Yue Cao claims that current host rate limiting of challenge ACKS
(RFC 5961) could leak enough information to allow a patient attacker
to hijack TCP sessions. He will soon provide details in an academic
paper.
Backports upstream commit 75ff39ccc1bd5d3c455b6822ab09e533c551f758
to the used LEDE kernel versions.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Check memblock regions for sufficient size before attempting to use
them. Allow checks for multiple memblock regions until a suitable one is
found.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
With that patch in place for initramfs no additional options are
reported for "/" partition. What's really important is missing
info about sizes. Which in its turn makes opkg think that there's
no space on "/" partition to install software.
I understand that's a sort of corner-case, people rarely install
packages on ramfs but anyways why not?
Just in case that's what I see with the patch:
---------------------->8--------------------
root@lede:/# cat /proc/mounts
rootfs / rootfs rw 0 0
proc /proc proc rw,nosuid,nodev,noexec,noatime 0 0
sysfs /sys sysfs rw,nosuid,nodev,noexec,noatime 0 0
tmpfs /tmp tmpfs rw,nosuid,nodev,noatime 0 0
tmpfs /dev tmpfs rw,nosuid,relatime,size=512k,mode=755 0 0
devpts /dev/pts devpts rw,nosuid,noexec,relatime,mode=600 0 0
debugfs /sys/kernel/debug debugfs rw,noatime 0 0
---------------------->8--------------------
And without:
---------------------->8--------------------
root@lede:/# cat /proc/mounts
rootfs / rootfs rw,size=256168k,nr_inodes=32021 0 0
proc /proc proc rw,nosuid,nodev,noexec,noatime 0 0
sysfs /sys sysfs rw,nosuid,nodev,noexec,noatime 0 0
tmpfs /tmp tmpfs rw,nosuid,nodev,noatime 0 0
tmpfs /dev tmpfs rw,nosuid,relatime,size=512k,mode=755 0 0
devpts /dev/pts devpts rw,nosuid,noexec,relatime,mode=600 0 0
debugfs /sys/kernel/debug debugfs rw,noatime 0 0
---------------------->8--------------------
Note how different is entry for rootfs.
And given there's no known rationale for that patch we're
getting rid of it.
Signed-off-by: Alexey Brodkin <abrodkin@synopsys.com>
Cc: Jonas Gorski <jonas.gorski@gmail.com>
Cc: Rafał Miłecki <zajec5@gmail.com>
Cc: John Crispin <john@phrozen.org>
Cc: Felix Fietkau <nbd@nbd.name>
This is required to update bcma without build breakage. One of bcma
patches changes BCMA_SFLASH dependency.
Signed-off-by: Rafał Miłecki <zajec5@gmail.com>
On UBI-enabled devices using squashfs as their rootfs an error
message like
UBIFS error (ubi0:3 pid 1): init_constants_early: too few LEBs (12), min. is 17
was thrown while probe-mounting the rootfs which later on succeeds and
thus shouldn't alert the user.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Instead of disabling unwinding entirely this upstream patch
just disables generation of async unwind tables.
Once the patch in question lands in stable 4.4 tree this change
essentially must be removed (otherwise patch application will fail).
Signed-off-by: Alexey Brodkin <abrodkin@synopsys.com>
When USB Wi-Fi dongle based on Atheros AR9271 is connected to OHCI
(USB 1.1) controller following warnings flood debug console:
------------------------>8---------------------------
usb 1-1: new full-speed USB device number 2 using ohci-platform
usb 1-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
usb 1-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
------------[ cut here ]------------
WARNING: CPU: 0 PID: 4 at drivers/usb/core/urb.c:450
usb_submit_urb+0x162/0x404
usb 1-1: BOGUS urb xfer, pipe 1 != type 3
Modules linked in:
CPU: 0 PID: 4 Comm: kworker/0:0 Not tainted 4.6.3 #10
Workqueue: events request_firmware_work_func
Stack Trace:
arc_unwind_core.constprop.1+0x94/0x10c
---[ end trace 2249b79eac9991d1 ]---
------------[ cut here ]------------
WARNING: CPU: 0 PID: 4 at drivers/usb/core/urb.c:450 usb_submit_urb+0x162/0x404
usb 1-1: BOGUS urb xfer, pipe 1 != type 3
Modules linked in:
CPU: 0 PID: 4 Comm: kworker/0:0 Tainted: G W 4.6.3 #10
Workqueue: events request_firmware_work_func
Stack Trace:
arc_unwind_core.constprop.1+0x94/0x10c
---[ end trace 2249b79eac9991d2 ]---
------------[ cut here ]------------
WARNING: CPU: 0 PID: 4 at drivers/usb/core/urb.c:450 usb_submit_urb+0x162/0x404
usb 1-1: BOGUS urb xfer, pipe 1 != type 3
Modules linked in:
CPU: 0 PID: 4 Comm: kworker/0:0 Tainted: G W 4.6.3 #10
Workqueue: events request_firmware_work_func
Stack Trace:
arc_unwind_core.constprop.1+0x94/0x10c
---[ end trace 2249b79eac9991d3 ]---
...
------------------------>8---------------------------
With removed warning Wi-Fi dongle works properly.
Even though this is not the best solution it gets us a working Wireless
AP. Anyways new discussion was started in linux-usb mailing list to find
a proper solution instead of that hack.
Signed-off-by: Alexey Brodkin <abrodkin@synopsys.com>
The kernel config option CONFIG_NET_UDP_TUNNEL is not visible and can
not directly be activated. When kmod-udptunnel4 or kmod-udptunnel6 are
build these packages could be empty when no other kernel module selects
CONFIG_NET_UDP_TUNNEL.
Reported-by: Baptiste Jonglez <baptiste@bitsofnetworks.org>
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
This patch is a backport for current LEDE 4.4 Kernels.
It is already upstream, for linux-next and stable.
The initial commit message is below:
The bridge is falsly dropping ipv6 mulitcast packets if there is:
1. No ipv6 address assigned on the brigde.
2. No external mld querier present.
3. The internal querier enabled.
When the bridge fails to build mld queries, because it has no
ipv6 address, it slilently returns, but keeps the local querier enabled.
This specific case causes confusing packet loss.
Ipv6 multicast snooping can only work if:
a) An external querier is present
OR
b) The bridge has an ipv6 address an is capable of sending own queries
Otherwise it has to forward/flood the ipv6 multicast traffic,
because snooping cannot work.
This patch fixes the issue by adding a flag to the bridge struct that
indicates that there is currently no ipv6 address assinged to the bridge
and returns a false state for the local querier in
__br_multicast_querier_exists().
Special thanks to Linus Lüssing.
Signed-off-by: Daniel Danzberger <daniel@dd-wrt.com>
This patch is already included in the Linux mainline kernel since
v3.15, remove it from LEDE, see the lines directly before this patch.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
This patch was introduced in commit r16412 for the brcm47xx target only
and then moved to generic in commit r32395. It was initially added
because of ticket #5186 and should fix some problems with fuse file
systems and MIPS caches. The commit comment in r32395 says that this a
generic problem in MIPS CPUs, but does not name any specifics about
that. There was a fix added to kernel 2.6.21 in commit commit
7575a49f20 "[MIPS] Implement flush_anon_page()." that should fix this
problem, but that was already available before both commits were done
to OpenWrt.
I just tested fuse with ntfs.3g without this patch on a BCM4704
(BMIPS3300 V0.6) SoC and haven't seen any problems. Someone reported
that removing this patch improves some fuse operations by 5 times on
some modern MIPS cores.
My test was only a simple "dd if=/dev/zero of=/mnt/zero bs=5000" to an
USB stick.
This patch removes the patch to OpenWrt, because I assume that it is
not needed any more and Felix, the orginal author, also thinks so.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
In the upstream kernel and the upstream squashfs4 tools the xz
compression header looks the following:
struct disk_comp_opts {
__le32 dictionary_size;
__le32 flags;
};
We added some other members and also moved some existing members. Place
the members which are already in upstream header at the same position
as in that kernel and add our own at the end. The kernel should not
have a problem when there are some additional members and just ignore
them.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
In kernel 4.7 there is upstreamed b53 driver using (mostly?) the same
symbols as our b53 does. Change our symbols so both drivers can coexist
in kernel tree.
Signed-off-by: Rafał Miłecki <zajec5@gmail.com>
Acked-by: Jonas Gorski <jonas.gorski@gmail.com>
Despite the MS_SILENT flag being set when probing for ubifs rootfs a
logline indicating an error is generated during boot:
UBIFS error (pid: 1): cannot open "ubi0:rootfs", error -19
This leads to confusion and there shouldn't be lines containing
the word 'error' twice in a bootlog if actually everything is fine
(just the rootfs happens to be something else than ubifs)
The patch added has been submitted and was accepted upstream, see:
http://lists.infradead.org/pipermail/linux-mtd/2016-June/068056.htmlhttp://patchwork.ozlabs.org/patch/637491
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
This can be used to prevent double compression for platforms where the
boot loader already expects compressed images.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
OpenWRT changed the default fq_codel sch->limit from 10240 to 1024,
without also adjusting q->flows_cnt. Eric Dumazet explains below that
you must also adjust the buckets (q->flows_cnt) for this not to break.
Eric explains: Limit of 1024 packets and 1024 flows is not wise I think.
(If all buckets are in use, each bucket has a virtual queue of 1 packet,
which is almost the same than having no queue at all)
I suggest to have at least 8 packets per bucket, to let Codel have a
chance to trigger. So you could either reduce number of buckets to 128
(if memory is tight), or increase limit to 8192.
flows_cnt is now set to 1024/8=128
Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
Building for octeon fails with
'arch/mips/vdso/vdso-n32.so.dbg' already contains a '.MIPS.abiflags'
section
if the file already exists from a prior build.
Use the same workaround as the one for vdso.so.dbg committed in
9eb155353a.
Commit 91f205acaf extended the workaround
to cover vdso-o32.so.dbg but missed the vdso-n32.so.dbg which is added
now by this change.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Building for octeon fails with
'arch/mips/vdso/vdso-o32.so.dbg' already contains a '.MIPS.abiflags'
section
if the file already exists from a prior build.
Use the same workaround as the one for vdso.so.dbg committed in
9eb155353a.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Currently the build fails with
'arch/mips/vdso/vdso.so.dbg' already contains a '.MIPS.abiflags' section
if the file already exists from a prior build.
Add a makefile rule to force the rebuild of vdso.so.dbg if genvdso has
has been changed to workaround the failure.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
This enables misaligned access handling by software in Linux kernel.
With some wireless drivers (ath9k-htc and mt7601u for example) we see
misaligned accesses here and there and to cope with that without
fixing stuff in the drivers we're just gracefully handling it on ARC.
Signed-off-by: Alexey Brodkin <abrodkin@synopsys.com>
SVN-Revision: 49134
The function memblock_insert_region() is in the section
__init_memblock, also put crashlog_init_memblock there.
This fixes this section mismatch warning:
The function memblock_insert_region.isra.1() references
the function __meminit crashlog_init_memblock().
This is often because memblock_insert_region.isra.1 lacks a __meminit
annotation or the annotation of crashlog_init_memblock is wrong.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
SVN-Revision: 48931
The vdso version of this function has some problems with the cache.
Very often it works on dated data which causes problem. We are
currently working on fixing this in upstream Linux kernel.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
SVN-Revision: 48787
This reverts commit r48335
The workaround is incomplete and cannot cover all possible cases. The
only real solution to this problem is to disable this feature on
ARM11MPcore entirely.
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
SVN-Revision: 48460
Given those patches are relevant to any ARC platform and even
ISA version it makes perfect sense for patches to exist
in one place instead of being duplicated for each new ARC-based ASIC.
Note this is a prerequisite for upstreaming of ARC HS38 support in
OpenWRT.
Signed-off-by: Alexey Brodkin <abrodkin@synopsys.com>
Cc: Felix Fietkau <nbd@openwrt.org>
Cc: Jo-Philipp Wich <jow@openwrt.org>
Cc: Jonas Gorski <jogo@openwrt.org>
SVN-Revision: 48241
This removes one patch which was applied upstream with commit
67b9bcd36906e12a15ffec19463afbbd6a41660e. All other patches were
refreshed.
Signed-off-by: Martin Blumenstingl <martin.blumenstingl@googlemail.com>
SVN-Revision: 48203
It was never tested, most likely not working (because of le32_to_cpu)
and not upstreamed.
Signed-off-by: Rafał Miłecki <zajec5@gmail.com>
SVN-Revision: 48060
All supported kernels require patching ledtrig-netdev in the same way,
so it's safe to just move these changes to the base version of this
driver. We needed these patches for some old kernels 2.6.36 and 3.11.
Signed-off-by: Rafał Miłecki <zajec5@gmail.com>
SVN-Revision: 47962
This replaces old bcm53xx patch for scanning whole flash and makes
bcm47xxpart compatible with NAND.
Signed-off-by: Rafał Miłecki <zajec5@gmail.com>
SVN-Revision: 47800
Now that IPV6 isn't build as a module anymore, we don't need to decouple
bridge from ipv6 anymore.
Signed-off-by: Jonas Gorski <jogo@openwrt.org>
SVN-Revision: 47751
In old days mtd_add_partition was checking for partitions overlapping
which was breaking our splitting feature. We had to modify this function
by adding an extra bool dup_check parameter. Upstream commit:
3a434f66e6da ("mtd: part: Remove partition overlap checks")
removed that check so we don't need our modification anymore.
Signed-off-by: Rafał Miłecki <zajec5@gmail.com>
SVN-Revision: 47748
For a long time we have a dedicated firmware splitter for uimage as a
replacement for the one builtin into mtd subsystem. For a year we got a
proper warning for users sticking to the old one (r43700). It should be
really safe to drop it now, especially since we do it for 4.4 only.
Signed-off-by: Rafał Miłecki <zajec5@gmail.com>
SVN-Revision: 47747