Some targets deactivated CONFIG_SYN_COOKIES, for unknown reasons, use
the default setting from the generic configuration which activates
CONFIG_SYN_COOKIES.
This should prevent SYN flooding.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
This removes support for executing old 32 bit applications on 64 bit ARM
and MIPS kernels.
On OpenWrt we normally compile all the user space applications on our
own and do not support third party binary only modules especial not 32
bit applications on 64 bit CPUs.
This reduces the attack surface on such systems and should also save
some memory.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
This activates "Emulate Privileged Access Never using TTBR0_EL1
switching" on ARM64.
This should prevent the kernel from reading code from user space in
kernel context.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Traverse LS1043 boards are set up with a dual-system layout, rootfs{1,2} and kernel{1,2}.
nand_do_upgrade can do the image replacement work we were doing before as long as we give it the partition names.
This greatly simplifies the /lib/upgrade/platform.sh.
Signed-off-by: Mathew McBride <matt@traverse.com.au>
Upcoming product specification and branding changes mean that the names in tree do not accurately reflect released products.
To reduce any confusion, sort our boards by SoC family, e.g traverse-ls1043. Any future boards using Layerscape family SoC's
will be treated the same way, e.g Device/traverse-ls/lx/laXXXX.
The affected boards so far have only been available through OEM channels and those aren't using the provided sysupgrade.
Signed-off-by: Mathew McBride <matt@traverse.com.au>
The linux-4.14.99 had introduced below upstream patch.
6636dc5e01c6 arm64: io: Ensure value passed to __iormb() is held in a 64-bit register
It was causing VFIO driver build issue. This patch is to fix it.
CC drivers/vfio/fsl-mc/vfio_fsl_mc.o
In file included from ./include/linux/scatterlist.h:9:0,
from ./include/linux/iommu.h:22,
from drivers/vfio/fsl-mc/vfio_fsl_mc.c:14:
drivers/vfio/fsl-mc/vfio_fsl_mc.c: In function 'vfio_fsl_mc_dprc_wait_for_response':
./arch/arm64/include/asm/io.h:122:45: error: expected expression before ')' token
: "=r" (tmp) : "r" ((unsigned long)(v)) \
^
drivers/vfio/fsl-mc/vfio_fsl_mc.c:334:3: note: in expansion of macro '__iormb'
__iormb();
^~~~~~~
./arch/arm64/include/asm/io.h:122:45: error: expected expression before ')' token
: "=r" (tmp) : "r" ((unsigned long)(v)) \
^
drivers/vfio/fsl-mc/vfio_fsl_mc.c:336:3: note: in expansion of macro '__iormb'
__iormb();
^~~~~~~
Reported-by: Mathew McBride <matt@traverse.com.au>
Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
CONFIG_COMPAT_BRK disables the heap randomization which is only needed
for very old and ancient user space applications, I am not aware that we
run any of these, just deactivate this option for these targets to allow
heap randomization.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Refresh all patches
Remove upstream patch:
backport-4.14/424-v4.20-net-dsa-fix-88e6060-roaming.patch
Minor tweak to generic/hack-4.14/902-debloat_proc.patch to cleanly apply
after upstream changes.
Tested-on: ath79
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
The LS1021A-IoT gateway reference design based on the
QorIQ LS1021A processor is a purpose-built, small
footprint hardware platform with a wide array of
high-speed connectivity and low-speed serial interfaces
to support secure delivery of IoT services for home,
business or other commercial location.
- Combines standards-based, open source software with a
feature-rich IoT gateway design to establish a common,
open framework for secured IoT service delivery and
management.
- Provides a wide assortment of high-speed and serial-based
connectivity in a compact, highly secure design.
- High efficiency through the use of the Arm-based QorIQ
LS1021A embedded processor.
Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
Signed-off-by: Biwen Li <biwen.li@nxp.com>
This patch is to upgrade kernel to 4.14 for layerscape.
patches-4.14 for layerscape included two categories.
- NXP Layerscape SDK kernel-4.14 patches
All patches on tag LSDK-18.09-V4.14 were ported to OpenWrt
kernel. Since there were hundreds patches, we had to make
an all-in-one patch for each IP/feature.
See below links for LSDK kernel.
https://lsdk.github.io/components.htmlhttps://source.codeaurora.org/external/qoriq/qoriq-components/linux
- Non-LSDK kernel patches
Other patches which were not in LSDK were just put in patches-4.14.
Kept below patches from patches-4.9.
303-dts-layerscape-add-traverse-ls1043.patch
821-add-esdhc-vsel-to-ls1043.patch
822-rgmii-fixed-link.patch
Renamed and rebase them as below in patches-4.14,
303-add-DTS-for-Traverse-LS1043-Boards.patch
712-sdk-dpaa-rgmii-fixed-link.patch
824-mmc-sdhci-of-esdhc-add-voltage-switch-support-for-ls.patch
Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
Signed-off-by: Biwen Li <biwen.li@nxp.com>
Buildbot revealed some subtargets are still missing the new symbol.
Fixes: dfbf836a52e4 ("kernel: bump 4.9 to 4.9.143")
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
Compaction is the only memory management component to form high order (larger
physically contiguous) memory blocks reliably. The page allocator relies on
compaction heavily and the lack of the feature can lead to unexpected OOM
killer invocations for high order memory requests. You shouldn't disable this
option unless there really is a strong reason for it.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Signed-off-by: Michal Hrusecky <michal.hrusecky@nic.cz>
Patch 303 is required for Traverse LS1043 targets when using the NXP DPAA1 driver.
The recent refresh of 4.9 patches on layerscape changed how FMan/BMan memory regions
were defined and meant Ethernet stopped working on these boards.
(Note that these definitions are only required for NXP's Ethernet driver, the new
upstream driver in >=4.15 works using the DTS provided in files/)
Signed-off-by: Mathew McBride <matt@traverse.com.au>
The feature flags say that this target supports USB so packages
depending on USB are being build, but actually the kernel configuration
misses USB support. It looks like this SoC supports USB, so activate it.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
The CONFIG_FSL_PPFE and the CONFIG_FSL_PPFE_UTIL_DISABLED are boolean,
so they should be selected with an =y in OpenWrt, otherwise OpenWrt will
select them as =m. These options will make pfe.ko being build as a
module even if this is boolean.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>