openwrt/openwrt.git
6 years agoar71xx: add support for MikroTik RB931-2nD
Thibaut VARÈNE [Thu, 12 Jul 2018 11:43:36 +0000 (13:43 +0200)]
ar71xx: add support for MikroTik RB931-2nD

This patch adds support for the MikroTik RB931-2nD (hAP mini):
https://mikrotik.com/product/RB931-2nD

Specifications:
  * SoC: Qualcomm QCA9533 (650MHz)
  * RAM: 32MiB
  * Storage: 16MiB SPI NOR flash
  * Ethernet: 3x100M
  * Wireless: QCA9533 built-in, dual-chain 802.11b/g/n

Installation:

1. Setup a DHCP/BOOTP Server with the following parameters:
   * DHCP-Option 66 (TFTP server name): pointing to a local TFTP
     server within the same subnet of the DHCP range
   * DHCP-Option 67 (Bootfile-Name): matching the initramfs filename
     of the to be booted image. The usable intramfs files are:
       - openwrt-ar71xx-mikrotik-vmlinux-initramfs.elf
       - openwrt-ar71xx-mikrotik-vmlinux-initramfs-lzma.elf
       - openwrt-ar71xx-mikrotik-rb-nor-flash-16M-initramfs-kernel.bin

2. Press the reset button on the board and keep that pressed.

3. Connect the board to your local network via its Internet port.

4. Release the button after the LEDs on the board are turned off.
   Now the board should load and start the initramfs image from
   the TFTP server.

5. Now connect the board via either of its LAN ports (2 or 3).

6. Upload the sysupgrade image to the board with scp:
     $ scp openwrt-ar71xx-mikrotik-rb-nor-flash-16M-squashfs-sysupgrade.bin root@192.168.1.1:/tmp/fw.bin

7. Log in to the running system listening on 192.168.1.1 via ssh
   as root (without password):
     $ ssh root@192.168.1.1

8. Flash the uploaded firmware file from the ssh session via the
   sysupgrade command:
     root@OpenWrt:~# sysupgrade /tmp/fw.bin

Signed-off-by: Thibaut VARÈNE <hacks@slashdirt.org>
6 years agokernel: leds-apu2 remove boardname check
Lukas Mrtvy [Wed, 11 Jul 2018 08:22:27 +0000 (10:22 +0200)]
kernel: leds-apu2 remove boardname check

'In different versions of coreboot are different names of apu boardname.
No need to check boardname to load module.'

Signed-off-by: Lukas Mrtvy <lukas.mrtvy@gmail.com>
6 years agobrcm63xx: initial support for Sky SR102 router
Andrius Štikonas [Sat, 14 Jul 2018 21:53:47 +0000 (21:53 +0000)]
brcm63xx: initial support for Sky SR102 router

The sender domain has a DMARC Reject/Quarantine policy which disallows
sending mailing list messages using the original "From" header.

To mitigate this problem, the original message has been wrapped
automatically by the mailing list software.
SOC:      BCM63168 (BMIPS4350 V8.0 @400MHz)
Flash size: 16 MiB
RAM size:   128 MiB

Heavily based on patch for OpenWRT Chaos Chalmer.
Original patch and more info can be found at:
https://openwrt.org/toh/sky/sr102

Known issues:
 - Wireless and ADSL modem are not working.

Signed-off-by: Andrius Štikonas <andrius@stikonas.eu>
6 years agoapm821xx: attempt to fix sata access freezes
Christian Lamparter [Sat, 14 Jul 2018 15:21:56 +0000 (17:21 +0200)]
apm821xx: attempt to fix sata access freezes

The original vendor's driver programmed the dma controller's
AHB HPROT values to enable bufferable, privileged mode. This
along with the "same priorty for both channels" could very
well fix the freezes that have been reported on the forum by
@ticerex and @takimata.

<https://forum.lede-project.org/t/wd-mybook-live-duo-two-disks/16195/46>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
6 years agokmod-sched-cake: bump to 20180716
Kevin Darbyshire-Bryant [Sun, 15 Jul 2018 10:01:15 +0000 (11:01 +0100)]
kmod-sched-cake: bump to 20180716

Bump to the latest cake recipe.

This backports tc class support to kernel 4.9 and other than conditional
kernel compilation pre-processor macros represents the cake that has
gone upstream into kernel 4.19.  Loud cheer!

Fun may be had by changing cake tin classification for packets on
ingress. e.g.

tc filter add dev ifb4eth0 parent 800b: protocol ip u32 match \
ip dport 6981 0xffff action skbedit priority 800b:1

Where 800b: represents the filter handle for the ifb obtained by 'tc
qdisc' and the 1 from 800b:1 represents the cake tin number.  So the
above example puts all incoming packets destined for port 6981 into the
BULK (lowest priority) tin.

f39ab9a Obey tin_order for tc filter classifiers
1e2473f Clean up after latest backport.
82531d0 Reorder includes to fix out of tree compilation
52cbc00 Code style cleanup
6cdb496 Fix argument order for NL_SET_ERR_MSG_ATTR()
cab17b6 Remove duplicate call to qdisc_watchdog_init()
71c7991 Merge branch 'backport-classful'
32aa7fb Fix compilation on Linux 4.9
9f8fe7a Fix compilation on Linux 4.14
ceab7a3 Rework filter classification
aad5436 Fixed version of class stats
be1c549 Add cake-specific class stats
483399d Use tin_order for class dumps
80dc129 Add class dumping
0c8e6c1 Fix dropping when using filters
c220493 Add the minimum class ops
5ed54d2 Start implementing tc filter/class support

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
6 years agotools/e2fsprogs: Update to 1.44.3
Daniel Engberg [Sat, 14 Jul 2018 20:31:37 +0000 (22:31 +0200)]
tools/e2fsprogs: Update to 1.44.3

Update e2fsprogs to 1.44.3

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
6 years agoapm821xx: fix usb-otg on 4.14
Christian Lamparter [Sat, 14 Jul 2018 15:21:55 +0000 (17:21 +0200)]
apm821xx: fix usb-otg on 4.14

Starting with 4.14, the "amcc,dwc-otg" needs to be used
in order to get the usb-otg to work.

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
6 years agodropbear: close all active clients on shutdown
Christian Schoenebeck [Thu, 12 Jul 2018 02:36:03 +0000 (22:36 -0400)]
dropbear: close all active clients on shutdown

Override the default shutdown action (stop) and close all processes
of dropbear

Since commit 498fe85, the stop action only closes the process
that's listening for new connections, maintaining the ones with
existing clients.
This poses a problem when restarting or shutting-down a device,
because the connections with existing SSH clients, like OpenSSH,
are not properly closed, causing them to hang.

This situation can be avoided by closing all dropbear processes when
shutting-down the system, which closes properly the connections with
current clients.

Signed-off-by: Christian Schoenebeck <christian.schoenebeck@gmail.com>
[Luis: Rework commit message]
Signed-off-by: Luis Araneda <luaraneda@gmail.com>
6 years agomtd: improve check for TRX header being already fixed
Rafał Miłecki [Sun, 15 Jul 2018 21:23:42 +0000 (23:23 +0200)]
mtd: improve check for TRX header being already fixed

First of all lengths should be compared after checking all blocks for
being good/bad. It's because requested length may differ from a final
one if there were some bad blocks.

Secondly it makes sense to also compare crc32 since we already have a
new one calculated.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
6 years agocurl: Update to 7.61.0
Daniel Engberg [Sat, 14 Jul 2018 20:26:42 +0000 (22:26 +0200)]
curl: Update to 7.61.0

Update curl to 7.61.0

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
6 years agoodhcp6c: add noserverunicast config option for broken DHCPv6 servers
Hans Dedecker [Sun, 15 Jul 2018 19:53:25 +0000 (21:53 +0200)]
odhcp6c: add noserverunicast config option for broken DHCPv6 servers

Fix broken DHCPv6 servers which provide the server unicast option but
do not reply on DHCPv6 renew messages directed to the IPv6 address
contained in the server unicast option whihc results in broken IPv6
connectivity.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
6 years agomtd: support bad blocks within the mtd_fixtrx()
Rafał Miłecki [Sun, 15 Jul 2018 14:51:41 +0000 (16:51 +0200)]
mtd: support bad blocks within the mtd_fixtrx()

Reading MTD data with (p)read doesn't return any error when accessing
bad block. As the result, with current code, CRC32 covers "data" stored
in bad blocks.

That behavior doesn't match CFE's one (bootloader simply skips bad
blocks) and may result in:
1) Invalid CRC32
2) CFE refusing to boot firmware with a following error:
Boot program checksum is invalid

Fix that problem by checking every block before reading its content.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
6 years agoinclude/prereq-build.mk: explicitly check for -f flag when using busybox time
Matthias Schiffer [Sat, 14 Jul 2018 13:44:47 +0000 (15:44 +0200)]
include/prereq-build.mk: explicitly check for -f flag when using busybox time

On Debian, busybox does have a time applet, but it does not support the -f
flag. Catch this in prereq check to give users to proper error message.

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
6 years agoinclude/kernel-build.mk: fix kernel rebuild on backport patch changes
Matthias Schiffer [Sat, 14 Jul 2018 11:07:34 +0000 (13:07 +0200)]
include/kernel-build.mk: fix kernel rebuild on backport patch changes

An incorrect variable name was referenced in KERNEL_FILE_DEPENDS, leading
to the omission of the backport-* patch dirs in the generation of the
prepared stamp name.

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
6 years agokernel: backport page fragment API changes from 4.10+ to 4.9
Felix Fietkau [Sat, 14 Jul 2018 09:38:28 +0000 (11:38 +0200)]
kernel: backport page fragment API changes from 4.10+ to 4.9

mt76 now relies on this API

Signed-off-by: Felix Fietkau <nbd@nbd.name>
6 years agoppp: add missing -fPIC to rp-pppoe.so CFLAGS
Felix Fietkau [Sat, 14 Jul 2018 08:59:52 +0000 (10:59 +0200)]
ppp: add missing -fPIC to rp-pppoe.so CFLAGS

Fixes build error with LTO

Signed-off-by: Felix Fietkau <nbd@nbd.name>
6 years agoramips: ethernet: disable fraglist support
Felix Fietkau [Sat, 14 Jul 2018 06:32:36 +0000 (08:32 +0200)]
ramips: ethernet: disable fraglist support

The code has some remaining issues that cause ethernet hangs, so
disable it for now until we can get it fixed

Signed-off-by: Felix Fietkau <nbd@nbd.name>
6 years agoubus: compile with LTO enabled
Felix Fietkau [Wed, 11 Jul 2018 17:42:40 +0000 (19:42 +0200)]
ubus: compile with LTO enabled

Reduces total .ipk size by about 1k

Signed-off-by: Felix Fietkau <nbd@nbd.name>
6 years agoprocd: compile with LTO enabled
Felix Fietkau [Wed, 11 Jul 2018 17:35:40 +0000 (19:35 +0200)]
procd: compile with LTO enabled

Reduces .ipk size on MIPS from 42k to 39k

Signed-off-by: Felix Fietkau <nbd@nbd.name>
6 years agodropbear: compile with LTO enabled
Felix Fietkau [Wed, 11 Jul 2018 17:28:54 +0000 (19:28 +0200)]
dropbear: compile with LTO enabled

Reduces size of the .ipk on MIPS from 87k to 84k

Signed-off-by: Felix Fietkau <nbd@nbd.name>
6 years agofirewall: compile with LTO enabled
Felix Fietkau [Wed, 11 Jul 2018 17:23:43 +0000 (19:23 +0200)]
firewall: compile with LTO enabled

Reduces .ipk size on MIPS from 41.6k to 41.1k

Signed-off-by: Felix Fietkau <nbd@nbd.name>
6 years agoiw: compile with LTO enabled
Felix Fietkau [Wed, 11 Jul 2018 17:21:08 +0000 (19:21 +0200)]
iw: compile with LTO enabled

Reduces .ipk size on MIPS from 34k to 33k

Signed-off-by: Felix Fietkau <nbd@nbd.name>
6 years agoppp: compile with LTO enabled
Felix Fietkau [Wed, 11 Jul 2018 17:17:34 +0000 (19:17 +0200)]
ppp: compile with LTO enabled

Reduces .ipk size on MIPS from 98.5k to 98k

Signed-off-by: Felix Fietkau <nbd@nbd.name>
6 years agoppp: fix linker flags for the radius plugin
Felix Fietkau [Wed, 11 Jul 2018 17:14:53 +0000 (19:14 +0200)]
ppp: fix linker flags for the radius plugin

Signed-off-by: Felix Fietkau <nbd@nbd.name>
6 years agonetifd: compile with LTO enabled
Felix Fietkau [Wed, 11 Jul 2018 16:55:02 +0000 (18:55 +0200)]
netifd: compile with LTO enabled

Reduces .ipk size from 65k to 63k on MIPS

Signed-off-by: Felix Fietkau <nbd@nbd.name>
6 years agobusybox: compile with LTO enabled
Felix Fietkau [Wed, 11 Jul 2018 16:30:03 +0000 (18:30 +0200)]
busybox: compile with LTO enabled

In the default configuration on MIPS, it reduces the .ipk size
from 214k to 207k

Signed-off-by: Felix Fietkau <nbd@nbd.name>
6 years agomt76: update to the latest version
Felix Fietkau [Fri, 13 Jul 2018 14:36:39 +0000 (16:36 +0200)]
mt76: update to the latest version

08719b1 mt76: use a per rx queue page fragment cache
4d2c565 mt76x2: reset HW before probe
f622975 mt76x2: fix CCK protection control frame rate
6780375 mt76x2: add frame protection support

Signed-off-by: Felix Fietkau <nbd@nbd.name>
6 years agoinclude/feeds.mk: rework generation of opkg distfeeds.conf
Matthias Schiffer [Mon, 9 Jul 2018 22:00:01 +0000 (00:00 +0200)]
include/feeds.mk: rework generation of opkg distfeeds.conf

Allow enabling/commenting/disabling each feed individually by using a
tristate config symbol.

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
6 years agobase-files: fix feed list in PKG_CONFIG_DEPENDS
Matthias Schiffer [Mon, 9 Jul 2018 21:50:28 +0000 (23:50 +0200)]
base-files: fix feed list in PKG_CONFIG_DEPENDS

FEEDS_ENABLED and FEEDS_DISABLED are derived from FEEDS_AVAILABLE, not
FEEDS_INSTALLED.

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
6 years agoinclude/feeds.mk: always add available feeds to PACKAGE_SUBDIRS
Matthias Schiffer [Mon, 9 Jul 2018 20:13:19 +0000 (22:13 +0200)]
include/feeds.mk: always add available feeds to PACKAGE_SUBDIRS

Setting CONFIG_FEED_... symbols combined two different effects: Disabling
a feed in the generated opkg distfeeds.conf, and omitting the feed from
PACKAGE_SUBDIRS.

It does not make sense to omit built feeds from PACKAGE_SUBDIRS, as it will
only lead to packages that can be enabled in .config (and that will
consequently be built) not to be found during rootfs creation, breaking
the build. All feeds that packages are emitted to should simply always be
added to PACKAGE_SUBDIRS instead; the CONFIG_FEED_... only configure the
generated distfeeds.conf like this.

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
6 years agoscripts/feeds: add src-dummy method
Matthias Schiffer [Mon, 9 Jul 2018 20:00:27 +0000 (22:00 +0200)]
scripts/feeds: add src-dummy method

The src-dummy method does not actually obtain any feed, but it can be used
to insert addtional entries into the opkg distfeeds.conf. This is useful to
make package feeds available to users without requiring the corresponding
source feeds to be available during build.

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
6 years agoramips: ethernet: use own page_frag_cache
Felix Fietkau [Thu, 12 Jul 2018 15:19:07 +0000 (17:19 +0200)]
ramips: ethernet: use own page_frag_cache

Using the NAPI or netdev frag cache along with other drivers can lead to
32 KiB pages being held for a long time, despite only being used for
very few page fragment.
This can happen if the ethernet driver grabs one or two fragments for rx
ring refill, while other drivers use (and free up) the remaining
fragments. The 32 KiB higher-order page can only be freed once all users
have freed their fragments, which only happens after the rings of all
drivers holding the fragments have wrapped around.

Depending on the traffic patterns, this can waste a lot of memory and
look a lot like a memory leak

Signed-off-by: Felix Fietkau <nbd@nbd.name>
6 years agoramips: ethernet: use skb_free_frag to free fragments
Felix Fietkau [Thu, 12 Jul 2018 15:18:37 +0000 (17:18 +0200)]
ramips: ethernet: use skb_free_frag to free fragments

Signed-off-by: Felix Fietkau <nbd@nbd.name>
6 years agoramips: TP-Link TL-WR902AC v3: add missing wps button
Peter Lundkvist [Mon, 9 Jul 2018 10:54:18 +0000 (12:54 +0200)]
ramips: TP-Link TL-WR902AC v3: add missing wps button

Signed-off-by: Peter Lundkvist <peter.lundkvist@gmail.com>
6 years agoramips: TP-Link TL-WR902AC v3: don't build factory image
Peter Lundkvist [Mon, 9 Jul 2018 10:54:17 +0000 (12:54 +0200)]
ramips: TP-Link TL-WR902AC v3: don't build factory image

The line that produces factory image was accidentally left by me while
testing before inital commit.

I came to the conclusion that flashing from OEM firmware does not work
(seems to share this behavior with other tplinks based on mt7628).

I have not done any further analysis, as I was unable to open the
case and attach a serial port (too much glue). Maybe i will try once
more.

So the way to do initial flashing (or un-bricking) is to use the
tftp-recover image. It is possible to revert to OEM firmware with tftp
recovery; in this case the first 512 bytes the image file need to be
cut off.

Signed-off-by: Peter Lundkvist <peter.lundkvist@gmail.com>
[add explaination provided via mail as commit message]
Signed-off-by: Mathias Kresin <dev@kresin.me>
6 years agotools: kernel2minor: update to latest version
Mathias Kresin [Mon, 9 Jul 2018 19:53:43 +0000 (21:53 +0200)]
tools: kernel2minor: update to latest version

9fa9190 create reproducible images

Signed-off-by: Mathias Kresin <dev@kresin.me>
6 years agoconfig: extend small_flash feature
Alex Maclean [Mon, 9 Jul 2018 17:09:05 +0000 (18:09 +0100)]
config: extend small_flash feature

Extend the small_flash feature to disable swap, core dumps, and
kernel debug info, and change the squashfs block size to 1024KiB.

Also change squashfs fragment cache to 2 for small_flash to ease memory
usage.

Signed-off-by: Alex Maclean <monkeh@monkeh.net>
6 years agokernel: only optimized for size if small_flash
Mathias Kresin [Mon, 9 Jul 2018 18:48:56 +0000 (20:48 +0200)]
kernel: only optimized for size if small_flash

Add a new config option to allow to select the default compile
optimization level for the kernel.

Select the optimization for size by default if the small_flash feature is
set. Otherwise "Optimize for performance" is set.

Add the small_flash feature flag to all (sub)targets which had the
optimization for size in their default kernel config.

Remove CC_OPTIMIZE_FOR_* symbols from all kernel configs to apply the new
setting.

Exceptions to the above are:

  - lantiq, where the optimization for size is only required for the
    xway_legacy subtarget but was set for the whole target
  - mediatek, ramips/mt7620 & ramips/mt76x8 where boards should have
    plenty of space and an optimization for size doesn't make much sense
  - rb532, which has 128MByte flash

Signed-off-by: Mathias Kresin <dev@kresin.me>
6 years agoar71xx: move boards to tiny subtarget
Mathias Kresin [Thu, 12 Jul 2018 04:29:43 +0000 (06:29 +0200)]
ar71xx: move boards to tiny subtarget

Move boards to the tiny subtarget which break the build if the kernel is
set to "Optimize for performance".

Signed-off-by: Mathias Kresin <dev@kresin.me>
6 years agoverbose.mk: quote SUBMAKE options
李国 [Fri, 6 Jul 2018 10:03:40 +0000 (18:03 +0800)]
verbose.mk: quote SUBMAKE options

build openwrt on centos 6 I should use devtoolset-3 to get gcc 4.9, but
it fail when make menuconfig. so I have to give option HOSTCC='gcc
-Wl,--copy-dt-needed-entries' to make. But it passed to sub make to
HOSTCC=gcc as micro SUBMAKE expand to HOSTCC=gcc
-Wl,--copy-dt-needed-entries. This patch fix this issue.

make -C build menuconfig HOSTCC='gcc -Wl,--copy-dt-needed-entries' V='1'
make: Entering directory `/work/openwrt/openwrt/build'
/opt/rh/devtoolset-3/root/usr/libexec/gcc/x86_64-redhat-linux/4.9.2/ld:
lxdialog/checklist.o: undefined reference to symbol 'acs_map'
//lib64/libtinfo.so.5: error adding symbols: DSO missing from command line
collect2: error: ld returned 1 exit status
make[1]: *** [mconf] Error 1
make -s -C scripts/config all CC=gcc -Wl,--copy-dt-needed-entries: build
failed. Please re-run make with -j1 V=s to see what's going on
make: *** [scripts/config/mconf] Error 1
make: Leaving directory `/work/openwrt/openwrt/build'

Signed-off-by: 李国 <uxgood.org@gmail.com>
6 years agoarc: Update variables substitutions in u-boot env files
Evgeniy Didin [Mon, 9 Jul 2018 09:31:30 +0000 (12:31 +0300)]
arc: Update variables substitutions in u-boot env files

In the latest version of u-boot (2018.05) there was a swith to
Hush shell for ARC AXS10x boards(arc770/archs38):
commit 9249d74781e1 ("ARC: AXS10x: Enable hush shell").
In Hush shell using "$()" to declare envitonment variables is forbidden,
instead of this "${}" need to be used.

Signed-off-by: Evgeniy Didin <Evgeniy.Didin@synopsys.com>
Cc: Alexey Brodkin <abrodkin@synopsys.com>
Cc: Hauke Mehrtens <hauke@hauke-m.de>
Cc: John Crispin <john@phrozen.org>
6 years agomediatek: Fix memory node for U7623
Kristian Evensen [Sat, 7 Jul 2018 13:52:01 +0000 (15:52 +0200)]
mediatek: Fix memory node for U7623

The changed applied to BananaPi R2 in upstream commit c0b0d540db1a,
which was backported to 4.14 in 4.14.53, is also required for the U7623.
Without updating the memory node, the board refuses to boot.

Fixes: d0839e020d0a ("kernel: bump 4.14 to 4.14.53")
Signed-off-by: Kristian Evensen <kristian.evensen@gmail.com>
6 years agokernel: gpio-nct5104d remove boardname check
Lukáš Mrtvý [Wed, 11 Jul 2018 09:33:55 +0000 (11:33 +0200)]
kernel: gpio-nct5104d remove boardname check

'In different versions of coreboot are different names of apu boardname.
No need to check boardname to load module.'

Signed-off-by: Lukáš Mrtvý <lukas.mrtvy@gmail.com>
6 years agonetifd: update to latest git HEAD
Hans Dedecker [Wed, 11 Jul 2018 19:50:05 +0000 (21:50 +0200)]
netifd: update to latest git HEAD

5cf7975 iprule: rework interface based rules to handle dynamic interfaces
57f87ad Introduce new interface event "create" (IFEV_CREATE)

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
6 years agoramips: clean up and fix MT7621 NAND driver issues
Felix Fietkau [Wed, 11 Jul 2018 18:56:42 +0000 (20:56 +0200)]
ramips: clean up and fix MT7621 NAND driver issues

- remove misaligned custom buffer allocation in the NAND driver
- remove broken bounce buffer implementation for 16-byte align

Let the MTD core take care of both

Fixes messages like these:
[  102.820541] Data buffer not 16 bytes aligned: 87daf08c

Signed-off-by: Felix Fietkau <nbd@nbd.name>
6 years agokernel: replace bridge port isolate hack with upstream patch backport on 4.14
Felix Fietkau [Wed, 4 Jul 2018 18:14:08 +0000 (20:14 +0200)]
kernel: replace bridge port isolate hack with upstream patch backport on 4.14

Signed-off-by: Felix Fietkau <nbd@nbd.name>
6 years agonetifd: update to the latest version
Felix Fietkau [Wed, 4 Jul 2018 18:15:56 +0000 (20:15 +0200)]
netifd: update to the latest version

c1f6a82 system-linux: add autoneg and link-partner output
e9eff34 system-linux: extend link mode speed definitions
d1251e1 system-linux: adjust bridge isolate mode for upstream attribute naming
03785fb system-linux: fix build error on older kernels

Signed-off-by: Felix Fietkau <nbd@nbd.name>
6 years agokernel: adjust bridge port isolate patch to match upstream attribute naming
Felix Fietkau [Wed, 4 Jul 2018 17:49:32 +0000 (19:49 +0200)]
kernel: adjust bridge port isolate patch to match upstream attribute naming

Newer kernels have a patch that implements compatible functionality
directly. Adjust the attribute of our own patch in preparation for
dropping it later

Signed-off-by: Felix Fietkau <nbd@nbd.name>
6 years agoprocd: update to the latest version, fixes gcc 8 build error
Felix Fietkau [Thu, 5 Jul 2018 09:16:13 +0000 (11:16 +0200)]
procd: update to the latest version, fixes gcc 8 build error

a0372ac procd: increase watchdog fd_buf storage size to fix gcc8 build error

Signed-off-by: Felix Fietkau <nbd@nbd.name>
6 years agomac80211: Expose support for ath9k Dynack
Koen Vandeputte [Mon, 2 Jul 2018 08:23:44 +0000 (10:23 +0200)]
mac80211: Expose support for ath9k Dynack

Enables support for Dynack feature.

When a remote station is far away, we need to compensate for the distance
by allowing more time for an ACK to arrive back before issueing a retransmission.
Currently, it needs to be set fixed to indicate the maximum distance the remote
station will ever be.

While this mostly works for static antennae, it introduces 2 issues:
- If the actual distance is less, speed is reduced due to a lot of wates wait-time
- If the distance becomes greater, retries start to occur and comms can get lost.

Allowing to set it dynamically using dynack ensures the best possible tradeoff
between speed vs distance.

This feature is currently only supported in ath9k.
it is also disabled by default.

Enabling it can be done in 2 ways:
- issue cmd:  iw phy0 set distance auto
- sending the NL80211_ATTR_WIPHY_DYN_ACK flag to mac80211 driver using netlink

Disabling it can be done by providing a valid fixed value.

To give an idea of a practical example:

In my usecase, we have mesh wifi device installed on ships/platforms.
Currently, the coverage class is set at 12000m fixed.

When a vessel moved closer (ex. 1500m), the measured link capacity was a lot
lower compared to setting the coverage class fixed to 1500m

Dynack completely solved this, nearly providing double the bandwidth at closer range
compared to the fixed setting of 12000m being used.

Also when a vessel sailed to a distance greater than the fixed setting,
communication was lost as the ACK's never arrived within the max allowed timeframe.

Actual distance: 6010m
iperf 60s run avg

Fixed 12150m:  31 Mbit/s
Dynack:        58 Mbit/s

Fixed 6300m:   51 Mbit/s
Dynack:        59 Mbit/s

Fixed 3000m:   13 Mbit/s  (lots of retries)
Dynack:        58 Mbit/s

Actual distance: 1504m
iperf 60s run avg

Fixed 12150m:  31 Mbit/s
Dynack:        86 Mbit/s

Fixed 6300m:   55 Mbit/s
Dynack:        87 Mbit/s

Fixed 3000m:   67 Mbit/s
Dynack:        87 Mbit/s

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
6 years agokernel: bump 4.14 to 4.14.54
Koen Vandeputte [Tue, 10 Jul 2018 09:52:53 +0000 (11:52 +0200)]
kernel: bump 4.14 to 4.14.54

Rereshed all patches

Reworked patches to match upstream:
335-v4.16-netfilter-nf_tables-add-single-table-list-for-all-fa.patch

Compile-tested on: cns3xxx, imx6, x86_64
Runtime-tested on: cns3xxx, imx6, x86_64

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
6 years agoqos-scripts: fix indentation
Moritz Warning [Tue, 10 Jul 2018 16:50:30 +0000 (18:50 +0200)]
qos-scripts: fix indentation

Signed-off-by: Moritz Warning <moritzwarning@web.de>
6 years agowireguard: bump to 0.0.20180708
Jason A. Donenfeld [Tue, 10 Jul 2018 19:29:18 +0000 (21:29 +0200)]
wireguard: bump to 0.0.20180708

* device: print daddr not saddr in missing peer error
* receive: style

Debug messages now make sense again.

* wg-quick: android: support excluding applications

Android now supports excluding certain apps (uids) from the tunnel.

* selftest: ratelimiter: improve chance of success via retry
* qemu: bump default kernel version
* qemu: decide debug kernel based on KERNEL_VERSION

Some improvements to our testing infrastructure.

* receive: use NAPI on the receive path

This is a big change that should both improve preemption latency (by not
disabling it unconditionally) and vastly improve rx performance on most
systems by using NAPI. The main purpose of this snapshot is to test out this
technique.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
6 years agoiproute2: update to 4.17.0
Hans Dedecker [Tue, 10 Jul 2018 10:19:40 +0000 (12:19 +0200)]
iproute2: update to 4.17.0

Update to the latest version of iproute2; see https://lwn.net/Articles/756991/
for a full overview of the changes in 4.17.
Remove upstream patch 002-json_print-fix-hidden-64-bit-type-promotion.
Backport upstream patch 001-rdma-sync-some-IP-headers-with-glibc fixing
rdma compile issue.
At the same time re-organize patch numbering so the OpenWRT specific
patches start at 100.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
6 years agohostapd: build with LTO enabled (using jobserver for parallel build)
Felix Fietkau [Tue, 10 Jul 2018 11:48:17 +0000 (13:48 +0200)]
hostapd: build with LTO enabled (using jobserver for parallel build)

Signed-off-by: Felix Fietkau <nbd@nbd.name>
6 years agobinutils: remove version 2.27
Felix Fietkau [Tue, 10 Jul 2018 12:21:13 +0000 (14:21 +0200)]
binutils: remove version 2.27

Signed-off-by: Felix Fietkau <nbd@nbd.name>
6 years agobinutils: update to version 2.30, resolves issues with LTO
Felix Fietkau [Tue, 10 Jul 2018 12:20:25 +0000 (14:20 +0200)]
binutils: update to version 2.30, resolves issues with LTO

Signed-off-by: Felix Fietkau <nbd@nbd.name>
6 years agobinutils: backport an upstream fix for a linker bug that triggers with LTO
Felix Fietkau [Tue, 10 Jul 2018 12:19:36 +0000 (14:19 +0200)]
binutils: backport an upstream fix for a linker bug that triggers with LTO

Signed-off-by: Felix Fietkau <nbd@nbd.name>
6 years agokernel: bcm47xxpart: fix getting user-space data partition name
Rafał Miłecki [Tue, 10 Jul 2018 12:02:00 +0000 (14:02 +0200)]
kernel: bcm47xxpart: fix getting user-space data partition name

Partition name is picked by a parser_trx_data_part_name(). It has to
get correct partition offset (taking care of bad blocks) to work
properly.

This fixes UBI support for devices that have kernel flashed on partition
with a bad block.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
6 years agonasm: disable LTO, remove host specific workarounds
Felix Fietkau [Tue, 10 Jul 2018 11:08:30 +0000 (13:08 +0200)]
nasm: disable LTO, remove host specific workarounds

The recent build failures on various platforms were apparently caused by
the fact that LTO build support in the configure script does not check
if it has a suitable version of gcc and simply assumes that gcc-ar is
available and can be used for intermediate files.

Since we really don't need to build nasm with LTO, simply disable it and
keep the whole build more portable

Signed-off-by: Felix Fietkau <nbd@nbd.name>
6 years agoodhcpd: update to latest git HEAD
Hans Dedecker [Mon, 9 Jul 2018 07:08:31 +0000 (09:08 +0200)]
odhcpd: update to latest git HEAD

345bba0 dhcpv4: improve error checking in handle_dhcpv4()
c0f6390 odhcpd: Check if open the ioctl socket failed

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
6 years agotoolchain/nasm: force ar and ranlib only on macOSX
Hauke Mehrtens [Sun, 8 Jul 2018 10:48:13 +0000 (12:48 +0200)]
toolchain/nasm: force ar and ranlib only on macOSX

On Debian 9 nasm does not build when we force it to use ranlib, for
macOSX this is needed. Only force this on macOSX and not on any other
OS, this should fix the build of nasm on Linux systems. On my Debian
system the nasm configure script selects  gcc-ranlib and gcc-ar instead.

Fixes: d3a7587eb95 ("toolchain/nasm: fix missing AR/RANLIB variables")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
6 years agobuild: README punctuation pendantry
Kevin Darbyshire-Bryant [Sun, 8 Jul 2018 10:58:07 +0000 (11:58 +0100)]
build: README punctuation pendantry

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
6 years agobuild: Update README & github help
Kevin Darbyshire-Bryant [Sat, 7 Jul 2018 21:23:01 +0000 (22:23 +0100)]
build: Update README & github help

Update README to include Openwrt branding and improve wording.

Point at the Openwrt wiki in .github templates.

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
6 years agobasefiles: Reword sysupgrade message
Kevin Darbyshire-Bryant [Wed, 4 Jul 2018 16:26:16 +0000 (17:26 +0100)]
basefiles: Reword sysupgrade message

sysupgrade 'upgrade' message more verbose than needs be.

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
6 years agoath79: add support for OCEDO Raccoon
David Bauer [Fri, 6 Jul 2018 16:23:31 +0000 (18:23 +0200)]
ath79: add support for OCEDO Raccoon

This commit adds support for the OCEDO Raccoon

SOC: Atheros AR9344
RAM:    128MB
FLASH:  16MiB
WLAN1:  AR9344 2.4 GHz 802.11bgn 2x2
WLAN2:  AR9382 5 GHz 802.11an 2x2
INPUT:  RESET button
LED:    Power, LAN, WiFi 2.4, WiFi 5
Serial: Header Next to Black metal shield
        Pinout is 3.3V - GND - TX - RX (Arrow Pad is 3.3V)
        The Serial setting is 115200-8-N-1.

NOTE: The U-Boot won't boot with the serial attached.
Boot the device without serial attached and attach it
after 3 seconds.

Tested and working:
 - Ethernet
 - 2.4 GHz WiFi
 - 5 GHz WiFi
 - TFTP boot from ramdisk image
 - Installation via ramdisk image
 - OpenWRT sysupgrade
 - Buttons
 - LEDs

Installation seems to be possible only through booting an OpenWRT
ramdisk image.

Hold down the reset button while powering on the device. It will load a
ramdisk image named 'raccoon-uImage-initramfs-lzma.bin' from 192.168.100.8.

Note: depending on the present software, the device might also try to
pull a file called 'raccoon-uimage-factory'. Only the name differs, it
is still used as a ramdisk image.

Wait for the ramdisk image to boot. OpenWRT can be written to the flash
via sysupgrade or mtd.

Due to the flip-flop bootloader which we not (yet) support, you need to
set the partition the bootloader is selecting. It is possible from the
initramfs image with

 > fw_setenv bootcmd run bootcmd_1

Afterwards you can reboot the device.

Signed-off-by: David Bauer <mail@david-bauer.net>
6 years agokernel: move CONFIG_USB_MTU3 to generic config
Hauke Mehrtens [Sat, 7 Jul 2018 21:49:37 +0000 (23:49 +0200)]
kernel: move CONFIG_USB_MTU3 to generic config

CONFIG_USB_MTU3 is not visible for the mediatek target by default, but
only when CONFIG_USB_GADGET is set. This will config option will be
remove with when running "make kernel_oldconfig", move this option to
the generic config to prevent this.

This fixes the build of the mt7623 subtarget of the mediatek target.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
6 years agokernel: disable some DRM_PANEL config options
Hauke Mehrtens [Sat, 7 Jul 2018 21:22:10 +0000 (23:22 +0200)]
kernel: disable some DRM_PANEL config options

The modules should not be build by default.
This fixes the build of the zynq target.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
6 years agotoolchain/nasm: Backport GCC8 compatibility fix from upstream repo
Ted Hess [Sat, 7 Jul 2018 20:11:48 +0000 (16:11 -0400)]
toolchain/nasm: Backport GCC8 compatibility fix from upstream repo

Signed-off-by: Ted Hess <thess@kitschensync.net>
6 years agoath79: disable unused drivers for tiny target
Lucian Cristian [Wed, 27 Jun 2018 21:55:36 +0000 (00:55 +0300)]
ath79: disable unused drivers for tiny target

Shrink the tiny kernel by moving all switch and ethernet phy drivers to
the generic kernel config instead of the target kernel config.

All boards in the tiny and nand target are either ar7240 or ar9331 based,
which don't support external xMII and therefore no external ethernet phy
can be connected. None of the boards uses a realtek switch either.

Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com>
6 years agoath79: optimize ath79 tiny target for size
Lucian Cristian [Fri, 6 Jul 2018 14:31:47 +0000 (17:31 +0300)]
ath79: optimize ath79 tiny target for size

the speed impact on tiny target is minimal and worth the size gained

Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com>
6 years agoath79: add support for UniFi AC-Mesh Pro
Christoph Krapp [Mon, 2 Jul 2018 12:39:54 +0000 (14:39 +0200)]
ath79: add support for UniFi AC-Mesh Pro

The Unifi AC-Mesh Pro has identical hardware to the Unifi AC-Pro except
USB support.
Furthermore for setting parameters like antenna gain it is helpful to
know the exact device variant.

Signed-off-by: Christoph Krapp <achterin@googlemail.com>
6 years agoramips: add support for Blueendless Kimax U35WF
Ademar Arvati Filho [Wed, 4 Jul 2018 01:29:36 +0000 (01:29 +0000)]
ramips: add support for Blueendless Kimax U35WF

Blueendless Kimax U35WF is a 3,5" HDD Enclosure with Wi-Fi and Ethernet

Patch rewritten from: https://forum.openwrt.org/viewtopic.php?id=66908
Based on: https://github.com/lede-project/source/pull/965

Specification:
- SoC: MediaTek MT7620N
- CPU/Speed: 580 MHz
- Flash-Chip: KH25L12835F Spi Flash
- Flash size: 16 MiB
- RAM: 64 MiB
- LAN: 1x 100 Mbps Ethernet
- WiFi SoC-integrated: 802.11bgn
- 1x USB 2.0
- UART: for serial console

Installation:
1. Download sysupgrade.bin
2. Open vendor web interface
3. Choose to upgrade firmware
3. After reboot connect via ethernet at 192.168.1.1

Signed-off-by: Ademar Arvati Filho <arvati@hotmail.com>
6 years agoar71xx: factor out safe loader image build code
Mathias Kresin [Thu, 5 Jul 2018 20:34:14 +0000 (22:34 +0200)]
ar71xx: factor out safe loader image build code

Add a template for safeloader images and include it instead of
overwriting variables defined in the common tp-link build commands.

Split the existing tp-link templates to proper implement the safeloader
template.

Signed-off-by: Mathias Kresin <dev@kresin.me>
6 years agoar71xx: drop unnecessary LOADER_TYPE variables
Mathias Kresin [Thu, 5 Jul 2018 20:53:16 +0000 (22:53 +0200)]
ar71xx: drop unnecessary LOADER_TYPE variables

Drop the LOADER_TYPE variables in case no loader is used at all or move
the variable to devices which are using a loader.

Signed-off-by: Mathias Kresin <dev@kresin.me>
6 years agoar71xx: get rid of copy-file
Mathias Kresin [Thu, 5 Jul 2018 20:48:54 +0000 (22:48 +0200)]
ar71xx: get rid of copy-file

Use the provided image build variables to point the kernel-bin build
command to the kernel we are interested in.

Signed-off-by: Mathias Kresin <dev@kresin.me>
6 years agoar71xx: mikrotik: cleanup nand image build code
Mathias Kresin [Wed, 4 Jul 2018 04:39:05 +0000 (06:39 +0200)]
ar71xx: mikrotik: cleanup nand image build code

Use the LOADER_TYPE variable to specify that we need the elf preloader
and append the loader via the corresponding build recipe. It allows to
enable initramfs images again for mikrotik NAND images, which caused a
build error before.

Add the minor header only to the kernel of the sysupgrade images, as it
is only required for the bootloader to find the kernel on flash.

Signed-off-by: Mathias Kresin <dev@kresin.me>
6 years agoramips: add support for I-O DATA WN-AX1167GR
INAGAKI Hiroshi [Wed, 27 Jun 2018 13:47:13 +0000 (22:47 +0900)]
ramips: add support for I-O DATA WN-AX1167GR

I-O DATA WN-AX1167GR is a 2.4/5 GHz band 11ac router, based on
MediaTek MT7621A.

Specification:

- MT7621A (2-Cores, 4-Threads)
- 64 MB of RAM (DDR2)
- 16 MB of Flash (SPI)
- 2T2R 2.4/5 GHz
- 5x 10/100/1000 Mbps Ethernet
- 2x LEDs, 4x keys (2x buttons, 1x slide switch)
- UART header on PCB
  - Vcc, GND, TX, RX from ethernet port side
  - baudrate: 115200 bps (U-Boot, OpenWrt)

Stock firmware:

In the stock firmware, WN-AX1167GR has two os images each composed of
Linux kernel and rootfs.
These images are stored in "Kernel" and "app" partition of the
following partitions, respectively.

(excerpt from dmesg):

MX25L12805D(c2 2018c220) (16384 Kbytes)
mtd .name = raspi, .size = 0x01000000 (16M) .erasesize = 0x00010000 (64K) .numeraseregions = 0
Creating 10 MTD partitions on "raspi":
0x000000000000-0x000001000000 : "ALL"
0x000000000000-0x000000030000 : "Bootloader"
0x000000030000-0x000000040000 : "Config "
0x000000040000-0x000000050000 : "Factory"
0x000000050000-0x000000060000 : "iNIC_rf"
0x000000060000-0x0000007e0000 : "Kernel"
0x000000800000-0x000000f80000 : "app"
0x000000f90000-0x000000fa0000 : "Key"
0x000000fa0000-0x000000fb0000 : "backup"
0x000000fb0000-0x000001000000 : "storage"

The flag for boot partition is stored in "Key" partition, and U-Boot
reads this and determines the partition to boot.

If the image that U-Boot first reads according to the flag is
"Bad Magic Number", U-Boot then tries to boot from the other image.
If the second image is correct, change the flag to the number
corresponding to that image and boot from that image.

(example):

## Booting image at bc800000 ...
Bad Magic Number,FFFFFFFF
Boot from KERNEL 1  !!
## Booting image at bc060000 ...
   Image Name:   MIPS OpenWrt Linux-4.14.50
   Image Type:   MIPS Linux kernel Image (lzma compressed)
   Data Size:    1865917 Bytes = 1.8 MB
   Load Address: 80001000
   Entry Point:  80001000
   Verifying Checksum ... OK
   Uncompressing Kernel Image ... OK
raspi_erase_write: offs:f90000, count:34
.
.
Done!

Starting kernel ...

Flash instruction using factory image:

1. Connect the computer to the LAN port of WN-AX1167GR
2. Connect power cable to WN-AX1167GR and turn on it
3. Access to "192.168.0.1" on the web browser and open firmware
update page ("ファームウェア")
4. Select the OpenWrt factory image and perform firmware update
5. On the initramfs image, execute "mtd erase firmware" to erase stock
firmware and execute sysupgrade with sysupgrade image for WN-AX1167GR
6. Wait ~180 seconds to complete flasing

Signed-off-by: INAGAKI Hiroshi <musashino.open@gmail.com>
6 years agolibnl: bump to 3.4.0
Konstantin Demin [Thu, 28 Jun 2018 06:21:42 +0000 (09:21 +0300)]
libnl: bump to 3.4.0

refresh patches

Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
6 years agouboot-imx: bump to 2018.03 which fixes the build issues with fdt64_t redefinitions
Vladimir Vid [Thu, 26 Apr 2018 15:52:14 +0000 (17:52 +0200)]
uboot-imx: bump to 2018.03 which fixes the build issues with fdt64_t redefinitions

* change mx6qsabresd to mx6qsabres to match defconfig name
* merge wanboard profiles since there is only one defconfig for the target device
* move wanboard options from wandboard.h to defconfig
* remove legacy patches

Signed-off-by: Vladimir Vid <vladimir.vid@sartura.hr>
6 years agomac80211: initialize sinfo in cfg80211_get_station
Sven Eckelmann [Wed, 6 Jun 2018 09:21:53 +0000 (11:21 +0200)]
mac80211: initialize sinfo in cfg80211_get_station

Most of the implementations behind cfg80211_get_station will not initialize
sinfo to zero before manipulating it. For example, the member "filled",
which indicates the filled in parts of this struct, is often only modified
by enabling certain bits in the bitfield while keeping the remaining bits
in their original state. A caller without a preinitialized sinfo.filled can
then no longer decide which parts of sinfo were filled in by
cfg80211_get_station (or actually the underlying implementations).

cfg80211_get_station must therefore take care that sinfo is initialized to
zero. Otherwise, the caller may tries to read information which was not
filled in and which must therefore also be considered uninitialized. In
batadv_v_elp_get_throughput's case, an invalid "random" expected throughput
may be stored for this neighbor and thus the B.A.T.M.A.N V algorithm may
switch to non-optimal neighbors for certain destinations.

Signed-off-by: Sven Eckelmann <sven.eckelmann@openmesh.com>
6 years agoath10k-ct: search DT for BDF variant info
Sven Eckelmann [Thu, 30 Nov 2017 13:30:06 +0000 (14:30 +0100)]
ath10k-ct: search DT for BDF variant info

Board Data File (BDF) is loaded upon driver boot-up procedure. The right
board data file is identified on QCA4019 using bus, bmi-chip-id and
bmi-board-id.

The problem, however, can occur when the (default) board data file cannot
fulfill the vendor requirements and it is necessary to use a different
board data file.

This problem was solved for SMBIOS by adding a special SMBIOS type 0xF8.
Something similar has to be provided for systems without SMBIOS but with
device trees. No solution was specified by QCA and therefore a new one has
to be found for ath10k.

The device tree requires addition strings to define the variant name

    wifi@a000000 {
     status = "okay";
     qcom,ath10k-calibration-variant = "RT-AC58U";
    };

    wifi@a800000 {
     status = "okay";
     qcom,ath10k-calibration-variant = "RT-AC58U";
    };

This would create the boarddata identifiers for the board-2.bin search

 *  bus=ahb,bmi-chip-id=0,bmi-board-id=16,variant=RT-AC58U
 *  bus=ahb,bmi-chip-id=0,bmi-board-id=17,variant=RT-AC58U

Signed-off-by: Sven Eckelmann <sven.eckelmann@open-mesh.com>
6 years agoconfig: add config option for KERNEL_TASKSTATS
Jeremiah McConnell [Wed, 20 Jun 2018 05:35:08 +0000 (23:35 -0600)]
config: add config option for KERNEL_TASKSTATS

In order for monitoring tools such as atop and htop to track and report
i/o data, kernel support for task statistics and io accounting is
required.

Add a config option to enable building this support in the kernel.

Signed-off-by: Jeremiah McConnell <miah@miah.com>
6 years agombedtls: Activate deterministic ECDSA
Hauke Mehrtens [Sun, 24 Jun 2018 19:27:41 +0000 (21:27 +0200)]
mbedtls: Activate deterministic ECDSA

With deterministic ECDSA the value k needed for the ECDSA signature is
not randomly generated any more, but generated from a hash over the
private key and the message to sign. If the value k used in a ECDSA
signature or the relationship between the two values k used in two
different ECDSA signatures over the same content is know to an attacker
he can derive the private key pretty easily. Using deterministic ECDSA
as defined in the RFC6979 removes this problem by deriving the value k
deterministically from the private key and the content which gets
signed.

The resulting signature is still compatible to signatures generated not
deterministic.

This increases the size of the ipk on mips 24Kc by about 2 KByte.
old:
166.240 libmbedtls_2.11.0-1_mips_24kc.ipk
new:
167.811 libmbedtls_2.11.0-1_mips_24kc.ipk

This does not change the ECDSA performance in a measurable way.

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
6 years agombedtls: Disable MBEDTLS_SHA256_SMALLER implementation
Daniel Engberg [Sun, 24 Jun 2018 19:19:18 +0000 (21:19 +0200)]
mbedtls: Disable MBEDTLS_SHA256_SMALLER implementation

Disable MBEDTLS_SHA256_SMALLER implementation, not enabled by default in
upstream and reduces performance by quite a bit.

Source: include/mbedtls/config.h

Enable an implementation of SHA-256 that has lower ROM footprint but also
lower performance.

The default implementation is meant to be a reasonnable compromise between
performance and size. This version optimizes more aggressively for size at
the expense of performance. Eg on Cortex-M4 it reduces the size of
mbedtls_sha256_process() from ~2KB to ~0.5KB for a performance hit of
about 30%.

The size of mbedtls increased a little bit:
ipkg for mips_24kc before:
164.382 Bytes
ipkg for mips_24kc after:
166.240 Bytes

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
6 years agombedtls: Update to 2.11.0
Daniel Engberg [Thu, 21 Jun 2018 13:30:30 +0000 (15:30 +0200)]
mbedtls: Update to 2.11.0

Update mbed TLS to 2.11.0

Disable OFB block mode and XTS block cipher mode, added in 2.11.0.
The soVersion of mbedtls changed, bump PKG_RELEASE for packages that use mbedTLS
This is to avoid having a mismatch between packages when upgrading.

The size of mbedtls increased a little bit:
ipkg for mips_24kc before:
163.846 Bytes
ipkg for mips_24kc after:
164.382 Bytes

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
6 years agombedtls: cleanup config patch
Daniel Engberg [Fri, 6 Jul 2018 13:45:06 +0000 (16:45 +0300)]
mbedtls: cleanup config patch

Clean up patch, use "//" consistently.

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
6 years agosunxi: Enable SD block devices
Daniel Engberg [Fri, 22 Jun 2018 18:55:15 +0000 (20:55 +0200)]
sunxi: Enable SD block devices

USB storage support is however SCSI Disk block device support isn't
meaning that connected devices wont enumerate.
Enable CONFIG_BLK_DEV_SD by default to fix it.

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
6 years agobrcm2708: platform.sh: fix tar directory directive
Alexandru Ardelean [Mon, 25 Jun 2018 12:03:04 +0000 (15:03 +0300)]
brcm2708: platform.sh: fix tar directory directive

BusyBox's `tar` command does not support the `--directory` directive, which
is essentially `-C` in short-form option.
BusyBox's `tar` command supports `-C`.

Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
6 years agolibconfig: update to version 1.7.2
Enrico Mioso [Sun, 1 Jul 2018 20:46:05 +0000 (22:46 +0200)]
libconfig: update to version 1.7.2

The previous link did not work here.

Compile-tested on: bcm47xx
Runtime-tested on: bcm47xx

Signed-off-by: Enrico Mioso <mrkiko.rs@gmail.com>
6 years agokernel: remove DEVMEM and DEVKMEM from target's config
Luis Araneda [Tue, 3 Jul 2018 02:54:11 +0000 (22:54 -0400)]
kernel: remove DEVMEM and DEVKMEM from target's config

These options are handled by generic configuration

Targets that need these options should select KERNEL_DEVMEM
and/or KERNEL_DEVKMEM options on OpenWRT's config

Signed-off-by: Luis Araneda <luaraneda@gmail.com>
6 years agoWDR4900v1 remove dt node for absent hw crypto.
Tim Small [Wed, 4 Jul 2018 13:05:18 +0000 (14:05 +0100)]
WDR4900v1 remove dt node for absent hw crypto.

The WDR4900v1 uses the P1040 SoC, so the device tree pulls in the
definition for the related P1010 SoC.  However, the P1040 lacks the
CAAM/SEC4 hardware crypto accelerator which the P1010 device tree
defines.  If left defined, this causes the CAAM drivers (if present) to
attempt to use the non-existent device, making various crypto-related
operations (e.g. macsec and ipsec) fail.

This commit overrides the incorrect dt node definition in the included
file.

See also:
 - https://bugs.openwrt.org/index.php?do=details&task_id=1262
 - https://community.nxp.com/thread/338432#comment-474107

Signed-off-by: Tim Small <tim@seoss.co.uk>
6 years agoca-certificates: ca-bundle: add symlink for openssl default setting
Yousong Zhou [Thu, 5 Jul 2018 10:51:54 +0000 (18:51 +0800)]
ca-certificates: ca-bundle: add symlink for openssl default setting

OpenSSL defaults X509_CERT_FILE to /etc/ssl/cert.pem.  This change is
needed for wget-ssl and possibly others to work seamlessly with fresh
ca-bundle installation

Fixes openwrt/packages#6152

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
6 years agokernel: usb: dwc2 DMA alignment fixes
Antti Seppälä [Fri, 6 Jul 2018 06:35:37 +0000 (09:35 +0300)]
kernel: usb: dwc2 DMA alignment fixes

Add two patches submitted for upstream review that significantly improve
the dwc2 driver on openwrt from kernel stability and performance
perspectives.

Fixes: FS#1367
Signed-off-by: Antti Seppälä <a.seppala@gmail.com>
6 years agolinux: update license tag to use correct SPDX tag
Florian Eckert [Fri, 6 Jul 2018 12:31:44 +0000 (14:31 +0200)]
linux: update license tag to use correct SPDX tag

Use SPDX tag.

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
6 years agotoolchain/nasm: fix missing AR/RANLIB variables
Felix Fietkau [Sat, 7 Jul 2018 12:50:51 +0000 (14:50 +0200)]
toolchain/nasm: fix missing AR/RANLIB variables

Fixes build on macOS

Signed-off-by: Felix Fietkau <nbd@nbd.name>
6 years agoperf: remove linux 4.4 workarounds
Felix Fietkau [Thu, 5 Jul 2018 13:11:07 +0000 (15:11 +0200)]
perf: remove linux 4.4 workarounds

Signed-off-by: Felix Fietkau <nbd@nbd.name>
6 years agokernel: remove linux 4.4 support
Felix Fietkau [Wed, 4 Jul 2018 17:41:26 +0000 (19:41 +0200)]
kernel: remove linux 4.4 support

Signed-off-by: Felix Fietkau <nbd@nbd.name>
6 years agolibubox: update to the latest version
Felix Fietkau [Thu, 7 Jun 2018 13:45:09 +0000 (15:45 +0200)]
libubox: update to the latest version

3c1b33b utils: add const_* byteswapping functions

Signed-off-by: Felix Fietkau <nbd@nbd.name>
6 years agofirmware: amd64-microcode: update to 20180524
Zoltan HERPAI [Sat, 7 Jul 2018 09:44:02 +0000 (11:44 +0200)]
firmware: amd64-microcode: update to 20180524

  * New microcode update packages from AMD upstream:
    + New Microcodes:
      sig 0x00800f12, patch id 0x08001227, 2018-02-09
    + Updated Microcodes:
      sig 0x00600f12, patch id 0x0600063e, 2018-02-07
      sig 0x00600f20, patch id 0x06000852, 2018-02-06
  * Adds Spectre v2 (CVE-2017-5715) microcode-based mitigation support,
    plus other unspecified fixes/updates.

Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>