This release of Mbed TLS provides bug fixes and minor enhancements. This
release includes fixes for following security issues:
* Timing side channel in private key RSA operations (CVE-2024-23170)
Mbed TLS is vulnerable to a timing side channel in private key RSA
operations. This side channel could be sufficient for an attacker to
recover the plaintext. A local attacker or a remote attacker who is
close to the victim on the network might have precise enough timing
measurements to exploit this. It requires the attacker to send a large
number of messages for decryption.
* Buffer overflow in mbedtls_x509_set_extension() (CVE-2024-23775)
When writing x509 extensions we failed to validate inputs passed in to
mbedtls_x509_set_extension(), which could result in an integer overflow,
causing a zero-length buffer to be allocated to hold the extension. The
extension would then be copied into the buffer, causing a heap buffer
overflow.
Fixes: CVE-2024-23170, CVE-2024-23775
References: https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2024-01-1/
References: https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2024-01-2/
Signed-off-by: orangepizza <tjtncks@gmail.com>
Signed-off-by: Petr Štetiar <ynezz@true.cz> [formal fixes]
Switch to qca8081 upstream PHY. Update every device that have LEDs
attached to the qca8081 PHY to follow new way of defining the LEDs and
add original OEM configuration.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Disable compiling qca8081 PHY driver in favor of upstream to better
support it and add better control of attached LEDs.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Backport upstream patch adding more speed modes to LED netdev trigger.
Fixes: 2c39269b6e ("generic: 6.1: backport qca808x LED support patch")
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Backport qca808x LED support patch merged upstream needed to drop
handling of it from the SSDK for ipq807x target.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Completely disable dump_survey code on ARCH_BCM2835 to fix defined but not
used warning.
512b762ddb (commitcomment-137899352)
Fixes: 512b762ddb ("mac80211: brcm: disable dump_survey on Raspberry Pi")
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
6339204c212b CMakeLists.txt: bump minimum cmake version
c1be505732e6 udebug: fix crash in udebug_entry_vprintf with longer strings
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Adds MediaTek MT7916AN and Cypress CYW43455 (Raspberry Pi 5) devices.
a34977c devices: add device id for Cypress CYW43455
3eb34df devices: add device id for MediaTek MT7916AN
There are no ABI changes.
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
Enabling this causes slow iwinfo calls on Raspberry Pi and LuCI slows down
when wireless is enabled.
Fixes: https://github.com/openwrt/openwrt/issues/14013
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
This patch has been reverted in the Raspberry Pi linux repository.
Also refresh the rest of the patches.
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
Backport merged upstream patch that adds support for firmware loader
from NVMEM or attached filesystem for Aquantia PHYs.
Refresh all kernel patches affected by this change.
Also update the path for aquantia .ko that got moved to dedicated
directory upstream.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
[rmilecki: port to 5.15]
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Use shared workflow in actions-shared-workflows instead of keeping the
workflow in openwrt main branch to make it easier to maintain and update
without bloating the main repository commit history.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
They are unnecessary since ipq806x switched to DSA in
the commit 337e36e0ef.
Signed-off-by: Aleksander Jan Bajkowski <olek2@wp.pl>
Reviewed-by: Robert Marko <robimarko@gmail.com>
Refresh HSGMII patch due to recent PHY backport that cause
compilation warning for case not handled in phy_interface_num_ports.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Refresh 2.5G-SGMII patch due to recent PHY backport that cause
compilation warning for case not handled in phy_interface_num_ports.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
In order to get rid of having to modify U-boot bootcmd and having U-boot
load the Aquantia PHY-s firmware lets use some of the free space on SPI-NOR
to add a second ethphyfw partition and be able to load AQR FW via NVMEM
cells.
Signed-off-by: Robert Marko <robimarko@gmail.com>
It seems that the reset GPIO-s defined for the two AQR PHY-s are actually
reversed.
Manually testing confirmed that GPIO44 is actually reset GPIO of AQR at 0,
while GPIO59 is reset of AQR at 8:
root@OpenWrt:~# mdio 9*
DEV PHY-ID LINK
0x00 0x00000000 down
0x08 0x00000000 down
0x10 0x004dd0b1 down
0x11 0x004dd0b1 down
0x12 0x004dd0b1 down
0x13 0x004dd0b1 up
0x14 0x004dd0b1 down
0x15 0x04820a05 down
root@OpenWrt:~# gpioset gpiochip0 44=0
root@OpenWrt:~# mdio 9*
DEV PHY-ID LINK
0x08 0x00000000 down
0x10 0x004dd0b1 down
0x11 0x004dd0b1 down
0x12 0x004dd0b1 down
0x13 0x004dd0b1 up
0x14 0x004dd0b1 down
0x15 0x04820a05 down
root@OpenWrt:~# gpioset gpiochip0 44=1
root@OpenWrt:~# mdio 9*
DEV PHY-ID LINK
0x00 0x00000000 down
0x08 0x00000000 down
0x10 0x004dd0b1 down
0x11 0x004dd0b1 down
0x12 0x004dd0b1 down
0x13 0x004dd0b1 up
0x14 0x004dd0b1 down
0x15 0x04820a05 down
root@OpenWrt:~# gpioset gpiochip0 59=0
root@OpenWrt:~# mdio 9*
DEV PHY-ID LINK
0x00 0x00000000 down
0x10 0x004dd0b1 down
0x11 0x004dd0b1 down
0x12 0x004dd0b1 down
0x13 0x004dd0b1 up
0x14 0x004dd0b1 down
0x15 0x04820a05 down
root@OpenWrt:~# gpioset gpiochip0 59=1
root@OpenWrt:~# mdio 9*
DEV PHY-ID LINK
0x00 0x00000000 down
0x08 0x00000000 down
0x10 0x004dd0b1 down
0x11 0x004dd0b1 down
0x12 0x004dd0b1 down
0x13 0x004dd0b1 up
0x14 0x004dd0b1 down
0x15 0x04820a05 down
Signed-off-by: Robert Marko <robimarko@gmail.com>
Now that we have support for firmware loading via the kernel driver, it
makes sense to populate the firmware name as well, so if its present the
driver can load it.
In later patches, loading the FW via NVMEM will be added as well.
Signed-off-by: Robert Marko <robimarko@gmail.com>
This patch adds support for Raspberry Pi 5.
Instead of using 16K pages like Raspberry Pi OS, OpenWrt uses 4K pages due to
incompatibilities with F2FS and other applications.
There are multiple RPi forum posts with different cases and users are forcing
kernel8.img to workaround them, which is the 64 bit kernel of the RPi 4.
However, this isn't possible in OpenWrt because we only ship one kernel and we
would have to add RPi 5 support to bcm2711 subtarget (RPi 4) for that
workaround to work in OpenWrt.
Specification:
- Processor Broadcom BCM2712 2.4GHz quad-core 64-bit Arm Cortex-A76 CPU,
with cryptographic extension, 512KB L2 caches per core, 2048KB L3 cache
Features:
- VideoCore VII GPU, supports OpenGL ES 3.1, Vulkan 1.2
- Dual 4Kp60 HDMI display output with HDR support 4Kp60 HEVC decoder
- LPDDR4X-4267 SDRAM 4GB and 8GB
- Dual-band 802.11ac Wi-Fi
- Bluetooth 5.0 / Bluetooth Low Energy
- microSD card slot, with support for SDR104 high-speed mode
- 2 x USB 3.0 ports
- 2 x USB 2.0 ports
- Gigabit Ethernet
- 2 x 4 lane MIPI camera/display
- PCIe 2.0 x1
- 5V/5A power via USB-C
- Raspberry Pi standard 40-pin header
- Real-time clock RTC
- Power button
Build system: x86_64
Build-tested: bcm2712
Run-tested: bcm2712/RPi5
Signed-off-by: Marty Jones <mj8263788@gmail.com>
[Remove device variant, improve description]
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
The RPi 5 expects the same NVRAM as the one from RPi 4 on a different file.
Signed-off-by: Marty Jones <mj8263788@gmail.com>
[Reword commit description, add missing PKG_RELEASE bump]
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
Add support for BCM2712 (Raspberry Pi 5).
3bb5880ab3
Patches were generated from the diff between linux kernel branch linux-6.1.y
and rpi-6.1.y from raspberry pi kernel source:
- git format-patch linux-6.1.y...rpi-6.1.y
Build system: x86_64
Build-tested: bcm2708, bcm2709, bcm2710, bcm2711
Run-tested: bcm2710/RPi3B, bcm2711/RPi4B
Signed-off-by: Marty Jones <mj8263788@gmail.com>
[Remove applied and reverted patches, squash patches and config commits]
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
Ubiquiti Rocket M XW is a single-band, 2x2:2 external Wi-Fi AP, with optional
GPS receiver, with two external RP-SMA antenna connections, based on
AR9342 SoC. Two band variants exists, for 2.4GHz and 5GHz band, usable
with the same image.
Specs:
- CPU: Atheros AR9342 MIPS SoC at 535MHz
- RAM: 64MB DDR400
- ROM: 8MB SPI-NOR in SO16W package, MX25L6408E
- Wi-Fi Atheros AR9342 built-in 2x2:2 radio
- Ethernet: Atheros AR8035 PHY, limited to 100Mbps speeds due to
magnetics
- Power: 24V passive PoE input.
Installation: please refer to Ubiquiti Bullet M2HP for documentation.
The device runs with exactly same image as the Bullet, and after fixes
in preceding commit, is fully functional again. Add the alternative name
to the build system.
Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
Since commit 6f2e1b7485 ("ath79: disable delays on AT803X config init")
Ubiquiti XW boards equipped with AR8035 PHY suffered from lack of
outbound traffic on the Ethernet port. This was caused by the fact, the
U-boot has set this during boot and it wasn't reset by the PHY driver,
and the corresponding setting in device tree was wrong.
Set the 'phy-mode = "rgmii-txid"' at the ð0, and drop this property
from PHY node, as it is not parsed there. This causes the device to
connect using Ethernet once again.
Fixes: db4b6535f8 ("ath79: Add support for Ubiquity Bullet M (XW)")
Fixes: 6f2e1b7485 ("ath79: disable delays on AT803X config init")
Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
Onboard AR8035 PHY supports 1000Base-T operation, but onboard
Ethernet magnetics do not. Reduce advertised link speeds to 100Mbps and
lower.
Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
Add support for loading Aquantia FW from NVMEM for Zyxel NBG7815
restoring correct functionality of the 10g port.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Add pending patch for ipq4019 MDIO MDC rate fix. The divisor was never
actually set resulting in the MDC rate running at a very low speed.
The same MDIO is used on ipq807x where Aquantia PHY are commonly used
where MDIO is used to load the PHY firmware. Running at higher speed is
required to make the firmware load faster as it does reduce load time
from 60+ second to 5-6 seconds.
Add as pending as upstream there seems to be some conflicts with quic
and me and it might take lots of time before this is effectively merged
upstream.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
When wpa_psk_file is used, there is a chance that no PSK is set. This means
that the FT key will be generated using only the mobility domain which
could be considered a security vulnerability but only for a very specific
and niche config.
Signed-off-by: Rany Hany <rany_hany@riseup.net>
When using WPA3-SAE or WPA2/WPA3 Personal Mixed, we can not use
ft_psk_generate_local because it will break FT for SAE. Instead
use the r0kh and r1kh configuration approach.
Signed-off-by: Jesus Fernandez Manzano <jesus.manzano@galgus.ai>
802.11r can not be used when selecting WPA. It needs at least WPA2.
This is because 802.11r advertises FT support in-part through the
Authentication and Key Management (AKM) suites in the Robust
Security Network (RSN) Information Element, which was included in
the 802.11i amendment and WPA2 certification program.
Pre-standard WPA did not include the RSN IE, but the WPA IE.
This IE can not advertise the AKM suite for FT.
Signed-off-by: Jesus Fernandez Manzano <jesus.manzano@galgus.ai>
Changes:
67f3b2a libtracefs: version 1.8
8a1322f libtracefs utest: Add tests to use mapping if supported
0a65b79 libtracefs: Add tracefs_mapped_is_supported() API
805f650 libtracefs: Call mmap ioctl if a refresh happens
cf7e2a5 libtracefs: Fix tracefs_mmap() kbuf usage
3a26b26 libtracefs: Have nonblock tracefs_cpu reads set errno EAGAIN
2b5bb09 libtracefs: Have tracefs_mmap_read() include subbuf meta data
dee0448 libtracefs: Have mapping work with the other tracefs_cpu* functions
28eebc1 libtracefs: Have tracefs_cpu_flush(_buf)() use mapping
065d914 libtracefs: Use mmapping for iterating raw events
1124e0e libtracefs: Use tracefs_cpu_*_buf() calls for iterator
f43b293 libtracefs: Unmap mmap mapping on tracefs_cpu close
0d24516 libtracefs Documentation: Fix tracefs_cpu_snapshot_open() man pages
5ff31c0 libtracefs Documentation: Add tracefs_follow_events_clear() to main man page
0c7d9f7 libtracefs: Add man pages for tracefs_snapshot_*() functions
b2dc3e0 libtracefs sql: Rename TIMESTAMP_USECS_DELTA to TIMESTAMP_DELTA_USECS
585ec77 libtracefs: Force off trace mmapping
2ed14b5 libtracefs: Add ring buffer memory mapping APIs
173ffc0 libtracefs meson: Add option to disable samples
a55e2e8 libtracefs meson: Add option to disable documentation
93e20af libtracefs: Fix tracefs_instance_reset to clear synthetic events
a1ecbff libtracefs utest: Add more tests to test tracefs_sql()
975c37c libtracefs utest: Add matches to trace_sql() tests
0567e2d libtracefs synthetic: Handle hashed name variables
fcb3a83 libtracefs synthetic: Remove multiple adding of action in tracefs_synth_save()
a9dae65 libtracefs: Fix sqlhist used uninitialized error
fe7a467 libtracefs: Add updating and reading snapshot buffers
1ad57ab libtracefs: Add PID filtering API
d8726bf libtracefs: Also clear max_graph_depth on reset
eb4dd60 libtracefs: Add TIMESTAMP_USECS_DELTA to simplify SQL timestamp compares
8c57eb4 libtracefs: Add tracefs_instance_set/get_subbuf_size()
9bafb21 libtracefs: Add API to extract ring buffer statistics
141d25e libtracefs: Add tracefs_load_headers() API
ef3fae7 libtracefs: Add kerneldoc comments to tracefs_instance_set_buffer_size()
31acfe1 libtracefs utest: Add test to test tracefs_instance_set/get_buffer_percent()
3e6d975 libtracefs: Add tracefs_instance_clear() API
c4efaaf libtracefs: Add tracefs_instance_get/set_buffer_percent()
1e1cc54 libtracefs: Add API to read tracefs_cpu and return a kbuffer
7d395b1 libtracefs: Add tracefs_instance_file_write_number()
e34cbd8 libtracefs: Increase splice to use pipe max size
1f50965 libtracefs: Add API to remove followers from an instance or toplevel
576ee0b libtracefs: Reset tracing before and after unit tests
118b694 libtracefs: Free dynamic event list in utest
5159973 libtracefs: Free tracing_dir in case of remount
df563eb libtracefs: Free buf in clear_func_filter()
3cbac37 libtracefs: Free "missed_followers" of instance
0cbe56e libtracefs testing: Use one tep handle for most tests
adac30f libtracefs Documentation: Fix tracefs_event_file_exists() issues
07ab199 libtracefs: Pass enum value where expected instead of int
bb299b4 libtracefs: fix cscope makefile rule
420d677 libtracefs: Free "followers" when freeing instance
3f436fc libtracefs: Fix documentation of tracefs_trace_pipe_stream() flags
1fde9df libtracefs: Add explicit pthread dependency to meson
d1989ae tracefs-perf: Add missing headers for syscall() and SYS_* defines
Signed-off-by: Nick Hainke <vincent@systemli.org>
The safe max frame size for this ethernet switch is 1532 bytes,
excluding the DSA TAG and extra VLAN header, so the maximum
outgoing frame is 1542 bytes.
The available overhead is needed when using the DSA switch with
a cascaded Marvell DSA switch, which is something that exist in
real products, in this case the Inteno XG6846.
Use defines at the top of the size for max MTU so it is clear how
we think about this, add comments.
We need to adjust the RX buffer size to fit the new max frame size,
which is 1542 when the DSA tag (6 bytes) and VLAN header (4 extra
bytes) is added.
We also drop this default MTU:
#define ENETSW_TAG_SIZE (6 + VLAN_HLEN)
ndev->mtu = ETH_DATA_LEN + ENETSW_TAG_SIZE;
in favor of just:
ndev->mtu = ETH_DATA_LEN;
I don't know why the default MTU is trying to second guess the
overhead required by DSA and VLAN but the framework will also
try to bump the MTU for e.g. DSA tags, and the VLAN overhead is
not supposed to be included in the MTU, so this is clearly not
right.
Before this patch (on the lan1 DSA port in this case):
dsa_slave_change_mtu: master->max_mtu = 9724, dev->max_mtu = 10218, DSA overhead = 8
dsa_slave_change_mtu: master = extsw, dev = lan1
dsa_slave_change_mtu: master->max_mtu = 1510, dev->max_mtu = 9724, DSA overhead = 6
dsa_slave_change_mtu: master = eth0, dev = extsw
dsa_slave_change_mtu new_master_mtu 1514 > mtu_limit 1510
mdio_mux-0.1:00: nonfatal error -34 setting MTU to 1500 on port 0
My added debug prints before the nonfatal error: the first switch from the top
is the Marvell switch, the second in the bcm6368-enetsw with its 1510 limit.
After this patch the error is gone.
OpenWrt adds a VLAN to each port so we get VLAN tags on all frames. On this
setup we even have 4 more bytes left after the two DSA tags and VLAN so
we can go all the way up to 1532 as MTU.
Testing the new 1532 MTU:
eth0 ext1 enp7s0
.--------. .-----------. cable .------.
| enetsw | <-> | mv88e6152 | <-----> | host |
`--------´ `-----------´ `------´
On the router we set the max MTU for test:
ifconfig eth0 mtu 1520
ifconfig br-wan mtu 1520
ifconfig ext1 mtu 1506
An MTU of 1506 on ext1 is a logic consequence of the above setup:
this is the max bytes actually transferred. The framing added will be:
- 18 bytes standard ethernet header
- 4 bytes VLAN header
- 6 bytes DSA tag for enetsw
- 8 bytes DSA tag for mv88e6152
Sum: 1506 + 18 + 4 + 6 + 8 = 1542 which is out max frame size.
Test pinging from host:
ping -s 1478 -M do 192.168.1.220
PING 192.168.1.220 (192.168.1.220) 1478(1506) bytes of data.
1486 bytes from 192.168.1.220: icmp_seq=1 ttl=64 time=0.696 ms
1486 bytes from 192.168.1.220: icmp_seq=2 ttl=64 time=0.615 ms
Test pinging from router:
PING 192.168.1.2 (192.168.1.2): 1478 data bytes
1486 bytes from 192.168.1.2: seq=0 ttl=64 time=0.931 ms
1486 bytes from 192.168.1.2: seq=1 ttl=64 time=0.810 ms
The max IP packet without headers is 1478, the outgoing ICMP packet is
1506 bytes. Then the DSA, VLAN and ethernet overhead is added.
Let us verify the contents of the resulting ethernet frame of 1542 bytes.
Ping packet on router side as viewed with tcpdump:
00:54:51.900869 AF Unknown (1429722180), length 1538:
0x0000: 3d93 bcae c56b a83d 8874 0300 0004 8100 =....k.=.t......
0x0010: 0000 dada 0000 c020 0fff 0800 4500 05e2 ............E...
0x0020: 0000 4000 4001 b0ec c0a8 0102 c0a8 01dc ..@.@...........
0x0030: 0800 7628 00c3 0001 f5da 1d65 0000 0000 ..v(.......e....
0x0040: ce65 0a00 0000 0000 1011 1213 1415 1617 .e..............
0x0050: 1819 1a1b 1c1d 1e1f 2021 2223 2425 2627 .........!"#$%&'
0x0060: 2829 2a2b 2c2d 2e2f 3031 3233 3435 3637 ()*+,-./0123456
(...)
- 3d93 = First four bytes are the last two bytes of the destination
ethernet address I don't know why the first four are missing,
but it sure explains why the paket is 1538 bytes and not 1542
which is the actual max frame size.
- bcae c56b a83b = source ethernet address
- 8874 0300 0004 = Broadcom enetsw DSA tag
- 8100 0000 = VLAN 802.1Q header
- dada 0000 c020 0fff = EDSA tag for the Marvell (outer) switch,
- 0800 is the ethertype (part of the EDSA tag technically)
- Next follows the contents of the ping packet as it appears if
we dump it on the DSA interface such as tcpdump -i lan1
etc, there we get the stripped out packet, 1506 bytes.
- At the end 4 bytes of FCS.
This clearly illustrates that the DSA tag is included in the MTU
which we set up in Linux, but the VLAN tag and ethernet headers and
checksum is not.
Tested-by: Paul Donald <newtwen@gmail.com>
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
This reverts commit dcdcfc1511.
This is a firmware for third-party u-boot mod, which should not
be carried here by us.
Signed-off-by: Chuanhong Guo <gch981213@gmail.com>
The current dts file of dgs-1210-10p doesn't support link states
for the sfp ports (they are always up).
This patch tries to give better support for this and was run tested
on dgs-1210-10p.
It was heavily inspired from Paul Fertser, RaylynnKnight
and the author of dgs-1210-10mp-f.dts
https://forum.openwrt.org/t/dlink-dgs-1210-10p-with-glc-t-co-sfp/170928
Signed-off-by: Michel Thill <jmthill@gmail.com>