LEDE v17.01.4: adjust config defaults

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>

feeds.conf.default

@@ -1,4 +1,4 @@
-src-git packages https://git.lede-project.org/feed/packages.git^f9e99848182fc7bc554e541ca133c22079d4041b
-src-git luci https://git.lede-project.org/project/luci.git^29fabe26399fbaecf9231e24f9ac1ee5773cafa6
-src-git routing https://git.lede-project.org/feed/routing.git^04a37ef4309c2b67c64901eb8fbf3800b4c7bb35
-src-git telephony https://git.lede-project.org/feed/telephony.git^1f0fb2538ba6fc306198fe2a9a4b976d63adb304
+src-git packages https://git.lede-project.org/feed/packages.git^cd5c448758f30868770b9ebf8b656c1a4211a240
+src-git luci https://git.lede-project.org/project/luci.git^d3f0685d63c1291359dc5dd089c82fa1e150e0c6
+src-git routing https://git.lede-project.org/feed/routing.git^d11075cd40a88602bf4ba2b275f72100ddcb4767
+src-git telephony https://git.lede-project.org/feed/telephony.git^ac6415e61f147a6892fd2785337aec93ddc68fa9

include/host-build.mk

@@ -77,6 +77,10 @@ HOST_MAKE_FLAGS =
 
 HOST_CONFIGURE_CMD = $(BASH) ./configure
 
+ifeq ($(HOST_OS),Darwin)
+  HOST_CONFIG_SITE:=$(INCLUDE_DIR)/site/darwin
+endif
+
 define Host/Configure/Default
 	$(if $(HOST_CONFIGURE_PARALLEL),+)(cd $(HOST_BUILD_DIR)/$(3); \
 		if [ -x configure ]; then \
@@ -127,6 +131,7 @@ define Host/Exports/Default
   $(1) : export PKG_CONFIG_PATH=$$(STAGING_DIR_HOST)/lib/pkgconfig:$$(HOST_BUILD_PREFIX)/lib/pkgconfig
   $(1) : export PKG_CONFIG_LIBDIR=$$(HOST_BUILD_PREFIX)/lib/pkgconfig
   $(1) : export CCACHE_DIR:=$(STAGING_DIR_HOST)/ccache
+  $(if $(HOST_CONFIG_SITE),$(1) : export CONFIG_SITE:=$(HOST_CONFIG_SITE))
   $(if $(IS_PACKAGE_BUILD),$(1) : export PATH=$$(TARGET_PATH_PKG))
 endef
 Host/Exports=$(Host/Exports/Default)

include/image-legacy.mk

@@ -48,6 +48,7 @@ endef
 ifdef TARGET_PER_DEVICE_ROOTFS
   define Image/Build/Profile/Filesystem
 	cp $(KDIR)/root.$(2)+pkg=$(3) $(KDIR)/root.$(2)
+	$(call Image/Build/$(2),$(2))
 	$(call Image/Build/Profile,$(1),$(2))
   endef
 else

include/image.mk

@@ -277,7 +277,7 @@ endif
 
 ifdef CONFIG_TARGET_ROOTFS_CPIOGZ
   define Image/Build/cpiogz
-	( cd $(TARGET_DIR); find . | cpio -o -H newc | gzip -9n >$(BIN_DIR)/$(IMG_PREFIX)-rootfs.cpio.gz )
+	( cd $(TARGET_DIR); find . | cpio -o -H newc -R root:root | gzip -9n >$(BIN_DIR)/$(IMG_PREFIX)-rootfs.cpio.gz )
   endef
 endif
 

include/kernel-version.mk

@@ -3,10 +3,10 @@
 LINUX_RELEASE?=1
 
 LINUX_VERSION-3.18 = .43
-LINUX_VERSION-4.4 = .61
+LINUX_VERSION-4.4 = .92
 
 LINUX_KERNEL_HASH-3.18.43 = 1236e8123a6ce537d5029232560966feed054ae31776fe8481dd7d18cdd5492c
-LINUX_KERNEL_HASH-4.4.61 = 30dee7164615ad8184eba4ea6f4906b3ceb2fe462a8a4a929c8e9aab8d4a31da
+LINUX_KERNEL_HASH-4.4.92 = 53f8cd8b024444df0f242f8e6ab5147b0b009d7a30e8b2ed3854e8d17937460d
 
 ifdef KERNEL_PATCHVER
   LINUX_VERSION:=$(KERNEL_PATCHVER)$(strip $(LINUX_VERSION-$(KERNEL_PATCHVER)))

include/kernel.mk

@@ -95,15 +95,16 @@ define ModuleAutoLoad
 	$(SH_FUNC) \
 	export modules=; \
 	probe_module() { \
-		mods="$$$$$$$$1"; \
-		boot="$$$$$$$$2"; \
+		local mods="$$$$$$$$1"; \
+		local boot="$$$$$$$$2"; \
+		local mod; \
 		shift 2; \
-		for mod in $(sort $$$$$$$$mods); do \
+		for mod in $$$$$$$$mods; do \
 			mkdir -p $(2)/etc/modules.d; \
 			echo "$$$$$$$$mod" >> $(2)/etc/modules.d/$(1); \
 		done; \
 		if [ -e $(2)/etc/modules.d/$(1) ]; then \
-			if [ "$$$$$$$$boot" = "1" ]; then \
+			if [ "$$$$$$$$boot" = "1" -a ! -e $(2)/etc/modules-boot.d/$(1) ]; then \
 				mkdir -p $(2)/etc/modules-boot.d; \
 				ln -s ../modules.d/$(1) $(2)/etc/modules-boot.d/; \
 			fi; \
@@ -111,16 +112,17 @@ define ModuleAutoLoad
 		fi; \
 	}; \
 	add_module() { \
-		priority="$$$$$$$$1"; \
-		mods="$$$$$$$$2"; \
-		boot="$$$$$$$$3"; \
+		local priority="$$$$$$$$1"; \
+		local mods="$$$$$$$$2"; \
+		local boot="$$$$$$$$3"; \
+		local mod; \
 		shift 3; \
-		for mod in $(sort $$$$$$$$mods); do \
+		for mod in $$$$$$$$mods; do \
 			mkdir -p $(2)/etc/modules.d; \
 			echo "$$$$$$$$mod" >> $(2)/etc/modules.d/$$$$$$$$priority-$(1); \
 		done; \
 		if [ -e $(2)/etc/modules.d/$$$$$$$$priority-$(1) ]; then \
-			if [ "$$$$$$$$boot" = "1" ]; then \
+			if [ "$$$$$$$$boot" = "1" -a ! -e $(2)/etc/modules-boot.d/$$$$$$$$priority-$(1) ]; then \
 				mkdir -p $(2)/etc/modules-boot.d; \
 				ln -s ../modules.d/$$$$$$$$priority-$(1) $(2)/etc/modules-boot.d/; \
 			fi; \
@@ -129,6 +131,7 @@ define ModuleAutoLoad
 	}; \
 	$(3) \
 	if [ -n "$$$$$$$$modules" ]; then \
+		modules="$$$$$$$$(echo "$$$$$$$$modules" | tr ' ' '\n' | sort | uniq | paste -s -d' ' -)"; \
 		mkdir -p $(2)/etc/modules.d; \
 		mkdir -p $(2)/CONTROL; \
 		echo "#!/bin/sh" > $(2)/CONTROL/postinst-pkg; \

include/site/darwin

@@ -0,0 +1,2 @@
+ac_cv_func_futimens=no
+ac_cv_func_utimensat=no

include/toplevel.mk

@@ -23,6 +23,7 @@ HOSTCC ?= $(CC)
 export REVISION
 export SOURCE_DATE_EPOCH
 export GIT_CONFIG_PARAMETERS='core.autocrlf=false'
+export GIT_ASKPASS:=/bin/true
 export MAKE_JOBSERVER=$(filter --jobserver%,$(MAKEFLAGS))
 
 # prevent perforce from messing with the patch utility
@@ -126,7 +127,7 @@ menuconfig: scripts/config/mconf prepare-tmpinfo FORCE
 	if [ \! -e .config -a -e $(HOME)/.openwrt/defconfig ]; then \
 		cp $(HOME)/.openwrt/defconfig .config; \
 	fi
-	$< Config.in
+	[ -L .config ] && export KCONFIG_OVERWRITECONFIG=1; $< Config.in
 
 prepare_kernel_conf: .config FORCE
 
@@ -170,7 +171,7 @@ else
   DOWNLOAD_DIRS = package/download
 endif
 
-download: .config FORCE
+download: .config FORCE $(if $(wildcard $(TOPDIR)/staging_dir/host/bin/flock),,tools/flock/compile)
 	@+$(foreach dir,$(DOWNLOAD_DIRS),$(SUBMAKE) $(dir);)
 
 clean dirclean: .config

include/version.mk

@@ -31,16 +31,16 @@ qstrip_escape=$(subst ','\'',$(call qstrip,$(1)))
 sanitize = $(call tolower,$(subst _,-,$(subst $(space),-,$(1))))
 
 VERSION_NUMBER:=$(call qstrip_escape,$(CONFIG_VERSION_NUMBER))
-VERSION_NUMBER:=$(if $(VERSION_NUMBER),$(VERSION_NUMBER),17.01.1)
+VERSION_NUMBER:=$(if $(VERSION_NUMBER),$(VERSION_NUMBER),17.01.4)
 
 VERSION_CODE:=$(call qstrip_escape,$(CONFIG_VERSION_CODE))
-VERSION_CODE:=$(if $(VERSION_CODE),$(VERSION_CODE),r3316-7eb58cf109)
+VERSION_CODE:=$(if $(VERSION_CODE),$(VERSION_CODE),r3560-79f57e422d)
 
 VERSION_NICK:=$(call qstrip_escape,$(CONFIG_VERSION_NICK))
 VERSION_NICK:=$(if $(VERSION_NICK),$(VERSION_NICK),$(RELEASE))
 
 VERSION_REPO:=$(call qstrip_escape,$(CONFIG_VERSION_REPO))
-VERSION_REPO:=$(if $(VERSION_REPO),$(VERSION_REPO),http://downloads.lede-project.org/releases/17.01.1)
+VERSION_REPO:=$(if $(VERSION_REPO),$(VERSION_REPO),http://downloads.lede-project.org/releases/17.01.4)
 
 VERSION_DIST:=$(call qstrip_escape,$(CONFIG_VERSION_DIST))
 VERSION_DIST:=$(if $(VERSION_DIST),$(VERSION_DIST),LEDE)

package/base-files/Makefile

@@ -11,14 +11,15 @@ include $(INCLUDE_DIR)/kernel.mk
 include $(INCLUDE_DIR)/version.mk
 
 PKG_NAME:=base-files
-PKG_RELEASE:=172
+PKG_RELEASE:=173.1
 PKG_FLAGS:=nonshared
 
 PKG_FILE_DEPENDS:=$(PLATFORM_DIR)/ $(GENERIC_PLATFORM_DIR)/base-files/
 PKG_BUILD_DEPENDS:=usign/host
 PKG_LICENSE:=GPL-2.0
 
-PKG_CONFIG_DEPENDS := CONFIG_SIGNED_PACKAGES CONFIG_TARGET_INIT_PATH CONFIG_TARGET_PREINIT_DISABLE_FAILSAFE
+# Extend depends from version.mk
+PKG_CONFIG_DEPENDS += CONFIG_SIGNED_PACKAGES CONFIG_TARGET_INIT_PATH CONFIG_TARGET_PREINIT_DISABLE_FAILSAFE
 
 include $(INCLUDE_DIR)/package.mk
 
@@ -137,6 +138,7 @@ define Package/base-files/install
 
 	mkdir -p $(1)/CONTROL
 	mkdir -p $(1)/dev
+	mkdir -p $(1)/etc/config
 	mkdir -p $(1)/etc/crontabs
 	mkdir -p $(1)/etc/rc.d
 	mkdir -p $(1)/overlay

package/base-files/files/bin/config_generate

@@ -119,17 +119,14 @@ generate_network() {
 		;;
 
 		pppoe)
-			# fixup IPv6 slave interface
-			ifname="pppoe-$1"
-
 			uci -q batch <<-EOF
 				set network.$1.proto='pppoe'
 				set network.$1.username='username'
 				set network.$1.password='password'
-				set network.$1.ipv6='auto'
+				set network.$1.ipv6='1'
 				delete network.${1}6
 				set network.${1}6='interface'
-				set network.${1}6.ifname='$ifname'
+				set network.${1}6.ifname='@${1}'
 				set network.${1}6.proto='dhcpv6'
 			EOF
 		;;

package/base-files/files/lib/functions/network.sh

@@ -29,18 +29,9 @@ network_get_ipaddr() {
 # 1: destination variable
 # 2: interface
 network_get_ipaddr6() {
-	local __addr
-
-	if __network_ifstatus "__addr" "$2" "['ipv6-address','ipv6-prefix-assignment'][0].address"; then
-		case "$__addr" in
-			*:)	export "$1=${__addr}1" ;;
-			*)	export "$1=${__addr}" ;;
-		esac
-		return 0
-	fi
-
-	unset $1
-	return 1
+	__network_ifstatus "$1" "$2" "['ipv6-address'][0].address" || \
+		__network_ifstatus "$1" "$2" "['ipv6-prefix-assignment'][0]['local-address'].address" || \
+		return 1
 }
 
 # determine first IPv4 subnet of given logical interface
@@ -54,7 +45,36 @@ network_get_subnet() {
 # 1: destination variable
 # 2: interface
 network_get_subnet6() {
-	__network_ifstatus "$1" "$2" "['ipv6-address'][0]['address','mask']" "/"
+	local __nets __addr
+
+	if network_get_subnets6 __nets "$2"; then
+		# Attempt to return first non-fe80::/10, non-fc::/7 range
+		for __addr in $__nets; do
+			case "$__addr" in fe[8ab]?:*|f[cd]??:*)
+				continue
+			esac
+			export "$1=$__addr"
+			return 0
+		done
+
+		# Attempt to return first non-fe80::/10 range
+		for __addr in $__nets; do
+			case "$__addr" in fe[8ab]?:*)
+				continue
+			esac
+			export "$1=$__addr"
+			return 0
+		done
+
+		# Return first item
+		for __addr in $__nets; do
+			export "$1=$__addr"
+			return 0
+		done
+	fi
+
+	unset "$1"
+	return 1
 }
 
 # determine first IPv6 prefix of given logical interface
@@ -78,14 +98,19 @@ network_get_ipaddrs6() {
 	local __addr
 	local __list=""
 
-	if __network_ifstatus "__addr" "$2" "['ipv6-address','ipv6-prefix-assignment'][*].address"; then
+	if __network_ifstatus "__addr" "$2" "['ipv6-address'][*].address"; then
 		for __addr in $__addr; do
-			case "$__addr" in
-				*:) __list="${__list:+$__list }${__addr}1" ;;
-				*)  __list="${__list:+$__list }${__addr}"  ;;
-			esac
+			__list="${__list:+$__list }${__addr}"
 		done
+	fi
 
+	if __network_ifstatus "__addr" "$2" "['ipv6-prefix-assignment'][*]['local-address'].address"; then
+		for __addr in $__addr; do
+			__list="${__list:+$__list }${__addr}"
+		done
+	fi
+
+	if [ -n "$__list" ]; then
 		export "$1=$__list"
 		return 0
 	fi
@@ -98,18 +123,13 @@ network_get_ipaddrs6() {
 # 1: destination variable
 # 2: interface
 network_get_ipaddrs_all() {
-	local __addr
-	local __list=""
+	local __addr __addr6
 
-	if __network_ifstatus "__addr" "$2" "['ipv4-address','ipv6-address','ipv6-prefix-assignment'][*].address"; then
-		for __addr in $__addr; do
-			case "$__addr" in
-				*:) __list="${__list:+$__list }${__addr}1" ;;
-				*)  __list="${__list:+$__list }${__addr}"  ;;
-			esac
-		done
+	network_get_ipaddrs __addr "$2"
+	network_get_ipaddrs6 __addr6 "$2"
 
-		export "$1=$__list"
+	if [ -n "$__addr" -o -n "$__addr6" ]; then
+		export "$1=${__addr:+$__addr }$__addr6"
 		return 0
 	fi
 
@@ -128,17 +148,24 @@ network_get_subnets() {
 # 1: destination variable
 # 2: interface
 network_get_subnets6() {
-	local __addr
+	local __addr __mask
 	local __list=""
 
-	if __network_ifstatus "__addr" "$2" "['ipv6-address','ipv6-prefix-assignment'][*]['address','mask']" "/ "; then
+	if __network_ifstatus "__addr" "$2" "['ipv6-address'][*]['address','mask']" "/ "; then
 		for __addr in $__addr; do
-			case "$__addr" in
-				*:/*) __list="${__list:+$__list }${__addr%/*}1/${__addr##*/}" ;;
-				*)    __list="${__list:+$__list }${__addr}"                   ;;
-			esac
+			__list="${__list:+$__list }${__addr}"
 		done
+	fi
 
+	if __network_ifstatus "__addr" "$2" "['ipv6-prefix-assignment'][*]['local-address'].address" && \
+	   __network_ifstatus "__mask" "$2" "['ipv6-prefix-assignment'][*].mask"; then
+		for __addr in $__addr; do
+			__list="${__list:+$__list }${__addr}/${__mask%% *}"
+			__mask="${__mask#* }"
+		done
+	fi
+
+	if [ -n "$__list" ]; then
 		export "$1=$__list"
 		return 0
 	fi

package/base-files/files/lib/functions/uci-defaults.sh

@@ -35,7 +35,7 @@ _ucidef_set_interface() {
 	json_select_object "$name"
 	json_add_string ifname "$iface"
 
-	if ! json_is_a protocol string; then
+	if ! json_is_a protocol string || [ -n "$proto" ]; then
 		case "$proto" in
 			static|dhcp|none|pppoe) : ;;
 			*)
@@ -619,6 +619,26 @@ ucidef_add_gpio_switch() {
 	json_select ..
 }
 
+ucidef_set_hostname() {
+	local hostname="$1"
+
+	json_select_object system
+		json_add_string hostname "$hostname"
+	json_select ..
+}
+
+ucidef_set_ntpserver() {
+	local server
+
+	json_select_object system
+		json_select_array ntpserver
+			for server in "$@"; do
+				json_add_string "" "$server"
+			done
+		json_select ..
+	json_select ..
+}
+
 board_config_update() {
 	json_init
 	[ -f ${CFG} ] && json_load "$(cat ${CFG})"

package/base-files/files/lib/preinit/10_indicate_preinit

@@ -96,6 +96,8 @@ preinit_config_board() {
 }
 
 preinit_ip() {
+	[ "$pi_preinit_no_failsafe" = "y" ] && return
+
 	# if the preinit interface isn't specified and ifname is set in
 	# preinit.arch use that interface
 	if [ -z "$pi_ifname" ]; then
@@ -107,6 +109,8 @@ preinit_ip() {
 	elif [ -d "/etc/board.d/" ]; then
 		preinit_config_board
 	fi
+
+	preinit_net_echo "Doing Lede Preinit\n"
 }
 
 preinit_ip_deconfig() {
@@ -146,7 +150,6 @@ preinit_echo() {
 }
 
 pi_indicate_preinit() {
-	preinit_net_echo "Doing Lede Preinit\n"
 	set_state preinit
 }
 

package/base-files/image-config.in

@@ -190,7 +190,7 @@ if VERSIONOPT
 	config VERSION_REPO
 		string
 		prompt "Release repository"
-		default "http://downloads.lede-project.org/releases/17.01.1"
+		default "http://downloads.lede-project.org/releases/17.01.4"
 		help
 			This is the repository address embedded in the image, it defaults
 			to the trunk snapshot repo; the url may contain the following placeholders:

package/boot/uboot-envtools/files/ar71xx

@@ -18,6 +18,7 @@ a40|\
 a60|\
 alfa-ap120c|\
 all0258n|\
+ap121f|\
 ap90q|\
 cap324|\
 cap4200ag|\

package/devel/binutils/patches/0001-Do-not-pass-host-compiler-sanitization-flags-on-to-l.patch

@@ -0,0 +1,65 @@
+From 183eb37e25d903ccd68cc2d8f8a37e75872c03d2 Mon Sep 17 00:00:00 2001
+From: Nick Clifton <nickc@redhat.com>
+Date: Tue, 6 Sep 2016 17:35:35 +0100
+Subject: [PATCH 1/2] Do not pass host compiler sanitization flags on to linker
+ testsuite.
+
+	* Makefile.am (CFLAGS_FOR_TARGET): Define as a copy of CFLAGS but
+	without any sanitization options.
+	(CXXFLAGS_FOR_TARGET): Define as a copy of CXXFLAGS but	without
+	any sanitization options.
+	(check-DEJAGNU): Pass CFLAGS_FOR_TARGET and CXXFLAGS_FOR_TARGET
+	as CFLAGS and CXXFLAGS respectively.
+---
+ ld/Makefile.am | 8 ++++++--
+ ld/Makefile.in | 8 ++++++--
+ 2 files changed, 12 insertions(+), 4 deletions(-)
+
+--- a/ld/Makefile.am
++++ b/ld/Makefile.am
+@@ -136,6 +136,10 @@ CXX_FOR_TARGET = ` \
+     fi; \
+   fi`
+ 
++# Strip out sanitization options as we want to test building binaries without any extra paraphernalia
++CFLAGS_FOR_TARGET = `echo $(CFLAGS) | sed -e 's/-fsanitize=address//g' -e 's/-fsanitize=undefined//g'`
++CXXFLAGS_FOR_TARGET = `echo $(CXXFLAGS) | sed -e 's/-fsanitize=address//g' -e 's/-fsanitize=undefined//g'`
++
+ transform = s/^ld-new$$/$(installed_linker)/;@program_transform_name@
+ bin_PROGRAMS = ld-new
+ info_TEXINFOS = ld.texinfo
+@@ -2075,8 +2079,8 @@ check-DEJAGNU: site.exp
+ 	runtest=$(RUNTEST); \
+ 	if $(SHELL) -c "$$runtest --version" > /dev/null 2>&1; then \
+ 	  $$runtest --tool $(DEJATOOL) --srcdir $${srcroot}/testsuite \
+-		CC="$(CC_FOR_TARGET)" CFLAGS="$(CFLAGS)" \
+-		CXX="$(CXX_FOR_TARGET)" CXXFLAGS="$(CXXFLAGS)" \
++		CC="$(CC_FOR_TARGET)" CFLAGS="$(CFLAGS_FOR_TARGET)" \
++		CXX="$(CXX_FOR_TARGET)" CXXFLAGS="$(CXXFLAGS_FOR_TARGET)" \
+ 		CC_FOR_HOST="$(CC)" CFLAGS_FOR_HOST="$(CFLAGS)" \
+ 		OFILES="$(OFILES)" BFDLIB="$(TESTBFDLIB)" \
+ 		LIBIBERTY="$(LIBIBERTY) $(LIBINTL)" LIBS="$(LIBS)" \
+--- a/ld/Makefile.in
++++ b/ld/Makefile.in
+@@ -507,6 +507,10 @@ CXX_FOR_TARGET = ` \
+     fi; \
+   fi`
+ 
++
++# Strip out sanitization options as they require special host libraries.
++CFLAGS_FOR_TARGET = `echo $(CFLAGS) | sed -e 's/-fsanitize=address//g' -e 's/-fsanitize=undefined//g'`
++CXXFLAGS_FOR_TARGET = `echo $(CXXFLAGS) | sed -e 's/-fsanitize=address//g' -e 's/-fsanitize=undefined//g'`
+ info_TEXINFOS = ld.texinfo
+ ld_TEXINFOS = configdoc.texi
+ noinst_TEXINFOS = ldint.texinfo
+@@ -3644,8 +3648,8 @@ check-DEJAGNU: site.exp
+ 	runtest=$(RUNTEST); \
+ 	if $(SHELL) -c "$$runtest --version" > /dev/null 2>&1; then \
+ 	  $$runtest --tool $(DEJATOOL) --srcdir $${srcroot}/testsuite \
+-		CC="$(CC_FOR_TARGET)" CFLAGS="$(CFLAGS)" \
+-		CXX="$(CXX_FOR_TARGET)" CXXFLAGS="$(CXXFLAGS)" \
++		CC="$(CC_FOR_TARGET)" CFLAGS="$(CFLAGS_FOR_TARGET)" \
++		CXX="$(CXX_FOR_TARGET)" CXXFLAGS="$(CXXFLAGS_FOR_TARGET)" \
+ 		CC_FOR_HOST="$(CC)" CFLAGS_FOR_HOST="$(CFLAGS)" \
+ 		OFILES="$(OFILES)" BFDLIB="$(TESTBFDLIB)" \
+ 		LIBIBERTY="$(LIBIBERTY) $(LIBINTL)" LIBS="$(LIBS)" \

package/firmware/ath10k-firmware/Makefile

@@ -63,7 +63,6 @@ $(eval $(call Download,ath10k-qca9887-board))
 
 define Package/ath10k-firmware-qca988x
 $(Package/ath10k-firmware-default)
-  DEFAULT:=PACKAGE_kmod-ath10k
   TITLE:=ath10k firmware for QCA988x devices
   SECTION:=firmware
   CATEGORY:=Firmware

package/kernel/lantiq/ltq-vdsl-mei/Makefile

@@ -9,7 +9,7 @@ include $(INCLUDE_DIR)/kernel.mk
 
 PKG_NAME:=ltq-vdsl-vr9-mei
 PKG_VERSION:=1.5.17.6
-PKG_RELEASE:=1
+PKG_RELEASE:=3
 
 PKG_BASE_NAME:=drv_mei_cpe
 PKG_SOURCE:=$(PKG_BASE_NAME)-$(PKG_VERSION).tar.gz

package/kernel/lantiq/ltq-vdsl/Makefile

@@ -9,7 +9,7 @@ include $(INCLUDE_DIR)/kernel.mk
 
 PKG_NAME:=ltq-vdsl-vr9
 PKG_VERSION:=4.17.18.6
-PKG_RELEASE:=1
+PKG_RELEASE:=2
 
 PKG_BASE_NAME:=drv_dsl_cpe_api
 PKG_SOURCE:=$(PKG_BASE_NAME)_vrx-$(PKG_VERSION).tar.gz

package/kernel/lantiq/ltq-vdsl/patches/110-semaphore-lock.patch

@@ -0,0 +1,107 @@
+--- a/src/include/drv_dsl_cpe_pm_core.h
++++ b/src/include/drv_dsl_cpe_pm_core.h
+@@ -1510,9 +1510,9 @@ typedef struct
+    /** Common PM module mutex*/
+    DSL_DRV_Mutex_t pmMutex;
+    /** PM module direction Near-End mutex*/
+-   DSL_DRV_Mutex_t pmNeMutex;
++   struct semaphore pmNeMutex;
+    /** PM module direction Far-End mutex*/
+-   DSL_DRV_Mutex_t pmFeMutex;
++   struct semaphore pmFeMutex;
+    /** PM module Near-End access mutex*/
+    DSL_DRV_Mutex_t pmNeAccessMutex;
+    /** PM module Far-End access mutex*/
+--- a/src/pm/drv_dsl_cpe_api_pm.c
++++ b/src/pm/drv_dsl_cpe_api_pm.c
+@@ -220,9 +220,9 @@ DSL_Error_t DSL_DRV_PM_Start(
+    /* init PM module common mutex */
+    DSL_DRV_MUTEX_INIT(DSL_DRV_PM_CONTEXT(pContext)->pmMutex);
+    /* init PM module direction Near-End mutex */
+-   DSL_DRV_MUTEX_INIT(DSL_DRV_PM_CONTEXT(pContext)->pmNeMutex);
++   sema_init(&(DSL_DRV_PM_CONTEXT(pContext)->pmNeMutex),1);
+    /* init PM module direction Far-End mutex */
+-   DSL_DRV_MUTEX_INIT(DSL_DRV_PM_CONTEXT(pContext)->pmFeMutex);
++   sema_init(&(DSL_DRV_PM_CONTEXT(pContext)->pmFeMutex),1);
+    /* init PM module Near-End access mutex */
+    DSL_DRV_MUTEX_INIT(DSL_DRV_PM_CONTEXT(pContext)->pmNeAccessMutex);
+    /* init PM module Far-End access mutex */
+@@ -592,7 +592,7 @@ DSL_Error_t DSL_DRV_PM_Stop(
+    if( DSL_DRV_PM_CONTEXT(pContext)->pmThreadFe.bRun != DSL_TRUE )
+    {
+       DSL_DEBUG(DSL_DBG_WRN,
+-         (pContext, SYS_DBG_WRN"DSL[%02d]: PM module Near-End thread already stopped"
++         (pContext, SYS_DBG_WRN"DSL[%02d]: PM module Far-End thread already stopped"
+          DSL_DRV_CRLF, DSL_DEV_NUM(pContext)));
+    }
+    else
+--- a/src/pm/drv_dsl_cpe_pm_core.c
++++ b/src/pm/drv_dsl_cpe_pm_core.c
+@@ -1022,7 +1022,7 @@ DSL_Error_t DSL_DRV_PM_DirectionMutexCon
+    {
+       if( bLock )
+       {
+-         if( DSL_DRV_MUTEX_LOCK(DSL_DRV_PM_CONTEXT(pContext)->pmNeMutex) )
++         if(down_interruptible(&(DSL_DRV_PM_CONTEXT(pContext)->pmNeMutex)))
+          {
+             DSL_DEBUG( DSL_DBG_ERR,
+                (pContext, SYS_DBG_ERR"DSL[%02d]: ERROR - Couldn't lock PM NE mutex!"
+@@ -1034,14 +1034,14 @@ DSL_Error_t DSL_DRV_PM_DirectionMutexCon
+       else
+       {
+           /* Unlock PM module NE Mutex*/
+-          DSL_DRV_MUTEX_UNLOCK(DSL_DRV_PM_CONTEXT(pContext)->pmNeMutex);
++          up(&(DSL_DRV_PM_CONTEXT(pContext)->pmNeMutex));
+       }
+    }
+    else
+    {
+       if( bLock )
+       {
+-         if( DSL_DRV_MUTEX_LOCK(DSL_DRV_PM_CONTEXT(pContext)->pmFeMutex) )
++         if(down_interruptible(&(DSL_DRV_PM_CONTEXT(pContext)->pmFeMutex)))
+          {
+             DSL_DEBUG( DSL_DBG_ERR,
+                (pContext, SYS_DBG_ERR"DSL[%02d]: ERROR - Couldn't lock PM FE mutex!"
+@@ -1053,7 +1053,7 @@ DSL_Error_t DSL_DRV_PM_DirectionMutexCon
+       else
+       {
+          /* Unlock PM module FE Mutex*/
+-         DSL_DRV_MUTEX_UNLOCK(DSL_DRV_PM_CONTEXT(pContext)->pmFeMutex);
++         up(&(DSL_DRV_PM_CONTEXT(pContext)->pmFeMutex));
+       }
+    }
+ 
+@@ -1139,7 +1139,7 @@ DSL_Error_t DSL_DRV_PM_Lock(DSL_Context_
+    if( !(DSL_DRV_PM_CONTEXT(pContext)->bPmLock) )
+    {
+       /* Lock PM module Near-End Mutex*/
+-      if( DSL_DRV_MUTEX_LOCK(DSL_DRV_PM_CONTEXT(pContext)->pmNeMutex) )
++      if(down_interruptible(&(DSL_DRV_PM_CONTEXT(pContext)->pmNeMutex)))
+       {
+          DSL_DEBUG( DSL_DBG_ERR,
+             (pContext, SYS_DBG_ERR"DSL[%02d]: ERROR - Couldn't lock PM NE mutex!"
+@@ -1148,8 +1148,8 @@ DSL_Error_t DSL_DRV_PM_Lock(DSL_Context_
+          return DSL_ERR_SEMAPHORE_GET;
+       }
+ 
+-      /* Lock PM module Near-End Mutex*/
+-      if( DSL_DRV_MUTEX_LOCK(DSL_DRV_PM_CONTEXT(pContext)->pmFeMutex) )
++      /* Lock PM module Far-End Mutex*/
++      if( down_interruptible(&(DSL_DRV_PM_CONTEXT(pContext)->pmFeMutex)) )
+       {
+          DSL_DEBUG( DSL_DBG_ERR,
+             (pContext, SYS_DBG_ERR"DSL[%02d]: ERROR - Couldn't lock PM FE mutex!"
+@@ -1193,10 +1193,10 @@ DSL_Error_t DSL_DRV_PM_UnLock(DSL_Contex
+    if( DSL_DRV_PM_CONTEXT(pContext)->bPmLock )
+    {
+       /* Unlock PM module NE Mutex*/
+-      DSL_DRV_MUTEX_UNLOCK(DSL_DRV_PM_CONTEXT(pContext)->pmNeMutex);
++      up(&(DSL_DRV_PM_CONTEXT(pContext)->pmNeMutex));
+ 
+       /* Unlock PM module FE Mutex*/
+-      DSL_DRV_MUTEX_UNLOCK(DSL_DRV_PM_CONTEXT(pContext)->pmFeMutex);
++      up(&(DSL_DRV_PM_CONTEXT(pContext)->pmFeMutex));
+ 
+       /* Clear bPmLock flag*/
+       DSL_DRV_PM_CONTEXT(pContext)->bPmLock = DSL_FALSE;

package/kernel/linux/modules/crypto.mk

@@ -436,7 +436,7 @@ endef
 
 define KernelPackage/crypto-md5/octeon
   FILES+=$(LINUX_DIR)/arch/mips/cavium-octeon/crypto/octeon-md5.ko
-  AUTOLOAD:=$(call AutoLoad,09,octeon-md5)
+  AUTOLOAD+=$(call AutoLoad,09,octeon-md5)
 endef
 
 $(eval $(call KernelPackage,crypto-md5))
@@ -468,12 +468,12 @@ endef
 
 define KernelPackage/crypto-sha1/octeon
   FILES+=$(LINUX_DIR)/arch/mips/cavium-octeon/crypto/octeon-sha1.ko
-  AUTOLOAD:=$(call AutoLoad,09,octeon-sha1)
+  AUTOLOAD+=$(call AutoLoad,09,octeon-sha1)
 endef
 
 define KernelPackage/crypto-sha1/x86/64
   FILES+=$(LINUX_DIR)/arch/x86/crypto/sha1-ssse3.ko
-  AUTOLOAD:=$(call AutoLoad,09,sha1-ssse3)
+  AUTOLOAD+=$(call AutoLoad,09,sha1-ssse3)
 endef
 
 $(eval $(call KernelPackage,crypto-sha1))
@@ -493,12 +493,12 @@ endef
 
 define KernelPackage/crypto-sha256/octeon
   FILES+=$(LINUX_DIR)/arch/mips/cavium-octeon/crypto/octeon-sha256.ko
-  AUTOLOAD:=$(call AutoLoad,09,octeon-sha256)
+  AUTOLOAD+=$(call AutoLoad,09,octeon-sha256)
 endef
 
 define KernelPackage/crypto-sha256/x86/64
   FILES+=$(LINUX_DIR)/arch/x86/crypto/sha256-ssse3.ko
-  AUTOLOAD:=$(call AutoLoad,09,sha256-ssse3)
+  AUTOLOAD+=$(call AutoLoad,09,sha256-ssse3)
 endef
 
 $(eval $(call KernelPackage,crypto-sha256))
@@ -518,12 +518,12 @@ endef
 
 define KernelPackage/crypto-sha512/octeon
   FILES+=$(LINUX_DIR)/arch/mips/cavium-octeon/crypto/octeon-sha512.ko
-  AUTOLOAD:=$(call AutoLoad,09,octeon-sha512)
+  AUTOLOAD+=$(call AutoLoad,09,octeon-sha512)
 endef
 
 define KernelPackage/crypto-sha512/x86/64
   FILES+=$(LINUX_DIR)/arch/x86/crypto/sha512-ssse3.ko
-  AUTOLOAD:=$(call AutoLoad,09,sha512-ssse3)
+  AUTOLOAD+=$(call AutoLoad,09,sha512-ssse3)
 endef
 
 $(eval $(call KernelPackage,crypto-sha512))

package/kernel/linux/modules/netfilter.mk

@@ -360,8 +360,6 @@ define KernelPackage/nf-nathelper/description
  Default Netfilter (IPv4) Conntrack and NAT helpers
  Includes:
  - ftp
- - irc
- - tftp
 endef
 
 $(eval $(call KernelPackage,nf-nathelper))
@@ -381,11 +379,13 @@ define KernelPackage/nf-nathelper-extra/description
  Includes:
  - amanda
  - h323
+ - irc
  - mms
  - pptp
  - proto_gre
  - sip
  - snmp_basic
+ - tftp
  - broadcast
 endef
 

package/kernel/linux/modules/sound.mk

@@ -67,7 +67,7 @@ define KernelPackage/sound-core/uml
   FILES:= \
 	$(LINUX_DIR)/sound/soundcore.ko \
 	$(LINUX_DIR)/arch/um/drivers/hostaudio.ko
-  AUTOLOAD:=$(call AutoLoad,30,soundcore hostaudio)
+  AUTOLOAD+=$(call AutoLoad,30,soundcore hostaudio)
 endef
 
 define KernelPackage/sound-core/description

package/kernel/linux/modules/video.mk

@@ -47,7 +47,7 @@ define KernelPackage/backlight-pwm
 	AUTOLOAD:=$(call AutoProbe,video pwm_bl)
 endef
 
-define KernelPackage/backlight/backlight-pwm
+define KernelPackage/backlight-pwm/description
 	Kernel module for PWM based Backlight support.
 endef
 
@@ -72,7 +72,7 @@ endef
 
 define KernelPackage/fb/x86
   FILES+=$(LINUX_DIR)/arch/x86/video/fbdev.ko
-  AUTOLOAD:=$(call AutoLoad,06,fbdev fb)
+  AUTOLOAD+=$(call AutoLoad,06,fbdev fb)
 endef
 
 $(eval $(call KernelPackage,fb))

package/kernel/mac80211/Makefile

@@ -11,7 +11,7 @@ include $(INCLUDE_DIR)/kernel.mk
 PKG_NAME:=mac80211
 
 PKG_VERSION:=2017-01-31
-PKG_RELEASE:=1
+PKG_RELEASE:=3
 PKG_SOURCE_URL:=http://mirror2.openwrt.org/sources
 PKG_BACKPORT_VERSION:=
 PKG_HASH:=75e6d39e34cf156212a2509172a4a62b673b69eb4a1d9aaa565f7fa719fa2317
@@ -68,6 +68,8 @@ PKG_CONFIG_DEPENDS:= \
 	CONFIG_PACKAGE_BRCM80211_DEBUG \
 	CONFIG_PACKAGE_IWLWIFI_DEBUG \
 	CONFIG_PACKAGE_IWLWIFI_DEBUGFS \
+	CONFIG_PACKAGE_RT2X00_LIB_DEBUGFS \
+	CONFIG_PACKAGE_RT2X00_DEBUG \
 	CONFIG_PACKAGE_RTLWIFI_DEBUG \
 	CONFIG_ATH9K_SUPPORT_PCOEM \
 	CONFIG_ATH9K_TX99 \

package/kernel/mac80211/files/lib/netifd/wireless/mac80211.sh

@@ -268,7 +268,7 @@ mac80211_hostapd_setup_base() {
 			vht_max_mpdu_hw=11454
 		[ "$vht_max_mpdu_hw" != 3895 ] && \
 			vht_capab="$vht_capab[MAX-MPDU-$vht_max_mpdu_hw]"
-			
+
 		# maximum A-MPDU length exponent
 		vht_max_a_mpdu_len_exp_hw=0
 		[ "$(($vht_cap & 58720256))" -ge 8388608 -a 1 -le "$vht_max_a_mpdu_len_exp" ] && \
@@ -566,7 +566,7 @@ mac80211_setup_adhoc() {
 	[ -n "$mcast_rate" ] && wpa_supplicant_add_rate mcval "$mcast_rate"
 
 	iw dev "$ifname" ibss join "$ssid" $freq $ibss_htmode fixed-freq $bssid \
-		${beacon_int:+beacon-interval $beacon_int} \
+		beacon-interval $beacon_int \
 		${brstr:+basic-rates $brstr} \
 		${mcval:+mcast-rate $mcval} \
 		${keyspec:+keys $keyspec}
@@ -646,7 +646,9 @@ mac80211_setup_vif() {
 				esac
 
 				freq="$(get_freq "$phy" "$channel")"
-				iw dev "$ifname" mesh join "$mesh_id" freq $freq $mesh_htmode ${mcval:+mcast-rate $mcval}
+				iw dev "$ifname" mesh join "$mesh_id" freq $freq $mesh_htmode \
+					${mcval:+mcast-rate $mcval} \
+					beacon-interval $beacon_int
 			fi
 
 			for var in $MP_CONFIG_INT $MP_CONFIG_BOOL $MP_CONFIG_STRING; do
@@ -698,7 +700,7 @@ drv_mac80211_setup() {
 		country chanbw distance \
 		txpower antenna_gain \
 		rxantenna txantenna \
-		frag rts beacon_int htmode
+		frag rts beacon_int:100 htmode
 	json_get_values basic_rate_list basic_rate
 	json_select ..
 

package/kernel/mac80211/files/lib/wifi/mac80211.sh

@@ -92,7 +92,7 @@ detect_mac80211() {
 			htmode="VHT80"
 		}
 
-		[ -n $htmode ] && ht_capab="set wireless.radio${devidx}.htmode=$htmode"
+		[ -n "$htmode" ] && ht_capab="set wireless.radio${devidx}.htmode=$htmode"
 
 		if [ -x /usr/bin/readlink -a -h /sys/class/ieee80211/${dev} ]; then
 			path="$(readlink -f /sys/class/ieee80211/${dev}/device)"

package/kernel/mac80211/files/regdb.txt

@@ -85,12 +85,20 @@ country AT: DFS-ETSI
 	# 60 GHz band channels 1-4, ref: Etsi En 302 567
 	(57000 - 66000 @ 2160), (40)
 
+# Source:
+# https://www.legislation.gov.au/Details/F2016C00432
+# Both DFS-ETSI and DFS-FCC are acceptable per AS/NZS 4268 Appendix B.
+# The EIRP for DFS bands can be increased by 3dB if TPC is implemented.
+# In order to allow 80MHz operation between 5650-5730MHz the upper boundary
+# of this more restrictive band has been shifted up by 5MHz from 5725MHz.
 country AU: DFS-ETSI
-	(2402 - 2482 @ 40), (20)
-	(5170 - 5250 @ 80), (17), AUTO-BW
-	(5250 - 5330 @ 80), (24), DFS, AUTO-BW
-	(5490 - 5710 @ 160), (24), DFS
-	(5735 - 5835 @ 80), (30)
+	(2400 - 2483.5 @ 40), (36)
+	(5150 - 5250 @ 80), (23), NO-OUTDOOR, AUTO-BW
+	(5250 - 5350 @ 80), (20), NO-OUTDOOR, AUTO-BW, DFS
+	(5470 - 5600 @ 80), (27), DFS
+	(5650 - 5730 @ 80), (27), DFS
+	(5730 - 5850 @ 80), (36)
+	(57000 - 66000 @ 2160), (43), NO-OUTDOOR
 
 country AW: DFS-ETSI
 	(2402 - 2482 @ 40), (20)
@@ -230,9 +238,9 @@ country BZ: DFS-JP
 
 country CA: DFS-FCC
 	(2402 - 2472 @ 40), (30)
-	(5170 - 5250 @ 80), (17), AUTO-BW
-	(5250 - 5330 @ 80), (24), DFS, AUTO-BW
-	(5490 - 5600 @ 80), (24), DFS
+	(5150 - 5250 @ 80), (23), AUTO-BW
+	(5250 - 5350 @ 80), (24), DFS, AUTO-BW
+	(5470 - 5600 @ 80), (24), DFS
 	(5650 - 5730 @ 80), (24), DFS
 	(5735 - 5835 @ 80), (30)
 
@@ -580,11 +588,10 @@ country IL: DFS-ETSI
 	(5150 - 5250 @ 80), (200 mW), NO-OUTDOOR, AUTO-BW
 	(5250 - 5350 @ 80), (200 mW), NO-OUTDOOR, DFS, AUTO-BW
 
-country IN: DFS-JP
+country IN:
 	(2402 - 2482 @ 40), (20)
-	(5170 - 5250 @ 80), (20), AUTO-BW
-	(5250 - 5330 @ 80), (20), DFS, AUTO-BW
-	(5735 - 5835 @ 80), (20)
+	(5150 - 5350 @ 160), (23)
+	(5725 - 5875 @ 80), (23)
 
 country IR: DFS-JP
 	(2402 - 2482 @ 40), (20)

package/kernel/mac80211/patches/020-01-rt2x00-avoid-introducing-a-USB-dependency-in-the-rt2.patch

@@ -1,6 +1,7 @@
+From 6232c17438ed01f43665197db5a98a4a4f77ef47 Mon Sep 17 00:00:00 2001
 From: Stanislaw Gruszka <sgruszka@redhat.com>
 Date: Thu, 2 Feb 2017 10:57:40 +0100
-Subject: [PATCH] rt2x00: avoid introducing a USB dependency in the
+Subject: [PATCH 01/19] rt2x00: avoid introducing a USB dependency in the
  rt2x00lib module
 
 As reported by Felix:
@@ -16,11 +17,17 @@ Cc: Vishal Thanki <vishalthanki@gmail.com>
 Reported-by: Felix Fietkau <nbd@nbd.name>
 Fixes: 8b4c0009313f ("rt2x00usb: Use usb anchor to manage URB")
 Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com>
+Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
 ---
+ drivers/net/wireless/ralink/rt2x00/rt2x00dev.c | 23 ++++++++---------------
+ drivers/net/wireless/ralink/rt2x00/rt2x00usb.c |  5 +++++
+ 2 files changed, 13 insertions(+), 15 deletions(-)
 
+diff --git a/drivers/net/wireless/ralink/rt2x00/rt2x00dev.c b/drivers/net/wireless/ralink/rt2x00/rt2x00dev.c
+index 8fcbc8dc94c1..4b08007f93f7 100644
 --- a/drivers/net/wireless/ralink/rt2x00/rt2x00dev.c
 +++ b/drivers/net/wireless/ralink/rt2x00/rt2x00dev.c
-@@ -1436,21 +1436,6 @@ void rt2x00lib_remove_dev(struct rt2x00_
+@@ -1436,21 +1436,6 @@ void rt2x00lib_remove_dev(struct rt2x00_dev *rt2x00dev)
  	cancel_work_sync(&rt2x00dev->intf_work);
  	cancel_delayed_work_sync(&rt2x00dev->autowakeup_work);
  	cancel_work_sync(&rt2x00dev->sleep_work);
@@ -42,7 +49,7 @@ Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com>
  
  	/*
  	 * Kill the tx status tasklet.
-@@ -1466,6 +1451,14 @@ void rt2x00lib_remove_dev(struct rt2x00_
+@@ -1466,6 +1451,14 @@ void rt2x00lib_remove_dev(struct rt2x00_dev *rt2x00dev)
  	 */
  	rt2x00lib_uninitialize(rt2x00dev);
  
@@ -57,9 +64,11 @@ Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com>
  	/*
  	 * Free extra components
  	 */
+diff --git a/drivers/net/wireless/ralink/rt2x00/rt2x00usb.c b/drivers/net/wireless/ralink/rt2x00/rt2x00usb.c
+index 838ca58d2dd6..5a2bf9f63cd7 100644
 --- a/drivers/net/wireless/ralink/rt2x00/rt2x00usb.c
 +++ b/drivers/net/wireless/ralink/rt2x00/rt2x00usb.c
-@@ -744,6 +744,11 @@ void rt2x00usb_uninitialize(struct rt2x0
+@@ -744,6 +744,11 @@ void rt2x00usb_uninitialize(struct rt2x00_dev *rt2x00dev)
  {
  	struct data_queue *queue;
  
@@ -71,3 +80,6 @@ Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com>
  	queue_for_each(rt2x00dev, queue)
  		rt2x00usb_free_entries(queue);
  }
+-- 
+2.12.1
+

package/kernel/mac80211/patches/020-02-rt2x00usb-do-not-anchor-rx-and-tx-urb-s.patch

@@ -0,0 +1,61 @@
+From 93c7018ec16bb83399dd4db61c361a6d6aba0d5a Mon Sep 17 00:00:00 2001
+From: Stanislaw Gruszka <sgruszka@redhat.com>
+Date: Wed, 8 Feb 2017 12:18:09 +0100
+Subject: [PATCH 02/19] rt2x00usb: do not anchor rx and tx urb's
+
+We might kill TX or RX urb during rt2x00usb_flush_entry(), what can
+cause anchor list corruption like shown below:
+
+[ 2074.035633] WARNING: CPU: 2 PID: 14480 at lib/list_debug.c:33 __list_add+0xac/0xc0
+[ 2074.035634] list_add corruption. prev->next should be next (ffff88020f362c28), but was dead000000000100. (prev=ffff8801d161bb70).
+<snip>
+[ 2074.035670] Call Trace:
+[ 2074.035672]  [<ffffffff813bde47>] dump_stack+0x63/0x8c
+[ 2074.035674]  [<ffffffff810a2231>] __warn+0xd1/0xf0
+[ 2074.035676]  [<ffffffff810a22af>] warn_slowpath_fmt+0x5f/0x80
+[ 2074.035678]  [<ffffffffa073855d>] ? rt2x00usb_register_write_lock+0x3d/0x60 [rt2800usb]
+[ 2074.035679]  [<ffffffff813dbe4c>] __list_add+0xac/0xc0
+[ 2074.035681]  [<ffffffff81591c6c>] usb_anchor_urb+0x4c/0xa0
+[ 2074.035683]  [<ffffffffa07322af>] rt2x00usb_kick_rx_entry+0xaf/0x100 [rt2x00usb]
+[ 2074.035684]  [<ffffffffa0732322>] rt2x00usb_clear_entry+0x22/0x30 [rt2x00usb]
+
+To fix do not anchor TX and RX urb's, it is not needed as during
+shutdown we kill those urbs in rt2x00usb_free_entries().
+
+Cc: Vishal Thanki <vishalthanki@gmail.com>
+Fixes: 8b4c0009313f ("rt2x00usb: Use usb anchor to manage URB")
+Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com>
+Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
+---
+ drivers/net/wireless/ralink/rt2x00/rt2x00usb.c | 4 ----
+ 1 file changed, 4 deletions(-)
+
+diff --git a/drivers/net/wireless/ralink/rt2x00/rt2x00usb.c b/drivers/net/wireless/ralink/rt2x00/rt2x00usb.c
+index 5a2bf9f63cd7..fe13dd07cc2a 100644
+--- a/drivers/net/wireless/ralink/rt2x00/rt2x00usb.c
++++ b/drivers/net/wireless/ralink/rt2x00/rt2x00usb.c
+@@ -319,10 +319,8 @@ static bool rt2x00usb_kick_tx_entry(struct queue_entry *entry, void *data)
+ 			  entry->skb->data, length,
+ 			  rt2x00usb_interrupt_txdone, entry);
+ 
+-	usb_anchor_urb(entry_priv->urb, rt2x00dev->anchor);
+ 	status = usb_submit_urb(entry_priv->urb, GFP_ATOMIC);
+ 	if (status) {
+-		usb_unanchor_urb(entry_priv->urb);
+ 		if (status == -ENODEV)
+ 			clear_bit(DEVICE_STATE_PRESENT, &rt2x00dev->flags);
+ 		set_bit(ENTRY_DATA_IO_FAILED, &entry->flags);
+@@ -410,10 +408,8 @@ static bool rt2x00usb_kick_rx_entry(struct queue_entry *entry, void *data)
+ 			  entry->skb->data, entry->skb->len,
+ 			  rt2x00usb_interrupt_rxdone, entry);
+ 
+-	usb_anchor_urb(entry_priv->urb, rt2x00dev->anchor);
+ 	status = usb_submit_urb(entry_priv->urb, GFP_ATOMIC);
+ 	if (status) {
+-		usb_unanchor_urb(entry_priv->urb);
+ 		if (status == -ENODEV)
+ 			clear_bit(DEVICE_STATE_PRESENT, &rt2x00dev->flags);
+ 		set_bit(ENTRY_DATA_IO_FAILED, &entry->flags);
+-- 
+2.12.1
+

package/kernel/mac80211/patches/020-03-rt2x00usb-fix-anchor-initialization.patch

@@ -0,0 +1,75 @@
+From 0488a6121dfe6cbd44de15ea3627913b7549a1e9 Mon Sep 17 00:00:00 2001
+From: Stanislaw Gruszka <sgruszka@redhat.com>
+Date: Wed, 8 Feb 2017 12:18:10 +0100
+Subject: [PATCH 03/19] rt2x00usb: fix anchor initialization
+
+If device fail to initialize we can OOPS in rt2x00lib_remove_dev(), due
+to using uninitialized usb_anchor structure:
+
+[  855.435820] ieee80211 phy3: rt2x00usb_vendor_request: Error - Vendor Request 0x07 failed for offset 0x1000 with error -19
+[  855.435826] ieee80211 phy3: rt2800_probe_rt: Error - Invalid RT chipset 0x0000, rev 0000 detected
+[  855.435829] ieee80211 phy3: rt2x00lib_probe_dev: Error - Failed to allocate device
+[  855.435845] BUG: unable to handle kernel NULL pointer dereference at 0000000000000028
+[  855.435900] IP: _raw_spin_lock_irq+0xd/0x30
+[  855.435926] PGD 0
+[  855.435953] Oops: 0002 [#1] SMP
+<snip>
+[  855.437011] Call Trace:
+[  855.437029]  ? usb_kill_anchored_urbs+0x27/0xc0
+[  855.437061]  rt2x00lib_remove_dev+0x190/0x1c0 [rt2x00lib]
+[  855.437097]  rt2x00lib_probe_dev+0x246/0x7a0 [rt2x00lib]
+[  855.437149]  ? ieee80211_roc_setup+0x9e/0xd0 [mac80211]
+[  855.437183]  ? __kmalloc+0x1af/0x1f0
+[  855.437207]  ? rt2x00usb_probe+0x13d/0xc50 [rt2x00usb]
+[  855.437240]  rt2x00usb_probe+0x155/0xc50 [rt2x00usb]
+[  855.437273]  rt2800usb_probe+0x15/0x20 [rt2800usb]
+[  855.437304]  usb_probe_interface+0x159/0x2d0
+[  855.437333]  driver_probe_device+0x2bb/0x460
+
+Patch changes initialization sequence to fix the problem.
+
+Cc: Vishal Thanki <vishalthanki@gmail.com>
+Fixes: 8b4c0009313f ("rt2x00usb: Use usb anchor to manage URB")
+Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com>
+Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
+---
+ drivers/net/wireless/ralink/rt2x00/rt2x00usb.c | 13 ++++++++-----
+ 1 file changed, 8 insertions(+), 5 deletions(-)
+
+diff --git a/drivers/net/wireless/ralink/rt2x00/rt2x00usb.c b/drivers/net/wireless/ralink/rt2x00/rt2x00usb.c
+index fe13dd07cc2a..c696f0ad6a68 100644
+--- a/drivers/net/wireless/ralink/rt2x00/rt2x00usb.c
++++ b/drivers/net/wireless/ralink/rt2x00/rt2x00usb.c
+@@ -825,10 +825,6 @@ int rt2x00usb_probe(struct usb_interface *usb_intf,
+ 	if (retval)
+ 		goto exit_free_device;
+ 
+-	retval = rt2x00lib_probe_dev(rt2x00dev);
+-	if (retval)
+-		goto exit_free_reg;
+-
+ 	rt2x00dev->anchor = devm_kmalloc(&usb_dev->dev,
+ 					sizeof(struct usb_anchor),
+ 					GFP_KERNEL);
+@@ -836,10 +832,17 @@ int rt2x00usb_probe(struct usb_interface *usb_intf,
+ 		retval = -ENOMEM;
+ 		goto exit_free_reg;
+ 	}
+-
+ 	init_usb_anchor(rt2x00dev->anchor);
++
++	retval = rt2x00lib_probe_dev(rt2x00dev);
++	if (retval)
++		goto exit_free_anchor;
++
+ 	return 0;
+ 
++exit_free_anchor:
++	usb_kill_anchored_urbs(rt2x00dev->anchor);
++
+ exit_free_reg:
+ 	rt2x00usb_free_reg(rt2x00dev);
+ 
+-- 
+2.12.1
+

package/kernel/mac80211/patches/020-04-rt61pci-use-entry-directly.patch

@@ -0,0 +1,28 @@
+From 80a97eae304631f57ff8560f87c0b18b95321443 Mon Sep 17 00:00:00 2001
+From: Stanislaw Gruszka <sgruszka@redhat.com>
+Date: Wed, 8 Feb 2017 13:51:29 +0100
+Subject: [PATCH 04/19] rt61pci: use entry directly
+
+Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com>
+Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
+---
+ drivers/net/wireless/ralink/rt2x00/rt61pci.c | 3 +--
+ 1 file changed, 1 insertion(+), 2 deletions(-)
+
+diff --git a/drivers/net/wireless/ralink/rt2x00/rt61pci.c b/drivers/net/wireless/ralink/rt2x00/rt61pci.c
+index 5306a3b2622d..8adb5f3abe15 100644
+--- a/drivers/net/wireless/ralink/rt2x00/rt61pci.c
++++ b/drivers/net/wireless/ralink/rt2x00/rt61pci.c
+@@ -1903,8 +1903,7 @@ static void rt61pci_write_tx_desc(struct queue_entry *entry,
+ 
+ 	rt2x00_desc_read(txd, 5, &word);
+ 	rt2x00_set_field32(&word, TXD_W5_PID_TYPE, entry->queue->qid);
+-	rt2x00_set_field32(&word, TXD_W5_PID_SUBTYPE,
+-			   skbdesc->entry->entry_idx);
++	rt2x00_set_field32(&word, TXD_W5_PID_SUBTYPE, entry->entry_idx);
+ 	rt2x00_set_field32(&word, TXD_W5_TX_POWER,
+ 			   TXPOWER_TO_DEV(entry->queue->rt2x00dev->tx_power));
+ 	rt2x00_set_field32(&word, TXD_W5_WAITING_DMA_DONE_INT, 1);
+-- 
+2.12.1
+

package/kernel/mac80211/patches/020-05-rt2x00-call-entry-directly-in-rt2x00_dump_frame.patch

@@ -0,0 +1,181 @@
+From 2ceb813798e1fd33e71a574771828c0f298e077b Mon Sep 17 00:00:00 2001
+From: Stanislaw Gruszka <sgruszka@redhat.com>
+Date: Wed, 8 Feb 2017 13:51:30 +0100
+Subject: [PATCH 05/19] rt2x00: call entry directly in rt2x00_dump_frame
+
+Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com>
+Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
+---
+ drivers/net/wireless/ralink/rt2x00/rt2400pci.c   | 2 +-
+ drivers/net/wireless/ralink/rt2x00/rt2500pci.c   | 2 +-
+ drivers/net/wireless/ralink/rt2x00/rt2500usb.c   | 2 +-
+ drivers/net/wireless/ralink/rt2x00/rt2800lib.c   | 2 +-
+ drivers/net/wireless/ralink/rt2x00/rt2x00.h      | 4 ++--
+ drivers/net/wireless/ralink/rt2x00/rt2x00debug.c | 7 ++++---
+ drivers/net/wireless/ralink/rt2x00/rt2x00dev.c   | 4 ++--
+ drivers/net/wireless/ralink/rt2x00/rt2x00queue.c | 2 +-
+ drivers/net/wireless/ralink/rt2x00/rt61pci.c     | 2 +-
+ drivers/net/wireless/ralink/rt2x00/rt73usb.c     | 2 +-
+ 10 files changed, 15 insertions(+), 14 deletions(-)
+
+diff --git a/drivers/net/wireless/ralink/rt2x00/rt2400pci.c b/drivers/net/wireless/ralink/rt2x00/rt2400pci.c
+index 085c5b423bdf..19874439ac40 100644
+--- a/drivers/net/wireless/ralink/rt2x00/rt2400pci.c
++++ b/drivers/net/wireless/ralink/rt2x00/rt2400pci.c
+@@ -1200,7 +1200,7 @@ static void rt2400pci_write_beacon(struct queue_entry *entry,
+ 	/*
+ 	 * Dump beacon to userspace through debugfs.
+ 	 */
+-	rt2x00debug_dump_frame(rt2x00dev, DUMP_FRAME_BEACON, entry->skb);
++	rt2x00debug_dump_frame(rt2x00dev, DUMP_FRAME_BEACON, entry);
+ out:
+ 	/*
+ 	 * Enable beaconing again.
+diff --git a/drivers/net/wireless/ralink/rt2x00/rt2500pci.c b/drivers/net/wireless/ralink/rt2x00/rt2500pci.c
+index 9832fd50c793..791434de8052 100644
+--- a/drivers/net/wireless/ralink/rt2x00/rt2500pci.c
++++ b/drivers/net/wireless/ralink/rt2x00/rt2500pci.c
+@@ -1349,7 +1349,7 @@ static void rt2500pci_write_beacon(struct queue_entry *entry,
+ 	/*
+ 	 * Dump beacon to userspace through debugfs.
+ 	 */
+-	rt2x00debug_dump_frame(rt2x00dev, DUMP_FRAME_BEACON, entry->skb);
++	rt2x00debug_dump_frame(rt2x00dev, DUMP_FRAME_BEACON, entry);
+ out:
+ 	/*
+ 	 * Enable beaconing again.
+diff --git a/drivers/net/wireless/ralink/rt2x00/rt2500usb.c b/drivers/net/wireless/ralink/rt2x00/rt2500usb.c
+index cd3ab5a9e98d..62357465fe29 100644
+--- a/drivers/net/wireless/ralink/rt2x00/rt2500usb.c
++++ b/drivers/net/wireless/ralink/rt2x00/rt2500usb.c
+@@ -1170,7 +1170,7 @@ static void rt2500usb_write_beacon(struct queue_entry *entry,
+ 	/*
+ 	 * Dump beacon to userspace through debugfs.
+ 	 */
+-	rt2x00debug_dump_frame(rt2x00dev, DUMP_FRAME_BEACON, entry->skb);
++	rt2x00debug_dump_frame(rt2x00dev, DUMP_FRAME_BEACON, entry);
+ 
+ 	/*
+ 	 * USB devices cannot blindly pass the skb->len as the
+diff --git a/drivers/net/wireless/ralink/rt2x00/rt2800lib.c b/drivers/net/wireless/ralink/rt2x00/rt2800lib.c
+index 572cdea4ca25..8223a1520316 100644
+--- a/drivers/net/wireless/ralink/rt2x00/rt2800lib.c
++++ b/drivers/net/wireless/ralink/rt2x00/rt2800lib.c
+@@ -1014,7 +1014,7 @@ void rt2800_write_beacon(struct queue_entry *entry, struct txentry_desc *txdesc)
+ 	/*
+ 	 * Dump beacon to userspace through debugfs.
+ 	 */
+-	rt2x00debug_dump_frame(rt2x00dev, DUMP_FRAME_BEACON, entry->skb);
++	rt2x00debug_dump_frame(rt2x00dev, DUMP_FRAME_BEACON, entry);
+ 
+ 	/*
+ 	 * Write entire beacon with TXWI and padding to register.
+diff --git a/drivers/net/wireless/ralink/rt2x00/rt2x00.h b/drivers/net/wireless/ralink/rt2x00/rt2x00.h
+index ea299c4e7ada..26869b3bef45 100644
+--- a/drivers/net/wireless/ralink/rt2x00/rt2x00.h
++++ b/drivers/net/wireless/ralink/rt2x00/rt2x00.h
+@@ -1400,11 +1400,11 @@ void rt2x00queue_flush_queues(struct rt2x00_dev *rt2x00dev, bool drop);
+  */
+ #ifdef CPTCFG_RT2X00_LIB_DEBUGFS
+ void rt2x00debug_dump_frame(struct rt2x00_dev *rt2x00dev,
+-			    enum rt2x00_dump_type type, struct sk_buff *skb);
++			    enum rt2x00_dump_type type, struct queue_entry *entry);
+ #else
+ static inline void rt2x00debug_dump_frame(struct rt2x00_dev *rt2x00dev,
+ 					  enum rt2x00_dump_type type,
+-					  struct sk_buff *skb)
++					  struct queue_entry *entry)
+ {
+ }
+ #endif /* CPTCFG_RT2X00_LIB_DEBUGFS */
+diff --git a/drivers/net/wireless/ralink/rt2x00/rt2x00debug.c b/drivers/net/wireless/ralink/rt2x00/rt2x00debug.c
+index 72ae530e4a3b..964aefdc11f0 100644
+--- a/drivers/net/wireless/ralink/rt2x00/rt2x00debug.c
++++ b/drivers/net/wireless/ralink/rt2x00/rt2x00debug.c
+@@ -157,9 +157,10 @@ void rt2x00debug_update_crypto(struct rt2x00_dev *rt2x00dev,
+ }
+ 
+ void rt2x00debug_dump_frame(struct rt2x00_dev *rt2x00dev,
+-			    enum rt2x00_dump_type type, struct sk_buff *skb)
++			    enum rt2x00_dump_type type, struct queue_entry *entry)
+ {
+ 	struct rt2x00debug_intf *intf = rt2x00dev->debugfs_intf;
++	struct sk_buff *skb = entry->skb;
+ 	struct skb_frame_desc *skbdesc = get_skb_frame_desc(skb);
+ 	struct sk_buff *skbcopy;
+ 	struct rt2x00dump_hdr *dump_hdr;
+@@ -196,8 +197,8 @@ void rt2x00debug_dump_frame(struct rt2x00_dev *rt2x00dev,
+ 	dump_hdr->chip_rf = cpu_to_le16(rt2x00dev->chip.rf);
+ 	dump_hdr->chip_rev = cpu_to_le16(rt2x00dev->chip.rev);
+ 	dump_hdr->type = cpu_to_le16(type);
+-	dump_hdr->queue_index = skbdesc->entry->queue->qid;
+-	dump_hdr->entry_index = skbdesc->entry->entry_idx;
++	dump_hdr->queue_index = entry->queue->qid;
++	dump_hdr->entry_index = entry->entry_idx;
+ 	dump_hdr->timestamp_sec = cpu_to_le32(timestamp.tv_sec);
+ 	dump_hdr->timestamp_usec = cpu_to_le32(timestamp.tv_usec);
+ 
+diff --git a/drivers/net/wireless/ralink/rt2x00/rt2x00dev.c b/drivers/net/wireless/ralink/rt2x00/rt2x00dev.c
+index 4b08007f93f7..dd6678109b7e 100644
+--- a/drivers/net/wireless/ralink/rt2x00/rt2x00dev.c
++++ b/drivers/net/wireless/ralink/rt2x00/rt2x00dev.c
+@@ -363,7 +363,7 @@ void rt2x00lib_txdone(struct queue_entry *entry,
+ 	 * Send frame to debugfs immediately, after this call is completed
+ 	 * we are going to overwrite the skb->cb array.
+ 	 */
+-	rt2x00debug_dump_frame(rt2x00dev, DUMP_FRAME_TXDONE, entry->skb);
++	rt2x00debug_dump_frame(rt2x00dev, DUMP_FRAME_TXDONE, entry);
+ 
+ 	/*
+ 	 * Determine if the frame has been successfully transmitted and
+@@ -772,7 +772,7 @@ void rt2x00lib_rxdone(struct queue_entry *entry, gfp_t gfp)
+ 	 */
+ 	rt2x00link_update_stats(rt2x00dev, entry->skb, &rxdesc);
+ 	rt2x00debug_update_crypto(rt2x00dev, &rxdesc);
+-	rt2x00debug_dump_frame(rt2x00dev, DUMP_FRAME_RXDONE, entry->skb);
++	rt2x00debug_dump_frame(rt2x00dev, DUMP_FRAME_RXDONE, entry);
+ 
+ 	/*
+ 	 * Initialize RX status information, and send frame
+diff --git a/drivers/net/wireless/ralink/rt2x00/rt2x00queue.c b/drivers/net/wireless/ralink/rt2x00/rt2x00queue.c
+index b2364d378774..380daf4e1b8d 100644
+--- a/drivers/net/wireless/ralink/rt2x00/rt2x00queue.c
++++ b/drivers/net/wireless/ralink/rt2x00/rt2x00queue.c
+@@ -544,7 +544,7 @@ static void rt2x00queue_write_tx_descriptor(struct queue_entry *entry,
+ 	 * All processing on the frame has been completed, this means
+ 	 * it is now ready to be dumped to userspace through debugfs.
+ 	 */
+-	rt2x00debug_dump_frame(queue->rt2x00dev, DUMP_FRAME_TX, entry->skb);
++	rt2x00debug_dump_frame(queue->rt2x00dev, DUMP_FRAME_TX, entry);
+ }
+ 
+ static void rt2x00queue_kick_tx_queue(struct data_queue *queue,
+diff --git a/drivers/net/wireless/ralink/rt2x00/rt61pci.c b/drivers/net/wireless/ralink/rt2x00/rt61pci.c
+index 8adb5f3abe15..973d418b8113 100644
+--- a/drivers/net/wireless/ralink/rt2x00/rt61pci.c
++++ b/drivers/net/wireless/ralink/rt2x00/rt61pci.c
+@@ -1988,7 +1988,7 @@ static void rt61pci_write_beacon(struct queue_entry *entry,
+ 	/*
+ 	 * Dump beacon to userspace through debugfs.
+ 	 */
+-	rt2x00debug_dump_frame(rt2x00dev, DUMP_FRAME_BEACON, entry->skb);
++	rt2x00debug_dump_frame(rt2x00dev, DUMP_FRAME_BEACON, entry);
+ 
+ 	/*
+ 	 * Write entire beacon with descriptor and padding to register.
+diff --git a/drivers/net/wireless/ralink/rt2x00/rt73usb.c b/drivers/net/wireless/ralink/rt2x00/rt73usb.c
+index 1a29c4d205a5..bb8d307a789f 100644
+--- a/drivers/net/wireless/ralink/rt2x00/rt73usb.c
++++ b/drivers/net/wireless/ralink/rt2x00/rt73usb.c
+@@ -1557,7 +1557,7 @@ static void rt73usb_write_beacon(struct queue_entry *entry,
+ 	/*
+ 	 * Dump beacon to userspace through debugfs.
+ 	 */
+-	rt2x00debug_dump_frame(rt2x00dev, DUMP_FRAME_BEACON, entry->skb);
++	rt2x00debug_dump_frame(rt2x00dev, DUMP_FRAME_BEACON, entry);
+ 
+ 	/*
+ 	 * Write entire beacon with descriptor and padding to register.
+-- 
+2.12.1
+

package/kernel/mac80211/patches/020-06-rt2x00-remove-queue_entry-from-skbdesc.patch

@@ -0,0 +1,59 @@
+From cf81db30a6edcca791b1bfa5348a162471121d11 Mon Sep 17 00:00:00 2001
+From: Stanislaw Gruszka <sgruszka@redhat.com>
+Date: Wed, 8 Feb 2017 13:51:31 +0100
+Subject: [PATCH 06/19] rt2x00: remove queue_entry from skbdesc
+
+queue_entry field of skbdesc is not read any more, remove it to allow
+skbdesc contain other data.
+
+Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com>
+Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
+---
+ drivers/net/wireless/ralink/rt2x00/rt2x00queue.c | 3 ---
+ drivers/net/wireless/ralink/rt2x00/rt2x00queue.h | 2 --
+ 2 files changed, 5 deletions(-)
+
+diff --git a/drivers/net/wireless/ralink/rt2x00/rt2x00queue.c b/drivers/net/wireless/ralink/rt2x00/rt2x00queue.c
+index 380daf4e1b8d..e1660b92b20c 100644
+--- a/drivers/net/wireless/ralink/rt2x00/rt2x00queue.c
++++ b/drivers/net/wireless/ralink/rt2x00/rt2x00queue.c
+@@ -83,7 +83,6 @@ struct sk_buff *rt2x00queue_alloc_rxskb(struct queue_entry *entry, gfp_t gfp)
+ 	 */
+ 	skbdesc = get_skb_frame_desc(skb);
+ 	memset(skbdesc, 0, sizeof(*skbdesc));
+-	skbdesc->entry = entry;
+ 
+ 	if (rt2x00_has_cap_flag(rt2x00dev, REQUIRE_DMA)) {
+ 		dma_addr_t skb_dma;
+@@ -689,7 +688,6 @@ int rt2x00queue_write_tx_frame(struct data_queue *queue, struct sk_buff *skb,
+ 		goto out;
+ 	}
+ 
+-	skbdesc->entry = entry;
+ 	entry->skb = skb;
+ 
+ 	/*
+@@ -774,7 +772,6 @@ int rt2x00queue_update_beacon(struct rt2x00_dev *rt2x00dev,
+ 	 */
+ 	skbdesc = get_skb_frame_desc(intf->beacon->skb);
+ 	memset(skbdesc, 0, sizeof(*skbdesc));
+-	skbdesc->entry = intf->beacon;
+ 
+ 	/*
+ 	 * Send beacon to hardware.
+diff --git a/drivers/net/wireless/ralink/rt2x00/rt2x00queue.h b/drivers/net/wireless/ralink/rt2x00/rt2x00queue.h
+index 2233b911a1d7..22d18818e850 100644
+--- a/drivers/net/wireless/ralink/rt2x00/rt2x00queue.h
++++ b/drivers/net/wireless/ralink/rt2x00/rt2x00queue.h
+@@ -116,8 +116,6 @@ struct skb_frame_desc {
+ 	__le32 iv[2];
+ 
+ 	dma_addr_t skb_dma;
+-
+-	struct queue_entry *entry;
+ };
+ 
+ /**
+-- 
+2.12.1
+

package/kernel/mac80211/patches/020-07-rt2500usb-don-t-mark-register-accesses-as-inline.patch

@@ -0,0 +1,84 @@
+From 7272416609126e8910b7f0d0e3dba008aa87830c Mon Sep 17 00:00:00 2001
+From: Arnd Bergmann <arnd@arndb.de>
+Date: Tue, 14 Feb 2017 22:28:33 +0100
+Subject: [PATCH 07/19] rt2500usb: don't mark register accesses as inline
+
+When CONFIG_KASAN is set, we get a rather large stack here:
+
+drivers/net/wireless/ralink/rt2x00/rt2500usb.c: In function 'rt2500usb_set_device_state':
+drivers/net/wireless/ralink/rt2x00/rt2500usb.c:1074:1: error: the frame size of 3032 bytes is larger than 100 bytes [-Werror=frame-larger-than=]
+
+If we don't force those functions to be inline, the compiler can figure this
+out better itself and not inline the functions when doing so would be harmful,
+reducing the stack size to a merge 256 bytes.
+
+Note that there is another problem that manifests in this driver, as a result
+of the typecheck() macro causing even larger stack frames.
+
+Signed-off-by: Arnd Bergmann <arnd@arndb.de>
+Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
+---
+ drivers/net/wireless/ralink/rt2x00/rt2500usb.c | 19 +++++--------------
+ 1 file changed, 5 insertions(+), 14 deletions(-)
+
+diff --git a/drivers/net/wireless/ralink/rt2x00/rt2500usb.c b/drivers/net/wireless/ralink/rt2x00/rt2500usb.c
+index 62357465fe29..0d2670a56c4c 100644
+--- a/drivers/net/wireless/ralink/rt2x00/rt2500usb.c
++++ b/drivers/net/wireless/ralink/rt2x00/rt2500usb.c
+@@ -55,7 +55,7 @@ MODULE_PARM_DESC(nohwcrypt, "Disable hardware encryption.");
+  * If the csr_mutex is already held then the _lock variants must
+  * be used instead.
+  */
+-static inline void rt2500usb_register_read(struct rt2x00_dev *rt2x00dev,
++static void rt2500usb_register_read(struct rt2x00_dev *rt2x00dev,
+ 					   const unsigned int offset,
+ 					   u16 *value)
+ {
+@@ -66,7 +66,7 @@ static inline void rt2500usb_register_read(struct rt2x00_dev *rt2x00dev,
+ 	*value = le16_to_cpu(reg);
+ }
+ 
+-static inline void rt2500usb_register_read_lock(struct rt2x00_dev *rt2x00dev,
++static void rt2500usb_register_read_lock(struct rt2x00_dev *rt2x00dev,
+ 						const unsigned int offset,
+ 						u16 *value)
+ {
+@@ -77,16 +77,7 @@ static inline void rt2500usb_register_read_lock(struct rt2x00_dev *rt2x00dev,
+ 	*value = le16_to_cpu(reg);
+ }
+ 
+-static inline void rt2500usb_register_multiread(struct rt2x00_dev *rt2x00dev,
+-						const unsigned int offset,
+-						void *value, const u16 length)
+-{
+-	rt2x00usb_vendor_request_buff(rt2x00dev, USB_MULTI_READ,
+-				      USB_VENDOR_REQUEST_IN, offset,
+-				      value, length);
+-}
+-
+-static inline void rt2500usb_register_write(struct rt2x00_dev *rt2x00dev,
++static void rt2500usb_register_write(struct rt2x00_dev *rt2x00dev,
+ 					    const unsigned int offset,
+ 					    u16 value)
+ {
+@@ -96,7 +87,7 @@ static inline void rt2500usb_register_write(struct rt2x00_dev *rt2x00dev,
+ 				      &reg, sizeof(reg));
+ }
+ 
+-static inline void rt2500usb_register_write_lock(struct rt2x00_dev *rt2x00dev,
++static void rt2500usb_register_write_lock(struct rt2x00_dev *rt2x00dev,
+ 						 const unsigned int offset,
+ 						 u16 value)
+ {
+@@ -106,7 +97,7 @@ static inline void rt2500usb_register_write_lock(struct rt2x00_dev *rt2x00dev,
+ 				       &reg, sizeof(reg), REGISTER_TIMEOUT);
+ }
+ 
+-static inline void rt2500usb_register_multiwrite(struct rt2x00_dev *rt2x00dev,
++static void rt2500usb_register_multiwrite(struct rt2x00_dev *rt2x00dev,
+ 						 const unsigned int offset,
+ 						 void *value, const u16 length)
+ {
+-- 
+2.12.1
+

package/kernel/mac80211/patches/020-08-rt2x00-rt2800lib-move-rt2800_drv_data-declaration-in.patch

@@ -0,0 +1,94 @@
+From 96609f366c6f792421e1939c5c834abbe24eb88a Mon Sep 17 00:00:00 2001
+From: Gabor Juhos <juhosg@openwrt.org>
+Date: Wed, 15 Feb 2017 10:25:04 +0100
+Subject: [PATCH 08/19] rt2x00: rt2800lib: move rt2800_drv_data declaration
+ into rt2800lib.h
+
+The rt2800_drv_data structure contains driver specific
+information. Move the declaration into the rt2800lib.h
+header which is a more logical place for it. Also fix
+the comment style to avoid checkpatch warning.
+
+The patch contains no functional changes, it is in
+preparation for the next patch.
+
+Signed-off-by: Gabor Juhos <juhosg@openwrt.org>
+Signed-off-by: Daniel Golle <daniel@makrotopia.org>
+Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com>
+Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
+---
+ drivers/net/wireless/ralink/rt2x00/rt2800.h    | 25 -------------------------
+ drivers/net/wireless/ralink/rt2x00/rt2800lib.h | 23 +++++++++++++++++++++++
+ 2 files changed, 23 insertions(+), 25 deletions(-)
+
+diff --git a/drivers/net/wireless/ralink/rt2x00/rt2800.h b/drivers/net/wireless/ralink/rt2x00/rt2800.h
+index 256496bfbafb..0e7051d8132f 100644
+--- a/drivers/net/wireless/ralink/rt2x00/rt2800.h
++++ b/drivers/net/wireless/ralink/rt2x00/rt2800.h
+@@ -2987,29 +2987,4 @@ enum rt2800_eeprom_word {
+  */
+ #define BCN_TBTT_OFFSET 64
+ 
+-/*
+- * Hardware has 255 WCID table entries. First 32 entries are reserved for
+- * shared keys. Since parts of the pairwise key table might be shared with
+- * the beacon frame buffers 6 & 7 we could only use the first 222 entries.
+- */
+-#define WCID_START	33
+-#define WCID_END	222
+-#define STA_IDS_SIZE	(WCID_END - WCID_START + 2)
+-
+-/*
+- * RT2800 driver data structure
+- */
+-struct rt2800_drv_data {
+-	u8 calibration_bw20;
+-	u8 calibration_bw40;
+-	u8 bbp25;
+-	u8 bbp26;
+-	u8 txmixer_gain_24g;
+-	u8 txmixer_gain_5g;
+-	u8 max_psdu;
+-	unsigned int tbtt_tick;
+-	unsigned int ampdu_factor_cnt[4];
+-	DECLARE_BITMAP(sta_ids, STA_IDS_SIZE);
+-};
+-
+ #endif /* RT2800_H */
+diff --git a/drivers/net/wireless/ralink/rt2x00/rt2800lib.h b/drivers/net/wireless/ralink/rt2x00/rt2800lib.h
+index 0a8b4df665fe..8e1ae138c3f1 100644
+--- a/drivers/net/wireless/ralink/rt2x00/rt2800lib.h
++++ b/drivers/net/wireless/ralink/rt2x00/rt2800lib.h
+@@ -20,6 +20,29 @@
+ #ifndef RT2800LIB_H
+ #define RT2800LIB_H
+ 
++/*
++ * Hardware has 255 WCID table entries. First 32 entries are reserved for
++ * shared keys. Since parts of the pairwise key table might be shared with
++ * the beacon frame buffers 6 & 7 we could only use the first 222 entries.
++ */
++#define WCID_START	33
++#define WCID_END	222
++#define STA_IDS_SIZE	(WCID_END - WCID_START + 2)
++
++/* RT2800 driver data structure */
++struct rt2800_drv_data {
++	u8 calibration_bw20;
++	u8 calibration_bw40;
++	u8 bbp25;
++	u8 bbp26;
++	u8 txmixer_gain_24g;
++	u8 txmixer_gain_5g;
++	u8 max_psdu;
++	unsigned int tbtt_tick;
++	unsigned int ampdu_factor_cnt[4];
++	DECLARE_BITMAP(sta_ids, STA_IDS_SIZE);
++};
++
+ struct rt2800_ops {
+ 	void (*register_read)(struct rt2x00_dev *rt2x00dev,
+ 			      const unsigned int offset, u32 *value);
+-- 
+2.12.1
+

package/kernel/mac80211/patches/020-09-rt2800-identify-station-based-on-status-WCID.patch

@@ -0,0 +1,94 @@
+From a13d985f26f6df07d5c5c0e190477628e236babc Mon Sep 17 00:00:00 2001
+From: Stanislaw Gruszka <sgruszka@redhat.com>
+Date: Wed, 15 Feb 2017 10:25:05 +0100
+Subject: [PATCH 09/19] rt2800: identify station based on status WCID
+
+Add framework to identify sta based on tx status WCID. This is currently
+not used, will start be utilized in the future patch.
+
+Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com>
+Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
+---
+ drivers/net/wireless/ralink/rt2x00/rt2800lib.c   | 5 +++++
+ drivers/net/wireless/ralink/rt2x00/rt2800lib.h   | 1 +
+ drivers/net/wireless/ralink/rt2x00/rt2x00queue.h | 3 ++-
+ 3 files changed, 8 insertions(+), 1 deletion(-)
+
+diff --git a/drivers/net/wireless/ralink/rt2x00/rt2800lib.c b/drivers/net/wireless/ralink/rt2x00/rt2800lib.c
+index 8223a1520316..46405cce35e0 100644
+--- a/drivers/net/wireless/ralink/rt2x00/rt2800lib.c
++++ b/drivers/net/wireless/ralink/rt2x00/rt2800lib.c
+@@ -855,11 +855,13 @@ EXPORT_SYMBOL_GPL(rt2800_process_rxwi);
+ void rt2800_txdone_entry(struct queue_entry *entry, u32 status, __le32 *txwi)
+ {
+ 	struct rt2x00_dev *rt2x00dev = entry->queue->rt2x00dev;
++	struct rt2800_drv_data *drv_data = rt2x00dev->drv_data;
+ 	struct skb_frame_desc *skbdesc = get_skb_frame_desc(entry->skb);
+ 	struct txdone_entry_desc txdesc;
+ 	u32 word;
+ 	u16 mcs, real_mcs;
+ 	int aggr, ampdu;
++	int wcid;
+ 
+ 	/*
+ 	 * Obtain the status about this packet.
+@@ -872,6 +874,7 @@ void rt2800_txdone_entry(struct queue_entry *entry, u32 status, __le32 *txwi)
+ 
+ 	real_mcs = rt2x00_get_field32(status, TX_STA_FIFO_MCS);
+ 	aggr = rt2x00_get_field32(status, TX_STA_FIFO_TX_AGGRE);
++	wcid = rt2x00_get_field32(status, TX_STA_FIFO_WCID);
+ 
+ 	/*
+ 	 * If a frame was meant to be sent as a single non-aggregated MPDU
+@@ -1468,6 +1471,7 @@ int rt2800_sta_add(struct rt2x00_dev *rt2x00dev, struct ieee80211_vif *vif,
+ 		return 0;
+ 
+ 	__set_bit(wcid - WCID_START, drv_data->sta_ids);
++	drv_data->wcid_to_sta[wcid - WCID_START] = sta;
+ 
+ 	/*
+ 	 * Clean up WCID attributes and write STA address to the device.
+@@ -1498,6 +1502,7 @@ int rt2800_sta_remove(struct rt2x00_dev *rt2x00dev, struct ieee80211_sta *sta)
+ 	 * get renewed when the WCID is reused.
+ 	 */
+ 	rt2800_config_wcid(rt2x00dev, NULL, wcid);
++	drv_data->wcid_to_sta[wcid - WCID_START] = NULL;
+ 	__clear_bit(wcid - WCID_START, drv_data->sta_ids);
+ 
+ 	return 0;
+diff --git a/drivers/net/wireless/ralink/rt2x00/rt2800lib.h b/drivers/net/wireless/ralink/rt2x00/rt2800lib.h
+index 8e1ae138c3f1..6811d677a6e7 100644
+--- a/drivers/net/wireless/ralink/rt2x00/rt2800lib.h
++++ b/drivers/net/wireless/ralink/rt2x00/rt2800lib.h
+@@ -41,6 +41,7 @@ struct rt2800_drv_data {
+ 	unsigned int tbtt_tick;
+ 	unsigned int ampdu_factor_cnt[4];
+ 	DECLARE_BITMAP(sta_ids, STA_IDS_SIZE);
++	struct ieee80211_sta *wcid_to_sta[STA_IDS_SIZE];
+ };
+ 
+ struct rt2800_ops {
+diff --git a/drivers/net/wireless/ralink/rt2x00/rt2x00queue.h b/drivers/net/wireless/ralink/rt2x00/rt2x00queue.h
+index 22d18818e850..9b297fce4692 100644
+--- a/drivers/net/wireless/ralink/rt2x00/rt2x00queue.h
++++ b/drivers/net/wireless/ralink/rt2x00/rt2x00queue.h
+@@ -102,7 +102,7 @@ enum skb_frame_desc_flags {
+  *	of the scope of the skb->data pointer.
+  * @iv: IV/EIV data used during encryption/decryption.
+  * @skb_dma: (PCI-only) the DMA address associated with the sk buffer.
+- * @entry: The entry to which this sk buffer belongs.
++ * @sta: The station where sk buffer was sent.
+  */
+ struct skb_frame_desc {
+ 	u8 flags;
+@@ -116,6 +116,7 @@ struct skb_frame_desc {
+ 	__le32 iv[2];
+ 
+ 	dma_addr_t skb_dma;
++	struct ieee80211_sta *sta;
+ };
+ 
+ /**
+-- 
+2.12.1
+

package/kernel/mac80211/patches/020-10-rt2x00-separte-filling-tx-status-from-rt2x00lib_txdo.patch

@@ -0,0 +1,178 @@
+From 5edb05afebba8f488a30db29550e55c42eea6d6a Mon Sep 17 00:00:00 2001
+From: Stanislaw Gruszka <sgruszka@redhat.com>
+Date: Wed, 15 Feb 2017 10:25:06 +0100
+Subject: [PATCH 10/19] rt2x00: separte filling tx status from rt2x00lib_txdone
+
+This makes rt2x00lib_txdone a bit simpler and will allow to reuse code
+in different variant of txdone which I'm preparing.
+
+Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com>
+Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
+---
+ drivers/net/wireless/ralink/rt2x00/rt2x00dev.c | 141 +++++++++++++------------
+ 1 file changed, 76 insertions(+), 65 deletions(-)
+
+diff --git a/drivers/net/wireless/ralink/rt2x00/rt2x00dev.c b/drivers/net/wireless/ralink/rt2x00/rt2x00dev.c
+index dd6678109b7e..b5d90fefc96b 100644
+--- a/drivers/net/wireless/ralink/rt2x00/rt2x00dev.c
++++ b/drivers/net/wireless/ralink/rt2x00/rt2x00dev.c
+@@ -313,73 +313,14 @@ static inline int rt2x00lib_txdone_bar_status(struct queue_entry *entry)
+ 	return ret;
+ }
+ 
+-void rt2x00lib_txdone(struct queue_entry *entry,
+-		      struct txdone_entry_desc *txdesc)
++static void rt2x00lib_fill_tx_status(struct rt2x00_dev *rt2x00dev,
++				     struct ieee80211_tx_info *tx_info,
++				     struct skb_frame_desc *skbdesc,
++				     struct txdone_entry_desc *txdesc,
++				     bool success)
+ {
+-	struct rt2x00_dev *rt2x00dev = entry->queue->rt2x00dev;
+-	struct ieee80211_tx_info *tx_info = IEEE80211_SKB_CB(entry->skb);
+-	struct skb_frame_desc *skbdesc = get_skb_frame_desc(entry->skb);
+-	unsigned int header_length, i;
+ 	u8 rate_idx, rate_flags, retry_rates;
+-	u8 skbdesc_flags = skbdesc->flags;
+-	bool success;
+-
+-	/*
+-	 * Unmap the skb.
+-	 */
+-	rt2x00queue_unmap_skb(entry);
+-
+-	/*
+-	 * Remove the extra tx headroom from the skb.
+-	 */
+-	skb_pull(entry->skb, rt2x00dev->extra_tx_headroom);
+-
+-	/*
+-	 * Signal that the TX descriptor is no longer in the skb.
+-	 */
+-	skbdesc->flags &= ~SKBDESC_DESC_IN_SKB;
+-
+-	/*
+-	 * Determine the length of 802.11 header.
+-	 */
+-	header_length = ieee80211_get_hdrlen_from_skb(entry->skb);
+-
+-	/*
+-	 * Remove L2 padding which was added during
+-	 */
+-	if (rt2x00_has_cap_flag(rt2x00dev, REQUIRE_L2PAD))
+-		rt2x00queue_remove_l2pad(entry->skb, header_length);
+-
+-	/*
+-	 * If the IV/EIV data was stripped from the frame before it was
+-	 * passed to the hardware, we should now reinsert it again because
+-	 * mac80211 will expect the same data to be present it the
+-	 * frame as it was passed to us.
+-	 */
+-	if (rt2x00_has_cap_hw_crypto(rt2x00dev))
+-		rt2x00crypto_tx_insert_iv(entry->skb, header_length);
+-
+-	/*
+-	 * Send frame to debugfs immediately, after this call is completed
+-	 * we are going to overwrite the skb->cb array.
+-	 */
+-	rt2x00debug_dump_frame(rt2x00dev, DUMP_FRAME_TXDONE, entry);
+-
+-	/*
+-	 * Determine if the frame has been successfully transmitted and
+-	 * remove BARs from our check list while checking for their
+-	 * TX status.
+-	 */
+-	success =
+-	    rt2x00lib_txdone_bar_status(entry) ||
+-	    test_bit(TXDONE_SUCCESS, &txdesc->flags) ||
+-	    test_bit(TXDONE_UNKNOWN, &txdesc->flags);
+-
+-	/*
+-	 * Update TX statistics.
+-	 */
+-	rt2x00dev->link.qual.tx_success += success;
+-	rt2x00dev->link.qual.tx_failed += !success;
++	int i;
+ 
+ 	rate_idx = skbdesc->tx_rate_idx;
+ 	rate_flags = skbdesc->tx_rate_flags;
+@@ -448,6 +389,76 @@ void rt2x00lib_txdone(struct queue_entry *entry,
+ 		else
+ 			rt2x00dev->low_level_stats.dot11RTSFailureCount++;
+ 	}
++}
++
++void rt2x00lib_txdone(struct queue_entry *entry,
++		      struct txdone_entry_desc *txdesc)
++{
++	struct rt2x00_dev *rt2x00dev = entry->queue->rt2x00dev;
++	struct ieee80211_tx_info *tx_info = IEEE80211_SKB_CB(entry->skb);
++	struct skb_frame_desc *skbdesc = get_skb_frame_desc(entry->skb);
++	u8 skbdesc_flags = skbdesc->flags;
++	unsigned int header_length;
++	bool success;
++
++	/*
++	 * Unmap the skb.
++	 */
++	rt2x00queue_unmap_skb(entry);
++
++	/*
++	 * Remove the extra tx headroom from the skb.
++	 */
++	skb_pull(entry->skb, rt2x00dev->extra_tx_headroom);
++
++	/*
++	 * Signal that the TX descriptor is no longer in the skb.
++	 */
++	skbdesc->flags &= ~SKBDESC_DESC_IN_SKB;
++
++	/*
++	 * Determine the length of 802.11 header.
++	 */
++	header_length = ieee80211_get_hdrlen_from_skb(entry->skb);
++
++	/*
++	 * Remove L2 padding which was added during
++	 */
++	if (rt2x00_has_cap_flag(rt2x00dev, REQUIRE_L2PAD))
++		rt2x00queue_remove_l2pad(entry->skb, header_length);
++
++	/*
++	 * If the IV/EIV data was stripped from the frame before it was
++	 * passed to the hardware, we should now reinsert it again because
++	 * mac80211 will expect the same data to be present it the
++	 * frame as it was passed to us.
++	 */
++	if (rt2x00_has_cap_hw_crypto(rt2x00dev))
++		rt2x00crypto_tx_insert_iv(entry->skb, header_length);
++
++	/*
++	 * Send frame to debugfs immediately, after this call is completed
++	 * we are going to overwrite the skb->cb array.
++	 */
++	rt2x00debug_dump_frame(rt2x00dev, DUMP_FRAME_TXDONE, entry);
++
++	/*
++	 * Determine if the frame has been successfully transmitted and
++	 * remove BARs from our check list while checking for their
++	 * TX status.
++	 */
++	success =
++	    rt2x00lib_txdone_bar_status(entry) ||
++	    test_bit(TXDONE_SUCCESS, &txdesc->flags) ||
++	    test_bit(TXDONE_UNKNOWN, &txdesc->flags);
++
++	/*
++	 * Update TX statistics.
++	 */
++	rt2x00dev->link.qual.tx_success += success;
++	rt2x00dev->link.qual.tx_failed += !success;
++
++	rt2x00lib_fill_tx_status(rt2x00dev, tx_info, skbdesc, txdesc, success);
+ 
+ 	/*
+ 	 * Only send the status report to mac80211 when it's a frame
+-- 
+2.12.1
+

package/kernel/mac80211/patches/020-11-rt2x00-separte-clearing-entry-from-rt2x00lib_txdone.patch

@@ -0,0 +1,88 @@
+From 56646adf9cd60b488ddc5633a2d9aa1f30efa5db Mon Sep 17 00:00:00 2001
+From: Stanislaw Gruszka <sgruszka@redhat.com>
+Date: Wed, 15 Feb 2017 10:25:07 +0100
+Subject: [PATCH 11/19] rt2x00: separte clearing entry from rt2x00lib_txdone
+
+This makes rt2x00lib_txdone a bit simpler and will allow to reuse
+code in different variant of txdone which I'm preparing.
+
+Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com>
+Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
+---
+ drivers/net/wireless/ralink/rt2x00/rt2x00dev.c | 51 +++++++++++++++-----------
+ 1 file changed, 29 insertions(+), 22 deletions(-)
+
+diff --git a/drivers/net/wireless/ralink/rt2x00/rt2x00dev.c b/drivers/net/wireless/ralink/rt2x00/rt2x00dev.c
+index b5d90fefc96b..03b368ac9cb6 100644
+--- a/drivers/net/wireless/ralink/rt2x00/rt2x00dev.c
++++ b/drivers/net/wireless/ralink/rt2x00/rt2x00dev.c
+@@ -391,6 +391,32 @@ static void rt2x00lib_fill_tx_status(struct rt2x00_dev *rt2x00dev,
+ 	}
+ }
+ 
++static void rt2x00lib_clear_entry(struct rt2x00_dev *rt2x00dev,
++				  struct queue_entry *entry)
++{
++	/*
++	 * Make this entry available for reuse.
++	 */
++	entry->skb = NULL;
++	entry->flags = 0;
++
++	rt2x00dev->ops->lib->clear_entry(entry);
++
++	rt2x00queue_index_inc(entry, Q_INDEX_DONE);
++
++	/*
++	 * If the data queue was below the threshold before the txdone
++	 * handler we must make sure the packet queue in the mac80211 stack
++	 * is reenabled when the txdone handler has finished. This has to be
++	 * serialized with rt2x00mac_tx(), otherwise we can wake up queue
++	 * before it was stopped.
++	 */
++	spin_lock_bh(&entry->queue->tx_lock);
++	if (!rt2x00queue_threshold(entry->queue))
++		rt2x00queue_unpause_queue(entry->queue);
++	spin_unlock_bh(&entry->queue->tx_lock);
++}
++
+ void rt2x00lib_txdone(struct queue_entry *entry,
+ 		      struct txdone_entry_desc *txdesc)
+ {
+@@ -471,30 +497,11 @@ void rt2x00lib_txdone(struct queue_entry *entry,
+ 			ieee80211_tx_status(rt2x00dev->hw, entry->skb);
+ 		else
+ 			ieee80211_tx_status_ni(rt2x00dev->hw, entry->skb);
+-	} else
++	} else {
+ 		dev_kfree_skb_any(entry->skb);
++	}
+ 
+-	/*
+-	 * Make this entry available for reuse.
+-	 */
+-	entry->skb = NULL;
+-	entry->flags = 0;
+-
+-	rt2x00dev->ops->lib->clear_entry(entry);
+-
+-	rt2x00queue_index_inc(entry, Q_INDEX_DONE);
+-
+-	/*
+-	 * If the data queue was below the threshold before the txdone
+-	 * handler we must make sure the packet queue in the mac80211 stack
+-	 * is reenabled when the txdone handler has finished. This has to be
+-	 * serialized with rt2x00mac_tx(), otherwise we can wake up queue
+-	 * before it was stopped.
+-	 */
+-	spin_lock_bh(&entry->queue->tx_lock);
+-	if (!rt2x00queue_threshold(entry->queue))
+-		rt2x00queue_unpause_queue(entry->queue);
+-	spin_unlock_bh(&entry->queue->tx_lock);
++	rt2x00lib_clear_entry(rt2x00dev, entry);
+ }
+ EXPORT_SYMBOL_GPL(rt2x00lib_txdone);
+ 
+-- 
+2.12.1
+

package/kernel/mac80211/patches/020-12-rt2x00-add-txdone-nomatch-function.patch

@@ -0,0 +1,92 @@
+From a09305d052166cb489402a63a5d275e954e0b923 Mon Sep 17 00:00:00 2001
+From: Stanislaw Gruszka <sgruszka@redhat.com>
+Date: Wed, 15 Feb 2017 10:25:08 +0100
+Subject: [PATCH 12/19] rt2x00: add txdone nomatch function
+
+This txdone nomatch function will be used when we get status from the HW,
+but we could not match it with any sent skb.
+
+Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com>
+Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
+---
+ drivers/net/wireless/ralink/rt2x00/rt2x00.h    |  2 ++
+ drivers/net/wireless/ralink/rt2x00/rt2x00dev.c | 50 ++++++++++++++++++++++++++
+ 2 files changed, 52 insertions(+)
+
+diff --git a/drivers/net/wireless/ralink/rt2x00/rt2x00.h b/drivers/net/wireless/ralink/rt2x00/rt2x00.h
+index 340787894c69..91ba10fdf732 100644
+--- a/drivers/net/wireless/ralink/rt2x00/rt2x00.h
++++ b/drivers/net/wireless/ralink/rt2x00/rt2x00.h
+@@ -1425,6 +1425,8 @@ void rt2x00lib_dmastart(struct queue_entry *entry);
+ void rt2x00lib_dmadone(struct queue_entry *entry);
+ void rt2x00lib_txdone(struct queue_entry *entry,
+ 		      struct txdone_entry_desc *txdesc);
++void rt2x00lib_txdone_nomatch(struct queue_entry *entry,
++			      struct txdone_entry_desc *txdesc);
+ void rt2x00lib_txdone_noinfo(struct queue_entry *entry, u32 status);
+ void rt2x00lib_rxdone(struct queue_entry *entry, gfp_t gfp);
+ 
+diff --git a/drivers/net/wireless/ralink/rt2x00/rt2x00dev.c b/drivers/net/wireless/ralink/rt2x00/rt2x00dev.c
+index 03b368ac9cb6..90fc259fb5bc 100644
+--- a/drivers/net/wireless/ralink/rt2x00/rt2x00dev.c
++++ b/drivers/net/wireless/ralink/rt2x00/rt2x00dev.c
+@@ -417,6 +417,56 @@ static void rt2x00lib_clear_entry(struct rt2x00_dev *rt2x00dev,
+ 	spin_unlock_bh(&entry->queue->tx_lock);
+ }
+ 
++void rt2x00lib_txdone_nomatch(struct queue_entry *entry,
++			      struct txdone_entry_desc *txdesc)
++{
++	struct rt2x00_dev *rt2x00dev = entry->queue->rt2x00dev;
++	struct skb_frame_desc *skbdesc = get_skb_frame_desc(entry->skb);
++	struct ieee80211_tx_info txinfo = {};
++	bool success;
++
++	/*
++	 * Unmap the skb.
++	 */
++	rt2x00queue_unmap_skb(entry);
++
++	/*
++	 * Signal that the TX descriptor is no longer in the skb.
++	 */
++	skbdesc->flags &= ~SKBDESC_DESC_IN_SKB;
++
++	/*
++	 * Send frame to debugfs immediately, after this call is completed
++	 * we are going to overwrite the skb->cb array.
++	 */
++	rt2x00debug_dump_frame(rt2x00dev, DUMP_FRAME_TXDONE, entry);
++
++	/*
++	 * Determine if the frame has been successfully transmitted and
++	 * remove BARs from our check list while checking for their
++	 * TX status.
++	 */
++	success =
++	    rt2x00lib_txdone_bar_status(entry) ||
++	    test_bit(TXDONE_SUCCESS, &txdesc->flags);
++
++	if (!test_bit(TXDONE_UNKNOWN, &txdesc->flags)) {
++		/*
++		 * Update TX statistics.
++		 */
++		rt2x00dev->link.qual.tx_success += success;
++		rt2x00dev->link.qual.tx_failed += !success;
++
++		rt2x00lib_fill_tx_status(rt2x00dev, &txinfo, skbdesc, txdesc,
++					 success);
++		ieee80211_tx_status_noskb(rt2x00dev->hw, skbdesc->sta, &txinfo);
++	}
++
++	dev_kfree_skb_any(entry->skb);
++	rt2x00lib_clear_entry(rt2x00dev, entry);
++}
++EXPORT_SYMBOL_GPL(rt2x00lib_txdone_nomatch);
++
+ void rt2x00lib_txdone(struct queue_entry *entry,
+ 		      struct txdone_entry_desc *txdesc)
+ {
+-- 
+2.12.1
+

package/kernel/mac80211/patches/020-13-rt2x00-fixup-fill_tx_status-for-nomatch-case.patch

@@ -0,0 +1,54 @@
+From ec80ad70d778af7665992672896633ebd3b02ac8 Mon Sep 17 00:00:00 2001
+From: Stanislaw Gruszka <sgruszka@redhat.com>
+Date: Wed, 15 Feb 2017 10:25:09 +0100
+Subject: [PATCH 13/19] rt2x00: fixup fill_tx_status for nomatch case
+
+Add bits rt2x00lib_fill_tx_status() when filling status in nomatch
+case and hopefully do not break the function for existing cases.
+
+Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com>
+Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
+---
+ drivers/net/wireless/ralink/rt2x00/rt2x00dev.c   | 6 +++++-
+ drivers/net/wireless/ralink/rt2x00/rt2x00queue.h | 1 +
+ 2 files changed, 6 insertions(+), 1 deletion(-)
+
+diff --git a/drivers/net/wireless/ralink/rt2x00/rt2x00dev.c b/drivers/net/wireless/ralink/rt2x00/rt2x00dev.c
+index 90fc259fb5bc..e95d2aad3b3f 100644
+--- a/drivers/net/wireless/ralink/rt2x00/rt2x00dev.c
++++ b/drivers/net/wireless/ralink/rt2x00/rt2x00dev.c
+@@ -357,6 +357,9 @@ static void rt2x00lib_fill_tx_status(struct rt2x00_dev *rt2x00dev,
+ 	if (i < (IEEE80211_TX_MAX_RATES - 1))
+ 		tx_info->status.rates[i].idx = -1; /* terminate */
+ 
++	if (test_bit(TXDONE_NO_ACK_REQ, &txdesc->flags))
++		tx_info->flags |= IEEE80211_TX_CTL_NO_ACK;
++
+ 	if (!(tx_info->flags & IEEE80211_TX_CTL_NO_ACK)) {
+ 		if (success)
+ 			tx_info->flags |= IEEE80211_TX_STAT_ACK;
+@@ -375,7 +378,8 @@ static void rt2x00lib_fill_tx_status(struct rt2x00_dev *rt2x00dev,
+ 	 */
+ 	if (test_bit(TXDONE_AMPDU, &txdesc->flags) ||
+ 	    tx_info->flags & IEEE80211_TX_CTL_AMPDU) {
+-		tx_info->flags |= IEEE80211_TX_STAT_AMPDU;
++		tx_info->flags |= IEEE80211_TX_STAT_AMPDU |
++				  IEEE80211_TX_CTL_AMPDU;
+ 		tx_info->status.ampdu_len = 1;
+ 		tx_info->status.ampdu_ack_len = success ? 1 : 0;
+ 
+diff --git a/drivers/net/wireless/ralink/rt2x00/rt2x00queue.h b/drivers/net/wireless/ralink/rt2x00/rt2x00queue.h
+index 9b297fce4692..c78fb8c8838a 100644
+--- a/drivers/net/wireless/ralink/rt2x00/rt2x00queue.h
++++ b/drivers/net/wireless/ralink/rt2x00/rt2x00queue.h
+@@ -215,6 +215,7 @@ enum txdone_entry_desc_flags {
+ 	TXDONE_FAILURE,
+ 	TXDONE_EXCESSIVE_RETRY,
+ 	TXDONE_AMPDU,
++	TXDONE_NO_ACK_REQ,
+ };
+ 
+ /**
+-- 
+2.12.1
+

package/kernel/mac80211/patches/020-14-rt2x00-use-txdone_nomatch-on-rt2800usb.patch

@@ -0,0 +1,191 @@
+From 293dff78ee058ec1e0b90e05a803c512b6a2097f Mon Sep 17 00:00:00 2001
+From: Stanislaw Gruszka <sgruszka@redhat.com>
+Date: Wed, 15 Feb 2017 10:25:10 +0100
+Subject: [PATCH 14/19] rt2x00: use txdone_nomatch on rt2800usb
+
+If we do not match skb entry, provide tx status via nomatch procedure.
+
+Currently in that case we do rt2x00lib_txdone_noinfo(TXDONE_NOINFO),
+which actually assume that entry->skb was posted without retries and
+provide rate saved in skb desc as successful. Patch changed that to
+rate read from TX_STAT_FIFO, however still do not provide correct
+number of retries.
+
+On SoC/PCI devices we keep providing status via standard txdone
+procedure, no change in those devices, though we should thing about it.
+
+Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com>
+Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
+---
+ drivers/net/wireless/ralink/rt2x00/rt2800lib.c  | 31 ++++++++++++++++++++-----
+ drivers/net/wireless/ralink/rt2x00/rt2800lib.h  |  3 ++-
+ drivers/net/wireless/ralink/rt2x00/rt2800mmio.c |  2 +-
+ drivers/net/wireless/ralink/rt2x00/rt2800usb.c  | 18 ++++++--------
+ 4 files changed, 35 insertions(+), 19 deletions(-)
+
+diff --git a/drivers/net/wireless/ralink/rt2x00/rt2800lib.c b/drivers/net/wireless/ralink/rt2x00/rt2800lib.c
+index 46405cce35e0..4a7bec708a13 100644
+--- a/drivers/net/wireless/ralink/rt2x00/rt2800lib.c
++++ b/drivers/net/wireless/ralink/rt2x00/rt2800lib.c
+@@ -852,7 +852,8 @@ void rt2800_process_rxwi(struct queue_entry *entry,
+ }
+ EXPORT_SYMBOL_GPL(rt2800_process_rxwi);
+ 
+-void rt2800_txdone_entry(struct queue_entry *entry, u32 status, __le32 *txwi)
++void rt2800_txdone_entry(struct queue_entry *entry, u32 status, __le32 *txwi,
++			 bool match)
+ {
+ 	struct rt2x00_dev *rt2x00dev = entry->queue->rt2x00dev;
+ 	struct rt2800_drv_data *drv_data = rt2x00dev->drv_data;
+@@ -860,8 +861,7 @@ void rt2800_txdone_entry(struct queue_entry *entry, u32 status, __le32 *txwi)
+ 	struct txdone_entry_desc txdesc;
+ 	u32 word;
+ 	u16 mcs, real_mcs;
+-	int aggr, ampdu;
+-	int wcid;
++	int aggr, ampdu, wcid, ack_req;
+ 
+ 	/*
+ 	 * Obtain the status about this packet.
+@@ -875,6 +875,7 @@ void rt2800_txdone_entry(struct queue_entry *entry, u32 status, __le32 *txwi)
+ 	real_mcs = rt2x00_get_field32(status, TX_STA_FIFO_MCS);
+ 	aggr = rt2x00_get_field32(status, TX_STA_FIFO_TX_AGGRE);
+ 	wcid = rt2x00_get_field32(status, TX_STA_FIFO_WCID);
++	ack_req	= rt2x00_get_field32(status, TX_STA_FIFO_TX_ACK_REQUIRED);
+ 
+ 	/*
+ 	 * If a frame was meant to be sent as a single non-aggregated MPDU
+@@ -891,8 +892,12 @@ void rt2800_txdone_entry(struct queue_entry *entry, u32 status, __le32 *txwi)
+ 	 * Hence, replace the requested rate with the real tx rate to not
+ 	 * confuse the rate control algortihm by providing clearly wrong
+ 	 * data.
+-	 */
+-	if (unlikely(aggr == 1 && ampdu == 0 && real_mcs != mcs)) {
++	 *
++	 * FIXME: if we do not find matching entry, we tell that frame was
++	 * posted without any retries. We need to find a way to fix that
++	 * and provide retry count.
++ 	 */
++	if (unlikely((aggr == 1 && ampdu == 0 && real_mcs != mcs)) || !match) {
+ 		skbdesc->tx_rate_idx = real_mcs;
+ 		mcs = real_mcs;
+ 	}
+@@ -900,6 +905,9 @@ void rt2800_txdone_entry(struct queue_entry *entry, u32 status, __le32 *txwi)
+ 	if (aggr == 1 || ampdu == 1)
+ 		__set_bit(TXDONE_AMPDU, &txdesc.flags);
+ 
++	if (!ack_req)
++		__set_bit(TXDONE_NO_ACK_REQ, &txdesc.flags);
++
+ 	/*
+ 	 * Ralink has a retry mechanism using a global fallback
+ 	 * table. We setup this fallback table to try the immediate
+@@ -931,7 +939,18 @@ void rt2800_txdone_entry(struct queue_entry *entry, u32 status, __le32 *txwi)
+ 	if (txdesc.retry)
+ 		__set_bit(TXDONE_FALLBACK, &txdesc.flags);
+ 
+-	rt2x00lib_txdone(entry, &txdesc);
++	if (!match) {
++		/* RCU assures non-null sta will not be freed by mac80211. */
++		rcu_read_lock();
++		if (likely(wcid >= WCID_START && wcid <= WCID_END))
++			skbdesc->sta = drv_data->wcid_to_sta[wcid - WCID_START];
++		else
++			skbdesc->sta = NULL;
++		rt2x00lib_txdone_nomatch(entry, &txdesc);
++		rcu_read_unlock();
++	} else {
++		rt2x00lib_txdone(entry, &txdesc);
++	}
+ }
+ EXPORT_SYMBOL_GPL(rt2800_txdone_entry);
+ 
+diff --git a/drivers/net/wireless/ralink/rt2x00/rt2800lib.h b/drivers/net/wireless/ralink/rt2x00/rt2800lib.h
+index 6811d677a6e7..d9ef260d542a 100644
+--- a/drivers/net/wireless/ralink/rt2x00/rt2800lib.h
++++ b/drivers/net/wireless/ralink/rt2x00/rt2800lib.h
+@@ -191,7 +191,8 @@ void rt2800_write_tx_data(struct queue_entry *entry,
+ 			  struct txentry_desc *txdesc);
+ void rt2800_process_rxwi(struct queue_entry *entry, struct rxdone_entry_desc *txdesc);
+ 
+-void rt2800_txdone_entry(struct queue_entry *entry, u32 status, __le32* txwi);
++void rt2800_txdone_entry(struct queue_entry *entry, u32 status, __le32 *txwi,
++			 bool match);
+ 
+ void rt2800_write_beacon(struct queue_entry *entry, struct txentry_desc *txdesc);
+ void rt2800_clear_beacon(struct queue_entry *entry);
+diff --git a/drivers/net/wireless/ralink/rt2x00/rt2800mmio.c b/drivers/net/wireless/ralink/rt2x00/rt2800mmio.c
+index de4790b41be7..3ab3b5323897 100644
+--- a/drivers/net/wireless/ralink/rt2x00/rt2800mmio.c
++++ b/drivers/net/wireless/ralink/rt2x00/rt2800mmio.c
+@@ -239,7 +239,7 @@ static bool rt2800mmio_txdone_release_entries(struct queue_entry *entry,
+ {
+ 	if (test_bit(ENTRY_DATA_STATUS_SET, &entry->flags)) {
+ 		rt2800_txdone_entry(entry, entry->status,
+-				    rt2800mmio_get_txwi(entry));
++				    rt2800mmio_get_txwi(entry), true);
+ 		return false;
+ 	}
+ 
+diff --git a/drivers/net/wireless/ralink/rt2x00/rt2800usb.c b/drivers/net/wireless/ralink/rt2x00/rt2800usb.c
+index 205a7b8ac8a7..f11e3f532a84 100644
+--- a/drivers/net/wireless/ralink/rt2x00/rt2800usb.c
++++ b/drivers/net/wireless/ralink/rt2x00/rt2800usb.c
+@@ -501,8 +501,7 @@ static int rt2800usb_get_tx_data_len(struct queue_entry *entry)
+ /*
+  * TX control handlers
+  */
+-static enum txdone_entry_desc_flags
+-rt2800usb_txdone_entry_check(struct queue_entry *entry, u32 reg)
++static bool rt2800usb_txdone_entry_check(struct queue_entry *entry, u32 reg)
+ {
+ 	__le32 *txwi;
+ 	u32 word;
+@@ -515,7 +514,7 @@ rt2800usb_txdone_entry_check(struct queue_entry *entry, u32 reg)
+ 	 * frame.
+ 	 */
+ 	if (test_bit(ENTRY_DATA_IO_FAILED, &entry->flags))
+-		return TXDONE_FAILURE;
++		return false;
+ 
+ 	wcid	= rt2x00_get_field32(reg, TX_STA_FIFO_WCID);
+ 	ack	= rt2x00_get_field32(reg, TX_STA_FIFO_TX_ACK_REQUIRED);
+@@ -537,10 +536,10 @@ rt2800usb_txdone_entry_check(struct queue_entry *entry, u32 reg)
+ 		rt2x00_dbg(entry->queue->rt2x00dev,
+ 			   "TX status report missed for queue %d entry %d\n",
+ 			   entry->queue->qid, entry->entry_idx);
+-		return TXDONE_UNKNOWN;
++		return false;
+ 	}
+ 
+-	return TXDONE_SUCCESS;
++	return true;
+ }
+ 
+ static void rt2800usb_txdone(struct rt2x00_dev *rt2x00dev)
+@@ -549,7 +548,7 @@ static void rt2800usb_txdone(struct rt2x00_dev *rt2x00dev)
+ 	struct queue_entry *entry;
+ 	u32 reg;
+ 	u8 qid;
+-	enum txdone_entry_desc_flags done_status;
++	bool match;
+ 
+ 	while (kfifo_get(&rt2x00dev->txstatus_fifo, &reg)) {
+ 		/*
+@@ -574,11 +573,8 @@ static void rt2800usb_txdone(struct rt2x00_dev *rt2x00dev)
+ 			break;
+ 		}
+ 
+-		done_status = rt2800usb_txdone_entry_check(entry, reg);
+-		if (likely(done_status == TXDONE_SUCCESS))
+-			rt2800_txdone_entry(entry, reg, rt2800usb_get_txwi(entry));
+-		else
+-			rt2x00lib_txdone_noinfo(entry, done_status);
++		match = rt2800usb_txdone_entry_check(entry, reg);
++		rt2800_txdone_entry(entry, reg, rt2800usb_get_txwi(entry), match);
+ 	}
+ }
+ 
+-- 
+2.12.1
+

package/kernel/mac80211/patches/020-15-rt2800-status-based-rate-flags-for-nomatch-case.patch

@@ -0,0 +1,88 @@
+From 9d7a7a4d2b02bcd30fb5fe4270278212353cc332 Mon Sep 17 00:00:00 2001
+From: Stanislaw Gruszka <sgruszka@redhat.com>
+Date: Wed, 15 Feb 2017 10:25:11 +0100
+Subject: [PATCH 15/19] rt2800: status based rate flags for nomatch case
+
+We use skb_desc->tx_rate_flags from entry as rate[].flags even if
+skb does not match status. Patch corrects flags and also fixes
+mcs for legacy rates.
+
+rt2800_rate_from_status() is based on Felix's mt76
+mt76x2_mac_process_tx_rate() function.
+
+Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com>
+Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
+---
+ drivers/net/wireless/ralink/rt2x00/rt2800.h    |  2 ++
+ drivers/net/wireless/ralink/rt2x00/rt2800lib.c | 35 +++++++++++++++++++++++++-
+ 2 files changed, 36 insertions(+), 1 deletion(-)
+
+diff --git a/drivers/net/wireless/ralink/rt2x00/rt2800.h b/drivers/net/wireless/ralink/rt2x00/rt2800.h
+index 0e7051d8132f..480b08601785 100644
+--- a/drivers/net/wireless/ralink/rt2x00/rt2800.h
++++ b/drivers/net/wireless/ralink/rt2x00/rt2800.h
+@@ -1760,6 +1760,8 @@
+ #define TX_STA_FIFO_WCID		FIELD32(0x0000ff00)
+ #define TX_STA_FIFO_SUCCESS_RATE	FIELD32(0xffff0000)
+ #define TX_STA_FIFO_MCS			FIELD32(0x007f0000)
++#define TX_STA_FIFO_BW			FIELD32(0x00800000)
++#define TX_STA_FIFO_SGI			FIELD32(0x01000000)
+ #define TX_STA_FIFO_PHYMODE		FIELD32(0xc0000000)
+ 
+ /*
+diff --git a/drivers/net/wireless/ralink/rt2x00/rt2800lib.c b/drivers/net/wireless/ralink/rt2x00/rt2800lib.c
+index 4a7bec708a13..8d00c599e47a 100644
+--- a/drivers/net/wireless/ralink/rt2x00/rt2800lib.c
++++ b/drivers/net/wireless/ralink/rt2x00/rt2800lib.c
+@@ -852,6 +852,39 @@ void rt2800_process_rxwi(struct queue_entry *entry,
+ }
+ EXPORT_SYMBOL_GPL(rt2800_process_rxwi);
+ 
++static void rt2800_rate_from_status(struct skb_frame_desc *skbdesc,
++				    u32 status, enum nl80211_band band)
++{
++	u8 flags = 0;
++	u8 idx = rt2x00_get_field32(status, TX_STA_FIFO_MCS);
++
++	switch (rt2x00_get_field32(status, TX_STA_FIFO_PHYMODE)) {
++	case RATE_MODE_HT_GREENFIELD:
++		flags |= IEEE80211_TX_RC_GREEN_FIELD;
++		/* fall through */
++	case RATE_MODE_HT_MIX:
++		flags |= IEEE80211_TX_RC_MCS;
++		break;
++	case RATE_MODE_OFDM:
++		if (band == NL80211_BAND_2GHZ)
++			idx += 4;
++		break;
++	case RATE_MODE_CCK:
++		if (idx >= 8)
++			idx -= 8;
++		break;
++	}
++
++	if (rt2x00_get_field32(status, TX_STA_FIFO_BW))
++		flags |= IEEE80211_TX_RC_40_MHZ_WIDTH;
++
++	if (rt2x00_get_field32(status, TX_STA_FIFO_SGI))
++		flags |= IEEE80211_TX_RC_SHORT_GI;
++
++	skbdesc->tx_rate_idx = idx;
++	skbdesc->tx_rate_flags = flags;
++}
++
+ void rt2800_txdone_entry(struct queue_entry *entry, u32 status, __le32 *txwi,
+ 			 bool match)
+ {
+@@ -898,7 +931,7 @@ void rt2800_txdone_entry(struct queue_entry *entry, u32 status, __le32 *txwi,
+ 	 * and provide retry count.
+  	 */
+ 	if (unlikely((aggr == 1 && ampdu == 0 && real_mcs != mcs)) || !match) {
+-		skbdesc->tx_rate_idx = real_mcs;
++		rt2800_rate_from_status(skbdesc, status, rt2x00dev->curr_band);
+ 		mcs = real_mcs;
+ 	}
+ 
+-- 
+2.12.1
+

package/kernel/mac80211/patches/020-16-rt2800-use-TXOP_BACKOFF-for-probe-frames.patch

@@ -0,0 +1,43 @@
+From fb47ada8dc3c30c8e7b415da155742b49536c61e Mon Sep 17 00:00:00 2001
+From: Stanislaw Gruszka <sgruszka@redhat.com>
+Date: Wed, 15 Feb 2017 10:25:12 +0100
+Subject: [PATCH 16/19] rt2800: use TXOP_BACKOFF for probe frames
+
+Even if we do not set AMPDU bit in TXWI, device still can aggregate
+frame and send it with rate not corresponding to requested. That mean
+we can do not sent probe frames with requested rate. To prevent that
+use TXOP_BACKOFF for probe frames.
+
+Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com>
+Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
+---
+ drivers/net/wireless/ralink/rt2x00/rt2x00queue.c | 7 ++++---
+ 1 file changed, 4 insertions(+), 3 deletions(-)
+
+diff --git a/drivers/net/wireless/ralink/rt2x00/rt2x00queue.c b/drivers/net/wireless/ralink/rt2x00/rt2x00queue.c
+index e1660b92b20c..a2c1ca5c76d1 100644
+--- a/drivers/net/wireless/ralink/rt2x00/rt2x00queue.c
++++ b/drivers/net/wireless/ralink/rt2x00/rt2x00queue.c
+@@ -372,15 +372,16 @@ static void rt2x00queue_create_tx_descriptor_ht(struct rt2x00_dev *rt2x00dev,
+ 
+ 	/*
+ 	 * Determine IFS values
+-	 * - Use TXOP_BACKOFF for management frames except beacons
++	 * - Use TXOP_BACKOFF for probe and management frames except beacons
+ 	 * - Use TXOP_SIFS for fragment bursts
+ 	 * - Use TXOP_HTTXOP for everything else
+ 	 *
+ 	 * Note: rt2800 devices won't use CTS protection (if used)
+ 	 * for frames not transmitted with TXOP_HTTXOP
+ 	 */
+-	if (ieee80211_is_mgmt(hdr->frame_control) &&
+-	    !ieee80211_is_beacon(hdr->frame_control))
++	if ((ieee80211_is_mgmt(hdr->frame_control) &&
++	     !ieee80211_is_beacon(hdr->frame_control)) ||
++	    (tx_info->flags & IEEE80211_TX_CTL_RATE_CTRL_PROBE))
+ 		txdesc->u.ht.txop = TXOP_BACKOFF;
+ 	else if (!(tx_info->flags & IEEE80211_TX_CTL_FIRST_FRAGMENT))
+ 		txdesc->u.ht.txop = TXOP_SIFS;
+-- 
+2.12.1
+

package/kernel/mac80211/patches/020-17-rt2x00-fix-rt2x00debug_dump_frame-comment.patch

@@ -0,0 +1,28 @@
+From dd35cc0896faff5ed9d22eac9ea4a1920e2eec0c Mon Sep 17 00:00:00 2001
+From: Stanislaw Gruszka <sgruszka@redhat.com>
+Date: Wed, 15 Feb 2017 10:25:13 +0100
+Subject: [PATCH 17/19] rt2x00: fix rt2x00debug_dump_frame comment
+
+Reported-by: Jeroen Roovers <jer@airfi.aero>
+Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com>
+Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
+---
+ drivers/net/wireless/ralink/rt2x00/rt2x00.h | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/drivers/net/wireless/ralink/rt2x00/rt2x00.h b/drivers/net/wireless/ralink/rt2x00/rt2x00.h
+index 91ba10fdf732..ce340bfd71a0 100644
+--- a/drivers/net/wireless/ralink/rt2x00/rt2x00.h
++++ b/drivers/net/wireless/ralink/rt2x00/rt2x00.h
+@@ -1396,7 +1396,7 @@ void rt2x00queue_flush_queues(struct rt2x00_dev *rt2x00dev, bool drop);
+  * rt2x00debug_dump_frame - Dump a frame to userspace through debugfs.
+  * @rt2x00dev: Pointer to &struct rt2x00_dev.
+  * @type: The type of frame that is being dumped.
+- * @skb: The skb containing the frame to be dumped.
++ * @entry: The queue entry containing the frame to be dumped.
+  */
+ #ifdef CPTCFG_RT2X00_LIB_DEBUGFS
+ void rt2x00debug_dump_frame(struct rt2x00_dev *rt2x00dev,
+-- 
+2.12.1
+

package/kernel/mac80211/patches/020-18-rt2x00-fix-TX_PWR_CFG_4-register-definition.patch

@@ -0,0 +1,37 @@
+From 5ce33b603063f36272fcfb1b4a5fde69f46eca88 Mon Sep 17 00:00:00 2001
+From: Daniel Golle <daniel@makrotopia.org>
+Date: Thu, 9 Mar 2017 00:54:22 +0100
+Subject: [PATCH 18/19] rt2x00: fix TX_PWR_CFG_4 register definition
+
+Some of the macros used to describe the TX_PWR_CFG_4 register accidentally
+refer to TX_PWR_CFG_3, probably a copy&paste error. Fix that.
+
+Signed-off-by: Daniel Golle <daniel@makrotopia.org>
+Acked-by: Stanislaw Gruszka <sgruszka@redhat.com>
+Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
+---
+ drivers/net/wireless/ralink/rt2x00/rt2800.h | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/drivers/net/wireless/ralink/rt2x00/rt2800.h b/drivers/net/wireless/ralink/rt2x00/rt2800.h
+index 480b08601785..fd1dbd956bad 100644
+--- a/drivers/net/wireless/ralink/rt2x00/rt2800.h
++++ b/drivers/net/wireless/ralink/rt2x00/rt2800.h
+@@ -1171,10 +1171,10 @@
+ #define TX_PWR_CFG_4_UKNOWN7		FIELD32(0x00000f00)
+ #define TX_PWR_CFG_4_UKNOWN8		FIELD32(0x0000f000)
+ /* bits for 3T devices */
+-#define TX_PWR_CFG_3_STBC4_CH0		FIELD32(0x0000000f)
+-#define TX_PWR_CFG_3_STBC4_CH1		FIELD32(0x000000f0)
+-#define TX_PWR_CFG_3_STBC6_CH0		FIELD32(0x00000f00)
+-#define TX_PWR_CFG_3_STBC6_CH1		FIELD32(0x0000f000)
++#define TX_PWR_CFG_4_STBC4_CH0		FIELD32(0x0000000f)
++#define TX_PWR_CFG_4_STBC4_CH1		FIELD32(0x000000f0)
++#define TX_PWR_CFG_4_STBC6_CH0		FIELD32(0x00000f00)
++#define TX_PWR_CFG_4_STBC6_CH1		FIELD32(0x0000f000)
+ 
+ /*
+  * TX_PIN_CFG:
+-- 
+2.12.1
+

package/kernel/mac80211/patches/021-01-rt2800-fix-LNA-gain-assignment-for-MT7620.patch

@@ -0,0 +1,54 @@
+From 0109238d62a99ea779a7e28e21868118e7b8d69d Mon Sep 17 00:00:00 2001
+From: Daniel Golle <daniel@makrotopia.org>
+Date: Mon, 10 Apr 2017 14:28:14 +0200
+Subject: [PATCH 1/2] rt2800: fix LNA gain assignment for MT7620
+To: Stanislaw Gruszka <sgruszka@redhat.com>
+Cc: Helmut Schaa <helmut.schaa@googlemail.com>,
+    linux-wireless@vger.kernel.org,
+    Kalle Valo <kvalo@codeaurora.org>
+
+The base value used for MT7620 differs from Rt5392 which resulted in
+quite bad RX signal quality. Fix this by using the correct base value as
+well as the LNA calibration values for HT20.
+
+Reported-by: Tom Psyborg <pozega.tomislav@gmail.com>
+Signed-off-by: Daniel Golle <daniel@makrotopia.org>
+---
+ drivers/net/wireless/ralink/rt2x00/rt2800lib.c | 18 ++++++++++++++++--
+ 1 file changed, 16 insertions(+), 2 deletions(-)
+
+diff --git a/drivers/net/wireless/ralink/rt2x00/rt2800lib.c b/drivers/net/wireless/ralink/rt2x00/rt2800lib.c
+index ba06ac2d876d..7135519a638c 100644
+--- a/drivers/net/wireless/ralink/rt2x00/rt2800lib.c
++++ b/drivers/net/wireless/ralink/rt2x00/rt2800lib.c
+@@ -3806,11 +3806,25 @@ static void rt2800_config_channel(struct rt2x00_dev *rt2x00dev,
+ 	}
+ 
+ 	if (rt2x00_rt(rt2x00dev, RT5592) || rt2x00_rt(rt2x00dev, RT6352)) {
++		reg = 0x10;
++		if (!conf_is_ht40(conf)) {
++			if (rt2x00_rt(rt2x00dev, RT6352) &&
++			    rt2x00_has_cap_external_lna_bg(rt2x00dev)) {
++				reg |= 0x5;
++			} else {
++				reg |= 0xa;
++			}
++		}
+ 		rt2800_bbp_write(rt2x00dev, 195, 141);
+-		rt2800_bbp_write(rt2x00dev, 196, conf_is_ht40(conf) ? 0x10 : 0x1a);
++		rt2800_bbp_write(rt2x00dev, 196, reg);
+ 
+ 		/* AGC init */
+-		reg = (rf->channel <= 14 ? 0x1c : 0x24) + 2 * rt2x00dev->lna_gain;
++		if (rt2x00_rt(rt2x00dev, RT6352))
++			reg = 0x04;
++		else
++			reg = rf->channel <= 14 ? 0x1c : 0x24;
++
++		reg += 2 * rt2x00dev->lna_gain;
+ 		rt2800_bbp_write_with_rx_chain(rt2x00dev, 66, reg);
+ 
+ 		rt2800_iq_calibrate(rt2x00dev, rf->channel);
+-- 
+2.12.2
+

package/kernel/mac80211/patches/021-02-rt2800-do-VCO-calibration-after-programming-ALC.patch

@@ -0,0 +1,34 @@
+From feb608c7986c14bab153f31f8e96f251072e6578 Mon Sep 17 00:00:00 2001
+From: Daniel Golle <daniel@makrotopia.org>
+Date: Mon, 10 Apr 2017 15:33:20 +0200
+Subject: [PATCH 2/2] rt2800: do VCO calibration after programming ALC
+To: Stanislaw Gruszka <sgruszka@redhat.com>
+Cc: Helmut Schaa <helmut.schaa@googlemail.com>,
+    linux-wireless@vger.kernel.org,
+    Kalle Valo <kvalo@codeaurora.org>
+
+Scanning fails if we don't do VCO calibration every time.
+The vendor driver duplicates the VCO calibration function into the
+channel switching logic, we can do the same with less duplication.
+
+Signed-off-by: Daniel Golle <daniel@makrotopia.org>
+---
+ drivers/net/wireless/ralink/rt2x00/rt2800lib.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/drivers/net/wireless/ralink/rt2x00/rt2800lib.c b/drivers/net/wireless/ralink/rt2x00/rt2800lib.c
+index 7135519a638c..870bf315f98b 100644
+--- a/drivers/net/wireless/ralink/rt2x00/rt2800lib.c
++++ b/drivers/net/wireless/ralink/rt2x00/rt2800lib.c
+@@ -3407,6 +3407,8 @@ static void rt2800_config_alc(struct rt2x00_dev *rt2x00dev,
+ 			rt2800_rfcsr_write(rt2x00dev, 42, 0x5b);
+ 	}
+ 	rt2800_register_write(rt2x00dev, MAC_SYS_CTRL, mac_sys_ctrl);
++
++	rt2800_vco_calibration(rt2x00dev);
+ }
+ 
+ static void rt2800_bbp_write_with_rx_chain(struct rt2x00_dev *rt2x00dev,
+-- 
+2.12.2
+

package/kernel/mac80211/patches/021-03-rt2800-fix-mt7620-vco-calibration-registers.patch

@@ -0,0 +1,50 @@
+From 02c452f317b4a4d06c433c294e66896a389731c1 Mon Sep 17 00:00:00 2001
+From: Daniel Golle <daniel@makrotopia.org>
+Date: Tue, 18 Apr 2017 11:09:53 +0200
+Subject: [PATCH] rt2800: fix mt7620 vco calibration registers
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+To: Stanislaw Gruszka <sgruszka@redhat.com>
+Cc: Helmut Schaa <helmut.schaa@googlemail.com>,
+    linux-wireless@vger.kernel.org,
+    Kalle Valo <kvalo@codeaurora.org>,
+    Tom Psyborg <pozega.tomislav@gmail.com>
+
+Use register values from init LNA function instead of the ones from
+restore LNA function. Apply register values based on rx path
+configuration.
+
+Signed-off-by: Tomislav Požega <pozega.tomislav@gmail.com>
+Signed-off-by: Daniel Golle <daniel@makrotopia.org>
+---
+ drivers/net/wireless/ralink/rt2x00/rt2800lib.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/drivers/net/wireless/ralink/rt2x00/rt2800lib.c b/drivers/net/wireless/ralink/rt2x00/rt2800lib.c
+index 870bf315f98b..86cffee6876a 100644
+--- a/drivers/net/wireless/ralink/rt2x00/rt2800lib.c
++++ b/drivers/net/wireless/ralink/rt2x00/rt2800lib.c
+@@ -4932,7 +4932,7 @@ void rt2800_vco_calibration(struct rt2x00_dev *rt2x00dev)
+ 	rt2800_register_write(rt2x00dev, TX_PIN_CFG, tx_pin);
+ 
+ 	if (rt2x00_rt(rt2x00dev, RT6352)) {
+-		if (rt2x00dev->default_ant.tx_chain_num == 1) {
++		if (rt2x00dev->default_ant.rx_chain_num == 1) {
+ 			rt2800_bbp_write(rt2x00dev, 91, 0x07);
+ 			rt2800_bbp_write(rt2x00dev, 95, 0x1A);
+ 			rt2800_bbp_write(rt2x00dev, 195, 128);
+@@ -4953,8 +4953,8 @@ void rt2800_vco_calibration(struct rt2x00_dev *rt2x00dev)
+ 		}
+ 
+ 		if (rt2x00_has_cap_external_lna_bg(rt2x00dev)) {
+-			rt2800_bbp_write(rt2x00dev, 75, 0x60);
+-			rt2800_bbp_write(rt2x00dev, 76, 0x44);
++			rt2800_bbp_write(rt2x00dev, 75, 0x68);
++			rt2800_bbp_write(rt2x00dev, 76, 0x4C);
+ 			rt2800_bbp_write(rt2x00dev, 79, 0x1C);
+ 			rt2800_bbp_write(rt2x00dev, 80, 0x0C);
+ 			rt2800_bbp_write(rt2x00dev, 82, 0xB6);
+-- 
+2.12.2
+

package/kernel/mac80211/patches/021-04-rt2800-fix-mt7620-E2-channel-registers.patch

@@ -0,0 +1,41 @@
+From c426cb0ed15ee12dfdc8c53ddd1449ac617023cf Mon Sep 17 00:00:00 2001
+From: Daniel Golle <daniel@makrotopia.org>
+Date: Tue, 18 Apr 2017 11:45:37 +0200
+Subject: [PATCH] rt2800: fix mt7620 E2 channel registers
+To: Stanislaw Gruszka <sgruszka@redhat.com>
+Cc: Helmut Schaa <helmut.schaa@googlemail.com>,
+    linux-wireless@vger.kernel.org,
+    Kalle Valo <kvalo@codeaurora.org>,
+    Tom Psyborg <pozega.tomislav@gmail.com>
+
+From: Tomislav Požega <pozega.tomislav@gmail.com>
+
+update RF register 47 and 54 values according to vendor driver
+
+Signed-off-by: Tomislav Požega <pozega.tomislav@gmail.com>
+Signed-off-by: Daniel Golle <daniel@makrotopia.org>
+---
+ drivers/net/wireless/ralink/rt2x00/rt2800lib.c | 6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+diff --git a/drivers/net/wireless/ralink/rt2x00/rt2800lib.c b/drivers/net/wireless/ralink/rt2x00/rt2800lib.c
+index 86cffee6876a..8585cdc3de53 100644
+--- a/drivers/net/wireless/ralink/rt2x00/rt2800lib.c
++++ b/drivers/net/wireless/ralink/rt2x00/rt2800lib.c
+@@ -8145,9 +8145,11 @@ static void rt2800_init_rfcsr_6352(struct rt2x00_dev *rt2x00dev)
+ 	rt2800_rfcsr_write_chanreg(rt2x00dev, 44, 0xB3);
+ 	rt2800_rfcsr_write_chanreg(rt2x00dev, 45, 0xD5);
+ 	rt2800_rfcsr_write_chanreg(rt2x00dev, 46, 0x27);
+-	rt2800_rfcsr_write_chanreg(rt2x00dev, 47, 0x69);
++	rt2800_rfcsr_write_bank(rt2x00dev, 4, 47, 0x67);
++	rt2800_rfcsr_write_bank(rt2x00dev, 6, 47, 0x69);
+ 	rt2800_rfcsr_write_chanreg(rt2x00dev, 48, 0xFF);
+-	rt2800_rfcsr_write_chanreg(rt2x00dev, 54, 0x20);
++	rt2800_rfcsr_write_bank(rt2x00dev, 4, 54, 0x27);
++	rt2800_rfcsr_write_bank(rt2x00dev, 6, 54, 0x20);
+ 	rt2800_rfcsr_write_chanreg(rt2x00dev, 55, 0x66);
+ 	rt2800_rfcsr_write_chanreg(rt2x00dev, 56, 0xFF);
+ 	rt2800_rfcsr_write_chanreg(rt2x00dev, 57, 0x1C);
+-- 
+2.12.2
+

package/kernel/mac80211/patches/030-rt2x00_options.patch

@@ -29,7 +29,7 @@
  config RT2X00_LIB_SOC
 -	tristate
 +	tristate "RT2x00 SoC support"
-+	depends on SOC_RT288X || SOC_RT305X
++	depends on SOC_RT288X || SOC_RT305X || SOC_MT7620
  	depends on m
  	select RT2X00_LIB
  

package/kernel/mac80211/patches/324-ath9k_hw-fix-channel-maximum-power-level-test.patch

@@ -0,0 +1,47 @@
+From: Felix Fietkau <nbd@nbd.name>
+Date: Wed, 22 Mar 2017 20:37:04 +0100
+Subject: [PATCH] ath9k_hw: fix channel maximum power level test
+
+The tx power applied by set_txpower is limited by the CTL (conformance
+test limit) entries in the EEPROM. These can change based on the user
+configured regulatory domain.
+Depending on the EEPROM data this can cause the tx power to become too
+limited, if the original regdomain CTLs impose lowr limits than the CTLs
+of the user configured regdomain.
+
+To fix this issue, set the initial channel limits without any CTL
+restrictions and only apply the CTL at run time when setting the channel
+and the real tx power.
+
+Cc: stable@vger.kernel.org
+Signed-off-by: Felix Fietkau <nbd@nbd.name>
+---
+
+--- a/drivers/net/wireless/ath/ath9k/hw.c
++++ b/drivers/net/wireless/ath/ath9k/hw.c
+@@ -2937,10 +2937,14 @@ void ath9k_hw_apply_txpower(struct ath_h
+ 	struct ieee80211_channel *channel;
+ 	int chan_pwr, new_pwr, max_gain;
+ 	int ant_gain, ant_reduction = 0;
++	u16 ctl = NO_CTL;
+ 
+ 	if (!chan)
+ 		return;
+ 
++	if (!test)
++		ctl = ath9k_regd_get_ctl(reg, chan);
++
+ 	channel = chan->chan;
+ 	chan_pwr = min_t(int, channel->max_power * 2, MAX_RATE_POWER);
+ 	new_pwr = min_t(int, chan_pwr, reg->power_limit);
+@@ -2950,9 +2954,7 @@ void ath9k_hw_apply_txpower(struct ath_h
+ 	if (ant_gain > max_gain)
+ 		ant_reduction = ant_gain - max_gain;
+ 
+-	ah->eep_ops->set_txpower(ah, chan,
+-				 ath9k_regd_get_ctl(reg, chan),
+-				 ant_reduction, new_pwr, test);
++	ah->eep_ops->set_txpower(ah, chan, ctl, ant_reduction, new_pwr, test);
+ }
+ 
+ void ath9k_hw_set_txpowerlimit(struct ath_hw *ah, u32 limit, bool test)

package/kernel/mac80211/patches/326-brcmfmac-add-length-check-in-brcmf_cfg80211_escan_ha.patch

@@ -0,0 +1,63 @@
+From: Arend Van Spriel <arend.vanspriel@broadcom.com>
+Date: Tue, 12 Sep 2017 10:47:53 +0200
+Subject: [PATCH] brcmfmac: add length check in brcmf_cfg80211_escan_handler()
+
+Upon handling the firmware notification for scans the length was
+checked properly and may result in corrupting kernel heap memory
+due to buffer overruns. This fix addresses CVE-2017-0786.
+
+Cc: stable@vger.kernel.org # v4.0.x
+Cc: Kevin Cernekee <cernekee@chromium.org>
+Reviewed-by: Hante Meuleman <hante.meuleman@broadcom.com>
+Reviewed-by: Pieter-Paul Giesberts <pieter-paul.giesberts@broadcom.com>
+Reviewed-by: Franky Lin <franky.lin@broadcom.com>
+Signed-off-by: Arend van Spriel <arend.vanspriel@broadcom.com>
+Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
+---
+
+--- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c
++++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c
+@@ -3088,6 +3088,7 @@ brcmf_cfg80211_escan_handler(struct brcm
+ 	struct brcmf_cfg80211_info *cfg = ifp->drvr->config;
+ 	s32 status;
+ 	struct brcmf_escan_result_le *escan_result_le;
++	u32 escan_buflen;
+ 	struct brcmf_bss_info_le *bss_info_le;
+ 	struct brcmf_bss_info_le *bss = NULL;
+ 	u32 bi_length;
+@@ -3104,11 +3105,23 @@ brcmf_cfg80211_escan_handler(struct brcm
+ 
+ 	if (status == BRCMF_E_STATUS_PARTIAL) {
+ 		brcmf_dbg(SCAN, "ESCAN Partial result\n");
++		if (e->datalen < sizeof(*escan_result_le)) {
++			brcmf_err("invalid event data length\n");
++			goto exit;
++		}
+ 		escan_result_le = (struct brcmf_escan_result_le *) data;
+ 		if (!escan_result_le) {
+ 			brcmf_err("Invalid escan result (NULL pointer)\n");
+ 			goto exit;
+ 		}
++		escan_buflen = le32_to_cpu(escan_result_le->buflen);
++		if (escan_buflen > BRCMF_ESCAN_BUF_SIZE ||
++		    escan_buflen > e->datalen ||
++		    escan_buflen < sizeof(*escan_result_le)) {
++			brcmf_err("Invalid escan buffer length: %d\n",
++				  escan_buflen);
++			goto exit;
++		}
+ 		if (le16_to_cpu(escan_result_le->bss_count) != 1) {
+ 			brcmf_err("Invalid bss_count %d: ignoring\n",
+ 				  escan_result_le->bss_count);
+@@ -3125,9 +3138,8 @@ brcmf_cfg80211_escan_handler(struct brcm
+ 		}
+ 
+ 		bi_length = le32_to_cpu(bss_info_le->length);
+-		if (bi_length != (le32_to_cpu(escan_result_le->buflen) -
+-					WL_ESCAN_RESULTS_FIXED_SIZE)) {
+-			brcmf_err("Invalid bss_info length %d: ignoring\n",
++		if (bi_length != escan_buflen -	WL_ESCAN_RESULTS_FIXED_SIZE) {
++			brcmf_err("Ignoring invalid bss_info length: %d\n",
+ 				  bi_length);
+ 			goto exit;
+ 		}

package/kernel/mac80211/patches/327-mac80211-accept-key-reinstall-without-changing-anyth.patch

@@ -0,0 +1,81 @@
+From fdf7cb4185b60c68e1a75e61691c4afdc15dea0e Mon Sep 17 00:00:00 2001
+From: Johannes Berg <johannes.berg@intel.com>
+Date: Tue, 5 Sep 2017 14:54:54 +0200
+Subject: [PATCH] mac80211: accept key reinstall without changing anything
+
+When a key is reinstalled we can reset the replay counters
+etc. which can lead to nonce reuse and/or replay detection
+being impossible, breaking security properties, as described
+in the "KRACK attacks".
+
+In particular, CVE-2017-13080 applies to GTK rekeying that
+happened in firmware while the host is in D3, with the second
+part of the attack being done after the host wakes up. In
+this case, the wpa_supplicant mitigation isn't sufficient
+since wpa_supplicant doesn't know the GTK material.
+
+In case this happens, simply silently accept the new key
+coming from userspace but don't take any action on it since
+it's the same key; this keeps the PN replay counters intact.
+
+Signed-off-by: Johannes Berg <johannes.berg@intel.com>
+---
+ net/mac80211/key.c | 21 +++++++++++++++++----
+ 1 file changed, 17 insertions(+), 4 deletions(-)
+
+diff --git a/net/mac80211/key.c b/net/mac80211/key.c
+index a98fc2b5e0dc..ae995c8480db 100644
+--- a/net/mac80211/key.c
++++ b/net/mac80211/key.c
+@@ -4,7 +4,7 @@
+  * Copyright 2006-2007	Jiri Benc <jbenc@suse.cz>
+  * Copyright 2007-2008	Johannes Berg <johannes@sipsolutions.net>
+  * Copyright 2013-2014  Intel Mobile Communications GmbH
+- * Copyright 2015	Intel Deutschland GmbH
++ * Copyright 2015-2017	Intel Deutschland GmbH
+  *
+  * This program is free software; you can redistribute it and/or modify
+  * it under the terms of the GNU General Public License version 2 as
+@@ -620,9 +620,6 @@ int ieee80211_key_link(struct ieee80211_key *key,
+ 
+ 	pairwise = key->conf.flags & IEEE80211_KEY_FLAG_PAIRWISE;
+ 	idx = key->conf.keyidx;
+-	key->local = sdata->local;
+-	key->sdata = sdata;
+-	key->sta = sta;
+ 
+ 	mutex_lock(&sdata->local->key_mtx);
+ 
+@@ -633,6 +630,21 @@ int ieee80211_key_link(struct ieee80211_key *key,
+ 	else
+ 		old_key = key_mtx_dereference(sdata->local, sdata->keys[idx]);
+ 
++	/*
++	 * Silently accept key re-installation without really installing the
++	 * new version of the key to avoid nonce reuse or replay issues.
++	 */
++	if (old_key && key->conf.keylen == old_key->conf.keylen &&
++	    !memcmp(key->conf.key, old_key->conf.key, key->conf.keylen)) {
++		ieee80211_key_free_unused(key);
++		ret = 0;
++		goto out;
++	}
++
++	key->local = sdata->local;
++	key->sdata = sdata;
++	key->sta = sta;
++
+ 	increment_tailroom_need_count(sdata);
+ 
+ 	ieee80211_key_replace(sdata, sta, pairwise, old_key, key);
+@@ -648,6 +660,7 @@ int ieee80211_key_link(struct ieee80211_key *key,
+ 		ret = 0;
+ 	}
+ 
++ out:
+ 	mutex_unlock(&sdata->local->key_mtx);
+ 
+ 	return ret;
+-- 
+2.13.6
+

package/kernel/mac80211/patches/402-ath_regd_optional.patch

@@ -1,6 +1,14 @@
 --- a/drivers/net/wireless/ath/regd.c
 +++ b/drivers/net/wireless/ath/regd.c
-@@ -116,6 +116,9 @@ static const struct ieee80211_regdomain
+@@ -24,6 +24,7 @@
+ #include "regd_common.h"
+ 
+ static int __ath_regd_init(struct ath_regulatory *reg);
++static struct reg_dmn_pair_mapping *ath_get_regpair(int regdmn);
+ 
+ /*
+  * This is a set of common rules used by our world regulatory domains.
+@@ -116,6 +117,9 @@ static const struct ieee80211_regdomain
  
  static bool dynamic_country_user_possible(struct ath_regulatory *reg)
  {
@@ -10,7 +18,7 @@
  	if (IS_ENABLED(CPTCFG_ATH_REG_DYNAMIC_USER_CERT_TESTING))
  		return true;
  
-@@ -188,6 +191,8 @@ static bool dynamic_country_user_possibl
+@@ -188,6 +192,8 @@ static bool dynamic_country_user_possibl
  
  static bool ath_reg_dyn_country_user_allow(struct ath_regulatory *reg)
  {
@@ -19,7 +27,7 @@
  	if (!IS_ENABLED(CPTCFG_ATH_REG_DYNAMIC_USER_REG_HINTS))
  		return false;
  	if (!dynamic_country_user_possible(reg))
-@@ -341,6 +346,9 @@ ath_reg_apply_beaconing_flags(struct wip
+@@ -341,6 +347,9 @@ ath_reg_apply_beaconing_flags(struct wip
  	struct ieee80211_channel *ch;
  	unsigned int i;
  
@@ -29,7 +37,7 @@
  	for (band = 0; band < NUM_NL80211_BANDS; band++) {
  		if (!wiphy->bands[band])
  			continue;
-@@ -374,6 +382,9 @@ ath_reg_apply_ir_flags(struct wiphy *wip
+@@ -374,6 +383,9 @@ ath_reg_apply_ir_flags(struct wiphy *wip
  {
  	struct ieee80211_supported_band *sband;
  
@@ -39,7 +47,7 @@
  	sband = wiphy->bands[NL80211_BAND_2GHZ];
  	if (!sband)
  		return;
-@@ -402,6 +413,9 @@ static void ath_reg_apply_radar_flags(st
+@@ -402,6 +414,9 @@ static void ath_reg_apply_radar_flags(st
  	struct ieee80211_channel *ch;
  	unsigned int i;
  
@@ -49,7 +57,19 @@
  	if (!wiphy->bands[NL80211_BAND_5GHZ])
  		return;
  
-@@ -634,6 +648,10 @@ ath_regd_init_wiphy(struct ath_regulator
+@@ -539,6 +554,11 @@ void ath_reg_notifier_apply(struct wiphy
+ 		ath_reg_dyn_country(wiphy, reg, request);
+ 		break;
+ 	}
++
++	/* Prevent broken CTLs from being applied */
++	if (IS_ENABLED(CPTCFG_ATH_USER_REGD) &&
++	    reg->regpair != common->reg_world_copy.regpair)
++		reg->regpair = ath_get_regpair(WOR0_WORLD);
+ }
+ EXPORT_SYMBOL(ath_reg_notifier_apply);
+ 
+@@ -634,6 +654,10 @@ ath_regd_init_wiphy(struct ath_regulator
  	const struct ieee80211_regdomain *regd;
  
  	wiphy->reg_notifier = reg_notifier;
@@ -60,6 +80,18 @@
  	wiphy->regulatory_flags |= REGULATORY_STRICT_REG |
  				   REGULATORY_CUSTOM_REG;
  
+@@ -762,10 +786,7 @@ ath_regd_init(struct ath_regulatory *reg
+ 	if (r)
+ 		return r;
+ 
+-	if (ath_is_world_regd(reg))
+-		memcpy(&common->reg_world_copy, reg,
+-		       sizeof(struct ath_regulatory));
+-
++	memcpy(&common->reg_world_copy, reg, sizeof(struct ath_regulatory));
+ 	ath_regd_init_wiphy(reg, wiphy, reg_notifier);
+ 
+ 	return 0;
 --- a/drivers/net/wireless/ath/Kconfig
 +++ b/drivers/net/wireless/ath/Kconfig
 @@ -23,6 +23,9 @@ config WLAN_VENDOR_ATH

package/kernel/mac80211/patches/403-world_regd_fixup.patch

@@ -1,6 +1,6 @@
 --- a/drivers/net/wireless/ath/regd.c
 +++ b/drivers/net/wireless/ath/regd.c
-@@ -43,7 +43,8 @@ static int __ath_regd_init(struct ath_re
+@@ -44,7 +44,8 @@ static struct reg_dmn_pair_mapping *ath_
  					 NL80211_RRF_NO_OFDM)
  
  /* We allow IBSS on these on a case by case basis by regulatory domain */
@@ -10,7 +10,7 @@
  					 NL80211_RRF_NO_IR)
  #define ATH9K_5GHZ_5470_5850	REG_RULE(5470-10, 5850+10, 80, 0, 30,\
  					 NL80211_RRF_NO_IR)
-@@ -61,57 +62,56 @@ static int __ath_regd_init(struct ath_re
+@@ -62,57 +63,56 @@ static struct reg_dmn_pair_mapping *ath_
  #define ATH9K_5GHZ_NO_MIDBAND	ATH9K_5GHZ_5150_5350, \
  				ATH9K_5GHZ_5725_5850
  

package/kernel/mac80211/patches/406-ath_relax_default_regd.patch

@@ -1,6 +1,6 @@
 --- a/drivers/net/wireless/ath/regd.c
 +++ b/drivers/net/wireless/ath/regd.c
-@@ -114,6 +114,16 @@ static const struct ieee80211_regdomain
+@@ -115,6 +115,16 @@ static const struct ieee80211_regdomain
  	)
  };
  
@@ -17,7 +17,7 @@
  static bool dynamic_country_user_possible(struct ath_regulatory *reg)
  {
  	if (IS_ENABLED(CPTCFG_ATH_USER_REGD))
-@@ -122,6 +132,9 @@ static bool dynamic_country_user_possibl
+@@ -123,6 +133,9 @@ static bool dynamic_country_user_possibl
  	if (IS_ENABLED(CPTCFG_ATH_REG_DYNAMIC_USER_CERT_TESTING))
  		return true;
  
@@ -27,7 +27,7 @@
  	switch (reg->country_code) {
  	case CTRY_UNITED_STATES:
  	case CTRY_JAPAN1:
-@@ -207,11 +220,6 @@ static inline bool is_wwr_sku(u16 regd)
+@@ -208,11 +221,6 @@ static inline bool is_wwr_sku(u16 regd)
  		(regd == WORLD));
  }
  
@@ -39,7 +39,7 @@
  bool ath_is_world_regd(struct ath_regulatory *reg)
  {
  	return is_wwr_sku(ath_regd_get_eepromRD(reg));
-@@ -652,6 +660,9 @@ ath_regd_init_wiphy(struct ath_regulator
+@@ -658,6 +666,9 @@ ath_regd_init_wiphy(struct ath_regulator
  	if (IS_ENABLED(CPTCFG_ATH_USER_REGD))
  		return 0;
  

package/kernel/mac80211/patches/600-01-rt2x00-allow-to-build-rt2800soc-module-for-RT3883.patch

@@ -14,8 +14,8 @@ Signed-off-by: Gabor Juhos <juhosg@openwrt.org>
  config RT2800SOC
  	tristate "Ralink WiSoC support"
  	depends on m
--	depends on SOC_RT288X || SOC_RT305X
-+	depends on SOC_RT288X || SOC_RT305X || SOC_RT3883
+-	depends on SOC_RT288X || SOC_RT305X || SOC_MT7620
++	depends on SOC_RT288X || SOC_RT305X || SOC_RT3883 || SOC_MT7620
  	select RT2X00_LIB_SOC
  	select RT2X00_LIB_MMIO
  	select RT2X00_LIB_CRYPTO
@@ -23,8 +23,8 @@ Signed-off-by: Gabor Juhos <juhosg@openwrt.org>
  
  config RT2X00_LIB_SOC
  	tristate "RT2x00 SoC support"
--	depends on SOC_RT288X || SOC_RT305X
-+	depends on SOC_RT288X || SOC_RT305X || SOC_RT3883
+-	depends on SOC_RT288X || SOC_RT305X || SOC_MT7620
++	depends on SOC_RT288X || SOC_RT305X || SOC_RT3883 || SOC_MT7620
  	depends on m
  	select RT2X00_LIB
  

package/kernel/mac80211/patches/600-02-rt2x00-rt2800lib-enable-support-for-RT3883.patch

@@ -10,7 +10,7 @@ Signed-off-by: Gabor Juhos <juhosg@openwrt.org>
 
 --- a/drivers/net/wireless/ralink/rt2x00/rt2800lib.c
 +++ b/drivers/net/wireless/ralink/rt2x00/rt2800lib.c
-@@ -7956,6 +7956,7 @@ static int rt2800_probe_rt(struct rt2x00
+@@ -9379,6 +9379,7 @@ static int rt2800_probe_rt(struct rt2x00
  	case RT3390:
  	case RT3572:
  	case RT3593:

package/kernel/mac80211/patches/600-03-rt2x00-rt2800lib-add-rf_vals-for-RF3853.patch

@@ -31,7 +31,7 @@ Signed-off-by: Gabor Juhos <juhosg@openwrt.org>
  #define RF5362				0x5362
 --- a/drivers/net/wireless/ralink/rt2x00/rt2800lib.c
 +++ b/drivers/net/wireless/ralink/rt2x00/rt2800lib.c
-@@ -7557,6 +7557,66 @@ static const struct rf_channel rf_vals_3
+@@ -8957,6 +8957,66 @@ static const struct rf_channel rf_vals_3
  	{14,   0xF0,	 2,  0x18},
  };
  
@@ -98,7 +98,7 @@ Signed-off-by: Gabor Juhos <juhosg@openwrt.org>
  static const struct rf_channel rf_vals_5592_xtal20[] = {
  	/* Channel, N, K, mod, R */
  	{1, 482, 4, 10, 3},
-@@ -7798,6 +7858,11 @@ static int rt2800_probe_hw_mode(struct r
+@@ -9220,6 +9280,11 @@ static int rt2800_probe_hw_mode(struct r
  		spec->channels = rf_vals_3x;
  		break;
  

package/kernel/mac80211/patches/600-04-rt2x00-rt2800lib-enable-VCO-calibration-for-RF3853.patch

@@ -10,7 +10,7 @@ Signed-off-by: Gabor Juhos <juhosg@openwrt.org>
 
 --- a/drivers/net/wireless/ralink/rt2x00/rt2800lib.c
 +++ b/drivers/net/wireless/ralink/rt2x00/rt2800lib.c
-@@ -4363,6 +4363,7 @@ void rt2800_vco_calibration(struct rt2x0
+@@ -4855,6 +4855,7 @@ void rt2800_vco_calibration(struct rt2x0
  	case RF3053:
  	case RF3070:
  	case RF3290:
@@ -18,7 +18,7 @@ Signed-off-by: Gabor Juhos <juhosg@openwrt.org>
  	case RF5350:
  	case RF5360:
  	case RF5362:
-@@ -7980,6 +7981,7 @@ static int rt2800_probe_hw_mode(struct r
+@@ -9402,6 +9403,7 @@ static int rt2800_probe_hw_mode(struct r
  	case RF3053:
  	case RF3070:
  	case RF3290:

package/kernel/mac80211/patches/600-05-rt2x00-rt2800lib-add-channel-configuration-function-.patch

@@ -11,7 +11,7 @@ Signed-off-by: Gabor Juhos <juhosg@openwrt.org>
 
 --- a/drivers/net/wireless/ralink/rt2x00/rt2800lib.c
 +++ b/drivers/net/wireless/ralink/rt2x00/rt2800lib.c
-@@ -2584,6 +2584,211 @@ static void rt2800_config_channel_rf3053
+@@ -2709,6 +2709,211 @@ static void rt2800_config_channel_rf3053
  	}
  }
  
@@ -223,7 +223,7 @@ Signed-off-by: Gabor Juhos <juhosg@openwrt.org>
  #define POWER_BOUND		0x27
  #define POWER_BOUND_5G		0x2b
  
-@@ -3203,6 +3408,9 @@ static void rt2800_config_channel(struct
+@@ -3565,6 +3770,9 @@ static void rt2800_config_channel(struct
  	case RF3322:
  		rt2800_config_channel_rf3322(rt2x00dev, conf, rf, info);
  		break;

package/kernel/mac80211/patches/600-06-rt2x00-rt2800lib-enable-RF3853-support.patch

@@ -10,7 +10,7 @@ Signed-off-by: Gabor Juhos <juhosg@openwrt.org>
 
 --- a/drivers/net/wireless/ralink/rt2x00/rt2800lib.c
 +++ b/drivers/net/wireless/ralink/rt2x00/rt2800lib.c
-@@ -7483,6 +7483,7 @@ static int rt2800_init_eeprom(struct rt2
+@@ -8882,6 +8882,7 @@ static int rt2800_init_eeprom(struct rt2
  	case RF3290:
  	case RF3320:
  	case RF3322:

package/kernel/mac80211/patches/600-07-rt2x00-rt2800lib-add-MAC-register-initialization-for.patch

@@ -12,8 +12,8 @@ Signed-off-by: Gabor Juhos <juhosg@openwrt.org>
 
 --- a/drivers/net/wireless/ralink/rt2x00/rt2800.h
 +++ b/drivers/net/wireless/ralink/rt2x00/rt2800.h
-@@ -1574,6 +1574,20 @@
- #define TX_PWR_CFG_9_STBC7_CH2		FIELD32(0x00000f00)
+@@ -1727,6 +1727,20 @@
+ #define TX_PWR_CFG_9B_STBC_MCS7		FIELD32(0x000000ff)
  
  /*
 + * TX_TXBF_CFG:
@@ -35,7 +35,7 @@ Signed-off-by: Gabor Juhos <juhosg@openwrt.org>
  #define RX_FILTER_CFG			0x1400
 --- a/drivers/net/wireless/ralink/rt2x00/rt2800lib.c
 +++ b/drivers/net/wireless/ralink/rt2x00/rt2800lib.c
-@@ -4946,6 +4946,12 @@ static int rt2800_init_registers(struct
+@@ -5485,6 +5485,12 @@ static int rt2800_init_registers(struct
  			rt2800_register_write(rt2x00dev, TX_SW_CFG2,
  					      0x00000000);
  		}
@@ -46,9 +46,9 @@ Signed-off-by: Gabor Juhos <juhosg@openwrt.org>
 +		rt2800_register_write(rt2x00dev, TX_TXBF_CFG_0, 0x8000fc21);
 +		rt2800_register_write(rt2x00dev, TX_TXBF_CFG_3, 0x00009c40);
  	} else if (rt2x00_rt(rt2x00dev, RT5390) ||
- 		   rt2x00_rt(rt2x00dev, RT5392)) {
- 		rt2800_register_write(rt2x00dev, TX_SW_CFG0, 0x00000404);
-@@ -5140,6 +5146,11 @@ static int rt2800_init_registers(struct
+ 		   rt2x00_rt(rt2x00dev, RT5392) ||
+ 		   rt2x00_rt(rt2x00dev, RT6352)) {
+@@ -5698,6 +5704,11 @@ static int rt2800_init_registers(struct
  	reg = rt2x00_rt(rt2x00dev, RT5592) ? 0x00000082 : 0x00000002;
  	rt2800_register_write(rt2x00dev, TXOP_HLDR_ET, reg);
  

package/kernel/mac80211/patches/600-09-rt2x00-rt2800lib-add-BBP-register-initialization-for.patch

@@ -11,7 +11,7 @@ Signed-off-by: Gabor Juhos <juhosg@openwrt.org>
 
 --- a/drivers/net/wireless/ralink/rt2x00/rt2800lib.c
 +++ b/drivers/net/wireless/ralink/rt2x00/rt2800lib.c
-@@ -5767,6 +5767,47 @@ static void rt2800_init_bbp_3593(struct
+@@ -6325,6 +6325,47 @@ static void rt2800_init_bbp_3593(struct
  		rt2800_bbp_write(rt2x00dev, 103, 0xc0);
  }
  
@@ -59,7 +59,7 @@ Signed-off-by: Gabor Juhos <juhosg@openwrt.org>
  static void rt2800_init_bbp_53xx(struct rt2x00_dev *rt2x00dev)
  {
  	int ant, div_mode;
-@@ -5986,6 +6027,9 @@ static void rt2800_init_bbp(struct rt2x0
+@@ -6769,6 +6810,9 @@ static void rt2800_init_bbp(struct rt2x0
  	case RT3593:
  		rt2800_init_bbp_3593(rt2x00dev);
  		return;

package/kernel/mac80211/patches/600-10-rt2x00-rt2800lib-add-RFCSR-initialization-for-RT3883.patch

@@ -11,17 +11,17 @@ Signed-off-by: Gabor Juhos <juhosg@openwrt.org>
 
 --- a/drivers/net/wireless/ralink/rt2x00/rt2800.h
 +++ b/drivers/net/wireless/ralink/rt2x00/rt2800.h
-@@ -2155,6 +2155,7 @@ struct mac_iveiv_entry {
+@@ -2311,6 +2311,7 @@ struct mac_iveiv_entry {
  /*
   * RFCSR 2:
   */
 +#define RFCSR2_RESCAL_BP		FIELD8(0x40)
  #define RFCSR2_RESCAL_EN		FIELD8(0x80)
- 
- /*
+ #define RFCSR2_RX2_EN_MT7620		FIELD8(0x02)
+ #define RFCSR2_TX2_EN_MT7620		FIELD8(0x20)
 --- a/drivers/net/wireless/ralink/rt2x00/rt2800lib.c
 +++ b/drivers/net/wireless/ralink/rt2x00/rt2800lib.c
-@@ -6899,6 +6899,144 @@ static void rt2800_init_rfcsr_5350(struc
+@@ -7685,6 +7685,144 @@ static void rt2800_init_rfcsr_5350(struc
  	rt2800_rfcsr_write(rt2x00dev, 63, 0x00);
  }
  
@@ -166,7 +166,7 @@ Signed-off-by: Gabor Juhos <juhosg@openwrt.org>
  static void rt2800_init_rfcsr_5390(struct rt2x00_dev *rt2x00dev)
  {
  	rt2800_rf_init_calibration(rt2x00dev, 2);
-@@ -7130,6 +7268,9 @@ static void rt2800_init_rfcsr(struct rt2
+@@ -8525,6 +8663,9 @@ static void rt2800_init_rfcsr(struct rt2
  	case RT3390:
  		rt2800_init_rfcsr_3390(rt2x00dev);
  		break;

package/kernel/mac80211/patches/600-11-rt2x00-rt2800lib-use-the-extended-EEPROM-map-for-RT3.patch

@@ -10,7 +10,7 @@ Signed-off-by: Gabor Juhos <juhosg@openwrt.org>
 
 --- a/drivers/net/wireless/ralink/rt2x00/rt2800lib.c
 +++ b/drivers/net/wireless/ralink/rt2x00/rt2800lib.c
-@@ -309,7 +309,8 @@ static unsigned int rt2800_eeprom_word_i
+@@ -376,7 +376,8 @@ static unsigned int rt2800_eeprom_word_i
  		      wiphy_name(rt2x00dev->hw->wiphy), word))
  		return 0;
  

package/kernel/mac80211/patches/600-12-rt2x00-rt2800lib-force-rf-type-to-RF3853-on-RT3883.patch

@@ -10,7 +10,7 @@ Signed-off-by: Gabor Juhos <juhosg@openwrt.org>
 
 --- a/drivers/net/wireless/ralink/rt2x00/rt2800lib.c
 +++ b/drivers/net/wireless/ralink/rt2x00/rt2800lib.c
-@@ -7660,6 +7660,8 @@ static int rt2800_init_eeprom(struct rt2
+@@ -9059,6 +9059,8 @@ static int rt2800_init_eeprom(struct rt2
  		rt2800_eeprom_read(rt2x00dev, EEPROM_CHIP_ID, &rf);
  	else if (rt2x00_rt(rt2x00dev, RT3352))
  		rf = RF3322;

package/kernel/mac80211/patches/600-13-rt2x00-rt2800lib-add-channel-configuration-code-for-.patch

@@ -10,7 +10,7 @@ Signed-off-by: Gabor Juhos <juhosg@openwrt.org>
 
 --- a/drivers/net/wireless/ralink/rt2x00/rt2800lib.c
 +++ b/drivers/net/wireless/ralink/rt2x00/rt2800lib.c
-@@ -3371,6 +3371,36 @@ static char rt2800_txpower_to_dev(struct
+@@ -3733,6 +3733,36 @@ static char rt2800_txpower_to_dev(struct
  		return clamp_t(char, txpower, MIN_A_TXPOWER, MAX_A_TXPOWER);
  }
  
@@ -47,7 +47,7 @@ Signed-off-by: Gabor Juhos <juhosg@openwrt.org>
  static void rt2800_config_channel(struct rt2x00_dev *rt2x00dev,
  				  struct ieee80211_conf *conf,
  				  struct rf_channel *rf,
-@@ -3389,6 +3419,12 @@ static void rt2800_config_channel(struct
+@@ -3751,6 +3781,12 @@ static void rt2800_config_channel(struct
  			rt2800_txpower_to_dev(rt2x00dev, rf->channel,
  					      info->default_power3);
  
@@ -60,7 +60,7 @@ Signed-off-by: Gabor Juhos <juhosg@openwrt.org>
  	switch (rt2x00dev->chip.rf) {
  	case RF2020:
  	case RF3020:
-@@ -3490,6 +3526,15 @@ static void rt2800_config_channel(struct
+@@ -3855,6 +3891,15 @@ static void rt2800_config_channel(struct
  		rt2800_bbp_write(rt2x00dev, 63, 0x37 - rt2x00dev->lna_gain);
  		rt2800_bbp_write(rt2x00dev, 64, 0x37 - rt2x00dev->lna_gain);
  		rt2800_bbp_write(rt2x00dev, 77, 0x98);
@@ -76,15 +76,15 @@ Signed-off-by: Gabor Juhos <juhosg@openwrt.org>
  	} else {
  		rt2800_bbp_write(rt2x00dev, 62, 0x37 - rt2x00dev->lna_gain);
  		rt2800_bbp_write(rt2x00dev, 63, 0x37 - rt2x00dev->lna_gain);
-@@ -3502,6 +3547,7 @@ static void rt2800_config_channel(struct
- 		    !rt2x00_rt(rt2x00dev, RT5392)) {
+@@ -3868,6 +3913,7 @@ static void rt2800_config_channel(struct
+ 		    !rt2x00_rt(rt2x00dev, RT6352)) {
  			if (rt2x00_has_cap_external_lna_bg(rt2x00dev)) {
  				rt2800_bbp_write(rt2x00dev, 82, 0x62);
 +				rt2800_bbp_write(rt2x00dev, 82, 0x62);
  				rt2800_bbp_write(rt2x00dev, 75, 0x46);
  			} else {
  				if (rt2x00_rt(rt2x00dev, RT3593))
-@@ -3510,19 +3556,22 @@ static void rt2800_config_channel(struct
+@@ -3876,19 +3922,22 @@ static void rt2800_config_channel(struct
  					rt2800_bbp_write(rt2x00dev, 82, 0x84);
  				rt2800_bbp_write(rt2x00dev, 75, 0x50);
  			}
@@ -101,7 +101,7 @@ Signed-off-by: Gabor Juhos <juhosg@openwrt.org>
 +		else if (rt2x00_rt(rt2x00dev, RT3593) ||
 +			 rt2x00_rt(rt2x00dev, RT3883))
  			rt2800_bbp_write(rt2x00dev, 82, 0x82);
- 		else
+ 		else if (!rt2x00_rt(rt2x00dev, RT6352))
  			rt2800_bbp_write(rt2x00dev, 82, 0xf2);
  
 -		if (rt2x00_rt(rt2x00dev, RT3593))
@@ -110,7 +110,7 @@ Signed-off-by: Gabor Juhos <juhosg@openwrt.org>
  			rt2800_bbp_write(rt2x00dev, 83, 0x9a);
  
  		if (rt2x00_has_cap_external_lna_a(rt2x00dev))
-@@ -3644,6 +3693,23 @@ static void rt2800_config_channel(struct
+@@ -4011,6 +4060,23 @@ static void rt2800_config_channel(struct
  
  		rt2800_bbp_write_with_rx_chain(rt2x00dev, 66, reg);
  

package/kernel/mac80211/patches/600-14-rt2x00-rt2800lib-fix-txpower_to_dev-function-for-RT3.patch

@@ -10,7 +10,7 @@ Signed-off-by: Gabor Juhos <juhosg@openwrt.org>
 
 --- a/drivers/net/wireless/ralink/rt2x00/rt2800lib.c
 +++ b/drivers/net/wireless/ralink/rt2x00/rt2800lib.c
-@@ -3358,13 +3358,15 @@ static char rt2800_txpower_to_dev(struct
+@@ -3720,13 +3720,15 @@ static char rt2800_txpower_to_dev(struct
  				  unsigned int channel,
  				  char txpower)
  {

package/kernel/mac80211/patches/600-15-rt2x00-rt2800lib-use-correct-txpower-calculation-fun.patch

@@ -11,7 +11,7 @@ Signed-off-by: Gabor Juhos <juhosg@openwrt.org>
 
 --- a/drivers/net/wireless/ralink/rt2x00/rt2800lib.c
 +++ b/drivers/net/wireless/ralink/rt2x00/rt2800lib.c
-@@ -4596,7 +4596,8 @@ static void rt2800_config_txpower(struct
+@@ -5085,7 +5085,8 @@ static void rt2800_config_txpower(struct
  				  struct ieee80211_channel *chan,
  				  int power_level)
  {
@@ -19,5 +19,5 @@ Signed-off-by: Gabor Juhos <juhosg@openwrt.org>
 +	if (rt2x00_rt(rt2x00dev, RT3593) ||
 +	    rt2x00_rt(rt2x00dev, RT3883))
  		rt2800_config_txpower_rt3593(rt2x00dev, chan, power_level);
- 	else
- 		rt2800_config_txpower_rt28xx(rt2x00dev, chan, power_level);
+ 	else if (rt2x00_rt(rt2x00dev, RT6352))
+ 		rt2800_config_txpower_rt6352(rt2x00dev, chan, power_level);

package/kernel/mac80211/patches/600-16-rt2x00-rt2800lib-hardcode-txmixer-gain-values-to-zer.patch

@@ -11,7 +11,7 @@ Signed-off-by: Gabor Juhos <juhosg@openwrt.org>
 
 --- a/drivers/net/wireless/ralink/rt2x00/rt2800lib.c
 +++ b/drivers/net/wireless/ralink/rt2x00/rt2800lib.c
-@@ -7543,7 +7543,8 @@ static u8 rt2800_get_txmixer_gain_24g(st
+@@ -8941,7 +8941,8 @@ static u8 rt2800_get_txmixer_gain_24g(st
  {
  	u16 word;
  
@@ -21,7 +21,7 @@ Signed-off-by: Gabor Juhos <juhosg@openwrt.org>
  		return 0;
  
  	rt2800_eeprom_read(rt2x00dev, EEPROM_TXMIXER_GAIN_BG, &word);
-@@ -7557,7 +7558,8 @@ static u8 rt2800_get_txmixer_gain_5g(str
+@@ -8955,7 +8956,8 @@ static u8 rt2800_get_txmixer_gain_5g(str
  {
  	u16 word;
  

package/kernel/mac80211/patches/600-17-rt2x00-rt2800lib-use-correct-RT-XWI-size-for-RT3883.patch

@@ -10,7 +10,7 @@ Signed-off-by: Gabor Juhos <juhosg@openwrt.org>
 
 --- a/drivers/net/wireless/ralink/rt2x00/rt2800lib.c
 +++ b/drivers/net/wireless/ralink/rt2x00/rt2800lib.c
-@@ -520,6 +520,7 @@ void rt2800_get_txwi_rxwi_size(struct rt
+@@ -587,6 +587,7 @@ void rt2800_get_txwi_rxwi_size(struct rt
  {
  	switch (rt2x00dev->chip.rt) {
  	case RT3593:

package/kernel/mac80211/patches/600-18-rt2x00-rt2800lib-fix-antenna-configuration-for-RT388.patch

@@ -10,7 +10,7 @@ Signed-off-by: Gabor Juhos <juhosg@openwrt.org>
 
 --- a/drivers/net/wireless/ralink/rt2x00/rt2800lib.c
 +++ b/drivers/net/wireless/ralink/rt2x00/rt2800lib.c
-@@ -1888,7 +1888,8 @@ void rt2800_config_ant(struct rt2x00_dev
+@@ -2013,7 +2013,8 @@ void rt2800_config_ant(struct rt2x00_dev
  	rt2800_bbp_write(rt2x00dev, 3, r3);
  	rt2800_bbp_write(rt2x00dev, 1, r1);
  

package/kernel/mac80211/patches/600-19-rt2x00-rt2800lib-fix-LNA-gain-configuration-for-RT38.patch

@@ -10,7 +10,7 @@ Signed-off-by: Gabor Juhos <juhosg@openwrt.org>
 
 --- a/drivers/net/wireless/ralink/rt2x00/rt2800lib.c
 +++ b/drivers/net/wireless/ralink/rt2x00/rt2800lib.c
-@@ -1911,7 +1911,8 @@ static void rt2800_config_lna_gain(struc
+@@ -2036,7 +2036,8 @@ static void rt2800_config_lna_gain(struc
  		rt2800_eeprom_read(rt2x00dev, EEPROM_LNA, &eeprom);
  		lna_gain = rt2x00_get_field16(eeprom, EEPROM_LNA_A0);
  	} else if (libconf->rf.channel <= 128) {
@@ -20,7 +20,7 @@ Signed-off-by: Gabor Juhos <juhosg@openwrt.org>
  			rt2800_eeprom_read(rt2x00dev, EEPROM_EXT_LNA2, &eeprom);
  			lna_gain = rt2x00_get_field16(eeprom,
  						      EEPROM_EXT_LNA2_A1);
-@@ -1921,7 +1922,8 @@ static void rt2800_config_lna_gain(struc
+@@ -2046,7 +2047,8 @@ static void rt2800_config_lna_gain(struc
  						      EEPROM_RSSI_BG2_LNA_A1);
  		}
  	} else {

package/kernel/mac80211/patches/600-20-rt2x00-rt2800lib-fix-VGC-setup-for-RT3883.patch

@@ -10,7 +10,7 @@ Signed-off-by: Gabor Juhos <juhosg@openwrt.org>
 
 --- a/drivers/net/wireless/ralink/rt2x00/rt2800lib.c
 +++ b/drivers/net/wireless/ralink/rt2x00/rt2800lib.c
-@@ -4799,7 +4799,8 @@ static u8 rt2800_get_default_vgc(struct
+@@ -5338,7 +5338,8 @@ static u8 rt2800_get_default_vgc(struct
  		else
  			vgc = 0x2e + rt2x00dev->lna_gain;
  	} else { /* 5GHZ band */
@@ -20,7 +20,7 @@ Signed-off-by: Gabor Juhos <juhosg@openwrt.org>
  			vgc = 0x20 + (rt2x00dev->lna_gain * 5) / 3;
  		else if (rt2x00_rt(rt2x00dev, RT5592))
  			vgc = 0x24 + (2 * rt2x00dev->lna_gain);
-@@ -4819,7 +4820,8 @@ static inline void rt2800_set_vgc(struct
+@@ -5358,7 +5359,8 @@ static inline void rt2800_set_vgc(struct
  {
  	if (qual->vgc_level != vgc_level) {
  		if (rt2x00_rt(rt2x00dev, RT3572) ||
@@ -30,7 +30,7 @@ Signed-off-by: Gabor Juhos <juhosg@openwrt.org>
  			rt2800_bbp_write_with_rx_chain(rt2x00dev, 66,
  						       vgc_level);
  		} else if (rt2x00_rt(rt2x00dev, RT5592)) {
-@@ -4866,6 +4868,11 @@ void rt2800_link_tuner(struct rt2x00_dev
+@@ -5405,6 +5407,11 @@ void rt2800_link_tuner(struct rt2x00_dev
  		}
  		break;
  

package/kernel/mac80211/patches/600-21-rt2x00-rt2800lib-fix-EEPROM-LNA-validation-for-RT388.patch

@@ -10,7 +10,7 @@ Signed-off-by: Gabor Juhos <juhosg@openwrt.org>
 
 --- a/drivers/net/wireless/ralink/rt2x00/rt2800lib.c
 +++ b/drivers/net/wireless/ralink/rt2x00/rt2800lib.c
-@@ -7676,7 +7676,8 @@ static int rt2800_validate_eeprom(struct
+@@ -9074,7 +9074,8 @@ static int rt2800_validate_eeprom(struct
  	rt2800_eeprom_read(rt2x00dev, EEPROM_RSSI_BG2, &word);
  	if (abs(rt2x00_get_field16(word, EEPROM_RSSI_BG2_OFFSET2)) > 10)
  		rt2x00_set_field16(&word, EEPROM_RSSI_BG2_OFFSET2, 0);
@@ -20,7 +20,7 @@ Signed-off-by: Gabor Juhos <juhosg@openwrt.org>
  		if (rt2x00_get_field16(word, EEPROM_RSSI_BG2_LNA_A1) == 0x00 ||
  		    rt2x00_get_field16(word, EEPROM_RSSI_BG2_LNA_A1) == 0xff)
  			rt2x00_set_field16(&word, EEPROM_RSSI_BG2_LNA_A1,
-@@ -7696,7 +7697,8 @@ static int rt2800_validate_eeprom(struct
+@@ -9094,7 +9095,8 @@ static int rt2800_validate_eeprom(struct
  	rt2800_eeprom_read(rt2x00dev, EEPROM_RSSI_A2, &word);
  	if (abs(rt2x00_get_field16(word, EEPROM_RSSI_A2_OFFSET2)) > 10)
  		rt2x00_set_field16(&word, EEPROM_RSSI_A2_OFFSET2, 0);
@@ -30,7 +30,7 @@ Signed-off-by: Gabor Juhos <juhosg@openwrt.org>
  		if (rt2x00_get_field16(word, EEPROM_RSSI_A2_LNA_A2) == 0x00 ||
  		    rt2x00_get_field16(word, EEPROM_RSSI_A2_LNA_A2) == 0xff)
  			rt2x00_set_field16(&word, EEPROM_RSSI_A2_LNA_A2,
-@@ -7704,7 +7706,8 @@ static int rt2800_validate_eeprom(struct
+@@ -9102,7 +9104,8 @@ static int rt2800_validate_eeprom(struct
  	}
  	rt2800_eeprom_write(rt2x00dev, EEPROM_RSSI_A2, word);
  

package/kernel/mac80211/patches/600-22-rt2x00-rt2800lib-fix-txpower-compensation-for-RT3883.patch

@@ -10,7 +10,7 @@ Signed-off-by: Gabor Juhos <juhosg@openwrt.org>
 
 --- a/drivers/net/wireless/ralink/rt2x00/rt2800lib.c
 +++ b/drivers/net/wireless/ralink/rt2x00/rt2800lib.c
-@@ -3965,6 +3965,9 @@ static u8 rt2800_compensate_txpower(stru
+@@ -4332,6 +4332,9 @@ static u8 rt2800_compensate_txpower(stru
  	if (rt2x00_rt(rt2x00dev, RT3593))
  		return min_t(u8, txpower, 0xc);
  

package/kernel/mac80211/patches/600-23-rt2x00-rt2800mmio-add-a-workaround-for-spurious-TX_F.patch

@@ -122,7 +122,7 @@ Signed-off-by: Gabor Juhos <juhosg@openwrt.org>
  		 */
 --- a/drivers/net/wireless/ralink/rt2x00/rt2x00.h
 +++ b/drivers/net/wireless/ralink/rt2x00/rt2x00.h
-@@ -999,6 +999,11 @@ struct rt2x00_dev {
+@@ -1000,6 +1000,11 @@ struct rt2x00_dev {
  	int rf_channel;
  
  	/*

package/kernel/mac80211/patches/602-rt2x00-introduce-rt2x00eeprom.patch

@@ -48,16 +48,16 @@
  obj-$(CPTCFG_RT2X00_LIB_MMIO)		+= rt2x00mmio.o
 --- a/drivers/net/wireless/ralink/rt2x00/rt2800lib.h
 +++ b/drivers/net/wireless/ralink/rt2x00/rt2800lib.h
-@@ -20,6 +20,8 @@
- #ifndef RT2800LIB_H
- #define RT2800LIB_H
+@@ -48,6 +48,8 @@ struct rt2800_drv_data {
+ 	struct ieee80211_sta *wcid_to_sta[STA_IDS_SIZE];
+ };
  
 +#include "rt2800.h"
 +
  struct rt2800_ops {
  	void (*register_read)(struct rt2x00_dev *rt2x00dev,
  			      const unsigned int offset, u32 *value);
-@@ -119,6 +121,15 @@ static inline int rt2800_read_eeprom(str
+@@ -147,6 +149,15 @@ static inline int rt2800_read_eeprom(str
  {
  	const struct rt2800_ops *rt2800ops = rt2x00dev->ops->drv;
  
@@ -105,7 +105,7 @@
  	.drv_init_registers	= rt2800mmio_init_registers,
 --- a/drivers/net/wireless/ralink/rt2x00/rt2x00.h
 +++ b/drivers/net/wireless/ralink/rt2x00/rt2x00.h
-@@ -701,6 +701,7 @@ enum rt2x00_capability_flags {
+@@ -702,6 +702,7 @@ enum rt2x00_capability_flags {
  	REQUIRE_HT_TX_DESC,
  	REQUIRE_PS_AUTOWAKE,
  	REQUIRE_DELAYED_RFKILL,
@@ -113,7 +113,7 @@
  
  	/*
  	 * Capabilities
-@@ -976,6 +977,11 @@ struct rt2x00_dev {
+@@ -977,6 +978,11 @@ struct rt2x00_dev {
  	const struct firmware *fw;
  
  	/*
@@ -127,7 +127,7 @@
  	DECLARE_KFIFO_PTR(txstatus_fifo, u32);
 --- a/drivers/net/wireless/ralink/rt2x00/rt2x00dev.c
 +++ b/drivers/net/wireless/ralink/rt2x00/rt2x00dev.c
-@@ -1346,6 +1346,10 @@ int rt2x00lib_probe_dev(struct rt2x00_de
+@@ -1418,6 +1418,10 @@ int rt2x00lib_probe_dev(struct rt2x00_de
  	INIT_DELAYED_WORK(&rt2x00dev->autowakeup_work, rt2x00lib_autowakeup);
  	INIT_WORK(&rt2x00dev->sleep_work, rt2x00lib_sleep);
  
@@ -138,7 +138,7 @@
  	/*
  	 * Let the driver probe the device to detect the capabilities.
  	 */
-@@ -1484,6 +1488,11 @@ void rt2x00lib_remove_dev(struct rt2x00_
+@@ -1556,6 +1560,11 @@ void rt2x00lib_remove_dev(struct rt2x00_
  	 * Free the driver data.
  	 */
  	kfree(rt2x00dev->drv_data);

package/kernel/mac80211/patches/606-rt2x00-allow_disabling_bands_through_platform_data.patch

@@ -12,7 +12,7 @@
  #endif /* _RT2X00_PLATFORM_H */
 --- a/drivers/net/wireless/ralink/rt2x00/rt2x00dev.c
 +++ b/drivers/net/wireless/ralink/rt2x00/rt2x00dev.c
-@@ -951,6 +951,22 @@ static int rt2x00lib_probe_hw_modes(stru
+@@ -1023,6 +1023,22 @@ static int rt2x00lib_probe_hw_modes(stru
  	unsigned int num_rates;
  	unsigned int i;
  
@@ -37,7 +37,7 @@
  		num_rates += 4;
 --- a/drivers/net/wireless/ralink/rt2x00/rt2x00.h
 +++ b/drivers/net/wireless/ralink/rt2x00/rt2x00.h
-@@ -408,6 +408,7 @@ struct hw_mode_spec {
+@@ -409,6 +409,7 @@ struct hw_mode_spec {
  	unsigned int supported_bands;
  #define SUPPORT_BAND_2GHZ	0x00000001
  #define SUPPORT_BAND_5GHZ	0x00000002

package/kernel/mac80211/patches/607-rt2x00-add_platform_data_mac_addr.patch

@@ -1,6 +1,6 @@
 --- a/drivers/net/wireless/ralink/rt2x00/rt2x00dev.c
 +++ b/drivers/net/wireless/ralink/rt2x00/rt2x00dev.c
-@@ -929,8 +929,13 @@ static void rt2x00lib_rate(struct ieee80
+@@ -1001,8 +1001,13 @@ static void rt2x00lib_rate(struct ieee80
  
  void rt2x00lib_set_mac_address(struct rt2x00_dev *rt2x00dev, u8 *eeprom_mac_addr)
  {

package/kernel/mac80211/patches/608-rt2x00-allow_disabling_bands_through_dts.patch

@@ -1,6 +1,6 @@
 --- a/drivers/net/wireless/ralink/rt2x00/rt2x00dev.c
 +++ b/drivers/net/wireless/ralink/rt2x00/rt2x00dev.c
-@@ -955,6 +955,16 @@ static int rt2x00lib_probe_hw_modes(stru
+@@ -1027,6 +1027,16 @@ static int rt2x00lib_probe_hw_modes(stru
  	struct ieee80211_rate *rates;
  	unsigned int num_rates;
  	unsigned int i;

package/kernel/mac80211/patches/610-rt2x00-change-led-polarity-from-OF.patch

@@ -8,7 +8,7 @@
  
  #include "rt2x00.h"
  #include "rt2800lib.h"
-@@ -7861,6 +7862,17 @@ static int rt2800_init_eeprom(struct rt2
+@@ -9261,6 +9262,17 @@ static int rt2800_init_eeprom(struct rt2
  	rt2800_init_led(rt2x00dev, &rt2x00dev->led_assoc, LED_TYPE_ASSOC);
  	rt2800_init_led(rt2x00dev, &rt2x00dev->led_qual, LED_TYPE_QUALITY);
  

package/kernel/mac80211/patches/611-rt2x00-add-AP+STA-support.patch

@@ -1,6 +1,6 @@
 --- a/drivers/net/wireless/ralink/rt2x00/rt2x00dev.c
 +++ b/drivers/net/wireless/ralink/rt2x00/rt2x00dev.c
-@@ -1286,7 +1286,7 @@ static inline void rt2x00lib_set_if_comb
+@@ -1358,7 +1358,7 @@ static inline void rt2x00lib_set_if_comb
  	 */
  	if_limit = &rt2x00dev->if_limits_ap;
  	if_limit->max = rt2x00dev->ops->max_ap_intf;

package/kernel/mac80211/patches/620-rt2x00-enable-rt2800soc-for-mt7620.patch

@@ -1,20 +0,0 @@
---- a/drivers/net/wireless/ralink/rt2x00/Kconfig
-+++ b/drivers/net/wireless/ralink/rt2x00/Kconfig
-@@ -211,7 +211,7 @@ endif
- config RT2800SOC
- 	tristate "Ralink WiSoC support"
- 	depends on m
--	depends on SOC_RT288X || SOC_RT305X || SOC_RT3883
-+	depends on SOC_RT288X || SOC_RT305X || SOC_RT3883 || SOC_MT7620
- 	select RT2X00_LIB_SOC
- 	select RT2X00_LIB_MMIO
- 	select RT2X00_LIB_CRYPTO
-@@ -248,7 +248,7 @@ config RT2X00_LIB_PCI
- 
- config RT2X00_LIB_SOC
- 	tristate "RT2x00 SoC support"
--	depends on SOC_RT288X || SOC_RT305X || SOC_RT3883
-+	depends on SOC_RT288X || SOC_RT305X || SOC_RT3883 || SOC_MT7620
- 	depends on m
- 	select RT2X00_LIB
- 

package/kernel/mt76/Makefile

@@ -1,16 +1,16 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=mt76
-PKG_RELEASE=2
+PKG_RELEASE=1
 
 PKG_LICENSE:=GPLv2
 PKG_LICENSE_FILES:=
 
 PKG_SOURCE_URL:=https://github.com/openwrt/mt76
 PKG_SOURCE_PROTO:=git
-PKG_SOURCE_DATE:=2017-01-31
-PKG_SOURCE_VERSION:=3c8caafc5e150db79f714b958a51cee8f242f309
-PKG_MIRROR_HASH:=c03c166466cb7ea825e52cd085511045e3847d927ba2bde2b8fb46595a3ed13a
+PKG_SOURCE_DATE:=2017-10-12
+PKG_SOURCE_VERSION:=1be430fc8ae486e61f51f76925b30d6ff64c37dd
+PKG_MIRROR_HASH:=992e3d86d493b976ec23fb4f1179a72c3e34199c6ec5a93f37069555c9b19d9c
 
 PKG_MAINTAINER:=Felix Fietkau <nbd@nbd.name>
 PKG_BUILD_PARALLEL:=1

package/kernel/mwlwifi/Makefile

@@ -8,7 +8,7 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=mwlwifi
-PKG_VERSION:=10.3.2.0-20170110
+PKG_VERSION:=10.3.4.0.git-2017-06-06
 PKG_RELEASE=1
 
 PKG_LICENSE:=ISC
@@ -16,8 +16,8 @@ PKG_LICENSE_FILES:=
 
 PKG_SOURCE_URL:=https://github.com/kaloz/mwlwifi
 PKG_SOURCE_PROTO:=git
-PKG_SOURCE_VERSION:=ccdfdac28f7666474745b1f46f0769f3a2879b5f
-PKG_MIRROR_HASH:=a903d87cbd252019d2dee84ca331e3c865be611e989301aadaaee86ca4ce2435
+PKG_SOURCE_VERSION:=36bc32767ed89e07c5c83036861d2fa4eb1f8629
+PKG_MIRROR_HASH:=d5757303e87c3f800040c289d806b602acde81bffccaa3290f99799bf3651f01
 
 PKG_MAINTAINER:=Imre Kaloz <kaloz@openwrt.org>
 PKG_BUILD_PARALLEL:=1

package/kernel/om-watchdog/Makefile

@@ -8,7 +8,7 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=om-watchdog
-PKG_RELEASE:=1
+PKG_RELEASE:=2
 PKG_VERSION:=1
 
 include $(INCLUDE_DIR)/package.mk
@@ -24,12 +24,6 @@ define Package/om-watchdog/description
  This package contains the hw watchdog script for the OM1P and OM2P device.
 endef
 
-define Build/Prepare
-endef
-
-define Build/Compile
-endef
-
 define Build/Compile
 endef
 
@@ -40,6 +34,4 @@ define Package/om-watchdog/install
 	$(INSTALL_BIN) ./files/om-watchdog $(1)/sbin/om-watchdog
 endef
 
-
 $(eval $(call BuildPackage,om-watchdog))
-

package/kernel/om-watchdog/files/om-watchdog.init

@@ -16,37 +16,46 @@ get_gpio() {
 		local board=$(ar71xx_board_name)
 
 		case "$board" in
-			"om2p" | \
-			"om2pv4" | \
-			"om2p-hs" | \
-			"om2p-hsv2" | \
-			"om2p-hsv3" | \
-			"om2p-hsv4" | \
-			"om5p-acv2")
-				return 12
-				;;
-			"om2pv2" | \
-			"om2p-lc")
-				return 26
-				;;
-			"om5p" | \
-			"om5p-an")
-				return 11
-				;;
-			"om5p-ac")
-				return 17
-				;;
-			"mr600v2")
-				return 15
-				;;
-			"mr900" | \
-			"mr900v2" | \
-			"mr1750" | \
-			"mr1750v2" | \
-			"a40" | \
-			"a60")
-				return 16
-				;;
+		"a40"|\
+		"a60"|\
+		"mr1750"|\
+		"mr1750v2"|\
+		"mr900"|\
+		"mr900v2")
+			return 16
+			;;
+		"mr600v2")
+			return 15
+			;;
+		"om2p"|\
+		"om2p-hs"|\
+		"om2p-hsv2"|\
+		"om2p-hsv3"|\
+		"om2p-hsv4"|\
+		"om2pv4"|\
+		"om5p-acv2")
+			return 12
+			;;
+		"om2p-lc"|\
+		"om2pv2")
+			return 26
+			;;
+		"om5p"|\
+		"om5p-an")
+			return 11
+			;;
+		"om5p-ac")
+			return 17
+			;;
+		esac
+	elif [ -r /lib/ramips.sh ]; then
+		. /lib/ramips.sh
+		local board=$(ramips_board_name)
+
+		case "$board" in
+		"rut5xx")
+			return 11
+			;;
 		esac
 	else
 		#we assume it is om1p in this case

package/libs/mbedtls/Makefile

@@ -8,13 +8,13 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=mbedtls
-PKG_VERSION:=2.4.2
+PKG_VERSION:=2.6.0
 PKG_RELEASE:=1
 PKG_USE_MIPS16:=0
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-gpl.tgz
 PKG_SOURCE_URL:=https://tls.mbed.org/download/
-PKG_HASH:=d01f2d5586a52055329d194d909103f445bd2d0b6b2b5f1c830fbf828ac6299f
+PKG_HASH:=a99959d7360def22f9108d2d487c9de384fe76c349697176b1f22370080d5810
 
 PKG_BUILD_PARALLEL:=1
 PKG_LICENSE:=GPL-2.0+

package/libs/mbedtls/patches/200-config.patch

@@ -1,6 +1,6 @@
 --- a/include/mbedtls/config.h
 +++ b/include/mbedtls/config.h
-@@ -191,7 +191,7 @@
+@@ -220,7 +220,7 @@
   *
   * Uncomment to get errors on using deprecated functions.
   */
@@ -9,7 +9,7 @@
  
  /* \} name SECTION: System support */
  
-@@ -441,17 +441,17 @@
+@@ -539,17 +539,17 @@
   *
   * Comment macros to disable the curve and functions for it
   */
@@ -35,7 +35,7 @@
  #define MBEDTLS_ECP_DP_CURVE25519_ENABLED
  
  /**
-@@ -476,8 +476,8 @@
+@@ -574,8 +574,8 @@
   * Requires: MBEDTLS_HMAC_DRBG_C
   *
   * Comment this macro to disable deterministic ECDSA.
@@ -45,7 +45,7 @@
  
  /**
   * \def MBEDTLS_KEY_EXCHANGE_PSK_ENABLED
-@@ -523,7 +523,7 @@
+@@ -621,7 +621,7 @@
   *      MBEDTLS_TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA
   *      MBEDTLS_TLS_DHE_PSK_WITH_RC4_128_SHA
   */
@@ -54,7 +54,7 @@
  
  /**
   * \def MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
-@@ -542,8 +542,8 @@
+@@ -640,8 +640,8 @@
   *      MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256
   *      MBEDTLS_TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA
   *      MBEDTLS_TLS_ECDHE_PSK_WITH_RC4_128_SHA
@@ -64,7 +64,7 @@
  
  /**
   * \def MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED
-@@ -568,7 +568,7 @@
+@@ -666,7 +666,7 @@
   *      MBEDTLS_TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA
   *      MBEDTLS_TLS_RSA_PSK_WITH_RC4_128_SHA
   */
@@ -73,7 +73,7 @@
  
  /**
   * \def MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
-@@ -695,7 +695,7 @@
+@@ -793,7 +793,7 @@
   *      MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256
   *      MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384
   */
@@ -82,7 +82,7 @@
  
  /**
   * \def MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED
-@@ -719,7 +719,7 @@
+@@ -817,7 +817,7 @@
   *      MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256
   *      MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384
   */
@@ -91,7 +91,7 @@
  
  /**
   * \def MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED
-@@ -823,7 +823,7 @@
+@@ -921,7 +921,7 @@
   * This option is only useful if both MBEDTLS_SHA256_C and
   * MBEDTLS_SHA512_C are defined. Otherwise the available hash module is used.
   */
@@ -100,7 +100,7 @@
  
  /**
   * \def MBEDTLS_ENTROPY_NV_SEED
-@@ -917,14 +917,14 @@
+@@ -1015,14 +1015,14 @@
   * Uncomment this macro to disable the use of CRT in RSA.
   *
   */
@@ -117,7 +117,7 @@
  
  /**
   * \def MBEDTLS_SHA256_SMALLER
-@@ -940,7 +940,7 @@
+@@ -1038,7 +1038,7 @@
   *
   * Uncomment to enable the smaller implementation of SHA256.
   */
@@ -126,7 +126,7 @@
  
  /**
   * \def MBEDTLS_SSL_ALL_ALERT_MESSAGES
-@@ -1059,8 +1059,8 @@
+@@ -1157,8 +1157,8 @@
   * misuse/misunderstand.
   *
   * Comment this to disable support for renegotiation.
@@ -136,7 +136,7 @@
  
  /**
   * \def MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO
-@@ -1234,8 +1234,8 @@
+@@ -1332,8 +1332,8 @@
   * callbacks are provided by MBEDTLS_SSL_TICKET_C.
   *
   * Comment this macro to disable support for SSL session tickets
@@ -146,7 +146,7 @@
  
  /**
   * \def MBEDTLS_SSL_EXPORT_KEYS
-@@ -1265,7 +1265,7 @@
+@@ -1363,7 +1363,7 @@
   *
   * Comment this macro to disable support for truncated HMAC in SSL
   */
@@ -155,7 +155,7 @@
  
  /**
   * \def MBEDTLS_THREADING_ALT
-@@ -1299,8 +1299,8 @@
+@@ -1397,8 +1397,8 @@
   * Requires: MBEDTLS_VERSION_C
   *
   * Comment this to disable run-time checking and save ROM space
@@ -165,7 +165,7 @@
  
  /**
   * \def MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3
-@@ -1621,7 +1621,7 @@
+@@ -1719,7 +1719,7 @@
   *      MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256
   *      MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256
   */
@@ -174,7 +174,7 @@
  
  /**
   * \def MBEDTLS_CCM_C
-@@ -1635,7 +1635,7 @@
+@@ -1733,7 +1733,7 @@
   * This module enables the AES-CCM ciphersuites, if other requisites are
   * enabled as well.
   */
@@ -183,7 +183,7 @@
  
  /**
   * \def MBEDTLS_CERTS_C
-@@ -1647,7 +1647,7 @@
+@@ -1745,7 +1745,7 @@
   *
   * This module is used for testing (ssl_client/server).
   */
@@ -192,7 +192,7 @@
  
  /**
   * \def MBEDTLS_CIPHER_C
-@@ -1700,7 +1700,7 @@
+@@ -1798,7 +1798,7 @@
   *
   * This module provides debugging functions.
   */
@@ -201,7 +201,7 @@
  
  /**
   * \def MBEDTLS_DES_C
-@@ -1725,8 +1725,8 @@
+@@ -1823,8 +1823,8 @@
   *      MBEDTLS_TLS_PSK_WITH_3DES_EDE_CBC_SHA
   *
   * PEM_PARSE uses DES/3DES for decrypting encrypted keys.
@@ -211,7 +211,7 @@
  
  /**
   * \def MBEDTLS_DHM_C
-@@ -1880,8 +1880,8 @@
+@@ -1978,8 +1978,8 @@
   * Requires: MBEDTLS_MD_C
   *
   * Uncomment to enable the HMAC_DRBG random number geerator.
@@ -221,7 +221,7 @@
  
  /**
   * \def MBEDTLS_MD_C
-@@ -2158,7 +2158,7 @@
+@@ -2256,7 +2256,7 @@
   * Caller:  library/md.c
   *
   */
@@ -230,7 +230,7 @@
  
  /**
   * \def MBEDTLS_RSA_C
-@@ -2235,8 +2235,8 @@
+@@ -2334,8 +2334,8 @@
   * Caller:
   *
   * Requires: MBEDTLS_SSL_CACHE_C
@@ -240,7 +240,7 @@
  
  /**
   * \def MBEDTLS_SSL_COOKIE_C
-@@ -2257,8 +2257,8 @@
+@@ -2356,8 +2356,8 @@
   * Caller:
   *
   * Requires: MBEDTLS_CIPHER_C
@@ -250,7 +250,7 @@
  
  /**
   * \def MBEDTLS_SSL_CLI_C
-@@ -2357,8 +2357,8 @@
+@@ -2456,8 +2456,8 @@
   * Module:  library/version.c
   *
   * This module provides run-time version information.
@@ -260,7 +260,7 @@
  
  /**
   * \def MBEDTLS_X509_USE_C
-@@ -2468,7 +2468,7 @@
+@@ -2567,7 +2567,7 @@
   * Module:  library/xtea.c
   * Caller:
   */
@@ -269,3 +269,12 @@
  
  /* \} name SECTION: mbed TLS modules */
  
+@@ -2681,7 +2681,7 @@
+  * recommended because of it is possible to generte SHA-1 collisions, however
+  * this may be safe for legacy infrastructure where additional controls apply.
+  */
+-// #define MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_CERTIFICATES
++#define MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_CERTIFICATES
+ 
+ /**
+  * Allow SHA-1 in the default TLS configuration for TLS 1.2 handshake

package/libs/openssl/Makefile

@@ -168,7 +168,7 @@ else
   endif
 endif
 
-STAMP_CONFIGURED := $(STAMP_CONFIGURED)_$(subst $(space),_,$(OPENSSL_OPTIONS))
+STAMP_CONFIGURED := $(STAMP_CONFIGURED)_$(shell echo $(OPENSSL_OPTIONS) | mkhash md5)
 
 define Build/Configure
 	[ -f $(STAMP_CONFIGURED) ] || { \

package/libs/uclient/Makefile

@@ -5,9 +5,9 @@ PKG_RELEASE=1
 
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL=$(LEDE_GIT)/project/uclient.git
-PKG_SOURCE_DATE:=2016-12-09
-PKG_SOURCE_VERSION:=52d955fd802a4d990b7ff9116f02ff52aa63ffec
-PKG_MIRROR_HASH:=b96f53ccaa62a229e818be836bb4fc85aa4a1ce257fd41fbdbf4e31a959c641f
+PKG_SOURCE_DATE:=2017-09-06
+PKG_SOURCE_VERSION:=24d6eded73dec427fc4a3a20cc73c94227f59c31
+PKG_MIRROR_HASH:=e884ae0c859baa20a5c7f3d924022f8e1f57d28474dbe5fed1efb8fb97790dd0
 CMAKE_INSTALL:=1
 
 PKG_BUILD_DEPENDS:=ustream-ssl

package/network/config/firewall/Makefile

@@ -9,13 +9,13 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=firewall
-PKG_RELEASE:=2
+PKG_RELEASE:=1
 
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL=$(LEDE_GIT)/project/firewall3.git
-PKG_SOURCE_DATE:=2017-01-13
-PKG_SOURCE_VERSION:=37cb4cb437fd685f31926a4c326ba8afe329e4a6
-PKG_MIRROR_HASH:=7ee075f05977e5d9a78e661b537e6eb077c8f328ff2e71d1e2fbef44cca97355
+PKG_SOURCE_DATE:=2017-05-27
+PKG_SOURCE_VERSION:=a4d98aea373e04f3fdc3c492c1688ba52ce490a9
+PKG_MIRROR_HASH:=55402b1e6bb471f6aed599c61c1c63b58212f5789f094d78247646fc0a7cf435
 PKG_MAINTAINER:=Jo-Philipp Wich <jo@mein.io>
 PKG_LICENSE:=ISC
 

package/network/config/gre/Makefile

@@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=gre
 PKG_VERSION:=1
-PKG_RELEASE:=6
+PKG_RELEASE:=7
 PKG_LICENSE:=GPL-2.0
 
 include $(INCLUDE_DIR)/package.mk