Wojciech Dubowik [Tue, 19 Jul 2022 11:35:12 +0000 (13:35 +0200)]
layerscape: Add ls1028ardb support
Add support for NXP LS1028ARDB reference board. It's a dual core
Coretex-A53 board with 4G RAM and 5 Eternet ports (4 ports are
connected to MSCC Felix switch).
The original layout of NXP board has been kept but firmware
images are adapted to be more sysupgrade friendly. At the moment
NOR and SD boots are supported.
NOR flash instructions:
* make sd card with sdboot image
* boot
* write firmware image to spi flash
$ mtd write /tmp/openwrt-layerscape-armv8_64b-fsl_ls1028a-rdb-
squashfs-firmware.bin /dev/mtd0
* change jumper to NOR boot and reset
V3:
* Added board specific network defaults for lan/wan
v2:
* Added INA220 curent monitor, PCF2129 RTC clock and NXP
SA56004ED temperature sensor to default packages
* removed compat fixups for thist board
Signed-off-by: Wojciech Dubowik <Wojciech.Dubowik@protonmail.ch>
Wojciech Dubowik [Wed, 12 Apr 2023 10:07:32 +0000 (12:07 +0200)]
uboot-layerscape: Add ls1028ardb support
Support uboot for NXP LS1028ARDB reference board. GIC V3 has to
be disabled in the uboot config to allow booting upstream kernels.
This patch can be dropped once uboot is updated to 2022.04 version
to nxp-qoriq github lf-6.1.1 branch.
Signed-off-by: Wojciech Dubowik <Wojciech.Dubowik@protonmail.ch>
Wojciech Dubowik [Wed, 12 Apr 2023 12:36:11 +0000 (14:36 +0200)]
uboot-layerscape: Don't fixup kaslr seed when no node
There seems to be a difference in firmware calling convention
between upstream and NXP kernels. On some cpus like ls1028
it will hang on firmware secure get random when using LF uboot
with upstream kernel. Instead of commenting it out, don't call
get radnom seed when "kaslr-seed" is not present in device tree.
Signed-off-by: Wojciech Dubowik <Wojciech.Dubowik@protonmail.ch>
Flash instruction via TFTP:
1. Boot SNR-CPE-ME1 to recovery mode
(hold the reset button while power on)
2. Send firmware via TFTP client:
TFTP Server address: 192.168.1.1
TFTP Client address: 192.168.1.131
3. Wait ~120 seconds to complete flashing
4. Do sysupgrade using web-interface
Signed-off-by: Maximilian Weinmann <x1@disroot.org>
Lech Perczak [Wed, 3 May 2023 12:34:25 +0000 (14:34 +0200)]
umbim: allow forcing DHCP/DHCPv6 configuration
To support the widest variety of modems, allow restoring previous
behaviour of configuring the link throug means of DHCP(v6) exclusively.
Change the default value of "dhcp" and "dhcpv6" UCI options to "auto",
while keeping the default behaviour of "prefer out-of-band configuration",
intact. Setting "dhcp" or "dhcpv6" to boolean 1 will now force using
DHCP and DHCPv6, respectively.
TFTP installation using UART is preferred. Disassemble the device and
connect serial. Put the initramfs image as openwrt.bin to your TFTP server
and configure a static IP of 192.168.1.100. Load the initramfs image by
typing:
While improving access path analysis a typo happened. Now it can happen
that gcc misscompiles. The patch is fixing the issue. However, also
other gcc versions 10.2+ are affected. They also should be bumped or the
fix should be backported.
For more bug information have a look at:
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=109585
Yuu Toriyama [Thu, 4 May 2023 10:26:13 +0000 (19:26 +0900)]
wireless-regdb: update to 2023.05.03
Changes: 43f81b4 wireless-regdb: update regulatory database based on preceding changes 66f245d wireless-regdb: Update regulatory rules for Hong Kong (HK) e78c450 wireless-regdb: update regulatory rules for India (IN) 1647bb6 wireless-regdb: Update regulatory rules for Russia (RU). Remove DFS requirement. c076f21 Update regulatory info for Russia (RU) on 6GHz
Michael Pratt [Sun, 16 Apr 2023 22:32:14 +0000 (18:32 -0400)]
gettext-full: bootstrap to local gnulib source
Using the local gnulib source during autogen.sh
allows for fine-grained control over the macros
and source files for use with gettext
but part of gnulib instead of gettext,
without having to wait for a release
or deal with gnulib as a git submodule.
This is an alternative to running autoreconf.
It also removes the need to patch macros
in the case where there is a conflict
between the source and our aclocal directory.
Michael Pratt [Thu, 23 Mar 2023 07:49:01 +0000 (03:49 -0400)]
tools/coreutils: bootstrap to local gnulib source
Using the local gnulib source during bootstrap
allows for fine-grained control over the macros
and source files for use with coreutils
but part of gnulib instead of coreutils,
without having to wait for a release
or deal with gnulib as a git submodule.
In this case, the execution of autotools
must be skipped by force.
Autoconf and Automake during bootstrap on coreutils
only works right when using directly checked-out source.
There is a symbol in gnulib, @GNULIB_TIME@
that is not yet defined in coreutils source,
so we use the backup of lib/time.in.h instead
of the one provided by gnulib source.
Michael Pratt [Thu, 23 Mar 2023 07:53:52 +0000 (03:53 -0400)]
tools/libtool: bootstrap to local gnulib source
Using the local gnulib source during bootstrap
allows for fine-grained control over the macros
and source files for use with libtool
but part of gnulib instead of libtool,
without having to wait for a release
or deal with gnulib as a git submodule.
Michael Pratt [Sun, 16 Apr 2023 15:04:31 +0000 (11:04 -0400)]
gettext-full: link to local libxml2
Some users have reported that gettext builds
are attempting to link to libxml2
while it was supposed to be configured
to use it's own built-in substitute.
Configure gettext to require and link
to our local libxml2 explicitly.
Add a patch to revert upstream commit 87927a4e2
which forces libtextstyle to use the built-in libxml,
no matter what the configuration is,
making that option configurable again
after the configure script is regenerated.
Reported-by: Tianling Shen <cnsztl@immortalwrt.org> Signed-off-by: Michael Pratt <mcpratt@pm.me>
Michael Pratt [Sat, 15 Apr 2023 23:54:43 +0000 (19:54 -0400)]
gettext-full: override SUBDIRS variable with Makefile
Instead of editing the SUBDIRS variable with a patch,
it can be overriden at the end of the command line when invoking Make.
This tool has a series of recursive Makefiles in each subdirectory,
therefore SUBDIRS is set to a pattern of Make functions
so that the result is variable depending on the current subdirectory
that Make is being invoked in.
Some of the subdirectories don't have a Makefile and are just storing files
for another subdirectory Makefile target,
therefore we have to place a fake Makefile that does nothing.
Michael Pratt [Sun, 26 Mar 2023 08:11:13 +0000 (04:11 -0400)]
tools/gengetopt: override SUBDIRS variable with Makefile
Instead of editing the SUBDIRS variable with a patch,
it can be overriden at the end of the command line when invoking Make.
This tool has a series of recursive Makefiles in each subdirectory,
therefore SUBDIRS is set to a pattern of Make functions
so that the result is variable depending on the current subdirectory
that Make is being invoked in.
By eliminating the patch, autoreconf is no longer required.
Michael Pratt [Thu, 23 Mar 2023 07:42:04 +0000 (03:42 -0400)]
tools/missing-macros: bump version of makeinfo alternative script
Some new releases of GNU tools are checking for a higher version
of makeinfo than what our scripted alternative shows
when working with checked-out sources instead of releases.
Since this is a "fake" makeinfo we can also just fake the version.
Michael Pratt [Wed, 22 Mar 2023 22:29:24 +0000 (18:29 -0400)]
tools: add gnulib source
By having a local copy of gnulib, we can:
import the latest macro fixes into any package,
get rid of some statically stored macros that were otherwise missing,
bootstrap GNU tools with the latest relevant source
without having to wait for a release or rely on git submodules,
and possibly more...
The patch assists in bootstrapping by ignoring
the building of po files using gettext,
and also to allow a user-defined path to a program
to include parameters.
The current problems blocking the switch to the kernel 5.15 are
related to the GSWIP driver. This driver is only used by the
xrx200 subtarget. The other subtargets are unaffected by this
problem.
Signed-off-by: Aleksander Jan Bajkowski <olek2@wp.pl>
Tony Ambardar [Tue, 25 Apr 2023 05:28:44 +0000 (22:28 -0700)]
kernel: improve handling of CONFIG_IO_URING
Kernel setting CONFIG_IO_URING supports high-performance I/O for file
access and servers, generally for more performant platforms, and adds
~45 KB to kernel sizes. The need for this on less "beefy" devices is
questionable, as is the size cost considering many platforms have kernel
size limits which require tricky repartitioning if outgrown. The size
cost is also large relative to the ~180 KB bump expected between major
OpenWRT kernel releases.
No OpenWrt packages have hard dependencies on this; samba4 and mariadb
can take advantage if available (+KERNEL_IO_URING:liburing) but
otherwise build and work fine.
Since CONFIG_IO_URING is already managed via the KERNEL_IO_URING setting
in Config-kernel.in (default Y), remove it from those target configs
which unconditionally enable it, and update the defaults to enable it
conditionally only on more powerful 64-bit x86 and arm devices. It may
still be manually enabled as needed for high-performance custom builds.
Tony Ambardar [Wed, 30 Nov 2022 01:52:46 +0000 (17:52 -0800)]
kernel: fix handling of CONFIG_DYNAMIC_DEBUG
Since CONFIG_DYNAMIC_DEBUG is already managed via the KERNEL_DYNAMIC_DEBUG
setting in Config-kernel.in (default N), remove or disable it in target
configs which unconditionally enable it, along with the related setting
CONFIG_DYNAMIC_DEBUG_CORE. This saves several KB in the kernels for
ipq40xx, ipq806x, filogic, mt7622, qoriq, and sunxi.
This activates CONFIG_SLAB_FREELIST_RANDOM.
This option make the free list less predictable. This makes it harder to
exploit heap based security vulnerabilities.
This adds a little bit more code to the kernel and a small additional
compute overhead.
Paul Spooren [Mon, 1 May 2023 15:52:34 +0000 (17:52 +0200)]
omap: mark source only
The target is currently broken with Kernel 5.15 and no one in sight to
fix it. Instead of stalling the next release indefinitely, make it
source only and see if someone steps up to fix it.
Signed-off-by: Paul Spooren <paul.spooren@rhebo.com>
Paul Spooren [Mon, 1 May 2023 15:56:36 +0000 (17:56 +0200)]
lantiq: mark source only
The target is currently broken with Kernel 5.15 and no one in sight to
fix it. Instead of stalling the next release indefinitely, make it
source only and see if someone steps up to fix it.
Signed-off-by: Paul Spooren <paul.spooren@rhebo.com>
Felix Baumann [Fri, 21 Apr 2023 01:39:38 +0000 (03:39 +0200)]
ramips: mt7621: add support for Cudy X6 v2
Rename existing device to v1 and create common .dtsi
Difference to v1: 16MB Flash
Specifications:
SoC: MediaTek MT7621
RAM: 256 MB
Flash: 16 MB (SPI NOR, XM25QH128C on my device)
WiFi: MediaTek MT7915E
Switch: 1 WAN, 4 LAN (Gigabit)
Buttons: Reset, WPS
LEDs: Two Power LEDs (blue and red; together they form purple)
Power: DC 12V 1A center positive
Serial: 115200 8N1
C440 - (3V3 - GND - RX - TX) - C41 | v1 and v2
(P - G - R - T) | v2 labels them on the board
Installation:
Download and flash the manufacturer's built OpenWrt image available at
http://www.cudytech.com/openwrt_software_download
Install the new OpenWrt image via luci (System -> Backup/Flash firmware)
Be sure to NOT keep settings.
Recovery:
Loads only signed manufacture firmware due to bootloader RSA verification
Serve tftp-recovery image as /recovery.bin on 192.168.1.88/24
Connect to any lan ethernet port
Power on the device while holding the reset button
Wait at least 8 seconds before releasing reset button for image to
download
MAC addresses as verified by OEM firmware:
use address source
LAN f4:a4:54:86:75:a2 label
WAN f4:a4:54:86:75:a3 label + 1
2g f4:a4:54:86:75:a2 label
5g f6:a4:54:b6:75:a2 label + LA-Bit set + 4th oktet increased
Jan Hoffmann [Sat, 11 Mar 2023 20:34:25 +0000 (21:34 +0100)]
realtek: hpe_1920-8g: add phy-handle for SFP ports
The switch driver actually expects every port to have a PHY handle, and
several branches in the code determine if a port is valid by checking
for a non-zero phy field.
Daniel Golle [Sun, 30 Apr 2023 03:01:12 +0000 (04:01 +0100)]
mediatek: no longer hard-code WAN PHY of Netgear WAX206
The RealTek 2.5G PHY providing the WAN port of the Netgear WAX206 has
previously been hard-coded in the device tree. Now that the PHY can be
probed correctly also via Clause-45 MDIO, use that instead.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Daniel Golle [Sun, 30 Apr 2023 02:59:55 +0000 (03:59 +0100)]
generic: net: phy: realtek: detect early version of RTL8221B
Early versions (?) of the RTL8221B PHY cannot be identified in a regular
Clause-45 bus scan as the PHY doesn't report the implemented MMDs
correctly but returns 0 instead.
Implement custom identify function using the PKGID instead of iterating
over the implemented MMDs to work-around this problem.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
ramips: add factory image for TP-Link EC330-G5u v1
This commit adds factory.bin image for TP-Link EC330-G5u v1. This allows
to install OpenWrt without connecting a serial cable (UART).
Installation using factory image
--------------------------------
Tested with "3.16.0 0.9.1 v6037.0 Build 191016 Rel.30619nb" TP-Link
firmware.
1. Login to the router web interface (http://192.168.0.1/ by default) and
save running config to "conf.bin" file
2. Open configuration file in any TP-Link config editor (e.g.
https://jahed.github.io/tp-link-config-editor/)
3. Find "DeviceInfo" section and insert a new string "<Description
val="Modem Router`telnetd -p 1023 -l login`" />" according to the
following example:
<DeviceInfo>
...
<Description val="Modem Router`telnetd -p 1023 -l login`" />
...
</DeviceInfo>
4. Save configuration file and upload changed configuration using stock
firmware interface
5. Login using telnet to IP:192.168.0.1 (Username:admin, password:1234)
6. Run "cat /proc/mtd | grep mtd7"
a. If the result is 'mtd7: 0300000000020000 "rootfs" 03400000',
then install stock firmware using web interface to toggle booted
firmware image from "os1" to "os0"
b. If the result is 'mtd7: 0300000000020000 "rootfs" 00400000',
then all is ok, go to the next step
7. Set up a tftp server with OpenWrt factory.bin image (IP:192.168.0.100
in this example)
8. Login using telnet to 192.168.0.1
9. Download OpenWrt factory.bin image from the tftp server:
cd /tmp
tftp -g -r factory.bin 192.168.0.100
10. Write OpenWrt factory.bin image:
dd if=/tmp/factory.bin of=/dev/mtdblock1
11. Power cycle the router
ramips: TP-Link EC330-G5u v1: switch to mac-address-ascii
The TP-Link EC330-G5u v1 router has MAC address that stored in factory mtd
in ascii format. This commit makes the router use of "mac-address-ascii"
in dts.
After the change:
1. All MAC addresses are explicitly assigned in dts (the workarounds in
network scripts are no longer needed);
2. gmac0 (eth0) MAC address is no longer random.
Antonio Vázquez [Sat, 21 Jan 2023 21:34:28 +0000 (22:34 +0100)]
ramips: lzma-loader: Refactor loader
* Delete unused lantiq makefile
* Delete redundant makefiles and unify them into the main makefile
* Refactor and unify board code into a single file
* Add support and review subtarget specific board support
Signed-off-by: Antonio Vázquez <antoniovazquezblanco@gmail.com>
The DAP-1620 rev B is a wall-plug AC1300 repeater.
Specifications:
- MT7621AT, 256 MiB RAM, 16 MiB SPI NOR
- MT7615DN 2x2 802.11n +2x2 802.11ac (DBDC)
- Ethernet: 1 port 10/100/1000
- Status LEDs (1x red+green)
- LED RSSI bargraph (2x green, 1x red+green)
Installation:
- Keep reset button pressed during plug-in
- Web Recovery Updater is at 192.168.0.50
- Upload factory.bin, confirm flashing
(seems to work best with Chromium-based browsers)
Revert to OEM firmware:
- tail -c+117 DAP1620B1_FW212B03.bin | \
openssl aes-256-cbc -d -md md5 -out decrypted.bin \
-k 905503a4e0c3cd3c1ce062246de427a68962347e
- flash decrypted.bin via D-Link Web Recovery
This deactivates the CONFIG_COMPAT kernel option.
With CONFIG_COMPAT the kernel will provide syscall interfaces for arm32
binaries in addition to the interfaces needed for arm64 binaries.
In OpenWrt the complete userspace is compiled for this specific
architecture and support for 32 bit ARM applications is not needed.
This reduces the size and the attack surface for the systems.
On all other targets CONFIG_COMPAT is already deactivated.
kernel: Activate CONFIG_HARDENED_USERCOPY for all targets
This activates CONFIG_HARDENED_USERCOPY for the remaining targets. This
adds additional checks in the copy_from_user() and copy_to_user()
functions.
This was not activated for ARCHS38 before because of a bug in the Linux
kernel 5.4 till 5.14, which as fixed and is described here:
https://github.com/foss-for-synopsys-dwc-arc-processors/linux/issues/15
I do not know why this was deactivated for mt7629 and rockchip.
The device is cloud-managed, but there is a hidden local firmware upgrade
page in the OEM web interface. The device has to be registered in the
cloud in order to be able to access this page.
The system has a dual firmware design, there is no way to tell which
firmware is currently booted. Therefore, an -initramfs version is flashed
first.
1. Log into the OEM web GUI
2. Access the hidden upgrade page by navigating to
https://192.168.212.1/gui/#/main/debug/firmwareupgrade
3. Upload the -initramfs-kernel.bin file and flash it
4. Wait for OpenWrt to boot and log in via SSH
5. Transfer the sysupgrade file via SCP
6. Run sysupgrade to install the image
7. Reboot and enjoy
NB: If the initramfs version was installed in RAS2, the sysupgrade script
sets the boot number to the first partition. A backup has to be performed
manually in case the OEM firwmare should be kept.
The UART method is more difficult, as the boot loader does not have a
timeout set. A semi-working stock firmware is required to configure it:
1. Attach UART
2. Boot the stock firmware until the message about failsafe mode appears
3. Enter failsafe mode by pressing "f" and "Enter"
4. Type "mount_root"
5. Run "fw_setenv bootmenu_delay 3"
6. Reboot, U-Boot now presents a menu
7. The -initramfs-kernel.bin image can be flashed using the menu
8. Run the regular sysupgrade for a permanent installation
Changing the partition to boot is a bit cumbersome in U-Boot, as there is
no menu to select it. It can only be checked using mstc_bootnum. To change
it, issue the following commands in U-Boot:
This selects FW1. Replace "mw.b 1800004 1 1" by "mw.b 1800004 2 1" to
change to the second slot.
Back to stock
=============
It is possible to flash back to stock, but a OEM firmware upgrade is
required. ZyXEL does not provide the link on its website, but the link
can be acquired from the OEM web GUI by analyzing the transferred JSON
objects.
It is then a matter of writing the firmware to Kernel2 and setting the
boot partition to FW2:
Lech Perczak [Sat, 6 Nov 2021 16:56:03 +0000 (17:56 +0100)]
umbim: include MBIM-provided DNS servers also with DHCP mode
In MBIM interfaces, DNS servers may be provided out-of-band regardless
whether DHCP is used for configuration, or not. Move the DNS
configuration outside "if" blocks to support that.
Lech Perczak [Sat, 6 Nov 2021 15:01:02 +0000 (16:01 +0100)]
umbim: handle MTU configuration
Allow setting interface MTU through UCI. If this is not set,
use MBIM-provided MTU, if provided through control channel.
If separate MTUs are provided for IPv4 and IPv6, apply larger of them.
This is very unlikely and possible only for IPv4v6 dual-stack configuration.
Lech Perczak [Sat, 6 Nov 2021 12:35:15 +0000 (13:35 +0100)]
umbim: support multiple-valued configuration fields
MBIM supports multiple values for IP address and DNS server, and such
configuration is available through output of MBIM. Use new helper
method to support adding multiple addresses and DNS servers to static
interfaces for both IPv4 and IPv6.
Lech Perczak [Sat, 6 Nov 2021 12:21:32 +0000 (13:21 +0100)]
umbim: add "_proto_mbim_get_field" helper
Add a new helper to extract IP configuration from umbim output. This is
required to extract fields which can possibly have multiple values,
namely IP addresses and DNS servers, and get rid of primitive parser
using 'eval' builtin without support for this.
Lech Perczak [Sat, 6 Nov 2021 02:02:08 +0000 (03:02 +0100)]
umbim: log output of 'config' step
Display full configuration obtained using MBIM control channel in the
log, from umbim output verbatim, for easier troubleshooting, and in
preparation for parser refactoring.
Lech Perczak [Fri, 6 Aug 2021 20:29:57 +0000 (22:29 +0200)]
umbim: pass ipXtable to child interfaces
Inspired by commti e51aa699f7ca, allow setting specific routing tables
via ip4table and ip6table options, by passing them on child interfaces
created by MBIM protocol handler.
umbim: use static config by default, fallback to DHCP
Finally, inspired by ModemManager's logic, make static configuration
obtained through MBIM control channel, preferred.
If IP configuration is not available this way, fallback to DHCP(v6) if
enabled, else do not create a sub-interface for unavailable IP type.
Lech Perczak [Mon, 9 Jan 2023 21:54:07 +0000 (22:54 +0100)]
umbim: separate DHCPv6 configuration from DHCP(v4)
Now, that sub-interface setup is split by IP type, and separate checks
are performed for DHCP selection, it is possible to control DHCP on v4
an v6 sub-interfaces instantly. Add "dhcpv6" variable, akin to QMI
option, to control behaviour of DHCPv6 separately from IPv4 option,
which is required for some mobile operators.
Check whether interface is configured per IP type, not per DHCP. This is
preparation to allow fallback to DHCP if static IP configuration is not
available, which is the default option for MBIM modems
umbim: inherit "peerdns" option from parent interface
MBIM protocol handler should intherit "peerdns" options from parent
interface on sub-interfaces, otherwise upstream DNS servers are applied
regardless of configuration.
umbim: use IP configuration provided by MBIM by default
Previously, DHCP was used. According to MBIM Specification v1.0 errata 1 [1],
section 10.5.20, MBIM_CID_IP_CONFIGURATION,
if MBIM information element containing IP configuration is available,
host shall use it, and fall back to in-band mechanisms to acquire it therwise -
therefore make static configuration the default.
Lech Perczak [Mon, 21 Feb 2022 21:48:10 +0000 (22:48 +0100)]
umbim: detect actual connection IP type
Current implementation needlessly creates both IPv4 and IPv6
sub-interfaces for single-stack IP types. Limit this only to selected IP
type. While at that, ensure that IP type is also passed to umbim during
"connect" phase. In addition, detect the actual established connection
type returned by umbim and set up subinterfaces according to that,
not to requested configuration. While at that, allow empty IP type explicitly,
interpreted as "any" according to MBIM specification.
Lech Perczak [Mon, 9 Jan 2023 21:08:07 +0000 (22:08 +0100)]
umbim: fail connect step immediately
Subsequent calls to 'umbim connect' do not have any effect if a failure
occured, and in such case an infinite loop without timeout is created,
leading to possibility of interface stuck at connecting forever.
Drop this loop, and issue MBIM disconnect properly, so netifd can
restart from scratch.
This issue can be observed with Sierra EM7455 at changing APN, which
causes network re-registration by default, and a MBIM transaction
timeout, which is resolved on next interface bringup by netifd.
Lech Perczak [Tue, 15 Feb 2022 00:44:32 +0000 (01:44 +0100)]
umbim: connect session for only the selected PDP type
Previous implementation automatically set up connections for both IPv4
and IPv6, even if one of them isn't supported. Respect the "pdptype"
option in the same way, as it is done for QMI or NCM, and only start the
respective PDN sessions, if set.
1. The mtk_bmt driver recursively calls its scan_bmt() helper function
during device initialization, while looking for a valid block
mapping table (BMT).
- increased the size of some stack-allocated structures (like
struct mtd_oob_ops, used in bbt_nand_read(), which is indirectly
called from scan_bmt()),
- increased the stack size for some functions (for example,
spinand_mtd_read(), which is indirectly called from scan_bmt(),
now uses an extra stack-allocated struct mtd_ecc_stats).
3. OpenWrt currently compiles the kernel with the
-fno-optimize-sibling-calls flag, which prevents tail-call
optimization.
Collectively, all of these factors caused stack usage in the mtk_bmt
driver to grow excessively large, triggering stack overflows.
Recursion is not really necessary in scan_bmt() as it simply iterates
over flash memory blocks in reverse order, looking for a valid BMT.
Refactor the logic contained in the scan_bmt() and read_bmt() functions
in target/linux/generic/files/drivers/mtd/nand/mtk_bmt_v2.c so that deep
recursion is prevented (and therefore also any potential stack overflows
it may cause).
This activates some extra checks in SLAB or SLUB to make it harder to
execute kernel heap exploits. This adds a minor performance
degradation which I haven't measured-.
Many mainstream Linux distributions also activate this option.
kernel: Initialize RNG using CPU RNG and bootloader
This activates the following kernel options by default:
* CONFIG_RANDOM_TRUST_CPU
* CONFIG_RANDOM_TRUST_BOOTLOADER
With these option Linux will also use data from the CPU RNG e.g. RDRAND
and the bootloader to initialize the Linux RNG if such sources are
available.
These random bits are used in addition to the other sources, no other
sources are getting deactivated. I read that the Chacha mixer isn't
vulnerable to injected entropy, so this should not be a problem even if
these sources might inject bad random data.
The Linux kernel suggests to activate both options, Debian also
activates them. This does not increase kernel code size.
This applies commit 02ac9c94 to fix this OpenSSL Security Advisory
issued on 20th April 2023[1]:
Input buffer over-read in AES-XTS implementation on 64 bit ARM
(CVE-2023-1255)
==============================================================
Severity: Low
Issue summary: The AES-XTS cipher decryption implementation for 64 bit
ARM platform contains a bug that could cause it to read past the input
buffer, leading to a crash.
Impact summary: Applications that use the AES-XTS algorithm on the 64
bit ARM platform can crash in rare circumstances. The AES-XTS algorithm
is usually used for disk encryption.
The AES-XTS cipher decryption implementation for 64 bit ARM platform
will read past the end of the ciphertext buffer if the ciphertext size
is 4 mod 5 in 16 byte blocks, e.g. 144 bytes or 1024 bytes. If the
memory after the ciphertext buffer is unmapped, this will trigger a
crash which results in a denial of service.
If an attacker can control the size and location of the ciphertext
buffer being decrypted by an application using AES-XTS on 64 bit ARM,
the application is affected. This is fairly unlikely making this issue a
Low severity one.
projects / thirdparty / openwrt.git / log
