Commit Graph

54682 Commits

Author SHA1 Message Date
Birger Koblitz
d1b824650f realtek: do not reset SerDes on link change
Do not reset the RTL930x SerDes on link changes, instead set up
the SDS with internal PHYs for the SFP+ ports only.
This fixes the 8 1GBit ports on the Zyxel XGS1250 which
do not work without this patch.

A complete SerDes reset was performed on all SerDes links. For copper
1Gbit ports, this is commonly a single XGMII link to an RTL8218D. There
is however no support for setting up the XGMII link on RTL9300/RTL9310,
thereby wiping the (RX/TX) setup done by u-boot and breaking the 1GBit
ports. No SerDes reset should be done for these links.

The handling of SGMII/HiSGMII, 1000BX or 10GR links is actually entirely
different. All these modes need to be suitably RX calibrated and the
pre- main and post- amplifiers set up properly for TX.

The 10GBit SFP+ fiber links are recalibrated instead of reset, which
e.g. is necessary when someone pulls a module out and puts another in.
This makes swapping out 10GBit fiber modules possible. 1GBit modules are
not yet supported, nor any modules with an internal phy.

Tested-by: Stijn Segers <foss@volatilesystems.org>
Signed-off-by: Birger Koblitz <git@birger-koblitz.de>
[rewrite commit message based on discussion]
Link: http://lists.infradead.org/pipermail/openwrt-devel/2022-May/038623.html
Signed-off-by: Sander Vanheule <sander@svanheule.net>
2022-05-11 22:23:50 +02:00
Rui Salvaterra
d9a063c396 kernel: bump 5.15 to 5.15.38
Deleted (upstreamed):
mediatek/patches-5.15/120-10-v5.18-mtd-nand-fix-ecc-parameters-for-mt7622.patch [1]

Other patches automatically rebased.

[1] https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.15.38&id=3ec920d755ae69c201b358e8d8e96c32f51145d8

Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
2022-05-09 20:49:50 +01:00
Rui Salvaterra
634a45cf1d kernel: bump 5.15 to 5.15.37
Patches automatically rebased.

Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
2022-05-09 20:49:50 +01:00
Rui Salvaterra
c3569a70c6 kernel: bump 5.15 to 5.15.36
Patches automatically rebased.

Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
2022-05-09 20:49:50 +01:00
Alessio Prescenzo
4a8eaa5c7c ramips: add support for Cudy X6
Specifications:

SoC: MediaTek MT7621
RAM: 256 MB
Flash: 32 MB
WiFi: MediaTek MT7915E
Switch: 1 WAN, 4 LAN (Gigabit)
Ports: 1 USB 3.0
Buttons: Reset, WPS
LEDs: Power, System, Wan, Lan 1-4, WiFi 2.4G, WiFi 5G, WPS, USB
Power: DC 12V 1A tip positive
Installation:

Download and flash the manufacturer's built OpenWRT image available at
http://www.cudytech.com/openwrt_software_download
Install the new OpenWRT image via luci (System -> Backup/Flash firmware)
Be sure to NOT keep settings. The force upgrade may need to be checked
due to differences in router naming conventions.

Recovery:

Loads only signed manufacture firmware due to bootloader RSA verification
serve tftp-recovery image as /recovery.bin on 192.168.1.88/24
connect to any lan ethernet port
power on the device while holding the reset button
wait at least 8 seconds before releasing reset button for image to
download

Signed-off-by: Alessio Prescenzo <alessioprescenzo@gmail.com>
[ensure unique wireless MAC, fix GPIO pingroup]
Signed-off-by: David Bauer <mail@david-bauer.net>
2022-05-09 15:31:01 +02:00
Birger Koblitz
98bb26f9f7 realtek: Trap all frames with switch as destination to CPU-port
This fixes a bug where frames sent to the switch itself were
flooded to all ports unless the MAC address of the CPU-port
was learned otherwise.

Tested-by: Wenli Looi <wlooi@ucalgary.ca>
Tested-by: Bjørn Mork <bjorn@mork.no>
Signed-off-by: Birger Koblitz <git@birger-koblitz.de>
[fix code formatting]
Signed-off-by: Sander Vanheule <sander@svanheule.net>
2022-05-08 10:05:14 +02:00
Raylynn Knight
580723e86a realtek: add support for ZyXEL GS1900-16
The ZyXEL GS1900-16 is a 16 port gigabit switch similar to other GS1900 switches.

Specifications
--------------
* Device:    ZyXEL GS1900-16
* SoC:       Realtek RTL8382M 500 MHz MIPS 4KEc
* Flash:     16 MiB Macronix MX25L12835F
* RAM:       128 MiB DDR2 SDRAM Nanya NT5TU128M8HE
* Ethernet:  16x 10/100/1000 Mbps
* LEDs:      1 PWR LED (green, not configurable)
             1 SYS LED (green, configurable)
             16 ethernet port link/activity LEDs (green, SoC controlled)
* Buttons:   1 "RESET" button on front panel
* Power      120-240V AC C13
* UART:      1 serial header (J12) with populated standard pin connector on
             the right back of the PCB.
             Pinout (front to back):
             + Pin 1 - VCC marked with white dot
             + Pin 2 - RX
             + Pin 3 - TX
             + PIn 4 - GND

Serial connection parameters:  115200 8N1.

Installation
------------

OEM upgrade method:

* Log in to OEM management web interface
* Navigate to Maintenance > Firmware
* Select the HTTP radio button
* Select the Active radio button
* Use the browse button to locate the
realtek-generic-zyxel_gs1900-16-initramfs-kernel.bin
file amd select open so File Path is update with filename.
* Select the Apply button. Screen will display "Prepare
for firmware upgrade ...".
*Wait until screen shows "Do you really want to reboot?"
then select the OK button
* Once OpenWrt has booted, scp the sysupgrade image to /tmp and flash it:
   > sysupgrade -n /tmp/realtek-generic-zyxel_gs1900-16-squashfs-sysupgrade.bin
   it may be necessary to restart the network (/etc/init.d/network restart) on
   the running initramfs image.

U-Boot TFTP method:

* Configure your client with a static 192.168.1.x IP (e.g. 192.168.1.10).
* Set up a TFTP server on your client and make it serve the initramfs image.
* Connect serial, power up the switch, interrupt U-boot by hitting the
  space bar, and enable the network:
   > rtk network on
* Since the GS1900-16 is a dual-partition device, you want to keep the OEM
  firmware on the backup partition for the time being. OpenWrt can only boot
  from the first partition anyway (hardcoded in the DTS). To make sure we are
  manipulating the first partition, issue the following commands:
  > setsys bootpartition 0
  > savesys
* Download the image onto the device and boot from it:
   > tftpboot 0x84f00000 192.168.1.10:openwrt-realtek-generic-zyxel_gs1900-16-initramfs-kernel.bin
   > bootm
* Once OpenWrt has booted, scp the sysupgrade image to /tmp and flash it:
   > sysupgrade -n /tmp/openwrt-realtek-generic-zyxel_gs1900-16-squashfs-sysupgrade.bin
   it may be necessary to restart the network (/etc/init.d/network restart) on
   the running initramfs image.

Signed-off-by: Raylynn Knight <rayknight@me.com>
[removed duplicate patch title, align RAM specification]
Signed-off-by: Sander Vanheule <sander@svanheule.net>
2022-05-07 17:23:45 +02:00
Matthew Hagan
d9fae43202 kernel: backports: add Huawei MA5671A tx-fault workaround
This workaround will allow the MA5671A to function, ignoring the
persistently asserted tx-fault.

Signed-off-by: Matthew Hagan <mnhagan88@gmail.com>
(added 5.15 backport)
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2022-05-07 16:27:27 +02:00
Christian Lamparter
b2c9c4dda2 apm821xx: add support for kernel 5.15 for testing
This patch copies over refreshed config and patches from 5.10
with the following changes:

 - dropped superfluous tc654/tc655 variant detection patch
   (tc654 support will become available upstream starting with
   5.17-rc7+).

 - dropped xhci msi(x) workaround... as the broken MSI(X)
   is now gone.

 - dropped dwc2 workaround since the driver was fixed and it
   works without it.

Please note: Netgear WNDAP660 & WNDAP620 users:

Due to the kernel's size increase, uboot will likely break
because it is overwrite the kernel during decompression.

To fix this (and debrick affected devices, no reflash
necessary), attach the RJ45-Serial-Console cable and
enter the following in the uboot prompt during bootup:

 setenv kernel_addr_r 1100000
 saveenv
 run bootcmd

to restore the old/previous behavior:

 setenv kernel_addr_r 600000
 saveenv
 run bootcmd

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2022-05-07 16:27:27 +02:00
Christian Lamparter
fd836f3d15 kernel: usb-xhci-pci-renesas: remove LINUX_5_10 dependency symbol
With 5.4 out of the picture, remove LINUX_5_10 here. This is
needed for the WNDR4700 as otherwise kmod-usb3 isn't available
for 5.15.

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2022-05-07 16:26:21 +02:00
Christian Lamparter
b47c641ee3 generic: 5.15: add missing symbol
Found during apm821xx refresh.

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2022-05-07 14:35:37 +02:00
Christian Lamparter
c97c8b814a kernel/x86: move x86' specific watchdogs to the x86 target
upstream linux have these watchdogs locked behind X86.
These will not build on other architectures. So move them
to target/linux/x86/modules.mk

drivers/watchdog/Kconfig:

|config F71808E_WDT
|	tristate "Fintek F718xx, F818xx Super I/O Watchdog"
|	depends on X86
|[...]
|config IT87_WDT
|	tristate "IT87 Watchdog Timer"
|	depends on X86
|[...]
|config ITCO_WDT
|	tristate "Intel TCO Timer/Watchdog"
|	depends on (X86 || IA64) && PCI
|[...]
|config W83627HF_WDT
|	tristate "Watchdog timer for W83627HF/W83627DHG and compatibles"
|	depends on X86
|[...]

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2022-05-07 14:31:22 +02:00
Christian Lamparter
0cd1fc0fe5 x86: detangle meraki-mx100 / nu801 build confusion
Grommish reported the dreaded build error that happend with 5.4
since the kernel didn't have the cgpio v2 interface. His reason
for the removed 5.4 was that the octeon target had a memory leak
issue, so he had to backport the removed 5.4 kernel for his tests.

Chen Minqiang chimed in and noted that no matter what (i.e.
@TARGET_x86 in depends) didn't prevent the package from being build
on other targets.

From what I can tell, the reason for this was that +nu801 meant
that kmod-meraki-mx100 pulled in an unconditional dependency as
part of to the kernel build.

|scripts/package-metadata.pl mk tmp/.packageinfo
|
|$(curdir)/kernel/linux/compile += $(curdir)/firmware/linux-firmware/compile \
|	$(curdir)/firmware/prism54-firmware/compile \
|	$(curdir)/kernel/gpio-button-hotplug/compile \
|	>>> $(curdir)/system/gpio-cdev/nu801/compile <<<

change this by making the dependency conditional on the
meraki-mx100 module itself. Note that the nu801 enables/sets
the  KCONFIG for the cgpio v2 interface itself, since the
userspace program and not the kernel meraki-mx100 relies on it.

Reference: <https://github.com/openwrt/openwrt/commit/eeb8fd4ce7e9>
Reported-by: Grommish <grommish@gmail.com>
Reported-by: Chen Minqiang <ptpt52@gmail.com>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2022-05-07 14:31:22 +02:00
Christian Lamparter
d022451906 x86: add ib700wdt module for x86 qemu watchdogs
QEMU+Libvirt can emulate the ib700wdt watchdogs
which due to its I/O-Port mapping makes it x86
specific.

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2022-05-07 14:31:22 +02:00
Christian Lamparter
afcb6b1524 armvirt: 64: enable driver for QEMU' supported watchdog
QEMU can emulate several watchdogs:
aspeed SoC, i6300esb, ib700wdt, imx2, cmsdk-apb and sbsa_gwdt.

Out of these, the ARM SBSA Generic Watchdog (sbsa_gwdt)
makes the most sense for the armvirt' 64 target. Both imx2 and
aspeed are guarded by special vendor specific CONFIG_ in the
upstream kernel.

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2022-05-07 14:31:21 +02:00
Christian Lamparter
cb203adda0 kernel: provide i6300esb for qemu/libvirt
the Intel i6300esb is QEMU's default watchdog. And unlike
the real "Intel i6300ESB I/O Controller hub" hardware, the
i6300esb watchdog driver works on non-x86 targets like for
ARM (armvirt 32bit) and potentially virtual PowerPC and MIPS
targets (if there was any).

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2022-05-07 14:31:21 +02:00
Felix Fietkau
203ffc4ca7 kernel: fix corrupted padding on small packets with mt753x dsa
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2022-05-06 21:55:20 +02:00
Felix Fietkau
b5f25d43b7 kernel: backport flow offload fixes to 5.10
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2022-05-06 21:47:53 +02:00
Felix Fietkau
726ef8ba2d kernel: fix flow offload issues with pppoe
sync xt_FLOWOFFLOAD code with latest version of nft_flow_offload

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2022-05-06 15:50:32 +02:00
Sungbo Eo
cb1dc49c18 ipq40xx: consolidate ar40xx driver files
Commit f4fb63d2ab ("ipq40xx: 5.10: move AR40xx to MDIO drivers") moved
the ar40xx driver files to kernel version specific directories to place
them in different subdirectory in kernel tree. But now kernel 5.4 is
gone and there is no reason to keep them separate. Move them back to
common files/ directory.

Signed-off-by: Sungbo Eo <mans0n@gorani.run>
2022-05-05 09:19:00 +09:00
Nick Hainke
1526ccebd4 ipq40xx: 5.15: fix ar40xx driver
Also apply commit ab7e53e5cc ("ipq40xx: 5.10: fix ar40xx driver") to
5.15 driver.

The commit fixes the data corruption on TX packets. Packets are
transmitted, but their contents are replaced with zeros. This error is
caused by the lack of guard (50 ms) intervals between calibration phases.
This error is treated by adding mdelay(50) to the calibration function
code. In the original qca-ssda code, these mdelays were existing, but in
the ar41xx.c they are gone.

Fixes: 87318eb179 ("ipq40xx: 5:15: copy config and patch from 5.10")

Signed-off-by: Nick Hainke <vincent@systemli.org>
2022-05-05 09:19:00 +09:00
Ptilopsis Leucotis
b697b5c55e ramips: add i2c in dts for GL-MT300N-V2
According wiki https://docs.gl-inet.com/en/2/hardware/mt300n-v2/
GL-MT300N-V2 have I2C interface on GPIO4, GPIO5.
Adding I2C in device tree make possible using I2C on this device.

Signed-off-by: Ptilopsis Leucotis <PtilopsisLeucotis@yandex.com>
2022-05-05 09:19:00 +09:00
Rodrigo Balerdi
f8b0010dfb ipq806x: add support for Arris TR4400 v2 / RAC2V1A
Hardware specs:
  SoC: Qualcomm IPQ8065 (dual core Cortex-A15)
  RAM: 512 MB DDR3
  Flash: 256 MB NAND, 32 MB NOR
  WiFi: QCA9983 2.4 GHz, QCA9984 5 GHz
  Switch: QCA8337
  Ethernet: 5x 10/100/1000 Mbit/s
  USB: 1x USB 3.0 Type-A
  Buttons: WPS, Reset
  Power: 12 VDC, 2.5 A

Ethernet ports:
  1x WAN: connected to eth2
  4x LAN: connected via the switch to eth0 and eth1
          (eth0 is disabled in OEM firmware)

MAC addresses (OEM and OpenWrt):
  fw_env @ 0x00  d4🆎82:??:??:?a  LAN (eth1)
  fw_env @ 0x06  d4🆎82:??:??:?b  WAN (eth2)
  fw_env @ 0x0c  d4🆎82:??:??:?c  WLAN 2.4 GHz (ath1)
  fw_env @ 0x12  d4🆎82:??:??:?d  WLAN 5 GHz (ath0)
  fw_env @ 0x18  d4🆎82:??:??:?e  OEM usage unknown (eth0 in OpenWrt)

  OID d4🆎82 is registered to:
  ARRIS Group, Inc., 6450 Sequence Drive, San Diego CA 92121, US

More info:
  https://openwrt.org/inbox/toh/arris/tr4400_v2

IMPORTANT:

This port requires moving the 'fw_env' partition prior to first boot to
consolidate 70% of the usable space in flash into a contiguous partition.
'fw_env' contains factory-programmed MAC addresses, SSIDs, and passwords.
Its contents must be copied to 'rootfs_1' prior to booting via initramfs.
Note that the stock 'fw_env' partition  will be wiped during sysupgrade.

A writable 'stock_fw_env' partition pointing to the old, stock location
is included in the port to help rolling back this change if desired.

Installation:

- Requires serial access and a TFTP server.
- Fully boot stock, press ENTER, type in:
mtd erase /dev/mtd21
dd if=/dev/mtd22 bs=128K count=1 | mtd write - /dev/mtd21
umount /config && ubidetach -m 23 && mtd erase /dev/mtd23
- Reboot and interrupt U-Boot by pressing a key, type in:
set mtdids 'nand0=nand0'
set mtdparts 'mtdparts=nand0:155M@0x6500000(mtd_ubi)'
set bootcmd 'ubi part mtd_ubi && ubi read 0x44000000 kernel && bootm'
env save
- Setup TFTP server serving initramfs image as 'recovery.bin', type in:
set ipaddr 192.168.1.1
set serverip 192.168.1.2
tftpboot recovery.bin && bootm
- Use sysupgrade to install squashfs image.

This port is based on work done by AmadeusGhost <amadeus@jmu.edu.cn>.

Signed-off-by: Rodrigo Balerdi <lanchon@gmail.com>
[add 5.15 changes for 0069-arm-boot-add-dts-files.patch]
Signed-off-by: Sungbo Eo <mans0n@gorani.run>
2022-05-05 09:19:00 +09:00
Arınç ÜNAL
f4e219fd5e packages: nvram: add NVRAM quirks for bcm53xx target
Add NVRAM quirks script for the bcm53xx target. Split NVRAM quirks for the
bcm47xx and bcm53xx targets. Move clear partialboot NVRAM quirk for Linksys
EA9500 here. Add set wireless LED behaviour quirk for Asus RT-AC88U.

Use boot() instead of start() as nvram commands are meant to be executed
only once, at boot.

Signed-off-by: Arınç ÜNAL <arinc.unal@arinc9.com>
2022-05-04 21:51:20 +02:00
Tiago Gaspar
65258f5d60 firewall: config: remove restictions on DHCPv6 allow rule
Remove restrictions on source and destination addresses, which aren't
specified on RFC8415, and for some reason in openwrt are configured
to allow both link-local and ULA addresses.
As cleared out in issue #5066 there are some ISPs that use Gloabal
Unicast addresses, so fix this rule to allow them.

Fixes: #5066

Signed-off-by: Tiago Gaspar <tiagogaspar8@gmail.com>
[rebase onto firewall3, clarify subject, bump PKG_RELEASE]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2022-05-04 15:26:16 +02:00
Jan Hoffmann
1daaef31b3 ltq-vdsl-app: disconnect when service is stopped
Stop the connection when the control daemon is terminated. The code is
a modified version of the termination routine in version 4.23.1 of the
daemon (which doesn't support VR9 modems anymore).

This could also be implemented by calling the acos and acs commands via
dsl_cpe_pipe.sh in the init script. However, doing it in the daemon
itself has the advantage of also working if it is terminated in another
way (for example during sysupgrade).

Signed-off-by: Jan Hoffmann <jan@3e8.eu>
Tested-by: Martin Blumenstingl <martin.blumenstingl@googlemail.com>
2022-05-04 01:38:04 +01:00
Jan Hoffmann
db4bf4b968 ltq-vdsl/ltq-adsl: fix elapsed time calculation
The driver maintains elapsed times by repeatedly accumulating the time
since the previous update in a loop. For the elapsed showtime time, the
time difference is truncated to seconds before adding it, leading to a
sizable error over time.

Move the truncation to before calculation of the time difference in
order to remove this error. Also maintain the total elapsed time in the
same way in full seconds, to prevent the unsigned 32-bit counter from
wrapping around after about 50 days.

Testing on a VR9 device shows that the reported line uptime now matches
the actual elapsed wall time. The ADSL variant is only compile-tested,
but it should also work as the relevant code is identical.

Signed-off-by: Jan Hoffmann <jan@3e8.eu>
Tested-by: Martin Blumenstingl <martin.blumenstingl@googlemail.com>
2022-05-04 01:38:04 +01:00
Jan Hoffmann
2f484aeff5 ltq-atm/ltq-ptm: avoid unnecessary build dependencies
Right now, both ltq-adsl-mei and ltq-vdsl-mei are always built, even
when they aren't necessary for the selected variant. This can cause the
build to fail, for example ltq-vdsl-mei doesn't build successfully here
on xway target due to the vectoring callback.

Make these dependencies conditional on the specific package variants,
so they are only built when actually needed.

Signed-off-by: Jan Hoffmann <jan@3e8.eu>
Tested-by: Martin Blumenstingl <martin.blumenstingl@googlemail.com>
2022-05-04 01:38:04 +01:00
Daniel Golle
51c442c265
uqmi: update to git HEAD
56cb2d4 nas: add decoding of cell_id
 9a9019a uqmi: wms - added storage to read text messages

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2022-05-04 01:33:21 +01:00
Daniel Golle
4509b790f0
fstools: update to git HEAD
9e11b37 fstools: remove SELinux restorecon hack

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2022-05-03 02:11:17 +01:00
Daniel Golle
fb01111866
procd: update to git HEAD
652e6df init: restore SELinux labels after policy is loaded

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2022-05-03 02:11:12 +01:00
Daniel Golle
7b07c3cff5
base-files: simplify restorecon logic
Remove forgotten redundant selinuxenabled call and skip the whole
thing in case $IPKG_INSTROOT is set as labels are anyway applied only
later on in fakeroot when squashfs is created.

Fixes: 6d7272852e ("base-files: add missing $IPKG_INSTROOT to restorecon call")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2022-05-02 21:11:05 +01:00
Dominick Grift
4379457098 selinux-policy: update to version 1.1
try to clean up some labeling inconsistencies
iwinfo loose ends
ucode loose ends
Makefile: adjust mintesttgt (adds blockmount/blockd)
nftables: reads inherited netifd pipe
ucode: reads inherited netifd pipes
mountroot: fowner
sandbox: writes inherited dropbear pipes
unbound related to /tmp/etc/ssl
unbound loose ends
adds a sslconftmpfile for /tmp/etc/ssl
README: maintain a wish list in the README
iwinfo: netifd forgot write
gptfdisk loose ends
iwinfo: netifd wpad reads/writes inherited netifd fifo files
netifd (mac80211.sh) executes iwinfo
luci: executes wireguard
luci-cgi: audits xtables execute access
rcuhttpd: lists ssl certfile dirs
iwinfo, wifi,nftables usage of ttyd pty if available
urandomseed: seedrng needs cap_sys_admin
iwinfo iwinfo, nftables and some chronyd rules related to ntp nts server
nftables, wifi and adds iwinfo skel
nftables, rpcd, ucode
nftables, ucode and seedrng ucode, fw3/nftables, luci
adds ucode skel and some fw3/nftables related
urandomseed: some seedrng rules
fw3 adds some support for fw4
urandomseed: /etc/seedrng is for seed.credit
hotplugcal: runs ucode which is interpreter like
adds a nftables skeleton and makes xtables optional
agent: allow all agents to write inherited dropbear pipes
urandomseed: this seems to be replaced by seedrng
kmodloader: label /etc/modules.conf kmodloader.conffile
Revert "shelexecfile: remove auditallow rule"
Makefile: sort the modules to process by secilc
Moves back to git.defensec.nl
unbound odhcpd (ip) reads net proc
tcp dump
shelexecfile: remove auditallow rule
rrd.cil: fixes indent
Target rddtool from cgi-io instead of runnit it without transition
rrd.cil related
rrd, rpcd, cgiio clean ups related to luci-app-statistics
Rules for rrd files and luci-statistics
unboundcontrol ordering
Several missing permissions
blockmount, dnsmasq, hotplugcall, rpcd, unbound
adds mctp_socket (linux 5.15)
ip: forgot tc-tiny type transition to go along with the fc spec
ip: adds a fc spec for tc-tiny (called by sqm)
adds ttyACM fc spec and various assorted loose ends
.gitattributes: do not export the github workflows
workflow use selinux 3.3

project moved back to https://git.defensec.nl/selinux-policy.git

Signed-off-by: Dominick Grift <dominick.grift@defensec.nl>
2022-05-02 21:10:43 +01:00
Enrico Mioso
e3f9af4fb6 ipq40xx: fix BDF file for pcie wifi chip on the GL.Inet GL-B2200
After the switch to pre-calibration, ath10k would fail to initialize
the PCIE Wi-Fi on the GL-B200 as follows:

ath10k_pci 0000:01:00.0: enabling device (0140 -> 0142)
ath10k_pci 0000:01:00.0: qca9888 hw2.0 target 0x01000000 chip_id 0x00000000 sub 0000:0000
[...]
ath10k_pci 0000:01:00.0: failed to fetch board data for bus=pci,bmi-chip-id=0,bmi-board-id=16,variant=GL-B2200 from ath10k/QCA9888/hw2.0/board-2.bin
ath10k_pci 0000:01:00.0: failed to fetch board-2.bin or board.bin from ath10k/QCA9888/hw2.0
ath10k_pci 0000:01:00.0: failed to fetch board file: -12
ath10k_pci 0000:01:00.0: could not probe fw (-12)

Repackage the BDF file after renaming relevant fields and files to
allow for the Wi-Fi interface to start again.

Fixes: 80d34d9d59 ("ipq40xx: document pcie wifi chip on the GL.Inet GL-B2200")
CC: Christian Lamparter <chunkeey@gmail.com>
CC: Robert Marko <robimarko@gmail.com>
Reviewed-by: Robert Marko <robert.marko@sartura.hr>
Signed-off-by: Enrico Mioso <mrkiko.rs@gmail.com>
2022-05-02 21:16:14 +02:00
Daniel Golle
6d7272852e
base-files: add missing $IPKG_INSTROOT to restorecon call
Update to overlooked v2 version of Dominick Grift's patch.

Fixes: 5109bd164c ("base-files: address sed in-place without SELinux awareness")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2022-05-02 19:59:58 +01:00
Bruno Victal
0276fab649 dnsmasq: fix jail_mount for serversfile
Fix 'serversfile' option not being jail_mounted by the init script.

Signed-off-by: Bruno Victal <brunovictal@outlook.com>
2022-05-02 18:57:49 +01:00
Dominick Grift
5109bd164c
base-files: address sed in-place without SELinux awareness
sed(1) in busybox does not support this functionality:
https://git.savannah.gnu.org/cgit/sed.git/tree/sed/execute.c#n598

This causes /etc/group to become mislabeled when a package requests
that a uid/gid be added on OpenWrt with SELinux

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
[move restorecon inside lock]
Signed-off-by: Dominick Grift <dominick.grift@defensec.nl>
2022-05-02 18:56:02 +01:00
Rodrigo Balerdi
7d02fc0951 base-files: fix sysupgrade for kernel-out-of-UBI
Commit ecbcc0b595 bricks devices on which the raw kernel and UBI mtd
partitions overlap.

This is the case of the ZyXEL NR7101 for example. Its OEM bootloader has
no UBI support. OpenWrt splits the stock kernel mtd partition into a raw
kernel part used by the bootloader and a UBI part used to store rootfs
and rootfs_data. Running mtd erase on the complete partition during
sysupgrade erases the UBI part and results in a soft brick.

Arguably the best solution would be to fix the partition layouts so that
kernel and UBI partitions do not overlap, also including a stock_kernel
partition to help reverting to stock firmware. This would have the added
benefit of protecting UBI from kernel images that are excessively large.

Fixes: ecbcc0b595 ("base-files: safer sysupgrade.tar for kernel-out-of-UBI")
Reported-by: Bjørn Mork <bjorn@mork.no>
Signed-off-by: Rodrigo Balerdi <lanchon@gmail.com>
2022-05-02 12:42:15 +01:00
Daniel Golle
4e8d095013
fstools: update to git HEAD
f0fc66a libfstools: check for overlay mounting errors
 128ecaf Update / fix extroot comments
 8a0ba3b libfstools: get rid of "extroot_prefix" global variable
 649cd3f libfstools: use variable for overlay mount-point
 922f1b3 libfstools: avoid segfault in find_mount_point
 ce5eacb libfstools: mtd: improve error handling
 898b328 blockd: restore device_move semantics
 0917d22 block: don't probe mtdblock on NAND (with legacy exceptions)

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2022-05-01 17:02:39 +01:00
Tamas Balogh
65dc9e0980 ramips: ethernet: ralink: add led_source dts-binding
this adds the new dts-binding "mediatek,led_source"
currently for MT7628AN and MT7688 built-in switches,
which is documented as a 3-bit field configuring the
switch LEDs for various control schemes from 0 to 3.

Normally this is not needed, but e.g. for Asus RT-AC1200-V2
it is a must to set it to the anyway undocumented value
of 4, to have the switch LEDs react correctly on link/act
events. This is an MT7628DAN device, but I doubt this is
a speciality of this particular SoC.

Also added the RT305X_ESW_LED_OFF value to LED states.
Did also rename the register RT5350_EWS_REG_LED_POLARITY
to RT5350_EWS_REG_LED_CONTROL, which is the correct name.
Also making use of defines for some hardcoded values.

Signed-off-by: Tamas Balogh <tamasbalogh@hotmail.com>
2022-05-01 13:40:13 +09:00
Pawel Dembicki
55553a45f8 kirkwood: set testing kernel version to 5.15
This patch configures kernel testing version for kirkwood target.

Compile tested: all
Run tested: Endian 4i

Signed-off-by: Pawel Dembicki <paweldembicki@gmail.com>
2022-05-01 13:40:13 +09:00
Pawel Dembicki
11fdfc2eca kirkwood: refresh 5.15 kernel config
Done by "make kernel_oldconfig".

Signed-off-by: Pawel Dembicki <paweldembicki@gmail.com>
2022-05-01 13:40:13 +09:00
Pawel Dembicki
62be521ca7 generic: 5.15: add missing symbol
Found durring kirkwood refreshing.

Signed-off-by: Pawel Dembicki <paweldembicki@gmail.com>
2022-05-01 13:40:13 +09:00
Pawel Dembicki
8e6ee6cbaf kirkwood: copy config and patches to 5.15
This patch makes only a copy of 5.10 config and patches.

Patches merged in upstream was omited.

Signed-off-by: Pawel Dembicki <paweldembicki@gmail.com>
2022-05-01 13:40:13 +09:00
Sungbo Eo
daee22c7c0 ipq40xx: 5.15: refresh subtarget config
Update config with `make kernel_oldconfig CONFIG_TARGET=subtarget`.

Signed-off-by: Sungbo Eo <mans0n@gorani.run>
2022-05-01 13:40:13 +09:00
Robert Marko
376834a743 ipq40xx: 5.15: refresh config
Refresh 5.15 kernel config for IPQ40xx due to large number of generic
config changes.

Signed-off-by: Robert Marko <robert.marko@sartura.hr>
2022-05-01 13:40:13 +09:00
Robert Marko
2114b22ef3 ipq40xx: 5.15: drop upstreamed sleep clock patch
Patch that corrects sleep clock frequency has already been backported
to 5.15 stable so remove the duplicate patch.

Signed-off-by: Robert Marko <robert.marko@sartura.hr>
2022-05-01 13:40:13 +09:00
Ansuel Smith
17b7756b5a ipq40xx: 5.15: add testing kernel version
Add 5.15 kernel as a testing kernel version in the Makefile.

Linksys EA6350v3/EA8300/MR8300 will not build with buildbot settings and
should be disabled when the target is switched, unless the image size is
reduced again.

Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com>
Reviewed-by: Robert Marko <robert.marko@sartura.hr>
[add comment for increased kernel size]
Signed-off-by: Sungbo Eo <mans0n@gorani.run>
2022-05-01 13:40:13 +09:00
Ansuel Smith
7517955eac ipq40xx: 5.15: refresh kernel patches
Refresh kernel patches.

Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com>
Reviewed-by: Robert Marko <robert.marko@sartura.hr>
2022-05-01 13:40:13 +09:00
Ansuel Smith
7c692f685b ipq40xx: refresh ess driver and phy with new api
Kernel 5.15 have some new api for ethtool and phy.
Add ifdef to fix compilation error.

Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com>
Reviewed-by: Robert Marko <robert.marko@sartura.hr>
2022-05-01 13:40:13 +09:00