Package the ability to log kernel crashes to 'ramoops' pstore
files into RAM in /sys/fs/pstore

Reference to the ramoops admin guide in upstream Linux:
https://www.kernel.org/doc/html/v5.10/admin-guide/ramoops.html



The files in RAM survive a warm reboot, but not a cold reboot.

Note: kmod-ramoops selects kmod-pstore and kmod-reed-solomon.

The feature can be used by selecting the kmod-ramoops and
adding a ramoops reserved-memory definition to the device DTS.
Example from R7800:

       reserved-memory {
                rsvd@5fe00000 {
                        reg = <0x5fe00000 0x200000>;
                        reusable;
                };

                ramoops@42100000 {
                        compatible = "ramoops";
                        reg = <0x42100000 0x40000>;
                        record-size = <0x4000>;
                        console-size = <0x4000>;
                        ftrace-size = <0x4000>;
                        pmsg-size = <0x4000>;
                };
        };

If no definition has been made in DTS, no crash log is stored
for the device.

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
(added CONFIG_EFI_VARS_PSTORE disable)

Previously, grub2 was hardcoded to always look on "hd0" for the
kernel.

This works well when the system only had a single disk.
But if there was a second disk/stick present, it may have look
on the wrong drive because of enumeration races.

This patch utilizes grub2 search function to look for a filesystem
with the label "kernel". This works thanks to existing setup in
scripts/gen_image_generic.sh. Which sets the "kernel" label on
both the fat and ext4 filesystem variants.

Signed-off-by: Jax Jiang <jax.jiang.007@gmail.com>
Suggested-by: Alberto Bursi <bobafetthotmail@gmail.com> (MX100 WA)
(word wrapped, slightly rewritten commit message, removed MX100 WA)
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>

This reverts all four commits
dbb45421 "bcm27xx: bcm2708: update defconfig"
332f6958 "bcm27xx: bcm2709: update defconfig"
a478202d "bcm27xx: bcm2710: update defconfig"
82da1dfd "bcm27xx: bcm2711: update defconfig"

this also highlighted an unrelated kconfig failure
that warrants investigation. But for now it is important
for the bcm27xx target to come back again.

|*
|* Restart config...
|*
|*
|* Allow override default queue discipline
|*
|Allow override default queue discipline (NET_SCH_DEFAULT) [Y/n/?] y
|  Default queuing discipline
|    1. Fair Queue (DEFAULT_FQ) (NEW)
|    2. Controlled Delay (DEFAULT_CODEL) (NEW)
|  > 3. Fair Queue Controlled Delay (DEFAULT_FQ_CODEL)
|    4. Stochastic Fair Queue (DEFAULT_SFQ) (NEW)
|    5. Priority FIFO Fast (DEFAULT_PFIFO_FAST)
|  choice[1-5?]:
|Error in reading or end of file.

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>

Add support for SAMA7G5-EK board.
Hardware:
- SoC: SAMA7G5
- RAM: Aliance Memory AS4C256M16D3LC (4 Gbit DDR3L)
- SD/MMC: 1 standard 4bit SD Card interface
- USB: 1 Micro-AB host/device, 1 Type-A host, 1 Type-C host
- CAN: 2 interfaces
- Ethernet: 10/100 port, 1Gbps port
- Wi-Fi/BT: 1 optional interface
- Audio: 1 SPDIF RX port, 1 SPDIF TX port, 4 digital microphones
- Camera: 1 RPi CSI camera interface
- Debug: 1 J-Link-OB + CDC, 1 JTAG
- LEDs: 1 RGB
- Buttons: 4 push buttons
- Expansions: 1 RPi Expansion connector, 2 mikroBUS connectors
- Power management: 1 power management IC, 1 power consumption
  measurement device

Signed-off-by: Claudiu Beznea <claudiu.beznea@microchip.com>

Add kernel support for SAMA7G5 by back-porting mainline kernel patches.
Among SAMA7G5 features could be remembered:
- ARM Cortex-A7
- double data rate multi-port dynamic RAM controller supporting DDR2,
  DDR3, DDR3L, LPDDR2, LPDDR3 up to 533MHz
- peripherals for audio, video processing
- 1 gigabit + 1 megabit Ethernet controllers
- 6 CAN controllers
- trust zone support
- DVFS for CPU
- criptography IPs

Signed-off-by: Claudiu Beznea <claudiu.beznea@microchip.com>

Update uboot-at91 to linux4sam-2021.10 version.

Signed-off-by: Claudiu Beznea <claudiu.beznea@microchip.com>

AT91Bootstrap version 4 is available only for SAM9X60, SAMA5D2, SAMA5D3,
SAMA5D4, SAMA7G5. Thus use v4.0.1 for the above targets and v3.10.4 for
the rest of them. With the switch to v4 AT91Bootstrap binaries are now
on build/binaries. Take also this into account. Also, patches directory
is not needed anymore with the version update.

Signed-off-by: Claudiu Beznea <claudiu.beznea@microchip.com>

In the default shadow file, as visible in the failsafe mode, the user
root has value of `0` set in  the 3rd field, the date of last password
change. This setting means that the password needs to be changed the
next time the user will log in the system. `dropbear` server is ignoring
this setting but `openssh-server` tries to enforce it and fails in the
failsafe mode because the rootfs is R/O.

Disable the password aging feature for user root by setting the 3rd
filed empty.

Signed-off-by: Rucke Teg <rucketeg@protonmail.com>

Enable both the hunting-and-pecking loop and hash-to-element mechanisms
by default in OpenWRT with SAE.

Commercial Wi-Fi solutions increasingly frequently now ship with both
hunting-and-pecking and hash-to-element (H2E) enabled by default as this
is more secure and more performant than offering hunting-and-pecking
alone for H2E capable clients.

The hunting and pecking loop mechanism is inherently fragile and prone to
timing-based side channels in its design and is more computationally
intensive to perform. Hash-to-element (H2E) is its long-term
replacement to address these concerns.

For clients that only support the hunting-and-pecking loop mechanism,
this is still available to use by default.

For clients that in addition support, or were to require, the
hash-to-element (H2E) mechanism, this is then available for use.

Signed-off-by: Nick Lowe <nick.lowe@gmail.com>

Due to a limited grep pattern, subjects containing dots like `image.mk`
were falsely reported as problematic. Extend pattern to allow dots.

Signed-off-by: Paul Spooren <mail@aparcar.org>

All mirrors offer encrypted downloads, use it.

Signed-off-by: Paul Spooren <mail@aparcar.org>

Adding the feature flag automatically creates a a rootfs.tar.gz files
which can be used for Docker rootfs containers.

Signed-off-by: Paul Spooren <mail@aparcar.org>

This reverts commit c0849c1d as it seems
to introduce regression in config.buildinfo files produced at least by
buildbots:

 $ curl -s https://downloads.openwrt.org/snapshots/targets/ath79/generic/config.buildinfo | head -2
 make[3]: Entering directory '/builder/shared-workdir/build'
 make[3]: Leaving directory '/builder/shared-workdir/build'

References: https://github.com/openwrt/openwrt/issues/9297#issuecomment-1049719381


Signed-off-by: Petr Štetiar <ynezz@true.cz>

Backport fix for API breakage of SSL_get_verify_result() introduced in
v5.1.1-stable.  In v4.8.1-stable SSL_get_verify_result() used to return
X509_V_OK when used on LE powered sites or other sites utilizing
relaxed/alternative cert chain validation feature. After an update to
v5.1.1-stable that API calls started returning X509_V_ERR_INVALID_CA
error and thus rendered all such connection attempts imposible:

 $ docker run -it openwrt/rootfs:x86_64-21.02.2 sh -c "wget https://letsencrypt.org"
 Downloading 'https://letsencrypt.org'
 Connecting to 18.159.128.50:443
 Connection error: Invalid SSL certificate

Fixes: #9283
References: https://github.com/wolfSSL/wolfssl/issues/4879


Signed-off-by: Petr Štetiar <ynezz@true.cz>

fwtool is now always part of the sysupgrade stage2 ramdisk, so drop
the no longer needed RAMFS_COPY_BIN variable.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>

Now that both, fw_printenv/fw_setenv and fwtool are always present
during stage2 sysupgrade, we no longer need to list them in
RAMFS_COPY_BIN and RAMFS_COPY_DATA in platform.sh.
Drop both variables as they are now unneeded.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>

Not all targets create /var/lock or touch /var/lock/fw_printenv.lock in
their platform.sh. This is problematic as fw_printenv then fails in
case /var/lock/fw_printenv.lock has not been created by previous calls
to fw_printenv/fw_setenv before sysupgrade is run.

Targets using fw_printenv/fw_setenv during sysupgrade:
 * ath79/*
 * ipq40xx/*
 * ipq806x/*
 * kirkwood/*
 * layerscape/*
 * mediatek/mt7622
 * mvebu/*
 * ramips/*
 * realtek/*

Targets currently using additional steps in /lib/upgrade/platform.sh
to make sure /var/lock/fw_printenv.lock (or at least /var/lock)
actually exists:
 * ath79/* (openmesh devices)
 * ipq40xx/* (linksys devices)
 * ipq806x/* (linksys devices)
 * kirkwood/* (linksys devices)
 * layerscape/*
 * mvebu/cortexa9 (linksys devices)

Given that accessing the U-Boot environment during sysupgrade is not
uncommon and the situation across targets is currently quite diverse,
just make sure both tools as well fw_env.config are always copied to
the ramdisk used for sysupgrade. Also make sure /var/lock always
exists.

This now allows to remove copying of fw_printenv/fw_setenv as well as
fw_env.config, creation of /var/lock or even /var/lock/fw_printenv.lock
from lib/upgrade/platform.sh or files included there.

As the same applies also to 'fwtool' which is used by generic eMMC
sysupgrade, also always copy that to ramdisk.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>

diffconfig.sh runs ./scripts/config/conf, but it does not get built
with 'make {menu,x,n}config.  Call 'make ./scripts/config/conf' to
ensure it's been built befpre running it.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>

Toplevel Make is not aware about changes in the `scripts/config/*conf`
targets and this is causing issues for during update to that part of
build tree, where one needs to handle this manually by either force
rebuilding the targets or running `make config-clean`. Fix this by
forcing the rebuild if necessary.

Fixes: #9297
Signed-off-by: Petr Štetiar <ynezz@true.cz>

This uses uci to configure engines, by generating a list of enabled
engines in /var/etc/ssl/engines.cnf from engines configured in
/etc/config/openssl:

    config engine 'devcrypto'
            option enabled '1'

Currently the only options implemented are 'enabled', which defaults to
true and enables the named engine, and the 'force' option, that enables
the engine even if the init script thinks the engine does not exist.

The existence test is to check for either a configuration file
/etc/ssl/engines.cnf.d/%ENGINE%.cnf, or a shared object file
/usr/lib/engines-1.1/%ENGINE%.so.

The engine list is generated by an init script which is set to run after
'log' because it informs the engines being enabled or skipped.  It
should run before any service using OpenSSL as the crypto library,
otherwise the service will not use any engine.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>

This enables an engine during its package's installation, by adding it
to the engines list in /etc/ssl/engines.cnf.d/engines.cnf.

The engine build system was reworked, with the addition of an engine.mk
file that groups some of the engine packages' definitions, and could be
used by out of tree engines as well.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>

This changes the configuration of engines from the global openssl.cnf to
files in the /etc/ssl/engines.cnf.d directory.  The engines.cnf file has
the list of enabled engines, while each engine has its own configuration
file installed under /etc/ssl/engines.cnf.d.

Patches were refreshed with --zero-commit.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>

AR933x based devices should include 'kmod-usb-chipidea2' for USB
support. Fixes: #9243.

Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>

The 'BOARDNAME' variable is part of target configuration and shouldn't
be part of a device's image recipe.

Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>

65b42032063f interface: add missing autorate-ingress options

Signed-off-by: Felix Fietkau <nbd@nbd.name>

Remove some (dead) debugging code from the Realtek timer to clean up the
sources of this driver.

Signed-off-by: Sander Vanheule <sander@svanheule.net>

The I/O base address for the timers was hardcoded into the driver,
or derived from the HW IRQ number as an even more horrible hack. All
supported SoC families have these timers, but with hardcoded addresses
the code cannot be reused right now.

Request the timer's base address from the DT specification, and store it
in a private struct for future reference.

Matching the second interrupt specifier, the address range for the
second timer is added to the DT specification.

Signed-off-by: Sander Vanheule <sander@svanheule.net>

The Realtek timer node for RTL930x doesn't have any child nodes, making
the use of '#address-cells' quite pointless. It is also not an interrupt
controller, meaning it makes no sense to define '#interrupt-cells'.

The I/O address for this node is also wrong, but this is hidden by the
fact that the driver associated with this node bypasses the usual DT
machinery and does it's own thing. Correct the address to have a sane
value, even though it isn't actually used.

Fixes: a75b9e3e ("realtek: Adding RTL930X sub-target")
Signed-off-by: Sander Vanheule <sander@svanheule.net>

When driven by a GPIO pin, the system LED needs to be configured as
active high. Otherwise the LED switches off after booting and
initialisation.

Fixes: 47f5a0a3 ("realtek: Add support for ZyXEL GS1900-48 Switch")
Signed-off-by: Sander Vanheule <sander@svanheule.net>

The default value for a DT node's status property is already "okay", so
there's no need to specify it again. Drop the status property to clean
up the DTS.

Signed-off-by: Sander Vanheule <sander@svanheule.net>

The assigned output index for the event timers was quite low, lower even
than the ethernet interrupt. This means that high network load could
preempt timer interrupts, possibly leading to all sorts of strange
behaviour.

Increase the interrupt output index of the event timers to 5, which is
the highest priority output and corresponds to the (otherwise unused)
MIPS CPU timer interrupt.

Fixes: a75b9e3e ("realtek: Adding RTL930X sub-target")
Signed-off-by: Sander Vanheule <sander@svanheule.net>

The RTL8231 is an external chip, and not part of the SoC. That means
it is more appropriate to define it in the board specific (base) files,
instead of the DT include for the SoC itself.

Moving the RTL8231 definition also ensures that boards with no GPIO
expander, or an alternative one, don't have a useless gpio1 node label
defined.

Tested on a Netgear GS110TPPv1.

Signed-off-by: Sander Vanheule <sander@svanheule.net>

The address in some node names doesn't match the actual offset specified
in the DT node. Update the names to fix this.

While fixing the node names, also drop the unused node labels.

Fixes: 0a7565e5 ("realtek: Update rtl839x.dtsi for realtek,rtl-intc, new gpio controller remove RTL8231 node")
Signed-off-by: Sander Vanheule <sander@svanheule.net>

Bootargs for devices in the realtek target were previously consolidated
in commit af2cfbda ("realtek: Consolidate bootargs"), since all
devices currently use the same arguments.

Commit a75b9e3e ("realtek: Adding RTL930X sub-target") reverted this
without any argumentation, so let's undo that.

Commit 0b8dfe08 ("realtek: Add RTL931X sub-target") introduced the
old bootargs also for RTL931x, without providing any actual device
support. Until that is done, let's assume vendors will have done what
they did before, and use a baud rate of 115200.

Fixes: a75b9e3e ("realtek: Adding RTL930X sub-target")
Signed-off-by: Sander Vanheule <sander@svanheule.net>

Enable the AP806's cpufreq driver. This driver is compatible with the
Armada 7K and 8K platforms.

Tested-by: Stijn Segers <foss@volatilesystems.org> (RB5009UG+S+IN)
Signed-off-by: Matthew Hagan <mnhagan88@gmail.com>

100-ddr-marvell-a38x-fix-BYTE_HOMOGENEOUS_SPLIT_OUT-deci.patch [1]:
SoC Marvell A38x is used in Turris Omnia, and we thought that with recent
fiddling around DDR training to fix it once for all, there were
reproduced the issue in the upcoming new revision Turris Omnia boards.

101-arm-mvebu-spl-Add-option-to-reset-the-board-on-DDR-t.patch [2]:
This is useful when some board may occasionally fail with DDR training,
and it adds the option to reset the board on the DDR training failure

102-arm-mvebu-turris_omnia-Reset-the-board-immediately-o.patch [3]:
This enables the option CONFIG_DDR_RESET_ON_TRAINING_FAILURE (added by
101 patch), so the Turris Omnia board is restarted immediately, and it
does not require to reset the board manually or wait 120s for MCU to
reset the board

[1] https://patchwork.ozlabs.org/project/uboot/patch/20220217000837.13003-1-kabel@kernel.org/
[2] https://patchwork.ozlabs.org/project/uboot/patch/20220217000849.13028-1-kabel@kernel.org/
[3] https://patchwork.ozlabs.org/project/uboot/patch/20220217000849.13028-2-kabel@kernel.org/



Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>

Enabled CONFIG_ALL_KMODS and ran make kernel_menuconfig against
bcm2711 to update defconfig.  Some of the removed symbols are
present in target/linux/generic/config-5.10 while others were
removed by the make target.

Signed-off-by: John Audia <graysky@archlinux.us>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com> (wrapped)

Enabled CONFIG_ALL_KMODS and ran make kernel_menuconfig against
bcm2710 to update defconfig.  Some of the removed symbols are
present in target/linux/generic/config-5.10 while others were
removed by the make target.

Signed-off-by: John Audia <graysky@archlinux.us>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com> (wrapped)

Enabled CONFIG_ALL_KMODS and ran make kernel_menuconfig against
bcm2709 to update defconfig.  Some of the removed symbols are
present in target/linux/generic/config-5.10 while others were
removed by the make target.

Signed-off-by: John Audia <graysky@archlinux.us>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com> (wrapped)

Enabled CONFIG_ALL_KMODS and ran make kernel_menuconfig against
bcm2708 to update defconfig.  Some of the removed symbols are
present in target/linux/generic/config-5.10 while others were
removed by the make target.

Signed-off-by: John Audia <graysky@archlinux.us>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com> (wrapped)