OpenWrt v21.02.0-rc2: adjust config defaults

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>

feeds.conf.default

@@ -1,4 +1,4 @@
-src-git packages https://git.openwrt.org/feed/packages.git^4ceeb8fc90ed2c2e650ddddc855e7ed1df071c22
-src-git luci https://git.openwrt.org/project/luci.git^7d913b997601d533cca187cfc1b3057c3c98effc
-src-git routing https://git.openwrt.org/feed/routing.git^5b4d4c7fb6a97cac68c7d8b156fd0ab27bab4dcc
-src-git telephony https://git.openwrt.org/feed/telephony.git^178822957123b821407e1216e9e7314161512ac6
+src-git packages https://git.openwrt.org/feed/packages.git^920c4f29c55d26d8d602c1357ffd6b23a0df5914
+src-git luci https://git.openwrt.org/project/luci.git^09329fe7bb6571032570b21541c1991a3443cc07
+src-git routing https://git.openwrt.org/feed/routing.git^57533a25e84932a7e50b8483843c840f0924bc0c
+src-git telephony https://git.openwrt.org/feed/telephony.git^04e1378baf2b720395d284f661240e6f7f9cab35

include/image.mk

@@ -472,7 +472,8 @@ endef
 ifndef IB
 define Device/Build/initramfs
   $(call Device/Export,$(KDIR)/tmp/$$(KERNEL_INITRAMFS_IMAGE),$(1))
-  $$(_TARGET): $$(if $$(KERNEL_INITRAMFS),$(BIN_DIR)/$$(KERNEL_INITRAMFS_IMAGE))
+  $$(_TARGET): $$(if $$(KERNEL_INITRAMFS),$(BIN_DIR)/$$(KERNEL_INITRAMFS_IMAGE) \
+	  $$(if $$(CONFIG_JSON_OVERVIEW_IMAGE_INFO), $(BUILD_DIR)/json_info_files/$$(KERNEL_INITRAMFS_IMAGE).json,))
 
   $(KDIR)/$$(KERNEL_INITRAMFS_NAME):: image_prepare
   $(BIN_DIR)/$$(KERNEL_INITRAMFS_IMAGE): $(KDIR)/tmp/$$(KERNEL_INITRAMFS_IMAGE)
@@ -481,6 +482,38 @@ define Device/Build/initramfs
   $(KDIR)/tmp/$$(KERNEL_INITRAMFS_IMAGE): $(KDIR)/$$(KERNEL_INITRAMFS_NAME) $(CURDIR)/Makefile $$(KERNEL_DEPENDS) image_prepare
 	@rm -f $$@
 	$$(call concat_cmd,$$(KERNEL_INITRAMFS))
+
+  $(call Device/Export,$(BUILD_DIR)/json_info_files/$$(KERNEL_INITRAMFS_IMAGE).json,$(1))
+
+  $(BUILD_DIR)/json_info_files/$$(KERNEL_INITRAMFS_IMAGE).json: $(BIN_DIR)/$$(KERNEL_INITRAMFS_IMAGE)
+	@mkdir -p $$(shell dirname $$@)
+	DEVICE_ID="$(1)" \
+	BIN_DIR="$(BIN_DIR)" \
+	SOURCE_DATE_EPOCH=$(SOURCE_DATE_EPOCH) \
+	IMAGE_NAME="$$(notdir $$^)" \
+	IMAGE_TYPE="kernel" \
+	IMAGE_FILESYSTEM="initramfs" \
+	IMAGE_PREFIX="$$(IMAGE_PREFIX)" \
+	DEVICE_VENDOR="$$(DEVICE_VENDOR)" \
+	DEVICE_MODEL="$$(DEVICE_MODEL)" \
+	DEVICE_VARIANT="$$(DEVICE_VARIANT)" \
+	DEVICE_ALT0_VENDOR="$$(DEVICE_ALT0_VENDOR)" \
+	DEVICE_ALT0_MODEL="$$(DEVICE_ALT0_MODEL)" \
+	DEVICE_ALT0_VARIANT="$$(DEVICE_ALT0_VARIANT)" \
+	DEVICE_ALT1_VENDOR="$$(DEVICE_ALT1_VENDOR)" \
+	DEVICE_ALT1_MODEL="$$(DEVICE_ALT1_MODEL)" \
+	DEVICE_ALT1_VARIANT="$$(DEVICE_ALT1_VARIANT)" \
+	DEVICE_ALT2_VENDOR="$$(DEVICE_ALT2_VENDOR)" \
+	DEVICE_ALT2_MODEL="$$(DEVICE_ALT2_MODEL)" \
+	DEVICE_ALT2_VARIANT="$$(DEVICE_ALT2_VARIANT)" \
+	DEVICE_TITLE="$$(DEVICE_TITLE)" \
+	DEVICE_PACKAGES="$$(DEVICE_PACKAGES)" \
+	TARGET="$(BOARD)" \
+	SUBTARGET="$(if $(SUBTARGET),$(SUBTARGET),generic)" \
+	VERSION_NUMBER="$(VERSION_NUMBER)" \
+	VERSION_CODE="$(VERSION_CODE)" \
+	SUPPORTED_DEVICES="$$(SUPPORTED_DEVICES)" \
+	$(TOPDIR)/scripts/json_add_image_info.py $$@
 endef
 endif
 

include/kernel-defaults.mk

@@ -43,7 +43,9 @@ else
 		rmdir $(LINUX_DIR); \
 	fi
 	ln -s $(CONFIG_EXTERNAL_KERNEL_TREE) $(LINUX_DIR)
-	$(_SINGLE) [ -d $(LINUX_DIR)/user_headers ] && rm -rf $(LINUX_DIR)/user_headers
+	if [ -d $(LINUX_DIR)/user_headers ]; then \
+		rm -rf $(LINUX_DIR)/user_headers; \
+	fi
   endef
 endif
 

include/kernel-version.mk

@@ -6,9 +6,9 @@ ifdef CONFIG_TESTING_KERNEL
   KERNEL_PATCHVER:=$(KERNEL_TESTING_PATCHVER)
 endif
 
-LINUX_VERSION-5.4 = .111
+LINUX_VERSION-5.4 = .119
 
-LINUX_KERNEL_HASH-5.4.111 = 21626132658dc34cb41b7aa7b80ecf83751890a71ac1a63d77aea9d488271a03
+LINUX_KERNEL_HASH-5.4.119 = 71e7decf1e8149a8aed88d30df4f2a62a6c6b168111de6b261685ac7c0ecb2a0
 
 remove_uri_prefix=$(subst git://,,$(subst http://,,$(subst https://,,$(1))))
 sanitize_uri=$(call qstrip,$(subst @,_,$(subst :,_,$(subst .,_,$(subst -,_,$(subst /,_,$(1)))))))

include/prereq-build.mk

@@ -65,11 +65,22 @@ $(eval $(call TestHostCommand,perl-data-dumper, \
 	Please install the Perl Data::Dumper module, \
 	perl -MData::Dumper -e 1))
 
+$(eval $(call TestHostCommand,perl-findbin, \
+	Please install the Perl FindBin module, \
+	perl -MFindBin -e 1))
+
+$(eval $(call TestHostCommand,perl-file-copy, \
+	Please install the Perl File::Copy module, \
+	perl -MFile::Copy -e 1))
+
+$(eval $(call TestHostCommand,perl-file-compare, \
+	Please install the Perl File::Compare module, \
+	perl -MFile::Compare -e 1))
+
 $(eval $(call TestHostCommand,perl-thread-queue, \
 	Please install the Perl Thread::Queue module, \
 	perl -MThread::Queue -e 1))
 
-
 $(eval $(call SetupHostCommand,tar,Please install GNU 'tar', \
 	gtar --version 2>&1 | grep GNU, \
 	gnutar --version 2>&1 | grep GNU, \

include/version.mk

@@ -23,13 +23,13 @@ PKG_CONFIG_DEPENDS += \
 sanitize = $(call tolower,$(subst _,-,$(subst $(space),-,$(1))))
 
 VERSION_NUMBER:=$(call qstrip,$(CONFIG_VERSION_NUMBER))
-VERSION_NUMBER:=$(if $(VERSION_NUMBER),$(VERSION_NUMBER),21.02.0-rc1)
+VERSION_NUMBER:=$(if $(VERSION_NUMBER),$(VERSION_NUMBER),21.02.0-rc2)
 
 VERSION_CODE:=$(call qstrip,$(CONFIG_VERSION_CODE))
-VERSION_CODE:=$(if $(VERSION_CODE),$(VERSION_CODE),r16046-59980f7aaf)
+VERSION_CODE:=$(if $(VERSION_CODE),$(VERSION_CODE),r16122-c2139eef27)
 
 VERSION_REPO:=$(call qstrip,$(CONFIG_VERSION_REPO))
-VERSION_REPO:=$(if $(VERSION_REPO),$(VERSION_REPO),https://downloads.openwrt.org/releases/21.02.0-rc1)
+VERSION_REPO:=$(if $(VERSION_REPO),$(VERSION_REPO),https://downloads.openwrt.org/releases/21.02.0-rc2)
 
 VERSION_DIST:=$(call qstrip,$(CONFIG_VERSION_DIST))
 VERSION_DIST:=$(if $(VERSION_DIST),$(VERSION_DIST),OpenWrt)

package/base-files/files/bin/config_generate

@@ -40,7 +40,7 @@ generate_static_network() {
 	uci -q batch <<-EOF
 		delete network.loopback
 		set network.loopback='interface'
-		set network.loopback.ifname='lo'
+		set network.loopback.device='lo'
 		set network.loopback.proto='static'
 		set network.loopback.ipaddr='127.0.0.1'
 		set network.loopback.netmask='255.0.0.0'
@@ -91,51 +91,64 @@ generate_static_network() {
 
 addr_offset=2
 generate_network() {
-	local ifname macaddr protocol type ipaddr netmask vlan
+	local ports device macaddr protocol type ipaddr netmask vlan
 	local bridge=$2
 
 	json_select network
 		json_select "$1"
-			json_get_vars ifname macaddr protocol ipaddr netmask vlan
+			json_get_vars device macaddr protocol ipaddr netmask vlan
+			json_get_values ports ports
 		json_select ..
 	json_select ..
 
-	[ -n "$ifname" ] || return
+	[ -n "$device" -o -n "$ports" ] || return
 
-	# force bridge for multi-interface devices (and lan)
-	case "$1:$ifname" in
-		*\ * | lan:*) type="bridge" ;;
-	esac
+	# Force bridge for "lan" as it may have other devices (e.g. wireless)
+	# bridged
+	[ "$1" = "lan" -a -z "$ports" ] && {
+		ports="$device"
+	}
+
+	[ -n "$ports" -a -z "$bridge" ] && {
+		uci -q batch <<-EOF
+			add network device
+			set network.@device[-1].name='br-$1'
+			set network.@device[-1].type='bridge'
+			set network.@device[-1].macaddr='$macaddr'
+		EOF
+		for port in $ports; do uci add_list network.@device[-1].ports="$port"; done
+		device=br-$1
+		type=
+		macaddr=""
+	}
 
 	[ -n "$bridge" ] && {
+		[ -z "$ports" ] && ports="$device"
 		if [ -z "$vlan" ]; then
 			bridge_vlan_id=$((bridge_vlan_id + 1))
 			vlan=$bridge_vlan_id
 		fi
-		generate_bridge_vlan $1 $bridge "$ifname" $vlan
-		ifname=$bridge.$vlan
+		generate_bridge_vlan $1 $bridge "$ports" $vlan
+		device=$bridge.$vlan
 		type=""
 	}
 
+	if [ -n "$macaddr" ]; then
+		uci -q batch <<-EOF
+			add network device
+			set network.@device[-1].name='$device'
+			set network.@device[-1].macaddr='$macaddr'
+		EOF
+	fi
+
 	uci -q batch <<-EOF
 		delete network.$1
 		set network.$1='interface'
 		set network.$1.type='$type'
-		set network.$1.ifname='$ifname'
+		set network.$1.device='$device'
 		set network.$1.proto='none'
 	EOF
 
-	if [ -n "$macaddr" ]; then
-		for name in $ifname; do
-			uci -q batch <<-EOF
-				delete network.$1_${name/./_}_dev
-				set network.$1_${name/./_}_dev='device'
-				set network.$1_${name/./_}_dev.name='$name'
-				set network.$1_${name/./_}_dev.macaddr='$macaddr'
-			EOF
-		done
-	fi
-
 	case "$protocol" in
 		static)
 			local ipad
@@ -156,14 +169,14 @@ generate_network() {
 
 		dhcp)
 			# fixup IPv6 slave interface if parent is a bridge
-			[ "$type" = "bridge" ] && ifname="br-$1"
+			[ "$type" = "bridge" ] && device="br-$1"
 
 			uci set network.$1.proto='dhcp'
 			[ -e /proc/sys/net/ipv6 ] && {
 				uci -q batch <<-EOF
 					delete network.${1}6
 					set network.${1}6='interface'
-					set network.${1}6.ifname='$ifname'
+					set network.${1}6.device='$device'
 					set network.${1}6.proto='dhcpv6'
 				EOF
 			}
@@ -180,7 +193,7 @@ generate_network() {
 					set network.$1.ipv6='1'
 					delete network.${1}6
 					set network.${1}6='interface'
-					set network.${1}6.ifname='@${1}'
+					set network.${1}6.device='@${1}'
 					set network.${1}6.proto='dhcpv6'
 				EOF
 			}

package/base-files/files/etc/shinit

@@ -22,7 +22,7 @@ service() {
 			printf "%-30s\t%10s\t%10s\n"  "$F" \
 			$( $($F enabled) && echo "enabled" || echo "disabled" ) \
 			$( [ "$(ubus call service list "{ 'verbose': true, 'name': '$(basename $F)' }" \
-			| jsonfilter -q -e "@.$(basename $F).instances[*].running" | uniq)" = "true" ] \
+			| jsonfilter -q -e "@['$(basename $F)'].instances[*].running" | uniq)" = "true" ] \
 			&& echo "running" || echo "stopped" )
 		done;
 		return 1

package/base-files/files/lib/functions/uci-defaults.sh

@@ -39,7 +39,13 @@ ucidef_set_interface() {
 
 		[ -n "$opt" -a -n "$val" ] || break
 
-		json_add_string "$opt" "$val"
+		[ "$opt" = "device" -a "$val" != "${val/ //}" ] && {
+			json_select_array "ports"
+			for e in $val; do json_add_string "" "$e"; done
+			json_close_array
+		} || {
+			json_add_string "$opt" "$val"
+		}
 	done
 
 	if ! json_is_a protocol string; then
@@ -73,11 +79,11 @@ ucidef_set_compat_version() {
 }
 
 ucidef_set_interface_lan() {
-	ucidef_set_interface "lan" ifname "$1" protocol "${2:-static}"
+	ucidef_set_interface "lan" device "$1" protocol "${2:-static}"
 }
 
 ucidef_set_interface_wan() {
-	ucidef_set_interface "wan" ifname "$1" protocol "${2:-dhcp}"
+	ucidef_set_interface "wan" device "$1" protocol "${2:-dhcp}"
 }
 
 ucidef_set_interfaces_lan_wan() {
@@ -195,14 +201,14 @@ _ucidef_finish_switch_roles() {
 
 			json_select_object "$role"
 				# attach previous interfaces (for multi-switch devices)
-				json_get_var devices ifname
+				json_get_var devices device
 				if ! list_contains devices "$device"; then
 					devices="${devices:+$devices }$device"
 				fi
 			json_select ..
 		json_select ..
 
-		ucidef_set_interface "$role" ifname "$devices"
+		ucidef_set_interface "$role" device "$devices"
 	done
 }
 

package/base-files/image-config.in

@@ -183,7 +183,7 @@ if VERSIONOPT
 	config VERSION_REPO
 		string
 		prompt "Release repository"
-		default "https://downloads.openwrt.org/releases/21.02.0-rc1"
+		default "https://downloads.openwrt.org/releases/21.02.0-rc2"
 		help
 			This is the repository address embedded in the image, it defaults
 			to the trunk snapshot repo; the url may contain the following placeholders:

package/firmware/amd64-microcode/Makefile

@@ -18,6 +18,8 @@ PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-3.$(PKG_VERSION).$(PKG_RELEASE)
 
 PKG_LICENSE_FILE:=LICENSE.amd-ucode
 
+PKG_FLAGS:=nonshared
+
 include $(INCLUDE_DIR)/package.mk
 
 define Package/amd64-microcode

package/firmware/cypress-nvram/Makefile

@@ -18,6 +18,8 @@ PKG_SOURCE_URL:=https://github.com/openwrt/cypress-nvram.git
 
 PKG_MAINTAINER:=Álvaro Fernández Rojas <noltari@gmail.com>
 
+PKG_FLAGS:=nonshared
+
 include $(INCLUDE_DIR)/package.mk
 
 define Package/cypress-nvram-default

package/firmware/intel-microcode/Makefile

@@ -24,6 +24,8 @@ else
 	MICROCODE:="intel-microcode"
 endif
 
+PKG_FLAGS:=nonshared
+
 include $(INCLUDE_DIR)/package.mk
 
 define Package/intel-microcode

package/firmware/ipq-wifi/Makefile

@@ -43,6 +43,8 @@ ALLWIFIBOARDS:= \
 	linksys_ea8300 \
 	linksys_mr8300-v0 \
 	luma_wrtq-329acn \
+	mikrotik_hap-ac2 \
+	mikrotik_sxtsq-5-ac \
 	mobipromo_cm520-79f \
 	nec_wg2600hp3 \
 	plasmacloud_pa1200 \
@@ -126,6 +128,8 @@ $(eval $(call generate-ipq-wifi-package,glinet_gl-s1300,GL.iNet GL-S1300))
 $(eval $(call generate-ipq-wifi-package,linksys_ea8300,Linksys EA8300))
 $(eval $(call generate-ipq-wifi-package,linksys_mr8300-v0,Linksys MR8300))
 $(eval $(call generate-ipq-wifi-package,luma_wrtq-329acn,Luma WRTQ-329ACN))
+$(eval $(call generate-ipq-wifi-package,mikrotik_hap-ac2,Mikrotik hAP ac2))
+$(eval $(call generate-ipq-wifi-package,mikrotik_sxtsq-5-ac,MikroTik SXTsq 5 ac))
 $(eval $(call generate-ipq-wifi-package,mobipromo_cm520-79f,MobiPromo CM520-79F))
 $(eval $(call generate-ipq-wifi-package,nec_wg2600hp3,NEC Platforms WG2600HP3))
 $(eval $(call generate-ipq-wifi-package,plasmacloud_pa1200,Plasma Cloud PA1200))

package/firmware/layerscape/fman-ucode/Makefile

@@ -16,6 +16,8 @@ PKG_SOURCE_URL:=https://github.com/NXP/qoriq-fm-ucode.git
 PKG_SOURCE_VERSION:=c275e91392e2adab1ed22f3867b8269ca3c54014
 PKG_MIRROR_HASH:=90b619ed501462b92f34f2fabfa09d6aaa5235990891d1c3132821c7d18a39bd
 
+PKG_FLAGS:=nonshared
+
 include $(INCLUDE_DIR)/package.mk
 
 define Package/layerscape-fman

package/firmware/layerscape/ls-ddr-phy/Makefile

@@ -18,6 +18,8 @@ PKG_BUILD_DEPENDS:=tfa-layerscape/host
 PKG_LICENSE:=EULA
 PKG_LICENSE_FILES:=NXP-Binary-EULA.txt
 
+PKG_FLAGS:=nonshared
+
 include $(INCLUDE_DIR)/package.mk
 
 define Package/layerscape-ddr-phy

package/firmware/layerscape/ls-dpl/Makefile

@@ -16,6 +16,8 @@ PKG_SOURCE_URL:=https://source.codeaurora.org/external/qoriq/qoriq-components/mc
 PKG_SOURCE_VERSION:=8672a5f5abcd3a354dcab07e03f2a8a69b2e962d
 PKG_MIRROR_HASH:=4b8ad3148aee1e0c034206543472aebb435655fd03a661c4c1be545dcac7ddf0
 
+PKG_FLAGS:=nonshared
+
 include $(INCLUDE_DIR)/package.mk
 include $(INCLUDE_DIR)/kernel.mk
 

package/firmware/layerscape/ls-mc/Makefile

@@ -16,6 +16,8 @@ PKG_SOURCE_URL:=https://github.com/NXP/qoriq-mc-binary.git
 PKG_SOURCE_VERSION:=f73683596a7b72124d67b62e64f3dc2bb36b9321
 PKG_MIRROR_HASH:=1cba30c2a6814763c3e155c1cc5fa21998bb6ad5814fcb09e99f98bf36f65d9e
 
+PKG_FLAGS:=nonshared
+
 include $(INCLUDE_DIR)/package.mk
 
 define Package/layerscape-mc

package/firmware/layerscape/ls-rcw/Makefile

@@ -16,6 +16,8 @@ PKG_SOURCE_URL:=https://source.codeaurora.org/external/qoriq/qoriq-components/rc
 PKG_SOURCE_VERSION:=e0fab6d9b61003caef577f7474c2fac61e6ba2ff
 PKG_MIRROR_HASH:=b6bc66e27b7c6db31101fdc2e6be7255181861bd38d8f25eb5eb80c468983eb2
 
+PKG_FLAGS:=nonshared
+
 include $(INCLUDE_DIR)/package.mk
 
 define Package/layerscape-rcw

package/firmware/layerscape/ppfe-firmware/Makefile

@@ -16,6 +16,8 @@ PKG_SOURCE_URL:=https://github.com/NXP/qoriq-engine-pfe-bin.git
 PKG_SOURCE_VERSION:=d3a8ef0760c54ddc243039c86389497e37be90ab
 PKG_MIRROR_HASH:=64be93b8249d298e7b5fd0846787835f0659b6ab6c55b40b809366c79e272eb8
 
+PKG_FLAGS:=nonshared
+
 include $(INCLUDE_DIR)/package.mk
 
 RSTRIP:=:

package/kernel/lantiq/ltq-vdsl/Makefile

@@ -9,7 +9,7 @@ include $(INCLUDE_DIR)/kernel.mk
 
 PKG_NAME:=ltq-vdsl-vr9
 PKG_VERSION:=4.17.18.6
-PKG_RELEASE:=3
+PKG_RELEASE:=4
 
 PKG_BASE_NAME:=drv_dsl_cpe_api
 PKG_SOURCE:=$(PKG_BASE_NAME)_vrx-$(PKG_VERSION).tar.gz
@@ -60,6 +60,8 @@ CONFIGURE_ARGS += --enable-kernel-include="$(LINUX_DIR)/include" \
 	--enable-linux-26 \
 	--enable-kernelbuild="$(LINUX_DIR)" \
 	--enable-debug-prints=no \
+	--enable-dsl-pm-retx-counters \
+	--enable-dsl-pm-retx-thresholds \
 	ARCH=mips
 
 CONFIGURE_ARGS += --enable-model=full

package/kernel/mac80211/Makefile

@@ -10,10 +10,10 @@ include $(INCLUDE_DIR)/kernel.mk
 
 PKG_NAME:=mac80211
 
-PKG_VERSION:=5.10.16-1
+PKG_VERSION:=5.10.34-1
 PKG_RELEASE:=1
-PKG_SOURCE_URL:=@KERNEL/linux/kernel/projects/backports/stable/v5.10.16/
-PKG_HASH:=12856db780c5023edc47e2d18486eb3346bb7c82f1f2fc48deb3b163142f7d2d
+PKG_SOURCE_URL:=@KERNEL/linux/kernel/projects/backports/stable/v5.10.34/
+PKG_HASH:=03c4ca6bf47d4e50b91b61bc2943a98c788439e56ce2b4080bc4c94141c2c15b
 
 PKG_SOURCE:=backports-$(PKG_VERSION).tar.xz
 PKG_BUILD_DIR:=$(KERNEL_BUILD_DIR)/backports-$(PKG_VERSION)

package/kernel/mac80211/patches/ath/080-ath10k_thermal_config.patch

@@ -37,7 +37,7 @@
  void ath10k_thermal_event_temperature(struct ath10k *ar, int temperature);
 --- a/local-symbols
 +++ b/local-symbols
-@@ -142,6 +142,7 @@ ATH10K_SNOC=
+@@ -143,6 +143,7 @@ ATH10K_SNOC=
  ATH10K_DEBUG=
  ATH10K_DEBUGFS=
  ATH10K_SPECTRAL=

package/kernel/mac80211/patches/ath/300-ath10k-add-CCMP-PN-replay-protection-for-fragmented-.patch

@@ -0,0 +1,180 @@
+From: Wen Gong <wgong@codeaurora.org>
+Date: Tue, 11 May 2021 20:02:52 +0200
+Subject: [PATCH] ath10k: add CCMP PN replay protection for fragmented
+ frames for PCIe
+
+PN replay check for not fragmented frames is finished in the firmware,
+but this was not done for fragmented frames when ath10k is used with
+QCA6174/QCA6377 PCIe. mac80211 has the function
+ieee80211_rx_h_defragment() for PN replay check for fragmented frames,
+but this does not get checked with QCA6174 due to the
+ieee80211_has_protected() condition not matching the cleared Protected
+bit case.
+
+Validate the PN of received fragmented frames within ath10k when CCMP is
+used and drop the fragment if the PN is not correct (incremented by
+exactly one from the previous fragment). This applies only for
+QCA6174/QCA6377 PCIe.
+
+Tested-on: QCA6174 hw3.2 PCI WLAN.RM.4.4.1-00110-QCARMSWP-1
+
+Cc: stable@vger.kernel.org
+Signed-off-by: Wen Gong <wgong@codeaurora.org>
+Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
+Signed-off-by: Johannes Berg <johannes.berg@intel.com>
+---
+
+--- a/drivers/net/wireless/ath/ath10k/htt.h
++++ b/drivers/net/wireless/ath/ath10k/htt.h
+@@ -846,6 +846,7 @@ enum htt_security_types {
+ 
+ #define ATH10K_HTT_TXRX_PEER_SECURITY_MAX 2
+ #define ATH10K_TXRX_NUM_EXT_TIDS 19
++#define ATH10K_TXRX_NON_QOS_TID 16
+ 
+ enum htt_security_flags {
+ #define HTT_SECURITY_TYPE_MASK 0x7F
+--- a/drivers/net/wireless/ath/ath10k/htt_rx.c
++++ b/drivers/net/wireless/ath/ath10k/htt_rx.c
+@@ -1746,16 +1746,87 @@ static void ath10k_htt_rx_h_csum_offload
+ 	msdu->ip_summed = ath10k_htt_rx_get_csum_state(msdu);
+ }
+ 
++static u64 ath10k_htt_rx_h_get_pn(struct ath10k *ar, struct sk_buff *skb,
++				  u16 offset,
++				  enum htt_rx_mpdu_encrypt_type enctype)
++{
++	struct ieee80211_hdr *hdr;
++	u64 pn = 0;
++	u8 *ehdr;
++
++	hdr = (struct ieee80211_hdr *)(skb->data + offset);
++	ehdr = skb->data + offset + ieee80211_hdrlen(hdr->frame_control);
++
++	if (enctype == HTT_RX_MPDU_ENCRYPT_AES_CCM_WPA2) {
++		pn = ehdr[0];
++		pn |= (u64)ehdr[1] << 8;
++		pn |= (u64)ehdr[4] << 16;
++		pn |= (u64)ehdr[5] << 24;
++		pn |= (u64)ehdr[6] << 32;
++		pn |= (u64)ehdr[7] << 40;
++	}
++	return pn;
++}
++
++static bool ath10k_htt_rx_h_frag_pn_check(struct ath10k *ar,
++					  struct sk_buff *skb,
++					  u16 peer_id,
++					  u16 offset,
++					  enum htt_rx_mpdu_encrypt_type enctype)
++{
++	struct ath10k_peer *peer;
++	union htt_rx_pn_t *last_pn, new_pn = {0};
++	struct ieee80211_hdr *hdr;
++	bool more_frags;
++	u8 tid, frag_number;
++	u32 seq;
++
++	peer = ath10k_peer_find_by_id(ar, peer_id);
++	if (!peer) {
++		ath10k_dbg(ar, ATH10K_DBG_HTT, "invalid peer for frag pn check\n");
++		return false;
++	}
++
++	hdr = (struct ieee80211_hdr *)(skb->data + offset);
++	if (ieee80211_is_data_qos(hdr->frame_control))
++		tid = ieee80211_get_tid(hdr);
++	else
++		tid = ATH10K_TXRX_NON_QOS_TID;
++
++	last_pn = &peer->frag_tids_last_pn[tid];
++	new_pn.pn48 = ath10k_htt_rx_h_get_pn(ar, skb, offset, enctype);
++	more_frags = ieee80211_has_morefrags(hdr->frame_control);
++	frag_number = le16_to_cpu(hdr->seq_ctrl) & IEEE80211_SCTL_FRAG;
++	seq = (__le16_to_cpu(hdr->seq_ctrl) & IEEE80211_SCTL_SEQ) >> 4;
++
++	if (frag_number == 0) {
++		last_pn->pn48 = new_pn.pn48;
++		peer->frag_tids_seq[tid] = seq;
++	} else {
++		if (seq != peer->frag_tids_seq[tid])
++			return false;
++
++		if (new_pn.pn48 != last_pn->pn48 + 1)
++			return false;
++
++		last_pn->pn48 = new_pn.pn48;
++	}
++
++	return true;
++}
++
+ static void ath10k_htt_rx_h_mpdu(struct ath10k *ar,
+ 				 struct sk_buff_head *amsdu,
+ 				 struct ieee80211_rx_status *status,
+ 				 bool fill_crypt_header,
+ 				 u8 *rx_hdr,
+-				 enum ath10k_pkt_rx_err *err)
++				 enum ath10k_pkt_rx_err *err,
++				 u16 peer_id,
++				 bool frag)
+ {
+ 	struct sk_buff *first;
+ 	struct sk_buff *last;
+-	struct sk_buff *msdu;
++	struct sk_buff *msdu, *temp;
+ 	struct htt_rx_desc *rxd;
+ 	struct ieee80211_hdr *hdr;
+ 	enum htt_rx_mpdu_encrypt_type enctype;
+@@ -1768,6 +1839,7 @@ static void ath10k_htt_rx_h_mpdu(struct
+ 	bool is_decrypted;
+ 	bool is_mgmt;
+ 	u32 attention;
++	bool frag_pn_check = true;
+ 
+ 	if (skb_queue_empty(amsdu))
+ 		return;
+@@ -1866,6 +1938,24 @@ static void ath10k_htt_rx_h_mpdu(struct
+ 	}
+ 
+ 	skb_queue_walk(amsdu, msdu) {
++		if (frag && !fill_crypt_header && is_decrypted &&
++		    enctype == HTT_RX_MPDU_ENCRYPT_AES_CCM_WPA2)
++			frag_pn_check = ath10k_htt_rx_h_frag_pn_check(ar,
++								      msdu,
++								      peer_id,
++								      0,
++								      enctype);
++
++		if (!frag_pn_check) {
++			/* Discard the fragment with invalid PN */
++			temp = msdu->prev;
++			__skb_unlink(msdu, amsdu);
++			dev_kfree_skb_any(msdu);
++			msdu = temp;
++			frag_pn_check = true;
++			continue;
++		}
++
+ 		ath10k_htt_rx_h_csum_offload(msdu);
+ 		ath10k_htt_rx_h_undecap(ar, msdu, status, first_hdr, enctype,
+ 					is_decrypted);
+@@ -2071,7 +2161,8 @@ static int ath10k_htt_rx_handle_amsdu(st
+ 		ath10k_htt_rx_h_unchain(ar, &amsdu, &drop_cnt, &unchain_cnt);
+ 
+ 	ath10k_htt_rx_h_filter(ar, &amsdu, rx_status, &drop_cnt_filter);
+-	ath10k_htt_rx_h_mpdu(ar, &amsdu, rx_status, true, first_hdr, &err);
++	ath10k_htt_rx_h_mpdu(ar, &amsdu, rx_status, true, first_hdr, &err, 0,
++			     false);
+ 	msdus_to_queue = skb_queue_len(&amsdu);
+ 	ath10k_htt_rx_h_enqueue(ar, &amsdu, rx_status);
+ 
+@@ -3027,7 +3118,7 @@ static int ath10k_htt_rx_in_ord_ind(stru
+ 			ath10k_htt_rx_h_ppdu(ar, &amsdu, status, vdev_id);
+ 			ath10k_htt_rx_h_filter(ar, &amsdu, status, NULL);
+ 			ath10k_htt_rx_h_mpdu(ar, &amsdu, status, false, NULL,
+-					     NULL);
++					     NULL, peer_id, frag);
+ 			ath10k_htt_rx_h_enqueue(ar, &amsdu, status);
+ 			break;
+ 		case -EAGAIN:

package/kernel/mac80211/patches/ath/301-ath10k-drop-fragments-with-multicast-DA-for-PCIe.patch

@@ -0,0 +1,66 @@
+From: Wen Gong <wgong@codeaurora.org>
+Date: Tue, 11 May 2021 20:02:53 +0200
+Subject: [PATCH] ath10k: drop fragments with multicast DA for PCIe
+
+Fragmentation is not used with multicast frames. Discard unexpected
+fragments with multicast DA. This fixes CVE-2020-26145.
+
+Tested-on: QCA6174 hw3.2 PCI WLAN.RM.4.4.1-00110-QCARMSWP-1
+
+Cc: stable@vger.kernel.org
+Signed-off-by: Wen Gong <wgong@codeaurora.org>
+Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
+Signed-off-by: Johannes Berg <johannes.berg@intel.com>
+---
+
+--- a/drivers/net/wireless/ath/ath10k/htt_rx.c
++++ b/drivers/net/wireless/ath/ath10k/htt_rx.c
+@@ -1768,6 +1768,16 @@ static u64 ath10k_htt_rx_h_get_pn(struct
+ 	return pn;
+ }
+ 
++static bool ath10k_htt_rx_h_frag_multicast_check(struct ath10k *ar,
++						 struct sk_buff *skb,
++						 u16 offset)
++{
++	struct ieee80211_hdr *hdr;
++
++	hdr = (struct ieee80211_hdr *)(skb->data + offset);
++	return !is_multicast_ether_addr(hdr->addr1);
++}
++
+ static bool ath10k_htt_rx_h_frag_pn_check(struct ath10k *ar,
+ 					  struct sk_buff *skb,
+ 					  u16 peer_id,
+@@ -1839,7 +1849,7 @@ static void ath10k_htt_rx_h_mpdu(struct
+ 	bool is_decrypted;
+ 	bool is_mgmt;
+ 	u32 attention;
+-	bool frag_pn_check = true;
++	bool frag_pn_check = true, multicast_check = true;
+ 
+ 	if (skb_queue_empty(amsdu))
+ 		return;
+@@ -1946,13 +1956,20 @@ static void ath10k_htt_rx_h_mpdu(struct
+ 								      0,
+ 								      enctype);
+ 
+-		if (!frag_pn_check) {
+-			/* Discard the fragment with invalid PN */
++		if (frag)
++			multicast_check = ath10k_htt_rx_h_frag_multicast_check(ar,
++									       msdu,
++									       0);
++
++		if (!frag_pn_check || !multicast_check) {
++			/* Discard the fragment with invalid PN or multicast DA
++			 */
+ 			temp = msdu->prev;
+ 			__skb_unlink(msdu, amsdu);
+ 			dev_kfree_skb_any(msdu);
+ 			msdu = temp;
+ 			frag_pn_check = true;
++			multicast_check = true;
+ 			continue;
+ 		}
+ 

package/kernel/mac80211/patches/ath/302-ath10k-drop-fragments-with-multicast-DA-for-SDIO.patch

@@ -0,0 +1,40 @@
+From: Wen Gong <wgong@codeaurora.org>
+Date: Tue, 11 May 2021 20:02:54 +0200
+Subject: [PATCH] ath10k: drop fragments with multicast DA for SDIO
+
+Fragmentation is not used with multicast frames. Discard unexpected
+fragments with multicast DA. This fixes CVE-2020-26145.
+
+Tested-on: QCA6174 hw3.2 SDIO WLAN.RMH.4.4.1-00049
+
+Cc: stable@vger.kernel.org
+Signed-off-by: Wen Gong <wgong@codeaurora.org>
+Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
+Signed-off-by: Johannes Berg <johannes.berg@intel.com>
+---
+
+--- a/drivers/net/wireless/ath/ath10k/htt_rx.c
++++ b/drivers/net/wireless/ath/ath10k/htt_rx.c
+@@ -2617,6 +2617,13 @@ static bool ath10k_htt_rx_proc_rx_frag_i
+ 	rx_desc = (struct htt_hl_rx_desc *)(skb->data + tot_hdr_len);
+ 	rx_desc_info = __le32_to_cpu(rx_desc->info);
+ 
++	hdr = (struct ieee80211_hdr *)((u8 *)rx_desc + rx_hl->fw_desc.len);
++
++	if (is_multicast_ether_addr(hdr->addr1)) {
++		/* Discard the fragment with multicast DA */
++		goto err;
++	}
++
+ 	if (!MS(rx_desc_info, HTT_RX_DESC_HL_INFO_ENCRYPTED)) {
+ 		spin_unlock_bh(&ar->data_lock);
+ 		return ath10k_htt_rx_proc_rx_ind_hl(htt, &resp->rx_ind_hl, skb,
+@@ -2624,8 +2631,6 @@ static bool ath10k_htt_rx_proc_rx_frag_i
+ 						    HTT_RX_NON_TKIP_MIC);
+ 	}
+ 
+-	hdr = (struct ieee80211_hdr *)((u8 *)rx_desc + rx_hl->fw_desc.len);
+-
+ 	if (ieee80211_has_retry(hdr->frame_control))
+ 		goto err;
+ 

package/kernel/mac80211/patches/ath/303-ath10k-drop-MPDU-which-has-discard-flag-set-by-firmw.patch

@@ -0,0 +1,54 @@
+From: Wen Gong <wgong@codeaurora.org>
+Date: Tue, 11 May 2021 20:02:55 +0200
+Subject: [PATCH] ath10k: drop MPDU which has discard flag set by firmware
+ for SDIO
+
+When the discard flag is set by the firmware for an MPDU, it should be
+dropped. This allows a mitigation for CVE-2020-24588 to be implemented
+in the firmware.
+
+Tested-on: QCA6174 hw3.2 SDIO WLAN.RMH.4.4.1-00049
+
+Cc: stable@vger.kernel.org
+Signed-off-by: Wen Gong <wgong@codeaurora.org>
+Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
+Signed-off-by: Johannes Berg <johannes.berg@intel.com>
+---
+
+--- a/drivers/net/wireless/ath/ath10k/htt_rx.c
++++ b/drivers/net/wireless/ath/ath10k/htt_rx.c
+@@ -2312,6 +2312,11 @@ static bool ath10k_htt_rx_proc_rx_ind_hl
+ 	fw_desc = &rx->fw_desc;
+ 	rx_desc_len = fw_desc->len;
+ 
++	if (fw_desc->u.bits.discard) {
++		ath10k_dbg(ar, ATH10K_DBG_HTT, "htt discard mpdu\n");
++		goto err;
++	}
++
+ 	/* I have not yet seen any case where num_mpdu_ranges > 1.
+ 	 * qcacld does not seem handle that case either, so we introduce the
+ 	 * same limitiation here as well.
+--- a/drivers/net/wireless/ath/ath10k/rx_desc.h
++++ b/drivers/net/wireless/ath/ath10k/rx_desc.h
+@@ -1282,7 +1282,19 @@ struct fw_rx_desc_base {
+ #define FW_RX_DESC_UDP              (1 << 6)
+ 
+ struct fw_rx_desc_hl {
+-	u8 info0;
++	union {
++		struct {
++		u8 discard:1,
++		   forward:1,
++		   any_err:1,
++		   dup_err:1,
++		   reserved:1,
++		   inspect:1,
++		   extension:2;
++		} bits;
++		u8 info0;
++	} u;
++
+ 	u8 version;
+ 	u8 len;
+ 	u8 flags;

package/kernel/mac80211/patches/ath/304-ath10k-Fix-TKIP-Michael-MIC-verification-for-PCIe.patch

@@ -0,0 +1,48 @@
+From: Wen Gong <wgong@codeaurora.org>
+Date: Tue, 11 May 2021 20:02:56 +0200
+Subject: [PATCH] ath10k: Fix TKIP Michael MIC verification for PCIe
+
+TKIP Michael MIC was not verified properly for PCIe cases since the
+validation steps in ieee80211_rx_h_michael_mic_verify() in mac80211 did
+not get fully executed due to unexpected flag values in
+ieee80211_rx_status.
+
+Fix this by setting the flags property to meet mac80211 expectations for
+performing Michael MIC validation there. This fixes CVE-2020-26141. It
+does the same as ath10k_htt_rx_proc_rx_ind_hl() for SDIO which passed
+MIC verification case. This applies only to QCA6174/QCA9377 PCIe.
+
+Tested-on: QCA6174 hw3.2 PCI WLAN.RM.4.4.1-00110-QCARMSWP-1
+
+Cc: stable@vger.kernel.org
+Signed-off-by: Wen Gong <wgong@codeaurora.org>
+Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
+Signed-off-by: Johannes Berg <johannes.berg@intel.com>
+---
+
+--- a/drivers/net/wireless/ath/ath10k/htt_rx.c
++++ b/drivers/net/wireless/ath/ath10k/htt_rx.c
+@@ -1974,6 +1974,11 @@ static void ath10k_htt_rx_h_mpdu(struct
+ 		}
+ 
+ 		ath10k_htt_rx_h_csum_offload(msdu);
++
++		if (frag && !fill_crypt_header &&
++		    enctype == HTT_RX_MPDU_ENCRYPT_TKIP_WPA)
++			status->flag &= ~RX_FLAG_MMIC_STRIPPED;
++
+ 		ath10k_htt_rx_h_undecap(ar, msdu, status, first_hdr, enctype,
+ 					is_decrypted);
+ 
+@@ -1991,6 +1996,11 @@ static void ath10k_htt_rx_h_mpdu(struct
+ 
+ 		hdr = (void *)msdu->data;
+ 		hdr->frame_control &= ~__cpu_to_le16(IEEE80211_FCTL_PROTECTED);
++
++		if (frag && !fill_crypt_header &&
++		    enctype == HTT_RX_MPDU_ENCRYPT_TKIP_WPA)
++			status->flag &= ~RX_FLAG_IV_STRIPPED &
++					~RX_FLAG_MMIC_STRIPPED;
+ 	}
+ }
+ 

package/kernel/mac80211/patches/ath/305-ath10k-Validate-first-subframe-of-A-MSDU-before-proc.patch

@@ -0,0 +1,109 @@
+From: Sriram R <srirrama@codeaurora.org>
+Date: Tue, 11 May 2021 20:02:57 +0200
+Subject: [PATCH] ath10k: Validate first subframe of A-MSDU before
+ processing the list
+
+In certain scenarios a normal MSDU can be received as an A-MSDU when
+the A-MSDU present bit of a QoS header gets flipped during reception.
+Since this bit is unauthenticated, the hardware crypto engine can pass
+the frame to the driver without any error indication.
+
+This could result in processing unintended subframes collected in the
+A-MSDU list. Hence, validate A-MSDU list by checking if the first frame
+has a valid subframe header.
+
+Comparing the non-aggregated MSDU and an A-MSDU, the fields of the first
+subframe DA matches the LLC/SNAP header fields of a normal MSDU.
+In order to avoid processing such frames, add a validation to
+filter such A-MSDU frames where the first subframe header DA matches
+with the LLC/SNAP header pattern.
+
+Tested-on: QCA9984 hw1.0 PCI 10.4-3.10-00047
+
+Cc: stable@vger.kernel.org
+Signed-off-by: Sriram R <srirrama@codeaurora.org>
+Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
+Signed-off-by: Johannes Berg <johannes.berg@intel.com>
+---
+
+--- a/drivers/net/wireless/ath/ath10k/htt_rx.c
++++ b/drivers/net/wireless/ath/ath10k/htt_rx.c
+@@ -2108,14 +2108,62 @@ static void ath10k_htt_rx_h_unchain(stru
+ 	ath10k_unchain_msdu(amsdu, unchain_cnt);
+ }
+ 
++static bool ath10k_htt_rx_validate_amsdu(struct ath10k *ar,
++					 struct sk_buff_head *amsdu)
++{
++	u8 *subframe_hdr;
++	struct sk_buff *first;
++	bool is_first, is_last;
++	struct htt_rx_desc *rxd;
++	struct ieee80211_hdr *hdr;
++	size_t hdr_len, crypto_len;
++	enum htt_rx_mpdu_encrypt_type enctype;
++	int bytes_aligned = ar->hw_params.decap_align_bytes;
++
++	first = skb_peek(amsdu);
++
++	rxd = (void *)first->data - sizeof(*rxd);
++	hdr = (void *)rxd->rx_hdr_status;
++
++	is_first = !!(rxd->msdu_end.common.info0 &
++		      __cpu_to_le32(RX_MSDU_END_INFO0_FIRST_MSDU));
++	is_last = !!(rxd->msdu_end.common.info0 &
++		     __cpu_to_le32(RX_MSDU_END_INFO0_LAST_MSDU));
++
++	/* Return in case of non-aggregated msdu */
++	if (is_first && is_last)
++		return true;
++
++	/* First msdu flag is not set for the first msdu of the list */
++	if (!is_first)
++		return false;
++
++	enctype = MS(__le32_to_cpu(rxd->mpdu_start.info0),
++		     RX_MPDU_START_INFO0_ENCRYPT_TYPE);
++
++	hdr_len = ieee80211_hdrlen(hdr->frame_control);
++	crypto_len = ath10k_htt_rx_crypto_param_len(ar, enctype);
++
++	subframe_hdr = (u8 *)hdr + round_up(hdr_len, bytes_aligned) +
++		       crypto_len;
++
++	/* Validate if the amsdu has a proper first subframe.
++	 * There are chances a single msdu can be received as amsdu when
++	 * the unauthenticated amsdu flag of a QoS header
++	 * gets flipped in non-SPP AMSDU's, in such cases the first
++	 * subframe has llc/snap header in place of a valid da.
++	 * return false if the da matches rfc1042 pattern
++	 */
++	if (ether_addr_equal(subframe_hdr, rfc1042_header))
++		return false;
++
++	return true;
++}
++
+ static bool ath10k_htt_rx_amsdu_allowed(struct ath10k *ar,
+ 					struct sk_buff_head *amsdu,
+ 					struct ieee80211_rx_status *rx_status)
+ {
+-	/* FIXME: It might be a good idea to do some fuzzy-testing to drop
+-	 * invalid/dangerous frames.
+-	 */
+-
+ 	if (!rx_status->freq) {
+ 		ath10k_dbg(ar, ATH10K_DBG_HTT, "no channel configured; ignoring frame(s)!\n");
+ 		return false;
+@@ -2126,6 +2174,11 @@ static bool ath10k_htt_rx_amsdu_allowed(
+ 		return false;
+ 	}
+ 
++	if (!ath10k_htt_rx_validate_amsdu(ar, amsdu)) {
++		ath10k_dbg(ar, ATH10K_DBG_HTT, "invalid amsdu received\n");
++		return false;
++	}
++
+ 	return true;
+ }
+ 

package/kernel/mac80211/patches/ath/402-ath_regd_optional.patch

@@ -82,7 +82,7 @@
  	help
 --- a/local-symbols
 +++ b/local-symbols
-@@ -85,6 +85,7 @@ ADM8211=
+@@ -86,6 +86,7 @@ ADM8211=
  ATH_COMMON=
  WLAN_VENDOR_ATH=
  ATH_DEBUG=

package/kernel/mac80211/patches/ath/500-ath9k_eeprom_debugfs.patch

@@ -1,6 +1,6 @@
 --- a/drivers/net/wireless/ath/ath9k/debug.c
 +++ b/drivers/net/wireless/ath/ath9k/debug.c
-@@ -1361,6 +1361,53 @@ void ath9k_deinit_debug(struct ath_softc
+@@ -1364,6 +1364,53 @@ void ath9k_deinit_debug(struct ath_softc
  	ath9k_cmn_spectral_deinit_debug(&sc->spec_priv);
  }
  
@@ -54,7 +54,7 @@
  int ath9k_init_debug(struct ath_hw *ah)
  {
  	struct ath_common *common = ath9k_hw_common(ah);
-@@ -1380,6 +1427,8 @@ int ath9k_init_debug(struct ath_hw *ah)
+@@ -1383,6 +1430,8 @@ int ath9k_init_debug(struct ath_hw *ah)
  	ath9k_tx99_init_debug(sc);
  	ath9k_cmn_spectral_init_debug(&sc->spec_priv, sc->debug.debugfs_phy);
  

package/kernel/mac80211/patches/ath/512-ath9k_channelbw_debugfs.patch

@@ -1,6 +1,6 @@
 --- a/drivers/net/wireless/ath/ath9k/debug.c
 +++ b/drivers/net/wireless/ath/ath9k/debug.c
-@@ -1408,6 +1408,52 @@ static const struct file_operations fops
+@@ -1411,6 +1411,52 @@ static const struct file_operations fops
  	.owner = THIS_MODULE
  };
  
@@ -53,7 +53,7 @@
  int ath9k_init_debug(struct ath_hw *ah)
  {
  	struct ath_common *common = ath9k_hw_common(ah);
-@@ -1429,6 +1475,8 @@ int ath9k_init_debug(struct ath_hw *ah)
+@@ -1432,6 +1478,8 @@ int ath9k_init_debug(struct ath_hw *ah)
  
  	debugfs_create_file("eeprom", S_IRUSR, sc->debug.debugfs_phy, sc,
  			    &fops_eeprom);

package/kernel/mac80211/patches/ath/530-ath9k_extra_leds.patch

@@ -1,6 +1,6 @@
 --- a/drivers/net/wireless/ath/ath9k/ath9k.h
 +++ b/drivers/net/wireless/ath/ath9k/ath9k.h
-@@ -843,6 +843,9 @@ static inline int ath9k_dump_btcoex(stru
+@@ -844,6 +844,9 @@ static inline int ath9k_dump_btcoex(stru
  #ifdef CPTCFG_MAC80211_LEDS
  void ath_init_leds(struct ath_softc *sc);
  void ath_deinit_leds(struct ath_softc *sc);
@@ -10,7 +10,7 @@
  #else
  static inline void ath_init_leds(struct ath_softc *sc)
  {
-@@ -979,6 +982,13 @@ void ath_ant_comb_scan(struct ath_softc
+@@ -980,6 +983,13 @@ void ath_ant_comb_scan(struct ath_softc
  
  #define ATH9K_NUM_CHANCTX  2 /* supports 2 operating channels */
  
@@ -24,7 +24,7 @@
  struct ath_softc {
  	struct ieee80211_hw *hw;
  	struct device *dev;
-@@ -1032,9 +1042,8 @@ struct ath_softc {
+@@ -1033,9 +1043,8 @@ struct ath_softc {
  	spinlock_t chan_lock;
  
  #ifdef CPTCFG_MAC80211_LEDS
@@ -192,7 +192,7 @@
  #endif
 --- a/drivers/net/wireless/ath/ath9k/debug.c
 +++ b/drivers/net/wireless/ath/ath9k/debug.c
-@@ -1453,6 +1453,61 @@ static const struct file_operations fops
+@@ -1456,6 +1456,61 @@ static const struct file_operations fops
  	.llseek = default_llseek,
  };
  
@@ -254,7 +254,7 @@
  
  int ath9k_init_debug(struct ath_hw *ah)
  {
-@@ -1477,6 +1532,10 @@ int ath9k_init_debug(struct ath_hw *ah)
+@@ -1480,6 +1535,10 @@ int ath9k_init_debug(struct ath_hw *ah)
  			    &fops_eeprom);
  	debugfs_create_file("chanbw", S_IRUSR | S_IWUSR, sc->debug.debugfs_phy,
  			    sc, &fops_chanbw);

package/kernel/mac80211/patches/ath/542-ath9k_debugfs_diag.patch

@@ -1,6 +1,6 @@
 --- a/drivers/net/wireless/ath/ath9k/debug.c
 +++ b/drivers/net/wireless/ath/ath9k/debug.c
-@@ -1509,6 +1509,50 @@ static const struct file_operations fops
+@@ -1512,6 +1512,50 @@ static const struct file_operations fops
  #endif
  
  
@@ -51,7 +51,7 @@
  int ath9k_init_debug(struct ath_hw *ah)
  {
  	struct ath_common *common = ath9k_hw_common(ah);
-@@ -1536,6 +1580,8 @@ int ath9k_init_debug(struct ath_hw *ah)
+@@ -1539,6 +1583,8 @@ int ath9k_init_debug(struct ath_hw *ah)
  	debugfs_create_file("gpio_led", S_IWUSR,
  			   sc->debug.debugfs_phy, sc, &fops_gpio_led);
  #endif

package/kernel/mac80211/patches/ath/548-ath9k_enable_gpio_chip.patch

@@ -18,7 +18,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
  
  #include "common.h"
  #include "debug.h"
-@@ -989,6 +990,14 @@ struct ath_led {
+@@ -990,6 +991,14 @@ struct ath_led {
  	struct led_classdev cdev;
  };
  
@@ -33,7 +33,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
  struct ath_softc {
  	struct ieee80211_hw *hw;
  	struct device *dev;
-@@ -1044,6 +1053,9 @@ struct ath_softc {
+@@ -1045,6 +1054,9 @@ struct ath_softc {
  #ifdef CPTCFG_MAC80211_LEDS
  	const char *led_default_trigger;
  	struct list_head leds;

package/kernel/mac80211/patches/ath/549-ath9k_enable_gpio_buttons.patch

@@ -10,7 +10,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
 ---
 --- a/drivers/net/wireless/ath/ath9k/ath9k.h
 +++ b/drivers/net/wireless/ath/ath9k/ath9k.h
-@@ -1055,6 +1055,7 @@ struct ath_softc {
+@@ -1056,6 +1056,7 @@ struct ath_softc {
  	struct list_head leds;
  #ifdef CONFIG_GPIOLIB
  	struct ath9k_gpio_chip *gpiochip;

package/kernel/mac80211/patches/ath/551-ath9k_ubnt_uap_plus_hsr.patch

@@ -371,7 +371,7 @@
  
 --- a/local-symbols
 +++ b/local-symbols
-@@ -112,6 +112,7 @@ ATH9K_WOW=
+@@ -113,6 +113,7 @@ ATH9K_WOW=
  ATH9K_RFKILL=
  ATH9K_CHANNEL_CONTEXT=
  ATH9K_PCOEM=
@@ -381,7 +381,7 @@
  ATH9K_HTC_DEBUGFS=
 --- a/drivers/net/wireless/ath/ath9k/Kconfig
 +++ b/drivers/net/wireless/ath/ath9k/Kconfig
-@@ -60,6 +60,19 @@ config ATH9K_AHB
+@@ -58,6 +58,19 @@ config ATH9K_AHB
  	  Say Y, if you have a SoC with a compatible built-in
  	  wireless MAC. Say N if unsure.
  

package/kernel/mac80211/patches/ath/552-ahb_of.patch

@@ -325,7 +325,7 @@
  
  #include "common.h"
  #include "debug.h"
-@@ -1011,6 +1012,9 @@ struct ath_softc {
+@@ -1012,6 +1013,9 @@ struct ath_softc {
  	struct ath_hw *sc_ah;
  	void __iomem *mem;
  	int irq;

package/kernel/mac80211/patches/ath/560-ath9k-fix-transmitting-to-stations-in-dynamic-SMPS-m.patch

@@ -1,49 +0,0 @@
-From: Felix Fietkau <nbd@nbd.name>
-Date: Sun, 14 Feb 2021 19:45:50 +0100
-Subject: [PATCH] ath9k: fix transmitting to stations in dynamic SMPS mode
-
-When transmitting to a receiver in dynamic SMPS mode, all transmissions that
-use multiple spatial streams need to be sent using CTS-to-self or RTS/CTS to
-give the receiver's extra chains some time to wake up.
-This fixes the tx rate getting stuck at <= MCS7 for some clients, especially
-Intel ones, which make aggressive use of SMPS.
-
-Cc: stable@vger.kernel.org
-Reported-by: Martin Kennedy <hurricos@gmail.com>
-Signed-off-by: Felix Fietkau <nbd@nbd.name>
----
-
---- a/drivers/net/wireless/ath/ath9k/ath9k.h
-+++ b/drivers/net/wireless/ath/ath9k/ath9k.h
-@@ -179,7 +179,8 @@ struct ath_frame_info {
- 	s8 txq;
- 	u8 keyix;
- 	u8 rtscts_rate;
--	u8 retries : 7;
-+	u8 retries : 6;
-+	u8 dyn_smps : 1;
- 	u8 baw_tracked : 1;
- 	u8 tx_power;
- 	enum ath9k_key_type keytype:2;
---- a/drivers/net/wireless/ath/ath9k/xmit.c
-+++ b/drivers/net/wireless/ath/ath9k/xmit.c
-@@ -1271,6 +1271,11 @@ static void ath_buf_set_rate(struct ath_
- 				 is_40, is_sgi, is_sp);
- 			if (rix < 8 && (tx_info->flags & IEEE80211_TX_CTL_STBC))
- 				info->rates[i].RateFlags |= ATH9K_RATESERIES_STBC;
-+			if (rix >= 8 && fi->dyn_smps) {
-+				info->rates[i].RateFlags |=
-+					ATH9K_RATESERIES_RTS_CTS;
-+				info->flags |= ATH9K_TXDESC_CTSENA;
-+			}
- 
- 			info->txpower[i] = ath_get_rate_txpower(sc, bf, rix,
- 								is_40, false);
-@@ -2114,6 +2119,7 @@ static void setup_frame_info(struct ieee
- 		fi->keyix = an->ps_key;
- 	else
- 		fi->keyix = ATH9K_TXKEYIX_INVALID;
-+	fi->dyn_smps = sta && sta->smps_mode == IEEE80211_SMPS_DYNAMIC;
- 	fi->keytype = keytype;
- 	fi->framelen = framelen;
- 	fi->tx_power = txpower;

package/kernel/mac80211/patches/ath/922-ath10k-increase-rx-buffer-size-to-2048.patch

@@ -26,7 +26,7 @@ Forwarded: https://patchwork.kernel.org/patch/11367055/
 
 --- a/drivers/net/wireless/ath/ath10k/htt.h
 +++ b/drivers/net/wireless/ath/ath10k/htt.h
-@@ -2242,7 +2242,7 @@ struct htt_rx_chan_info {
+@@ -2243,7 +2243,7 @@ struct htt_rx_chan_info {
   * Should be: sizeof(struct htt_host_rx_desc) + max rx MSDU size,
   * rounded up to a cache line size.
   */

package/kernel/mac80211/patches/ath/930-ath10k_add_tpt_led_trigger.patch

@@ -1,6 +1,6 @@
 --- a/drivers/net/wireless/ath/ath10k/mac.c
 +++ b/drivers/net/wireless/ath/ath10k/mac.c
-@@ -9713,6 +9713,21 @@ static int ath10k_mac_init_rd(struct ath
+@@ -9708,6 +9708,21 @@ static int ath10k_mac_init_rd(struct ath
  	return 0;
  }
  
@@ -22,7 +22,7 @@
  int ath10k_mac_register(struct ath10k *ar)
  {
  	static const u32 cipher_suites[] = {
-@@ -10062,6 +10077,12 @@ int ath10k_mac_register(struct ath10k *a
+@@ -10057,6 +10072,12 @@ int ath10k_mac_register(struct ath10k *a
  
  	ar->hw->weight_multiplier = ATH10K_AIRTIME_WEIGHT_MULTIPLIER;
  

package/kernel/mac80211/patches/ath/974-ath10k_add-LED-and-GPIO-controlling-support-for-various-chipsets.patch

@@ -114,7 +114,7 @@ v13:
  ath10k_core-$(CONFIG_DEV_COREDUMP) += coredump.o
 --- a/local-symbols
 +++ b/local-symbols
-@@ -145,6 +145,7 @@ ATH10K_DEBUG=
+@@ -146,6 +146,7 @@ ATH10K_DEBUG=
  ATH10K_DEBUGFS=
  ATH10K_SPECTRAL=
  ATH10K_THERMAL=
@@ -456,7 +456,7 @@ v13:
  {
 --- a/drivers/net/wireless/ath/ath10k/wmi-tlv.c
 +++ b/drivers/net/wireless/ath/ath10k/wmi-tlv.c
-@@ -4585,6 +4585,8 @@ static const struct wmi_ops wmi_tlv_ops
+@@ -4591,6 +4591,8 @@ static const struct wmi_ops wmi_tlv_ops
  	.gen_echo = ath10k_wmi_tlv_op_gen_echo,
  	.gen_vdev_spectral_conf = ath10k_wmi_tlv_op_gen_vdev_spectral_conf,
  	.gen_vdev_spectral_enable = ath10k_wmi_tlv_op_gen_vdev_spectral_enable,

package/kernel/mac80211/patches/ath/975-ath10k-use-tpt-trigger-by-default.patch

@@ -42,7 +42,7 @@ Signed-off-by: Mathias Kresin <dev@kresin.me>
  	if (ret)
 --- a/drivers/net/wireless/ath/ath10k/mac.c
 +++ b/drivers/net/wireless/ath/ath10k/mac.c
-@@ -10079,7 +10079,7 @@ int ath10k_mac_register(struct ath10k *a
+@@ -10074,7 +10074,7 @@ int ath10k_mac_register(struct ath10k *a
  	ar->hw->weight_multiplier = ATH10K_AIRTIME_WEIGHT_MULTIPLIER;
  
  #ifdef CPTCFG_MAC80211_LEDS

package/kernel/mac80211/patches/rt2x00/602-rt2x00-introduce-rt2x00eeprom.patch

@@ -1,6 +1,6 @@
 --- a/local-symbols
 +++ b/local-symbols
-@@ -332,6 +332,7 @@ RT2X00_LIB_FIRMWARE=
+@@ -333,6 +333,7 @@ RT2X00_LIB_FIRMWARE=
  RT2X00_LIB_CRYPTO=
  RT2X00_LIB_LEDS=
  RT2X00_LIB_DEBUGFS=

package/kernel/mac80211/patches/rtl/002-v5.13-rtlwifi-implement-set_tim-by-update-beacon-content.patch

@@ -0,0 +1,118 @@
+Date: Mon, 19 Apr 2021 14:59:56 +0800
+From: Ping-Ke Shih <pkshih@realtek.com>
+To: <kvalo@codeaurora.org>
+CC: <linux-wireless@vger.kernel.org>, <mail@maciej.szmigiero.name>,
+        <Larry.Finger@lwfinger.net>
+Subject: [PATCH] rtlwifi: implement set_tim by update beacon content
+
+Once beacon content is changed, we update the content to wifi card by
+send_beacon_frame(). Then, STA with PS can wake up properly to receive its
+packets.
+
+Since we update beacon content to PCI wifi devices every beacon interval,
+the only one usb device, 8192CU, needs to update beacon content when
+mac80211 calling set_tim.
+
+Reported-by: Maciej S. Szmigiero <mail@maciej.szmigiero.name>
+Signed-off-by: Ping-Ke Shih <pkshih@realtek.com>
+Tested-by: Maciej S. Szmigiero <mail@maciej.szmigiero.name>
+---
+ drivers/net/wireless/realtek/rtlwifi/core.c | 32 +++++++++++++++++++++
+ drivers/net/wireless/realtek/rtlwifi/core.h |  1 +
+ drivers/net/wireless/realtek/rtlwifi/usb.c  |  3 ++
+ drivers/net/wireless/realtek/rtlwifi/wifi.h |  1 +
+ 4 files changed, 37 insertions(+)
+
+--- a/drivers/net/wireless/realtek/rtlwifi/core.c
++++ b/drivers/net/wireless/realtek/rtlwifi/core.c
+@@ -1018,6 +1018,25 @@ static void send_beacon_frame(struct iee
+ 	}
+ }
+ 
++void rtl_update_beacon_work_callback(struct work_struct *work)
++{
++	struct rtl_works *rtlworks =
++	    container_of(work, struct rtl_works, update_beacon_work);
++	struct ieee80211_hw *hw = rtlworks->hw;
++	struct rtl_priv *rtlpriv = rtl_priv(hw);
++	struct ieee80211_vif *vif = rtlpriv->mac80211.vif;
++
++	if (!vif) {
++		WARN_ONCE(true, "no vif to update beacon\n");
++		return;
++	}
++
++	mutex_lock(&rtlpriv->locks.conf_mutex);
++	send_beacon_frame(hw, vif);
++	mutex_unlock(&rtlpriv->locks.conf_mutex);
++}
++EXPORT_SYMBOL_GPL(rtl_update_beacon_work_callback);
++
+ static void rtl_op_bss_info_changed(struct ieee80211_hw *hw,
+ 				    struct ieee80211_vif *vif,
+ 				    struct ieee80211_bss_conf *bss_conf,
+@@ -1747,6 +1766,18 @@ static void rtl_op_flush(struct ieee8021
+ 		rtlpriv->intf_ops->flush(hw, queues, drop);
+ }
+ 
++static int rtl_op_set_tim(struct ieee80211_hw *hw, struct ieee80211_sta *sta,
++			  bool set)
++{
++	struct rtl_priv *rtlpriv = rtl_priv(hw);
++	struct rtl_hal *rtlhal = rtl_hal(rtl_priv(hw));
++
++	if (rtlhal->hw_type == HARDWARE_TYPE_RTL8192CU)
++		schedule_work(&rtlpriv->works.update_beacon_work);
++
++	return 0;
++}
++
+ /*	Description:
+  *		This routine deals with the Power Configuration CMD
+  *		 parsing for RTL8723/RTL8188E Series IC.
+@@ -1903,6 +1934,7 @@ const struct ieee80211_ops rtl_ops = {
+ 	.sta_add = rtl_op_sta_add,
+ 	.sta_remove = rtl_op_sta_remove,
+ 	.flush = rtl_op_flush,
++	.set_tim = rtl_op_set_tim,
+ };
+ EXPORT_SYMBOL_GPL(rtl_ops);
+ 
+--- a/drivers/net/wireless/realtek/rtlwifi/core.h
++++ b/drivers/net/wireless/realtek/rtlwifi/core.h
+@@ -60,5 +60,6 @@ void rtl_bb_delay(struct ieee80211_hw *h
+ bool rtl_cmd_send_packet(struct ieee80211_hw *hw, struct sk_buff *skb);
+ bool rtl_btc_status_false(void);
+ void rtl_dm_diginit(struct ieee80211_hw *hw, u32 cur_igval);
++void rtl_update_beacon_work_callback(struct work_struct *work);
+ 
+ #endif
+--- a/drivers/net/wireless/realtek/rtlwifi/usb.c
++++ b/drivers/net/wireless/realtek/rtlwifi/usb.c
+@@ -807,6 +807,7 @@ static void rtl_usb_stop(struct ieee8021
+ 
+ 	tasklet_kill(&rtlusb->rx_work_tasklet);
+ 	cancel_work_sync(&rtlpriv->works.lps_change_work);
++	cancel_work_sync(&rtlpriv->works.update_beacon_work);
+ 
+ 	flush_workqueue(rtlpriv->works.rtl_wq);
+ 
+@@ -1033,6 +1034,8 @@ int rtl_usb_probe(struct usb_interface *
+ 		  rtl_fill_h2c_cmd_work_callback);
+ 	INIT_WORK(&rtlpriv->works.lps_change_work,
+ 		  rtl_lps_change_work_callback);
++	INIT_WORK(&rtlpriv->works.update_beacon_work,
++		  rtl_update_beacon_work_callback);
+ 
+ 	rtlpriv->usb_data_index = 0;
+ 	init_completion(&rtlpriv->firmware_loading_complete);
+--- a/drivers/net/wireless/realtek/rtlwifi/wifi.h
++++ b/drivers/net/wireless/realtek/rtlwifi/wifi.h
+@@ -2487,6 +2487,7 @@ struct rtl_works {
+ 
+ 	struct work_struct lps_change_work;
+ 	struct work_struct fill_h2c_cmd;
++	struct work_struct update_beacon_work;
+ };
+ 
+ struct rtl_debug {

package/kernel/mac80211/patches/subsys/100-remove-cryptoapi-dependencies.patch

@@ -20,7 +20,7 @@
  	ethtool.o \
 --- a/net/mac80211/aead_api.c
 +++ /dev/null
-@@ -1,112 +0,0 @@
+@@ -1,113 +0,0 @@
 -// SPDX-License-Identifier: GPL-2.0-only
 -/*
 - * Copyright 2003-2004, Instant802 Networks, Inc.
@@ -46,6 +46,7 @@
 -	struct aead_request *aead_req;
 -	int reqsize = sizeof(*aead_req) + crypto_aead_reqsize(tfm);
 -	u8 *__aad;
+-	int ret;
 -
 -	aead_req = kzalloc(reqsize + aad_len, GFP_ATOMIC);
 -	if (!aead_req)
@@ -63,10 +64,10 @@
 -	aead_request_set_crypt(aead_req, sg, sg, data_len, b_0);
 -	aead_request_set_ad(aead_req, sg[0].length);
 -
--	crypto_aead_encrypt(aead_req);
+-	ret = crypto_aead_encrypt(aead_req);
 -	kfree_sensitive(aead_req);
 -
--	return 0;
+-	return ret;
 -}
 -
 -int aead_decrypt(struct crypto_aead *tfm, u8 *b_0, u8 *aad, size_t aad_len,

package/kernel/mac80211/patches/subsys/150-disable_addr_notifier.patch

@@ -18,7 +18,7 @@
  static int ieee80211_ifa6_changed(struct notifier_block *nb,
  				  unsigned long data, void *arg)
  {
-@@ -1301,14 +1301,14 @@ int ieee80211_register_hw(struct ieee802
+@@ -1312,14 +1312,14 @@ int ieee80211_register_hw(struct ieee802
  
  	rtnl_unlock();
  
@@ -35,7 +35,7 @@
  	local->ifa6_notifier.notifier_call = ieee80211_ifa6_changed;
  	result = register_inet6addr_notifier(&local->ifa6_notifier);
  	if (result)
-@@ -1317,13 +1317,13 @@ int ieee80211_register_hw(struct ieee802
+@@ -1328,13 +1328,13 @@ int ieee80211_register_hw(struct ieee802
  
  	return 0;
  
@@ -52,7 +52,7 @@
   fail_ifa:
  #endif
  	wiphy_unregister(local->hw.wiphy);
-@@ -1351,10 +1351,10 @@ void ieee80211_unregister_hw(struct ieee
+@@ -1362,10 +1362,10 @@ void ieee80211_unregister_hw(struct ieee
  	tasklet_kill(&local->tx_pending_tasklet);
  	tasklet_kill(&local->tasklet);
  

package/kernel/mac80211/patches/subsys/210-ap_scan.patch

@@ -1,6 +1,6 @@
 --- a/net/mac80211/cfg.c
 +++ b/net/mac80211/cfg.c
-@@ -2442,7 +2442,7 @@ static int ieee80211_scan(struct wiphy *
+@@ -2444,7 +2444,7 @@ static int ieee80211_scan(struct wiphy *
  		 * the  frames sent while scanning on other channel will be
  		 * lost)
  		 */

package/kernel/mac80211/patches/subsys/300-cfg80211-support-immediate-reconnect-request-hint.patch

@@ -64,7 +64,7 @@ Signed-off-by: Johannes Berg <johannes.berg@intel.com>
  	else
  		cfg80211_rx_mlme_mgmt(sdata->dev, buf, len);
  
-@@ -4716,7 +4716,8 @@ void ieee80211_mgd_quiesce(struct ieee80
+@@ -4719,7 +4719,8 @@ void ieee80211_mgd_quiesce(struct ieee80
  		if (ifmgd->auth_data)
  			ieee80211_destroy_auth_data(sdata, false);
  		cfg80211_tx_mlme_mgmt(sdata->dev, frame_buf,
@@ -166,7 +166,7 @@ Signed-off-by: Johannes Berg <johannes.berg@intel.com>
  
 --- a/net/wireless/nl80211.c
 +++ b/net/wireless/nl80211.c
-@@ -732,6 +732,7 @@ static const struct nla_policy nl80211_p
+@@ -736,6 +736,7 @@ static const struct nla_policy nl80211_p
  		NLA_POLICY_EXACT_LEN(IEEE80211_S1G_CAPABILITY_LEN),
  	[NL80211_ATTR_S1G_CAPABILITY_MASK] =
  		NLA_POLICY_EXACT_LEN(IEEE80211_S1G_CAPABILITY_LEN),
@@ -174,7 +174,7 @@ Signed-off-by: Johannes Berg <johannes.berg@intel.com>
  };
  
  /* policy for the key attributes */
-@@ -15899,7 +15900,7 @@ static void nl80211_send_mlme_event(stru
+@@ -15903,7 +15904,7 @@ static void nl80211_send_mlme_event(stru
  				    const u8 *buf, size_t len,
  				    enum nl80211_commands cmd, gfp_t gfp,
  				    int uapsd_queues, const u8 *req_ies,
@@ -183,7 +183,7 @@ Signed-off-by: Johannes Berg <johannes.berg@intel.com>
  {
  	struct sk_buff *msg;
  	void *hdr;
-@@ -15921,6 +15922,9 @@ static void nl80211_send_mlme_event(stru
+@@ -15925,6 +15926,9 @@ static void nl80211_send_mlme_event(stru
  	     nla_put(msg, NL80211_ATTR_REQ_IE, req_ies_len, req_ies)))
  		goto nla_put_failure;
  
@@ -193,7 +193,7 @@ Signed-off-by: Johannes Berg <johannes.berg@intel.com>
  	if (uapsd_queues >= 0) {
  		struct nlattr *nla_wmm =
  			nla_nest_start_noflag(msg, NL80211_ATTR_STA_WME);
-@@ -15949,7 +15953,8 @@ void nl80211_send_rx_auth(struct cfg8021
+@@ -15953,7 +15957,8 @@ void nl80211_send_rx_auth(struct cfg8021
  			  size_t len, gfp_t gfp)
  {
  	nl80211_send_mlme_event(rdev, netdev, buf, len,
@@ -203,7 +203,7 @@ Signed-off-by: Johannes Berg <johannes.berg@intel.com>
  }
  
  void nl80211_send_rx_assoc(struct cfg80211_registered_device *rdev,
-@@ -15959,23 +15964,25 @@ void nl80211_send_rx_assoc(struct cfg802
+@@ -15963,23 +15968,25 @@ void nl80211_send_rx_assoc(struct cfg802
  {
  	nl80211_send_mlme_event(rdev, netdev, buf, len,
  				NL80211_CMD_ASSOCIATE, gfp, uapsd_queues,
@@ -234,7 +234,7 @@ Signed-off-by: Johannes Berg <johannes.berg@intel.com>
  }
  
  void cfg80211_rx_unprot_mlme_mgmt(struct net_device *dev, const u8 *buf,
-@@ -16006,7 +16013,7 @@ void cfg80211_rx_unprot_mlme_mgmt(struct
+@@ -16010,7 +16017,7 @@ void cfg80211_rx_unprot_mlme_mgmt(struct
  
  	trace_cfg80211_rx_unprot_mlme_mgmt(dev, buf, len);
  	nl80211_send_mlme_event(rdev, dev, buf, len, cmd, GFP_ATOMIC, -1,

package/kernel/mac80211/patches/subsys/301-mac80211-support-driver-based-disconnect-with-reconn.patch

@@ -174,7 +174,7 @@ Signed-off-by: Johannes Berg <johannes.berg@intel.com>
  }
  
  static int ieee80211_auth(struct ieee80211_sub_if_data *sdata)
-@@ -5431,7 +5462,8 @@ int ieee80211_mgd_auth(struct ieee80211_
+@@ -5434,7 +5465,8 @@ int ieee80211_mgd_auth(struct ieee80211_
  
  		ieee80211_report_disconnect(sdata, frame_buf,
  					    sizeof(frame_buf), true,
@@ -184,7 +184,7 @@ Signed-off-by: Johannes Berg <johannes.berg@intel.com>
  	}
  
  	sdata_info(sdata, "authenticate with %pM\n", req->bss->bssid);
-@@ -5503,7 +5535,8 @@ int ieee80211_mgd_assoc(struct ieee80211
+@@ -5506,7 +5538,8 @@ int ieee80211_mgd_assoc(struct ieee80211
  
  		ieee80211_report_disconnect(sdata, frame_buf,
  					    sizeof(frame_buf), true,
@@ -194,7 +194,7 @@ Signed-off-by: Johannes Berg <johannes.berg@intel.com>
  	}
  
  	if (ifmgd->auth_data && !ifmgd->auth_data->done) {
-@@ -5802,7 +5835,7 @@ int ieee80211_mgd_deauth(struct ieee8021
+@@ -5805,7 +5838,7 @@ int ieee80211_mgd_deauth(struct ieee8021
  		ieee80211_destroy_auth_data(sdata, false);
  		ieee80211_report_disconnect(sdata, frame_buf,
  					    sizeof(frame_buf), true,
@@ -203,7 +203,7 @@ Signed-off-by: Johannes Berg <johannes.berg@intel.com>
  
  		return 0;
  	}
-@@ -5822,7 +5855,7 @@ int ieee80211_mgd_deauth(struct ieee8021
+@@ -5825,7 +5858,7 @@ int ieee80211_mgd_deauth(struct ieee8021
  		ieee80211_destroy_assoc_data(sdata, false, true);
  		ieee80211_report_disconnect(sdata, frame_buf,
  					    sizeof(frame_buf), true,
@@ -212,7 +212,7 @@ Signed-off-by: Johannes Berg <johannes.berg@intel.com>
  		return 0;
  	}
  
-@@ -5837,7 +5870,7 @@ int ieee80211_mgd_deauth(struct ieee8021
+@@ -5840,7 +5873,7 @@ int ieee80211_mgd_deauth(struct ieee8021
  				       req->reason_code, tx, frame_buf);
  		ieee80211_report_disconnect(sdata, frame_buf,
  					    sizeof(frame_buf), true,
@@ -221,7 +221,7 @@ Signed-off-by: Johannes Berg <johannes.berg@intel.com>
  		return 0;
  	}
  
-@@ -5870,7 +5903,7 @@ int ieee80211_mgd_disassoc(struct ieee80
+@@ -5873,7 +5906,7 @@ int ieee80211_mgd_disassoc(struct ieee80
  			       frame_buf);
  
  	ieee80211_report_disconnect(sdata, frame_buf, sizeof(frame_buf), true,

package/kernel/mac80211/patches/subsys/353-mac80211-minstrel_ht-fix-MINSTREL_FRAC-macro.patch

@@ -0,0 +1,21 @@
+From: Felix Fietkau <nbd@nbd.name>
+Date: Wed, 28 Apr 2021 21:03:13 +0200
+Subject: [PATCH] mac80211: minstrel_ht: fix MINSTREL_FRAC macro
+
+Add missing braces to avoid issues with e.g. using additions in the
+div expression
+
+Signed-off-by: Felix Fietkau <nbd@nbd.name>
+---
+
+--- a/net/mac80211/rc80211_minstrel_ht.h
++++ b/net/mac80211/rc80211_minstrel_ht.h
+@@ -14,7 +14,7 @@
+ 
+ /* scaled fraction values */
+ #define MINSTREL_SCALE  12
+-#define MINSTREL_FRAC(val, div) (((val) << MINSTREL_SCALE) / div)
++#define MINSTREL_FRAC(val, div) (((val) << MINSTREL_SCALE) / (div))
+ #define MINSTREL_TRUNC(val) ((val) >> MINSTREL_SCALE)
+ 
+ #define EWMA_LEVEL	96	/* ewma weighting factor [/EWMA_DIV] */

package/kernel/mac80211/patches/subsys/370-mac80211-fix-TXQ-AC-confusion.patch

@@ -1,61 +0,0 @@
-From: Johannes Berg <johannes.berg@intel.com>
-Date: Tue, 23 Mar 2021 21:05:01 +0100
-Subject: [PATCH] mac80211: fix TXQ AC confusion
-
-Normally, TXQs have
-
-  txq->tid = tid;
-  txq->ac = ieee80211_ac_from_tid(tid);
-
-However, the special management TXQ actually has
-
-  txq->tid = IEEE80211_NUM_TIDS; // 16
-  txq->ac = IEEE80211_AC_VO;
-
-This makes sense, but ieee80211_ac_from_tid(16) is the same
-as ieee80211_ac_from_tid(0) which is just IEEE80211_AC_BE.
-
-Now, normally this is fine. However, if the netdev queues
-were stopped, then the code in ieee80211_tx_dequeue() will
-propagate the stop from the interface (vif->txqs_stopped[])
-if the AC 2 (ieee80211_ac_from_tid(txq->tid)) is marked as
-stopped. On wake, however, __ieee80211_wake_txqs() will wake
-the TXQ if AC 0 (txq->ac) is woken up.
-
-If a driver stops all queues with ieee80211_stop_tx_queues()
-and then wakes them again with ieee80211_wake_tx_queues(),
-the ieee80211_wake_txqs() tasklet will run to resync queue
-and TXQ state. If all queues were woken, then what'll happen
-is that _ieee80211_wake_txqs() will run in order of HW queues
-0-3, typically (and certainly for iwlwifi) corresponding to
-ACs 0-3, so it'll call __ieee80211_wake_txqs() for each AC in
-order 0-3.
-
-When __ieee80211_wake_txqs() is called for AC 0 (VO) that'll
-wake up the management TXQ (remember its tid is 16), and the
-driver's wake_tx_queue() will be called. That tries to get a
-frame, which will immediately *stop* the TXQ again, because
-now we check against AC 2, and AC 2 hasn't yet been marked as
-woken up again in sdata->vif.txqs_stopped[] since we're only
-in the __ieee80211_wake_txqs() call for AC 0.
-
-Thus, the management TXQ will never be started again.
-
-Fix this by checking txq->ac directly instead of calculating
-the AC as ieee80211_ac_from_tid(txq->tid).
-
-Fixes: adf8ed01e4fd ("mac80211: add an optional TXQ for other PS-buffered frames")
-Signed-off-by: Johannes Berg <johannes.berg@intel.com>
----
-
---- a/net/mac80211/tx.c
-+++ b/net/mac80211/tx.c
-@@ -3589,7 +3589,7 @@ begin:
- 	    test_bit(IEEE80211_TXQ_STOP_NETIF_TX, &txqi->flags))
- 		goto out;
- 
--	if (vif->txqs_stopped[ieee80211_ac_from_tid(txq->tid)]) {
-+	if (vif->txqs_stopped[txq->ac]) {
- 		set_bit(IEEE80211_TXQ_STOP_NETIF_TX, &txqi->flags);
- 		goto out;
- 	}

package/kernel/mac80211/patches/subsys/374-mac80211-fix-time-is-after-bug-in-mlme.patch

@@ -1,31 +0,0 @@
-From: Ben Greear <greearb@candelatech.com>
-Date: Tue, 30 Mar 2021 16:07:49 -0700
-Subject: [PATCH] mac80211: fix time-is-after bug in mlme
-
-The incorrect timeout check caused probing to happen when it did
-not need to happen.  This in turn caused tx performance drop
-for around 5 seconds in ath10k-ct driver.  Possibly that tx drop
-is due to a secondary issue, but fixing the probe to not happen
-when traffic is running fixes the symptom.
-
-Signed-off-by: Ben Greear <greearb@candelatech.com>
-Fixes: 9abf4e49830d ("mac80211: optimize station connection monitor")
-Acked-by: Felix Fietkau <nbd@nbd.name>
-Link: https://lore.kernel.org/r/20210330230749.14097-1-greearb@candelatech.com
-Signed-off-by: Johannes Berg <johannes.berg@intel.com>
----
-
---- a/net/mac80211/mlme.c
-+++ b/net/mac80211/mlme.c
-@@ -4691,7 +4691,10 @@ static void ieee80211_sta_conn_mon_timer
- 		timeout = sta->rx_stats.last_rx;
- 	timeout += IEEE80211_CONNECTION_IDLE_TIME;
- 
--	if (time_is_before_jiffies(timeout)) {
-+	/* If timeout is after now, then update timer to fire at
-+	 * the later date, but do not actually probe at this time.
-+	 */
-+	if (time_is_after_jiffies(timeout)) {
- 		mod_timer(&ifmgd->conn_mon_timer, round_jiffies_up(timeout));
- 		return;
- 	}

package/kernel/mac80211/patches/subsys/380-mac80211-assure-all-fragments-are-encrypted.patch

@@ -0,0 +1,69 @@
+From: Mathy Vanhoef <Mathy.Vanhoef@kuleuven.be>
+Date: Tue, 11 May 2021 20:02:42 +0200
+Subject: [PATCH] mac80211: assure all fragments are encrypted
+
+Do not mix plaintext and encrypted fragments in protected Wi-Fi
+networks. This fixes CVE-2020-26147.
+
+Previously, an attacker was able to first forward a legitimate encrypted
+fragment towards a victim, followed by a plaintext fragment. The
+encrypted and plaintext fragment would then be reassembled. For further
+details see Section 6.3 and Appendix D in the paper "Fragment and Forge:
+Breaking Wi-Fi Through Frame Aggregation and Fragmentation".
+
+Because of this change there are now two equivalent conditions in the
+code to determine if a received fragment requires sequential PNs, so we
+also move this test to a separate function to make the code easier to
+maintain.
+
+Cc: stable@vger.kernel.org
+Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@kuleuven.be>
+Signed-off-by: Johannes Berg <johannes.berg@intel.com>
+---
+
+--- a/net/mac80211/rx.c
++++ b/net/mac80211/rx.c
+@@ -2204,6 +2204,16 @@ ieee80211_reassemble_find(struct ieee802
+ 	return NULL;
+ }
+ 
++static bool requires_sequential_pn(struct ieee80211_rx_data *rx, __le16 fc)
++{
++	return rx->key &&
++		(rx->key->conf.cipher == WLAN_CIPHER_SUITE_CCMP ||
++		 rx->key->conf.cipher == WLAN_CIPHER_SUITE_CCMP_256 ||
++		 rx->key->conf.cipher == WLAN_CIPHER_SUITE_GCMP ||
++		 rx->key->conf.cipher == WLAN_CIPHER_SUITE_GCMP_256) &&
++		ieee80211_has_protected(fc);
++}
++
+ static ieee80211_rx_result debug_noinline
+ ieee80211_rx_h_defragment(struct ieee80211_rx_data *rx)
+ {
+@@ -2248,12 +2258,7 @@ ieee80211_rx_h_defragment(struct ieee802
+ 		/* This is the first fragment of a new frame. */
+ 		entry = ieee80211_reassemble_add(rx->sdata, frag, seq,
+ 						 rx->seqno_idx, &(rx->skb));
+-		if (rx->key &&
+-		    (rx->key->conf.cipher == WLAN_CIPHER_SUITE_CCMP ||
+-		     rx->key->conf.cipher == WLAN_CIPHER_SUITE_CCMP_256 ||
+-		     rx->key->conf.cipher == WLAN_CIPHER_SUITE_GCMP ||
+-		     rx->key->conf.cipher == WLAN_CIPHER_SUITE_GCMP_256) &&
+-		    ieee80211_has_protected(fc)) {
++		if (requires_sequential_pn(rx, fc)) {
+ 			int queue = rx->security_idx;
+ 
+ 			/* Store CCMP/GCMP PN so that we can verify that the
+@@ -2295,11 +2300,7 @@ ieee80211_rx_h_defragment(struct ieee802
+ 		u8 pn[IEEE80211_CCMP_PN_LEN], *rpn;
+ 		int queue;
+ 
+-		if (!rx->key ||
+-		    (rx->key->conf.cipher != WLAN_CIPHER_SUITE_CCMP &&
+-		     rx->key->conf.cipher != WLAN_CIPHER_SUITE_CCMP_256 &&
+-		     rx->key->conf.cipher != WLAN_CIPHER_SUITE_GCMP &&
+-		     rx->key->conf.cipher != WLAN_CIPHER_SUITE_GCMP_256))
++		if (!requires_sequential_pn(rx, fc))
+ 			return RX_DROP_UNUSABLE;
+ 		memcpy(pn, entry->last_pn, IEEE80211_CCMP_PN_LEN);
+ 		for (i = IEEE80211_CCMP_PN_LEN - 1; i >= 0; i--) {

package/kernel/mac80211/patches/subsys/381-mac80211-prevent-mixed-key-and-fragment-cache-attack.patch

@@ -0,0 +1,87 @@
+From: Mathy Vanhoef <Mathy.Vanhoef@kuleuven.be>
+Date: Tue, 11 May 2021 20:02:43 +0200
+Subject: [PATCH] mac80211: prevent mixed key and fragment cache attacks
+
+Simultaneously prevent mixed key attacks (CVE-2020-24587) and fragment
+cache attacks (CVE-2020-24586). This is accomplished by assigning a
+unique color to every key (per interface) and using this to track which
+key was used to decrypt a fragment. When reassembling frames, it is
+now checked whether all fragments were decrypted using the same key.
+
+To assure that fragment cache attacks are also prevented, the ID that is
+assigned to keys is unique even over (re)associations and (re)connects.
+This means fragments separated by a (re)association or (re)connect will
+not be reassembled. Because mac80211 now also prevents the reassembly of
+mixed encrypted and plaintext fragments, all cache attacks are prevented.
+
+Cc: stable@vger.kernel.org
+Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@kuleuven.be>
+Signed-off-by: Johannes Berg <johannes.berg@intel.com>
+---
+
+--- a/net/mac80211/ieee80211_i.h
++++ b/net/mac80211/ieee80211_i.h
+@@ -97,6 +97,7 @@ struct ieee80211_fragment_entry {
+ 	u8 rx_queue;
+ 	bool check_sequential_pn; /* needed for CCMP/GCMP */
+ 	u8 last_pn[6]; /* PN of the last fragment if CCMP was used */
++	unsigned int key_color;
+ };
+ 
+ 
+--- a/net/mac80211/key.c
++++ b/net/mac80211/key.c
+@@ -799,6 +799,7 @@ int ieee80211_key_link(struct ieee80211_
+ 		       struct ieee80211_sub_if_data *sdata,
+ 		       struct sta_info *sta)
+ {
++	static atomic_t key_color = ATOMIC_INIT(0);
+ 	struct ieee80211_key *old_key;
+ 	int idx = key->conf.keyidx;
+ 	bool pairwise = key->conf.flags & IEEE80211_KEY_FLAG_PAIRWISE;
+@@ -850,6 +851,12 @@ int ieee80211_key_link(struct ieee80211_
+ 	key->sdata = sdata;
+ 	key->sta = sta;
+ 
++	/*
++	 * Assign a unique ID to every key so we can easily prevent mixed
++	 * key and fragment cache attacks.
++	 */
++	key->color = atomic_inc_return(&key_color);
++
+ 	increment_tailroom_need_count(sdata);
+ 
+ 	ret = ieee80211_key_replace(sdata, sta, pairwise, old_key, key);
+--- a/net/mac80211/key.h
++++ b/net/mac80211/key.h
+@@ -128,6 +128,8 @@ struct ieee80211_key {
+ 	} debugfs;
+ #endif
+ 
++	unsigned int color;
++
+ 	/*
+ 	 * key config, must be last because it contains key
+ 	 * material as variable length member
+--- a/net/mac80211/rx.c
++++ b/net/mac80211/rx.c
+@@ -2265,6 +2265,7 @@ ieee80211_rx_h_defragment(struct ieee802
+ 			 * next fragment has a sequential PN value.
+ 			 */
+ 			entry->check_sequential_pn = true;
++			entry->key_color = rx->key->color;
+ 			memcpy(entry->last_pn,
+ 			       rx->key->u.ccmp.rx_pn[queue],
+ 			       IEEE80211_CCMP_PN_LEN);
+@@ -2302,6 +2303,11 @@ ieee80211_rx_h_defragment(struct ieee802
+ 
+ 		if (!requires_sequential_pn(rx, fc))
+ 			return RX_DROP_UNUSABLE;
++
++		/* Prevent mixed key and fragment cache attacks */
++		if (entry->key_color != rx->key->color)
++			return RX_DROP_UNUSABLE;
++
+ 		memcpy(pn, entry->last_pn, IEEE80211_CCMP_PN_LEN);
+ 		for (i = IEEE80211_CCMP_PN_LEN - 1; i >= 0; i--) {
+ 			pn[i]++;

package/kernel/mac80211/patches/subsys/382-mac80211-properly-handle-A-MSDUs-that-start-with-an-.patch

@@ -0,0 +1,66 @@
+From: Mathy Vanhoef <Mathy.Vanhoef@kuleuven.be>
+Date: Tue, 11 May 2021 20:02:44 +0200
+Subject: [PATCH] mac80211: properly handle A-MSDUs that start with an
+ RFC 1042 header
+
+Properly parse A-MSDUs whose first 6 bytes happen to equal a rfc1042
+header. This can occur in practice when the destination MAC address
+equals AA:AA:03:00:00:00. More importantly, this simplifies the next
+patch to mitigate A-MSDU injection attacks.
+
+Cc: stable@vger.kernel.org
+Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@kuleuven.be>
+Signed-off-by: Johannes Berg <johannes.berg@intel.com>
+---
+
+--- a/include/net/cfg80211.h
++++ b/include/net/cfg80211.h
+@@ -5628,7 +5628,7 @@ unsigned int ieee80211_get_mesh_hdrlen(s
+  */
+ int ieee80211_data_to_8023_exthdr(struct sk_buff *skb, struct ethhdr *ehdr,
+ 				  const u8 *addr, enum nl80211_iftype iftype,
+-				  u8 data_offset);
++				  u8 data_offset, bool is_amsdu);
+ 
+ /**
+  * ieee80211_data_to_8023 - convert an 802.11 data frame to 802.3
+@@ -5640,7 +5640,7 @@ int ieee80211_data_to_8023_exthdr(struct
+ static inline int ieee80211_data_to_8023(struct sk_buff *skb, const u8 *addr,
+ 					 enum nl80211_iftype iftype)
+ {
+-	return ieee80211_data_to_8023_exthdr(skb, NULL, addr, iftype, 0);
++	return ieee80211_data_to_8023_exthdr(skb, NULL, addr, iftype, 0, false);
+ }
+ 
+ /**
+--- a/net/mac80211/rx.c
++++ b/net/mac80211/rx.c
+@@ -2696,7 +2696,7 @@ __ieee80211_rx_h_amsdu(struct ieee80211_
+ 	if (ieee80211_data_to_8023_exthdr(skb, &ethhdr,
+ 					  rx->sdata->vif.addr,
+ 					  rx->sdata->vif.type,
+-					  data_offset))
++					  data_offset, true))
+ 		return RX_DROP_UNUSABLE;
+ 
+ 	ieee80211_amsdu_to_8023s(skb, &frame_list, dev->dev_addr,
+--- a/net/wireless/util.c
++++ b/net/wireless/util.c
+@@ -541,7 +541,7 @@ EXPORT_SYMBOL(ieee80211_get_mesh_hdrlen)
+ 
+ int ieee80211_data_to_8023_exthdr(struct sk_buff *skb, struct ethhdr *ehdr,
+ 				  const u8 *addr, enum nl80211_iftype iftype,
+-				  u8 data_offset)
++				  u8 data_offset, bool is_amsdu)
+ {
+ 	struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;
+ 	struct {
+@@ -629,7 +629,7 @@ int ieee80211_data_to_8023_exthdr(struct
+ 	skb_copy_bits(skb, hdrlen, &payload, sizeof(payload));
+ 	tmp.h_proto = payload.proto;
+ 
+-	if (likely((ether_addr_equal(payload.hdr, rfc1042_header) &&
++	if (likely((!is_amsdu && ether_addr_equal(payload.hdr, rfc1042_header) &&
+ 		    tmp.h_proto != htons(ETH_P_AARP) &&
+ 		    tmp.h_proto != htons(ETH_P_IPX)) ||
+ 		   ether_addr_equal(payload.hdr, bridge_tunnel_header)))

package/kernel/mac80211/patches/subsys/383-cfg80211-mitigate-A-MSDU-aggregation-attacks.patch

@@ -0,0 +1,40 @@
+From: Mathy Vanhoef <Mathy.Vanhoef@kuleuven.be>
+Date: Tue, 11 May 2021 20:02:45 +0200
+Subject: [PATCH] cfg80211: mitigate A-MSDU aggregation attacks
+
+Mitigate A-MSDU injection attacks (CVE-2020-24588) by detecting if the
+destination address of a subframe equals an RFC1042 (i.e., LLC/SNAP)
+header, and if so dropping the complete A-MSDU frame. This mitigates
+known attacks, although new (unknown) aggregation-based attacks may
+remain possible.
+
+This defense works because in A-MSDU aggregation injection attacks, a
+normal encrypted Wi-Fi frame is turned into an A-MSDU frame. This means
+the first 6 bytes of the first A-MSDU subframe correspond to an RFC1042
+header. In other words, the destination MAC address of the first A-MSDU
+subframe contains the start of an RFC1042 header during an aggregation
+attack. We can detect this and thereby prevent this specific attack.
+For details, see Section 7.2 of "Fragment and Forge: Breaking Wi-Fi
+Through Frame Aggregation and Fragmentation".
+
+Note that for kernel 4.9 and above this patch depends on "mac80211:
+properly handle A-MSDUs that start with a rfc1042 header". Otherwise
+this patch has no impact and attacks will remain possible.
+
+Cc: stable@vger.kernel.org
+Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@kuleuven.be>
+Signed-off-by: Johannes Berg <johannes.berg@intel.com>
+---
+
+--- a/net/wireless/util.c
++++ b/net/wireless/util.c
+@@ -775,6 +775,9 @@ void ieee80211_amsdu_to_8023s(struct sk_
+ 		remaining = skb->len - offset;
+ 		if (subframe_len > remaining)
+ 			goto purge;
++		/* mitigate A-MSDU aggregation injection attacks */
++		if (ether_addr_equal(eth.h_dest, rfc1042_header))
++			goto purge;
+ 
+ 		offset += sizeof(struct ethhdr);
+ 		last = remaining <= subframe_len + padding;

package/kernel/mac80211/patches/subsys/384-mac80211-drop-A-MSDUs-on-old-ciphers.patch

@@ -0,0 +1,54 @@
+From: Johannes Berg <johannes.berg@intel.com>
+Date: Tue, 11 May 2021 20:02:46 +0200
+Subject: [PATCH] mac80211: drop A-MSDUs on old ciphers
+
+With old ciphers (WEP and TKIP) we shouldn't be using A-MSDUs
+since A-MSDUs are only supported if we know that they are, and
+the only practical way for that is HT support which doesn't
+support old ciphers.
+
+However, we would normally accept them anyway. Since we check
+the MMIC before deaggregating A-MSDUs, and the A-MSDU bit in
+the QoS header is not protected in TKIP (or WEP), this enables
+attacks similar to CVE-2020-24588. To prevent that, drop A-MSDUs
+completely with old ciphers.
+
+Cc: stable@vger.kernel.org
+Signed-off-by: Johannes Berg <johannes.berg@intel.com>
+---
+
+--- a/net/mac80211/rx.c
++++ b/net/mac80211/rx.c
+@@ -6,7 +6,7 @@
+  * Copyright 2007-2010	Johannes Berg <johannes@sipsolutions.net>
+  * Copyright 2013-2014  Intel Mobile Communications GmbH
+  * Copyright(c) 2015 - 2017 Intel Deutschland GmbH
+- * Copyright (C) 2018-2020 Intel Corporation
++ * Copyright (C) 2018-2021 Intel Corporation
+  */
+ 
+ #include <linux/jiffies.h>
+@@ -2753,6 +2753,23 @@ ieee80211_rx_h_amsdu(struct ieee80211_rx
+ 	if (is_multicast_ether_addr(hdr->addr1))
+ 		return RX_DROP_UNUSABLE;
+ 
++	if (rx->key) {
++		/*
++		 * We should not receive A-MSDUs on pre-HT connections,
++		 * and HT connections cannot use old ciphers. Thus drop
++		 * them, as in those cases we couldn't even have SPP
++		 * A-MSDUs or such.
++		 */
++		switch (rx->key->conf.cipher) {
++		case WLAN_CIPHER_SUITE_WEP40:
++		case WLAN_CIPHER_SUITE_WEP104:
++		case WLAN_CIPHER_SUITE_TKIP:
++			return RX_DROP_UNUSABLE;
++		default:
++			break;
++		}
++	}
++
+ 	return __ieee80211_rx_h_amsdu(rx, 0);
+ }
+ 

package/kernel/mac80211/patches/subsys/385-mac80211-add-fragment-cache-to-sta_info.patch

@@ -0,0 +1,313 @@
+From: Johannes Berg <johannes.berg@intel.com>
+Date: Tue, 11 May 2021 20:02:47 +0200
+Subject: [PATCH] mac80211: add fragment cache to sta_info
+
+Prior patches protected against fragmentation cache attacks
+by coloring keys, but this shows that it can lead to issues
+when multiple stations use the same sequence number. Add a
+fragment cache to struct sta_info (in addition to the one in
+the interface) to separate fragments for different stations
+properly.
+
+This then automatically clear most of the fragment cache when a
+station disconnects (or reassociates) from an AP, or when client
+interfaces disconnect from the network, etc.
+
+On the way, also fix the comment there since this brings us in line
+with the recommendation in 802.11-2016 ("An AP should support ...").
+Additionally, remove a useless condition (since there's no problem
+purging an already empty list).
+
+Cc: stable@vger.kernel.org
+Signed-off-by: Johannes Berg <johannes.berg@intel.com>
+---
+
+--- a/net/mac80211/ieee80211_i.h
++++ b/net/mac80211/ieee80211_i.h
+@@ -50,12 +50,6 @@ struct ieee80211_local;
+ #define IEEE80211_ENCRYPT_HEADROOM 8
+ #define IEEE80211_ENCRYPT_TAILROOM 18
+ 
+-/* IEEE 802.11 (Ch. 9.5 Defragmentation) requires support for concurrent
+- * reception of at least three fragmented frames. This limit can be increased
+- * by changing this define, at the cost of slower frame reassembly and
+- * increased memory use (about 2 kB of RAM per entry). */
+-#define IEEE80211_FRAGMENT_MAX 4
+-
+ /* power level hasn't been configured (or set to automatic) */
+ #define IEEE80211_UNSET_POWER_LEVEL	INT_MIN
+ 
+@@ -88,19 +82,6 @@ extern const u8 ieee80211_ac_to_qos_mask
+ 
+ #define IEEE80211_MAX_NAN_INSTANCE_ID 255
+ 
+-struct ieee80211_fragment_entry {
+-	struct sk_buff_head skb_list;
+-	unsigned long first_frag_time;
+-	u16 seq;
+-	u16 extra_len;
+-	u16 last_frag;
+-	u8 rx_queue;
+-	bool check_sequential_pn; /* needed for CCMP/GCMP */
+-	u8 last_pn[6]; /* PN of the last fragment if CCMP was used */
+-	unsigned int key_color;
+-};
+-
+-
+ struct ieee80211_bss {
+ 	u32 device_ts_beacon, device_ts_presp;
+ 
+@@ -912,9 +893,7 @@ struct ieee80211_sub_if_data {
+ 
+ 	char name[IFNAMSIZ];
+ 
+-	/* Fragment table for host-based reassembly */
+-	struct ieee80211_fragment_entry	fragments[IEEE80211_FRAGMENT_MAX];
+-	unsigned int fragment_next;
++	struct ieee80211_fragment_cache frags;
+ 
+ 	/* TID bitmap for NoAck policy */
+ 	u16 noack_map;
+@@ -2329,4 +2308,7 @@ u32 ieee80211_calc_expected_tx_airtime(s
+ #define debug_noinline
+ #endif
+ 
++void ieee80211_init_frag_cache(struct ieee80211_fragment_cache *cache);
++void ieee80211_destroy_frag_cache(struct ieee80211_fragment_cache *cache);
++
+ #endif /* IEEE80211_I_H */
+--- a/net/mac80211/iface.c
++++ b/net/mac80211/iface.c
+@@ -8,7 +8,7 @@
+  * Copyright 2008, Johannes Berg <johannes@sipsolutions.net>
+  * Copyright 2013-2014  Intel Mobile Communications GmbH
+  * Copyright (c) 2016        Intel Deutschland GmbH
+- * Copyright (C) 2018-2020 Intel Corporation
++ * Copyright (C) 2018-2021 Intel Corporation
+  */
+ #include <linux/slab.h>
+ #include <linux/kernel.h>
+@@ -679,16 +679,12 @@ static void ieee80211_set_multicast_list
+  */
+ static void ieee80211_teardown_sdata(struct ieee80211_sub_if_data *sdata)
+ {
+-	int i;
+-
+ 	/* free extra data */
+ 	ieee80211_free_keys(sdata, false);
+ 
+ 	ieee80211_debugfs_remove_netdev(sdata);
+ 
+-	for (i = 0; i < IEEE80211_FRAGMENT_MAX; i++)
+-		__skb_queue_purge(&sdata->fragments[i].skb_list);
+-	sdata->fragment_next = 0;
++	ieee80211_destroy_frag_cache(&sdata->frags);
+ 
+ 	if (ieee80211_vif_is_mesh(&sdata->vif))
+ 		ieee80211_mesh_teardown_sdata(sdata);
+@@ -2038,8 +2034,7 @@ int ieee80211_if_add(struct ieee80211_lo
+ 	sdata->wdev.wiphy = local->hw.wiphy;
+ 	sdata->local = local;
+ 
+-	for (i = 0; i < IEEE80211_FRAGMENT_MAX; i++)
+-		skb_queue_head_init(&sdata->fragments[i].skb_list);
++	ieee80211_init_frag_cache(&sdata->frags);
+ 
+ 	INIT_LIST_HEAD(&sdata->key_list);
+ 
+--- a/net/mac80211/rx.c
++++ b/net/mac80211/rx.c
+@@ -2133,19 +2133,34 @@ ieee80211_rx_h_decrypt(struct ieee80211_
+ 	return result;
+ }
+ 
++void ieee80211_init_frag_cache(struct ieee80211_fragment_cache *cache)
++{
++	int i;
++
++	for (i = 0; i < ARRAY_SIZE(cache->entries); i++)
++		skb_queue_head_init(&cache->entries[i].skb_list);
++}
++
++void ieee80211_destroy_frag_cache(struct ieee80211_fragment_cache *cache)
++{
++	int i;
++
++	for (i = 0; i < ARRAY_SIZE(cache->entries); i++)
++		__skb_queue_purge(&cache->entries[i].skb_list);
++}
++
+ static inline struct ieee80211_fragment_entry *
+-ieee80211_reassemble_add(struct ieee80211_sub_if_data *sdata,
++ieee80211_reassemble_add(struct ieee80211_fragment_cache *cache,
+ 			 unsigned int frag, unsigned int seq, int rx_queue,
+ 			 struct sk_buff **skb)
+ {
+ 	struct ieee80211_fragment_entry *entry;
+ 
+-	entry = &sdata->fragments[sdata->fragment_next++];
+-	if (sdata->fragment_next >= IEEE80211_FRAGMENT_MAX)
+-		sdata->fragment_next = 0;
++	entry = &cache->entries[cache->next++];
++	if (cache->next >= IEEE80211_FRAGMENT_MAX)
++		cache->next = 0;
+ 
+-	if (!skb_queue_empty(&entry->skb_list))
+-		__skb_queue_purge(&entry->skb_list);
++	__skb_queue_purge(&entry->skb_list);
+ 
+ 	__skb_queue_tail(&entry->skb_list, *skb); /* no need for locking */
+ 	*skb = NULL;
+@@ -2160,14 +2175,14 @@ ieee80211_reassemble_add(struct ieee8021
+ }
+ 
+ static inline struct ieee80211_fragment_entry *
+-ieee80211_reassemble_find(struct ieee80211_sub_if_data *sdata,
++ieee80211_reassemble_find(struct ieee80211_fragment_cache *cache,
+ 			  unsigned int frag, unsigned int seq,
+ 			  int rx_queue, struct ieee80211_hdr *hdr)
+ {
+ 	struct ieee80211_fragment_entry *entry;
+ 	int i, idx;
+ 
+-	idx = sdata->fragment_next;
++	idx = cache->next;
+ 	for (i = 0; i < IEEE80211_FRAGMENT_MAX; i++) {
+ 		struct ieee80211_hdr *f_hdr;
+ 		struct sk_buff *f_skb;
+@@ -2176,7 +2191,7 @@ ieee80211_reassemble_find(struct ieee802
+ 		if (idx < 0)
+ 			idx = IEEE80211_FRAGMENT_MAX - 1;
+ 
+-		entry = &sdata->fragments[idx];
++		entry = &cache->entries[idx];
+ 		if (skb_queue_empty(&entry->skb_list) || entry->seq != seq ||
+ 		    entry->rx_queue != rx_queue ||
+ 		    entry->last_frag + 1 != frag)
+@@ -2217,6 +2232,7 @@ static bool requires_sequential_pn(struc
+ static ieee80211_rx_result debug_noinline
+ ieee80211_rx_h_defragment(struct ieee80211_rx_data *rx)
+ {
++	struct ieee80211_fragment_cache *cache = &rx->sdata->frags;
+ 	struct ieee80211_hdr *hdr;
+ 	u16 sc;
+ 	__le16 fc;
+@@ -2238,6 +2254,9 @@ ieee80211_rx_h_defragment(struct ieee802
+ 		goto out_no_led;
+ 	}
+ 
++	if (rx->sta)
++		cache = &rx->sta->frags;
++
+ 	if (likely(!ieee80211_has_morefrags(fc) && frag == 0))
+ 		goto out;
+ 
+@@ -2256,7 +2275,7 @@ ieee80211_rx_h_defragment(struct ieee802
+ 
+ 	if (frag == 0) {
+ 		/* This is the first fragment of a new frame. */
+-		entry = ieee80211_reassemble_add(rx->sdata, frag, seq,
++		entry = ieee80211_reassemble_add(cache, frag, seq,
+ 						 rx->seqno_idx, &(rx->skb));
+ 		if (requires_sequential_pn(rx, fc)) {
+ 			int queue = rx->security_idx;
+@@ -2284,7 +2303,7 @@ ieee80211_rx_h_defragment(struct ieee802
+ 	/* This is a fragment for a frame that should already be pending in
+ 	 * fragment cache. Add this fragment to the end of the pending entry.
+ 	 */
+-	entry = ieee80211_reassemble_find(rx->sdata, frag, seq,
++	entry = ieee80211_reassemble_find(cache, frag, seq,
+ 					  rx->seqno_idx, hdr);
+ 	if (!entry) {
+ 		I802_DEBUG_INC(rx->local->rx_handlers_drop_defrag);
+--- a/net/mac80211/sta_info.c
++++ b/net/mac80211/sta_info.c
+@@ -4,7 +4,7 @@
+  * Copyright 2006-2007	Jiri Benc <jbenc@suse.cz>
+  * Copyright 2013-2014  Intel Mobile Communications GmbH
+  * Copyright (C) 2015 - 2017 Intel Deutschland GmbH
+- * Copyright (C) 2018-2020 Intel Corporation
++ * Copyright (C) 2018-2021 Intel Corporation
+  */
+ 
+ #include <linux/module.h>
+@@ -393,6 +393,8 @@ struct sta_info *sta_info_alloc(struct i
+ 
+ 	u64_stats_init(&sta->rx_stats.syncp);
+ 
++	ieee80211_init_frag_cache(&sta->frags);
++
+ 	sta->sta_state = IEEE80211_STA_NONE;
+ 
+ 	/* Mark TID as unreserved */
+@@ -1103,6 +1105,8 @@ static void __sta_info_destroy_part2(str
+ 
+ 	ieee80211_sta_debugfs_remove(sta);
+ 
++	ieee80211_destroy_frag_cache(&sta->frags);
++
+ 	cleanup_single_sta(sta);
+ }
+ 
+--- a/net/mac80211/sta_info.h
++++ b/net/mac80211/sta_info.h
+@@ -3,7 +3,7 @@
+  * Copyright 2002-2005, Devicescape Software, Inc.
+  * Copyright 2013-2014  Intel Mobile Communications GmbH
+  * Copyright(c) 2015-2017 Intel Deutschland GmbH
+- * Copyright(c) 2020 Intel Corporation
++ * Copyright(c) 2020-2021 Intel Corporation
+  */
+ 
+ #ifndef STA_INFO_H
+@@ -439,6 +439,33 @@ struct ieee80211_sta_rx_stats {
+ };
+ 
+ /*
++ * IEEE 802.11-2016 (10.6 "Defragmentation") recommends support for "concurrent
++ * reception of at least one MSDU per access category per associated STA"
++ * on APs, or "at least one MSDU per access category" on other interface types.
++ *
++ * This limit can be increased by changing this define, at the cost of slower
++ * frame reassembly and increased memory use while fragments are pending.
++ */
++#define IEEE80211_FRAGMENT_MAX 4
++
++struct ieee80211_fragment_entry {
++	struct sk_buff_head skb_list;
++	unsigned long first_frag_time;
++	u16 seq;
++	u16 extra_len;
++	u16 last_frag;
++	u8 rx_queue;
++	bool check_sequential_pn; /* needed for CCMP/GCMP */
++	u8 last_pn[6]; /* PN of the last fragment if CCMP was used */
++	unsigned int key_color;
++};
++
++struct ieee80211_fragment_cache {
++	struct ieee80211_fragment_entry	entries[IEEE80211_FRAGMENT_MAX];
++	unsigned int next;
++};
++
++/*
+  * The bandwidth threshold below which the per-station CoDel parameters will be
+  * scaled to be more lenient (to prevent starvation of slow stations). This
+  * value will be scaled by the number of active stations when it is being
+@@ -531,6 +558,7 @@ struct ieee80211_sta_rx_stats {
+  * @status_stats.last_ack_signal: last ACK signal
+  * @status_stats.ack_signal_filled: last ACK signal validity
+  * @status_stats.avg_ack_signal: average ACK signal
++ * @frags: fragment cache
+  */
+ struct sta_info {
+ 	/* General information, mostly static */
+@@ -639,6 +667,8 @@ struct sta_info {
+ 
+ 	struct cfg80211_chan_def tdls_chandef;
+ 
++	struct ieee80211_fragment_cache frags;
++
+ 	/* keep last! */
+ 	struct ieee80211_sta sta;
+ };

package/kernel/mac80211/patches/subsys/386-mac80211-check-defrag-PN-against-current-frame.patch

@@ -0,0 +1,109 @@
+From: Johannes Berg <johannes.berg@intel.com>
+Date: Tue, 11 May 2021 20:02:48 +0200
+Subject: [PATCH] mac80211: check defrag PN against current frame
+
+As pointed out by Mathy Vanhoef, we implement the RX PN check
+on fragmented frames incorrectly - we check against the last
+received PN prior to the new frame, rather than to the one in
+this frame itself.
+
+Prior patches addressed the security issue here, but in order
+to be able to reason better about the code, fix it to really
+compare against the current frame's PN, not the last stored
+one.
+
+Cc: stable@vger.kernel.org
+Signed-off-by: Johannes Berg <johannes.berg@intel.com>
+---
+
+--- a/net/mac80211/ieee80211_i.h
++++ b/net/mac80211/ieee80211_i.h
+@@ -227,8 +227,15 @@ struct ieee80211_rx_data {
+ 	 */
+ 	int security_idx;
+ 
+-	u32 tkip_iv32;
+-	u16 tkip_iv16;
++	union {
++		struct {
++			u32 iv32;
++			u16 iv16;
++		} tkip;
++		struct {
++			u8 pn[IEEE80211_CCMP_PN_LEN];
++		} ccm_gcm;
++	};
+ };
+ 
+ struct ieee80211_csa_settings {
+--- a/net/mac80211/rx.c
++++ b/net/mac80211/rx.c
+@@ -2318,7 +2318,6 @@ ieee80211_rx_h_defragment(struct ieee802
+ 	if (entry->check_sequential_pn) {
+ 		int i;
+ 		u8 pn[IEEE80211_CCMP_PN_LEN], *rpn;
+-		int queue;
+ 
+ 		if (!requires_sequential_pn(rx, fc))
+ 			return RX_DROP_UNUSABLE;
+@@ -2333,8 +2332,8 @@ ieee80211_rx_h_defragment(struct ieee802
+ 			if (pn[i])
+ 				break;
+ 		}
+-		queue = rx->security_idx;
+-		rpn = rx->key->u.ccmp.rx_pn[queue];
++
++		rpn = rx->ccm_gcm.pn;
+ 		if (memcmp(pn, rpn, IEEE80211_CCMP_PN_LEN))
+ 			return RX_DROP_UNUSABLE;
+ 		memcpy(entry->last_pn, pn, IEEE80211_CCMP_PN_LEN);
+--- a/net/mac80211/wpa.c
++++ b/net/mac80211/wpa.c
+@@ -3,6 +3,7 @@
+  * Copyright 2002-2004, Instant802 Networks, Inc.
+  * Copyright 2008, Jouni Malinen <j@w1.fi>
+  * Copyright (C) 2016-2017 Intel Deutschland GmbH
++ * Copyright (C) 2020-2021 Intel Corporation
+  */
+ 
+ #include <linux/netdevice.h>
+@@ -167,8 +168,8 @@ ieee80211_rx_h_michael_mic_verify(struct
+ 
+ update_iv:
+ 	/* update IV in key information to be able to detect replays */
+-	rx->key->u.tkip.rx[rx->security_idx].iv32 = rx->tkip_iv32;
+-	rx->key->u.tkip.rx[rx->security_idx].iv16 = rx->tkip_iv16;
++	rx->key->u.tkip.rx[rx->security_idx].iv32 = rx->tkip.iv32;
++	rx->key->u.tkip.rx[rx->security_idx].iv16 = rx->tkip.iv16;
+ 
+ 	return RX_CONTINUE;
+ 
+@@ -294,8 +295,8 @@ ieee80211_crypto_tkip_decrypt(struct iee
+ 					  key, skb->data + hdrlen,
+ 					  skb->len - hdrlen, rx->sta->sta.addr,
+ 					  hdr->addr1, hwaccel, rx->security_idx,
+-					  &rx->tkip_iv32,
+-					  &rx->tkip_iv16);
++					  &rx->tkip.iv32,
++					  &rx->tkip.iv16);
+ 	if (res != TKIP_DECRYPT_OK)
+ 		return RX_DROP_UNUSABLE;
+ 
+@@ -552,6 +553,8 @@ ieee80211_crypto_ccmp_decrypt(struct iee
+ 		}
+ 
+ 		memcpy(key->u.ccmp.rx_pn[queue], pn, IEEE80211_CCMP_PN_LEN);
++		if (unlikely(ieee80211_is_frag(hdr)))
++			memcpy(rx->ccm_gcm.pn, pn, IEEE80211_CCMP_PN_LEN);
+ 	}
+ 
+ 	/* Remove CCMP header and MIC */
+@@ -782,6 +785,8 @@ ieee80211_crypto_gcmp_decrypt(struct iee
+ 		}
+ 
+ 		memcpy(key->u.gcmp.rx_pn[queue], pn, IEEE80211_GCMP_PN_LEN);
++		if (unlikely(ieee80211_is_frag(hdr)))
++			memcpy(rx->ccm_gcm.pn, pn, IEEE80211_CCMP_PN_LEN);
+ 	}
+ 
+ 	/* Remove GCMP header and MIC */

package/kernel/mac80211/patches/subsys/387-mac80211-prevent-attacks-on-TKIP-WEP-as-well.patch

@@ -0,0 +1,62 @@
+From: Johannes Berg <johannes.berg@intel.com>
+Date: Tue, 11 May 2021 20:02:49 +0200
+Subject: [PATCH] mac80211: prevent attacks on TKIP/WEP as well
+
+Similar to the issues fixed in previous patches, TKIP and WEP
+should be protected even if for TKIP we have the Michael MIC
+protecting it, and WEP is broken anyway.
+
+However, this also somewhat protects potential other algorithms
+that drivers might implement.
+
+Cc: stable@vger.kernel.org
+Signed-off-by: Johannes Berg <johannes.berg@intel.com>
+---
+
+--- a/net/mac80211/rx.c
++++ b/net/mac80211/rx.c
+@@ -2284,6 +2284,7 @@ ieee80211_rx_h_defragment(struct ieee802
+ 			 * next fragment has a sequential PN value.
+ 			 */
+ 			entry->check_sequential_pn = true;
++			entry->is_protected = true;
+ 			entry->key_color = rx->key->color;
+ 			memcpy(entry->last_pn,
+ 			       rx->key->u.ccmp.rx_pn[queue],
+@@ -2296,6 +2297,9 @@ ieee80211_rx_h_defragment(struct ieee802
+ 				     sizeof(rx->key->u.gcmp.rx_pn[queue]));
+ 			BUILD_BUG_ON(IEEE80211_CCMP_PN_LEN !=
+ 				     IEEE80211_GCMP_PN_LEN);
++		} else if (rx->key && ieee80211_has_protected(fc)) {
++			entry->is_protected = true;
++			entry->key_color = rx->key->color;
+ 		}
+ 		return RX_QUEUED;
+ 	}
+@@ -2337,6 +2341,14 @@ ieee80211_rx_h_defragment(struct ieee802
+ 		if (memcmp(pn, rpn, IEEE80211_CCMP_PN_LEN))
+ 			return RX_DROP_UNUSABLE;
+ 		memcpy(entry->last_pn, pn, IEEE80211_CCMP_PN_LEN);
++	} else if (entry->is_protected &&
++		   (!rx->key || !ieee80211_has_protected(fc) ||
++		    rx->key->color != entry->key_color)) {
++		/* Drop this as a mixed key or fragment cache attack, even
++		 * if for TKIP Michael MIC should protect us, and WEP is a
++		 * lost cause anyway.
++		 */
++		return RX_DROP_UNUSABLE;
+ 	}
+ 
+ 	skb_pull(rx->skb, ieee80211_hdrlen(fc));
+--- a/net/mac80211/sta_info.h
++++ b/net/mac80211/sta_info.h
+@@ -455,7 +455,8 @@ struct ieee80211_fragment_entry {
+ 	u16 extra_len;
+ 	u16 last_frag;
+ 	u8 rx_queue;
+-	bool check_sequential_pn; /* needed for CCMP/GCMP */
++	u8 check_sequential_pn:1, /* needed for CCMP/GCMP */
++	   is_protected:1;
+ 	u8 last_pn[6]; /* PN of the last fragment if CCMP was used */
+ 	unsigned int key_color;
+ };

package/kernel/mac80211/patches/subsys/388-mac80211-do-not-accept-forward-invalid-EAPOL-frames.patch

@@ -0,0 +1,94 @@
+From: Johannes Berg <johannes.berg@intel.com>
+Date: Tue, 11 May 2021 20:02:50 +0200
+Subject: [PATCH] mac80211: do not accept/forward invalid EAPOL frames
+
+EAPOL frames are used for authentication and key management between the
+AP and each individual STA associated in the BSS. Those frames are not
+supposed to be sent by one associated STA to another associated STA
+(either unicast for broadcast/multicast).
+
+Similarly, in 802.11 they're supposed to be sent to the authenticator
+(AP) address.
+
+Since it is possible for unexpected EAPOL frames to result in misbehavior
+in supplicant implementations, it is better for the AP to not allow such
+cases to be forwarded to other clients either directly, or indirectly if
+the AP interface is part of a bridge.
+
+Accept EAPOL (control port) frames only if they're transmitted to the
+own address, or, due to interoperability concerns, to the PAE group
+address.
+
+Disable forwarding of EAPOL (or well, the configured control port
+protocol) frames back to wireless medium in all cases. Previously, these
+frames were accepted from fully authenticated and authorized stations
+and also from unauthenticated stations for one of the cases.
+
+Additionally, to avoid forwarding by the bridge, rewrite the PAE group
+address case to the local MAC address.
+
+Cc: stable@vger.kernel.org
+Co-developed-by: Jouni Malinen <jouni@codeaurora.org>
+Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
+Signed-off-by: Johannes Berg <johannes.berg@intel.com>
+---
+
+--- a/net/mac80211/rx.c
++++ b/net/mac80211/rx.c
+@@ -2541,13 +2541,13 @@ static bool ieee80211_frame_allowed(stru
+ 	struct ethhdr *ehdr = (struct ethhdr *) rx->skb->data;
+ 
+ 	/*
+-	 * Allow EAPOL frames to us/the PAE group address regardless
+-	 * of whether the frame was encrypted or not.
++	 * Allow EAPOL frames to us/the PAE group address regardless of
++	 * whether the frame was encrypted or not, and always disallow
++	 * all other destination addresses for them.
+ 	 */
+-	if (ehdr->h_proto == rx->sdata->control_port_protocol &&
+-	    (ether_addr_equal(ehdr->h_dest, rx->sdata->vif.addr) ||
+-	     ether_addr_equal(ehdr->h_dest, pae_group_addr)))
+-		return true;
++	if (unlikely(ehdr->h_proto == rx->sdata->control_port_protocol))
++		return ether_addr_equal(ehdr->h_dest, rx->sdata->vif.addr) ||
++		       ether_addr_equal(ehdr->h_dest, pae_group_addr);
+ 
+ 	if (ieee80211_802_1x_port_control(rx) ||
+ 	    ieee80211_drop_unencrypted(rx, fc))
+@@ -2572,8 +2572,28 @@ static void ieee80211_deliver_skb_to_loc
+ 		cfg80211_rx_control_port(dev, skb, noencrypt);
+ 		dev_kfree_skb(skb);
+ 	} else {
++		struct ethhdr *ehdr = (void *)skb_mac_header(skb);
++
+ 		memset(skb->cb, 0, sizeof(skb->cb));
+ 
++		/*
++		 * 802.1X over 802.11 requires that the authenticator address
++		 * be used for EAPOL frames. However, 802.1X allows the use of
++		 * the PAE group address instead. If the interface is part of
++		 * a bridge and we pass the frame with the PAE group address,
++		 * then the bridge will forward it to the network (even if the
++		 * client was not associated yet), which isn't supposed to
++		 * happen.
++		 * To avoid that, rewrite the destination address to our own
++		 * address, so that the authenticator (e.g. hostapd) will see
++		 * the frame, but bridge won't forward it anywhere else. Note
++		 * that due to earlier filtering, the only other address can
++		 * be the PAE group address.
++		 */
++		if (unlikely(skb->protocol == sdata->control_port_protocol &&
++			     !ether_addr_equal(ehdr->h_dest, sdata->vif.addr)))
++			ether_addr_copy(ehdr->h_dest, sdata->vif.addr);
++
+ 		/* deliver to local stack */
+ 		if (rx->list)
+ #if LINUX_VERSION_IS_GEQ(4,19,0)
+@@ -2617,6 +2637,7 @@ ieee80211_deliver_skb(struct ieee80211_r
+ 	if ((sdata->vif.type == NL80211_IFTYPE_AP ||
+ 	     sdata->vif.type == NL80211_IFTYPE_AP_VLAN) &&
+ 	    !(sdata->flags & IEEE80211_SDATA_DONT_BRIDGE_PACKETS) &&
++	    ehdr->h_proto != rx->sdata->control_port_protocol &&
+ 	    (sdata->vif.type != NL80211_IFTYPE_AP_VLAN || !sdata->u.vlan.sta)) {
+ 		if (is_multicast_ether_addr(ehdr->h_dest) &&
+ 		    ieee80211_vif_get_num_mcast_if(sdata) != 0) {

package/kernel/mac80211/patches/subsys/389-mac80211-extend-protection-against-mixed-key-and-fra.patch

@@ -0,0 +1,68 @@
+From: Wen Gong <wgong@codeaurora.org>
+Date: Tue, 11 May 2021 20:02:51 +0200
+Subject: [PATCH] mac80211: extend protection against mixed key and
+ fragment cache attacks
+
+For some chips/drivers, e.g., QCA6174 with ath10k, the decryption is
+done by the hardware, and the Protected bit in the Frame Control field
+is cleared in the lower level driver before the frame is passed to
+mac80211. In such cases, the condition for ieee80211_has_protected() is
+not met in ieee80211_rx_h_defragment() of mac80211 and the new security
+validation steps are not executed.
+
+Extend mac80211 to cover the case where the Protected bit has been
+cleared, but the frame is indicated as having been decrypted by the
+hardware. This extends protection against mixed key and fragment cache
+attack for additional drivers/chips. This fixes CVE-2020-24586 and
+CVE-2020-24587 for such cases.
+
+Tested-on: QCA6174 hw3.2 PCI WLAN.RM.4.4.1-00110-QCARMSWP-1
+
+Cc: stable@vger.kernel.org
+Signed-off-by: Wen Gong <wgong@codeaurora.org>
+Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
+Signed-off-by: Johannes Berg <johannes.berg@intel.com>
+---
+
+--- a/net/mac80211/rx.c
++++ b/net/mac80211/rx.c
+@@ -2239,6 +2239,7 @@ ieee80211_rx_h_defragment(struct ieee802
+ 	unsigned int frag, seq;
+ 	struct ieee80211_fragment_entry *entry;
+ 	struct sk_buff *skb;
++	struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(rx->skb);
+ 
+ 	hdr = (struct ieee80211_hdr *)rx->skb->data;
+ 	fc = hdr->frame_control;
+@@ -2297,7 +2298,9 @@ ieee80211_rx_h_defragment(struct ieee802
+ 				     sizeof(rx->key->u.gcmp.rx_pn[queue]));
+ 			BUILD_BUG_ON(IEEE80211_CCMP_PN_LEN !=
+ 				     IEEE80211_GCMP_PN_LEN);
+-		} else if (rx->key && ieee80211_has_protected(fc)) {
++		} else if (rx->key &&
++			   (ieee80211_has_protected(fc) ||
++			    (status->flag & RX_FLAG_DECRYPTED))) {
+ 			entry->is_protected = true;
+ 			entry->key_color = rx->key->color;
+ 		}
+@@ -2342,13 +2345,19 @@ ieee80211_rx_h_defragment(struct ieee802
+ 			return RX_DROP_UNUSABLE;
+ 		memcpy(entry->last_pn, pn, IEEE80211_CCMP_PN_LEN);
+ 	} else if (entry->is_protected &&
+-		   (!rx->key || !ieee80211_has_protected(fc) ||
++		   (!rx->key ||
++		    (!ieee80211_has_protected(fc) &&
++		     !(status->flag & RX_FLAG_DECRYPTED)) ||
+ 		    rx->key->color != entry->key_color)) {
+ 		/* Drop this as a mixed key or fragment cache attack, even
+ 		 * if for TKIP Michael MIC should protect us, and WEP is a
+ 		 * lost cause anyway.
+ 		 */
+ 		return RX_DROP_UNUSABLE;
++	} else if (entry->is_protected && rx->key &&
++		   entry->key_color != rx->key->color &&
++		   (status->flag & RX_FLAG_DECRYPTED)) {
++		return RX_DROP_UNUSABLE;
+ 	}
+ 
+ 	skb_pull(rx->skb, ieee80211_hdrlen(fc));

package/kernel/mac80211/patches/subsys/500-mac80211_configure_antenna_gain.patch

@@ -57,7 +57,7 @@
  	__NL80211_ATTR_AFTER_LAST,
 --- a/net/mac80211/cfg.c
 +++ b/net/mac80211/cfg.c
-@@ -2707,6 +2707,19 @@ static int ieee80211_get_tx_power(struct
+@@ -2709,6 +2709,19 @@ static int ieee80211_get_tx_power(struct
  	return 0;
  }
  
@@ -77,7 +77,7 @@
  static int ieee80211_set_wds_peer(struct wiphy *wiphy, struct net_device *dev,
  				  const u8 *addr)
  {
-@@ -4137,6 +4150,7 @@ const struct cfg80211_ops mac80211_confi
+@@ -4139,6 +4152,7 @@ const struct cfg80211_ops mac80211_confi
  	.set_wiphy_params = ieee80211_set_wiphy_params,
  	.set_tx_power = ieee80211_set_tx_power,
  	.get_tx_power = ieee80211_get_tx_power,
@@ -87,7 +87,7 @@
  	CFG80211_TESTMODE_CMD(ieee80211_testmode_cmd)
 --- a/net/mac80211/ieee80211_i.h
 +++ b/net/mac80211/ieee80211_i.h
-@@ -1403,6 +1403,7 @@ struct ieee80211_local {
+@@ -1390,6 +1390,7 @@ struct ieee80211_local {
  	int dynamic_ps_forced_timeout;
  
  	int user_power_level; /* in dBm, for all interfaces */
@@ -129,7 +129,7 @@
  	local->hw.max_mtu = IEEE80211_MAX_DATA_LEN;
 --- a/net/wireless/nl80211.c
 +++ b/net/wireless/nl80211.c
-@@ -733,6 +733,7 @@ static const struct nla_policy nl80211_p
+@@ -737,6 +737,7 @@ static const struct nla_policy nl80211_p
  	[NL80211_ATTR_S1G_CAPABILITY_MASK] =
  		NLA_POLICY_EXACT_LEN(IEEE80211_S1G_CAPABILITY_LEN),
  	[NL80211_ATTR_RECONNECT_REQUESTED] = { .type = NLA_REJECT },
@@ -137,7 +137,7 @@
  };
  
  /* policy for the key attributes */
-@@ -3241,6 +3242,20 @@ static int nl80211_set_wiphy(struct sk_b
+@@ -3245,6 +3246,20 @@ static int nl80211_set_wiphy(struct sk_b
  		if (result)
  			return result;
  	}

package/kernel/mt76/Makefile

@@ -8,9 +8,9 @@ PKG_LICENSE_FILES:=
 
 PKG_SOURCE_URL:=https://github.com/openwrt/mt76
 PKG_SOURCE_PROTO:=git
-PKG_SOURCE_DATE:=2021-04-11
-PKG_SOURCE_VERSION:=bf45b30d891961dd7c4139dddb58b909ea2c2b5a
-PKG_MIRROR_HASH:=431cecf80dafa986e805f809522721c2bb26289867d6770695d49baf8b471bea
+PKG_SOURCE_DATE:=2021-05-15
+PKG_SOURCE_VERSION:=9d736545bb5ac9707e60b7900b7d6b290492e24d
+PKG_MIRROR_HASH:=8fd98f488579c18cfd8c442cff1796dcd70e2ecbc59c5d5b92ee8c0f06efafcf
 
 PKG_MAINTAINER:=Felix Fietkau <nbd@nbd.name>
 PKG_BUILD_PARALLEL:=1

package/libs/libubox/Makefile

@@ -5,9 +5,9 @@ PKG_RELEASE=1
 
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL=$(PROJECT_GIT)/project/libubox.git
-PKG_MIRROR_HASH:=97dc4eba01cf2c5d6a6d0db3747e0cdc0d95cb87e51b3115272e7d3e69a8b255
-PKG_SOURCE_DATE:=2020-12-12
-PKG_SOURCE_VERSION:=357877693ca363b12e6e7e14d345639b2440cd07
+PKG_MIRROR_HASH:=7dd1db1e0074a9c7c722db654cce3111b3bd3cff0bfd791c4497cb0f6c22d3ca
+PKG_SOURCE_DATE:=2021-05-16
+PKG_SOURCE_VERSION:=b14c4688612c05c78ce984d7bde633bce8703b1e
 PKG_ABI_VERSION:=$(call abi_version_str,$(PKG_SOURCE_DATE))
 CMAKE_INSTALL:=1
 

package/libs/uclient/Makefile

@@ -5,9 +5,9 @@ PKG_RELEASE=1
 
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL=$(PROJECT_GIT)/project/uclient.git
-PKG_MIRROR_HASH:=532016a283722f21dd450e388060af0db765972956eee288c7cabf102c8303d0
-PKG_SOURCE_DATE:=2020-12-10
-PKG_SOURCE_VERSION:=2c843b2bc04c34403d9a6b4de025447e4b5d8aa4
+PKG_MIRROR_HASH:=7c443cac02a734dd312c65618f4de17248d188317f30a9fac192c1503b3d5c05
+PKG_SOURCE_DATE:=2021-05-14
+PKG_SOURCE_VERSION:=6a6011df3429ffa5958d12b1327eeda4fd9daa47
 CMAKE_INSTALL:=1
 
 PKG_BUILD_DEPENDS:=ustream-ssl

package/network/config/ltq-vdsl-app/Makefile

@@ -9,7 +9,7 @@ include $(INCLUDE_DIR)/kernel.mk
 
 PKG_NAME:=ltq-vdsl-app
 PKG_VERSION:=4.17.18.6
-PKG_RELEASE:=6
+PKG_RELEASE:=8
 PKG_BASE_NAME:=dsl_cpe_control
 PKG_SOURCE:=$(PKG_BASE_NAME)_vrx-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=@OPENWRT
@@ -55,7 +55,9 @@ CONFIGURE_ARGS += \
 CONFIGURE_ARGS += \
 	--enable-model=typical \
 	--enable-dsl-pm-showtime \
-	--disable-dsl-ceoc
+	--disable-dsl-ceoc \
+	--enable-dsl-pm-retx-counters \
+	--enable-dsl-pm-retx-thresholds
 #CONFIGURE_ARGS += --enable-model=debug
 
 define Package/ltq-vdsl-app/install

package/network/config/ltq-vdsl-app/src/src/dsl_cpe_ubus.c

@@ -34,6 +34,12 @@
 		str = text; \
 		break;
 
+#define STR_CASE_MAP(id, text, number) \
+	case id: \
+		str = text; \
+		map = number; \
+		break;
+
 #define IOCTL(type, request) \
 	type out; \
 	memset(&out, 0, sizeof(type)); \
@@ -99,6 +105,34 @@ typedef enum {
 	PROFILE_35B,
 } profile_t;
 
+/* These values are exported via ubus and backwards compability
+ * needs to be kept!
+ */
+enum {
+	LSTATE_MAP_UNKNOWN = -1,
+	LSTATE_MAP_NOT_INITIALIZED,
+	LSTATE_MAP_EXCEPTION,
+	LSTATE_MAP_IDLE,
+	LSTATE_MAP_SILENT,
+	LSTATE_MAP_HANDSHAKE,
+	LSTATE_MAP_FULL_INIT,
+	LSTATE_MAP_SHOWTIME_NO_SYNC,
+	LSTATE_MAP_SHOWTIME_TC_SYNC,
+	LSTATE_MAP_RESYNC,
+};
+
+/* These values are exported via ubus and backwards compability
+ * needs to be kept!
+ */
+enum {
+	PSTATE_MAP_UNKNOWN = -2,
+	PSTATE_MAP_NA,
+	PSTATE_MAP_L0,
+	PSTATE_MAP_L1,
+	PSTATE_MAP_L2,
+	PSTATE_MAP_L3,
+};
+
 static DSL_CPE_ThreadCtrl_t thread;
 static struct ubus_context *ctx;
 static struct blob_buf b;
@@ -306,32 +340,33 @@ static void version_information(int fd) {
 static void line_state(int fd) {
 	IOCTL(DSL_LineState_t, DSL_FIO_LINE_STATE_GET)
 
+	int map = LSTATE_MAP_UNKNOWN;
 	const char *str;
 	switch (out.data.nLineState) {
-	STR_CASE(DSL_LINESTATE_NOT_INITIALIZED, "Not initialized")
-	STR_CASE(DSL_LINESTATE_EXCEPTION, "Exception")
+	STR_CASE_MAP(DSL_LINESTATE_NOT_INITIALIZED, "Not initialized", LSTATE_MAP_NOT_INITIALIZED)
+	STR_CASE_MAP(DSL_LINESTATE_EXCEPTION, "Exception", LSTATE_MAP_EXCEPTION)
 	STR_CASE(DSL_LINESTATE_NOT_UPDATED, "Not updated")
 	STR_CASE(DSL_LINESTATE_IDLE_REQUEST, "Idle request")
-	STR_CASE(DSL_LINESTATE_IDLE, "Idle")
+	STR_CASE_MAP(DSL_LINESTATE_IDLE, "Idle", LSTATE_MAP_IDLE)
 	STR_CASE(DSL_LINESTATE_SILENT_REQUEST, "Silent request")
-	STR_CASE(DSL_LINESTATE_SILENT, "Silent")
-	STR_CASE(DSL_LINESTATE_HANDSHAKE, "Handshake")
+	STR_CASE_MAP(DSL_LINESTATE_SILENT, "Silent", LSTATE_MAP_SILENT)
+	STR_CASE_MAP(DSL_LINESTATE_HANDSHAKE, "Handshake", LSTATE_MAP_HANDSHAKE)
 	STR_CASE(DSL_LINESTATE_BONDING_CLR, "Bonding CLR")
-	STR_CASE(DSL_LINESTATE_FULL_INIT, "Full init")
+	STR_CASE_MAP(DSL_LINESTATE_FULL_INIT, "Full init", LSTATE_MAP_FULL_INIT)
 	STR_CASE(DSL_LINESTATE_SHORT_INIT_ENTRY, "Short init entry")
 	STR_CASE(DSL_LINESTATE_DISCOVERY, "Discovery")
 	STR_CASE(DSL_LINESTATE_TRAINING, "Training")
 	STR_CASE(DSL_LINESTATE_ANALYSIS, "Analysis")
 	STR_CASE(DSL_LINESTATE_EXCHANGE, "Exchange")
-	STR_CASE(DSL_LINESTATE_SHOWTIME_NO_SYNC, "Showtime without TC-Layer sync")
-	STR_CASE(DSL_LINESTATE_SHOWTIME_TC_SYNC, "Showtime with TC-Layer sync")
+	STR_CASE_MAP(DSL_LINESTATE_SHOWTIME_NO_SYNC, "Showtime without TC-Layer sync", LSTATE_MAP_SHOWTIME_NO_SYNC)
+	STR_CASE_MAP(DSL_LINESTATE_SHOWTIME_TC_SYNC, "Showtime with TC-Layer sync", LSTATE_MAP_SHOWTIME_TC_SYNC)
 	STR_CASE(DSL_LINESTATE_FASTRETRAIN, "Fastretrain")
 	STR_CASE(DSL_LINESTATE_LOWPOWER_L2, "Lowpower L2")
 	STR_CASE(DSL_LINESTATE_LOOPDIAGNOSTIC_ACTIVE, "Loopdiagnostic active")
 	STR_CASE(DSL_LINESTATE_LOOPDIAGNOSTIC_DATA_EXCHANGE, "Loopdiagnostic data exchange")
 	STR_CASE(DSL_LINESTATE_LOOPDIAGNOSTIC_DATA_REQUEST, "Loopdiagnostic data request")
 	STR_CASE(DSL_LINESTATE_LOOPDIAGNOSTIC_COMPLETE, "Loopdiagnostic complete")
-	STR_CASE(DSL_LINESTATE_RESYNC, "Resync")
+	STR_CASE_MAP(DSL_LINESTATE_RESYNC, "Resync", LSTATE_MAP_RESYNC)
 	STR_CASE(DSL_LINESTATE_TEST, "Test")
 	STR_CASE(DSL_LINESTATE_TEST_LOOP, "Test loop")
 	STR_CASE(DSL_LINESTATE_TEST_REVERB, "Test reverb")
@@ -351,9 +386,13 @@ static void line_state(int fd) {
 		str = NULL;
 		break;
 	};
+
 	if (str)
 		m_str("state", str);
 
+	if (map != LSTATE_MAP_UNKNOWN )
+		m_u32("state_num", map);
+
 	m_bool("up", out.data.nLineState == DSL_LINESTATE_SHOWTIME_TC_SYNC);
 }
 
@@ -377,19 +416,24 @@ static void g997_line_inventory(int fd) {
 static void g997_power_management_status(int fd) {
 	IOCTL(DSL_G997_PowerManagementStatus_t, DSL_FIO_G997_POWER_MANAGEMENT_STATUS_GET)
 
+	int map = PSTATE_MAP_UNKNOWN;
 	const char *str;
 	switch (out.data.nPowerManagementStatus) {
-	STR_CASE(DSL_G997_PMS_NA, "Power management state is not available")
-	STR_CASE(DSL_G997_PMS_L0, "L0 - Synchronized")
-	STR_CASE(DSL_G997_PMS_L1, "L1 - Power Down Data transmission (G.992.2)")
-	STR_CASE(DSL_G997_PMS_L2, "L2 - Power Down Data transmission (G.992.3 and G.992.4)")
-	STR_CASE(DSL_G997_PMS_L3, "L3 - No power")
+	STR_CASE_MAP(DSL_G997_PMS_NA, "Power management state is not available", PSTATE_MAP_NA)
+	STR_CASE_MAP(DSL_G997_PMS_L0, "L0 - Synchronized", PSTATE_MAP_L0)
+	STR_CASE_MAP(DSL_G997_PMS_L1, "L1 - Power Down Data transmission (G.992.2)", PSTATE_MAP_L1)
+	STR_CASE_MAP(DSL_G997_PMS_L2, "L2 - Power Down Data transmission (G.992.3 and G.992.4)", PSTATE_MAP_L2)
+	STR_CASE_MAP(DSL_G997_PMS_L3, "L3 - No power", PSTATE_MAP_L3)
 	default:
 		str = NULL;
 		break;
 	};
+
 	if (str)
 		m_str("power_state", str);
+
+	if (map != PSTATE_MAP_UNKNOWN)
+		m_u32("power_state_num", map);
 }
 
 static void g997_xtu_system_enabling(int fd, standard_t *standard) {
@@ -532,7 +576,12 @@ static void g997_channel_status(int fd, DSL_AccessDir_t direction) {
 	IOCTL_DIR(DSL_G997_ChannelStatus_t, DSL_FIO_G997_CHANNEL_STATUS_GET, direction);
 
 	m_u32("interleave_delay", out.data.ActualInterleaveDelay * 10);
+#ifndef INCLUDE_DSL_CPE_API_DANUBE
+	// prefer ACTNDR, see comments in drv_dsl_cpe_api_g997.h
+	m_u32("data_rate", out.data.ActualNetDataRate);
+#else
 	m_u32("data_rate", out.data.ActualDataRate);
+#endif
 }
 
 static void g997_line_status(int fd, DSL_AccessDir_t direction) {

package/network/config/netifd/Makefile

@@ -5,9 +5,9 @@ PKG_RELEASE:=1
 
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL=$(PROJECT_GIT)/project/netifd.git
-PKG_SOURCE_DATE:=2021-01-09
-PKG_SOURCE_VERSION:=c00c8335d6188daa326ecfe5a62da15a9b9987e1
-PKG_MIRROR_HASH:=c740e51e0cec13eec336ba1c7a643db3b64a9a2235f8c1b73a566cb89e841190
+PKG_SOURCE_DATE:=2021-05-26
+PKG_SOURCE_VERSION:=899c2a4520526d43113f73cf673f20e2486a40fb
+PKG_MIRROR_HASH:=354905192b30af88ea953241ed332555e67cdb7e3b54dd139250bf1e6ad3a709
 PKG_MAINTAINER:=Felix Fietkau <nbd@nbd.name>
 
 PKG_LICENSE:=GPL-2.0
@@ -25,6 +25,11 @@ define Package/netifd
   TITLE:=OpenWrt Network Interface Configuration Daemon
 endef
 
+define Package/netifd/conffiles
+/etc/udhcpc.user
+/etc/udhcpc.user.d/
+endef
+
 TARGET_CFLAGS += \
 	-I$(STAGING_DIR)/usr/include/libnl-tiny \
 	-I$(STAGING_DIR)/usr/include \
@@ -40,6 +45,7 @@ define Package/netifd/install
 	$(INSTALL_DIR) $(1)/sbin
 	$(INSTALL_BIN) $(PKG_BUILD_DIR)/netifd $(1)/sbin/
 	$(CP) ./files/* $(1)/
+	$(INSTALL_DIR) $(1)/etc/udhcpc.user.d/
 	$(CP) $(PKG_BUILD_DIR)/scripts/* $(1)/lib/netifd/
 endef
 

package/network/config/netifd/files/etc/udhcpc.user

@@ -0,0 +1 @@
+# This script is sourced by udhcpc's dhcp.script at every DHCP event.

package/network/config/netifd/files/lib/netifd/dhcp.script

@@ -112,5 +112,8 @@ esac
 
 # user rules
 [ -f /etc/udhcpc.user ] && . /etc/udhcpc.user "$@"
+for f in /etc/udhcpc.user.d/*; do
+	[ -f "$f" ] && (. "$f" "$@")
+done
 
 exit 0

package/network/services/dnsmasq/Makefile

@@ -8,13 +8,13 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=dnsmasq
-PKG_UPSTREAM_VERSION:=2.84
+PKG_UPSTREAM_VERSION:=2.85
 PKG_VERSION:=$(subst test,~~test,$(subst rc,~rc,$(PKG_UPSTREAM_VERSION)))
 PKG_RELEASE:=$(AUTORELEASE)
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_UPSTREAM_VERSION).tar.xz
 PKG_SOURCE_URL:=http://thekelleys.org.uk/dnsmasq
-PKG_HASH:=603195c64b73137609b07e1024ae0b37f652b2f5fe467dce66985b3d1850050c
+PKG_HASH:=ad98d3803df687e5b938080f3d25c628fe41c878752d03fbc6199787fee312fa
 
 PKG_LICENSE:=GPL-2.0
 PKG_LICENSE_FILES:=COPYING

package/network/services/dnsmasq/patches/0001-Tweak-sort-order-of-tags-in-get-version.patch

@@ -1,45 +0,0 @@
-From f1204a875e0f16fd645df965db346fc56d2ab1dd Mon Sep 17 00:00:00 2001
-From: Simon Kelley <simon@thekelleys.org.uk>
-Date: Fri, 29 Jan 2021 23:20:06 +0000
-Subject: [PATCH 1/2] Tweak sort order of tags in get-version.
-
-We want to sort such that the most recent/relevant tag is first
-and gets used to set the compiled-in version.
-
-The solution is far from general, but works for the tag formats
-used by dnsmasq. v2.84 sorts before v2.83, but v2.83 sorts
-before v2.83rc1 and 2.83rc1 sorts before v2.83test1
-
-Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
----
- bld/get-version | 7 +++++--
- 1 file changed, 5 insertions(+), 2 deletions(-)
-
-diff --git a/bld/get-version b/bld/get-version
-index e472aab..1d7e7f0 100755
---- a/bld/get-version
-+++ b/bld/get-version
-@@ -9,7 +9,10 @@
- # If we can find one which matches $v[0-9].* then we assume it's
- # a version-number tag, else we just use the whole string.
- # If there is more than one v[0-9].* tag, sort them and use the
--# first. This favours, eg v2.63 over 2.63rc6.
-+# first. The insane arguments to the sort command are to ensure
-+# that, eg v2.64 comes before v2.63, but v2.63 comes before v2.63rc1
-+# and v2.63rc1 comes before v2.63test1
-+
- 
- # Change directory to the toplevel source directory.
- if test -z "$1" || ! test -d "$1" || ! cd "$1"; then
-@@ -28,7 +31,7 @@ else
-      vers=`cat $1/VERSION | sed 's/[(), ]/,/ g' | tr ',' '\n' | grep ^v[0-9]`
- 
-      if [ $? -eq 0 ]; then
--         echo "${vers}" | sort -r | head -n 1 | sed 's/^v//'
-+         echo "${vers}" | sort -k1.2,1.5r -k 1.6,1.6 -k1.8,1.9r -k1.10,1.11r | head -n 1 | sed 's/^v//'
-      else
-          cat $1/VERSION
-      fi
--- 
-2.24.3 (Apple Git-128)
-

package/network/services/dnsmasq/patches/0002-Tweak-f1204a875e0f16fd645df965db346fc56d2ab1dd.patch

@@ -1,28 +0,0 @@
-From cfcafdd27c74dc187fe96a9cfa88b1aef53540a0 Mon Sep 17 00:00:00 2001
-From: Simon Kelley <simon@thekelleys.org.uk>
-Date: Mon, 1 Feb 2021 23:46:43 +0000
-Subject: [PATCH 2/2] Tweak f1204a875e0f16fd645df965db346fc56d2ab1dd
-
-This gets, eg, v2.65test1 and v2.65test11 in the correct order.
-
-Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
----
- bld/get-version | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/bld/get-version b/bld/get-version
-index 1d7e7f0..1f51768 100755
---- a/bld/get-version
-+++ b/bld/get-version
-@@ -31,7 +31,7 @@ else
-      vers=`cat $1/VERSION | sed 's/[(), ]/,/ g' | tr ',' '\n' | grep ^v[0-9]`
- 
-      if [ $? -eq 0 ]; then
--         echo "${vers}" | sort -k1.2,1.5r -k 1.6,1.6 -k1.8,1.9r -k1.10,1.11r | head -n 1 | sed 's/^v//'
-+         echo "${vers}" | sort -k1.2,1.5Vr -k1.6,1.6 -k1.8,1.9Vr -k1.10,1.11Vr | head -n 1 | sed 's/^v//'
-      else
-          cat $1/VERSION
-      fi
--- 
-2.24.3 (Apple Git-128)
-

package/network/services/dnsmasq/patches/100-remove-old-runtime-kernel-support.patch

@@ -1,4 +1,4 @@
-From 7df4c681678612d196b4e1eec24963d181fdb28a Mon Sep 17 00:00:00 2001
+From 02fbe60e1c7e74d2ba57109575e7bfc238b1b5d4 Mon Sep 17 00:00:00 2001
 From: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
 Date: Sun, 5 Apr 2020 17:18:23 +0100
 Subject: [PATCH] drop runtime old kernel support
@@ -8,9 +8,8 @@ Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
  src/dnsmasq.c |  4 ----
  src/dnsmasq.h |  5 +---
  src/ipset.c   | 64 ++++-----------------------------------------------
- src/netlink.c |  3 +--
  src/util.c    | 19 ---------------
- 5 files changed, 6 insertions(+), 89 deletions(-)
+ 4 files changed, 5 insertions(+), 87 deletions(-)
 
 --- a/src/dnsmasq.c
 +++ b/src/dnsmasq.c
@@ -27,7 +26,7 @@ Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
  
 --- a/src/dnsmasq.h
 +++ b/src/dnsmasq.h
-@@ -1125,7 +1125,7 @@ extern struct daemon {
+@@ -1144,7 +1144,7 @@ extern struct daemon {
    int inotifyfd;
  #endif
  #if defined(HAVE_LINUX_NETWORK)
@@ -36,7 +35,7 @@ Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
  #elif defined(HAVE_BSD_NETWORK)
    int dhcp_raw_fd, dhcp_icmp_fd, routefd;
  #endif
-@@ -1306,9 +1306,6 @@ int read_write(int fd, unsigned char *pa
+@@ -1326,9 +1326,6 @@ int read_write(int fd, unsigned char *pa
  void close_fds(long max_fd, int spare1, int spare2, int spare3);
  int wildcard_match(const char* wildcard, const char* match);
  int wildcard_matchn(const char* wildcard, const char* match, int num);
@@ -139,18 +138,6 @@ Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
  
    if (ret == -1)
       my_syslog(LOG_ERR, _("failed to update ipset %s: %s"), setname, strerror(errno));
---- a/src/netlink.c
-+++ b/src/netlink.c
-@@ -92,8 +92,7 @@ char *netlink_init(void)
-   iov.iov_len = 100;
-   iov.iov_base = safe_malloc(iov.iov_len);
-   
--  if (daemon->kernel_version >= KERNEL_VERSION(2,6,30) &&
--      setsockopt(daemon->netlinkfd, SOL_NETLINK, NETLINK_NO_ENOBUFS, &opt, sizeof(opt)) == -1)
-+  if (setsockopt(daemon->netlinkfd, SOL_NETLINK, NETLINK_NO_ENOBUFS, &opt, sizeof(opt)) == -1)
-     return _("warning: failed to set NETLINK_NO_ENOBUFS on netlink socket");
-   
-   return NULL;
 --- a/src/util.c
 +++ b/src/util.c
 @@ -786,22 +786,3 @@ int wildcard_matchn(const char* wildcard

package/network/utils/layerscape/restool/Makefile

@@ -16,6 +16,8 @@ PKG_SOURCE_URL:=https://source.codeaurora.org/external/qoriq/qoriq-components/re
 PKG_SOURCE_VERSION:=f0cec094e4c6d1c975b377203a3bf994ba9325a9
 PKG_MIRROR_HASH:=1863acfaef319e6b277671fead51df0a31bdddb59022080d86b7d81da0bc8490
 
+PKG_FLAGS:=nonshared
+
 include $(INCLUDE_DIR)/package.mk
 
 define Package/restool

package/network/utils/ltq-dsl-base/Makefile

@@ -8,6 +8,8 @@ include $(TOPDIR)/rules.mk
 PKG_NAME:=ltq-dsl-base
 PKG_RELEASE:=3
 
+PKG_FLAGS:=nonshared
+
 include $(INCLUDE_DIR)/package.mk
 
 define Package/ltq-dsl-base

package/network/utils/uqmi/Makefile

@@ -1,7 +1,7 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=uqmi
-PKG_RELEASE:=2
+PKG_RELEASE:=3
 
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL=$(PROJECT_GIT)/project/uqmi.git

package/network/utils/uqmi/files/lib/netifd/proto/qmi.sh

@@ -209,19 +209,36 @@ proto_qmi_setup() {
 
 	uqmi -s -d "$device" --sync > /dev/null 2>&1
 
+	uqmi -s -d "$device" --network-register > /dev/null 2>&1
+
 	echo "Waiting for network registration"
+	sleep 1
 	local registration_timeout=0
-	while uqmi -s -d "$device" --get-serving-system | grep '"searching"' > /dev/null; do
-		[ -e "$device" ] || return 1
-		if [ "$registration_timeout" -lt "$timeout" -o "$timeout" = "0" ]; then
-			let registration_timeout++
-			sleep 1;
+	local registration_state=""
+	while true; do
+		registration_state=$(uqmi -s -d "$device" --get-serving-system 2>/dev/null | jsonfilter -e "@.registration" 2>/dev/null)
+
+		[ "$registration_state" = "registered" ] && break
+
+		if [ "$registration_state" = "searching" ] || [ "$registration_state" = "not_registered" ]; then
+			if [ "$registration_timeout" -lt "$timeout" ] || [ "$timeout" = "0" ]; then
+				[ "$registration_state" = "searching" ] || {
+					echo "Device stopped network registration. Restart network registration"
+					uqmi -s -d "$device" --network-register > /dev/null 2>&1
+				}
+				let registration_timeout++
+				sleep 1
+				continue
+			fi
+			echo "Network registration failed, registration timeout reached"
 		else
-			echo "Network registration failed"
-			proto_notify_error "$interface" NETWORK_REGISTRATION_FAILED
-			proto_block_restart "$interface"
-			return 1
+			# registration_state is 'registration_denied' or 'unknown' or ''
+			echo "Network registration failed (reason: '$registration_state')"
 		fi
+
+		proto_notify_error "$interface" NETWORK_REGISTRATION_FAILED
+		proto_block_restart "$interface"
+		return 1
 	done
 
 	[ -n "$modes" ] && uqmi -s -d "$device" --set-network-modes "$modes" > /dev/null 2>&1

package/system/iucode-tool/Makefile

@@ -20,6 +20,8 @@ PKG_BUILD_DEPENDS:=USE_UCLIBC:argp-standalone USE_MUSL:argp-standalone
 PKG_MAINTAINER:=Zoltan HERPAI <wigyori@uid0.hu>
 PKG_LICENSE:=GPL-2.0
 
+PKG_FLAGS:=nonshared
+
 PKG_INSTALL:=1
 
 include $(INCLUDE_DIR)/package.mk

package/system/openwrt-keyring/Makefile

@@ -3,7 +3,7 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=openwrt-keyring
-PKG_RELEASE:=1
+PKG_RELEASE:=2
 
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL=$(PROJECT_GIT)/keyring.git
@@ -32,7 +32,8 @@ Build/Compile=
 
 define Package/openwrt-keyring/install
 	$(INSTALL_DIR) $(1)/etc/opkg/keys/
-	$(INSTALL_DATA) $(PKG_BUILD_DIR)/usign/* $(1)/etc/opkg/keys/
+	# Public usign key for 21.02 release builds
+	$(INSTALL_DATA) $(PKG_BUILD_DIR)/usign/2f8b0b98e08306bf $(1)/etc/opkg/keys/
 endef
 
 $(eval $(call BuildPackage,openwrt-keyring))

package/system/procd/Makefile

@@ -12,9 +12,9 @@ PKG_RELEASE:=$(AUTORELEASE)
 
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL=$(PROJECT_GIT)/project/procd.git
-PKG_SOURCE_DATE:=2021-02-08
-PKG_SOURCE_VERSION:=08938fe1cbc06eeaafa39448057368391d165272
-PKG_MIRROR_HASH:=efc3deac56057e929789d44742858b2a16d976f6bfa0a2036e413d10afcaeee4
+PKG_SOURCE_DATE:=2021-02-23
+PKG_SOURCE_VERSION:=37eed131e9967a35f47bacb3437a9d3c8a57b3f4
+PKG_MIRROR_HASH:=2b0131ff9055ccf987cbeb5f36c2c2585dc780999df6be312fbbbcd61ce676d4
 CMAKE_INSTALL:=1
 
 PKG_LICENSE:=GPL-2.0

package/system/ubox/Makefile

@@ -1,7 +1,7 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=ubox
-PKG_RELEASE:=1
+PKG_RELEASE:=2
 
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL=$(PROJECT_GIT)/project/ubox.git

package/system/ubox/files/log.init

@@ -15,7 +15,7 @@ validate_log_section()
 		'log_file:string' \
 		'log_size:uinteger' \
 		'log_hostname:string' \
-		'log_ip:ipaddr' \
+		'log_ip:host' \
 		'log_remote:bool:1' \
 		'log_port:port:514' \
 		'log_proto:or("tcp", "udp"):udp' \

package/utils/bcm4908img/Makefile

@@ -5,6 +5,8 @@ include $(TOPDIR)/rules.mk
 PKG_NAME:=bcm4908img
 PKG_RELEASE:=1
 
+PKG_FLAGS:=nonshared
+
 PKG_BUILD_DEPENDS := bcm4908img/host
 
 include $(INCLUDE_DIR)/package.mk

package/utils/busybox/Config-defaults.in

@@ -2192,7 +2192,7 @@ config BUSYBOX_DEFAULT_FEATURE_UNIX_LOCAL
 	default n
 config BUSYBOX_DEFAULT_FEATURE_PREFER_IPV4_ADDRESS
 	bool
-	default y
+	default n
 config BUSYBOX_DEFAULT_VERBOSE_RESOLUTION_ERRORS
 	bool
 	default y

package/utils/busybox/Makefile

@@ -1,21 +1,18 @@
+# SPDX-License-Identifier: GPL-2.0-or-later
 #
-# Copyright (C) 2006-2020 OpenWrt.org
-#
-# This is free software, licensed under the GNU General Public License v2.
-# See /LICENSE for more information.
-#
+# Copyright (C) 2006-2021 OpenWrt.org
 
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=busybox
-PKG_VERSION:=1.33.0
-PKG_RELEASE:=2
+PKG_VERSION:=1.33.1
+PKG_RELEASE:=$(AUTORELEASE)
 PKG_FLAGS:=essential
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
 PKG_SOURCE_URL:=https://www.busybox.net/downloads \
 		http://sources.buildroot.net
-PKG_HASH:=d568681c91a85edc6710770cebc1e80e042ad74d305b5c2e6d57a5f3de3b8fbd
+PKG_HASH:=12cec6bd2b16d8a9446dd16130f2b92982f1819f6e1c5f5887b6db03f5660d28
 
 PKG_BUILD_DEPENDS:=BUSYBOX_CONFIG_PAM:libpam
 PKG_BUILD_PARALLEL:=1
@@ -84,10 +81,6 @@ endef
 Package/busybox-selinux/conffiles = $(Package/busybox/conffiles)
 endif
 
-# don't create a version string containing the actual timestamp
-export KCONFIG_NOTIMESTAMP=1
-
-
 ifndef CONFIG_USE_MUSL
 LDLIBS:=m crypt
 endif

package/utils/busybox/patches/001-backport1330fix-ash-make-strdup-copy.patch

@@ -1,40 +0,0 @@
-From 67cc582d4289c5de521d11b08307c8ab26ee1e28 Mon Sep 17 00:00:00 2001
-From: Denys Vlasenko <vda.linux@googlemail.com>
-Date: Sun, 3 Jan 2021 10:55:39 +0100
-Subject: ash: make a strdup copy of $HISTFILE for line editing
-
-Otherwise if $HISTFILE is unset or reassigned, bad things can happen.
-
-function                                             old     new   delta
-ash_main                                            1210    1218      +8
-
-Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
----
- shell/ash.c | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/shell/ash.c b/shell/ash.c
-index f16d7fb6a..ecbfbf091 100644
---- a/shell/ash.c
-+++ b/shell/ash.c
-@@ -14499,7 +14499,7 @@ int ash_main(int argc UNUSED_PARAM, char **argv)
- 
- 	if (sflag || minusc == NULL) {
- #if MAX_HISTORY > 0 && ENABLE_FEATURE_EDITING_SAVEHISTORY
--		if (iflag) {
-+		if (line_input_state) {
- 			const char *hp = lookupvar("HISTFILE");
- 			if (!hp) {
- 				hp = lookupvar("HOME");
-@@ -14513,7 +14513,7 @@ int ash_main(int argc UNUSED_PARAM, char **argv)
- 				}
- 			}
- 			if (hp)
--				line_input_state->hist_file = hp;
-+				line_input_state->hist_file = xstrdup(hp);
- # if ENABLE_FEATURE_SH_HISTFILESIZE
- 			hp = lookupvar("HISTFILESIZE");
- 			line_input_state->max_history = size_from_HISTFILESIZE(hp);
--- 
-cgit v1.2.1
-

package/utils/busybox/patches/002-backport1330fix-traceroute.patch

@@ -1,26 +0,0 @@
-From 89358a7131d3e75c74af834bb117b4fad7914983 Mon Sep 17 00:00:00 2001
-From: Denys Vlasenko <vda.linux@googlemail.com>
-Date: Tue, 2 Feb 2021 13:48:21 +0100
-Subject: traceroute: fix option parsing
-
-Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
----
- networking/traceroute.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/networking/traceroute.c b/networking/traceroute.c
-index 3f1a9ab46..29f5e480b 100644
---- a/networking/traceroute.c
-+++ b/networking/traceroute.c
-@@ -896,7 +896,7 @@ traceroute_init(int op, char **argv)
- 
- 	op |= getopt32(argv, "^"
- 		OPT_STRING
--		"\0" "-1:x-x" /* minimum 1 arg */
-+		"\0" "-1" /* minimum 1 arg */
- 		, &tos_str, &device, &max_ttl_str, &port_str, &nprobes_str
- 		, &source, &waittime_str, &pausemsecs_str, &first_ttl_str
- 	);
--- 
-cgit v1.2.1
-

package/utils/busybox/patches/010-fix-wrong-variable.patch

@@ -1,11 +0,0 @@
---- a/libbb/update_passwd.c
-+++ b/libbb/update_passwd.c
-@@ -48,7 +48,7 @@ static void check_selinux_update_passwd(
- 			bb_simple_error_msg_and_die("SELinux: access denied");
- 	}
- 	if (ENABLE_FEATURE_CLEAN_UP)
--		freecon(context);
-+		freecon(seuser);
- }
- #else
- # define check_selinux_update_passwd(username) ((void)0)

package/utils/busybox/patches/230-add_nslookup_lede.patch

@@ -34,7 +34,7 @@ Signed-off-by: Jo-Philipp Wich <jo@mein.io>
  # However, on *other platforms* it fails when some of those flags
 --- /dev/null
 +++ b/networking/nslookup_lede.c
-@@ -0,0 +1,914 @@
+@@ -0,0 +1,934 @@
 +/*
 + * nslookup_lede - musl compatible replacement for busybox nslookup
 + *
@@ -128,6 +128,7 @@ Signed-off-by: Jo-Philipp Wich <jo@mein.io>
 +	{ ns_t_cname, "CNAME" },
 +	{ ns_t_mx,    "MX"    },
 +	{ ns_t_txt,   "TXT"   },
++	{ ns_t_srv,   "SRV"   },
 +	{ ns_t_ptr,   "PTR"   },
 +	{ ns_t_any,   "ANY"   },
 +	{ }
@@ -259,6 +260,25 @@ Signed-off-by: Jo-Philipp Wich <jo@mein.io>
 +			}
 +			break;
 +
++		case ns_t_srv:
++			if (rdlen < 6) {
++				//printf("SRV record too short\n");
++				return -1;
++			}
++
++			cp = ns_rr_rdata(rr);
++			n = ns_name_uncompress(ns_msg_base(handle), ns_msg_end(handle),
++			                       cp + 6, dname, sizeof(dname));
++
++			if (n < 0) {
++				//printf("Unable to uncompress domain: %s\n", strerror(errno));
++				return -1;
++			}
++
++			printf("%s\tservice = %hu %hu %hu %s\n", ns_rr_name(rr),
++				ns_get16(cp), ns_get16(cp + 2), ns_get16(cp + 4), dname);
++			break;
++
 +		case ns_t_soa:
 +			if (rdlen < 20) {
 +				//fprintf(stderr, "SOA record too short\n");

package/utils/busybox/patches/530-use-SOURCE_DATE_EPOCH-for-timestamp-if-available.patch

@@ -0,0 +1,80 @@
+From 59f773ee81a8945321f4aa20abc5e9577e6483e4 Mon Sep 17 00:00:00 2001
+From: Paul Spooren <mail@aparcar.org>
+Date: Thu, 13 May 2021 11:25:34 +0200
+Subject: [PATCH] use SOURCE_DATE_EPOCH for timestamp if available
+
+The SOURCE_DATE_EPOCH is an effort of the Reproducible Builds
+organization to make timestamps/build dates in compiled tools
+deterministic over several repetitive builds.
+
+Busybox shows by default the build date timestamp which changes whenever
+compiled. To have a reasonable accurate build date while staying
+reproducible, it's possible to use the *date of last source
+modification* rather than the current time and date.
+
+Further information on SOURCE_DATE_EPOCH are available online [1].
+
+This patch modifies `confdata.c` so that the content of the
+SOURCE_DATE_EPOCH env variable is used as timestamp.
+
+To be independent of different timezones between builds, whenever
+SOURCE_DATE_EPOCH is defined the GMT time is used.
+
+[1]: https://reproducible-builds.org/docs/source-date-epoch/
+
+Signed-off-by: Paul Spooren <mail@aparcar.org>
+---
+ scripts/kconfig/confdata.c | 17 ++++++++++++++---
+ 1 file changed, 14 insertions(+), 3 deletions(-)
+
+diff --git a/scripts/kconfig/confdata.c b/scripts/kconfig/confdata.c
+index b05b96e45..73c25e3a8 100644
+--- a/scripts/kconfig/confdata.c
++++ b/scripts/kconfig/confdata.c
+@@ -342,6 +342,8 @@ int conf_write(const char *name)
+ 	time_t now;
+ 	int use_timestamp = 1;
+ 	char *env;
++	char *source_date_epoch;
++	struct tm *build_time;
+ 
+ 	dirname[0] = 0;
+ 	if (name && name[0]) {
+@@ -378,7 +380,16 @@ int conf_write(const char *name)
+ 	}
+ 	sym = sym_lookup("KERNELVERSION", 0);
+ 	sym_calc_value(sym);
+-	time(&now);
++
++	source_date_epoch = getenv("SOURCE_DATE_EPOCH");
++	if (source_date_epoch && *source_date_epoch) {
++		now = strtoull(source_date_epoch, NULL, 10);
++		build_time = gmtime(&now);
++	} else {
++		time(&now);
++		build_time = localtime(&now);
++	}
++
+ 	env = getenv("KCONFIG_NOTIMESTAMP");
+ 	if (env && *env)
+ 		use_timestamp = 0;
+@@ -398,14 +409,14 @@ int conf_write(const char *name)
+ 		if (use_timestamp) {
+ 			size_t ret = \
+ 				strftime(buf, sizeof(buf), "#define AUTOCONF_TIMESTAMP "
+-					"\"%Y-%m-%d %H:%M:%S %Z\"\n", localtime(&now));
++					"\"%Y-%m-%d %H:%M:%S %Z\"\n", build_time);
+ 			/* if user has Factory timezone or some other odd install, the
+ 			 * %Z above will overflow the string leaving us with undefined
+ 			 * results ... so let's try again without the timezone.
+ 			 */
+ 			if (ret == 0)
+ 				strftime(buf, sizeof(buf), "#define AUTOCONF_TIMESTAMP "
+-					"\"%Y-%m-%d %H:%M:%S\"\n", localtime(&now));
++					"\"%Y-%m-%d %H:%M:%S\"\n", build_time);
+ 		} else { /* bbox */
+ 			strcpy(buf, "#define AUTOCONF_TIMESTAMP \"\"\n");
+ 		}
+-- 
+2.30.2
+

target/imagebuilder/Makefile

@@ -29,6 +29,8 @@ $(BIN_DIR)/$(IB_NAME).tar.xz: clean
 	mkdir -p $(IB_KDIR) $(IB_LDIR) $(PKG_BUILD_DIR)/staging_dir/host/lib \
 		$(PKG_BUILD_DIR)/target $(PKG_BUILD_DIR)/scripts $(IB_DTSDIR)
 	-cp $(TOPDIR)/.config $(PKG_BUILD_DIR)/.config
+	$(SED) 's/^CONFIG_BINARY_FOLDER=.*/# CONFIG_BINARY_FOLDER is not set/' $(PKG_BUILD_DIR)/.config
+	$(SED) 's/^CONFIG_DOWNLOAD_FOLDER=.*/# CONFIG_DOWNLOAD_FOLDER is not set/' $(PKG_BUILD_DIR)/.config
 	$(CP) -L \
 		$(INCLUDE_DIR) $(SCRIPT_DIR) \
 		$(TOPDIR)/rules.mk \

target/linux/apm821xx/patches-5.4/802-usb-xhci-force-msi-renesas-xhci.patch

@@ -23,7 +23,7 @@ produce a noisy warning.
  		xhci->quirks |= XHCI_RESET_ON_RESUME;
 --- a/drivers/usb/host/xhci.c
 +++ b/drivers/usb/host/xhci.c
-@@ -423,10 +423,14 @@ static int xhci_try_enable_msi(struct us
+@@ -427,10 +427,14 @@ static int xhci_try_enable_msi(struct us
  		free_irq(hcd->irq, hcd);
  	hcd->irq = 0;
  

target/linux/arc770/image/Makefile

@@ -24,6 +24,8 @@ endef
 
 define Device/nsim
 	$(call Device/vmlinux)
+	DEVICE_VENDOR := Synopsys
+	DEVICE_MODEL := nSIM
 	DEVICE_PROFILE := nsim
 	DEVICE_DTS := nsim_700
 endef

target/linux/archs38/image/Makefile

@@ -24,6 +24,8 @@ endef
 
 define Device/nsim_hs
 	$(call Device/vmlinux)
+	DEVICE_VENDOR := Synopsys
+	DEVICE_MODEL := nSIM HS
 	DEVICE_PROFILE := nsim_hs
 	DEVICE_DTS := nsim_hs_idu
 endef

target/linux/ath25/patches-5.4/107-ar5312_gpio.patch

@@ -202,7 +202,7 @@
 +subsys_initcall(ar5312_gpio_init);
 --- a/arch/mips/Kconfig
 +++ b/arch/mips/Kconfig
-@@ -189,6 +189,7 @@ config ATH25
+@@ -190,6 +190,7 @@ config ATH25
  	select CEVT_R4K
  	select CSRC_R4K
  	select DMA_NONCOHERENT