From cb3ce6024a60e60212219c470836465b092f89b0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Karel=20Ko=C4=8D=C3=AD?= <karel.koci@nic.cz> Date: Tue, 17 Dec 2019 15:28:58 +0100 Subject: [PATCH] configs: drop all kernel configs for direct configuration This removes all configuration options that were there to directly influence kernel config instead of just OpenWrt one. This no longer works so we can drop it. Some of those options were moved to patches. Other are active automatically because of OpenWrt default kernel configuration and some were dropped without replacement. --- configs/common/hardening | 1 + configs/common/kernel | 90 +------------------ configs/common/lxc | 12 +++ configs/mox/kernel | 28 ------ configs/mox/knot | 4 - configs/omnia/kernel | 16 ---- configs/omnia/knot | 1 - configs/turris1x/kernel | 10 --- .../wip/0004-mvebu-Basic-MoX-support.patch | 74 ++++++++++++--- .../0005-Turris-Omnia-Improved-suppport.patch | 33 ++++--- 10 files changed, 97 insertions(+), 172 deletions(-) delete mode 100644 configs/mox/kernel delete mode 100644 configs/mox/knot delete mode 100644 configs/omnia/kernel delete mode 120000 configs/omnia/knot delete mode 100644 configs/turris1x/kernel diff --git a/configs/common/hardening b/configs/common/hardening index 55d948eae..dae57bc1f 100644 --- a/configs/common/hardening +++ b/configs/common/hardening @@ -11,3 +11,4 @@ CONFIG_PKG_CC_STACKPROTECTOR_STRONG=y # Enable seccomp in kernel to use procd-seccomp CONFIG_KERNEL_SECCOMP_FILTER=y CONFIG_KERNEL_SECCOMP=y +CONFIG_LXC_SECCOMP=y diff --git a/configs/common/kernel b/configs/common/kernel index 74e327469..a0047477c 100644 --- a/configs/common/kernel +++ b/configs/common/kernel @@ -1,90 +1,6 @@ -# General kernel settings -CONFIG_KERNEL_AIO=y -CONFIG_KERNEL_FHANDLE=y -CONFIG_KERNEL_FANOTIFY=y -CONFIG_KERNEL_MAGIC_SYSRQ=y -CONFIG_KERNEL_PRINTK_TIME=y -CONFIG_KERNEL_KEXEC=y +# Use device tmpfs CONFIG_KERNEL_DEVTMPFS=y CONFIG_KERNEL_DEVTMPFS_MOUNT=y -CONFIG_KERNEL_RESOURCE_COUNTERS=y -CONFIG_KERNEL_MM_OWNER=y -CONFIG_KERNEL_DEVPTS_MULTIPLE_INSTANCES=y -CONFIG_KERNEL_POSIX_MQUEUE=y -CONFIG_KERNEL_MTD_SPI_NOR_USE_4K_SECTORS_LIMIT=4092 -CONFIG_KERNEL_BINFMT_MISC=y -CONFIG_KERNEL_CHECKPOINT_RESTORE=y -CONFIG_KERNEL_PROC_CHILDREN=y -# Modules -CONFIG_KERNEL_MODVERSIONS=y -CONFIG_KERNEL_MODULE_FORCE_UNLOAD=y - -# Include kernel configuration in /proc -CONFIG_KERNEL_IKCONFIG=y -CONFIG_KERNEL_IKCONFIG_PROC=y - -# CGroups (For LXC or Docker) -CONFIG_KERNEL_CGROUPS=y -CONFIG_KERNEL_CGROUP_DEBUG=y -CONFIG_KERNEL_FREEZER=y -CONFIG_KERNEL_CGROUP_FREEZER=y -CONFIG_KERNEL_CGROUP_DEVICE=y -CONFIG_KERNEL_CGROUP_PIDS=y -CONFIG_KERNEL_CGROUP_CPUACCT=y -CONFIG_KERNEL_CGROUP_SCHED=y -CONFIG_KERNEL_CGROUP_BPF=y -CONFIG_KERNEL_CGROUP_RDMA=y -CONFIG_KERNEL_CGROUP_WRITEBACK=y -CONFIG_KERNEL_CGROUP_NET_PRIO=y -CONFIG_KERNEL_CGROUP_HUGETLB=y -CONFIG_KERNEL_CGROUP_PERF=y -CONFIG_KERNEL_BLK_CGROUP=y -CONFIG_KERNEL_NET_CLS_CGROUP=y -CONFIG_KERNEL_NETPRIO_CGROUP=y -CONFIG_KERNEL_CPUSETS=y -CONFIG_KERNEL_FAIR_GROUP_SCHED=y -CONFIG_KERNEL_CFS_BANDWIDTH=y -CONFIG_KERNEL_MEMCG=y -CONFIG_KERNEL_MEMCG_SWAP=y -CONFIG_KERNEL_MEMCG_SWAP_ENABLED=y -CONFIG_KERNEL_MEMCG_KMEM=y -CONFIG_KERNEL_PAGE_COUNTER=y -CONFIG_KERNEL_RT_GROUP_SCHED=y -CONFIG_KERNEL_SOCK_CGROUP_DATA=y -CONFIG_KERNEL_IOSCHED_CFQ=y -CONFIG_KERNEL_CFQ_GROUP_IOSCHED=y -CONFIG_KERNEL_BLK_DEV_THROTTLING=y - -# Namespaces -CONFIG_KERNEL_NAMESPACES=y -CONFIG_KERNEL_UTS_NS=y -CONFIG_KERNEL_IPC_NS=y -CONFIG_KERNEL_USER_NS=y -CONFIG_KERNEL_PID_NS=y -CONFIG_KERNEL_NET_NS=y - -# File-systems -CONFIG_KERNEL_FS_POSIX_ACL=y -CONFIG_KERNEL_BTRFS_FS=y -CONFIG_KERNEL_BTRFS_FS_POSIX_ACL=y -CONFIG_KERNEL_NFS_FS=y -CONFIG_KERNEL_NFS_V2=y -CONFIG_KERNEL_NFS_V3=y -CONFIG_KERNEL_ROOT_NFS=y - -# Watchdog -CONFIG_KERNEL_WATCHDOG_PRETIMEOUT_GOV=y -CONFIG_KERNEL_WATCHDOG_PRETIMEOUT_GOV_NOOP=n -CONFIG_KERNEL_WATCHDOG_PRETIMEOUT_DEFAULT_GOV_NOOP=n -CONFIG_KERNEL_WATCHDOG_PRETIMEOUT_DEFAULT_GOV_PANIC=y -CONFIG_KERNEL_WATCHDOG_PRETIMEOUT_GOV_PANIC=y -CONFIG_KERNEL_WATCHDOG_SYSFS=y -CONFIG_KERNEL_WATCHDOG_NOWAYOUT=y - -# iotop -CONFIG_KERNEL_TASKSTATS=y -CONFIG_KERNEL_TASK_DELAY_ACCT=y -CONFIG_KERNEL_TASK_IO_ACCOUNTING=y -CONFIG_KERNEL_TASK_XACCT=y -CONFIG_KERNEL_VM_EVENT_COUNTERS=y +# Enable ACL on user's request +CONFIG_USE_FS_ACL_ATTR=y diff --git a/configs/common/lxc b/configs/common/lxc index 92c735393..0bb57f62d 100644 --- a/configs/common/lxc +++ b/configs/common/lxc @@ -1,3 +1,15 @@ # Global options CONFIG_LXC_BUSYBOX_OPTIONS=y CONFIG_LXC_KERNEL_OPTIONS=y + +# CGroups +CONFIG_KERNEL_CGROUP_DEBUG=y +CONFIG_KERNEL_CGROUP_CPUACCT=y +CONFIG_KERNEL_MEMCG_SWAP=y +CONFIG_KERNEL_MEMCG_SWAP_ENABLED=y +CONFIG_KERNEL_CGROUP_PERF=y +CONFIG_KERNEL_CFS_BANDWIDTH=y +CONFIG_KERNEL_BLK_CGROUP=y +CONFIG_KERNEL_CFQ_GROUP_IOSCHED=y +CONFIG_KERNEL_NET_CLS_CGROUP=y +CONFIG_KERNEL_NETPRIO_CGROUP=y diff --git a/configs/mox/kernel b/configs/mox/kernel deleted file mode 100644 index 749ef2403..000000000 --- a/configs/mox/kernel +++ /dev/null @@ -1,28 +0,0 @@ -# Watchdog on chip -CONFIG_KERNEL_ARMADA_37XX_WATCHDOG=y - -# Moxtet (Turris MOX specific bus) -CONFIG_KERNEL_MFD_MOXTET=y -CONFIG_KERNEL_GPIO_MOXTET=y - -# SPI NOR memory on board (u-boot and rescue access) -CONFIG_KERNEL_MTD_SPI_NOR=y -CONFIG_KERNEL_MTD_SPI_NOR_USE_4K_SECTORS=y -CONFIG_KERNEL_MTD_M25P80=y - -# RTC on board (conneted trough pxa2xx) -CONFIG_KERNEL_RTC_DRV_DS1307=y -CONFIG_KERNEL_I2C_PXA=y -CONFIG_KERNEL_I2C_PXA_SLAVE=n - -# Support for communication with on-chip mcu -CONFIG_KERNEL_MAILBOX=y -CONFIG_KERNEL_ARMADA_37XX_RWTM_MBOX=y -CONFIG_KERNEL_BCM_FLEXRM_MBOX=n - -# Crypto backend for Turris MOX (serial number and such) -CONFIG_KERNEL_CRYPTO_DEV_TURRIS_MOX_RWTM=y -CONFIG_KERNEL_CRYPTO_DEV_SAFEXCEL=y - -# Undecided options (without defaults) -CONFIG_KERNEL_LEDS_OMNIA=y diff --git a/configs/mox/knot b/configs/mox/knot deleted file mode 100644 index f12f1b896..000000000 --- a/configs/mox/knot +++ /dev/null @@ -1,4 +0,0 @@ -# Kernel support required by knot-resolver -CONFIG_KERNEL_ARM64_VA_BITS=39 -CONFIG_KERNEL_ARM64_VA_BITS_48=n -CONFIG_KERNEL_ARM64_VA_BITS_39=y diff --git a/configs/omnia/kernel b/configs/omnia/kernel deleted file mode 100644 index 350cf9712..000000000 --- a/configs/omnia/kernel +++ /dev/null @@ -1,16 +0,0 @@ -# Watchdog on chip -CONFIG_KERNEL_ARMADA_37XX_WATCHDOG=n -CONFIG_KERNEL_ORION_WATCHDOG=y -CONFIG_KERNEL_WATCHDOG_HANDLE_BOOT_ENABLED=y - -# I2C multiplexer on board to access rest of the components -CONFIG_KERNEL_I2C_MUX=y -CONFIG_KERNEL_I2C_MUX_PCA9541=y -CONFIG_KERNEL_I2C_MUX_PCA954x=y - -# Leds driver (rainbow) -CONFIG_KERNEL_LEDS_OMNIA=y - -# Undecided options (without defaults) -CONFIG_KERNEL_MFD_MOXTET=n -CONFIG_KERNEL_GPIO_MOXTET=n diff --git a/configs/omnia/knot b/configs/omnia/knot deleted file mode 120000 index 505137e7f..000000000 --- a/configs/omnia/knot +++ /dev/null @@ -1 +0,0 @@ -../mox/knot \ No newline at end of file diff --git a/configs/turris1x/kernel b/configs/turris1x/kernel deleted file mode 100644 index a6b953cd1..000000000 --- a/configs/turris1x/kernel +++ /dev/null @@ -1,10 +0,0 @@ -# Switch -CONFIG_KERNEL_NET_DSA=y -CONFIG_KERNEL_NET_DSA_QCA8K=y - -# For rainbow (required direct access to memory) -CONFIG_KERNEL_DEVMEM=y - -# Allow RTC NVMEM access -CONFIG_KERNEL_RTC_NVMEM=y -CONFIG_KERNEL_NVMEM_SYSFS=y diff --git a/patches/openwrt/wip/0004-mvebu-Basic-MoX-support.patch b/patches/openwrt/wip/0004-mvebu-Basic-MoX-support.patch index bb8566db0..22a9e6114 100644 --- a/patches/openwrt/wip/0004-mvebu-Basic-MoX-support.patch +++ b/patches/openwrt/wip/0004-mvebu-Basic-MoX-support.patch @@ -1,7 +1,7 @@ -From 61d3c76c6e893ad455a9a2fa338a3a0541fab57a Mon Sep 17 00:00:00 2001 +From 8f78970364991a6e88e8f7eec3668e390c2a4799 Mon Sep 17 00:00:00 2001 From: Michal Hrusecky <Michal@Hrusecky.net> Date: Wed, 7 Mar 2018 17:10:32 +0100 -Subject: [PATCH 01/10] mvebu: Basic MoX support +Subject: [PATCH] mvebu: Basic MoX support MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit @@ -11,8 +11,9 @@ Adding basic support for CZ.NICs MoX board. Signed-off-by: Michal Hrusecky <Michal@Hrusecky.net> Signed-off-by: Karel KoÄŤĂ <karel.koci@nic.cz> --- - target/linux/mvebu/config-4.14 | 4 + - target/linux/mvebu/cortexa53/config-default | 3 + + target/linux/mvebu/config-4.14 | 3 + + target/linux/mvebu/cortexa53/config-default | 12 + + target/linux/mvebu/image/Config.in | 16 + target/linux/mvebu/image/cortex-a53.mk | 11 + ...ark-allow-to-specify-link-capability.patch | 43 - ...ecure-remove-null-check-before-kfree.patch | 34 + @@ -143,7 +144,8 @@ Signed-off-by: Karel KoÄŤĂ <karel.koci@nic.cz> ...37xx-periph-Fix-switching-CPU-rate-.patch} | 0 ...37xx-periph-Fix-wrong-return-value-.patch} | 0 ...37xx-periph-Remove-unused-var-num_p.patch} | 0 - 132 files changed, 14186 insertions(+), 302 deletions(-) + 133 files changed, 14210 insertions(+), 302 deletions(-) + create mode 100644 target/linux/mvebu/image/Config.in delete mode 100644 target/linux/mvebu/patches-4.14/527-PCI-aardvark-allow-to-specify-link-capability.patch create mode 100644 target/linux/mvebu/patches-4.14/90001-crypto-inside-secure-remove-null-check-before-kfree.patch create mode 100644 target/linux/mvebu/patches-4.14/90002-crypto-inside-secure-do-not-use-areq-result-for-part.patch @@ -286,27 +288,75 @@ index 120396a..c29d80f 100644 CONFIG_NET_DSA_MV88E6XXX=y CONFIG_NET_DSA_MV88E6XXX_GLOBAL2=y CONFIG_NET_DSA_TAG_DSA=y -@@ -536,3 +537,6 @@ CONFIG_ZLIB_DEFLATE=y + CONFIG_NET_DSA_TAG_EDSA=y + CONFIG_NET_FLOW_LIMIT=y +@@ -496,3 +497,5 @@ CONFIG_ZBOOT_ROM_BSS=0x0 + CONFIG_ZBOOT_ROM_TEXT=0x0 + CONFIG_ZLIB_DEFLATE=y CONFIG_ZLIB_INFLATE=y CONFIG_ZSTD_COMPRESS=y CONFIG_ZSTD_DECOMPRESS=y +# CONFIG_ARMADA_37XX_WATCHDOG is not set +# CONFIG_ARMADA_37XX_RWTM_MBOX is not set -+# CONFIG_MFD_MOXTET is not set diff --git a/target/linux/mvebu/cortexa53/config-default b/target/linux/mvebu/cortexa53/config-default -index 0041686..40278cd 100644 +index 0041686..1cecbcd 100644 --- a/target/linux/mvebu/cortexa53/config-default +++ b/target/linux/mvebu/cortexa53/config-default -@@ -41,6 +41,9 @@ CONFIG_ARM64_VA_BITS=39 +@@ -41,6 +41,7 @@ CONFIG_ARM64_VA_BITS=39 CONFIG_ARM64_VA_BITS_39=y # CONFIG_ARM64_VA_BITS_48 is not set # CONFIG_ARM64_VHE is not set +CONFIG_ARMADA_37XX_WATCHDOG=y -+CONFIG_ARMADA_37XX_RWTM_MBOX=y -+CONFIG_ARM_ARMADA_37XX_CPUFREQ=y CONFIG_ARMADA_37XX_CLK=y CONFIG_ARMADA_AP806_SYSCON=y CONFIG_ARMADA_CP110_SYSCON=y +@@ -75,6 +76,12 @@ CONFIG_HAVE_MEMORY_PRESENT=y + CONFIG_HAVE_PATA_PLATFORM=y + CONFIG_HAVE_RCU_TABLE_FREE=y + CONFIG_HOLES_IN_ZONE=y ++CONFIG_MTD_SPI_NOR=y ++CONFIG_MTD_SPI_NOR_USE_4K_SECTORS=y ++CONFIG_MTD_M25P80=y ++CONFIG_RTC_DRV_DS1307=y ++CONFIG_I2C_PXA=y ++CONFIG_I2C_PXA_SLAVE=n + # CONFIG_HUGETLBFS is not set + CONFIG_ILLEGAL_POINTER_VALUE=0xdead000000000000 + CONFIG_MFD_SYSCON=y +@@ -110,6 +117,11 @@ CONFIG_SYS_SUPPORTS_HUGETLBFS=y + CONFIG_THREAD_INFO_IN_TASK=y + CONFIG_UNMAP_KERNEL_AT_EL0=y + CONFIG_VMAP_STACK=y ++CONFIG_MAILBOX=y ++# CONFIG_MAILBOX_TEST is not set ++CONFIG_BCM_FLEXRM_MBOX=n ++CONFIG_ARMADA_37XX_RWTM_MBOX=y ++CONFIG_KERNEL_CRYPTO_DEV_SAFEXCEL=y + CONFIG_ARM64_CRYPTO=y + CONFIG_CRYPTO_AES_ARM64=y + CONFIG_CRYPTO_AES_ARM64_BS=y +diff --git a/target/linux/mvebu/image/Config.in b/target/linux/mvebu/image/Config.in +new file mode 100644 +index 0000000..6b252c8 +--- /dev/null ++++ b/target/linux/mvebu/image/Config.in +@@ -0,0 +1,16 @@ ++if TARGET_mvebu ++ ++config TURRIS_MOX_KERNEL ++ bool ++ prompt "Turris MOX kernel extensions" ++ default y if TARGET_mvebu_cortexa53_DEVICE_cznic-mox ++ default n ++ select KERNEL_MFD_MOXTET ++ select KERNEL_GPIO_MOXTET ++ select KERNEL_CRYPTO_DEV_TURRIS_MOX_RWTM ++ ++config KERNEL_MFD_MOXTET ++config KERNEL_GPIO_MOXTET ++config KERNEL_CRYPTO_DEV_TURRIS_MOX_RWTM ++ ++endif diff --git a/target/linux/mvebu/image/cortex-a53.mk b/target/linux/mvebu/image/cortex-a53.mk index d7014d6..4c5baf5 100644 --- a/target/linux/mvebu/image/cortex-a53.mk @@ -5050,7 +5100,7 @@ diff --git a/target/linux/mvebu/patches-4.14/408-sfp-move-module-eeprom-ethtool- similarity index 81% rename from target/linux/mvebu/patches-4.14/408-sfp-move-module-eeprom-ethtool-access-into-netdev-co.patch rename to target/linux/mvebu/patches-4.14/90044-sfp-move-module-eeprom-ethtool-access-into-netdev-co.patch -index 2e4be1b..efd10f6 100644 +index 19f8f1e..efd10f6 100644 --- a/target/linux/mvebu/patches-4.14/408-sfp-move-module-eeprom-ethtool-access-into-netdev-co.patch +++ b/target/linux/mvebu/patches-4.14/90044-sfp-move-module-eeprom-ethtool-access-into-netdev-co.patch @@ -1,21 +1,24 @@ diff --git a/patches/openwrt/wip/0005-Turris-Omnia-Improved-suppport.patch b/patches/openwrt/wip/0005-Turris-Omnia-Improved-suppport.patch index 0e65d3e5e..9a93b5320 100644 --- a/patches/openwrt/wip/0005-Turris-Omnia-Improved-suppport.patch +++ b/patches/openwrt/wip/0005-Turris-Omnia-Improved-suppport.patch @@ -1,32 +1,37 @@ -From f4d2931843caffec015cbad3f94f0538ff8b4fe2 Mon Sep 17 00:00:00 2001 +From b17c740744e1b0c01f237ff218025c90b63535b6 Mon Sep 17 00:00:00 2001 From: Michal Hrusecky <Michal@Hrusecky.net> Date: Fri, 22 Feb 2019 08:30:39 +0100 -Subject: [PATCH 02/10] Turris Omnia: Improved suppport +Subject: [PATCH] Turris Omnia: Improved suppport --- - target/linux/mvebu/config-4.14 | 2 + + target/linux/mvebu/image/Config.in | 5 + ...nia-Add-separate-DTS-for-SFP-support.patch | 903 ++++++++++++++++++ ...Omnia-second-ethernet-connection-to-.patch | 39 + .../8890-turris-omnia-led-driver.patch | 323 +++++++ ...91-turris-omnia-custom-led-functions.patch | 269 ++++++ ...8892-turris-omnia-enable-leds-in-dts.patch | 102 ++ - 6 files changed, 1638 insertions(+) + 6 files changed, 1641 insertions(+) create mode 100644 target/linux/mvebu/patches-4.14/8888-Turris-Omnia-Add-separate-DTS-for-SFP-support.patch create mode 100644 target/linux/mvebu/patches-4.14/8889-Reenable-Turris-Omnia-second-ethernet-connection-to-.patch create mode 100644 target/linux/mvebu/patches-4.14/8890-turris-omnia-led-driver.patch create mode 100644 target/linux/mvebu/patches-4.14/8891-turris-omnia-custom-led-functions.patch create mode 100644 target/linux/mvebu/patches-4.14/8892-turris-omnia-enable-leds-in-dts.patch -diff --git a/target/linux/mvebu/config-4.14 b/target/linux/mvebu/config-4.14 -index c29d80f..dc7f61e 100644 ---- a/target/linux/mvebu/config-4.14 -+++ b/target/linux/mvebu/config-4.14 -@@ -540,3 +540,5 @@ CONFIG_ZSTD_DECOMPRESS=y - # CONFIG_ARMADA_37XX_WATCHDOG is not set - # CONFIG_ARMADA_37XX_RWTM_MBOX is not set - # CONFIG_MFD_MOXTET is not set -+# CONFIG_CRYPTO_DEV_TURRIS_MOX_RWTM is not set -+# CONFIG_LEDS_OMNIA is not set +diff --git a/target/linux/mvebu/image/Config.in b/target/linux/mvebu/image/Config.in +index 61a8942..cd493fd 100644 +--- a/target/linux/mvebu/image/Config.in ++++ b/target/linux/mvebu/image/Config.in +@@ -1,5 +1,10 @@ + if TARGET_mvebu + ++config KERNEL_LEDS_OMNIA ++ bool "Build Turris Omnia LEDS support to kernel" ++ default y if TARGET_mvebu_cortexa9_DEVICE_cznic_turris-omnia ++ default n ++ + config TURRIS_MOX_KERNEL + bool + prompt "Turris MOX kernel extensions" diff --git a/target/linux/mvebu/patches-4.14/8888-Turris-Omnia-Add-separate-DTS-for-SFP-support.patch b/target/linux/mvebu/patches-4.14/8888-Turris-Omnia-Add-separate-DTS-for-SFP-support.patch new file mode 100644 index 0000000..5b55b55 -- GitLab