4f96e67 Up the release version to 2.66
60ff008 Fix typos in the cap_from_text.3 man page.
281b6e4 Add captrace to .gitignore file
09a2c1d Add an example of using BPF kprobing to trace capability use.
26e3a09 Clean up getpcaps code.
fc804ac getpcaps: catch PID parsing errors.
fc437fd Fix an issue with bash displaying an error.
7db9589 Some more simplifications for building
27e801b Fix for "make clean ; make -j48 test"
Signed-off-by: Nick Hainke <vincent@systemli.org>
This patch is needed to handle interrupts by the second VPE on the Lantiq
ARX100, xRX200, xRX300 and xRX330 SoCs. Switching some ICU interrupts to
the second VPE results in a hang. Currently, the vsmp_init_secondary()
function is responsible for enabling these interrupts. It only enables
Malta-specific interrupts (SW0, SW1, HW4 and HW5).
The MIPS core has 8 interrupts defined. On Lantiq SoCs, hardware
interrupts are wired to an ICU instance. Each VPE has an independent
instance of the ICU. The mapping of the ICU interrupts is shown below:
SW0(IP0) - IPI call,
SW1(IP1) - IPI resched,
HW0(IP2) - ICU 0-31,
HW1(IP3) - ICU 32-63,
HW2(IP4) - ICU 64-95,
HW3(IP5) - ICU 96-127,
HW4(IP6) - ICU 128-159,
HW5(IP7) - timer.
This patch enables all interrupt lines on the second VPE.
This problem affects multithreaded SoCs with a custom interrupt controller.
SOCs with 1004Kc core and newer use the MIPS GIC. At this point, I am aware
that the Realtek RTL839x and RTL930x SoCs may need a similar fix. In the
future, this may be replaced with some generic solution.
Tested on Lantiq xRX200.
Signed-off-by: Aleksander Jan Bajkowski <olek2@wp.pl>
At some point after 21.02.3 and before 22.03.0, the size limits of the
Linksys RE6500 were reached and prevent booting from the 22.03.0 release
or builds of current SNAPSHOT. This patch allows builds of master to boot
again and has been tested on my device.
Fixes: #8577
Signed-off-by: Mark King <mark@vemek.co>
The workaround for an already-enabled R4K timer used a non-existent
macro CAUSE_DC. Fix compiling by using the actual macro CAUSEF_DC.
Fixes: b7aab19585 ("realtek: SMP handling of R4K timer interrupts")
Signed-off-by: Sander Vanheule <sander@svanheule.net>
Until now there has been no good explanation why we mess with the R4K
timer on SMP. After extensive testing and looking at the SDK code it
becomes clear what it is all about.
When we disable the CEVT_R4K module (we will do with the new timer
driver) the R4K timer hardware still fires interrupts on the secondary
CPU. To get around this we have two options:
- Disable IRQ 7
- Stop the counter completely
This patch selects option two because this is the root of evil.. To be
on the safe side we will do it only in case the CEVT_R4K module is
disabled.
Signed-off-by: Markus Stockhausen <markus.stockhausen@gmx.de>
The scope of the SMP startup structure is wrong. It is created on the
stack and not as a global variable. This can lead to startup failures.
Fixes: 3f41360eb7 ("realtek: use upstream recommendation for CPU start")
Signed-off-by: Markus Stockhausen <markus.stockhausen@gmx.de
OpenWRT's developer guide prefers having actual patches so they an be
sent upstream more easily.
However, in this case, Adding proper fields also allows for `git am` to
properly function. Some of these patches are quite old, and lack much
traceable history.
This commit tries to rectify that, by digging in the history to find
where and how it was first added.
It is by no means perfect and also shows some patches that should have
been long gone.
Signed-off-by: Olliver Schinagl <oliver@schinagl.nl>
OpenWRT's developer guide prefers having actual patches so they an be
sent upstream more easily.
However, in this case, Adding proper fields also allows for `git am` to
properly function. Some of these patches are quite old, and lack much
traceable history.
This commit tries to rectify that, by digging in the history to find
where and how it was first added.
It is by no means perfect and also shows some patches that should have
been long gone.
Signed-off-by: Olliver Schinagl <oliver@schinagl.nl>
OpenWRT's developer guide prefers having actual patches so they an be
sent upstream more easily.
However, in this case, Adding proper fields also allows for `git am` to
properly function. Some of these patches are quite old, and lack much
traceable history.
This commit tries to rectify that, by digging in the history to find
where and how it was first added.
It is by no means perfect and also shows some patches that should have
been long gone.
Signed-off-by: Olliver Schinagl <oliver@schinagl.nl>
Use tools:latest container with prebuilt host tools to speedup kernel
compilation in kernel workflow.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Add a simple script to make it easier to install a prebuilt tools tar.
Currently it will be used by our tools container and kernel workflow on
github.
Simple script that take a tar that contains prebuilt host tools, extract
them and refresh the timestamps to skip recompilation of such host
tools.
By default it refresh timestamps of build_dir/host and
staging_dir/host/stamp.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Currently each Kernel compilation takes about 30 minutes of which 20
minutes are used to compile our tools. While the toolchain is downloaded
and instantly ready the tools are missing.
This commit starts uploading a Docker container including compiled tools
which are ready to use. It is automatically updated whenever any tools
are changed.
Signed-off-by: Paul Spooren <mail@aparcar.org>
Co-Developed-by: Christian Marangi <ansuelsmth@gmail.com>
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Add option to compile all host tools even if not needed.
This can be useful to prepare a universal precompiled host tools
archive to use in another buildroot and speedup compilation.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
While experimenting with the AUTOREMOVE option in search of a way to use
prebuilt host tools in different buildroot, it was discovered that the
md5 generated by find_md5 in depends.mk is not reproducible.
Currently the hash is generated by the path of the file in addition to
the file mod time. Out of confusion, probably, there was an idea that
such command was used on the package build_dir. Reality is that this
command is run on the package files. (Makefile, patches, src)
This is problematic because the package Makefile (for example) change at
each git clone and base the hash on the Makefile mtime doesn't really
reflect if the Makefile actually changes across a buildroot or not.
A better approach is to generate an hash of each file and then generate
an hash on the sort hash list. This way we remove the problem of git
clone setting a wrong mtime while keeping the integrity of checking if a
file changed for the package as any change will result in a different
hash.
Introduce a new kind of find_md5 function, find_md5_reproducible that
apply this new logic and limit it only with AUTOREMOVE option set to
prevent any kind of slowdown due to additional hash generation.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
cmake's find_package looks at host paths first for some reason. Switch
to using pkgconfig for the search, matching other modules.
Fixes: 3848cf458e ("tools/cmake: Build without some included libs")
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Instead of using a fresh Linux installation which is setup every time
use the Buildbot container which is used for our own Buildbot
infrastructure, too.
While at it also tidy up the workflow to make it more consistent with
other workflow.
Signed-off-by: Paul Spooren <mail@aparcar.org>
Co-Developed-by: Christian Marangi <ansuelsmth@gmail.com>
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
As also ramips/mt7621 now has a user of the ubnt-ledbar driver, make
the package available on all targets by removing the dependency on
@TARGET_mediatek_mt7622.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Import patches from mtk-openwrt-feeds (MTK SDK) to support reading
t-phy settings affecting PCIe as well as USB2 and USB3 from efuse.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
efuse is used to store board-specific settings of some of the in-SoC
peripherals. Add it to device tree, so it gets probed on boot and can
be accessed by other drivers.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Allow byte-wise access to mtk-efuse as some drivers require that.
Patch imported from mtk-openwrt-feeds (MTK SDK).
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
The corresponding kmod package is marked as HIDDEN and selected by all
other kernel modules that need it, so the kconfig side will be in sync
without manual selection
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Saves a little bit of time when compiling cmake.
Added patches to fix searching liblzma and zlib. The issue is that
because pkgconfig is not used, the system libraries get used.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Fixes denial of service attack and buffer overflow against TLS 1.3
servers using session ticket resumption. When built with
--enable-session-ticket and making use of TLS 1.3 server code in
wolfSSL, there is the possibility of a malicious client to craft a
malformed second ClientHello packet that causes the server to crash.
This issue is limited to when using both --enable-session-ticket and TLS
1.3 on the server side. Users with TLS 1.3 servers, and having
--enable-session-ticket, should update to the latest version of wolfSSL.
Thanks to Max at Trail of Bits for the report and "LORIA, INRIA, France"
for research on tlspuffin.
Complete release notes https://github.com/wolfSSL/wolfssl/releases/tag/v5.5.1-stable
Fixes: CVE-2022-39173
Fixes: https://github.com/openwrt/luci/issues/5962
References: https://github.com/wolfSSL/wolfssl/issues/5629
Tested-by: Kien Truong <duckientruong@gmail.com>
Reported-by: Kien Truong <duckientruong@gmail.com>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
This reverts commit a596a8396b as I've
just discovered private email, that the issue has CVE-2022-39173
assigned so I'm going to reword the commit and push it again.
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Fixes denial of service attack and buffer overflow against TLS 1.3
servers using session ticket resumption. When built with
--enable-session-ticket and making use of TLS 1.3 server code in
wolfSSL, there is the possibility of a malicious client to craft a
malformed second ClientHello packet that causes the server to crash.
This issue is limited to when using both --enable-session-ticket and TLS
1.3 on the server side. Users with TLS 1.3 servers, and having
--enable-session-ticket, should update to the latest version of wolfSSL.
Thanks to Max at Trail of Bits for the report and "LORIA, INRIA, France"
for research on tlspuffin.
Complete release notes https://github.com/wolfSSL/wolfssl/releases/tag/v5.5.1-stable
Fixes: https://github.com/openwrt/luci/issues/5962
References: https://github.com/wolfSSL/wolfssl/issues/5629
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Fixes build warnings when using newer versions of grep.
Signed-off-by: Chris Osgood <chris_github@functionalfuture.com>
Tested-by: Georgi Valkov <gvalkov@gmail.com>
Generilize download tool check and skip other check if a download tool
has been found.
While at it also reintroduce c836ca84e8
that was previously dropped with aria2c support.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>