From 7b911a9c492f3db50fe97311b8cee9850acf03ad Mon Sep 17 00:00:00 2001 From: Christian Lamparter Date: Thu, 14 Mar 2024 07:13:37 +0100 Subject: [PATCH 1/9] firmware: intel-microcode: update to 20240312 Debian changelog: intel-microcode (3.20240312.1) unstable; urgency=medium * New upstream microcode datafile 20240312 (closes: #1066108) - Mitigations for INTEL-SA-INTEL-SA-00972 (CVE-2023-39368): Protection mechanism failure of bus lock regulator for some Intel Processors may allow an unauthenticated user to potentially enable denial of service via network access. - Mitigations for INTEL-SA-INTEL-SA-00982 (CVE-2023-38575): Non-transparent sharing of return predictor targets between contexts in some Intel Processors may allow an authorized user to potentially enable information disclosure via local access. Affects SGX as well. - Mitigations for INTEL-SA-INTEL-SA-00898 (CVE-2023-28746), aka RFDS: Information exposure through microarchitectural state after transient execution from some register files for some Intel Atom Processors and E-cores of Intel Core Processors may allow an authenticated user to potentially enable information disclosure via local access. Enhances VERW instruction to clear stale register buffers. Affects SGX as well. Requires kernel update to be effective. - Mitigations for INTEL-SA-INTEL-SA-00960 (CVE-2023-22655), aka TECRA: Protection mechanism failure in some 3rd and 4th Generation Intel Xeon Processors when using Intel SGX or Intel TDX may allow a privileged user to potentially enable escalation of privilege via local access. NOTE: effective only when loaded by firmware. Allows SMM firmware to attack SGX/TDX. - Mitigations for INTEL-SA-INTEL-SA-01045 (CVE-2023-43490): Incorrect calculation in microcode keying mechanism for some Intel Xeon D Processors with Intel SGX may allow a privileged user to potentially enable information disclosure via local access. * Fixes for other unspecified functional issues on many processors * Updated microcodes: sig 0x00050653, pf_mask 0x97, 2023-07-28, rev 0x1000191, size 36864 sig 0x00050656, pf_mask 0xbf, 2023-07-28, rev 0x4003605, size 38912 sig 0x00050657, pf_mask 0xbf, 2023-07-28, rev 0x5003605, size 37888 sig 0x0005065b, pf_mask 0xbf, 2023-08-03, rev 0x7002802, size 30720 sig 0x00050665, pf_mask 0x10, 2023-08-03, rev 0xe000015, size 23552 sig 0x000506f1, pf_mask 0x01, 2023-10-05, rev 0x003e, size 11264 sig 0x000606a6, pf_mask 0x87, 2023-09-14, rev 0xd0003d1, size 307200 sig 0x000606c1, pf_mask 0x10, 2023-12-05, rev 0x1000290, size 299008 sig 0x000706a1, pf_mask 0x01, 2023-08-25, rev 0x0040, size 76800 sig 0x000706a8, pf_mask 0x01, 2023-08-25, rev 0x0024, size 76800 sig 0x000706e5, pf_mask 0x80, 2023-09-14, rev 0x00c4, size 114688 sig 0x000806c1, pf_mask 0x80, 2023-09-13, rev 0x00b6, size 111616 sig 0x000806c2, pf_mask 0xc2, 2023-09-13, rev 0x0036, size 98304 sig 0x000806d1, pf_mask 0xc2, 2023-09-13, rev 0x0050, size 104448 sig 0x000806ec, pf_mask 0x94, 2023-07-16, rev 0x00fa, size 106496 sig 0x000806f8, pf_mask 0x87, 2024-01-03, rev 0x2b000590, size 579584 sig 0x000806f7, pf_mask 0x87, 2024-01-03, rev 0x2b000590 sig 0x000806f6, pf_mask 0x87, 2024-01-03, rev 0x2b000590 sig 0x000806f5, pf_mask 0x87, 2024-01-03, rev 0x2b000590 sig 0x000806f4, pf_mask 0x87, 2024-01-03, rev 0x2b000590 sig 0x00090661, pf_mask 0x01, 2023-09-26, rev 0x0019, size 20480 sig 0x00090672, pf_mask 0x07, 2023-09-19, rev 0x0034, size 224256 sig 0x00090675, pf_mask 0x07, 2023-09-19, rev 0x0034 sig 0x000b06f2, pf_mask 0x07, 2023-09-19, rev 0x0034 sig 0x000b06f5, pf_mask 0x07, 2023-09-19, rev 0x0034 sig 0x000906a3, pf_mask 0x80, 2023-09-19, rev 0x0432, size 222208 sig 0x000906a4, pf_mask 0x80, 2023-09-19, rev 0x0432 sig 0x000906c0, pf_mask 0x01, 2023-09-26, rev 0x24000026, size 20480 sig 0x000906e9, pf_mask 0x2a, 2023-09-28, rev 0x00f8, size 108544 sig 0x000906ea, pf_mask 0x22, 2023-07-26, rev 0x00f6, size 105472 sig 0x000906ec, pf_mask 0x22, 2023-07-26, rev 0x00f6, size 106496 sig 0x000906ed, pf_mask 0x22, 2023-07-27, rev 0x00fc, size 106496 sig 0x000a0652, pf_mask 0x20, 2023-07-16, rev 0x00fa, size 97280 sig 0x000a0653, pf_mask 0x22, 2023-07-16, rev 0x00fa, size 97280 sig 0x000a0655, pf_mask 0x22, 2023-07-16, rev 0x00fa, size 97280 sig 0x000a0660, pf_mask 0x80, 2023-07-16, rev 0x00fa, size 97280 sig 0x000a0661, pf_mask 0x80, 2023-07-16, rev 0x00fa, size 96256 sig 0x000a0671, pf_mask 0x02, 2023-09-14, rev 0x005e, size 108544 sig 0x000b0671, pf_mask 0x32, 2023-12-14, rev 0x0122, size 215040 sig 0x000b06a2, pf_mask 0xe0, 2023-12-07, rev 0x4121, size 220160 sig 0x000b06a3, pf_mask 0xe0, 2023-12-07, rev 0x4121 sig 0x000b06e0, pf_mask 0x11, 2023-09-25, rev 0x0015, size 138240 * New microcodes: sig 0x000a06a4, pf_mask 0xe6, 2024-01-03, rev 0x001c, size 136192 sig 0x000b06a8, pf_mask 0xe0, 2023-12-07, rev 0x4121, size 220160 sig 0x000c06f2, pf_mask 0x87, 2023-11-20, rev 0x21000200, size 549888 sig 0x000c06f1, pf_mask 0x87, 2023-11-20, rev 0x21000200 * source: update symlinks to reflect id of the latest release, 20240312 * changelog, debian/changelog: fix typos -- Henrique de Moraes Holschuh Tue, 12 Mar 2024 20:28:17 -0300 Signed-off-by: Christian Lamparter --- package/firmware/intel-microcode/Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/package/firmware/intel-microcode/Makefile b/package/firmware/intel-microcode/Makefile index d9b527a61f..91a697c673 100644 --- a/package/firmware/intel-microcode/Makefile +++ b/package/firmware/intel-microcode/Makefile @@ -8,12 +8,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=intel-microcode -PKG_VERSION:=20231114 +PKG_VERSION:=20240312 PKG_RELEASE:=1 PKG_SOURCE:=intel-microcode_3.$(PKG_VERSION).1.tar.xz PKG_SOURCE_URL:=@DEBIAN/pool/non-free-firmware/i/intel-microcode/ -PKG_HASH:=637ac30d3fc36eb51d3ed71909f09f7408797f4527c20e58d3b0ad4eafc20869 +PKG_HASH:=25f53bab1bf0c84aba927a77a97a9f1147c94199fa95b5187d874f839f022808 PKG_BUILD_DIR:=$(BUILD_DIR)/intel-microcode-3.$(PKG_VERSION).1 PKG_CPE_ID:=cpe:/a:intel:microcode From 091897fad2efa7d0fea0bddd38c06ff491761e55 Mon Sep 17 00:00:00 2001 From: Hauke Mehrtens Date: Wed, 13 Mar 2024 18:09:22 +0100 Subject: [PATCH 2/9] kernel: kmod-crypto-user: Add missing dependency The algif_rng.ko kernel module depends on the rng.ko kernel module with kernel 6.6 when compiling for MIPS malta. Signed-off-by: Hauke Mehrtens --- package/kernel/linux/modules/crypto.mk | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package/kernel/linux/modules/crypto.mk b/package/kernel/linux/modules/crypto.mk index 49882c58df..ea2a104335 100644 --- a/package/kernel/linux/modules/crypto.mk +++ b/package/kernel/linux/modules/crypto.mk @@ -1119,7 +1119,7 @@ $(eval $(call KernelPackage,crypto-test)) define KernelPackage/crypto-user TITLE:=CryptoAPI userspace interface - DEPENDS:=+kmod-crypto-hash +kmod-crypto-manager + DEPENDS:=+kmod-crypto-hash +kmod-crypto-manager +LINUX_6_6:kmod-crypto-rng KCONFIG:= \ CONFIG_CRYPTO_USER \ CONFIG_CRYPTO_USER_API \ From c00fbba57c321fa5a1d063527f7e851aa30458ab Mon Sep 17 00:00:00 2001 From: Hauke Mehrtens Date: Wed, 13 Mar 2024 20:24:23 +0100 Subject: [PATCH 3/9] kernel: kmod-crypto-gf128: Fix build with kernel 6.6 The gf128mul.ko module was moved in kernel 6.2: https://git.kernel.org/linus/61c581a46a9668747d355436bd4b2505594539bd Signed-off-by: Hauke Mehrtens --- package/kernel/linux/modules/crypto.mk | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/package/kernel/linux/modules/crypto.mk b/package/kernel/linux/modules/crypto.mk index ea2a104335..21b7aa51bd 100644 --- a/package/kernel/linux/modules/crypto.mk +++ b/package/kernel/linux/modules/crypto.mk @@ -290,8 +290,12 @@ $(eval $(call KernelPackage,crypto-xcbc)) define KernelPackage/crypto-gf128 TITLE:=GF(2^128) multiplication functions CryptoAPI module - KCONFIG:=CONFIG_CRYPTO_GF128MUL - FILES:=$(LINUX_DIR)/crypto/gf128mul.ko + KCONFIG:= \ + CONFIG_CRYPTO_GF128MUL \ + CONFIG_CRYPTO_LIB_GF128MUL + FILES:= \ + $(LINUX_DIR)/crypto/gf128mul.ko@lt6.2 \ + $(LINUX_DIR)/lib/crypto/gf128mul.ko@ge6.2 AUTOLOAD:=$(call AutoLoad,09,gf128mul) $(call AddDepends/crypto) endef From 712cda13514f593f0d6b82ac7056442291fce14a Mon Sep 17 00:00:00 2001 From: Hauke Mehrtens Date: Wed, 13 Mar 2024 20:35:19 +0100 Subject: [PATCH 4/9] kernel: kmod-can-slcan: Fix can-slcan.ko location The slcan.ko file was moved in upstream Linux: https://git.kernel.org/linus/98b12064591d635db86da4957b547067dc6897cc This fixes the build with kernel >= 6.0. This module was never build with kernel 6.1 before. Signed-off-by: Hauke Mehrtens --- package/kernel/linux/modules/can.mk | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/package/kernel/linux/modules/can.mk b/package/kernel/linux/modules/can.mk index 4ff85d1c01..e6c5db7135 100644 --- a/package/kernel/linux/modules/can.mk +++ b/package/kernel/linux/modules/can.mk @@ -182,7 +182,9 @@ $(eval $(call KernelPackage,can-raw)) define KernelPackage/can-slcan TITLE:=Serial / USB serial CAN Adaptors (slcan) KCONFIG:=CONFIG_CAN_SLCAN - FILES:=$(LINUX_DIR)/drivers/net/can/slcan.ko + FILES:= \ + $(LINUX_DIR)/drivers/net/can/slcan.ko@lt6.0 \ + $(LINUX_DIR)/drivers/net/can/slcan/slcan.ko@ge6.0 AUTOLOAD:=$(call AutoProbe,slcan) $(call AddDepends/can) endef From d249635c5b6ef1565e15672c372e27980a892180 Mon Sep 17 00:00:00 2001 From: Hauke Mehrtens Date: Thu, 14 Mar 2024 20:22:59 +0100 Subject: [PATCH 5/9] kernel: kmod-can-flexcan: Fix flexcan.ko location The flexcan.ko file was moved in upstream Linux: https://git.kernel.org/linus/bfd00e021cf162049946a9e0047b0997d2b35fec This fixes the build with kernel >= 5.17. This module was never build with kernel 6.1 before. Signed-off-by: Hauke Mehrtens --- package/kernel/linux/modules/can.mk | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/package/kernel/linux/modules/can.mk b/package/kernel/linux/modules/can.mk index e6c5db7135..2175d0d565 100644 --- a/package/kernel/linux/modules/can.mk +++ b/package/kernel/linux/modules/can.mk @@ -119,7 +119,9 @@ $(eval $(call KernelPackage,can-c-can-platform)) define KernelPackage/can-flexcan TITLE:=Support for Freescale FLEXCAN based chips KCONFIG:=CONFIG_CAN_FLEXCAN - FILES:=$(LINUX_DIR)/drivers/net/can/flexcan.ko + FILES:= \ + $(LINUX_DIR)/drivers/net/can/flexcan.ko@lt5.17 \ + $(LINUX_DIR)/drivers/net/can/flexcan/flexcan.ko@ge5.17 AUTOLOAD:=$(call AutoProbe,flexcan) $(call AddDepends/can,@TARGET_imx) endef From fcf045354918acbbd9665f28f334defab1f545fa Mon Sep 17 00:00:00 2001 From: Hauke Mehrtens Date: Wed, 13 Mar 2024 20:02:01 +0100 Subject: [PATCH 6/9] kernel: kmod-can: Fix build of can drivers Many can kernel modules are now gated by the newly introduced CONFIG_CAN_NETLINK configuration option. Activate it to build the can drivers again. This was changed in this upstream Linux commit: https://git.kernel.org/linus/df6ad5dd838e0fa543ca28ca6154901fa65a9443 This should fix these warnings with kernel 6.1 and 6.6: logs/package/kernel/linux/compile.txt:WARNING: kmod-can-c-can is not available in the kernel config - generating empty package logs/package/kernel/linux/compile.txt:WARNING: kmod-can-c-can-pci is not available in the kernel config - generating empty package logs/package/kernel/linux/compile.txt:WARNING: kmod-can-c-can-platform is not available in the kernel config - generating empty package logs/package/kernel/linux/compile.txt:WARNING: kmod-can-mcp251x is not available in the kernel config - generating empty package logs/package/kernel/linux/compile.txt:WARNING: kmod-can-slcan is not available in the kernel config - generating empty package logs/package/kernel/linux/compile.txt:WARNING: kmod-can-usb-8dev is not available in the kernel config - generating empty package logs/package/kernel/linux/compile.txt:WARNING: kmod-can-usb-ems is not available in the kernel config - generating empty package logs/package/kernel/linux/compile.txt:WARNING: kmod-can-usb-kvaser is not available in the kernel config - generating empty package logs/package/kernel/linux/compile.txt:WARNING: kmod-can-usb-peak is not available in the kernel config - generating empty package Signed-off-by: Hauke Mehrtens --- package/kernel/linux/modules/can.mk | 1 + target/linux/generic/config-6.6 | 1 + 2 files changed, 2 insertions(+) diff --git a/package/kernel/linux/modules/can.mk b/package/kernel/linux/modules/can.mk index 2175d0d565..eda9b0c487 100644 --- a/package/kernel/linux/modules/can.mk +++ b/package/kernel/linux/modules/can.mk @@ -13,6 +13,7 @@ define KernelPackage/can KCONFIG:=\ CONFIG_CAN=m \ CONFIG_CAN_DEV \ + CONFIG_CAN_NETLINK=y \ CONFIG_CAN_CALC_BITTIMING=y \ CONFIG_CAN_LEDS=y \ CONFIG_CAN_AT91=n \ diff --git a/target/linux/generic/config-6.6 b/target/linux/generic/config-6.6 index 3cb50bc274..d544ab9c4c 100644 --- a/target/linux/generic/config-6.6 +++ b/target/linux/generic/config-6.6 @@ -898,6 +898,7 @@ CONFIG_CACHE_L2X0_PMU=y # CONFIG_CAN_DEV is not set # CONFIG_CAN_ESD_USB is not set # CONFIG_CAN_ETAS_ES58X is not set +# CONFIG_CAN_F81604 is not set # CONFIG_CAN_GS_USB is not set # CONFIG_CAN_GW is not set # CONFIG_CAN_HI311X is not set From 9c6cf8e77c4adfa4808e937e76b8de38058d4e5a Mon Sep 17 00:00:00 2001 From: Hauke Mehrtens Date: Wed, 13 Mar 2024 21:08:55 +0100 Subject: [PATCH 7/9] kernel: kmod-video-cpia2: Depend on kernel 5.15 This driver was moved to staging in kernel 6.1 and then removed in kernel 6.3, see these commits: https://git.kernel.org/linus/be8cebc46d9d38166a1b3fda22a018ae52b0928e https://git.kernel.org/linus/9ea8a9c72a9b4d24e6045ee25f5e465dc22f9f55 Build it only on older kernel versions. Signed-off-by: Hauke Mehrtens --- package/kernel/linux/modules/video.mk | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package/kernel/linux/modules/video.mk b/package/kernel/linux/modules/video.mk index e3a350e781..45034ba3e8 100644 --- a/package/kernel/linux/modules/video.mk +++ b/package/kernel/linux/modules/video.mk @@ -527,7 +527,7 @@ $(eval $(call KernelPackage,video-videobuf2)) define KernelPackage/video-cpia2 TITLE:=CPIA2 video driver - DEPENDS:=@USB_SUPPORT +kmod-usb-core + DEPENDS:=@USB_SUPPORT +kmod-usb-core @LINUX_5_15 KCONFIG:=CONFIG_VIDEO_CPIA2 FILES:=$(LINUX_DIR)/drivers/media/$(V4L2_USB_DIR)/cpia2/cpia2.ko AUTOLOAD:=$(call AutoProbe,cpia2) From d2898c273dee0ebf8b086c8c400bea1f7ad6b699 Mon Sep 17 00:00:00 2001 From: Hauke Mehrtens Date: Wed, 13 Mar 2024 21:02:11 +0100 Subject: [PATCH 8/9] kernel: kmod-hwmon-coretemp: Depend on x86 This kernel module depends on x86, it works only on some Intel CPUs. Signed-off-by: Hauke Mehrtens --- package/kernel/linux/modules/hwmon.mk | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package/kernel/linux/modules/hwmon.mk b/package/kernel/linux/modules/hwmon.mk index 0d105dcc9e..5be63ce779 100644 --- a/package/kernel/linux/modules/hwmon.mk +++ b/package/kernel/linux/modules/hwmon.mk @@ -82,7 +82,7 @@ define KernelPackage/hwmon-coretemp KCONFIG:=CONFIG_SENSORS_CORETEMP FILES:=$(LINUX_DIR)/drivers/hwmon/coretemp.ko AUTOLOAD:=$(call AutoProbe,coretemp) - $(call AddDepends/hwmon,) + $(call AddDepends/hwmon,@TARGET_x86) endef define KernelPackage/hwmon-coretemp/description From e40471e92316873e9da31ea32b61e98cb01649c1 Mon Sep 17 00:00:00 2001 From: Hauke Mehrtens Date: Wed, 13 Mar 2024 21:00:57 +0100 Subject: [PATCH 9/9] kernel: Activate CONFIG_NET_VENDOR_DAVICOM CONFIG_NET_VENDOR_DAVICOM is needed to activate the CONFIG_DM9000 option which builds the kmod-dm9000. This fixes the following warning: logs/package/kernel/linux/compile.txt:WARNING: kmod-dm9000 is not available in the kernel config - generating empty package Signed-off-by: Hauke Mehrtens --- target/linux/generic/config-6.1 | 2 +- target/linux/generic/config-6.6 | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/target/linux/generic/config-6.1 b/target/linux/generic/config-6.1 index fabe7029c5..fa82f9cb9a 100644 --- a/target/linux/generic/config-6.1 +++ b/target/linux/generic/config-6.1 @@ -4361,7 +4361,7 @@ CONFIG_NET_VENDOR_CHELSIO=y CONFIG_NET_VENDOR_CIRRUS=y CONFIG_NET_VENDOR_CISCO=y CONFIG_NET_VENDOR_CORTINA=y -# CONFIG_NET_VENDOR_DAVICOM is not set +CONFIG_NET_VENDOR_DAVICOM=y CONFIG_NET_VENDOR_DEC=y CONFIG_NET_VENDOR_DLINK=y CONFIG_NET_VENDOR_EMULEX=y diff --git a/target/linux/generic/config-6.6 b/target/linux/generic/config-6.6 index d544ab9c4c..7486d8c882 100644 --- a/target/linux/generic/config-6.6 +++ b/target/linux/generic/config-6.6 @@ -4456,7 +4456,7 @@ CONFIG_NET_VENDOR_CHELSIO=y CONFIG_NET_VENDOR_CIRRUS=y CONFIG_NET_VENDOR_CISCO=y CONFIG_NET_VENDOR_CORTINA=y -# CONFIG_NET_VENDOR_DAVICOM is not set +CONFIG_NET_VENDOR_DAVICOM=y CONFIG_NET_VENDOR_DEC=y CONFIG_NET_VENDOR_DLINK=y CONFIG_NET_VENDOR_EMULEX=y