Robert Marko [Tue, 18 Apr 2023 08:35:47 +0000 (10:35 +0200)]
mac80211: ath11k: replace 160MHz fix with upstream pending one
QCA has finally sent a proper fixup for the 160MHz regression upstream,
so lets use the pending fix which also properly sets center frequency 2
in case 80+80 MHz is used.
Tony Butler [Tue, 18 Apr 2023 02:32:18 +0000 (19:32 -0700)]
build: fix incorrect initramfs gzip compression
Requires: tools/libdeflate
fix consistency of executable to use
`$(STAGING_DIR_HOST)/bin/libdeflate-gzip`, and not system-installed ones
from the usual environment `PATH`;
this affects option `CONFIG_KERNEL_INITRAMFS_COMPRESSION_GZIP`
this may have worked in the past but only via side effect of having the
binaries on the host system (and whatever unpredictable version or
patchset those might be), and did not use the improved but totally
compatible libdeflate-gzip
Fixes: 330bd380e8b6 ("image: allow building FIT and uImage with ramdisk") Signed-off-by: Tony Butler <spudz76@gmail.com>
Tony Butler [Tue, 18 Apr 2023 02:28:36 +0000 (19:28 -0700)]
build: fix incorrect initramfs bzip2 compression
Requires: tools/bzip2
fix consistency of executable to use `$(STAGING_DIR_HOST)/bin/bzip2`, and
not system-installed ones from the usual environment `PATH`;
this affects option `CONFIG_KERNEL_INITRAMFS_COMPRESSION_BZIP2`
this may have worked in the past but only via side effect of having the
binaries on the host system (and whatever unpredictable version or
patchset those might be)
Fixes: 330bd380e8b6 ("image: allow building FIT and uImage with ramdisk") Signed-off-by: Tony Butler <spudz76@gmail.com>
Tony Butler [Wed, 30 Nov 2022 14:19:37 +0000 (06:19 -0800)]
tools/bzip2: add `bzip2` binaries
`bzip2` is the standard executable for bzip2 compression
this includes development includes and both static and shared libs
(libbz2) which can be used by other packages
the initramfs generator offers the BZIP2 option but there was no
executable to support it, and worked only via side effect of having a
system-installed version of bzip2, which could be less predictable
Michał Kępień [Sat, 1 Apr 2023 18:54:14 +0000 (20:54 +0200)]
ath79: mikrotik: update kernel on NAND using Yafut
Instead of erasing the entire NAND partition holding the kernel during
every system upgrade and then flashing a Yaffs file system image
prepared using kernel2minor (not accounting for bad blocks in the
process), use the Yafut utility to replace the kernel executable on
MikroTik NAND devices, preserving the existing Yaffs file system
(including bad block information) on the partition holding the kernel.
Add Yafut to DEFAULT_PACKAGES for the ath79/mikrotik target, so that the
tool is included in the initramfs images created when building for
multiple profiles. However, exclude Yafut from the images built for
MikroTik devices with NOR flash as the tool is currently only meant to
be used on devices with NAND flash.
As this addresses the concerns for MikroTik NAND devices discussed in
commit 9d96b6fb72 ("ath79/mikrotik: disable building NAND images"),
re-enable building images for these devices.
Michał Kępień [Fri, 31 Mar 2023 10:40:31 +0000 (12:40 +0200)]
yafut: add a kernel update tool for MikroTik NAND
Commit 9d96b6fb72 ("ath79/mikrotik: disable building NAND images")
disabled building images for MikroTik devices with NAND flash due to a
less than satisfactory method used for updating the kernel on those
devices back then.
To address the problem, add support for updating the kernel on MikroTik
devices with NAND flash using a new tool, Yafut, which enables copying
files from/to Yaffs file systems even if the kernel does not have native
support for the Yaffs file system compiled in. Instead of erasing the
entire NAND partition holding the kernel during every system upgrade
(which is what the previously-used approach employing kernel2minor
involved), Yafut preserves the Yaffs filesystem present on that
partition and only replaces the kernel executable. This allows bad
block information to be preserved across sysupgrade runs and also
enables wear leveling on the NAND partition holding the kernel. Yafut
does not rely on kernel2minor in any way and intends to eventually
supersede the latter for NAND devices.
Michał Kępień [Fri, 31 Mar 2023 10:40:31 +0000 (12:40 +0200)]
kernel: backport MEMREAD ioctl
MEMREAD is a new ioctl for MTD character devices that was first included
in Linux 6.1. It allows userspace applications to use the Linux
kernel's OOB autoplacement mechanism while reading data from NAND
devices. The Yafut tool needs this ioctl to do its job.
Michał Kępień [Fri, 31 Mar 2023 10:40:31 +0000 (12:40 +0200)]
ath79: mikrotik: drop unused files from ramdisk
The ramdisk used by sysupgrade on MikroTik devices currently includes
U-Boot fw_* files that are not necessary for performing a system upgrade
on that platform. The relevant lines were added to
target/linux/ath79/mikrotik/base-files/lib/upgrade/platform.sh by commit a66eee6336 ("ath79: add mikrotik subtarget"), likely because they also
existed in target/linux/ath79/nand/base-files/lib/upgrade/platform.sh,
where the platform_do_upgrade_mikrotik_nand() function moved by commit a66eee6336 originally lived. However, these lines were added to
target/linux/ath79/nand/base-files/lib/upgrade/platform.sh by commit 55e6c903ae ("ath79: GL-AR300M: provide NAND support; increase to 4 MB
kernel"), which is not related to MikroTik devices in any way.
Remove the code adding unused U-Boot fw_* files to the ramdisk used by
sysupgrade on MikroTik devices.
2. Load the OpenWrt initramfs image on the device using TFTP.
Place the initramfs image as "ap105.bin" in the TFTP server
root directory, connect it to the AP and make the server reachable
at 192.168.1.66/24.
$ run apb_rb_openwrt
3. Once OpenWrt booted, transfer the sysupgrade image to the device
using scp and use sysupgrade to install the firmware.
Mark Onstid [Fri, 7 Apr 2023 15:21:48 +0000 (11:21 -0400)]
ath79: fix LED pinout for Comfast CF-E314N v2
In addition to standardizing LED names to match the rest of the systems, this
commit fixes a possibly erroneous pinout for LEDs in Comfast CF-E314N v2.
In particular, rssimediumhigh and rssihigh are moved from pins 13 and 14 to
14 and 16 respectively. In addition to working on a test device, this pinout
better matches the one set out in the prototype support patch for the device
in Github PR #1873.
Signed-off-by: Mark Onstid <turretkeeper@mail.com>
RA75 has 5 physical LEDs under 2 indicators, mixed with light pipes:
Indicator "System":
GPIO0: blue
GPIO2: amber
Indicator "Signal":
GPIO44: blue
GPIO37: amber
GPIO46: red
All except GPIO46 were already added by Jo Deisenhofer. GPIO46 is used for UART1 by
default, so it needs additional pin control change in devicetree to be operational.
Verified on my RA75.
Daniel Golle [Fri, 14 Apr 2023 16:54:54 +0000 (17:54 +0100)]
uboot-mediatek: fix build for RAVPower RP-WD009
Updating to U-Boot 2023.04 broke the build for the RAVPower RP-WD009
MT7628 board. This was due to upstream conversion of CONFIG_* to CFG_*
which was not applied to our downstream patch adding support for the
RAVPower RP-WD009 device.
Apply CONFIG_* to CFG_* converion analog to what has been done also
for mt7928_rfb upstream.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Daniel Golle [Thu, 13 Apr 2023 19:16:05 +0000 (20:16 +0100)]
generic: move accepted patch to backport-5.15
The patch adding SFP quirk for MXPD 483II was accepted upstream and
will be part of Linux v6.3:
https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next.git/commit/?id=ad651d68cee75e9ac20002254c4e5d09ee67a84b
Move the patch from pending-5.15 to backport-5.15.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Daniel Golle [Thu, 13 Apr 2023 04:01:30 +0000 (05:01 +0100)]
mediatek: backport new pinctrl features
Backport new features for MediaTek pinctrl/pinconf drivers from upstream.
This will serve as the base to improve pinconf bias/pull-up/pull-down on
MT7981 and MT7986, and also prepare for upcoming support for MT7988.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Daniel Golle [Tue, 11 Apr 2023 23:21:22 +0000 (00:21 +0100)]
uboot-mediatek: update to v2023.04
Update to next U-Boot timed release.
Remove now obsolete patch
100-01-board-mediatek-add-more-network-configurations.patch
Default IP addresses are now dealt with in Kconfig, no longer in board-
specific C header files.
Add patches to restore ANSI support in bootmenu which was broken upstream,
always use high-speed mode on serial UART for improved stability and fix
an issue with pinconf not being applied on MT7623 resulting in eMMC
being inaccessible when booting from micro SD card.
In order to keep the size of the bootloader on MT7623 below 512kB remove
some unneeded commands on both MT7623 boards.
Robert Marko [Wed, 12 Apr 2023 11:17:03 +0000 (13:17 +0200)]
mac80211: ath11k: sync with ath-next
Synchronize the ath11k backports with the current ath-next tree.
This replaces the management TLV pending fix with the upstreamed one,
fixes traffic flooding when AP and monitor modes are used at the same time,
fixes QCN9074 always showing -95 dBm for station RSSI in dumps,
fixes potential crash on boot if spectral scan is enabled due to writing to
unitialized memory and adds 11d scan offloading for WCN6750 and WCN6855.
Refresh multiple lzma configuration option patch with new version
proposed upstream. (Reintroduce -Xe option and add more checks and
general better code quality)
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Robert Marko [Tue, 11 Apr 2023 18:20:18 +0000 (20:20 +0200)]
mac80211: ath11k: Remove regulatory intersection
Currently, during initialization ath11k will receive a regulatory event
from the firmware in which it will receive the default regulatory domain
code and accompanying rules list and report those to the kernel.
Then if you try to change the regulatory domain to a different country code
it will do a weird thing in which it will send that to the FW and after
receiving the appropriate regulatory event it will parse the rules.
However, while its parsing there is a weird thing being done, and that is
that new raw rules from FW get intersected with the rules from the default
domain.
This is creating a big issue as the default domain is almost always set to
"US" or just "00" aka world so ath11k will unfairly limit you to the most
restrictive combination of rules based on the default domain and your
desired domain.
For example, in ETSI countries this is causing channels 12 and 13 on 2.4GHz
to not be usable since "US" limits 2.4GHz to 2472MHz instead of 2482MHz
like ETSI countries do.
So, lets do what TIP and even QCA do in their ath11k downstream tree and
completely get rid of the interesection code in ath11k.
It appears that the refactor of the upgrade process for NAND devices resulted in the nand_do_upgrade_success step not being called for
devices using the linksys.sh script. As a result, configuration was
not preserved over sysupgrade steps.
This corrects a typo in the call of nand_do_upgrade_failed for ipq40xx
and ipq806x devices using the linksys.sh script.
It appears that the refactor of the upgrade process for NAND devices resulted in the nand_do_upgrade_success step not being called for
devices using the linksys.sh script. As a result, configuration was
not preserved over sysupgrade steps.
This restores the preservation of configs for mvebu/cortexa9 devices using the
linksys.sh script.
Fixes: e25e6d8e5407 ("base-files: fix and clean up nand sysupgrade code") Signed-off-by: Michael Trinidad <trinidude4@hotmail.com>
It appears that the refactor of the upgrade process for NAND devices
resulted in the nand_do_upgrade_success step not being called for
devices using the linksys.sh script. As a result, configuration was
not preserved over sysupgrade steps.
This restores the preservation of configs for kirkwood devices using the
linksys.sh script.
Fixes: e25e6d8e5407 ("base-files: fix and clean up nand sysupgrade code") Fixes: #12298 Signed-off-by: Michael Trinidad <trinidude4@hotmail.com>
This only fixes minor problems.
Changelog: https://github.com/Mbed-TLS/mbedtls/releases/tag/v2.28.3
The 100-fix-compile.patch patch was merged upstream, see:
https://github.com/Mbed-TLS/mbedtls/issues/6243
https://github.com/Mbed-TLS/mbedtls/pull/7013
The code style of all files in mbedtls 2.28.3 was changed. I took a new
version of the 100-x509-crt-verify-SAN-iPAddress.patch patch from this
pull request: https://github.com/Mbed-TLS/mbedtls/pull/6475
bmips target is now more stable and it's time to start generating buildbot
images in order to receive a wider testing, which will be essential to replace
bcm63xx target in the future.
BMIPS is a generic arch that can be used for multiple Broadcom SoCs, each one
with its own specific drivers, so instead of having a huge kernel supporting
all of them, let's switch to a subtarget per SoC like other OpenWrt targets.
Petr Štetiar [Sat, 8 Apr 2023 08:29:06 +0000 (10:29 +0200)]
kernel: crypto: fix architecture specific modules
While tracking one bug report related to wrong package dependencies I've
noticed, that a bunch of the crypto modules are actually not
architecture specific, but either board/subtarget (x86/64) or board
(mpc85xx) specific.
So lets fix it, by making those modules architecture specific:
Sercomm SHG2500 is a BCM63168 with 128M of RAM, 256M of NAND, an external
BCM53124S switch for the LAN ports and internal/external Broadcom wifi.
LEDs are connected to an external MSP430G2513 MCU controlled via SPI.
Installation
------------
1. Grab the OpenWrt initramfs, rename it to ap3715.bin. Place it in
the root directory of a TFTP server and serve it at
192.168.1.66/24.
2. Connect to the serial port and boot the AP. Stop autoboot in U-Boot
by pressing Enter when prompted. Credentials are identical to the one
in the APs interface. By default it is admin / new2day.
David Bauer [Sun, 2 Apr 2023 15:52:16 +0000 (17:52 +0200)]
mpc85xx: reserve upper 1MB of RAM for WS-AP3825i
The bootpage for the second core is placed by U-Boot in the upper 128k
of syste-memory.
This could either be a reserved-area or deducted from the total
system-memory. As only the latter is parsed by the bootwrapper, reduce
the available system memory for linux in order to preserve the bootpage
from being overwritten.
Apply two patches fixing low-severity vulnerabilities related to
certificate policies validation:
- Excessive Resource Usage Verifying X.509 Policy Constraints
(CVE-2023-0464)
Severity: Low
A security vulnerability has been identified in all supported versions
of OpenSSL related to the verification of X.509 certificate chains
that include policy constraints. Attackers may be able to exploit
this vulnerability by creating a malicious certificate chain that
triggers exponential use of computational resources, leading to a
denial-of-service (DoS) attack on affected systems.
Policy processing is disabled by default but can be enabled by passing
the `-policy' argument to the command line utilities or by calling the
`X509_VERIFY_PARAM_set1_policies()' function.
- Invalid certificate policies in leaf certificates are silently ignored
(CVE-2023-0465)
Severity: Low
Applications that use a non-default option when verifying certificates
may be vulnerable to an attack from a malicious CA to circumvent
certain checks.
Invalid certificate policies in leaf certificates are silently ignored
by OpenSSL and other certificate policy checks are skipped for that
certificate. A malicious CA could use this to deliberately assert
invalid certificate policies in order to circumvent policy checking on
the certificate altogether.
Policy processing is disabled by default but can be enabled by passing
the `-policy' argument to the command line utilities or by calling the
`X509_VERIFY_PARAM_set1_policies()' function.
Note: OpenSSL also released a fix for low-severity security advisory
CVE-2023-466. It is not included here because the fix only changes the
documentation, which is not built nor included in any OpenWrt package.
Due to the low-severity of these issues, there will be not be an
immediate new release of OpenSSL.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
Fix mis-typed DEVICE-MODEL in mk file for EnGenius EWS2910P.
Signed-off-by: Raylynn Knight <rayknight@me.com>
[ fix wrong SoB format and improve commit title/description ] Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Robert Marko [Tue, 4 Apr 2023 19:48:42 +0000 (21:48 +0200)]
ath11k-firmware: update to WLAN.HK.2.9.0.1-01385-QCAHKSWPL_SILICONZ-1
Current WLAN.HK.2.5.0.1 FW is quite old and buggy, but we had to hold off
from updating to 2.6.0.1 and 2.7.0.1 as they had compatibility regressions,
but now QCA finally released 2.9.0.1 FW which is working on all of the
boards.
So finally update IPQ8074 and QCN9074 FW to the latest
WLAN.HK.2.9.0.1-01385-QCAHKSWPL_SILICONZ-1 firmware.
In order to do so, we have to switch to using QCA-s QUIC repo instead of
Kalle-s.
QCA-s QUIC repo does not have BDF-s so we have to get the QCN9074 BDF from
Kalles repo.
Tested-by: Mireia Fernández Casals <meirin.f@gmail.com> # Xiaomi AX3600 Tested-by: Francisco G Luna <frangonlun@gmail.com> #Netgear WAX218 Signed-off-by: Robert Marko <robimarko@gmail.com>
Daniel Golle [Wed, 5 Apr 2023 15:56:54 +0000 (16:56 +0100)]
mediatek: introduce KERNEL_LOADADDR to Device/Default template
We need to reset KERNEL_LOADADDR if we use it on a per-device base.
Otherwise the previous value will be kept in case a device doesn't
define KERNEL_LOADADDR and relies on the default.
Move initializing KERNEL_LOADADDR to target/linux/mediatek/image/Makefile,
similar to how it's done also on the ramips target.
This fixes image size related breakage on devices which rely on the
default value of KERNEL_LOADADDR.
While at it use 0x48000000 which is more common than the previous default
0x44000000 for the filogic subtarget.
Fixed: e7c399bee6 ("filogic: add support for ASUS TUF-AX4200") Signed-off-by: Daniel Golle <daniel@makrotopia.org>
This adapts the engine build infrastructure to allow building providers,
and packages the legacy provider. Providers are the successors of
engines, which have been deprecated.
The legacy provider supplies OpenSSL implementations of algorithms that
have been deemed legacy, including DES, IDEA, MDC2, SEED, and Whirlpool.
Even though these algorithms are implemented in a separate package,
their removal makes the regular library smaller by 3%, so the build
options will remain to allow lean custom builds. Their defaults will
change to 'y' if not bulding for a small flash, so that the regular
legacy package will contain a complete set of algorithms.
The engine build and configuration structure was changed to accomodate
providers, and adapt to the new style of openssl.cnf in version 3.0.
There is not a clean upgrade path for the /etc/ssl/openssl.cnf file,
installed by the openssl-conf package. It is recommended to rename or
remove the old config file when flashing an image with the updated
openssl-conf package, then apply the changes manually.
An old openssl.cnf file will silently work, but new engine or provider
packages will not be enabled. Any remaining engine config files under
/etc/ssl/engines.cnf.d can be removed.
On the build side, the include file used by engine packages was renamed
to openssl-module.mk, so the engine packages in other feeds need to
adapt.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
openssl: make UCI config aware of built-in engines
Engines that are built into the main libcrypto OpenSSL library can't be
disabled through UCI. Add a 'builtin' setting to signal that the engine
can't be disabled through UCI, and show a message explaining this in
case buitin=1 and enabled=0.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
Building openssl with OPENSSL_SMALL_FOOTPRINT yelds only from 1% to 3%
decrease in size, dropping performance from 2% to 91%, depending on the
target and algorithm.
For example, using AES256-GCM with 1456-bytes operations, X86_64 appears
to be the least affected with 2% performance penalty and 1% reduction in
size; mips drops performance by 13%, size by 3%; Arm drops 29% in
performance, 2% in size.
On aarch64, it slows down ghash so much that I consider it broken
(-91%). SMALL_FOOTPRINT will reduce AES256-GCM performance by 88%, and
size by only 1%. It makes an AES-capable CPU run AES128-GCM at 35% of
the speed of Chacha20-Poly1305:
OpenSSL 1.1.1 numbers are about the same, so this should have been
noticed a long time ago.
This creates an option to use OPENSSL_SMALL_FOOTPRINT, but it is turned
off by default unless SMALL_FLASH or LOW_MEMORY_FOOTPRINT is used.
Compiling with -O3 instead of -Os, for comparison, will increase size by
about 14-15%, with no measureable effect on AES256-GCM performance, and
about 2% increase in Chacha20-Poly1305 performance on Aarch64.
There are no Arm devices with the small flash feature, so drop the
conditional default. The package is built on phase2, so even if we
include an Arm device with small flash later, a no-asm library would
have to be built from source anyway.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
40ab806 config: use dedicated link local function to check interface a84bff2 netlink: add support for getting interface linklocal 2ea065f Revert "config: recheck have_link_local on interface reload if already init" 4b38e6b config: fix feature for enabling service only when interface RUNNING
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Daniel Golle [Sun, 2 Apr 2023 22:21:57 +0000 (01:21 +0300)]
generic: disable SGMII in-band AN for RealTek 2.5G PHYs
MAC drivers don't use SGMII in-band autonegotiation unless told to do so
in device tree using 'managed = "in-band-status"'. When using MDIO to
access a PHY, in-band-status is unneeded as we have link-status via
MDIO. Switch off SGMII in-band autonegotiation using magic values.
Reported-by: Chen Minqiang <ptpt52@gmail.com> Reported-by: Chukun Pan <amadeus@jmu.edu.cn> Reported-by: Yevhen Kolomeiko <jarvis2709@gmail.com> Tested-by: Yevhen Kolomeiko <jarvis2709@gmail.com> Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Daniel Golle [Sun, 2 Apr 2023 22:20:28 +0000 (01:20 +0300)]
generic: use genphy_soft_reset for RealTek 2.5G PHYs
Some vendor bootloaders do weird things with those PHYs which result in
link modes being reported wrongly. Start from a clean sheet by resetting
the PHY.
Reported-by: Yevhen Kolomeiko <jarvis2709@gmail.com> Signed-off-by: Daniel Golle <daniel@makrotopia.org>
The assumption the bootloader fills out the MAC-address is not
correct. The MAC-address has to be set from userspace based on
information found in the device_id partition.
Daniel Golle [Sun, 2 Apr 2023 23:06:46 +0000 (00:06 +0100)]
generic: add quirk for HG MXPD-483II 2500M fiber SFP
The HG MXPD-483II 1310nm SFP module is meant to operate with 2500Base-X,
however, in their EEPROM they incorrectly specify:
Transceiver type : Ethernet: 1000BASE-LX
...
BR, Nominal : 2600MBd
Use sfp_quirk_2500basex for this module to allow 2500Base-X mode anyway.
projects / thirdparty / openwrt.git / log
