make[2]: Leaving directory
`/local/users/fainelli/openwrt/trunk/package/utils/mdadm'
make[1]: *** [package/utils/mdadm/compile] Error 2
make[1]: Leaving directory `/local/users/fainelli/openwrt/trunk'
make: *** [package/mdadm/compile] Error 2

Fixes: 980c41f8

 ("utils/mdadm: Update to 4.0")
Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>

No need to keep this since we set them from device-tree.
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>

Now that we always provide these partitions through DT, we don't need to
pass their data through parser data from board files anymore.
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>

Now that we support problem the SPI controllers through DT, we can also
probe flash through DT.
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>

Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>

Allow the parser to be invoked from DT without fixed cfe/linux/nvram
partitions. This allows flash to be probed from DT also for multi
flash-size images.
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>

Register SPI controllers through device tree. We will wire up the clocks
at a later stage.
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>