Merge remote-tracking branch 'op/main'

include/host-build.mk

@@ -26,7 +26,7 @@ HOST_STAMP_CONFIGURED:=$(HOST_BUILD_DIR)/.configured
 HOST_STAMP_BUILT:=$(HOST_BUILD_DIR)/.built
 HOST_BUILD_PREFIX?=$(if $(IS_PACKAGE_BUILD),$(STAGING_DIR_HOSTPKG),$(STAGING_DIR_HOST))
 HOST_STAMP_INSTALLED:=$(HOST_BUILD_PREFIX)/stamp/.$(PKG_NAME)_installed
-HOST_STAMP_PROGRAMS:=$(foreach program,$(PKG_PROGRAMS),$(subst $(PKG_NAME),$(program),$(HOST_STAMP_INSTALLED)) )
+HOST_STAMP_PROGRAMS:=$(foreach program,$(PKG_PROGRAMS),$(dir $(HOST_STAMP_INSTALLED))$(subst $(PKG_NAME),$(program),$(notdir $(HOST_STAMP_INSTALLED))) )
 
 override MAKEFLAGS=
 

package/boot/uboot-envtools/files/ramips

@@ -100,7 +100,9 @@ linksys,ea7300-v2|\
 linksys,ea7500-v2|\
 linksys,ea8100-v1|\
 linksys,ea8100-v2|\
-mts,wg430223)
+mts,wg430223|\
+ubnt,edgerouter-x|\
+ubnt,edgerouter-x-sfp)
 	ubootenv_add_uci_config "/dev/mtd1" "0x0" "0x1000" "0x20000"
 	;;
 snr,snr-cpe-me1|\

package/devel/perf/Makefile

@@ -71,6 +71,10 @@ MAKE_FLAGS = \
 	O=$(PKG_BUILD_DIR) \
 	prefix=/usr
 
+ifeq ($(LINUX_KARCH),powerpc)
+	MAKE_FLAGS += NO_AUXTRACE=1
+endif
+
 define Build/Compile
 	+$(MAKE) $(PKG_JOBS) $(MAKE_FLAGS) \
 		--no-print-directory \

package/firmware/ipq-wifi/Makefile

@@ -6,9 +6,9 @@ PKG_RELEASE:=1
 
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL=$(PROJECT_GIT)/project/firmware/qca-wireless.git
-PKG_SOURCE_DATE:=2024-04-16
-PKG_SOURCE_VERSION:=1d51799e6768a304da7840b8346e7487efd77f49
-PKG_MIRROR_HASH:=9cf0917532283c1a1708643022a5ed1ec4af6bb9ebaff57fc2f0f2c229f2469e
+PKG_SOURCE_DATE:=2024-04-26
+PKG_SOURCE_VERSION:=644ba9ea2e6685e420561ef098cb6fbaaf136cbf
+PKG_MIRROR_HASH:=e6b4bc1bb7a7e93477ebec0a0bbed0e46d7b82f66c9d879198e9afbbcdf1ac0b
 PKG_FLAGS:=nonshared
 
 include $(INCLUDE_DIR)/package.mk

package/libs/gettext-full/Makefile

@@ -8,12 +8,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=gettext-full
-PKG_VERSION:=0.21.1
-PKG_RELEASE:=2
+PKG_VERSION:=0.22.5
+PKG_RELEASE:=1
 
 PKG_SOURCE:=gettext-$(PKG_VERSION).tar.xz
 PKG_SOURCE_URL:=@GNU/gettext
-PKG_HASH:=50dbc8f39797950aa2c98e939947c527e5ac9ebd2c1b99dd7b06ba33a6767ae6
+PKG_HASH:=fe10c37353213d78a5b83d48af231e005c4da84db5ce88037d88355938259640
 PKG_BUILD_DIR:=$(BUILD_DIR)/gettext-$(PKG_VERSION)
 HOST_BUILD_DIR:=$(BUILD_DIR_HOST)/gettext-$(PKG_VERSION)
 

package/libs/gettext-full/patches/200-libunistring-missing-link.patch

@@ -1,6 +1,6 @@
 --- a/autogen.sh
 +++ b/autogen.sh
-@@ -78,6 +78,7 @@ if ! $skip_gnulib; then
+@@ -81,6 +81,7 @@ if ! $skip_gnulib; then
      getopt-gnu
      gettext-h
      havelib
@@ -10,7 +10,7 @@
      progname
 --- a/gettext-runtime/src/Makefile.am
 +++ b/gettext-runtime/src/Makefile.am
-@@ -40,7 +40,7 @@ envsubst_SOURCES = envsubst.c
+@@ -43,7 +43,7 @@ envsubst_SOURCES = envsubst.c
 
  # Link dependencies.
  # Need @LTLIBICONV@ because striconv.c uses iconv().

package/network/config/netifd/files/etc/init.d/packet_steering

@@ -15,9 +15,11 @@ service_triggers() {
 
 reload_service() {
 	packet_steering="$(uci get "network.@globals[0].packet_steering")"
+	steering_flows="$(uci get "network.@globals[0].steering_flows")"
+	[ "$steering_flows" -gt 0 ] && opts="-l $steering_flows"
 	if [ -e "/usr/libexec/platform/packet-steering.sh" ]; then
 		/usr/libexec/platform/packet-steering.sh "$packet_steering"
 	else
-		/usr/libexec/network/packet-steering.uc "$packet_steering"
+		/usr/libexec/network/packet-steering.uc $opts "$packet_steering"
 	fi
 }

package/network/config/netifd/files/usr/libexec/network/packet-steering.uc

@@ -9,8 +9,11 @@ let eth_bias = 2.0;
 let debug = 0, do_nothing = 0;
 let disable;
 let cpus;
+let all_cpus;
+let local_flows = 0;
 
-for (let arg in ARGV) {
+while (length(ARGV) > 0) {
+	let arg = shift(ARGV);
 	switch (arg) {
 	case "-d":
 		debug++;
@@ -21,6 +24,12 @@ for (let arg in ARGV) {
 	case '0':
 		disable = true;
 		break;
+	case '2':
+		all_cpus = true;
+		break;
+	case '-l':
+		local_flows = +shift(ARGV);
+		break;
 	}
 }
 
@@ -46,9 +55,19 @@ function set_task_cpu(pid, cpu) {
 		system(`taskset -p -c ${cpu} ${pid}`);
 }
 
+function cpu_mask(cpu)
+{
+	let mask;
+	if (cpu < 0)
+		mask = (1 << length(cpus)) - 1;
+	else
+		mask = (1 << int(cpu));
+	return sprintf("%x", mask);
+}
+
 function set_netdev_cpu(dev, cpu) {
 	let queues = glob(`/sys/class/net/${dev}/queues/rx-*/rps_cpus`);
-	let val = sprintf("%x", (1 << int(cpu)));
+	let val = cpu_mask(cpu);
 	if (disable)
 		val = 0;
 	for (let queue in queues) {
@@ -57,6 +76,13 @@ function set_netdev_cpu(dev, cpu) {
 		if (!do_nothing)
 			writefile(queue, `${val}`);
 	}
+	queues = glob(`/sys/class/net/${dev}/queues/rx-*/rps_flow_cnt`);
+	for (let queue in queues) {
+		if (debug || do_nothing)
+			warn(`echo ${local_flows} > ${queue}\n`);
+		if (!do_nothing)
+			writefile(queue, `${local_flows}`);
+	}
 }
 
 function task_device_match(name, device)
@@ -173,7 +199,12 @@ function assign_dev_cpu(dev) {
 	}
 
 	if (length(dev.netdev) > 0) {
-		let cpu = dev.rx_cpu = get_next_cpu(rx_weight, dev.napi_cpu);
+		let cpu;
+		if (all_cpus)
+			cpu = -1;
+		else
+			cpu = get_next_cpu(rx_weight, dev.napi_cpu);
+		dev.rx_cpu = cpu;
 		for (let netdev in dev.netdev)
 			set_netdev_cpu(netdev, cpu);
 	}

target/linux/ath79/patches-6.1/900-unaligned_access_hacks.patch

@@ -858,16 +858,25 @@ SVN-Revision: 35130
 
 --- a/net/ipv4/tcp_offload.c
 +++ b/net/ipv4/tcp_offload.c
-@@ -220,7 +220,7 @@ struct sk_buff *tcp_gro_receive(struct l
+@@ -60,7 +60,7 @@ static struct sk_buff *__tcpv4_gso_segme
+ 	th2 = tcp_hdr(seg->next);
+ 	iph2 = ip_hdr(seg->next);
 
- 		th2 = tcp_hdr(p);
+-	if (!(*(u32 *)&th->source ^ *(u32 *)&th2->source) &&
++	if (!(net_hdr_word(&th->source) ^ net_hdr_word(&th2->source)) &&
+ 	    iph->daddr == iph2->daddr && iph->saddr == iph2->saddr)
+ 		return segs;
+
+@@ -252,7 +252,7 @@ struct sk_buff *tcp_gro_lookup(struct li
+ 			continue;
 
+ 		th2 = tcp_hdr(p);
 -		if (*(u32 *)&th->source ^ *(u32 *)&th2->source) {
 +		if (net_hdr_word(&th->source) ^ net_hdr_word(&th2->source)) {
  			NAPI_GRO_CB(p)->same_flow = 0;
  			continue;
  		}
-@@ -238,8 +238,8 @@ found:
+@@ -318,8 +318,8 @@ struct sk_buff *tcp_gro_receive(struct l
  		  ~(TCP_FLAG_CWR | TCP_FLAG_FIN | TCP_FLAG_PSH));
  	flush |= (__force int)(th->ack_seq ^ th2->ack_seq);
  	for (i = sizeof(*th); i < thlen; i += 4)

target/linux/bcm53xx/patches-6.1/600-net-disable-GRO-by-default.patch

@@ -25,12 +25,12 @@ Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
  #define NETIF_F_UPPER_DISABLES	NETIF_F_LRO
 
  /* changeable features with no special hardware requirements */
--#define NETIF_F_SOFT_FEATURES	(NETIF_F_GSO | NETIF_F_GRO)
+-#define NETIF_F_SOFT_FEATURES	(NETIF_F_GSO | NETIF_F_GRO | NETIF_F_GRO_FRAGLIST)
 +#define NETIF_F_SOFT_FEATURES	(NETIF_F_GSO)
 
  /* Changeable features with no special hardware requirements that defaults to off. */
--#define NETIF_F_SOFT_FEATURES_OFF	(NETIF_F_GRO_FRAGLIST | NETIF_F_GRO_UDP_FWD)
-+#define NETIF_F_SOFT_FEATURES_OFF	(NETIF_F_GRO_FRAGLIST | NETIF_F_GRO_UDP_FWD | NETIF_F_GRO)
+-#define NETIF_F_SOFT_FEATURES_OFF	(NETIF_F_GRO_UDP_FWD)
++#define NETIF_F_SOFT_FEATURES_OFF	(NETIF_F_GRO_UDP_FWD | NETIF_F_GRO | NETIF_F_GRO_FRAGLIST)
 
  #define NETIF_F_VLAN_FEATURES	(NETIF_F_HW_VLAN_CTAG_FILTER | \
  				 NETIF_F_HW_VLAN_CTAG_RX | \

target/linux/bcm53xx/patches-6.6/600-net-disable-GRO-by-default.patch

@@ -25,12 +25,12 @@ Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
  #define NETIF_F_UPPER_DISABLES	NETIF_F_LRO
 
  /* changeable features with no special hardware requirements */
--#define NETIF_F_SOFT_FEATURES	(NETIF_F_GSO | NETIF_F_GRO)
+-#define NETIF_F_SOFT_FEATURES	(NETIF_F_GSO | NETIF_F_GRO | NETIF_F_GRO_FRAGLIST)
 +#define NETIF_F_SOFT_FEATURES	(NETIF_F_GSO)
 
  /* Changeable features with no special hardware requirements that defaults to off. */
--#define NETIF_F_SOFT_FEATURES_OFF	(NETIF_F_GRO_FRAGLIST | NETIF_F_GRO_UDP_FWD)
-+#define NETIF_F_SOFT_FEATURES_OFF	(NETIF_F_GRO_FRAGLIST | NETIF_F_GRO_UDP_FWD | NETIF_F_GRO)
+-#define NETIF_F_SOFT_FEATURES_OFF	(NETIF_F_GRO_UDP_FWD)
++#define NETIF_F_SOFT_FEATURES_OFF	(NETIF_F_GRO_UDP_FWD | NETIF_F_GRO | NETIF_F_GRO_FRAGLIST)
 
  #define NETIF_F_VLAN_FEATURES	(NETIF_F_HW_VLAN_CTAG_FILTER | \
  				 NETIF_F_HW_VLAN_CTAG_RX | \

target/linux/generic/backport-5.15/741-v6.9-01-netfilter-flowtable-validate-pppoe-header.patch

@@ -0,0 +1,85 @@
+From: Pablo Neira Ayuso <pablo@netfilter.org>
+Date: Thu, 11 Apr 2024 13:28:59 +0200
+Subject: [PATCH] netfilter: flowtable: validate pppoe header
+
+Ensure there is sufficient room to access the protocol field of the
+PPPoe header. Validate it once before the flowtable lookup, then use a
+helper function to access protocol field.
+
+Reported-by: syzbot+b6f07e1c07ef40199081@syzkaller.appspotmail.com
+Fixes: 72efd585f714 ("netfilter: flowtable: add pppoe support")
+Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
+---
+
+--- a/include/net/netfilter/nf_flow_table.h
++++ b/include/net/netfilter/nf_flow_table.h
+@@ -318,7 +318,7 @@ int nf_flow_rule_route_ipv6(struct net *
+ int nf_flow_table_offload_init(void);
+ void nf_flow_table_offload_exit(void);
+
+-static inline __be16 nf_flow_pppoe_proto(const struct sk_buff *skb)
++static inline __be16 __nf_flow_pppoe_proto(const struct sk_buff *skb)
+ {
+ 	__be16 proto;
+
+@@ -334,4 +334,14 @@ static inline __be16 nf_flow_pppoe_proto
+ 	return 0;
+ }
+
++static inline bool nf_flow_pppoe_proto(struct sk_buff *skb, __be16 *inner_proto)
++{
++	if (!pskb_may_pull(skb, PPPOE_SES_HLEN))
++		return false;
++
++	*inner_proto = __nf_flow_pppoe_proto(skb);
++
++	return true;
++}
++
+ #endif /* _NF_FLOW_TABLE_H */
+--- a/net/netfilter/nf_flow_table_inet.c
++++ b/net/netfilter/nf_flow_table_inet.c
+@@ -21,7 +21,8 @@ nf_flow_offload_inet_hook(void *priv, st
+ 		proto = veth->h_vlan_encapsulated_proto;
+ 		break;
+ 	case htons(ETH_P_PPP_SES):
+-		proto = nf_flow_pppoe_proto(skb);
++		if (!nf_flow_pppoe_proto(skb, &proto))
++			return NF_ACCEPT;
+ 		break;
+ 	default:
+ 		proto = skb->protocol;
+--- a/net/netfilter/nf_flow_table_ip.c
++++ b/net/netfilter/nf_flow_table_ip.c
+@@ -246,10 +246,11 @@ static unsigned int nf_flow_xmit_xfrm(st
+ 	return NF_STOLEN;
+ }
+
+-static bool nf_flow_skb_encap_protocol(const struct sk_buff *skb, __be16 proto,
++static bool nf_flow_skb_encap_protocol(struct sk_buff *skb, __be16 proto,
+ 				       u32 *offset)
+ {
+ 	struct vlan_ethhdr *veth;
++	__be16 inner_proto;
+
+ 	switch (skb->protocol) {
+ 	case htons(ETH_P_8021Q):
+@@ -260,7 +261,8 @@ static bool nf_flow_skb_encap_protocol(c
+ 		}
+ 		break;
+ 	case htons(ETH_P_PPP_SES):
+-		if (nf_flow_pppoe_proto(skb) == proto) {
++		if (nf_flow_pppoe_proto(skb, &inner_proto) &&
++		    inner_proto == proto) {
+ 			*offset += PPPOE_SES_HLEN;
+ 			return true;
+ 		}
+@@ -289,7 +291,7 @@ static void nf_flow_encap_pop(struct sk_
+ 			skb_reset_network_header(skb);
+ 			break;
+ 		case htons(ETH_P_PPP_SES):
+-			skb->protocol = nf_flow_pppoe_proto(skb);
++			skb->protocol = __nf_flow_pppoe_proto(skb);
+ 			skb_pull(skb, PPPOE_SES_HLEN);
+ 			skb_reset_network_header(skb);
+ 			break;

target/linux/generic/backport-5.15/741-v6.9-02-netfilter-flowtable-incorrect-pppoe-tuple.patch

@@ -0,0 +1,24 @@
+From: Pablo Neira Ayuso <pablo@netfilter.org>
+Date: Thu, 11 Apr 2024 13:29:00 +0200
+Subject: [PATCH] netfilter: flowtable: incorrect pppoe tuple
+
+pppoe traffic reaching ingress path does not match the flowtable entry
+because the pppoe header is expected to be at the network header offset.
+This bug causes a mismatch in the flow table lookup, so pppoe packets
+enter the classical forwarding path.
+
+Fixes: 72efd585f714 ("netfilter: flowtable: add pppoe support")
+Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
+---
+
+--- a/net/netfilter/nf_flow_table_ip.c
++++ b/net/netfilter/nf_flow_table_ip.c
+@@ -156,7 +156,7 @@ static void nf_flow_tuple_encap(struct s
+ 		tuple->encap[i].proto = skb->protocol;
+ 		break;
+ 	case htons(ETH_P_PPP_SES):
+-		phdr = (struct pppoe_hdr *)skb_mac_header(skb);
++		phdr = (struct pppoe_hdr *)skb_network_header(skb);
+ 		tuple->encap[i].id = ntohs(phdr->sid);
+ 		tuple->encap[i].proto = skb->protocol;
+ 		break;