tools/coreutils: update to 9.3 Update to latest bugfix release. Remove upstreamed patches: - 001-copy-fix-reflink-auto-to-fallback-in-more-cases.patch - 002-date-diagnose-f-read-errors.patch Signed-off-by: Nick Hainke <vincent@systemli.org>
kernel: mtk_bmt: refactor to avoid deep recursion A Linksys E8450 (mt7622) device running current master has recently started crashing: [ 0.562900] mtk-ecc 1100e000.ecc: probed [ 0.570254] spi-nand spi2.0: Fidelix SPI NAND was found. [ 0.575576] spi-nand spi2.0: 128 MiB, block size: 128 KiB, page size: 2048, OOB size: 64 [ 0.583780] mtk-snand 1100d000.spi: ECC strength: 4 bits per 512 bytes [ 0.682930] Insufficient stack space to handle exception! [ 0.682939] ESR: 0x0000000096000047 -- DABT (current EL) [ 0.682946] FAR: 0xffffffc008c47fe0 [ 0.682948] Task stack: [0xffffffc008c48000..0xffffffc008c4c000] [ 0.682951] IRQ stack: [0xffffffc008008000..0xffffffc00800c000] [ 0.682954] Overflow stack: [0xffffff801feb00a0..0xffffff801feb10a0] [ 0.682959] CPU: 1 PID: 1 Comm: swapper/0 Tainted: G S 5.15.107 #0 [ 0.682966] Hardware name: Linksys E8450 (DT) [ 0.682969] pstate: 800000c5 (Nzcv daIF -PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 0.682975] pc : dequeue_entity+0x0/0x250 [ 0.682988] lr : dequeue_task_fair+0x98/0x290 [ 0.682992] sp : ffffffc008c48030 [ 0.682994] x29: ffffffc008c48030 x28: 0000000000000001 x27: ffffff801feb6380 [ 0.683004] x26: 0000000000000001 x25: ffffff801feb6300 x24: ffffff8000068000 [ 0.683011] x23: 0000000000000001 x22: 0000000000000009 x21: 0000000000000000 [ 0.683017] x20: ffffff801feb6380 x19: ffffff8000068080 x18: 0000000017a740a6 [ 0.683024] x17: ffffffc008bae748 x16: ffffffc008bae6d8 x15: ffffffffffffffff [ 0.683031] x14: ffffffffffffffff x13: 0000000000000000 x12: 0000000f00000101 [ 0.683038] x11: 0000000000000449 x10: 0000000000000127 x9 : 0000000000000000 [ 0.683044] x8 : 0000000000000125 x7 : 0000000000116da1 x6 : 0000000000116da1 [ 0.683051] x5 : 00000000001165a1 x4 : ffffff801feb6e00 x3 : 0000000000000000 [ 0.683058] x2 : 0000000000000009 x1 : ffffff8000068080 x0 : ffffff801feb6380 [ 0.683066] Kernel panic - not syncing: kernel stack overflow [ 0.683069] SMP: stopping secondary CPUs [ 1.648361] SMP: failed to stop secondary CPUs 0-1 [ 1.648366] Kernel Offset: disabled [ 1.648368] CPU features: 0x00003000,00000802 [ 1.648372] Memory Limit: none Several factors contributed to this issue: 1. The mtk_bmt driver recursively calls its scan_bmt() helper function during device initialization, while looking for a valid block mapping table (BMT). 2. Commit fa4dc86e98 ("kernel: backport MEMREAD ioctl"): - increased the size of some stack-allocated structures (like struct mtd_oob_ops, used in bbt_nand_read(), which is indirectly called from scan_bmt()), - increased the stack size for some functions (for example, spinand_mtd_read(), which is indirectly called from scan_bmt(), now uses an extra stack-allocated struct mtd_ecc_stats). 3. OpenWrt currently compiles the kernel with the -fno-optimize-sibling-calls flag, which prevents tail-call optimization. Collectively, all of these factors caused stack usage in the mtk_bmt driver to grow excessively large, triggering stack overflows. Recursion is not really necessary in scan_bmt() as it simply iterates over flash memory blocks in reverse order, looking for a valid BMT. Refactor the logic contained in the scan_bmt() and read_bmt() functions in target/linux/generic/files/drivers/mtd/nand/mtk_bmt_v2.c so that deep recursion is prevented (and therefore also any potential stack overflows it may cause). Link: https://lists.openwrt.org/pipermail/openwrt-devel/2023-April/040872.html Signed-off-by: Michał Kępień <openwrt@kempniu.pl>
kernel: Activate CONFIG_SCHED_STACK_END_CHECK This activates the CONFIG_SCHED_STACK_END_CHECK option. The kernel will check if the kernel stack overflowed in the schedule() function. This just adds a very small computational overhead. This option is activated in Debian by default. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
kernel: Activate CONFIG_SLAB_FREELIST_HARDENED This activates some extra checks in SLAB or SLUB to make it harder to execute kernel heap exploits. This adds a minor performance degradation which I haven't measured-. Many mainstream Linux distributions also activate this option. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
kernel: Initialize RNG using CPU RNG and bootloader This activates the following kernel options by default: * CONFIG_RANDOM_TRUST_CPU * CONFIG_RANDOM_TRUST_BOOTLOADER With these option Linux will also use data from the CPU RNG e.g. RDRAND and the bootloader to initialize the Linux RNG if such sources are available. These random bits are used in addition to the other sources, no other sources are getting deactivated. I read that the Chacha mixer isn't vulnerable to injected entropy, so this should not be a problem even if these sources might inject bad random data. The Linux kernel suggests to activate both options, Debian also activates them. This does not increase kernel code size. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
openssl: fix low-severity CVE-2023-1255 This applies commit 02ac9c94 to fix this OpenSSL Security Advisory issued on 20th April 2023[1]: Input buffer over-read in AES-XTS implementation on 64 bit ARM (CVE-2023-1255) ============================================================== Severity: Low Issue summary: The AES-XTS cipher decryption implementation for 64 bit ARM platform contains a bug that could cause it to read past the input buffer, leading to a crash. Impact summary: Applications that use the AES-XTS algorithm on the 64 bit ARM platform can crash in rare circumstances. The AES-XTS algorithm is usually used for disk encryption. The AES-XTS cipher decryption implementation for 64 bit ARM platform will read past the end of the ciphertext buffer if the ciphertext size is 4 mod 5 in 16 byte blocks, e.g. 144 bytes or 1024 bytes. If the memory after the ciphertext buffer is unmapped, this will trigger a crash which results in a denial of service. If an attacker can control the size and location of the ciphertext buffer being decrypted by an application using AES-XTS on 64 bit ARM, the application is affected. This is fairly unlikely making this issue a Low severity one. 1. https://www.openssl.org/news/secadv/20230420.txt Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
mediatek: remove mt753x driver It is unused Signed-off-by: Felix Fietkau <nbd@nbd.name>
ramips: reduce Archer AX23 / MR70X SPI-frequency It was brought to attention the Archer AX23 v1 fails to read jffs2 data from time to time. While this is not reproducible on my unit, it is on others. Reducing the SPI frequency does the trick. While it worked with at lest 40 MHz, opt for the cautious side and choose a save frequency of 25 MHz. Apply the same treatment to the Mercusys MR70X which uses a similar design just in case. Signed-off-by: David Bauer <mail@david-bauer.net>
generic: Convert incorrect generic/5.15 patches again OpenWrt's developer guide prefers having actual patches so they an be sent upstream more easily. However, in the case of hack-5.15 patches which are not meant for upstream, adding proper fields allows for `git am` to properly function. This commit tries to rectify that, by digging in the history to find where and how it was first added. Signed-off-by: Olliver Schinagl <oliver@schinagl.nl> Signed-off-by: Daniel Golle <daniel@makrotopia.org>
bmips: fix external interrupt controller - irq_domain_add_simple() can't be used on bmips since interrupts aren't hardcoded with specific offsets for internal and external as opposed to bcm63xx. This is needed to avoid collisions with other interrupts. - remove unused bcm63xx-specific code. Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
bmips: document GPIO external interrupts BCM63xx SoCs have an external interrupt controller which can be used for specific GPIO keys. Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
bmips: increment polled keys interval to 100 There's no need to poll the gpio keys every 20 ms and the linux kernel documentation suggests 100 ms. Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
ci: add Coverity Scan scheduled workflow Coverity Scan is a static code analysis service focused on open source software quality and security, so lets scan various OpenWrt components every Friday for the start. Signed-off-by: Petr Štetiar <ynezz@true.cz>
busybox: Activate resize tool by default The resize tool will resize the prompt to match the current terminal size. This is helpful when connecting to the system using UART to make the vi or top output match the current terminal size. This increases the busybox binary size by 136 bytes and the ipkg size by 335 bytes on aarch64. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>