Commit graph

39605 commits

Author SHA1 Message Date
Hans Dedecker
856c53f175 pending-4.4: 610-netfilter_match_bypass_default_check: fix 32bit compat layer
Patch 610-netfilter_match_bypass_default_check added an extra flag IPT_F_NO_DEF_MATCH
which is copied to user space in function copy_entries_to_user. The 32bit compat
layer function was missing the same logic to copy the flag IPT_F_NO_DEF_MATCH to
user space for a 64bit kernel and 32 bit user space.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Signed-off-by: Thierry Dutre <thierry.dutre@dtsystems.be>
2017-10-24 22:15:47 +02:00
Hans Dedecker
02ccffff3e pending-3.18: 610-netfilter_match_bypass_default_check: fix 32bit compat layer
Patch 610-netfilter_match_bypass_default_check added an extra flag IPT_F_NO_DEF_MATCH
which is copied to user space in function copy_entries_to_user. The 32bit compat
layer function was missing the same logic to copy the flag IPT_F_NO_DEF_MATCH to
user space for a 64bit kernel and 32 bit user space.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Signed-off-by: Thierry Dutre <thierry.dutre@dtsystems.be>
2017-10-24 22:15:37 +02:00
Felix Fietkau
20d363aed3 tools/squashfs: use host cflags
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-10-24 13:24:05 +02:00
Felix Fietkau
b7ea14150f ar71xx: re-enable 4k sectors for the mikrotik subtargets
On RB91x (and possibly others), there is a small SPI flash to store boot
loader and configuration. It needs 4K sectors to be able to write the
configuration using rbcfg

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-10-24 13:24:05 +02:00
Felix Fietkau
7c09fa4a74 ar71xx: fix mikrotik routerboard nand driver issues with linux 4.9
The mtd device is now embedded inside the nand chip data structure

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-10-24 13:24:04 +02:00
Felix Fietkau
65da6f9ca1 ar71xx: fix secondary gpio controller base values
In 4.9, gpio count is rounded up to 32 due to the use of bgpio in the
ath79 gpio controller driver.
Fix base values in mach files to account for that

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-10-24 13:24:04 +02:00
Julien Dusser
8d9ff6b6f7 ar71xx: lzma loader use LTO
Change the Makefile to use LTO for better code optimisations. Gains are
very low, only 270 bytes saved, but it's only Makefile changes.

Signed-off-by: Julien Dusser <julien.dusser@free.fr>
2017-10-24 13:24:04 +02:00
Julien Dusser
8c5702f2a0 ar71xx: fix lzma loader performance issues
Some bootloaders set a cache cohenrency to a very slow mode. Use code from
Linux kernel to set it to "Cacheable, noncoherent, write-back, write
allocate".

Perfomance impact is significant on TP-Link EAP245 board, kernel
decompression time fall from 33 seconds to less than 1.

Signed-off-by: Julien Dusser <julien.dusser@free.fr>
2017-10-24 13:24:04 +02:00
Stefan Oberhumer
06e41056aa libs/lzo: Reenable unaligned access on ARM, PPC, ...
Due a compiler bug on ARM targets
 ( https://gcc.gnu.org/bugzilla/show_bug.cgi?id=64516 )
unaligned access was disabled on all targets other than i386 and
x86_64 with commit 061319ec3d .

A fix has been added to lzo-2.09 so it is not necessary to disable
unaligned access within the Makefile anymore.

Signed-off-by: Stefan Oberhumer <stefan@obssys.com>
2017-10-24 13:24:04 +02:00
Florian Larysch
f28b3bb56a kernel: fixup KARCH for powerpc64 builds
The kernel calls both ppc64 and ppc32 "powerpc", so we need to fixup
LINUX_KARCH when building with ARCH=powerpc64.

Signed-off-by: Florian Larysch <fl@n621.de>
2017-10-24 13:24:04 +02:00
Florian Larysch
7ea6261b43 config: set ARCH if powerpc64 is selected in the configuration
Signed-off-by: Florian Larysch <fl@n621.de>
2017-10-24 13:24:04 +02:00
Florian Larysch
56ed89f078 target: add cpu flags for powerpc64
Signed-off-by: Florian Larysch <fl@n621.de>
2017-10-24 13:24:04 +02:00
Florian Larysch
0de93311e1 toolchain: use glibc for powerpc64 builds
Neither uClibc nor musl currently have working support for powerpc64 in
big endian mode. Thus, default to using glibc for this architecture.

Signed-off-by: Florian Larysch <fl@n621.de>
2017-10-24 13:24:04 +02:00
Florian Larysch
9e91d32718 toolchain: remove powerpc64 feature
The powerpc64 feature flag was introduced with the PS3 support, which
has been removed for quite a while and is now unused. Remove it and the
special biarch handling it triggered during the toolchain build.

Signed-off-by: Florian Larysch <fl@n621.de>
2017-10-24 13:24:04 +02:00
Florian Larysch
555985ac90 include/site: add powerpc64 config
Signed-off-by: Florian Larysch <fl@n621.de>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-10-24 13:24:04 +02:00
Florian Fainelli
1a53315951 uboot-sunxi: Backport fix for stale CONFIG_SUNXIG_GMAC references
This backports the upstream commit fixing stale references to
CONFIG_SUNXI_GMAC which have been later replaced by CONFIG_SUN7I_GMAC.
This fixes the designware MAC pinmuxing on e.g: Lamobo R1.

Refresh patches while we are at it.

Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
2017-10-23 18:42:25 -07:00
Florian Fainelli
7f0a32e21c bcm53xx: Fix SmartRG SR400AC initramfs image
The SmartRG SR400AC CFE does not accept a TRX image, just a normal
binary image.

Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
2017-10-23 18:39:29 -07:00
Florian Fainelli
818f36aa14 include: Include new location for DT bindings
Starting with commit d5d332d3f7e8 ("devicetree: Move include prefixes
from arch to separate directory") included in 4.12 and newer relocated
the dt-bindings directory, so account for that while passing CPPFLAGS
before DTC runs.

Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
2017-10-23 18:39:29 -07:00
Stijn Tintel
834810617e kernel: bump 4.9 to 4.9.58
Refresh patches.
Compile-tested: ar71xx, octeon, x86/64.
Runtime-tested: octeon, x86/64.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2017-10-23 17:23:34 +03:00
Stijn Tintel
683350873e kernel: add kmod-iio-bmp280
This driver supports the Bosch Sensortec BMP180/BMP280 pressure and
temperature sensors. It also supports the BME280 sensors with an
additional humidity channel.

Tested I2C and SPI modes with a BME280 sensor on a Raspberry Pi Zero W.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2017-10-23 12:50:30 +03:00
Stijn Tintel
19a7f44a5a kernel: move IIO modules to iio.mk
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2017-10-23 12:50:30 +03:00
Stijn Tintel
a48e5bea12 brcm2708: restore /boot/config.txt before reboot
The Raspberry Pi bootloader reads configuration values from config.txt
in the boot partition. This file allows to specify the amount of memory
to assign to the GPU, the license keys for hardware MPEG-2 and VC-1
decoding, Device Tree parameters and overlays, and lots of other things.

Since sysupgrade only restores the configuration after booting the newly
flashed image, these values will not be active, even if sysupgrade would
save /boot/config.txt. To solve this, add the file to the files to be
backed up, and restore it in platform_copy_config, before reboot.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2017-10-23 12:50:30 +03:00
Hauke Mehrtens
f7a6fd3153 ar71xx: deactivate some boards with too small kernel partitions
This affects the following boards:
 * dr344
 * archer-c58-v1
 * archer-c60-v1
 * tl-wr902ac-v1
 * tl-wr942n-v1
 * ubnt-uap-pro
 * ubnt-unifi-outdoor-plus

The build fails for any of these boards because the resulting kernel
image will not fit into the kernel partition.

When CONFIG_KERNEL_KALLSYMS  is not set it could be that the kernel will
fit onto the board again, this is the case for release images.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-10-22 23:15:11 +02:00
Hauke Mehrtens
c84b7eaedd ar71xx: use kernel 4.9 by default
Kernel 4.9 support was added about 2 weeks ago and we haven't seen any
major regression so far. This patch was not ported to kernel 4.9, this
needs some additional work:
821-serial-core-add-support-for-boot-console-with-arbitr.patch

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-10-22 15:22:51 +02:00
Hauke Mehrtens
8464d2f64a at91: remove unused at91part driver
There is no patch in the kernel 4.4 and 4.9 patches which adds this
driver to the build system.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-10-22 15:17:42 +02:00
Hauke Mehrtens
95627665cb at91: update to kernel 4.9
This brings the at91 target to kernel 4.9.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Tested-by: Ben Whitten <ben.whitten@gmail.com>
2017-10-22 15:15:55 +02:00
Hauke Mehrtens
f73ed33be1 kernel: add config option
When the kmod-at91-adc package is activated for the at91 target the new
option CONFIG_AT91_SAMA5D2_ADC is selectable and not handled. Add this
option to the kernel 4.9 configuration.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-10-22 14:49:07 +02:00
Hans Dedecker
fbde9ac718 netifd: bump to git HEAD version (FS#1037)
0f96606 proto: add point-to-point IPv4 address config support (FS#1037)
1ee788d ubus: display the point-to-point IPv4 address

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-10-19 21:48:49 +02:00
Felix Fietkau
9887afb1af ar71xx: add support for TP-LINK Archer C7 v4
TP-Link Archer C7 v4 is a dual-band AC1750 router, based on Qualcomm/Atheros
QCA9561+QCA9888.

Specification:

- 775/650/258 MHz (CPU/DDR/AHB)
- 128 MB of RAM (DDR2)
- 16 MB of FLASH (SPI NOR)
- 3T3R 2.4 GHz
- 3T3R 5 GHz
- 5x 10/100/1000 Mbps Ethernet
- 7x LED, 2x button
- UART header on PCB

Flash instruction:
1. Upload lede-ar71xx-generic-archer-c7-v4-squashfs-factory.bin via Web interface

Flash instruction using TFTP recovery:
1. Set PC to fixed ip address 192.168.0.66
2. Download lede-ar71xx-generic-archer-c7-v4-squashfs-factory.bin
and rename it to ArcherC7v4_tp_recovery.bin
3. Start a tftp server with the file tp_recovery.bin in its root directory
4. Turn off the router
5. Press and hold Reset button
6. Turn on router with the reset button pressed and wait ~15 seconds
7. Release the reset button and after a short time
the firmware should be transferred from the tftp server
8. Wait ~30 second to complete recovery.

Flash instruction under U-Boot, using UART:

1. tftp 0x81000000 lede-ar71xx-...-sysupgrade.bin
2. erase 0x9f040000 +$filesize
3. cp.b $fileaddr 0x9f040000 $filesize
4. reset

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-10-19 16:14:19 +02:00
Felix Fietkau
184c92e7fb uboot-envtools: add support for Nokia WI2A-AC200i
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-10-19 12:27:44 +02:00
Felix Fietkau
2c9aff289e ar71xx: add support for Nokia WI2A-AC200i
Specifications:
 - SoC: Qualcomm QCA9558 (720 MHz)
 - RAM: 256MB
 - Storage: 1MB NOR, 128 MB NAND flash
 - Ethernet: 1x1000M

Installation:
 1. Connect to serial console on the board
 2. Boot initramfs image over u-boot
 3. Copy image to the device and run sysupgrade

Installation without serial console is not supported at this time

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-10-19 12:27:42 +02:00
Hauke Mehrtens
2af10c30fe brcm47xx: use kernel 4.9 by default
Kernel 4.9 is now working on the brcm47xx boards, we just recently fixed
the problem that some boards did not boot at all, by changing the memory
regions used to relocate the kernel to in the loader.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-10-18 23:27:17 +02:00
Hauke Mehrtens
db4550c4c8 broadcom-wl: fix compile with kernel 4.9
ENOENT could not be found by the compiler when compiling again kernel
4.9.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-10-18 23:26:15 +02:00
Felix Fietkau
7c42f15c24 kernel: fix ftrace support on 4.9
When porting the kernel patches from 4.4 to 4.9, they were missing a
small chunk that ensures that ftrace sections are kept in the vmlinux
image, even when linked with --gc-sections

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-10-18 22:59:05 +02:00
Mathias Kresin
36d2884d55 lantiq: ARV752DPW22: fix wireless mac address
The ARV752DPW22 has the same generic mac address in the EEPROM as it
was already noticed for other lantiq boards using a ralink wireless.

Use the base mac address from the boardconfig partition as it is done
by the stock firmware.

Signed-off-by: Mathias Kresin <dev@kresin.me>
2017-10-18 22:12:45 +02:00
Mathias Kresin
a02a866519 lantiq: ARV752DPW22: set correct wireless led trigger
The ARV752DPW22 has a ralink based wireless and can not use the ath9k
only phy0tpt trigger.

Signed-off-by: Mathias Kresin <dev@kresin.me>
2017-10-18 22:12:45 +02:00
Hauke Mehrtens
48dcd2657f omap: clean up configuration
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Acked-by: Alexander Couzens <lynxis@fe80.eu>
2017-10-18 21:46:05 +02:00
Hauke Mehrtens
44b9175d7c omap: Add support for kernel 4.9
This adds support for kernel 4.9 and replaces the kernel 4.4 support.

These are lynxis test results:
panda-board a3 - works, but no network, but master/4.4 doesn't have network either.
panda-board-a4 - u-boot SPL refuse to boot.
beaglebone-black - works
beagle-board - usb attached network doesn't come up and I doesn't have a serial around.
beagle-board-xm - ToDo: image code is missing.

Kernel 4.4 does not look better, so we merge this anyway.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Acked-by: Alexander Couzens <lynxis@fe80.eu>
2017-10-18 21:45:49 +02:00
Kevin Darbyshire-Bryant
398edca82e kernel: bump 4.4 to 4.4.93
No patch refresh required.

Compile-tested for ar71xx - Archer C7 v2
Runtime-tested on  ar71xx - Archer C7 v2

Fixes the following CVEs:

- CVE-2017-15265
- CVE-2017-0786

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2017-10-18 19:44:14 +03:00
Kevin Darbyshire-Bryant
886d66abcd kernel: bump 4.9 to 4.9.57
Refresh patches.
Compile-tested for ar71xx - Archer C7 v2
Runtime-tested on  ar71xx - Archer C7 v2

Fixes the following CVEs:

- CVE-2017-7518
- CVE-2017-0786
- CVE-2017-1000255
- CVE-2017-12188
- CVE-2017-15265

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2017-10-18 19:44:09 +03:00
Stijn Tintel
060e37567e hostapd: bump PKG_RELEASE
The previous commit did not adjust PKG_RELEASE, therefore the
hostapd/wpad/wpa_supplicant packages containing the AP-side workaround
for KRACK do not appear as opkg update.

Bump the PKG_RELEASE to signify upgrades to downstream users.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2017-10-18 13:02:12 +03:00
Jason A. Donenfeld
f6c4a9c045 wireguard: version bump to 0.0.20171017
This is a simple version bump. Changes:

  * noise: handshake constants can be read-only after init
  * noise: no need to take the RCU lock if we're not dereferencing
  * send: improve dead packet control flow
  * receive: improve control flow
  * socket: eliminate dead code
  * device: our use of queues means this check is worthless
  * device: no need to take lock for integer comparison
  * blake2s: modernize API and have faster _final
  * compat: support READ_ONCE
  * compat: just make ro_after_init read_mostly

  Assorted cleanups to the module, including nice things like marking our
  precomputations as const.

  * Makefile: even prettier output
  * Makefile: do not clean before cloc
  * selftest: better test index for rate limiter
  * netns: disable accept_dad for all interfaces

  Fixes in our testing and build infrastructure. Now works on the 4.14 rc
  series.

  * qemu: add build-only target
  * qemu: work on ubuntu toolchain
  * qemu: add more debugging options to main makefile
  * qemu: simplify shutdown
  * qemu: open /dev/console if we're started early
  * qemu: phase out bitbanging
  * qemu: always create directory before untarring
  * qemu: newer packages
  * qemu: put hvc directive into configuration

  This is the beginning of working out a cross building test suite, so we do
  several tricks to be less platform independent.

  * tools: encoding: be more paranoid
  * tools: retry resolution except when fatal
  * tools: don't insist on having a private key
  * tools: add pass example to wg-quick man page
  * tools: style
  * tools: newline after warning
  * tools: account for padding being in zero attribute

  Several important tools fixes, one of which suppresses a needless warning.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-10-17 19:43:06 +02:00
Stijn Tintel
c5f97c9372 hostapd: add wpa_disable_eapol_key_retries option
Commit 2127425434 introduced an AP-side
workaround for key reinstallation attacks. This option can be used to
mitigate KRACK on the station side, in case those stations cannot be
updated. Since many devices are out there will not receive an update
anytime soon (if at all), it makes sense to include this workaround.

Unfortunately this can cause interoperability issues and reduced
robustness of key negotiation, so disable the workaround by default, and
add an option to allow the user to enable it if he deems necessary.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2017-10-17 17:25:05 +03:00
Stijn Tintel
2127425434 hostapd: backport extra changes related to KRACK
While these changes are not included in the advisory, upstream
encourages users to merge them.
See http://lists.infradead.org/pipermail/hostap/2017-October/037989.html

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2017-10-17 17:24:47 +03:00
Felix Fietkau
3db529d5cc Revert "ar71xx: Add GRO support to ag71xx"
This reverts commit 13e5e47369.
This commit causes a severe regression in LAN->WAN routing performance
for several devices. This appears to be caused by the extra requirement
to validate the SKB checksum early in the rx path, which the ethernet
hardware does not do

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-10-17 16:03:11 +02:00
Stijn Tintel
5fff2f44d5 hostapd: bump PKG_RELEASE
The previous CVE bugfix commit did not adjust PKG_RELEASE, therefore the
fixed hostapd/wpad/wpa_supplicant packages do not appear as opkg update.

Bump the PKG_RELEASE to signify upgrades to downstream users.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2017-10-17 02:13:34 +03:00
Stijn Tintel
2f701194c2 mac80211: backport kernel fix for CVE-2017-13080
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2017-10-17 01:56:31 +03:00
Hauke Mehrtens
61048c9011 at91: fix legacy build
The build system took the DTB_SIZE definition from Default and not from
production-dtb under some conditions. Move the size definitions to
Default now as it is only used in production-dtb anyway.

Thanks Mathias Kresin for helping me with this.

Fixes: c2f052acae ("at91: convert boards to generic build target")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-10-16 23:05:54 +02:00
Hauke Mehrtens
a29848c671 ppp: make the patches apply correctly again
This fixes a compile problem recently introduced by me.

Fixes: f40fd43ab2 ("ppp: fix compile warning")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-10-16 20:08:56 +02:00
Jason A. Donenfeld
699c6fcc31 wireguard: add wireguard to base packages
Move wireguard from openwrt/packages to base a package.

This follows the pattern of kmod-cake and openvpn. Cake is a fast-moving
experimental kernel module that many find essential and useful. The
other is a VPN client. Both are inside of core. When you combine the two
characteristics, you get WireGuard. Generally speaking, because of the
extremely lightweight nature and "stateless" configuration of WireGuard,
many view it as a core and essential utility, initiated at boot time
and immediately configured by netifd, much like the use of things like
GRE tunnels.

WireGuard has a backwards and forwards compatible Netlink API, which
means the userspace tools should work with both newer and older kernels
as things change. There should be no versioning requirements, therefore,
between kernel bumps and userspace package bumps.

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Acked-by: Jo-Philipp Wich <jo@mein.io>
Acked-by: Felix Fietkau <nbd@nbd.name>
2017-10-16 14:01:21 +03:00