David Bauer [Sat, 29 Feb 2020 13:32:15 +0000 (14:32 +0100)]
mpc85xx: disable kernel uImage generation
The previous workaround for the unsupported mkimage xz compression
leads to the TP-Link TL-WDR4900s simpleImage bootwrapper being gzip
compressed, which does not fit the kernel partition.
Removing the uImage gerneration works around this problem.
Build system needs an 'xargs' that supports '-r' which darwin doesn't.
Homebrew installs a 'gxargs' with the findutils package so look for
'gxargs' as well as 'xargs'
This is a bit of a 'fun' corner case anyway. xargs is only required by
the build if 'CONFIG_AUTOREMOVE' is set and after the build system has
built 'tools/findutils' we have a fully working xargs for host anyway.
Until that time we have to rely on the host's xargs implementation.
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
This hunk became obsolete the moment when our
gpio-button-hotplug learned how to deal with
interrupt-supported gpio buttons. The gpio driver
never supported interrupt handling, so these
properties never served any use (outside of a
enhanced ppc4xx-gpio driver that was dropped).
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
David Bauer [Fri, 28 Feb 2020 23:54:41 +0000 (00:54 +0100)]
spi: ath79: remove spi-master setup and cleanup assignment
This removes the assignment of setup and cleanup functions for the ath79
target. Assigning the setup-method will lead to 'setup_transfer' not
being assigned in spi_bitbang_init.
Also drop the redundant cleanup assignment, as this also happens in
spi_bitbang_init.
This patch just refreshes the 5.4 patches. It seems as if
070-v4.20-soc-qcom-spm-add-SCM-probe-dependency.patch is
already applied, so drop it. It also does a quick
make kernel_oldconfig to get rid of unneeded symbols.
[Looks like USB and Ethernet need some more work].
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
This builds the regular arm and arm-neon asm optmized modules for sha1
and sha512, for targets that set CONFIG_ARM_CRYPTO.
On ip40xx, the arm-asm version of sha1 improves performance by 5% over
the generic C implementation; sha1-neon is 25% faster than generic,
and sha512-neon, 259%.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
This alone improves AES-GCM performance by up to 50% on ipq40xx. This
is enabled for targets that support neon and set CONFIG_ARM_CRYPTO:
imx6, ipq40xx, and mvebu.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
This backports commits from master that fix AES ciphers when using the
qce driver:
- A couple of simple fixes for CTR and XTS modes used with AES:
* 041-crypto-qce-fix-ctr-aes-qce-block-chunk-sizes.patch
* 042-crypto-qce-fix-xts-aes-qce-key-sizes.patch
- A fix for a bug that affected cases when there were more entries in
the input sg list than necessary to actually encrypt, resulting in
failure in gcm, where the authentication tag is present after the
encryption data:
* 043-crypto-qce-save-a-sg-table-slot-for-result-buf.patch
- A fix to update the IV buffer passed to the driver from the kernel:
* 044-crypto-qce-update-the-skcipher-IV.patch
- A patch that reduces memory footprint and driver initialization by
only initializing the fallback mechanism where it is actually used:
* 046-crypto-qce-initialize-fallback-only-for-AES.patch
- Three patches that make gcm and xts modes work with the qce driver,
and improve performance with small blocks:
* 047-crypto-qce-use-cryptlen-when-adding-extra-sgl.patch
* 048-crypto-qce-use-AES-fallback-for-small-requests.patch
* 049-crypto-qce-handle-AES-XTS-cases-that-qce-fails.patch
- A patch that allows the hashes/ciphers to be built individually.
* 051-crypto-qce-allow-building-only-hashes-ciphers.patch
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
[renumbered patches, added patches from dropped commit, refreshed, 5.4] Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
This adds the neon based implementations of AES & SHA256.
For AES, according to the kernel config help:
Use a faster and more secure NEON based implementation of AES in CBC,
CTR and XTS modes.
Bit sliced AES gives around 45% speedup on Cortex-A15 for CTR mode
and for XTS mode encryption, CBC and XTS mode decryption speedup is
around 25%. (CBC encryption speed is not affected by this driver.)
This implementation does not rely on any lookup tables so it is
believed to be invulnerable to cache timing attacks.
...
The observed speedups on ipq40xx are more modest: speedup is around 20%
for CTR mode and for XTS mode encryption, CBC and XTS mode decryption
speedup is around 10%. Measurements were made using tcrypt, with
1024-bytes blocks for CTR & CBC, and 4096-bytes for XTS.
The aes-neon-bs driver uses a fallback for CBC encryption; that fallback
could be either the generic driver written in C, or the scalar arm-asm
one. Even though aes-arm is 1.9% slower, it is more resilient to timing
attacks (the reason for being slower), so it is being included here.
The neon sha256 module increases performance over the generic module by
33%.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
[Enable only ciphers for now, reorder patch in series to help bisect
as new symbols could lead to build failures, 5.4] Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
This patch disables the CRYPTO KERNEL SYMBOLs that are touched
by the upcoming ipq40xx patch "ipq40xx: use neon crypto drivers"
from "Eneas U de Queiroz" and more so for his follow up patches
for the other ARM targets in this series. This should help to
prevent at least a few potential build errors on other archs.
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
To set up the flash memory environment, do the following:
a. As a preliminary step, ensure that the board console port is connected to the PC using these RS232 parameters:
* 115200bps
* 8N1
b. Confirm that the PC is connected to the board using one of the Ethernet ports.
c. Set a static ip 192.168.99.8 for Ethernet that connects to board.
d. The PC must have a TFTP server launched and listening on the interface to which the board is connected.
e. At this stage power up the board and, after a few seconds, press 4 and then any key during the countdown.
U-BOOT> set serverip 192.168.99.9 && tftpboot 0x84000000 192.168.99.8:openwrt.itb && bootm
Signed-off-by: Steven Lin <steven.lin@senao.com>
[copied 4.19 dts to 5.4] Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
HOSTCC scripts/mod/file2alias.o
scripts/mod/file2alias.c:47:3: error: typedef redefinition with different types ('struct uuid_t' vs '__darwin_uuid_t' (aka 'unsigned char [16]'))
} uuid_t;
^
/Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX.sdk/usr/include/sys/_types/_uuid_t.h:31:25: note: previous definition is here
typedef __darwin_uuid_t uuid_t;
^
scripts/mod/file2alias.c:1305:42: error: array initializer must be an initializer list or string literal
DEF_FIELD(symval, tee_client_device_id, uuid);
^
2 errors generated.
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
David Bauer [Sun, 8 Dec 2019 20:44:23 +0000 (21:44 +0100)]
ath79: add support for kernel 5.4
Signed-off-by: David Bauer <mail@david-bauer.net>
[refreshed] Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* Sync the patches with the changes done for kernel 4.19
* Use KERNEL_TESTING_PATCHVER
* Refresh the configuration
* Fix multiple compile bugs in the patches
* Only add own ag71xx files for kernel 4.19 and use upstream version for
5.4.
Hauke Mehrtens [Sun, 23 Feb 2020 17:57:45 +0000 (18:57 +0100)]
kernel: Use new symbol to deactivate MIPS FPU support
With kernel 5.4 the upstream kernel supports deactivating the FPU
support on MIPS. Use this new upstream feature instead of our older
patch which was removed when porting the kernel patches to kernel 5.4.
This way both options are set which should work for older kernel
versions and also new ones.
Hauke Mehrtens [Sun, 23 Feb 2020 15:46:01 +0000 (16:46 +0100)]
kernel: Remove nvmem hack patch from 5.4
The nvmem framework is now used in net/ethernet/eth.c and the nvmem
sysfs is split into a separate Kconfig option. More work would be needed
to adapt this patch for the broader use. The current patch compiles fine
on ath79, but it breaks the x86 target.
nvmem is also compiled into the kernel for most of our targets for
example ath79 anyway, so patching the kernel to remove it is now harder
and not the case on multiple targets anyway. Instead of making this work
on kernel 5.4 just remove this hack patch.
Hauke Mehrtens [Sun, 23 Feb 2020 15:41:58 +0000 (16:41 +0100)]
kernel: Remove chash.ko from kmod-drm-amdgpu
This module was added with kernel 4.15, but is was removed again with
kernel version 5.3. OpenWrt does not support specifying a kernel version
range so just break it with kernel 4.14 and only support recent kernel
versions.
Hauke Mehrtens [Sun, 23 Feb 2020 15:41:16 +0000 (16:41 +0100)]
kernel: Add snd-intel-nhlt.ko to kmod-sound-hda-intel
With kernel 5.4 kmod-sound-hda-intel also needs snd-intel-nhlt.ko, but
this kernel module is only build on x86, make the OpenWrt kmod depend on
TARGET_x86.
Hauke Mehrtens [Sun, 23 Feb 2020 15:28:21 +0000 (16:28 +0100)]
kernel: Make LIB_ARC4 selectable
This makes it possible to select CONFIG_CRYPTO_LIB_ARC4 directly. We
need this to be able to compile this into the kernel and make use of it
from mac80211 backports.
Hauke Mehrtens [Fri, 31 Jan 2020 12:32:03 +0000 (13:32 +0100)]
kernel: Add crypto libraries to modules
In kernel 5.3 and 5.4 some crypto modules were split into two modules,
one implementing the crypto algorithm and the other integrating it
into the Linux crypto framework.
This adds the new xfrm4_mode_beet, xfrm4_mode_transport,
xfrm4_mode_tunnel and their IPv6 versions on kernel 5.4. These modules
were newly added in kernel 5.2.
Some bigger changes were done to this feature and we did not port this patch yet:
* hack-5.4/207-disable-modorder.patch
This depends on BOOTMEM which was removed from the kernel, this needs some bigger changes:
* hack-5.4/930-crashlog.patch
A different version of the FPU disable patch was merged upstream, OpenWrt needs some adaptations.
* pending-5.4/304-mips_disable_fpu.patch
- no crashlog support yet as a required file got deleted upstream
- Removed patch below, which is now seen as a recursive dependency [1]
- Removed patch below due to build error [2]
- fix still required to avoid identical function def [3]
- Fixes included from Blocktrron
- Fixes included from Chunkeey
- Fix included from nbd regarding "dst leak in Flow Offload"
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com> Signed-off-by: David Bauer <mail@david-bauer.net> Signed-off-by: Christian Lamparter <chunkeey@gmail.com> Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com> Signed-off-by: Robert Marko <robimarko@gmail.com> Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
ath79: also reduce spi-max-frequency for buffalo_wzr-hp-ag300h
In accordance to ebc090e420d1 ("ath79: reduce spi-max-frequency to 50 MHz")
this also reduces the spi-max-frequency to 50 MHz for the last remaining
device with higher frequency in ath79. This will save us from having a
single special case that will require adjustment when the spi driver for
this device is changed in the future.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de> Acked-by: Chuanhong Guo <gch981213@gmail.com>
The introduction of ebf0d8dadeca ("ath79: add new ar934x spi driver")
made the SPI memory unusable on devices with very high spi-max-frequency
(104 MHz).
Here's how the actual clock is calculated: (AHB_CLK/((CLOCK_DIVIDER+1)*2))
where AHB_CLK is a fixed clock (e.g. 200MHz on AR9331) and CLOCK_DIVIDER
is the parameter we can set. Highest clock according to this formula is
AHB_CLK/2 (100MHz, but that didn't work in device tests).
The next possible value is AHB_CLK/4 (50MHz). Speeds between 50 MHz and
100 MHz will be rounded down, so using values higher than 50 MHz does
not provide any benefit.
Consequently, this patch reduces spi-max-frequency for all devices with
values higher than 50 MHz to 50 MHz (effectively, this only affects
devices with 104 MHz before this patch).
Tested on GL.inet GL-AR150:
Boot fails with 104 MHz but is successful with both 50 MHz and 80 MHz
(fast-read), where the latter two yield identical read speeds.
Fixes: ebf0d8dadeca ("ath79: add new ar934x spi driver") Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
The introduction of ebf0d8dade (ath79: add new ar934x spi driver)
made the SPI memory unusable. Reducing the spi-max-frequency to
a smaller value makes it work again.
Tested on two MikroTik RouterBOARD wAP G-5HacT2HnD devices.
Signed-off-by: Roger Pueyo Centelles <roger.pueyo@guifi.net>
Xu Wang [Sat, 8 Feb 2020 23:04:11 +0000 (23:04 +0000)]
base-files: add all buildinfo with INCLUDE_CONFIG
CONFIG_INCLUDE_CONFIG option is helpful for being able to rebuild the
exact same firmware as you see on a live OpenWRT instance, but it's
crucially missing feeds information, so we can't rebuild the exact same
package versions. This commit fixes this by adding the remaining feeds
(and version) buildinfo files to the image.
Petr Štetiar [Thu, 20 Feb 2020 08:03:54 +0000 (09:03 +0100)]
ppp: backport security fixes
8d45443bb5c9 pppd: Ignore received EAP messages when not doing EAP 8d7970b8f3db pppd: Fix bounds check in EAP code 858976b1fc31 radius: Prevent buffer overflow in rc_mksid()
Signed-off-by: Petr Štetiar <ynezz@true.cz> Fixes: CVE-2020-8597 Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Jo-Philipp Wich [Wed, 26 Feb 2020 15:36:16 +0000 (16:36 +0100)]
Revert "ppp: backport security fixes"
This reverts commit 215598fd03899c19a9cd26266221269dd5ec8cee since it
didn't contain a reference to the CVE it addresses. The next commit
will re-add the commit including a CVE reference in its commit message.
ath79: add support for MikroTik RouterBOARD 922UAGS-5HPacD
This patch ports support for the MikroTik RouterBOARD 922UAGS-5HPacD
with a built-in 802.11ac High-Power radio (31dBm), which was already
available in the ar71xx target.
See https://mikrotik.com/product/RB922UAGS-5HPacD for more info.
Working:
- Board/system detection
- SPI and NAND storage
- PCIe
- USB type A host
- Wireless
- Ethernet
- LEDs (user, phy0)
- Reset button
- Sysupgrade to/from ar71xx
Not supported:
- RSSI LEDs
- SFP cage
Installation methods:
- Sysupgrade from ar71xx (it is advisable to use the -n option to
wipe any previous settings), or
- Boot the initramfs image via TFTP and then flash the sysupgrade
image using "sysupgrade -n"
Signed-off-by: Roger Pueyo Centelles <roger.pueyo@guifi.net>
Old MikroTik devices have the RLE-encoded radio calibration data
directly stored in the art (hard_config) partition, without LZO
compression nor any preceding ERD magic bytes. This commit adds
a fallback for these devices.
Tested on the ath79 target with a MikroTik SXT 5nD r2 (SXT Lite5),
only locally --not yet merged upstream--.
Signed-off-by: Roger Pueyo Centelles <roger.pueyo@guifi.net>
The calgary IOMMU was only used on high-end IBM systems in the early
x86_64 age. This is an unlikely OpenWrt target and in fact upstream
are looking to drop the driver entirely with the bonus that we no
longer see:
[ 0.000000] Calgary: detecting Calgary via BIOS EBDA area
[ 0.000000] Calgary: Unable to locate Rio Grande table in EBDA - bailing!
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Piotr Dymacz [Fri, 31 Jan 2020 14:22:54 +0000 (15:22 +0100)]
base-files: diag: restore default trigger for 'boot' LED
For devices without a dedicated 'diag' LED, we use sometimes one of
other LEDs for indicating at least 'boot', 'failsafe' and 'upgrade'
stages. In some cases, at the same time these LEDs have defined default
triggers in DTS using 'linux,default-trigger' property. Current 'diag'
setup removes the trigger and turns off 'boot' LED after bootup.
One of the examples of such device is TP-Link TL-WR841N v14 (ramips)
which uses 'wlan' LED with defined 'linux,default-trigger' for 'diag':
This patch extends 'diag.sh' and 'leds.sh' scripts to make sure default
trigger defined in DTS is restored for 'diag' LED which isn't used for
indicating 'running' stage.
Acked-by: Adrian Schmutzler <freifunk@adrianschmutzler.de> Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
Piotr Dymacz [Mon, 20 Jan 2020 18:35:01 +0000 (19:35 +0100)]
hostapd: start hostapd/wpa_supplicant for all wiphy devices
c888e17e06 ("hostapd: manage instances via procd instead of pidfile")
added procd support for managing hostapd and wpa_supplicant daemons
but at the same time limited wiphy names to 'phy*'.
This brings back initial behaviour (introduced in 60fb4c92b6 ("hostapd:
add ubus reload") and makes procd manage daemons for any wiphy device
found in '/sys/class/ieee80211'.
CC: Felix Fietkau <nbd@nbd.name> CC: Daniel Golle <daniel@makrotopia.org> Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
Josef Schlehofer [Sat, 22 Feb 2020 22:03:37 +0000 (23:03 +0100)]
mbedtls: use correct SPDX License Identifier and add License file
License "GPL-2.0+" is deprecated License Identifier according to
SPDX License list [1]. The correct one is GPL-2.0-or-later.
While at it, also add the License file.
[1] https://spdx.org/licenses/
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
Hauke Mehrtens [Sat, 9 Nov 2019 16:06:05 +0000 (17:06 +0100)]
mac80211: Allow IBSS mode and different beacon intervals
ath10k-ct supports the combination to select IBSS (ADHOC) mode and
different beacon intervals together. mac80211 does not like this
combination, but Ben says this is ok, so remove this check.
ath79: add missing reset-gpios for NanoStation Loco M (XW)
When porting support from ar71xx to ath79, the reset-gpios option was
missed. Due to a hardware bug, this would eventually leave the devices
with RX-deaf Ethernet PHY.
Signed-off-by: Roger Pueyo Centelles <roger.pueyo@guifi.net>
Sungbo Eo [Sun, 23 Feb 2020 15:14:22 +0000 (00:14 +0900)]
kirkwood: remove kmod-i2c-mv64xxx from DEVICE_PACKAGES
Commit 9a1f441ac81c ("kirkwood: enable SoC drivers in the kernel config")
enabled I2C_MV64XXX in the kernel config, and the subsequent commit 0d5ba94088ef
("orion: enable SoC drivers in the kernel config") removed kmod-i2c-mv64xxx
package entirely. As the feature is now kernel built-in and the package does not
exist anymore, we can safely remove kmod-i2c-mv64xxx from DEVICE_PACKAGES.
Sungbo Eo [Sun, 23 Feb 2020 15:14:22 +0000 (00:14 +0900)]
kirkwood: add kmod-hwmon-core to DEVICE_PACKAGES
kmod-hwmon-lm* will not get into images unless kmod-hwmon-core is added to
DEVICE_PACKAGES as well.
Signed-off-by: Sungbo Eo <mans0n@gorani.run>
[only address kmod-hwmon-core in this commit] Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Sungbo Eo [Sun, 23 Feb 2020 15:12:23 +0000 (00:12 +0900)]
kirkwood: fix device node name of Iomega ix2-200
The current device node name of ix2-200 is "iom_ix2_200", which results
in a SUPPORTED_DEVICES string "iom,ix2,200" that does not match the
compatible in DTS and the board name used in board.d.
Fix this by replacing the second underscore with a dash, following
vendor_model scheme.
Fixes: 27b2f0fc0fc5 ("kirkwood: add support for Iomega Storcenter ix2-200") Signed-off-by: Sungbo Eo <mans0n@gorani.run>
[commit title/message rephrase] Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
projects / thirdparty / openwrt.git / log
