Marvell mv88e6xxx switch series cannot perform MAC learning from
CPU-injected (FROM_CPU) DSA frames, which results in 2 issues.
- excessive flooding, due to the fact that DSA treats those addresses
as unknown
- the risk of stale routes, which can lead to temporary packet loss
Backport those patch series from netdev mailing list, which solve these
issues by adding and clearing static entries to the switch's FDB.
Add a hack patch to set default VID to 1 in port_fdb_{add,del}. Otherwise
the static entries will be added to the switch's private FDB if VLAN
filtering disabled, which will not work.
The switch may generate an "ATU violation" warning when a client moves
from the CPU port to a switch port because the static ATU entry added by
DSA core still points to the CPU port. DSA core will then clear the static
entry so it is not fatal. Disable the warning so it will not confuse users.
Link: https://lore.kernel.org/netdev/20210106095136.224739-1-olteanv@gmail.com/
Link: https://lore.kernel.org/netdev/20210116012515.3152-1-tobias@waldekranz.com/
Ref: https://gitlab.nic.cz/turris/turris-build/-/issues/165
Signed-off-by: DENG Qingfang <dqfext@gmail.com>
(cherry picked from commit 920eaab1d8)
Rather than using the clunky, old, slower wireguard-linux-compat out of
tree module, this commit does a patch-by-patch backport of upstream's
wireguard to 5.4. This specific backport is in widespread use, being
part of SUSE's enterprise kernel, Oracle's enterprise kernel, Google's
Android kernel, Gentoo's distro kernel, and probably more I've forgotten
about. It's definately the "more proper" way of adding wireguard to a
kernel than the ugly compat.h hell of the wireguard-linux-compat repo.
And most importantly for OpenWRT, it allows using the same module
configuration code for 5.10 as for 5.4, with no need for bifurcation.
These patches are from the backport tree which is maintained in the
open here: https://git.zx2c4.com/wireguard-linux/log/?h=backport-5.4.y
I'll be sending PRs to update this as needed.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
(cherry picked from commit 3888fa7880)
(cherry picked from commit d540725871)
(cherry picked from commit 196f3d586f)
(cherry picked from commit 3500fd7938)
(cherry picked from commit 23b801d3ba)
(cherry picked from commit 0c0cb97da7)
(cherry picked from commit 2a27f6f90a)
Signed-off-by: Ilya Lipnitskiy <ilya.lipnitskiy@gmail.com>
1. Use upstream accepted NVMEM patches
2. Minor fix for BCM4908 partitioning
3. Support for Linksys firmware partitions on Northstar
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit 3fd0a4222b)
Backport upstream patch that fixes TRGMII mode now that mt7530 is
actually resetting the switch on ramips devices.
Patches apply to both Linux 5.4 and 5.10, since TRGMII is broken on both.
Fixes: 69551a2442 ("ramips: manage low reset lines")
Signed-off-by: Ilya Lipnitskiy <ilya.lipnitskiy@gmail.com>
(cherry picked from commit 680f91d0e5)
Refactoring of bcm47xx_nvram driver. It's used by bcm47xx and bcm53xx.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit 1c48eee5b2)
It's meant to provide upstream support for mtd & NVMEM. It's required
e.g. for reading MAC address from mtd partition content. It seems to be
in a final shape so it's worth testing.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit e90e75b12c)
Refreshed all patches.
The following patches were applied upstream:
* 755-v5.8-net-dsa-add-GRO-support-via-gro_cells.patch
* 831-v5.9-usbip-tools-fix-build-error-for-multiple-definition.patch
Compile-tested on: x86_64, ipq40xx, ath79
Runtime-tested on: x86_64, ipq40xx, ath79
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
From the original commit message:
"With GCC 10, building usbip triggers error for multiple definition
of 'udev_context', in:
- libsrc/vhci_driver.c:18 and
- libsrc/usbip_host_common.c:27.
Declare as extern the definition in libsrc/usbip_host_common.c."
Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
(cherry picked from commit 0eef8402ee)
Ran update_kernel.sh in a fresh clone without any existing toolchains.
No manual changes needed.
Build system: x86_64
Build-tested: bcm27xx/bcm2711
Signed-off-by: John Audia <graysky@archlinux.us>
(cherry-picked from commit 5d3a6fd970)
This adds quirks support to the "ofpart" parser. It's required to
support fixed partitions that require some extra logic.
Right now only BCM4908 binding is supported (BCM4908 requires detecting
currently used "firmware" partition).
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
1. It's useful for developing & validating DTS files inside OpenWrt
2. This will allow backporting later changes that depend on it
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Removed since included upstream and could be reverse-applied by quilt:
backport-5.4/315-v5.10-usbnet-ipeth-fix-connectivity-with-ios-14.patch
Remaining modifications made by update_kernel.sh
Build system: x86_64
Build-tested: ipq806x/R7800, ath79/generic, bcm27xx/bcm2711
Run-tested: ipq806x/R7800
No dmesg regressions, everything functional
Signed-off-by: John Audia <graysky@archlinux.us>
Tested-by: Curtis Deptuck <curtdept@me.com> [build/run x86_64]
All modifications made by update_kernel.sh/no human intervention needed
Build system: x86_64
Build-tested: ipq806x/R7800, ath79/generic, bcm27xx/bcm2711
Run-tested: ipq806x/R7800
No dmesg regressions, everything functional
Signed-off-by: John Audia <graysky@archlinux.us>
[another refresh]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
This fixes tethering with devices using iOS 14. Prior to this patch,
connections to remote endpoints were not possible while data transfers
between the OpenWrt device and the iOS endpoints worked fine.
Signed-off-by: David Bauer <mail@david-bauer.net>
Removed since could be reverse-applied by quilt and found to be
included upstream:
backport-5.4/789-net-usb-qmi_wwan-Set-DTR-quirk-for-MR400.patch
All modifications made by update_kernel.sh
Build system: x86_64
Build-tested: ipq806x/R7800, bcm27xx/bcm2711, ath79/generic
Run-tested: ipq806x/R7800
No dmesg regressions, everything functional
Signed-off-by: John Audia <graysky@archlinux.us>
Tested-by: Curtis Deptuck <curtdept@me.com> [x86_64 build/run]
Manually rebased patches:
ath79/patches-5.4/910-unaligned_access_hacks.patch
bcm27xx/patches-5.4/950-0135-spi-spi-bcm2835-Disable-forced-software-CS.patch
bcm27xx/patches-5.4/950-0414-SQUASH-Fix-spi-driver-compiler-warnings.patch
ipq806x/patches-5.4/093-4-v5.8-ipq806x-PCI-qcom-Use-bulk-clk-api-and-assert-on-error.patch
Removed since could be reverse-applied by quilt and found to be included upstream:
ipq806x/patches-5.4/096-PCI-qcom-Make-sure-PCIe-is-reset-before-init-for-rev.patch
All modifications made by update_kernel.sh
Build system: x86_64
Build-tested: ipq806x/R7800, ath79/generic, bcm27xx/bcm2711
Run-tested: ipq806x/R7800
No dmesg regressions, everything functional
Signed-off-by: John Audia <graysky@archlinux.us>
[refresh altered targets after rebase]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
All modifications made by update_kernel.sh
Build system: x86_64
Build-tested: ipq806x, ath79/generic, bcm72xx/bcm2711
Run-tested: ipq806x (R7800)
No dmesg regressions, everything functional
Signed-off-by: John Audia <graysky@archlinux.us>
Backport upstream changes to initialize GDM settings and reset PPE
Allow GMAC to recognize the special tag to fix PPE packet parsing
Improve GRO performance by passing PPE L4 hash as skb hash
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Manually merged:
hack-5.4
230-openwrt_lzma_options.patch
bcm27xx
950-0283-hid-usb-Add-device-quirks-for-Freeway-Airmouse-T3-an.patch
x86
011-tune_lzma_options.patch
Remove upstreamed patches in collaboration with Ansuel Smith:
ipq806x
093-1-v5.8-ipq806x-PCI-qcom-Add-missing-ipq806x-clocks-in-PCIe-driver.patch
093-2-v5.8-ipq806x-PCI-qcom-Change-duplicate-PCI-reset-to-phy-reset.patch
093-3-v5.8-ipq806x-PCI-qcom-Add-missing-reset-for-ipq806x.patch
All other modifications made by update_kernel.sh
Build-tested: bcm27xx/bcm2708, ipq806x, x86/64
Run-tested: ipq806x (R7800), x86/64
No dmesg regressions, everything functional
Signed-off-by: John Audia <graysky@archlinux.us>
[update commit message/tested]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
These upstream patches makes the RTL8366RB DSA switch work
properly with OpenWrt, the D-Link DIR-685 gets network and
can be used as a router, and the same should be applicable
for any other device that want to enable the RTL8366RB
through Device Tree.
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
This PR is a blend of several kernel bumps authored by ldir taken from his
staging tree w/ some further adjustments made by me and update_kernel.sh
Summary:
Deleted upstreamed patches:
generic:
742-v5.5-net-sfp-add-support-for-module-quirks.patch
743-v5.5-net-sfp-add-some-quirks-for-GPON-modules.patch
bcm63xx:
022-v5.8-mtd-rawnand-brcmnand-correctly-verify-erased-pages.patch
024-v5.8-mtd-rawnand-brcmnand-fix-CS0-layout.patch
mediatek:
0402-net-ethernet-mtk_eth_soc-Always-call-mtk_gmac0_rgmii.patch
Deleted patches applied differently upstream:
generic:
641-sch_cake-fix-IP-protocol-handling-in-the-presence-of.patch
Manually merged patches:
generic:
395-v5.8-net-sch_cake-Take-advantage-of-skb-hash-where-appropriate.patch
bcm27xx:
950-0132-lan78xx-Debounce-link-events-to-minimize-poll-storm.patch
layerscape:
701-net-0231-enetc-Use-DT-protocol-information-to-set-up-the-port.patch
Build system: x86_64
Build-tested: ath79/generic, bcm27xx/bcm2708, bcm27xx/bcm2711,
imx6, mvebu/cortexa9, sunxi/a53
Run-tested: Netgear R7800 (ipq806x)
No dmesg regressions, everything functional
Signed-off-by: John Audia <graysky@archlinux.us>
Tested-By: Lucian Cristian <Lucian.cristian@gmail.com> [mvebu]
Tested-By: Curtis Deptuck <curtdept@me.com> [x86/64]
[do not remove 395-v5.8-net-sch_cake-Take-advantage-... patch,
adjust and refresh patches, adjust commit message]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Tested-By: John Audia <graysky@archlinux.us> [ipq806x]
The malta subtargets for mips64 and mips64el fail to start the init process
at boot, resulting in a boot loop. The issue was raised and analyzed within
FS#3277. Investigation suggested code near the [vdso] memory area of the
process was long jumping into a region inaccessible to the process, e.g.
init: - preinit -
init: Launched preinit instance, pid=522
do_page_fault(): sending SIGSEGV to init for invalid read access from 0000000000000360
epc = 0000000000000360 in init[aaab42b000+4000]
ra = 000000fffee385e0 in
Kernel panic - not syncing: Attempted to kill init! exitcode=0x0000000b
Rebooting in 1 seconds..
Note the low-memory read access and epc are the same. Upstream kernel 5.6
included a relevant patch and discussion:
* d3f703c4359f ("mips: vdso: fix 'jalr t9' crash in vdso code")
Disassembly of the failing kernel's vdso.so confirmed presence of the
telltale long jumps, e.g.:
00000000000007c0 <__vdso_clock_getres@@LINUX_2.6>:
[...]
7dc: 0320f809 jalr t9
[...]
Restore booting mips64/mips64el malta by backporting the above commit:
* 310-v5.6-mips-vdso-fix-jalr-t9-crash-in-vdso-code.patch
Fixes: 54310a3aa0 ("malta: add kernel 5.4 config")
Fixes: FS#3277
Ref: https://bugs.openwrt.org/index.php?do=details&task_id=3277
Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
Kernel v5.1 included an eBPF JIT for MIPS32 kernels, but problems were
discovered [1] and the changes later reverted in kernel v5.5 with commits:
* f8fffebdea75 ("MIPS: BPF: Disable MIPS32 eBPF JIT")
* 36366e367ee9 ("MIPS: BPF: Restore MIPS32 cBPF JIT")
Only the first of these was backported to LTS kernel 5.4, leaving cBPF
programs without a JIT and introducing a performance regression for any
such users e.g. libpcap, tcpdump, etc.
Restore cBPF performance by backporting the second commit above:
* 070-v5.5-MIPS-BPF-Restore-MIPS32-cBPF-JIT.patch
[1] https://lore.kernel.org/bpf/20191205182318.2761605-1-paulburton@kernel.org/
Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
From upstream:
b8392808eb3f sch_cake: add RFC 8622 LE PHB support to CAKE diffserv handling
3f608f0c4136 sch_cake: fix a few style nits
8c95eca0bb8c sch_cake: don't call diffserv parsing code when it is not needed
9208d2863ac6 sch_cake: don't try to reallocate or unshare skb unconditionally
From netdev not yet accepted:
sch_cake: fix IP protocol handling in the presence of VLAN tags
The VLAN tag handling is actually wider than just cake so upstream are
working out how to fix it generically. We fix it here just for cake.
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
This was backported to 4.19 and I clearly expected it to land in 5.4 but
it didn't (5.5) so backport it to 5.4 for consistency.
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Backport upstream patches that make drivers/spi/spi-rb4xx.c device tree
aware, plus a null pointer fix.
Signed-off-by: Christopher Hill <ch6574@gmail.com>
While the other fq-based qdiscs take advantage of skb->hash and doesn't
recompute it if it is already set, sch_cake does not.
This was a deliberate choice because sch_cake hashes various parts of the
packet header to support its advanced flow isolation modes. However,
foregoing the use of skb->hash entirely loses a few important benefits:
- When skb->hash is set by hardware, a few CPU cycles can be saved by not
hashing again in software.
- Tunnel encapsulations will generally preserve the value of skb->hash from
before the encapsulation, which allows flow-based qdiscs to distinguish
between flows even though the outer packet header no longer has flow
information.
It turns out that we can preserve these desirable properties in many cases,
while still supporting the advanced flow isolation properties of sch_cake.
This patch does so by reusing the skb->hash value as the flow_hash part of
the hashing procedure in cake_hash() only in the following conditions:
- If the skb->hash is marked as covering the flow headers (skb->l4_hash is
set)
AND
- NAT header rewriting is either disabled, or did not change any values
used for hashing. The latter is important to match local-origin packets
such as those of a tunnel endpoint.
The immediate motivation for fixing this was the recent patch to WireGuard
to preserve the skb->hash on encapsulation. As such, this is also what I
tested against; with this patch, added latency under load for competing
flows drops from ~8 ms to sub-1ms on an RRUL test over a WireGuard tunnel
going through a virtual link shaped to 1Gbps using sch_cake. This matches
the results we saw with a similar setup using sch_fq_codel when testing the
WireGuard patch.
Fixes: 046f6fd5daef ("sched: Add Common Applications Kept Enhanced (cake) qdisc")
Signed-off-by: Toke Høiland-Jørgensen <toke@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
When a client moves from a DSA user port to a software port in a bridge,
it cannot reach any other clients that connected to the DSA user ports.
That is because SA learning on the CPU port is disabled, so the switch
ignores the client's frames from the CPU port and still thinks it is at
the user port.
Fix it by enabling SA learning on the CPU port.
To prevent the switch from learning from flooding frames from the CPU
port, set skb->offload_fwd_mark to 1 for unicast and broadcast frames,
and let the switch flood them instead of trapping to the CPU port.
Multicast frames still need to be trapped to the CPU port for snooping,
so set the SA_DIS bit of the MTK tag to 1 when transmitting those frames
to disable SA learning.
Signed-off-by: DENG Qingfang <dengqf6@mail2.sysu.edu.cn>
Currently enabling VLAN filtering blocks all traffic in the bridge
immediately. That is because DSA ignores all VLAN setup when VLAN
filtering is disabled, and when it is enabled, there is no VLAN entry
in the VLAN table, causing all traffic to be blocked.
Add patches to allow VLAN setup even if VLAN filtering is disabled.
Signed-off-by: DENG Qingfang <dengqf6@mail2.sysu.edu.cn>
Currently, setting a bridge's self PVID to other value and deleting
the default VID 1 renders untagged ports of that VLAN unable to talk to
the CPU port:
bridge vlan add dev br0 vid 2 pvid untagged self
bridge vlan del dev br0 vid 1 self
bridge vlan add dev sw0p0 vid 2 pvid untagged
bridge vlan del dev sw0p0 vid 1
# br0 cannot send untagged frames out of sw0p0 anymore
That is because the CPU port is set to security mode and its PVID is
still 1, and untagged frames are dropped due to VLAN member violation.
Set the CPU port to fallback mode so untagged frames can pass through.
Signed-off-by: DENG Qingfang <dengqf6@mail2.sysu.edu.cn>