WireGuard had a brief professional security audit. The auditors didn't find
any vulnerabilities, but they did suggest one defense-in-depth suggestion to
protect against potential API misuse down the road, mentioned below. This
compat snapshot corresponds with the patches I just pushed to Dave for
5.6-rc7.
* curve25519-x86_64: avoid use of r12
This buys us 100 extra cycles, which isn't much, but it winds up being even
faster on PaX kernels, which use r12 as a RAP register.
* wireguard: queueing: account for skb->protocol==0
This is the defense-in-depth change. We deal with skb->protocol==0 just fine,
but the advice to deal explicitly with it seems like a good idea.
* receive: remove dead code from default packet type case
A default case of a particular switch statement should never be hit, so
instead of printing a pretty debug message there, we full-on WARN(), so that
we get bug reports.
* noise: error out precomputed DH during handshake rather than config
All peer keys will now be addable, even if they're low order. However, no
handshake messages will be produced successfully. This is a more consistent
behavior with other low order keys, where the handshake just won't complete if
they're being used anywhere.
* send: use normaler alignment formula from upstream
We're trying to keep a minimal delta with upstream for the compat backport.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* netlink: initialize mostly unused field
* curve25519: squelch warnings on clang
Code quality improvements.
* man: fix grammar in wg(8) and wg-quick(8)
* man: backlink wg-quick(8) in wg(8)
* man: add a warning to the SaveConfig description
Man page improvements. We hope to rewrite our man pages in mdocml at some
point soon.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
mt76 is a target default package for mt7622-wmac only.
mt7623 doesn't have integrated wireless support and wifi drivers for
pcie cards should be added as device specific package.
mt7629-wmac isn't supported by mt76 yet.
Signed-off-by: Chuanhong Guo <gch981213@gmail.com>
rename "kernel" partition in upstream dts to "firmware" and add
denx,fit as compatible string for mtdsplit.
Signed-off-by: Chuanhong Guo <gch981213@gmail.com>
1. fix typo: ucidef_set_interfaces_wan -> ucidef_set_interface_wan
2. change board name to mt7629-rfb to match upstream dts
Signed-off-by: Chuanhong Guo <gch981213@gmail.com>
This external switch driver should be loaded on boot for network support
in failsafe mode.
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
[alter commit message]
Signed-off-by: Chuanhong Guo <gch981213@gmail.com>
This commit adds definition of DEBUG0 and DEBUG1 registers and replace
magic values with proper register modifying.
Signed-off-by: Chuanhong Guo <gch981213@gmail.com>
For virtual access points (when multiple SSIDs are used for one
physical AP), there exist one physical network interface and
multiple virtual interfaces, which are fully under control of
hostapd. When networking is setup, the script
`/lib/netifd/wireless/mac80211.sh` is called, which tries to bring
the interface up by a call to `ip link set dev <iface> up`. This
call might fail for virtual APs, because the virtual interface
might not have been created by hostapd yet. There are some artifical
delays in the script most probably to handle this, but when DFS
channel availability check on 5GHz band is issued, hostapd can
delay creating virtual interfaces by a minute.
In order to fix this (or work around it), do not try to bring the
interface up (this is responsibility of hostapd anyway) and
do not try to set txpower on the virtual interface.
Fixes FS#2698.
Signed-off-by: Oldřich Jedlička <oldium.pro@gmail.com>
1. KERNEL_CRASH_DUMP should depends on KERNEL_PROC_KCORE (kexec use it)
2. select crashkernel mem size by totalmem
mem <= 256M disable crashkernel by default
mem >= 4G use 256M for crashkernel
mem >= 8G use 512M for crashkernel
default use 128M
3. set BOOT_IMAGE in kdump.init
4. resolve a "Unhandled rela relocation: R_X86_64_PLT32" error
Tested on x86_64
Signed-off-by: Chen Minqiang <ptpt52@gmail.com>
Sungbo Eo <mans0n@gorani.run> posted a patch fixing the long-standing
reboot problem on the OXNAS OX820 platform:
irqchip/versatile-fpga: Handle chained IRQs properly
It got queued for 5.7. Import it to oxnas target patches for now.
Fixes: b4917fa907 ("oxnas: fix oxnas-rps-timer dt-match")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
When introducing ubus reload support, ubus initialization was moved
to the service level instead of being carried out when adding a BSS
configuration. While this works when using wpa_supplicant in that way,
it breaks the ability to run wpa_supplicant on the command line, eg.
for debugging purposes.
Fix that by re-introducing ubus context intialization when adding
configuration.
Reported-by: @PolynomialDivision https://github.com/openwrt/openwrt/pull/2417
Fixes: 60fb4c92b6 ("hostapd: add ubus reload")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
TP-Link Archer D7 v1 is a dual-band AC1750 router + modem.
The router section is based on Qualcomm/Atheros QCA9558 + QCA9880.
The "DSL" section is based on BCM6318 but it's currently not supported.
The Archer D7b seems to differ from the Archer D7 only in the
partition table.
Router section - Specification:
775/650/258 MHz (CPU/DDR/AHB)
128 MB of RAM (DDR2)
16 MB of FLASH (SPI NOR)
3T3R 2.4 GHz
3T3R 5 GHz
4x 10/100/1000 Mbps Ethernet
7x LED, 2x button
UART header on PCB
Known issues:
- Broadband LED (missing GPIO - probably driven by the BCM6318)
- Internet LED (missing GPIO - probably driven by the BCM6318)
- WIFI LED (working only for one interface at a time, while in the
OEM firmware works for both wifi interfaces; thus, this patch does
not set a trigger by default)
- DSL not working (eth0)
UART connection
---------------
J1 HEADER (Qualcomm CPU)
. VCC
. GND
. RX
O TX
J41 HEADER (Broadcom CPU)
. VCC
. GND
. RX
O TX
The following instructions require a connection to the J1 UART header
and are tested for the Archer D7 v1.
For the Archer D7b v1, names should be changed accordingly.
Flash instructions under U-Boot, using UART
------------------------------------------
1. Press "tpl" to stop autobooting and obtain U-Boot CLI access.
2. Setup ip addresses for U-Boot and your tftp server.
3. Issue below commands:
tftpboot 0x81000000 openwrt-ath79-generic-tplink_archer-d7-v1-squashfs-sysupgrade.bin
erase 0x9f020000 +f90000
cp.b 0x81000000 0x9f020000 0xf90000
reset
Initramfs instructions under U-Boot for testing, using UART
----------------------------------------------------------
1. Press "tpl" to stop autobooting and obtain U-Boot CLI access.
2. Setup ip addresses for U-Boot and your tftp server.
3. Issue below commands:
tftpboot 0x81000000 openwrt-ath79-generic-tplink_archer-d7-v1-initramfs-kernel.bin
bootm 0x81000000
4. Here you can backup the original firmware and/or flash the sysupgrade openwrt if you want
Restore the original firmware
-----------------------------
0. Backup every partition using the OpenWrt web interface
1. Download the OEM firmware from the TP-Link website
2. Extract the bin file in a folder (eg. Archer_D7v1_1.6.0_0.9.1_up_boot(160216)_2016-02-16_15.55.48.bin)
3. Remove the U-Boot and the Broadcom image part from the file.
Issue the following command:
dd if="Archer_D7v1_1.6.0_0.9.1_up_boot(160216)_2016-02-16_15.55.48.bin" of="Archer_D7v1_1.6.0_0.9.1_up_boot(160216)_2016-02-16_15.55.48.bin.mod" skip=257 bs=512 count=31872
4. Double check the .mod file size. It must be 16318464 bytes.
5. Flash it using the OpenWrt web interface. Force the update if needed.
WARNING: Remember to NOT keep settings.
5b. (Alternative to 5.) Flash it using the U-Boot and UART connection.
Issue below commands in the U-Boot:
tftpboot 0x81000000 Archer_D7v1_1.6.0_0.9.1_up_boot(160216)_2016-02-16_15.55.48.bin.mod
erase 0x9f020000 +f90000
cp.b 0x81000000 0x9f020000 0xf90000
reset
Signed-off-by: Davide Fioravanti <pantanastyle@gmail.com>
[cosmetic DTS changes, remove TPLINK_HWREVADD := 0, do not use two
phyXtpt at once, add missing buttons, minor commit message adjustments]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
TP-Link Archer C60 v3 is a dual-band AC1350 router,
based on Qualcomm/Atheros QCA9561 + QCA9886.
It seems to be identical to the v2 revision, except that
it lacks a WPS LED and has different GPIO for amber WAN LED.
Specification:
- 775/650/258 MHz (CPU/DDR/AHB)
- 64 MB of RAM (DDR2)
- 8 MB of FLASH (SPI NOR)
- 3T3R 2.4 GHz
- 2T2R 5 GHz
- 5x 10/100 Mbps Ethernet
- 6x LED, 2x button
- UART header on PCB
Flash instruction (WebUI):
Download *-factory.bin image and upload it via the firmwary upgrade
function of the stock firmware WebUI.
Flash instruction (TFTP):
1. Set PC to fixed IP address 192.168.0.66
2. Download *-factory.bin image and rename it to tp_recovery.bin
3. Start a tftp server with the file tp_recovery.bin in its root
directory
4. Turn off the router
5. Press and hold reset button
6. Turn on router with the reset button pressed and wait ~15 seconds
7. Release the reset button and after a short time the firmware should
be transferred from the tftp server
8. Wait ~30 second to complete recovery
While TFTP works for OpenWrt images, my device didn't accept the
only available official firmware "Archer C60(EU)_V3.0_190115.bin".
In contrast to earlier revisions (v2), the v3 contains the (same)
MAC address twice, once in 0x1fa08 and again in 0x1fb08.
While the partition-table on the device refers to the latter, the
firmware image contains a different partition-table for that region:
name device firmware
factory-boot 0x00000-0x1fb00 0x00000-0x1fa00
default-mac 0x1fb00-0x1fd00 0x1fa00-0x1fc00
pin 0x1fd00-0x1fe00 0x1fc00-0x1fd00
product-info 0x1fe00-0x1ff00 0x1fd00-0x1ff00
device-id 0x1ff00-0x20000 0x1ff00-0x20000
While the MAC address is present twice, other data like the PIN isn't,
so with the partitioning from the firmware image the PIN on the device
would actually be outside of its partition.
Consequently, the patch uses the MAC location from the device (which
is the same as for the v2).
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Since there exists another variant of the Bullet M with AR7240 SoC
under the same name, this patch introduces the SoC into the device
name to be able to distinguish these variants.
Signed-off-by: Russell Senior <russell@personaltelco.net>
[add commit message, adjust model in DTS, fix 02_network and
SUPPORTED_DEVICES]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
* Prepare to support the AR7240 variant of ubiquiti bullet m, by
reorganizing the related dtsi files.
* Distribute SOC variable across ubnt-xm devices.
Signed-off-by: Russell Senior <russell@personaltelco.net>
The PoE hat supported on the RPi 3B+ and 4B comes with a rather
loud fan, tripped in two steps by the brcmstb_thermal
thermal_zone driver. Enabling writable trip points allow
users to adjust the fan trip points according to their
preferred temp/noise ratio.
This setting is enabled on most other targets with similar
thermal_zone controlled cooling devices.
Signed-off-by: Bjørn Mork <bjorn@mork.no>
We do not build images with a jffs2 rootfs, but jffs2 is still used as
filesystem for the rootfs_data.
Fixes: e3eaf57808 ("lantiq: kernel 5.4: debloat kernel config")
Signed-off-by: Mathias Kresin <dev@kresin.me>
When creating the mikrotik subtarget, the execute bit on 02_network
was not set. Fix it.
Fixes: a66eee6336 ("ath79: add mikrotik subtarget")
Reported-by: Christopher Hill <ch6574@gmail.com>
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
So far, specifying "BOARD_NAME := routerboard" is required by the
upgrade code of Mikrotik NAND devices, as "sysupgrade-routerboard"
is hardcoded in platform_do_upgrade_mikrotik_nand().
This patch replaces the latter with a grep for the name like it
is already done in nand_upgrade_tar() in /lib/upgrade/nand.sh.
By that, BOARD_NAME is obsolete now for this device.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
So far, specifying "BOARD_NAME := routerboard" is required by the
upgrade code of Mikrotik NAND devices, as "sysupgrade-routerboard"
is hardcoded in platform_do_upgrade_mikrotik_rb().
This patch replaces the latter with a grep for the name like it
is already done in nand_upgrade_tar() in /lib/upgrade/nand.sh.
This should enable upgrades from ar71xx to ath79 without setting
BOARD_NAME for the latter.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
This commit creates the ath79/mikrotik subtarget in order to support
MikroTik devices based on Qualcomm Atheros MIPS SoCs.
MikroTik devices need a couple of specific features: the split MiNOR
firmware MTD format, which is not used by other devices, and the 4k
sector erase size on SPI NOR storage, which can not be added to the
ath79/generic and ath79/nand subtargets now.
Additionally, the commit moves the two MikroTik devices already in
the generic and nand subtargets to this new one.
Tested on the RB922 board and the wAP AC router.
Signed-off-by: Roger Pueyo Centelles <roger.pueyo@guifi.net>
Pogoplug V3/Pro has an interanl SATA port. To use it, DTS sata node should be
enabled, and kmod-ata-oxnas-sata package needs to be installed.
Fixes: FS#2542
Signed-off-by: Sungbo Eo <mans0n@gorani.run>
Build the latest kernel by default, since testing did not show any
regressions.
Signed-off-by: Tomasz Maciej Nowak <tomek_n@o2.pl>
[fix merge conflict in tegra/Makefile]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
This commit also disables Trusted Foundations firmware support as this
feature won't be used by any device.
Signed-off-by: Tomasz Maciej Nowak <tomek_n@o2.pl>
[fix merge conflict in tegra/Makefile]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
This new symbol popped up in few places. Disable it in generic config.
Signed-off-by: Tomasz Maciej Nowak <tomek_n@o2.pl>
[fixed merge conflict in generic/config-5.4]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
More testing after kernel upgrade to 5.4 uncovered a regression: the user
led is not present anymore due to a pin mux "collision" in device tree.
A patch sent to upstream kernel was accepted now. Integrate this
pending fix as platform specific patch so that user led is available again.
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
The etop driver is used by all targets except xrx200.
Remove the UBIFS compression support for zlib and zstd from the xway
subtarget. The hardware is EOL for a long time and it's unlikely to ever
see a board shipped with an UBIFS using these compression methods.
Remove the JFFS2 support. Support for jjfs2 images was dropped years
ago.
It shrinks the compressed kernel up to 130 KByte.
Signed-off-by: Mathias Kresin <dev@kresin.me>
Switch to the mainline Lantiq PCIe PHY driver and update the vr9.dtsi
accordingly.
The Lantiq IRQ SMP support added upstream required changes to the SoC
dtsi as well.
Following changes are made to the Lantiq kernel patches:
0005-lantiq_etop-pass-struct-device-to-DMA-API-functions.patch
0006-MIPS-lantiq-pass-struct-device-to-DMA-API-functions.patch
applied upstream
0008-MIPS-lantiq-backport-old-timer-code.patch
access_ok API update because it lost it's type (which was the first)
parameter in upstream commit 96d4f267e40f95 ("Remove 'type' argument
from access_ok() function")
0024-MIPS-lantiq-autoselect-soc-rev-matching-fw.patch
merged into 0026-MIPS-lantiq-Add-GPHY-Firmware-loader.patch
0024-MIPS-lantiq-revert-DSA-switch-driver-PMU-clock-chang.patch
revert upstream changes required for upstream xrx200 ethernet and
xrx200 (DSA) switch driver but breaking our driver
0026-MIPS-lantiq-Add-GPHY-Firmware-loader.patch
required for our driver but dropped upstream, add former upstream
version
0028-NET-lantiq-various-etop-fixes.patch
now has to use the phy_set_max_speed API instead of modifying
phydev->supported. Also call ltq_dma_enable_irq() in
ltq_etop_open() based on upstream commit cc973aecf0b054 ("MIPS:
lantiq: Do not enable IRQs in dma open")
Signed-off-by: Mathias Kresin <dev@kresin.me>
Signed-off-by: Martin Blumenstingl <martin.blumenstingl@googlemail.com>
This is referenced in two .dts but never actually used from userspace.
Drop support for this property because it's not used and because it
makes updating to Linux 5.4 harder (as the patch doesn't apply anymore).
Signed-off-by: Martin Blumenstingl <martin.blumenstingl@googlemail.com>
Duplicate kernel 4.19 config and patches for kernel 5.4.
Duplicate the devicetree source files as well, they need kernel 5.4
specific adjustments.
Signed-off-by: Mathias Kresin <dev@kresin.me>
Compiling the ltq-tapi driver against Linux 5.4 results in a compile
error complaining that the size of struct sched_param is not known.
Switch the existing "sched/types.h" include to reference
include/uapi/linux/sched/types.h to fix compilation against Linux 5.4.
Signed-off-by: Martin Blumenstingl <martin.blumenstingl@googlemail.com>
Upstream commit 84ede58dfcd1d ("crypto: hash - remove
CRYPTO_ALG_TYPE_DIGEST") drops the CRYPTO_ALG_TYPE_DIGEST define because
it has the same value as CRYPTO_ALG_TYPE_HASH. This was the case for
earlier kernels as well. Switch to CRYPTO_ALG_TYPE_HASH to fix building
against Linux 5.4.
Signed-off-by: Martin Blumenstingl <martin.blumenstingl@googlemail.com>
Upstream commit e4b92b108c6cd6 ("timekeeping: remove obsolete time
accessors") removed do_gettimeofday(). In Linux 4.19 this was only a
wrapper around ktime_get_real_ts64(). Use ktime_get_real_ts64() now that
the wrapper is gone to fix compilation against Linux 5.4.
Signed-off-by: Martin Blumenstingl <martin.blumenstingl@googlemail.com>
Upstream commit e4b92b108c6cd6 ("timekeeping: remove obsolete time
accessors") removed do_gettimeofday(). In Linux 4.19 this was only a
wrapper around ktime_get_real_ts64(). Use ktime_get_real_ts64() now that
the wrapper is gone to fix compilation against Linux 5.4.
Move the ifxmips_mei_interface header to the include directory, it can't
be found otherwise during compilation. The reason for the changed
behaviour is not yet clear, however having header files in an include
directory is more straight forward.
To use the of_device_id struct, the mod_devicetable header need to be
included. Instead of including this header, include the of_platform
header, which includes the mod_devicetable on its own.
Signed-off-by: Mathias Kresin <dev@kresin.me>
Upstream commit 96d4f267e40f95 ("Remove 'type' argument from access_ok()
function") removes the first argument to access_ok.
Adjust the code so it builds with Linux 5.4.
Signed-off-by: Martin Blumenstingl <martin.blumenstingl@googlemail.com>
Signed-off-by: Mathias Kresin <dev@kresin.me>
Beginning with linux 5.3, kmod-serial-8250 uses functions provided by
serial_mctrl_gpio.ko if GPIO support is enabled.
Signed-off-by: Mathias Kresin <dev@kresin.me>