From 565159db573a68d5dbc2a73231dd999b5d45781b Mon Sep 17 00:00:00 2001 From: =?utf8?q?Petr=20=C5=A0tetiar?= Date: Wed, 16 Mar 2022 19:23:08 +0100 Subject: [PATCH] kernel: bump 4.14 to 4.14.272 MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit Added new config symbol `HARDEN_BRANCH_HISTORY` in order to harden Spectre style attacks against branch history and fixed rejects in following patches: * generic/hack-4.14/220-gc_sections.patch * generic/backport-4.14/306-v4.16-netfilter-remove-saveroute-indirection-in-struct-nf_.patch Other patches refreshed automagically. Run tested on ipq40xx/glinet-b1300 and mvebu/turris-omnia. Signed-off-by: Petr Štetiar --- include/kernel-version.mk | 4 +- ...0-0033-i2c-bcm2835-Add-debug-support.patch | 14 +++--- ...-arm_introduce-dma-fiq-irq-broadcast.patch | 2 +- .../patches-4.14/040-fiq_support.patch | 2 +- ...ake-nf_unregister_net_hooks-simple-w.patch | 2 +- ...emove-synchronize_net-call-if-nfqueu.patch | 8 ++-- ...filter-core-free-hooks-with-call_rcu.patch | 4 +- ...e-size-of-hook-entry-point-locations.patch | 6 +-- ...e-hook-array-sizes-to-what-is-needed.patch | 2 +- ...allocate-space-for-decnet-hooks-unle.patch | 2 +- ...allocate-space-for-arp-bridge-hooks-.patch | 4 +- ...ass-hook-number-family-and-device-to.patch | 2 +- ...etfilter-core-add-nf_remove_net_hook.patch | 6 +-- ...ass-family-as-parameter-to-nf_remove.patch | 6 +-- ...upport-for-NFPROTO_INET-hook-registr.patch | 10 ++--- ...-saveroute-indirection-in-struct-nf_.patch | 9 ++-- ...eroute-indirection-to-struct-nf_ipv6.patch | 4 +- ...-route_key_size-field-in-struct-nf_a.patch | 8 ++-- ...tfilter-exit_net-cleanup-check-added.patch | 2 +- target/linux/generic/config-4.14 | 1 + .../generic/hack-4.14/220-gc_sections.patch | 45 +++++++++++-------- .../301-arch-support-layerscape.patch | 6 +-- .../805-qe-support-layerscape.patch | 6 +-- .../823-pm-support-layerscape.patch | 4 +- 24 files changed, 84 insertions(+), 75 deletions(-) diff --git a/include/kernel-version.mk b/include/kernel-version.mk index a48939dc54..931838a057 100644 --- a/include/kernel-version.mk +++ b/include/kernel-version.mk @@ -6,9 +6,9 @@ ifdef CONFIG_TESTING_KERNEL KERNEL_PATCHVER:=$(KERNEL_TESTING_PATCHVER) endif -LINUX_VERSION-4.14 = .269 +LINUX_VERSION-4.14 = .272 -LINUX_KERNEL_HASH-4.14.269 = 03a65f405c3acae4dd8cd952444b7cd931f972c01a42e20a471319a2f6c018d2 +LINUX_KERNEL_HASH-4.14.272 = 9b6178099cf33c534c971f3f065c0debe92788f0f504d54badb2f8c2ee089d69 remove_uri_prefix=$(subst git://,,$(subst http://,,$(subst https://,,$(1)))) sanitize_uri=$(call qstrip,$(subst @,_,$(subst :,_,$(subst .,_,$(subst -,_,$(subst /,_,$(1))))))) diff --git a/target/linux/brcm2708/patches-4.14/950-0033-i2c-bcm2835-Add-debug-support.patch b/target/linux/brcm2708/patches-4.14/950-0033-i2c-bcm2835-Add-debug-support.patch index 47bb41f3d9..6f8d8302f4 100644 --- a/target/linux/brcm2708/patches-4.14/950-0033-i2c-bcm2835-Add-debug-support.patch +++ b/target/linux/brcm2708/patches-4.14/950-0033-i2c-bcm2835-Add-debug-support.patch @@ -37,7 +37,7 @@ Signed-off-by: Noralf Trønnes --- a/drivers/i2c/busses/i2c-bcm2835.c +++ b/drivers/i2c/busses/i2c-bcm2835.c -@@ -56,6 +56,18 @@ +@@ -61,6 +61,18 @@ #define BCM2835_I2C_CDIV_MIN 0x0002 #define BCM2835_I2C_CDIV_MAX 0xFFFE @@ -56,7 +56,7 @@ Signed-off-by: Noralf Trønnes struct bcm2835_i2c_dev { struct device *dev; void __iomem *regs; -@@ -69,8 +81,78 @@ struct bcm2835_i2c_dev { +@@ -74,8 +86,78 @@ struct bcm2835_i2c_dev { u32 msg_err; u8 *msg_buf; size_t msg_buf_remaining; @@ -135,7 +135,7 @@ Signed-off-by: Noralf Trønnes static inline void bcm2835_i2c_writel(struct bcm2835_i2c_dev *i2c_dev, u32 reg, u32 val) { -@@ -189,6 +271,7 @@ static void bcm2835_i2c_start_transfer(s +@@ -194,6 +276,7 @@ static void bcm2835_i2c_start_transfer(s bcm2835_i2c_writel(i2c_dev, BCM2835_I2C_A, msg->addr); bcm2835_i2c_writel(i2c_dev, BCM2835_I2C_DLEN, msg->len); bcm2835_i2c_writel(i2c_dev, BCM2835_I2C_C, c); @@ -143,7 +143,7 @@ Signed-off-by: Noralf Trønnes } static void bcm2835_i2c_finish_transfer(struct bcm2835_i2c_dev *i2c_dev) -@@ -215,6 +298,7 @@ static irqreturn_t bcm2835_i2c_isr(int t +@@ -220,6 +303,7 @@ static irqreturn_t bcm2835_i2c_isr(int t u32 val, err; val = bcm2835_i2c_readl(i2c_dev, BCM2835_I2C_S); @@ -151,7 +151,7 @@ Signed-off-by: Noralf Trønnes err = val & (BCM2835_I2C_S_CLKT | BCM2835_I2C_S_ERR); if (err) { -@@ -281,6 +365,13 @@ static int bcm2835_i2c_xfer(struct i2c_a +@@ -286,6 +370,13 @@ static int bcm2835_i2c_xfer(struct i2c_a unsigned long time_left; int i, ret; @@ -165,7 +165,7 @@ Signed-off-by: Noralf Trønnes for (i = 0; i < (num - 1); i++) if (msgs[i].flags & I2C_M_RD) { dev_warn_once(i2c_dev->dev, -@@ -301,6 +392,11 @@ static int bcm2835_i2c_xfer(struct i2c_a +@@ -306,6 +397,11 @@ static int bcm2835_i2c_xfer(struct i2c_a time_left = wait_for_completion_timeout(&i2c_dev->completion, adap->timeout); @@ -177,7 +177,7 @@ Signed-off-by: Noralf Trønnes bcm2835_i2c_finish_transfer(i2c_dev); if (!time_left) { -@@ -313,7 +409,9 @@ static int bcm2835_i2c_xfer(struct i2c_a +@@ -318,7 +414,9 @@ static int bcm2835_i2c_xfer(struct i2c_a if (!i2c_dev->msg_err) return num; diff --git a/target/linux/cns3xxx/patches-4.14/010-arm_introduce-dma-fiq-irq-broadcast.patch b/target/linux/cns3xxx/patches-4.14/010-arm_introduce-dma-fiq-irq-broadcast.patch index 3841ca032b..c067be634f 100644 --- a/target/linux/cns3xxx/patches-4.14/010-arm_introduce-dma-fiq-irq-broadcast.patch +++ b/target/linux/cns3xxx/patches-4.14/010-arm_introduce-dma-fiq-irq-broadcast.patch @@ -20,7 +20,7 @@ #endif --- a/arch/arm/mm/Kconfig +++ b/arch/arm/mm/Kconfig -@@ -922,6 +922,17 @@ config DMA_CACHE_RWFO +@@ -933,6 +933,17 @@ config DMA_CACHE_RWFO in hardware, other workarounds are needed (e.g. cache maintenance broadcasting in software via FIQ). diff --git a/target/linux/cns3xxx/patches-4.14/040-fiq_support.patch b/target/linux/cns3xxx/patches-4.14/040-fiq_support.patch index 5a62eb38ac..184e271791 100644 --- a/target/linux/cns3xxx/patches-4.14/040-fiq_support.patch +++ b/target/linux/cns3xxx/patches-4.14/040-fiq_support.patch @@ -29,7 +29,7 @@ */ --- a/arch/arm/mm/Kconfig +++ b/arch/arm/mm/Kconfig -@@ -905,7 +905,7 @@ config VDSO +@@ -916,7 +916,7 @@ config VDSO config DMA_CACHE_RWFO bool "Enable read/write for ownership DMA cache maintenance" diff --git a/target/linux/generic/backport-4.14/290-v4.16-netfilter-core-make-nf_unregister_net_hooks-simple-w.patch b/target/linux/generic/backport-4.14/290-v4.16-netfilter-core-make-nf_unregister_net_hooks-simple-w.patch index 35800c4acf..0d8bd4c176 100644 --- a/target/linux/generic/backport-4.14/290-v4.16-netfilter-core-make-nf_unregister_net_hooks-simple-w.patch +++ b/target/linux/generic/backport-4.14/290-v4.16-netfilter-core-make-nf_unregister_net_hooks-simple-w.patch @@ -22,7 +22,7 @@ Signed-off-by: Pablo Neira Ayuso --- a/net/netfilter/core.c +++ b/net/netfilter/core.c -@@ -395,63 +395,10 @@ EXPORT_SYMBOL(nf_register_net_hooks); +@@ -396,63 +396,10 @@ EXPORT_SYMBOL(nf_register_net_hooks); void nf_unregister_net_hooks(struct net *net, const struct nf_hook_ops *reg, unsigned int hookcount) { diff --git a/target/linux/generic/backport-4.14/291-v4.16-netfilter-core-remove-synchronize_net-call-if-nfqueu.patch b/target/linux/generic/backport-4.14/291-v4.16-netfilter-core-remove-synchronize_net-call-if-nfqueu.patch index cbaaaa619a..305a58c120 100644 --- a/target/linux/generic/backport-4.14/291-v4.16-netfilter-core-remove-synchronize_net-call-if-nfqueu.patch +++ b/target/linux/generic/backport-4.14/291-v4.16-netfilter-core-remove-synchronize_net-call-if-nfqueu.patch @@ -32,7 +32,7 @@ Signed-off-by: Pablo Neira Ayuso void nf_register_queue_handler(struct net *net, const struct nf_queue_handler *qh); --- a/net/netfilter/core.c +++ b/net/netfilter/core.c -@@ -341,7 +341,6 @@ void nf_unregister_net_hook(struct net * +@@ -342,7 +342,6 @@ void nf_unregister_net_hook(struct net * { struct nf_hook_entries __rcu **pp; struct nf_hook_entries *p; @@ -40,7 +40,7 @@ Signed-off-by: Pablo Neira Ayuso pp = nf_hook_entry_head(net, reg); if (!pp) -@@ -364,10 +363,7 @@ void nf_unregister_net_hook(struct net * +@@ -365,10 +364,7 @@ void nf_unregister_net_hook(struct net * synchronize_net(); @@ -65,7 +65,7 @@ Signed-off-by: Pablo Neira Ayuso int __init netfilter_log_init(void); --- a/net/netfilter/nf_queue.c +++ b/net/netfilter/nf_queue.c -@@ -96,18 +96,15 @@ void nf_queue_entry_get_refs(struct nf_q +@@ -109,18 +109,15 @@ bool nf_queue_entry_get_refs(struct nf_q } EXPORT_SYMBOL_GPL(nf_queue_entry_get_refs); @@ -88,7 +88,7 @@ Signed-off-by: Pablo Neira Ayuso --- a/net/netfilter/nfnetlink_queue.c +++ b/net/netfilter/nfnetlink_queue.c -@@ -942,23 +942,18 @@ static struct notifier_block nfqnl_dev_n +@@ -948,23 +948,18 @@ static struct notifier_block nfqnl_dev_n .notifier_call = nfqnl_rcv_dev_event, }; diff --git a/target/linux/generic/backport-4.14/292-v4.16-netfilter-core-free-hooks-with-call_rcu.patch b/target/linux/generic/backport-4.14/292-v4.16-netfilter-core-free-hooks-with-call_rcu.patch index 5eca73552b..500b4409af 100644 --- a/target/linux/generic/backport-4.14/292-v4.16-netfilter-core-free-hooks-with-call_rcu.patch +++ b/target/linux/generic/backport-4.14/292-v4.16-netfilter-core-free-hooks-with-call_rcu.patch @@ -107,7 +107,7 @@ Signed-off-by: Pablo Neira Ayuso static unsigned int accept_all(void *priv, struct sk_buff *skb, const struct nf_hook_state *state) -@@ -291,9 +316,8 @@ int nf_register_net_hook(struct net *net +@@ -292,9 +317,8 @@ int nf_register_net_hook(struct net *net #ifdef HAVE_JUMP_LABEL static_key_slow_inc(&nf_hooks_needed[reg->pf][reg->hooknum]); #endif @@ -118,7 +118,7 @@ Signed-off-by: Pablo Neira Ayuso return 0; } EXPORT_SYMBOL(nf_register_net_hook); -@@ -361,10 +385,8 @@ void nf_unregister_net_hook(struct net * +@@ -362,10 +386,8 @@ void nf_unregister_net_hook(struct net * if (!p) return; diff --git a/target/linux/generic/backport-4.14/293-v4.16-netfilter-reduce-size-of-hook-entry-point-locations.patch b/target/linux/generic/backport-4.14/293-v4.16-netfilter-reduce-size-of-hook-entry-point-locations.patch index 90e3500f0e..eaa4feca2c 100644 --- a/target/linux/generic/backport-4.14/293-v4.16-netfilter-reduce-size-of-hook-entry-point-locations.patch +++ b/target/linux/generic/backport-4.14/293-v4.16-netfilter-reduce-size-of-hook-entry-point-locations.patch @@ -129,7 +129,7 @@ Signed-off-by: Pablo Neira Ayuso #ifdef CONFIG_NETFILTER_INGRESS if (reg->hooknum == NF_NETDEV_INGRESS) { -@@ -534,14 +549,21 @@ void (*nf_nat_decode_session_hook)(struc +@@ -535,14 +550,21 @@ void (*nf_nat_decode_session_hook)(struc EXPORT_SYMBOL(nf_nat_decode_session_hook); #endif @@ -159,7 +159,7 @@ Signed-off-by: Pablo Neira Ayuso net->nf.proc_netfilter = proc_net_mkdir(net, "netfilter", --- a/net/netfilter/nf_queue.c +++ b/net/netfilter/nf_queue.c -@@ -206,6 +206,23 @@ repeat: +@@ -223,6 +223,23 @@ repeat: return NF_ACCEPT; } @@ -183,7 +183,7 @@ Signed-off-by: Pablo Neira Ayuso /* Caller must hold rcu read-side lock */ void nf_reinject(struct nf_queue_entry *entry, unsigned int verdict) { -@@ -221,12 +238,12 @@ void nf_reinject(struct nf_queue_entry * +@@ -238,12 +255,12 @@ void nf_reinject(struct nf_queue_entry * net = entry->state.net; pf = entry->state.pf; diff --git a/target/linux/generic/backport-4.14/294-v4.16-netfilter-reduce-hook-array-sizes-to-what-is-needed.patch b/target/linux/generic/backport-4.14/294-v4.16-netfilter-reduce-hook-array-sizes-to-what-is-needed.patch index d9009b8e1f..2a9a6d94c5 100644 --- a/target/linux/generic/backport-4.14/294-v4.16-netfilter-reduce-hook-array-sizes-to-what-is-needed.patch +++ b/target/linux/generic/backport-4.14/294-v4.16-netfilter-reduce-hook-array-sizes-to-what-is-needed.patch @@ -64,7 +64,7 @@ Signed-off-by: Pablo Neira Ayuso return net->nf.hooks_decnet + reg->hooknum; default: WARN_ON_ONCE(1); -@@ -549,21 +559,21 @@ void (*nf_nat_decode_session_hook)(struc +@@ -550,21 +560,21 @@ void (*nf_nat_decode_session_hook)(struc EXPORT_SYMBOL(nf_nat_decode_session_hook); #endif diff --git a/target/linux/generic/backport-4.14/295-v4.16-netfilter-don-t-allocate-space-for-decnet-hooks-unle.patch b/target/linux/generic/backport-4.14/295-v4.16-netfilter-don-t-allocate-space-for-decnet-hooks-unle.patch index 26a93c40ae..0019802f2c 100644 --- a/target/linux/generic/backport-4.14/295-v4.16-netfilter-don-t-allocate-space-for-decnet-hooks-unle.patch +++ b/target/linux/generic/backport-4.14/295-v4.16-netfilter-don-t-allocate-space-for-decnet-hooks-unle.patch @@ -55,7 +55,7 @@ Signed-off-by: Pablo Neira Ayuso default: WARN_ON_ONCE(1); return NULL; -@@ -573,7 +575,9 @@ static int __net_init netfilter_net_init +@@ -574,7 +576,9 @@ static int __net_init netfilter_net_init __netfilter_net_init(net->nf.hooks_ipv6, ARRAY_SIZE(net->nf.hooks_ipv6)); __netfilter_net_init(net->nf.hooks_arp, ARRAY_SIZE(net->nf.hooks_arp)); __netfilter_net_init(net->nf.hooks_bridge, ARRAY_SIZE(net->nf.hooks_bridge)); diff --git a/target/linux/generic/backport-4.14/296-v4.16-netfilter-don-t-allocate-space-for-arp-bridge-hooks-.patch b/target/linux/generic/backport-4.14/296-v4.16-netfilter-don-t-allocate-space-for-arp-bridge-hooks-.patch index 41675c3494..9e55dabdc9 100644 --- a/target/linux/generic/backport-4.14/296-v4.16-netfilter-don-t-allocate-space-for-arp-bridge-hooks-.patch +++ b/target/linux/generic/backport-4.14/296-v4.16-netfilter-don-t-allocate-space-for-arp-bridge-hooks-.patch @@ -137,7 +137,7 @@ Signed-off-by: Pablo Neira Ayuso case NFPROTO_IPV4: if (WARN_ON_ONCE(ARRAY_SIZE(net->nf.hooks_ipv4) <= reg->hooknum)) return NULL; -@@ -573,8 +577,12 @@ static int __net_init netfilter_net_init +@@ -574,8 +578,12 @@ static int __net_init netfilter_net_init { __netfilter_net_init(net->nf.hooks_ipv4, ARRAY_SIZE(net->nf.hooks_ipv4)); __netfilter_net_init(net->nf.hooks_ipv6, ARRAY_SIZE(net->nf.hooks_ipv6)); @@ -152,7 +152,7 @@ Signed-off-by: Pablo Neira Ayuso #endif --- a/net/netfilter/nf_queue.c +++ b/net/netfilter/nf_queue.c -@@ -209,8 +209,10 @@ repeat: +@@ -226,8 +226,10 @@ repeat: static struct nf_hook_entries *nf_hook_entries_head(const struct net *net, u8 pf, u8 hooknum) { switch (pf) { diff --git a/target/linux/generic/backport-4.14/297-v4.16-netfilter-core-pass-hook-number-family-and-device-to.patch b/target/linux/generic/backport-4.14/297-v4.16-netfilter-core-pass-hook-number-family-and-device-to.patch index 7d450f95f0..55bc7ec1e8 100644 --- a/target/linux/generic/backport-4.14/297-v4.16-netfilter-core-pass-hook-number-family-and-device-to.patch +++ b/target/linux/generic/backport-4.14/297-v4.16-netfilter-core-pass-hook-number-family-and-device-to.patch @@ -87,7 +87,7 @@ Signed-off-by: Pablo Neira Ayuso if (!pp) return -EINVAL; -@@ -397,7 +399,7 @@ void nf_unregister_net_hook(struct net * +@@ -398,7 +400,7 @@ void nf_unregister_net_hook(struct net * struct nf_hook_entries __rcu **pp; struct nf_hook_entries *p; diff --git a/target/linux/generic/backport-4.14/298-v4.16-netfilter-core-add-nf_remove_net_hook.patch b/target/linux/generic/backport-4.14/298-v4.16-netfilter-core-add-nf_remove_net_hook.patch index 8fea44b359..30d5c5843b 100644 --- a/target/linux/generic/backport-4.14/298-v4.16-netfilter-core-add-nf_remove_net_hook.patch +++ b/target/linux/generic/backport-4.14/298-v4.16-netfilter-core-add-nf_remove_net_hook.patch @@ -13,7 +13,7 @@ Signed-off-by: Pablo Neira Ayuso --- a/net/netfilter/core.c +++ b/net/netfilter/core.c -@@ -356,7 +356,7 @@ int nf_register_net_hook(struct net *net +@@ -357,7 +357,7 @@ int nf_register_net_hook(struct net *net EXPORT_SYMBOL(nf_register_net_hook); /* @@ -22,7 +22,7 @@ Signed-off-by: Pablo Neira Ayuso * * @oldp: current address of hook blob * @unreg: hook to unregister -@@ -364,8 +364,8 @@ EXPORT_SYMBOL(nf_register_net_hook); +@@ -365,8 +365,8 @@ EXPORT_SYMBOL(nf_register_net_hook); * This cannot fail, hook unregistration must always succeed. * Therefore replace the to-be-removed hook with a dummy hook. */ @@ -33,7 +33,7 @@ Signed-off-by: Pablo Neira Ayuso { struct nf_hook_ops **orig_ops; bool found = false; -@@ -411,7 +411,7 @@ void nf_unregister_net_hook(struct net * +@@ -412,7 +412,7 @@ void nf_unregister_net_hook(struct net * return; } diff --git a/target/linux/generic/backport-4.14/298-v4.16-netfilter-core-pass-family-as-parameter-to-nf_remove.patch b/target/linux/generic/backport-4.14/298-v4.16-netfilter-core-pass-family-as-parameter-to-nf_remove.patch index 4c52635c13..49e856b70e 100644 --- a/target/linux/generic/backport-4.14/298-v4.16-netfilter-core-pass-family-as-parameter-to-nf_remove.patch +++ b/target/linux/generic/backport-4.14/298-v4.16-netfilter-core-pass-family-as-parameter-to-nf_remove.patch @@ -13,7 +13,7 @@ Signed-off-by: Pablo Neira Ayuso --- a/net/netfilter/core.c +++ b/net/netfilter/core.c -@@ -365,7 +365,7 @@ EXPORT_SYMBOL(nf_register_net_hook); +@@ -366,7 +366,7 @@ EXPORT_SYMBOL(nf_register_net_hook); * Therefore replace the to-be-removed hook with a dummy hook. */ static void nf_remove_net_hook(struct nf_hook_entries *old, @@ -22,7 +22,7 @@ Signed-off-by: Pablo Neira Ayuso { struct nf_hook_ops **orig_ops; bool found = false; -@@ -383,14 +383,14 @@ static void nf_remove_net_hook(struct nf +@@ -384,14 +384,14 @@ static void nf_remove_net_hook(struct nf if (found) { #ifdef CONFIG_NETFILTER_INGRESS @@ -40,7 +40,7 @@ Signed-off-by: Pablo Neira Ayuso } } -@@ -411,7 +411,7 @@ void nf_unregister_net_hook(struct net * +@@ -412,7 +412,7 @@ void nf_unregister_net_hook(struct net * return; } diff --git a/target/linux/generic/backport-4.14/299-v4.16-netfilter-core-support-for-NFPROTO_INET-hook-registr.patch b/target/linux/generic/backport-4.14/299-v4.16-netfilter-core-support-for-NFPROTO_INET-hook-registr.patch index b112855132..722ba9d4aa 100644 --- a/target/linux/generic/backport-4.14/299-v4.16-netfilter-core-support-for-NFPROTO_INET-hook-registr.patch +++ b/target/linux/generic/backport-4.14/299-v4.16-netfilter-core-support-for-NFPROTO_INET-hook-registr.patch @@ -39,9 +39,9 @@ Signed-off-by: Pablo Neira Ayuso if (!pp) return -EINVAL; -@@ -343,17 +344,16 @@ int nf_register_net_hook(struct net *net +@@ -344,17 +345,16 @@ int nf_register_net_hook(struct net *net + return PTR_ERR(new_hooks); - hooks_validate(new_hooks); #ifdef CONFIG_NETFILTER_INGRESS - if (reg->pf == NFPROTO_NETDEV && reg->hooknum == NF_NETDEV_INGRESS) + if (pf == NFPROTO_NETDEV && reg->hooknum == NF_NETDEV_INGRESS) @@ -59,7 +59,7 @@ Signed-off-by: Pablo Neira Ayuso /* * nf_remove_net_hook - remove a hook from blob -@@ -394,12 +394,13 @@ static void nf_remove_net_hook(struct nf +@@ -395,12 +395,13 @@ static void nf_remove_net_hook(struct nf } } @@ -75,7 +75,7 @@ Signed-off-by: Pablo Neira Ayuso if (!pp) return; -@@ -411,7 +412,7 @@ void nf_unregister_net_hook(struct net * +@@ -412,7 +413,7 @@ void nf_unregister_net_hook(struct net * return; } @@ -84,7 +84,7 @@ Signed-off-by: Pablo Neira Ayuso p = __nf_hook_entries_try_shrink(pp); mutex_unlock(&nf_hook_mutex); -@@ -421,8 +422,42 @@ void nf_unregister_net_hook(struct net * +@@ -422,8 +423,42 @@ void nf_unregister_net_hook(struct net * nf_queue_nf_hook_drop(net); nf_hook_entries_free(p); } diff --git a/target/linux/generic/backport-4.14/306-v4.16-netfilter-remove-saveroute-indirection-in-struct-nf_.patch b/target/linux/generic/backport-4.14/306-v4.16-netfilter-remove-saveroute-indirection-in-struct-nf_.patch index 943b3eed30..c699c3aae3 100644 --- a/target/linux/generic/backport-4.14/306-v4.16-netfilter-remove-saveroute-indirection-in-struct-nf_.patch +++ b/target/linux/generic/backport-4.14/306-v4.16-netfilter-remove-saveroute-indirection-in-struct-nf_.patch @@ -176,7 +176,7 @@ Signed-off-by: Pablo Neira Ayuso #include #include #include -@@ -108,6 +110,35 @@ void nf_queue_nf_hook_drop(struct net *n +@@ -121,6 +123,35 @@ void nf_queue_nf_hook_drop(struct net *n } EXPORT_SYMBOL_GPL(nf_queue_nf_hook_drop); @@ -212,12 +212,11 @@ Signed-off-by: Pablo Neira Ayuso static int __nf_queue(struct sk_buff *skb, const struct nf_hook_state *state, const struct nf_hook_entries *entries, unsigned int index, unsigned int queuenum) -@@ -148,7 +179,16 @@ static int __nf_queue(struct sk_buff *sk - }; +@@ -165,7 +196,15 @@ static int __nf_queue(struct sk_buff *sk + return -ENOTCONN; + } - nf_queue_entry_get_refs(entry); - afinfo->saveroute(skb, entry); -+ + switch (entry->state.pf) { + case AF_INET: + nf_ip_saveroute(skb, entry); diff --git a/target/linux/generic/backport-4.14/308-v4.16-netfilter-move-reroute-indirection-to-struct-nf_ipv6.patch b/target/linux/generic/backport-4.14/308-v4.16-netfilter-move-reroute-indirection-to-struct-nf_ipv6.patch index 810f57ca19..83c90ed893 100644 --- a/target/linux/generic/backport-4.14/308-v4.16-netfilter-move-reroute-indirection-to-struct-nf_ipv6.patch +++ b/target/linux/generic/backport-4.14/308-v4.16-netfilter-move-reroute-indirection-to-struct-nf_ipv6.patch @@ -171,7 +171,7 @@ Signed-off-by: Pablo Neira Ayuso --- a/net/netfilter/nf_queue.c +++ b/net/netfilter/nf_queue.c -@@ -271,7 +271,6 @@ void nf_reinject(struct nf_queue_entry * +@@ -287,7 +287,6 @@ void nf_reinject(struct nf_queue_entry * const struct nf_hook_entry *hook_entry; const struct nf_hook_entries *hooks; struct sk_buff *skb = entry->skb; @@ -179,7 +179,7 @@ Signed-off-by: Pablo Neira Ayuso const struct net *net; unsigned int i; int err; -@@ -298,8 +297,7 @@ void nf_reinject(struct nf_queue_entry * +@@ -314,8 +313,7 @@ void nf_reinject(struct nf_queue_entry * verdict = nf_hook_entry_hookfn(hook_entry, skb, &entry->state); if (verdict == NF_ACCEPT) { diff --git a/target/linux/generic/backport-4.14/309-v4.16-netfilter-remove-route_key_size-field-in-struct-nf_a.patch b/target/linux/generic/backport-4.14/309-v4.16-netfilter-remove-route_key_size-field-in-struct-nf_a.patch index 20820e40ca..9911416c39 100644 --- a/target/linux/generic/backport-4.14/309-v4.16-netfilter-remove-route_key_size-field-in-struct-nf_a.patch +++ b/target/linux/generic/backport-4.14/309-v4.16-netfilter-remove-route_key_size-field-in-struct-nf_a.patch @@ -48,7 +48,7 @@ Signed-off-by: Pablo Neira Ayuso #include #include #include -@@ -145,9 +147,9 @@ static int __nf_queue(struct sk_buff *sk +@@ -158,9 +160,9 @@ static int __nf_queue(struct sk_buff *sk { int status = -ENOENT; struct nf_queue_entry *entry = NULL; @@ -59,7 +59,7 @@ Signed-off-by: Pablo Neira Ayuso /* QUEUE == DROP if no one is waiting, to be safe. */ qh = rcu_dereference(net->nf.queue_handler); -@@ -156,11 +158,19 @@ static int __nf_queue(struct sk_buff *sk +@@ -169,11 +171,19 @@ static int __nf_queue(struct sk_buff *sk goto err; } @@ -83,7 +83,7 @@ Signed-off-by: Pablo Neira Ayuso if (!entry) { status = -ENOMEM; goto err; -@@ -175,7 +185,7 @@ static int __nf_queue(struct sk_buff *sk +@@ -188,7 +198,7 @@ static int __nf_queue(struct sk_buff *sk .skb = skb, .state = *state, .hook_index = index, @@ -91,4 +91,4 @@ Signed-off-by: Pablo Neira Ayuso + .size = sizeof(*entry) + route_key_size, }; - nf_queue_entry_get_refs(entry); + if (!nf_queue_entry_get_refs(entry)) { diff --git a/target/linux/generic/backport-4.14/336-v4.15-netfilter-exit_net-cleanup-check-added.patch b/target/linux/generic/backport-4.14/336-v4.15-netfilter-exit_net-cleanup-check-added.patch index bd26f2d163..698ddbc213 100644 --- a/target/linux/generic/backport-4.14/336-v4.15-netfilter-exit_net-cleanup-check-added.patch +++ b/target/linux/generic/backport-4.14/336-v4.15-netfilter-exit_net-cleanup-check-added.patch @@ -62,7 +62,7 @@ Signed-off-by: Pablo Neira Ayuso static struct pernet_operations nfnl_log_net_ops = { --- a/net/netfilter/nfnetlink_queue.c +++ b/net/netfilter/nfnetlink_queue.c -@@ -1511,10 +1511,15 @@ static int __net_init nfnl_queue_net_ini +@@ -1517,10 +1517,15 @@ static int __net_init nfnl_queue_net_ini static void __net_exit nfnl_queue_net_exit(struct net *net) { diff --git a/target/linux/generic/config-4.14 b/target/linux/generic/config-4.14 index 93f080229a..217754caa6 100644 --- a/target/linux/generic/config-4.14 +++ b/target/linux/generic/config-4.14 @@ -1601,6 +1601,7 @@ CONFIG_GENERIC_NET_UTILS=y # CONFIG_HAMACHI is not set # CONFIG_HAMRADIO is not set # CONFIG_HAPPYMEAL is not set +CONFIG_HARDEN_BRANCH_HISTORY=y CONFIG_HARDENED_USERCOPY=y # CONFIG_HARDENED_USERCOPY_PAGESPAN is not set # CONFIG_HARDLOCKUP_DETECTOR is not set diff --git a/target/linux/generic/hack-4.14/220-gc_sections.patch b/target/linux/generic/hack-4.14/220-gc_sections.patch index 2605d7f78f..cf493a2574 100644 --- a/target/linux/generic/hack-4.14/220-gc_sections.patch +++ b/target/linux/generic/hack-4.14/220-gc_sections.patch @@ -67,7 +67,7 @@ Signed-off-by: Gabor Juhos # but it is being used too early to link to meaningful stack_chk logic. --- a/arch/arm/kernel/vmlinux.lds.S +++ b/arch/arm/kernel/vmlinux.lds.S -@@ -18,7 +18,7 @@ +@@ -31,7 +31,7 @@ #define PROC_INFO \ . = ALIGN(4); \ VMLINUX_SYMBOL(__proc_info_begin) = .; \ @@ -76,7 +76,7 @@ Signed-off-by: Gabor Juhos VMLINUX_SYMBOL(__proc_info_end) = .; #define HYPERVISOR_TEXT \ -@@ -29,11 +29,11 @@ +@@ -42,11 +42,11 @@ #define IDMAP_TEXT \ ALIGN_FUNCTION(); \ VMLINUX_SYMBOL(__idmap_text_start) = .; \ @@ -90,7 +90,7 @@ Signed-off-by: Gabor Juhos VMLINUX_SYMBOL(__hyp_idmap_text_end) = .; #ifdef CONFIG_HOTPLUG_CPU -@@ -106,7 +106,7 @@ SECTIONS +@@ -119,7 +119,7 @@ SECTIONS _stext = .; /* Text and read-only data */ IDMAP_TEXT __exception_text_start = .; @@ -99,7 +99,7 @@ Signed-off-by: Gabor Juhos __exception_text_end = .; IRQENTRY_TEXT SOFTIRQENTRY_TEXT -@@ -135,7 +135,7 @@ SECTIONS +@@ -148,7 +148,7 @@ SECTIONS __ex_table : AT(ADDR(__ex_table) - LOAD_OFFSET) { __start___ex_table = .; #ifdef CONFIG_MMU @@ -108,7 +108,7 @@ Signed-off-by: Gabor Juhos #endif __stop___ex_table = .; } -@@ -147,12 +147,12 @@ SECTIONS +@@ -160,12 +160,12 @@ SECTIONS . = ALIGN(8); .ARM.unwind_idx : { __start_unwind_idx = .; @@ -123,24 +123,33 @@ Signed-off-by: Gabor Juhos __stop_unwind_tab = .; } #endif -@@ -172,14 +172,14 @@ SECTIONS - */ - __vectors_start = .; - .vectors 0xffff0000 : AT(__vectors_start) { -- *(.vectors) -+ KEEP(*(.vectors)) +@@ -186,13 +186,13 @@ SECTIONS + __vectors_lma = .; + OVERLAY 0xffff0000 : NOCROSSREFS AT(__vectors_lma) { + .vectors { +- *(.vectors) ++ KEEP(*(.vectors)) + } + .vectors.bhb.loop8 { +- *(.vectors.bhb.loop8) ++ KEEP(*(.vectors.bhb.loop8)) + } + .vectors.bhb.bpiall { +- *(.vectors.bhb.bpiall) ++ KEEP(*(.vectors.bhb.bpiall)) + } } - . = __vectors_start + SIZEOF(.vectors); - __vectors_end = .; + ARM_LMA(__vectors, .vectors); +@@ -204,7 +204,7 @@ SECTIONS - __stubs_start = .; - .stubs ADDR(.vectors) + 0x1000 : AT(__stubs_start) { + __stubs_lma = .; + .stubs ADDR(.vectors) + 0x1000 : AT(__stubs_lma) { - *(.stubs) + KEEP(*(.stubs)) } - . = __stubs_start + SIZEOF(.stubs); - __stubs_end = .; -@@ -195,24 +195,24 @@ SECTIONS + ARM_LMA(__stubs, .stubs); + . = __stubs_lma + SIZEOF(.stubs); +@@ -220,24 +220,24 @@ SECTIONS } .init.arch.info : { __arch_info_begin = .; diff --git a/target/linux/layerscape/patches-4.14/301-arch-support-layerscape.patch b/target/linux/layerscape/patches-4.14/301-arch-support-layerscape.patch index 27c7d864fa..4659414d4c 100644 --- a/target/linux/layerscape/patches-4.14/301-arch-support-layerscape.patch +++ b/target/linux/layerscape/patches-4.14/301-arch-support-layerscape.patch @@ -214,7 +214,7 @@ Signed-off-by: Zhao Qiang * address space as memory. Needed when the kernel wants to execute --- a/arch/arm/mm/mmu.c +++ b/arch/arm/mm/mmu.c -@@ -315,6 +315,13 @@ static struct mem_type mem_types[] __ro_ +@@ -317,6 +317,13 @@ static struct mem_type mem_types[] __ro_ .prot_sect = PMD_TYPE_SECT | PMD_SECT_AP_WRITE, .domain = DOMAIN_KERNEL, }, @@ -228,7 +228,7 @@ Signed-off-by: Zhao Qiang [MT_ROM] = { .prot_sect = PMD_TYPE_SECT, .domain = DOMAIN_KERNEL, -@@ -651,6 +658,7 @@ static void __init build_mem_type_table( +@@ -653,6 +660,7 @@ static void __init build_mem_type_table( } kern_pgprot |= PTE_EXT_AF; vecs_pgprot |= PTE_EXT_AF; @@ -236,7 +236,7 @@ Signed-off-by: Zhao Qiang /* * Set PXN for user mappings -@@ -679,6 +687,7 @@ static void __init build_mem_type_table( +@@ -681,6 +689,7 @@ static void __init build_mem_type_table( mem_types[MT_MEMORY_RWX].prot_pte |= kern_pgprot; mem_types[MT_MEMORY_RW].prot_sect |= ecc_mask | cp->pmd; mem_types[MT_MEMORY_RW].prot_pte |= kern_pgprot; diff --git a/target/linux/layerscape/patches-4.14/805-qe-support-layerscape.patch b/target/linux/layerscape/patches-4.14/805-qe-support-layerscape.patch index 0a6ad579ff..fc733c4b85 100644 --- a/target/linux/layerscape/patches-4.14/805-qe-support-layerscape.patch +++ b/target/linux/layerscape/patches-4.14/805-qe-support-layerscape.patch @@ -1482,7 +1482,7 @@ Signed-off-by: Zhao Qiang #undef DEBUG -@@ -61,16 +59,16 @@ void __par_io_config_pin(struct qe_pio_r +@@ -63,16 +61,16 @@ void __par_io_config_pin(struct qe_pio_r pin_mask1bit = (u32) (1 << (QE_PIO_PINS - (pin + 1))); /* Set open drain, if required */ @@ -1504,7 +1504,7 @@ Signed-off-by: Zhao Qiang /* get all bits mask for 2 bit per port */ pin_mask2bits = (u32) (0x3 << (QE_PIO_PINS - -@@ -82,34 +80,30 @@ void __par_io_config_pin(struct qe_pio_r +@@ -84,34 +82,30 @@ void __par_io_config_pin(struct qe_pio_r /* clear and set 2 bits mask */ if (pin > (QE_PIO_PINS / 2) - 1) { @@ -1549,7 +1549,7 @@ Signed-off-by: Zhao Qiang } } EXPORT_SYMBOL(__par_io_config_pin); -@@ -137,12 +131,12 @@ int par_io_data_set(u8 port, u8 pin, u8 +@@ -139,12 +133,12 @@ int par_io_data_set(u8 port, u8 pin, u8 /* calculate pin location */ pin_mask = (u32) (1 << (QE_PIO_PINS - 1 - pin)); diff --git a/target/linux/layerscape/patches-4.14/823-pm-support-layerscape.patch b/target/linux/layerscape/patches-4.14/823-pm-support-layerscape.patch index 99863c47a0..01665febf4 100644 --- a/target/linux/layerscape/patches-4.14/823-pm-support-layerscape.patch +++ b/target/linux/layerscape/patches-4.14/823-pm-support-layerscape.patch @@ -25,7 +25,7 @@ Signed-off-by: Zhao Chenhui --- a/drivers/firmware/psci.c +++ b/drivers/firmware/psci.c -@@ -437,8 +437,18 @@ CPUIDLE_METHOD_OF_DECLARE(psci, "psci", +@@ -452,8 +452,18 @@ CPUIDLE_METHOD_OF_DECLARE(psci, "psci", static int psci_system_suspend(unsigned long unused) { @@ -46,7 +46,7 @@ Signed-off-by: Zhao Chenhui } static int psci_system_suspend_enter(suspend_state_t state) -@@ -562,6 +572,8 @@ static void __init psci_0_2_set_function +@@ -577,6 +587,8 @@ static void __init psci_0_2_set_function arm_pm_restart = psci_sys_reset; pm_power_off = psci_sys_poweroff; -- 2.30.2