| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
| |
All patches automatically rebased.
Build system: x86_64
Build-tested: ipq806x/R7800
Signed-off-by: John Audia <therealgraysky@proton.me>
|
| |
|
|
|
|
| |
No patches needed to be rebased, just updated checksums
Signed-off-by: John Audia <therealgraysky@proton.me>
|
| |
|
|
|
|
|
|
|
| |
4cd7d4f Revert "firewall3: support table load on access on Linux 5.15+"
50979cc firewall3: remove unnecessary fw3_has_table
Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
(cherry-picked from commit 435d7a052bf1b6a3a01cb3ad6cda6ba4b25b1879)
Signed-off-by: Wenli Looi <wlooi@ucalgary.ca>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Due to the bug described here[1], remove the 300 MHz clock to avoid a low
voltage condition that can cause a hang when rebooting the RT3200/E8450.
This solution is probably better than the script-based work-around[2].
1. https://forum.openwrt.org/t/belkin-rt3200-linksys-e8450-wifi-ax-discussion/94302/1490
2. https://github.com/openwrt/openwrt/pull/5025
Signed-off-by: John Audia <therealgraysky@proton.me>
Tested-by: Rui Salvaterra <rsalvaterra@gmail.com>
Tested-by: John Audia <therealgraysky@proton.me>
(cherry picked from commit d0d6b8e1833c587d0c50cac4f6324aa93b0bc8fc)
[ fix the conflict by apply the patch to kernel 5.10 ]
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
|
| |
|
|
|
| |
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit 864fdf2bf3f4b5c71e57a27c514672b966580148)
|
| |
|
|
|
| |
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit 001856fa51eaa704a254955138f76907eb02c2b4)
|
| |
|
|
|
| |
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit bb2a2b1dbe9c03d2abbb6989b6c4041e765543b0)
|
| |
|
|
|
|
|
| |
This includes BCM63xx and BCM4908 families.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit d9ab1e56d8d16182bd292f393c012d7e6873ed89)
|
| |
|
|
|
|
|
|
|
|
|
| |
Changes:
9c44557 opkg_remove: avoid remove pkg repeatly with option --force-removal-of-dependent-packages
2edcfad libopkg: set 'const' attribute for argv
This should fix the CI error in the packages repository, which happens with perl.
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit e21fea92891fbdfb4eb14e9fe836530b6225cb1f)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Debians' changelog by Henrique de Moraes Holschuh <hmh@debian.org>:
* New upstream microcode datafile 20220419
* Fixes errata APLI-11 in Atom E3900 series processors
* Updated Microcodes:
sig 0x000506ca, pf_mask 0x03, 2021-11-16, rev 0x0028, size 16384
* New upstream microcode datafile 20220510
* Fixes INTEL-SA-000617, CVE-2022-21151:
Processor optimization removal or modification of security-critical
code may allow an authenticated user to potentially enable information
disclosure via local access (closes: #1010947)
* Fixes several errata (functional issues) on Xeon Scalable, Atom C3000,
Atom E3900
* New Microcodes:
sig 0x00090672, pf_mask 0x03, 2022-03-03, rev 0x001f, size 212992
sig 0x00090675, pf_mask 0x03, 2022-03-03, rev 0x001f, size 212992
sig 0x000906a3, pf_mask 0x80, 2022-03-24, rev 0x041c, size 212992
sig 0x000906a4, pf_mask 0x80, 2022-03-24, rev 0x041c, size 212992
sig 0x000b06f2, pf_mask 0x03, 2022-03-03, rev 0x001f, size 212992
sig 0x000b06f5, pf_mask 0x03, 2022-03-03, rev 0x001f, size 212992
* Updated Microcodes:
sig 0x00030679, pf_mask 0x0f, 2019-07-10, rev 0x090d, size 52224
sig 0x000406e3, pf_mask 0xc0, 2021-11-12, rev 0x00f0, size 106496
sig 0x00050653, pf_mask 0x97, 2021-11-13, rev 0x100015d, size 34816
sig 0x00050654, pf_mask 0xb7, 2021-11-13, rev 0x2006d05, size 43008
sig 0x00050656, pf_mask 0xbf, 2021-12-10, rev 0x4003302, size 37888
sig 0x00050657, pf_mask 0xbf, 2021-12-10, rev 0x5003302, size 37888
sig 0x0005065b, pf_mask 0xbf, 2021-11-19, rev 0x7002501, size 29696
sig 0x000506c9, pf_mask 0x03, 2021-11-16, rev 0x0048, size 17408
sig 0x000506e3, pf_mask 0x36, 2021-11-12, rev 0x00f0, size 109568
sig 0x000506f1, pf_mask 0x01, 2021-12-02, rev 0x0038, size 11264
sig 0x000606a6, pf_mask 0x87, 2022-03-30, rev 0xd000363, size 294912
sig 0x000706a1, pf_mask 0x01, 2021-11-22, rev 0x003a, size 75776
sig 0x000706a8, pf_mask 0x01, 2021-11-22, rev 0x001e, size 75776
sig 0x000706e5, pf_mask 0x80, 2022-03-09, rev 0x00b0, size 112640
sig 0x000806a1, pf_mask 0x10, 2022-03-26, rev 0x0031, size 34816
sig 0x000806c1, pf_mask 0x80, 2022-02-01, rev 0x00a4, size 109568
sig 0x000806c2, pf_mask 0xc2, 2021-12-07, rev 0x0026, size 97280
sig 0x000806d1, pf_mask 0xc2, 2021-12-07, rev 0x003e, size 102400
sig 0x000806e9, pf_mask 0x10, 2021-11-12, rev 0x00f0, size 105472
sig 0x000806e9, pf_mask 0xc0, 2021-11-12, rev 0x00f0, size 105472
sig 0x000806ea, pf_mask 0xc0, 2021-11-12, rev 0x00f0, size 105472
sig 0x000806eb, pf_mask 0xd0, 2021-11-15, rev 0x00f0, size 105472
sig 0x000806ec, pf_mask 0x94, 2021-11-17, rev 0x00f0, size 105472
sig 0x00090661, pf_mask 0x01, 2022-02-03, rev 0x0016, size 20480
sig 0x000906c0, pf_mask 0x01, 2022-02-19, rev 0x24000023, size 20480
sig 0x000906e9, pf_mask 0x2a, 2021-11-12, rev 0x00f0, size 108544
sig 0x000906ea, pf_mask 0x22, 2021-11-15, rev 0x00f0, size 104448
sig 0x000906eb, pf_mask 0x02, 2021-11-12, rev 0x00f0, size 105472
sig 0x000906ec, pf_mask 0x22, 2021-11-15, rev 0x00f0, size 104448
sig 0x000906ed, pf_mask 0x22, 2021-11-16, rev 0x00f0, size 104448
sig 0x000a0652, pf_mask 0x20, 2021-11-16, rev 0x00f0, size 96256
sig 0x000a0653, pf_mask 0x22, 2021-11-15, rev 0x00f0, size 97280
sig 0x000a0655, pf_mask 0x22, 2021-11-16, rev 0x00f0, size 96256
sig 0x000a0660, pf_mask 0x80, 2021-11-15, rev 0x00f0, size 96256
sig 0x000a0661, pf_mask 0x80, 2021-11-16, rev 0x00f0, size 96256
sig 0x000a0671, pf_mask 0x02, 2022-03-09, rev 0x0053, size 103424
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
(cherry picked from commit 2747a94f0977b36c4c29cc4596879b9127cfaf5f)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Changes between 1.1.1p and 1.1.1q [5 Jul 2022]
*) AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised
implementation would not encrypt the entirety of the data under some
circumstances. This could reveal sixteen bytes of data that was
preexisting in the memory that wasn't written. In the special case of
"in place" encryption, sixteen bytes of the plaintext would be revealed.
Since OpenSSL does not support OCB based cipher suites for TLS and DTLS,
they are both unaffected.
(CVE-2022-2097)
[Alex Chernyakhovsky, David Benjamin, Alejandro Sedeño]
Signed-off-by: Dustin Lundquist <dustin@null-ptr.net>
(cherry picked from commit 3899f68b54b31de4b4fef4f575f7ea56dc93d965)
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This version fixes two vulnerabilities:
-CVE-2022-34293[high]: Potential for DTLS DoS attack
-[medium]: Ciphertext side channel attack on ECC and DH operations.
The patch fixing x86 aesni build has been merged upstream.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit 9710fe70a68e0a004b1906db192d7a6c8f810ac5)
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
This image is supposed to be written with help of bootloader to the
flash, but as it stands, it's not aligned to block size and RedBoot will
happily create non-aligned partition size in FIS directory. This could
lead to kernel to mark the partition as read-only, therefore pad the
image to block erase size boundary.
Signed-off-by: Tomasz Maciej Nowak <tmn505@gmail.com>
(cherry picked from commit 9decd2a8436d2bb6b5f436268c92a6e6728486ce)
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
The bootloader on this board hid the partition containig MAC addresses
and prevented adding this space to FIS directory, therefore those had to
be stored in RedBoot configuration as aliases to be able to assigne them
to proper interfaces. Now that fixed partition size are used instead of
redboot-fis parser, the partition containig MAC addresses could be
specified, and with marking it as nvmem cell, we can assign them without
userspace involvement.
Signed-off-by: Tomasz Maciej Nowak <tmn505@gmail.com>
(cherry picked from commit b52719b71a3337e5ae840c7a50fe41ebdc070f4e)
|
| |
|
|
|
|
|
|
|
|
|
| |
Don't comence the switch to RAMFS when the image format is wrong. This
led to rebooting the device, which could lead to false impression that
upgrade succeded.
Being here, factor out the code responsible for upgrading RedBoot
devices to separate file.
Signed-off-by: Tomasz Maciej Nowak <tmn505@gmail.com>
(cherry picked from commit 5897c52e78e3cd3846db083d48dd9d6b47ff3a08)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
After the kernel has switched version to 5.10, JA76PF2 and
RouterStations lost the capability to sysupgrade the OpenWrt version.
The cause is the lack of porting the patches responsible for partial
flash erase block writing and these boards FIS directory and RedBoot
config partitions share the same erase block. Because of that the FIS
directory can't be updated to accommodate kernel/rootfs partition size
changes. This could be remedied by bootloader update, but it is very
intrusive and could potentially lead to non-trivial recovery procedure,
if something went wrong. The less difficult option is to use OpenWrt
kernel loader, which will let us use static partition sizes and employ
mtd splitter to dynamically adjust kernel and rootfs partition sizes.
On sysupgrade from ath79 19.07 or 21.02 image, which still let to modify
FIS directory, the loader will be written to kernel partition, while the
kernel+rootfs to rootfs partition.
The caveats are:
* image format changes, no possible upgrade from ar71xx target images
* downgrade to any older OpenWrt version will require TFTP recovery or
usage of bootloader command line interface
To downgrade to 19.07 or 21.02, or to upgrade if one is already on
OpenWrt with kernel 5.10, for RouterStations use TFTP recovery
procedure. For JA76PF2 use instructions from this commit message:
commit 0cc87b3bacee ("ath79: image: disable sysupgrade images for routerstations and ja76pf2"),
replacing kernel image with loader (loader.bin suffix) and rootfs
image with firmware (firmware.bin suffix).
Fixes: b10d6044599d ("kernel: add linux 5.10 support")
Fixes: 15aa53d7ee65 ("ath79: switch to Kernel 5.10")
Signed-off-by: Tomasz Maciej Nowak <tmn505@gmail.com>
(mkubntimage was moved to generic-ubnt.mk)
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
(cherry picked from commit 5c142aad7bc018fe000789740a486c49973035b8)
|
| |
|
|
|
|
|
|
|
|
| |
On the NanoPI R4S it takes an average of 3..5 seconds for the network devices
to appear in '/proc/interrupts'.
Wait up to 10 seconds to ensure that the distribution of the interrupts
really happens.
Signed-off-by: Ronny Kotzschmar <ro.ok@me.com>
(cherry picked from commit 9b00e9795660f53caf1f4f5fd932bbbebd2eeeb1)
|
| |
|
|
|
|
|
|
|
|
|
| |
Apply an upstream patch that removes unnecessary CFLAGs, avoiding
generation of incompatible code.
Commit 0bd536723303ccd178e289690d073740c928bb34 is reverted so the
accelerated version builds by default on x86_64.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit 639419ec4fd1501a9b9857cea96474271ef737b1)
|
| |
|
|
|
|
|
| |
Exclude multicast from pending AQL budget
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry-picked from commit 9f1d6223289b5571ddc77c0e5327ab51137199d9)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
During upload of firmware images the WebUI and CLI patch process
extracts a version information from the uploaded file and stores it
onto the jffs2 partition. To be precise it is written into the
flash.txt or flash2.txt files depending on the selected target image.
This data is not used anywhere else. The current OpenWrt factory
image misses this label. Therefore version information shows only
garbage. Fix this.
Before:
DGS-1210-20> show firmware information
IMAGE ONE:
Version : xfo/QE~WQD"A\Scxq...
Size : 5505185 Bytes
After:
DGS-1210-20> show firmware information
IMAGE ONE:
Version : OpenWrt
Size : 5505200 Bytes
Tested-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
Signed-off-by: Markus Stockhausen <markus.stockhausen@gmx.de>
(cherry picked from commit fae3ac3560459320a88be86b31c572c4bca42645)
|
| |
|
|
|
|
|
|
|
|
| |
Currently we build factory images only for DGS-1210-28 model. Relax
that constraint and take care about all models. Tested on DGS-1210-20
and should work on other models too because of common flash layout.
Tested-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
Signed-off-by: Markus Stockhausen <markus.stockhausen@gmx.de>
(cherry picked from commit 2b49ec3a28ad09446f48f1f830a42bdfe3bce9be)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Some realtek boards have two u-boot-env partitions. However, in the
DGS-1210 series, the mtdblock2 partition is not a valid u-boot env
and simply contains the board/device name, followed by nulls.
00000000 44 47 53 2d 31 32 31 30 2d 32 38 2d 46 31 00 00 |DGS-1210-28-F1..|
00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
*
00040000
00000000 44 47 53 2d 31 32 31 30 2d 35 32 2d 46 31 00 00 |DGS-1210-52-F1..|
00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
*
00040000
The misleading u-boot-env2 name also confuses uboot-envtools.
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
(cherry picked from commit 8b798dbb39856463878efb07ddef87ce2e522ceb)
|
| |
|
|
|
|
|
|
|
|
|
|
| |
What should have been only cosmetic changes, ended up in breaking the
script. Rename UIMAGE_CRC_SLICE back to (the original) UIMAGE_CRC_OFF.
Fixes issue #10204 "cameo-tag.py broken"
Reported-by: Markus Stockhausen <markus.stockhausen@gmx.de>
Fixes: f9e840b65700 ("scripts: add CAMEO tag generator")
Signed-off-by: Sander Vanheule <sander@svanheule.net>
(cherry picked from commit ebfe66e494e57f4b421f1190d6bff1d361db1b3d)
|
| |
|
|
|
|
|
|
|
| |
From now on we will insert CAMEO tags into sysupgrade images for
DGS-1210 devices. This will make the "OS:...FAILED" and "FS:...FAILED"
messages go away.
Signed-off-by: Markus Stockhausen <markus.stockhausen@gmx.de>
(cherry picked from commit e763c4c89fc5569d7264ff60837eb4aff69a0bfb)
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
This script inserts CAMEO tags into an uImage to make U-Boot
of DGS-1210 switches happy.
Signed-off-by: Markus Stockhausen <markus.stockhausen@gmx.de>
Suggested-by: Sander Vanheule <sander@svanheule.net> # Mutual checksum algorithm
[commit title prefix, trailing whitespace, OpenWrt capitalisation, move
CRC calculation comment, use UIMAGE_NAME_*, remove parentheses for
return, use f-string instead of str()]
Signed-off-by: Sander Vanheule <sander@svanheule.net>
(cherry picked from commit f9e840b65700e1cdff6d066d39c163bac936d046)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
DGS-1210 switches support dual image, with each image composed of a
kernel and a rootfs partition. For image1, kernel and rootfs are in
sequence. The current OpenWrt image (written using a serial console),
uses those partitions together as the firmware partition, ignoring the
partition division. The current OEM u-boot fails to validate image1 but
it will only trigger firmware recovery if both image1 and image2 fail,
and it does not switch the boot image in case one of them fails the
check.
The OEM factory image is composed of concatenated blocks of data, each
one prefixed with a 0x40-byte cameo header. A normal OEM firmware will
have two of these blocks (kernel, rootfs). The OEM firmware only checks
the header before writing unconditionally the data (except the header)
to the correspoding partition.
The OpenWrt factory image mimics the OEM image by cutting the
kernel+rootfs firmware at the exact size of the OEM kernel partition
and packing it as "the kernel partition" and the rest of the kernel and
the rootfs as "the rootfs partition". It will only work if written to
image1 because image2 has a sysinfo partition between kernel2 and
rootfs2, cutting the kernel code in the middle.
Steps to install:
1) switch to image2 (containing an OEM image), using web or these CLI
commands:
- config firmware image_id 2 boot_up
- reboot
2) flash the factory_image1.bin to image1. OEM web (v6.30.016)
is crashing for any upload (ssh keys, firmware), even applying OEM
firmwares. These CLI commands can upload a new firmware to the other
image location (not used to boot):
- download firmware_fromTFTP <tftpserver> factory_image1.bin
- config firmware image_id 1 boot_up
- reboot
To debrick the device, you'll need serial access. If you want to
recover to an OpenWrt, you can replay the serial installation
instructions. For returning to the original firmware, press ESC during
the boot to trigger the emergency firmware recovery procedure. After
that, use D-Link Network Assistant v2.0.2.4 to flash a new firmware.
The device documentation does describe that holding RESET for 12s
trigger the firmware recovery. However, the latest shipped U-Boot
"2011.12.(2.1.5.67086)-Candidate1" from "Aug 24 2021 - 17:33:09" cannot
trigger that from a cold boot. In fact, any U-Boot procedure that relies
on the RESET button, like reset settings, will only work if started from
a running original firmware. That, in practice, cancels the benefit of
having two images and a firmware recovery procedure (if you are not
consider dual-booting OpenWrt).
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
(cherry picked from commit 1005dc0a64587e954364ff3a64bbb38b2ca371cd)
|
| |
|
|
|
|
|
|
|
|
|
| |
The cameo header is a 0x40-byte header used by D-Link DGS 1210 switches
and Apresia ApresiaLightGS series. cameo-imghdr.py is a clean-room
reimplementation of imghdr present in the DGS-1210-28-GPL package.
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
[fix board_version argument's help text]
Signed-off-by: Sander Vanheule <sander@svanheule.net>
(cherry picked from commit 2fd66e058b0804b9c561d8d6858363fdf5bd7aea)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Northstar SoCs have pretty small CPU caches and their performance is
heavily affected by cache hits & misses. It means that all kind of
random code changes can affect performance as they often reorganize
(change alignment & possibly reorder) kernel symbols.
It was discussed in ARM / net mailinglists:
1. ARM router NAT performance affected by random/unrelated commits [1] [2]
2. Optimizing kernel compilation / alignments for network performance [3] [4]
It seems that -falign-functions can be used as a partial workaround. It
doesn't solve all cases (e.g. documented watchdog one [5]) but it surely
helps with many of them.
A complete long term solution may be PGO (profile-guided optimization)
but it isn't available at this point.
[1] https://lkml.org/lkml/2019/5/21/349
[2] https://www.spinics.net/lists/linux-block/msg40624.html
[3] https://lore.kernel.org/linux-arm-kernel/066fc320-dc04-11a4-476e-b0d11f3b17e6@gmail.com/T/
[4] https://www.spinics.net/lists/netdev/msg816103.html
[5] http://lists.openwrt.org/pipermail/openwrt-devel/2022-July/038989.html
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit abc5b28db164dc2d807750cb2baae91e288c84a9)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Packet steering can improve NAT masquarade performance on Northstar by
40-50%. It makes reaching 940-942 Mb/s possible on BCM4708 (and
obviously BCM47094 too). Add scripts setting up the most optimal
Northstar setup.
Below are testing results for running iperf TCP traffic from LAN to WAN.
They were used to pick up golden values.
┌──────────┬──────────┬────────────────────┬────────────────────┐
│ eth0 │ br-lan │ flow_offloading=0 │ flow_offloading=1 │
│ │ ├─────────┬──────────┼─────────┬──────────┤
│ rps_cpus │ rps_cpus │ BCM4708 │ BCM47094 │ BCM4708 │ BCM47094 │
├──────────┼──────────┼─────────┼──────────┼─────────┼──────────┤
│ 0 │ 0 │ 387 │ 671 │ 707 │ 941 │
│ 0 │ 1 │ 343 │ 576 │ 705 │ 941 │
│ 0 │ 2 │ ✓ 574 │ ✓ 941 │ 704 │ 940 │
│ 1 │ 0 │ 320 │ 549 │ 561 │ 941 │
│ 1 │ 1 │ 327 │ 551 │ 553 │ 941 │
│ 1 │ 2 │ 523 │ ✓ 940 │ 559 │ 940 │
│ 2 │ 0 │ 383 │ 652 │ ✓ 940 │ 941 │
│ 2 │ 1 │ 448 │ 754 │ ✓ 942 │ 941 │
│ 2 │ 2 │ 404 │ 655 │ ✓ 941 │ 941 │
└──────────┴──────────┴─────────┴──────────┴─────────┴──────────┘
Above tests were performed with all eth0 interrupts handled by CPU0.
Setting "echo 2 > /proc/irq/38/smp_affinity" was tested on BCM4708 but
it didn't increased speeds (just required different steering):
┌──────────┬──────────┬───────────┐
│ eth0 │ br-lan │ flow_offl │
│ rx-0 │ rx-0 │ oading=0 │
│ rps_cpus │ rps_cpus │ BCM4708 │
├──────────┼──────────┼───────────┤
│ 0 │ 0 │ 384 │
│ 0 │ 1 │ ✓ 574 │
│ 0 │ 2 │ 348 │
│ 1 │ 0 │ 383 │
│ 1 │ 1 │ 412 │
│ 1 │ 2 │ 448 │
│ 2 │ 0 │ 321 │
│ 2 │ 1 │ 520 │
│ 2 │ 2 │ 327 │
└──────────┴──────────┴───────────┘
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit fcbd39689ebfef20c62fe3882d51f3af765e8028)
|
| |
|
|
|
|
|
|
|
|
|
| |
This improves NAT masquarade network performance.
An alternative to kernel change would be runtime setup but that requires
ethtool and identifying relevant network interface and all related
switch ports interfaces.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit 82d0dd8f8aa11249944fe39cd0d75a1524ec22ec)
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Bumping max frame size has significantly affected network performance.
It was done by upstream commit that first appeared in the 5.7 release.
This change bumps NAT masquarade speed from 196 Mb/s to 383 Mb/s for the
BCM4708 SoC.
Ref: f55f1dbaad33 ("bcm53xx: switch to the kernel 5.10")
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit 230c9da963aad9e1a2f8f128c30067ccad2efef8)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
1. KCFLAGS should be used for custom flags
2. Optimization flags are arch / SoC specific
3. -fno-reorder-blocks may *worsen* network performace on some SoCs
4. Usage of flags was *reversed* since 5.4 and noone reported that
If we really need custom flags then CONFIG_KERNEL_CFLAGS should get
default value adjusted properly (per target).
Ref: 4e0c54bc5bc8 ("kernel: add support for kernel 5.4")
Link: http://lists.openwrt.org/pipermail/openwrt-devel/2022-June/038853.html
Link: https://patchwork.ozlabs.org/project/openwrt/patch/20190409093046.13401-1-zajec5@gmail.com/
Cc: Felix Fietkau <nbd@nbd.name>
Cc: Hauke Mehrtens <hauke@hauke-m.de>
Cc: Rui Salvaterra <rsalvaterra@gmail.com>
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Acked-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 22168ae68101b95d03741b0e9e8ad20b8a5ae5b7)
|
| |
|
|
|
|
|
| |
They may be used e.g. to optimize kernel size or performance.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit 907d7d747243044f86588f0d82993e8c106cb02c)
|
| |
|
|
|
|
|
|
|
|
| |
This uses kernel's generic variable and doesn't require patching it with
a custom Makefile change. It's expected *not* to change any behaviour.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit 1d42af720c6b6dcfcdd0b89bce386fca1607dcb3)
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
(cherry picked from commit 24e27bec9a6df1511a504cf04cd9578a23e74657)
|
| |
|
|
| |
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
|
| |
|
|
| |
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
When building the mediatek/mt7629 target in OpenWrt 22.03 the kernel
does not have a configuration option for CONFIG_CRYPTO_DEV_MEDIATEK. Add
this option to the generic kernel configuration and also add two other
configuration options which are removed when we refresh the mt7629
kernel configuration.
Fixes: 2bea35cb55d7 ("mediatek: remove crypto-hw-mtk package")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit dcc0fe24ea216d32300c0f01c8879e586d89cc1e)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Changes between 1.1.1o and 1.1.1p [21 Jun 2022]
*) In addition to the c_rehash shell command injection identified in
CVE-2022-1292, further bugs where the c_rehash script does not
properly sanitise shell metacharacters to prevent command injection have been
fixed.
When the CVE-2022-1292 was fixed it was not discovered that there
are other places in the script where the file names of certificates
being hashed were possibly passed to a command executed through the shell.
This script is distributed by some operating systems in a manner where
it is automatically executed. On such operating systems, an attacker
could execute arbitrary commands with the privileges of the script.
Use of the c_rehash script is considered obsolete and should be replaced
by the OpenSSL rehash command line tool.
(CVE-2022-2068)
[Daniel Fiala, Tomáš Mráz]
*) When OpenSSL TLS client is connecting without any supported elliptic
curves and TLS-1.3 protocol is disabled the connection will no longer fail
if a ciphersuite that does not use a key exchange based on elliptic
curves can be negotiated.
[Tomáš Mráz]
Signed-off-by: Andre Heider <a.heider@gmail.com>
(cherry picked from commit eb7d2abbf06f0a3fe700df5dc6b57ee90016f1f1)
|
| |
|
|
|
|
|
|
|
|
|
| |
The recent differentiation between v1 and v2 of the UniFi 6 LR added
support for the v2 version which has GPIO-controlled LEDs instead of
using an additional microcontroller to drive an RGB led.
The polarity of the white LED, however, was inverted and the default
states didn't make a lot of sense after all. Fix that.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit f58e562b07803192d029a6be8c8c372e1ed11c68)
|
| |
|
|
|
|
|
|
|
|
| |
The line trying to generate the standard sdcard.img.gz fails due to
boot.scr not being generated.
Remove the line in order to use the default sdcard.img.gz which is
exactly the same but includes generating the boot.scr file.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit 1d3b57dbeeae70ab3a8f71d3bdb6fd41a00e1d22)
|
| |
|
|
|
|
|
|
| |
Select matching U-Boot for both v1 and v2 variants.
Fixes: 15a02471bb ("mediatek: new target mt7622-ubnt-unifi-6-lr-v1")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit 2caa03ec8607fb38e11ac1ce3c7b698f80191b49)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add targets:
* Ubiquiti UniFi 6 LR v2
* Ubiquiti UniFi 6 LR v2 (U-Boot mod)
This target does not have a RGB led bar like v1 did
Used target/linux/ramips/dts/mt7621_ubnt_unifi.dtsi as inspiration
The white dome LED is default-on, blue will turn on when the system is
in running state
Signed-off-by: Henrik Riomar <henrik.riomar@gmail.com>
(cherry picked from commit 31d86a1a119265393db02aa66e6bc6518ee7b905)
|
| |
|
|
|
|
|
|
|
| |
based on current ubnt_unifi-6-lr-ubootmod
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
[added SUPPORTED_DEVICES for compatibility with existing setups]
Signed-off-by: Henrik Riomar <henrik.riomar@gmail.com>
(cherry picked from commit 5c8d3893a78fd81454930de30d90efaef99f8734)
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Based on current mt7622-ubnt-unifi-6-lr, this is a preparation for
adding a v2 version of this target
* v1 - with led-bar
* v2 - two simple GPIO connected LEDs (in later commits)
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
[added SUPPORTED_DEVICES for compatibility with existing setups]
Signed-off-by: Henrik Riomar <henrik.riomar@gmail.com>
(cherry picked from commit 15a02471bb854245f8f94398c1e1d9ce29c2c341)
|
| |
|
|
|
|
|
|
|
| |
The config for LEDS_UBNT_LEDBAR doesn't stay in mt7629 kconfig because
of its I2C dependency. Build it as a module and let buildroot handle
this config option instead.
Signed-off-by: Chuanhong Guo <gch981213@gmail.com>
(cherry picked from commit d9ea9c06e98b597174e0e94e0a13934637c0c03e)
|
| |
|
|
|
|
|
|
| |
The MediaTek's Crypto Engine module is only available for mt7623, in
which case it is built into the kernel.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit 3f2d0703b60357e3ff1865783335be9f51528eb8)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fix the wps button to prevent wrongly detected recovery procedures.
In the official banana pi r64 git the wps button is set to
GPIO_ACTIVE_LOW and not GPIO_ACTIVE_HIGH.
Import patch to fix on boot unwanted recovery entering:
Press the [f] key and hit [enter] to enter failsafe mode
Press the [1], [2], [3] or [4] key and hit [enter] to select the debug level
- failsafe button wps was pressed -
- failsafe -
Signed-off-by: Nick Hainke <vincent@systemli.org>
(cherry-picked from commit 668619425526cb0d43f8536a2f6f15a6314e6553)
|
| |
|
|
|
|
|
|
|
|
| |
The kernel configuration option CONFIG_MACH_MT7629 selects
CONFIG_HAVE_ARM_ARCH_TIMER now. Handle this change in the config-5.10.
This fixes some build problems.
Fixes: 81530d69ef58 ("kernel: bump 5.10 to 5.10.121")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
|
| |
|
|
|
|
|
| |
93e3fce916c6 mt76: pass original queue id from __mt76_tx_queue_skb to the driver
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry-picked from commit 06d0cc2fb365485dd1ddd32937afd5091fa4b8a8)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This refreshes the patches on top of kernel 5.4.127.
Deleted (upstreamed):
bcm27xx/patches-5.10/950-0005-Revert-mailbox-avoid-timer-start-from-callback.patch [0]
bcm27xx/patches-5.10/950-0678-bcm2711_thermal-Don-t-clamp-temperature-at-zero.patch [1]
Needed manual modifications:
bcm27xx/patches-5.10/950-0410-drm-atomic-Pass-the-full-state-to-CRTC-atomic-begin-.patch
[0]: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.10.127&id=bb2220e0672b7433a9a42618599cd261b2629240
[1]: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.10.127&id=83603802954068ccd1b8a3f2ccbbaf5e0862acb0
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
|
