David Bauer [Fri, 14 Jan 2022 21:03:24 +0000 (22:03 +0100)]
lantiq: flag FritzBox 7360 family buttons active-low
All buttons of the FritzBox 7360 family are active-low, not active-high.
Corrent the GPIO flag. This fixes release triggers upon push of a button.
Reported-by: Jan-Niklas Burfeind <git@aiyionpri.me>
Signed-off-by: David Bauer <mail@david-bauer.net>
David Bauer [Sat, 8 Jan 2022 11:25:42 +0000 (12:25 +0100)]
hostapd: add op-class to get_status output
Include the current operation class to hostapd get_status interface.
Signed-off-by: David Bauer <mail@david-bauer.net>
Hans Dedecker [Fri, 14 Jan 2022 20:42:35 +0000 (21:42 +0100)]
netifd: update to git HEAD
3043206 system: fix compilation with glibc 2.34
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
David Woodhouse [Tue, 11 Jan 2022 13:01:31 +0000 (13:01 +0000)]
mediatek: mt7623: Enable PCIe bus 0 (and thus SATA) on U7623
Signed-off-by: David Woodhouse <dwmw2@infradead.org>
Ansuel Smith [Mon, 10 Jan 2022 16:02:30 +0000 (17:02 +0100)]
kernel: split kernel version to dedicated files
Move the kernel versions and hash to dedicated files.
This makes kernel bump quicker and fix some annoying
problem with rebasing when multiple kernel bump are proposed.
Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com>
[Rebased on top of current master]
Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
Paul Spooren [Thu, 13 Jan 2022 07:50:19 +0000 (08:50 +0100)]
iptables: enable nftable support by default
OpenWrt plans to move over to firewall4 which uses nftables under the
hood. To allow a smooth migration the package `iptables-nft` offer a
transparent wrapper to apply iptables rules to nftables.
Without the config option for nftables the package isn't installed and
therefore can't be tested. This commit enabled it and therefore provides
the wrapper.
The size of the iptables package increases from 25436 to 26500 Bytes.
Signed-off-by: Paul Spooren <mail@aparcar.org>
Felix Fietkau [Thu, 13 Jan 2022 17:32:26 +0000 (18:32 +0100)]
ramips: enable badblock table support on linksys ea7xxx devices
Use remapping only on the kernel partitions.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Felix Fietkau [Thu, 13 Jan 2022 17:30:51 +0000 (18:30 +0100)]
kernel: mtk_bmt: add support for the bbt format used on mt7621
This does not have spare blocks for remapping, and it is also not suitable
for random write access. It only skips over bad blocks on linear writes of an
image to a partition. As such, it is really only suitable for the kernel
partition, or other partitions with mostly static data
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Felix Fietkau [Tue, 11 Jan 2022 11:45:52 +0000 (12:45 +0100)]
kernel: mtk_bmt: add abstraction for supporting other formats
Preparation for supporting remapping on MT7621
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Felix Fietkau [Wed, 12 Jan 2022 19:56:04 +0000 (20:56 +0100)]
ramips: mt7621_nand: fix writing upper half of fdm data
Since the loop iterates from 0-3, subtracting 4 from the shift
multiplier does not make any sense
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Felix Fietkau [Mon, 10 Jan 2022 11:35:08 +0000 (12:35 +0100)]
mediatek: rework and fix mt7622-rfb1-ubi support
Limit bmt remapping range to cover everything up to and including the kernel image,
use the rest of the flash area for ubi.
Fix partition table and sysupgrade support
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Felix Fietkau [Sun, 9 Jan 2022 19:24:41 +0000 (20:24 +0100)]
kernel: mtk_bmt: remap blocks after reaching bitflip threshold
This ensures that blocks are remapped before data becomes corrupt
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Felix Fietkau [Sun, 9 Jan 2022 19:18:27 +0000 (20:18 +0100)]
kernel: mtk_bmt: pass number of bitflips on read to the caller
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Felix Fietkau [Sun, 9 Jan 2022 18:56:16 +0000 (19:56 +0100)]
kernel: mtk_bmt: add support for limiting range of remapping
This can be used to support ubi on top of mtk_bmt without reflashing the
boot loader. The boot loader + factory + kernel area is covered, while the
rest is passed through as-is
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Felix Fietkau [Sun, 9 Jan 2022 16:27:29 +0000 (17:27 +0100)]
kernel: mtk_bmt: extend debug interface
Add support for showing remapped blocks and garbage collecting old
remapped blocks triggered by using the mark_good/mark_bad files
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Felix Fietkau [Sun, 9 Jan 2022 16:26:46 +0000 (17:26 +0100)]
kernel: mtk_bmt: fix remapping after read/write failure
Copy from the previous block in order to preserve existing data
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Felix Fietkau [Sun, 12 Dec 2021 06:25:41 +0000 (07:25 +0100)]
kernel: move mediatek BMT support patch to generic patches
Preparation for supporting BMT on MT7621. Move source files to the files/
subdirectory in order to simplify maintenance
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Denis Kalashnikov [Tue, 16 Nov 2021 16:06:44 +0000 (19:06 +0300)]
generic: platform/mikrotik: use MTD notifier
If the SPI probe is sufficiently delayed, the routerboot driver may fail
to init as the routerboot partitions are not yet available.
Register an MTD user notifier instead of doing straight init so that the
init subroutines are only executed when the target MTD partitions are
present.
Because the init/exit routines can now be called outside of the kernel
normal init/exit calls, they cannot be jettisoned and must always be
available: the __init and __exit qualifiers are thus removed.
Reported-by: Denis Kalashnikov <denis281089@gmail.com>
Signed-off-by: Denis Kalashnikov <denis281089@gmail.com>
Signed-off-by: Thibaut VARĂˆNE <hacks@slashdirt.org>
Reviewed-by: Sergey Ryazanov <ryazanov.s.a@gmail.com>
[bump hardconfig/softconfig versions]
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
Koen Vandeputte [Wed, 12 Jan 2022 14:25:55 +0000 (15:25 +0100)]
ath79: qca955x: remove double declaration
No need to mention the same value twice
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
Koen Vandeputte [Wed, 13 Oct 2021 08:37:25 +0000 (10:37 +0200)]
ath79: rb912: remove unused property
ar934x does not define property 'rgmii-enabled' in the parsing code
remove it
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
Koen Vandeputte [Wed, 12 Jan 2022 15:11:15 +0000 (16:11 +0100)]
ath79: rb912: fix pll init issues
It was reported that some rb912 boards (ar934x) have issues with some ethernet speeds.
Investigation shows that the board failed to adapt the ethernet pll values as shown here:
[ 5.284359] ag71xx
19000000.eth: failed to read pll-handle property
added custom prints in code and triggering a link switch:
[ 62.821446] Atheros AG71xx: fast reset
[ 62.826442] Atheros AG71xx: update pll 2
[ 62.830494] Atheros AG71xx: no pll regmap!
Comparison with another very similar board (rb922 - QCA955x) showed a missing
reference clock frequency in dts, which seems to cause a pll init issue.
Unfortunately, no errors are printed when this occurs.
Adding the frequency property fixes the pll init as it can be parsed now
by the ethernet driver.
[ 55.861407] Atheros AG71xx: fast reset
[ 55.866403] Atheros AG71xx: update pll 2
[ 55.870462] Atheros AG71xx: ath79_set_pllval: regmap: 0x81548000, pll_reg: 0x2c, pll_val: 0x02000000
Signed-off-by: Sergey Ryazanov <ryazanov.s.a@gmail.com>
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
Oskari Lemmela [Tue, 21 Dec 2021 07:46:01 +0000 (09:46 +0200)]
mikrotik: make soft_config writable
Parent mtd partition needs to be writable
Signed-off-by: Oskari Lemmela <oskari@lemmela.net>
Oskari Lemmela [Tue, 21 Dec 2021 07:46:00 +0000 (09:46 +0200)]
mikrotik: enable variable size erase
Add support for variable size erase blocks.
Enable it to all targets which has mikrotik targets.
Signed-off-by: Oskari Lemmela <oskari@lemmela.net>
Oskari Lemmela [Tue, 21 Dec 2021 07:45:59 +0000 (09:45 +0200)]
generic: platform/mikrotik: make soft_config writable without 4K sectors
Make soft_config writable in all cases. Performing soft_config commit
will fail if mtd partition is not writable.
Signed-off-by: Oskari Lemmela <oskari@lemmela.net>
[bump rb_softconfig version number]
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
Koen Vandeputte [Wed, 20 Oct 2021 13:29:20 +0000 (15:29 +0200)]
imx: bump SDMA firmware to v3.6
No changelog available
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
Hans Dedecker [Wed, 12 Jan 2022 20:10:23 +0000 (21:10 +0100)]
netifd: update to git HEAD
96902e8 Revert "netifd: add devtype to ubus call"
29e6acf netifd: add devtype to ubus call
7ccbf08 netifd: add devtype to ubus call
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Daniel Golle [Wed, 12 Jan 2022 19:14:59 +0000 (19:14 +0000)]
procd: update to git HEAD
ca6c35c uxc: usage message cosmetics
e083dd4 uxc: fix two minor issues reported by Coverity
35dfbff procd: jail/cgroups: correctly enable "rdma" when requested
3b3ac64 procd: mount /dev with noexec
ac2b8b3 procd: clean up /dev/pts mounts
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Daniel Golle [Tue, 11 Jan 2022 00:00:36 +0000 (00:00 +0000)]
generic: deny write to uImage.FIT sub-image partitions
Set policy bit to force read-only mode on uImage.FIT filesystem
sub-images mapped as block partitions by the FIT partition parser.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
David Woodhouse [Mon, 10 Jan 2022 10:23:46 +0000 (10:23 +0000)]
mediatek: mt7623: Re-enable ARM arch timer
CONFIG_ARM_ARCH_TIMER cannot be enabled in the config directly; it is only
selected by CONFIG_HAVE_ARM_ARCH_TIMER. We need to enable the latter in
our config.
Signed-off-by: David Woodhouse <dwmw2@infradead.org>
Fixes: 4f1c5b01c1 ("mediatek: mt7623: backport musb, improve HDMI console")
David Woodhouse [Mon, 10 Jan 2022 09:46:22 +0000 (09:46 +0000)]
mediatek: mt7623: Disable power button reset for U7623-02 board
The Unielec U7623 doesn't have a physical power button; I think it's hard
wired so that it turns on automatically when power is applied (unlike the
Banana Pi R2 which is a pain).
So the 'reset on long press of power button' behaviour that we get when
we enable the PMIC keyboard driver is kind of unhelpful. Disable it.
Signed-off-by: David Woodhouse <dwmw2@infradead.org>
Fixes: 0d3f3323a2 ("mediatek: mt7623: enable more hardware features")
Kevin Darbyshire-Bryant [Mon, 10 Jan 2022 10:19:45 +0000 (10:19 +0000)]
firewall: update to latest HEAD
0f16ea5 options.c: add DSCP code LE Least Effort
24ba465 firewall3: remove redundant syn check
df1306a firewall3: fix locking issue
3624c37 firewall3: support table load on access on Linux 5.15+
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Sven Eckelmann [Mon, 23 Nov 2020 12:41:34 +0000 (13:41 +0100)]
ath79: Add support for OpenMesh OM5P-AC v1
Device specifications:
======================
* Qualcomm/Atheros QCA9558 ver 1 rev 0
* 720/600/240 MHz (CPU/DDR/AHB)
* 128 MB of RAM
* 16 MB of SPI NOR flash
- 2x 7 MB available; but one of the 7 MB regions is the recovery image
* 2T2R 2.4 GHz Wi-Fi (11n)
* 2T2R 5 GHz Wi-Fi (11ac)
* 6x GPIO-LEDs (3x wifi, 2x ethernet, 1x power)
* external h/w watchdog (enabled by default))
* TTL pins are on board (arrow points to VCC, then follows: GND, TX, RX)
* TI tmp423 (package kmod-hwmon-tmp421) for temperature monitoring
* 2x ethernet
- eth0
+ AR8035 ethernet PHY (RGMII)
+ 10/100/1000 Mbps Ethernet
+ 802.3af POE
+ used as LAN interface
- eth1
+ AR8035 ethernet PHY (SGMII)
+ 10/100/1000 Mbps Ethernet
+ 18-24V passive POE (mode B)
+ used as WAN interface
* 12-24V 1A DC
* internal antennas
Flashing instructions:
======================
Various methods can be used to install the actual image on the flash.
Two easy ones are:
ap51-flash
----------
The tool ap51-flash (https://github.com/ap51-flash/ap51-flash) should be
used to transfer the image to the u-boot when the device boots up.
initramfs from TFTP
-------------------
The serial console must be used to access the u-boot shell during bootup.
It can then be used to first boot up the initramfs image from a TFTP server
(here with the IP 192.168.1.21):
setenv serverip 192.168.1.21
setenv ipaddr 192.168.1.1
tftpboot
0c00000 <filename-of-initramfs-kernel>.bin && bootm $fileaddr
The actual sysupgrade image can then be transferred (on the LAN port) to the
device via
scp <filename-of-squashfs-sysupgrade>.bin root@192.168.1.1:/tmp/
On the device, the sysupgrade must then be started using
sysupgrade -n /tmp/<filename-of-squashfs-sysupgrade>.bin
Signed-off-by: Sven Eckelmann <sven@narfation.org>
Sven Eckelmann [Mon, 23 Nov 2020 12:41:34 +0000 (13:41 +0100)]
ath79: Add support for OpenMesh OM5P-AN
Device specifications:
======================
* Qualcomm/Atheros AR9344 rev 2
* 560/450/225 MHz (CPU/DDR/AHB)
* 64 MB of RAM
* 16 MB of SPI NOR flash
- 2x 7 MB available; but one of the 7 MB regions is the recovery image
* 1T1R 2.4 GHz Wi-Fi
* 2T2R 5 GHz Wi-Fi
* 6x GPIO-LEDs (3x wifi, 2x ethernet, 1x power)
* 1x GPIO-button (reset)
* external h/w watchdog (enabled by default)
* TTL pins are on board (arrow points to VCC, then follows: GND, TX, RX)
* TI tmp423 (package kmod-hwmon-tmp421) for temperature monitoring
* 2x ethernet
- eth0
+ AR8035 ethernet PHY
+ 10/100/1000 Mbps Ethernet
+ 802.3af POE
+ used as LAN interface
- eth1
+ 10/100 Mbps Ethernet
+ builtin switch port 1
+ 18-24V passive POE (mode B)
+ used as WAN interface
* 12-24V 1A DC
* internal antennas
Flashing instructions:
======================
Various methods can be used to install the actual image on the flash.
Two easy ones are:
ap51-flash
----------
The tool ap51-flash (https://github.com/ap51-flash/ap51-flash) should be
used to transfer the image to the u-boot when the device boots up.
initramfs from TFTP
-------------------
The serial console must be used to access the u-boot shell during bootup.
It can then be used to first boot up the initramfs image from a TFTP server
(here with the IP 192.168.1.21):
setenv serverip 192.168.1.21
setenv ipaddr 192.168.1.1
tftpboot
0c00000 <filename-of-initramfs-kernel>.bin && bootm $fileaddr
The actual sysupgrade image can then be transferred (on the LAN port) to the
device via
scp <filename-of-squashfs-sysupgrade>.bin root@192.168.1.1:/tmp/
On the device, the sysupgrade must then be started using
sysupgrade -n /tmp/<filename-of-squashfs-sysupgrade>.bin
Signed-off-by: Sven Eckelmann <sven@narfation.org>
Daniel Golle [Sun, 9 Jan 2022 20:09:15 +0000 (20:09 +0000)]
opkg: update to git HEAD of 2022-01-09
db7fb64 libopkg: pkg_hash: prefer to-be-installed packages
2edcfad libopkg: set 'const' attribute for argv
This should fix the ImageBuilder problems people are having since we
introduced the 'uci-firewall' providers.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Tamas Balogh [Mon, 27 Dec 2021 17:04:51 +0000 (18:04 +0100)]
ath79: add support for ASUS RP-AC66
Asus RP-AC66 Repeater
Hardware specifications:
Board: AP152
SoC: QCA9563
DRAM: 64MB DDR2
Flash: 25l128 16MB SPI-NOR
LAN/WAN: 1x1000M QCA8033
WiFi 5GHz: QCA9880
Clocks: CPU:775.000MHz, DDR:650.000MHz, AHB:258.333MHz, Ref:25.000MHz
MAC addresses as verified by OEM firmware:
use address source
Lan/Wan *:24 art 0x1002 (label)
2G *:24 art 0x1002
5G *:26 art 0x5006
Installation:
Asus windows recovery tool:
- install the Asus firmware restoration utility
- unplug the router, hold the reset button while powering it on
- release when the power LED flashes slowly
- specify a static IP on your computer:
IP address: 192.168.1.75
Subnet mask 255.255.255.0
- Start the Asus firmware restoration utility, specify the factory image
and press upload
- Do not power off the device after OpenWrt has booted until the LED flashing.
TFTP Recovery method:
- set computer to a static ip, 192.168.1.75
- connect computer to the LAN 1 port of the router
- hold the reset button while powering on the router for a few seconds
- send firmware image using a tftp client; i.e from linux:
$ tftp
tftp> binary
tftp> connect 192.168.1.1
tftp> put factory.bin
tftp> quit
Signed-off-by: Tamas Balogh <tamasbalogh@hotmail.com>
Stijn Tintel [Sun, 9 Jan 2022 13:30:24 +0000 (15:30 +0200)]
firewall4: bump to git HEAD
9a509d4 ruleset.uc: consolidate ip and ip6 offload
21f311d ruleset.uc: don't trim newline before comment sign
f121383 tests: enable flow offloading in tests
550df40 tests: add test for unknown defaults option
47c5a5b tests: add test for deprecated rule option
69a89d6 tests: add test for unknown rule option
07579df fw4.uc: handle interface zone option
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Fritz D. Ansel [Mon, 2 Aug 2021 17:42:37 +0000 (19:42 +0200)]
mediatek mt7622: fix 300mhz typo in dts
The lowest frequency should be 300MHz, since that is the label
assigned to the OPP in the mt7622.dtsi device tree, while there is one
missing zero in the actual value.
To be clear, the lowest frequency should be 300MHz instead of 30MHz.
As mentioned @dangowrt on the OpenWrt forum there is no benefit in
leaving 30MHz as the lowest frequency.
Signed-off-by: Jip de Beer <gpk6x3591g0l@opayq.com>
Signed-off-by: Fritz D. Ansel <fdansel@yandex.ru>
Stefan Lippers-Hollmann [Thu, 30 Dec 2021 02:52:07 +0000 (03:52 +0100)]
x86: improve sysinfo handling of dummy values
Fall back to using board_vendor and board_name, if known dummy values
are used for sys_vendor and product_name.
Examples:
To be filled by O.E.M.:To be filled by O.E.M.
--> INTEL Corporation:ChiefRiver
System manufacturer:System Product Name
--> ASUSTeK COMPUTER INC.:P8H77-M PRO
To Be Filled By O.E.M.:To Be Filled By O.E.M.
--> ASRock:Q1900DC-ITX
Gigabyte Technology Co., Ltd.:To be filled by O.E.M.
--> Gigabyte Technology Co., Ltd.:H77M-D3H
empty:empty
--> TYAN Computer Corporation:TYAN Toledo i3210W/i3200R S5211
To Be Filled By O.E.M.:To Be Filled By O.E.M.
--> ASRock:H77 Pro4-M
Signed-off-by: Stefan Lippers-Hollmann <s.l-h@gmx.de>
Alex Lewontin [Sat, 1 Jan 2022 21:43:57 +0000 (16:43 -0500)]
ipq806x: janitorial work, respect line lengths
This commit breaks up some lines so that they are shorter than
74 charcters.
Signed-off-by: Alex Lewontin <alex.c.lewontin@gmail.com>
Alex Lewontin [Sat, 1 Jan 2022 21:25:27 +0000 (16:25 -0500)]
ipq806x: modularize generic subtarget
This commit moves the device profiles within the ipq806x/generic
subtarget into their own includable .mk file, to support eventually
having subtargets other than generic.
Signed-off-by: Alex Lewontin <alex.c.lewontin@gmail.com>
Josef Schlehofer [Tue, 28 Dec 2021 22:43:57 +0000 (23:43 +0100)]
kernel: add kmod-usb-net-lan78xx
Add kernel module for Microchip LAN78XX based USB 2 & USB 3
10/100/1000 Ethernet adapters. [1]
This kernel module is required for the Seeed Studio's Mini Router
based on RPI CM4 [2].
[1] <https://cateee.net/lkddb/web-lkddb/USB_LAN78XX.html>
[2] <https://www.seeedstudio.com/Dual-GbE-Carrier-Board-with-4GB-RAM-32GB-eMMC-RPi-CM4-Case-p-5029.html>
Link: <https://github.com/openwrt/openwrt/pull/4893>
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(added kmod-phy-microchip and kmod-fixed-phy dependencies,
rpi3 needs lan78xx but has it built-in)
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
Christian Lamparter [Thu, 30 Dec 2021 19:05:15 +0000 (20:05 +0100)]
kernel: provide kmod-fixed-phy as separate kmod
Almost all targets have the fixed-phy feature built into the kernel.
One big exception is x86. This caused a problem with the upcoming
LAN78xx usb driver. Hence this patch breaks out the fixed-phy from
of_mdio (which didn't include the .ko) and puts into a separate
module.
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
Christian Lamparter [Thu, 30 Dec 2021 19:03:48 +0000 (20:03 +0100)]
kernel: add kmod-phy-microchip
phy drivers for Microchip's LAN88xx PHYs.
This is needed for the "LAN7801" variant
of the upstream lan78xx usb ethernet driver.
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
Hirokazu MORIKAWA [Sat, 8 Jan 2022 00:33:32 +0000 (09:33 +0900)]
toolchain/binutils: v2.37 Close the file descriptor if there is no archive fd
This fixes the following build error:
/home/build/openwrt/staging_dir/toolchain-aarch64_cortex-a53_gcc-11.2.0_musl/lib/gcc/aarch64-openwrt-linux-musl/11.2.0/../../../../aarch64-openwrt-linux-musl/bin/ld: /home/sergey/openwrt2/build_dir/target-aarch64_cortex-a53_musl/node-v14.18.2/out/Release/obj.target/tools/v8_gypfiles/libv8_base_without_compiler.a: error adding symbols: malformed archive
collect2: error: ld returned 1 exit status
It's a bad error handling related to -EMFILE (too many open files). nodejs is probably just very close to open file limit.
https://sourceware.org/bugzilla/show_bug.cgi?id=28138
https://github.com/nodejs/node/issues/39452
https://github.com/openwrt/packages/issues/17496
https://github.com/openwrt/packages/issues/16729
https://github.com/openwrt/packages/issues/17164
Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
[Take full patch from 2.37 branch and refresh]
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Aleksander Jan Bajkowski [Sat, 22 May 2021 18:07:56 +0000 (20:07 +0200)]
lantiq: replace patches with version accepted upstream
Replace recently added patches with version accepted upstream.
Signed-off-by: Aleksander Jan Bajkowski <olek2@wp.pl>
Florian Fainelli [Sat, 8 Jan 2022 04:50:50 +0000 (20:50 -0800)]
elfutils: Add missing musl-fts dependency
libdw depends on libfts.so when building with the musl-libc library, add
this missing dependency.
Fixes: 6835ea13f0fa ("elfutils: update to 0.186")
Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
Marty Jones [Sat, 10 Jul 2021 08:00:30 +0000 (04:00 -0400)]
linux-firmware: add new package r8152-firmware
Linux upstream commit https://github.com/torvalds/linux/commit/
9370f2d05a2a150b0aa719a3070b26d478180df3
add load firmware file through request_firmware,this affect the
nanopi r2s and some USB adapters in kernel 5.10 with this error:
'r8152 4-1:1.0: unable to load firmware patch rtl_nic/rtl8153b-2.fw'
This patch split the USB NIC firmware files from r8169 firmware,
and adds r8152-firmware to r8152 driver.
Add kmod-usb-net-cdc-ncm to support RTL8156A and RTL8156B 2.5G ethernet
adapters supported since v5.13-rc1.
https://github.com/torvalds/linux/commit/
195aae321c829dd1945900d75561e6aa79cce208
Signed-off-by: Marty Jones <mj8263788@gmail.com>
Jan Hoffmann [Thu, 28 Oct 2021 16:56:13 +0000 (18:56 +0200)]
ltq-ifxos: update to 1.7.1
Signed-off-by: Jan Hoffmann <jan@3e8.eu>
[fix warnings, switch to tag tarball, update patches]
Signed-off-by: Andre Heider <a.heider@gmail.com>
Andre Heider [Thu, 16 Dec 2021 11:50:59 +0000 (12:50 +0100)]
ltq-vdsl: move to the default device name /dev/dsl_cpe_api/0
This makes patching it for ltq-vdsl-app unnecessary and paves the way
for VRX518 support.
Signed-off-by: Andre Heider <a.heider@gmail.com>
Hannu Nyman [Mon, 3 Jan 2022 07:29:53 +0000 (09:29 +0200)]
busybox: update to 1.35.0
Update busybox to 1.35.0
* refresh patches
Config refresh:
Refresh commands, run after busybox is first built once:
cd package/utils/busybox/config/
../convert_menuconfig.pl ../../../../build_dir/target-arm_cortex-a15+neon-vfpv4_musl_eabi/busybox-default/busybox-1.35.0
cd ..
./convert_defaults.pl ../../../build_dir/target-arm_cortex-a15+neon-vfpv4_musl_eabi/busybox-default/busybox-1.35.0/.config > Config-defaults.in
Manual edits needed after config refresh:
* Config-defaults.in: OpenWrt config symbol IPV6 logic applied to
BUSYBOX_DEFAULT_FEATURE_IPV6
* Config-defaults.in: OpenWrt configTARGET_bcm53xx logic applied to
BUSYBOX_DEFAULT_TRUNCATE (commit
547f1ec)
* Config-defaults.in: OpenWrt logic applied to
BUSYBOX_DEFAULT_LOGIN_SESSION_AS_CHILD (commit
dc92917)
* config/editors/Config.in: Add USE_GLIBC dependency to
BUSYBOX_CONFIG_FEATURE_VI_REGEX_SEARCH (commit
f141090)
* config/shell/Config.in : change at "Options common to all shells" the symbol
SHELL_ASH --> BUSYBOX_CONFIG_SHELL_ASH
(discussion in http://lists.openwrt.org/pipermail/openwrt-devel/2021-January/033140.html
Apparently our script does not see the hidden option while
prepending config options with "BUSYBOX_CONFIG_" which leads to a
missed dependency when the options are later evaluated.)
* Edit Config.in files by adding quotes to sourced items in
config/Config.in, config/networking/Config.in and config/util-linux/Config.in (commit
1da014f)
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
Glenn Strauss [Wed, 28 Oct 2020 20:39:58 +0000 (16:39 -0400)]
mbedtls: enable session tickets
session tickets are a feature of TLSv1.2 and require less memory
and overhead on the server than does managing a session cache
Building mbedtls with support for session tickets will allow the
feature to be used with lighttpd-1.4.56 and later.
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
Sergey V. Lobanov [Tue, 4 Jan 2022 14:22:07 +0000 (17:22 +0300)]
elfutils: update to 0.186
Upstreamed patches (deleted):
0001-ppc_initreg.c-Incliude-asm-ptrace.h-for-pt_regs-defi.patch -
https://sourceware.org/git/?p=elfutils.git;a=commitdiff;h=
8382833a257b57b0d288be07d2d5e7af6c102869
110-no-cdefs.patch -
https://sourceware.org/git/?p=elfutils.git;a=commitdiff;h=
d390548df1942e98a1d836269a5e41ba52e121f1
Auto-refreshed:
006-Fix-build-on-aarch64-musl.patch
101-no-fts.patch
Manually updated and refreshed:
005-build_only_libs.patch
003-libintl-compatibility.patch
100-musl-compat.patch
Disabled _obstack_free check (via configure vars)
Signed-off-by: Sergey V. Lobanov <sergey@lobanov.in>
Nick McKinney [Fri, 10 Dec 2021 13:23:01 +0000 (08:23 -0500)]
ramips: add support for Linksys EA6350 v4
Specifications:
- SoC: MT7621DAT (880MHz, 2 Cores)
- RAM: 128 MB
- Flash: 128 MB NAND
- Ethernet: 5x 1GiE MT7530
- WiFi: MT7603/MT7613
- USB: 1x USB 3.0
This is another MT7621 device, very similar to other Linksys EA7300
series devices.
Installation:
Upload the generated factory.bin image via the stock web firmware
updater.
Reverting to factory firmware:
Like other EA7300 devices, this device has an A/B router configuration
to prevent bricking. Hard-resetting this device three (3) times will
put the device in failsafe (default) mode. At this point, flash the
OEM image to itself and reboot. This puts the router back into the 'B'
image and allows for a firmware upgrade.
Troubleshooting:
If the firmware will not boot, first restore the factory as described
above. This will then allow the factory.bin update to be applied
properly.
Signed-off-by: Nick McKinney <nick@ndmckinney.net>
Liangkuan Yang [Wed, 11 Aug 2021 07:47:22 +0000 (15:47 +0800)]
ramips: add support for RAISECOM MSG1500 X.00
RAISECOM MSG1500 X.00 is a 2.4/5 GHz band 11ac (Wi-Fi 5) router.
Apart from the general model, there are two ISP customized models:
China Mobile and China Telecom.
Specifications:
- SoC: Mediatek MT7621AT
- RAM: 256MiB DDR3
- Flash: 128MiB NAND
- Ethernet: 5 * 10/100/1000Mbps: 4 * LAN + 1 * WAN
- Switch: MediaTek MT7530 (SoC)
- WLAN: 1 * MT7615DN Dual-Band 2.4GHz 2T2R (400Mbps) 5GHz 2T2R (867Mbps)
- USB: 1 * USB 2.0 port
- Button: 1 * RESET button, 1 * WPS button, 1 * WIFI button
- LED: blue color: POWER, WAN, WPS, 2.4G, 5G, LAN1, LAN2, LAN3, LAN4, USB
- UART: 1 * serial port header (4-pin)
- Power: DC 12V, 1A
- Switch: 1 * POWER switch
MAC addresses as verified by vendor firmware:
use address source
LAN C8:XX:XX:3A:XX:E7 Config "protest_lan_mac" ascii (label)
WAN C8:XX:XX:3A:XX:EA Config "protest_wan_mac" ascii
5G C8:XX:XX:3A:XX:E8 Factory "0x4" hex
2.4G CA:XX:XX:4A:XX:E8 [not on flash]
The increment of the 4th byte for the 2.4g address appears to vary.
Reported cases:
5g 2.4g increment
C8:XX:XX:90:XX:C3 CA:XX:XX:C0:XX:C3 0x30
C8:XX:XX:3A:XX:08 CA:XX:XX:4A:XX:08 0x10
C8:XX:XX:3A:XX:E8 CA:XX:XX:4A:XX:E8 0x10
Since increment is inconsistent and there is no obvious pattern
in swapping bytes, and the 2.4g address has local bit set anyway,
it seems safer to use the LAN address with flipped byte here in
order to prevent collisions between OpenWrt devices and OEM devices
for this interface. This way we at least use an address as base
that is definitely owned by the device at hand.
Notes:
1. The vendor firmware allows you to connect to the router by telnet.
(known version 1.0.0 can open telnet.)
There is no official binary firmware available.
Backup the important partitions data:
"Bootloader", "Config", "Factory", and "firmware".
Note that with the vendor firmware the memory is detected only 128MiB
and the last 512KiB in NAND flash is not used.
2. The POWER LED is default on after press POWER switch.
The WAN and LAN1 - 4 LEDs are wired to ethernet switch.
The WPS LED is controlled by MT7615DN's GPIO.
Currently there is no proper way to configure it.
3. At the time of adding support the wireless config needs to be set up
by editing the wireless config file:
* Setting the country code is mandatory, otherwise the router loses
connectivity at the next reboot. This is mandatory and can be done
from luci. After setting the country code the router boots correctly.
A reset with the reset button will fix the issue and the user has to
reconfigure.
* This is minor since the 5g interface does not come up online although
it is not set as disabled. 2 options here:
1- Either run the "wifi" command. Can be added from LuCI in system -
startup - local startup and just add wifi above "exit 0".
2- Or add the serialize option in the wireless config file as shown
below. This one would work and bring both interfaces automatically
at every boot:
config wifi-device 'radio0'
option serialize '1'
config wifi-device 'radio1'
option serialize '1'
Flash instructions using initramfs image:
1. Press POWER switch to power down if the router is running.
2. Connect PC to one of LAN ports, and set
static IP address to "10.10.10.2", netmask to "255.255.255.0",
and gateway to "10.10.10.1" manually on the PC.
3. Push and hold the WIFI button, and then power up the router.
After about 10s (or you can call the recovery page, see "4" below)
you can release the WIFI button.
There is no clear indication when the router
is entering or has entered into "RAISECOM Router Recovery Mode".
4. Call the recovery page for the router at "http://10.10.10.1".
Keep an eye on the "WARNING!! tip" of the recovery page.
Click "Choose File" to select initramfs image, then click "Upload".
5. If image is uploaded successfully, you will see the page display
"Device is upgrading the firmware... %".
Keep an eye on the "WARNING!! tip" of the recovery page.
When the page display "Upgrade Successfully",
you can set IP address as "automatically obtain".
6. After the rebooting (PC should automatically obtain an IP address),
open the SSH connection, then download the sysupgrade image
to the router and perform sysupgrade with it.
Flash back to vendor firmware:
See "Flash instructions 1 - 5" above.
The only difference is that in step 4
you should select the vendor firmware which you backup.
Signed-off-by: Liangkuan Yang <ylk951207@gmail.com>
Rodrigo Araujo [Fri, 10 Dec 2021 20:09:37 +0000 (20:09 +0000)]
ramips: add support for Joowin WR758AC V1 and V2
This commit adds support for Joowin (aka Comfast) WR758AC V1 and V2
devices.
Both have the same wall AP/repeater form factor and differ only
in the 5Ghz chipset (V1 has MT7662, V2 has MT7663).
OpenWrt developers forum page:
https://forum.openwrt.org/t/87355
Specifications:
- CPU: MediaTek MT7628AN (580MHz)
- Flash: 8MB
- RAM: 64MB DDR2
- 2.4 GHz: 802.11b/g/n (MT7603)
- 5 GHz: 802.11ac (V1 has MT7662, V2 has MT7663)
- Antennas: 4x external single band antennas
- LAN: 1x 10/100M
- LED: Wifi 3x blue. Programmable
- Button: WPS
MAC addresses as verified by OEM firmware:
use address source
LAN *:83 factory 0xe000
2g *:85 factory 0x4
5g *:86 factory 0x8004
How to install:
1- Setup a TFTP server on a machine with IP address 192.168.1.10/24
2- Name the image as `firmware_auto.bin` and place it on the root of the
TFTP server
3- Connect the device via Ethernet, it should pick and flash the image
Signed-off-by: Rodrigo Araujo <araujo.rm@gmail.com>
Sergey V. Lobanov [Sun, 2 Jan 2022 19:18:04 +0000 (22:18 +0300)]
utils/mdadm: fix build on hosts without /run dir
CHECK_RUN_DIR=0 must be a part of MAKE_FLAGS, not MAKE_VARS, otherwise
it is not possible to compile mdadm on host without /run dir.
Signed-off-by: Sergey V. Lobanov <sergey@lobanov.in>
Matthew Hagan [Mon, 3 Jan 2022 23:00:18 +0000 (23:00 +0000)]
kernel: enhance multicast routing support
Certain utilities, such as smcroute [1], require additional multicast
routing options to be enabled, otherwise they will not function
correctly. Enable these relevant dependancies when IPv4 and/or IPv6
multicast routing are enabled.
[1] https://github.com/troglobit/smcroute/blob/master/README.md#linux-requirements
This increases the uncompressed kernel size on MIPS 24kc by 8KBytes
and the compressed kernel size by 1.8KBytes.
Signed-off-by: Matthew Hagan <mnhagan88@gmail.com>
Rui Salvaterra [Wed, 5 Jan 2022 13:27:56 +0000 (13:27 +0000)]
kernel: bump 5.10 to 5.10.90
Add and enable a new kconfig knob to disable unprivileged eBPF by default.
Patches automatically rebased.
Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
John Audia [Wed, 5 Jan 2022 15:54:47 +0000 (10:54 -0500)]
kernel: bump 5.4 to 5.4.170
All patches automatically rebased.
Build system: x86_64
Build-tested: ramips/mt7621
Signed-off-by: John Audia <graysky@archlinux.us>
Hauke Mehrtens [Tue, 28 Dec 2021 20:37:21 +0000 (21:37 +0100)]
toolchain: glibc: Enable --enable-bind-now
Enable --enable-bind-now when CONFIG_PKG_RELRO_FULL is set. This option
is activated by default. This will enable full RELRO protection.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Hauke Mehrtens [Tue, 28 Dec 2021 20:28:53 +0000 (21:28 +0100)]
toolchain: glibc: Increase minimum kernel version to 5.4
Increase the minimum kernel version needed by the glibc compiled for
OpenWrt to version 5.4. With this setting the glibc build will remove
all code needed to support older kernel versions.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Hauke Mehrtens [Tue, 28 Dec 2021 20:25:16 +0000 (21:25 +0100)]
toolchain: glibc: Update to version 2.34
glibc version 2.34 does not provide versioned shared libraries any more,
it only provides shared libraries using the ABI version. Do not try to
copy them any more.
The functions from libpthread and librt were integrated into the main
binary, the libpthread.so and librt.so are only used for backwards
compatibility any more.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Stijn Tintel [Thu, 6 Jan 2022 19:30:14 +0000 (21:30 +0200)]
firewall4: bump to git HEAD
main.uc: fix device gathering
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Jo-Philipp Wich [Thu, 6 Jan 2022 15:55:13 +0000 (16:55 +0100)]
firewall4: fix syntax error in dependency spec
Fixes: ae60af8572 ("firewall4: order DEPENDS alphabetically")
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Stijn Tintel [Mon, 18 Oct 2021 22:42:02 +0000 (00:42 +0200)]
firewall/firewall4: provide uci-firewall
Provide uci-firewall via PROVIDES in both firewall and firewall4. This
will allow us to change the dependency of luci-app-firewall to
uci-firewall, making it possible to use it with either implementation.
Move CONFLICTS from firewall4 to firewall, to solve this recursive
dependency problem:
tmp/.config-package.in:307:error: recursive dependency detected!
tmp/.config-package.in:307: symbol PACKAGE_firewall is selected by PACKAGE_firewall4
tmp/.config-package.in:328: symbol PACKAGE_firewall4 depends on PACKAGE_firewall
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Reviewed-by: Jo-Philipp Wich <jo@mein.io>
Stijn Tintel [Sat, 6 Nov 2021 13:42:30 +0000 (15:42 +0200)]
firewall4: bump to git HEAD
4ead2a6 treewide: move executables to /sbin
9ebc2f4 fw4.uc: filter duplicates in fw4.set
85b74f3 treewide: support flow offloading
be3b4e6 treewide: support hardware flow offloading
38889b7 treewide: support set timeout
31c7550 fw4.uc: do not skip defaults with invalid option
334a127 fw4.uc: introduce DEPRECATED flag
7a0d38f fw4.uc: add _name as deprecated option
5e7ad3b fw4.uc: don't fail on unknown options
be5f4e3 fw4.uc: allow use of cidr in ipsets
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Reviewed-by: Jo-Philipp Wich <jo@mein.io>
Stijn Tintel [Fri, 3 Dec 2021 15:45:28 +0000 (17:45 +0200)]
firewall4: order DEPENDS alphabetically
Add some line breaks while at at, to improve readability.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Reviewed-by: Jo-Philipp Wich <jo@mein.io>
Stijn Tintel [Sat, 6 Nov 2021 13:24:34 +0000 (15:24 +0200)]
firewall4: drop kmod-ipt-nat from CONFLICTS
The limitation of not being able to use iptables and nft nat at the same
time exists only in kernels before 4.18.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Reviewed-by: Jo-Philipp Wich <jo@mein.io>
Daniel Kestrel [Tue, 4 Jan 2022 21:22:51 +0000 (22:22 +0100)]
ltq-deu: disable arc4 algorithm
ARC4 was used for WEP, which is not secure anymore. Therefor it is
disabled in the driver, but the code is not removed for now.
Signed-off-by: Daniel Kestrel <kestrel1974@t-online.de>
Daniel Kestrel [Tue, 4 Jan 2022 20:56:09 +0000 (21:56 +0100)]
ltq-deu: add aes_gcm algorithm
The lantiq AES hardware does not support the gcm algorithm. But it
can be implemented in the driver as a combination of the aes_ctr
algorithm and the xor plus gfmul operations for the hashing.
Due to the wrapping of the several algorithms and the inefficient
16 byte block by 16 byte block invokation in the kernel
implementations, this driver is about 3 times faster for the larger
block sizes.
Signed-off-by: Daniel Kestrel <kestrel1974@t-online.de>
Daniel Kestrel [Thu, 8 Jul 2021 06:14:34 +0000 (08:14 +0200)]
ltq-deu: change PKG_RELEASE to AUTORELEASE
As per suggestion by adschm, PKG_RELEASE is set to AUTORELEASE.
Signed-off-by: Daniel Kestrel <kestrel1974@t-online.de>
Daniel Kestrel [Thu, 8 Jul 2021 06:06:57 +0000 (08:06 +0200)]
ltq-deu: remove redundant code for setting the key in aes
After adding xts and cbcmac the aes algorithm source had three sections
for setting the aes key to the hardware which are identical.
Method aes_set_key_hw was created which is now called from within the
spinlock secured control sections in methods ifx_deu_aes, ifx_deu_aes_xts
and aes_cbcmac_final_impl and reduces the size of ifxmips_aes.c.
Signed-off-by: Daniel Kestrel <kestrel1974@t-online.de>
Daniel Kestrel [Thu, 8 Jul 2021 05:59:41 +0000 (07:59 +0200)]
ltq-deu: add shash cbcmac-aes algorithm to the driver
Since commit
53b6783 hostapd is using the kernel api which includes the
cbcmac-aes shash algorithm. The kernels implementation is a wrapper around
the aes encryption algorithm, which encrypts block (16 bytes) by block.
When the ltq-deu driver is present, it uses hardware aes, but every 16 byte
encrypt requires setting the key. This is very inefficient and is a huge
overhead. Since the cbcmac-aes is simply a hash that uses the cbc aes
algorithm starting with an iv set to x'00' with an optional ecb aes
encryption of a possible last incomplete block that is padded with the
positional bytes of the last cbc encrypted block, this algorithm is now
added to the driver. Most of the code is derived from md5-hmac and
tailored for aes. Tested with the kernels crypto testmgr including extra
tests against the kernels generic ccm module implementation.
This patch also fixes the overallocation in the aes_ctx that is caused
by using u32 instead of u8 for the aes keys.
Signed-off-by: Daniel Kestrel <kestrel1974@t-online.de>
Daniel Kestrel [Thu, 1 Jul 2021 09:38:05 +0000 (11:38 +0200)]
ltq-deu: remove driver disablement for kernel 5.4 and above
Remove the dependency on kernel 5.4 from the Makefile to allow the
driver to compile with kernel 5.10 or kernel versions higher than
5.4.
Signed-off-by: Daniel Kestrel <kestrel1974@t-online.de>
Daniel Kestrel [Thu, 24 Jun 2021 15:41:33 +0000 (17:41 +0200)]
ltq-deu: add aes_xts algorithm
The lantiq AES hardware does not support the xts algorithm. Apart
from the cipher text stealing (XTS), the AES XTS implementation is
just an XOR with the IV, followed by AES ECB, followed by another
XOR with the IV and as such can be also implemented by using the
lantiq hardware's CBC AES implemention plus one additional XOR with
the IV in the driver. The output IV by CBC AES is also not usable
and the gfmul operation not supported by lantiq hardware. Both need
to be done in the driver too in addition to the IV treatment which is
the initial encryption by the other half of the input key and to
set the IV to the IV registers for every block.
In the generic kernel implementation, the block size for XTS is set
to 16 bytes, although the algorithm is designed to process any size
of input larger than 16 bytes. But since there is no way to
indicate a minimum input length, the block size is used. This leads
to certain issues when the skcipher walk functions are used, e.g.
processing less than block size bytes is not supported by calling
skcipher_walk_done.
The walksize is 2 AES blocks because otherwise for splitted input
or output data, less than blocksize is to be returned in some cases,
which cannot be processed. Another issue was that depending on
possible split of input/output data, just 16 bytes are returned while
less than 16 bytes were remaining, while cipher text stealing
requires 17 bytes or more for processing.
For example, if the input is 60 bytes and the walk is 48, then
processing 48 bytes leads to a return code of -EINVAL for
skcipher_walk_done. Therefor the processed counter is used to
figure out, when the actual cipher text stealing for the remaining
bytes less than blocksize needs to be applied.
Measured with cryptsetup benchmark, this XTS AES implementation is
about 19% faster than the kernels XTS implementation that uses the
hardware ECB AES (ca. 18.6 MiB/s vs. 15.8 MiB/s decryption 256b key).
The implementation was tested with the kernels crypto testmgr against
the kernels generic XTS AES implementation including extended tests.
Signed-off-by: Daniel Kestrel <kestrel1974@t-online.de>
Daniel Kestrel [Sun, 20 Jun 2021 19:33:22 +0000 (21:33 +0200)]
ltq-deu: update initialisations for hmac algorithms
The processing in the hmac algorithms depends on the status fields:
count, dbn and started. Not all were initialised in the init method
and after finishing the final method. Added missing fields to init
method and call init method after finishing final.
The memsets have the wrong size in the original driver and did not
clear everything and are not necessary. Since no memset is done in
the kernels generic implementation, memsets were removed.
Signed-off-by: Daniel Kestrel <kestrel1974@t-online.de>
Daniel Kestrel [Tue, 15 Jun 2021 15:33:24 +0000 (17:33 +0200)]
ltq-deu: remove compiler warning and shorten locked sections
Removing hash pointer in _hmac_setkey since its not needed and causes
a compiler warning.
Make the spinlock control sections shorter and move initializations
out of the control sections to free the spinlock faster for allowing
other threads to use the hash engine.
Minor improvements for indentation and removal of blanks and blank
lines in some areas.
Signed-off-by: Daniel Kestrel <kestrel1974@t-online.de>
Daniel Kestrel [Tue, 15 Jun 2021 15:23:05 +0000 (17:23 +0200)]
ltq-deu: fix temp size exceed in hmac algorithms
Exceeding the temp array size was not checked and instead storage not
allocated by the driver was used/overwritten which in most cases
resulted in reboots. This patch implements processing the input to the
hash algorithm in tempsize chunks.
The _hmac_final methods were changed to _hmac_final_impl adding a
parameter that indicates intermediate or final processing. The started
variable was added to the context to indicate, if there is an
intermediate result in the context. For sha1_hmac the variable to store
the intermediate hash was added to the context too.
In order to avoid md5_hmac_final_impl being recursively called if the
padding of the input and the resulting last transform during the hmac
algorighms final processing causes the temp array to overflow and to
make sure that there is at least one block in the temp array when the
_hmac_final for final processing is called, the check for exceeding
the temp array in _hmac_transform was moved before copying the block
and incrementing dbn. dbn needs to be at least 1 at final processing
time to let the hash engine apply the opad operation.
To make the hash engine not apply the hmac algorithms final opad
operation, for intermediate processing the dbn in the control register
is set to a higher value than number of dbns are actually processed.
Signed-off-by: Daniel Kestrel <kestrel1974@t-online.de>
Daniel Kestrel [Sun, 6 Jun 2021 19:16:32 +0000 (21:16 +0200)]
ltq-deu: fix setkey errors and static shared temp for hmac algos
The hmac algorithms state, that keys larger than the key size should be
hashed with the underlying hash algorithms and then those hashes are to
be used as keys. This patch implements this. In order to avoid allocating
a descriptor during setkey, a shash_desc pointer is added to the context.
Another issue for multithreaded callers is the shared temp array.
The temp array is static and as such would be shared among multithreaded
callers, which obviously would neither work nor produce correct results.
The temp array (4k size) is moved to the context and since the size of
the context is limited, it can only be defined as pointer otherwise the
initialisation of the hash algorithm fails.
The allocations and freeing of both the temp and the desc pointer in the
context are done by implementing cra_init and cra_exit functions for
the hmac algorithms.
Also improved indentation in some areas.
Signed-off-by: Daniel Kestrel <kestrel1974@t-online.de>
Daniel Kestrel [Sat, 5 Jun 2021 21:49:59 +0000 (23:49 +0200)]
ltq-deu: fix ifxdeu-ctr-rfc3686(aes) not matching generic impl
Error ifxdeu-ctr-rfc3686(aes) (16) doesn't match generic impl (20) occurs
when running the cryptomgr extra tests that compare against the linux
kernels generic implementation.
Signed-off-by: Daniel Kestrel <kestrel1974@t-online.de>
Daniel Kestrel [Sat, 5 Jun 2021 21:46:58 +0000 (23:46 +0200)]
ltq-deu: changes for hash multithread callers and md5 endianess
The algorithms sha1, sha1_hmac and md5_hmac all use ENDI=1. The md5
algorithm uses ENDI=0 and the endian_swap methods to reverse the
endianess switch by using user CPU time, which is unnecessary overhead.
Danube and AR9 devices do not set endianess for SHA1, so is done for
MD5.
Furthermore the patch replaces endian_swap with le32_to_cpu for md5 and
md5 hmac algorithms and removes endian_swap for them.
The init functions initialize the algorithm in the hardware. The lock is
not used to write to the control register. If another thread calls
another hash algo before update or final, the result will be wrong.
Therefore move the algorithm init to the lock protected sections in the
transform or final methods.
Setting the hw key for the hmac algorithms is now done from within the
lock protected sections in their final methods. The lock protecting is
removed from the _hmac_setkey_hw functions.
In final for md5 and sha1 the lock section is removed, because all the
work was already done in transform (which is called from final). As such
only copying the hash to the output is required.
MD5 and MD5_HMAC produce 16 byte hashes (4 DWORDS) only, therefor
writing register D5R to the hash output is removed for MD5_HMAC.
Signed-off-by: Daniel Kestrel <kestrel1974@t-online.de>
Daniel Kestrel [Sat, 5 Jun 2021 19:37:53 +0000 (21:37 +0200)]
ltq-deu: make deu hash lock global and remove md5_hmac_ exports
All hash algorithms use the same base IFX_HASH_CON to access the hash unit.
Parallel threads should not be able to call different hash algorithms and
therefor a global lock is required.
Fixed linker warning, that md5_hmac_init, md5_hmac_update and
md5_hmac_final are static export symbols. The export symbols are not
required, because the functions are exposed using shash_alg structure.
Signed-off-by: Daniel Kestrel <kestrel1974@t-online.de>
Daniel Kestrel [Mon, 31 May 2021 13:22:43 +0000 (15:22 +0200)]
ltq-deu: add aes_ofb and aes_cfb algorithms
The functions ifx_deu_aes_cfg and ifx_deu_aes_ofb have been part of the
driver ever since. But the functions and definitions to make the
algorithms actually usable were missing.
This patch adds the neccessary code for aes_ofb and aes_cfb algorithms.
Signed-off-by: Daniel Kestrel <kestrel1974@t-online.de>
Daniel Kestrel [Mon, 31 May 2021 13:17:16 +0000 (15:17 +0200)]
ltq-deu: fix cryptomgr test errors for aes
When running cryptomgr tests against the driver, there are several
occurences of different errors for even and uneven splitted data in the
underlying scatterlists for the ctr and ctr_rfc3686 algorithms which are
now fixed.
Fixed error in ctr_rfc3686_aes_decrypt function which was introduced with
the previous commit by using CRYPTO_DIR_ENCRYPT in the decrypt function.
Signed-off-by: Daniel Kestrel <kestrel1974@t-online.de>
Daniel Kestrel [Mon, 31 May 2021 12:43:08 +0000 (14:43 +0200)]
ltq-deu: fix cryptomgr test errors for des
When running cryptomgr tests against the driver, there are several
occurences of different errors for setkey of des and des3-ede
algorithms.
Those key checks are already implemented in the kernels des
implementation, so this is added as dependency and the kernel methods
are called. It also required adding the kernels des/des3 context
definitions to the des_ctx internal structure to be able to call the
kernel methods.
Fixed ifxdeu-des... setkey unexpectedly succeeded on test vector x;
expected_error=-22.
Fixed ifxdeu-des... setkey failed on test vector x; expected_error=0,
actual_error=-22.
Renamed des_ctx internal structure and des_encrypt/des_decrypt methods
because they are already defined in the kernel module.
Fixed wrong DES_xxx constant definitions in crypto_alg definition for
ifxdeu_des3_ede_alg.
Fixed method comment errors.
Signed-off-by: Daniel Kestrel <kestrel1974@t-online.de>
Daniel Kestrel [Mon, 31 May 2021 12:32:27 +0000 (14:32 +0200)]
ltq-deu: convert SHA1 after library impl of SHA1 was removed
The <linux/cryptohash.h> was removed with Linux 5.8, because it only
contained the library implementation of SHA1, which was folded
into <crypto/sha.h>.
So switch this driver away from using <linux/cryptohash.h>.
Signed-off-by: Daniel Kestrel <kestrel1974@t-online.de>
Daniel Kestrel [Mon, 31 May 2021 12:25:00 +0000 (14:25 +0200)]
ltq-deu: convert blkcipher to skcipher
Convert blkcipher to skcipher for the synchronous versions of AES,
DES and ARC4.
The Block Cipher API was depracated for a while and was removed with
Linux 5.5. So switch this driver to the skcipher API.
Signed-off-by: Daniel Kestrel <kestrel1974@t-online.de>
Daniel Kestrel [Mon, 31 May 2021 12:13:42 +0000 (14:13 +0200)]
ltq-deu: set correct control register for AES
Some devices initialize AES during boot and AES works out of the box
and the correct endianess is set.
NDC means (No Danube Compatibility Mode) and the endianess setting has
no effect if its set to 0.
NDC 0: OFF ENDI bit cannot be written as in Danube
To make it work for other devices, the NDC control register needs to
be set to 1.
Signed-off-by: Daniel Kestrel <kestrel1974@t-online.de>
Mathias Kresin [Wed, 14 Apr 2021 22:38:36 +0000 (00:38 +0200)]
ltq-deu: make cipher/digest usable by openssl
OpenSSL with cryptdev support uses the data encryption unit (DEU) driver
for hard accelerated processing of ciphers/digests, if the flag
CRYPTO_ALG_KERN_DRIVER_ONLY is set.
Signed-off-by: Mathias Kresin <dev@kresin.me>
[fix commit title prefix]
Signed-off-by: Daniel Kestrel <kestrel1974@t-online.de>
Mathias Kresin [Sun, 18 Apr 2021 12:37:24 +0000 (14:37 +0200)]
ltq-deu: aes-ctr: process all input data
Even if the minimum blocksize is set to 16 (AES_BLOCK_SIZE), the crypto
manager tests pass 499 bytes of data to the aes-ctr encryption, from
which only 496 bytes are actually encrypted.
Reading the comment regarding the minimum blocksize, it only states that
it's the "smallest possible unit which can be transformed with this
algorithm". Which doesn't necessarily mean, the data have to be a
multiple of the minimal blocksize.
All kernel hardware crypto driver enforce a minimum blocksize of 1,
which perfect fine works for the lantiq data encryption unit as well.
Lower the blocksize limit to 1, to process not padded data as well.
In AES for processing the remaining bytes, uninitialized pointers
were used.
This patch fixes using uninitialized pointers and wrong offsets.
Signed-off-by: Mathias Kresin <dev@kresin.me>
[fix commit title prefix]
Signed-off-by: Daniel Kestrel <kestrel1974@t-online.de>
Mathias Kresin [Sun, 18 Apr 2021 12:26:01 +0000 (14:26 +0200)]
ltq-deu: aes: do not read/write behind buffer
When handling non-aligned remaining data (not padded to 16 byte
[AES_BLOCK_SIZE]), a full 16 byte block is read from the input buffer
and written to the output buffer after en-/decryption.
While code already assumes that an input buffer could have less than 16
byte remaining, as it can be seen by the code zeroing the remaining
bytes till AES_BLOCK_SIZE, the full AES_BLOCK_SIZE is read.
An output buffer size of a multiple of AES_BLOCK_SIZE is expected but
never validated.
To get rid of the read/write behind buffer, use a temporary buffer when
dealing with not padded data and only write as much bytes to the output
as we read.
Do not memcpy directly to the register, to make used of the endian swap
macro and to trigger the crypto start operator via the ID0R to trigger
the register. Since we might need an endian swap for the output in
future, use a temporary buffer for the output as well.
The issue could not be observed so far, since all caller of ifx_deu_aes
will ignore the padded (remaining) data. Considering that the minimum
blocksize for the algorithm is set to AES_BLOCK_SIZE, the behaviour
could be called expected.
Signed-off-by: Mathias Kresin <dev@kresin.me>
[fix commit title prefix]
Signed-off-by: Daniel Kestrel <kestrel1974@t-online.de>
Mathias Kresin [Mon, 19 Apr 2021 18:36:58 +0000 (20:36 +0200)]
ltq-deu: init des/aes before registering crpyto algorithms
The crypto algorithms are registered and available to the system before
the chip is actually powered on and the generic parameter for the DEU
behaviour set.
The issue can mainly be observed if the crypto manager tests are enabled
in the kernel config. The crypto manager test run directly after an
algorithm is registered.
Signed-off-by: Mathias Kresin <dev@kresin.me>
[fix commit title prefix]
Signed-off-by: Daniel Kestrel <kestrel1974@t-online.de>
Daniel Golle [Wed, 5 Jan 2022 14:11:06 +0000 (14:11 +0000)]
mediatek: Clause-45 MDIO patch accepted upstream
To easy future maintainance, replace the local patch with what has been
accepted into net-next and is likely to end up in Linux 5.17.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Matt Fawcett [Fri, 24 Dec 2021 06:45:13 +0000 (06:45 +0000)]
qoriq: Expand generic subtarget description
Signed-off-by: Matt Fawcett <mattytap@icloud.com>
[remove trailing whitespace]
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Daniel Golle [Tue, 4 Jan 2022 23:34:23 +0000 (23:34 +0000)]
mediatek: let mtk_eth_soc MAC announce 2500Base-T mode
To allows Ethernet phys supporting 2500Base-T mode to announce that
speed, enable the corresponding bit in mtk_eth_soc driver.
This should hopefully unlock 2500Base-T speed on the UniFi 6 LR.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Daniel Golle [Tue, 4 Jan 2022 23:01:53 +0000 (23:01 +0000)]
kernel: improve driver support for gen-3 Aquantia Ethernet PHYs
* correctly set system side interface, the original patch was
errornous and there is a follow-up fix for it
* enable phy statistics for AQR112(+R/C) and ARQ412
(ethtool --phy-statistics ethX)
Tested, including phy-statistics, on
- IEI Puzzle M901 (AQR112, AQR112C, AQR112R)
- IEI Puzzle M902 (AQR113, AQR112R)
- Ubiquiti UniFi 6 LR (AQR112C)
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Paul Spooren [Tue, 4 Jan 2022 12:06:03 +0000 (13:06 +0100)]
uml: drop Kernel 5.4
After the switch to Kernel 5.10 the old files are no longer required.
Signed-off-by: Paul Spooren <mail@aparcar.org>
Paul Spooren [Tue, 4 Jan 2022 12:05:13 +0000 (13:05 +0100)]
uml: switch to Kernel 5.10
Switch over from testing version.
Signed-off-by: Paul Spooren <mail@aparcar.org>
Paul Spooren [Sat, 1 Jan 2022 17:42:30 +0000 (17:42 +0000)]
ipq807x: drop target
The target is in an incomplete state and will not receive Kernel 5.10
support, ego it should be dropped before the next release.
People are working on ipq807x with Kernel 5.15 which is only relevant
for the second next release. Once a working patchset exists the target
can be added again.
Signed-off-by: Paul Spooren <mail@aparcar.org>
Paul Spooren [Fri, 31 Dec 2021 10:19:57 +0000 (10:19 +0000)]
lua: add HOST_FPIC for host builds
Compiling without fPIC causes linking issues for packages using liblua.
Add $(HOST_FPIC) to host builds for both lua and lua5.3.
Suggested-by: Rosen Penev <rosenp@gmail.com>
Signed-off-by: Paul Spooren <mail@aparcar.org>