diff --git a/be3892284ca77a69615351b106b8dfbadad.patch b/be3892284ca77a69615351b106b8dfbadad.patch deleted file mode 100644 index 1cab9022a..000000000 --- a/be3892284ca77a69615351b106b8dfbadad.patch +++ /dev/null @@ -1,1188 +0,0 @@ -From be3892284ca77a69615351b106b8dfbadad728c4 Mon Sep 17 00:00:00 2001 -From: Eneas U de Queiroz -Date: Mon, 22 Oct 2018 11:32:56 -0300 -Subject: [PATCH] openssl: add configuration options, disable ssl3 - -Adds the following configuration options: -* using optimized assembler code (was always on before) -* use of x86 SSE2 instructions -* dyanic engine support -* include error messages -* Camellia, Gost, Idea, MDC2, Seed & Whirlpool algorithms -* RFC3779, CMS protocols -* VIA padlock hardware acceleration engine - -Installs openssl.cnf with the library as it is used by engines -independent of the openssl util. - -Fixes DTLS option that was innefective before. - -Disables insecure SSL3 protocol and SHA0. - -Adds openwrt-specific targets to Configure script, including asm support -for i386, ppc and mips64. - -Strips building dirs from CFLAGS shown in binary. - -Skips the fuzz directory during build. - -Removed include/crypto/devcrypto.h that was included here, to use the -cryptodev-linux package, now that it was been moved from the packages -feed to the main openwrt repository. - -This decreses the size of the ipk binray on MIPS32 by about 3.3%: -old: -706.957 bin/packages/mips_24kc/base/libopenssl1.0.0_1.0.2q-2_mips_24kc.ipk -199.294 bin/packages/mips_24kc/base/openssl-util_1.0.2q-2_mips_24kc.ipk - -new: -693.941 bin/packages/mips_24kc/base/libopenssl1.0.0_1.0.2q-2_mips_24kc.ipk -193.827 bin/packages/mips_24kc/base/openssl-util_1.0.2q-2_mips_24kc.ipk - -Signed-off-by: Eneas U de Queiroz ---- - package/libs/openssl/Config.in | 206 ++++++++++-- - package/libs/openssl/Makefile | 182 ++++++++--- - .../libs/openssl/include/crypto/cryptodev.h | 292 ------------------ - .../openssl/patches/100-openwrt_targets.patch | 44 +++ - .../patches/110-optimize-for-size.patch | 16 - - ...30-perl-path.patch => 110-perl-path.patch} | 0 - ...ile-dirs.patch => 120-makefile-dirs.patch} | 2 +- - ...ests.patch => 130-disable_doc_tests.patch} | 0 - ...70-bash_path.patch => 140-bash_path.patch} | 0 - ...ault.patch => 150-fix_link_segfault.patch} | 0 - .../libs/openssl/patches/150-no_engines.patch | 81 ----- - ...patch => 160-remove_timestamp_check.patch} | 0 - ...l_build.patch => 170-parallel_build.patch} | 8 +- - .../180-strip-cflags-from-binary.patch | 21 ++ - 14 files changed, 376 insertions(+), 476 deletions(-) - delete mode 100644 package/libs/openssl/include/crypto/cryptodev.h - create mode 100644 package/libs/openssl/patches/100-openwrt_targets.patch - delete mode 100644 package/libs/openssl/patches/110-optimize-for-size.patch - rename package/libs/openssl/patches/{130-perl-path.patch => 110-perl-path.patch} (100%) - rename package/libs/openssl/patches/{140-makefile-dirs.patch => 120-makefile-dirs.patch} (83%) - rename package/libs/openssl/patches/{160-disable_doc_tests.patch => 130-disable_doc_tests.patch} (100%) - rename package/libs/openssl/patches/{170-bash_path.patch => 140-bash_path.patch} (100%) - rename package/libs/openssl/patches/{180-fix_link_segfault.patch => 150-fix_link_segfault.patch} (100%) - delete mode 100644 package/libs/openssl/patches/150-no_engines.patch - rename package/libs/openssl/patches/{190-remove_timestamp_check.patch => 160-remove_timestamp_check.patch} (100%) - rename package/libs/openssl/patches/{200-parallel_build.patch => 170-parallel_build.patch} (97%) - create mode 100644 package/libs/openssl/patches/180-strip-cflags-from-binary.patch - -diff --git a/package/libs/openssl/Config.in b/package/libs/openssl/Config.in -index c39e28510f0..fe732299157 100644 ---- a/package/libs/openssl/Config.in -+++ b/package/libs/openssl/Config.in -@@ -1,72 +1,216 @@ - if PACKAGE_libopenssl - --config OPENSSL_WITH_EC -+comment "Build Options" -+ -+config OPENSSL_OPTIMIZE_SPEED -+ bool -+ prompt "Enable optimization for speed instead of size" -+ select OPENSSL_WITH_ASM -+ help -+ Enabling this option increases code size (around 20%) and -+ performance. The increase in performance and size depends on the -+ target CPU. EC and AES seem to benefit the most, with EC speed -+ increased by 20%-50% (mipsel & x86). -+ AES-GCM is supposed to be 3x faster on x86. YMMV. -+ -+config OPENSSL_WITH_ASM - bool - default y -- prompt "Enable elliptic curve support" -+ prompt "Compile with optimized assembly code" -+ depends on !arc -+ help -+ Disabling this option will reduce code size and performance. -+ The increase in performance and size depends on the target -+ CPU and on the algorithms being optimized. As of 1.1.0i*: - --config OPENSSL_WITH_EC2M -- bool -- depends on OPENSSL_WITH_EC -- prompt "Enable ec2m support" -+ Platform Pkg Inc. Algorithms where assembly is used - ~% Speed Increase -+ aarch64 174K BN, aes, sha1, sha256, sha512, nist256, poly1305 -+ arm 152K BN, aes, sha1, sha256, sha512, nist256, poly1305 -+ i386 183K BN+147%, aes+300%, rc4+55%, sha1+160%, sha256+114%, sha512+270%, nist256+282%, poly1305+292% -+ mipsel 1.5K BN+97%, aes+4%, sha1+94%, sha256+60% -+ mips64 3.7K BN, aes, sha1, sha256, sha512, poly1305 -+ powerpc 20K BN, aes, sha1, sha256, sha512, poly1305 -+ x86_64 228K BN+220%, aes+173%, rc4+38%, sha1+40%, sha256+64%, sha512+31%, nist256+354%, poly1305+228% - --config OPENSSL_WITH_SSL3 -+ * Only most common algorithms shown. Your mileage may vary. -+ BN (bignum) performance was measured using RSA sign/verify. -+ -+config OPENSSL_WITH_SSE2 - bool -- default n -- prompt "Enable sslv3 support" -+ default y if !TARGET_x86_legacy && !TARGET_x86_geode -+ prompt "Enable use of x86 SSE2 instructions" -+ depends on OPENSSL_WITH_ASM && i386 -+ help -+ Use of SSE2 instructions greatly increase performance (up to -+ 3x faster) with a minimum (~0.2%, or 23KB) increase in package -+ size, but it will bring no benefit if your hardware does not -+ support them, such as Geode GX and LX. In this case you may -+ save 23KB by saying yes here. AMD Geode NX, and Intel -+ Pentium 4 and above support SSE2. - - config OPENSSL_WITH_DEPRECATED - bool - default y -- prompt "Include deprecated APIs" -+ prompt "Include deprecated APIs (See help for a list of packages that need this)" -+ help -+ Squid currently requires this. - - config OPENSSL_NO_DEPRECATED - bool - default !OPENSSL_WITH_DEPRECATED - --config OPENSSL_WITH_DTLS -+config OPENSSL_WITH_ERROR_MESSAGES - bool -- default n -- prompt "Enable DTLS support" -+ prompt "Include error messages" -+ help -+ This option aids debugging, but increases package size and -+ memory usage. - --config OPENSSL_WITH_COMPRESSION -+comment "Protocol Support" -+ -+config OPENSSL_WITH_DTLS - bool -- default n -- prompt "Enable compression support" -+ prompt "Enable DTLS support" -+ help -+ Datagram Transport Layer Security (DTLS) provides TLS-like security -+ for datagram-based (UDP, DCCP, CAPWAP, SCTP & SRTP) applications. - - config OPENSSL_WITH_NPN - bool - default y - prompt "Enable NPN support" -+ help -+ NPN is a TLS extension, obsoleted and replaced with ALPN, -+ used to negotiate SPDY, and HTTP/2. -+ -+config OPENSSL_WITH_SRP -+ bool -+ default y -+ prompt "Enable SRP support" -+ help -+ The Secure Remote Password protocol (SRP) is an augmented -+ password-authenticated key agreement (PAKE) protocol, specifically -+ designed to work around existing patents. -+ -+config OPENSSL_WITH_CMS -+ bool -+ default y -+ prompt "Enable CMS (RFC 5652) support" -+ help -+ Cryptographic Message Syntax (CMS) is used to digitally sign, -+ digest, authenticate, or encrypt arbitrary message content. -+ -+comment "Algorithm Selection" -+ -+config OPENSSL_WITH_EC -+ bool -+ default y -+ prompt "Enable elliptic curve support" -+ help -+ Elliptic-curve cryptography (ECC) is an approach to public-key -+ cryptography based on the algebraic structure of elliptic curves -+ over finite fields. ECC requires smaller keys compared to non-ECC -+ cryptography to provide equivalent security. -+ -+config OPENSSL_WITH_EC2M -+ bool -+ depends on OPENSSL_WITH_EC -+ prompt "Enable ec2m support" -+ help -+ This option enables the more efficient, yet less common, binary -+ field elliptic curves. - - config OPENSSL_WITH_PSK - bool - default y - prompt "Enable PSK support" -+ help -+ Build support for Pre-Shared Key based cipher suites. - --config OPENSSL_WITH_SRP -+comment "Less commonly used build options" -+ -+config OPENSSL_WITH_CAMELLIA - bool -- default y -- prompt "Enable SRP support" -+ prompt "Enable Camellia cipher support" -+ help -+ Camellia is a bock cipher with security levels and processing -+ abilities comparable to AES. - --config OPENSSL_ENGINE_DIGEST -+config OPENSSL_WITH_IDEA - bool -- depends on OPENSSL_ENGINE_CRYPTO -- prompt "Digests acceleration support" -+ prompt "Enable IDEA cipher support" -+ help -+ IDEA is a block cipher with 128-bit keys. - --config OPENSSL_HARDWARE_SUPPORT -+config OPENSSL_WITH_SEED - bool -- default n -- prompt "Enable hardware support" -+ prompt "Enable SEED cipher support" -+ help -+ SEED is a block cipher with 128-bit keys broadly used in -+ South Korea, but seldom found elsewhere. - --config OPENSSL_OPTIMIZE_SPEED -+config OPENSSL_WITH_MDC2 - bool -- default n -- prompt "Enable optimization for speed instead of size" -+ prompt "Enable MDC2 digest support" - --endif -+config OPENSSL_WITH_WHIRLPOOL -+ bool -+ prompt "Enable Whirlpool digest support" -+ -+config OPENSSL_WITH_COMPRESSION -+ bool -+ prompt "Enable compression support" -+ help -+ TLS compression is not recommended, as it is deemed insecure. -+ The CRIME attack exploits this weakness. -+ Even with this option turned on, it is disabled by default, and the -+ application must explicitly turn it on. -+ -+config OPENSSL_WITH_RFC3779 -+ bool -+ prompt "Enable RFC3779 support (BGP)" -+ help -+ RFC 3779 defines two X.509 v3 certificate extensions. The first -+ binds a list of IP address blocks, or prefixes, to the subject of a -+ certificate. The second binds a list of autonomous system -+ identifiers to the subject of a certificate. These extensions may be -+ used to convey the authorization of the subject to use the IP -+ addresses and autonomous system identifiers contained in the -+ extensions. -+ -+comment "Engine/Hardware Support" -+ -+config OPENSSL_ENGINE -+ bool "Enable engine support" -+ help -+ This enables alternative cryptography implementations, -+ most commonly for interfacing with external crypto devices, -+ or supporting new/alternative ciphers and digests. - - config OPENSSL_ENGINE_CRYPTO - bool -- select OPENSSL_HARDWARE_SUPPORT -- prompt "Crypto acceleration support" if PACKAGE_libopenssl -+ select OPENSSL_ENGINE -+ select PACKAGE_kmod-cryptodev -+ prompt "Acceleration support through /dev/crypto" -+ help -+ This enables use of hardware acceleration through OpenBSD -+ Cryptodev API (/dev/crypto) interface. -+ You must install kmod-cryptodev (under Kernel modules, Cryptographic -+ API modules) for /dev/crypto to show up and use hardware -+ acceleration; otherwise it falls back to software. -+ -+config OPENSSL_ENGINE_DIGEST -+ bool -+ depends on OPENSSL_ENGINE_CRYPTO -+ prompt "/dev/crypto digest (md5/sha1) acceleration support" -+ -+config OPENSSL_WITH_GOST -+ bool -+ prompt "Prepare library for GOST engine" -+ depends on OPENSSL_ENGINE -+ help -+ This option prepares the library to accept engine support -+ for Russian GOST crypto algorithms. -+ -+endif -+ -diff --git a/package/libs/openssl/Makefile b/package/libs/openssl/Makefile -index 71c2c9c028f..d9b1de2581e 100644 ---- a/package/libs/openssl/Makefile -+++ b/package/libs/openssl/Makefile -@@ -15,7 +15,7 @@ PKG_RELEASE:=2 - PKG_USE_MIPS16:=0 - - PKG_BUILD_PARALLEL:=0 -- -+PKG_BUILD_DEPENDS:=cryptodev-linux - - PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz - PKG_SOURCE_URL:= \ -@@ -25,24 +25,35 @@ PKG_SOURCE_URL:= \ - http://www.openssl.org/source/ \ - http://www.openssl.org/source/old/$(PKG_BASE)/ - PKG_HASH:=5744cfcbcec2b1b48629f7354203bc1e5e9b5466998bbccc5b5fcde3b18eb684 -+ENGINES_DIR=engines - - PKG_LICENSE:=OpenSSL - PKG_LICENSE_FILES:=LICENSE - PKG_CPE_ID:=cpe:/a:openssl:openssl - PKG_CONFIG_DEPENDS:= \ -+ CONFIG_OPENSSL_ENGINE \ - CONFIG_OPENSSL_ENGINE_CRYPTO \ - CONFIG_OPENSSL_ENGINE_DIGEST \ -- CONFIG_OPENSSL_WITH_EC \ -- CONFIG_OPENSSL_WITH_EC2M \ -- CONFIG_OPENSSL_WITH_SSL3 \ -- CONFIG_OPENSSL_HARDWARE_SUPPORT \ - CONFIG_OPENSSL_NO_DEPRECATED \ -- CONFIG_OPENSSL_WITH_DTLS \ -+ CONFIG_OPENSSL_OPTIMIZE_SPEED \ -+ CONFIG_OPENSSL_WITH_ASM \ -+ CONFIG_OPENSSL_WITH_CAMELLIA \ -+ CONFIG_OPENSSL_WITH_CMS \ - CONFIG_OPENSSL_WITH_COMPRESSION \ -+ CONFIG_OPENSSL_WITH_DTLS \ -+ CONFIG_OPENSSL_WITH_EC \ -+ CONFIG_OPENSSL_WITH_EC2M \ -+ CONFIG_OPENSSL_WITH_ERROR_MESSAGES \ -+ CONFIG_OPENSSL_WITH_GOST \ -+ CONFIG_OPENSSL_WITH_IDEA \ -+ CONFIG_OPENSSL_WITH_MDC2 \ - CONFIG_OPENSSL_WITH_NPN \ - CONFIG_OPENSSL_WITH_PSK \ -+ CONFIG_OPENSSL_WITH_RFC3779 \ -+ CONFIG_OPENSSL_WITH_SEED \ - CONFIG_OPENSSL_WITH_SRP \ -- CONFIG_OPENSSL_OPTIMIZE_SPEED -+ CONFIG_OPENSSL_WITH_SSE2 \ -+ CONFIG_OPENSSL_WITH_WHIRLPOOL - - include $(INCLUDE_DIR)/package.mk - -@@ -54,6 +65,8 @@ endif - define Package/openssl/Default - TITLE:=Open source SSL toolkit - URL:=http://www.openssl.org/ -+ SECTION:=libs -+ CATEGORY:=Libraries - endef - - define Package/libopenssl/config -@@ -62,16 +75,14 @@ endef - - define Package/openssl/Default/description - The OpenSSL Project is a collaborative effort to develop a robust, --commercial-grade, full-featured, and Open Source toolkit implementing the Secure --Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well --as a full-strength general purpose cryptography library. -+commercial-grade, full-featured, and Open Source toolkit implementing the -+Transport Layer Security (TLS) protocol as well as a full-strength -+general-purpose cryptography library. - endef - - define Package/libopenssl - $(call Package/openssl/Default) -- SECTION:=libs - SUBMENU:=SSL -- CATEGORY:=Libraries - DEPENDS:=+OPENSSL_WITH_COMPRESSION:zlib - TITLE+= (libraries) - ABI_VERSION:=1.0.0 -@@ -100,19 +111,35 @@ $(call Package/openssl/Default/description) - This package contains the OpenSSL command-line utility. - endef - -+define Package/libopenssl-gost -+ $(call Package/openssl/Default) -+ SUBMENU:=SSL -+ TITLE:=Russian GOST algorithms engine -+ DEPENDS:=libopenssl +@OPENSSL_WITH_GOST -+endef -+ -+define Package/libopenssl-gost/description -+This package adds an engine that enables Russian GOST algorithms. -+To use it, you need to configure the engine in /etc/ssl/openssl.cnf -+See https://www.openssl.org/docs/man1.0.2/apps/config.html#ENGINE-CONFIGURATION-MODULE -+The engine_id is "gost" -+endef - --OPENSSL_NO_CIPHERS:= no-idea no-md2 no-mdc2 no-rc5 no-sha0 no-camellia no-krb5 \ -- no-whrlpool no-whirlpool no-seed no-jpake --OPENSSL_OPTIONS:= shared no-err no-sse2 no-ssl2 no-ssl2-method no-heartbeats -+define Package/libopenssl-padlock -+ $(call Package/openssl/Default) -+ SUBMENU:=SSL -+ TITLE:=VIA Padlock hardware acceleration engine -+ DEPENDS:=libopenssl @OPENSSL_ENGINE @TARGET_x86 +kmod-crypto-hw-padlock -+endef - --ifdef CONFIG_OPENSSL_ENGINE_CRYPTO -- OPENSSL_OPTIONS += -DHAVE_CRYPTODEV -- ifdef CONFIG_OPENSSL_ENGINE_DIGEST -- OPENSSL_OPTIONS += -DUSE_CRYPTODEV_DIGESTS -- endif --else -- OPENSSL_OPTIONS += no-engines --endif -+define Package/libopenssl-padlock/description -+This package adds an engine that enables VIA Padlock hardware acceleration. -+To use it, you need to configure it in /etc/ssl/openssl.cnf. -+See https://www.openssl.org/docs/man1.0.2/apps/config.html#ENGINE-CONFIGURATION-MODULE -+The engine_id is "padlock" -+endef -+ -+OPENSSL_OPTIONS:= shared no-heartbeats no-sha0 no-ssl2-method no-ssl3-method - - ifndef CONFIG_OPENSSL_WITH_EC - OPENSSL_OPTIONS += no-ec -@@ -122,20 +149,70 @@ ifndef CONFIG_OPENSSL_WITH_EC2M - OPENSSL_OPTIONS += no-ec2m - endif - --ifndef CONFIG_OPENSSL_WITH_SSL3 -- OPENSSL_OPTIONS += no-ssl3 no-ssl3-method -+ifndef CONFIG_OPENSSL_WITH_ERROR_MESSAGES -+ OPENSSL_OPTIONS += no-err -+endif -+ -+ifndef CONFIG_OPENSSL_WITH_CAMELLIA -+ OPENSSL_OPTIONS += no-camellia -+endif -+ -+ifndef CONFIG_OPENSSL_WITH_IDEA -+ OPENSSL_OPTIONS += no-idea -+endif -+ -+ifndef CONFIG_OPENSSL_WITH_SEED -+ OPENSSL_OPTIONS += no-seed - endif - --ifndef CONFIG_OPENSSL_HARDWARE_SUPPORT -- OPENSSL_OPTIONS += no-hw -+ifndef CONFIG_OPENSSL_WITH_MDC2 -+ OPENSSL_OPTIONS += no-mdc2 -+endif -+ -+ifndef CONFIG_OPENSSL_WITH_WHIRLPOOL -+ OPENSSL_OPTIONS += no-whirlpool -+endif -+ -+ifndef CONFIG_OPENSSL_WITH_CMS -+ OPENSSL_OPTIONS += no-cms -+endif -+ -+ifdef CONFIG_OPENSSL_WITH_RFC3779 -+ OPENSSL_OPTIONS += enable-rfc3779 - endif - - ifdef CONFIG_OPENSSL_NO_DEPRECATED - OPENSSL_OPTIONS += no-deprecated - endif - -+ifeq ($(CONFIG_OPENSSL_OPTIMIZE_SPEED),y) -+ TARGET_CFLAGS := $(filter-out -O%,$(TARGET_CFLAGS)) -O3 -+else -+ OPENSSL_OPTIONS += -DOPENSSL_SMALL_FOOTPRINT -+endif -+ -+ifdef CONFIG_OPENSSL_ENGINE -+ ifdef CONFIG_OPENSSL_ENGINE_CRYPTO -+ OPENSSL_OPTIONS += -DHAVE_CRYPTODEV -+ ifdef CONFIG_OPENSSL_ENGINE_DIGEST -+ OPENSSL_OPTIONS += -DUSE_CRYPTODEV_DIGESTS -+ endif -+ endif -+ ifndef CONFIG_PACKAGE_libopenssl-padlock -+ OPENSSL_OPTIONS += no-hw-padlock -+ endif -+else -+ OPENSSL_OPTIONS += no-engine -+endif -+ -+ifndef CONFIG_OPENSSL_WITH_GOST -+ OPENSSL_OPTIONS += no-gost -+endif -+ -+# Even with no-dtls and no-dtls1 options, the library keeps the DTLS code, -+# but openssl util gets built without it - ifndef CONFIG_OPENSSL_WITH_DTLS -- OPENSSL_OPTIONS += no-dtls -+ OPENSSL_OPTIONS += no-dtls no-dtls1 - endif - - ifdef CONFIG_OPENSSL_WITH_COMPRESSION -@@ -156,27 +233,18 @@ ifndef CONFIG_OPENSSL_WITH_SRP - OPENSSL_OPTIONS += no-srp - endif - --ifeq ($(CONFIG_OPENSSL_OPTIMIZE_SPEED),y) -- TARGET_CFLAGS := $(filter-out -Os,$(TARGET_CFLAGS)) -O3 -+ifndef CONFIG_OPENSSL_WITH_ASM -+ OPENSSL_OPTIONS += no-asm - endif - --ifeq ($(CONFIG_x86_64),y) -- OPENSSL_TARGET:=linux-x86_64-openwrt -- OPENSSL_MAKEFLAGS += LIBDIR=lib --else -- OPENSSL_OPTIONS+=no-sse2 -- ifeq ($(CONFIG_mips)$(CONFIG_mipsel),y) -- OPENSSL_TARGET:=linux-mips-openwrt -- else ifeq ($(CONFIG_aarch64),y) -- OPENSSL_TARGET:=linux-aarch64-openwrt -- else ifeq ($(CONFIG_arm)$(CONFIG_armeb),y) -- OPENSSL_TARGET:=linux-armv4-openwrt -- else -- OPENSSL_TARGET:=linux-generic-openwrt -- OPENSSL_OPTIONS+=no-perlasm -+ifdef CONFIG_i386 -+ ifndef CONFIG_OPENSSL_WITH_SSE2 -+ OPENSSL_OPTIONS += no-sse2 - endif - endif - -+OPENSSL_TARGET:=linux-$(call qstrip,$(CONFIG_ARCH))-openwrt -+ - STAMP_CONFIGURED := $(STAMP_CONFIGURED)_$(shell echo $(OPENSSL_OPTIONS) | mkhash md5) - - define Build/Configure -@@ -187,11 +255,10 @@ define Build/Configure - (cd $(PKG_BUILD_DIR); \ - ./Configure $(OPENSSL_TARGET) \ - --prefix=/usr \ -+ --libdir=lib \ - --openssldir=/etc/ssl \ - $(TARGET_CPPFLAGS) \ -- $(TARGET_LDFLAGS) -ldl \ -- $(if $(CONFIG_OPENSSL_OPTIMIZE_SPEED),,-DOPENSSL_SMALL_FOOTPRINT) \ -- $(OPENSSL_NO_CIPHERS) \ -+ $(TARGET_LDFLAGS) \ - $(OPENSSL_OPTIONS) \ - ) - +$(MAKE) $(PKG_JOBS) -C $(PKG_BUILD_DIR) \ -@@ -202,7 +269,7 @@ define Build/Configure - depend - endef - --TARGET_CFLAGS += $(FPIC) -I$(CURDIR)/include -ffunction-sections -fdata-sections -+TARGET_CFLAGS += $(FPIC) -ffunction-sections -fdata-sections - TARGET_LDFLAGS += -Wl,--gc-sections - - define Build/Compile -@@ -251,20 +318,33 @@ define Build/InstallDev - endef - - define Package/libopenssl/install -+ $(INSTALL_DIR) $(1)/etc/ssl/certs -+ $(INSTALL_DIR) $(1)/etc/ssl/private -+ chmod 0700 $(1)/etc/ssl/private - $(INSTALL_DIR) $(1)/usr/lib - $(INSTALL_DATA) $(PKG_INSTALL_DIR)/usr/lib/libcrypto.so.* $(1)/usr/lib/ - $(INSTALL_DATA) $(PKG_INSTALL_DIR)/usr/lib/libssl.so.* $(1)/usr/lib/ -+ $(if $(CONFIG_OPENSSL_ENGINE),$(INSTALL_DIR) $(1)/usr/lib/$(ENGINES_DIR)) - endef - - define Package/openssl-util/install - $(INSTALL_DIR) $(1)/etc/ssl - $(CP) $(PKG_INSTALL_DIR)/etc/ssl/openssl.cnf $(1)/etc/ssl/ -- $(INSTALL_DIR) $(1)/etc/ssl/certs -- $(INSTALL_DIR) $(1)/etc/ssl/private -- chmod 0700 $(1)/etc/ssl/private - $(INSTALL_DIR) $(1)/usr/bin - $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/openssl $(1)/usr/bin/ - endef - -+define Package/libopenssl-padlock/install -+ $(INSTALL_DIR) $(1)/usr/lib/$(ENGINES_DIR) -+ $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/lib/$(ENGINES_DIR)/*padlock.so $(1)/usr/lib/$(ENGINES_DIR) -+endef -+ -+define Package/libopenssl-gost/install -+ $(INSTALL_DIR) $(1)/usr/lib/$(ENGINES_DIR) -+ $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/lib/$(ENGINES_DIR)/libgost.so $(1)/usr/lib/$(ENGINES_DIR) -+endef -+ - $(eval $(call BuildPackage,libopenssl)) -+$(eval $(call BuildPackage,libopenssl-gost)) -+$(eval $(call BuildPackage,libopenssl-padlock)) - $(eval $(call BuildPackage,openssl-util)) -diff --git a/package/libs/openssl/include/crypto/cryptodev.h b/package/libs/openssl/include/crypto/cryptodev.h -deleted file mode 100644 -index 7fb9c7dcdae..00000000000 ---- a/package/libs/openssl/include/crypto/cryptodev.h -+++ /dev/null -@@ -1,292 +0,0 @@ --/* This is a source compatible implementation with the original API of -- * cryptodev by Angelos D. Keromytis, found at openbsd cryptodev.h. -- * Placed under public domain */ -- --#ifndef L_CRYPTODEV_H --#define L_CRYPTODEV_H -- --#include --#ifndef __KERNEL__ --#define __user --#endif -- --/* API extensions for linux */ --#define CRYPTO_HMAC_MAX_KEY_LEN 512 --#define CRYPTO_CIPHER_MAX_KEY_LEN 64 -- --/* All the supported algorithms -- */ --enum cryptodev_crypto_op_t { -- CRYPTO_DES_CBC = 1, -- CRYPTO_3DES_CBC = 2, -- CRYPTO_BLF_CBC = 3, -- CRYPTO_CAST_CBC = 4, -- CRYPTO_SKIPJACK_CBC = 5, -- CRYPTO_MD5_HMAC = 6, -- CRYPTO_SHA1_HMAC = 7, -- CRYPTO_RIPEMD160_HMAC = 8, -- CRYPTO_MD5_KPDK = 9, -- CRYPTO_SHA1_KPDK = 10, -- CRYPTO_RIJNDAEL128_CBC = 11, -- CRYPTO_AES_CBC = CRYPTO_RIJNDAEL128_CBC, -- CRYPTO_ARC4 = 12, -- CRYPTO_MD5 = 13, -- CRYPTO_SHA1 = 14, -- CRYPTO_DEFLATE_COMP = 15, -- CRYPTO_NULL = 16, -- CRYPTO_LZS_COMP = 17, -- CRYPTO_SHA2_256_HMAC = 18, -- CRYPTO_SHA2_384_HMAC = 19, -- CRYPTO_SHA2_512_HMAC = 20, -- CRYPTO_AES_CTR = 21, -- CRYPTO_AES_XTS = 22, -- CRYPTO_AES_ECB = 23, -- CRYPTO_AES_GCM = 50, -- -- CRYPTO_CAMELLIA_CBC = 101, -- CRYPTO_RIPEMD160, -- CRYPTO_SHA2_224, -- CRYPTO_SHA2_256, -- CRYPTO_SHA2_384, -- CRYPTO_SHA2_512, -- CRYPTO_SHA2_224_HMAC, -- CRYPTO_ALGORITHM_ALL, /* Keep updated - see below */ --}; -- --#define CRYPTO_ALGORITHM_MAX (CRYPTO_ALGORITHM_ALL - 1) -- --/* Values for ciphers */ --#define DES_BLOCK_LEN 8 --#define DES3_BLOCK_LEN 8 --#define RIJNDAEL128_BLOCK_LEN 16 --#define AES_BLOCK_LEN RIJNDAEL128_BLOCK_LEN --#define CAMELLIA_BLOCK_LEN 16 --#define BLOWFISH_BLOCK_LEN 8 --#define SKIPJACK_BLOCK_LEN 8 --#define CAST128_BLOCK_LEN 8 -- --/* the maximum of the above */ --#define EALG_MAX_BLOCK_LEN 16 -- --/* Values for hashes/MAC */ --#define AALG_MAX_RESULT_LEN 64 -- --/* maximum length of verbose alg names (depends on CRYPTO_MAX_ALG_NAME) */ --#define CRYPTODEV_MAX_ALG_NAME 64 -- --#define HASH_MAX_LEN 64 -- --/* input of CIOCGSESSION */ --struct session_op { -- /* Specify either cipher or mac -- */ -- __u32 cipher; /* cryptodev_crypto_op_t */ -- __u32 mac; /* cryptodev_crypto_op_t */ -- -- __u32 keylen; -- __u8 __user *key; -- __u32 mackeylen; -- __u8 __user *mackey; -- -- __u32 ses; /* session identifier */ --}; -- --struct session_info_op { -- __u32 ses; /* session identifier */ -- -- /* verbose names for the requested ciphers */ -- struct alg_info { -- char cra_name[CRYPTODEV_MAX_ALG_NAME]; -- char cra_driver_name[CRYPTODEV_MAX_ALG_NAME]; -- } cipher_info, hash_info; -- -- __u16 alignmask; /* alignment constraints */ -- __u32 flags; /* SIOP_FLAGS_* */ --}; -- --/* If this flag is set then this algorithm uses -- * a driver only available in kernel (software drivers, -- * or drivers based on instruction sets do not set this flag). -- * -- * If multiple algorithms are involved (as in AEAD case), then -- * if one of them is kernel-driver-only this flag will be set. -- */ --#define SIOP_FLAG_KERNEL_DRIVER_ONLY 1 -- --#define COP_ENCRYPT 0 --#define COP_DECRYPT 1 -- --/* input of CIOCCRYPT */ --struct crypt_op { -- __u32 ses; /* session identifier */ -- __u16 op; /* COP_ENCRYPT or COP_DECRYPT */ -- __u16 flags; /* see COP_FLAG_* */ -- __u32 len; /* length of source data */ -- __u8 __user *src; /* source data */ -- __u8 __user *dst; /* pointer to output data */ -- /* pointer to output data for hash/MAC operations */ -- __u8 __user *mac; -- /* initialization vector for encryption operations */ -- __u8 __user *iv; --}; -- --/* input of CIOCAUTHCRYPT */ --struct crypt_auth_op { -- __u32 ses; /* session identifier */ -- __u16 op; /* COP_ENCRYPT or COP_DECRYPT */ -- __u16 flags; /* see COP_FLAG_AEAD_* */ -- __u32 len; /* length of source data */ -- __u32 auth_len; /* length of auth data */ -- __u8 __user *auth_src; /* authenticated-only data */ -- -- /* The current implementation is more efficient if data are -- * encrypted in-place (src==dst). */ -- __u8 __user *src; /* data to be encrypted and authenticated */ -- __u8 __user *dst; /* pointer to output data. Must have -- * space for tag. For TLS this should be at least -- * len + tag_size + block_size for padding */ -- -- __u8 __user *tag; /* where the tag will be copied to. TLS mode -- * doesn't use that as tag is copied to dst. -- * SRTP mode copies tag there. */ -- __u32 tag_len; /* the length of the tag. Use zero for digest size or max tag. */ -- -- /* initialization vector for encryption operations */ -- __u8 __user *iv; -- __u32 iv_len; --}; -- --/* In plain AEAD mode the following are required: -- * flags : 0 -- * iv : the initialization vector (12 bytes) -- * auth_len: the length of the data to be authenticated -- * auth_src: the data to be authenticated -- * len : length of data to be encrypted -- * src : the data to be encrypted -- * dst : space to hold encrypted data. It must have -- * at least a size of len + tag_size. -- * tag_size: the size of the desired authentication tag or zero to use -- * the maximum tag output. -- * -- * Note tag isn't being used because the Linux AEAD interface -- * copies the tag just after data. -- */ -- --/* In TLS mode (used for CBC ciphers that required padding) -- * the following are required: -- * flags : COP_FLAG_AEAD_TLS_TYPE -- * iv : the initialization vector -- * auth_len: the length of the data to be authenticated only -- * len : length of data to be encrypted -- * auth_src: the data to be authenticated -- * src : the data to be encrypted -- * dst : space to hold encrypted data (preferably in-place). It must have -- * at least a size of len + tag_size + blocksize. -- * tag_size: the size of the desired authentication tag or zero to use -- * the default mac output. -- * -- * Note that the padding used is the minimum padding. -- */ -- --/* In SRTP mode the following are required: -- * flags : COP_FLAG_AEAD_SRTP_TYPE -- * iv : the initialization vector -- * auth_len: the length of the data to be authenticated. This must -- * include the SRTP header + SRTP payload (data to be encrypted) + rest -- * -- * len : length of data to be encrypted -- * auth_src: pointer the data to be authenticated. Should point at the same buffer as src. -- * src : pointer to the data to be encrypted. -- * dst : This is mandatory to be the same as src (in-place only). -- * tag_size: the size of the desired authentication tag or zero to use -- * the default mac output. -- * tag : Pointer to an address where the authentication tag will be copied. -- */ -- -- --/* struct crypt_op flags */ -- --#define COP_FLAG_NONE (0 << 0) /* totally no flag */ --#define COP_FLAG_UPDATE (1 << 0) /* multi-update hash mode */ --#define COP_FLAG_FINAL (1 << 1) /* multi-update final hash mode */ --#define COP_FLAG_WRITE_IV (1 << 2) /* update the IV during operation */ --#define COP_FLAG_NO_ZC (1 << 3) /* do not zero-copy */ --#define COP_FLAG_AEAD_TLS_TYPE (1 << 4) /* authenticate and encrypt using the -- * TLS protocol rules */ --#define COP_FLAG_AEAD_SRTP_TYPE (1 << 5) /* authenticate and encrypt using the -- * SRTP protocol rules */ --#define COP_FLAG_RESET (1 << 6) /* multi-update reset the state. -- * should be used in combination -- * with COP_FLAG_UPDATE */ -- -- --/* Stuff for bignum arithmetic and public key -- * cryptography - not supported yet by linux -- * cryptodev. -- */ -- --#define CRYPTO_ALG_FLAG_SUPPORTED 1 --#define CRYPTO_ALG_FLAG_RNG_ENABLE 2 --#define CRYPTO_ALG_FLAG_DSA_SHA 4 -- --struct crparam { -- __u8 *crp_p; -- __u32 crp_nbits; --}; -- --#define CRK_MAXPARAM 8 -- --/* input of CIOCKEY */ --struct crypt_kop { -- __u32 crk_op; /* cryptodev_crk_op_t */ -- __u32 crk_status; -- __u16 crk_iparams; -- __u16 crk_oparams; -- __u32 crk_pad1; -- struct crparam crk_param[CRK_MAXPARAM]; --}; -- --enum cryptodev_crk_op_t { -- CRK_MOD_EXP = 0, -- CRK_MOD_EXP_CRT = 1, -- CRK_DSA_SIGN = 2, -- CRK_DSA_VERIFY = 3, -- CRK_DH_COMPUTE_KEY = 4, -- CRK_ALGORITHM_ALL --}; -- --#define CRK_ALGORITHM_MAX (CRK_ALGORITHM_ALL-1) -- --/* features to be queried with CIOCASYMFEAT ioctl -- */ --#define CRF_MOD_EXP (1 << CRK_MOD_EXP) --#define CRF_MOD_EXP_CRT (1 << CRK_MOD_EXP_CRT) --#define CRF_DSA_SIGN (1 << CRK_DSA_SIGN) --#define CRF_DSA_VERIFY (1 << CRK_DSA_VERIFY) --#define CRF_DH_COMPUTE_KEY (1 << CRK_DH_COMPUTE_KEY) -- -- --/* ioctl's. Compatible with old linux cryptodev.h -- */ --#define CRIOGET _IOWR('c', 101, __u32) --#define CIOCGSESSION _IOWR('c', 102, struct session_op) --#define CIOCFSESSION _IOW('c', 103, __u32) --#define CIOCCRYPT _IOWR('c', 104, struct crypt_op) --#define CIOCKEY _IOWR('c', 105, struct crypt_kop) --#define CIOCASYMFEAT _IOR('c', 106, __u32) --#define CIOCGSESSINFO _IOWR('c', 107, struct session_info_op) -- --/* to indicate that CRIOGET is not required in linux -- */ --#define CRIOGET_NOT_NEEDED 1 -- --/* additional ioctls for AEAD */ --#define CIOCAUTHCRYPT _IOWR('c', 109, struct crypt_auth_op) -- --/* additional ioctls for asynchronous operation. -- * These are conditionally enabled since version 1.6. -- */ --#define CIOCASYNCCRYPT _IOW('c', 110, struct crypt_op) --#define CIOCASYNCFETCH _IOR('c', 111, struct crypt_op) -- --#endif /* L_CRYPTODEV_H */ -diff --git a/package/libs/openssl/patches/100-openwrt_targets.patch b/package/libs/openssl/patches/100-openwrt_targets.patch -new file mode 100644 -index 00000000000..52a51f9f470 ---- /dev/null -+++ b/package/libs/openssl/patches/100-openwrt_targets.patch -@@ -0,0 +1,44 @@ -+From 1ce02d8c7ce3e4a2c16b92968c8aea5a15746917 Mon Sep 17 00:00:00 2001 -+From: Eneas U de Queiroz -+Date: Wed, 26 Sep 2018 16:21:27 -0300 -+Subject: Add openwrt targets -+ -+Targets are named: linux-$(CONFIG_ARCH)-openwrt -+ -+Signed-off-by: Eneas U de Queiroz -+ -+--- a/Configure -++++ b/Configure -+@@ -470,6 +470,32 @@ my %table=( -+ "linux-alpha-ccc","ccc:-fast -readonly_strings -DL_ENDIAN::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}", -+ "linux-alpha+bwx-ccc","ccc:-fast -readonly_strings -DL_ENDIAN::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}", -+ -++# OpenWrt targets -++# from linux-aarch64 -++"linux-aarch64-openwrt","gcc:-DTERMIOS \$(OPENWRT_OPTIMIZATION_FLAGS) -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${aarch64_asm}:linux64:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -++# from linux-generic32 -++"linux-arc-openwrt","gcc:-DTERMIOS \$(OPENWRT_OPTIMIZATION_FLAGS) -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -++# from linux-armv4 -++"linux-arm-openwrt","gcc:-DTERMIOS \$(OPENWRT_OPTIMIZATION_FLAGS) -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${armv4_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -++# from linux-armv4 -++"linux-armeb-openwrt","gcc:-DTERMIOS \$(OPENWRT_OPTIMIZATION_FLAGS) -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${armv4_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -++# from linux-elf -++"linux-i386-openwrt", "gcc:-DL_ENDIAN -DTERMIOS \$(OPENWRT_OPTIMIZATION_FLAGS) -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -++# from linux-mips32 -++"linux-mips-openwrt","gcc:-DTERMIOS \$(OPENWRT_OPTIMIZATION_FLAGS) -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${mips32_asm}:o32:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -++# from linux64-mips64 -++"linux-mips64-openwrt", "gcc:-mabi=64 -DTERMIOS \$(OPENWRT_OPTIMIZATION_FLAGS) -fomit-frame-pointer -Wall -DBN_DIV3W::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${mips64_asm}:64:dlfcn:linux-shared:-fPIC:-mabi=64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", -++# from linux64-mips64 -++"linux-mips64el-openwrt", "gcc:-mabi=64 -DTERMIOS \$(OPENWRT_OPTIMIZATION_FLAGS) -fomit-frame-pointer -Wall -DBN_DIV3W::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${mips64_asm}:64:dlfcn:linux-shared:-fPIC:-mabi=64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", -++# from linux-mips32 -++"linux-mipsel-openwrt","gcc:-DTERMIOS \$(OPENWRT_OPTIMIZATION_FLAGS) -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${mips32_asm}:o32:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -++# from linux-ppc -++"linux-powerpc-openwrt", "gcc:-DB_ENDIAN -DTERMIOS \$(OPENWRT_OPTIMIZATION_FLAGS) -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc32_asm}:linux32:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -++# from linux-x86_64 -++"linux-x86_64-openwrt", "gcc:-m64 -DL_ENDIAN -DTERMIOS \$(OPENWRT_OPTIMIZATION_FLAGS) -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", -++# from linux-generic32 -++"linux-generic32-openwrt","gcc:-DTERMIOS \$(OPENWRT_OPTIMIZATION_FLAGS) -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -++ -+ # Android: linux-* but without pointers to headers and libs. -+ "android","gcc:-mandroid -I\$(ANDROID_DEV)/include -B\$(ANDROID_DEV)/lib -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+ "android-x86","gcc:-mandroid -I\$(ANDROID_DEV)/include -B\$(ANDROID_DEV)/lib -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:".eval{my $asm=${x86_elf_asm};$asm=~s/:elf/:android/;$asm}.":dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -diff --git a/package/libs/openssl/patches/110-optimize-for-size.patch b/package/libs/openssl/patches/110-optimize-for-size.patch -deleted file mode 100644 -index d6d4a211110..00000000000 ---- a/package/libs/openssl/patches/110-optimize-for-size.patch -+++ /dev/null -@@ -1,16 +0,0 @@ ----- a/Configure --+++ b/Configure --@@ -470,6 +470,13 @@ my %table=( -- "linux-alpha-ccc","ccc:-fast -readonly_strings -DL_ENDIAN::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}", -- "linux-alpha+bwx-ccc","ccc:-fast -readonly_strings -DL_ENDIAN::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}", -- --+# OpenWrt targets --+"linux-armv4-openwrt","gcc:-DTERMIOS \$(OPENWRT_OPTIMIZATION_FLAGS) -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${armv4_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", --+"linux-aarch64-openwrt","gcc:-DTERMIOS \$(OPENWRT_OPTIMIZATION_FLAGS) -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${aarch64_asm}:linux64:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", --+"linux-x86_64-openwrt", "gcc:-m64 -DL_ENDIAN -DTERMIOS \$(OPENWRT_OPTIMIZATION_FLAGS) -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", --+"linux-mips-openwrt","gcc:-DTERMIOS \$(OPENWRT_OPTIMIZATION_FLAGS) -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${mips32_asm}:o32:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", --+"linux-generic-openwrt","gcc:-DTERMIOS \$(OPENWRT_OPTIMIZATION_FLAGS) -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", --+ -- # Android: linux-* but without pointers to headers and libs. -- "android","gcc:-mandroid -I\$(ANDROID_DEV)/include -B\$(ANDROID_DEV)/lib -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -- "android-x86","gcc:-mandroid -I\$(ANDROID_DEV)/include -B\$(ANDROID_DEV)/lib -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:".eval{my $asm=${x86_elf_asm};$asm=~s/:elf/:android/;$asm}.":dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -diff --git a/package/libs/openssl/patches/130-perl-path.patch b/package/libs/openssl/patches/110-perl-path.patch -similarity index 100% -rename from package/libs/openssl/patches/130-perl-path.patch -rename to package/libs/openssl/patches/110-perl-path.patch -diff --git a/package/libs/openssl/patches/140-makefile-dirs.patch b/package/libs/openssl/patches/120-makefile-dirs.patch -similarity index 83% -rename from package/libs/openssl/patches/140-makefile-dirs.patch -rename to package/libs/openssl/patches/120-makefile-dirs.patch -index 83c412f4443..5bcb3164867 100644 ---- a/package/libs/openssl/patches/140-makefile-dirs.patch -+++ b/package/libs/openssl/patches/120-makefile-dirs.patch -@@ -5,7 +5,7 @@ - BASEADDR= - - -DIRS= crypto ssl engines apps test tools --+DIRS= crypto ssl apps -++DIRS= crypto ssl engines apps - ENGDIRS= ccgost - SHLIBDIRS= crypto ssl - -diff --git a/package/libs/openssl/patches/160-disable_doc_tests.patch b/package/libs/openssl/patches/130-disable_doc_tests.patch -similarity index 100% -rename from package/libs/openssl/patches/160-disable_doc_tests.patch -rename to package/libs/openssl/patches/130-disable_doc_tests.patch -diff --git a/package/libs/openssl/patches/170-bash_path.patch b/package/libs/openssl/patches/140-bash_path.patch -similarity index 100% -rename from package/libs/openssl/patches/170-bash_path.patch -rename to package/libs/openssl/patches/140-bash_path.patch -diff --git a/package/libs/openssl/patches/180-fix_link_segfault.patch b/package/libs/openssl/patches/150-fix_link_segfault.patch -similarity index 100% -rename from package/libs/openssl/patches/180-fix_link_segfault.patch -rename to package/libs/openssl/patches/150-fix_link_segfault.patch -diff --git a/package/libs/openssl/patches/150-no_engines.patch b/package/libs/openssl/patches/150-no_engines.patch -deleted file mode 100644 -index a518a004966..00000000000 ---- a/package/libs/openssl/patches/150-no_engines.patch -+++ /dev/null -@@ -1,81 +0,0 @@ ----- a/Configure --+++ b/Configure --@@ -2144,6 +2144,11 @@ EOF -- close(OUT); -- } -- --+# ugly hack to disable engines --+if($target eq "mingwx") { --+ system("sed -e s/^LIB/XLIB/g -i engines/Makefile"); --+} --+ -- print < -+Date: Wed, 26 Sep 2018 18:04:58 -0300 -+Subject: Avoid exposing build directories -+ -+The CFLAGS contain the build directories, and are shown by calling -+SSLeay_version(SSLEAY_CFLAGS), or running openssl version -a -+ -+Signed-off-by: Eneas U de Queiroz -+ -+--- a/crypto/Makefile -++++ b/crypto/Makefile -+@@ -57,7 +57,7 @@ top: -+ all: shared -+ -+ buildinf.h: ../Makefile -+- $(PERL) $(TOP)/util/mkbuildinf.pl "$(CC) $(CFLAGS)" "$(PLATFORM)" >buildinf.h -++ $(PERL) $(TOP)/util/mkbuildinf.pl "$(filter-out -I% -iremap% -fmacro-prefix-map%,$(CC) $(CFLAGS))" "$(PLATFORM)" >buildinf.h -+ -+ x86cpuid.s: x86cpuid.pl perlasm/x86asm.pl -+ $(PERL) x86cpuid.pl $(PERLASM_SCHEME) $(CFLAGS) $(PROCESSOR) > $@ diff --git a/include/kernel-version.mk b/include/kernel-version.mk index 528ab5006..a81074d3c 100644 --- a/include/kernel-version.mk +++ b/include/kernel-version.mk @@ -7,12 +7,12 @@ ifdef CONFIG_TESTING_KERNEL endif LINUX_VERSION-4.9 = .196 -LINUX_VERSION-4.14 = .148 -LINUX_VERSION-4.19 = .78 +LINUX_VERSION-4.14 = .149 +LINUX_VERSION-4.19 = .79 LINUX_KERNEL_HASH-4.9.196 = e0ab12b04a975630ece2142a1ac15cfe45140b8c3359226b035c15ca7c92c6ef -LINUX_KERNEL_HASH-4.14.148 = 12d2b74003e13a6c1956064754255249fbe5c7af6cbdfb2ddeba45b5ed7c0fad -LINUX_KERNEL_HASH-4.19.78 = df63ea77c6e28566102a33f503513bc6280f79b48c90921b39661d3ce6295049 +LINUX_KERNEL_HASH-4.14.149 = e69dabd2368440ce1650cda0cf043e1ba3f3343f940a43b68e761739fcb3f296 +LINUX_KERNEL_HASH-4.19.79 = f1143564364f278ba0893a7813afc02da6ecef6d5de147bd5011aa3cc1634b34 remove_uri_prefix=$(subst git://,,$(subst http://,,$(subst https://,,$(1)))) sanitize_uri=$(call qstrip,$(subst @,_,$(subst :,_,$(subst .,_,$(subst -,_,$(subst /,_,$(1))))))) diff --git a/target/linux/brcm2708/patches-4.19/950-0104-mcp2515-Use-DT-supplied-interrupt-flags.patch b/target/linux/brcm2708/patches-4.19/950-0104-mcp2515-Use-DT-supplied-interrupt-flags.patch index 225f7d160..5a7dc4f93 100644 --- a/target/linux/brcm2708/patches-4.19/950-0104-mcp2515-Use-DT-supplied-interrupt-flags.patch +++ b/target/linux/brcm2708/patches-4.19/950-0104-mcp2515-Use-DT-supplied-interrupt-flags.patch @@ -24,7 +24,7 @@ Signed-off-by: Phil Elwell --- a/drivers/net/can/spi/mcp251x.c +++ b/drivers/net/can/spi/mcp251x.c -@@ -939,6 +939,9 @@ static int mcp251x_open(struct net_devic +@@ -948,6 +948,9 @@ static int mcp251x_open(struct net_devic priv->tx_skb = NULL; priv->tx_len = 0; diff --git a/target/linux/brcm2708/patches-4.19/950-0534-mmc-sdhci-Mask-spurious-interrupts.patch b/target/linux/brcm2708/patches-4.19/950-0534-mmc-sdhci-Mask-spurious-interrupts.patch index e28fee443..b55c15399 100644 --- a/target/linux/brcm2708/patches-4.19/950-0534-mmc-sdhci-Mask-spurious-interrupts.patch +++ b/target/linux/brcm2708/patches-4.19/950-0534-mmc-sdhci-Mask-spurious-interrupts.patch @@ -16,7 +16,7 @@ Signed-off-by: Phil Elwell --- a/drivers/mmc/host/sdhci.c +++ b/drivers/mmc/host/sdhci.c -@@ -2932,6 +2932,10 @@ static irqreturn_t sdhci_irq(int irq, vo +@@ -2937,6 +2937,10 @@ static irqreturn_t sdhci_irq(int irq, vo result = IRQ_WAKE_THREAD; } diff --git a/target/linux/brcm2708/patches-4.19/950-0726-can-mcp251x-Allow-more-time-after-a-reset.patch b/target/linux/brcm2708/patches-4.19/950-0726-can-mcp251x-Allow-more-time-after-a-reset.patch deleted file mode 100644 index a5863dff3..000000000 --- a/target/linux/brcm2708/patches-4.19/950-0726-can-mcp251x-Allow-more-time-after-a-reset.patch +++ /dev/null @@ -1,47 +0,0 @@ -From 9f29c6c8865de6f2dc200cb4c59a447d0884a6b3 Mon Sep 17 00:00:00 2001 -From: Phil Elwell -Date: Thu, 1 Aug 2019 08:58:48 +0100 -Subject: [PATCH 726/806] can: mcp251x: Allow more time after a reset - -Some boards take longer than 5ms to power up after a reset, so allow -a few retry attempts before giving up. - -See: https://github.com/raspberrypi/linux/issues/2767 - -Signed-off-by: Phil Elwell ---- - drivers/net/can/spi/mcp251x.c | 15 ++++++++++++--- - 1 file changed, 12 insertions(+), 3 deletions(-) - ---- a/drivers/net/can/spi/mcp251x.c -+++ b/drivers/net/can/spi/mcp251x.c -@@ -628,6 +628,7 @@ static int mcp251x_hw_reset(struct spi_d - struct mcp251x_priv *priv = spi_get_drvdata(spi); - u8 reg; - int ret; -+ int retries = 10; - - /* Wait for oscillator startup timer after power up */ - mdelay(MCP251X_OST_DELAY_MS); -@@ -637,10 +638,18 @@ static int mcp251x_hw_reset(struct spi_d - if (ret) - return ret; - -- /* Wait for oscillator startup timer after reset */ -- mdelay(MCP251X_OST_DELAY_MS); -+ /* -+ * Wait for oscillator startup timer after reset -+ * -+ * Some devices can take longer than the expected 5ms to wake -+ * up, so allow a few retries. -+ */ -+ -+ do { -+ mdelay(MCP251X_OST_DELAY_MS); -+ reg = mcp251x_read_reg(spi, CANSTAT); -+ } while (!reg && retries--); - -- reg = mcp251x_read_reg(spi, CANSTAT); - if ((reg & CANCTRL_REQOP_MASK) != CANCTRL_REQOP_CONF) - return -ENODEV; - diff --git a/target/linux/brcm2708/patches-4.19/950-0777-arch-arm64-Add-Revision-Serial-Model-to-cpuinfo.patch b/target/linux/brcm2708/patches-4.19/950-0777-arch-arm64-Add-Revision-Serial-Model-to-cpuinfo.patch index fec15a9ce..6ec99e352 100644 --- a/target/linux/brcm2708/patches-4.19/950-0777-arch-arm64-Add-Revision-Serial-Model-to-cpuinfo.patch +++ b/target/linux/brcm2708/patches-4.19/950-0777-arch-arm64-Add-Revision-Serial-Model-to-cpuinfo.patch @@ -18,7 +18,7 @@ Signed-off-by: Phil Elwell #include #include #include -@@ -125,6 +126,10 @@ static int c_show(struct seq_file *m, vo +@@ -126,6 +127,10 @@ static int c_show(struct seq_file *m, vo { int i, j; bool compat = personality(current->personality) == PER_LINUX32; @@ -29,7 +29,7 @@ Signed-off-by: Phil Elwell for_each_online_cpu(i) { struct cpuinfo_arm64 *cpuinfo = &per_cpu(cpu_data, i); -@@ -176,6 +181,26 @@ static int c_show(struct seq_file *m, vo +@@ -177,6 +182,26 @@ static int c_show(struct seq_file *m, vo seq_printf(m, "CPU revision\t: %d\n\n", MIDR_REVISION(midr)); } diff --git a/target/linux/generic/backport-4.14/303-v4.16-netfilter-nf_tables-remove-multihook-chains-and-fami.patch b/target/linux/generic/backport-4.14/303-v4.16-netfilter-nf_tables-remove-multihook-chains-and-fami.patch index 130fad7d8..a8991e360 100644 --- a/target/linux/generic/backport-4.14/303-v4.16-netfilter-nf_tables-remove-multihook-chains-and-fami.patch +++ b/target/linux/generic/backport-4.14/303-v4.16-netfilter-nf_tables-remove-multihook-chains-and-fami.patch @@ -264,7 +264,7 @@ Signed-off-by: Pablo Neira Ayuso } nft_chain_release_hook(&hook); } -@@ -5153,10 +5141,9 @@ static int nf_tables_commit(struct net * +@@ -5156,10 +5144,9 @@ static int nf_tables_commit(struct net * case NFT_MSG_DELCHAIN: list_del_rcu(&trans->ctx.chain->list); nf_tables_chain_notify(&trans->ctx, NFT_MSG_DELCHAIN); @@ -278,7 +278,7 @@ Signed-off-by: Pablo Neira Ayuso break; case NFT_MSG_NEWRULE: nft_clear(trans->ctx.net, nft_trans_rule(trans)); -@@ -5293,10 +5280,9 @@ static int nf_tables_abort(struct net *n +@@ -5296,10 +5283,9 @@ static int nf_tables_abort(struct net *n } else { trans->ctx.table->use--; list_del_rcu(&trans->ctx.chain->list); @@ -292,7 +292,7 @@ Signed-off-by: Pablo Neira Ayuso } break; case NFT_MSG_DELCHAIN: -@@ -5399,7 +5385,7 @@ int nft_chain_validate_hooks(const struc +@@ -5402,7 +5388,7 @@ int nft_chain_validate_hooks(const struc if (nft_is_base_chain(chain)) { basechain = nft_base_chain(chain); @@ -301,7 +301,7 @@ Signed-off-by: Pablo Neira Ayuso return 0; return -EOPNOTSUPP; -@@ -5881,8 +5867,7 @@ int __nft_release_basechain(struct nft_c +@@ -5884,8 +5870,7 @@ int __nft_release_basechain(struct nft_c BUG_ON(!nft_is_base_chain(ctx->chain)); @@ -311,7 +311,7 @@ Signed-off-by: Pablo Neira Ayuso list_for_each_entry_safe(rule, nr, &ctx->chain->rules, list) { list_del(&rule->list); ctx->chain->use--; -@@ -5911,8 +5896,7 @@ static void __nft_release_afinfo(struct +@@ -5914,8 +5899,7 @@ static void __nft_release_afinfo(struct list_for_each_entry_safe(table, nt, &afi->tables, list) { list_for_each_entry(chain, &table->chains, list) diff --git a/target/linux/generic/backport-4.14/321-v4.16-netfilter-nf_tables-add-flow-table-netlink-frontend.patch b/target/linux/generic/backport-4.14/321-v4.16-netfilter-nf_tables-add-flow-table-netlink-frontend.patch index ff8aafb25..39aadb507 100644 --- a/target/linux/generic/backport-4.14/321-v4.16-netfilter-nf_tables-add-flow-table-netlink-frontend.patch +++ b/target/linux/generic/backport-4.14/321-v4.16-netfilter-nf_tables-add-flow-table-netlink-frontend.patch @@ -292,7 +292,7 @@ Signed-off-by: Pablo Neira Ayuso list_for_each_entry_safe(obj, ne, &ctx->table->objects, list) { err = nft_delobj(ctx, obj); if (err < 0) -@@ -4853,6 +4897,605 @@ static void nf_tables_obj_notify(const s +@@ -4856,6 +4900,605 @@ static void nf_tables_obj_notify(const s ctx->afi->family, ctx->report, GFP_KERNEL); } @@ -898,7 +898,7 @@ Signed-off-by: Pablo Neira Ayuso static int nf_tables_fill_gen_info(struct sk_buff *skb, struct net *net, u32 portid, u32 seq) { -@@ -4883,6 +5526,49 @@ nla_put_failure: +@@ -4886,6 +5529,49 @@ nla_put_failure: return -EMSGSIZE; } @@ -948,7 +948,7 @@ Signed-off-by: Pablo Neira Ayuso static void nf_tables_gen_notify(struct net *net, struct sk_buff *skb, int event) { -@@ -5035,6 +5721,21 @@ static const struct nfnl_callback nf_tab +@@ -5038,6 +5724,21 @@ static const struct nfnl_callback nf_tab .attr_count = NFTA_OBJ_MAX, .policy = nft_obj_policy, }, @@ -970,7 +970,7 @@ Signed-off-by: Pablo Neira Ayuso }; static void nft_chain_commit_update(struct nft_trans *trans) -@@ -5083,6 +5784,9 @@ static void nf_tables_commit_release(str +@@ -5086,6 +5787,9 @@ static void nf_tables_commit_release(str case NFT_MSG_DELOBJ: nft_obj_destroy(nft_trans_obj(trans)); break; @@ -980,7 +980,7 @@ Signed-off-by: Pablo Neira Ayuso } kfree(trans); } -@@ -5202,6 +5906,21 @@ static int nf_tables_commit(struct net * +@@ -5205,6 +5909,21 @@ static int nf_tables_commit(struct net * nf_tables_obj_notify(&trans->ctx, nft_trans_obj(trans), NFT_MSG_DELOBJ); break; @@ -1002,7 +1002,7 @@ Signed-off-by: Pablo Neira Ayuso } } -@@ -5239,6 +5958,9 @@ static void nf_tables_abort_release(stru +@@ -5242,6 +5961,9 @@ static void nf_tables_abort_release(stru case NFT_MSG_NEWOBJ: nft_obj_destroy(nft_trans_obj(trans)); break; @@ -1012,7 +1012,7 @@ Signed-off-by: Pablo Neira Ayuso } kfree(trans); } -@@ -5330,6 +6052,17 @@ static int nf_tables_abort(struct net *n +@@ -5333,6 +6055,17 @@ static int nf_tables_abort(struct net *n nft_clear(trans->ctx.net, nft_trans_obj(trans)); nft_trans_destroy(trans); break; @@ -1030,7 +1030,7 @@ Signed-off-by: Pablo Neira Ayuso } } -@@ -5880,6 +6613,7 @@ EXPORT_SYMBOL_GPL(__nft_release_basechai +@@ -5883,6 +6616,7 @@ EXPORT_SYMBOL_GPL(__nft_release_basechai /* Called by nft_unregister_afinfo() from __net_exit path, nfnl_lock is held. */ static void __nft_release_afinfo(struct net *net, struct nft_af_info *afi) { @@ -1038,7 +1038,7 @@ Signed-off-by: Pablo Neira Ayuso struct nft_table *table, *nt; struct nft_chain *chain, *nc; struct nft_object *obj, *ne; -@@ -5893,6 +6627,9 @@ static void __nft_release_afinfo(struct +@@ -5896,6 +6630,9 @@ static void __nft_release_afinfo(struct list_for_each_entry_safe(table, nt, &afi->tables, list) { list_for_each_entry(chain, &table->chains, list) nf_tables_unregister_hook(net, table, chain); @@ -1048,7 +1048,7 @@ Signed-off-by: Pablo Neira Ayuso /* No packets are walking on these chains anymore. */ ctx.table = table; list_for_each_entry(chain, &table->chains, list) { -@@ -5903,6 +6640,11 @@ static void __nft_release_afinfo(struct +@@ -5906,6 +6643,11 @@ static void __nft_release_afinfo(struct nf_tables_rule_release(&ctx, rule); } } @@ -1060,7 +1060,7 @@ Signed-off-by: Pablo Neira Ayuso list_for_each_entry_safe(set, ns, &table->sets, list) { list_del(&set->list); table->use--; -@@ -5946,6 +6688,8 @@ static int __init nf_tables_module_init( +@@ -5949,6 +6691,8 @@ static int __init nf_tables_module_init( if (err < 0) goto err3; @@ -1069,7 +1069,7 @@ Signed-off-by: Pablo Neira Ayuso pr_info("nf_tables: (c) 2007-2009 Patrick McHardy \n"); return register_pernet_subsys(&nf_tables_net_ops); err3: -@@ -5960,6 +6704,7 @@ static void __exit nf_tables_module_exit +@@ -5963,6 +6707,7 @@ static void __exit nf_tables_module_exit { unregister_pernet_subsys(&nf_tables_net_ops); nfnetlink_subsys_unregister(&nf_tables_subsys); diff --git a/target/linux/generic/backport-4.14/327-v4.16-netfilter-nf_tables-remove-nhooks-field-from-struct-.patch b/target/linux/generic/backport-4.14/327-v4.16-netfilter-nf_tables-remove-nhooks-field-from-struct-.patch index b055bac49..632acc8a7 100644 --- a/target/linux/generic/backport-4.14/327-v4.16-netfilter-nf_tables-remove-nhooks-field-from-struct-.patch +++ b/target/linux/generic/backport-4.14/327-v4.16-netfilter-nf_tables-remove-nhooks-field-from-struct-.patch @@ -82,7 +82,7 @@ Signed-off-by: Pablo Neira Ayuso hook->priority = ntohl(nla_get_be32(ha[NFTA_HOOK_PRIORITY])); type = chain_type[afi->family][NFT_CHAIN_T_DEFAULT]; -@@ -5005,7 +5002,7 @@ static int nf_tables_flowtable_parse_hoo +@@ -5008,7 +5005,7 @@ static int nf_tables_flowtable_parse_hoo return -EINVAL; hooknum = ntohl(nla_get_be32(tb[NFTA_FLOWTABLE_HOOK_NUM])); diff --git a/target/linux/generic/backport-4.14/328-v4.16-netfilter-nf_tables-fix-a-typo-in-nf_tables_getflowt.patch b/target/linux/generic/backport-4.14/328-v4.16-netfilter-nf_tables-fix-a-typo-in-nf_tables_getflowt.patch index 734ab526c..d4551f294 100644 --- a/target/linux/generic/backport-4.14/328-v4.16-netfilter-nf_tables-fix-a-typo-in-nf_tables_getflowt.patch +++ b/target/linux/generic/backport-4.14/328-v4.16-netfilter-nf_tables-fix-a-typo-in-nf_tables_getflowt.patch @@ -11,7 +11,7 @@ Signed-off-by: Pablo Neira Ayuso --- a/net/netfilter/nf_tables_api.c +++ b/net/netfilter/nf_tables_api.c -@@ -5429,7 +5429,7 @@ static int nf_tables_getflowtable(struct +@@ -5432,7 +5432,7 @@ static int nf_tables_getflowtable(struct flowtable = nf_tables_flowtable_lookup(table, nla[NFTA_FLOWTABLE_NAME], genmask); diff --git a/target/linux/generic/backport-4.14/331-v4.16-netfilter-nf_tables-no-need-for-struct-nft_af_info-t.patch b/target/linux/generic/backport-4.14/331-v4.16-netfilter-nf_tables-no-need-for-struct-nft_af_info-t.patch index f2ece780b..925a4739e 100644 --- a/target/linux/generic/backport-4.14/331-v4.16-netfilter-nf_tables-no-need-for-struct-nft_af_info-t.patch +++ b/target/linux/generic/backport-4.14/331-v4.16-netfilter-nf_tables-no-need-for-struct-nft_af_info-t.patch @@ -62,7 +62,7 @@ Signed-off-by: Pablo Neira Ayuso if (ret >= 0) { ctx->table->flags &= ~NFT_TABLE_F_DORMANT; nft_trans_table_enable(trans) = true; -@@ -5810,7 +5803,6 @@ static int nf_tables_commit(struct net * +@@ -5813,7 +5806,6 @@ static int nf_tables_commit(struct net * if (nft_trans_table_update(trans)) { if (!nft_trans_table_enable(trans)) { nf_tables_table_disable(net, @@ -70,7 +70,7 @@ Signed-off-by: Pablo Neira Ayuso trans->ctx.table); trans->ctx.table->flags |= NFT_TABLE_F_DORMANT; } -@@ -5974,7 +5966,6 @@ static int nf_tables_abort(struct net *n +@@ -5977,7 +5969,6 @@ static int nf_tables_abort(struct net *n if (nft_trans_table_update(trans)) { if (nft_trans_table_enable(trans)) { nf_tables_table_disable(net, diff --git a/target/linux/generic/backport-4.14/334-v4.15-netfilter-nf_tables-fix-potential-NULL-ptr-deref-in-.patch b/target/linux/generic/backport-4.14/334-v4.15-netfilter-nf_tables-fix-potential-NULL-ptr-deref-in-.patch index 6bb5cbba4..6d9880d09 100644 --- a/target/linux/generic/backport-4.14/334-v4.15-netfilter-nf_tables-fix-potential-NULL-ptr-deref-in-.patch +++ b/target/linux/generic/backport-4.14/334-v4.15-netfilter-nf_tables-fix-potential-NULL-ptr-deref-in-.patch @@ -15,7 +15,7 @@ Signed-off-by: Pablo Neira Ayuso --- a/net/netfilter/nf_tables_api.c +++ b/net/netfilter/nf_tables_api.c -@@ -5348,8 +5348,10 @@ static int nf_tables_dump_flowtable_done +@@ -5351,8 +5351,10 @@ static int nf_tables_dump_flowtable_done if (!filter) return 0; diff --git a/target/linux/generic/backport-4.14/335-v4.16-netfilter-nf_tables-add-single-table-list-for-all-fa.patch b/target/linux/generic/backport-4.14/335-v4.16-netfilter-nf_tables-add-single-table-list-for-all-fa.patch index e6f2058ad..6f85402c5 100644 --- a/target/linux/generic/backport-4.14/335-v4.16-netfilter-nf_tables-add-single-table-list-for-all-fa.patch +++ b/target/linux/generic/backport-4.14/335-v4.16-netfilter-nf_tables-add-single-table-list-for-all-fa.patch @@ -771,7 +771,7 @@ Signed-off-by: Pablo Neira Ayuso } cb->args[1] = 1; done: -@@ -3218,11 +3206,12 @@ static int nf_tables_newset(struct net * +@@ -3221,11 +3209,12 @@ static int nf_tables_newset(struct net * if (IS_ERR(afi)) return PTR_ERR(afi); @@ -786,7 +786,7 @@ Signed-off-by: Pablo Neira Ayuso set = nf_tables_set_lookup(table, nla[NFTA_SET_NAME], genmask); if (IS_ERR(set)) { -@@ -3491,12 +3480,12 @@ static int nft_ctx_init_from_elemattr(st +@@ -3494,12 +3483,12 @@ static int nft_ctx_init_from_elemattr(st if (IS_ERR(afi)) return PTR_ERR(afi); @@ -802,7 +802,7 @@ Signed-off-by: Pablo Neira Ayuso return 0; } -@@ -3601,7 +3590,6 @@ static int nf_tables_dump_set(struct sk_ +@@ -3604,7 +3593,6 @@ static int nf_tables_dump_set(struct sk_ { struct nft_set_dump_ctx *dump_ctx = cb->data; struct net *net = sock_net(skb->sk); @@ -810,7 +810,7 @@ Signed-off-by: Pablo Neira Ayuso struct nft_table *table; struct nft_set *set; struct nft_set_dump_args args; -@@ -3613,21 +3601,19 @@ static int nf_tables_dump_set(struct sk_ +@@ -3616,21 +3604,19 @@ static int nf_tables_dump_set(struct sk_ int event; rcu_read_lock(); @@ -841,7 +841,7 @@ Signed-off-by: Pablo Neira Ayuso } break; } -@@ -3647,7 +3633,7 @@ static int nf_tables_dump_set(struct sk_ +@@ -3650,7 +3636,7 @@ static int nf_tables_dump_set(struct sk_ goto nla_put_failure; nfmsg = nlmsg_data(nlh); @@ -850,7 +850,7 @@ Signed-off-by: Pablo Neira Ayuso nfmsg->version = NFNETLINK_V0; nfmsg->res_id = htons(net->nft.base_seq & 0xffff); -@@ -3749,7 +3735,7 @@ static int nf_tables_fill_setelem_info(s +@@ -3752,7 +3738,7 @@ static int nf_tables_fill_setelem_info(s goto nla_put_failure; nfmsg = nlmsg_data(nlh); @@ -859,7 +859,7 @@ Signed-off-by: Pablo Neira Ayuso nfmsg->version = NFNETLINK_V0; nfmsg->res_id = htons(ctx->net->nft.base_seq & 0xffff); -@@ -3993,7 +3979,7 @@ static int nft_add_set_elem(struct nft_c +@@ -3996,7 +3982,7 @@ static int nft_add_set_elem(struct nft_c list_for_each_entry(binding, &set->bindings, list) { struct nft_ctx bind_ctx = { .net = ctx->net, @@ -868,7 +868,7 @@ Signed-off-by: Pablo Neira Ayuso .table = ctx->table, .chain = (struct nft_chain *)binding->chain, }; -@@ -4545,7 +4531,8 @@ static int nf_tables_newobj(struct net * +@@ -4548,7 +4534,8 @@ static int nf_tables_newobj(struct net * if (IS_ERR(afi)) return PTR_ERR(afi); @@ -878,7 +878,7 @@ Signed-off-by: Pablo Neira Ayuso if (IS_ERR(table)) return PTR_ERR(table); -@@ -4563,7 +4550,7 @@ static int nf_tables_newobj(struct net * +@@ -4566,7 +4553,7 @@ static int nf_tables_newobj(struct net * return 0; } @@ -887,7 +887,7 @@ Signed-off-by: Pablo Neira Ayuso type = nft_obj_type_get(objtype); if (IS_ERR(type)) -@@ -4640,7 +4627,6 @@ struct nft_obj_filter { +@@ -4643,7 +4630,6 @@ struct nft_obj_filter { static int nf_tables_dump_obj(struct sk_buff *skb, struct netlink_callback *cb) { const struct nfgenmsg *nfmsg = nlmsg_data(cb->nlh); @@ -895,7 +895,7 @@ Signed-off-by: Pablo Neira Ayuso const struct nft_table *table; unsigned int idx = 0, s_idx = cb->args[0]; struct nft_obj_filter *filter = cb->data; -@@ -4655,38 +4641,37 @@ static int nf_tables_dump_obj(struct sk_ +@@ -4658,38 +4644,37 @@ static int nf_tables_dump_obj(struct sk_ rcu_read_lock(); cb->seq = net->nft.base_seq; @@ -960,7 +960,7 @@ Signed-off-by: Pablo Neira Ayuso } } done: -@@ -4773,7 +4758,8 @@ static int nf_tables_getobj(struct net * +@@ -4776,7 +4761,8 @@ static int nf_tables_getobj(struct net * if (IS_ERR(afi)) return PTR_ERR(afi); @@ -970,7 +970,7 @@ Signed-off-by: Pablo Neira Ayuso if (IS_ERR(table)) return PTR_ERR(table); -@@ -4833,7 +4819,8 @@ static int nf_tables_delobj(struct net * +@@ -4836,7 +4822,8 @@ static int nf_tables_delobj(struct net * if (IS_ERR(afi)) return PTR_ERR(afi); @@ -980,7 +980,7 @@ Signed-off-by: Pablo Neira Ayuso if (IS_ERR(table)) return PTR_ERR(table); -@@ -4844,7 +4831,7 @@ static int nf_tables_delobj(struct net * +@@ -4847,7 +4834,7 @@ static int nf_tables_delobj(struct net * if (obj->use > 0) return -EBUSY; @@ -989,7 +989,7 @@ Signed-off-by: Pablo Neira Ayuso return nft_delobj(&ctx, obj); } -@@ -4882,7 +4869,7 @@ static void nf_tables_obj_notify(const s +@@ -4885,7 +4872,7 @@ static void nf_tables_obj_notify(const s struct nft_object *obj, int event) { nft_obj_notify(ctx->net, ctx->table, obj, ctx->portid, ctx->seq, event, @@ -998,7 +998,7 @@ Signed-off-by: Pablo Neira Ayuso } /* -@@ -5072,7 +5059,7 @@ void nft_flow_table_iterate(struct net * +@@ -5075,7 +5062,7 @@ void nft_flow_table_iterate(struct net * rcu_read_lock(); list_for_each_entry_rcu(afi, &net->nft.af_info, list) { @@ -1007,7 +1007,7 @@ Signed-off-by: Pablo Neira Ayuso list_for_each_entry_rcu(flowtable, &table->flowtables, list) { iter(&flowtable->data, data); } -@@ -5120,7 +5107,8 @@ static int nf_tables_newflowtable(struct +@@ -5123,7 +5110,8 @@ static int nf_tables_newflowtable(struct if (IS_ERR(afi)) return PTR_ERR(afi); @@ -1017,7 +1017,7 @@ Signed-off-by: Pablo Neira Ayuso if (IS_ERR(table)) return PTR_ERR(table); -@@ -5137,7 +5125,7 @@ static int nf_tables_newflowtable(struct +@@ -5140,7 +5128,7 @@ static int nf_tables_newflowtable(struct return 0; } @@ -1026,7 +1026,7 @@ Signed-off-by: Pablo Neira Ayuso flowtable = kzalloc(sizeof(*flowtable), GFP_KERNEL); if (!flowtable) -@@ -5218,7 +5206,8 @@ static int nf_tables_delflowtable(struct +@@ -5221,7 +5209,8 @@ static int nf_tables_delflowtable(struct if (IS_ERR(afi)) return PTR_ERR(afi); @@ -1036,7 +1036,7 @@ Signed-off-by: Pablo Neira Ayuso if (IS_ERR(table)) return PTR_ERR(table); -@@ -5229,7 +5218,7 @@ static int nf_tables_delflowtable(struct +@@ -5232,7 +5221,7 @@ static int nf_tables_delflowtable(struct if (flowtable->use > 0) return -EBUSY; @@ -1045,7 +1045,7 @@ Signed-off-by: Pablo Neira Ayuso return nft_delflowtable(&ctx, flowtable); } -@@ -5298,40 +5287,37 @@ static int nf_tables_dump_flowtable(stru +@@ -5301,40 +5290,37 @@ static int nf_tables_dump_flowtable(stru struct net *net = sock_net(skb->sk); int family = nfmsg->nfgen_family; struct nft_flowtable *flowtable; @@ -1107,7 +1107,7 @@ Signed-off-by: Pablo Neira Ayuso } } done: -@@ -5416,7 +5402,8 @@ static int nf_tables_getflowtable(struct +@@ -5419,7 +5405,8 @@ static int nf_tables_getflowtable(struct if (IS_ERR(afi)) return PTR_ERR(afi); @@ -1117,7 +1117,7 @@ Signed-off-by: Pablo Neira Ayuso if (IS_ERR(table)) return PTR_ERR(table); -@@ -5459,7 +5446,7 @@ static void nf_tables_flowtable_notify(s +@@ -5462,7 +5449,7 @@ static void nf_tables_flowtable_notify(s err = nf_tables_fill_flowtable_info(skb, ctx->net, ctx->portid, ctx->seq, event, 0, @@ -1126,7 +1126,7 @@ Signed-off-by: Pablo Neira Ayuso if (err < 0) { kfree_skb(skb); goto err; -@@ -5537,17 +5524,14 @@ static int nf_tables_flowtable_event(str +@@ -5540,17 +5527,14 @@ static int nf_tables_flowtable_event(str struct net_device *dev = netdev_notifier_info_to_dev(ptr); struct nft_flowtable *flowtable; struct nft_table *table; @@ -1147,7 +1147,7 @@ Signed-off-by: Pablo Neira Ayuso } } nfnl_unlock(NFNL_SUBSYS_NFTABLES); -@@ -6573,6 +6557,7 @@ EXPORT_SYMBOL_GPL(nft_data_dump); +@@ -6576,6 +6560,7 @@ EXPORT_SYMBOL_GPL(nft_data_dump); static int __net_init nf_tables_init_net(struct net *net) { INIT_LIST_HEAD(&net->nft.af_info); @@ -1155,7 +1155,7 @@ Signed-off-by: Pablo Neira Ayuso INIT_LIST_HEAD(&net->nft.commit_list); net->nft.base_seq = 1; return 0; -@@ -6609,10 +6594,10 @@ static void __nft_release_afinfo(struct +@@ -6612,10 +6597,10 @@ static void __nft_release_afinfo(struct struct nft_set *set, *ns; struct nft_ctx ctx = { .net = net, diff --git a/target/linux/generic/backport-4.14/336-v4.15-netfilter-exit_net-cleanup-check-added.patch b/target/linux/generic/backport-4.14/336-v4.15-netfilter-exit_net-cleanup-check-added.patch index d33159349..8d0d62b1e 100644 --- a/target/linux/generic/backport-4.14/336-v4.15-netfilter-exit_net-cleanup-check-added.patch +++ b/target/linux/generic/backport-4.14/336-v4.15-netfilter-exit_net-cleanup-check-added.patch @@ -21,7 +21,7 @@ Signed-off-by: Pablo Neira Ayuso static struct pernet_operations clusterip_net_ops = { --- a/net/netfilter/nf_tables_api.c +++ b/net/netfilter/nf_tables_api.c -@@ -6563,6 +6563,12 @@ static int __net_init nf_tables_init_net +@@ -6566,6 +6566,12 @@ static int __net_init nf_tables_init_net return 0; } @@ -34,7 +34,7 @@ Signed-off-by: Pablo Neira Ayuso int __nft_release_basechain(struct nft_ctx *ctx) { struct nft_rule *rule, *nr; -@@ -6640,6 +6646,7 @@ static void __nft_release_afinfo(struct +@@ -6643,6 +6649,7 @@ static void __nft_release_afinfo(struct static struct pernet_operations nf_tables_net_ops = { .init = nf_tables_init_net, diff --git a/target/linux/generic/backport-4.14/337-v4.16-netfilter-nf_tables-get-rid-of-pernet-families.patch b/target/linux/generic/backport-4.14/337-v4.16-netfilter-nf_tables-get-rid-of-pernet-families.patch index f30c3425f..9e1783ebd 100644 --- a/target/linux/generic/backport-4.14/337-v4.16-netfilter-nf_tables-get-rid-of-pernet-families.patch +++ b/target/linux/generic/backport-4.14/337-v4.16-netfilter-nf_tables-get-rid-of-pernet-families.patch @@ -364,7 +364,7 @@ Signed-off-by: Pablo Neira Ayuso if (afi->family == family) return afi; } -@@ -5054,15 +5052,12 @@ void nft_flow_table_iterate(struct net * +@@ -5057,15 +5055,12 @@ void nft_flow_table_iterate(struct net * void *data) { struct nft_flowtable *flowtable; @@ -383,7 +383,7 @@ Signed-off-by: Pablo Neira Ayuso } } rcu_read_unlock(); -@@ -6554,21 +6549,6 @@ int nft_data_dump(struct sk_buff *skb, i +@@ -6557,21 +6552,6 @@ int nft_data_dump(struct sk_buff *skb, i } EXPORT_SYMBOL_GPL(nft_data_dump); @@ -405,7 +405,7 @@ Signed-off-by: Pablo Neira Ayuso int __nft_release_basechain(struct nft_ctx *ctx) { struct nft_rule *rule, *nr; -@@ -6589,8 +6569,7 @@ int __nft_release_basechain(struct nft_c +@@ -6592,8 +6572,7 @@ int __nft_release_basechain(struct nft_c } EXPORT_SYMBOL_GPL(__nft_release_basechain); @@ -415,7 +415,7 @@ Signed-off-by: Pablo Neira Ayuso { struct nft_flowtable *flowtable, *nf; struct nft_table *table, *nt; -@@ -6600,10 +6579,11 @@ static void __nft_release_afinfo(struct +@@ -6603,10 +6582,11 @@ static void __nft_release_afinfo(struct struct nft_set *set, *ns; struct nft_ctx ctx = { .net = net, @@ -428,7 +428,7 @@ Signed-off-by: Pablo Neira Ayuso list_for_each_entry(chain, &table->chains, list) nf_tables_unregister_hook(net, table, chain); list_for_each_entry(flowtable, &table->flowtables, list) -@@ -6644,6 +6624,21 @@ static void __nft_release_afinfo(struct +@@ -6647,6 +6627,21 @@ static void __nft_release_afinfo(struct } } diff --git a/target/linux/generic/backport-4.14/338-v4.16-netfilter-nf_tables-get-rid-of-struct-nft_af_info-ab.patch b/target/linux/generic/backport-4.14/338-v4.16-netfilter-nf_tables-get-rid-of-struct-nft_af_info-ab.patch index 278340c9b..a2a9d478d 100644 --- a/target/linux/generic/backport-4.14/338-v4.16-netfilter-nf_tables-get-rid-of-struct-nft_af_info-ab.patch +++ b/target/linux/generic/backport-4.14/338-v4.16-netfilter-nf_tables-get-rid-of-struct-nft_af_info-ab.patch @@ -757,7 +757,7 @@ Signed-off-by: Pablo Neira Ayuso struct nft_table *table; struct nft_set *set; struct nft_ctx ctx; -@@ -3200,16 +3075,12 @@ static int nf_tables_newset(struct net * +@@ -3203,16 +3078,12 @@ static int nf_tables_newset(struct net * create = nlh->nlmsg_flags & NLM_F_CREATE ? true : false; @@ -776,7 +776,7 @@ Signed-off-by: Pablo Neira Ayuso set = nf_tables_set_lookup(table, nla[NFTA_SET_NAME], genmask); if (IS_ERR(set)) { -@@ -3471,19 +3342,15 @@ static int nft_ctx_init_from_elemattr(st +@@ -3474,19 +3345,15 @@ static int nft_ctx_init_from_elemattr(st u8 genmask) { const struct nfgenmsg *nfmsg = nlmsg_data(nlh); @@ -799,7 +799,7 @@ Signed-off-by: Pablo Neira Ayuso return 0; } -@@ -3601,7 +3468,7 @@ static int nf_tables_dump_set(struct sk_ +@@ -3604,7 +3471,7 @@ static int nf_tables_dump_set(struct sk_ rcu_read_lock(); list_for_each_entry_rcu(table, &net->nft.tables, list) { if (dump_ctx->ctx.family != NFPROTO_UNSPEC && @@ -808,7 +808,7 @@ Signed-off-by: Pablo Neira Ayuso continue; if (table != dump_ctx->ctx.table) -@@ -3631,7 +3498,7 @@ static int nf_tables_dump_set(struct sk_ +@@ -3634,7 +3501,7 @@ static int nf_tables_dump_set(struct sk_ goto nla_put_failure; nfmsg = nlmsg_data(nlh); @@ -817,7 +817,7 @@ Signed-off-by: Pablo Neira Ayuso nfmsg->version = NFNETLINK_V0; nfmsg->res_id = htons(net->nft.base_seq & 0xffff); -@@ -4513,7 +4380,6 @@ static int nf_tables_newobj(struct net * +@@ -4516,7 +4383,6 @@ static int nf_tables_newobj(struct net * const struct nft_object_type *type; u8 genmask = nft_genmask_next(net); int family = nfmsg->nfgen_family; @@ -825,7 +825,7 @@ Signed-off-by: Pablo Neira Ayuso struct nft_table *table; struct nft_object *obj; struct nft_ctx ctx; -@@ -4525,11 +4391,7 @@ static int nf_tables_newobj(struct net * +@@ -4528,11 +4394,7 @@ static int nf_tables_newobj(struct net * !nla[NFTA_OBJ_DATA]) return -EINVAL; @@ -838,7 +838,7 @@ Signed-off-by: Pablo Neira Ayuso genmask); if (IS_ERR(table)) return PTR_ERR(table); -@@ -4548,7 +4410,7 @@ static int nf_tables_newobj(struct net * +@@ -4551,7 +4413,7 @@ static int nf_tables_newobj(struct net * return 0; } @@ -847,7 +847,7 @@ Signed-off-by: Pablo Neira Ayuso type = nft_obj_type_get(objtype); if (IS_ERR(type)) -@@ -4640,7 +4502,7 @@ static int nf_tables_dump_obj(struct sk_ +@@ -4643,7 +4505,7 @@ static int nf_tables_dump_obj(struct sk_ cb->seq = net->nft.base_seq; list_for_each_entry_rcu(table, &net->nft.tables, list) { @@ -856,7 +856,7 @@ Signed-off-by: Pablo Neira Ayuso continue; list_for_each_entry_rcu(obj, &table->objects, list) { -@@ -4663,7 +4525,7 @@ static int nf_tables_dump_obj(struct sk_ +@@ -4666,7 +4528,7 @@ static int nf_tables_dump_obj(struct sk_ cb->nlh->nlmsg_seq, NFT_MSG_NEWOBJ, NLM_F_MULTI | NLM_F_APPEND, @@ -865,7 +865,7 @@ Signed-off-by: Pablo Neira Ayuso obj, reset) < 0) goto done; -@@ -4721,7 +4583,6 @@ static int nf_tables_getobj(struct net * +@@ -4724,7 +4586,6 @@ static int nf_tables_getobj(struct net * const struct nfgenmsg *nfmsg = nlmsg_data(nlh); u8 genmask = nft_genmask_cur(net); int family = nfmsg->nfgen_family; @@ -873,7 +873,7 @@ Signed-off-by: Pablo Neira Ayuso const struct nft_table *table; struct nft_object *obj; struct sk_buff *skb2; -@@ -4752,11 +4613,7 @@ static int nf_tables_getobj(struct net * +@@ -4755,11 +4616,7 @@ static int nf_tables_getobj(struct net * !nla[NFTA_OBJ_TYPE]) return -EINVAL; @@ -886,7 +886,7 @@ Signed-off-by: Pablo Neira Ayuso genmask); if (IS_ERR(table)) return PTR_ERR(table); -@@ -4803,7 +4660,6 @@ static int nf_tables_delobj(struct net * +@@ -4806,7 +4663,6 @@ static int nf_tables_delobj(struct net * const struct nfgenmsg *nfmsg = nlmsg_data(nlh); u8 genmask = nft_genmask_next(net); int family = nfmsg->nfgen_family; @@ -894,7 +894,7 @@ Signed-off-by: Pablo Neira Ayuso struct nft_table *table; struct nft_object *obj; struct nft_ctx ctx; -@@ -4813,11 +4669,7 @@ static int nf_tables_delobj(struct net * +@@ -4816,11 +4672,7 @@ static int nf_tables_delobj(struct net * !nla[NFTA_OBJ_NAME]) return -EINVAL; @@ -907,7 +907,7 @@ Signed-off-by: Pablo Neira Ayuso genmask); if (IS_ERR(table)) return PTR_ERR(table); -@@ -4829,7 +4681,7 @@ static int nf_tables_delobj(struct net * +@@ -4832,7 +4684,7 @@ static int nf_tables_delobj(struct net * if (obj->use > 0) return -EBUSY; @@ -916,7 +916,7 @@ Signed-off-by: Pablo Neira Ayuso return nft_delobj(&ctx, obj); } -@@ -5014,33 +4866,31 @@ err1: +@@ -5017,33 +4869,31 @@ err1: return err; } @@ -956,7 +956,7 @@ Signed-off-by: Pablo Neira Ayuso return ERR_PTR(-EAGAIN); } #endif -@@ -5088,7 +4938,6 @@ static int nf_tables_newflowtable(struct +@@ -5091,7 +4941,6 @@ static int nf_tables_newflowtable(struct u8 genmask = nft_genmask_next(net); int family = nfmsg->nfgen_family; struct nft_flowtable *flowtable; @@ -964,7 +964,7 @@ Signed-off-by: Pablo Neira Ayuso struct nft_table *table; struct nft_ctx ctx; int err, i, k; -@@ -5098,12 +4947,8 @@ static int nf_tables_newflowtable(struct +@@ -5101,12 +4950,8 @@ static int nf_tables_newflowtable(struct !nla[NFTA_FLOWTABLE_HOOK]) return -EINVAL; @@ -978,7 +978,7 @@ Signed-off-by: Pablo Neira Ayuso if (IS_ERR(table)) return PTR_ERR(table); -@@ -5120,7 +4965,7 @@ static int nf_tables_newflowtable(struct +@@ -5123,7 +4968,7 @@ static int nf_tables_newflowtable(struct return 0; } @@ -987,7 +987,7 @@ Signed-off-by: Pablo Neira Ayuso flowtable = kzalloc(sizeof(*flowtable), GFP_KERNEL); if (!flowtable) -@@ -5133,7 +4978,7 @@ static int nf_tables_newflowtable(struct +@@ -5136,7 +4981,7 @@ static int nf_tables_newflowtable(struct goto err1; } @@ -996,7 +996,7 @@ Signed-off-by: Pablo Neira Ayuso if (IS_ERR(type)) { err = PTR_ERR(type); goto err2; -@@ -5193,16 +5038,11 @@ static int nf_tables_delflowtable(struct +@@ -5196,16 +5041,11 @@ static int nf_tables_delflowtable(struct u8 genmask = nft_genmask_next(net); int family = nfmsg->nfgen_family; struct nft_flowtable *flowtable; @@ -1014,7 +1014,7 @@ Signed-off-by: Pablo Neira Ayuso if (IS_ERR(table)) return PTR_ERR(table); -@@ -5213,7 +5053,7 @@ static int nf_tables_delflowtable(struct +@@ -5216,7 +5056,7 @@ static int nf_tables_delflowtable(struct if (flowtable->use > 0) return -EBUSY; @@ -1023,7 +1023,7 @@ Signed-off-by: Pablo Neira Ayuso return nft_delflowtable(&ctx, flowtable); } -@@ -5288,7 +5128,7 @@ static int nf_tables_dump_flowtable(stru +@@ -5291,7 +5131,7 @@ static int nf_tables_dump_flowtable(stru cb->seq = net->nft.base_seq; list_for_each_entry_rcu(table, &net->nft.tables, list) { @@ -1032,7 +1032,7 @@ Signed-off-by: Pablo Neira Ayuso continue; list_for_each_entry_rcu(flowtable, &table->flowtables, list) { -@@ -5307,7 +5147,7 @@ static int nf_tables_dump_flowtable(stru +@@ -5310,7 +5150,7 @@ static int nf_tables_dump_flowtable(stru cb->nlh->nlmsg_seq, NFT_MSG_NEWFLOWTABLE, NLM_F_MULTI | NLM_F_APPEND, @@ -1041,7 +1041,7 @@ Signed-off-by: Pablo Neira Ayuso goto done; nl_dump_check_consistent(cb, nlmsg_hdr(skb)); -@@ -5367,7 +5207,6 @@ static int nf_tables_getflowtable(struct +@@ -5370,7 +5210,6 @@ static int nf_tables_getflowtable(struct u8 genmask = nft_genmask_cur(net); int family = nfmsg->nfgen_family; struct nft_flowtable *flowtable; @@ -1049,7 +1049,7 @@ Signed-off-by: Pablo Neira Ayuso const struct nft_table *table; struct sk_buff *skb2; int err; -@@ -5393,12 +5232,8 @@ static int nf_tables_getflowtable(struct +@@ -5396,12 +5235,8 @@ static int nf_tables_getflowtable(struct if (!nla[NFTA_FLOWTABLE_NAME]) return -EINVAL; @@ -1063,7 +1063,7 @@ Signed-off-by: Pablo Neira Ayuso if (IS_ERR(table)) return PTR_ERR(table); -@@ -6569,7 +6404,7 @@ int __nft_release_basechain(struct nft_c +@@ -6572,7 +6407,7 @@ int __nft_release_basechain(struct nft_c } EXPORT_SYMBOL_GPL(__nft_release_basechain); @@ -1072,7 +1072,7 @@ Signed-off-by: Pablo Neira Ayuso { struct nft_flowtable *flowtable, *nf; struct nft_table *table, *nt; -@@ -6582,7 +6417,7 @@ static void __nft_release_afinfo(struct +@@ -6585,7 +6420,7 @@ static void __nft_release_afinfo(struct }; list_for_each_entry_safe(table, nt, &net->nft.tables, list) { @@ -1081,7 +1081,7 @@ Signed-off-by: Pablo Neira Ayuso list_for_each_entry(chain, &table->chains, list) nf_tables_unregister_hook(net, table, chain); -@@ -6634,7 +6469,7 @@ static int __net_init nf_tables_init_net +@@ -6637,7 +6472,7 @@ static int __net_init nf_tables_init_net static void __net_exit nf_tables_exit_net(struct net *net) { diff --git a/target/linux/generic/backport-4.14/339-v4.16-netfilter-nft_flow_offload-wait-for-garbage-collecto.patch b/target/linux/generic/backport-4.14/339-v4.16-netfilter-nft_flow_offload-wait-for-garbage-collecto.patch index 7a3571609..7a67f0731 100644 --- a/target/linux/generic/backport-4.14/339-v4.16-netfilter-nft_flow_offload-wait-for-garbage-collecto.patch +++ b/target/linux/generic/backport-4.14/339-v4.16-netfilter-nft_flow_offload-wait-for-garbage-collecto.patch @@ -17,7 +17,7 @@ Signed-off-by: Pablo Neira Ayuso --- a/net/netfilter/nf_tables_api.c +++ b/net/netfilter/nf_tables_api.c -@@ -4904,13 +4904,13 @@ void nft_flow_table_iterate(struct net * +@@ -4907,13 +4907,13 @@ void nft_flow_table_iterate(struct net * struct nft_flowtable *flowtable; const struct nft_table *table; diff --git a/target/linux/generic/backport-4.14/342-v4.16-netfilter-nf_tables-fix-flowtable-free.patch b/target/linux/generic/backport-4.14/342-v4.16-netfilter-nf_tables-fix-flowtable-free.patch index d75aa4de0..633564122 100644 --- a/target/linux/generic/backport-4.14/342-v4.16-netfilter-nf_tables-fix-flowtable-free.patch +++ b/target/linux/generic/backport-4.14/342-v4.16-netfilter-nf_tables-fix-flowtable-free.patch @@ -118,7 +118,7 @@ Signed-off-by: Pablo Neira Ayuso }; --- a/net/netfilter/nf_tables_api.c +++ b/net/netfilter/nf_tables_api.c -@@ -5289,17 +5289,12 @@ err: +@@ -5292,17 +5292,12 @@ err: nfnetlink_set_err(ctx->net, ctx->portid, NFNLGRP_NFTABLES, -ENOBUFS); } diff --git a/target/linux/generic/backport-4.14/344-v4.16-netfilter-nf_tables-allocate-handle-and-delete-objec.patch b/target/linux/generic/backport-4.14/344-v4.16-netfilter-nf_tables-allocate-handle-and-delete-objec.patch index a2544aeaf..6daa6cbf7 100644 --- a/target/linux/generic/backport-4.14/344-v4.16-netfilter-nf_tables-allocate-handle-and-delete-objec.patch +++ b/target/linux/generic/backport-4.14/344-v4.16-netfilter-nf_tables-allocate-handle-and-delete-objec.patch @@ -307,7 +307,7 @@ Signed-off-by: Pablo Neira Ayuso if (set->flags != 0) if (nla_put_be32(skb, NFTA_SET_FLAGS, htonl(set->flags))) goto nla_put_failure; -@@ -3146,6 +3214,7 @@ static int nf_tables_newset(struct net * +@@ -3149,6 +3217,7 @@ static int nf_tables_newset(struct net * set->udata = udata; set->timeout = timeout; set->gc_int = gc_int; @@ -315,7 +315,7 @@ Signed-off-by: Pablo Neira Ayuso err = ops->init(set, &desc, nla); if (err < 0) -@@ -3205,7 +3274,10 @@ static int nf_tables_delset(struct net * +@@ -3208,7 +3277,10 @@ static int nf_tables_delset(struct net * if (err < 0) return err; @@ -327,7 +327,7 @@ Signed-off-by: Pablo Neira Ayuso if (IS_ERR(set)) return PTR_ERR(set); -@@ -4268,6 +4340,21 @@ struct nft_object *nf_tables_obj_lookup( +@@ -4271,6 +4343,21 @@ struct nft_object *nf_tables_obj_lookup( } EXPORT_SYMBOL_GPL(nf_tables_obj_lookup); @@ -349,7 +349,7 @@ Signed-off-by: Pablo Neira Ayuso static const struct nla_policy nft_obj_policy[NFTA_OBJ_MAX + 1] = { [NFTA_OBJ_TABLE] = { .type = NLA_STRING, .len = NFT_TABLE_MAXNAMELEN - 1 }, -@@ -4275,6 +4362,7 @@ static const struct nla_policy nft_obj_p +@@ -4278,6 +4365,7 @@ static const struct nla_policy nft_obj_p .len = NFT_OBJ_MAXNAMELEN - 1 }, [NFTA_OBJ_TYPE] = { .type = NLA_U32 }, [NFTA_OBJ_DATA] = { .type = NLA_NESTED }, @@ -357,7 +357,7 @@ Signed-off-by: Pablo Neira Ayuso }; static struct nft_object *nft_obj_init(const struct nft_ctx *ctx, -@@ -4422,6 +4510,8 @@ static int nf_tables_newobj(struct net * +@@ -4425,6 +4513,8 @@ static int nf_tables_newobj(struct net * goto err1; } obj->table = table; @@ -366,7 +366,7 @@ Signed-off-by: Pablo Neira Ayuso obj->name = nla_strdup(nla[NFTA_OBJ_NAME], GFP_KERNEL); if (!obj->name) { err = -ENOMEM; -@@ -4468,7 +4558,9 @@ static int nf_tables_fill_obj_info(struc +@@ -4471,7 +4561,9 @@ static int nf_tables_fill_obj_info(struc nla_put_string(skb, NFTA_OBJ_NAME, obj->name) || nla_put_be32(skb, NFTA_OBJ_TYPE, htonl(obj->ops->type->type)) || nla_put_be32(skb, NFTA_OBJ_USE, htonl(obj->use)) || @@ -377,7 +377,7 @@ Signed-off-by: Pablo Neira Ayuso goto nla_put_failure; nlmsg_end(skb, nlh); -@@ -4666,7 +4758,7 @@ static int nf_tables_delobj(struct net * +@@ -4669,7 +4761,7 @@ static int nf_tables_delobj(struct net * u32 objtype; if (!nla[NFTA_OBJ_TYPE] || @@ -386,7 +386,7 @@ Signed-off-by: Pablo Neira Ayuso return -EINVAL; table = nf_tables_table_lookup(net, nla[NFTA_OBJ_TABLE], family, -@@ -4675,7 +4767,12 @@ static int nf_tables_delobj(struct net * +@@ -4678,7 +4770,12 @@ static int nf_tables_delobj(struct net * return PTR_ERR(table); objtype = ntohl(nla_get_be32(nla[NFTA_OBJ_TYPE])); @@ -400,7 +400,7 @@ Signed-off-by: Pablo Neira Ayuso if (IS_ERR(obj)) return PTR_ERR(obj); if (obj->use > 0) -@@ -4747,6 +4844,7 @@ static const struct nla_policy nft_flowt +@@ -4750,6 +4847,7 @@ static const struct nla_policy nft_flowt [NFTA_FLOWTABLE_NAME] = { .type = NLA_STRING, .len = NFT_NAME_MAXLEN - 1 }, [NFTA_FLOWTABLE_HOOK] = { .type = NLA_NESTED }, @@ -408,7 +408,7 @@ Signed-off-by: Pablo Neira Ayuso }; struct nft_flowtable *nf_tables_flowtable_lookup(const struct nft_table *table, -@@ -4764,6 +4862,20 @@ struct nft_flowtable *nf_tables_flowtabl +@@ -4767,6 +4865,20 @@ struct nft_flowtable *nf_tables_flowtabl } EXPORT_SYMBOL_GPL(nf_tables_flowtable_lookup); @@ -429,7 +429,7 @@ Signed-off-by: Pablo Neira Ayuso #define NFT_FLOWTABLE_DEVICE_MAX 8 static int nf_tables_parse_devices(const struct nft_ctx *ctx, -@@ -4972,6 +5084,8 @@ static int nf_tables_newflowtable(struct +@@ -4975,6 +5087,8 @@ static int nf_tables_newflowtable(struct return -ENOMEM; flowtable->table = table; @@ -438,7 +438,7 @@ Signed-off-by: Pablo Neira Ayuso flowtable->name = nla_strdup(nla[NFTA_FLOWTABLE_NAME], GFP_KERNEL); if (!flowtable->name) { err = -ENOMEM; -@@ -5046,8 +5160,14 @@ static int nf_tables_delflowtable(struct +@@ -5049,8 +5163,14 @@ static int nf_tables_delflowtable(struct if (IS_ERR(table)) return PTR_ERR(table); @@ -455,7 +455,7 @@ Signed-off-by: Pablo Neira Ayuso if (IS_ERR(flowtable)) return PTR_ERR(flowtable); if (flowtable->use > 0) -@@ -5080,7 +5200,9 @@ static int nf_tables_fill_flowtable_info +@@ -5083,7 +5203,9 @@ static int nf_tables_fill_flowtable_info if (nla_put_string(skb, NFTA_FLOWTABLE_TABLE, flowtable->table->name) || nla_put_string(skb, NFTA_FLOWTABLE_NAME, flowtable->name) || diff --git a/target/linux/generic/backport-4.14/357-v4.18-netfilter-nf_flow_table-move-init-code-to-nf_flow_ta.patch b/target/linux/generic/backport-4.14/357-v4.18-netfilter-nf_flow_table-move-init-code-to-nf_flow_ta.patch index 7113c5d9c..b15a01e06 100644 --- a/target/linux/generic/backport-4.14/357-v4.18-netfilter-nf_flow_table-move-init-code-to-nf_flow_ta.patch +++ b/target/linux/generic/backport-4.14/357-v4.18-netfilter-nf_flow_table-move-init-code-to-nf_flow_ta.patch @@ -236,7 +236,7 @@ Signed-off-by: Felix Fietkau .owner = THIS_MODULE, --- a/net/netfilter/nf_tables_api.c +++ b/net/netfilter/nf_tables_api.c -@@ -5099,40 +5099,38 @@ static int nf_tables_newflowtable(struct +@@ -5102,40 +5102,38 @@ static int nf_tables_newflowtable(struct } flowtable->data.type = type; @@ -285,7 +285,7 @@ Signed-off-by: Felix Fietkau err3: module_put(type->owner); err2: -@@ -5413,10 +5411,8 @@ err: +@@ -5416,10 +5414,8 @@ err: static void nf_tables_flowtable_destroy(struct nft_flowtable *flowtable) { diff --git a/target/linux/generic/backport-4.14/358-v4.18-netfilter-nf_flow_table-fix-priv-pointer-for-netdev-.patch b/target/linux/generic/backport-4.14/358-v4.18-netfilter-nf_flow_table-fix-priv-pointer-for-netdev-.patch index 818498b1e..2e68aef42 100644 --- a/target/linux/generic/backport-4.14/358-v4.18-netfilter-nf_flow_table-fix-priv-pointer-for-netdev-.patch +++ b/target/linux/generic/backport-4.14/358-v4.18-netfilter-nf_flow_table-fix-priv-pointer-for-netdev-.patch @@ -11,7 +11,7 @@ Signed-off-by: Felix Fietkau --- a/net/netfilter/nf_tables_api.c +++ b/net/netfilter/nf_tables_api.c -@@ -4965,7 +4965,7 @@ static int nf_tables_flowtable_parse_hoo +@@ -4968,7 +4968,7 @@ static int nf_tables_flowtable_parse_hoo flowtable->ops[i].pf = NFPROTO_NETDEV; flowtable->ops[i].hooknum = hooknum; flowtable->ops[i].priority = priority; diff --git a/target/linux/generic/backport-4.14/359-v4.18-netfilter-nf_flow_table-track-flow-tables-in-nf_flow.patch b/target/linux/generic/backport-4.14/359-v4.18-netfilter-nf_flow_table-track-flow-tables-in-nf_flow.patch index 01ee106a4..1ab1342b5 100644 --- a/target/linux/generic/backport-4.14/359-v4.18-netfilter-nf_flow_table-track-flow-tables-in-nf_flow.patch +++ b/target/linux/generic/backport-4.14/359-v4.18-netfilter-nf_flow_table-track-flow-tables-in-nf_flow.patch @@ -88,7 +88,7 @@ Signed-off-by: Felix Fietkau WARN_ON(!nf_flow_offload_gc_step(flow_table)); --- a/net/netfilter/nf_tables_api.c +++ b/net/netfilter/nf_tables_api.c -@@ -5009,23 +5009,6 @@ static const struct nf_flowtable_type *n +@@ -5012,23 +5012,6 @@ static const struct nf_flowtable_type *n return ERR_PTR(-ENOENT); } diff --git a/target/linux/generic/pending-4.14/640-netfilter-nf_flow_table-add-hardware-offload-support.patch b/target/linux/generic/pending-4.14/640-netfilter-nf_flow_table-add-hardware-offload-support.patch index 93432f1bf..9634d3c27 100644 --- a/target/linux/generic/pending-4.14/640-netfilter-nf_flow_table-add-hardware-offload-support.patch +++ b/target/linux/generic/pending-4.14/640-netfilter-nf_flow_table-add-hardware-offload-support.patch @@ -506,7 +506,7 @@ Signed-off-by: Pablo Neira Ayuso +MODULE_ALIAS("nf-flow-table-hw"); --- a/net/netfilter/nf_tables_api.c +++ b/net/netfilter/nf_tables_api.c -@@ -4952,6 +4952,14 @@ static int nf_tables_flowtable_parse_hoo +@@ -4955,6 +4955,14 @@ static int nf_tables_flowtable_parse_hoo if (err < 0) goto err1; @@ -521,7 +521,7 @@ Signed-off-by: Pablo Neira Ayuso ops = kzalloc(sizeof(struct nf_hook_ops) * n, GFP_KERNEL); if (!ops) { err = -ENOMEM; -@@ -5082,10 +5090,19 @@ static int nf_tables_newflowtable(struct +@@ -5085,10 +5093,19 @@ static int nf_tables_newflowtable(struct } flowtable->data.type = type; @@ -541,7 +541,7 @@ Signed-off-by: Pablo Neira Ayuso err = nf_tables_flowtable_parse_hook(&ctx, nla[NFTA_FLOWTABLE_HOOK], flowtable); if (err < 0) -@@ -5183,7 +5200,8 @@ static int nf_tables_fill_flowtable_info +@@ -5186,7 +5203,8 @@ static int nf_tables_fill_flowtable_info nla_put_string(skb, NFTA_FLOWTABLE_NAME, flowtable->name) || nla_put_be32(skb, NFTA_FLOWTABLE_USE, htonl(flowtable->use)) || nla_put_be64(skb, NFTA_FLOWTABLE_HANDLE, cpu_to_be64(flowtable->handle), diff --git a/target/linux/generic/pending-4.19/309-MIPS-Add-CPU-option-reporting-to-proc-cpuinfo.patch b/target/linux/generic/pending-4.19/309-MIPS-Add-CPU-option-reporting-to-proc-cpuinfo.patch index 303654a60..e4075a24b 100644 --- a/target/linux/generic/pending-4.19/309-MIPS-Add-CPU-option-reporting-to-proc-cpuinfo.patch +++ b/target/linux/generic/pending-4.19/309-MIPS-Add-CPU-option-reporting-to-proc-cpuinfo.patch @@ -17,7 +17,7 @@ Signed-off-by: Hauke Mehrtens --- a/arch/mips/kernel/proc.c +++ b/arch/mips/kernel/proc.c -@@ -130,6 +130,122 @@ static int show_cpuinfo(struct seq_file +@@ -134,6 +134,122 @@ static int show_cpuinfo(struct seq_file seq_printf(m, "micromips kernel\t: %s\n", (read_c0_config3() & MIPS_CONF3_ISA_OE) ? "yes" : "no"); } diff --git a/target/linux/generic/pending-4.19/640-netfilter-nf_flow_table-add-hardware-offload-support.patch b/target/linux/generic/pending-4.19/640-netfilter-nf_flow_table-add-hardware-offload-support.patch index d6fe0f7d5..292870dd3 100644 --- a/target/linux/generic/pending-4.19/640-netfilter-nf_flow_table-add-hardware-offload-support.patch +++ b/target/linux/generic/pending-4.19/640-netfilter-nf_flow_table-add-hardware-offload-support.patch @@ -506,7 +506,7 @@ Signed-off-by: Pablo Neira Ayuso +MODULE_ALIAS("nf-flow-table-hw"); --- a/net/netfilter/nf_tables_api.c +++ b/net/netfilter/nf_tables_api.c -@@ -5468,6 +5468,13 @@ static int nf_tables_flowtable_parse_hoo +@@ -5471,6 +5471,13 @@ static int nf_tables_flowtable_parse_hoo if (err < 0) return err; @@ -520,7 +520,7 @@ Signed-off-by: Pablo Neira Ayuso ops = kcalloc(n, sizeof(struct nf_hook_ops), GFP_KERNEL); if (!ops) return -ENOMEM; -@@ -5599,10 +5606,19 @@ static int nf_tables_newflowtable(struct +@@ -5602,10 +5609,19 @@ static int nf_tables_newflowtable(struct } flowtable->data.type = type; @@ -540,7 +540,7 @@ Signed-off-by: Pablo Neira Ayuso err = nf_tables_flowtable_parse_hook(&ctx, nla[NFTA_FLOWTABLE_HOOK], flowtable); if (err < 0) -@@ -5728,7 +5744,8 @@ static int nf_tables_fill_flowtable_info +@@ -5731,7 +5747,8 @@ static int nf_tables_fill_flowtable_info nla_put_string(skb, NFTA_FLOWTABLE_NAME, flowtable->name) || nla_put_be32(skb, NFTA_FLOWTABLE_USE, htonl(flowtable->use)) || nla_put_be64(skb, NFTA_FLOWTABLE_HANDLE, cpu_to_be64(flowtable->handle), diff --git a/target/linux/layerscape/patches-4.14/819-sdhc-support-layerscape.patch b/target/linux/layerscape/patches-4.14/819-sdhc-support-layerscape.patch index db1a18fc1..60d0c889e 100644 --- a/target/linux/layerscape/patches-4.14/819-sdhc-support-layerscape.patch +++ b/target/linux/layerscape/patches-4.14/819-sdhc-support-layerscape.patch @@ -131,7 +131,7 @@ Signed-off-by: Yinbo Zhu }; /** -@@ -495,13 +545,20 @@ static void esdhc_clock_enable(struct sd +@@ -500,13 +550,20 @@ static void esdhc_clock_enable(struct sd } } @@ -152,7 +152,7 @@ Signed-off-by: Yinbo Zhu u32 temp; host->mmc->actual_clock = 0; -@@ -515,27 +572,14 @@ static void esdhc_of_set_clock(struct sd +@@ -520,27 +577,14 @@ static void esdhc_of_set_clock(struct sd if (esdhc->vendor_ver < VENDOR_V_23) pre_div = 2; @@ -187,7 +187,7 @@ Signed-off-by: Yinbo Zhu temp = sdhci_readl(host, ESDHC_SYSTEM_CONTROL); temp &= ~(ESDHC_CLOCK_SDCLKEN | ESDHC_CLOCK_IPGEN | ESDHC_CLOCK_HCKEN | -@@ -548,9 +592,30 @@ static void esdhc_of_set_clock(struct sd +@@ -553,9 +597,30 @@ static void esdhc_of_set_clock(struct sd while (host->max_clk / pre_div / div > clock && div < 16) div++; @@ -218,7 +218,7 @@ Signed-off-by: Yinbo Zhu pre_div >>= 1; div--; -@@ -560,6 +625,29 @@ static void esdhc_of_set_clock(struct sd +@@ -565,6 +630,29 @@ static void esdhc_of_set_clock(struct sd | (pre_div << ESDHC_PREDIV_SHIFT)); sdhci_writel(host, temp, ESDHC_SYSTEM_CONTROL); @@ -248,7 +248,7 @@ Signed-off-by: Yinbo Zhu /* Wait max 20 ms */ timeout = ktime_add_ms(ktime_get(), 20); while (1) { -@@ -575,6 +663,7 @@ static void esdhc_of_set_clock(struct sd +@@ -580,6 +668,7 @@ static void esdhc_of_set_clock(struct sd udelay(10); } @@ -256,7 +256,7 @@ Signed-off-by: Yinbo Zhu temp |= ESDHC_CLOCK_SDCLKEN; sdhci_writel(host, temp, ESDHC_SYSTEM_CONTROL); } -@@ -603,6 +692,8 @@ static void esdhc_pltfm_set_bus_width(st +@@ -608,6 +697,8 @@ static void esdhc_pltfm_set_bus_width(st static void esdhc_reset(struct sdhci_host *host, u8 mask) { @@ -265,7 +265,7 @@ Signed-off-by: Yinbo Zhu u32 val; sdhci_reset(host, mask); -@@ -617,6 +708,12 @@ static void esdhc_reset(struct sdhci_hos +@@ -622,6 +713,12 @@ static void esdhc_reset(struct sdhci_hos val = sdhci_readl(host, ESDHC_TBCTL); val &= ~ESDHC_TB_EN; sdhci_writel(host, val, ESDHC_TBCTL); @@ -278,7 +278,7 @@ Signed-off-by: Yinbo Zhu } } -@@ -628,6 +725,7 @@ static void esdhc_reset(struct sdhci_hos +@@ -633,6 +730,7 @@ static void esdhc_reset(struct sdhci_hos static const struct of_device_id scfg_device_ids[] = { { .compatible = "fsl,t1040-scfg", }, { .compatible = "fsl,ls1012a-scfg", }, @@ -286,7 +286,7 @@ Signed-off-by: Yinbo Zhu { .compatible = "fsl,ls1046a-scfg", }, {} }; -@@ -690,23 +788,91 @@ static int esdhc_signal_voltage_switch(s +@@ -695,23 +793,91 @@ static int esdhc_signal_voltage_switch(s } } @@ -383,7 +383,7 @@ Signed-off-by: Yinbo Zhu } #ifdef CONFIG_PM_SLEEP -@@ -755,7 +921,7 @@ static const struct sdhci_ops sdhci_esdh +@@ -760,7 +926,7 @@ static const struct sdhci_ops sdhci_esdh .adma_workaround = esdhc_of_adma_workaround, .set_bus_width = esdhc_pltfm_set_bus_width, .reset = esdhc_reset, @@ -392,7 +392,7 @@ Signed-off-by: Yinbo Zhu }; static const struct sdhci_ops sdhci_esdhc_le_ops = { -@@ -772,7 +938,7 @@ static const struct sdhci_ops sdhci_esdh +@@ -777,7 +943,7 @@ static const struct sdhci_ops sdhci_esdh .adma_workaround = esdhc_of_adma_workaround, .set_bus_width = esdhc_pltfm_set_bus_width, .reset = esdhc_reset, @@ -401,7 +401,7 @@ Signed-off-by: Yinbo Zhu }; static const struct sdhci_pltfm_data sdhci_esdhc_be_pdata = { -@@ -798,8 +964,20 @@ static struct soc_device_attribute soc_i +@@ -803,8 +969,20 @@ static struct soc_device_attribute soc_i { }, }; @@ -422,7 +422,7 @@ Signed-off-by: Yinbo Zhu struct sdhci_pltfm_host *pltfm_host; struct sdhci_esdhc *esdhc; struct device_node *np; -@@ -819,6 +997,24 @@ static void esdhc_init(struct platform_d +@@ -824,6 +1002,24 @@ static void esdhc_init(struct platform_d else esdhc->quirk_incorrect_hostver = false; @@ -447,7 +447,7 @@ Signed-off-by: Yinbo Zhu np = pdev->dev.of_node; clk = of_clk_get(np, 0); if (!IS_ERR(clk)) { -@@ -846,6 +1042,12 @@ static void esdhc_init(struct platform_d +@@ -851,6 +1047,12 @@ static void esdhc_init(struct platform_d } } @@ -460,7 +460,7 @@ Signed-off-by: Yinbo Zhu static int sdhci_esdhc_probe(struct platform_device *pdev) { struct sdhci_host *host; -@@ -869,6 +1071,7 @@ static int sdhci_esdhc_probe(struct plat +@@ -874,6 +1076,7 @@ static int sdhci_esdhc_probe(struct plat host->mmc_host_ops.start_signal_voltage_switch = esdhc_signal_voltage_switch; host->mmc_host_ops.execute_tuning = esdhc_execute_tuning; @@ -468,7 +468,7 @@ Signed-off-by: Yinbo Zhu host->tuning_delay = 1; esdhc_init(pdev, host); -@@ -877,6 +1080,11 @@ static int sdhci_esdhc_probe(struct plat +@@ -882,6 +1085,11 @@ static int sdhci_esdhc_probe(struct plat pltfm_host = sdhci_priv(host); esdhc = sdhci_pltfm_priv(pltfm_host); @@ -480,7 +480,7 @@ Signed-off-by: Yinbo Zhu if (esdhc->vendor_ver == VENDOR_V_22) host->quirks2 |= SDHCI_QUIRK2_HOST_NO_CMD23; -@@ -923,14 +1131,6 @@ static int sdhci_esdhc_probe(struct plat +@@ -928,14 +1136,6 @@ static int sdhci_esdhc_probe(struct plat return ret; } diff --git a/target/linux/layerscape/patches-4.14/820-sec-support-layerscape.patch b/target/linux/layerscape/patches-4.14/820-sec-support-layerscape.patch index 137486ffc..9632b32d5 100644 --- a/target/linux/layerscape/patches-4.14/820-sec-support-layerscape.patch +++ b/target/linux/layerscape/patches-4.14/820-sec-support-layerscape.patch @@ -2641,7 +2641,7 @@ Signed-off-by: Zhao Qiang /* Skip assoc data */ append_seq_fifo_store(desc, 0, FIFOST_TYPE_SKIP | FIFOLDST_VLF); -@@ -456,29 +489,29 @@ EXPORT_SYMBOL(cnstr_shdsc_aead_decap); +@@ -456,30 +489,29 @@ EXPORT_SYMBOL(cnstr_shdsc_aead_decap); * @cdata: pointer to block cipher transform definitions * Valid algorithm values - one of OP_ALG_ALGSEL_{AES, DES, 3DES} ANDed * with OP_ALG_AAI_CBC or OP_ALG_AAI_CTR_MOD128. @@ -2649,12 +2649,12 @@ Signed-off-by: Zhao Qiang - * split key is to be used, the size of the split key itself is - * specified. Valid algorithm values - one of OP_ALG_ALGSEL_{MD5, SHA1, - * SHA224, SHA256, SHA384, SHA512} ANDed with OP_ALG_AAI_HMAC_PRECOMP. +- * @ivsize: initialization vector size + * @adata: pointer to authentication transform definitions. + * A split key is required for SEC Era < 6; the size of the split key + * is specified in this case. Valid algorithm values - one of + * OP_ALG_ALGSEL_{MD5, SHA1, SHA224, SHA256, SHA384, SHA512} ANDed -+ * with OP_ALG_AAI_HMAC_PRECOMP. - * @ivsize: initialization vector size ++ * with OP_ALG_AAI_HMAC_PRECOMP. * @ivsize: initialization vector size * @icvsize: integrity check value (ICV) size (truncated or full) * @is_rfc3686: true when ctr(aes) is wrapped by rfc3686 template * @nonce: pointer to rfc3686 nonce @@ -2672,6 +2672,7 @@ Signed-off-by: Zhao Qiang + const bool is_qi, int era) { u32 geniv, moveiv; + u32 *wait_cmd; /* Note: Context registers are saved. */ - init_sh_desc_key_aead(desc, cdata, adata, is_rfc3686, nonce); @@ -2679,7 +2680,7 @@ Signed-off-by: Zhao Qiang if (is_qi) { u32 *wait_load_cmd; -@@ -528,8 +561,13 @@ copy_iv: +@@ -529,8 +561,13 @@ copy_iv: OP_ALG_ENCRYPT); /* Read and write assoclen bytes */ @@ -2695,7 +2696,7 @@ Signed-off-by: Zhao Qiang /* Skip assoc data */ append_seq_fifo_store(desc, 0, FIFOST_TYPE_SKIP | FIFOLDST_VLF); -@@ -583,14 +621,431 @@ copy_iv: +@@ -592,14 +629,431 @@ copy_iv: EXPORT_SYMBOL(cnstr_shdsc_aead_givencap); /** @@ -3128,7 +3129,7 @@ Signed-off-by: Zhao Qiang { u32 *key_jump_cmd, *zero_payload_jump_cmd, *zero_assoc_jump_cmd1, *zero_assoc_jump_cmd2; -@@ -612,11 +1067,35 @@ void cnstr_shdsc_gcm_encap(u32 * const d +@@ -621,11 +1075,35 @@ void cnstr_shdsc_gcm_encap(u32 * const d append_operation(desc, cdata->algtype | OP_ALG_AS_INITFINAL | OP_ALG_ENCRYPT); @@ -3165,7 +3166,7 @@ Signed-off-by: Zhao Qiang /* if assoclen is ZERO, skip reading the assoc data */ append_math_add(desc, VARSEQINLEN, ZERO, REG3, CAAM_CMD_SZ); zero_assoc_jump_cmd1 = append_jump(desc, JUMP_TEST_ALL | -@@ -648,8 +1127,11 @@ void cnstr_shdsc_gcm_encap(u32 * const d +@@ -657,8 +1135,11 @@ void cnstr_shdsc_gcm_encap(u32 * const d append_seq_fifo_load(desc, 0, FIFOLD_CLASS_CLASS1 | FIFOLDST_VLF | FIFOLD_TYPE_MSG | FIFOLD_TYPE_LAST1); @@ -3179,7 +3180,7 @@ Signed-off-by: Zhao Qiang /* zero-payload commands */ set_jump_tgt_here(desc, zero_payload_jump_cmd); -@@ -657,10 +1139,18 @@ void cnstr_shdsc_gcm_encap(u32 * const d +@@ -666,10 +1147,18 @@ void cnstr_shdsc_gcm_encap(u32 * const d /* read assoc data */ append_seq_fifo_load(desc, 0, FIFOLD_CLASS_CLASS1 | FIFOLDST_VLF | FIFOLD_TYPE_AAD | FIFOLD_TYPE_LAST1); @@ -3198,7 +3199,7 @@ Signed-off-by: Zhao Qiang /* write ICV */ append_seq_store(desc, icvsize, LDST_CLASS_1_CCB | LDST_SRCDST_BYTE_CONTEXT); -@@ -677,10 +1167,13 @@ EXPORT_SYMBOL(cnstr_shdsc_gcm_encap); +@@ -686,10 +1175,13 @@ EXPORT_SYMBOL(cnstr_shdsc_gcm_encap); * @desc: pointer to buffer used for descriptor construction * @cdata: pointer to block cipher transform definitions * Valid algorithm values - OP_ALG_ALGSEL_AES ANDed with OP_ALG_AAI_GCM. @@ -3213,7 +3214,7 @@ Signed-off-by: Zhao Qiang { u32 *key_jump_cmd, *zero_payload_jump_cmd, *zero_assoc_jump_cmd1; -@@ -701,6 +1194,24 @@ void cnstr_shdsc_gcm_decap(u32 * const d +@@ -710,6 +1202,24 @@ void cnstr_shdsc_gcm_decap(u32 * const d append_operation(desc, cdata->algtype | OP_ALG_AS_INITFINAL | OP_ALG_DECRYPT | OP_ALG_ICV_ON); @@ -3238,7 +3239,7 @@ Signed-off-by: Zhao Qiang /* if assoclen is ZERO, skip reading the assoc data */ append_math_add(desc, VARSEQINLEN, ZERO, REG3, CAAM_CMD_SZ); zero_assoc_jump_cmd1 = append_jump(desc, JUMP_TEST_ALL | -@@ -753,10 +1264,13 @@ EXPORT_SYMBOL(cnstr_shdsc_gcm_decap); +@@ -762,10 +1272,13 @@ EXPORT_SYMBOL(cnstr_shdsc_gcm_decap); * @desc: pointer to buffer used for descriptor construction * @cdata: pointer to block cipher transform definitions * Valid algorithm values - OP_ALG_ALGSEL_AES ANDed with OP_ALG_AAI_GCM. @@ -3253,7 +3254,7 @@ Signed-off-by: Zhao Qiang { u32 *key_jump_cmd; -@@ -777,7 +1291,29 @@ void cnstr_shdsc_rfc4106_encap(u32 * con +@@ -786,7 +1299,29 @@ void cnstr_shdsc_rfc4106_encap(u32 * con append_operation(desc, cdata->algtype | OP_ALG_AS_INITFINAL | OP_ALG_ENCRYPT); @@ -3284,7 +3285,7 @@ Signed-off-by: Zhao Qiang append_math_add(desc, VARSEQOUTLEN, ZERO, REG3, CAAM_CMD_SZ); /* Read assoc data */ -@@ -785,7 +1321,7 @@ void cnstr_shdsc_rfc4106_encap(u32 * con +@@ -794,7 +1329,7 @@ void cnstr_shdsc_rfc4106_encap(u32 * con FIFOLD_TYPE_AAD | FIFOLD_TYPE_FLUSH1); /* Skip IV */ @@ -3293,7 +3294,7 @@ Signed-off-by: Zhao Qiang /* Will read cryptlen bytes */ append_math_sub(desc, VARSEQINLEN, SEQINLEN, REG0, CAAM_CMD_SZ); -@@ -824,10 +1360,13 @@ EXPORT_SYMBOL(cnstr_shdsc_rfc4106_encap) +@@ -833,10 +1368,13 @@ EXPORT_SYMBOL(cnstr_shdsc_rfc4106_encap) * @desc: pointer to buffer used for descriptor construction * @cdata: pointer to block cipher transform definitions * Valid algorithm values - OP_ALG_ALGSEL_AES ANDed with OP_ALG_AAI_GCM. @@ -3308,7 +3309,7 @@ Signed-off-by: Zhao Qiang { u32 *key_jump_cmd; -@@ -849,7 +1388,29 @@ void cnstr_shdsc_rfc4106_decap(u32 * con +@@ -858,7 +1396,29 @@ void cnstr_shdsc_rfc4106_decap(u32 * con append_operation(desc, cdata->algtype | OP_ALG_AS_INITFINAL | OP_ALG_DECRYPT | OP_ALG_ICV_ON); @@ -3339,7 +3340,7 @@ Signed-off-by: Zhao Qiang append_math_add(desc, VARSEQOUTLEN, ZERO, REG3, CAAM_CMD_SZ); /* Read assoc data */ -@@ -857,7 +1418,7 @@ void cnstr_shdsc_rfc4106_decap(u32 * con +@@ -866,7 +1426,7 @@ void cnstr_shdsc_rfc4106_decap(u32 * con FIFOLD_TYPE_AAD | FIFOLD_TYPE_FLUSH1); /* Skip IV */ @@ -3348,7 +3349,7 @@ Signed-off-by: Zhao Qiang /* Will read cryptlen bytes */ append_math_sub(desc, VARSEQINLEN, SEQOUTLEN, REG3, CAAM_CMD_SZ); -@@ -896,10 +1457,13 @@ EXPORT_SYMBOL(cnstr_shdsc_rfc4106_decap) +@@ -905,10 +1465,13 @@ EXPORT_SYMBOL(cnstr_shdsc_rfc4106_decap) * @desc: pointer to buffer used for descriptor construction * @cdata: pointer to block cipher transform definitions * Valid algorithm values - OP_ALG_ALGSEL_AES ANDed with OP_ALG_AAI_GCM. @@ -3363,7 +3364,7 @@ Signed-off-by: Zhao Qiang { u32 *key_jump_cmd, *read_move_cmd, *write_move_cmd; -@@ -920,6 +1484,18 @@ void cnstr_shdsc_rfc4543_encap(u32 * con +@@ -929,6 +1492,18 @@ void cnstr_shdsc_rfc4543_encap(u32 * con append_operation(desc, cdata->algtype | OP_ALG_AS_INITFINAL | OP_ALG_ENCRYPT); @@ -3382,7 +3383,7 @@ Signed-off-by: Zhao Qiang /* assoclen + cryptlen = seqinlen */ append_math_sub(desc, REG3, SEQINLEN, REG0, CAAM_CMD_SZ); -@@ -931,7 +1507,7 @@ void cnstr_shdsc_rfc4543_encap(u32 * con +@@ -940,7 +1515,7 @@ void cnstr_shdsc_rfc4543_encap(u32 * con read_move_cmd = append_move(desc, MOVE_SRC_DESCBUF | MOVE_DEST_MATH3 | (0x6 << MOVE_LEN_SHIFT)); write_move_cmd = append_move(desc, MOVE_SRC_MATH3 | MOVE_DEST_DESCBUF | @@ -3391,7 +3392,7 @@ Signed-off-by: Zhao Qiang /* Will read assoclen + cryptlen bytes */ append_math_sub(desc, VARSEQINLEN, SEQINLEN, REG0, CAAM_CMD_SZ); -@@ -966,10 +1542,13 @@ EXPORT_SYMBOL(cnstr_shdsc_rfc4543_encap) +@@ -975,10 +1550,13 @@ EXPORT_SYMBOL(cnstr_shdsc_rfc4543_encap) * @desc: pointer to buffer used for descriptor construction * @cdata: pointer to block cipher transform definitions * Valid algorithm values - OP_ALG_ALGSEL_AES ANDed with OP_ALG_AAI_GCM. @@ -3406,7 +3407,7 @@ Signed-off-by: Zhao Qiang { u32 *key_jump_cmd, *read_move_cmd, *write_move_cmd; -@@ -990,6 +1569,18 @@ void cnstr_shdsc_rfc4543_decap(u32 * con +@@ -999,6 +1577,18 @@ void cnstr_shdsc_rfc4543_decap(u32 * con append_operation(desc, cdata->algtype | OP_ALG_AS_INITFINAL | OP_ALG_DECRYPT | OP_ALG_ICV_ON); @@ -3425,7 +3426,7 @@ Signed-off-by: Zhao Qiang /* assoclen + cryptlen = seqoutlen */ append_math_sub(desc, REG3, SEQOUTLEN, REG0, CAAM_CMD_SZ); -@@ -1001,7 +1592,7 @@ void cnstr_shdsc_rfc4543_decap(u32 * con +@@ -1010,7 +1600,7 @@ void cnstr_shdsc_rfc4543_decap(u32 * con read_move_cmd = append_move(desc, MOVE_SRC_DESCBUF | MOVE_DEST_MATH3 | (0x6 << MOVE_LEN_SHIFT)); write_move_cmd = append_move(desc, MOVE_SRC_MATH3 | MOVE_DEST_DESCBUF | @@ -3434,7 +3435,7 @@ Signed-off-by: Zhao Qiang /* Will read assoclen + cryptlen bytes */ append_math_sub(desc, VARSEQINLEN, SEQOUTLEN, REG0, CAAM_CMD_SZ); -@@ -1035,6 +1626,138 @@ void cnstr_shdsc_rfc4543_decap(u32 * con +@@ -1044,6 +1634,138 @@ void cnstr_shdsc_rfc4543_decap(u32 * con } EXPORT_SYMBOL(cnstr_shdsc_rfc4543_decap); @@ -3573,7 +3574,7 @@ Signed-off-by: Zhao Qiang /* * For ablkcipher encrypt and decrypt, read from req->src and * write to req->dst -@@ -1053,7 +1776,8 @@ static inline void ablkcipher_append_src +@@ -1062,7 +1784,8 @@ static inline void ablkcipher_append_src * @desc: pointer to buffer used for descriptor construction * @cdata: pointer to block cipher transform definitions * Valid algorithm values - one of OP_ALG_ALGSEL_{AES, DES, 3DES} ANDed @@ -3583,7 +3584,7 @@ Signed-off-by: Zhao Qiang * @ivsize: initialization vector size * @is_rfc3686: true when ctr(aes) is wrapped by rfc3686 template * @ctx1_iv_off: IV offset in CONTEXT1 register -@@ -1075,7 +1799,7 @@ void cnstr_shdsc_ablkcipher_encap(u32 * +@@ -1084,7 +1807,7 @@ void cnstr_shdsc_ablkcipher_encap(u32 * /* Load nonce into CONTEXT1 reg */ if (is_rfc3686) { @@ -3592,7 +3593,7 @@ Signed-off-by: Zhao Qiang append_load_as_imm(desc, nonce, CTR_RFC3686_NONCE_SIZE, LDST_CLASS_IND_CCB | -@@ -1118,7 +1842,8 @@ EXPORT_SYMBOL(cnstr_shdsc_ablkcipher_enc +@@ -1127,7 +1850,8 @@ EXPORT_SYMBOL(cnstr_shdsc_ablkcipher_enc * @desc: pointer to buffer used for descriptor construction * @cdata: pointer to block cipher transform definitions * Valid algorithm values - one of OP_ALG_ALGSEL_{AES, DES, 3DES} ANDed @@ -3602,7 +3603,7 @@ Signed-off-by: Zhao Qiang * @ivsize: initialization vector size * @is_rfc3686: true when ctr(aes) is wrapped by rfc3686 template * @ctx1_iv_off: IV offset in CONTEXT1 register -@@ -1140,7 +1865,7 @@ void cnstr_shdsc_ablkcipher_decap(u32 * +@@ -1149,7 +1873,7 @@ void cnstr_shdsc_ablkcipher_decap(u32 * /* Load nonce into CONTEXT1 reg */ if (is_rfc3686) { @@ -3611,7 +3612,7 @@ Signed-off-by: Zhao Qiang append_load_as_imm(desc, nonce, CTR_RFC3686_NONCE_SIZE, LDST_CLASS_IND_CCB | -@@ -1209,7 +1934,7 @@ void cnstr_shdsc_ablkcipher_givencap(u32 +@@ -1218,7 +1942,7 @@ void cnstr_shdsc_ablkcipher_givencap(u32 /* Load Nonce into CONTEXT1 reg */ if (is_rfc3686) {