Since kernel 5.2 within netlink messages the NLA_F_NESTED nested flag is
validated. But swconfig/swlib doesn't set the flag for
SWITCH_ATTR_OP_VALUE_PORTS related netlink messages and assigning ports
to vlans via
swconfig dev switch0 vlan 1 set ports '0 1 2 3 4 6t'
Errors put with "Failed to set attribute: Invalid input data or
parameter".
Relax the validation rules and use the deprecated functions, to use the
same level of validation as it was till kernel 5.1. Depending on who has
swconfig related netlink messages implemented, there might be more
broken tools out there and we should keep backward compatibility if
possible.
Signed-off-by: Mathias Kresin <dev@kresin.me>
Tested-by: Rafał Miłecki <rafal@milecki.pl>
This commit fixes a bug in the main swconfig patch where a function
needed by the b53 driver is not exported.
Additionally it adds OF support to the b53_mdio driver for devicetree-
based probing
Signed-off-by: Tobias Schramm <tobleminer@gmail.com>
This is related to the upstream kernel change 3b0f31f2b8c9 ("genetlink:
make policy common to family").
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
This adds initial support for kernel 4.14 based on the patches for
kernel 4.9.
In the configuration I deactivated some of the new possible security
features like:
CONFIG_REFCOUNT_FULL
CONFIG_SLAB_FREELIST_HARDENED
CONFIG_SOFTLOCKUP_DETECTOR
CONFIG_WARN_ALL_UNSEEDED_RANDOM
And these overlay FS options are also deactivated:
CONFIG_OVERLAY_FS_INDEX
CONFIG_OVERLAY_FS_REDIRECT_DIR
I activated this:
CONFIG_FORTIFY_SOURCE
CONFIG_POSIX_TIMERS
CONFIG_SLAB_MERGE_DEFAULT
CONFIG_WATCHDOG_HANDLE_BOOT_ENABLED
I am not sure if I did the porting correct for the following patches:
target/linux/generic/backport-4.14/020-backport_netfilter_rtcache.patch
target/linux/generic/hack-4.14/220-gc_sections.patch
target/linux/generic/hack-4.14/321-powerpc_crtsavres_prereq.patch
target/linux/generic/pending-4.14/305-mips_module_reloc.patch
target/linux/generic/pending-4.14/611-netfilter_match_bypass_default_table.patch
target/linux/generic/pending-4.14/680-NET-skip-GRO-for-foreign-MAC-addresses.patch
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Imported from e1aaf7ec00%5E%21/#F0
Signed-off-by: Pavel Kubelun <be.dissent@gmail.com>
CHROMIUM: net: ar8216: address security vulnerabilities in swconfig & ar8216
This patch does the following changes:
*address the security vulnerabilities in both swconfig framework and in
ar8216 driver (many bound check additions, and turned swconfig structure
signed element into unsigned when applicable)
*address a couple of whitespaces and indendation issues
BUG=chrome-os-partner:33096
TEST=none
Change-Id: I94ea78fcce8c1932cc584d1508c6e3b5dfb93ce9
Signed-off-by: Mathieu Olivari <mathieu@codeaurora.org>
Reviewed-on: https://chromium-review.googlesource.com/236490
Reviewed-by: Toshi Kikuchi <toshik@chromium.org>
Commit-Queue: Toshi Kikuchi <toshik@chromium.org>
Tested-by: Toshi Kikuchi <toshik@chromium.org>
The swconfig kernel infrastructure fails to do any permissions checks when
changing settings. As such an ordinary user account on a device with a
switch can change switch settings without any special permissions.
Routers generally have few non-admin users so this isn't a big hole, but it
is a security hole. Likely the greatest danger is for multifunction devices
which have a lot of extra daemons, compromising a low-security daemon would
allow one to modify switch settings and cause the router/switch to appear to
lock-up (or cause other sorts of troublesome nyetwork behavior).
Implement a check for CAP_NET_ADMIN in swconfig_set_attr() and deny any
requests originating from user contexts lacking this capability.
Reported-by: Elliott Mitchell <ehem+openwrt@m5p.com>
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
It's quite common for switches to have PHY per port so adding a generic
helper setting link state will help many drivers. It just needs an API
to access PHYs which this patch also adds.
Signed-off-by: Rafał Miłecki <zajec5@gmail.com>
SVN-Revision: 48621
Directly return the return value of genl_register_family_with_ops()
instead of storing it in a temporary variable, then returning it.
Signed-off-by: Jonas Gorski <jogo@openwrt.org>
SVN-Revision: 48472
Some switches can force link speed for a port. Let's add API that will
allow drivers to export this feature.
Signed-off-by: Rafał Miłecki <zajec5@gmail.com>
SVN-Revision: 48142
As explained earlier, using SWITCH_TYPE_LINK gives more flexibility,
it doesn't require e.g. string parsing to read some data.
Signed-off-by: Rafał Miłecki <zajec5@gmail.com>
SVN-Revision: 47999
So far we were sending link data as a string. It got some drawbacks:
1) Didn't allow writing clean user space apps reading link state. It was
needed to do some screen scraping.
2) Forced whole PORT_LINK communication to be string based. Adding
support for *setting* port link required passing string and parting
it in the kernel space.
Signed-off-by: Rafał Miłecki <zajec5@gmail.com>
SVN-Revision: 47997
AR8327/AR8337 allow to read the result of EEE autonegotiation.
If EEE is autonegotiated between the link partners, display
this as part of the swconfig get_link attribute.
eee100: 100MBit EEE supported by both link partners
eee1000: 1GBit EEE supported by both link partners
Signed-off-by: Heiner Kallweit <hkallweit1@gmail.com>
SVN-Revision: 44022
Boards that have more than one swconfig enabled switch will show the devices in
reverse order when call swconfig list. Fix this by using list_add_tail().
Signed-off-by: John Crispin <blogic@openwrt.org>
SVN-Revision: 43106
swconfig does not compile with 3.7 because
struct netlink_notify->pid has been renamed to
struct netlink_notify->portid
and
struct genl_info->snd_pid has been renamed to
struct genl_info->snd_portid
Use the new names and add compatibility patches
to 3.3 and 3.6.
Signed-off-by: Gabor Juhos <juhosg@openwrt.org>
SVN-Revision: 34288
Also make switches available under a generic name "switch<num>" for device
name agnostic access. The old device name is used as an alias for backward
compatibility.
SVN-Revision: 27800
SPIN_LOCK_UNLOCKED has been deprecated since 2.6.19 and will get removed
in 2.6.39, so replace it with DEFINE_SPINLOCK().
Signed-off-by: Jonas Gorski <jonas.gorski+openwrt@gmail.com>
SVN-Revision: 26770
Mathias Kresin
Tobias Schramm
Rafał Miłecki
Felix Fietkau
Hauke Mehrtens
Alexander Couzens
Pavel Kubelun
John Crispin
Jo-Philipp Wich
Rafał Miłecki
Jonas Gorski
John Crispin
Felix Fietkau
Zoltan Herpai
Florian Fainelli
Gabor Juhos