kernel: bump 4.14 to 4.14.272

Added new config symbol `HARDEN_BRANCH_HISTORY` in order to harden Spectre style attacks against branch history and fixed rejects in following patches: * generic/hack-4.14/220-gc_sections.patch * generic/backport-4.14/306-v4.16-netfilter-remove-saveroute-indirection-in-struct-nf_.patch Other patches refreshed automagically. Run tested on ipq40xx/glinet-b1300 and mvebu/turris-omnia. Signed-off-by: Petr Štetiar <ynezz@true.cz>
2022-03-16 19:23:08 +01:00 · 2022-03-16 19:23:08 +01:00 · 565159db57
parent c5c047f19b
commit 565159db57
24 changed files with 84 additions and 75 deletions
--- a/include/kernel-version.mk
+++ b/include/kernel-version.mk
@ -6,9 +6,9 @@ ifdef CONFIG_TESTING_KERNEL
  KERNEL_PATCHVER:=$(KERNEL_TESTING_PATCHVER)
 endif
-LINUX_VERSION-4.14 = .269
+LINUX_VERSION-4.14 = .272
-LINUX_KERNEL_HASH-4.14.269 = 03a65f405c3acae4dd8cd952444b7cd931f972c01a42e20a471319a2f6c018d2
+LINUX_KERNEL_HASH-4.14.272 = 9b6178099cf33c534c971f3f065c0debe92788f0f504d54badb2f8c2ee089d69
 remove_uri_prefix=$(subst git://,,$(subst http://,,$(subst https://,,$(1))))
 sanitize_uri=$(call qstrip,$(subst @,_,$(subst :,_,$(subst .,_,$(subst -,_,$(subst /,_,$(1)))))))
--- a/target/linux/brcm2708/patches-4.14/950-0033-i2c-bcm2835-Add-debug-support.patch
+++ b/target/linux/brcm2708/patches-4.14/950-0033-i2c-bcm2835-Add-debug-support.patch
@ -37,7 +37,7 @@ Signed-off-by: Noralf Trønnes <noralf@tronnes.org>
 --- a/drivers/i2c/busses/i2c-bcm2835.c
 +++ b/drivers/i2c/busses/i2c-bcm2835.c
-@@ -56,6 +56,18 @@
+@@ -61,6 +61,18 @@
 #define BCM2835_I2C_CDIV_MIN	0x0002
 #define BCM2835_I2C_CDIV_MAX	0xFFFE
@ -56,7 +56,7 @@ Signed-off-by: Noralf Trønnes <noralf@tronnes.org>
 struct bcm2835_i2c_dev {
 	struct device *dev;
 	void __iomem *regs;
-@@ -69,8 +81,78 @@ struct bcm2835_i2c_dev {
+@@ -74,8 +86,78 @@ struct bcm2835_i2c_dev {
 	u32 msg_err;
 	u8 *msg_buf;
 	size_t msg_buf_remaining;
@ -135,7 +135,7 @@ Signed-off-by: Noralf Trønnes <noralf@tronnes.org>
 static inline void bcm2835_i2c_writel(struct bcm2835_i2c_dev *i2c_dev,
 				      u32 reg, u32 val)
 {
-@@ -189,6 +271,7 @@ static void bcm2835_i2c_start_transfer(s
+@@ -194,6 +276,7 @@ static void bcm2835_i2c_start_transfer(s
 	bcm2835_i2c_writel(i2c_dev, BCM2835_I2C_A, msg->addr);
 	bcm2835_i2c_writel(i2c_dev, BCM2835_I2C_DLEN, msg->len);
 	bcm2835_i2c_writel(i2c_dev, BCM2835_I2C_C, c);
@ -143,7 +143,7 @@ Signed-off-by: Noralf Trønnes <noralf@tronnes.org>
 }
 static void bcm2835_i2c_finish_transfer(struct bcm2835_i2c_dev *i2c_dev)
-@@ -215,6 +298,7 @@ static irqreturn_t bcm2835_i2c_isr(int t
+@@ -220,6 +303,7 @@ static irqreturn_t bcm2835_i2c_isr(int t
 	u32 val, err;
 	val = bcm2835_i2c_readl(i2c_dev, BCM2835_I2C_S);
@ -151,7 +151,7 @@ Signed-off-by: Noralf Trønnes <noralf@tronnes.org>
 	err = val & (BCM2835_I2C_S_CLKT | BCM2835_I2C_S_ERR);
 	if (err) {
-@@ -281,6 +365,13 @@ static int bcm2835_i2c_xfer(struct i2c_a
+@@ -286,6 +370,13 @@ static int bcm2835_i2c_xfer(struct i2c_a
 	unsigned long time_left;
 	int i, ret;
@ -165,7 +165,7 @@ Signed-off-by: Noralf Trønnes <noralf@tronnes.org>
 	for (i = 0; i < (num - 1); i++)
 		if (msgs[i].flags & I2C_M_RD) {
 			dev_warn_once(i2c_dev->dev,
-@@ -301,6 +392,11 @@ static int bcm2835_i2c_xfer(struct i2c_a
+@@ -306,6 +397,11 @@ static int bcm2835_i2c_xfer(struct i2c_a
 	time_left = wait_for_completion_timeout(&i2c_dev->completion,
 						adap->timeout);
@ -177,7 +177,7 @@ Signed-off-by: Noralf Trønnes <noralf@tronnes.org>
 	bcm2835_i2c_finish_transfer(i2c_dev);
 	if (!time_left) {
-@@ -313,7 +409,9 @@ static int bcm2835_i2c_xfer(struct i2c_a
+@@ -318,7 +414,9 @@ static int bcm2835_i2c_xfer(struct i2c_a
 	if (!i2c_dev->msg_err)
 		return num;
--- a/target/linux/cns3xxx/patches-4.14/010-arm_introduce-dma-fiq-irq-broadcast.patch
+++ b/target/linux/cns3xxx/patches-4.14/010-arm_introduce-dma-fiq-irq-broadcast.patch
@ -20,7 +20,7 @@
 #endif
 --- a/arch/arm/mm/Kconfig
 +++ b/arch/arm/mm/Kconfig
-@@ -922,6 +922,17 @@ config DMA_CACHE_RWFO
+@@ -933,6 +933,17 @@ config DMA_CACHE_RWFO
 	  in hardware, other workarounds are needed (e.g. cache
 	  maintenance broadcasting in software via FIQ).
--- a/target/linux/cns3xxx/patches-4.14/040-fiq_support.patch
+++ b/target/linux/cns3xxx/patches-4.14/040-fiq_support.patch
@ -29,7 +29,7 @@
  */
 --- a/arch/arm/mm/Kconfig
 +++ b/arch/arm/mm/Kconfig
-@@ -905,7 +905,7 @@ config VDSO
+@@ -916,7 +916,7 @@ config VDSO
 config DMA_CACHE_RWFO
 	bool "Enable read/write for ownership DMA cache maintenance"
--- a/target/linux/generic/backport-4.14/290-v4.16-netfilter-core-make-nf_unregister_net_hooks-simple-w.patch
+++ b/target/linux/generic/backport-4.14/290-v4.16-netfilter-core-make-nf_unregister_net_hooks-simple-w.patch
@ -22,7 +22,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
 --- a/net/netfilter/core.c
 +++ b/net/netfilter/core.c
-@@ -395,63 +395,10 @@ EXPORT_SYMBOL(nf_register_net_hooks);
+@@ -396,63 +396,10 @@ EXPORT_SYMBOL(nf_register_net_hooks);
 void nf_unregister_net_hooks(struct net *net, const struct nf_hook_ops *reg,
 			     unsigned int hookcount)
 {
--- a/target/linux/generic/backport-4.14/291-v4.16-netfilter-core-remove-synchronize_net-call-if-nfqueu.patch
+++ b/target/linux/generic/backport-4.14/291-v4.16-netfilter-core-remove-synchronize_net-call-if-nfqueu.patch
@ -32,7 +32,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
 void nf_register_queue_handler(struct net *net, const struct nf_queue_handler *qh);
 --- a/net/netfilter/core.c
 +++ b/net/netfilter/core.c
-@@ -341,7 +341,6 @@ void nf_unregister_net_hook(struct net *
+@@ -342,7 +342,6 @@ void nf_unregister_net_hook(struct net *
 {
 	struct nf_hook_entries __rcu **pp;
 	struct nf_hook_entries *p;
@ -40,7 +40,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
 	pp = nf_hook_entry_head(net, reg);
 	if (!pp)
-@@ -364,10 +363,7 @@ void nf_unregister_net_hook(struct net *
+@@ -365,10 +364,7 @@ void nf_unregister_net_hook(struct net *
 	synchronize_net();
@ -65,7 +65,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
 int __init netfilter_log_init(void);
 --- a/net/netfilter/nf_queue.c
 +++ b/net/netfilter/nf_queue.c
-@@ -96,18 +96,15 @@ void nf_queue_entry_get_refs(struct nf_q
+@@ -109,18 +109,15 @@ bool nf_queue_entry_get_refs(struct nf_q
 }
 EXPORT_SYMBOL_GPL(nf_queue_entry_get_refs);
@ -88,7 +88,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
 --- a/net/netfilter/nfnetlink_queue.c
 +++ b/net/netfilter/nfnetlink_queue.c
-@@ -942,23 +942,18 @@ static struct notifier_block nfqnl_dev_n
+@@ -948,23 +948,18 @@ static struct notifier_block nfqnl_dev_n
 	.notifier_call	= nfqnl_rcv_dev_event,
 };
--- a/target/linux/generic/backport-4.14/292-v4.16-netfilter-core-free-hooks-with-call_rcu.patch
+++ b/target/linux/generic/backport-4.14/292-v4.16-netfilter-core-free-hooks-with-call_rcu.patch
@ -107,7 +107,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
 static unsigned int accept_all(void *priv,
 			       struct sk_buff *skb,
 			       const struct nf_hook_state *state)
-@@ -291,9 +316,8 @@ int nf_register_net_hook(struct net *net
+@@ -292,9 +317,8 @@ int nf_register_net_hook(struct net *net
 #ifdef HAVE_JUMP_LABEL
 	static_key_slow_inc(&nf_hooks_needed[reg->pf][reg->hooknum]);
 #endif
@ -118,7 +118,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
 	return 0;
 }
 EXPORT_SYMBOL(nf_register_net_hook);
-@@ -361,10 +385,8 @@ void nf_unregister_net_hook(struct net *
+@@ -362,10 +386,8 @@ void nf_unregister_net_hook(struct net *
 	if (!p)
 		return;
--- a/target/linux/generic/backport-4.14/293-v4.16-netfilter-reduce-size-of-hook-entry-point-locations.patch
+++ b/target/linux/generic/backport-4.14/293-v4.16-netfilter-reduce-size-of-hook-entry-point-locations.patch
@ -129,7 +129,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
 #ifdef CONFIG_NETFILTER_INGRESS
 	if (reg->hooknum == NF_NETDEV_INGRESS) {
-@@ -534,14 +549,21 @@ void (*nf_nat_decode_session_hook)(struc
+@@ -535,14 +550,21 @@ void (*nf_nat_decode_session_hook)(struc
 EXPORT_SYMBOL(nf_nat_decode_session_hook);
 #endif
@ -159,7 +159,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
 	net->nf.proc_netfilter = proc_net_mkdir(net, "netfilter",
 --- a/net/netfilter/nf_queue.c
 +++ b/net/netfilter/nf_queue.c
-@@ -206,6 +206,23 @@ repeat:
+@@ -223,6 +223,23 @@ repeat:
 	return NF_ACCEPT;
 }
@ -183,7 +183,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
 /* Caller must hold rcu read-side lock */
 void nf_reinject(struct nf_queue_entry *entry, unsigned int verdict)
 {
-@@ -221,12 +238,12 @@ void nf_reinject(struct nf_queue_entry *
+@@ -238,12 +255,12 @@ void nf_reinject(struct nf_queue_entry *
 	net = entry->state.net;
 	pf = entry->state.pf;
--- a/target/linux/generic/backport-4.14/294-v4.16-netfilter-reduce-hook-array-sizes-to-what-is-needed.patch
+++ b/target/linux/generic/backport-4.14/294-v4.16-netfilter-reduce-hook-array-sizes-to-what-is-needed.patch
@ -64,7 +64,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
 		return net->nf.hooks_decnet + reg->hooknum;
 	default:
 		WARN_ON_ONCE(1);
-@@ -549,21 +559,21 @@ void (*nf_nat_decode_session_hook)(struc
+@@ -550,21 +560,21 @@ void (*nf_nat_decode_session_hook)(struc
 EXPORT_SYMBOL(nf_nat_decode_session_hook);
 #endif
--- a/target/linux/generic/backport-4.14/295-v4.16-netfilter-don-t-allocate-space-for-decnet-hooks-unle.patch
+++ b/target/linux/generic/backport-4.14/295-v4.16-netfilter-don-t-allocate-space-for-decnet-hooks-unle.patch
@ -55,7 +55,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
 	default:
 		WARN_ON_ONCE(1);
 		return NULL;
-@@ -573,7 +575,9 @@ static int __net_init netfilter_net_init
+@@ -574,7 +576,9 @@ static int __net_init netfilter_net_init
 	__netfilter_net_init(net->nf.hooks_ipv6, ARRAY_SIZE(net->nf.hooks_ipv6));
 	__netfilter_net_init(net->nf.hooks_arp, ARRAY_SIZE(net->nf.hooks_arp));
 	__netfilter_net_init(net->nf.hooks_bridge, ARRAY_SIZE(net->nf.hooks_bridge));
--- a/target/linux/generic/backport-4.14/296-v4.16-netfilter-don-t-allocate-space-for-arp-bridge-hooks-.patch
+++ b/target/linux/generic/backport-4.14/296-v4.16-netfilter-don-t-allocate-space-for-arp-bridge-hooks-.patch
@ -137,7 +137,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
 	case NFPROTO_IPV4:
 		if (WARN_ON_ONCE(ARRAY_SIZE(net->nf.hooks_ipv4) <= reg->hooknum))
 			return NULL;
-@@ -573,8 +577,12 @@ static int __net_init netfilter_net_init
+@@ -574,8 +578,12 @@ static int __net_init netfilter_net_init
 {
 	__netfilter_net_init(net->nf.hooks_ipv4, ARRAY_SIZE(net->nf.hooks_ipv4));
 	__netfilter_net_init(net->nf.hooks_ipv6, ARRAY_SIZE(net->nf.hooks_ipv6));
@ -152,7 +152,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
 #endif
 --- a/net/netfilter/nf_queue.c
 +++ b/net/netfilter/nf_queue.c
-@@ -209,8 +209,10 @@ repeat:
+@@ -226,8 +226,10 @@ repeat:
 static struct nf_hook_entries *nf_hook_entries_head(const struct net *net, u8 pf, u8 hooknum)
 {
 	switch (pf) {
--- a/target/linux/generic/backport-4.14/297-v4.16-netfilter-core-pass-hook-number-family-and-device-to.patch
+++ b/target/linux/generic/backport-4.14/297-v4.16-netfilter-core-pass-hook-number-family-and-device-to.patch
@ -87,7 +87,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
 	if (!pp)
 		return -EINVAL;
-@@ -397,7 +399,7 @@ void nf_unregister_net_hook(struct net *
+@@ -398,7 +400,7 @@ void nf_unregister_net_hook(struct net *
 	struct nf_hook_entries __rcu **pp;
 	struct nf_hook_entries *p;
--- a/target/linux/generic/backport-4.14/298-v4.16-netfilter-core-add-nf_remove_net_hook.patch
+++ b/target/linux/generic/backport-4.14/298-v4.16-netfilter-core-add-nf_remove_net_hook.patch
@ -13,7 +13,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
 --- a/net/netfilter/core.c
 +++ b/net/netfilter/core.c
-@@ -356,7 +356,7 @@ int nf_register_net_hook(struct net *net
+@@ -357,7 +357,7 @@ int nf_register_net_hook(struct net *net
 EXPORT_SYMBOL(nf_register_net_hook);
 /*
@ -22,7 +22,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  *
  * @oldp: current address of hook blob
  * @unreg: hook to unregister
-@@ -364,8 +364,8 @@ EXPORT_SYMBOL(nf_register_net_hook);
+@@ -365,8 +365,8 @@ EXPORT_SYMBOL(nf_register_net_hook);
  * This cannot fail, hook unregistration must always succeed.
  * Therefore replace the to-be-removed hook with a dummy hook.
  */
@ -33,7 +33,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
 {
 	struct nf_hook_ops **orig_ops;
 	bool found = false;
-@@ -411,7 +411,7 @@ void nf_unregister_net_hook(struct net *
+@@ -412,7 +412,7 @@ void nf_unregister_net_hook(struct net *
 		return;
 	}
--- a/target/linux/generic/backport-4.14/298-v4.16-netfilter-core-pass-family-as-parameter-to-nf_remove.patch
+++ b/target/linux/generic/backport-4.14/298-v4.16-netfilter-core-pass-family-as-parameter-to-nf_remove.patch
@ -13,7 +13,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
 --- a/net/netfilter/core.c
 +++ b/net/netfilter/core.c
-@@ -365,7 +365,7 @@ EXPORT_SYMBOL(nf_register_net_hook);
+@@ -366,7 +366,7 @@ EXPORT_SYMBOL(nf_register_net_hook);
  * Therefore replace the to-be-removed hook with a dummy hook.
  */
 static void nf_remove_net_hook(struct nf_hook_entries *old,
@ -22,7 +22,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
 {
 	struct nf_hook_ops **orig_ops;
 	bool found = false;
-@@ -383,14 +383,14 @@ static void nf_remove_net_hook(struct nf
+@@ -384,14 +384,14 @@ static void nf_remove_net_hook(struct nf
 	if (found) {
 #ifdef CONFIG_NETFILTER_INGRESS
@ -40,7 +40,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
 	}
 }
-@@ -411,7 +411,7 @@ void nf_unregister_net_hook(struct net *
+@@ -412,7 +412,7 @@ void nf_unregister_net_hook(struct net *
 		return;
 	}
--- a/target/linux/generic/backport-4.14/299-v4.16-netfilter-core-support-for-NFPROTO_INET-hook-registr.patch
+++ b/target/linux/generic/backport-4.14/299-v4.16-netfilter-core-support-for-NFPROTO_INET-hook-registr.patch
@ -39,9 +39,9 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
 	if (!pp)
 		return -EINVAL;
-@@ -343,17 +344,16 @@ int nf_register_net_hook(struct net *net
+@@ -344,17 +345,16 @@ int nf_register_net_hook(struct net *net
 		return PTR_ERR(new_hooks);
 	hooks_validate(new_hooks);
 #ifdef CONFIG_NETFILTER_INGRESS
 -	if (reg->pf == NFPROTO_NETDEV && reg->hooknum == NF_NETDEV_INGRESS)
 +	if (pf == NFPROTO_NETDEV && reg->hooknum == NF_NETDEV_INGRESS)
@ -59,7 +59,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
 /*
  * nf_remove_net_hook - remove a hook from blob
-@@ -394,12 +394,13 @@ static void nf_remove_net_hook(struct nf
+@@ -395,12 +395,13 @@ static void nf_remove_net_hook(struct nf
 	}
 }
@ -75,7 +75,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
 	if (!pp)
 		return;
-@@ -411,7 +412,7 @@ void nf_unregister_net_hook(struct net *
+@@ -412,7 +413,7 @@ void nf_unregister_net_hook(struct net *
 		return;
 	}
@ -84,7 +84,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
 	p = __nf_hook_entries_try_shrink(pp);
 	mutex_unlock(&nf_hook_mutex);
-@@ -421,8 +422,42 @@ void nf_unregister_net_hook(struct net *
+@@ -422,8 +423,42 @@ void nf_unregister_net_hook(struct net *
 	nf_queue_nf_hook_drop(net);
 	nf_hook_entries_free(p);
 }
--- a/target/linux/generic/backport-4.14/306-v4.16-netfilter-remove-saveroute-indirection-in-struct-nf_.patch
+++ b/target/linux/generic/backport-4.14/306-v4.16-netfilter-remove-saveroute-indirection-in-struct-nf_.patch
@ -176,7 +176,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
 #include <linux/netfilter_bridge.h>
 #include <linux/seq_file.h>
 #include <linux/rcupdate.h>
-@@ -108,6 +110,35 @@ void nf_queue_nf_hook_drop(struct net *n
+@@ -121,6 +123,35 @@ void nf_queue_nf_hook_drop(struct net *n
 }
 EXPORT_SYMBOL_GPL(nf_queue_nf_hook_drop);
@ -212,12 +212,11 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
 static int __nf_queue(struct sk_buff *skb, const struct nf_hook_state *state,
 		      const struct nf_hook_entries *entries,
 		      unsigned int index, unsigned int queuenum)
-@@ -148,7 +179,16 @@ static int __nf_queue(struct sk_buff *sk
+@@ -165,7 +196,15 @@ static int __nf_queue(struct sk_buff *sk
- 	};
+ 		return -ENOTCONN;
 	}
 	nf_queue_entry_get_refs(entry);
 -	afinfo->saveroute(skb, entry);
 +
 +	switch (entry->state.pf) {
 +	case AF_INET:
 +		nf_ip_saveroute(skb, entry);
--- a/target/linux/generic/backport-4.14/308-v4.16-netfilter-move-reroute-indirection-to-struct-nf_ipv6.patch
+++ b/target/linux/generic/backport-4.14/308-v4.16-netfilter-move-reroute-indirection-to-struct-nf_ipv6.patch
@ -171,7 +171,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
 --- a/net/netfilter/nf_queue.c
 +++ b/net/netfilter/nf_queue.c
-@@ -271,7 +271,6 @@ void nf_reinject(struct nf_queue_entry *
+@@ -287,7 +287,6 @@ void nf_reinject(struct nf_queue_entry *
 	const struct nf_hook_entry *hook_entry;
 	const struct nf_hook_entries *hooks;
 	struct sk_buff *skb = entry->skb;
@ -179,7 +179,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
 	const struct net *net;
 	unsigned int i;
 	int err;
-@@ -298,8 +297,7 @@ void nf_reinject(struct nf_queue_entry *
+@@ -314,8 +313,7 @@ void nf_reinject(struct nf_queue_entry *
 		verdict = nf_hook_entry_hookfn(hook_entry, skb, &entry->state);
 	if (verdict == NF_ACCEPT) {
--- a/target/linux/generic/backport-4.14/309-v4.16-netfilter-remove-route_key_size-field-in-struct-nf_a.patch
+++ b/target/linux/generic/backport-4.14/309-v4.16-netfilter-remove-route_key_size-field-in-struct-nf_a.patch
@ -48,7 +48,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
 #include <net/protocol.h>
 #include <net/netfilter/nf_queue.h>
 #include <net/dst.h>
-@@ -145,9 +147,9 @@ static int __nf_queue(struct sk_buff *sk
+@@ -158,9 +160,9 @@ static int __nf_queue(struct sk_buff *sk
 {
 	int status = -ENOENT;
 	struct nf_queue_entry *entry = NULL;
@ -59,7 +59,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
 	/* QUEUE == DROP if no one is waiting, to be safe. */
 	qh = rcu_dereference(net->nf.queue_handler);
-@@ -156,11 +158,19 @@ static int __nf_queue(struct sk_buff *sk
+@@ -169,11 +171,19 @@ static int __nf_queue(struct sk_buff *sk
 		goto err;
 	}
@ -83,7 +83,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
 	if (!entry) {
 		status = -ENOMEM;
 		goto err;
-@@ -175,7 +185,7 @@ static int __nf_queue(struct sk_buff *sk
+@@ -188,7 +198,7 @@ static int __nf_queue(struct sk_buff *sk
 		.skb	= skb,
 		.state	= *state,
 		.hook_index = index,
@ -91,4 +91,4 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
 +		.size	= sizeof(*entry) + route_key_size,
 	};
- 	nf_queue_entry_get_refs(entry);
+ 	if (!nf_queue_entry_get_refs(entry)) {
--- a/target/linux/generic/backport-4.14/336-v4.15-netfilter-exit_net-cleanup-check-added.patch
+++ b/target/linux/generic/backport-4.14/336-v4.15-netfilter-exit_net-cleanup-check-added.patch
@ -62,7 +62,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
 static struct pernet_operations nfnl_log_net_ops = {
 --- a/net/netfilter/nfnetlink_queue.c
 +++ b/net/netfilter/nfnetlink_queue.c
-@@ -1511,10 +1511,15 @@ static int __net_init nfnl_queue_net_ini
+@@ -1517,10 +1517,15 @@ static int __net_init nfnl_queue_net_ini
 static void __net_exit nfnl_queue_net_exit(struct net *net)
 {
--- a/target/linux/generic/config-4.14
+++ b/target/linux/generic/config-4.14
@ -1601,6 +1601,7 @@ CONFIG_GENERIC_NET_UTILS=y
 # CONFIG_HAMACHI is not set
 # CONFIG_HAMRADIO is not set
 # CONFIG_HAPPYMEAL is not set
 CONFIG_HARDEN_BRANCH_HISTORY=y
 CONFIG_HARDENED_USERCOPY=y
 # CONFIG_HARDENED_USERCOPY_PAGESPAN is not set
 # CONFIG_HARDLOCKUP_DETECTOR is not set
--- a/target/linux/generic/hack-4.14/220-gc_sections.patch
+++ b/target/linux/generic/hack-4.14/220-gc_sections.patch
@ -67,7 +67,7 @@ Signed-off-by: Gabor Juhos <juhosg@openwrt.org>
 # but it is being used too early to link to meaningful stack_chk logic.
 --- a/arch/arm/kernel/vmlinux.lds.S
 +++ b/arch/arm/kernel/vmlinux.lds.S
-@@ -18,7 +18,7 @@
+@@ -31,7 +31,7 @@
 #define PROC_INFO							\
 	. = ALIGN(4);							\
 	VMLINUX_SYMBOL(__proc_info_begin) = .;				\
@ -76,7 +76,7 @@ Signed-off-by: Gabor Juhos <juhosg@openwrt.org>
 	VMLINUX_SYMBOL(__proc_info_end) = .;
 #define HYPERVISOR_TEXT							\
-@@ -29,11 +29,11 @@
+@@ -42,11 +42,11 @@
 #define IDMAP_TEXT							\
 	ALIGN_FUNCTION();						\
 	VMLINUX_SYMBOL(__idmap_text_start) = .;				\
@ -90,7 +90,7 @@ Signed-off-by: Gabor Juhos <juhosg@openwrt.org>
 	VMLINUX_SYMBOL(__hyp_idmap_text_end) = .;
 #ifdef CONFIG_HOTPLUG_CPU
-@@ -106,7 +106,7 @@ SECTIONS
+@@ -119,7 +119,7 @@ SECTIONS
 		_stext = .;		/* Text and read-only data	*/
 			IDMAP_TEXT
 			__exception_text_start = .;
@ -99,7 +99,7 @@ Signed-off-by: Gabor Juhos <juhosg@openwrt.org>
 			__exception_text_end = .;
 			IRQENTRY_TEXT
 			SOFTIRQENTRY_TEXT
-@@ -135,7 +135,7 @@ SECTIONS
+@@ -148,7 +148,7 @@ SECTIONS
 	__ex_table : AT(ADDR(__ex_table) - LOAD_OFFSET) {
 		__start___ex_table = .;
 #ifdef CONFIG_MMU
@ -108,7 +108,7 @@ Signed-off-by: Gabor Juhos <juhosg@openwrt.org>
 #endif
 		__stop___ex_table = .;
 	}
-@@ -147,12 +147,12 @@ SECTIONS
+@@ -160,12 +160,12 @@ SECTIONS
 	. = ALIGN(8);
 	.ARM.unwind_idx : {
 		__start_unwind_idx = .;
@ -123,24 +123,33 @@ Signed-off-by: Gabor Juhos <juhosg@openwrt.org>
 		__stop_unwind_tab = .;
 	}
 #endif
-@@ -172,14 +172,14 @@ SECTIONS
+@@ -186,13 +186,13 @@ SECTIONS
- 	 */
+ 	__vectors_lma = .;
- 	__vectors_start = .;
+ 	OVERLAY 0xffff0000 : NOCROSSREFS AT(__vectors_lma) {
- 	.vectors 0xffff0000 : AT(__vectors_start) {
+ 		.vectors {
-		*(.vectors)
+-			*(.vectors)
-+		KEEP(*(.vectors))
+			KEEP(*(.vectors))
 		}
 		.vectors.bhb.loop8 {
 -			*(.vectors.bhb.loop8)
 +			KEEP(*(.vectors.bhb.loop8))
 		}
 		.vectors.bhb.bpiall {
 -			*(.vectors.bhb.bpiall)
 +			KEEP(*(.vectors.bhb.bpiall))
 		}
 	}
- 	. = __vectors_start + SIZEOF(.vectors);
+ 	ARM_LMA(__vectors, .vectors);
- 	__vectors_end = .;
+@@ -204,7 +204,7 @@ SECTIONS
- 	__stubs_start = .;
+ 	__stubs_lma = .;
- 	.stubs ADDR(.vectors) + 0x1000 : AT(__stubs_start) {
+ 	.stubs ADDR(.vectors) + 0x1000 : AT(__stubs_lma) {
 -		*(.stubs)
 +		KEEP(*(.stubs))
 	}
- 	. = __stubs_start + SIZEOF(.stubs);
+ 	ARM_LMA(__stubs, .stubs);
- 	__stubs_end = .;
+ 	. = __stubs_lma + SIZEOF(.stubs);
-@@ -195,24 +195,24 @@ SECTIONS
+@@ -220,24 +220,24 @@ SECTIONS
 	}
 	.init.arch.info : {
 		__arch_info_begin = .;
--- a/target/linux/layerscape/patches-4.14/301-arch-support-layerscape.patch
+++ b/target/linux/layerscape/patches-4.14/301-arch-support-layerscape.patch
@ -214,7 +214,7 @@ Signed-off-by: Zhao Qiang <qiang.zhao@nxp.com>
  * address space as memory. Needed when the kernel wants to execute
 --- a/arch/arm/mm/mmu.c
 +++ b/arch/arm/mm/mmu.c
-@@ -315,6 +315,13 @@ static struct mem_type mem_types[] __ro_
+@@ -317,6 +317,13 @@ static struct mem_type mem_types[] __ro_
 		.prot_sect = PMD_TYPE_SECT | PMD_SECT_AP_WRITE,
 		.domain    = DOMAIN_KERNEL,
 	},
@ -228,7 +228,7 @@ Signed-off-by: Zhao Qiang <qiang.zhao@nxp.com>
 	[MT_ROM] = {
 		.prot_sect = PMD_TYPE_SECT,
 		.domain    = DOMAIN_KERNEL,
-@@ -651,6 +658,7 @@ static void __init build_mem_type_table(
+@@ -653,6 +660,7 @@ static void __init build_mem_type_table(
 	}
 	kern_pgprot |= PTE_EXT_AF;
 	vecs_pgprot |= PTE_EXT_AF;
@ -236,7 +236,7 @@ Signed-off-by: Zhao Qiang <qiang.zhao@nxp.com>
 	/*
 	 * Set PXN for user mappings
-@@ -679,6 +687,7 @@ static void __init build_mem_type_table(
+@@ -681,6 +689,7 @@ static void __init build_mem_type_table(
 	mem_types[MT_MEMORY_RWX].prot_pte |= kern_pgprot;
 	mem_types[MT_MEMORY_RW].prot_sect |= ecc_mask | cp->pmd;
 	mem_types[MT_MEMORY_RW].prot_pte |= kern_pgprot;
--- a/target/linux/layerscape/patches-4.14/805-qe-support-layerscape.patch
+++ b/target/linux/layerscape/patches-4.14/805-qe-support-layerscape.patch
@ -1482,7 +1482,7 @@ Signed-off-by: Zhao Qiang <qiang.zhao@nxp.com>
 #undef DEBUG
-@@ -61,16 +59,16 @@ void __par_io_config_pin(struct qe_pio_r
+@@ -63,16 +61,16 @@ void __par_io_config_pin(struct qe_pio_r
 	pin_mask1bit = (u32) (1 << (QE_PIO_PINS - (pin + 1)));
 	/* Set open drain, if required */
@ -1504,7 +1504,7 @@ Signed-off-by: Zhao Qiang <qiang.zhao@nxp.com>
 	/* get all bits mask for 2 bit per port */
 	pin_mask2bits = (u32) (0x3 << (QE_PIO_PINS -
-@@ -82,34 +80,30 @@ void __par_io_config_pin(struct qe_pio_r
+@@ -84,34 +82,30 @@ void __par_io_config_pin(struct qe_pio_r
 	/* clear and set 2 bits mask */
 	if (pin > (QE_PIO_PINS / 2) - 1) {
@ -1549,7 +1549,7 @@ Signed-off-by: Zhao Qiang <qiang.zhao@nxp.com>
 	}
 }
 EXPORT_SYMBOL(__par_io_config_pin);
-@@ -137,12 +131,12 @@ int par_io_data_set(u8 port, u8 pin, u8
+@@ -139,12 +133,12 @@ int par_io_data_set(u8 port, u8 pin, u8
 	/* calculate pin location */
 	pin_mask = (u32) (1 << (QE_PIO_PINS - 1 - pin));
--- a/target/linux/layerscape/patches-4.14/823-pm-support-layerscape.patch
+++ b/target/linux/layerscape/patches-4.14/823-pm-support-layerscape.patch
@ -25,7 +25,7 @@ Signed-off-by: Zhao Chenhui <chenhui.zhao@nxp.com>
 --- a/drivers/firmware/psci.c
 +++ b/drivers/firmware/psci.c
-@@ -437,8 +437,18 @@ CPUIDLE_METHOD_OF_DECLARE(psci, "psci",
+@@ -452,8 +452,18 @@ CPUIDLE_METHOD_OF_DECLARE(psci, "psci",
 static int psci_system_suspend(unsigned long unused)
 {
@ -46,7 +46,7 @@ Signed-off-by: Zhao Chenhui <chenhui.zhao@nxp.com>
 }
 static int psci_system_suspend_enter(suspend_state_t state)
-@@ -562,6 +572,8 @@ static void __init psci_0_2_set_function
+@@ -577,6 +587,8 @@ static void __init psci_0_2_set_function
 	arm_pm_restart = psci_sys_reset;
 	pm_power_off = psci_sys_poweroff;