Commit Graph

168 Commits

Author SHA1 Message Date
Arne Fitzenreiter
663ab267ba kernel: update to 5.10.42
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
2021-07-05 07:42:38 +02:00
Arne Fitzenreiter
e9692dd548 kernel: update to 5.10.41
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
2021-07-05 07:42:38 +02:00
Arne Fitzenreiter
adea4dde18 kernel: update to 5.10.40
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
2021-07-05 07:42:38 +02:00
Arne Fitzenreiter
b358af5bfe kernel: update to 5.10.39
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
2021-07-05 07:42:38 +02:00
Arne Fitzenreiter
5235ab4817 kernel: update to 5.10.38
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
2021-07-05 07:42:38 +02:00
Arne Fitzenreiter
5a27051fc2 kernel: update to 5.10.37
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
2021-07-05 07:42:38 +02:00
Arne Fitzenreiter
b75dd327fd kernel: update to 5.10.32
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
2021-07-05 07:42:38 +02:00
Arne Fitzenreiter
dda381ce2d kernel: update to 5.10.28
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
2021-07-05 07:42:38 +02:00
Arne Fitzenreiter
b9475fe009 kernel: update to 5.10.24
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
2021-07-05 07:42:37 +02:00
Arne Fitzenreiter
82b0e0f13d kernel: x86* disable alg modules
the application layer gateway modules can used to bypass the nat
via nat slipstreaming. I had disabled all of them. If one is really needed
we can reenable it later.

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
2021-07-05 07:42:37 +02:00
Arne Fitzenreiter
0966058161 kernel: fix leds on geos and alix
the platform driver cannot register the leds if GPIO_CS5535 is compiled as module

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
2021-07-05 07:42:37 +02:00
Arne Fitzenreiter
18a43dc673 kernel: enable PREEMPT_VOLUNTARY and set timer to 100HZ
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
2021-07-05 07:42:36 +02:00
Michael Tremer
5c8b5c3923 kernel: Enable BBR as default TCP congestion algorithm
This will increase throughput since BBR is more modern and adjusted to
the nowadays version of the Internet whereas Cubic is more conservative
and might not always fully saturate the downlink.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2021-07-05 07:42:36 +02:00
Michael Tremer
13eab1060d kernel: Trust the randomness from the CPU
This will allow the kernel to seed its CRNG using RDSEED or RDRAND.

During the boot process, it is required that the CRNG is being
initialised, but it may take some long time on systems that do not have
a random number generator.

This is the default for various other distributions like Debian.

Signed-off-by: Arne Fitzenreiter <arne.fitzenreiter@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2021-07-05 07:42:36 +02:00
Michael Tremer
904386624c kernel: Compile RNG drivers into the kernel
The kernel will try to gather entropy really early in the boot process
where those device drivers might not have been loaded yet. They are
small and can therefore be compiled into the kernel like we already do
on ARM.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2021-07-05 07:42:36 +02:00
Arne Fitzenreiter
c062c7700f kernel: update to 5.10.5
todo: add armv5tel and aarch64 config and rootfiles.

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
2021-07-05 07:42:36 +02:00
Arne Fitzenreiter
10ce44b0c6 kernel: update to 4.14.232
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2021-05-16 11:58:42 +00:00
Arne Fitzenreiter
7e27f7cdc1 kernel: update to 4.14.229
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2021-04-10 13:40:01 +00:00
Arne Fitzenreiter
2e1bf458e2 kernel: update to 4.14.206
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
2020-11-12 09:02:02 +01:00
Arne Fitzenreiter
ce9f979c01 kernel: update to 4.14.195
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
2020-08-31 06:58:32 +02:00
Arne Fitzenreiter
f3a59d63e2 kernel: update to 4.14.184
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
2020-06-12 16:04:48 +02:00
Peter Müller
92e828b3b0 kernel: disable CONFIG_UPROBES
Quoted from #12433:
> Uprobes is the user-space counterpart to kprobes: they enable instrumentation
> applications (such as 'perf probe') to establish unintrusive probes in
> user-space binaries and libraries, by executing handler functions when the
> probes are hit by user-space applications.
>
> ( These probes come in the form of single-byte breakpoints, managed by the
> kernel and kept transparent to the probed application. )

IMHO this can be safely disabled, as there is little if any need to debug
userspace programs _that_ deeply on an IPFire machine.

Fixes: #12433

Cc: Arne Fitzenreiter <arne.fitzenreiter@ipfire.org>
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
2020-06-10 15:18:36 +00:00
Arne Fitzenreiter
325a2680c8 kernel: fix diabling CONFIG_MODFIFY_LDT_SYSCALL
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
2020-06-10 16:21:49 +02:00
Peter Müller
d7174d7c3a kernel: disable CONFIG_ACPI_CUSTOM_METHOD on x86_64 and i586
This is dangerous as it allows replacing the running kernel without
rebooting. Kernel Self Protection Project people recommend to keep it
disabled.

Fixes: #12372

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
2020-06-08 21:22:32 +00:00
Peter Müller
b1f24c4353 kernel: disable CONFIG_MODIFY_LDT_SYSCALL on i586 and x86_64
Fixes: #12382

Cc: Arne Fitzenreiter <arne.fitzenreiter@ipfire.org>
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
2020-06-08 21:22:05 +00:00
Arne Fitzenreiter
a43b370411 kernel: update to 4.14.183
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
2020-06-04 08:37:00 +02:00
Peter Müller
e6514b3af8 kernel: disable CONFIG_DEBUG_LIST on i586(-pae)
Fixes: #12378

Cc: Arne Fitzenreiter <arne.fitzenreiter@ipfire.org>
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Acked-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
2020-06-02 11:15:51 +00:00
Peter Müller
c2749c1bed kernel: disable CONFIG_USELIB on x86_64 and i586(-pae)
> This option enables the uselib syscall a system call used in the dynamic
> linker from libc5 and earlier. glibc does not use this system call. If you
> intend to run programs built on libc5 or earlier you may need to enable this
> syscall. Current systems running glibc can safely disable this.

In my point of view, the last sentence matches our situation.

Fixes: #12379

Cc: Arne Fitzenreiter <arne.fitzenreiter@ipfire.org>
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Acked-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
2020-06-02 11:15:13 +00:00
Peter Müller
442a7f5ea2 Kernel: drop Memstick support
These are not needed anymore since Sony announced EOL in 2010 and there
is no legitimate use case for such hardware on a firewall system.

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
2020-06-02 11:13:14 +00:00
Peter Müller
90ecad4f66 Kernel: drop bluetooth support
The bluetooth addon was recently removed by commit
592be1d206, which is why we do not need to
carry the corresponding kernel modules around anymore.

The second version of this patch correctly updates kernel configuration
files via "make oldconfig" as requested by Arne.

Cc: Arne Fitzenreiter <arne.fitzenreiter@ipfire.org>
Cc: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
2020-06-02 11:12:58 +00:00
Arne Fitzenreiter
831ff05d89 kernel: enable and enforce signed kernel modules
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
2020-02-06 15:09:52 +01:00
Arne Fitzenreiter
bf671bb2ae kernel: update to 4.14.154
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
2019-11-14 21:23:08 +00:00
Michael Tremer
951a9f9ba0 linux+iptables: Drop support for IMQ
This is no longer needed since we are using IFB now

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Daniel Weismüller <daniel.weismueller@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
2019-10-21 18:58:08 +00:00
Arne Fitzenreiter
c27fdd8697 Revert "linux+iptables: Drop support for IMQ"
This reverts commit 59b9a6bd22.
2019-10-20 20:20:26 +00:00
Arne Fitzenreiter
596c71d07f kernel: update to 4.14.150
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
2019-10-18 23:07:44 +02:00
Michael Tremer
59b9a6bd22 linux+iptables: Drop support for IMQ
This is no longer needed since we are using IFB now

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
2019-10-14 18:02:55 +00:00
Arne Fitzenreiter
69cf4f3065 kernel: update to 4.14.146
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
2019-09-21 20:44:52 +02:00
Arne Fitzenreiter
3b415347bb kernel: update to 4.14.137
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
2019-08-07 20:38:25 +00:00
Arne Fitzenreiter
70590cef48 Kernel: update to 4.14.128
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
2019-06-19 21:01:29 +02:00
Arne Fitzenreiter
716f00b116 kernel: update to 4.14.121
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
2019-05-21 20:42:51 +02:00
Arne Fitzenreiter
16cb73d901 kernel: update to 4.14.120
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
2019-05-17 07:10:52 +02:00
Arne Fitzenreiter
d099196501 kernel: update to 4.14.119
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
2019-05-16 14:26:04 +02:00
Arne Fitzenreiter
5fa063f859 kernel: update to 4.14.112
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
2019-04-17 22:30:19 +02:00
Arne Fitzenreiter
f2afd5e70d kernel: update to 4.14.111
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
2019-04-08 21:47:23 +02:00
Arne Fitzenreiter
aa20f1b277 kernel: update to 4.14.110
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
2019-04-05 07:46:34 +02:00
Michael Tremer
48d3cde9ce kernel: Disable some debugging in expactation to increase performance
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2019-04-01 21:58:23 +01:00
Michael Tremer
474a6a5978 kernel: Enable strict checks for /dev/mem
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2019-04-01 21:55:03 +01:00
Michael Tremer
30c33cb318 kernel: Enable debugging for Atheros drivers
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2019-03-16 12:36:03 +00:00
Michael Tremer
62bf7bd2b2 kernel: Enable DFS support for ath*k drivers
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2019-03-16 12:36:03 +00:00
Matthias Fischer
256070e92f Added 'CONFIG_X86_MSR=y for 'powertop' to i586 and x86_64 builds for fixing #11997
Triggered by:
https://forum.ipfire.org/viewtopic.php?f=69&t=22274

This - probably - fixes Bug #11997.

Needs testing on 64bit installations!

Best,
Matthias

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2019-02-17 13:03:56 +00:00