Merge Official Source

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>

package/kernel/mac80211/patches/subsys/332-wifi-mac80211-check-clear-fast-rx-for-non-4addr-sta-.patch

@@ -0,0 +1,35 @@
+From: Felix Fietkau <nbd@nbd.name>
+Date: Sat, 16 Mar 2024 08:37:21 +0100
+Subject: [PATCH] wifi: mac80211: check/clear fast rx for non-4addr sta VLAN
+ changes
+
+When moving a station out of a VLAN and deleting the VLAN afterwards, the
+fast_rx entry still holds a pointer to the VLAN's netdev, which can cause
+use-after-free bugs. Fix this by immediately calling ieee80211_check_fast_rx
+after the VLAN change.
+
+Cc: stable@vger.kernel.org
+Reported-by: ranygh@riseup.net
+Signed-off-by: Felix Fietkau <nbd@nbd.name>
+---
+
+--- a/net/mac80211/cfg.c
++++ b/net/mac80211/cfg.c
+@@ -2184,15 +2184,14 @@ static int ieee80211_change_station(stru
+ 		}
+ 
+ 		if (sta->sdata->vif.type == NL80211_IFTYPE_AP_VLAN &&
+-		    sta->sdata->u.vlan.sta) {
+-			ieee80211_clear_fast_rx(sta);
++		    sta->sdata->u.vlan.sta)
+ 			RCU_INIT_POINTER(sta->sdata->u.vlan.sta, NULL);
+-		}
+ 
+ 		if (test_sta_flag(sta, WLAN_STA_AUTHORIZED))
+ 			ieee80211_vif_dec_num_mcast(sta->sdata);
+ 
+ 		sta->sdata = vlansdata;
++		ieee80211_check_fast_rx(sta);
+ 		ieee80211_check_fast_xmit(sta);
+ 
+ 		if (test_sta_flag(sta, WLAN_STA_AUTHORIZED)) {

package/network/ipv6/ds-lite/Makefile

@@ -8,7 +8,7 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=ds-lite
-PKG_RELEASE:=8
+PKG_RELEASE:=9
 PKG_LICENSE:=GPL-2.0
 
 include $(INCLUDE_DIR)/package.mk
@@ -17,13 +17,13 @@ define Package/ds-lite
   SECTION:=net
   CATEGORY:=Network
   DEPENDS:=@IPV6 +kmod-ip6-tunnel +resolveip
-  TITLE:=Dual-Stack Lite (DS-Lite) configuration support
+  TITLE:=IPv4 over IPv6 (RFC2473 and DS-Lite) configuration support
   MAINTAINER:=Steven Barth <steven@midlink.org>
   PKGARCH:=all
 endef
 
 define Package/ds-lite/description
-Provides support for Dual-Stack Lite in /etc/config/network.
+Provides support for IPv4 over IPv6 (RFC2473 and DS-Lite) in /etc/config/network.
 Refer to http://wiki.openwrt.org/doc/uci/network for
 configuration details.
 endef

package/network/ipv6/ds-lite/files/dslite.sh

@@ -1,6 +1,9 @@
 #!/bin/sh
-# dslite.sh - IPv4-in-IPv6 tunnel backend
+# dslite.sh - IPv4-in-IPv6 tunnel backend for ipip6 and ds-lite
 # Copyright (c) 2013 OpenWrt.org
+# Copyright (c) 2013 Steven Barth <steven@midlink.org>
+# Copyright (c) 2021 Kenji Uno <ku@digitaldolphins.jp>
+# Copyright (c) 2024 Arayuki Mago <ms@missing233.com>
 
 [ -n "$INCLUDE_ONLY" ] || {
 	. /lib/functions.sh
@@ -9,10 +12,13 @@
 	init_proto "$@"
 }
 
-proto_dslite_setup() {
+tnl_setup() {
 	local cfg="$1"
 	local iface="$2"
-	local link="ds-$cfg"
+	local tnl_type="$3"
+	local ip4addr="$4"
+	local ip4gateway="$5"
+	local link="$tnl_type-$cfg"
 	local remoteip6
 
 	local mtu ttl peeraddr ip6addr tunlink zone weakif encaplimit
@@ -59,7 +65,7 @@ proto_dslite_setup() {
 
 	proto_init_update "$link" 1
 	proto_add_ipv4_route "0.0.0.0" 0
-	proto_add_ipv4_address "192.0.0.2" "" "" "192.0.0.1"
+	proto_add_ipv4_address "$ip4addr" "" "" "$ip4gateway"
 
 	proto_add_tunnel
 	json_add_string mode ipip6
@@ -76,22 +82,21 @@ proto_dslite_setup() {
 	proto_add_data
 	[ -n "$zone" ] && json_add_string zone "$zone"
 
+	if [ "$tnl_type" = "ds" ]; then
 		json_add_array firewall
 			json_add_object ""
 				json_add_string type nat
 				json_add_string target ACCEPT
 			json_close_object
 		json_close_array
+	fi
+
 	proto_close_data
 
 	proto_send_update "$cfg"
 }
 
-proto_dslite_teardown() {
+init_config() {
-	local cfg="$1"
-}
-
-proto_dslite_init_config() {
 	no_device=1
 	available=1
 
@@ -105,6 +110,34 @@ proto_dslite_init_config() {
 	proto_config_add_string "weakif"
 }
 
+proto_ipip6_init_config() {
+	init_config
+	proto_config_add_string "ip4ifaddr"
+}
+
+proto_ipip6_setup() {
+	local ip4ifaddr
+	json_get_vars ip4ifaddr
+	tnl_setup "$1" "$2" "ipip6" "$ip4ifaddr" "0.0.0.0"
+}
+
+proto_ipip6_teardown() {
+	local cfg="$1"
+}
+
+proto_dslite_init_config() {
+	init_config
+}
+
+proto_dslite_setup() {
+	tnl_setup "$1" "$2" "ds" "192.0.0.2" "192.0.0.1"
+}
+
+proto_dslite_teardown() {
+	local cfg="$1"
+}
+
 [ -n "$INCLUDE_ONLY" ] || {
+	add_protocol ipip6
 	add_protocol dslite
 }

target/linux/generic/hack-5.15/650-netfilter-add-xt_FLOWOFFLOAD-target.patch

@@ -609,6 +609,8 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
 +	if (!nf_ct_is_confirmed(ct))
 +		return XT_CONTINUE;
 +
++	dir = CTINFO2DIR(ctinfo);
++
 +	devs[dir] = xt_out(par);
 +	devs[!dir] = xt_in(par);
 +
@@ -618,8 +620,6 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
 +	if (test_and_set_bit(IPS_OFFLOAD_BIT, &ct->status))
 +		return XT_CONTINUE;
 +
-+	dir = CTINFO2DIR(ctinfo);
-+
 +	if (xt_flowoffload_route(skb, ct, par, &route, dir, devs) < 0)
 +		goto err_flow_route;
 +

target/linux/generic/hack-6.1/650-netfilter-add-xt_FLOWOFFLOAD-target.patch

@@ -547,6 +547,8 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
 +	if (!nf_ct_is_confirmed(ct))
 +		return XT_CONTINUE;
 +
++	dir = CTINFO2DIR(ctinfo);
++
 +	devs[dir] = xt_out(par);
 +	devs[!dir] = xt_in(par);
 +
@@ -556,8 +558,6 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
 +	if (test_and_set_bit(IPS_OFFLOAD_BIT, &ct->status))
 +		return XT_CONTINUE;
 +
-+	dir = CTINFO2DIR(ctinfo);
-+
 +	if (xt_flowoffload_route(skb, ct, par, &route, dir, devs) < 0)
 +		goto err_flow_route;
 +

target/linux/generic/hack-6.6/650-netfilter-add-xt_FLOWOFFLOAD-target.patch

@@ -547,6 +547,8 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
 +	if (!nf_ct_is_confirmed(ct))
 +		return XT_CONTINUE;
 +
++	dir = CTINFO2DIR(ctinfo);
++
 +	devs[dir] = xt_out(par);
 +	devs[!dir] = xt_in(par);
 +
@@ -556,8 +558,6 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
 +	if (test_and_set_bit(IPS_OFFLOAD_BIT, &ct->status))
 +		return XT_CONTINUE;
 +
-+	dir = CTINFO2DIR(ctinfo);
-+
 +	if (xt_flowoffload_route(skb, ct, par, &route, dir, devs) < 0)
 +		goto err_flow_route;
 +

target/linux/mediatek/image/mt7623.mk

@@ -1,3 +1,7 @@
+ifneq ($(KERNEL),6.1)
+DTS_DIR := $(DTS_DIR)/mediatek
+endif
+
 DEVICE_VARS += UBOOT_TARGET UBOOT_OFFSET UBOOT_IMAGE
 
 # The bootrom of MT7623 expects legacy MediaTek headers present in

target/linux/mediatek/image/mt7629.mk

@@ -1,3 +1,7 @@
+ifneq ($(KERNEL),6.1)
+DTS_DIR := $(DTS_DIR)/mediatek
+endif
+
 define Device/mediatek_mt7629-rfb
   DEVICE_VENDOR := MediaTek
   DEVICE_MODEL := MT7629 rfb AP

target/linux/mediatek/mt7622/base-files/etc/board.d/02_network

@@ -8,19 +8,6 @@ mediatek_setup_interfaces()
 	local board="$1"
 
 	case $board in
-	bananapi,bpi-r64|\
-	buffalo,wsr-3200ax4s|\
-	dlink,eagle-pro-ai-r32-a1|\
-	elecom,wrc-x3200gst3|\
-	linksys,e8450|\
-	linksys,e8450-ubi|\
-	mediatek,mt7622-rfb1|\
-	mediatek,mt7622-rfb1-ubi|\
-	netgear,wax206|\
-	reyee,ax3200-e5|\
-	ruijie,rg-ew3200gx-pro)
-		ucidef_set_interfaces_lan_wan "lan1 lan2 lan3 lan4" wan
-		;;
 	buffalo,wsr-2533dhp2)
 		ucidef_add_switch "switch0" \
 			"0:lan" "1:lan" "2:lan" "3:lan" "4:wan" "6@eth0"
@@ -28,6 +15,11 @@ mediatek_setup_interfaces()
 	dlink,eagle-pro-ai-m32-a1)
 		ucidef_set_interfaces_lan_wan "lan1 lan2" wan
 		;;
+	elecom,wrc-2533gent|\
+	totolink,a8000ru)
+		ucidef_add_switch "switch0" \
+			"0:lan" "1:lan" "2:lan" "3:lan" "4:wan" "6u@eth0" "5u@eth1"
+		;;
 	ubnt,unifi-6-lr*)
 		ucidef_set_interface_lan "eth0"
 		;;
@@ -35,8 +27,7 @@ mediatek_setup_interfaces()
 		ucidef_set_interfaces_lan_wan "lan1 lan2 lan3" wan
 		;;
 	*)
-		ucidef_add_switch "switch0" \
+		ucidef_set_interfaces_lan_wan "lan1 lan2 lan3 lan4" wan
-				  "0:lan" "1:lan" "2:lan" "3:lan" "4:wan" "6u@eth0" "5u@eth1"
 		;;
 	esac
 }