150fa57ed0
* chacha20poly1305: use slow crypto on -rt kernels on arm too Leftover from the last commit of the previous snapshot that we forgot to handle. * tools: getentropy requires macOS 10.12 Small build time fixup for old versions of macOS. * queueing: remove useless spinlocks on sc * queueing: re-enable preemption periodically to lower latency * simd: encapsulate fpu amortization into nice functions * simd: no need to restore fpu state when no preemption This will improve general system latency on preempt-enabled systems, like desktops. * dns-hatchet: apply resolv.conf's selinux context to new resolv.conf Fixes wg-quick's dns hatchet on CentOS. * qemu: bump default kernel By bumping to 4.17.2, we actually uncovered a bug in the SLUB allocator, which upstream is now fixing: https://lkml.org/lkml/2018/6/18/1407 * noise: take locks for ss precomputation * netlink: maintain static_identity lock over entire private key update Minor locking correctness fixes and optimizations. * noise: wait for crng before taking locks We now make sure that an outgoing packet which needs a potentially unseeded rng won't block a call to wg(8), which takes similar locks for retrieving data. * receive: drop handshake packets if rng is not initialized If the rng is unseeded, we drop incoming handshake packets, so that it's not possible for an attacker to fill the handshake queue thereby provoking cookies. * ratelimiter: mitigate reference underflow * ratelimiter: do not allow concurrent init and uninit Minor correctness and hardening fixes, which don't fix anything particular in WireGuard, but might be useful if our ratelimiter is ever used elsewhere. * compat: use stabler lkml links * poly1305: add missing string.h header Minor fixups. * receive: don't toggle bh The last snapshot caused a big performance regression, which we partially revert here. This general matter, though, will be revisited in the future, perhaps by switching to NAPI. * main: test poly1305 before chacha20poly1305 * poly1305: give linker the correct constant data section size While the default bfd linker did the right thing, gold would sometimes merge section incorrectly because of an incorrect section length field, resulting in wrong calculations. * simd: add missing header Fixes a compile error on a few odd kernels. * global: fix a few typos * manpages: eliminate whitespace at the end of the line * tools: fix misspelling of strchrnul in comment Cosmetic fixups. * global: use ktime boottime instead of jiffies * global: use fast boottime instead of normal boottime * compat: more robust ktime backport We now use the equivalent of clock_gettime(CLOCK_BOOTTIME) for doing age checks on time-limited objects, such as ephemeral keys, so that on systems where we don't clear before sleep (like Android), we make sure to invalidate the objects after the proper amount of time, taking into account time spent asleep. * wg-quick: android: prevent outgoing handshake packets from being dropped Recent android phones block outgoing packets using iptables while the system is asleep. This makes sense for most services, but not for a tunnel device itself, so we work around this by inserting our own iptables rule. * device: print daddr not saddr in missing peer error * receive: style Debug messages now make sense again. * wg-quick: android: support excluding applications Android now supports excluding certain apps (uids) from the tunnel. * selftest: ratelimiter: improve chance of success via retry * qemu: bump default kernel version * qemu: decide debug kernel based on KERNEL_VERSION Some improvements to our testing infrastructure. * receive: use NAPI on the receive path This is a big change that should both improve preemption latency (by not disabling it unconditionally) and vastly improve rx performance on most systems by using NAPI. The main purpose of this snapshot is to test out this technique. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com> |
||
|---|---|---|
| arch | ||
| board | ||
| boot | ||
| configs | ||
| docs | ||
| fs | ||
| linux | ||
| package | ||
| support | ||
| system | ||
| toolchain | ||
| utils | ||
| .defconfig | ||
| .flake8 | ||
| .gitignore | ||
| .gitlab-ci.yml | ||
| .gitlab-ci.yml.in | ||
| CHANGES | ||
| Config.in | ||
| Config.in.legacy | ||
| COPYING | ||
| DEVELOPERS | ||
| Makefile | ||
| Makefile.legacy | ||
| README | ||
Buildroot is a simple, efficient and easy-to-use tool to generate embedded Linux systems through cross-compilation. The documentation can be found in docs/manual. You can generate a text document with 'make manual-text' and read output/docs/manual/manual.text. Online documentation can be found at http://buildroot.org/docs.html To build and use the buildroot stuff, do the following: 1) run 'make menuconfig' 2) select the target architecture and the packages you wish to compile 3) run 'make' 4) wait while it compiles 5) find the kernel, bootloader, root filesystem, etc. in output/images You do not need to be root to build or run buildroot. Have fun! Buildroot comes with a basic configuration for a number of boards. Run 'make list-defconfigs' to view the list of provided configurations. Please feed suggestions, bug reports, insults, and bribes back to the buildroot mailing list: buildroot@buildroot.org You can also find us on #buildroot on Freenode IRC. If you would like to contribute patches, please read https://buildroot.org/manual.html#submitting-patches