Without this patch, the chacha block counter is not incremented on neon
rounds, resulting in incorrect calculations and corrupt packets.
This also switches to using `--no-numbered --zero-commit` so that future
diffs are smaller.
Reported-by: Hans Geiblinger <cybrnook2002@yahoo.com>
Reviewed-by: Ilya Lipnitskiy <ilya.lipnitskiy@gmail.com>
Cc: David Bauer <mail@david-bauer.net>
Cc: Petr Štetiar <ynezz@true.cz>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
This is required for devices that use NVRAM data for detecting currently
used firmware partition (e.g. Linksys devices).
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
The previous approach of referencing artifacts in follow-up artifacts
can't work with parallel builds in the current way image.mk is built.
Refactor things so this is not needed.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Write everything needed for eMMC install into the gaps between
partitions on SD card. In that way, installation to eMMC only needs
the SD card, no additional files need to be loaded via TFTP any more.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
This adds the latest version of ofpart commit. It hopefully
1. Doesn't break compilation
2. Doesn't break partitioning
(this time).
It's required to implement fixed partitioning with some quirks. It's
required by bcm53xx, bcm4908, kirkwood, lantiq and mvebu.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
autotools.mk does not have any protection currently that would prevent
it from being sourced multiple times. Note that both package.mk and
host-build.mk source autotools.mk. So any package Makefile that includes
both will cause hooks to be added twice (at least twice).
This is fixed by declaring a new variable, __autotools_inc, and only
continuing if this variable doesn't equal 1. The same is done by
rules.mk already.
Also, this commit does away with an ifneq that checks PKG_FIXUP (instead
of HOST_FIXUP) for patch-libtool before adding to the host pre-configure
hook. This does not make sense.
The second ifneq is amended. The current one manually does what the
define patch_libtool_host is already doing. It can just use the define.
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
This was provided by the old static config.site files and is required by
some software, i.e. freeswitch.
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
Don't download all of vim just to build xxd. Use a tight tarball
containing only xxd sources instead.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
This profile is meant to be used on MT7622 rfb1 AP, indicate that in
the name to make things less confusing.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
p2p_add_device() may remove the oldest entry if there is no room in the
peer table for a new peer. This would result in any pointer to that
removed entry becoming stale. A corner case with an invalid PD Request
frame could result in such a case ending up using (read+write) freed
memory. This could only by triggered when the peer table has reached its
maximum size and the PD Request frame is received from the P2P Device
Address of the oldest remaining entry and the frame has incorrect P2P
Device Address in the payload.
Fix this by fetching the dev pointer again after having called
p2p_add_device() so that the stale pointer cannot be used.
This fixes the following security vulnerabilities/bugs:
- CVE-2021-27803 - A vulnerability was discovered in how p2p/p2p_pd.c
in wpa_supplicant before 2.10 processes P2P (Wi-Fi Direct) provision
discovery requests. It could result in denial of service or other
impact (potentially execution of arbitrary code), for an attacker
within radio range.
Fixes: 17bef1e97a50 ("P2P: Add peer entry based on Provision Discovery Request")
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Signed-off-by: Stefan Lippers-Hollmann <s.l-h@gmx.de>
At this moment driver start fail with error:
[ 3.771991] fsl,elbc-fcm-nand: probe of ffa00000.nand failed with error -22
elbc-fcm-nand driver use legacy method of ecc mode detection. It detect hw/sw
ecc mode when system configure it to "none". [1]
This patch adds 'nand-ecc-mode = "none"' propoerty to use generic driver
ecc mode detection.
[1] https://elixir.bootlin.com/linux/v5.10.18/source/drivers/mtd/nand/raw/fsl_elbc_nand.c#L730
Signed-off-by: Pawel Dembicki <paweldembicki@gmail.com>
At this moment p2020rdb has broken images, because NOR memory connected
to eLBC bus isn't detected.
In 642b1e8dbed7 linux tree commit, config dependencies of MTD_PHYSMAP_OF
was changed and now MTD_PHYSMAP is required.
This patch adds MTD_PHYSMAP option to kernel config in p2020 subtarget
and fix booting of p2020rdb.
Fixes: 13b1db795f ("mpc85xx: add support for kernel 5.4")
Signed-off-by: Pawel Dembicki <paweldembicki@gmail.com>
Amazon AWS T3 cloud instances require kernel support
for the Elastic Fabric Adapter to access storage
and for Elastic Network Adapter to use network
interfaces.
Since the Fabric Adapter is needed to access
root filesystem, enable in x86_64 kernel.
Elastic Network Adapter goes in a module,
and add this module to default list in x86_64.
The module is set to AutoLoad because AutoProbe does
not seem to load it.
Signed-off-by: Alberto Bursi <bobafetthotmail@gmail.com>
Changes:
- Remove custom Build/Compile because it's no longer needed
- Remove std=gnu99 which is added automaticaly by igmpproxy if needed
- Remove -Dlog from CFLAGS because igmpproxy doesn't have log function
Signed-off-by: Jan Pavlinec <jan.pavlinec@nic.cz>
libunwind dependency check does not allow for MIPS64 arch. Add MIPS64 awareness.
libunwind seems to support MIPS64 without issues, it was limited by the dep arch
check in the Makefile.
Used to compile Suricata6/Rust locally without issue.
Signed-off-by: Donald Hoskins <grommish@gmail.com>
Non Linux systems e.g. macOS lack the __u64 type and produce build errors:
In file included from tools/aisimage.c:9:
In file included from include/image.h:19:
In file included from ./arch/arm/include/asm/byteorder.h:29:
In file included from include/linux/byteorder/little_endian.h:13:
include/linux/types.h:146:9: error: unknown type name '__u64'; did you mean '__s64'?
typedef __u64 __bitwise __le64;
Resolved by declaring __u64 in include/linux/types.h
Build tested on macOS and Ubuntu.
Signed-off-by: Georgi Valkov <gvalkov@abv.bg>
Compile and run-tested on malta/mip32be, using bpftool directly and also
libbpf (linked with tc) to inspect and load simple eBPF programs.
Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
The latest iproute2 version brings various improvements and fixes:
https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/log/?qt=range&q=v5.10.0..v5.11.0
In particular, ip and tc now use libbpf as the standard way to load BPF
programs, rather than the old, limited custom loader. This allows more
consistent and featureful BPF program handling e.g. support for global
initialized variables.
Also fix a longstanding problem with iproute2 builds where unneeded DSO
dependencies are added to most utilities, bloating their installation
footprint. From research and testing, explicitly using a "--as-needed"
linker flag avoids the issue. Update accordingly and drop extra package
dependencies from Makefile.
Additional build and packaging updates include:
- install missing development header to iproute2/bpf_elf.h
- propagate OpenWrt verbose flag during build
- update and refresh patches
Compile and run tested: QEMU/malta-mips32be on kernels 5.4 & 5.10.
All iproute2 packages were built and installed to the test image. Some
regression testing using ip-full and tc was successfully performed to
exercise several kmods, tc modules, and simple BPF programs.
Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
Changes:
* Increase "oem" partition size from 0x10000 to 0x20000
* Correct partition lables, synchronize with official firmware
Evidence:
It should be the same as hiwifi hc5x61a and the fact indeed the
case. Here is part of dmesg boot log read from official firmware:
[ 1.470000] Creating 7 MTD partitions on "raspi":
[ 1.470000] 0x000000000000-0x000000030000 : "u-boot"
[ 1.480000] 0x000000030000-0x000000040000 : "hw_panic"
[ 1.490000] 0x000000040000-0x000000050000 : "Factory"
[ 1.490000] 0x000000fc0000-0x000000fe0000 : "oem"
[ 1.500000] 0x000000fe0000-0x000000ff0000 : "bdinfo"
[ 1.510000] 0x000000ff0000-0x000001000000 : "backup"
[ 1.510000] 0x000000050000-0x000000fc0000 : "firmware"
Signed-off-by: Shiji Yang <yangshiji66@qq.com>
Simplify cmake option handling by putting everything in blocks.
Add openssl patch as there's no easy way to disable.
Rebase the skip manpages patch.
Remove the monitor mode patch as it no longer applies.
Remove flex patch as normal Makefile is no longer used.
Remove USB path patch. While it is deprecated, the codepath is never
taken. /sys/bus/usb/devices is checked before hand. If it exists, the
function does stuff and returns. Additionally, this path is used
elsewhere in the code.
Refresh other patches.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
NTPD in busybox has option -I to bind server to IFACE.
However, capabilities of the busybox are limited, the -I option cannot be
repeated and only one interface can be effectively specified in it.
This option is currently not configurable via UCI.
The patch adds an interface option to the system config, ntp section.
Also sort options for uci_load_validate alphabetically.
Signed-off-by: Alexey Dobrovolsky <dobrovolskiy.alexey@gmail.com>
with u-boot v2020.07 some variables have been renamed so this patch needs to be adjusted
otherwise at least with macOS as build system there are build errors
Signed-off-by: Ronny Kotzschmar <ro.ok@me.com>
Assign the usbdev trigger via devicetree and drop the userspace
handling of the usb leds.
Drop the now unused userspace helper code as well.
Signed-off-by: Mathias Kresin <dev@kresin.me>
Acked-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
The QOS feature depends on KPI2UDP which was removed from the tree with
commit a95775e4b2 ("drop unmaintained packages") in 2012.
Since QOS was the last user of the KPI, the feature can be disabled by
default.
Signed-off-by: Mathias Kresin <dev@kresin.me>
The following warnings are shown during build:
/usr/include/vdsl/cmv_message_format.h:33:6: warning: "MEI_SUPPORT_DEBUG_STREAMS" is not defined, evaluates to 0 [-Wundef]
#if (MEI_SUPPORT_DEBUG_STREAMS == 1)
^~~~~~~~~~~~~~~~~~~~~~~~~
/usr/include/vdsl/drv_mei_cpe_interface.h:2256:6: warning: "MEI_SUPPORT_OPTIMIZED_FW_DL" is not defined, evaluates to 0 [-Wundef]
#if (MEI_SUPPORT_OPTIMIZED_FW_DL == 1)
^~~~~~~~~~~~~~~~~~~~~~~~~~~
The headers are provided by the MEI driver, but the defines are never
set by the vdsl app. While the struct with the
MEI_SUPPORT_OPTIMIZED_FW_DL conditional isn't used by the vdsl app,
however CMV_USED_PAYLOAD_8BIT_SIZE which value depends on
MEI_SUPPORT_DEBUG_STREAMS is.
Since the MEI driver doesn't provide an autogenerated header with
compile flags, the flags are hardcoded for the vdsl app.
Set them for the MEI driver as well, to indicate a relation to the
values used for the vdsl app and to be not surprised by a changed
default in case the MEI driver gets updated. Use the current default
values defined in the MEI driver.
Signed-off-by: Mathias Kresin <dev@kresin.me>
These boards have a fixed size kernel partition but do not limit the
kernel size during image building.
Disable image building for both boards as well, since the kernel of the
last release as well as master are to big to fit into the 2 MByte kernel
partition.
Signed-off-by: Mathias Kresin <dev@kresin.me>
Assign the usbdev trigger via devicetree and drop the userspace
handling of the usb leds
Add the PCI attached usb controller as trigger sources for the usb led
as well.
Signed-off-by: Mathias Kresin <dev@kresin.me>
The symbol CONFIG_CAVIUM_CN63XXP1 was disabled during the bump to
4.19 (see Fixes:) with the following reason:
No supported hardware uses CN63XXP1 and it causes "slight decrease
in performance"
However, it later turned out that the edgerouter image needed it,
which led to having the device disabled in [1].
Still, dropping support of a device seems a harsh action for just
removing a "slight" decrease in performance from the other devices.
Thus, this enables CONFIG_CAVIUM_CN63XXP1 again, and essentially
restores the situation present until (including) kernel 4.14 on
this target.
For OpenWrt as a platform, it seems more desirable to support all
devices (and have them tested regularly via the snapshots) in this
case.
Users interested in maximum performance might still just remove
the symbol again in their local build.
[1] 3824fa26d2 ("octeon: disable edgerouter image")
Fixes: 6c22545225 ("target/octeon: Add Linux 4.19 support")
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
U-Boot requires xxd to create the default environment from an external
file as done in uboot-mediatek.
Build xxd (only, not the rest of vim) as part of tools to make sure it
is present on the buildhost.
Reported-by: David Bauer <mail@david-bauer.net>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
a857b45 resolv/locale: eventually this should be more efficient
11ed281 some more optimization
764a475 add redundant calls to file.search_conffile_dirs()
7d4558e fs: treat devtmpfs that same as tmpfs
81b677e adds irqbalance skeleton
5506244 irqbalance rules
cc96cd8 adds usbutil and gtpfdisk skels
01e2a55 some fsck, gptfdisk, mkfs and usbutil rules
d6d1e7d usbutil: output to terminal
da576fa fsck, gptfdisk and usbutil rules
09b39e9 unbound
241a029 hotplugcall: allow dac_read_search (is a subset of dac_override)
af0fe90 adds label for tcsh
160f79e adds tcpdump
6d02b96 adds coreutil execfile for busybox alternatives
ac54884 coreutilexecfile: these are known to require privileges, so exclude
8cb3b66 adds chrootexecfile
6d329d3 this saves 9KiB and its a bit more robust
88e2425 move addpart/delpart/partx to gptfdisk.cil
261012d ntphotplug: reads ubox data files
0473ace various
740e820 work through to genfs_seclabel_symlinks loose ends (Linux 5.10)
bef21f5 TODO adds a note about how I dont need to upgrade to polver 33 from 31
cb2e5a3 ubus uses ntpdhotplug fd, and some genfs_seclabel_symlink changes
07df9b9 luci, rpcd and wpad (mainly genfs_selabel related but not all)
8d86cab genfs_seclabel loose ends for blockmount, hotplugcall, irqbalance, zram-swap
b8156cd adds a note about how i forgot to target blockd
6e82ab8 adds blockd and related
254ff43 Makefile: exclude blockd from mintesttgt
4dc6bc2 pppd update related and unbound-odhcp rules
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
These patches are required for the Ubiquiti UniFi 6 LR to work. They
were already present for kernel 5.4 but got lost when adding 5.10
support.
Signed-off-by: David Bauer <mail@david-bauer.net>
**What's new**
* Bring support for the Bananapi BPi-R64 to the level desirable for
a nice hackable routerboard.
* Use ARM Trusted Firmware A from source. (goodbye binary preloader)
* Use Das U-Boot from source. (see previous commit)
* Assemble SD-card image using OpenWrt image-commands.
(no gen_sd_cruz_foo.sh added, this is not Raspbian)
* Updated kernel options to support root filesystem.
* Updated DTS to match OpenWrt LAN ports, known LEDs, buttons, ...
* Detect root device, handle sysupgrade, config restore, ...
* Wire up (known) LEDs and buttons in OpenWrt-fashion.
* Build one set of images from SD-card and eMMC.
* Hopefully provide a good example of how things can be done right
from scratch.
**Installation and images**
* Have an empty SD-card at hand
* Write stuff to the card, as root (card device is /dev/mmcblkX)
- write header, gpt, bl2, atf, u-boot and recovery kernel:
`cat *bpi-r64-boot-sdcard.img *bpi-r64-initramfs-recovery.fit > /dev/mmcblkX`
- rescan partitions:
`blockdev --rereadpt /dev/mmcblkX`
- write main system to production partition:
`cat *bpi-r64-squashfs-sysupgrade.fit > /dev/mmcblkXp5`
* Installation to eMMC works using SD-card bootloader via TFTP
When running OpenWrt of SD-card, issue this to trigger installation
to eMMC:
`fw_setenv bootcmd run emmc_init`
Be prepared to serve the content of bin/targets/mediatek/mt7622 on
TFTP server address 192.168.1.254.
**What's missing**
* The red LED is always on, probably a hardware bug.
* AHCI (probably needs DTS changes)
* Ship SD-card image ready with every needed for eMMC install.
* The eMMC has a second, currently unused boot partition. This would
be ideal to store the WiFi EEPROM and Ethernet MAC address(es).
@sinovoip ideas?
Thanks to Thomas Hühn @thuehn for providing the hardware!
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Provide U-Boot variants for SD-card as well as eMMC boot, so we can
generate whole-disk images for the device.
While at it, rename 'mt7622' to 'mt7622-rfb1' to make it less confusing
now that more boards are being added.
Thanks to Frank Wunderlich (@frank-w) for making that nice SVG image
explaining the MMC boot process[1] and for providing the necessary
binary header blobs.
[1]: https://github.com/frank-w/BPI-R64-ATF
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Allow setting GPT partition names as used by TF-A bl2 to identify the
FIP volume to load from eMMC and SD-card.
While at it, also allow setting 'required' attribute as it should be
used for volumes which are essential for the system to boot.
Also properly handle setting the LEGACY_BOOT flag on the partition
selected as 'active', as this is how it is specified in the spec.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
The vendor flash layout of the Linksys E8450 is problematic as it uses
the SPI-NAND chip without any wear-leveling while at the same time
wasting a lot of space for padding.
Use an all-UBI layout instead, storing the kernel+dtb+squashfs in
uImage.FIT standard format in UBI volume 'fit', the read-write
overlay in UBI volume 'rootfs_data' as well as reduntant U-Boot
environments 'ubootenv' and 'ubootenv2', and a 'recovery'
kernel+dtb+initramfs uImage.FIT for dual-boot.
** WARNING **
THIS PROCEDURE CAN EASILY BRICK YOUR DEVICE PERMANENTLY IF NOT CARRIED
OUT VERY CAREFULLY AND EXACTLY AS DESCRIBED!
Step 0
* Configure your PC to have the static IPv4 address 192.168.1.254/24
* Provide bin/targets/mediatek/mt7622 via TFTP
Now continue EITHER with step 1A or 1B, depending on your preference
(and on having serial console wired up or not).
Step 1A (Using the vendor web interface (or non-UBI OpenWrt install))
In order to update to the new bootloader and UBI-based firmware,
use the web browser of your choice to open the routers web-interface
accessible on http://192.168.1.1
* Navigate to
'Configuration' -> 'Administration' -> 'Firmware Upgrade'
* Upload the file
openwrt-mediatek-mt7622-linksys_e8450-ubi-initramfs-recovery.itb
and proceed with the upgrade.
* Once OpenWrt comes up, use SCP to upload the new bootloader files to
/tmp on the router:
*-mt7622-linksys_e8450-ubi-preloader.bin
*-mt7622-linksys_e8450-ubi-bl31-uboot.fip
* Connect via SSH as you will now need to replace the bootloader in
the Flash.
ssh root@192.168.1.1
(the usual warnings)
* First of all, backup all the flash now:
for mtd in /dev/mtdblock*; do
dd if=$mtd of=/tmp/$(basename $mtd);
done
* Then use SCP to copy /tmp/mtdblock* from the router and keep them
safe. You will need them should you ever want to return to the
factory firmware!
* Now flow the uploaded files:
mtd -e /dev/mtd0 write /tmp/*linksys_e8450-ubi-preloader.bin /dev/mtd0
mtd -e /dev/mtd1 write /tmp/*linksys_e8450-ubi-bl31-uboot.fip /dev/mtd1
If and only if both writes look like the completed successfully
reboot the router. Now continue with step 2.
Step 1B (Using the vendor bootloader serial console)
* Use the serial to backup all /dev/mtd* devices before using the
stock firmware (you got root shell when connected to serial).
* Then reboot and select 'U-Boot Console' in the boot menu.
* Copy the following lines, one by one:
tftpboot 0x40080000 openwrt-mediatek-mt7622-linksys_e8450-ubi-preloader.bin
tftpboot 0x40100000 openwrt-mediatek-mt7622-linksys_e8450-ubi-bl31-uboot.fip
nand erase 0x0 0x180000
nand write 0x40080000 0x0 0x180000
reset
Now continue with step 2
Step 2
Once the new bootchain comes up, the loader will initialize UBI and the
ubootenv volumes. It will then of course fail to find any bootable
volume and hence resort to load kernel via TFTP from server
192.168.1.254 while giving itself the address 192.168.1.1
The requested file is called
openwrt-mediatek-mt7622-linksys_e8450-ubi-initramfs-recovery.itb
and your TFTP server should provide exactly that :)
It will be written to UBI as recovery image and booted.
You can then continue and flash the production OS image, either
by using sysupgrade in the booted initramfs recovery OS, or by using
the bootloader menu and TFTP.
That's it. Go ahead and mess around with a bootchain built almost
completely from source (only DRAM calibration blobs are fitted in bl2,
and the irreplacable on-chip ROM loader remains, of course).
And enjoy U-Boot built with many great features out-of-the-box.
You can access the bootloader environment from within OpenWrt using the
'fw_printenv' and 'fw_setenv' commands. Don't be afraid, once you got
the new bootchain installed the device should be fairly unbrickable
(holding reset button before and during power-on resets things and
allows reflashing recovery image via TFTP)
Special thanks to @dvn0 (Devan Carpenter) for providing amazingly fast
infra for test-builds, allowing for `make clean ; make -j$(nproc)` in
less than two minutes :)
Signed-off-by: Daniel Golle <daniel@makrotopia.org>