Kernel size limits have been dealt with.
Effective revert of a1eb2c46 and ac9730c4.
Signed-off-by: Tad Davanzo <tad@spotco.us>
(cherry picked from commit b4f76d9f0d)
venom has a 3MB kernel partition as specified by the DTS.
3MB is not sufficient for building with many kernel modules or newer
kernel versions.
venom uboot however as set from factory will load up to 6MB.
This can be observed by looking a uboot log:
NAND read: device 0 offset 0x900000, size 0x600000
6291456 bytes read: OK
and from uboot environment variables:
$ fw_printenv | grep "priKernSize";
priKernSize=0x0600000
Resize the root partitions from 120MB to 117MB to let kernel expand
into it another 3MB.
And set kernel target size to 6MB.
Lastly set the kernel-size-migration compatibility version on venom to
prevent sysupgrading without first reinstalling from a factory image.
Signed-off-by: Tad Davanzo <tad@spotco.us>
(cherry picked from commit 15309f5133)
mamba has a 3MB kernel partition as specified by the DTS.
3MB is not sufficient for building with many kernel modules or newer
kernel versions.
mamba uboot however as set from factory will load up to 4MB.
This can be observed by looking a uboot log:
NAND read: device 0 offset 0xa00000, size 0x400000
4194304 bytes read: OK
and from uboot environment variables:
$ fw_printenv | grep "pri_kern_size";
pri_kern_size=0x400000
Resize the root partitions from 37MB to 36MB to let kernel expand
into it another 1MB.
And set kernel target size to 4MB.
Lastly add a compatibility version message: kernel-size-migration.
And set it on mamba to prevent sysupgrading without first reinstalling from
a factory image.
Signed-off-by: Tad Davanzo <tad@spotco.us>
(cherry picked from commit 10415d5e70)
This includes several improvements and fixes:
61db17e rules: fix device and chain usage for DSCP/MARK targets
7b844f4 zone: avoid duplicates in devices list
c2c72c6 firewall3: remove last remaining sprintf()
12f6f14 iptables: fix serializing multiple weekdays
00f27ab firewall3: fix duplicate defaults section detection
e8f2d8f ipsets: allow blank/commented lines with loadfile
8c2f9fa fw3: zones: limit zone names to 11 bytes
78d52a2 options: fix parsing of boolean attributes
Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
(cherry picked from commit 0d75aa27d4)
Backport upstream patch that fixes TRGMII mode now that mt7530 is
actually resetting the switch on ramips devices.
Patches apply to both Linux 5.4 and 5.10, since TRGMII is broken on both.
Fixes: 69551a2442 ("ramips: manage low reset lines")
Signed-off-by: Ilya Lipnitskiy <ilya.lipnitskiy@gmail.com>
(cherry picked from commit 680f91d0e5)
Instead of deactivating this in every target config, deactivate it once
in the generic kernel config. I was asked for this config option in a
x86 64 build in OpenWrt 21.02.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 7d6553c72e)
This device is a wireless router working on 2.4GHz band based on
Qualcom/Atheros AR9132 rev 2 SoC and is accompanied by Atheros AR9103
wireless chip and Realtek RTL8366RB/S switches. Due to two different
switches being used also two different devices are provided.
Specification:
- 400 MHz CPU
- 64 MB of RAM
- 32 MB of FLASH (NOR)
- 3x3:2 2.4 GHz 802.11bgn
- 5x 10/100/1000 Mbps Ethernet
- 4x LED, 3x button, On/Off slider, Auto/On/Off slider
- 1x USB 2.0
- bare UART header place on PCB
Flash instruction:
- NOTE: Pay attention to the switch variant and choose the image to
flash accordingly. (dmesg / kernel logs can tell it)
- Methods for flashing
- Apply factory image in OEM firmware web-gui.
- Sysupgrade on top of existing OpenWRT image
- U-Boot TFPT recovery for both stock or OpenWRT images:
The device U-boot contains a TFTP server that by default has
an address 192.168.11.1 (MAC 02:AA:BB:CC:DD:1A). During the boot
there is a time window, during which the device allows an image to
be uploaded from a client with address 192.168.11.2. The image will
be written on flash automatically.
1) Have a computer with static IP address 192.168.11.2 and the
router device switched off.
2) Connect the LAN port next to the WAN port in the device and the
computer using a network switch.
3) Assign IP 192.168.11.1 the MAC address 02:AA:BB:CC:DD:1A
arp -s 192.168.11.1 02:AA:BB:CC:DD:1A
4) Initiate an upload using TFTP image variant
curl -T <imagename> tftp://192.168.11.1
5) Switch on the device. The image will be uploaded subsequently.
You can keep an eye on the diag light on the device, it should
keep on blinking for a while indicating the writing of the image.
General notes:
- In the stock firmware the MAC address is the same among all
interfaces so it is left here that way too.
Recovery:
- TFTP method
- U-boot serial console
Differences to ar71xx platform
- This device is split in two different targets now due to hardware
being a bit different under the hood. Dynamic solution within the same
image is left for later time.
- GPIOs for a sliding On/Off switch, marked 'Movie engine' on the device
cover, were the wrong way around and were renamed qos_on -> movie_off,
qos_off -> movie_on. Associated key codes remained the same they were.
The device tree source code is mostly based on musashino's work
Signed-off-by: Mauri Sandberg <sandberg@mailfence.com>
(cherry picked from commit bc356de285)
Generally, in upstream CFI flash memory driver uses buffers for write
operations. That does not work with AMD chip with id 0x2201 and we must
resort to writing word sized chunks only. That is, to not apply general
buffer write functionality for this given chip.
Without the patch kernel logs will be flooded with entries like below:
MTD do_erase_oneblock(): ERASE 0x01fa0000
MTD do_write_buffer(): WRITE 0x01fa0000(0x00001985)
MTD do_erase_oneblock(): ERASE 0x01f80000
MTD do_write_buffer(): WRITE 0x01f80000(0x00001985)
MTD do_write_buffer_wait(): software timeout, address:0x01f8000a.
jffs2: Write clean marker to block at 0x01a60000 failed: -5
MTD do_erase_oneblock(): ERASE 0x01f60000
MTD do_write_buffer(): WRITE 0x01f60000(0x00001985)
MTD do_write_buffer_wait(): software timeout, address:0x01f6000a.
jffs2: Write clean marker to block at 0x01a40000 failed: -5
References: http://patchwork.ozlabs.org/project/linux-mtd/patch/20210309174859.362060-1-sandberg@mailfence.com/
Signed-off-by: Mauri Sandberg <sandberg@mailfence.com>
[added link to usptream fix submission]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit 8cc0fa8fac)
NXP 74HC153 is a GPIO expander. Its original source cide sits in ar71xx
architecture tree. It has been slightly modified to get GPIO pin
configuration from the device tree rather than a MACH file.
Changes to the source file:
- Remove struct nxp_74hc153_config
- in nxp_74hc153_probe(), fetch GPIO configuration from device tree
- allow GPIO framework decide the base number by passing -1 to it
- remove support for kernel versions below 4.5.0
- add OF device compatibility string
Create a package for inclusion in image.
References: https://lore.kernel.org/linux-gpio/545111184.50061.1615922388276@ichabod.co-bxl/
Signed-off-by: Mauri Sandberg <sandberg@mailfence.com>
[added link to driver usptreaming work in progress]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit 6a6f9e73dd)
This version fixes 2 security vulnerabilities, among other changes:
- CVE-2021-3450: problem with verifying a certificate chain when using
the X509_V_FLAG_X509_STRICT flag.
- CVE-2021-3449: OpenSSL TLS server may crash if sent a maliciously
crafted renegotiation ClientHello message from a client.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit 0bd0de7d43)
Remove duplicate packages by running in `target/linux/` rather than
`target/linux/<target>/<subtarget>` and sort packages alphabetically.
Squash commit of:
7880a64848 build,json: 3rd fixup of default_packages
b36068d35d build,json: fixup fixup of arch_packages
1bf2b3fe90 build,json: fixup missing arch_packages
Signed-off-by: Paul Spooren <mail@aparcar.org>
This should fix the problem of mwlwifi-firmware-* not being found
when using the ImageBuilder.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit 9b3aaf1cdb)
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Calling without the DUMP=1 argument causes the target specific Makefile
to be "included" again which adds the target specific packages twice,
once on the actual run and once included from `include/target.mk`.
This led to duplicate package entries, causing confusion in downstream
projects using the generated JSON files.
While at it, apply `black` style to Python script.
Signed-off-by: Paul Spooren <mail@aparcar.org>
(cherry picked from commit 7f4c2b1a4f)
Physical port order watched from the back of the device is:
4 / 3 / 2 / 1 / WAN which also matches corresponding leds.
This patch corrects LuCI switch webpage LAN port order.
Signed-off-by: Walter Sonius <walterav1984@gmail.com>
[improve commit title, fix sorting in 02_network]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
(cherry picked from commit 46c0634b50)
This patch enables LED support for the GL.iNet GL-MV1000
Signed-off-by: Jeff Collins <jeffcollins9292@gmail.com>
[add SPDX identifier on new file, add aliases, minor cosmetic issues]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
(cherry picked from commit 6e0c780eb3)
15346de client: Always close connection with request body in case of error
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 1170655f8b)
Instead of doing uci commit and reload_config for each setting do it
only once when one of these options was changed. This should make it a
little faster when both conditions are taken.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 501221af54)
Without this change the config is only committed, but the uhttpd daemon
is not reloaded. This reload is needed to apply the config. Without the
reload of uhttpd, the ubus server is not available over http and returns
a Error 404.
This caused problems when installing luci on the snapshots and
accessing it without reloading uhttpd.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit d25d281fd6)
This release of Mbed TLS provides bug fixes and minor enhancements. This
release includes fixes for security issues.
Security fixes:
* Fix a buffer overflow in mbedtls_mpi_sub_abs()
* Fix an errorneous estimation for an internal buffer in
mbedtls_pk_write_key_pem()
* Fix a stack buffer overflow with mbedtls_net_poll() and
mbedtls_net_recv_timeout()
* Guard against strong local side channel attack against base64 tables
by making access aceess to them use constant flow code
Full release announcement:
https://github.com/ARMmbed/mbedtls/releases/tag/v2.16.10
Signed-off-by: Magnus Kroken <mkroken@gmail.com>
(cherry picked from commit dbde2bcf60)
This kernel config option was missing and resulted in a question when
building.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 047b7621bb)
This adds NVMEM bindings that are needed for proper booting on Linksys
devices.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit 98d456a14e)
NVRAM access may be needed early in boot process. Reading it using mtd
happens quite late in the init process. Add NVRAM initialization to the
NVMEM driver which comes up early and depends on IO mapping only.
This is required by Linksys devices which use NVRAM content for proper
partitioning (detecting current firmware partition).
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit baf04eed02)
Refactoring of bcm47xx_nvram driver. It's used by bcm47xx and bcm53xx.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit 1c48eee5b2)
It supports NVRAM access described using DT binding. Right now NVRAM
data is exposed using /sys/bus/nvmem/ only.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit 01b1b37528)
Some patches were slightly cleaned up. One things worth mentioning is
that adding:
phy-mode = "rgmii"
broke SF2 driver. It made it access random register breaking switch
setup.
That's why this commit also adds a quick sf2 fix.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit 05dbfe616d)
It's meant to provide upstream support for mtd & NVMEM. It's required
e.g. for reading MAC address from mtd partition content. It seems to be
in a final shape so it's worth testing.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit e90e75b12c)
It's a BCM4906 based device (2 CPU cores). It has 512 MiB of RAM, 4 LAN
ports, 1 WAN port, 2 USB ports, NAND flash. WiFi unknown at this point.
Flashing is possible using CFE only, proper image will be worked on
later.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit 8d24da1470)
This adds the latest version of ofpart commit. It hopefully
1. Doesn't break compilation
2. Doesn't break partitioning
(this time).
It's required to implement fixed partitioning with some quirks. It's
required by bcm53xx, bcm4908, kirkwood, lantiq and mvebu.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit 7a7b2fd809)
This allows using the last integrated PHY (and so e.g. WAN port on the
ASUS GT-AC5300).
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit ad8b759fd1)
The ImageBuilder `make manifest` prints all installed packages. This
function can be used to create a list of package and corresponding
package versions before attempting image creation.
When called with `--strip-abi` OPKG can automatically strip attached
ABIVersions from package names. Make this function accessible for the
ImageBuilder by adding a `STRIP_ABI` variable.
Signed-off-by: Paul Spooren <mail@aparcar.org>
(cherry picked from commit 0f7cd97f81)
Refreshed all patches.
The following patches were applied upstream:
* 755-v5.8-net-dsa-add-GRO-support-via-gro_cells.patch
* 831-v5.9-usbip-tools-fix-build-error-for-multiple-definition.patch
Compile-tested on: x86_64, ipq40xx, ath79
Runtime-tested on: x86_64, ipq40xx, ath79
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
d3f2041 uci: manually clear uci_ptr flags after uci_delete() operations
ccb7517 sys: packagelist: drop ABI version from package name
(cherry picked from commit da339a6d3f)
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
d71856a pkg: pass-through ABIVersion to status file
d3a63b3 libopkg: add option to strip ABI versions from listed names
5936c4f libopkg: pkg_hash: prefer original packages to satisfy dependencies
(cherry squashed from commit 6a7a1f1c64,
commit 988ed00802 and
commit b5f6d20560)
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
With the existence of ABI versions there is no clean way to determine
the package name without an attached ABI version. The Packages index is
stored on device to know what packages are installed.
The ABIVersion was recently removed in c921650382 "build: drop ABI
version from metadata", while ABI versions still exists. This becomes a
problem if a user tries to export installed packages via `ubus call
rpcd-sys packagelist` which would return package names including the ABI
version. Trying to find these packages in a later release with changes
ABI version is impossible.
This commits adds the `ABIVersion` field again. Knowing both the
combined (SourceName + ABIVersion) and the `ABIVersion` it is possible
to calculate the package `SourceName` without storing it in the
on-device package list.
Signed-off-by: Paul Spooren <mail@aparcar.org>
(cherry picked from commit fc5b101c06)
Signed-off-by: Daniel Golle <daniel@makrotopia.org>