Respect the generic kernel config setting, which is "enabled" tree-wide, as
previously done for sunxi.
Ref: 247ef4d98b ("sunxi: enable CONFIG_BPF_SYSCALL and CONFIG_EMBEDDED")
Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
(cherry picked from commit 41948c9c1b)
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
CRYPTO_DEV_CCP depends on X86 or ARM64
CRYPTO_DEV_CCP_DD depends on CPU_SUP_AMD or ARM64
Compiling this driver makes sense for x86 mainly. If one day support for
ARM64 board with AMD Secure Processor gets added this package may be
updated.
Trying to build this package on bcm4908 was causing:
ERROR: module 'build_dir/target-aarch64_cortex-a53_musl/linux-bcm4908_generic/linux-5.4.110/drivers/crypto/ccp/ccp-crypto.ko' is missing.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit cb3fb45ed1)
Currently it's not possible to flash factory images on devices shipped
with vendor firmware versions 1.1.0 Build 20201120 rel. 50406 (published
2020-12-22):
(curFw_ver, newFw_ver) == (1.1, 1.0) [NM_Error](nm_checkSoftVer) 00848: Firmwave not supports, check failed.
[NM_Error](nm_checkUpdateContent) 01084: software version dismatched
[NM_Error](nm_buildUpgradeStruct) 01188: checkUpdateContent failed.
They've even following note in release notes:
Note: You will be unable to downgrade to the previous firmware version
after updating this firmware.
This version check in vendor firmware is implemented in
/usr/bin/nvrammanager binary likely as following C code[1]:
sscanf(buf, "%d.%d.%*s",&upd_fw_major, &upd_fw_minor);
...
if (((int)upd_fw_major < (int)cur_fw_major) ||
((ret = 1, cur_fw_major == upd_fw_major && (upd_fw_minor < (int)cur_fw_minor)))) {
ret = 0;
printf("[NM_Error](%s) %05d: Firmwave not supports, check failed.\r\n\r\n","nm_checkSoftVer" ,0x350);
}
...
return ret;
So in order to fix this and make it future proof it should be enough to
ship our factory firmware images with major version 7 (lucky number).
Tested on latest firmware version 1.1.2 Build 20210125 rel.37999:
Firmwave supports, check OK.
(curFw_ver, newFw_ver) == (1.1, 7.0) check firmware ok!
Flashing back to vendor firmware
c7v5_us-up-ver1-1-2-P1[20210125-rel37999]_2021-01-25_10.33.55.bin works
as well:
U-Boot 1.1.4-gbec22107-dirty (Nov 18 2020 - 18:19:12)
...
Firmware downloaded... filesize = 0xeeae77 fileaddr = 0x80060000.
Firmware Recovery file length : 15642231
Firmware process id 2.
handle_fw_cloud 146
Image verify OK!
Firmware file Verify ok!
product-info:product_name:Archer C7
product_ver:5.0.0
special_id:55530000
[Error]sysmgr_cfg_checkSupportList(): 1023 @ specialId 45550000 NOT Match.
Firmware supports, check OK.
Firmware Recovery check ok!
1. https://gist.github.com/ynezz/2e0583647d863386a66c3d231541b6d1
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit e6d66375cb)
When $(FPIC) gets expanded on the command line (for instance
when setting environment variables for libtool, configure, or
make) we can't count on it not needing quoting (i.e. it could
contain multiple flags separated with spaces).
Fixes: dc31191ec3 ("build: make sure asm gets built with -DPIC")
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
(cherry picked from commit 7fae64cc06)
Refreshed all patches.
The following patches were manually changed:
* 610-netfilter_match_bypass_default_checks.patch
* 611-netfilter_match_bypass_default_table.patch
* 802-can-0002-can-rx-offload-fix-long-lines.patch
* 802-can-0003-can-rx-offload-can_rx_offload_compare-fix-typo.patch
* 802-can-0004-can-rx-offload-can_rx_offload_irq_offload_timestamp-.patch
* 802-can-0005-can-rx-offload-can_rx_offload_reset-remove-no-op-fun.patch
* 802-can-0006-can-rx-offload-Prepare-for-CAN-FD-support.patch
* 802-can-0018-can-flexcan-use-struct-canfd_frame-for-CAN-classic-f.patch
The can-dev.ko model was moved in the upstream kernel.
Compile-tested on: x86/64, armvirt/64, ath79/generic
Runtime-tested on: x86/64, armvirt/64, ath79/generic
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Move some disabled symbols found in armvirt target to generic.
Signed-off-by: Aleksander Jan Bajkowski <A.Bajkowski@stud.elka.pw.edu.pl>
(cherry picked from commit 12e942b1fd)
LPAE should be disabled as the Cortex-A8 cores don't support it,
and the kernel will crash on boot if it's enabled.
Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>
Fixes issue openwrt/packages#14921, whereby inline ASM wasn't getting
built as PIC; look at gmp-6.2.1/mpn/x86/pentium/popcount.asm for
example:
ifdef(`PIC',`
...
for a routine that exists in both PIC and non-PIC versions.
Make sure that wherever $(FPIC) gets passed as a variable expansion
that it gets quoted where necessary (such as setting environment
variables in shell commands).
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
(cherry picked from commit af22991e03)
Marvell mv88e6xxx switch series cannot perform MAC learning from
CPU-injected (FROM_CPU) DSA frames, which results in 2 issues.
- excessive flooding, due to the fact that DSA treats those addresses
as unknown
- the risk of stale routes, which can lead to temporary packet loss
Backport those patch series from netdev mailing list, which solve these
issues by adding and clearing static entries to the switch's FDB.
Add a hack patch to set default VID to 1 in port_fdb_{add,del}. Otherwise
the static entries will be added to the switch's private FDB if VLAN
filtering disabled, which will not work.
The switch may generate an "ATU violation" warning when a client moves
from the CPU port to a switch port because the static ATU entry added by
DSA core still points to the CPU port. DSA core will then clear the static
entry so it is not fatal. Disable the warning so it will not confuse users.
Link: https://lore.kernel.org/netdev/20210106095136.224739-1-olteanv@gmail.com/
Link: https://lore.kernel.org/netdev/20210116012515.3152-1-tobias@waldekranz.com/
Ref: https://gitlab.nic.cz/turris/turris-build/-/issues/165
Signed-off-by: DENG Qingfang <dqfext@gmail.com>
(cherry picked from commit 920eaab1d8)
This adds detection of the Sophos SG-105 and Sophos XG-105 models
and assignment of ethernet ports these models have to LAN/WAN.
Signed-off-by: Stan Grishin <stangri@melmac.net>
(cherry picked from commit 64eaf633ff)
Upstream iproute2 detects libbpf using a one-line $CC test-compile, which
normally ignores LDFLAGS. With NLS enabled however, LDFLAGS includes an
"rpath-link" linker option needed to resolve libintl.so. Its absence
causes both the compile and libbpf detection to fail:
ld: warning: libintl.so.8, needed by libbpf.so, not found (try using
-rpath or -rpath-link)
ld: libelf.so.1: undefined reference to `libintl_dgettext'
collect2: error: ld returned 1 exit status
Fix this by directly including $LDFLAGS in the test-compile command.
Reported-by: Ian Cooper <iancooper@hotmail.com>
Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
(cherry picked from commit aab3a04ce8)
The libbfd package definition uses $(ICONV_DEPENDS) and $(INTL_DEPENDS)
but links against neither, leading to libbfd detection failures in other
packages (e.g. bpftools) and on-target relocation problems with libintl.so:
root@OpenWrt:/# ldd /usr/lib/libbfd.so
ldd (0x77db6000)
libc.so => ldd (0x77db6000)
libgcc_s.so.1 => /lib/libgcc_s.so.1 (0x77c6d000)
Error relocating /usr/lib/libbfd.so: libintl_dgettext: symbol not found
Add NLS-conditional linking of "libintl" to fix this. Also remove libbfd
package dependency $(ICONV_DEPENDS) which is not used during building or
linking.
Tested with QEMU on malta/be32, after building all packages from binutils,
bpftools and iproute2, using different libc options musl and glibc.
Fixes: 08e8175696 ("binutils: use nls.mk to fix libbfd link errors in
other packages")
Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
(cherry picked from commit 9a59f62f61)
There is no direct linking of libintl from bpftools, only secondary linking
through libelf, so remove "-lintl" from TARGET_LDFLAGS.
Fixes: 5582fbd613 ("bpftools: support NLS, fix ppc build and update to 5.8.9")
Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
(cherry picked from commit c8c638a19b)
This change was investigated previously [1] but not deemed necessary. With
the recent addition [2] of modern BPF loader support, however, tc gained
dependencies on libelf and libbpf, with a larger installation footprint.
Similar to ip-tiny/ip-full, split tc into tc-full and tc-tiny variants,
where the latter excludes the eBPF loader, uses a smaller executable, and
avoids libelf and libbpf package dependencies. Both variants provide the
'tc' virtual package, with tc-tiny as the default.
The previous tc package included a loadable module for iptables actions.
Separate this out into a common package, tc-mod-iptables, which both
variants depend on. Some package sizes on mips_24kc:
Before:
148343 tc_5.11.0-1_mips_24kc.ipk
After:
144833 tc-full_5.11.0-2_mips_24kc.ipk
138430 tc-tiny_5.11.0-2_mips_24kc.ipk (and no libelf or libbpf)
4115 tc-mod-iptables_5.11.0-2_mips_24kc.ipk
Also fix up some Makefile indentation.
[1] https://github.com/openwrt/openwrt/pull/1627#issuecomment-447619962
[2] b048a305a3 ("iproute2: update to 5.11.0")
Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
(cherry picked from commit 72885e9608)
The link equalizer sch_teql.ko of package kmod-sched relies on a hotplug
script historically included in iproute2's tc package. In previous
discussion [1], consensus was the hotplug script is best located together
with the module in kmod-sched, but this change was deferred at the time.
Relocate the hotplug script now. This change also simplifies adding a tc
variant for minimal size with reduced functionality.
[1] https://github.com/openwrt/openwrt/pull/1627#issuecomment-447923636
Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
(cherry picked from commit 863ce4f15f)
This patch has been submitted upstream to fix an error reported by a few
users. One instance seen using gcc 10.2.0, binutils 2.35.1 and musl 1.1.24:
bpf_glue.c: In function 'get_libbpf_version':
bpf_glue.c:46:11: error: 'PATH_MAX' undeclared (first use in this function);
did you mean 'AF_MAX'?
46 | char buf[PATH_MAX], *s;
| ^~~~~~~~
| AF_MAX
Reported-by: Rui Salvaterra <rsalvaterra@gmail.com>
Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
(cherry picked from commit 10ffefe602)
The latest iproute2 version brings various improvements and fixes:
https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/log/?qt=range&q=v5.10.0..v5.11.0
In particular, ip and tc now use libbpf as the standard way to load BPF
programs, rather than the old, limited custom loader. This allows more
consistent and featureful BPF program handling e.g. support for global
initialized variables.
Also fix a longstanding problem with iproute2 builds where unneeded DSO
dependencies are added to most utilities, bloating their installation
footprint. From research and testing, explicitly using a "--as-needed"
linker flag avoids the issue. Update accordingly and drop extra package
dependencies from Makefile.
Additional build and packaging updates include:
- install missing development header to iproute2/bpf_elf.h
- propagate OpenWrt verbose flag during build
- update and refresh patches
Compile and run tested: QEMU/malta-mips32be on kernels 5.4 & 5.10.
All iproute2 packages were built and installed to the test image. Some
regression testing using ip-full and tc was successfully performed to
exercise several kmods, tc modules, and simple BPF programs.
Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
(cherry picked from commit b048a305a3)
To the vast majority of the users, wireguard-tools are not useful
without the underlying kernel module. The cornercase of only generating
keys and not using the secure tunnel is something that won't be done on
an embedded OpenWrt system often. On the other hand, maintaining a
separate meta-package only for this use case introduces extra
complexity. WireGuard changes for Linux 5.10 remove the meta-package.
So let's make wireguard-tools depend on kmod-wireguard
to make WireGuard easier to use without having to install multiple
packages.
Fixes: ea980fb9 ("wireguard: bump to 20191226")
Signed-off-by: Ilya Lipnitskiy <ilya.lipnitskiy@gmail.com>
(cherry picked from commit cbcddc9f31)
Use NETWORK_SUPPORT_MENU like all other modules in netsupport.mk. Drop
SECTION and CATEGORY fields as they are set by default and to match
other packages in netsupport.mk. Use better TITLE for kmod-wireguard
(taken from upstream drivers/net/Kconfig).
Signed-off-by: Ilya Lipnitskiy <ilya.lipnitskiy@gmail.com>
(cherry picked from commit 0b53d6f7fa)
On Linux 5.4, build WireGuard from backports. Linux 5.10 contains
wireguard in-tree.
Add in-kernel crypto libraries required by WireGuard along with
arch-specific optimizations.
Signed-off-by: Ilya Lipnitskiy <ilya.lipnitskiy@gmail.com>
(cherry picked from commit 06351f1bd0)
(cherry picked from commit 464451d9ab)
Rather than using the clunky, old, slower wireguard-linux-compat out of
tree module, this commit does a patch-by-patch backport of upstream's
wireguard to 5.4. This specific backport is in widespread use, being
part of SUSE's enterprise kernel, Oracle's enterprise kernel, Google's
Android kernel, Gentoo's distro kernel, and probably more I've forgotten
about. It's definately the "more proper" way of adding wireguard to a
kernel than the ugly compat.h hell of the wireguard-linux-compat repo.
And most importantly for OpenWRT, it allows using the same module
configuration code for 5.10 as for 5.4, with no need for bifurcation.
These patches are from the backport tree which is maintained in the
open here: https://git.zx2c4.com/wireguard-linux/log/?h=backport-5.4.y
I'll be sending PRs to update this as needed.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
(cherry picked from commit 3888fa7880)
(cherry picked from commit d540725871)
(cherry picked from commit 196f3d586f)
(cherry picked from commit 3500fd7938)
(cherry picked from commit 23b801d3ba)
(cherry picked from commit 0c0cb97da7)
(cherry picked from commit 2a27f6f90a)
Signed-off-by: Ilya Lipnitskiy <ilya.lipnitskiy@gmail.com>
This enables building BCM4908 "raw" image that can be flashed using
bootloader web UI. It requires serial console access & stopping booting
by the "Press any key to stop auto run".
It's easy to build vendor like CHK image but it can't be safely flashed
using vendor UI at this point. Netgear implements method called "NAND
incremental flashing" that doesn't seem to flash bootfs partition as
provided.
Above method seems to update vmlinux.lz without updating 94908.dtb. It
prevents OpenWrt kernel from booting due to incomplete DTB file. Full
Netgear R8000P support can be enabled after finding a way to make vendor
firmware flash OpenWrt firmware including the 94908.dtb update.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit d92a9c97bf)
OpenWrt was succesfully tested on the GT-AC5300 model. It's possible to:
1. Install OpenWrt using vendor UI
2. Perform UBI aware sysupgrade
3. Install vendor firmware using OpenWrt sysupgrade
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit 5e78cb9b85)
bcm4908img is a tool managing BCM4908 platform images. It's used for
creating them as well as checking, modifying and extracting data from.
It's required by both: host (for building firmware images) and target
(for sysupgrade purposes). Make it a host/target package.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit 9b4fc4cae9)
It supports flashing OpenWrt images (bootfs & UBI upgrade) as well as
vendor images (whole MTD partition write).
Upgrading cferom is unsupported. It requires copying device specific
data (like MAC) to target image before flashing.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit a6a0b252ba)
This way MTD "bootfs" partition will be always 8+ MiB. This should be
enough for any custom / future firmware to fit its bootfs (e.g. big
kernel) without having to repertition whole flash. That way we can
preserve UBI and its erase counters during sysupgrade.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit ca9b1f15c4)
JFFS2 bootfs partition in a BCM4908 image usually includes some padding.
For flashing it individually (writing to designed MTD partition) we want
just JFFS2 data.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit ed7edf88e2)
Fix offset to extract proper data when image contains vendor header.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit dcbde11af1)
It's required for upgrading firmware using single partitions instead of
just blindly writing whole image.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit e33957c241)
It's much easier to operate on BCM4908 image data with absolute offset
of each section stored. It doesn't require summing sizes over and over.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit 5314cab729)
The purpose of that dummy file is to make CFE work properly with OpenWrt
bootfs. CFE for some reason ignores JFFS2 files with ino 0.
Rename it to 1-openwrt so:
1. It's consistent with bcm63xx
2. It's OpenWrt specific so sysupgrade can distinguish it from vendor
images
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit 880c8b4422)
This adds support for accessing bootfs JFFS2 partition in the BCM4908
image. Support includes:
1. Listing files
2. Renaming file (requires unchanged name length)
Above commands are useful for flashing BCM4908 images which by defualt
come with cferom.000 file and require renaming it.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit ed847ef5f3)
It's important for modifying / extracting firmware content. cferom is
optional image content at the file beginning.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit 6af45b842b)
BCM4908 image format contains some info that may be useful for info /
debugging purposes.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit 9b9184f178)
1. Don't allow pipe stdin as we need to fseek()
2. Don't alow TTY as it doesn't make sense for binary input
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit d533b27bc0)
Netgear uses CHK header which needs to be skipped when validating
BCM4908 image. Detect it directly in the bcm4908img tool. Dealing with
binary structs and endianess is way simpler in C.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit a39f85d8b6)
Move code parsing existing firmware file to separated function. This
cleans up existing code and allows reusing parsing code for other
commands.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit 7d5f743942)
This tells OS (Linux) where from MAC should be read (bootloader MTD
partition).
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit 1cc5eb45d5)
