Now that ujail supports seccomp also on Aarch64, add missing syscall
'fstat' to the list of allowed syscalls.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit d28880cdd8)
The mt7530_{r,w}32 operation over MDIO uses 3 mdiobus operations and
does not hold a lock, which causes a race condition when multiple
threads try to access a register, they may get unexpected results.
To avoid this, handle the MDIO lock manually, and use the unlocked
__mdiobus_{read,write} in the critical section.
This fixes the "Ghost VLAN" artifact[1] in MT7530/7621 when the VLAN
operation and the swconfig LED link status poll race between each other.
[1] https://forum.openwrt.org/t/mysterious-vlan-ids-on-mt7621-device/64495
Signed-off-by: DENG Qingfang <dqfext@gmail.com>
(cherry picked from commit f99c9cd9c4)
Fix the PLL register value for 10 Mbit/s link modes on the UniFi AC Lite
/ Mesh / LR. Otherwise, 10 Mbit/s links do not transfer data.
Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit 956407292d)
Fix the PLL register value for 10 Mbit/s link modes on TP-Link EAP
boards using a AR8033 SGMII PHY.
Otherwise, 10 Mbit/s links do not transfer data.
Reported-by: Tom Herbers <freifunk@tomherbers.de>
Tested-by: Tom Herbers <freifunk@tomherbers.de>
Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit bbff6239e2)
e78ea9bd26 Update Nios II libm-test-ulps.
98bb18f52a malloc: Fix a realloc crash with heap tagging [BZ 27468]
fc4ecce85b S390: Also check vector support in memmove ifunc-selector [BZ #27511]
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
(cherry picked from commit d49f1acff1)
For some reason, one of the configure checks results in some infinite
loop and ends up spawning endless gcc processes, causing OOM. Just pass
a configure var to avoid it.
Same fix as 6e23813c1e
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit fc093c3f9c)
Reduce spi-max-frequency for Xiaomi MI Router 4AG model
Xiaomi MI Router 4AG MTD uses two flash chips (no specific on router versions when produced from factory) - GD25Q128C and W25Q128BV.
These flash chips are capable of high frequency, but due to poor board design or manufacture process.
We are seeing the following errors in the linux kernel bootup:
`spi-nor spi0.0: unrecognized JEDEC id bytes: cc 60 1c cc 60 1c
spi-nor: probe of spi0.0 failed with error -2`
This causes the partitions not to be detected
`VFS: Cannot open root device "(null)" or unknown-block(0,0): error -6`
Then creates a bootloop and a bricked router.
The solution to limit this race condition is to reduce the frequency from 80 mhz to 50 mhz.
Signed-off-by: David Bentham <db260179@gmail.com>
(cherry picked from commit 17e690017d)
The crypto engine in Armada 370 SoCs is currently broken. It can be
checked installing the required packages for testing openssl with hw
acceleration:
opkg install openssl-util
opkg install kmod-cryptodev
opkg install libopenssl-devcrypto
After configuring /etc/ssl/openssl.cnf to let openssl use the crypto
engine for digest operations, and performing some checksums..
md5sum 10M-file.bin
openssl md5 10M-file.bin
...we can see they don't match.
There might be an alignment or size constraint issue caused by the
idle-sram area.
Use the whole crypto sram and disable the idle-sram area to fix it. Also
disable the idle support by adding the broken-idle property to prevent
accessing the disabled idle-sram.
We don't care about disabling the idle support since it is already broken
in Armada 370 causing a huge performance loss because it disables
permanently the L2 cache. This was reported in the Openwrt forum and
elsewhere by Debian users with different board models.
Signed-off-by: Daniel González Cabanelas <dgcbueu@gmail.com>
(cherry picked from commit 2e1ebe96c6)
The GL.iNet GL-MV1000 is booting from eMMC and the images for it are in
theory sysupgrade compatible. But the platform upgrade scripts were not
adjusted to select the mmcblock device as upgrade target. This resulted in
a failed sysupgrade because the mtd device (NOR flash) was instead tried to
be modified by the sysupgrade script.
Fixes: 050c24f05c ("mvebu: add support for GL.iNet GL-MV1000")
Signed-off-by: Sven Eckelmann <sven@narfation.org>
(cherry picked from commit 07e5e03711)
The Buffalo Linkstation LS421DE NAS lacks an uboot env config file.
Create it via scripts.
Signed-off-by: Daniel González Cabanelas <dgcbueu@gmail.com>
(cherry picked from commit 4f8da19572)
Fixes boot loader LZMA decompression issue,
reported by GitHub user KOLANICH at [0].
The reported LZMA ERROR has date of 2020-07-20, soon after
the device support landed:
Ralink UBoot Version: 3.5.2.4_ZyXEL
....
3: System Boot system code via Flash.
Image Name: MIPS OpenWrt Linux-4.14.187
Created: 2020-07-20 3:39:11 UTC
Image Type: MIPS Linux Kernel Image (lzma compressed)
Data Size: 1472250 Bytes = 1.4 MB
Load Address: 80000000
Entry Point: 80000000
Verifying Checksum ... OK
Uncompressing Kernel Image ... LZMA ERROR 1 - must RESET board to recover
[0] fea232ae8f (commitcomment-45016560)
Fixes: 4dc9ad4af8 ("ramips: add support for ZyXEL Keenetic Lite Rev.B")
Signed-off-by: Szabolcs Hubai <szab.hu@gmail.com>
(cherry picked from commit dd3c1ad8ee)
This fixes partitioning on Linksys EA9500. With this change only the
currently used firmware MTD partition gets parsed.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit a3c7633ddc)
Respect the generic kernel config setting, which is "enabled" tree-wide, as
previously done for sunxi.
Ref: 247ef4d98b ("sunxi: enable CONFIG_BPF_SYSCALL and CONFIG_EMBEDDED")
Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
(cherry picked from commit 41948c9c1b)
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
CRYPTO_DEV_CCP depends on X86 or ARM64
CRYPTO_DEV_CCP_DD depends on CPU_SUP_AMD or ARM64
Compiling this driver makes sense for x86 mainly. If one day support for
ARM64 board with AMD Secure Processor gets added this package may be
updated.
Trying to build this package on bcm4908 was causing:
ERROR: module 'build_dir/target-aarch64_cortex-a53_musl/linux-bcm4908_generic/linux-5.4.110/drivers/crypto/ccp/ccp-crypto.ko' is missing.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit cb3fb45ed1)
Currently it's not possible to flash factory images on devices shipped
with vendor firmware versions 1.1.0 Build 20201120 rel. 50406 (published
2020-12-22):
(curFw_ver, newFw_ver) == (1.1, 1.0) [NM_Error](nm_checkSoftVer) 00848: Firmwave not supports, check failed.
[NM_Error](nm_checkUpdateContent) 01084: software version dismatched
[NM_Error](nm_buildUpgradeStruct) 01188: checkUpdateContent failed.
They've even following note in release notes:
Note: You will be unable to downgrade to the previous firmware version
after updating this firmware.
This version check in vendor firmware is implemented in
/usr/bin/nvrammanager binary likely as following C code[1]:
sscanf(buf, "%d.%d.%*s",&upd_fw_major, &upd_fw_minor);
...
if (((int)upd_fw_major < (int)cur_fw_major) ||
((ret = 1, cur_fw_major == upd_fw_major && (upd_fw_minor < (int)cur_fw_minor)))) {
ret = 0;
printf("[NM_Error](%s) %05d: Firmwave not supports, check failed.\r\n\r\n","nm_checkSoftVer" ,0x350);
}
...
return ret;
So in order to fix this and make it future proof it should be enough to
ship our factory firmware images with major version 7 (lucky number).
Tested on latest firmware version 1.1.2 Build 20210125 rel.37999:
Firmwave supports, check OK.
(curFw_ver, newFw_ver) == (1.1, 7.0) check firmware ok!
Flashing back to vendor firmware
c7v5_us-up-ver1-1-2-P1[20210125-rel37999]_2021-01-25_10.33.55.bin works
as well:
U-Boot 1.1.4-gbec22107-dirty (Nov 18 2020 - 18:19:12)
...
Firmware downloaded... filesize = 0xeeae77 fileaddr = 0x80060000.
Firmware Recovery file length : 15642231
Firmware process id 2.
handle_fw_cloud 146
Image verify OK!
Firmware file Verify ok!
product-info:product_name:Archer C7
product_ver:5.0.0
special_id:55530000
[Error]sysmgr_cfg_checkSupportList(): 1023 @ specialId 45550000 NOT Match.
Firmware supports, check OK.
Firmware Recovery check ok!
1. https://gist.github.com/ynezz/2e0583647d863386a66c3d231541b6d1
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit e6d66375cb)
When $(FPIC) gets expanded on the command line (for instance
when setting environment variables for libtool, configure, or
make) we can't count on it not needing quoting (i.e. it could
contain multiple flags separated with spaces).
Fixes: dc31191ec3 ("build: make sure asm gets built with -DPIC")
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
(cherry picked from commit 7fae64cc06)
Refreshed all patches.
The following patches were manually changed:
* 610-netfilter_match_bypass_default_checks.patch
* 611-netfilter_match_bypass_default_table.patch
* 802-can-0002-can-rx-offload-fix-long-lines.patch
* 802-can-0003-can-rx-offload-can_rx_offload_compare-fix-typo.patch
* 802-can-0004-can-rx-offload-can_rx_offload_irq_offload_timestamp-.patch
* 802-can-0005-can-rx-offload-can_rx_offload_reset-remove-no-op-fun.patch
* 802-can-0006-can-rx-offload-Prepare-for-CAN-FD-support.patch
* 802-can-0018-can-flexcan-use-struct-canfd_frame-for-CAN-classic-f.patch
The can-dev.ko model was moved in the upstream kernel.
Compile-tested on: x86/64, armvirt/64, ath79/generic
Runtime-tested on: x86/64, armvirt/64, ath79/generic
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Move some disabled symbols found in armvirt target to generic.
Signed-off-by: Aleksander Jan Bajkowski <A.Bajkowski@stud.elka.pw.edu.pl>
(cherry picked from commit 12e942b1fd)
LPAE should be disabled as the Cortex-A8 cores don't support it,
and the kernel will crash on boot if it's enabled.
Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>
Fixes issue openwrt/packages#14921, whereby inline ASM wasn't getting
built as PIC; look at gmp-6.2.1/mpn/x86/pentium/popcount.asm for
example:
ifdef(`PIC',`
...
for a routine that exists in both PIC and non-PIC versions.
Make sure that wherever $(FPIC) gets passed as a variable expansion
that it gets quoted where necessary (such as setting environment
variables in shell commands).
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
(cherry picked from commit af22991e03)
Marvell mv88e6xxx switch series cannot perform MAC learning from
CPU-injected (FROM_CPU) DSA frames, which results in 2 issues.
- excessive flooding, due to the fact that DSA treats those addresses
as unknown
- the risk of stale routes, which can lead to temporary packet loss
Backport those patch series from netdev mailing list, which solve these
issues by adding and clearing static entries to the switch's FDB.
Add a hack patch to set default VID to 1 in port_fdb_{add,del}. Otherwise
the static entries will be added to the switch's private FDB if VLAN
filtering disabled, which will not work.
The switch may generate an "ATU violation" warning when a client moves
from the CPU port to a switch port because the static ATU entry added by
DSA core still points to the CPU port. DSA core will then clear the static
entry so it is not fatal. Disable the warning so it will not confuse users.
Link: https://lore.kernel.org/netdev/20210106095136.224739-1-olteanv@gmail.com/
Link: https://lore.kernel.org/netdev/20210116012515.3152-1-tobias@waldekranz.com/
Ref: https://gitlab.nic.cz/turris/turris-build/-/issues/165
Signed-off-by: DENG Qingfang <dqfext@gmail.com>
(cherry picked from commit 920eaab1d8)
This adds detection of the Sophos SG-105 and Sophos XG-105 models
and assignment of ethernet ports these models have to LAN/WAN.
Signed-off-by: Stan Grishin <stangri@melmac.net>
(cherry picked from commit 64eaf633ff)
Upstream iproute2 detects libbpf using a one-line $CC test-compile, which
normally ignores LDFLAGS. With NLS enabled however, LDFLAGS includes an
"rpath-link" linker option needed to resolve libintl.so. Its absence
causes both the compile and libbpf detection to fail:
ld: warning: libintl.so.8, needed by libbpf.so, not found (try using
-rpath or -rpath-link)
ld: libelf.so.1: undefined reference to `libintl_dgettext'
collect2: error: ld returned 1 exit status
Fix this by directly including $LDFLAGS in the test-compile command.
Reported-by: Ian Cooper <iancooper@hotmail.com>
Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
(cherry picked from commit aab3a04ce8)
The libbfd package definition uses $(ICONV_DEPENDS) and $(INTL_DEPENDS)
but links against neither, leading to libbfd detection failures in other
packages (e.g. bpftools) and on-target relocation problems with libintl.so:
root@OpenWrt:/# ldd /usr/lib/libbfd.so
ldd (0x77db6000)
libc.so => ldd (0x77db6000)
libgcc_s.so.1 => /lib/libgcc_s.so.1 (0x77c6d000)
Error relocating /usr/lib/libbfd.so: libintl_dgettext: symbol not found
Add NLS-conditional linking of "libintl" to fix this. Also remove libbfd
package dependency $(ICONV_DEPENDS) which is not used during building or
linking.
Tested with QEMU on malta/be32, after building all packages from binutils,
bpftools and iproute2, using different libc options musl and glibc.
Fixes: 08e8175696 ("binutils: use nls.mk to fix libbfd link errors in
other packages")
Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
(cherry picked from commit 9a59f62f61)
There is no direct linking of libintl from bpftools, only secondary linking
through libelf, so remove "-lintl" from TARGET_LDFLAGS.
Fixes: 5582fbd613 ("bpftools: support NLS, fix ppc build and update to 5.8.9")
Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
(cherry picked from commit c8c638a19b)
This change was investigated previously [1] but not deemed necessary. With
the recent addition [2] of modern BPF loader support, however, tc gained
dependencies on libelf and libbpf, with a larger installation footprint.
Similar to ip-tiny/ip-full, split tc into tc-full and tc-tiny variants,
where the latter excludes the eBPF loader, uses a smaller executable, and
avoids libelf and libbpf package dependencies. Both variants provide the
'tc' virtual package, with tc-tiny as the default.
The previous tc package included a loadable module for iptables actions.
Separate this out into a common package, tc-mod-iptables, which both
variants depend on. Some package sizes on mips_24kc:
Before:
148343 tc_5.11.0-1_mips_24kc.ipk
After:
144833 tc-full_5.11.0-2_mips_24kc.ipk
138430 tc-tiny_5.11.0-2_mips_24kc.ipk (and no libelf or libbpf)
4115 tc-mod-iptables_5.11.0-2_mips_24kc.ipk
Also fix up some Makefile indentation.
[1] https://github.com/openwrt/openwrt/pull/1627#issuecomment-447619962
[2] b048a305a3 ("iproute2: update to 5.11.0")
Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
(cherry picked from commit 72885e9608)
The link equalizer sch_teql.ko of package kmod-sched relies on a hotplug
script historically included in iproute2's tc package. In previous
discussion [1], consensus was the hotplug script is best located together
with the module in kmod-sched, but this change was deferred at the time.
Relocate the hotplug script now. This change also simplifies adding a tc
variant for minimal size with reduced functionality.
[1] https://github.com/openwrt/openwrt/pull/1627#issuecomment-447923636
Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
(cherry picked from commit 863ce4f15f)
This patch has been submitted upstream to fix an error reported by a few
users. One instance seen using gcc 10.2.0, binutils 2.35.1 and musl 1.1.24:
bpf_glue.c: In function 'get_libbpf_version':
bpf_glue.c:46:11: error: 'PATH_MAX' undeclared (first use in this function);
did you mean 'AF_MAX'?
46 | char buf[PATH_MAX], *s;
| ^~~~~~~~
| AF_MAX
Reported-by: Rui Salvaterra <rsalvaterra@gmail.com>
Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
(cherry picked from commit 10ffefe602)
The latest iproute2 version brings various improvements and fixes:
https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/log/?qt=range&q=v5.10.0..v5.11.0
In particular, ip and tc now use libbpf as the standard way to load BPF
programs, rather than the old, limited custom loader. This allows more
consistent and featureful BPF program handling e.g. support for global
initialized variables.
Also fix a longstanding problem with iproute2 builds where unneeded DSO
dependencies are added to most utilities, bloating their installation
footprint. From research and testing, explicitly using a "--as-needed"
linker flag avoids the issue. Update accordingly and drop extra package
dependencies from Makefile.
Additional build and packaging updates include:
- install missing development header to iproute2/bpf_elf.h
- propagate OpenWrt verbose flag during build
- update and refresh patches
Compile and run tested: QEMU/malta-mips32be on kernels 5.4 & 5.10.
All iproute2 packages were built and installed to the test image. Some
regression testing using ip-full and tc was successfully performed to
exercise several kmods, tc modules, and simple BPF programs.
Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
(cherry picked from commit b048a305a3)
To the vast majority of the users, wireguard-tools are not useful
without the underlying kernel module. The cornercase of only generating
keys and not using the secure tunnel is something that won't be done on
an embedded OpenWrt system often. On the other hand, maintaining a
separate meta-package only for this use case introduces extra
complexity. WireGuard changes for Linux 5.10 remove the meta-package.
So let's make wireguard-tools depend on kmod-wireguard
to make WireGuard easier to use without having to install multiple
packages.
Fixes: ea980fb9 ("wireguard: bump to 20191226")
Signed-off-by: Ilya Lipnitskiy <ilya.lipnitskiy@gmail.com>
(cherry picked from commit cbcddc9f31)
Use NETWORK_SUPPORT_MENU like all other modules in netsupport.mk. Drop
SECTION and CATEGORY fields as they are set by default and to match
other packages in netsupport.mk. Use better TITLE for kmod-wireguard
(taken from upstream drivers/net/Kconfig).
Signed-off-by: Ilya Lipnitskiy <ilya.lipnitskiy@gmail.com>
(cherry picked from commit 0b53d6f7fa)
On Linux 5.4, build WireGuard from backports. Linux 5.10 contains
wireguard in-tree.
Add in-kernel crypto libraries required by WireGuard along with
arch-specific optimizations.
Signed-off-by: Ilya Lipnitskiy <ilya.lipnitskiy@gmail.com>
(cherry picked from commit 06351f1bd0)
(cherry picked from commit 464451d9ab)
Rather than using the clunky, old, slower wireguard-linux-compat out of
tree module, this commit does a patch-by-patch backport of upstream's
wireguard to 5.4. This specific backport is in widespread use, being
part of SUSE's enterprise kernel, Oracle's enterprise kernel, Google's
Android kernel, Gentoo's distro kernel, and probably more I've forgotten
about. It's definately the "more proper" way of adding wireguard to a
kernel than the ugly compat.h hell of the wireguard-linux-compat repo.
And most importantly for OpenWRT, it allows using the same module
configuration code for 5.10 as for 5.4, with no need for bifurcation.
These patches are from the backport tree which is maintained in the
open here: https://git.zx2c4.com/wireguard-linux/log/?h=backport-5.4.y
I'll be sending PRs to update this as needed.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
(cherry picked from commit 3888fa7880)
(cherry picked from commit d540725871)
(cherry picked from commit 196f3d586f)
(cherry picked from commit 3500fd7938)
(cherry picked from commit 23b801d3ba)
(cherry picked from commit 0c0cb97da7)
(cherry picked from commit 2a27f6f90a)
Signed-off-by: Ilya Lipnitskiy <ilya.lipnitskiy@gmail.com>
This enables building BCM4908 "raw" image that can be flashed using
bootloader web UI. It requires serial console access & stopping booting
by the "Press any key to stop auto run".
It's easy to build vendor like CHK image but it can't be safely flashed
using vendor UI at this point. Netgear implements method called "NAND
incremental flashing" that doesn't seem to flash bootfs partition as
provided.
Above method seems to update vmlinux.lz without updating 94908.dtb. It
prevents OpenWrt kernel from booting due to incomplete DTB file. Full
Netgear R8000P support can be enabled after finding a way to make vendor
firmware flash OpenWrt firmware including the 94908.dtb update.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit d92a9c97bf)
OpenWrt was succesfully tested on the GT-AC5300 model. It's possible to:
1. Install OpenWrt using vendor UI
2. Perform UBI aware sysupgrade
3. Install vendor firmware using OpenWrt sysupgrade
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit 5e78cb9b85)
bcm4908img is a tool managing BCM4908 platform images. It's used for
creating them as well as checking, modifying and extracting data from.
It's required by both: host (for building firmware images) and target
(for sysupgrade purposes). Make it a host/target package.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit 9b4fc4cae9)
It supports flashing OpenWrt images (bootfs & UBI upgrade) as well as
vendor images (whole MTD partition write).
Upgrading cferom is unsupported. It requires copying device specific
data (like MAC) to target image before flashing.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit a6a0b252ba)
This way MTD "bootfs" partition will be always 8+ MiB. This should be
enough for any custom / future firmware to fit its bootfs (e.g. big
kernel) without having to repertition whole flash. That way we can
preserve UBI and its erase counters during sysupgrade.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit ca9b1f15c4)