From 8add3e139ca5b58b91098aa0615f3492d1191241 Mon Sep 17 00:00:00 2001 From: Moritz Warning Date: Mon, 22 Feb 2021 00:18:10 +0100 Subject: [PATCH 1/9] build: preserve profiles.json between builds Keep other profiles.json content if the data belongs to the current build version. Also useful for the ImageBuilder, which builds for a single model each time. Without this commit the profiles.json would only contain the latest build profile information. Signed-off-by: Moritz Warning [improve commit message] Signed-off-by: Paul Spooren (cherry picked from commit a463b96241fbc2d142982387eaed9989e201ac7a) --- scripts/json_overview_image_info.py | 32 +++++++++++++++++++++-------- 1 file changed, 23 insertions(+), 9 deletions(-) diff --git a/scripts/json_overview_image_info.py b/scripts/json_overview_image_info.py index 8dbd24af2d..45c05012b1 100755 --- a/scripts/json_overview_image_info.py +++ b/scripts/json_overview_image_info.py @@ -18,19 +18,33 @@ work_dir = Path(getenv("WORK_DIR")) output = {} + +def get_initial_output(image_info): + # preserve existing profiles.json + if output_path.is_file(): + profiles = json.loads(output_path.read_text()) + if profiles["version_code"] == image_info["version_code"]: + return profiles + return image_info + + for json_file in work_dir.glob("*.json"): image_info = json.loads(json_file.read_text()) + if not output: - output.update(image_info) + output = get_initial_output(image_info) + + # get first and only profile in json file + device_id, profile = next(iter(image_info["profiles"].items())) + if device_id not in output["profiles"]: + output["profiles"][device_id] = profile else: - # get first (and only) profile in json file - device_id = next(iter(image_info["profiles"].keys())) - if device_id not in output["profiles"]: - output["profiles"].update(image_info["profiles"]) - else: - output["profiles"][device_id]["images"].append( - image_info["profiles"][device_id]["images"][0] - ) + output["profiles"][device_id]["images"].extend(profile["images"]) + +# make image lists unique by name, keep last/latest +for device_id, profile in output["profiles"].items(): + profile["images"] = list({e["name"]: e for e in profile["images"]}.values()) + if output: default_packages, output["arch_packages"] = run( From 2e157714a8d4a0e1dbd6351ca0a3fe2fce75b0eb Mon Sep 17 00:00:00 2001 From: Paul Spooren Date: Sun, 20 Jun 2021 20:23:45 -1000 Subject: [PATCH 2/9] build,json: fix generation with empty profiles If the image generation doesn't add any profiles to the output the *profile merge* will fail. To avoid that set an empty profile as fallback. Signed-off-by: Paul Spooren (cherry picked from commit fd0d9909bf50f114d5e7f7cedf53e542de878a2c) --- scripts/json_overview_image_info.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/json_overview_image_info.py b/scripts/json_overview_image_info.py index 45c05012b1..db47fd9e42 100755 --- a/scripts/json_overview_image_info.py +++ b/scripts/json_overview_image_info.py @@ -42,7 +42,7 @@ for json_file in work_dir.glob("*.json"): output["profiles"][device_id]["images"].extend(profile["images"]) # make image lists unique by name, keep last/latest -for device_id, profile in output["profiles"].items(): +for device_id, profile in output.get("profiles", {}).items(): profile["images"] = list({e["name"]: e for e in profile["images"]}.values()) From 56228e939365d543933a87cac11109a7d5ccc619 Mon Sep 17 00:00:00 2001 From: David Bauer Date: Sun, 13 Jun 2021 12:00:41 +0200 Subject: [PATCH 3/9] ath79: don't autodetect AR8033 PHY capabilities PHY capabilities are currently read from the fiber status page, thus Linux won't advertise 10 / 100 Base-T operation modes, effectively limiting operation to 1000 Base-T. Statically set the PHYs capabilities, avoiding autodetection. The issue itself is properly fixed kernel upstream, however backporting efforts to OpenWrt master resulted in breaking the fiber operation for another target. This is currently only known to be necessary for the Ubiquiti UniFi AC series, so enabling it in the ath79 target should not break somewhere else. Signed-off-by: David Bauer --- .../700-at803x-force-ar8033-features.patch | 25 +++++++++++++++++++ 1 file changed, 25 insertions(+) create mode 100644 target/linux/ath79/patches-5.4/700-at803x-force-ar8033-features.patch diff --git a/target/linux/ath79/patches-5.4/700-at803x-force-ar8033-features.patch b/target/linux/ath79/patches-5.4/700-at803x-force-ar8033-features.patch new file mode 100644 index 0000000000..cfbcaa148d --- /dev/null +++ b/target/linux/ath79/patches-5.4/700-at803x-force-ar8033-features.patch @@ -0,0 +1,25 @@ +PHY capabilities are currently read from the fiber status page, thus +Linux won't advertise 10 / 100 Base-T operation modes, effectively +limiting operation to 1000 Base-T. + +Statically set the PHYs capabilities, avoiding autodetection. + +The issue itself is properly fixed kernel upstream, however backporting +efforts to OpenWrt master resulted in breaking the fiber operation for +another target. + +This is currently only known to be necessary for the Ubiquiti +UniFi AC series, so enabling it in the ath79 target should not +break somewhere else. + +--- a/drivers/net/phy/at803x.c ++++ b/drivers/net/phy/at803x.c +@@ -497,7 +497,7 @@ static struct phy_driver at803x_driver[] + .get_wol = at803x_get_wol, + .suspend = at803x_suspend, + .resume = at803x_resume, +- /* PHY_GBIT_FEATURES */ ++ .features = PHY_GBIT_FEATURES, + .read_status = at803x_read_status, + .aneg_done = at803x_aneg_done, + .ack_interrupt = &at803x_ack_interrupt, From f6d8c0cf2b47b55474f6f2604ac57bc8aedfeb08 Mon Sep 17 00:00:00 2001 From: David Bauer Date: Thu, 6 May 2021 01:48:04 +0200 Subject: [PATCH 4/9] wolfssl: always export wc_ecc_set_rng Since commit 6467de5a8840 ("Randomize z ordinates in scalar mult when timing resistant") wolfssl requires a RNG for an EC key when the hardened built option is selected. wc_ecc_set_rng is only available when built hardened, so there is no safe way to install the RNG to the key regardless whether or not wolfssl is compiled hardened. Always export wc_ecc_set_rng so tools such as hostapd can install RNG regardless of the built settings for wolfssl. Signed-off-by: David Bauer (cherry picked from commit ef9b103107aebd1a54f4360af3d9cf28d0544f13) --- package/libs/wolfssl/Makefile | 2 +- .../libs/wolfssl/patches/200-ecc-rng.patch | 50 +++++++++++++++++++ 2 files changed, 51 insertions(+), 1 deletion(-) create mode 100644 package/libs/wolfssl/patches/200-ecc-rng.patch diff --git a/package/libs/wolfssl/Makefile b/package/libs/wolfssl/Makefile index 53cd932d1f..030a0224f5 100644 --- a/package/libs/wolfssl/Makefile +++ b/package/libs/wolfssl/Makefile @@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=wolfssl PKG_VERSION:=4.7.0-stable -PKG_RELEASE:=1 +PKG_RELEASE:=2 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://github.com/wolfSSL/wolfssl/archive/v$(PKG_VERSION) diff --git a/package/libs/wolfssl/patches/200-ecc-rng.patch b/package/libs/wolfssl/patches/200-ecc-rng.patch new file mode 100644 index 0000000000..2d33c06209 --- /dev/null +++ b/package/libs/wolfssl/patches/200-ecc-rng.patch @@ -0,0 +1,50 @@ +Since commit 6467de5a8840 ("Randomize z ordinates in scalar +mult when timing resistant") wolfssl requires a RNG for an EC +key when the hardened built option is selected. + +wc_ecc_set_rng is only available when built hardened, so there +is no safe way to install the RNG to the key regardless whether +or not wolfssl is compiled hardened. + +Always export wc_ecc_set_rng so tools such as hostapd can install +RNG regardless of the built settings for wolfssl. + +--- a/wolfcrypt/src/ecc.c ++++ b/wolfcrypt/src/ecc.c +@@ -10293,21 +10293,21 @@ void wc_ecc_fp_free(void) + + #endif /* FP_ECC */ + +-#ifdef ECC_TIMING_RESISTANT + int wc_ecc_set_rng(ecc_key* key, WC_RNG* rng) + { + int err = 0; + ++#ifdef ECC_TIMING_RESISTANT + if (key == NULL) { + err = BAD_FUNC_ARG; + } + else { + key->rng = rng; + } ++#endif + + return err; + } +-#endif + + #ifdef HAVE_ECC_ENCRYPT + +--- a/wolfssl/wolfcrypt/ecc.h ++++ b/wolfssl/wolfcrypt/ecc.h +@@ -584,10 +584,8 @@ WOLFSSL_API + void wc_ecc_fp_free(void); + WOLFSSL_LOCAL + void wc_ecc_fp_init(void); +-#ifdef ECC_TIMING_RESISTANT + WOLFSSL_API + int wc_ecc_set_rng(ecc_key* key, WC_RNG* rng); +-#endif + + WOLFSSL_API + int wc_ecc_set_curve(ecc_key* key, int keysize, int curve_id); From e410ef838959c0d7cd9a6c0a13d5f2ca2b03c077 Mon Sep 17 00:00:00 2001 From: David Bauer Date: Thu, 6 May 2021 01:53:49 +0200 Subject: [PATCH 5/9] hostapd: wolfssl: add RNG to EC key Since upstream commit 6467de5a8840 ("Randomize z ordinates in scalar mult when timing resistant") WolfSSL requires a RNG for the EC key when built hardened which is the default. Set the RNG for the EC key to fix connections for OWE clients. Signed-off-by: David Bauer (cherry picked from commit ddcb970274c011d3db611ec39350ee4704ff0e02) --- package/network/services/hostapd/Makefile | 2 +- .../802-wolfssl-init-RNG-with-ECC-key.patch | 48 +++++++++++++++++++ 2 files changed, 49 insertions(+), 1 deletion(-) create mode 100644 package/network/services/hostapd/patches/802-wolfssl-init-RNG-with-ECC-key.patch diff --git a/package/network/services/hostapd/Makefile b/package/network/services/hostapd/Makefile index bd2a7c96ad..0779421b8d 100644 --- a/package/network/services/hostapd/Makefile +++ b/package/network/services/hostapd/Makefile @@ -7,7 +7,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=hostapd -PKG_RELEASE:=32 +PKG_RELEASE:=33 PKG_SOURCE_URL:=http://w1.fi/hostap.git PKG_SOURCE_PROTO:=git diff --git a/package/network/services/hostapd/patches/802-wolfssl-init-RNG-with-ECC-key.patch b/package/network/services/hostapd/patches/802-wolfssl-init-RNG-with-ECC-key.patch new file mode 100644 index 0000000000..89d111e991 --- /dev/null +++ b/package/network/services/hostapd/patches/802-wolfssl-init-RNG-with-ECC-key.patch @@ -0,0 +1,48 @@ +From 21ce83b4ae2b9563175fdb4fc4312096cc399cf8 Mon Sep 17 00:00:00 2001 +From: David Bauer +Date: Wed, 5 May 2021 00:44:34 +0200 +Subject: [PATCH] wolfssl: add RNG to EC key + +Since upstream commit 6467de5a8840 ("Randomize z ordinates in +scalar mult when timing resistant") WolfSSL requires a RNG for +the EC key when built hardened which is the default. + +Set the RNG for the EC key to fix connections for OWE clients. + +Signed-off-by: David Bauer +--- + src/crypto/crypto_wolfssl.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/src/crypto/crypto_wolfssl.c b/src/crypto/crypto_wolfssl.c +index 2e4bf8962..ed2528159 100644 +--- a/src/crypto/crypto_wolfssl.c ++++ b/src/crypto/crypto_wolfssl.c +@@ -1303,6 +1303,7 @@ int ecc_projective_add_point(ecc_point *P, ecc_point *Q, ecc_point *R, + + struct crypto_ec { + ecc_key key; ++ WC_RNG rng; + mp_int a; + mp_int prime; + mp_int order; +@@ -1357,6 +1358,8 @@ struct crypto_ec * crypto_ec_init(int group) + return NULL; + + if (wc_ecc_init(&e->key) != 0 || ++ wc_InitRng(&e->rng) != 0 || ++ wc_ecc_set_rng(&e->key, &e->rng) != 0 || + wc_ecc_set_curve(&e->key, 0, curve_id) != 0 || + mp_init(&e->a) != MP_OKAY || + mp_init(&e->prime) != MP_OKAY || +@@ -1388,6 +1391,7 @@ void crypto_ec_deinit(struct crypto_ec* e) + mp_clear(&e->order); + mp_clear(&e->prime); + mp_clear(&e->a); ++ wc_FreeRng(&e->rng); + wc_ecc_free(&e->key); + os_free(e); + } +-- +2.31.1 + From 125deb4d783e548228e68f6e4b42b5eb84ba8b8c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rafa=C5=82=20Mi=C5=82ecki?= Date: Mon, 14 Jun 2021 20:18:14 +0200 Subject: [PATCH 6/9] base-files: set MAC for bridge ports (devices) instead of bridge itself MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This restores the original config_generate behaviour. With MAC set for bridged devices the bridge automatically gets its MAC adjusted (it picks the lowest MAC of bridged devices). This fixes confusing interfaces setup (bridge ports not having custom MAC assigned). Reported-by: Koen Vandeputte Fixes: c2139eef279e ("base-files: simplify setting device MAC") Signed-off-by: Rafał Miłecki (cherry picked from commit c8d8eb9d13fc6fc8b394a620c27995ee71d29c4d) --- package/base-files/files/bin/config_generate | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/package/base-files/files/bin/config_generate b/package/base-files/files/bin/config_generate index 0dca5549e8..b3752c5430 100755 --- a/package/base-files/files/bin/config_generate +++ b/package/base-files/files/bin/config_generate @@ -114,9 +114,17 @@ generate_network() { add network device set network.@device[-1].name='br-$1' set network.@device[-1].type='bridge' - set network.@device[-1].macaddr='$macaddr' EOF for port in $ports; do uci add_list network.@device[-1].ports="$port"; done + [ -n "macaddr" ] && { + for port in $ports; do + uci -q batch <<-EOF + add network device + set network.@device[-1].name='$port' + set network.@device[-1].macaddr='$macaddr' + EOF + done + } device=br-$1 type= macaddr="" From 74dbf3412bcef16d08cd1e7bed4e32a400c8fc11 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rafa=C5=82=20Mi=C5=82ecki?= Date: Mon, 14 Jun 2021 22:29:49 +0200 Subject: [PATCH 7/9] base-files: fix typo in config_generate MAC check MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Fixes: 125deb4d783e ("base-files: set MAC for bridge ports (devices) instead of bridge itself") Signed-off-by: Rafał Miłecki (cherry picked from commit 946019637ec9192450c685a61c589a9cbef7637b) --- package/base-files/files/bin/config_generate | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package/base-files/files/bin/config_generate b/package/base-files/files/bin/config_generate index b3752c5430..596fcf41fa 100755 --- a/package/base-files/files/bin/config_generate +++ b/package/base-files/files/bin/config_generate @@ -116,7 +116,7 @@ generate_network() { set network.@device[-1].type='bridge' EOF for port in $ports; do uci add_list network.@device[-1].ports="$port"; done - [ -n "macaddr" ] && { + [ -n "$macaddr" ] && { for port in $ports; do uci -q batch <<-EOF add network device From 25daa921da05c45263282a4cd25a4ff864131f0d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rafa=C5=82=20Mi=C5=82ecki?= Date: Mon, 21 Jun 2021 08:49:03 +0200 Subject: [PATCH 8/9] bcm4908: add kmod-gpio-button-hotplug MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit All bcm4908 devices are expected to have GPIO buttons to make relevant package selected by default. This "fixes" triggering failsafe mode. Signed-off-by: Rafał Miłecki (cherry picked from commit fcfa60408c37a129b143e4928b6d86e383c2c8f6) --- target/linux/bcm4908/Makefile | 1 + 1 file changed, 1 insertion(+) diff --git a/target/linux/bcm4908/Makefile b/target/linux/bcm4908/Makefile index ce5f230ca6..bbe5030b65 100644 --- a/target/linux/bcm4908/Makefile +++ b/target/linux/bcm4908/Makefile @@ -22,6 +22,7 @@ KERNELNAME:=Image dtbs DEFAULT_PACKAGES += \ bcm4908img \ + kmod-gpio-button-hotplug \ kmod-usb-ohci kmod-usb2 kmod-usb3 $(eval $(call BuildTarget)) From 1247a6bb358845c7526581730992bc0d8fa29244 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rafa=C5=82=20Mi=C5=82ecki?= Date: Tue, 22 Jun 2021 07:47:18 +0200 Subject: [PATCH 9/9] bcm4908: fix Ethernet broken state after interface restart MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This fixes traffic stalls after ifdown & ifup. Signed-off-by: Rafał Miłecki (cherry picked from commit f8d5bd20b31842ef7fdb740d27c70294f21c6124) --- ...4908_enet-reset-DMA-rings-sw-indexes.patch | 43 +++++++++++++++++++ 1 file changed, 43 insertions(+) create mode 100644 target/linux/bcm4908/patches-5.4/170-net-broadcom-bcm4908_enet-reset-DMA-rings-sw-indexes.patch diff --git a/target/linux/bcm4908/patches-5.4/170-net-broadcom-bcm4908_enet-reset-DMA-rings-sw-indexes.patch b/target/linux/bcm4908/patches-5.4/170-net-broadcom-bcm4908_enet-reset-DMA-rings-sw-indexes.patch new file mode 100644 index 0000000000..7e82230f9a --- /dev/null +++ b/target/linux/bcm4908/patches-5.4/170-net-broadcom-bcm4908_enet-reset-DMA-rings-sw-indexes.patch @@ -0,0 +1,43 @@ +From: =?UTF-8?q?Rafa=C5=82=20Mi=C5=82ecki?= +Date: Tue, 22 Jun 2021 07:05:04 +0200 +Subject: [PATCH] net: broadcom: bcm4908_enet: reset DMA rings sw indexes + properly +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Resetting software indexes in bcm4908_dma_alloc_buf_descs() is not +enough as it's called during device probe only. Driver resets DMA on +every .ndo_open callback and it's required to reset indexes then. + +This fixes inconsistent rings state and stalled traffic after interface +down & up sequence. + +Fixes: 4feffeadbcb2 ("net: broadcom: bcm4908enet: add BCM4908 controller driver") +Signed-off-by: Rafał Miłecki +--- + drivers/net/ethernet/broadcom/bcm4908_enet.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +--- a/drivers/net/ethernet/broadcom/bcm4908_enet.c ++++ b/drivers/net/ethernet/broadcom/bcm4908_enet.c +@@ -174,9 +174,6 @@ static int bcm4908_dma_alloc_buf_descs(s + if (!ring->slots) + goto err_free_buf_descs; + +- ring->read_idx = 0; +- ring->write_idx = 0; +- + return 0; + + err_free_buf_descs: +@@ -303,6 +300,9 @@ static void bcm4908_enet_dma_ring_init(s + + enet_write(enet, ring->st_ram_block + ENET_DMA_CH_STATE_RAM_BASE_DESC_PTR, + (uint32_t)ring->dma_addr); ++ ++ ring->read_idx = 0; ++ ring->write_idx = 0; + } + + static void bcm4908_enet_dma_uninit(struct bcm4908_enet *enet)