From 51fd73ea2b1c04204cfb3005425b5e9794d833e8 Mon Sep 17 00:00:00 2001 From: Arne Fitzenreiter Date: Fri, 16 Feb 2024 16:17:47 +0100 Subject: [PATCH 1/5] cpufrequtils: fix initskript for amd-pstate the initskript loads a test-modul for amd-pstate (which traces on intel) and off course reports errors if firmware settings are missing. this also fix the error at start because also amd-pstate doesn't support ondemand mode. Signed-off-by: Arne Fitzenreiter --- lfs/cpufrequtils | 2 +- src/initscripts/packages/cpufreq | 45 ++++++++++++++++---------------- 2 files changed, 24 insertions(+), 23 deletions(-) diff --git a/lfs/cpufrequtils b/lfs/cpufrequtils index dab254014..4bd5d0e51 100644 --- a/lfs/cpufrequtils +++ b/lfs/cpufrequtils @@ -34,7 +34,7 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = cpufrequtils -PAK_VER = 12 +PAK_VER = 13 DEPS = diff --git a/src/initscripts/packages/cpufreq b/src/initscripts/packages/cpufreq index beee532b5..f133f3488 100644 --- a/src/initscripts/packages/cpufreq +++ b/src/initscripts/packages/cpufreq @@ -2,7 +2,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2022 IPFire Team # +# Copyright (C) 2007-2024 IPFire Team # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -22,13 +22,15 @@ . /etc/sysconfig/rc . ${rc_functions} +GOV="ondemand" + case "${1}" in start) boot_mesg -n "Starting cpufreq... " # try cpufreq hardware depend modules for i in $(find /lib/modules/$(uname -r)/kernel/drivers/cpufreq \ - ! -name speedstep-lib.ko.xz ! -name p4-clockmod.ko.xz ! -name "cpufreq_*" ! -name mperf.ko.xz | sort -d -r); do + ! -name speedstep-lib.ko.xz ! -name p4-clockmod.ko.xz ! -name amd-pstate* ! -name "cpufreq_*" ! -name mperf.ko.xz | sort -d -r); do module=$(basename $i | cut -d. -f1); modprobe $module > /dev/null 2>&1; if [ ${?} = 0 ]; then @@ -46,28 +48,27 @@ case "${1}" in driver=`cat /sys/devices/system/cpu/cpu0/cpufreq/scaling_driver 2>/dev/null` case "$driver" in - intel_pstate) - # pstate use internal gov so skip this setting + *pstate*) + # pstate not support ondemand so use powersave + GOV="powersave" echo_ok; ;; - *) - CPUCOUNT=`ls /sys/devices/system/cpu/cpu*/cpufreq/affected_cpus 2> /dev/null | wc -l `; - let CPUCOUNT-=1 - # Set the governor to ondemand to test if it works - cpufreq-set -g ondemand - if [ ${?} = 0 ]; then - # Set the governor to ondemand for all cpus - for i in `seq 0 $CPUCOUNT`; - do - cpufreq-set -c $i -g ondemand - done - echo_ok; - else - echo_failure; - fi - ;; - esac - exit 0; + esac + CPUCOUNT=`ls /sys/devices/system/cpu/cpu*/cpufreq/affected_cpus 2> /dev/null | wc -l `; + let CPUCOUNT-=1 + # Set the governor to test if it works + cpufreq-set -g $GOV + if [ ${?} = 0 ]; then + # Set the governor to ondemand for all cpus + for i in `seq 0 $CPUCOUNT`; + do + cpufreq-set -c $i -g $GOV + done + echo_ok; + else + echo_failure; + fi + exit 0 ;; *) echo "Usage: ${0} {start}" From 1d1f9a9a064b6423eb2f448d8c03213553adf085 Mon Sep 17 00:00:00 2001 From: Arne Fitzenreiter Date: Sat, 17 Feb 2024 19:46:34 +0100 Subject: [PATCH 2/5] rtl8812au: fix module compression the kernel cannot load the compressed module so fix compression parameters. Signed-off-by: Arne Fitzenreiter --- lfs/rtl8812au | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lfs/rtl8812au b/lfs/rtl8812au index fd3128f42..b7f9b8657 100644 --- a/lfs/rtl8812au +++ b/lfs/rtl8812au @@ -87,7 +87,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) /lib/modules/$$(uname -r)$(KCFG)/build/certs/signing_key.pem \ /lib/modules/$$(uname -r)$(KCFG)/build/certs/signing_key.x509 \ $$f; \ - xz $$f; \ + xz --check=crc32 --lzma2=dict=512KiB $$f; \ install -m 644 $$f.xz $(MODPATH); \ done From 06a6788e51a863097fc2c6946767e8bf1b144e2f Mon Sep 17 00:00:00 2001 From: Arne Fitzenreiter Date: Sun, 18 Feb 2024 07:59:18 +0100 Subject: [PATCH 3/5] core184: fix rtl8812au module compression Signed-off-by: Arne Fitzenreiter --- config/rootfiles/core/184/update.sh | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/config/rootfiles/core/184/update.sh b/config/rootfiles/core/184/update.sh index 3bf38ff8b..aa593047d 100644 --- a/config/rootfiles/core/184/update.sh +++ b/config/rootfiles/core/184/update.sh @@ -73,6 +73,10 @@ ldconfig # Filesytem cleanup /usr/local/bin/filesystem-cleanup +# fix module compression of rtl8812au +xz -d /lib/modules/6.6.15-ipfire/extra/wlan/8812au.ko.xz +xz --check=crc32 --lzma2=dict=512KiB /lib/modules/6.6.15-ipfire/extra/wlan/8812au.ko + # Apply local configuration to sshd_config /usr/local/bin/sshctrl From 6d501c05583a4efa513ff4b04a48ef41d5e8170e Mon Sep 17 00:00:00 2001 From: Arne Fitzenreiter Date: Sun, 18 Feb 2024 11:38:29 +0100 Subject: [PATCH 4/5] cpufrequtils: hide output on disabled cores. We disable cores if the are affected by some cpu vulnerabilities this cores report errors if you try to change the settings. So only print the output for core0 and hide it for all cores. Signed-off-by: Arne Fitzenreiter --- lfs/cpufrequtils | 4 ++-- src/initscripts/packages/cpufreq | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/lfs/cpufrequtils b/lfs/cpufrequtils index 4bd5d0e51..8db0e6750 100644 --- a/lfs/cpufrequtils +++ b/lfs/cpufrequtils @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2021 IPFire Team # +# Copyright (C) 2007-2024 IPFire Team # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -34,7 +34,7 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = cpufrequtils -PAK_VER = 13 +PAK_VER = 14 DEPS = diff --git a/src/initscripts/packages/cpufreq b/src/initscripts/packages/cpufreq index f133f3488..303eaf4bf 100644 --- a/src/initscripts/packages/cpufreq +++ b/src/initscripts/packages/cpufreq @@ -62,7 +62,7 @@ case "${1}" in # Set the governor to ondemand for all cpus for i in `seq 0 $CPUCOUNT`; do - cpufreq-set -c $i -g $GOV + cpufreq-set -c $i -g $GOV > /dev/null done echo_ok; else From 68c3cfd0be7d840466361fc33901db9f1fb74daa Mon Sep 17 00:00:00 2001 From: Adolf Belka Date: Sat, 16 Mar 2024 10:32:54 +0100 Subject: [PATCH 5/5] CU184-update.sh: Add drop hostile in & out logging entries - My drop hostile patch set updated the WUI entries to include in and out logging options but the values need to be added to the optionsfw entries for existing systems being upgraded. - After the existing CU184 update the LOGDROPHOSTILEIN and LOGDROPHO)STILEOUT entries are not in the settings file which trewats them as being set to off, even though they are enabled in the WUI update. - This patch adds the LOGDROPHOSTILEIN and LOGDROPHOSTILEOUT entries into the settings file and then runs the firewallctrl command to apply to the firewall. - Ran a CU184 update on a CU183 vm system and then ran the comands added into the update.sh script and then did a reboot. Entries include and DROP_HOSTILE entries start to be logged again. Tested-by: Adolf Belka Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer --- config/rootfiles/core/184/update.sh | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/config/rootfiles/core/184/update.sh b/config/rootfiles/core/184/update.sh index aa593047d..1a0e67c66 100644 --- a/config/rootfiles/core/184/update.sh +++ b/config/rootfiles/core/184/update.sh @@ -80,6 +80,12 @@ xz --check=crc32 --lzma2=dict=512KiB /lib/modules/6.6.15-ipfire/extra/wlan/8812a # Apply local configuration to sshd_config /usr/local/bin/sshctrl +# Add the drop hostile in and out logging options +# into the optionsfw settings file and apply to firewall +sed -i '$ a\LOGDROPHOSTILEIN=on' /var/ipfire/optionsfw/settings +sed -i '$ a\LOGDROPHOSTILEOUT=on' /var/ipfire/optionsfw/settings +/usr/local/bin/firewallctrl + # Start services telinit u /etc/init.d/vnstat start