- 18 Dec, 2018 40 commits
-
-
Koen Vandeputte authored
Refreshed all patches. Compile-tested on: cns3xxx, imx6 Runtime-tested on: cns3xxx, imx6 Signed-off-by:Koen Vandeputte <koen.vandeputte@ncentric.com>
-
Koen Vandeputte authored
Refreshed all patches. Compile-tested on: ar71xx Runtime-tested on: ar71xx Signed-off-by: -
Hauke Mehrtens authored
The cache coloring problem on MIPS CPUs was fixed with kernel 4.9.129 of the kernel 4.9 branch. Activate VDSO support for MIPS again. Signed-off-by:
Hauke Mehrtens <hauke@hauke-m.de> (backported from 91a71804)
-
Kevin Darbyshire-Bryant authored
33523a5 version: bump snapshot 0759480 curve25519-hacl64: reduce stack usage under KASAN b9ab0fc chacha20: add bounds checking to selftests 2e99d19 chacha20-mips32r2: reduce stack and branches in loop, refactor jumptable handling d6ac367 qemu: bump musl 28d8b7e crypto: make constant naming scheme consistent 56c4ea9 hchacha20: keep in native endian in words 0c3c0bc chacha20-arm: remove unused preambles 3dcd246 chacha20-arm: updated scalar code from Andy 6b9d5ca poly1305-mips64: remove useless preprocessor error 3ff3990 crypto-arm: rework KERNEL_MODE_NEON handling again dd2f91e crypto: flatten out makefile 67a3cfb curve25519-fiat32: work around m68k compiler stack frame bug 9aa2943 allowedips: work around kasan stack frame bug in selftest 317b318 chacha20-arm: use new scalar implementation b715e3b crypto-arm: rework KERNEL_MODE_NEON handling 77b07d9 global: reduce stack frame size ddc2bd6 chacha20: add chunked selftest and test sliding alignments and hchacha20 2eead02 chacha20-mips32r2: reduce jumptable entry size and stack usage a0ac620 chacha20-mips32r2: use simpler calling convention 09247c0 chacha20-arm: go with Ard's version to optimize for Cortex-A7 a329e0a chacha20-mips32r2: remove reorder directives 3b22533 chacha20-mips32r2: fix typo to allow reorder again d4ac6bb poly1305-mips32r2: remove all reorder directives 197a30c global: put SPDX identifier on its own line 305806d ratelimiter: disable selftest with KASAN 4e06236 crypto: do not waste space on selftest items 5e0fd08 netlink: reverse my christmas trees a61ea8b crypto: explicitly dual license b161aff poly1305: account for simd being toggled off midway 470a0c5 allowedips: change from BUG_ON to WARN_ON aa9e090 chacha20: prefer crypto_xor_cpy to avoid memmove 1b0adf5 poly1305: no need to trick gcc 8.1 a849803 blake2s: simplify final function 073f3d1 poly1305: better module description Signed-off-by:
Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk> (backported from 37961f12)
-
Jason A. Donenfeld authored
* blake2s-x86_64: fix whitespace errors * crypto: do not use compound literals in selftests * crypto: make sure UML is properly disabled * kconfig: make NEON depend on CPU_V7 * poly1305: rename finish to final * chacha20: add constant for words in block * curve25519-x86_64: remove useless define * poly1305: precompute 5*r in init instead of blocks * chacha20-arm: swap scalar and neon functions * simd: add __must_check annotation * poly1305: do not require simd context for arch * chacha20-x86_64: cascade down implementations * crypto: pass simd by reference * chacha20-x86_64: don't activate simd for small blocks * poly1305-x86_64: don't activate simd for small blocks * crypto: do not use -include trick * crypto: turn Zinc into individual modules * chacha20poly1305: relax simd between sg chunks * chacha20-x86_64: more limited cascade * crypto: allow for disabling simd in zinc modules * poly1305-x86_64: show full struct for state * chacha20-x86_64: use correct cut off for avx512-vl * curve25519-arm: only compile if symbols will be used * chacha20poly1305: add __init to selftest helper functions * chacha20: add independent self test Tons of improvements all around the board to our cryptography library, including some performance boosts with how we handle SIMD for small packets. * send/receive: reduce number of sg entries This quells a powerpc stack usage warning. * global: remove non-essential inline annotations We now allow the compiler to determine whether or not to inline certain functions, while still manually choosing so for a few performance-critical sections. Signed-off-by:
Jason A. Donenfeld <Jason@zx2c4.com> (backported from f07a94da)
-
Jason A. Donenfeld authored
* curve25519: arm: do not modify sp directly * compat: support neon.h on old kernels * compat: arch-namespace certain includes * compat: move simd.h from crypto to compat since it's going upstream This fixes a decent amount of compat breakage and thumb2-mode breakage introduced by our move to Zinc. * crypto: use CRYPTOGAMS license Rather than using code from OpenSSL, use code directly from AndyP. * poly1305: rewrite self tests from scratch * poly1305: switch to donna This makes our C Poly1305 implementation a bit more intensely tested and also faster, especially on 64-bit systems. It also sets the stage for moving to a HACL* implementation when that's ready. Signed-off-by:
-
Jason A. Donenfeld authored
* Kconfig: use new-style help marker * global: run through clang-format * uapi: reformat * global: satisfy check_patch.pl errors * global: prefer sizeof(*pointer) when possible * global: always find OOM unlikely Tons of style cleanups. * crypto: use unaligned helpers We now avoid unaligned accesses for generic users of the crypto API. * crypto: import zinc More style cleanups and a rearrangement of the crypto routines to fit how this is going to work upstream. This required some fairly big changes to our build system, so there may be some build errors we'll have to address in subsequent snapshots. * compat: rng_is_initialized made it into 4.19 We therefore don't need it in the compat layer anymore. * curve25519-hacl64: use formally verified C for comparisons The previous code had been proved in Z3, but this new code from upstream KreMLin is directly generated from the F*, which is preferable. The assembly generated is identical. * curve25519-x86_64: let the compiler decide when/how to load constants Small performance boost. * curve25519-arm: reformat * curve25519-arm: cleanups from lkml * curve25519-arm: add spaces after commas * curve25519-arm: use ordinary prolog and epilogue * curve25519-arm: do not waste 32 bytes of stack * curve25519-arm: prefix immediates with # This incorporates ASM nits from upstream review. Signed-off-by:
-
Jason A. Donenfeld authored
* send: switch handshake stamp to an atomic Rather than abusing the handshake lock, we're much better off just using a boring atomic64 for this. It's simpler and performs better. Also, while we're at it, we set the handshake stamp both before and after the calculations, in case the calculations block for a really long time waiting for the RNG to initialize. * compat: better atomic acquire/release backport This should fix compilation and correctness on several platforms. * crypto: move simd context to specific type This was a suggestion from Andy Lutomirski on LKML. * chacha20poly1305: selftest: use arrays for test vectors We no longer have lines so long that they're rejected by SMTP servers. * qemu: add easy git harness This makes it a bit easier to use our qemu harness for testing our mainline integration tree. * curve25519-x86_64: avoid use of r12 This causes problems with RAP and KERNEXEC for PaX, as r12 is a reserved register. * chacha20: use memmove in case buffers overlap A small correctness fix that we never actually hit in WireGuard but is important especially for moving this into a general purpose library. * curve25519-hacl64: simplify u64_eq_mask * curve25519-hacl64: correct u64_gte_mask Two bitmath fixes from Samuel, which come complete with a z3 script proving their correctness. * timers: include header in right file This fixes compilation in some environments. * netlink: don't start over iteration on multipart non-first allowedips Matt Layher found a bug where a netlink dump of peers would never terminate in some circumstances, causing wg(8) to keep trying forever. We now have a fix as well as a unit test to mitigate this, and we'll be looking to create a fuzzer out of Matt's nice library. Signed-off-by:
-
Jason A. Donenfeld authored
Changelog taken from the version announcement > == Changes == > > * chacha20poly1305: selftest: split up test vector constants > > The test vectors are encoded as long strings -- really long strings -- and > apparently RFC821 doesn't like lines longer than 998. > https://cr.yp.to/smtp/message.html > > * queueing: keep reference to peer after setting atomic state bit > > This fixes a regression introduced when preparing the LKML submission. > > * allowedips: prevent double read in kref > * allowedips: avoid window of disappeared peer > * hashtables: document immediate zeroing semantics > * peer: ensure resources are freed when creation fails > * queueing: document double-adding and reference conditions > * queueing: ensure strictly ordered loads and stores > * cookie: returned keypair might disappear if rcu lock not held > * noise: free peer references on failure > * peer: ensure destruction doesn't race > > Various fixes, as well as lots of code comment documentation, for a > small variety of the less obvious aspects of object lifecycles, > focused on correctness. > > * allowedips: free root inside of RCU callback > * allowedips: use different macro names so as to avoid confusion > > These incorporate two suggestions from LKML. > > This snapshot contains commits from: Jason A. Donenfeld and Jann Horn. Signed-off-by:
Yousong Zhou <yszhou4tech@gmail.com> (backported from 68e2ebe6)
-
Rosy Song authored
Signed-off-by:
Rosy Song <rosysong@rosinson.com> (backported from 2dc1f54b)
-
Rosy Song authored
Signed-off-by:
-
Florian Eckert authored
Signed-off-by:
Florian Eckert <fe@dev.tdt.de> Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [PKG_RELEASE increase] (backported from 61a59949)
-
Andy Walsh authored
* just use default host/install, so libs/headers get properly generated/installed Signed-off-by:
Andy Walsh <andy.walsh44+github@gmail.com> (backported from e0196152)
-
Andy Walsh authored
Signed-off-by:
-
David Yang authored
musl doesn't come with an valid implementation of `sched_getscheduler()`; it simply returns -ENOSYS for it. Without this option (and compile dante with `sched_getscheduler()` enabled), you will get error: serverinit(): sched_getscheduler(2): failed to retrieve current cpuscheduling policy: Function not implemented and dante won't start at all. Ref: http://lists.alpinelinux.org/alpine-devel/3932.html Ref: http://lists.alpinelinux.org/alpine-devel/3936.html Signed-off-by:David Yang <mmyangfl@gmail.com> [slightly reword commit message] Signed-off-by:
Jo-Philipp Wich <jo@mein.io> (backported from aaf46a8f)
-
Kevin Darbyshire-Bryant authored
kernel upstream commit 9efcaa7c4afba5628f2650a76f69c798f47eeb18 to 4.14 itself a backport of 0f02cfbc3d9e413d450d8d0fd660077c23f67eff has resolved the cache line issues that led to us disabling VDSO by default on MIPS. Remove our force disable patch: pending-4.14/206-mips-disable-vdso.patch Signed-off-by:
-
Tony Ambardar authored
Commit 7f694582 introduced a bug where default_postinst() often fails to remove a uci-defaults script after application, leaving it to run again after a reboot. (Note: commit 7f694582 also introduced FS#1021, now fixed by 73c745f6 ) The subtle problem arises from the shell logical chain: [ -f "$i" ] && . "$i" && rm -f "$i" Most uci-defaults scripts contain a terminal 'exit 0' statement which, when sourced, results in the logic chain exiting before executing 'rm -f'. This was observed while testing upgrades of 'luci-app-sqm'. The solution is to wrap the shell sourcing in a subshell relative to the command 'rm -f': ( [ -f "$i" ] && . "$i" ) && rm -f "$i" Revert to using 'grep' to prefilter the list of entries from the control file, which yields the full path of uci-defaults scripts. This allows keeping the existence check, directory change and script sourcing inside the subshell, with the script removal correctly outside. This approach avoids adding a second subshell only around the "." (source) command. The change also preserves the fix FS#1021, since the full path is used to source the script, which is POSIX-portable irrespective of PATH variable or reference to the CWD. Run Tested on: LEDE 17.01.4 running ar71xx, while tracing installation of package luci-app-sqm with its associated /etc/uci-defaults/luci-sqm file. Signed-off-by:
Tony Ambardar <itugrok@yahoo.com> (backported from 4097ab6a)
-
Konstantin Demin authored
ESED is SED with extended regular expressions turned on. Command line and usage are the same as for SED. Signed-off-by:
Konstantin Demin <rockdrilla@gmail.com> (backported from d3b43f49)
-
Jo-Philipp Wich authored
Signed-off-by:
-
Hauke Mehrtens authored
Backport an additional patch from 4.16 for nftables. This fixes a build problem recently introduced. Fixes: f57806b5 ("kernel: generic: Fix nftables inet table breakage") Signed-off-by:
-
Brett Mastbergen authored
Commit b7265c59 ("kernel: backport a series of netfilter cleanup patches to 4.14") added patch 302-netfilter-nf_tables_inet-don-t-use- multihook-infrast.patch. That patch switches the netfilter core in the kernel to use the new native NFPROTO_INET support. Unfortunately, the new native NFPROTO_INET support does not exist in 4.14 and was not backported along with this patchset. As such, nftables inet tables never see any traffic. As an example the following nft counter rule should increment for every packet coming into the box, but never will: nft add table inet foo nft add chain inet foo bar { type filter hook input priority 0\; } nft add rule inet foo bar counter This commit pulls in the required backport patches to add the new native NFPROTO_INET support, and thus restore nftables inet table functionality. Tested on Turris Omnia (mvebu) Fixes: b7265c59 ("kernel: backport a series of netfilter cleanup ...") Signed-off-by:
Brett Mastbergen <bmastbergen@untangle.com> (backported from f57806b5 ) (rebased patches) Signed-off-by:
-
Jonathan Lancett authored
Signed-off-by:
Jonathan Lancett <j.lancett@ntlworld.com> [minor tweak to commit title] Signed-off-by:
-
Hans Dedecker authored
Setting encaplimit to a numerical value results into the value being included as tunnel encapsulation limit in the destination option header for tunneled packets. Several users have reported interop issues as not all ISPs support the destination option header containing the tunnel encapsulation limit resulting into broken map connectivity. Therefore drop the default encaplimit value for map tunnels so no destination option header is included by default. Signed-off-by:
Hans Dedecker <dedeckeh@gmail.com> (backported from d9691b66)
-
Hans Dedecker authored
Setting encaplimit to a numerical value results into the value being included as tunnel encapsulation limit in the destination option header for tunneled packets. Several users have reported interop issues as not all ISPs support the destination option header containing the tunnel encapsulation limit resulting into broken ds-lite connectivity. Therefore drop the default encaplimit value for ds-lite tunnels so no destination option header is included by default. Signed-off-by:
-
Rosy Song authored
Signed-off-by:
-
Marko Ratkaj authored
On some systems (Gentoo) configure stage fails because of docbook2man working with SGML rather than with XML. We don't need xmlwf man pages so we disable this. Signed-off-by:
Marko Ratkaj <marko.ratkaj@sartura.hr> (backported from 6e80dd58)
-
Andy Walsh authored
* add missing 'rpcbind' alias to /etc/services Allows rpcbind to open its 111 port and be reachable via lan, this is the default behaviour. Signed-off-by:
-
Rosen Penev authored
Referencing the version instead of revision should fix uscan. Tested on Turria Omnia. Signed-off-by:
Rosen Penev <rosenp@gmail.com> (backported from a9aa25c8)
-
Rosen Penev authored
Patch was accepted upsteam: https://w1.fi/cgit/hostap/commit/?id=373c796948599a509bad71695b5b72eef003f661 Signed-off-by:
-
Yousong Zhou authored
When Package/xx/conffiles only contains directories that are empty at package time, conffiles.resolved will be missing and the following error messages will appear in the build log. /home/yousong/git-repo/openwrt/openwrt/scripts/ipkg-build -c -o 0 -g 0 /home/yousong/git-repo/openwrt/openwrt/build_dir/target-mips_24kc_musl/linux-malta_be/openvswitch-2.10.0/ipkg-mips_24kc/openvswitch-common /home/yousong/git-repo/openwrt/openwrt/bin/packages/mips_24kc/packages mv: cannot stat 'CONTROL/conffiles.resolved': No such file or directory chmod: cannot access 'CONTROL/conffiles': No such file or directory It will not break the ipkg-build process. The change is merely cosmetic to not cause confusion when reading logs Signed-off-by:
-
Yousong Zhou authored
The need arises from building Open vSwitch kernel datapath modules, e.g. - kmod-openvswitch from Linux upstream - kmod-openvswitch-intree from openvswitch source code where both provides virtual package "kmod-openvswitch" for userspace packages to select and depend on Signed-off-by:
-
Stijn Tintel authored
As of version 4.21, strace enforces mpers by default. The current implementation of aarch64 compat in strace assumes it's identical to ARMv7 EABI and therefore tries to enable m32 personality support. As there is no -m32 support on aarch64, this causes the build to fail. Restore previous strace behavior to fix build on aarch64. Signed-off-by:
Stijn Tintel <stijn@linux-ipv6.be> Tested-by:
Karl Palsson <karlp@tweak.net.au> (backported from 067e2f5f)
-
Hans Dedecker authored
881f66b odhcpd: detect broken hostnames 3e17fd9 config: fix odhcpd_attrs array size Signed-off-by:
-
Alexander Couzens authored
VARIANT:= got removed by accident. Fixes: 3838b169 ("hostapd: fix conflicts hell") Signed-off-by:
Alexander Couzens <lynxis@fe80.eu> (backported from 967d6460)
-
Felix Fietkau authored
Signed-off-by:
Felix Fietkau <nbd@nbd.name> (backported from 00f030a9)
-
Jo-Philipp Wich authored
OpenWrt used to ship hardcoded defaults for lcp-echo-failure and lcp-echo-interval in the non-uci /etc/ppp/options file. These values break uci support for *disabling* LCP echos through the use of "option keepalive 0" as either omitting the keepalive option or setting it to 0 will result in no lcp-echo-* flags getting passed to the pppd cmdline, causing the pppd process to revert to the defaults in /etc/ppp/options. Address this issue by letting the uci "keepalive" option default to the former hardcoded values "5, 1" and by removing the fixed lcp-echo-failure and lcp-echo-interval settings from the /etc/ppp/options files. Ref: https://github.com/openwrt/luci/issues/2112 Ref: https://dev.archive.openwrt.org/ticket/2373.html Ref: https://bugs.openwrt.org/index.php?do=details&task_id=854 Ref: https://bugs.openwrt.org/index.php?do=details&task_id=1259 Signed-off-by:
-
Paul Wassi authored
Set the window title not only in "xterm", but also in e.g. "xterm-256color", "xterm-color", etc. The case statement is taken from Debian / Ubuntu. Signed-off-by:
Paul Wassi <p.wassi@gmx.at> (backported from 1bd6b91e)
-
Tuomas Tynkkynen authored
WNDR3400v3 needs GPIO 21 pulled high to enable power to USB ports. Add a kernel patch to do that. Signed-off-by:
Tuomas Tynkkynen <tuomas.tynkkynen@iki.fi> (backported from 5dd74558)
-
Keith Wong authored
This adds support for BBR (Bottleneck Bandwidth and RTT) TCP congestion control. Applications (e.g. webservers, VPN client/server) which initiate connections from router side can benefit from this. This provide an easier way for users to use BBR by selecting / installing kmod-tcp-bbr instead of altering kernel config and compiling firmware by themselves. Signed-off-by:
Keith Wong <keithwky@gmail.com> (backported from 79c233da)
-
Daniel Engberg authored
Update libbsd to 0.8.7 Remove glibc dependency Clean up InstallDev and install entries Use /usr path for consistency Cherry pick patches from upstream to fix musl compilation Signed-off-by:
Daniel Engberg <daniel.engberg.lists@pyret.net> (backported from e341f459)
-
