openwrt/staging/neocturne.git
18 months agoramips: add support for D-Link DAP-1620 B1
Rani Hod [Sun, 9 Apr 2023 19:47:58 +0000 (22:47 +0300)]
ramips: add support for D-Link DAP-1620 B1

The DAP-1620 rev B is a wall-plug AC1300 repeater.

Specifications:
- MT7621AT, 256 MiB RAM, 16 MiB SPI NOR
- MT7615DN 2x2 802.11n +2x2 802.11ac (DBDC)
- Ethernet: 1 port 10/100/1000
- Status LEDs (1x red+green)
- LED RSSI bargraph (2x green, 1x red+green)

Installation:
- Keep reset button pressed during plug-in
- Web Recovery Updater is at 192.168.0.50
- Upload factory.bin, confirm flashing
  (seems to work best with Chromium-based browsers)

Revert to OEM firmware:
- tail -c+117 DAP1620B1_FW212B03.bin | \
  openssl aes-256-cbc -d -md md5 -out decrypted.bin \
  -k 905503a4e0c3cd3c1ce062246de427a68962347e
- flash decrypted.bin via D-Link Web Recovery

Signed-off-by: Rani Hod <rani.hod@gmail.com>
18 months agobcm27xx: Deactivate CONFIG_OABI_COMPAT
Hauke Mehrtens [Sat, 22 Apr 2023 17:56:42 +0000 (19:56 +0200)]
bcm27xx: Deactivate CONFIG_OABI_COMPAT

This deactivates the kernel option CONFIG_OABI_COMPAT.

The old arm OABI is not needed any more, we compile all applications for
the new ARM EABI.

This reduces the attack surface of the kernel syscall interface.

On all other targets CONFIG_OABI_COMPAT is already deactivated.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
18 months agokernel: Deactivate CONFIG_COMPAT
Hauke Mehrtens [Sat, 22 Apr 2023 17:48:54 +0000 (19:48 +0200)]
kernel: Deactivate CONFIG_COMPAT

This deactivates the CONFIG_COMPAT kernel option.
With CONFIG_COMPAT the kernel will provide syscall interfaces for arm32
binaries in addition to the interfaces needed for arm64 binaries.

In OpenWrt the complete userspace is compiled for this specific
architecture and support for 32 bit ARM applications is not needed.
This reduces the size and the attack surface for the systems.

On all other targets CONFIG_COMPAT is already deactivated.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
18 months agokernel: Deactivate CONFIG_LEGACY_PTYS
Hauke Mehrtens [Sat, 22 Apr 2023 13:40:59 +0000 (15:40 +0200)]
kernel: Deactivate CONFIG_LEGACY_PTYS

The legacy (BSD) PTY support could open security problems in a system,
We do not need them in OpenWrt, deactivate this option in all targets.

Debian also deactivates this option.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
18 months agokernel: Activate CONFIG_ARM64_SW_TTBR0_PAN
Hauke Mehrtens [Sat, 22 Apr 2023 17:52:22 +0000 (19:52 +0200)]
kernel: Activate CONFIG_ARM64_SW_TTBR0_PAN

This activates the CONFIG_ARM64_SW_TTBR0_PAN option for all arm64
kernels by default.

The CONFIG_ARM64_SW_TTBR0_PAN option prevents the kernel form accessing
user space memory directly. This makes it harder to exploit the kernel.

This is activated by default and was already activate on all other arm64
targets before.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
18 months agokernel: Activate CONFIG_HARDENED_USERCOPY for all targets
Hauke Mehrtens [Sat, 22 Apr 2023 13:52:56 +0000 (15:52 +0200)]
kernel: Activate CONFIG_HARDENED_USERCOPY for all targets

This activates CONFIG_HARDENED_USERCOPY for the remaining targets. This
adds additional checks in the copy_from_user() and copy_to_user()
functions.

This was not activated for ARCHS38 before because of a bug in the Linux
kernel 5.4 till 5.14, which as fixed and is described here:
https://github.com/foss-for-synopsys-dwc-arc-processors/linux/issues/15

I do not know why this was deactivated for mt7629 and rockchip.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
18 months agoramips: mt7621: add support for ZyXEL WSM20
Andreas Böhler [Tue, 4 Apr 2023 17:41:26 +0000 (19:41 +0200)]
ramips: mt7621: add support for ZyXEL WSM20

The ZyXEL WSM20 aka Multy M1 is a cheap mesh router system by ZyXEL
based on the MT7621 CPU.

Specifications
==============

SoC: MediaTek MT7621AT (880MHz)
RAM: 256MiB
Flash: 128MiB NAND
Wireless: 802.11ax (2x2 MT7915E DBDC)
Ethernet: 4x 10/100/1000 (MT7530)
Button: 1x WPS, 1x Reset, 1x LED On/Off
LED: 7 LEDs (3x white, 2x red, 2x green)

MAC address assignment
======================

The MAC address assignment follows stock: The label MAC address is the LAN
MAC address, the WAN address is read from flash.

The WiFi MAC addresses are set in userspace to label MAC + 1 and label MAC
+ 2.

Installation (web interface)
============================

The device is cloud-managed, but there is a hidden local firmware upgrade
page in the OEM web interface. The device has to be registered in the
cloud in order to be able to access this page.

The system has a dual firmware design, there is no way to tell which
firmware is currently booted. Therefore, an -initramfs version is flashed
first.

1. Log into the OEM web GUI
2. Access the hidden upgrade page by navigating to
   https://192.168.212.1/gui/#/main/debug/firmwareupgrade
3. Upload the -initramfs-kernel.bin file and flash it
4. Wait for OpenWrt to boot and log in via SSH
5. Transfer the sysupgrade file via SCP
6. Run sysupgrade to install the image
7. Reboot and enjoy

NB: If the initramfs version was installed in RAS2, the sysupgrade script
sets the boot number to the first partition. A backup has to be performed
manually in case the OEM firwmare should be kept.

Installation (UART method)
==========================

The UART method is more difficult, as the boot loader does not have a
timeout set. A semi-working stock firmware is required to configure it:

1. Attach UART
2. Boot the stock firmware until the message about failsafe mode appears
3. Enter failsafe mode by pressing "f" and "Enter"
4. Type "mount_root"
5. Run "fw_setenv bootmenu_delay 3"
6. Reboot, U-Boot now presents a menu
7. The -initramfs-kernel.bin image can be flashed using the menu
8. Run the regular sysupgrade for a permanent installation

Changing the partition to boot is a bit cumbersome in U-Boot, as there is
no menu to select it. It can only be checked using mstc_bootnum. To change
it, issue the following commands in U-Boot:

   nand read 1800000 53c0000 800
   mw.b 1800004 1 1
   nand erase 53c0000 800
   nand write 1800000 53c0000 800

This selects FW1. Replace "mw.b 1800004 1 1" by "mw.b 1800004 2 1" to
change to the second slot.

Back to stock
=============

It is possible to flash back to stock, but a OEM firmware upgrade is
required. ZyXEL does not provide the link on its website, but the link
can be acquired from the OEM web GUI by analyzing the transferred JSON
objects.

It is then a matter of writing the firmware to Kernel2 and setting the
boot partition to FW2:

   mtd write zyxel.bin Kernel2
   echo -ne "\x02" | dd of=/dev/mtdblock7 count=1 bs=1 seek=4 conv=notrunc

Signed-off-by: Andreas Böhler <dev@aboehler.at>
Credits to forum users Annick and SirLouen for their initial work on this
device

18 months agoumbim: include MBIM-provided DNS servers also with DHCP mode
Lech Perczak [Sat, 6 Nov 2021 16:56:03 +0000 (17:56 +0100)]
umbim: include MBIM-provided DNS servers also with DHCP mode

In MBIM interfaces, DNS servers may be provided out-of-band regardless
whether DHCP is used for configuration, or not. Move the DNS
configuration outside "if" blocks to support that.

Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
18 months agoumbim: extract common code from static and dhcp(v6) setup procedure
Lech Perczak [Sat, 6 Nov 2021 16:51:25 +0000 (17:51 +0100)]
umbim: extract common code from static and dhcp(v6) setup procedure

Beginnings and endings of sub-interface creation procedure were
literally duplicates - extract them outside if "if" blocks

Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
18 months agoumbim: handle MTU configuration
Lech Perczak [Sat, 6 Nov 2021 15:01:02 +0000 (16:01 +0100)]
umbim: handle MTU configuration

Allow setting interface MTU through UCI. If this is not set,
use MBIM-provided MTU, if provided through control channel.
If separate MTUs are provided for IPv4 and IPv6, apply larger of them.
This is very unlikely and possible only for IPv4v6 dual-stack configuration.

Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
18 months agoumbim: delegate RFC7278 IPv6 prefixes from OOB config
Lech Perczak [Sat, 6 Nov 2021 13:02:15 +0000 (14:02 +0100)]
umbim: delegate RFC7278 IPv6 prefixes from OOB config

Delegate prefixes received through MBIM control channel the same way, as
would be done through DHCP, according to RFC7278.

Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
18 months agoumbim: drop IP configuration parsing using 'eval'
Lech Perczak [Sat, 6 Nov 2021 12:43:12 +0000 (13:43 +0100)]
umbim: drop IP configuration parsing using 'eval'

Finally, when new helper is in use, drop old IP configuration parser.

Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
18 months agoumbim: support multiple-valued configuration fields
Lech Perczak [Sat, 6 Nov 2021 12:35:15 +0000 (13:35 +0100)]
umbim: support multiple-valued configuration fields

MBIM supports multiple values for IP address and DNS server, and such
configuration is available through output of MBIM. Use new helper
method to support adding multiple addresses and DNS servers to static
interfaces for both IPv4 and IPv6.

Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
18 months agoumbim: add "_proto_mbim_get_field" helper
Lech Perczak [Sat, 6 Nov 2021 12:21:32 +0000 (13:21 +0100)]
umbim: add "_proto_mbim_get_field" helper

Add a new helper to extract IP configuration from umbim output. This is
required to extract fields which can possibly have multiple values,
namely IP addresses and DNS servers, and get rid of primitive parser
using 'eval' builtin without support for this.

Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
18 months agoumbim: log output of 'config' step
Lech Perczak [Sat, 6 Nov 2021 02:02:08 +0000 (03:02 +0100)]
umbim: log output of 'config' step

Display full configuration obtained using MBIM control channel in the
log, from umbim output verbatim, for easier troubleshooting, and in
preparation for parser refactoring.

Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
18 months agoumbim: pass ipXtable to child interfaces
Lech Perczak [Fri, 6 Aug 2021 20:29:57 +0000 (22:29 +0200)]
umbim: pass ipXtable to child interfaces

Inspired by commti e51aa699f7ca, allow setting specific routing tables
via ip4table and ip6table options, by passing them on child interfaces
created by MBIM protocol handler.

Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
18 months agoumbim: respect 'Enable IPv6 negotiation' option
Lech Perczak [Tue, 20 Jul 2021 20:57:10 +0000 (22:57 +0200)]
umbim: respect 'Enable IPv6 negotiation' option

Don't bring IPv6 part of interface up if it's disabled,
or system does not support it.

Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
18 months agoumbim: use static config by default, fallback to DHCP
Lech Perczak [Mon, 19 Jul 2021 19:28:07 +0000 (21:28 +0200)]
umbim: use static config by default, fallback to DHCP

Finally, inspired by ModemManager's logic, make static configuration
obtained through MBIM control channel, preferred.
If IP configuration is not available this way, fallback to DHCP(v6) if
enabled, else do not create a sub-interface for unavailable IP type.

Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
18 months agoumbim: separate DHCPv6 configuration from DHCP(v4)
Lech Perczak [Mon, 9 Jan 2023 21:54:07 +0000 (22:54 +0100)]
umbim: separate DHCPv6 configuration from DHCP(v4)

Now, that sub-interface setup is split by IP type, and separate checks
are performed for DHCP selection, it is possible to control DHCP on v4
an v6 sub-interfaces instantly. Add "dhcpv6" variable, akin to QMI
option, to control behaviour of DHCPv6 separately from IPv4 option,
which is required for some mobile operators.

Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
18 months agoumbim: restructure IPv4/IPv6 handling
Lech Perczak [Mon, 19 Jul 2021 19:16:08 +0000 (21:16 +0200)]
umbim: restructure IPv4/IPv6 handling

Check whether interface is configured per IP type, not per DHCP. This is
preparation to allow fallback to DHCP if static IP configuration is not
available, which is the default option for MBIM modems

Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
18 months agoumbim: inherit firewall zone membership from parent interface
Lech Perczak [Mon, 19 Jul 2021 17:26:02 +0000 (19:26 +0200)]
umbim: inherit firewall zone membership from parent interface

Fix an issue where subinterfaces were not added to the same
firewall zone as their parent.
Inspired by 64bb88841fb.

Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
18 months agoumbim: inherit "peerdns" option from parent interface
Lech Perczak [Mon, 19 Jul 2021 17:15:53 +0000 (19:15 +0200)]
umbim: inherit "peerdns" option from parent interface

MBIM protocol handler should intherit "peerdns" options from parent
interface on sub-interfaces, otherwise upstream DNS servers are applied
regardless of configuration.

Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
18 months agoumbim: use IP configuration provided by MBIM by default
Lech Perczak [Mon, 19 Jul 2021 17:04:09 +0000 (19:04 +0200)]
umbim: use IP configuration provided by MBIM by default

Previously, DHCP was used. According to MBIM Specification v1.0 errata 1 [1],
section 10.5.20, MBIM_CID_IP_CONFIGURATION,
if MBIM information element containing IP configuration is available,
host shall use it, and fall back to in-band mechanisms to acquire it therwise -
therefore make static configuration the default.

[1] https://www.usb.org/document-library/mobile-broadband-interface-model-v10-errata-1-and-adopters-agreement

Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
18 months agoumbim: detect actual connection IP type
Lech Perczak [Mon, 21 Feb 2022 21:48:10 +0000 (22:48 +0100)]
umbim: detect actual connection IP type

Current implementation needlessly creates both IPv4 and IPv6
sub-interfaces for single-stack IP types. Limit this only to selected IP
type. While at that, ensure that IP type is also passed to umbim during
"connect" phase. In addition, detect the actual established connection
type returned by umbim and set up subinterfaces according to that,
not to requested configuration. While at that, allow empty IP type explicitly,
interpreted as "any" according to MBIM specification.

Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
18 months agoumbim: fail connect step immediately
Lech Perczak [Mon, 9 Jan 2023 21:08:07 +0000 (22:08 +0100)]
umbim: fail connect step immediately

Subsequent calls to 'umbim connect' do not have any effect if a failure
occured, and in such case an infinite loop without timeout is created,
leading to possibility of interface stuck at connecting forever.
Drop this loop, and issue MBIM disconnect properly, so netifd can
restart from scratch.
This issue can be observed with Sierra EM7455 at changing APN, which
causes network re-registration by default, and a MBIM transaction
timeout, which is resolved on next interface bringup by netifd.

Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
18 months agoumbim: connect session for only the selected PDP type
Lech Perczak [Tue, 15 Feb 2022 00:44:32 +0000 (01:44 +0100)]
umbim: connect session for only the selected PDP type

Previous implementation automatically set up connections for both IPv4
and IPv6, even if one of them isn't supported. Respect the "pdptype"
option in the same way, as it is done for QMI or NCM, and only start the
respective PDN sessions, if set.

Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
18 months agoumbim: add support for non-dhcp mode
Martin Schiller [Fri, 7 Feb 2020 11:50:22 +0000 (12:50 +0100)]
umbim: add support for non-dhcp mode

There are mbim compatible wwan modules available which do not support
the dhcp autoconfiguration. (e.g. gemalto Cinterion ELS81)

This adds the possibility to get the configuration parameters from mbim.

Signed-off-by: Martin Schiller <ms@dev.tdt.de>
Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
18 months agotools/patchelf: update to 0.18.0
Nick Hainke [Mon, 24 Apr 2023 06:21:20 +0000 (08:21 +0200)]
tools/patchelf: update to 0.18.0

Release Notes:
https://github.com/NixOS/patchelf/releases/tag/0.18.0

Signed-off-by: Nick Hainke <vincent@systemli.org>
18 months agotools/coreutils: update to 9.3
Nick Hainke [Wed, 26 Apr 2023 10:06:07 +0000 (12:06 +0200)]
tools/coreutils: update to 9.3

Update to latest bugfix release.

Remove upstreamed patches:
- 001-copy-fix-reflink-auto-to-fallback-in-more-cases.patch
- 002-date-diagnose-f-read-errors.patch

Signed-off-by: Nick Hainke <vincent@systemli.org>
18 months agokernel: mtk_bmt: refactor to avoid deep recursion
Michał Kępień [Sat, 29 Apr 2023 06:41:32 +0000 (07:41 +0100)]
kernel: mtk_bmt: refactor to avoid deep recursion

A Linksys E8450 (mt7622) device running current master has recently
started crashing:

    [    0.562900] mtk-ecc 1100e000.ecc: probed
    [    0.570254] spi-nand spi2.0: Fidelix SPI NAND was found.
    [    0.575576] spi-nand spi2.0: 128 MiB, block size: 128 KiB, page size: 2048, OOB size: 64
    [    0.583780] mtk-snand 1100d000.spi: ECC strength: 4 bits per 512 bytes
    [    0.682930] Insufficient stack space to handle exception!
    [    0.682939] ESR: 0x0000000096000047 -- DABT (current EL)
    [    0.682946] FAR: 0xffffffc008c47fe0
    [    0.682948] Task stack:     [0xffffffc008c48000..0xffffffc008c4c000]
    [    0.682951] IRQ stack:      [0xffffffc008008000..0xffffffc00800c000]
    [    0.682954] Overflow stack: [0xffffff801feb00a0..0xffffff801feb10a0]
    [    0.682959] CPU: 1 PID: 1 Comm: swapper/0 Tainted: G S                5.15.107 #0
    [    0.682966] Hardware name: Linksys E8450 (DT)
    [    0.682969] pstate: 800000c5 (Nzcv daIF -PAN -UAO -TCO -DIT -SSBS BTYPE=--)
    [    0.682975] pc : dequeue_entity+0x0/0x250
    [    0.682988] lr : dequeue_task_fair+0x98/0x290
    [    0.682992] sp : ffffffc008c48030
    [    0.682994] x29: ffffffc008c48030 x28: 0000000000000001 x27: ffffff801feb6380
    [    0.683004] x26: 0000000000000001 x25: ffffff801feb6300 x24: ffffff8000068000
    [    0.683011] x23: 0000000000000001 x22: 0000000000000009 x21: 0000000000000000
    [    0.683017] x20: ffffff801feb6380 x19: ffffff8000068080 x18: 0000000017a740a6
    [    0.683024] x17: ffffffc008bae748 x16: ffffffc008bae6d8 x15: ffffffffffffffff
    [    0.683031] x14: ffffffffffffffff x13: 0000000000000000 x12: 0000000f00000101
    [    0.683038] x11: 0000000000000449 x10: 0000000000000127 x9 : 0000000000000000
    [    0.683044] x8 : 0000000000000125 x7 : 0000000000116da1 x6 : 0000000000116da1
    [    0.683051] x5 : 00000000001165a1 x4 : ffffff801feb6e00 x3 : 0000000000000000
    [    0.683058] x2 : 0000000000000009 x1 : ffffff8000068080 x0 : ffffff801feb6380
    [    0.683066] Kernel panic - not syncing: kernel stack overflow
    [    0.683069] SMP: stopping secondary CPUs
    [    1.648361] SMP: failed to stop secondary CPUs 0-1
    [    1.648366] Kernel Offset: disabled
    [    1.648368] CPU features: 0x00003000,00000802
    [    1.648372] Memory Limit: none

Several factors contributed to this issue:

 1. The mtk_bmt driver recursively calls its scan_bmt() helper function
    during device initialization, while looking for a valid block
    mapping table (BMT).

 2. Commit fa4dc86e98 ("kernel: backport MEMREAD ioctl"):

      - increased the size of some stack-allocated structures (like
struct mtd_oob_ops, used in bbt_nand_read(), which is indirectly
called from scan_bmt()),

      - increased the stack size for some functions (for example,
spinand_mtd_read(), which is indirectly called from scan_bmt(),
now uses an extra stack-allocated struct mtd_ecc_stats).

 3. OpenWrt currently compiles the kernel with the
    -fno-optimize-sibling-calls flag, which prevents tail-call
    optimization.

Collectively, all of these factors caused stack usage in the mtk_bmt
driver to grow excessively large, triggering stack overflows.

Recursion is not really necessary in scan_bmt() as it simply iterates
over flash memory blocks in reverse order, looking for a valid BMT.
Refactor the logic contained in the scan_bmt() and read_bmt() functions
in target/linux/generic/files/drivers/mtd/nand/mtk_bmt_v2.c so that deep
recursion is prevented (and therefore also any potential stack overflows
it may cause).

Link: https://lists.openwrt.org/pipermail/openwrt-devel/2023-April/040872.html
Signed-off-by: Michał Kępień <openwrt@kempniu.pl>
18 months agokernel: Activate CONFIG_SCHED_STACK_END_CHECK
Hauke Mehrtens [Sat, 22 Apr 2023 17:36:22 +0000 (19:36 +0200)]
kernel: Activate CONFIG_SCHED_STACK_END_CHECK

This activates the CONFIG_SCHED_STACK_END_CHECK option.

The kernel will check if the kernel stack overflowed in the schedule()
function. This just adds a very small computational overhead.

This option is activated in Debian by default.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
18 months agokernel: Activate CONFIG_SLAB_FREELIST_HARDENED
Hauke Mehrtens [Sat, 22 Apr 2023 13:07:36 +0000 (15:07 +0200)]
kernel: Activate CONFIG_SLAB_FREELIST_HARDENED

This activates some extra checks in SLAB or SLUB to make it harder to
execute kernel heap exploits. This adds a minor performance
degradation which I haven't measured-.

Many mainstream Linux distributions also activate this option.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
18 months agokernel: Initialize RNG using CPU RNG and bootloader
Hauke Mehrtens [Sat, 22 Apr 2023 13:28:01 +0000 (15:28 +0200)]
kernel: Initialize RNG using CPU RNG and bootloader

This activates the following kernel options by default:
* CONFIG_RANDOM_TRUST_CPU
* CONFIG_RANDOM_TRUST_BOOTLOADER

With these option Linux will also use data from the CPU RNG e.g. RDRAND
and the bootloader to initialize the Linux RNG if such sources are
available.
These random bits are used in addition to the other sources, no other
sources are getting deactivated. I read that the Chacha mixer isn't
vulnerable to injected entropy, so this should not be a problem even if
these sources might inject bad random data.

The Linux kernel suggests to activate both options, Debian also
activates them. This does not increase kernel code size.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
18 months agoopenssl: fix low-severity CVE-2023-1255
Eneas U de Queiroz [Wed, 26 Apr 2023 11:35:23 +0000 (08:35 -0300)]
openssl: fix low-severity CVE-2023-1255

This applies commit 02ac9c94 to fix this OpenSSL Security Advisory
issued on 20th April 2023[1]:

Input buffer over-read in AES-XTS implementation on 64 bit ARM
(CVE-2023-1255)
==============================================================

Severity: Low

Issue summary: The AES-XTS cipher decryption implementation for 64 bit
ARM platform contains a bug that could cause it to read past the input
buffer, leading to a crash.

Impact summary: Applications that use the AES-XTS algorithm on the 64
bit ARM platform can crash in rare circumstances. The AES-XTS algorithm
is usually used for disk encryption.

The AES-XTS cipher decryption implementation for 64 bit ARM platform
will read past the end of the ciphertext buffer if the ciphertext size
is 4 mod 5 in 16 byte blocks, e.g. 144 bytes or 1024 bytes. If the
memory after the ciphertext buffer is unmapped, this will trigger a
crash which results in a denial of service.

If an attacker can control the size and location of the ciphertext
buffer being decrypted by an application using AES-XTS on 64 bit ARM,
the application is affected. This is fairly unlikely making this issue a
Low severity one.

1. https://www.openssl.org/news/secadv/20230420.txt

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
18 months agokernel: crypto: crypto-rng: select SHA512 for >= 5.14.0
Glen Huang [Wed, 26 Apr 2023 14:38:24 +0000 (22:38 +0800)]
kernel: crypto: crypto-rng: select SHA512 for >= 5.14.0

drbg swtiched to use HMAC(SHA-512) since 5.14.0
https://github.com/torvalds/linux/commit/5261cdf457ce3635bf18d393a3c1991dcfaf9d02

Signed-off-by: Glen Huang <me@glenhuang.com>
18 months agomediatek: remove mt753x driver
Felix Fietkau [Sat, 29 Apr 2023 08:25:18 +0000 (10:25 +0200)]
mediatek: remove mt753x driver

It is unused

Signed-off-by: Felix Fietkau <nbd@nbd.name>
18 months agoramips: reduce Archer AX23 / MR70X SPI-frequency
David Bauer [Thu, 27 Apr 2023 20:24:15 +0000 (22:24 +0200)]
ramips: reduce Archer AX23 / MR70X SPI-frequency

It was brought to attention the Archer AX23 v1 fails to read jffs2 data
from time to time. While this is not reproducible on my unit, it is on
others.

Reducing the SPI frequency does the trick. While it worked with at lest
40 MHz, opt for the cautious side and choose a save frequency of 25 MHz.

Apply the same treatment to the Mercusys MR70X which uses a similar
design just in case.

Signed-off-by: David Bauer <mail@david-bauer.net>
19 months agobroadcom-sprom: update to latest version
Álvaro Fernández Rojas [Thu, 27 Apr 2023 15:46:12 +0000 (17:46 +0200)]
broadcom-sprom: update to latest version

Replaces SPROMs with the ones from bmips fixups to prevent errors such as:
https://github.com/openwrt/openwrt/pull/11474#issuecomment-1524235591

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
19 months agogeneric: Convert incorrect generic/5.15 patches again
Olliver Schinagl [Thu, 13 Apr 2023 09:38:54 +0000 (11:38 +0200)]
generic: Convert incorrect generic/5.15 patches again

OpenWrt's developer guide prefers having actual patches so they an be
sent upstream more easily.

However, in the case of hack-5.15 patches which are not meant for
upstream, adding proper fields allows for `git am` to properly function.

This commit tries to rectify that, by digging in the history to find
where and how it was first added.

Signed-off-by: Olliver Schinagl <oliver@schinagl.nl>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
19 months agobmips: fix external interrupt controller
Álvaro Fernández Rojas [Thu, 27 Apr 2023 11:49:10 +0000 (13:49 +0200)]
bmips: fix external interrupt controller

- irq_domain_add_simple() can't be used on bmips since interrupts aren't
hardcoded with specific offsets for internal and external as opposed to
bcm63xx. This is needed to avoid collisions with other interrupts.
- remove unused bcm63xx-specific code.

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
19 months agobmips: document GPIO external interrupts
Álvaro Fernández Rojas [Thu, 27 Apr 2023 11:47:24 +0000 (13:47 +0200)]
bmips: document GPIO external interrupts

BCM63xx SoCs have an external interrupt controller which can be used for
specific GPIO keys.

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
19 months agobmips: increment polled keys interval to 100
Álvaro Fernández Rojas [Tue, 25 Apr 2023 19:17:52 +0000 (21:17 +0200)]
bmips: increment polled keys interval to 100

There's no need to poll the gpio keys every 20 ms and the linux kernel
documentation suggests 100 ms.

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
19 months agoci: add Coverity Scan scheduled workflow
Petr Štetiar [Mon, 30 Jan 2023 07:33:16 +0000 (08:33 +0100)]
ci: add Coverity Scan scheduled workflow

Coverity Scan is a static code analysis service focused on open source
software quality and security, so lets scan various OpenWrt components
every Friday for the start.

Signed-off-by: Petr Štetiar <ynezz@true.cz>
19 months agobusybox: turn on BUSYBOX_DEFAULT_ASH_RANDOM_SUPPORT for having $RANDOM
Ilario Gelmetti [Sun, 23 Apr 2023 14:23:45 +0000 (16:23 +0200)]
busybox: turn on BUSYBOX_DEFAULT_ASH_RANDOM_SUPPORT for having $RANDOM

$RANDOM shell variable is a convenient way for getting a random number from 0 to 32767

Signed-off-by: Ilario Gelmetti <iochesonome@gmail.com>
19 months agobusybox: Activate resize tool by default
Hauke Mehrtens [Sun, 23 Apr 2023 10:24:22 +0000 (12:24 +0200)]
busybox: Activate resize tool by default

The resize tool will resize the prompt to match the current terminal
size. This is helpful when connecting to the system using UART to make
the vi or top output match the current terminal size.

This increases the busybox binary size by 136 bytes and the ipkg size by
335 bytes on aarch64.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
19 months agokernel: ssb: fallback-sprom: check bustype
Álvaro Fernández Rojas [Mon, 24 Apr 2023 18:39:55 +0000 (20:39 +0200)]
kernel: ssb: fallback-sprom: check bustype

host_pci is only defined when bustype is SSB_BUSTYPE_PCI.

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
19 months agokernel: bcma: fallback-sprom: check hosttype
Álvaro Fernández Rojas [Mon, 24 Apr 2023 18:38:36 +0000 (20:38 +0200)]
kernel: bcma: fallback-sprom: check hosttype

host_pci is only defined when hosttype is BCMA_HOSTTYPE_PCI.

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
19 months agokernel: bcma: fallback-sprom: align extraction with upstream
Álvaro Fernández Rojas [Mon, 24 Apr 2023 18:31:48 +0000 (20:31 +0200)]
kernel: bcma: fallback-sprom: align extraction with upstream

The current bcma SPROM extraction from upstream only supports SPROMs with
revisions from 8 to 11.
Let's align the downstream fallback driver with upstream.

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
19 months agokernel: ssb: fallback-sprom: drop mac leftovers
Álvaro Fernández Rojas [Mon, 24 Apr 2023 18:13:13 +0000 (20:13 +0200)]
kernel: ssb: fallback-sprom: drop mac leftovers

This was left behind when removing the MAC extractions from PCI SPROMs.

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
19 months agokernel: ssb: fallback-sprom: optimize struct data
Álvaro Fernández Rojas [Mon, 24 Apr 2023 18:10:48 +0000 (20:10 +0200)]
kernel: ssb: fallback-sprom: optimize struct data

- Remove unneeded mac bytes from struct (it's already present in the SPROM).
- Convert devid_override to boolean.

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
19 months agokernel: bcma: fallback-sprom: optimize struct data
Álvaro Fernández Rojas [Mon, 24 Apr 2023 18:06:49 +0000 (20:06 +0200)]
kernel: bcma: fallback-sprom: optimize struct data

- Remove unneeded mac bytes from struct (it's already present in the SPROM).
- Convert devid_override to boolean.

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
19 months agoipq40xx: convert GL-AP1300 to DSA
Nick Hainke [Sat, 16 Jul 2022 08:33:24 +0000 (10:33 +0200)]
ipq40xx: convert GL-AP1300 to DSA

Convert GL-AP1300 to DSA and enable it.

While working on it rename the GL-AP1300 leds from green to white.

Tested-by: Rob White <rob@blue-wave.net>
Tested-by: Robert Sommer <frauhottelmann@gmail.com>
Signed-off-by: Nick Hainke <vincent@systemli.org>
19 months agoath79: create APBoot-compatible image for Aruba AP-175
Martin Kennedy [Thu, 20 Apr 2023 21:58:21 +0000 (17:58 -0400)]
ath79: create APBoot-compatible image for Aruba AP-175

As was done in commit e11d00d44c66 ("ath79: create Aruba AP-105 APBoot
compatible image"), alter the Aruba AP-175 image generation process so
OpenWrt can be loaded with the vendor Aruba APBoot. Since the
remainder of the explanation and installation process is identical,
continuing the quote from that commit:

This works by prepending the OpenWrt LZMA loader to the uImage and
jumping directly to the loader. Aruba does not offer bootm on these
boards.

This approach keeps compatibility to devices which had their U-Boot
replaced. Both bootloaders can boot the same image.

With this patch, new installations do not require replacing the
bootloader and can be performed from the serial console without
opening the case.

Installation
------------

1. Attach to the serial console of the AP-175.
   Interrupt autoboot and change the U-Boot env.

   $ setenv apb_rb_openwrt "setenv ipaddr 192.168.1.1;
     setenv serverip 192.168.1.66;
     netget 0x84000000 ap175.bin; go 0x84000040"
   $ setenv apb_fb_openwrt "cp.b 0xbf040000 0x84000000 0x10000;
     go 0x84000040"
   $ setenv bootcmd "run apb_fb_openwrt"
   $ saveenv

2. Load the OpenWrt initramfs image on the device using TFTP.
   Place the initramfs image as "ap175.bin" in the TFTP server
   root directory, connect it to the AP and make the server reachable
   at 192.168.1.66/24.

   $ run apb_rb_openwrt

3. Once OpenWrt booted, transfer the sysupgrade image to the device
   using scp and use sysupgrade to install the firmware.

Signed-off-by: Martin Kennedy <hurricos@gmail.com>
19 months agokernel: net: phy: realtek: fix NULL pointer dereference
Daniel Golle [Sun, 23 Apr 2023 17:46:02 +0000 (18:46 +0100)]
kernel: net: phy: realtek: fix NULL pointer dereference

The previous attempt to replace an open coded paged read in the RealTek
Ethernet PHY driver was too naive and resulted in breaking the r8169
PCIe Ethernet driver which also makes use of the RealTek Ethernet PHY
driver.
Fix this by instead of using the (not yet populated) paged operations
rather use rtl821x_write_page and protect the whole paged read operation
using the MDIO bus mutex.

Fixes: 998b973157 ("kernel: net: phy: realtek: improve RealTek 2.5G PHY driver")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
19 months agoramips: fix green LED for D-Link DAP-X1860
Sebastian Schaper [Sun, 23 Apr 2023 13:40:34 +0000 (15:40 +0200)]
ramips: fix green LED for D-Link DAP-X1860

It was found this device uses a single tri-color power/status LED
rather than individual red/orange LEDs, which also supports green.

Add GPIO for green color and use with `boot` and `running` aliases.

Signed-off-by: Sebastian Schaper <openwrt@sebastianschaper.net>
Reviewed-by: Philip Prindeville <philipp@redfish-solutions.com>
Signed-off-by: David Bauer <mail@david-bauer.net>
19 months agoramips: Cudy X6 fixes / improvements
Felix Baumann [Fri, 21 Apr 2023 01:07:58 +0000 (03:07 +0200)]
ramips: Cudy X6 fixes / improvements

- Correct WiFi MACs, they didn't match oem firmware
- Move nvmem-cells to bdinfo partition and remove &bdinfo reference
- Add OEM device model name R13 to SUPPORTED_DEVICES
  This allows sysupgrading from Cudy's OpenWrt fork without force
- Label red_led and use it during failsafe mode and upgrades

MAC addresses as verified by OEM firmware:

use   address             source
LAN   b4:4b:d6:2d:c8:4a   label
WAN   b4:4b:d6:2d:c8:4b   label + 1
2g    b4:4b:d6:2d:c8:4a   label
5g    b6:4b:d6:3d:c8:4a   label + LA-Bit set + 4th oktet increased

The label MAC address is found in bdinfo 0xde00.

Signed-off-by: Felix Baumann <felix.bau@gmx.de>
[read wifi mac from flash offset]
Signed-off-by: David Bauer <mail@david-bauer.net>
19 months agoath79: add support for Alcatel HH40V
Andreas Böhler [Sat, 1 Apr 2023 19:57:22 +0000 (21:57 +0200)]
ath79: add support for Alcatel HH40V

The Alcatel HH40V is a CAT4 LTE router used by various ISPs.

Specifications
==============

SoC: QCA9531 650MHz
RAM: 128MiB
Flash: 32MiB SPI NOR
LAN: 1x 10/100MBit
WAN: 1x 10/100MBit
LTE: MDM9607 USB 2.0 (rndis configuration)
WiFi: 802.11n (SoC integrated)

MAC address assignment
======================

There are three MAC addresses stored in the flash ROM, the assignment
follows stock. The MAC on the label is the WiFi MAC address.

Installation (TFTP)
===================

1. Connect serial console
2. Configure static IP to 192.168.1.112
3. Put OpenWrt factory.bin file as firmware-system.bin
4. Press Power + WPS and plug in power
5. Keep buttons pressed until TFTP requests are visible
6. Wait for the system to finish flashing and wait for reboot
7. Bootup will fail as the kernel offset is wrong
8. Run "setenv bootcmd bootm 0x9f150000"
9. Reset board and enjoy OpenWrt

Installation (without UART)
===========================

Installation without UART is a bit tricky and requires several steps too
long for the commit message. Basic steps:

1. Create configure backup
2. Patch backup file to enable SSH
3. Login via SSH and configure the new bootcmd
3. Flash OpenWrt factory.bin image manually (sysupgrade doesn't work)

More detailed instructions will be provided on the Wiki page.

Tested by: Christian Heuff <christian@heuff.at>
Signed-off-by: Andreas Böhler <dev@aboehler.at>
19 months agoath79: use gpios for switch management in WZR-HP-G300NH variants
Tony Ambardar [Mon, 16 Jan 2023 11:18:00 +0000 (03:18 -0800)]
ath79: use gpios for switch management in WZR-HP-G300NH variants

The RTL8366S/RB switch node in DTS defines "mii-bus = <&mdio0>" to permit
management via SMI but this has likely never worked, instead falling back
to using GPIOs in the past:

     rtl8366s switch: cannot find mdio bus from bus handle (yet)
     rtl8366s switch: using GPIO pins 19 (SDA) and 20 (SCK)
     rtl8366s switch: RTL8366 ver. 1 chip found

Recently, the rtl8366s and rtl8366_smi drivers were changed from built-in
to loadable modules. This affected driver probing order and caused switch
initialization (and network access) to fail:

     rtl8366s switch: using MDIO bus 'ag71xx_mdio'
     rtl8366s switch: unknown chip id (ffff)
     rtl8366s switch: chip detection failed, err=-19

Force using GPIOs to manage the switch by dropping the "mii-bus" DTS
definition, which works for both built-in and loadable switch drivers.

Fixes: 6e0f0eae5b ("ath79: use rtl8366s and rtl8366_smi as a module")
Fixes: 575ec7a4b1 ("ath79: use rtl8366rb as a module")
Tested-by: Tony Ambardar <itugrok@yahoo.com> # WZR-HP-G300NH (RTL8366S)
Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
19 months agoath79: fix switch support for WZR-HP-G300NH devices
Tony Ambardar [Fri, 13 Jan 2023 11:17:54 +0000 (03:17 -0800)]
ath79: fix switch support for WZR-HP-G300NH devices

Switch drivers for RTL8366S/RB were packaged as modules but not properly
added to device definitions for WZR-HP-G300NH router variants, breaking
network access to both after installation or upgrade.

Assign the correct switch driver package for each router.

Fixes: 6e0f0eae5b ("ath79: use rtl8366s and rtl8366_smi as a module")
Fixes: 575ec7a4b1 ("ath79: use rtl8366rb as a module")
Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
19 months agohostapd: update to 2023-03-29
Nick Hainke [Mon, 13 Mar 2023 18:35:49 +0000 (19:35 +0100)]
hostapd: update to 2023-03-29

Add patches:
- 170-wpa_supplicant-fix-compiling-without-IEEE8021X_EAPOL.patch

Remove upstreamed:
- 170-DPP-fix-memleak-of-intro.peer_key.patch
- 461-driver_nl80211-use-new-parameters-during-ibss-join.patch
- 800-acs-don-t-select-indoor-channel-on-outdoor-operation.patch
- 992-openssl-include-rsa.patch

Automatically refreshed:
- 011-mesh-use-deterministic-channel-on-channel-switch.patch
- 021-fix-sta-add-after-previous-connection.patch
- 022-hostapd-fix-use-of-uninitialized-stack-variables.patch
- 030-driver_nl80211-rewrite-neigh-code-to-not-depend-on-l.patch
- 040-mesh-allow-processing-authentication-frames-in-block.patch
- 050-build_fix.patch
- 110-mbedtls-TLS-crypto-option-initial-port.patch
- 120-mbedtls-fips186_2_prf.patch
- 140-tests-Makefile-make-run-tests-with-CONFIG_TLS.patch
- 150-add-NULL-checks-encountered-during-tests-hwsim.patch
- 160-dpp_pkex-EC-point-mul-w-value-prime.patch
- 200-multicall.patch
- 300-noscan.patch
- 310-rescan_immediately.patch
- 330-nl80211_fix_set_freq.patch
- 341-mesh-ctrl-iface-channel-switch.patch
- 360-ctrl_iface_reload.patch
- 381-hostapd_cli_UNKNOWN-COMMAND.patch
- 390-wpa_ie_cap_workaround.patch
- 410-limit_debug_messages.patch
- 420-indicate-features.patch
- 430-hostapd_cli_ifdef.patch
- 450-scan_wait.patch
- 460-wpa_supplicant-add-new-config-params-to-be-used-with.patch
- 463-add-mcast_rate-to-11s.patch
- 465-hostapd-config-support-random-BSS-color.patch
- 500-lto-jobserver-support.patch
- 590-rrm-wnm-statistics.patch
- 710-vlan_no_bridge.patch
- 720-iface_max_num_sta.patch
- 730-ft_iface.patch
- 750-qos_map_set_without_interworking.patch
- 751-qos_map_ignore_when_unsupported.patch
- 760-dynamic_own_ip.patch
- 761-shared_das_port.patch
- 990-ctrl-make-WNM_AP-functions-dependant-on-CONFIG_AP.patch

Manually refresh:
- 010-mesh-Allow-DFS-channels-to-be-selected-if-dfs-is-ena.patch
- 301-mesh-noscan.patch
- 340-reload_freq_change.patch
- 350-nl80211_del_beacon_bss.patch
- 370-ap_sta_support.patch
- 380-disable_ctrl_iface_mib.patch
- 464-fix-mesh-obss-check.patch
- 470-survey_data_fallback.patch
- 600-ubus_support.patch
- 700-wifi-reload.patch
- 711-wds_bridge_force.patch
- 740-snoop_iface.patch

Tested-by: Packet Please <pktpls@systemli.org> [Fritzbox 4040 (ipq40xx),
           EAP225-Outdoor (ath79); 802.11s, WPA3 OWE, and WPA3 PSK]
Tested-by: Andrew Sim <andrewsimz@gmail.com> [mediatek/filogic]
Signed-off-by: Nick Hainke <vincent@systemli.org>
19 months agoramips: fix lzma-loader for buffalo_WSR_600DHP
Haoan Li [Wed, 5 Apr 2023 18:42:15 +0000 (02:42 +0800)]
ramips: fix lzma-loader for buffalo_WSR_600DHP

This fixes a well known "LZMA ERROR 1" error, reported previously on
numerous of similar devices.

Fixes: #11919
Signed-off-by: Haoan Li <lihaoan1001@163.com>
19 months agobmips: shg2500: add BCM4360 fallback SPROM
Álvaro Fernández Rojas [Sun, 23 Apr 2023 09:44:34 +0000 (11:44 +0200)]
bmips: shg2500: add BCM4360 fallback SPROM

Apart from the embedded BCM63268 wireless, this device has an external BCM4360
connected by PCIe which needs a fallback SPROM.
b43 isn't enabled for this device because BCM4360 isn't supported (AC PHY).

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
19 months agobmips: dgnd3700v2: add b43 wireless driver
Álvaro Fernández Rojas [Sun, 23 Apr 2023 09:40:39 +0000 (11:40 +0200)]
bmips: dgnd3700v2: add b43 wireless driver

Apart from the embedded BCM6362 wireless, Netgear DGND3700v2 has external
BCM43228 wireless connected by PCIe.
Fallback SPROM isn't needed for this one because it has a physical SPROM.

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
19 months agobmips: leds-sercomm-msp430: improve driver
Álvaro Fernández Rojas [Thu, 20 Apr 2023 09:09:38 +0000 (11:09 +0200)]
bmips: leds-sercomm-msp430: improve driver

- Add missing module functions.
- Fix infinite pattern trigger by converting negative values to 0.

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
19 months agobmips: enet: add missing module functions
Álvaro Fernández Rojas [Thu, 20 Apr 2023 08:59:08 +0000 (10:59 +0200)]
bmips: enet: add missing module functions

- Add missing MODULE_DEVICE_TABLE().
- Switch bcm6348-iudma to module_platform_driver().
- Add missing MODULE_AUTHOR, MODULE_DESCRIPTION, MODULE_LICENSE and
MODULE_ALIAS.

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
19 months agobmips: pci: use standard module functions
Álvaro Fernández Rojas [Thu, 20 Apr 2023 08:51:45 +0000 (10:51 +0200)]
bmips: pci: use standard module functions

late_initcall_sync() is no longer needed so standard module functions can be
used on all bmips PCI/PCIe drivers.

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
19 months agomac80211: b43: only enable bcma or ssb on bmips
Álvaro Fernández Rojas [Thu, 20 Apr 2023 08:28:04 +0000 (10:28 +0200)]
mac80211: b43: only enable bcma or ssb on bmips

By default both kmod-bcma and kmod-ssb are selected by kmod-b43.
However, only one of both modules is needed for bmips subtargets:
- bcma: bcm6318, bcm6328, bcm6362, bcm63268
- ssb: bcm6358, bcm6368

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
19 months agobmips: drop custom b43-sprom fixups
Álvaro Fernández Rojas [Thu, 20 Apr 2023 08:07:26 +0000 (10:07 +0200)]
bmips: drop custom b43-sprom fixups

b43-sprom fixups and no longer used and can be removed from bmips targets.

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
19 months agobmips: switch to generic bcma/ssb fallback SPROM
Álvaro Fernández Rojas [Thu, 20 Apr 2023 08:05:52 +0000 (10:05 +0200)]
bmips: switch to generic bcma/ssb fallback SPROM

Stop using bmips b43-sprom fixups and switch to generic bcma/ssb fallback
SPROMs. This way we don't need to include the b43-sprom fixups on devices
without Broadcom wireless.

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
19 months agokernel: add bcma/ssb fallback SPROM support
Álvaro Fernández Rojas [Thu, 20 Apr 2023 07:58:03 +0000 (09:58 +0200)]
kernel: add bcma/ssb fallback SPROM support

This adds generic kernel support for Broadcom Fallback SPROMs so that it can be
used in any target, even non Broadcom ones.

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
19 months agobroadcom-sprom: add new package
Álvaro Fernández Rojas [Thu, 20 Apr 2023 07:54:55 +0000 (09:54 +0200)]
broadcom-sprom: add new package

This adds a new package with Broadcom SPROMs that can be used as fallback when
the devices lack physical SPROMs.

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
19 months agogeneric: 5.15: replace ramips AR8033 fiber patch with 5.18 patches
Daniel Kestrel [Fri, 17 Mar 2023 07:22:06 +0000 (08:22 +0100)]
generic: 5.15: replace ramips AR8033 fiber patch with 5.18 patches

A patch was added in kernel 5.4 to support the fiber operation of
AR8033 with ramips devices. In kernel 5.18 similar enhancements
were added to the kernel. Those patches are required for other
fiber based devices but when added, build fails for ramips targets.
This commit removes the ramips patch and adds the kernel 5.18 ones.

Signed-off-by: Daniel Kestrel <kestrel1974@t-online.de>
[ split commit,refresh patch and improve commit message ]
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
19 months agogeneric: 5.10: replace ramips AR8033 fiber patch with 5.18 patches
Daniel Kestrel [Fri, 17 Mar 2023 07:22:06 +0000 (08:22 +0100)]
generic: 5.10: replace ramips AR8033 fiber patch with 5.18 patches

A patch was added in kernel 5.4 to support the fiber operation of
AR8033 with ramips devices. In kernel 5.18 similar enhancements
were added to the kernel. Those patches are required for other
fiber based devices but when added, build fails for ramips targets.
This commit removes the ramips patch and adds the kernel 5.18 ones.

Signed-off-by: Daniel Kestrel <kestrel1974@t-online.de>
[ split commit, refresh patch and improve commit title ]
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
19 months agogeneric: 5.10: replace pending 730-net-phy-at803x-fix... with upstream
Christian Marangi [Fri, 21 Apr 2023 23:59:38 +0000 (01:59 +0200)]
generic: 5.10: replace pending 730-net-phy-at803x-fix... with upstream

Replace pending 730-net-phy-at803x-fix-feature-detection.patch with
upstream version and move it to backport.

Refresh other related patch while moving it.

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
19 months agoCI: check-kernel-patches: upload proposed refreshed patches
Christian Marangi [Sat, 22 Apr 2023 00:27:08 +0000 (02:27 +0200)]
CI: check-kernel-patches: upload proposed refreshed patches

Upload proposed refreshed patches if the check fails.
This should help devs refresh the patches if they don't have access to a
buildroot.

Devs should ALWAYS refresh the patches before submitting and merging
commits.

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
19 months agokernel: refresh 729-net-phy-realtek-introduce-rtl822x_probe.patch
Daniel Golle [Sat, 22 Apr 2023 11:24:40 +0000 (12:24 +0100)]
kernel: refresh 729-net-phy-realtek-introduce-rtl822x_probe.patch

The patch needs to be refreshed to apply cleanly.

Fixes: 998b973157 ("kernel: net: phy: realtek: improve RealTek 2.5G PHY driver")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
19 months agomediatek: add support for TP-Link TL-XDR4288/608x
Chukun Pan [Fri, 10 Feb 2023 15:08:25 +0000 (23:08 +0800)]
mediatek: add support for TP-Link TL-XDR4288/608x

Hardware specification:
  SoC: MediaTek MT7986A 4x A53
  Flash: ESMT F50L1G41LB 128MB
  RAM: ESMT M15T4G16256A 512MB
  Ethernet (Max Speed):
    XDR4288: 1x 2.5G Wan, 1x 2.5G Lan, 4x 1G Lan
    XDR6086: 1x 2.5G Wan, 1x 2.5G Lan, 1x 1G Lan
    XDR6088: 1x 2.5G Wan, 1x 2.5G Lan, 4x 1G Lan
  WiFi:
    XDR4288: MT7976DAN (2.4G 2T2R, 5G 3T3R)
    XDR6086/XDR6088:
      WiFi1: MT7976GN 2.4GHz 4T4R
      WiFi2: MT7976AN 5GHz 4T4R
  Button: Reset, WPS, Turbo
  USB: 1 x USB 3.0
  Power: DC 12V 4A

Flash instructions:
  1. Execute the following operation to open nc shell:
     https://openwrt.org/inbox/toh/tp-link/xdr-6086#rooting
  2. Replace the stock bootloader to OpenWrt's:
     dd bs=131072 conv=sync of=/dev/mtdblock9 if=/tmp/xxx-preloader.bin
     dd bs=131072 conv=sync of=/dev/mtdblock9 seek=28 if=/tmp/xxx-bl31-uboot.fip
  3. Connect to your PC via the Gigabit port of the router,
     set a static ip on the ethernet interface of your PC.
     (ip 192.168.1.254, gateway 192.168.1.1)
  4. Download the initramfs image, and restart the router,
     waiting for tftp recovery to complete.
  5. After openwrt boots up, perform sysupgrade.

Signed-off-by: Chukun Pan <amadeus@jmu.edu.cn>
[Add uboot build, fit and sysupgrade support, fix RealTek PHYs]
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
19 months agouboot-mediatek: add TP-Link TL-XDR4288 and TL-XDR608x
Daniel Golle [Fri, 2 Dec 2022 04:29:58 +0000 (04:29 +0000)]
uboot-mediatek: add TP-Link TL-XDR4288 and TL-XDR608x

TP-Link TL-XDR608x comes with locked vendor loader. Add U-Boot build
for replacement loader for both TL-XDR6086 and TL-XDR6088. The only
difference at U-Boot level is the different filename requested via
TFTP, matching the corresponding OpenWrt build artifacts for each
device.

The TP-Link TL-XDR4288 has the same hardware as the TP-Link TL-XDR6088
except for the wireless part. Also create a uboot for the TP-Link
TL-XDR4288.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
[rebase to uboot 23.04, correct led and button]
Signed-off-by: Chukun Pan <amadeus@jmu.edu.cn>
19 months agokernel: net: phy: realtek: improve RealTek 2.5G PHY driver
Daniel Golle [Sat, 22 Apr 2023 00:52:04 +0000 (01:52 +0100)]
kernel: net: phy: realtek: improve RealTek 2.5G PHY driver

 * use interface mode switching only when operating in C45 mode
   Linux prevents switching the interface mode when using C22 MDIO,
   hence use rate-adapter mode in case the PHY controlled via C22.

 * use phy_read_paged where appropriate

 * use existing generic inline functions to handle 10GbE advertisements
   instead of redundantly defining register macros in realtek.c which
   are not actually vendor-specific.

 * make sure 10GbE advertisement is valid, preventing false-positive
   warning "Downshift occurred from negotiated speed 2.5Gbps to actual
   speed 1Gbps, check cabling!" with some link-partners using 1G mode.

 * Support Link Down Power Saving Mode (ALDPS)

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
19 months agolibpcap: update to 1.10.4
Nick Hainke [Fri, 14 Apr 2023 13:17:28 +0000 (15:17 +0200)]
libpcap: update to 1.10.4

Changes:
https://git.tcpdump.org/libpcap/blob/104271ba4a14de6743e43bcf87536786d8fddea4:/CHANGES

Signed-off-by: Nick Hainke <vincent@systemli.org>
19 months agotools/isl: update to 0.26
Nick Hainke [Fri, 14 Apr 2023 11:22:36 +0000 (13:22 +0200)]
tools/isl: update to 0.26

Changelog:
https://repo.or.cz/isl.git/blob/e58af07f91c94db81627fb801fa6f52c3a7201a8:/ChangeLog

Signed-off-by: Nick Hainke <vincent@systemli.org>
19 months agotools/libressl: update to 3.7.2
Nick Hainke [Sat, 15 Apr 2023 06:44:42 +0000 (08:44 +0200)]
tools/libressl: update to 3.7.2

Release Notes:
https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.7.2-relnotes.txt

Signed-off-by: Nick Hainke <vincent@systemli.org>
19 months agokernel: bump 5.10 to 5.10.178
John Audia [Thu, 20 Apr 2023 12:53:55 +0000 (08:53 -0400)]
kernel: bump 5.10 to 5.10.178

Removed upstreamed:
backport-5.10/430-v6.3-ubi-Fix-failure-attaching-when-vid_hdr-offset-equals.patch[1]

1. https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.10.178&id=0279e82e148407feec88466990de14bcba9e12c0

All other patches automatically rebased.

Signed-off-by: John Audia <therealgraysky@proton.me>
19 months agokernel: bump 5.15 to 5.15.108
John Audia [Thu, 20 Apr 2023 12:53:12 +0000 (08:53 -0400)]
kernel: bump 5.15 to 5.15.108

Removed upstreamed:
backport-5.15/430-v6.3-ubi-Fix-failure-attaching-when-vid_hdr-offset-equals.patch[1]
backport-5.15/612-v6.3-skbuff-Fix-a-race-between-coalescing-and-releasing-S.patch[2]

All other patches automatically rebased.

1. https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.15.108&id=85d7a7044b759d865d10395a357632af00de5867
2. https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.15.108&id=906a6689bb0191ad2a44131a3377006aa098af59

Build system: x86_64
Build-tested: bcm2711/RPi4B, ramips/tplink_archer-a6-v3, filogic/xiaomi_redmi-router-ax6000-ubootmod
Run-tested: bcm2711/RPi4B, ramips/tplink_archer-a6-v3, filogic/xiaomi_redmi-router-ax6000-ubootmod

Signed-off-by: John Audia <therealgraysky@proton.me>
19 months agogeneric: update nvmem cell mac-address-ascii support
Chukun Pan [Thu, 6 Apr 2023 12:21:03 +0000 (20:21 +0800)]
generic: update nvmem cell mac-address-ascii support

Instead of use mac-address-ascii in nvmem_get_mac_address
function, move it into of_get_mac_addr_nvmem function to
support more devices.

Signed-off-by: Chukun Pan <amadeus@jmu.edu.cn>
19 months agoramips: MSG1500 X.00: switch to mac-address-ascii dts
Chukun Pan [Wed, 19 Oct 2022 15:16:30 +0000 (23:16 +0800)]
ramips: MSG1500 X.00: switch to mac-address-ascii dts

The Config partition of some machines is special, and the openwrt script
cannot read the protest_lan_mac correctly. This problem can be solved by
reading the mac address (ascii) in dts.

Signed-off-by: Chukun Pan <amadeus@jmu.edu.cn>
19 months agomediatek: filogic: remove redundant code for tuf-ax4200
Chukun Pan [Wed, 5 Apr 2023 12:01:50 +0000 (20:01 +0800)]
mediatek: filogic: remove redundant code for tuf-ax4200

Remove redundant code in 02_network.

Signed-off-by: Chukun Pan <amadeus@jmu.edu.cn>
19 months agomediatek: filogic: move mac address setting together
Chukun Pan [Mon, 20 Mar 2023 15:08:01 +0000 (23:08 +0800)]
mediatek: filogic: move mac address setting together

Simultaneously sort in the order of letters.

Signed-off-by: Chukun Pan <amadeus@jmu.edu.cn>
19 months agomediatek: filogic: fix network config for mt7986a-rfb
Chukun Pan [Sun, 19 Mar 2023 15:21:35 +0000 (23:21 +0800)]
mediatek: filogic: fix network config for mt7986a-rfb

Fix the network configuration according to the device tree.

Fixes: 5faff99 ("mediatek: filogic: fix mt7986a ethernet devicetree entries")
Signed-off-by: Chukun Pan <amadeus@jmu.edu.cn>
19 months agotools/squashfs4: backport OpenWrt extended options patch
Christian Marangi [Thu, 20 Apr 2023 19:30:52 +0000 (21:30 +0200)]
tools/squashfs4: backport OpenWrt extended options patch

Due to us keeping a patch around for years and never proposing it to
squashfs4 repository, we resulted in having the same squashfs4 version
but with different supported options. (openwrt patched -- upstream)

To workaround this problem, a non-standard option was required.

To not have surprise on tool bump, backport the patch and add the new
config option required to enable these extended non-standard options.

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
19 months agoksmbd: update to latest 3.4.8 release
Andrew Sim [Tue, 18 Apr 2023 16:54:01 +0000 (18:54 +0200)]
ksmbd: update to latest 3.4.8 release

Changelog: https://github.com/cifsd-team/ksmbd/releases/tag/3.4.8

Signed-off-by: Andrew Sim <andrewsimz@gmail.com>
19 months agotools/lz4: build with meson
Rosen Penev [Thu, 20 Apr 2023 08:59:32 +0000 (01:59 -0700)]
tools/lz4: build with meson

Simplifies Makefile and speeds up compilation.

Before:
Executed in   68.00 secs    fish           external
   usr time  104.17 secs    1.33 millis  104.17 secs
   sys time    4.29 secs    0.35 millis    4.29 secs

After:
Executed in   27.98 secs    fish           external
   usr time   25.18 secs    1.32 millis   25.18 secs
   sys time    3.31 secs    0.35 millis    3.31 secs

Signed-off-by: Rosen Penev <rosenp@gmail.com>
19 months agouboot-mediatek: fix factory/reset button
Daniel Golle [Thu, 20 Apr 2023 10:31:49 +0000 (11:31 +0100)]
uboot-mediatek: fix factory/reset button

U-Boot commit ea6fdc13595 ("dm: button: add support for linux_code in
button-gpio.c driver") makes it mandatory to specify linux,code for all
buttons. As that broke handling of the reset button in U-Boot with the
update to U-Boot 2023.04, add linux,code for all butons.

Reported-by: @DragonBluep
Fixes: 50f7c5af4a ("uboot-mediatek: update to v2023.04")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
19 months agomediatek: filogic: update kernel config-5.15
Daniel Golle [Wed, 19 Apr 2023 22:38:31 +0000 (23:38 +0100)]
mediatek: filogic: update kernel config-5.15

Expose thermal-zone as hwmon sensor, remove thermal emulation driver
and add some missing symbols.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
19 months agomediatek: bpi-r3: allow up to 3W per SFP module
Daniel Golle [Tue, 18 Apr 2023 18:09:01 +0000 (19:09 +0100)]
mediatek: bpi-r3: allow up to 3W per SFP module

According to SinoVoip up to 3A @ 3.3V are available for both
SFP modules together. Raise energy limit from 1W (default) to 3W,
however, be aware that using modules consuming more than 1W will
require active cooling!

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
19 months agotools/dwarves: update to 1.25
Nick Hainke [Wed, 12 Apr 2023 19:50:29 +0000 (21:50 +0200)]
tools/dwarves: update to 1.25

Remove AUTORELEASE and HOST_BUILD_PARALLEL.

Release Notes:
https://lore.kernel.org/dwarves/ZDG4qxirpIfmbiip@kernel.org/T/#u

Signed-off-by: Nick Hainke <vincent@systemli.org>
19 months agokernel: fix up qrtr packaging after 5.15.107 bump
Stefan Lippers-Hollmann [Sun, 16 Apr 2023 09:57:42 +0000 (05:57 -0400)]
kernel: fix up qrtr packaging after 5.15.107 bump

qrtr/ns.ko is now merged into qrtr/qrtr.ko, so drop the individual module packaging.

Fixes: f4989239cc91 ("kernel: bump 5.15 to 5.15.107")
Signed-off-by: Stefan Lippers-Hollmann <s.l-h@gmx.de>
Tested-by: Stefan Lippers-Hollmann <s.l-h@gmx.de> #ipq807x/ax3600, x86_64/FW-7543B, mt7621/dap-x1860
19 months agokernel: bump 5.15 to 5.15.107
John Audia [Thu, 13 Apr 2023 17:28:17 +0000 (13:28 -0400)]
kernel: bump 5.15 to 5.15.107

All  patches automatically rebased.

Build system: x86_64
Build-tested: bcm2711/RPi4B, ramips/tplink_archer-a6-v3, filogic/xiaomi_redmi-router-ax6000-ubootmod
Run-tested: bcm2711/RPi4B, ramips/tplink_archer-a6-v3, filogic/xiaomi_redmi-router-ax6000-ubootmod

Signed-off-by: John Audia <therealgraysky@proton.me>
19 months agotools/cmake: update to 3.26.3
Nick Hainke [Sun, 16 Apr 2023 21:05:05 +0000 (23:05 +0200)]
tools/cmake: update to 3.26.3

Release Notes:
- https://www.kitware.com/cmake-3-26-1-available-for-download/
- https://www.kitware.com/cmake-3-26-2-available-for-download/
- https://www.kitware.com/cmake-3-26-3-available-for-download/

Signed-off-by: Nick Hainke <vincent@systemli.org>
19 months agomwlwifi: update to version 10.3.9.0-20230311
Kabuli Chana [Tue, 11 Apr 2023 22:52:56 +0000 (16:52 -0600)]
mwlwifi: update to version 10.3.9.0-20230311

upstream PR 408 improvements:
 -Fix AMSDU packets unused
 -Removed the ASMDU packets queue
 -Add more info in the iw tool
 -fix is_hw_crypto_enabled
 -Optimization AMPDU_TX_OPERATIONAL (avoid a spinlock)

change to wongsyrone mod

Signed-off-by: Kabuli Chana <newtownBuild@gmail.com>