OpenSSL is built with the generic linux settings for most targets,
including aarch64. These generic settings are designed for 32-bit CPU and
provide no assembler optmization: this is widely suboptimal for aarch64.
This patch simply switches to the aarch64 settings that are already
available in OpenSSL.
Here is the output of "openssl speed" before the optimization, with
"(...)" representing build flags that didn't change:
OpenSSL 1.0.2l 25 May 2017
options:bn(64,32) rc4(ptr,char) des(idx,cisc,2,int) aes(partial) blowfish(ptr)
compiler: aarch64-openwrt-linux-musl-gcc (...)
And after this patch, OpenSSL uses 64 bit mode and assembler optimizations:
OpenSSL 1.0.2l 25 May 2017
options:bn(64,64) rc4(ptr,char) des(idx,cisc,2,int) aes(partial) blowfish(ptr)
compiler: aarch64-openwrt-linux-musl-gcc (...) -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM
Here are some benchmarks on a pine64+ running latest LEDE master r5142-20d363aed3:
before# openssl speed sha aes blowfish
The 'numbers' are in 1000s of bytes per second processed.
type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes
sha1 3918.89k 9982.43k 19148.03k 24933.03k 27325.78k
sha256 4604.51k 10240.64k 17472.51k 21355.18k 22801.07k
sha512 3662.19k 14539.41k 21443.16k 29544.11k 33177.60k
blowfish cbc 16266.63k 16940.86k 17176.92k 17237.33k 17252.35k
aes-128 cbc 19712.95k 21447.40k 22091.09k 22258.35k 22304.09k
aes-192 cbc 17680.12k 19064.47k 19572.14k 19703.13k 19737.26k
aes-256 cbc 15986.67k 17132.48k 17537.28k 17657.17k 17689.26k
after# openssl speed sha aes blowfish
type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes
sha1 6770.87k 26172.80k 86878.38k 205649.58k 345978.20k
sha256 20913.93k 74663.85k 184658.18k 290891.09k 351032.66k
sha512 7633.10k 30110.14k 50083.24k 71883.43k 82485.25k
blowfish cbc 16224.93k 16933.55k 17173.76k 17234.94k 17252.35k
aes-128 cbc 19425.74k 21193.31k 22065.74k 22304.77k 22380.54k
aes-192 cbc 17452.29k 18883.84k 19536.90k 19741.70k 19800.06k
aes-256 cbc 15815.89k 17003.01k 17530.03k 17695.40k 17746.60k
For some reason AES and blowfish do not benefit, but SHA performance
improves between 1.7x and 15x. SHA256 clearly benefits the most from the
optimization (4.5x on small blocks, 15x on large blocks!).
When using EVP (with "openssl speed -evp <algo>"):
# Before, EVP mode
type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes
sha1 3824.46k 10049.66k 19170.56k 24947.03k 27325.78k
sha256 3368.33k 8511.15k 16061.44k 20772.52k 22721.88k
sha512 2845.23k 11381.57k 19467.69k 28512.26k 33008.30k
bf-cbc 15146.74k 16623.83k 17092.01k 17211.39k 17249.62k
aes-128-cbc 17873.03k 20870.61k 21933.65k 22216.36k 22301.35k
aes-192-cbc 16184.18k 18607.15k 19447.13k 19670.02k 19737.26k
aes-256-cbc 14774.06k 16757.25k 17457.58k 17639.42k 17686.53k
# After, EVP mode
type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes
sha1 7056.97k 27142.10k 89515.86k 209155.41k 347419.99k
sha256 7745.70k 29750.06k 95341.48k 211001.69k 332376.75k
sha512 4550.47k 18086.06k 39997.10k 65880.75k 81431.21k
bf-cbc 15129.20k 16619.03k 17090.56k 17212.76k 17246.89k
aes-128-cbc 99619.74k 269032.34k 450214.23k 567353.00k 613933.06k
aes-192-cbc 93180.74k 231017.79k 361766.66k 433671.51k 461731.16k
aes-256-cbc 89343.23k 209858.58k 310160.04k 362234.88k 380878.85k
Blowfish does not seem to have assembler optimization at all, and SHA
still benefits (between 1.6x and 14.5x) but is generally slower than in
non-EVP mode.
However, AES performance is improved between 5.5x and 27.5x, which is
really impressive! For aes-128-cbc on large blocks, a core i7-6600U
@2.60GHz is only twice as fast...
Signed-off-by: Baptiste Jonglez <git@bitsofnetworks.org>
Serial output was broken since 3.16 for shared uarts between
kernel and login. Fix this by adding a fix sent upstream.
While at it, drop a useless patch that adds duplicate code.
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
Newer kernels treat differing signatures an error, not just a warning,
so fix the signatures to match.
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
Minimum supported kernel is 3.18, so we don't need to test for anything
older. In addition, the API hasn't changed since then, so we don't need
to check for any kernel version at all. This helps to keeps the amount
of changes more managable.
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
Refresh patches
Remove 320-curl-confopts.m4-fix-disable-threaded-resolver.patch as
integrated upstream
See https://curl.haxx.se/changes.html for the bugfixes in 7.56.0 and
7.56.1
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Changes in v1.27.0 :
build: Fixed accidental compiler flags concatenation for MSVC (Patch from LazyHamster) (GH-1029)
build: Reduce libxml2 version requirement to 2.6.26 (Patch from Mike Lothian) (GH-1020)
asio: Support for Windows / MinGW (Patch from Daniel Evers) (GH-1027)
h2load: Print out h2 header fields with --verbose option (GH-1015)
nghttpx: Send non-final response to HTTP/1.1 or HTTP/2 client only (GH-1016)
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Commit 2e496876c6 fixed the generation of the depends line for external
kernel modules which makes it possible for the build system to
automatically detect this missing dependency. This fixes the build bot
build of the lantiq/aes target.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
The build system already defines KERNEL_CROSS which defaults to TARGET_CROSS.
Make use of this variable for kernel makefiles.
Signed-off-by: Karl Vogel <karl.vogel@gmail.com>
The NXP LSDK kernel backported changes for interface ndo_get_stats64
functions from mainline, this causes a compile error with
backports/mac80211, which expects the original 4.9 defintion.
As reversing the ndo_get_stats64 change signifcantly reduces the size of
patch 601, the patches that were aggregated into it have been
disaggregated.
Signed-off-by: Mathew McBride <matt@traverse.com.au>
These conflict with the kmod packages (such as nf-netlink)
Signed-off-by: Mathew McBride <matt@traverse.com.au>
[Add same changes for arm8_32b subtarget and refresh config]
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Mark target arc770 as source-only as it has package compile issues
(e.g. iproute2) due to the usage of uClibc.
As a prerequisite to be included in future releases the arc770 target
needs to switch either to glibc or musl.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
The creation was accidentally moved to the wrong hook, fix it by moving
it to the pre hook.
Fixes: e5e5c3f5fd ("build: ensure PKG_INFO_DIR exists before trying to use it")
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
PKG_INFO_DIR is only created at the finish step of the first package
build, but kernel modules now use it at the start. Doing a parallel build
could cause a kernel module to be the first package, breaking the build.
Fix this by ensuring the directory exists.
Fixes: 2e496876c6 ("kernel: collect module symvers for external modules")
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
Now that we have working module dependency generation, we can switch to
AutoProbe and let modprobe handle loading required modules.
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
Now that we have working module dependency generation, we can switch to
AutoProbe and let modprobe handle loading required modules.
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
Now that we have working module dependency generation, we can switch to
AutoProbe and let modprobe handle loading required modules.
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
Now that we have working module dependency generation, we can switch to
AutoProbe and let modprobe handle loading required modules.
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
Reoder the build to build the glue module first and pass the glue module's
Module.symvers to the wl driver builds.
This allows modpost to properly store a wl_glue dependency in the driver.
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
Now that we have working module dependency generation, we can switch to
AutoProbe and let modprobe handle loading required modules.
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
We already have a DEPENDS on mac80211, which should be enough to ensure
headers are available before build.
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
Now that we have working module dependency generation, we can switch to
AutoProbe and let modprobe handle loading required modules.
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
Collect module symvers for all external modules to make them available
for modpost. This fixes dependencies for most external modules.
Example:
Before:
root@LEDE:/# modinfo mt76
module: /lib/modules/4.4.74/mt76.ko
license: Dual BSD/GPL
depends:
After:
root@LEDE:/# modinfo mt76
module: /lib/modules/4.4.74/mt76.ko
license: Dual BSD/GPL
depends: mac80211,cfg80211
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
This reverts commit e7373e489d.
Support of "-s" depends on the CONFIG_DEBUG_SYSLOG compile time flag which
is not enabled for all build variants.
Revert the change for now until we can properly examine the size impact of
CONFIG_DEBUG_SYSLOG.
Fixes FS#1117.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Remove the ephy-pins from the ethernet device tree node. The ephy-pins
are useed to controll the ePHY LEDs and this board doesn't have these.
Instead one of the ePHY pins is used in GPIO mode to control the WAN
LED.
Use the switch LED trigger to control the WAN LED. Move the power LED
handling to diag.sh to show the boot status via this LED.
Add the missing kernel packages for USB and microSD card reader to the
default package selection.
Fix the maximum image size value. The board has a 32MByte flash chip.
Fixes: FS#1055
Signed-off-by: Edmunt Pienkowsky <roed@onet.eu>
[make the commit message more verbose, remove GPIO pinmux for pins not
used as GPIOs]
Signed-off-by: Mathias Kresin <dev@kresin.me>
glibc is moving to remove the include of sys/sysmacros.h from
sys/types.h, and some distros have done this early. Other libcs may
already lack this include. Include sysmacros.h explicitly.
Fixes: FS#1017
Signed-off-by: Alex Maclean <monkeh@monkeh.net>
[refresh patches]
Signed-off-by: Mathias Kresin <dev@kresin.me>
glibc is moving to remove the include of sys/sysmacros.h from
sys/types.h, and some distros have done this early. Other libcs may
already lack this include. Include sysmacros.h explicitly.
Fixes: FS#1018
Signed-off-by: Alex Maclean <monkeh@monkeh.net>
glibc is moving to remove the include of sys/sysmacros.h from
sys/types.h, and some distros have done this early. Other libcs may
already lack this include. Include sysmacros.h explicitly.
Fixes: FS#1015
Signed-off-by: Alex Maclean <monkeh@monkeh.net>
[refresh patches]
Signed-off-by: Mathias Kresin <dev@kresin.me>
glibc is moving to remove the include of sys/sysmacros.h from
sys/types.h, and some distros have done this early. Other libcs may
already lack this include. Include sysmacros.h explicitly.
Fixes: FS#1016
Signed-off-by: Alex Maclean <monkeh@monkeh.net>
The init script generated something like "DEVICE=/dev/sda" when it should
have been generating "DEVICE /dev/sda". mdadm errors on this. Patch by jow.
Also changed the default sendmail path to /usr/sbin/sendmail. No package
in LEDE provides /sbin/sendmail. msmtp provides /usr/sbin/sendmail so use
that.
Also add a patch to fix file paths for mdadm runtime files. mdadm currently
errors on them since /run is missing. Once /run is added to stock LEDE, this
patch can be removed.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
[rewrap commit message]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
The package kmod-ipt-debug builds the module xt_TRACE, which allows
users to use '-j TRACE' as target in the chain PREROUTING of the table
raw in iptables.
The kernel compilation flag NETFILTER_XT_TARGET_TRACE is also enabled so
that this feature which is implemented deep inside the linux IP stack
(for example in sk_buff) is compiled.
But a strace of iptables -t raw -I PREROUTING -p icmp -j TRACE reveals
that an attempt is made to read /usr/lib/iptables/libxt_TRACE.so, which
fails as this dynamic library is not present on the system.
I created the package iptables-mod-trace which takes care of that, and
target TRACE now works!
https://dev.openwrt.org/ticket/16694https://dev.openwrt.org/ticket/19661
Signed-off-by: Martin Wetterwald <martin.wetterwald@corp.ovh.com>
[Jo-Philipp Wich: also remove trace extension from builtin extension list
and depend on kmod-ipt-raw since its required for rules]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Tested-by: Enrico Mioso <mrkiko.rs@gmail.com>
Without this, posix_[fm]advise does not work. This causes issues with
btrfs-progs, which uses fadvise to drop caches.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Backport two fixes for the fix of CVE-2017-13080, preventing side channel
attacks and making it work for TKIP.
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
This commit fix 5GHz wireless interface used in Archer C58/C59/C60v1
and set correctly MAC address on this interface.
Signed-off-by: Henryk Heisig <hyniu@o2.pl>
IMG_PREFIX can be modified in ImageBuilder by passing EXTRA_IMAGE_NAME
on command line, but Image/Prepare is not run in ImageBuilder. This
causes missing files when IMG_PREFIX is used for target file names in
Image/Prepare, then as source file names in Image/BuildKernel or
Image/Build.
Fix this by using a fixed output file name in Image/Prepare, and copy to
the expected file name in Image/BuildKernel instead, which is run by
ImageBuilder.
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
Remove reference to pinmux group "wdt rst" on EW1200, ZBT-WG2626 and
ZBT-WG3526 devices. "wdt rst" is a pinmux function and not a pinmux
group.
Fixes the following error message during boot:
rt2880-pinmux pinctrl: invalid group "wdt rst" for function "gpio"
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Zyxel NBG6817 features a WiFi button, which becomes functional by setting
correct GPIO. It is a switch-type button, so it emits KEY_RFKILL on each ON
and OFF state. This is achieved by setting input-type to EV_SW.
Signed-off-by: Tolga Cakir <tolga@cevel.net>
Add the respective colour to the LED's names for the GL-AR150 to be conform
to the kernel. Also add netdev triggers for the LAN and WAN LED.
Signed-off-by: Paul Wassi <p.wassi@gmx.at>