Staging tree of dedeckeh https://git.openwrt.org/openwrt/staging/dedeckeh/atom?h=master 2023-04-29T15:37:45Z 2023-04-29T15:37:45Z Nick Hainke 2023-04-24T06:21:20Z urn:sha1:ec6bcda8e49815efeee845da50defc85ae068b79 Release Notes: https://github.com/NixOS/patchelf/releases/tag/0.18.0 Signed-off-by: Nick Hainke <vincent@systemli.org> 2023-04-29T15:36:20Z Nick Hainke 2023-04-26T10:06:07Z urn:sha1:4c54ec74fccb422dc34665adf6d1f8b8eede203e Update to latest bugfix release. Remove upstreamed patches: - 001-copy-fix-reflink-auto-to-fallback-in-more-cases.patch - 002-date-diagnose-f-read-errors.patch Signed-off-by: Nick Hainke <vincent@systemli.org> 2023-04-29T10:58:48Z Michał Kępień 2023-04-29T06:41:32Z urn:sha1:626c84340d54c07f46f6ae111ff4389980a86c64 A Linksys E8450 (mt7622) device running current master has recently started crashing: [ 0.562900] mtk-ecc 1100e000.ecc: probed [ 0.570254] spi-nand spi2.0: Fidelix SPI NAND was found. [ 0.575576] spi-nand spi2.0: 128 MiB, block size: 128 KiB, page size: 2048, OOB size: 64 [ 0.583780] mtk-snand 1100d000.spi: ECC strength: 4 bits per 512 bytes [ 0.682930] Insufficient stack space to handle exception! [ 0.682939] ESR: 0x0000000096000047 -- DABT (current EL) [ 0.682946] FAR: 0xffffffc008c47fe0 [ 0.682948] Task stack: [0xffffffc008c48000..0xffffffc008c4c000] [ 0.682951] IRQ stack: [0xffffffc008008000..0xffffffc00800c000] [ 0.682954] Overflow stack: [0xffffff801feb00a0..0xffffff801feb10a0] [ 0.682959] CPU: 1 PID: 1 Comm: swapper/0 Tainted: G S 5.15.107 #0 [ 0.682966] Hardware name: Linksys E8450 (DT) [ 0.682969] pstate: 800000c5 (Nzcv daIF -PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 0.682975] pc : dequeue_entity+0x0/0x250 [ 0.682988] lr : dequeue_task_fair+0x98/0x290 [ 0.682992] sp : ffffffc008c48030 [ 0.682994] x29: ffffffc008c48030 x28: 0000000000000001 x27: ffffff801feb6380 [ 0.683004] x26: 0000000000000001 x25: ffffff801feb6300 x24: ffffff8000068000 [ 0.683011] x23: 0000000000000001 x22: 0000000000000009 x21: 0000000000000000 [ 0.683017] x20: ffffff801feb6380 x19: ffffff8000068080 x18: 0000000017a740a6 [ 0.683024] x17: ffffffc008bae748 x16: ffffffc008bae6d8 x15: ffffffffffffffff [ 0.683031] x14: ffffffffffffffff x13: 0000000000000000 x12: 0000000f00000101 [ 0.683038] x11: 0000000000000449 x10: 0000000000000127 x9 : 0000000000000000 [ 0.683044] x8 : 0000000000000125 x7 : 0000000000116da1 x6 : 0000000000116da1 [ 0.683051] x5 : 00000000001165a1 x4 : ffffff801feb6e00 x3 : 0000000000000000 [ 0.683058] x2 : 0000000000000009 x1 : ffffff8000068080 x0 : ffffff801feb6380 [ 0.683066] Kernel panic - not syncing: kernel stack overflow [ 0.683069] SMP: stopping secondary CPUs [ 1.648361] SMP: failed to stop secondary CPUs 0-1 [ 1.648366] Kernel Offset: disabled [ 1.648368] CPU features: 0x00003000,00000802 [ 1.648372] Memory Limit: none Several factors contributed to this issue: 1. The mtk_bmt driver recursively calls its scan_bmt() helper function during device initialization, while looking for a valid block mapping table (BMT). 2. Commit fa4dc86e98 ("kernel: backport MEMREAD ioctl"): - increased the size of some stack-allocated structures (like struct mtd_oob_ops, used in bbt_nand_read(), which is indirectly called from scan_bmt()), - increased the stack size for some functions (for example, spinand_mtd_read(), which is indirectly called from scan_bmt(), now uses an extra stack-allocated struct mtd_ecc_stats). 3. OpenWrt currently compiles the kernel with the -fno-optimize-sibling-calls flag, which prevents tail-call optimization. Collectively, all of these factors caused stack usage in the mtk_bmt driver to grow excessively large, triggering stack overflows. Recursion is not really necessary in scan_bmt() as it simply iterates over flash memory blocks in reverse order, looking for a valid BMT. Refactor the logic contained in the scan_bmt() and read_bmt() functions in target/linux/generic/files/drivers/mtd/nand/mtk_bmt_v2.c so that deep recursion is prevented (and therefore also any potential stack overflows it may cause). Link: https://lists.openwrt.org/pipermail/openwrt-devel/2023-April/040872.html Signed-off-by: Michał Kępień <openwrt@kempniu.pl> 2023-04-29T10:40:10Z Hauke Mehrtens 2023-04-22T17:36:22Z urn:sha1:1f41b6bb83a528a67934c5504094903afff7ab15 This activates the CONFIG_SCHED_STACK_END_CHECK option. The kernel will check if the kernel stack overflowed in the schedule() function. This just adds a very small computational overhead. This option is activated in Debian by default. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> 2023-04-29T10:38:09Z Hauke Mehrtens 2023-04-22T13:07:36Z urn:sha1:ff536eca585431a9c90b9e835df818a27decf730 This activates some extra checks in SLAB or SLUB to make it harder to execute kernel heap exploits. This adds a minor performance degradation which I haven't measured-. Many mainstream Linux distributions also activate this option. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> 2023-04-29T10:35:44Z Hauke Mehrtens 2023-04-22T13:28:01Z urn:sha1:2bab7d273e02bb463c121233d5d7e74157844305 This activates the following kernel options by default: * CONFIG_RANDOM_TRUST_CPU * CONFIG_RANDOM_TRUST_BOOTLOADER With these option Linux will also use data from the CPU RNG e.g. RDRAND and the bootloader to initialize the Linux RNG if such sources are available. These random bits are used in addition to the other sources, no other sources are getting deactivated. I read that the Chacha mixer isn't vulnerable to injected entropy, so this should not be a problem even if these sources might inject bad random data. The Linux kernel suggests to activate both options, Debian also activates them. This does not increase kernel code size. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> 2023-04-29T10:33:44Z Eneas U de Queiroz 2023-04-26T11:35:23Z urn:sha1:1c5cafa3ebcb6427e95f221eec3ffe27bc7a76c9 This applies commit 02ac9c94 to fix this OpenSSL Security Advisory issued on 20th April 2023[1]: Input buffer over-read in AES-XTS implementation on 64 bit ARM (CVE-2023-1255) ============================================================== Severity: Low Issue summary: The AES-XTS cipher decryption implementation for 64 bit ARM platform contains a bug that could cause it to read past the input buffer, leading to a crash. Impact summary: Applications that use the AES-XTS algorithm on the 64 bit ARM platform can crash in rare circumstances. The AES-XTS algorithm is usually used for disk encryption. The AES-XTS cipher decryption implementation for 64 bit ARM platform will read past the end of the ciphertext buffer if the ciphertext size is 4 mod 5 in 16 byte blocks, e.g. 144 bytes or 1024 bytes. If the memory after the ciphertext buffer is unmapped, this will trigger a crash which results in a denial of service. If an attacker can control the size and location of the ciphertext buffer being decrypted by an application using AES-XTS on 64 bit ARM, the application is affected. This is fairly unlikely making this issue a Low severity one. 1. https://www.openssl.org/news/secadv/20230420.txt Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com> 2023-04-29T10:30:30Z Glen Huang 2023-04-26T14:38:24Z urn:sha1:e1c0bda3fc9a01c461591864bd0163b052b5783d drbg swtiched to use HMAC(SHA-512) since 5.14.0 https://github.com/torvalds/linux/commit/5261cdf457ce3635bf18d393a3c1991dcfaf9d02 Signed-off-by: Glen Huang <me@glenhuang.com> 2023-04-29T08:25:43Z Felix Fietkau 2023-04-29T08:25:18Z urn:sha1:ec6f80663ed80e50844d0c032121e0bec46ff297 It is unused Signed-off-by: Felix Fietkau <nbd@nbd.name> 2023-04-27T20:26:58Z David Bauer 2023-04-27T20:24:15Z urn:sha1:2c530fcb972c112e7a2b10f9c21ac6d276624b5e It was brought to attention the Archer AX23 v1 fails to read jffs2 data from time to time. While this is not reproducible on my unit, it is on others. Reducing the SPI frequency does the trick. While it worked with at lest 40 MHz, opt for the cautious side and choose a save frequency of 25 MHz. Apply the same treatment to the Mercusys MR70X which uses a similar design just in case. Signed-off-by: David Bauer <mail@david-bauer.net>