From ac5f5dcd28663131e4fd0dd6a5827fc0043070d3 Mon Sep 17 00:00:00 2001 From: AmadeusGhost <42570690+AmadeusGhost@users.noreply.github.com> Date: Mon, 4 Jul 2022 23:12:16 +0800 Subject: [PATCH 1/5] Revert "ramips: improve MT7621 clock" This reverts commit 003eb67e86fac139cced49e315c4df778f07e663. This may cause some devices to fail to boot, close: #9711 --- .../991-mt7621-improve_cpu_clock.patch | 29 ------------------- 1 file changed, 29 deletions(-) delete mode 100644 target/linux/ramips/patches-5.4/991-mt7621-improve_cpu_clock.patch diff --git a/target/linux/ramips/patches-5.4/991-mt7621-improve_cpu_clock.patch b/target/linux/ramips/patches-5.4/991-mt7621-improve_cpu_clock.patch deleted file mode 100644 index 6444b8241..000000000 --- a/target/linux/ramips/patches-5.4/991-mt7621-improve_cpu_clock.patch +++ /dev/null @@ -1,29 +0,0 @@ ---- a/arch/mips/ralink/mt7621.c -+++ b/arch/mips/ralink/mt7621.c -@@ -171,6 +171,7 @@ void __init ralink_clk_init(void) - u32 syscfg, xtal_sel, clkcfg, clk_sel, curclk, ffiv, ffrac; - u32 pll, prediv, fbdiv; - u32 xtal_clk, cpu_clk, bus_clk; -+ u32 target_fbdiv, target_pll; - const static u32 prediv_tbl[] = {0, 1, 2, 2}; - - syscfg = rt_sysc_r32(SYSC_REG_SYSTEM_CONFIG0); -@@ -198,6 +199,18 @@ void __init ralink_clk_init(void) - pll = rt_memc_r32(MEMC_REG_CPU_PLL); - fbdiv = (pll >> CPU_PLL_FBDIV_SHIFT) & CPU_PLL_FBDIV_MASK; - prediv = (pll >> CPU_PLL_PREDIV_SHIFT) & CPU_PLL_PREDIV_MASK; -+ /* When using the PLL, this code will overclock the CPU */ -+#define MT7621A_TARGET_CLOCK_HZ 1100000000 -+ target_fbdiv = (MT7621A_TARGET_CLOCK_HZ * ffiv) / ffrac; -+ target_fbdiv = target_fbdiv << prediv_tbl[prediv]; -+ target_fbdiv = (target_fbdiv / xtal_clk) - 1; -+ target_pll = pll & ~(CPU_PLL_FBDIV_MASK << CPU_PLL_FBDIV_SHIFT); -+ target_pll = target_pll | (target_fbdiv << CPU_PLL_FBDIV_SHIFT); -+ pr_info("CPU Overclock PLL: 0x%x\n", target_pll); -+ rt_memc_w32(target_pll, MEMC_REG_CPU_PLL); -+ pll = rt_memc_r32(MEMC_REG_CPU_PLL); -+ fbdiv = (pll >> CPU_PLL_FBDIV_SHIFT) & CPU_PLL_FBDIV_MASK; -+ prediv = (pll >> CPU_PLL_PREDIV_SHIFT) & CPU_PLL_PREDIV_MASK; - cpu_clk = ((fbdiv + 1) * xtal_clk) >> prediv_tbl[prediv]; - break; - default: From 628ef827142db1c18a5c661ee64164e3d4734be4 Mon Sep 17 00:00:00 2001 From: Ronny Kotzschmar Date: Wed, 6 Jul 2022 15:14:21 +0200 Subject: [PATCH 2/5] rockchip: reliably distribute net interrupts On the NanoPI R4S it takes an average of 3..5 seconds for the network devices to appear in '/proc/interrupts'. Wait up to 10 seconds to ensure that the distribution of the interrupts really happens. Signed-off-by: Ronny Kotzschmar --- .../armv8/base-files/etc/hotplug.d/net/40-net-smp-affinity | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/target/linux/rockchip/armv8/base-files/etc/hotplug.d/net/40-net-smp-affinity b/target/linux/rockchip/armv8/base-files/etc/hotplug.d/net/40-net-smp-affinity index 2822e4890..2491dc8c3 100644 --- a/target/linux/rockchip/armv8/base-files/etc/hotplug.d/net/40-net-smp-affinity +++ b/target/linux/rockchip/armv8/base-files/etc/hotplug.d/net/40-net-smp-affinity @@ -5,12 +5,13 @@ get_device_irq() { local device="$1" local line - local seconds + local seconds="0" # wait up to 10 seconds for the irq/device to appear - for seconds in $(seq 0 9); do + while [ "${seconds}" -le 10 ]; do line=$(grep -m 1 "${device}\$" /proc/interrupts) && break - sleep 1 + seconds="$(( seconds + 2 ))" + sleep 2 done echo ${line} | sed 's/:.*//' } From 91143f1d7ad4522568566c0fd67e3b247cb191a7 Mon Sep 17 00:00:00 2001 From: Ivan Maslov Date: Sat, 29 Jan 2022 23:11:30 +0300 Subject: [PATCH 3/5] toolchaini/gcc: fix libstdc++ dual abi model libstdcxx-dual-abi needs to be enabled to actually support C++11 ABI. Enable the config flag to also permit support of .NET 6 development on OpenWrt. Signed-off-by: Ivan Maslov [ reword commit description and title ] Signed-off-by: Christian Marangi --- toolchain/gcc/common.mk | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/toolchain/gcc/common.mk b/toolchain/gcc/common.mk index 76c5fc114..76230ffc6 100644 --- a/toolchain/gcc/common.mk +++ b/toolchain/gcc/common.mk @@ -122,7 +122,7 @@ GCC_CONFIGURE:= \ --disable-decimal-float \ --with-diagnostics-color=auto-if-env \ --enable-__cxa_atexit \ - --disable-libstdcxx-dual-abi \ + --enable-libstdcxx-dual-abi \ --with-default-libstdcxx-abi=new ifneq ($(CONFIG_mips)$(CONFIG_mipsel),) GCC_CONFIGURE += --with-mips-plt From ac229e639675db96de74d1939a51e22b1422b5a6 Mon Sep 17 00:00:00 2001 From: Eneas U de Queiroz Date: Wed, 6 Jul 2022 17:55:58 -0300 Subject: [PATCH 4/5] wolfssl: re-enable AES-NI by default for x86_64 Apply an upstream patch that removes unnecessary CFLAGs, avoiding generation of incompatible code. Commit 0bd536723303ccd178e289690d073740c928bb34 is reverted so the accelerated version builds by default on x86_64. Signed-off-by: Eneas U de Queiroz --- package/libs/wolfssl/Config.in | 7 +-- ...figure-to-use-minimal-compiler-flags.patch | 44 +++++++++++++++++++ 2 files changed, 45 insertions(+), 6 deletions(-) create mode 100644 package/libs/wolfssl/patches/300-AESNI-fix-configure-to-use-minimal-compiler-flags.patch diff --git a/package/libs/wolfssl/Config.in b/package/libs/wolfssl/Config.in index 901f2b296..26bd979a3 100644 --- a/package/libs/wolfssl/Config.in +++ b/package/libs/wolfssl/Config.in @@ -71,7 +71,7 @@ config WOLFSSL_ASM_CAPABLE choice prompt "Hardware Acceleration" - default WOLFSSL_HAS_CPU_CRYPTO if WOLFSSL_ASM_CAPABLE && !x86_64 + default WOLFSSL_HAS_CPU_CRYPTO if WOLFSSL_ASM_CAPABLE default WOLFSSL_HAS_NO_HW config WOLFSSL_HAS_NO_HW @@ -83,7 +83,6 @@ choice help This will use Intel AESNI insturctions or armv8 Crypto Extensions. Either of them should easily outperform hardware crypto in WolfSSL. - Beware that for Intel, the CPU has to support SSE4 instructions. config WOLFSSL_HAS_AFALG bool "AF_ALG" @@ -100,9 +99,5 @@ choice bool "/dev/crypto - full" select WOLFSSL_HAS_DEVCRYPTO endchoice -if x86_64 && WOLFSSL_HAS_CPU_CRYPTO - comment "WARNING: make sure your CPU supports SSE4 instructions" - comment "WolfSSL may crash with an invalid opcode exception" -endif endif diff --git a/package/libs/wolfssl/patches/300-AESNI-fix-configure-to-use-minimal-compiler-flags.patch b/package/libs/wolfssl/patches/300-AESNI-fix-configure-to-use-minimal-compiler-flags.patch new file mode 100644 index 000000000..d65a117d1 --- /dev/null +++ b/package/libs/wolfssl/patches/300-AESNI-fix-configure-to-use-minimal-compiler-flags.patch @@ -0,0 +1,44 @@ +From 9ba77300f9f5dea9f53aed00bf6c33d10b7b2fce Mon Sep 17 00:00:00 2001 +From: Sean Parkinson +Date: Thu, 7 Jul 2022 09:30:48 +1000 +Subject: [PATCH] AESNI: fix configure to use minimal compiler flags + + +diff --git a/configure.ac b/configure.ac +index df97ac75c..6abb0c744 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -2142,21 +2142,19 @@ then + if test "$ENABLED_AESNI" = "yes" || test "$ENABLED_INTELASM" = "yes" + then + AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AESNI" +- if test "$GCC" = "yes" ++ if test "$CC" != "icc" + then +- # clang needs these flags +- if test "$CC" = "clang" +- then +- AM_CFLAGS="$AM_CFLAGS -maes -mpclmul" +- else +- # GCC needs these flags, icc doesn't +- # opt levels greater than 2 may cause problems on systems w/o +- # aesni +- if test "$CC" != "icc" +- then +- AM_CFLAGS="$AM_CFLAGS -maes -msse4 -mpclmul" +- fi +- fi ++ case $host_os in ++ mingw*) ++ # Windows uses intrinsics for GCM which uses SSE4 instructions. ++ # MSVC has own build files. ++ AM_CFLAGS="$AM_CFLAGS -maes -msse4 -mpclmul" ++ ;; ++ *) ++ # Intrinsics used in AES_set_decrypt_key (TODO: rework) ++ AM_CFLAGS="$AM_CFLAGS -maes" ++ ;; ++ esac + fi + AS_IF([test "x$ENABLED_AESGCM" != "xno"],[AM_CCASFLAGS="$AM_CCASFLAGS -DHAVE_AESGCM"]) + fi From d12eff3e86736486a49c6342ea95628b7d9591f6 Mon Sep 17 00:00:00 2001 From: Dustin Lundquist Date: Wed, 6 Jul 2022 09:08:52 -0700 Subject: [PATCH 5/5] openssl: bump to 1.1.1q MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Changes between 1.1.1p and 1.1.1q [5 Jul 2022] *) AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation would not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the memory that wasn't written. In the special case of "in place" encryption, sixteen bytes of the plaintext would be revealed. Since OpenSSL does not support OCB based cipher suites for TLS and DTLS, they are both unaffected. (CVE-2022-2097) [Alex Chernyakhovsky, David Benjamin, Alejandro SedeƱo] Signed-off-by: Dustin Lundquist --- package/libs/openssl/Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/package/libs/openssl/Makefile b/package/libs/openssl/Makefile index 7c8d25747..3613d56e0 100644 --- a/package/libs/openssl/Makefile +++ b/package/libs/openssl/Makefile @@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=openssl PKG_BASE:=1.1.1 -PKG_BUGFIX:=p +PKG_BUGFIX:=q PKG_VERSION:=$(PKG_BASE)$(PKG_BUGFIX) PKG_RELEASE:=$(AUTORELEASE) PKG_USE_MIPS16:=0 @@ -27,7 +27,7 @@ PKG_SOURCE_URL:= \ ftp://ftp.pca.dfn.de/pub/tools/net/openssl/source/ \ ftp://ftp.pca.dfn.de/pub/tools/net/openssl/source/old/$(PKG_BASE)/ -PKG_HASH:=bf61b62aaa66c7c7639942a94de4c9ae8280c08f17d4eac2e44644d9fc8ace6f +PKG_HASH:=d7939ce614029cdff0b6c20f0e2e5703158a489a72b2507b8bd51bf8c8fd10ca PKG_LICENSE:=OpenSSL PKG_LICENSE_FILES:=LICENSE