This is a backport of the upstream commit 58bbbb598144 ("nl80211: Ignore
4addr mode enabling error if it was already enabled") which fixes same
issue as in the current fix contained in '130-wpa_supplicant-multi_ap_roam.patch',
but in a different way:
nl80211_set_4addr_mode() could fail when trying to enable 4addr mode on
an interface that is in a bridge and has 4addr mode already enabled.
This operation would not have been necessary in the first place and this
failure results in disconnecting, e.g., when roaming from one backhaul
BSS to another BSS with Multi AP.
Avoid this issue by ignoring the nl80211 command failure in the case
where 4addr mode is being enabled while it has already been enabled.
Signed-off-by: Raphaël Mélotte <raphael.melotte@mind.be>
[bump PKG_RELEASE, more verbose commit description]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Expose the SDK options for binary stripping to the menuconfig. This
way, packages can easily be built with debug symbols using the SDK.
Signed-off-by: David Bauer <mail@david-bauer.net>
The Netgear EX6150 can, just like the D-Link DIR-860L rev B1, fail to
initialise both radios in some cases. Add the reset GPIOs explicitly
so the PCI-E devices get re-initialised properly. See also FS #3632.
Error shows up in dmesg as follows:
[ 1.560764] mt7621-pci 1e140000.pcie: pcie1 no card, disable it (RST & CLK)
Tested-by: Kurt Roeckx <kurt@roeckx.be>
Signed-off-by: Stijn Segers <foss@volatilesystems.org>
[removed period from commit title]
Signed-off-by: David Bauer <mail@david-bauer.net>
OpenSSL downloads itself are distributed using Akamai CDN, so use these
sources as the highest priority.
Remove a stale mirror which seems to be offline for a longer time
already.
Add fallbacks to the old release path also for the mirrors.
Signed-off-by: David Bauer <mail@david-bauer.net>
This adds Kernel 5.10 support for the generic, nand and tiny subtargets.
The following patch is not contained, as it needs to be reworked:
platform/920-mikrotik-rb4xx.patch
Tested-on:
- Siemens WS-AP3610
- Enterasys WS-AP3710
- Aerohive HiveAP 121
- TP-Link TL-WA901 v2
- TP-Link TL-WR741 v1
Signed-off-by: David Bauer <mail@david-bauer.net>
Adapt the driver to make it work with the NAND subsystem changes between
kernel 5.4 and 5.10.
Tested-on: Aerohive HiveAP121
Signed-off-by: David Bauer <mail@david-bauer.net>
Specify the device_type property for PCI as well as PCIe controllers.
Otherwise, the PCI range parser will not be selected when using kernel
5.10.
Signed-off-by: David Bauer <mail@david-bauer.net>
Tested on: Sophos RED 15W
The TP-Link WL-WDR4900 needs to be disabled when 5.10 becomes the
default kernel.
When building with all kmods enabled, the resulting kernel image
exceeds the maximum size the bootloader reads from the flash.
For more information, see GitHub issue #1773
Signed-off-by: David Bauer <mail@david-bauer.net>
Remove all upstreamed patches and add the kernel configuration for
version 5.10.
The Rock Pi 4 was split in multiple versions. Add a DTS with the old
name in order to keep compatibility while having kernel 5.4 and 5.10 in
parallel. Switch to the Rock Pi 4A DTS once Kernel 5.4 support is
removed.
Tested-on: Nanoi R2S
Signed-off-by: David Bauer <mail@david-bauer.net>
Support new devices LS1046AFRWY and LX2160ARDB in README.
Clean up README, and add missing LS1021ATWR deploy guide.
Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
[adjust set of devices added, update commit message/title]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
The QorIQ LX2160A reference design board provides a comprehensive platform
that enables design and evaluation of the LX2160A processor.
- Enables network intelligence with the next generation Datapath (DPPA2)
which provides differentiated offload and a rich set of IO, including
10GE, 25GE, 40GE, and PCIe Gen4
- Delivers unprecedented efficiency and new virtualized networks
- Supports designs in 5G packet processing, network function
virtualization, storage controller, white box switching, network
interface cards, and mobile edge computing
- Supports all three LX2 family members (16-core LX2160A; 12-core LX2120A;
and 8-core LX2080A)
Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
[use AUTORELEASE, add dtb to firmware part]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Add ddr-phy package for layerscape. Currently only LX2160ARDB
requires the package.
Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
[use AUTORELEASE]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
The LS1046A Freeway board (FRWY) is a high-performance computing,
evaluation, and development platform that supports the QorIQ
LS1046A architecture processor capable of support more than 32,000
CoreMark performance. The FRWY-LS1046A board supports the QorIQ
LS1046A processor, onboard DDR4 memory, multiple Gigabit Ethernet,
USB3.0 and M2_Type_E interfaces for Wi-Fi.
The FRWY-LS1046A-TP includes the Coral Tensor Flow Processing Unit
that offloads AI/ML inferencing from the CPU to provide significant
boost for AI/ML applications. The FRWY-LS1046A-TP includes one M.2
TPU module and more modules can easily be added including USB
versions of the module to scale the AI/ML performance.
Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
[rebase, use AUTORELEASE, fix sorting, add dtb to firmware part]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Upcoming devices will not need the migration setup, so let's move
it out of the common definition.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
As kernel size increased it start to fail to load squishfs image,
using lzma-loader fixed it.
wevo_11acnas is almost same device as w2914ns-v2 except ram size,
so I expect same thing would've happen in that device too.
Signed-off-by: Seo Suchan <abnoeh@mail.com>
Reviewed-by: Sungbo Eo <mans0n@gorani.run>
The TP-Link EAP235-Wall is a wall-mounted, PoE-powered AC1200 access
point with four gigabit ethernet ports.
When connecting to the device's serial port, it is strongly advised to
use an isolated UART adapter. This prevents linking different power
domains created by the PoE power supply, which may damage your devices.
The device's U-Boot supports saving modified environments with
`saveenv`. However, there is no u-boot-env partition, and saving
modifications will cause the partition table to be overwritten. This is
not an issue for running OpenWrt, but will prevent the vendor FW from
functioning properly.
Device specifications:
* SoC: MT7621DAT
* RAM: 128MiB
* Flash: 16MiB SPI-NOR
* Wireless 2.4GHz (MT7603EN): b/g/n, 2x2
* Wireless 5GHz (MT7613BEN): a/n/ac, 2x2
* Ethernet: 4× GbE
* Back side: ETH0, PoE PD port
* Bottom side: ETH1, ETH2, ETH3
* Single white device LED
* LED button, reset button (available for failsafe)
* PoE pass-through on port ETH3 (enabled with GPIO)
Datasheet of the flash chip specifies a maximum frequency of 33MHz, but
that didn't work. 20MHz gives no errors with reading (flash dump) or
writing (sysupgrade).
Device mac addresses:
Stock firmware uses the same MAC address for ethernet (on device label)
and 2.4GHz wireless. The 5GHz wireless address is incremented by one.
This address is stored in the 'info' ('default-mac') partition at an
offset of 8 bytes.
From OEM ifconfig:
eth a4:2b:b0:...:88
ra0 a4:2b:b0:...:88
rai0 a4:2b:b0:...:89
Flashing instructions:
* Enable SSH in the web interface, and SSH into the target device
* run `cliclientd stopcs`, this should return "success"
* upload the factory image via the web interface
Debricking:
U-boot can be interrupted during boot, serial console is 57600 baud, 8n1
This allows installing a sysupgrade image, or fixing the device in
another way.
* Access serial header from the side of the board, close to ETH3,
pin-out is (1:TX, 2:RX, 3:GND, 4:3.3V), with pin 1 closest to ETH3.
* Interrupt bootloader by holding '4' during boot, which drops the
bootloader into its shell
* Change default 'serverip' and 'ipaddr' variables (optional)
* Download initramfs with `tftpboot`, and boot image with `bootm`
# tftpboot 84000000 openwrt-initramfs.bin
# bootm
Revert to stock:
Using the tplink-safeloader utility from the firmware-utils package,
TP-Link's firmware image can be converted to an OpenWrt-compatible
sysupgrade image:
$ ./staging_dir/host/bin/tplink-safeloader -B EAP235-WALL-V1 \
-z EAP235-WALLv1_XXX_up_signed.bin -o eap235-sysupgrade.bin
This can then be flashed using the OpenWrt sysupgrade interface. The
image will appear to be incompatible and must be force flashed, without
keeping the current configuration.
Known issues:
- DFS support is incomplete (known issue with MT7613)
- MT7613 radio may stop responding when idling, reboot required.
This was an issue with the ddc75ff704 version of mt76, but appears to
have improved/disappeared with bc3963764d.
Error notice example:
[ 7099.554067] mt7615e 0000:02:00.0: Message 73 (seq 1) timeout
Hardware was kindly provided for porting by Stijn Segers.
Tested-by: Stijn Segers <foss@volatilesystems.org>
Signed-off-by: Sander Vanheule <sander@svanheule.net>
Similarly to the Archer C2 v1, the Archer C20 v1 will brick when one
tries to flash an OpenWrt factory image through the TP-Link web UI.
The wiki page contains an explicit warning about this [1].
Disable the factory image altogether since it serves no purpose.
[1] https://openwrt.org/toh/tp-link/tp-link_archer_c20_v1#installation
Signed-off-by: Stijn Segers <foss@volatilesystems.org>
The SPDX license identifier must be in the first line of a file,
unless there is a shebang (then it's the second line).
Fix this for the local files, do not care about the upstream patches.
While at it, update the identifiers where necessary.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Instead of adding those device tree sources using a patch, simply move
them to the newly created dts folder.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
We can now use the power LED for diag in more devices thanks to the latest
patches from the RPi foundation.
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
Use approach suggested by Adrian Schmutzler instead of introducing
another device variable.
Also revert the unnecessary white-space changes accidentally introduced
by the previous commit.
Fixed: c067b1e79b ("mediatek: move out-of-tree DTS files to dedicated dts folder")
Suggested-by: Adrian Schmutzler <mail@adrianschmutzler.de>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Use dedicated dts folder like on ramips to store device tree source
files for boards not already supported in vanilla Linux.
Doing so instead of having them in files-* has several advantages:
* we don't need to duplicate them for several kernel versions
* changes to a device tree don't trigger a complete kernel rebuild
* the files are more obvious to find
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Ran update_kernel.sh in a fresh clone without any existing toolchains.
No manual changes needed.
Build system: x86_64
Build-tested: bcm27xx/bcm2711
Signed-off-by: John Audia <graysky@archlinux.us>
GetABISuffix does not work for intra-package ABI version of provided symbols,
since ABIV_$(provided) is not set.
Fix ABI version by using $(ABIV_$(1)) directly
Signed-off-by: Felix Fietkau <nbd@nbd.name>
If an external module uses exported symbols from another external
module, Kbuild needs to have full knowledge of all symbols to
avoid spitting out warnings about undefined symbols.
Use PKG_EXTMOD_SUBDIRS to point to the build directory which contains
the Module.symvers.
Pass KERNEL_MAKE_FLAGS to the external module build, to inject
KBUILD_EXTRA_SYMBOLS. KBUILD_EXTRA_SYMBOLS holds a space separated list
of Module.symvers, which list all exported symbols.
Signed-off-by: Mathias Kresin <dev@kresin.me>
The USB ports if a FRIZZ!Box 7320 do not supply power to connected
devices.
Add the GPIOs enabling USB power as regulator, to enable USB power
supply as soon as the USB driver is loaded.
Fixes FS#3624
Signed-off-by: Mathias Kresin <dev@kresin.me>
When recursively deleting partitions, don't acquire the masters
partition lock twice. Otherwise the process endy up in a deadlocked
state.
Signed-off-by: David Bauer <mail@david-bauer.net>
Hardware
--------
MediaTek MT7622
512MB DDR3 RAM
64M SPI-NOR Flash (Winbond W25Q512JV)
MediaTek MT7622 802.11bgn 4T4R WMAC
MediaTek MT7915 802.11ax 4T4R
Marvell AQR1112 100/1000/2500 NBase-T PHY
Holtek HT32F52241 LED controller
Reset Switch
UART
----
CPU UART0 at the pinout next to the Holtek MCU.
Pinout (first pin next to SoC / MCU)
0 3V3
1 RX
2 TX
3 GND
Settings are 115200 8N1.
Opening the case
----------------
Opening the case is not a nice task, as itis glued together. Insert a
flat knife between the front and back casing below the ethernet port.
Open up a gap this way and insert a flat scredriver, remove the knife.
Work your way around the casing by applying force to seperate the front
and back casing. This losens the glue and opens the plastic clips. Be
gentle, as these clips are very cheap and break quickly.
Installation
------------
1. Connect to the booted device at 192.168.1.20 using username/password
"ubnt".
2. Transfer the OpenWrt sysupgrade image to the device using SCP.
3. Check the mtd partition number for bs / kernel0 / kernel1
$ cat /proc/mtd
4. Set the bootselect flag to boot from kernel0
$ dd if=/dev/zero bs=1 count=1 of=/dev/mtdblock6
5. Write the OpenWrt sysupgrade image to both kernel0 as well as kernel1
$ dd if=openwrt.bin of=/dev/mtdblock8
$ dd if=openwrt.bin of=/dev/mtdblock9
6. Reboot the device. It should boot into OpenWrt.
Signed-off-by: David Bauer <mail@david-bauer.net>
Add a driver for controlling the RGB LED via Ubiquitis own "LEDBAR" LED
controller based on the Holtek HT32F52241 MCU.
This driver is initially used by the Ubiquiti UniFi 6 LR, however
judging from FCC pictures the MCU is also found on the U6-Mesh as well
as the U6-Extender.
Signed-off-by: David Bauer <mail@david-bauer.net>
This fixes 4 security vulnerabilities/bugs:
- CVE-2021-2839 - SSLv2 vulnerability. Openssl 1.1.1 does not support
SSLv2, but the affected functions still exist. Considered just a bug.
- CVE-2021-2840 - calls EVP_CipherUpdate, EVP_EncryptUpdate and
EVP_DecryptUpdate may overflow the output length argument in some
cases where the input length is close to the maximum permissable
length for an integer on the platform. In such cases the return value
from the function call will be 1 (indicating success), but the output
length value will be negative.
- CVE-2021-2841 - The X509_issuer_and_serial_hash() function attempts to
create a unique hash value based on the issuer and serial number data
contained within an X509 certificate. However it was failing to
correctly handle any errors that may occur while parsing the issuer
field (which might occur if the issuer field is maliciously
constructed). This may subsequently result in a NULL pointer deref and
a crash leading to a potential denial of service attack.
- Fixed SRP_Calc_client_key so that it runs in constant time. This could
be exploited in a side channel attack to recover the password.
The 3 CVEs above are currently awaiting analysis.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
Add m4 patch to avoid conflict with tools/autoconf-archive.
Add build parallel as it seems to work now.
Remove a bunch of uClibc-ng hacks as it is not in the tree anymore.
Format security patch was fixed upstream.
Refreshed other patches.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
This patch has been added to 5.4, but not been copied to 5.10:
7495acb555 ("kernel: backport mtd commit converting partitions doc syntax")
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
This applies another patch from 5.4 to 5.10 as well:
de09355f74 ("kernel/hack-5.4: make UDP tunneling user-selectable")
UDP tunneling support isn't user-selectable, but it's required by WireGuard
which is, for the time being, an out-of-tree module. We currently work around
this issue by selecting an unrelated module which depends on UDP tunnelling
(VXLAN). This is inconvenient, as it implies this unrelated module needs to be
built-in when doing a monolithic build.
Fix this inconvenience by making UDP tunneling user-selectable in the kernel
configuration.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
File extension was truncated for
pending-5.4/770-11-net-ethernet-mtk_eth_soc-avoid-rearming-interrupt-if.pa
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reapply changes added to 5.4 but not copied to 5.10:
3da4acaa7b ("kernel: fix busy wait loop in mediatek PPE code")
The intention is for the loop to timeout if the body does not succeed.
The current logic calls time_is_before_jiffies(timeout) which is false
until after the timeout, so the loop body never executes.
time_is_after_jiffies(timeout) will return true until timeout is less
than jiffies, which is the intended behavior here.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
