Commit Graph

58297 Commits

Author SHA1 Message Date
Georgi Valkov
2b6b6e2f3c
kernel: backport ipeth CDC NCM support
Fixes no communication with tethered iOS devices in CDC NCM mode.
Freshly booted iOS devices start in legacy mode, but are put into
NCM mode by the official Apple driver.

[1] a2d274c62e

Fixes: #12566
Tested-by: Georgi Valkov <gvalkov@gmail.com>
Signed-off-by: Foster Snowhill <forst@pen.gy>
Signed-off-by: Georgi Valkov <gvalkov@gmail.com>
[ better reference fixed issue ]
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 680f8738d0)
2024-04-21 22:55:37 +02:00
Christian Marangi
9b33b74ef7
bcm27xx: refresh kernel patches
Refresh kernel patches with make target/linux/refresh.

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
2024-04-18 14:14:42 +02:00
Christian Marangi
afb5fdd79a
netifd: packet-steering: silence error on applying queue mask
Some queues can't be tweaked and return -ENOENT if it's not multiqueue.

Silence any error from echo to produce a more clean bootlog.

Fixes: #12095
Suggested-by: Andris PE <neandris@gmail.com>
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
2024-04-18 12:43:06 +02:00
Robert Marko
e8cc17e147
config: fix CONFIG_GDB appearing in main menuconfig menu
I noticed that CONFIG_GDB was suddenly appearing in the main menuconfig
menu despite the fact that it should be visible only when TOOLCHAINOPTS
is selected and under a dedicated menu.

After some trial and error, it seems that this was caused by the recent
addition of GCC_USE_DEFAULT_VERSION, and after even more trial and error
it gets fixed as soon GCC_USE_DEFAULT_VERSION is placed after GCC_VERSION.

So, lets simply put GCC_USE_DEFAULT_VERSION after GCC_VERSION.

Fixes: 501ef81040 ("config: select KERNEL_WERROR if building with default GCC version")
Signed-off-by: Robert Marko <robimarko@gmail.com>
Signed-off-by: Petr Štetiar <ynezz@true.cz> [rebased]
(cherry picked from commit 12b2cb2ec3)
2024-04-18 11:52:56 +02:00
Daniel Golle
915dfbdbb1
config: select KERNEL_WERROR if building with default GCC version
[ during cherry-pick GCC version was changed to default GCC 12 version ]

At the moment we have to manually follow the default GCC version
also in config/Config-kernel.in. This tends to be forgotten at GCC
version bumps (just happened when switching from version 12 to 13).
Instead, introduce a hidden Kconfig symbol which implies KERNEL_WERROR
in toolchain/gcc/Config.in where it is visible for developers changing
the default version.

Also remove the explicit default on BUILDBOT to avoid a circular
dependency and also because buildbots anyway implicitly always select
the default GCC version.

Reference: https://github.com/openwrt/openwrt/pull/15064
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Signed-off-by: Petr Štetiar <ynezz@true.cz> [GCC 12 default]
(cherry picked from commit 501ef81040)
2024-04-18 11:52:56 +02:00
Petr Štetiar
33612fdb92
kernel: introduce KERNEL_WERROR config option
In commit b2d1eb717b ("generic: 5.15: enable Werror by default for
kernel compile") CONFIG_WERROR=y was enabled and all warnings/errors
reported with GCC 12 were fixed.

Keeping this in sync with past/future GCC versions is going to be uphill
battle, so lets introduce new KERNEL_WERROR config option, enable it by
default only for tested/known working combinations and on buildbots.

References: #12687
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit ce8c639a6c)
2024-04-18 11:52:22 +02:00
Rodrigo Balerdi
677ecd09d2
ipq40xx: whw03v2: enable additional 5 GHz channels
This device supports channel ranges 36-64 and 100-165, just like
others based on the same reference design, but its current DTS is
unnecessarily restricting these ranges to 36-48 and 149-165.

Signed-off-by: Rodrigo Balerdi <lanchon@gmail.com>
(cherry picked from commit 1c32cee348)
2024-04-17 13:42:45 +02:00
CheWei Chien
26e882f06f
ipq807x: prpl-haze: enable LED driver on device tree
Enable LED driver LP5562 on HAZE device tree and include its kernel
module package on default package for HAZE.

Signed-off-by: CheWei Chien <chewei.chien@wnc.com.tw>
Signed-off-by: Petr Štetiar <ynezz@true.cz> [commit facelift]
(cherry picked from commit fb45194305)
2024-04-17 10:44:57 +00:00
CheWei Chien
726d4be297
kernel: add kmod-leds-lp5562 and kmod-leds-lp55xx-common
Add kernel module for lp5562 LED driver.
The kmod-leds-lp5562 depends on kmod-leds-lp55xx-common.

Signed-off-by: CheWei Chien <chewei.chien@wnc.com.tw>
(cherry picked from commit b33fa6ac90)
2024-04-17 10:43:54 +00:00
Florian Eckert
f2366d75cf
.gitignore: ignore link if target is included from feed
If an out of tree target is included via a feed, then there is a link with
the name 'feed' in the target directory. Do not show this link in git.

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
(cherry picked from commit 13e7a2d19f)
2024-04-17 05:04:46 +00:00
Cedric DOURLENT
340e3dc453
build: fix kernel component in CycloneDX SBOM
As stated in the cycloneDX documentation, the field "type" is mandatory for all components.

More details here (https://cyclonedx.org/docs/1.5/json/#components_items_type)

Signed-off-by: Cedric DOURLENT <cedric.dourlent@softathome.com>
(cherry picked from commit 84331215e5)
2024-04-17 04:34:36 +00:00
Daniel Golle
5cae98c25d mvebu: puzzle-m90x: wipe rootfs_data on sysupgrade
The sysupgrade formware of the Puzzle series is a slightly strange
dual-boot approach while remaining compatible with Marvell's SDK
firmware upgrade binary format -- which happens to be a full-disk
image with GPT partition table. Hence that /lib/upgrade/emmc-puzzle.sh
script is like an exotic disease which results from those decisions,
and as we also want to somehow stay compatible with the IEI-World
stock firmware we got to use it in that same way (we are not
compatible with the QNAP-branded identical hardware device anyway).

Currently, on sysupgrade the result is that one ends up with the old
content of rootfs_data (a GPT partition on those devices) as nothing
ever wipes or in any way re-creates the filesystem there. As a simple
work-around, let's kill the filesystem on rootfs_data so fstools
re-formats it on the next boot.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit d4e8653e1e)
2024-04-12 01:51:51 +01:00
Robert Marko
817a1cb2bf sdk: include lib/crtsavres.o for powerpc
Trying to link certain kernel modules like dahdi-linux when building with
the OpenWrt SDK will fail with:
openwrt-sdk-apm821xx-sata_gcc-13.2.0_musl.Linux-x86_64/staging_dir/toolchain-powerpc_464fp_gcc-13.2.0_musl/bin/powerpc-openwrt-linux-musl-ld: cannot find arch/powerpc/lib/crtsavres.o: No such file or directory

Previously this worked with the PowerPC SDK since we carried a hack that
was passing --save-restore-funcs to module LDFLAGS so the linker provided
the required functions automatically as without --save-restore-funcs it
doesnt do so automatically on relocatable links and as a sideffect did not
require the kernel provided crtsaves.o to link against.

Now that hack has been removed as upstream kernel now compiles crtsaves.o
by default so it can be linked against but its not included in the SDK.

So, lets include lib/crtsavres.o when SDK is generated for PowerPC.

Fixes: 1c28058710 ("kernel: bump 5.15 to 5.15.148")
Signed-off-by: Robert Marko <robimarko@gmail.com>
2024-04-09 11:25:41 +02:00
Felix Fietkau
11d88dee1c kernel: backport upstream mediatek WED changes
Reorder and update existing patches

Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit 6407ef8d2b)
[rmilecki: rebase & fix mt76 compilation]
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2024-04-09 08:48:08 +02:00
Rafał Miłecki
afe2ddf827 mac80211: backport some upstream EHT patches
Those changes are needed by Wi-Fi 7 drivers.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2024-04-09 08:48:08 +02:00
Richard Kunze
77b7c10884 realtek: support common GPIOs on D-Link DGS-1210-16
D-Link DGS-1210-16 hangs when rebooting and has no support for the reset
button.

Fix both by enabling the same GPIOs for reboot and the reset button as
already used for D-Link DGS-1210-20 and D-Link DGS-1210-28.

Signed-off-by: Richard Kunze <kunze@tivano.de>
(cherry picked from commit 92c21b2e18)
2024-04-03 21:32:55 +02:00
Marco von Rosenberg
f314debd4f ath79: add support for Huawei AP5030DN
Huawei AP5030DN is a dual-band, dual-radio 802.11ac Wave 1 3x3 MIMO
enterprise access point with two Gigabit Ethernet ports and PoE
support.

Hardware highlights:
- CPU: QCA9550 SoC at 720MHz
- RAM: 256MB DDR2
- Flash: 32MB SPI-NOR
- Wi-Fi 2.4GHz: QCA9550-internal radio
- Wi-Fi 5GHz: QCA9880 PCIe WLAN SoC
- Ethernet 1: 10/100/1000 Mbps Ethernet through Broadcom B50612E PHY
- Ethernet 2: 10/100/1000 Mbps Ethernet through Marvell 88E1510 PHY
- PoE: input through Ethernet 1 port
- Standalone 12V/2A power input
- Serial console externally available through RJ45 port
- External watchdog: SGM706 (1.6s timeout)

Serial console:
  9600n8 (9600 baud, no stop bits, no parity, 8 data bits)

MAC addresses:
  Each device has 32 consecutive MAC addresses allocated by
  the vendor, which don't overlap between devices.
  This was confirmed with multiple devices with consecutive
  serial numbers.
  The MAC address range starts with the address on the label.
  To be able to distinguish between the interfaces,
  the following MAC address scheme is used:
    - eth0 = label MAC
    - eth1 = label MAC + 1
    - radio0 (Wi-Fi 5GHz) = label MAC + 2
    - radio1 (Wi-Fi 2.4GHz) = label MAC + 3

Installation:
0. Connect some sort of RJ45-to-USB adapter to "Console" port of the AP

1. Power up the AP

2. At prompt "Press f or F  to stop Auto-Boot in 3 seconds",
   do what they say.
   Log in with default admin password "admin@huawei.com".

3. Boot the OpenWrt initramfs from TFTP using the hidden script
   "run ramboot". Replace IP address as needed:

   > setenv serverip 192.168.1.10
   > setenv ipaddr 192.168.1.1
   > setenv rambootfile
     openwrt-ath79-generic-huawei_ap5030dn-initramfs-kernel.bin
   > saveenv
   > run ramboot

4. Optional but recommended as the factory firmware cannot
   be downloaded publicly:
   Back up contents of "firmware" partition using the web interface or ssh:

   $ ssh root@192.168.1.1 cat /dev/mtd11 > huawei_ap5030dn_fw_backup.bin

5. Run sysupgrade using sysupgrade image. OpenWrt
   shall boot from flash afterwards.

Return to factory firmware (using firmware upgrade package downloaded from
non-public Huawei website):
1. Start a TFTP server in the directory where
   the firmware upgrade package is located

2. Boot to u-boot as described above

3. Install firmware upgrade package and format the config partitions:

   > update system FatAP5X30XN_SOMEVERSION.bin
   > format_fs

Return to factory firmware (from previously created backup):
1. Copy over the firmware partition backup to /tmp,
   for example using scp

2. Use sysupgrade with force to restore the backup:
   sysupgrade -F huawei_ap5030dn_fw_backup.bin

3. Boot AP to U-Boot as described above

Quirks and known issues
-----------------------

- On initial power-up, the Huawei-modified bootloader suspends both
ethernet PHYs (it sets the "Power Down" bit in the MII control
register). Unfortunately, at the time of the initial port, the kernel
driver for the B50612E/BCM54612E PHY behind eth0 doesn't have a resume
callback defined which would clear this bit. This makes the PHY unusable
since it remains suspended forever. This is why the backported kernel
patches in this commit are required which add this callback and for
completeness also a suspend callback.

- The stock firmware has a semi dual boot concept where the primary
kernel uses a squashfs as root partition and the secondary kernel uses
an initramfs. This dual boot concept is circumvented on purpose to gain
more flash space and since the stock firmware's flash layout isn't
compatible with mtdsplit.

- The external watchdog's timeout of 1.6s is very hard to satisfy
during bootup. This is why the GPIO15 pin connected to the watchdog input
is configured directly in the LZMA loader to output the CPU_CLK/4 signal
which keeps the watchdog happy until the wdt-gpio kernel driver takes
over. Because it would also take too long to read the whole kernel image
from flash, the uImage header only includes the loader which then reads
the kernel image from flash after GPIO15 is configured.

Signed-off-by: Marco von Rosenberg <marcovr@selfnet.de>
[fixed 6.6 backport patch naming]
Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit 06cdc07f8c)
2024-04-03 02:56:56 +02:00
Hauke Mehrtens
8f8d5decc9 kernel: bump 5.15 to 5.15.153
Removed because they are upstream:
generic/backport-5.15/704-15-v5.19-net-mtk_eth_soc-move-MAC_MCR-setting-to-mac_finish.patch
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=linux-5.15.y&id=c5c0760adc260d55265c086b9efb350ea6dda38b

generic/pending-5.15/735-net-mediatek-mtk_eth_soc-release-MAC_MCR_FORCE_LINK-.patch
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=linux-5.15.y&id=448cc8b5f743985f6d1d98aa4efb386fef4c3bf2

generic/pending-5.15/736-net-ethernet-mtk_eth_soc-fix-PPE-hanging-issue.patch
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=linux-5.15.y&id=9fcadd125044007351905d40c405fadc2d3bb6d6

Add new configuration symbols for tegra target.

Tested-by: Stijn Segers <foss@volatilesystems.org>
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit fb2c6e9d4d)
2024-04-01 02:33:05 +02:00
Allen Zhao
e2f3aefea5 mediatek: filogic: add Unielec U7981-01 support
Hardware specification:
  SoC: MediaTek MT7981B 2x A53
  Flash: 8GB eMMC or 128 MB SPI-NAND
  RAM: 256MB
  Ethernet: 5x 10/100/1000 Mbps
  Switch: MediaTek MT7531AE
  WiFi: MediaTek MT7976C
  Button: Reset
  USB: M.2(B-key) for 4G/5G Module
  Power: DC 12V 1A
  UART: 3.3v, 115200n8
  --------------------------
  |         Layout         |
  |   -----------------    |
  | 4 | VCC RX TX GND | <= |
  |   -----------------    |
  --------------------------

The U-boot menu will automatically appear at startup, and then select
the required options through UP/DOWN Key.

NAND Flash and eMMC Flash instructions:
1. Set your computers IP adress to 192.168.1.2.
2. Run a TFTP server providing the sysupgrade.bin image.
3. Power on the router, into the U-Boot menu.
4. Select "2. Upgrade firmware"
5. Update sysupgrade.bin file name, input server IP and input device
   IP (if they deviate from the defaults)
6. Wait for automatic startup after burning

Signed-off-by: Allen Zhao <allenzhao@unielecinc.com>
(cherry picked from commit 640b0b79ff)
2024-03-31 20:45:20 +02:00
Tianling Shen
705954a51a rockchip: remove redundant 'console' parameter from boot script
ttyS2 is the default console used for all rockchip boards.
The redundant 'console=tty1' parameter now breaks the console due to
recent procd update.

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit 163c3d0bde)
2024-03-31 20:39:57 +02:00
Tianling Shen
f90b1d9778 rockchip: remove 'swiotlb' parameter from boot script
We have hardware IOMMU support and this is totally unnecessary.
The given value is also unreasonable, it's too small and causes
kernel panic in some cases:

[ 5706.856473] sdhci-dwcmshc fe310000.mmc: swiotlb buffer is full (sz: 28672 bytes), total 512 (slots), used 498 (slots)
[ 5706.864451] sdhci-dwcmshc fe310000.mmc: swiotlb buffer is full (sz: 65536 bytes), total 512 (slots), used 464 (slots)

This parameter seems to be added by mistake, so remove it.

Fixes: e35c7ab51f ("rockchip: merge bootscript")
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit 50e6c8ae8d)
2024-03-31 20:39:57 +02:00
Felix Fietkau
26548c4254 unetd: update to Git HEAD (2024-03-31)
52144f723bec pex: after receiving data update req, notify peer of local address/port
29aacb9386e0 pex: track indirect hosts (reachable via gateway) as peers without adding them to wg
48049524d4fc pex: do not send peer notifications for hosts with a gateway
12ac684ee22a pex: do not query for hosts with a gateway
203c88857354 pex: fix endian issues on config transfer
a29d45c71bca network: fix endian issue in converting port to network id
cbbe9d337a17 unet-cli: emit id by default
806457664ab6 unet-cli: strip initial newline in usage message

Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit a112ed4126)
2024-03-31 19:57:22 +02:00
Hauke Mehrtens
ecf390c8ff kernel: bump 5.15 to 5.15.152
Removed because it is upstream:
generic/backport-5.15/081-v5.17-regmap-allow-to-define-reg_update_bits-for-no-bus.patch
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=linux-5.15.y&id=fbddd48f1456db32b675fad95a902de38345902a

Manual changes needed:
bcm27xx/patches-5.15/950-0470-sound-usb-add-device-quirks-for-A4Tech-FHD-1080p-web.patch

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 2ec025d554)
2024-03-29 14:06:15 +01:00
Hauke Mehrtens
6734cbd9f7 kernel: bump 5.15 to 5.15.151
No manual changes needed.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 0307571124)
2024-03-29 14:05:51 +01:00
Sander van Deijck
0a2047cf77 kirkwood: add ix4-200d support to uboot-envtools
This adds support for the Iomega ix4-200d device in uboot-envtools.

Signed-off-by: Sander van Deijck <sander@vandeijck.com>
(cherry picked from commit 2cfe86d383)
2024-03-23 14:58:33 +01:00
Hauke Mehrtens
2b61e258b4 OpenWrt v23.05.3: revert to branch defaults
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2024-03-22 23:26:12 +01:00
Hauke Mehrtens
01170d518d OpenWrt v23.05.3: adjust config defaults
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2024-03-22 23:26:03 +01:00
Hauke Mehrtens
234f1a2efa mt76: Fix PKG_MIRROR_HASH
Fix the PKG_MIRROR_HASH after the last upgrade.

Fixes: 5ef41b1f91 ("mt76: update to latest HEAD")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2024-03-22 23:09:42 +01:00
David Bauer
5ef41b1f91 mt76: update to latest HEAD
f1e1e67d wifi: mt76: fix race condition related to checking tx queue fill status
bbbac7de wifi: mt76: rename mt76_packet_id_init/flush to mt76_wcid_init/cleanup
b5d13611 mt76: mt7915: fix monitor mode issues

Signed-off-by: David Bauer <mail@david-bauer.net>
2024-03-22 19:59:24 +01:00
Daniel Golle
a8f51096dd mediatek: mt7622: linksys-e8450: set driving strength for SPI-NAND
Set 12mA driving strength for SPI-NAND pins like the stock firmware's
bootloader does as well.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit 45a2109353)
2024-03-20 16:32:25 +00:00
Hauke Mehrtens
03a3a729ec dnsmasq: Backport 2 upstream patches
These two patches are fixing minor problems with DNSSEC found shortly
after the dnsmasq 2.90 release.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 28c87d7ecd)
2024-03-20 01:22:10 +01:00
Robert Marko
853b638f85 dnsmasq: reset PKG_RELEASE
dnsmasq was recently updated to 2.90, but PKG_RELEASE was not reset to 1.

Fixes: 838a27f64f ("dnsmasq: version 2.90")
Signed-off-by: Robert Marko <robimarko@gmail.com>
(cherry picked from commit 694e647784)
2024-03-18 21:55:47 +01:00
Nathaniel Wesley Filardo
875822f283 dnsmasq: version 2.90
Bump to 2.90 to get upstream's fix for DNSSEC KeyTrap (CVE-2023-50387,
CVE-2023-50868) among many other goodies and fixes (notably, upstream
568fb024... fixes a UAF in cache_remove_uid that was routinely crashing
dnsmasq in my deployment).

Catch up our 200-ubus_dns.patch, too.

Signed-off-by: Nathaniel Wesley Filardo <nwfilardo@gmail.com>
(cherry picked from commit 838a27f64f)
2024-03-18 21:55:47 +01:00
Sven Eckelmann
af22a169c1 dnsmasq: mark global ubus context as closed after fork
If the dnsmasq process forks to handle TCP connections, it closes the ubus
context. But instead of changing the daemon wide pointer to NULL, only the
local variable was adjusted - and this portion of the code was even dropped
(dead store) by some optimizing compilers.

It makes more sense to change the daemon->ubus pointer because various
functions are already checking it for NULL. It is also the behavior which
ubus_destroy() implements.

Fixes: d8b33dad0b ("dnsmasq: add support for monitoring and modifying dns lookup results via ubus")
Signed-off-by: Sven Eckelmann <sven@narfation.org>
(cherry picked from commit 711dcb7763)
2024-03-18 21:55:47 +01:00
Rafał Miłecki
0a571c9e77 mediatek: filogic: replace built-in Aquantia driver with module
Some Aquantia PHYs (e.g. AQR113C) require firmware to be uploaded by
host system. With built-in drivers this doesn't work in OpenWrt /
embeddded as filesystem isn't available during PHY probe. That results
in delays like:
[    1.588068] Aquantia AQR113C mdio-bus:00: Falling back to sysfs fallback for: Rhe-05.06-Candidate9-AQR_Mediatek_23B_P5_ID45824_LCLVER1.cld
[   64.526387] Aquantia AQR113C mdio-bus:00: failed to find FW file Rhe-05.06-Candidate9-AQR_Mediatek_23B_P5_ID45824_LCLVER1.cld (-110)

Switch to module to postpone PHY probe to init state.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit 3bd79e6136)
2024-03-17 21:55:37 +01:00
Daniel Golle
f02920dd98 mvebu: enable thermal zone polling for IEI Puzzle devices
Marvell's thermal sensors do not support interrupts, so we need to
poll them. Reading temperature every second should be enough to
control the fan.
While at it, also make sure fan speed is reduced again if temperature
goes down.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit fc177695e0)
2024-03-17 19:40:44 +00:00
Christian Lamparter
100a5606d6 firmware: intel-microcode: update to 20240312
Debian changelog:

intel-microcode (3.20240312.1) unstable; urgency=medium

  * New upstream microcode datafile 20240312 (closes: #1066108)
    - Mitigations for INTEL-SA-INTEL-SA-00972 (CVE-2023-39368):
      Protection mechanism failure of bus lock regulator for some Intel
      Processors may allow an unauthenticated user to potentially enable
      denial of service via network access.
    - Mitigations for INTEL-SA-INTEL-SA-00982 (CVE-2023-38575):
      Non-transparent sharing of return predictor targets between contexts in
      some Intel Processors may allow an authorized user to potentially
      enable information disclosure via local access.  Affects SGX as well.
    - Mitigations for INTEL-SA-INTEL-SA-00898 (CVE-2023-28746), aka RFDS:
      Information exposure through microarchitectural state after transient
      execution from some register files for some Intel Atom Processors and
      E-cores of Intel Core Processors may allow an authenticated user to
      potentially enable information disclosure via local access.  Enhances
      VERW instruction to clear stale register buffers.  Affects SGX as well.
      Requires kernel update to be effective.
    - Mitigations for INTEL-SA-INTEL-SA-00960 (CVE-2023-22655), aka TECRA:
      Protection mechanism failure in some 3rd and 4th Generation Intel Xeon
      Processors when using Intel SGX or Intel TDX may allow a privileged
      user to potentially enable escalation of privilege via local access.
      NOTE: effective only when loaded by firmware.  Allows SMM firmware to
      attack SGX/TDX.
    - Mitigations for INTEL-SA-INTEL-SA-01045 (CVE-2023-43490):
      Incorrect calculation in microcode keying mechanism for some Intel
      Xeon D Processors with Intel SGX may allow a privileged user to
      potentially enable information disclosure via local access.
  * Fixes for other unspecified functional issues on many processors
  * Updated microcodes:
    sig 0x00050653, pf_mask 0x97, 2023-07-28, rev 0x1000191, size 36864
    sig 0x00050656, pf_mask 0xbf, 2023-07-28, rev 0x4003605, size 38912
    sig 0x00050657, pf_mask 0xbf, 2023-07-28, rev 0x5003605, size 37888
    sig 0x0005065b, pf_mask 0xbf, 2023-08-03, rev 0x7002802, size 30720
    sig 0x00050665, pf_mask 0x10, 2023-08-03, rev 0xe000015, size 23552
    sig 0x000506f1, pf_mask 0x01, 2023-10-05, rev 0x003e, size 11264
    sig 0x000606a6, pf_mask 0x87, 2023-09-14, rev 0xd0003d1, size 307200
    sig 0x000606c1, pf_mask 0x10, 2023-12-05, rev 0x1000290, size 299008
    sig 0x000706a1, pf_mask 0x01, 2023-08-25, rev 0x0040, size 76800
    sig 0x000706a8, pf_mask 0x01, 2023-08-25, rev 0x0024, size 76800
    sig 0x000706e5, pf_mask 0x80, 2023-09-14, rev 0x00c4, size 114688
    sig 0x000806c1, pf_mask 0x80, 2023-09-13, rev 0x00b6, size 111616
    sig 0x000806c2, pf_mask 0xc2, 2023-09-13, rev 0x0036, size 98304
    sig 0x000806d1, pf_mask 0xc2, 2023-09-13, rev 0x0050, size 104448
    sig 0x000806ec, pf_mask 0x94, 2023-07-16, rev 0x00fa, size 106496
    sig 0x000806f8, pf_mask 0x87, 2024-01-03, rev 0x2b000590, size 579584
    sig 0x000806f7, pf_mask 0x87, 2024-01-03, rev 0x2b000590
    sig 0x000806f6, pf_mask 0x87, 2024-01-03, rev 0x2b000590
    sig 0x000806f5, pf_mask 0x87, 2024-01-03, rev 0x2b000590
    sig 0x000806f4, pf_mask 0x87, 2024-01-03, rev 0x2b000590
    sig 0x00090661, pf_mask 0x01, 2023-09-26, rev 0x0019, size 20480
    sig 0x00090672, pf_mask 0x07, 2023-09-19, rev 0x0034, size 224256
    sig 0x00090675, pf_mask 0x07, 2023-09-19, rev 0x0034
    sig 0x000b06f2, pf_mask 0x07, 2023-09-19, rev 0x0034
    sig 0x000b06f5, pf_mask 0x07, 2023-09-19, rev 0x0034
    sig 0x000906a3, pf_mask 0x80, 2023-09-19, rev 0x0432, size 222208
    sig 0x000906a4, pf_mask 0x80, 2023-09-19, rev 0x0432
    sig 0x000906c0, pf_mask 0x01, 2023-09-26, rev 0x24000026, size 20480
    sig 0x000906e9, pf_mask 0x2a, 2023-09-28, rev 0x00f8, size 108544
    sig 0x000906ea, pf_mask 0x22, 2023-07-26, rev 0x00f6, size 105472
    sig 0x000906ec, pf_mask 0x22, 2023-07-26, rev 0x00f6, size 106496
    sig 0x000906ed, pf_mask 0x22, 2023-07-27, rev 0x00fc, size 106496
    sig 0x000a0652, pf_mask 0x20, 2023-07-16, rev 0x00fa, size 97280
    sig 0x000a0653, pf_mask 0x22, 2023-07-16, rev 0x00fa, size 97280
    sig 0x000a0655, pf_mask 0x22, 2023-07-16, rev 0x00fa, size 97280
    sig 0x000a0660, pf_mask 0x80, 2023-07-16, rev 0x00fa, size 97280
    sig 0x000a0661, pf_mask 0x80, 2023-07-16, rev 0x00fa, size 96256
    sig 0x000a0671, pf_mask 0x02, 2023-09-14, rev 0x005e, size 108544
    sig 0x000b0671, pf_mask 0x32, 2023-12-14, rev 0x0122, size 215040
    sig 0x000b06a2, pf_mask 0xe0, 2023-12-07, rev 0x4121, size 220160
    sig 0x000b06a3, pf_mask 0xe0, 2023-12-07, rev 0x4121
    sig 0x000b06e0, pf_mask 0x11, 2023-09-25, rev 0x0015, size 138240
  * New microcodes:
    sig 0x000a06a4, pf_mask 0xe6, 2024-01-03, rev 0x001c, size 136192
    sig 0x000b06a8, pf_mask 0xe0, 2023-12-07, rev 0x4121, size 220160
    sig 0x000c06f2, pf_mask 0x87, 2023-11-20, rev 0x21000200, size 549888
    sig 0x000c06f1, pf_mask 0x87, 2023-11-20, rev 0x21000200
  * source: update symlinks to reflect id of the latest release, 20240312
  * changelog, debian/changelog: fix typos

 -- Henrique de Moraes Holschuh <hmh@debian.org>  Tue, 12 Mar 2024 20:28:17 -0300

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
(cherry picked from commit 7b911a9c49)
2024-03-16 00:42:38 +01:00
Christian Lamparter
e0bae5e5fe firmware: intel-microcode: update to 20231114
Debian changelog:

intel-microcode (3.20231114.1) unstable; urgency=medium

  * New upstream microcode datafile 20231114 (closes: #1055962)
    Mitigations for "reptar", INTEL-SA-00950 (CVE-2023-23583)
    Sequence of processor instructions leads to unexpected behavior for some
    Intel(R) Processors, may allow an authenticated user to potentially enable
    escalation of privilege and/or information disclosure and/or denial of
    service via local access.
    Note: "retvar" on 4th gen Xeon Scalable (sig 0x806f8 pfm 0x87), 12th gen
    Core mobile (sig 0x906a4 pfm 0x80), 13th gen Core desktop (sig 0xb0671 pfm
    0x01) were already mitigated by a previous microcode update.
  * Fixes for unspecified functional issues
  * Updated microcodes:
    sig 0x000606a6, pf_mask 0x87, 2023-09-01, rev 0xd0003b9, size 299008
    sig 0x000606c1, pf_mask 0x10, 2023-09-08, rev 0x1000268, size 290816
    sig 0x000706e5, pf_mask 0x80, 2023-09-03, rev 0x00c2, size 113664
    sig 0x000806c1, pf_mask 0x80, 2023-09-07, rev 0x00b4, size 111616
    sig 0x000806c2, pf_mask 0xc2, 2023-09-07, rev 0x0034, size 98304
    sig 0x000806d1, pf_mask 0xc2, 2023-09-07, rev 0x004e, size 104448
    sig 0x000806f8, pf_mask 0x87, 2023-06-16, rev 0x2b0004d0, size 572416
    sig 0x000806f8, pf_mask 0x87, 2023-06-16, rev 0x2b0004d0
    sig 0x000806f7, pf_mask 0x87, 2023-06-16, rev 0x2b0004d0
    sig 0x000806f6, pf_mask 0x87, 2023-06-16, rev 0x2b0004d0
    sig 0x000806f5, pf_mask 0x87, 2023-06-16, rev 0x2b0004d0
    sig 0x000806f4, pf_mask 0x87, 2023-06-16, rev 0x2b0004d0
    sig 0x000806f8, pf_mask 0x10, 2023-06-26, rev 0x2c000290, size 605184
    sig 0x000806f8, pf_mask 0x10, 2023-06-26, rev 0x2c000290
    sig 0x000806f6, pf_mask 0x10, 2023-06-26, rev 0x2c000290
    sig 0x000806f5, pf_mask 0x10, 2023-06-26, rev 0x2c000290
    sig 0x000806f4, pf_mask 0x10, 2023-06-26, rev 0x2c000290
    sig 0x00090672, pf_mask 0x07, 2023-06-07, rev 0x0032, size 222208
    sig 0x00090672, pf_mask 0x07, 2023-06-07, rev 0x0032
    sig 0x00090675, pf_mask 0x07, 2023-06-07, rev 0x0032
    sig 0x000b06f2, pf_mask 0x07, 2023-06-07, rev 0x0032
    sig 0x000b06f5, pf_mask 0x07, 2023-06-07, rev 0x0032
    sig 0x000906a3, pf_mask 0x80, 2023-06-07, rev 0x0430, size 220160
    sig 0x000906a3, pf_mask 0x80, 2023-06-07, rev 0x0430
    sig 0x000906a4, pf_mask 0x80, 2023-06-07, rev 0x0430
    sig 0x000906a4, pf_mask 0x40, 2023-05-05, rev 0x0005, size 117760
    sig 0x000a0671, pf_mask 0x02, 2023-09-03, rev 0x005d, size 104448
    sig 0x000b0671, pf_mask 0x32, 2023-08-29, rev 0x011d, size 210944
    sig 0x000b06a2, pf_mask 0xe0, 2023-08-30, rev 0x411c, size 216064
    sig 0x000b06a2, pf_mask 0xe0, 2023-08-30, rev 0x411c
    sig 0x000b06a3, pf_mask 0xe0, 2023-08-30, rev 0x411c
    sig 0x000b06e0, pf_mask 0x11, 2023-06-26, rev 0x0012, size 136192
  * Updated 2023-08-08 changelog entry:
    Mitigations for "retvar" on a few processors, refer to the 2023-11-14
    entry for details.  This information was disclosed in 2023-11-14.
  * source: update symlinks to reflect id of the latest release, 20231114

 -- Henrique de Moraes Holschuh <hmh@debian.org>  Thu, 16 Nov 2023 08:09:43 -0300

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
(cherry picked from commit 7241a91c94)
2024-03-16 00:42:38 +01:00
Konstantin Demin
6549a711be dropbear: cherry-pick upstream patches
critical fixes:
- libtommath: possible integer overflow (CVE-2023-36328)
- implement Strict KEX mode (CVE-2023-48795)

various fixes:
- fix DROPBEAR_DSS and DROPBEAR_RSA config options
- y2038 issues
- remove SO_LINGER socket option
- make banner reading failure non-fatal
- fix "noremotetcp" behavior
- don't try to shutdown a pty
- fix test for multiuser kernels

adds new features:
- option to bind to interface
- allow inetd with non-syslog
- ignore unsupported command line options with dropbearkey

Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
(cherry picked from commit b5cde26048)
[Only add the patches fixing security problems]
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Tested-by: Stijn Segers <foss@volatilesystems.org>
2024-03-15 23:53:01 +01:00
Patryk Kowalczyk
6961fe98ec mediatek: filogic: Asus TUF AX6000 fix inverted LED for 2.5Gb LAN port
Router Asus TUF AX6000 have second MaxLinear GPY211 PHY controller for 2.5Gb LAN port.
The 5'th LAN port have inverted status of the LED.
Based on the commit from main branch 90fbec8 we could set proper status of the LED.

Signed-off-by: Patryk Kowalczyk <patryk@kowalczyk.ws>
(cherry picked from commit b22539b5fe)
Signed-off-by: Tom Herbers <mail@tomherbers.de>
2024-03-15 23:28:14 +01:00
Daniel Golle
5c786dcb2b kernel: hack: support inverted LEDs on MaxLinear GPY211 PHY
Add downstream DT property to setup the PHY LEDs of the MaxLinear
GPY211 PHY in such way that the VDD of the LED is driven by the SoC
pin rather than the GND (which is the default).

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit 90fbec89be)
[removed patches for kernel 6.1]
Signed-off-by: Tom Herbers <mail@tomherbers.de>
2024-03-15 23:28:14 +01:00
Patryk Kowalczyk
b3ad42e1e3 filogic: fix wifi eeprom filename for tuf-ax6000 The router use mt7986_eeprom_mt7976_dual.bin
Fixes: d522ccecb2 ("filogic: add support for ASUS TUF AX6000")

Signed-off-by: Patryk Kowalczyk <patryk@kowalczyk.ws>
(cherry picked from commit 0c3f4bd85e)
Signed-off-by: Tom Herbers <mail@tomherbers.de>
2024-03-15 23:28:14 +01:00
Mikhail Zhilkin
200693f886 ramips: add support for Z-ROUTER ZR-2660
This commit adds support for Z-ROUTER ZR-2660 (also known as Routerich
AX1800) wireless WiFi 6 router.

Specification
-------------
- SoC       : MediaTek MT7621AT, MIPS, 880 MHz
- RAM       : 256 MiB
- Flash     : NAND 128 MiB (AMD/Spansion S34ML01G2)
- WLAN      :
  - 2.4 GHz : MediaTek MT7905D/MT7975 (14c3:7916), b/g/n/ax, MIMO 2x2
  - 5 GHz   : MediaTek MT7915E (14c3:7915), a/n/ac/ax, MIMO 2x2
- Ethernet  : 10/100/1000 Mbps x4 (1x WAN, 3x LAN)
- USB       : 1x 2.0
- UART      : 3.3V, 115200n8, pins are silkscreened on the pcb
- Buttons   : 1x Reset
- LEDs      : 1x WiFi 2.4 GHz (green)
              1x WiFi 5 GHz (green)
              1x LAN (green)
              1x WAN (green)
              1x WAN no-internet (red)
- Power     : 12 VDC, 1 A

Installation
------------
1. Run tftp server on your PC (IP: 192.168.2.2) and put OpenWrt initramfs
   image (initramfs.bin) to the tftp root dir
2. Open the following link in the browser to enable telnet:
	http://192.168.2.1/cgi-bin/telnet_ssh
3. Connect to the router (default IP: 192.168.2.1) using telnet shell
   (credentials - user:admin)
4. Run the following commands in the telnet shell (this will install
   OpenWrt initramfs image on nand flash):
	cd /tmp
	tftp -g -r initramfs.bin 192.168.2.2
	mtd write initramfs.bin firmware
	mtd erase firmware_backup
	reboot
5. Copy OpenWrt sysupgrade image (sysupgrade.bin) to the /tmp dir of the
   router
6. Connect to the router (IP: 192.168.1.1) using ssh shell and run
   sysupgrade command:
	sysupgrade -n /tmp/sysupgrade.bin

Return to stock
---------------
1. Copy stock firmware (stock.bin) to the /tmp dir of the router using scp
2. Run following command in the router shell:
	cd /tmp
	mtd write stock.bin firmware
	reboot

Recovery
--------
Connect uart (pins are silkscreened on the pcb), interrupt boot process by
pressing any key, use u-boot menu to flash stock firmware image or OpenWrt
initramfs image.

MAC addresses
-------------
+---------+-------------------+-----------+
|         | MAC               | Algorithm |
+---------+-------------------+-----------+
| LAN     | 24:0f:5e:xx:xx:4c | label     |
| WAN     | 24:0f:5e:xx:xx:4d | label+1   |
| WLAN 2g | 24:0f:5e:xx:xx:4e | label+2   |
| WLAN 5g | 24:0f:5e:xx:xx:4f | label+3   |
+---------+-------------------+-----------+
The WLAN 2.4 MAC was found in 'factory', 0x4
The LAN MAC was found in 'factory', 0xfff4
The WAN MAC was found in 'factory', 0xfffa

Signed-off-by: Mikhail Zhilkin <csharper2005@gmail.com>
(cherry picked from commit 1d3d6ef826)
Signed-off-by: Mikhail Zhilkin <csharper2005@gmail.com>
2024-03-15 23:24:13 +01:00
Daniel Golle
82e2d3478a generic: mtk_eth_soc: fix PPE hanging issue
A patch to resolve an issue was found in MediaTek's GPL-licensed SDK:
In the mtk_ppe_stop() function, the PPE scan mode is not disabled before
disabling the PPE. This can potentially lead to a hang during the process
of disabling the PPE.

Without this patch, the PPE may experience a hang during the reboot test.

Reference: b40da332df

Suggested-by: Bc-bocun Chen <bc-bocun.chen@mediatek.com>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit 003b9ff61c)
2024-03-14 02:33:26 +00:00
Daniel Golle
83e37f71fa generic: 5.15: mtk_eth_soc: backport fix for hang on link up
Backport commit faa5f17fe2 ("kernel: mtk_eth_soc: release
MAC_MCR_FORCE_LINK only when MAC is up") to Linux 5.15 as well.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit 33d6ba5045)
2024-03-14 02:33:26 +00:00
Nicolò Veronese
02272df01c uboot-envtools: add support for Zyxel EX5601-T0 ubootmod
The ubootmod bootlaoder for EX5601-T0 uses two partitions
 in ubi to store enviroment variables. so proper config
 is needed.

Signed-off-by: Nicolò Veronese <nicveronese@gmail.com>
(cherry picked from commit 2a0805fd3d)
2024-03-12 23:13:38 +01:00
Valerio 'ftp21' Mancini
401d8c7051 uboot-mediatek: add initial Zyxel EX5601-T0 support
Flash procedure is described in next commit.

TLDR:
Copy preloader and uboot to /tmp and write them in the mtd.
This will also require new UBI partition and
 volumes to boot openwrt.

mtd write /tmp/openwrt-mediatek-filogic-zyxel_ex5601-t0-ubootmod-preloader.bin bl2
mtd write /tmp/openwrt-mediatek-filogic-zyxel_ex5601-t0-ubootmod-bl31-uboot.fip fip

Changelist:
 - Added profile for 4k+256 SPI NAND_TYPE
 - Added basic Zyxel EX5601-T0 uboot profile

Backported from hitech95 branch:
 - Button RESET pin fix
 - Button WPS pin fix

Signed-off-by: Valerio 'ftp21' Mancini <ftp21@ftp21.eu>
Signed-off-by: Nicolò Veronese <nicveronese@gmail.com>
(cherry picked from commit a9cf87027e)
2024-03-12 22:58:06 +01:00
Daniel Golle
63a7d5e937 ramips: add support for YunCore G720
The YunCore G720 is a dual band 802.11ax router with 5 GbE ports.

Specs:
- SoC: MediaTek MT7621
- Ethernet: 5x GbE ports (built-in MT7530)
- Wireless 2.4GHz / 5GHz: MediaTek MT7915E
- RAM: 256MiB
- ROM: 16MiB (W25Q128)
- 1 Button (reset)
- 8 LEDs (1x system, 2x wifi, 5x switch ports)

Flash instructions:
The vendor firmware is based on OpenWrt, the sysupgrade image can be
flashed using the '-F' (force) option on the CLI.
Make sure not to keep settings when doing so.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit 65df33fc76)
2024-03-12 18:45:25 +00:00
Darlan Pedro de Campos
1562847cde ramips: add support for TP-Link EX220 v1
This device is very similar, if not identical, to the TP-Link AX23 v1
but is targeted at service providers and features a completely different
flash layout.

Hardware
--------

CPU:    MediaTek MT7621 DAT
RAM:    128MB DDR3 (integrated)
FLASH:  16MB SPI-NOR
WiFi:   MediaTek MT7905 + MT7975 (2.4 / 5 DBDC) 802.11ax
SERIAL: 115200 8N1
        LEDs - (3V3 - GND - RX - TX) - ETH ports

Installation
------------

Flashing is only possible via a serial connection using the sysupgrade
image; the factory image must be signed. You can flash the sysupgrade
image directly through the U-Boot console, or preferably, by booting the
initramfs image and flashing with the sysupgrade command. Follow these
steps for sysupgrade flashing:

1. Establish a UART serial connection.
2. Set up a TFTP server at 192.168.0.2 and copy the initramfs image
   there.
3. Power on the device and press any key to interrupt normal boot.
4. Load the initramfs image using tftpboot.
5. Boot with bootm.
6. If you haven't done so already, back up all stock mtd partitions.
7. Copy the sysupgrade image to the router.
8. Flash OpenWrt through either LuCI or the sysupgrade command. Remember
   not to attempt saving settings.

Revert to stock firmware
------------------------

Flash stock firmware via OEM web-recovery mode. If you don't have access
to the stock firmware image, you will need to restore the firmware
partition backed up earlier.

Web-Recovery
------------

The router supports an HTTP recovery mode:

1. Turn off the router.
2. Press the reset button and power on the device.
3. When all LEDs start flashing, release reset and quickly press it
   again.

The interface is reachable at 192.168.0.1 and supports installation of
the OEM factory image. Note that flashing OpenWrt this way is not
possible, as mentioned above.

Signed-off-by: Darlan Pedro de Campos <darlanpedro@gmail.com>
(cherry picked from commit 2a0c9cc8cd)
2024-03-12 18:45:22 +00:00
Filip Milivojevic
1bbb94df96 ramips: Add support for Cudy WR1300 v3
Specifications:
 - SoC: MediaTek MT7621AT
 - RAM: 128 MB (DDR3)
 - Flash: 16 MB (SPI NOR)
 - WiFi: MediaTek MT7603E, MediaTek MT7613BE
 - Switch: 1 WAN, 4 LAN (Gigabit)
 - Buttons: Reset, WPS
 - LEDs: System, Wan, Lan 1-4, WiFi 2.4G, WiFi 5G, WPS
 - Power: DC 12V 1A tip positive

Download and flash the manufacturer's built OpenWRT image available at
http://www.cudytech.com/openwrt_software_download
Install the new OpenWRT image via luci (System -> Backup/Flash firmware)
Be sure to NOT keep settings. The force upgrade may need to be checked
due to differences in router naming conventions.

Cudy WR1300 v3 differs from v2 only in swapped WiFi chip PCIe slots. Common
nodes are extracted to .dtsi and new v2 and v3 dts are created.

Cudy WR1300 v2 dts now contains ieee80211-freq-limit.

The same manufacturer's built OpenWRT image is provided for both v2 and v3
devices as a step in installing, but for proper WiFi functionality,
a separate build is required.

Recovery:
 - Loads only signed manufacture firmware due to bootloader RSA verification
 - serve tftp-recovery image as /recovery.bin on 192.168.1.88/24
 - connect to any lan ethernet port
 - power on the device while holding the reset button
 - wait at least 8 seconds before releasing reset button for image to
   download
 - See http://www.cudytech.com/newsinfo/547425.html

Backported from branch main to 23.05.

Signed-off-by: Filip Milivojevic <zekica@gmail.com>
(cherry picked from commit 288738c59d)
2024-03-11 22:14:34 +01:00