README.adoc

@@ -53,7 +53,7 @@ achieved by running in target directory.
  compile_pkgs prepare_tools -t board # <1>
 --
 
-<1> ~-t~ means `-target`, so only valid values are `turris`, `omnia`, `mox`.
+<1> ~-t~ means `-target`, so only valid values are `turris1x`, `omnia`, `mox`.
 
 Be aware *it removes previous content of current directory*!
 

patches/openwrt/hack/0016-hostapd-restart-network-on-wpad-install.patch

-From d2b93389c7393cc79502ad6b8f715ff0a49f4c70 Mon Sep 17 00:00:00 2001
+From fdaec362fea3f1520a81e6ca1f124714a2bbf158 Mon Sep 17 00:00:00 2001
 From: =?UTF-8?q?Karel=20Ko=C4=8D=C3=AD?= <cynerd@email.cz>
 Date: Wed, 27 May 2020 11:37:13 +0200
 Subject: [PATCH] hostapd: restart network on wpad install
@@ -12,14 +12,14 @@ version. That also fixes problem with broken WiFi on that reload.
  1 file changed, 11 insertions(+)
 
 diff --git a/package/network/services/hostapd/Makefile b/package/network/services/hostapd/Makefile
-index 35ce85b..f517aed 100644
+index 35ce85b..3998a47 100644
 --- a/package/network/services/hostapd/Makefile
 +++ b/package/network/services/hostapd/Makefile
 @@ -591,6 +591,17 @@ ifeq ($(BUILD_VARIANT),supplicant-full-wolfssl)
    endef
  endif
  
-+define Package/wpad/posinst
++define Package/wpad/postinst
 +#!/bin/sh
 +[ -n "$$IPKG_INSTROOT" ] || /etc/init.d/network restart
 +endef

patches/openwrt/to-upstream/0034-kernel-backport-fix-for-memory-corruption-in-mwifiex.patch

+From 6398ad557a574cb8047feedc3d6e71be7b608fa5 Mon Sep 17 00:00:00 2001
+From: Josef Schlehofer <pepe.schlehofer@gmail.com>
+Date: Fri, 29 May 2020 18:39:21 +0200
+Subject: [PATCH] kernel: backport fix for memory corruption in mwifiex
+
+This is already stagged in wireless-next-drivers.
+
+Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
+---
+ .../900-mwifiex-fix-memory-corruption.patch   | 87 +++++++++++++++++++
+ 1 file changed, 87 insertions(+)
+ create mode 100644 target/linux/generic/backport-4.14/900-mwifiex-fix-memory-corruption.patch
+
+diff --git a/target/linux/generic/backport-4.14/900-mwifiex-fix-memory-corruption.patch b/target/linux/generic/backport-4.14/900-mwifiex-fix-memory-corruption.patch
+new file mode 100644
+index 0000000000..cf1e47302f
+--- /dev/null
++++ b/target/linux/generic/backport-4.14/900-mwifiex-fix-memory-corruption.patch
+@@ -0,0 +1,87 @@
++From 3aa42bae9c4d1641aeb36f1a8585cd1d506cf471 Mon Sep 17 00:00:00 2001
++From: =?UTF-8?q?Pali=20Roh=C3=A1r?= <pali@kernel.org>
++Date: Fri, 15 May 2020 09:59:24 +0200
++Subject: mwifiex: Fix memory corruption in dump_station
++MIME-Version: 1.0
++Content-Type: text/plain; charset=UTF-8
++Content-Transfer-Encoding: 8bit
++
++The mwifiex_cfg80211_dump_station() uses static variable for iterating
++over a linked list of all associated stations (when the driver is in UAP
++role). This has a race condition if .dump_station is called in parallel
++for multiple interfaces. This corruption can be triggered by registering
++multiple SSIDs and calling, in parallel for multiple interfaces
++    iw dev <iface> station dump
++
++[16750.719775] Unable to handle kernel paging request at virtual address dead000000000110
++...
++[16750.899173] Call trace:
++[16750.901696]  mwifiex_cfg80211_dump_station+0x94/0x100 [mwifiex]
++[16750.907824]  nl80211_dump_station+0xbc/0x278 [cfg80211]
++[16750.913160]  netlink_dump+0xe8/0x320
++[16750.916827]  netlink_recvmsg+0x1b4/0x338
++[16750.920861]  ____sys_recvmsg+0x7c/0x2b0
++[16750.924801]  ___sys_recvmsg+0x70/0x98
++[16750.928564]  __sys_recvmsg+0x58/0xa0
++[16750.932238]  __arm64_sys_recvmsg+0x28/0x30
++[16750.936453]  el0_svc_common.constprop.3+0x90/0x158
++[16750.941378]  do_el0_svc+0x74/0x90
++[16750.944784]  el0_sync_handler+0x12c/0x1a8
++[16750.948903]  el0_sync+0x114/0x140
++[16750.952312] Code: f9400003 f907f423 eb02007f 54fffd60 (b9401060)
++[16750.958583] ---[ end trace c8ad181c2f4b8576 ]---
++
++This patch drops the use of the static iterator, and instead every time
++the function is called iterates to the idx-th position of the
++linked-list.
++
++It would be better to convert the code not to use linked list for
++associated stations storage (since the chip has a limited number of
++associated stations anyway - it could just be an array). Such a change
++may be proposed in the future. In the meantime this patch can backported
++into stable kernels in this simple form.
++
++Fixes: 8baca1a34d4c ("mwifiex: dump station support in uap mode")
++Signed-off-by: Pali Rohár <pali@kernel.org>
++Acked-by: Ganapathi Bhat <ganapathi.bhat@nxp.com>
++Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
++Link: https://lore.kernel.org/r/20200515075924.13841-1-pali@kernel.org
++---
++ drivers/net/wireless/marvell/mwifiex/cfg80211.c | 14 ++++++--------
++ 1 file changed, 6 insertions(+), 8 deletions(-)
++
++diff --git a/drivers/net/wireless/marvell/mwifiex/cfg80211.c b/drivers/net/wireless/marvell/mwifiex/cfg80211.c
++index 1566d2197906..12bfd653a405 100644
++--- a/drivers/net/wireless/marvell/mwifiex/cfg80211.c
+++++ b/drivers/net/wireless/marvell/mwifiex/cfg80211.c
++@@ -1496,7 +1496,8 @@ mwifiex_cfg80211_dump_station(struct wiphy *wiphy, struct net_device *dev,
++ 			      int idx, u8 *mac, struct station_info *sinfo)
++ {
++ 	struct mwifiex_private *priv = mwifiex_netdev_get_priv(dev);
++-	static struct mwifiex_sta_node *node;
+++	struct mwifiex_sta_node *node;
+++	int i;
++ 
++ 	if ((GET_BSS_ROLE(priv) == MWIFIEX_BSS_ROLE_STA) &&
++ 	    priv->media_connected && idx == 0) {
++@@ -1506,13 +1507,10 @@ mwifiex_cfg80211_dump_station(struct wiphy *wiphy, struct net_device *dev,
++ 		mwifiex_send_cmd(priv, HOST_CMD_APCMD_STA_LIST,
++ 				 HostCmd_ACT_GEN_GET, 0, NULL, true);
++ 
++-		if (node && (&node->list == &priv->sta_list)) {
++-			node = NULL;
++-			return -ENOENT;
++-		}
++-
++-		node = list_prepare_entry(node, &priv->sta_list, list);
++-		list_for_each_entry_continue(node, &priv->sta_list, list) {
+++		i = 0;
+++		list_for_each_entry(node, &priv->sta_list, list) {
+++			if (i++ != idx)
+++				continue;
++ 			ether_addr_copy(mac, node->mac_addr);
++ 			return mwifiex_dump_station_info(priv, node, sinfo);
++ 		}
++-- 
++cgit 1.2.3-1.el7
++
+-- 
+2.26.2
+

patches/openwrt/to-upstream/0035-hostapd-backport-fixes-for-multiple-SSID-at-one-PHY-.patch

+From 5b35128fb6adb1a2e77dba3d569c25af5d236d22 Mon Sep 17 00:00:00 2001
+From: Josef Schlehofer <pepe.schlehofer@gmail.com>
+Date: Fri, 29 May 2020 19:21:39 +0200
+Subject: [PATCH] hostapd: backport fixes for multiple SSID at one PHY iface
+
+Fixed invalid mgmt frames at startup
+
+Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
+---
+ package/network/services/hostapd/Makefile     |  2 +-
+ ...10-move-deauthentication-at-ap-start.patch | 55 +++++++++++++++++++
+ .../611-ignore-management-frames.patch        | 32 +++++++++++
+ 3 files changed, 88 insertions(+), 1 deletion(-)
+ create mode 100644 package/network/services/hostapd/patches/610-move-deauthentication-at-ap-start.patch
+ create mode 100644 package/network/services/hostapd/patches/611-ignore-management-frames.patch
+
+diff --git a/package/network/services/hostapd/Makefile b/package/network/services/hostapd/Makefile
+index 35ce85b3be..7a4e61e932 100644
+--- a/package/network/services/hostapd/Makefile
++++ b/package/network/services/hostapd/Makefile
+@@ -7,7 +7,7 @@
+ include $(TOPDIR)/rules.mk
+ 
+ PKG_NAME:=hostapd
+-PKG_RELEASE:=4
++PKG_RELEASE:=5
+ 
+ PKG_SOURCE_URL:=http://w1.fi/hostap.git
+ PKG_SOURCE_PROTO:=git
+diff --git a/package/network/services/hostapd/patches/610-move-deauthentication-at-ap-start.patch b/package/network/services/hostapd/patches/610-move-deauthentication-at-ap-start.patch
+new file mode 100644
+index 0000000000..5694d3d5fc
+--- /dev/null
++++ b/package/network/services/hostapd/patches/610-move-deauthentication-at-ap-start.patch
+@@ -0,0 +1,55 @@
++From c82535edd6bea8a34b711d1f1015ea750b5db9da Mon Sep 17 00:00:00 2001
++From: Jouni Malinen <j@w1.fi>
++Date: Sat, 16 May 2020 11:38:09 +0300
++Subject: Move deauthentication at AP start to be after beacon configuration
++
++This allows nl80211-based drivers to get the frame out. The old earlier
++location resulted in the driver operation getting rejected before the
++kernel was not ready to transmit the frame in the BSS context of the AP
++interface that has not yet been started.
++
++While getting this broadcast Deauthentication frame transmitted at the
++BSS start is not critical, it is one more chance of getting any
++previously associated station notified of their previous association not
++being valid anymore had they missed previous notifications in cases
++where the AP is stopped and restarted.
++
++Signed-off-by: Jouni Malinen <j@w1.fi>
++---
++ src/ap/hostapd.c | 18 ++++++++++++++++--
++ 1 file changed, 16 insertions(+), 2 deletions(-)
++
++--- a/src/ap/hostapd.c
+++++ b/src/ap/hostapd.c
++@@ -1179,8 +1179,7 @@ static int hostapd_setup_bss(struct host
++ #endif /* CONFIG_MESH */
++ 
++ 	if (flush_old_stations)
++-		hostapd_flush_old_stations(hapd,
++-					   WLAN_REASON_PREV_AUTH_NOT_VALID);
+++		hostapd_flush(hapd);
++ 	hostapd_set_privacy(hapd, 0);
++ 
++ 	hostapd_broadcast_wep_clear(hapd);
++@@ -1372,6 +1371,21 @@ static int hostapd_setup_bss(struct host
++ 	if (!conf->start_disabled && ieee802_11_set_beacon(hapd) < 0)
++ 		return -1;
++ 
+++	if (flush_old_stations && !conf->start_disabled &&
+++	    conf->broadcast_deauth) {
+++		u8 addr[ETH_ALEN];
+++
+++		/* Should any previously associated STA not have noticed that
+++		 * the AP had stopped and restarted, send one more
+++		 * deauthentication notification now that the AP is ready to
+++		 * operate. */
+++		wpa_dbg(hapd->msg_ctx, MSG_DEBUG,
+++			"Deauthenticate all stations at BSS start");
+++		os_memset(addr, 0xff, ETH_ALEN);
+++		hostapd_drv_sta_deauth(hapd, addr,
+++				       WLAN_REASON_PREV_AUTH_NOT_VALID);
+++	}
+++
++ 	if (hapd->wpa_auth && wpa_init_keys(hapd->wpa_auth) < 0)
++ 		return -1;
++ 
+diff --git a/package/network/services/hostapd/patches/611-ignore-management-frames.patch b/package/network/services/hostapd/patches/611-ignore-management-frames.patch
+new file mode 100644
+index 0000000000..4f960c96c2
+--- /dev/null
++++ b/package/network/services/hostapd/patches/611-ignore-management-frames.patch
+@@ -0,0 +1,32 @@
++From 5a04a76aa20d32417484e40b878596e5933c645e Mon Sep 17 00:00:00 2001
++From: Jouni Malinen <j@w1.fi>
++Date: Sat, 16 May 2020 12:16:34 +0300
++Subject: Ignore Management frames while AP interface is not fully enabled
++
++It is possible for drivers to report received Management frames while AP
++is going through initial setup (e.g., during ACS or DFS CAC). hostapd
++and the driver is not yet ready for actually sending out responses to
++such frames at this point and as such, it is better to explicitly ignore
++such received frames rather than try to process them and have the
++response (e.g., a Probe Response frame) getting dropped by the driver as
++an invalid or getting out with some incorrect information.
++
++Signed-off-by: Jouni Malinen <j@w1.fi>
++---
++ src/ap/ieee802_11.c | 5 +++++
++ 1 file changed, 5 insertions(+)
++
++--- a/src/ap/ieee802_11.c
+++++ b/src/ap/ieee802_11.c
++@@ -4686,6 +4686,11 @@ int ieee802_11_mgmt(struct hostapd_data
++ 		return 0;
++ 	}
++ 
+++	if (hapd->iface->state != HAPD_IFACE_ENABLED) {
+++		wpa_printf(MSG_DEBUG, "MGMT: Ignore management frame while interface is not enabled (SA=" MACSTR " DA=" MACSTR " subtype=%u)",
+++			   MAC2STR(mgmt->sa), MAC2STR(mgmt->da), stype);
+++		return 1;
+++	}
++ 
++ 	if (stype == WLAN_FC_STYPE_PROBE_REQ) {
++ 		handle_probe_req(hapd, mgmt, len, ssi_signal);
+-- 
+2.26.2
+