Add the following kconfig symbols (disabled):
CONFIG_DEFAULT_FQ
CONFIG_DEFAULT_CODEL
CONFIG_DEFAULT_SFQ
Also resort the config with the kconfig.pl script.
Fixes: f39872d966 ("kernel: generic: select the fq_codel qdisc by default")
Tested-by: Christian Lamparter <chunkeey@gmail.com>
Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
Define the kernel crash log storage ramoops/pstore feature
for R7800 and its sister XR500.
Reference to the ramoops admin guide in upstream Linux:
https://www.kernel.org/doc/html/v5.10/admin-guide/ramoops.html
Tested with R7800.
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
Package the ability to log kernel crashes to 'ramoops' pstore
files into RAM in /sys/fs/pstore
Reference to the ramoops admin guide in upstream Linux:
https://www.kernel.org/doc/html/v5.10/admin-guide/ramoops.html
The files in RAM survive a warm reboot, but not a cold reboot.
Note: kmod-ramoops selects kmod-pstore and kmod-reed-solomon.
The feature can be used by selecting the kmod-ramoops and
adding a ramoops reserved-memory definition to the device DTS.
Example from R7800:
reserved-memory {
rsvd@5fe00000 {
reg = <0x5fe00000 0x200000>;
reusable;
};
ramoops@42100000 {
compatible = "ramoops";
reg = <0x42100000 0x40000>;
record-size = <0x4000>;
console-size = <0x4000>;
ftrace-size = <0x4000>;
pmsg-size = <0x4000>;
};
};
If no definition has been made in DTS, no crash log is stored
for the device.
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
(added CONFIG_EFI_VARS_PSTORE disable)
Previously, grub2 was hardcoded to always look on "hd0" for the
kernel.
This works well when the system only had a single disk.
But if there was a second disk/stick present, it may have look
on the wrong drive because of enumeration races.
This patch utilizes grub2 search function to look for a filesystem
with the label "kernel". This works thanks to existing setup in
scripts/gen_image_generic.sh. Which sets the "kernel" label on
both the fat and ext4 filesystem variants.
Signed-off-by: Jax Jiang <jax.jiang.007@gmail.com>
Suggested-by: Alberto Bursi <bobafetthotmail@gmail.com> (MX100 WA)
(word wrapped, slightly rewritten commit message, removed MX100 WA)
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
This reverts all four commits
dbb45421ba "bcm27xx: bcm2708: update defconfig"
332f69583a "bcm27xx: bcm2709: update defconfig"
a478202d74 "bcm27xx: bcm2710: update defconfig"
82da1dfd69 "bcm27xx: bcm2711: update defconfig"
this also highlighted an unrelated kconfig failure
that warrants investigation. But for now it is important
for the bcm27xx target to come back again.
|*
|* Restart config...
|*
|*
|* Allow override default queue discipline
|*
|Allow override default queue discipline (NET_SCH_DEFAULT) [Y/n/?] y
| Default queuing discipline
| 1. Fair Queue (DEFAULT_FQ) (NEW)
| 2. Controlled Delay (DEFAULT_CODEL) (NEW)
| > 3. Fair Queue Controlled Delay (DEFAULT_FQ_CODEL)
| 4. Stochastic Fair Queue (DEFAULT_SFQ) (NEW)
| 5. Priority FIFO Fast (DEFAULT_PFIFO_FAST)
| choice[1-5?]:
|Error in reading or end of file.
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
Add kernel support for SAMA7G5 by back-porting mainline kernel patches.
Among SAMA7G5 features could be remembered:
- ARM Cortex-A7
- double data rate multi-port dynamic RAM controller supporting DDR2,
DDR3, DDR3L, LPDDR2, LPDDR3 up to 533MHz
- peripherals for audio, video processing
- 1 gigabit + 1 megabit Ethernet controllers
- 6 CAN controllers
- trust zone support
- DVFS for CPU
- criptography IPs
Signed-off-by: Claudiu Beznea <claudiu.beznea@microchip.com>
AT91Bootstrap version 4 is available only for SAM9X60, SAMA5D2, SAMA5D3,
SAMA5D4, SAMA7G5. Thus use v4.0.1 for the above targets and v3.10.4 for
the rest of them. With the switch to v4 AT91Bootstrap binaries are now
on build/binaries. Take also this into account. Also, patches directory
is not needed anymore with the version update.
Signed-off-by: Claudiu Beznea <claudiu.beznea@microchip.com>
In the default shadow file, as visible in the failsafe mode, the user
root has value of `0` set in the 3rd field, the date of last password
change. This setting means that the password needs to be changed the
next time the user will log in the system. `dropbear` server is ignoring
this setting but `openssh-server` tries to enforce it and fails in the
failsafe mode because the rootfs is R/O.
Disable the password aging feature for user root by setting the 3rd
filed empty.
Signed-off-by: Rucke Teg <rucketeg@protonmail.com>
Enable both the hunting-and-pecking loop and hash-to-element mechanisms
by default in OpenWRT with SAE.
Commercial Wi-Fi solutions increasingly frequently now ship with both
hunting-and-pecking and hash-to-element (H2E) enabled by default as this
is more secure and more performant than offering hunting-and-pecking
alone for H2E capable clients.
The hunting and pecking loop mechanism is inherently fragile and prone to
timing-based side channels in its design and is more computationally
intensive to perform. Hash-to-element (H2E) is its long-term
replacement to address these concerns.
For clients that only support the hunting-and-pecking loop mechanism,
this is still available to use by default.
For clients that in addition support, or were to require, the
hash-to-element (H2E) mechanism, this is then available for use.
Signed-off-by: Nick Lowe <nick.lowe@gmail.com>
Due to a limited grep pattern, subjects containing dots like `image.mk`
were falsely reported as problematic. Extend pattern to allow dots.
Signed-off-by: Paul Spooren <mail@aparcar.org>
Adding the feature flag automatically creates a a rootfs.tar.gz files
which can be used for Docker rootfs containers.
Signed-off-by: Paul Spooren <mail@aparcar.org>
Backport fix for API breakage of SSL_get_verify_result() introduced in
v5.1.1-stable. In v4.8.1-stable SSL_get_verify_result() used to return
X509_V_OK when used on LE powered sites or other sites utilizing
relaxed/alternative cert chain validation feature. After an update to
v5.1.1-stable that API calls started returning X509_V_ERR_INVALID_CA
error and thus rendered all such connection attempts imposible:
$ docker run -it openwrt/rootfs:x86_64-21.02.2 sh -c "wget https://letsencrypt.org"
Downloading 'https://letsencrypt.org'
Connecting to 18.159.128.50:443
Connection error: Invalid SSL certificate
Fixes: #9283
References: https://github.com/wolfSSL/wolfssl/issues/4879
Signed-off-by: Petr Štetiar <ynezz@true.cz>
fwtool is now always part of the sysupgrade stage2 ramdisk, so drop
the no longer needed RAMFS_COPY_BIN variable.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Now that both, fw_printenv/fw_setenv and fwtool are always present
during stage2 sysupgrade, we no longer need to list them in
RAMFS_COPY_BIN and RAMFS_COPY_DATA in platform.sh.
Drop both variables as they are now unneeded.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Not all targets create /var/lock or touch /var/lock/fw_printenv.lock in
their platform.sh. This is problematic as fw_printenv then fails in
case /var/lock/fw_printenv.lock has not been created by previous calls
to fw_printenv/fw_setenv before sysupgrade is run.
Targets using fw_printenv/fw_setenv during sysupgrade:
* ath79/*
* ipq40xx/*
* ipq806x/*
* kirkwood/*
* layerscape/*
* mediatek/mt7622
* mvebu/*
* ramips/*
* realtek/*
Targets currently using additional steps in /lib/upgrade/platform.sh
to make sure /var/lock/fw_printenv.lock (or at least /var/lock)
actually exists:
* ath79/* (openmesh devices)
* ipq40xx/* (linksys devices)
* ipq806x/* (linksys devices)
* kirkwood/* (linksys devices)
* layerscape/*
* mvebu/cortexa9 (linksys devices)
Given that accessing the U-Boot environment during sysupgrade is not
uncommon and the situation across targets is currently quite diverse,
just make sure both tools as well fw_env.config are always copied to
the ramdisk used for sysupgrade. Also make sure /var/lock always
exists.
This now allows to remove copying of fw_printenv/fw_setenv as well as
fw_env.config, creation of /var/lock or even /var/lock/fw_printenv.lock
from lib/upgrade/platform.sh or files included there.
As the same applies also to 'fwtool' which is used by generic eMMC
sysupgrade, also always copy that to ramdisk.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
diffconfig.sh runs ./scripts/config/conf, but it does not get built
with 'make {menu,x,n}config. Call 'make ./scripts/config/conf' to
ensure it's been built befpre running it.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
Toplevel Make is not aware about changes in the `scripts/config/*conf`
targets and this is causing issues for during update to that part of
build tree, where one needs to handle this manually by either force
rebuilding the targets or running `make config-clean`. Fix this by
forcing the rebuild if necessary.
Fixes: #9297
Signed-off-by: Petr Štetiar <ynezz@true.cz>
This uses uci to configure engines, by generating a list of enabled
engines in /var/etc/ssl/engines.cnf from engines configured in
/etc/config/openssl:
config engine 'devcrypto'
option enabled '1'
Currently the only options implemented are 'enabled', which defaults to
true and enables the named engine, and the 'force' option, that enables
the engine even if the init script thinks the engine does not exist.
The existence test is to check for either a configuration file
/etc/ssl/engines.cnf.d/%ENGINE%.cnf, or a shared object file
/usr/lib/engines-1.1/%ENGINE%.so.
The engine list is generated by an init script which is set to run after
'log' because it informs the engines being enabled or skipped. It
should run before any service using OpenSSL as the crypto library,
otherwise the service will not use any engine.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
This enables an engine during its package's installation, by adding it
to the engines list in /etc/ssl/engines.cnf.d/engines.cnf.
The engine build system was reworked, with the addition of an engine.mk
file that groups some of the engine packages' definitions, and could be
used by out of tree engines as well.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
This changes the configuration of engines from the global openssl.cnf to
files in the /etc/ssl/engines.cnf.d directory. The engines.cnf file has
the list of enabled engines, while each engine has its own configuration
file installed under /etc/ssl/engines.cnf.d.
Patches were refreshed with --zero-commit.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
The 'BOARDNAME' variable is part of target configuration and shouldn't
be part of a device's image recipe.
Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
The I/O base address for the timers was hardcoded into the driver,
or derived from the HW IRQ number as an even more horrible hack. All
supported SoC families have these timers, but with hardcoded addresses
the code cannot be reused right now.
Request the timer's base address from the DT specification, and store it
in a private struct for future reference.
Matching the second interrupt specifier, the address range for the
second timer is added to the DT specification.
Signed-off-by: Sander Vanheule <sander@svanheule.net>
The Realtek timer node for RTL930x doesn't have any child nodes, making
the use of '#address-cells' quite pointless. It is also not an interrupt
controller, meaning it makes no sense to define '#interrupt-cells'.
The I/O address for this node is also wrong, but this is hidden by the
fact that the driver associated with this node bypasses the usual DT
machinery and does it's own thing. Correct the address to have a sane
value, even though it isn't actually used.
Fixes: a75b9e3ecb ("realtek: Adding RTL930X sub-target")
Signed-off-by: Sander Vanheule <sander@svanheule.net>
When driven by a GPIO pin, the system LED needs to be configured as
active high. Otherwise the LED switches off after booting and
initialisation.
Fixes: 47f5a0a3ee ("realtek: Add support for ZyXEL GS1900-48 Switch")
Signed-off-by: Sander Vanheule <sander@svanheule.net>
The default value for a DT node's status property is already "okay", so
there's no need to specify it again. Drop the status property to clean
up the DTS.
Signed-off-by: Sander Vanheule <sander@svanheule.net>
The assigned output index for the event timers was quite low, lower even
than the ethernet interrupt. This means that high network load could
preempt timer interrupts, possibly leading to all sorts of strange
behaviour.
Increase the interrupt output index of the event timers to 5, which is
the highest priority output and corresponds to the (otherwise unused)
MIPS CPU timer interrupt.
Fixes: a75b9e3ecb ("realtek: Adding RTL930X sub-target")
Signed-off-by: Sander Vanheule <sander@svanheule.net>
The RTL8231 is an external chip, and not part of the SoC. That means
it is more appropriate to define it in the board specific (base) files,
instead of the DT include for the SoC itself.
Moving the RTL8231 definition also ensures that boards with no GPIO
expander, or an alternative one, don't have a useless gpio1 node label
defined.
Tested on a Netgear GS110TPPv1.
Signed-off-by: Sander Vanheule <sander@svanheule.net>
The address in some node names doesn't match the actual offset specified
in the DT node. Update the names to fix this.
While fixing the node names, also drop the unused node labels.
Fixes: 0a7565e536 ("realtek: Update rtl839x.dtsi for realtek,rtl-intc, new gpio controller remove RTL8231 node")
Signed-off-by: Sander Vanheule <sander@svanheule.net>
Bootargs for devices in the realtek target were previously consolidated
in commit af2cfbda2b ("realtek: Consolidate bootargs"), since all
devices currently use the same arguments.
Commit a75b9e3ecb ("realtek: Adding RTL930X sub-target") reverted this
without any argumentation, so let's undo that.
Commit 0b8dfe0851 ("realtek: Add RTL931X sub-target") introduced the
old bootargs also for RTL931x, without providing any actual device
support. Until that is done, let's assume vendors will have done what
they did before, and use a baud rate of 115200.
Fixes: a75b9e3ecb ("realtek: Adding RTL930X sub-target")
Signed-off-by: Sander Vanheule <sander@svanheule.net>
Enable the AP806's cpufreq driver. This driver is compatible with the
Armada 7K and 8K platforms.
Tested-by: Stijn Segers <foss@volatilesystems.org> (RB5009UG+S+IN)
Signed-off-by: Matthew Hagan <mnhagan88@gmail.com>
100-ddr-marvell-a38x-fix-BYTE_HOMOGENEOUS_SPLIT_OUT-deci.patch [1]:
SoC Marvell A38x is used in Turris Omnia, and we thought that with recent
fiddling around DDR training to fix it once for all, there were
reproduced the issue in the upcoming new revision Turris Omnia boards.
101-arm-mvebu-spl-Add-option-to-reset-the-board-on-DDR-t.patch [2]:
This is useful when some board may occasionally fail with DDR training,
and it adds the option to reset the board on the DDR training failure
102-arm-mvebu-turris_omnia-Reset-the-board-immediately-o.patch [3]:
This enables the option CONFIG_DDR_RESET_ON_TRAINING_FAILURE (added by
101 patch), so the Turris Omnia board is restarted immediately, and it
does not require to reset the board manually or wait 120s for MCU to
reset the board
[1] https://patchwork.ozlabs.org/project/uboot/patch/20220217000837.13003-1-kabel@kernel.org/
[2] https://patchwork.ozlabs.org/project/uboot/patch/20220217000849.13028-1-kabel@kernel.org/
[3] https://patchwork.ozlabs.org/project/uboot/patch/20220217000849.13028-2-kabel@kernel.org/
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
Enabled CONFIG_ALL_KMODS and ran make kernel_menuconfig against
bcm2711 to update defconfig. Some of the removed symbols are
present in target/linux/generic/config-5.10 while others were
removed by the make target.
Signed-off-by: John Audia <graysky@archlinux.us>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com> (wrapped)
Enabled CONFIG_ALL_KMODS and ran make kernel_menuconfig against
bcm2710 to update defconfig. Some of the removed symbols are
present in target/linux/generic/config-5.10 while others were
removed by the make target.
Signed-off-by: John Audia <graysky@archlinux.us>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com> (wrapped)
Enabled CONFIG_ALL_KMODS and ran make kernel_menuconfig against
bcm2709 to update defconfig. Some of the removed symbols are
present in target/linux/generic/config-5.10 while others were
removed by the make target.
Signed-off-by: John Audia <graysky@archlinux.us>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com> (wrapped)
Enabled CONFIG_ALL_KMODS and ran make kernel_menuconfig against
bcm2708 to update defconfig. Some of the removed symbols are
present in target/linux/generic/config-5.10 while others were
removed by the make target.
Signed-off-by: John Audia <graysky@archlinux.us>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com> (wrapped)
This commit adds the following package compile options.
CONFIG_PACKAGE_RTW88_DEBGUG:
Compile the driver with additional debug logging output
CONFIG_PACKAGE_RTW88_DEBGUGFS:
Add the possibility to map information about the driver rtw88 into
debugfs.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
Fix the missing ;; after the cAP ac case in /e/b/01_leds.
Fixes: 93d9119 ("ipq40xx: add MikroTik cAP ac support")
Signed-off-by: Robert Marko <robimarko@gmail.com>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com> (minor touch-up)
The kernel of both images will no longer fit into
the 3072KiB / 3MiB kernel partition:
|Image Name: ARM OpenWrt Linux-5.10.100
|Created: Sat Feb 19 00:11:55 2022
|Image Type: ARM Linux Kernel Image (uncompressed)
|Data Size: 3147140 Bytes = 3073.38 KiB = 3.00 MiB
Disable both targets for now, until a solution is available.
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
Contains following changes:
136006b88826 cmake: fix usage of implicit library and include paths
bc0e84d689e2 netifd: interface-ip: don't set fib6 policies if ipv6 disabled
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Use correct indent in target/linux/ramips/image/mt7621.mk
to be consistent with the rest of the file.
Signed-off-by: Nick McKinney <nick@ndmckinney.net>
[rephrase commit message as Adrian suggested, fix a6004ns-m indent]
Signed-off-by: Sungbo Eo <mans0n@gorani.run>