Commit Graph

155 Commits

Author SHA1 Message Date
Daniel Golle
e6aac8d98f image: add support for building FIT image with filesystem
Allow for single (external-data) FIT image to hold kernel, dtb and
squashfs. In that way, the bootloader verifies the system integrity
including the rootfs, because what's the point of checking that the
hash of the kernel is correct if it won't boot in case of squashfs
being corrupted? Better allow bootloader to check everything needed
to make it at least up to failsafe mode. As a positive side effect
this change also makes the sysupgrade process on nand potentially
much easier as it is now.
In short: mkimage has a parameter '-E' which allows generating FIT
images with 'external' data rather than embedding the data into the
device-tree blob itself. In this way, the FIT structure itself remains
small and can be parsed easily (rather than having to page around
megabytes of image content). This patch makes use of that and adds
support for adding sub-images of type 'filesystem' which are used to
store the squashfs. Now U-Boot can verify the whole OS and the new
partition parsers added in the Linux kernel can detect the filesystem
sub-images, create partitions for them, and select the active rootfs
volume based on the configuration in FIT (passing configuration via
device tree could be implemented easily at a later stage).

This new FIT partition parser works for NOR flash (on top of mtdblock),
NAND flash (on top of ubiblock) as well as classic block devices
(ie. eMMC, SDcard, SATA, NVME, ...).
It could even be used to mount such FIT images via `losetup -P` on a
user PC if this patch gets included in Linux upstream one day ;)

Signed-off-by: John Crispin <john@phrozen.org>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-02-24 01:35:20 +00:00
DENG Qingfang
920eaab1d8 kernel: DSA roaming fix for Marvell mv88e6xxx
Marvell mv88e6xxx switch series cannot perform MAC learning from
CPU-injected (FROM_CPU) DSA frames, which results in 2 issues.
- excessive flooding, due to the fact that DSA treats those addresses
as unknown
- the risk of stale routes, which can lead to temporary packet loss

Backport those patch series from netdev mailing list, which solve these
issues by adding and clearing static entries to the switch's FDB.

Add a hack patch to set default VID to 1 in port_fdb_{add,del}. Otherwise
the static entries will be added to the switch's private FDB if VLAN
filtering disabled, which will not work.

The switch may generate an "ATU violation" warning when a client moves
from the CPU port to a switch port because the static ATU entry added by
DSA core still points to the CPU port. DSA core will then clear the static
entry so it is not fatal. Disable the warning so it will not confuse users.

Link: https://lore.kernel.org/netdev/20210106095136.224739-1-olteanv@gmail.com/
Link: https://lore.kernel.org/netdev/20210116012515.3152-1-tobias@waldekranz.com/
Ref: https://gitlab.nic.cz/turris/turris-build/-/issues/165
Signed-off-by: DENG Qingfang <dqfext@gmail.com>
2021-02-23 21:10:56 +01:00
Adrian Schmutzler
0e43f62f21 kernel: 5.10: refresh patches
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2021-02-16 23:48:23 +01:00
Adrian Schmutzler
1013bf433b kernel: hack-5.10: make UDP tunneling user-selectable
This applies another patch from 5.4 to 5.10 as well:
de09355f74 ("kernel/hack-5.4: make UDP tunneling user-selectable")

UDP tunneling support isn't user-selectable, but it's required by WireGuard
which is, for the time being, an out-of-tree module. We currently work around
this issue by selecting an unrelated module which depends on UDP tunnelling
(VXLAN). This is inconvenient, as it implies this unrelated module needs to be
built-in when doing a monolithic build.

Fix this inconvenience by making UDP tunneling user-selectable in the kernel
configuration.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2021-02-16 23:48:23 +01:00
Felix Fietkau
b10d604459 kernel: add linux 5.10 support
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-02-16 20:06:51 +01:00