OpenWrt v21.02.0: adjust config defaults

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>

README.md

@@ -57,8 +57,8 @@ packages to OpenWrt, please find the fitting repository below.
 * [OpenWrt Packages](https://github.com/openwrt/packages): Community repository
   of ported packages.
 
-* [OpenWrt Routing](https://github.com/openwrt-routing/packages): Packages
-  specifically focused on (mesh) routing.
+* [OpenWrt Routing](https://github.com/openwrt/routing): Packages specifically
+  focused on (mesh) routing.
 
 ## Support Information
 
@@ -74,13 +74,13 @@ For a list of supported devices see the [OpenWrt Hardware Database](https://open
 ### Support Community
 
 * [Forum](https://forum.openwrt.org): For usage, projects, discussions and hardware advise.
-* [Support Chat](https://webchat.freenode.net/#openwrt): Channel `#openwrt` on freenode.net.
+* [Support Chat](https://webchat.oftc.net/#openwrt): Channel `#openwrt` on **oftc.net**.
 
 ### Developer Community
 
 * [Bug Reports](https://bugs.openwrt.org): Report bugs in OpenWrt
 * [Dev Mailing List](https://lists.openwrt.org/mailman/listinfo/openwrt-devel): Send patches
-* [Dev Chat](https://webchat.freenode.net/#openwrt-devel): Channel `#openwrt-devel` on freenode.net.
+* [Dev Chat](https://webchat.oftc.net/#openwrt-devel): Channel `#openwrt-devel` on **oftc.net**.
 
 ## License
 

feeds.conf.default

@@ -1,4 +1,4 @@
-src-git packages https://git.openwrt.org/feed/packages.git^920c4f29c55d26d8d602c1357ffd6b23a0df5914
-src-git luci https://git.openwrt.org/project/luci.git^09329fe7bb6571032570b21541c1991a3443cc07
-src-git routing https://git.openwrt.org/feed/routing.git^57533a25e84932a7e50b8483843c840f0924bc0c
-src-git telephony https://git.openwrt.org/feed/telephony.git^04e1378baf2b720395d284f661240e6f7f9cab35
+src-git packages https://git.openwrt.org/feed/packages.git^65057dcbb5de371503c9159de3d45824bec482e0
+src-git luci https://git.openwrt.org/project/luci.git^3b3c2e5f9f82372df8ff01ac65668be47690dcd5
+src-git routing https://git.openwrt.org/feed/routing.git^c30c9ffc93702365439a7647244a052531f2e957
+src-git telephony https://git.openwrt.org/feed/telephony.git^7f73a9ad19269dcddcb7fc26e03a9823717587bb

include/feeds.mk

@@ -43,5 +43,11 @@ endef
 
 # 1: package name
 define GetABISuffix
-$(if $(filter-out kmod-%,$(1)),$(if $(ABIV_$(1)),$(ABIV_$(1)),$(foreach v,$(wildcard $(STAGING_DIR)/pkginfo/$(1).version),$(shell cat $(v)))))
+$(if $(ABIV_$(1)),$(ABIV_$(1)),$(call FormatABISuffix,$(1),$(foreach v,$(wildcard $(STAGING_DIR)/pkginfo/$(1).version),$(shell cat $(v)))))
+endef
+
+# 1: package name
+# 2: abi version
+define FormatABISuffix
+$(if $(filter-out kmod-%,$(1)),$(if $(2),$(if $(filter %0 %1 %2 %3 %4 %5 %6 %7 %8 %9,$(1)),-)$(2)))
 endef

include/image-commands.mk

@@ -240,8 +240,11 @@ define Build/jffs2
 endef
 
 define Build/kernel2minor
-	kernel2minor -k $@ -r $@.new $(1)
-	mv $@.new $@
+	$(eval temp_file := $(shell mktemp))
+	cp $@ $(temp_file)
+	kernel2minor -k $(temp_file) -r $(temp_file).new $(1)
+	mv $(temp_file).new $@
+	rm -f $(temp_file)
 endef
 
 define Build/kernel-bin

include/image.mk

@@ -419,7 +419,7 @@ DEFAULT_DEVICE_VARS := \
   DEVICE_DTS_CONFIG DEVICE_DTS_DIR DEVICE_FDT_NUM SOC BOARD_NAME \
   UIMAGE_MAGIC UIMAGE_NAME \
   SUPPORTED_DEVICES IMAGE_METADATA KERNEL_ENTRY KERNEL_LOADADDR \
-  UBOOT_PATH IMAGE_SIZE \
+  IMAGE_PREFIX DEVICE_PACKAGES UBOOT_PATH IMAGE_SIZE \
   DEVICE_COMPAT_VERSION DEVICE_COMPAT_MESSAGE \
   DEVICE_VENDOR DEVICE_MODEL DEVICE_VARIANT \
   DEVICE_ALT0_VENDOR DEVICE_ALT0_MODEL DEVICE_ALT0_VARIANT \

include/kernel-version.mk

@@ -6,9 +6,9 @@ ifdef CONFIG_TESTING_KERNEL
   KERNEL_PATCHVER:=$(KERNEL_TESTING_PATCHVER)
 endif
 
-LINUX_VERSION-5.4 = .119
+LINUX_VERSION-5.4 = .143
 
-LINUX_KERNEL_HASH-5.4.119 = 71e7decf1e8149a8aed88d30df4f2a62a6c6b168111de6b261685ac7c0ecb2a0
+LINUX_KERNEL_HASH-5.4.143 = 0953650b05a5f806d76c5691583e94e141f4f691bc0ba75a60b643740f021d24
 
 remove_uri_prefix=$(subst git://,,$(subst http://,,$(subst https://,,$(1))))
 sanitize_uri=$(call qstrip,$(subst @,_,$(subst :,_,$(subst .,_,$(subst -,_,$(subst /,_,$(1)))))))

include/package-ipkg.mk

@@ -99,7 +99,7 @@ _endef=endef
 
 ifeq ($(DUMP),)
   define BuildTarget/ipkg
-    ABIV_$(1):=$(if $(filter-out kmod-%,$(1)),$(ABI_VERSION))
+    ABIV_$(1):=$(call FormatABISuffix,$(1),$(ABI_VERSION))
     PDIR_$(1):=$(call FeedPackageDir,$(1))
     IPKG_$(1):=$$(PDIR_$(1))/$(1)$$(ABIV_$(1))_$(VERSION)_$(PKGARCH).ipk
     IDIR_$(1):=$(PKG_BUILD_DIR)/ipkg-$(PKGARCH)/$(1)

include/prereq-build.mk

@@ -168,6 +168,10 @@ $(eval $(call SetupHostCommand,python3,Please install Python >= 3.5, \
 	python3.5 -V 2>&1 | grep 'Python 3', \
 	python3 -V 2>&1 | grep -E 'Python 3\.[5-9]\.?'))
 
+$(eval $(call TestHostCommand,python3-distutils, \
+	Please install the Python3 distutils module, \
+	$(STAGING_DIR_HOST)/bin/python3 -c 'import distutils'))
+
 $(eval $(call SetupHostCommand,git,Please install Git (git-core) >= 1.7.12.2, \
 	git --exec-path | xargs -I % -- grep -q -- --recursive %/git-submodule))
 

include/version.mk

@@ -23,13 +23,13 @@ PKG_CONFIG_DEPENDS += \
 sanitize = $(call tolower,$(subst _,-,$(subst $(space),-,$(1))))
 
 VERSION_NUMBER:=$(call qstrip,$(CONFIG_VERSION_NUMBER))
-VERSION_NUMBER:=$(if $(VERSION_NUMBER),$(VERSION_NUMBER),21.02.0-rc2)
+VERSION_NUMBER:=$(if $(VERSION_NUMBER),$(VERSION_NUMBER),21.02.0)
 
 VERSION_CODE:=$(call qstrip,$(CONFIG_VERSION_CODE))
-VERSION_CODE:=$(if $(VERSION_CODE),$(VERSION_CODE),r16122-c2139eef27)
+VERSION_CODE:=$(if $(VERSION_CODE),$(VERSION_CODE),r16279-5cc0535800)
 
 VERSION_REPO:=$(call qstrip,$(CONFIG_VERSION_REPO))
-VERSION_REPO:=$(if $(VERSION_REPO),$(VERSION_REPO),https://downloads.openwrt.org/releases/21.02.0-rc2)
+VERSION_REPO:=$(if $(VERSION_REPO),$(VERSION_REPO),https://downloads.openwrt.org/releases/21.02.0)
 
 VERSION_DIST:=$(call qstrip,$(CONFIG_VERSION_DIST))
 VERSION_DIST:=$(if $(VERSION_DIST),$(VERSION_DIST),OpenWrt)

package/base-files/files/bin/config_generate

@@ -114,9 +114,17 @@ generate_network() {
 			add network device
 			set network.@device[-1].name='br-$1'
 			set network.@device[-1].type='bridge'
-			set network.@device[-1].macaddr='$macaddr'
 		EOF
 		for port in $ports; do uci add_list network.@device[-1].ports="$port"; done
+		[ -n "$macaddr" ] && {
+			for port in $ports; do
+				uci -q batch <<-EOF
+					add network device
+					set network.@device[-1].name='$port'
+					set network.@device[-1].macaddr='$macaddr'
+				EOF
+			done
+		}
 		device=br-$1
 		type=
 		macaddr=""

package/base-files/files/etc/init.d/system

@@ -4,8 +4,7 @@
 START=10
 USE_PROCD=1
 
-validate_system_section()
-{
+validate_system_section() {
 	uci_load_validate system system "$1" "$2" \
 		'hostname:string:OpenWrt' \
 		'conloglevel:uinteger' \
@@ -23,8 +22,9 @@ system_config() {
 	echo "$hostname" > /proc/sys/kernel/hostname
 	[ -z "$conloglevel" -a -z "$buffersize" ] || dmesg ${conloglevel:+-n $conloglevel} ${buffersize:+-s $buffersize}
 	echo "$timezone" > /tmp/TZ
-	[ -n "$zonename" ] && [ -f "/usr/share/zoneinfo/$zonename" ] && \
-		ln -sf "/usr/share/zoneinfo/$zonename" /tmp/localtime && rm -f /tmp/TZ
+	[ -n "$zonename" ] && [ -f "/usr/share/zoneinfo/${zonename// /_}" ] \
+		&& ln -sf "/usr/share/zoneinfo/${zonename// /_}" /tmp/localtime \
+		&& rm -f /tmp/TZ
 
 	# apply timezone to kernel
 	hwclock -u --systz
@@ -35,8 +35,7 @@ reload_service() {
 	config_foreach validate_system_section system system_config
 }
 
-service_triggers()
-{
+service_triggers() {
 	procd_add_reload_trigger "system"
 	procd_add_validation validate_system_section
 }

package/base-files/files/lib/preinit/10_indicate_preinit

@@ -72,14 +72,20 @@ preinit_config_board() {
 
 	json_select network
 		json_select "lan"
-			json_get_vars ifname
+			json_get_vars device
+			json_get_values ports ports
 		json_select ..
 	json_select ..
 
-	[ -n "$ifname" ] || return
+	[ -n "$device" -o -n "$ports" ] || return
+
+	# swconfig uses $device and DSA uses ports
+	[ -z "$ports" ] && {
+		ports="$device"
+	}
 
 	# only use the first one
-	ifname=${ifname%% *}
+	ifname=${ports%% *}
 
 	if [ -x /sbin/swconfig ]; then
 		# configure the switch, if present
@@ -91,6 +97,8 @@ preinit_config_board() {
 	else
 		# trim any vlan ids
 		ifname=${ifname%\.*}
+		# trim any vlan modifiers like :t
+		ifname=${ifname%\:*}
 	fi
 
 	pi_ifname=$ifname

package/base-files/files/sbin/wifi

@@ -130,10 +130,12 @@ wifi_updown() {
 		ubus_wifi_cmd "$cmd" "$2"
 		scan_wifi
 		cmd=up
+		ubus call network reload
 	}
 	[ reconf = "$1" ] && {
 		scan_wifi
 		cmd=reconf
+		ubus call network reload
 	}
 	ubus_wifi_cmd "$cmd" "$2"
 	_wifi_updown "$@"
@@ -246,7 +248,7 @@ case "$1" in
 	reload) wifi_reload "$2";;
 	reload_legacy) wifi_reload_legacy "$2";;
 	--help|help) usage;;
-	reconf) ubus call network reload; wifi_updown "reconf" "$2";;
-	''|up) ubus call network reload; wifi_updown "enable" "$2";;
+	reconf) wifi_updown "reconf" "$2";;
+	''|up) wifi_updown "enable" "$2";;
 	*) usage; exit 1;;
 esac

package/base-files/image-config.in

@@ -183,7 +183,7 @@ if VERSIONOPT
 	config VERSION_REPO
 		string
 		prompt "Release repository"
-		default "https://downloads.openwrt.org/releases/21.02.0-rc2"
+		default "https://downloads.openwrt.org/releases/21.02.0"
 		help
 			This is the repository address embedded in the image, it defaults
 			to the trunk snapshot repo; the url may contain the following placeholders:

package/boot/uboot-at91/patches/001-fix-Wformat-security.patch

@@ -1,8 +1,6 @@
-diff --git a/cmd/version.c b/cmd/version.c
-index b2fffe99..bcbbeb18 100644
 --- a/cmd/version.c
 +++ b/cmd/version.c
-@@ -18,7 +18,7 @@ static int do_version(cmd_tbl_t *cmdtp, int flag, int argc, char * const argv[])
+@@ -18,7 +18,7 @@ static int do_version(cmd_tbl_t *cmdtp,
  {
  	char buf[DISPLAY_OPTIONS_BANNER_LENGTH];
  
@@ -11,11 +9,9 @@ index b2fffe99..bcbbeb18 100644
  #ifdef CC_VERSION_STRING
  	puts(CC_VERSION_STRING "\n");
  #endif
-diff --git a/drivers/pinctrl/pinctrl-uclass.c b/drivers/pinctrl/pinctrl-uclass.c
-index 3425ed11..8c2e1d5c 100644
 --- a/drivers/pinctrl/pinctrl-uclass.c
 +++ b/drivers/pinctrl/pinctrl-uclass.c
-@@ -368,7 +368,7 @@ int pinctrl_get_pin_name(struct udevice *dev, int selector, char *buf,
+@@ -368,7 +368,7 @@ int pinctrl_get_pin_name(struct udevice
  	if (!ops->get_pin_name)
  		return -ENOSYS;
  
@@ -24,11 +20,9 @@ index 3425ed11..8c2e1d5c 100644
  
  	return 0;
  }
-diff --git a/lib/efi_loader/efi_variable.c b/lib/efi_loader/efi_variable.c
-index c316bdfe..5fe8129c 100644
 --- a/lib/efi_loader/efi_variable.c
 +++ b/lib/efi_loader/efi_variable.c
-@@ -522,7 +522,7 @@ efi_status_t EFIAPI efi_set_variable(u16 *variable_name,
+@@ -522,7 +522,7 @@ efi_status_t EFIAPI efi_set_variable(u16
  
  	if (old_size)
  		/* APPEND_WRITE */

package/boot/uboot-at91/patches/010-fix_dtc_compilation_on_host_gcc10.patch

@@ -0,0 +1,46 @@
+From e33a814e772cdc36436c8c188d8c42d019fda639 Mon Sep 17 00:00:00 2001
+From: Dirk Mueller <dmueller@suse.com>
+Date: Tue, 14 Jan 2020 18:53:41 +0100
+Subject: [PATCH] scripts/dtc: Remove redundant YYLOC global declaration
+
+gcc 10 will default to -fno-common, which causes this error at link
+time:
+
+  (.text+0x0): multiple definition of `yylloc'; dtc-lexer.lex.o (symbol from plugin):(.text+0x0): first defined here
+
+This is because both dtc-lexer as well as dtc-parser define the same
+global symbol yyloc. Before with -fcommon those were merged into one
+defintion. The proper solution would be to to mark this as "extern",
+however that leads to:
+
+  dtc-lexer.l:26:16: error: redundant redeclaration of 'yylloc' [-Werror=redundant-decls]
+   26 | extern YYLTYPE yylloc;
+      |                ^~~~~~
+In file included from dtc-lexer.l:24:
+dtc-parser.tab.h:127:16: note: previous declaration of 'yylloc' was here
+  127 | extern YYLTYPE yylloc;
+      |                ^~~~~~
+cc1: all warnings being treated as errors
+
+which means the declaration is completely redundant and can just be
+dropped.
+
+Signed-off-by: Dirk Mueller <dmueller@suse.com>
+Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
+[robh: cherry-pick from upstream]
+Cc: stable@vger.kernel.org
+Signed-off-by: Rob Herring <robh@kernel.org>
+---
+ scripts/dtc/dtc-lexer.l | 1 -
+ 1 file changed, 1 deletion(-)
+
+--- a/scripts/dtc/dtc-lexer.l
++++ b/scripts/dtc/dtc-lexer.l
+@@ -38,7 +38,6 @@ LINECOMMENT	"//".*\n
+ #include "srcpos.h"
+ #include "dtc-parser.tab.h"
+ 
+-YYLTYPE yylloc;
+ extern bool treesource_error;
+ 
+ /* CAUTION: this will stop working if we ever use yyless() or yyunput() */

package/boot/uboot-envtools/files/ramips

@@ -26,6 +26,10 @@ allnet,all0256n-8m|\
 allnet,all5002)
 	ubootenv_add_uci_config "/dev/mtd1" "0x0" "0x10000" "0x10000"
 	;;
+ampedwireless,ally-00x19k|\
+ampedwireless,ally-r1900k)
+	ubootenv_add_uci_config "/dev/mtd1" "0x0" "0x1000" "0x20000" "4"
+	;;
 buffalo,wsr-1166dhp|\
 buffalo,wsr-600dhp|\
 mediatek,linkit-smart-7688|\
@@ -34,7 +38,8 @@ xiaomi,mi-router-3g-v2|\
 xiaomi,mi-router-4a-gigabit|\
 xiaomi,mi-router-4c|\
 xiaomi,miwifi-nano|\
-zbtlink,zbt-wg2626)
+zbtlink,zbt-wg2626|\
+zte,mf283plus)
 	ubootenv_add_uci_config "/dev/mtd1" "0x0" "0x1000" "0x10000"
 	;;
 hootoo,ht-tm05|\
@@ -43,9 +48,13 @@ ravpower,rp-wd03)
 	[ -n "$idx" ] && \
 		ubootenv_add_uci_config "/dev/mtd$idx" "0x4000" "0x1000" "0x1000"
 	;;
+jcg,q20)
+	ubootenv_add_uci_config "/dev/mtd1" "0x0" "0x20000" "0x20000"
+	;;
 linksys,ea7300-v1|\
 linksys,ea7300-v2|\
 linksys,ea7500-v2|\
+linksys,ea8100-v1|\
 xiaomi,mi-router-3g|\
 xiaomi,mi-router-3-pro|\
 xiaomi,mi-router-4|\
@@ -53,6 +62,11 @@ xiaomi,mi-router-ac2100|\
 xiaomi,redmi-router-ac2100)
 	ubootenv_add_uci_config "/dev/mtd1" "0x0" "0x1000" "0x20000"
 	;;
+zyxel,nr7101)
+	idx="$(find_mtd_index Config)"
+	[ -n "$idx" ] && \
+		ubootenv_add_uci_config "/dev/mtd$idx" "0x0" "0x1000" "0x80000"
+	;;
 esac
 
 config_load ubootenv

package/boot/uboot-layerscape/patches/010-fix_dtc_compilation_on_host_gcc10.patch

@@ -0,0 +1,46 @@
+From e33a814e772cdc36436c8c188d8c42d019fda639 Mon Sep 17 00:00:00 2001
+From: Dirk Mueller <dmueller@suse.com>
+Date: Tue, 14 Jan 2020 18:53:41 +0100
+Subject: [PATCH] scripts/dtc: Remove redundant YYLOC global declaration
+
+gcc 10 will default to -fno-common, which causes this error at link
+time:
+
+  (.text+0x0): multiple definition of `yylloc'; dtc-lexer.lex.o (symbol from plugin):(.text+0x0): first defined here
+
+This is because both dtc-lexer as well as dtc-parser define the same
+global symbol yyloc. Before with -fcommon those were merged into one
+defintion. The proper solution would be to to mark this as "extern",
+however that leads to:
+
+  dtc-lexer.l:26:16: error: redundant redeclaration of 'yylloc' [-Werror=redundant-decls]
+   26 | extern YYLTYPE yylloc;
+      |                ^~~~~~
+In file included from dtc-lexer.l:24:
+dtc-parser.tab.h:127:16: note: previous declaration of 'yylloc' was here
+  127 | extern YYLTYPE yylloc;
+      |                ^~~~~~
+cc1: all warnings being treated as errors
+
+which means the declaration is completely redundant and can just be
+dropped.
+
+Signed-off-by: Dirk Mueller <dmueller@suse.com>
+Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
+[robh: cherry-pick from upstream]
+Cc: stable@vger.kernel.org
+Signed-off-by: Rob Herring <robh@kernel.org>
+---
+ scripts/dtc/dtc-lexer.l | 1 -
+ 1 file changed, 1 deletion(-)
+
+--- a/scripts/dtc/dtc-lexer.l
++++ b/scripts/dtc/dtc-lexer.l
+@@ -38,7 +38,6 @@ LINECOMMENT	"//".*\n
+ #include "srcpos.h"
+ #include "dtc-parser.tab.h"
+ 
+-YYLTYPE yylloc;
+ extern bool treesource_error;
+ 
+ /* CAUTION: this will stop working if we ever use yyless() or yyunput() */

package/firmware/wireless-regdb/Makefile

@@ -1,12 +1,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=wireless-regdb
-PKG_VERSION:=2020.11.20
+PKG_VERSION:=2021.04.21
 PKG_RELEASE:=1
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
 PKG_SOURCE_URL:=@KERNEL/software/network/wireless-regdb/
-PKG_HASH:=b4164490d82ff7b0086e812ac42ab27baf57be24324d4c0ee1c5dd6ba27f2a52
+PKG_HASH:=9e4c02b2a9710df4dbdb327c39612e8cbbae6495987afeddaebab28c1ea3d8fa
 
 PKG_MAINTAINER:=Felix Fietkau <nbd@nbd.name>
 

package/kernel/ath10k-ct/Makefile

@@ -1,16 +1,16 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=ath10k-ct
-PKG_RELEASE=2
+PKG_RELEASE:=$(AUTORELEASE)
 
 PKG_LICENSE:=GPLv2
 PKG_LICENSE_FILES:=
 
 PKG_SOURCE_URL:=https://github.com/greearb/ath10k-ct.git
 PKG_SOURCE_PROTO:=git
-PKG_SOURCE_DATE:=2021-01-11
-PKG_SOURCE_VERSION:=9fe1df7d4f783b6b0cd1c99d11979e5a6e6fc40b
-PKG_MIRROR_HASH:=4e30e256716611045e930b95eadaa8bfcadd5bdd8bbe3869cfe0f377920e812b
+PKG_SOURCE_DATE:=2021-06-03
+PKG_SOURCE_VERSION:=b44cd7b2e7b0df5995ece18f358d4dfc40834ba1
+PKG_MIRROR_HASH:=59f961ad425eb1a48fa9c391a325cc0f23845daec9d12673445d3077f9756cf0
 
 # Build the 5.10 ath10k-ct driver version.
 # Probably this should match as closely as

package/kernel/ath10k-ct/patches/164-ath10k-commit-rates-from-mac80211.patch

@@ -1,37 +0,0 @@
-From: Sven Eckelmann <sven@narfation.org>
-Date: Tue, 26 Feb 2019 08:06:35 +0100
-Subject: ath10k-ct: apply mac80211 rates to ath10k-ct rate state
-
-The rates from mac80211 have to be copied to the state of ath10k-ct or
-otherwise the ath10k_check_apply_special_rates function overwrites
-them again with some default values. This breaks for example the
-mcast_rate set for a wifi-iface.
-
-Signed-off-by: Sven Eckelmann <sven@narfation.org>
-
---- a/ath10k-5.10/mac.c
-+++ b/ath10k-5.10/mac.c
-@@ -6774,6 +6774,7 @@ static void ath10k_recalculate_mgmt_rate
- 		return;
- 	}
- 
-+	arvif->mgt_rate[def->chan->band] = hw_rate_code;
- 	vdev_param = ar->wmi.vdev_param->mgmt_rate;
- 	ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, vdev_param,
- 					hw_rate_code);
-@@ -7000,6 +7001,7 @@ static void ath10k_bss_info_changed(stru
- 			   "mac vdev %d mcast_rate %x\n",
- 			   arvif->vdev_id, rate);
- 
-+		arvif->mcast_rate[band] = rate;
- 		vdev_param = ar->wmi.vdev_param->mcast_data_rate;
- 		ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id,
- 						vdev_param, rate);
-@@ -7008,6 +7010,7 @@ static void ath10k_bss_info_changed(stru
- 				    "failed to set mcast rate on vdev %i: %d\n",
- 				    arvif->vdev_id,  ret);
- 
-+		arvif->bcast_rate[band] = rate;
- 		vdev_param = ar->wmi.vdev_param->bcast_data_rate;
- 		ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id,
- 						vdev_param, rate);

package/kernel/ath10k-ct/patches/201-ath10k-add-LED-and-GPIO-controlling-support-for-various-chipsets.patch

@@ -210,7 +210,7 @@ v13:
  
  #include "htt.h"
  #include "htc.h"
-@@ -1551,6 +1552,13 @@ struct ath10k {
+@@ -1557,6 +1558,13 @@ struct ath10k {
  	} testmode;
  
  	struct {
@@ -445,7 +445,7 @@ v13:
  {
 --- a/ath10k-5.10/wmi-tlv.c
 +++ b/ath10k-5.10/wmi-tlv.c
-@@ -4585,6 +4585,8 @@ static const struct wmi_ops wmi_tlv_ops
+@@ -4594,6 +4594,8 @@ static const struct wmi_ops wmi_tlv_ops
  	.gen_echo = ath10k_wmi_tlv_op_gen_echo,
  	.gen_vdev_spectral_conf = ath10k_wmi_tlv_op_gen_vdev_spectral_conf,
  	.gen_vdev_spectral_enable = ath10k_wmi_tlv_op_gen_vdev_spectral_enable,

package/kernel/ath10k-ct/patches/202-ath10k-use-tpt-trigger-by-default.patch

@@ -16,7 +16,7 @@ Signed-off-by: Mathias Kresin <dev@kresin.me>
 
 --- a/ath10k-5.10/core.h
 +++ b/ath10k-5.10/core.h
-@@ -1659,6 +1659,10 @@ struct ath10k {
+@@ -1665,6 +1665,10 @@ struct ath10k {
  	u8 csi_data[4096];
  	u16 csi_data_len;
  
@@ -42,7 +42,7 @@ Signed-off-by: Mathias Kresin <dev@kresin.me>
  	if (ret)
 --- a/ath10k-5.10/mac.c
 +++ b/ath10k-5.10/mac.c
-@@ -11400,7 +11400,7 @@ int ath10k_mac_register(struct ath10k *a
+@@ -11403,7 +11403,7 @@ int ath10k_mac_register(struct ath10k *a
  	ar->hw->weight_multiplier = ATH10K_AIRTIME_WEIGHT_MULTIPLIER;
  
  #ifdef CPTCFG_MAC80211_LEDS

package/kernel/exfat/Makefile

@@ -7,12 +7,12 @@ include $(TOPDIR)/rules.mk
 include $(INCLUDE_DIR)/kernel.mk
 
 PKG_NAME:=exfat
-PKG_VERSION:=5.10.1
-PKG_RELEASE:=1
+PKG_VERSION:=5.12.3
+PKG_RELEASE:=$(AUTORELEASE)
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=https://codeload.github.com/namjaejeon/linux-exfat-oot/tar.gz/$(PKG_VERSION)?
-PKG_HASH:=0ff77dd7d39eb231d00c3c4909b9fad31ebeeb618bd6fa18fce142becc9c1f98
+PKG_HASH:=43889c73af76c466bbc904aff80354a62ecaa24c7b20e354ff735f5949907982
 PKG_BUILD_DIR:=$(KERNEL_BUILD_DIR)/linux-exfat-oot-$(PKG_VERSION)
 
 PKG_MAINTAINER:=

package/kernel/linux/modules/netsupport.mk

@@ -721,7 +721,7 @@ $(eval $(call KernelPackage,mppe))
 
 
 SCHED_MODULES = $(patsubst $(LINUX_DIR)/net/sched/%.ko,%,$(wildcard $(LINUX_DIR)/net/sched/*.ko))
-SCHED_MODULES_CORE = sch_ingress sch_fq_codel sch_hfsc sch_htb sch_tbf cls_basic cls_fw cls_route cls_flow cls_tcindex cls_u32 em_u32 act_mirred act_skbedit cls_matchall
+SCHED_MODULES_CORE = sch_ingress sch_fq_codel sch_hfsc sch_htb sch_tbf cls_basic cls_fw cls_route cls_flow cls_tcindex cls_u32 em_u32 act_gact act_mirred act_skbedit cls_matchall
 SCHED_MODULES_FILTER = $(SCHED_MODULES_CORE) act_connmark act_ctinfo sch_cake sch_netem sch_mqprio em_ipset cls_bpf cls_flower act_bpf act_vlan
 SCHED_MODULES_EXTRA = $(filter-out $(SCHED_MODULES_FILTER),$(SCHED_MODULES))
 SCHED_FILES = $(patsubst %,$(LINUX_DIR)/net/sched/%.ko,$(filter $(SCHED_MODULES_CORE),$(SCHED_MODULES)))
@@ -745,6 +745,7 @@ define KernelPackage/sched-core
 	CONFIG_NET_CLS_ROUTE4 \
 	CONFIG_NET_CLS_TCINDEX \
 	CONFIG_NET_CLS_U32 \
+	CONFIG_NET_ACT_GACT \
 	CONFIG_NET_ACT_MIRRED \
 	CONFIG_NET_ACT_SKBEDIT \
 	CONFIG_NET_CLS_MATCHALL \
@@ -899,7 +900,6 @@ define KernelPackage/sched
 	CONFIG_NET_SCH_FQ \
 	CONFIG_NET_SCH_PIE \
 	CONFIG_NET_ACT_POLICE \
-	CONFIG_NET_ACT_GACT \
 	CONFIG_NET_ACT_IPT \
 	CONFIG_NET_ACT_PEDIT \
 	CONFIG_NET_ACT_SIMP \

package/kernel/linux/modules/usb.mk

@@ -561,7 +561,7 @@ $(eval $(call KernelPackage,usb-serial))
 
 define AddDepends/usb-serial
   SUBMENU:=$(USB_MENU)
-  DEPENDS+=kmod-usb-serial $(1)
+  DEPENDS+=+kmod-usb-serial $(1)
 endef
 
 

package/kernel/mac80211/Makefile

@@ -10,10 +10,10 @@ include $(INCLUDE_DIR)/kernel.mk
 
 PKG_NAME:=mac80211
 
-PKG_VERSION:=5.10.34-1
+PKG_VERSION:=5.10.42-1
 PKG_RELEASE:=1
-PKG_SOURCE_URL:=@KERNEL/linux/kernel/projects/backports/stable/v5.10.34/
-PKG_HASH:=03c4ca6bf47d4e50b91b61bc2943a98c788439e56ce2b4080bc4c94141c2c15b
+PKG_SOURCE_URL:=@KERNEL/linux/kernel/projects/backports/stable/v5.10.42/
+PKG_HASH:=6876520105240844fdb32d1dcdf2bfdea291a37a96f16c892fda3776ba714fcb
 
 PKG_SOURCE:=backports-$(PKG_VERSION).tar.xz
 PKG_BUILD_DIR:=$(KERNEL_BUILD_DIR)/backports-$(PKG_VERSION)

package/kernel/mac80211/files/lib/netifd/wireless/mac80211.sh

@@ -907,10 +907,8 @@ drv_mac80211_setup() {
 		return 1
 	}
 
-	[ -z "$(uci -q -P /var/state show wireless._${phy})" ] && {
-		uci -q -P /var/state set wireless._${phy}=phy
-		wireless_set_data phy="$phy"
-	}
+	wireless_set_data phy="$phy"
+	[ -z "$(uci -q -P /var/state show wireless._${phy})" ] && uci -q -P /var/state set wireless._${phy}=phy
 
 	OLDAPLIST=$(uci -q -P /var/state get wireless._${phy}.aplist)
 	OLDSPLIST=$(uci -q -P /var/state get wireless._${phy}.splist)
@@ -1003,6 +1001,7 @@ drv_mac80211_setup() {
 	[ -n "$hostapd_ctrl" ] && {
 		local no_reload=1
 		if [ -n "$(ubus list | grep hostapd.$primary_ap)" ]; then
+			no_reload=0
 			[ "${NEW_MD5}" = "${OLD_MD5}" ] || {
 				ubus call hostapd.$primary_ap reload
 				no_reload=$?
@@ -1077,6 +1076,10 @@ drv_mac80211_teardown() {
 	json_select data
 	json_get_vars phy
 	json_select ..
+	[ -n "$phy" ] || {
+		echo "Bug: PHY is undefined for device '$1'"
+		return 1
+	}
 
 	mac80211_interface_cleanup "$phy"
 	uci -q -P /var/state revert wireless._${phy}

package/kernel/mac80211/patches/ath/080-ath10k_thermal_config.patch

@@ -37,7 +37,7 @@
  void ath10k_thermal_event_temperature(struct ath10k *ar, int temperature);
 --- a/local-symbols
 +++ b/local-symbols
-@@ -143,6 +143,7 @@ ATH10K_SNOC=
+@@ -142,6 +142,7 @@ ATH10K_SNOC=
  ATH10K_DEBUG=
  ATH10K_DEBUGFS=
  ATH10K_SPECTRAL=

package/kernel/mac80211/patches/ath/300-ath10k-add-CCMP-PN-replay-protection-for-fragmented-.patch

@@ -1,180 +0,0 @@
-From: Wen Gong <wgong@codeaurora.org>
-Date: Tue, 11 May 2021 20:02:52 +0200
-Subject: [PATCH] ath10k: add CCMP PN replay protection for fragmented
- frames for PCIe
-
-PN replay check for not fragmented frames is finished in the firmware,
-but this was not done for fragmented frames when ath10k is used with
-QCA6174/QCA6377 PCIe. mac80211 has the function
-ieee80211_rx_h_defragment() for PN replay check for fragmented frames,
-but this does not get checked with QCA6174 due to the
-ieee80211_has_protected() condition not matching the cleared Protected
-bit case.
-
-Validate the PN of received fragmented frames within ath10k when CCMP is
-used and drop the fragment if the PN is not correct (incremented by
-exactly one from the previous fragment). This applies only for
-QCA6174/QCA6377 PCIe.
-
-Tested-on: QCA6174 hw3.2 PCI WLAN.RM.4.4.1-00110-QCARMSWP-1
-
-Cc: stable@vger.kernel.org
-Signed-off-by: Wen Gong <wgong@codeaurora.org>
-Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
-Signed-off-by: Johannes Berg <johannes.berg@intel.com>
----
-
---- a/drivers/net/wireless/ath/ath10k/htt.h
-+++ b/drivers/net/wireless/ath/ath10k/htt.h
-@@ -846,6 +846,7 @@ enum htt_security_types {
- 
- #define ATH10K_HTT_TXRX_PEER_SECURITY_MAX 2
- #define ATH10K_TXRX_NUM_EXT_TIDS 19
-+#define ATH10K_TXRX_NON_QOS_TID 16
- 
- enum htt_security_flags {
- #define HTT_SECURITY_TYPE_MASK 0x7F
---- a/drivers/net/wireless/ath/ath10k/htt_rx.c
-+++ b/drivers/net/wireless/ath/ath10k/htt_rx.c
-@@ -1746,16 +1746,87 @@ static void ath10k_htt_rx_h_csum_offload
- 	msdu->ip_summed = ath10k_htt_rx_get_csum_state(msdu);
- }
- 
-+static u64 ath10k_htt_rx_h_get_pn(struct ath10k *ar, struct sk_buff *skb,
-+				  u16 offset,
-+				  enum htt_rx_mpdu_encrypt_type enctype)
-+{
-+	struct ieee80211_hdr *hdr;
-+	u64 pn = 0;
-+	u8 *ehdr;
-+
-+	hdr = (struct ieee80211_hdr *)(skb->data + offset);
-+	ehdr = skb->data + offset + ieee80211_hdrlen(hdr->frame_control);
-+
-+	if (enctype == HTT_RX_MPDU_ENCRYPT_AES_CCM_WPA2) {
-+		pn = ehdr[0];
-+		pn |= (u64)ehdr[1] << 8;
-+		pn |= (u64)ehdr[4] << 16;
-+		pn |= (u64)ehdr[5] << 24;
-+		pn |= (u64)ehdr[6] << 32;
-+		pn |= (u64)ehdr[7] << 40;
-+	}
-+	return pn;
-+}
-+
-+static bool ath10k_htt_rx_h_frag_pn_check(struct ath10k *ar,
-+					  struct sk_buff *skb,
-+					  u16 peer_id,
-+					  u16 offset,
-+					  enum htt_rx_mpdu_encrypt_type enctype)
-+{
-+	struct ath10k_peer *peer;
-+	union htt_rx_pn_t *last_pn, new_pn = {0};
-+	struct ieee80211_hdr *hdr;
-+	bool more_frags;
-+	u8 tid, frag_number;
-+	u32 seq;
-+
-+	peer = ath10k_peer_find_by_id(ar, peer_id);
-+	if (!peer) {
-+		ath10k_dbg(ar, ATH10K_DBG_HTT, "invalid peer for frag pn check\n");
-+		return false;
-+	}
-+
-+	hdr = (struct ieee80211_hdr *)(skb->data + offset);
-+	if (ieee80211_is_data_qos(hdr->frame_control))
-+		tid = ieee80211_get_tid(hdr);
-+	else
-+		tid = ATH10K_TXRX_NON_QOS_TID;
-+
-+	last_pn = &peer->frag_tids_last_pn[tid];
-+	new_pn.pn48 = ath10k_htt_rx_h_get_pn(ar, skb, offset, enctype);
-+	more_frags = ieee80211_has_morefrags(hdr->frame_control);
-+	frag_number = le16_to_cpu(hdr->seq_ctrl) & IEEE80211_SCTL_FRAG;
-+	seq = (__le16_to_cpu(hdr->seq_ctrl) & IEEE80211_SCTL_SEQ) >> 4;
-+
-+	if (frag_number == 0) {
-+		last_pn->pn48 = new_pn.pn48;
-+		peer->frag_tids_seq[tid] = seq;
-+	} else {
-+		if (seq != peer->frag_tids_seq[tid])
-+			return false;
-+
-+		if (new_pn.pn48 != last_pn->pn48 + 1)
-+			return false;
-+
-+		last_pn->pn48 = new_pn.pn48;
-+	}
-+
-+	return true;
-+}
-+
- static void ath10k_htt_rx_h_mpdu(struct ath10k *ar,
- 				 struct sk_buff_head *amsdu,
- 				 struct ieee80211_rx_status *status,
- 				 bool fill_crypt_header,
- 				 u8 *rx_hdr,
--				 enum ath10k_pkt_rx_err *err)
-+				 enum ath10k_pkt_rx_err *err,
-+				 u16 peer_id,
-+				 bool frag)
- {
- 	struct sk_buff *first;
- 	struct sk_buff *last;
--	struct sk_buff *msdu;
-+	struct sk_buff *msdu, *temp;
- 	struct htt_rx_desc *rxd;
- 	struct ieee80211_hdr *hdr;
- 	enum htt_rx_mpdu_encrypt_type enctype;
-@@ -1768,6 +1839,7 @@ static void ath10k_htt_rx_h_mpdu(struct
- 	bool is_decrypted;
- 	bool is_mgmt;
- 	u32 attention;
-+	bool frag_pn_check = true;
- 
- 	if (skb_queue_empty(amsdu))
- 		return;
-@@ -1866,6 +1938,24 @@ static void ath10k_htt_rx_h_mpdu(struct
- 	}
- 
- 	skb_queue_walk(amsdu, msdu) {
-+		if (frag && !fill_crypt_header && is_decrypted &&
-+		    enctype == HTT_RX_MPDU_ENCRYPT_AES_CCM_WPA2)
-+			frag_pn_check = ath10k_htt_rx_h_frag_pn_check(ar,
-+								      msdu,
-+								      peer_id,
-+								      0,
-+								      enctype);
-+
-+		if (!frag_pn_check) {
-+			/* Discard the fragment with invalid PN */
-+			temp = msdu->prev;
-+			__skb_unlink(msdu, amsdu);
-+			dev_kfree_skb_any(msdu);
-+			msdu = temp;
-+			frag_pn_check = true;
-+			continue;
-+		}
-+
- 		ath10k_htt_rx_h_csum_offload(msdu);
- 		ath10k_htt_rx_h_undecap(ar, msdu, status, first_hdr, enctype,
- 					is_decrypted);
-@@ -2071,7 +2161,8 @@ static int ath10k_htt_rx_handle_amsdu(st
- 		ath10k_htt_rx_h_unchain(ar, &amsdu, &drop_cnt, &unchain_cnt);
- 
- 	ath10k_htt_rx_h_filter(ar, &amsdu, rx_status, &drop_cnt_filter);
--	ath10k_htt_rx_h_mpdu(ar, &amsdu, rx_status, true, first_hdr, &err);
-+	ath10k_htt_rx_h_mpdu(ar, &amsdu, rx_status, true, first_hdr, &err, 0,
-+			     false);
- 	msdus_to_queue = skb_queue_len(&amsdu);
- 	ath10k_htt_rx_h_enqueue(ar, &amsdu, rx_status);
- 
-@@ -3027,7 +3118,7 @@ static int ath10k_htt_rx_in_ord_ind(stru
- 			ath10k_htt_rx_h_ppdu(ar, &amsdu, status, vdev_id);
- 			ath10k_htt_rx_h_filter(ar, &amsdu, status, NULL);
- 			ath10k_htt_rx_h_mpdu(ar, &amsdu, status, false, NULL,
--					     NULL);
-+					     NULL, peer_id, frag);
- 			ath10k_htt_rx_h_enqueue(ar, &amsdu, status);
- 			break;
- 		case -EAGAIN:

package/kernel/mac80211/patches/ath/301-ath10k-drop-fragments-with-multicast-DA-for-PCIe.patch

@@ -1,66 +0,0 @@
-From: Wen Gong <wgong@codeaurora.org>
-Date: Tue, 11 May 2021 20:02:53 +0200
-Subject: [PATCH] ath10k: drop fragments with multicast DA for PCIe
-
-Fragmentation is not used with multicast frames. Discard unexpected
-fragments with multicast DA. This fixes CVE-2020-26145.
-
-Tested-on: QCA6174 hw3.2 PCI WLAN.RM.4.4.1-00110-QCARMSWP-1
-
-Cc: stable@vger.kernel.org
-Signed-off-by: Wen Gong <wgong@codeaurora.org>
-Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
-Signed-off-by: Johannes Berg <johannes.berg@intel.com>
----
-
---- a/drivers/net/wireless/ath/ath10k/htt_rx.c
-+++ b/drivers/net/wireless/ath/ath10k/htt_rx.c
-@@ -1768,6 +1768,16 @@ static u64 ath10k_htt_rx_h_get_pn(struct
- 	return pn;
- }
- 
-+static bool ath10k_htt_rx_h_frag_multicast_check(struct ath10k *ar,
-+						 struct sk_buff *skb,
-+						 u16 offset)
-+{
-+	struct ieee80211_hdr *hdr;
-+
-+	hdr = (struct ieee80211_hdr *)(skb->data + offset);
-+	return !is_multicast_ether_addr(hdr->addr1);
-+}
-+
- static bool ath10k_htt_rx_h_frag_pn_check(struct ath10k *ar,
- 					  struct sk_buff *skb,
- 					  u16 peer_id,
-@@ -1839,7 +1849,7 @@ static void ath10k_htt_rx_h_mpdu(struct
- 	bool is_decrypted;
- 	bool is_mgmt;
- 	u32 attention;
--	bool frag_pn_check = true;
-+	bool frag_pn_check = true, multicast_check = true;
- 
- 	if (skb_queue_empty(amsdu))
- 		return;
-@@ -1946,13 +1956,20 @@ static void ath10k_htt_rx_h_mpdu(struct
- 								      0,
- 								      enctype);
- 
--		if (!frag_pn_check) {
--			/* Discard the fragment with invalid PN */
-+		if (frag)
-+			multicast_check = ath10k_htt_rx_h_frag_multicast_check(ar,
-+									       msdu,
-+									       0);
-+
-+		if (!frag_pn_check || !multicast_check) {
-+			/* Discard the fragment with invalid PN or multicast DA
-+			 */
- 			temp = msdu->prev;
- 			__skb_unlink(msdu, amsdu);
- 			dev_kfree_skb_any(msdu);
- 			msdu = temp;
- 			frag_pn_check = true;
-+			multicast_check = true;
- 			continue;
- 		}
- 

package/kernel/mac80211/patches/ath/302-ath10k-drop-fragments-with-multicast-DA-for-SDIO.patch

@@ -1,40 +0,0 @@
-From: Wen Gong <wgong@codeaurora.org>
-Date: Tue, 11 May 2021 20:02:54 +0200
-Subject: [PATCH] ath10k: drop fragments with multicast DA for SDIO
-
-Fragmentation is not used with multicast frames. Discard unexpected
-fragments with multicast DA. This fixes CVE-2020-26145.
-
-Tested-on: QCA6174 hw3.2 SDIO WLAN.RMH.4.4.1-00049
-
-Cc: stable@vger.kernel.org
-Signed-off-by: Wen Gong <wgong@codeaurora.org>
-Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
-Signed-off-by: Johannes Berg <johannes.berg@intel.com>
----
-
---- a/drivers/net/wireless/ath/ath10k/htt_rx.c
-+++ b/drivers/net/wireless/ath/ath10k/htt_rx.c
-@@ -2617,6 +2617,13 @@ static bool ath10k_htt_rx_proc_rx_frag_i
- 	rx_desc = (struct htt_hl_rx_desc *)(skb->data + tot_hdr_len);
- 	rx_desc_info = __le32_to_cpu(rx_desc->info);
- 
-+	hdr = (struct ieee80211_hdr *)((u8 *)rx_desc + rx_hl->fw_desc.len);
-+
-+	if (is_multicast_ether_addr(hdr->addr1)) {
-+		/* Discard the fragment with multicast DA */
-+		goto err;
-+	}
-+
- 	if (!MS(rx_desc_info, HTT_RX_DESC_HL_INFO_ENCRYPTED)) {
- 		spin_unlock_bh(&ar->data_lock);
- 		return ath10k_htt_rx_proc_rx_ind_hl(htt, &resp->rx_ind_hl, skb,
-@@ -2624,8 +2631,6 @@ static bool ath10k_htt_rx_proc_rx_frag_i
- 						    HTT_RX_NON_TKIP_MIC);
- 	}
- 
--	hdr = (struct ieee80211_hdr *)((u8 *)rx_desc + rx_hl->fw_desc.len);
--
- 	if (ieee80211_has_retry(hdr->frame_control))
- 		goto err;
- 

package/kernel/mac80211/patches/ath/303-ath10k-drop-MPDU-which-has-discard-flag-set-by-firmw.patch

@@ -1,54 +0,0 @@
-From: Wen Gong <wgong@codeaurora.org>
-Date: Tue, 11 May 2021 20:02:55 +0200
-Subject: [PATCH] ath10k: drop MPDU which has discard flag set by firmware
- for SDIO
-
-When the discard flag is set by the firmware for an MPDU, it should be
-dropped. This allows a mitigation for CVE-2020-24588 to be implemented
-in the firmware.
-
-Tested-on: QCA6174 hw3.2 SDIO WLAN.RMH.4.4.1-00049
-
-Cc: stable@vger.kernel.org
-Signed-off-by: Wen Gong <wgong@codeaurora.org>
-Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
-Signed-off-by: Johannes Berg <johannes.berg@intel.com>
----
-
---- a/drivers/net/wireless/ath/ath10k/htt_rx.c
-+++ b/drivers/net/wireless/ath/ath10k/htt_rx.c
-@@ -2312,6 +2312,11 @@ static bool ath10k_htt_rx_proc_rx_ind_hl
- 	fw_desc = &rx->fw_desc;
- 	rx_desc_len = fw_desc->len;
- 
-+	if (fw_desc->u.bits.discard) {
-+		ath10k_dbg(ar, ATH10K_DBG_HTT, "htt discard mpdu\n");
-+		goto err;
-+	}
-+
- 	/* I have not yet seen any case where num_mpdu_ranges > 1.
- 	 * qcacld does not seem handle that case either, so we introduce the
- 	 * same limitiation here as well.
---- a/drivers/net/wireless/ath/ath10k/rx_desc.h
-+++ b/drivers/net/wireless/ath/ath10k/rx_desc.h
-@@ -1282,7 +1282,19 @@ struct fw_rx_desc_base {
- #define FW_RX_DESC_UDP              (1 << 6)
- 
- struct fw_rx_desc_hl {
--	u8 info0;
-+	union {
-+		struct {
-+		u8 discard:1,
-+		   forward:1,
-+		   any_err:1,
-+		   dup_err:1,
-+		   reserved:1,
-+		   inspect:1,
-+		   extension:2;
-+		} bits;
-+		u8 info0;
-+	} u;
-+
- 	u8 version;
- 	u8 len;
- 	u8 flags;

package/kernel/mac80211/patches/ath/304-ath10k-Fix-TKIP-Michael-MIC-verification-for-PCIe.patch

@@ -1,48 +0,0 @@
-From: Wen Gong <wgong@codeaurora.org>
-Date: Tue, 11 May 2021 20:02:56 +0200
-Subject: [PATCH] ath10k: Fix TKIP Michael MIC verification for PCIe
-
-TKIP Michael MIC was not verified properly for PCIe cases since the
-validation steps in ieee80211_rx_h_michael_mic_verify() in mac80211 did
-not get fully executed due to unexpected flag values in
-ieee80211_rx_status.
-
-Fix this by setting the flags property to meet mac80211 expectations for
-performing Michael MIC validation there. This fixes CVE-2020-26141. It
-does the same as ath10k_htt_rx_proc_rx_ind_hl() for SDIO which passed
-MIC verification case. This applies only to QCA6174/QCA9377 PCIe.
-
-Tested-on: QCA6174 hw3.2 PCI WLAN.RM.4.4.1-00110-QCARMSWP-1
-
-Cc: stable@vger.kernel.org
-Signed-off-by: Wen Gong <wgong@codeaurora.org>
-Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
-Signed-off-by: Johannes Berg <johannes.berg@intel.com>
----
-
---- a/drivers/net/wireless/ath/ath10k/htt_rx.c
-+++ b/drivers/net/wireless/ath/ath10k/htt_rx.c
-@@ -1974,6 +1974,11 @@ static void ath10k_htt_rx_h_mpdu(struct
- 		}
- 
- 		ath10k_htt_rx_h_csum_offload(msdu);
-+
-+		if (frag && !fill_crypt_header &&
-+		    enctype == HTT_RX_MPDU_ENCRYPT_TKIP_WPA)
-+			status->flag &= ~RX_FLAG_MMIC_STRIPPED;
-+
- 		ath10k_htt_rx_h_undecap(ar, msdu, status, first_hdr, enctype,
- 					is_decrypted);
- 
-@@ -1991,6 +1996,11 @@ static void ath10k_htt_rx_h_mpdu(struct
- 
- 		hdr = (void *)msdu->data;
- 		hdr->frame_control &= ~__cpu_to_le16(IEEE80211_FCTL_PROTECTED);
-+
-+		if (frag && !fill_crypt_header &&
-+		    enctype == HTT_RX_MPDU_ENCRYPT_TKIP_WPA)
-+			status->flag &= ~RX_FLAG_IV_STRIPPED &
-+					~RX_FLAG_MMIC_STRIPPED;
- 	}
- }
- 

package/kernel/mac80211/patches/ath/305-ath10k-Validate-first-subframe-of-A-MSDU-before-proc.patch

@@ -1,109 +0,0 @@
-From: Sriram R <srirrama@codeaurora.org>
-Date: Tue, 11 May 2021 20:02:57 +0200
-Subject: [PATCH] ath10k: Validate first subframe of A-MSDU before
- processing the list
-
-In certain scenarios a normal MSDU can be received as an A-MSDU when
-the A-MSDU present bit of a QoS header gets flipped during reception.
-Since this bit is unauthenticated, the hardware crypto engine can pass
-the frame to the driver without any error indication.
-
-This could result in processing unintended subframes collected in the
-A-MSDU list. Hence, validate A-MSDU list by checking if the first frame
-has a valid subframe header.
-
-Comparing the non-aggregated MSDU and an A-MSDU, the fields of the first
-subframe DA matches the LLC/SNAP header fields of a normal MSDU.
-In order to avoid processing such frames, add a validation to
-filter such A-MSDU frames where the first subframe header DA matches
-with the LLC/SNAP header pattern.
-
-Tested-on: QCA9984 hw1.0 PCI 10.4-3.10-00047
-
-Cc: stable@vger.kernel.org
-Signed-off-by: Sriram R <srirrama@codeaurora.org>
-Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
-Signed-off-by: Johannes Berg <johannes.berg@intel.com>
----
-
---- a/drivers/net/wireless/ath/ath10k/htt_rx.c
-+++ b/drivers/net/wireless/ath/ath10k/htt_rx.c
-@@ -2108,14 +2108,62 @@ static void ath10k_htt_rx_h_unchain(stru
- 	ath10k_unchain_msdu(amsdu, unchain_cnt);
- }
- 
-+static bool ath10k_htt_rx_validate_amsdu(struct ath10k *ar,
-+					 struct sk_buff_head *amsdu)
-+{
-+	u8 *subframe_hdr;
-+	struct sk_buff *first;
-+	bool is_first, is_last;
-+	struct htt_rx_desc *rxd;
-+	struct ieee80211_hdr *hdr;
-+	size_t hdr_len, crypto_len;
-+	enum htt_rx_mpdu_encrypt_type enctype;
-+	int bytes_aligned = ar->hw_params.decap_align_bytes;
-+
-+	first = skb_peek(amsdu);
-+
-+	rxd = (void *)first->data - sizeof(*rxd);
-+	hdr = (void *)rxd->rx_hdr_status;
-+
-+	is_first = !!(rxd->msdu_end.common.info0 &
-+		      __cpu_to_le32(RX_MSDU_END_INFO0_FIRST_MSDU));
-+	is_last = !!(rxd->msdu_end.common.info0 &
-+		     __cpu_to_le32(RX_MSDU_END_INFO0_LAST_MSDU));
-+
-+	/* Return in case of non-aggregated msdu */
-+	if (is_first && is_last)
-+		return true;
-+
-+	/* First msdu flag is not set for the first msdu of the list */
-+	if (!is_first)
-+		return false;
-+
-+	enctype = MS(__le32_to_cpu(rxd->mpdu_start.info0),
-+		     RX_MPDU_START_INFO0_ENCRYPT_TYPE);
-+
-+	hdr_len = ieee80211_hdrlen(hdr->frame_control);
-+	crypto_len = ath10k_htt_rx_crypto_param_len(ar, enctype);
-+
-+	subframe_hdr = (u8 *)hdr + round_up(hdr_len, bytes_aligned) +
-+		       crypto_len;
-+
-+	/* Validate if the amsdu has a proper first subframe.
-+	 * There are chances a single msdu can be received as amsdu when
-+	 * the unauthenticated amsdu flag of a QoS header
-+	 * gets flipped in non-SPP AMSDU's, in such cases the first
-+	 * subframe has llc/snap header in place of a valid da.
-+	 * return false if the da matches rfc1042 pattern
-+	 */
-+	if (ether_addr_equal(subframe_hdr, rfc1042_header))
-+		return false;
-+
-+	return true;
-+}
-+
- static bool ath10k_htt_rx_amsdu_allowed(struct ath10k *ar,
- 					struct sk_buff_head *amsdu,
- 					struct ieee80211_rx_status *rx_status)
- {
--	/* FIXME: It might be a good idea to do some fuzzy-testing to drop
--	 * invalid/dangerous frames.
--	 */
--
- 	if (!rx_status->freq) {
- 		ath10k_dbg(ar, ATH10K_DBG_HTT, "no channel configured; ignoring frame(s)!\n");
- 		return false;
-@@ -2126,6 +2174,11 @@ static bool ath10k_htt_rx_amsdu_allowed(
- 		return false;
- 	}
- 
-+	if (!ath10k_htt_rx_validate_amsdu(ar, amsdu)) {
-+		ath10k_dbg(ar, ATH10K_DBG_HTT, "invalid amsdu received\n");
-+		return false;
-+	}
-+
- 	return true;
- }
- 

package/kernel/mac80211/patches/ath/402-ath_regd_optional.patch

@@ -82,7 +82,7 @@
  	help
 --- a/local-symbols
 +++ b/local-symbols
-@@ -86,6 +86,7 @@ ADM8211=
+@@ -85,6 +85,7 @@ ADM8211=
  ATH_COMMON=
  WLAN_VENDOR_ATH=
  ATH_DEBUG=

package/kernel/mac80211/patches/ath/551-ath9k_ubnt_uap_plus_hsr.patch

@@ -371,7 +371,7 @@
  
 --- a/local-symbols
 +++ b/local-symbols
-@@ -113,6 +113,7 @@ ATH9K_WOW=
+@@ -112,6 +112,7 @@ ATH9K_WOW=
  ATH9K_RFKILL=
  ATH9K_CHANNEL_CONTEXT=
  ATH9K_PCOEM=

package/kernel/mac80211/patches/ath/974-ath10k_add-LED-and-GPIO-controlling-support-for-various-chipsets.patch

@@ -114,7 +114,7 @@ v13:
  ath10k_core-$(CONFIG_DEV_COREDUMP) += coredump.o
 --- a/local-symbols
 +++ b/local-symbols
-@@ -146,6 +146,7 @@ ATH10K_DEBUG=
+@@ -145,6 +145,7 @@ ATH10K_DEBUG=
  ATH10K_DEBUGFS=
  ATH10K_SPECTRAL=
  ATH10K_THERMAL=
@@ -456,7 +456,7 @@ v13:
  {
 --- a/drivers/net/wireless/ath/ath10k/wmi-tlv.c
 +++ b/drivers/net/wireless/ath/ath10k/wmi-tlv.c
-@@ -4591,6 +4591,8 @@ static const struct wmi_ops wmi_tlv_ops
+@@ -4594,6 +4594,8 @@ static const struct wmi_ops wmi_tlv_ops
  	.gen_echo = ath10k_wmi_tlv_op_gen_echo,
  	.gen_vdev_spectral_conf = ath10k_wmi_tlv_op_gen_vdev_spectral_conf,
  	.gen_vdev_spectral_enable = ath10k_wmi_tlv_op_gen_vdev_spectral_enable,

package/kernel/mac80211/patches/brcm/860-brcmfmac-register-wiphy-s-during-module_init.patch

@@ -11,16 +11,6 @@ module loads successfully.
 Signed-off-by: Rafał Miłecki <zajec5@gmail.com>
 ---
 
---- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/core.c
-+++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/core.c
-@@ -1557,6 +1557,7 @@ int __init brcmf_core_init(void)
- {
- 	if (!schedule_work(&brcmf_driver_work))
- 		return -EBUSY;
-+	flush_work(&brcmf_driver_work);
- 
- 	return 0;
- }
 --- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/firmware.c
 +++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/firmware.c
 @@ -431,6 +431,7 @@ struct brcmf_fw {

package/kernel/mac80211/patches/build/001-fix_build.patch

@@ -55,8 +55,8 @@
 -				echo ""							;\
 -			done								\
 -		) > Kconfig.kernel							;\
--		kver=$$($(MAKE) --no-print-directory -C $(KLIB_BUILD) kernelversion |	\
--			sed 's/^\(\([3-5]\|2\.6\)\.[0-9]\+\).*/\1/;t;d')		;\
+-		kver=$$($(MAKE) --no-print-directory -C $(KLIB_BUILD) M=$(BACKPORT_DIR)	\
+-			kernelversion |	sed 's/^\(\([3-5]\|2\.6\)\.[0-9]\+\).*/\1/;t;d');\
 -		test "$$kver" != "" || echo "Kernel version parse failed!"		;\
 -		test "$$kver" != ""							;\
 -		kvers="$$(seq 14 39 | sed 's/^/2.6./')"					;\
@@ -112,8 +112,8 @@
 +	@echo " done."
 +
 +Kconfig.versions: Kconfig.kernel
-+	@kver=$$($(MAKE) --no-print-directory -C $(KLIB_BUILD) kernelversion |	\
-+		sed 's/^\(\([3-5]\|2\.6\)\.[0-9]\+\).*/\1/;t;d')		;\
++	@kver=$$($(MAKE) --no-print-directory -C $(KLIB_BUILD) M=$(BACKPORT_DIR) \
++		kernelversion |	sed 's/^\(\([3-5]\|2\.6\)\.[0-9]\+\).*/\1/;t;d');\
 +	test "$$kver" != "" || echo "Kernel version parse failed!"		;\
 +	test "$$kver" != ""							;\
 +	kvers="$$(seq 14 39 | sed 's/^/2.6./')"					;\

package/kernel/mac80211/patches/mwl/700-mwl8k-missing-pci-id-for-WNR854T.patch

@@ -1,6 +1,6 @@
 --- a/drivers/net/wireless/marvell/mwl8k.c
 +++ b/drivers/net/wireless/marvell/mwl8k.c
-@@ -5694,6 +5694,7 @@ MODULE_FIRMWARE("mwl8k/fmimage_8366.fw")
+@@ -5695,6 +5695,7 @@ MODULE_FIRMWARE("mwl8k/fmimage_8366.fw")
  MODULE_FIRMWARE(MWL8K_8366_AP_FW(MWL8K_8366_AP_FW_API));
  
  static const struct pci_device_id mwl8k_pci_id_table[] = {

package/kernel/mac80211/patches/mwl/940-mwl8k_init_devices_synchronously.patch

@@ -1,6 +1,6 @@
 --- a/drivers/net/wireless/marvell/mwl8k.c
 +++ b/drivers/net/wireless/marvell/mwl8k.c
-@@ -6279,6 +6279,8 @@ static int mwl8k_probe(struct pci_dev *p
+@@ -6280,6 +6280,8 @@ static int mwl8k_probe(struct pci_dev *p
  
  	priv->running_bsses = 0;
  
@@ -9,7 +9,7 @@
  	return rc;
  
  err_stop_firmware:
-@@ -6312,8 +6314,6 @@ static void mwl8k_remove(struct pci_dev
+@@ -6313,8 +6315,6 @@ static void mwl8k_remove(struct pci_dev
  		return;
  	priv = hw->priv;
  

package/kernel/mac80211/patches/rt2x00/602-rt2x00-introduce-rt2x00eeprom.patch

@@ -1,6 +1,6 @@
 --- a/local-symbols
 +++ b/local-symbols
-@@ -333,6 +333,7 @@ RT2X00_LIB_FIRMWARE=
+@@ -332,6 +332,7 @@ RT2X00_LIB_FIRMWARE=
  RT2X00_LIB_CRYPTO=
  RT2X00_LIB_LEDS=
  RT2X00_LIB_DEBUGFS=

package/kernel/mac80211/patches/subsys/010-sync-nl80211_h.patch

@@ -0,0 +1,297 @@
+--- a/include/uapi/linux/nl80211.h
++++ b/include/uapi/linux/nl80211.h
+@@ -655,6 +655,9 @@
+  *	When a security association was established on an 802.1X network using
+  *	fast transition, this event should be followed by an
+  *	%NL80211_CMD_PORT_AUTHORIZED event.
++ *	Following a %NL80211_CMD_ROAM event userspace can issue
++ *	%NL80211_CMD_GET_SCAN in order to obtain the scan information for the
++ *	new BSS the card/driver roamed to.
+  * @NL80211_CMD_DISCONNECT: drop a given connection; also used to notify
+  *	userspace that a connection was dropped by the AP or due to other
+  *	reasons, for this the %NL80211_ATTR_DISCONNECTED_BY_AP and
+@@ -757,7 +760,8 @@
+  *	of any other interfaces, and other interfaces will again take
+  *	precedence when they are used.
+  *
+- * @NL80211_CMD_SET_WDS_PEER: Set the MAC address of the peer on a WDS interface.
++ * @NL80211_CMD_SET_WDS_PEER: Set the MAC address of the peer on a WDS interface
++ *	(no longer supported).
+  *
+  * @NL80211_CMD_SET_MULTICAST_TO_UNICAST: Configure if this AP should perform
+  *	multicast to unicast conversion. When enabled, all multicast packets
+@@ -1177,6 +1181,10 @@
+  *	includes the contents of the frame. %NL80211_ATTR_ACK flag is included
+  *	if the recipient acknowledged the frame.
+  *
++ * @NL80211_CMD_SET_SAR_SPECS: SAR power limitation configuration is
++ *	passed using %NL80211_ATTR_SAR_SPEC. %NL80211_ATTR_WIPHY is used to
++ *	specify the wiphy index to be applied to.
++ *
+  * @NL80211_CMD_MAX: highest used command number
+  * @__NL80211_CMD_AFTER_LAST: internal use
+  */
+@@ -1407,6 +1415,8 @@ enum nl80211_commands {
+ 
+ 	NL80211_CMD_CONTROL_PORT_FRAME_TX_STATUS,
+ 
++	NL80211_CMD_SET_SAR_SPECS,
++
+ 	/* add new commands above here */
+ 
+ 	/* used to define NL80211_CMD_MAX below */
+@@ -1750,8 +1760,9 @@ enum nl80211_commands {
+  *	specify just a single bitrate, which is to be used for the beacon.
+  *	The driver must also specify support for this with the extended
+  *	features NL80211_EXT_FEATURE_BEACON_RATE_LEGACY,
+- *	NL80211_EXT_FEATURE_BEACON_RATE_HT and
+- *	NL80211_EXT_FEATURE_BEACON_RATE_VHT.
++ *	NL80211_EXT_FEATURE_BEACON_RATE_HT,
++ *	NL80211_EXT_FEATURE_BEACON_RATE_VHT and
++ *	NL80211_EXT_FEATURE_BEACON_RATE_HE.
+  *
+  * @NL80211_ATTR_FRAME_MATCH: A binary attribute which typically must contain
+  *	at least one byte, currently used with @NL80211_CMD_REGISTER_FRAME.
+@@ -1955,8 +1966,15 @@ enum nl80211_commands {
+  * @NL80211_ATTR_PROBE_RESP: Probe Response template data. Contains the entire
+  *	probe-response frame. The DA field in the 802.11 header is zero-ed out,
+  *	to be filled by the FW.
+- * @NL80211_ATTR_DISABLE_HT:  Force HT capable interfaces to disable
+- *      this feature.  Currently, only supported in mac80211 drivers.
++ * @NL80211_ATTR_DISABLE_HT: Force HT capable interfaces to disable
++ *      this feature during association. This is a flag attribute.
++ *	Currently only supported in mac80211 drivers.
++ * @NL80211_ATTR_DISABLE_VHT: Force VHT capable interfaces to disable
++ *      this feature during association. This is a flag attribute.
++ *	Currently only supported in mac80211 drivers.
++ * @NL80211_ATTR_DISABLE_HE: Force HE capable interfaces to disable
++ *      this feature during association. This is a flag attribute.
++ *	Currently only supported in mac80211 drivers.
+  * @NL80211_ATTR_HT_CAPABILITY_MASK: Specify which bits of the
+  *      ATTR_HT_CAPABILITY to which attention should be paid.
+  *      Currently, only mac80211 NICs support this feature.
+@@ -2077,7 +2095,8 @@ enum nl80211_commands {
+  *	until the channel switch event.
+  * @NL80211_ATTR_CH_SWITCH_BLOCK_TX: flag attribute specifying that transmission
+  *	must be blocked on the current channel (before the channel switch
+- *	operation).
++ *	operation). Also included in the channel switch started event if quiet
++ *	was requested by the AP.
+  * @NL80211_ATTR_CSA_IES: Nested set of attributes containing the IE information
+  *	for the time while performing a channel switch.
+  * @NL80211_ATTR_CNTDWN_OFFS_BEACON: An array of offsets (u16) to the channel
+@@ -2527,6 +2546,20 @@ enum nl80211_commands {
+  *	override mask. Used with NL80211_ATTR_S1G_CAPABILITY in
+  *	NL80211_CMD_ASSOCIATE or NL80211_CMD_CONNECT.
+  *
++ * @NL80211_ATTR_SAE_PWE: Indicates the mechanism(s) allowed for SAE PWE
++ *	derivation in WPA3-Personal networks which are using SAE authentication.
++ *	This is a u8 attribute that encapsulates one of the values from
++ *	&enum nl80211_sae_pwe_mechanism.
++ *
++ * @NL80211_ATTR_SAR_SPEC: SAR power limitation specification when
++ *	used with %NL80211_CMD_SET_SAR_SPECS. The message contains fields
++ *	of %nl80211_sar_attrs which specifies the sar type and related
++ *	sar specs. Sar specs contains array of %nl80211_sar_specs_attrs.
++ *
++ * @NL80211_ATTR_RECONNECT_REQUESTED: flag attribute, used with deauth and
++ *	disassoc events to indicate that an immediate reconnect to the AP
++ *	is desired.
++ *
+  * @NUM_NL80211_ATTR: total number of nl80211_attrs available
+  * @NL80211_ATTR_MAX: highest attribute number currently defined
+  * @__NL80211_ATTR_AFTER_LAST: internal use
+@@ -3016,6 +3049,14 @@ enum nl80211_attrs {
+ 	NL80211_ATTR_S1G_CAPABILITY,
+ 	NL80211_ATTR_S1G_CAPABILITY_MASK,
+ 
++	NL80211_ATTR_SAE_PWE,
++
++	NL80211_ATTR_RECONNECT_REQUESTED,
++
++	NL80211_ATTR_SAR_SPEC,
++
++	NL80211_ATTR_DISABLE_HE,
++
+ 	/* add attributes here, update the policy in nl80211.c */
+ 
+ 	__NL80211_ATTR_AFTER_LAST,
+@@ -5896,6 +5937,19 @@ enum nl80211_feature_flags {
+  * @NL80211_EXT_FEATURE_UNSOL_BCAST_PROBE_RESP: Driver/device supports
+  *	unsolicited broadcast probe response transmission
+  *
++ * @NL80211_EXT_FEATURE_BEACON_RATE_HE: Driver supports beacon rate
++ *	configuration (AP/mesh) with HE rates.
++ *
++ * @NL80211_EXT_FEATURE_SECURE_LTF: Device supports secure LTF measurement
++ *      exchange protocol.
++ *
++ * @NL80211_EXT_FEATURE_SECURE_RTT: Device supports secure RTT measurement
++ *      exchange protocol.
++ *
++ * @NL80211_EXT_FEATURE_PROT_RANGE_NEGO_AND_MEASURE: Device supports management
++ *      frame protection for all management frames exchanged during the
++ *      negotiation and range measurement procedure.
++ *
+  * @NUM_NL80211_EXT_FEATURES: number of extended features.
+  * @MAX_NL80211_EXT_FEATURES: highest extended feature index.
+  */
+@@ -5956,6 +6010,10 @@ enum nl80211_ext_feature_index {
+ 	NL80211_EXT_FEATURE_SAE_OFFLOAD_AP,
+ 	NL80211_EXT_FEATURE_FILS_DISCOVERY,
+ 	NL80211_EXT_FEATURE_UNSOL_BCAST_PROBE_RESP,
++	NL80211_EXT_FEATURE_BEACON_RATE_HE,
++	NL80211_EXT_FEATURE_SECURE_LTF,
++	NL80211_EXT_FEATURE_SECURE_RTT,
++	NL80211_EXT_FEATURE_PROT_RANGE_NEGO_AND_MEASURE,
+ 
+ 	/* add new features before the definition below */
+ 	NUM_NL80211_EXT_FEATURES,
+@@ -6253,11 +6311,13 @@ struct nl80211_vendor_cmd_info {
+  * @NL80211_TDLS_PEER_HT: TDLS peer is HT capable.
+  * @NL80211_TDLS_PEER_VHT: TDLS peer is VHT capable.
+  * @NL80211_TDLS_PEER_WMM: TDLS peer is WMM capable.
++ * @NL80211_TDLS_PEER_HE: TDLS peer is HE capable.
+  */
+ enum nl80211_tdls_peer_capability {
+ 	NL80211_TDLS_PEER_HT = 1<<0,
+ 	NL80211_TDLS_PEER_VHT = 1<<1,
+ 	NL80211_TDLS_PEER_WMM = 1<<2,
++	NL80211_TDLS_PEER_HE = 1<<3,
+ };
+ 
+ /**
+@@ -6849,6 +6909,9 @@ enum nl80211_peer_measurement_ftm_capa {
+  *      if neither %NL80211_PMSR_FTM_REQ_ATTR_TRIGGER_BASED nor
+  *	%NL80211_PMSR_FTM_REQ_ATTR_NON_TRIGGER_BASED is set, EDCA based
+  *	ranging will be used.
++ * @NL80211_PMSR_FTM_REQ_ATTR_LMR_FEEDBACK: negotiate for LMR feedback. Only
++ *	valid if either %NL80211_PMSR_FTM_REQ_ATTR_TRIGGER_BASED or
++ *	%NL80211_PMSR_FTM_REQ_ATTR_NON_TRIGGER_BASED is set.
+  *
+  * @NUM_NL80211_PMSR_FTM_REQ_ATTR: internal
+  * @NL80211_PMSR_FTM_REQ_ATTR_MAX: highest attribute number
+@@ -6867,6 +6930,7 @@ enum nl80211_peer_measurement_ftm_req {
+ 	NL80211_PMSR_FTM_REQ_ATTR_REQUEST_CIVICLOC,
+ 	NL80211_PMSR_FTM_REQ_ATTR_TRIGGER_BASED,
+ 	NL80211_PMSR_FTM_REQ_ATTR_NON_TRIGGER_BASED,
++	NL80211_PMSR_FTM_REQ_ATTR_LMR_FEEDBACK,
+ 
+ 	/* keep last */
+ 	NUM_NL80211_PMSR_FTM_REQ_ATTR,
+@@ -7124,4 +7188,115 @@ enum nl80211_unsol_bcast_probe_resp_attr
+ 	NL80211_UNSOL_BCAST_PROBE_RESP_ATTR_MAX =
+ 		__NL80211_UNSOL_BCAST_PROBE_RESP_ATTR_LAST - 1
+ };
++
++/**
++ * enum nl80211_sae_pwe_mechanism - The mechanism(s) allowed for SAE PWE
++ *	derivation. Applicable only when WPA3-Personal SAE authentication is
++ *	used.
++ *
++ * @NL80211_SAE_PWE_UNSPECIFIED: not specified, used internally to indicate that
++ *	attribute is not present from userspace.
++ * @NL80211_SAE_PWE_HUNT_AND_PECK: hunting-and-pecking loop only
++ * @NL80211_SAE_PWE_HASH_TO_ELEMENT: hash-to-element only
++ * @NL80211_SAE_PWE_BOTH: both hunting-and-pecking loop and hash-to-element
++ *	can be used.
++ */
++enum nl80211_sae_pwe_mechanism {
++	NL80211_SAE_PWE_UNSPECIFIED,
++	NL80211_SAE_PWE_HUNT_AND_PECK,
++	NL80211_SAE_PWE_HASH_TO_ELEMENT,
++	NL80211_SAE_PWE_BOTH,
++};
++
++/**
++ * enum nl80211_sar_type - type of SAR specs
++ *
++ * @NL80211_SAR_TYPE_POWER: power limitation specified in 0.25dBm unit
++ *
++ */
++enum nl80211_sar_type {
++	NL80211_SAR_TYPE_POWER,
++
++	/* add new type here */
++
++	/* Keep last */
++	NUM_NL80211_SAR_TYPE,
++};
++
++/**
++ * enum nl80211_sar_attrs - Attributes for SAR spec
++ *
++ * @NL80211_SAR_ATTR_TYPE: the SAR type as defined in &enum nl80211_sar_type.
++ *
++ * @NL80211_SAR_ATTR_SPECS: Nested array of SAR power
++ *	limit specifications. Each specification contains a set
++ *	of %nl80211_sar_specs_attrs.
++ *
++ *	For SET operation, it contains array of %NL80211_SAR_ATTR_SPECS_POWER
++ *	and %NL80211_SAR_ATTR_SPECS_RANGE_INDEX.
++ *
++ *	For sar_capa dump, it contains array of
++ *	%NL80211_SAR_ATTR_SPECS_START_FREQ
++ *	and %NL80211_SAR_ATTR_SPECS_END_FREQ.
++ *
++ * @__NL80211_SAR_ATTR_LAST: Internal
++ * @NL80211_SAR_ATTR_MAX: highest sar attribute
++ *
++ * These attributes are used with %NL80211_CMD_SET_SAR_SPEC
++ */
++enum nl80211_sar_attrs {
++	__NL80211_SAR_ATTR_INVALID,
++
++	NL80211_SAR_ATTR_TYPE,
++	NL80211_SAR_ATTR_SPECS,
++
++	__NL80211_SAR_ATTR_LAST,
++	NL80211_SAR_ATTR_MAX = __NL80211_SAR_ATTR_LAST - 1,
++};
++
++/**
++ * enum nl80211_sar_specs_attrs - Attributes for SAR power limit specs
++ *
++ * @NL80211_SAR_ATTR_SPECS_POWER: Required (s32)value to specify the actual
++ *	power limit value in units of 0.25 dBm if type is
++ *	NL80211_SAR_TYPE_POWER. (i.e., a value of 44 represents 11 dBm).
++ *	0 means userspace doesn't have SAR limitation on this associated range.
++ *
++ * @NL80211_SAR_ATTR_SPECS_RANGE_INDEX: Required (u32) value to specify the
++ *	index of exported freq range table and the associated power limitation
++ *	is applied to this range.
++ *
++ *	Userspace isn't required to set all the ranges advertised by WLAN driver,
++ *	and userspace can skip some certain ranges. These skipped ranges don't
++ *	have SAR limitations, and they are same as setting the
++ *	%NL80211_SAR_ATTR_SPECS_POWER to any unreasonable high value because any
++ *	value higher than regulatory allowed value just means SAR power
++ *	limitation is removed, but it's required to set at least one range.
++ *	It's not allowed to set duplicated range in one SET operation.
++ *
++ *	Every SET operation overwrites previous SET operation.
++ *
++ * @NL80211_SAR_ATTR_SPECS_START_FREQ: Required (u32) value to specify the start
++ *	frequency of this range edge when registering SAR capability to wiphy.
++ *	It's not a channel center frequency. The unit is kHz.
++ *
++ * @NL80211_SAR_ATTR_SPECS_END_FREQ: Required (u32) value to specify the end
++ *	frequency of this range edge when registering SAR capability to wiphy.
++ *	It's not a channel center frequency. The unit is kHz.
++ *
++ * @__NL80211_SAR_ATTR_SPECS_LAST: Internal
++ * @NL80211_SAR_ATTR_SPECS_MAX: highest sar specs attribute
++ */
++enum nl80211_sar_specs_attrs {
++	__NL80211_SAR_ATTR_SPECS_INVALID,
++
++	NL80211_SAR_ATTR_SPECS_POWER,
++	NL80211_SAR_ATTR_SPECS_RANGE_INDEX,
++	NL80211_SAR_ATTR_SPECS_START_FREQ,
++	NL80211_SAR_ATTR_SPECS_END_FREQ,
++
++	__NL80211_SAR_ATTR_SPECS_LAST,
++	NL80211_SAR_ATTR_SPECS_MAX = __NL80211_SAR_ATTR_SPECS_LAST - 1,
++};
++
+ #endif /* __LINUX_NL80211_H */

package/kernel/mac80211/patches/subsys/100-remove-cryptoapi-dependencies.patch

@@ -379,7 +379,7 @@
  #endif /* AES_GCM_H */
 --- a/net/mac80211/wpa.c
 +++ b/net/mac80211/wpa.c
-@@ -311,7 +311,8 @@ ieee80211_crypto_tkip_decrypt(struct iee
+@@ -312,7 +312,8 @@ ieee80211_crypto_tkip_decrypt(struct iee
  }
  
  
@@ -389,7 +389,7 @@
  {
  	__le16 mask_fc;
  	int a4_included, mgmt;
-@@ -341,14 +342,8 @@ static void ccmp_special_blocks(struct s
+@@ -342,14 +343,8 @@ static void ccmp_special_blocks(struct s
  	else
  		qos_tid = 0;
  
@@ -406,7 +406,7 @@
  
  	/* Nonce: Nonce Flags | A2 | PN
  	 * Nonce Flags: Priority (b0..b3) | Management (b4) | Reserved (b5..b7)
-@@ -356,6 +351,8 @@ static void ccmp_special_blocks(struct s
+@@ -357,6 +352,8 @@ static void ccmp_special_blocks(struct s
  	b_0[1] = qos_tid | (mgmt << 4);
  	memcpy(&b_0[2], hdr->addr2, ETH_ALEN);
  	memcpy(&b_0[8], pn, IEEE80211_CCMP_PN_LEN);
@@ -415,7 +415,7 @@
  
  	/* AAD (extra authenticate-only data) / masked 802.11 header
  	 * FC | A1 | A2 | A3 | SC | [A4] | [QC] */
-@@ -412,7 +409,7 @@ static int ccmp_encrypt_skb(struct ieee8
+@@ -413,7 +410,7 @@ static int ccmp_encrypt_skb(struct ieee8
  	u8 *pos;
  	u8 pn[6];
  	u64 pn64;
@@ -424,7 +424,7 @@
  	u8 b_0[AES_BLOCK_SIZE];
  
  	if (info->control.hw_key &&
-@@ -467,9 +464,11 @@ static int ccmp_encrypt_skb(struct ieee8
+@@ -468,9 +465,11 @@ static int ccmp_encrypt_skb(struct ieee8
  		return 0;
  
  	pos += IEEE80211_CCMP_HDR_LEN;
@@ -439,7 +439,7 @@
  }
  
  
-@@ -542,13 +541,13 @@ ieee80211_crypto_ccmp_decrypt(struct iee
+@@ -543,13 +542,13 @@ ieee80211_crypto_ccmp_decrypt(struct iee
  			u8 aad[2 * AES_BLOCK_SIZE];
  			u8 b_0[AES_BLOCK_SIZE];
  			/* hardware didn't decrypt/verify MIC */
@@ -455,7 +455,7 @@
  				return RX_DROP_UNUSABLE;
  		}
  
-@@ -643,7 +642,7 @@ static int gcmp_encrypt_skb(struct ieee8
+@@ -646,7 +645,7 @@ static int gcmp_encrypt_skb(struct ieee8
  	u8 *pos;
  	u8 pn[6];
  	u64 pn64;
@@ -464,7 +464,7 @@
  	u8 j_0[AES_BLOCK_SIZE];
  
  	if (info->control.hw_key &&
-@@ -700,8 +699,10 @@ static int gcmp_encrypt_skb(struct ieee8
+@@ -703,8 +702,10 @@ static int gcmp_encrypt_skb(struct ieee8
  
  	pos += IEEE80211_GCMP_HDR_LEN;
  	gcmp_special_blocks(skb, pn, j_0, aad);
@@ -477,7 +477,7 @@
  }
  
  ieee80211_tx_result
-@@ -1128,9 +1129,9 @@ ieee80211_crypto_aes_gmac_encrypt(struct
+@@ -1133,9 +1134,9 @@ ieee80211_crypto_aes_gmac_encrypt(struct
  	struct ieee80211_key *key = tx->key;
  	struct ieee80211_mmie_16 *mmie;
  	struct ieee80211_hdr *hdr;
@@ -489,7 +489,7 @@
  
  	if (WARN_ON(skb_queue_len(&tx->skbs) != 1))
  		return TX_DROP;
-@@ -1176,7 +1177,7 @@ ieee80211_crypto_aes_gmac_decrypt(struct
+@@ -1181,7 +1182,7 @@ ieee80211_crypto_aes_gmac_decrypt(struct
  	struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(skb);
  	struct ieee80211_key *key = rx->key;
  	struct ieee80211_mmie_16 *mmie;

package/kernel/mac80211/patches/subsys/150-disable_addr_notifier.patch

@@ -18,7 +18,7 @@
  static int ieee80211_ifa6_changed(struct notifier_block *nb,
  				  unsigned long data, void *arg)
  {
-@@ -1312,14 +1312,14 @@ int ieee80211_register_hw(struct ieee802
+@@ -1315,14 +1315,14 @@ int ieee80211_register_hw(struct ieee802
  
  	rtnl_unlock();
  
@@ -35,7 +35,7 @@
  	local->ifa6_notifier.notifier_call = ieee80211_ifa6_changed;
  	result = register_inet6addr_notifier(&local->ifa6_notifier);
  	if (result)
-@@ -1328,13 +1328,13 @@ int ieee80211_register_hw(struct ieee802
+@@ -1331,13 +1331,13 @@ int ieee80211_register_hw(struct ieee802
  
  	return 0;
  
@@ -52,7 +52,7 @@
   fail_ifa:
  #endif
  	wiphy_unregister(local->hw.wiphy);
-@@ -1362,10 +1362,10 @@ void ieee80211_unregister_hw(struct ieee
+@@ -1365,10 +1365,10 @@ void ieee80211_unregister_hw(struct ieee
  	tasklet_kill(&local->tx_pending_tasklet);
  	tasklet_kill(&local->tasklet);
  

package/kernel/mac80211/patches/subsys/300-cfg80211-support-immediate-reconnect-request-hint.patch

@@ -31,31 +31,9 @@ Signed-off-by: Johannes Berg <johannes.berg@intel.com>
  
  /**
   * cfg80211_rx_unprot_mlme_mgmt - notification of unprotected mlme mgmt frame
---- a/include/uapi/linux/nl80211.h
-+++ b/include/uapi/linux/nl80211.h
-@@ -2527,6 +2527,10 @@ enum nl80211_commands {
-  *	override mask. Used with NL80211_ATTR_S1G_CAPABILITY in
-  *	NL80211_CMD_ASSOCIATE or NL80211_CMD_CONNECT.
-  *
-+ * @NL80211_ATTR_RECONNECT_REQUESTED: flag attribute, used with deauth and
-+ *	disassoc events to indicate that an immediate reconnect to the AP
-+ *	is desired.
-+ *
-  * @NUM_NL80211_ATTR: total number of nl80211_attrs available
-  * @NL80211_ATTR_MAX: highest attribute number currently defined
-  * @__NL80211_ATTR_AFTER_LAST: internal use
-@@ -3016,6 +3020,8 @@ enum nl80211_attrs {
- 	NL80211_ATTR_S1G_CAPABILITY,
- 	NL80211_ATTR_S1G_CAPABILITY_MASK,
- 
-+	NL80211_ATTR_RECONNECT_REQUESTED,
-+
- 	/* add attributes here, update the policy in nl80211.c */
- 
- 	__NL80211_ATTR_AFTER_LAST,
 --- a/net/mac80211/mlme.c
 +++ b/net/mac80211/mlme.c
-@@ -2729,7 +2729,7 @@ static void ieee80211_report_disconnect(
+@@ -2734,7 +2734,7 @@ static void ieee80211_report_disconnect(
  	};
  
  	if (tx)
@@ -64,7 +42,7 @@ Signed-off-by: Johannes Berg <johannes.berg@intel.com>
  	else
  		cfg80211_rx_mlme_mgmt(sdata->dev, buf, len);
  
-@@ -4719,7 +4719,8 @@ void ieee80211_mgd_quiesce(struct ieee80
+@@ -4724,7 +4724,8 @@ void ieee80211_mgd_quiesce(struct ieee80
  		if (ifmgd->auth_data)
  			ieee80211_destroy_auth_data(sdata, false);
  		cfg80211_tx_mlme_mgmt(sdata->dev, frame_buf,

package/kernel/mac80211/patches/subsys/301-mac80211-support-driver-based-disconnect-with-reconn.patch

@@ -34,7 +34,7 @@ Signed-off-by: Johannes Berg <johannes.berg@intel.com>
   * @vif: &struct ieee80211_vif pointer from the add_interface callback.
 --- a/net/mac80211/ieee80211_i.h
 +++ b/net/mac80211/ieee80211_i.h
-@@ -461,7 +461,9 @@ struct ieee80211_if_managed {
+@@ -450,7 +450,9 @@ struct ieee80211_if_managed {
  	unsigned long probe_timeout;
  	int probe_send_count;
  	bool nullfunc_failed;
@@ -47,7 +47,7 @@ Signed-off-by: Johannes Berg <johannes.berg@intel.com>
  	struct ieee80211_mgd_auth_data *auth_data;
 --- a/net/mac80211/mlme.c
 +++ b/net/mac80211/mlme.c
-@@ -2720,7 +2720,7 @@ EXPORT_SYMBOL(ieee80211_ap_probereq_get)
+@@ -2725,7 +2725,7 @@ EXPORT_SYMBOL(ieee80211_ap_probereq_get)
  
  static void ieee80211_report_disconnect(struct ieee80211_sub_if_data *sdata,
  					const u8 *buf, size_t len, bool tx,
@@ -56,7 +56,7 @@ Signed-off-by: Johannes Berg <johannes.berg@intel.com>
  {
  	struct ieee80211_event event = {
  		.type = MLME_EVENT,
-@@ -2729,7 +2729,7 @@ static void ieee80211_report_disconnect(
+@@ -2734,7 +2734,7 @@ static void ieee80211_report_disconnect(
  	};
  
  	if (tx)
@@ -65,7 +65,7 @@ Signed-off-by: Johannes Berg <johannes.berg@intel.com>
  	else
  		cfg80211_rx_mlme_mgmt(sdata->dev, buf, len);
  
-@@ -2751,13 +2751,18 @@ static void __ieee80211_disconnect(struc
+@@ -2756,13 +2756,18 @@ static void __ieee80211_disconnect(struc
  
  	tx = !sdata->csa_block_tx;
  
@@ -89,7 +89,7 @@ Signed-off-by: Johannes Berg <johannes.berg@intel.com>
  			       tx, frame_buf);
  	mutex_lock(&local->mtx);
  	sdata->vif.csa_active = false;
-@@ -2770,7 +2775,9 @@ static void __ieee80211_disconnect(struc
+@@ -2775,7 +2780,9 @@ static void __ieee80211_disconnect(struc
  	mutex_unlock(&local->mtx);
  
  	ieee80211_report_disconnect(sdata, frame_buf, sizeof(frame_buf), tx,
@@ -100,7 +100,7 @@ Signed-off-by: Johannes Berg <johannes.berg@intel.com>
  
  	sdata_unlock(sdata);
  }
-@@ -2789,6 +2796,13 @@ static void ieee80211_beacon_connection_
+@@ -2794,6 +2801,13 @@ static void ieee80211_beacon_connection_
  		sdata_info(sdata, "Connection to AP %pM lost\n",
  			   ifmgd->bssid);
  		__ieee80211_disconnect(sdata);
@@ -114,7 +114,7 @@ Signed-off-by: Johannes Berg <johannes.berg@intel.com>
  	} else {
  		ieee80211_mgd_probe_ap(sdata, true);
  	}
-@@ -2827,6 +2841,21 @@ void ieee80211_connection_loss(struct ie
+@@ -2832,6 +2846,21 @@ void ieee80211_connection_loss(struct ie
  }
  EXPORT_SYMBOL(ieee80211_connection_loss);
  
@@ -136,7 +136,7 @@ Signed-off-by: Johannes Berg <johannes.berg@intel.com>
  
  static void ieee80211_destroy_auth_data(struct ieee80211_sub_if_data *sdata,
  					bool assoc)
-@@ -3130,7 +3159,7 @@ static void ieee80211_rx_mgmt_deauth(str
+@@ -3135,7 +3164,7 @@ static void ieee80211_rx_mgmt_deauth(str
  		ieee80211_set_disassoc(sdata, 0, 0, false, NULL);
  
  		ieee80211_report_disconnect(sdata, (u8 *)mgmt, len, false,
@@ -145,7 +145,7 @@ Signed-off-by: Johannes Berg <johannes.berg@intel.com>
  		return;
  	}
  
-@@ -3179,7 +3208,8 @@ static void ieee80211_rx_mgmt_disassoc(s
+@@ -3184,7 +3213,8 @@ static void ieee80211_rx_mgmt_disassoc(s
  
  	ieee80211_set_disassoc(sdata, 0, 0, false, NULL);
  
@@ -155,7 +155,7 @@ Signed-off-by: Johannes Berg <johannes.berg@intel.com>
  }
  
  static void ieee80211_get_rates(struct ieee80211_supported_band *sband,
-@@ -4199,7 +4229,8 @@ static void ieee80211_rx_mgmt_beacon(str
+@@ -4204,7 +4234,8 @@ static void ieee80211_rx_mgmt_beacon(str
  				       true, deauth_buf);
  		ieee80211_report_disconnect(sdata, deauth_buf,
  					    sizeof(deauth_buf), true,
@@ -165,7 +165,7 @@ Signed-off-by: Johannes Berg <johannes.berg@intel.com>
  		return;
  	}
  
-@@ -4344,7 +4375,7 @@ static void ieee80211_sta_connection_los
+@@ -4349,7 +4380,7 @@ static void ieee80211_sta_connection_los
  			       tx, frame_buf);
  
  	ieee80211_report_disconnect(sdata, frame_buf, sizeof(frame_buf), true,
@@ -174,7 +174,7 @@ Signed-off-by: Johannes Berg <johannes.berg@intel.com>
  }
  
  static int ieee80211_auth(struct ieee80211_sub_if_data *sdata)
-@@ -5434,7 +5465,8 @@ int ieee80211_mgd_auth(struct ieee80211_
+@@ -5439,7 +5470,8 @@ int ieee80211_mgd_auth(struct ieee80211_
  
  		ieee80211_report_disconnect(sdata, frame_buf,
  					    sizeof(frame_buf), true,
@@ -184,7 +184,7 @@ Signed-off-by: Johannes Berg <johannes.berg@intel.com>
  	}
  
  	sdata_info(sdata, "authenticate with %pM\n", req->bss->bssid);
-@@ -5506,7 +5538,8 @@ int ieee80211_mgd_assoc(struct ieee80211
+@@ -5511,7 +5543,8 @@ int ieee80211_mgd_assoc(struct ieee80211
  
  		ieee80211_report_disconnect(sdata, frame_buf,
  					    sizeof(frame_buf), true,
@@ -194,7 +194,7 @@ Signed-off-by: Johannes Berg <johannes.berg@intel.com>
  	}
  
  	if (ifmgd->auth_data && !ifmgd->auth_data->done) {
-@@ -5805,7 +5838,7 @@ int ieee80211_mgd_deauth(struct ieee8021
+@@ -5810,7 +5843,7 @@ int ieee80211_mgd_deauth(struct ieee8021
  		ieee80211_destroy_auth_data(sdata, false);
  		ieee80211_report_disconnect(sdata, frame_buf,
  					    sizeof(frame_buf), true,
@@ -203,7 +203,7 @@ Signed-off-by: Johannes Berg <johannes.berg@intel.com>
  
  		return 0;
  	}
-@@ -5825,7 +5858,7 @@ int ieee80211_mgd_deauth(struct ieee8021
+@@ -5830,7 +5863,7 @@ int ieee80211_mgd_deauth(struct ieee8021
  		ieee80211_destroy_assoc_data(sdata, false, true);
  		ieee80211_report_disconnect(sdata, frame_buf,
  					    sizeof(frame_buf), true,
@@ -212,7 +212,7 @@ Signed-off-by: Johannes Berg <johannes.berg@intel.com>
  		return 0;
  	}
  
-@@ -5840,7 +5873,7 @@ int ieee80211_mgd_deauth(struct ieee8021
+@@ -5845,7 +5878,7 @@ int ieee80211_mgd_deauth(struct ieee8021
  				       req->reason_code, tx, frame_buf);
  		ieee80211_report_disconnect(sdata, frame_buf,
  					    sizeof(frame_buf), true,
@@ -221,7 +221,7 @@ Signed-off-by: Johannes Berg <johannes.berg@intel.com>
  		return 0;
  	}
  
-@@ -5873,7 +5906,7 @@ int ieee80211_mgd_disassoc(struct ieee80
+@@ -5878,7 +5911,7 @@ int ieee80211_mgd_disassoc(struct ieee80
  			       frame_buf);
  
  	ieee80211_report_disconnect(sdata, frame_buf, sizeof(frame_buf), true,

package/kernel/mac80211/patches/subsys/302-cfg80211-Add-support-to-configure-SAE-PWE-value-to-d.patch

@@ -0,0 +1,74 @@
+From: Rohan Dutta <drohan@codeaurora.org>
+Date: Tue, 27 Oct 2020 12:09:10 +0200
+Subject: [PATCH] cfg80211: Add support to configure SAE PWE value to drivers
+
+Add support to configure SAE PWE preference from userspace to drivers in
+both AP and STA modes. This is needed for cases where the driver takes
+care of Authentication frame processing (SME in the driver) so that
+correct enforcement of the acceptable PWE derivation mechanism can be
+performed.
+
+The userspace applications can pass the sae_pwe value using the
+NL80211_ATTR_SAE_PWE attribute in the NL80211_CMD_CONNECT and
+NL80211_CMD_START_AP commands to the driver. This allows selection
+between the hunting-and-pecking loop and hash-to-element options for PWE
+derivation. For backwards compatibility, this new attribute is optional
+and if not included, the driver is notified of the value being
+unspecified.
+
+Signed-off-by: Rohan Dutta <drohan@codeaurora.org>
+Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
+Link: https://lore.kernel.org/r/20201027100910.22283-1-jouni@codeaurora.org
+Signed-off-by: Johannes Berg <johannes.berg@intel.com>
+---
+
+--- a/include/net/cfg80211.h
++++ b/include/net/cfg80211.h
+@@ -1009,6 +1009,14 @@ struct survey_info {
+  * @sae_pwd: password for SAE authentication (for devices supporting SAE
+  *	offload)
+  * @sae_pwd_len: length of SAE password (for devices supporting SAE offload)
++ * @sae_pwe: The mechanisms allowed for SAE PWE derivation
++ *	NL80211_SAE_PWE_UNSPECIFIED: Not-specified, used to indicate userspace
++ *		did not specify any preference. The driver should follow its
++ *		internal policy in such a scenario.
++ *	NL80211_SAE_PWE_HUNT_AND_PECK: Allow hunting-and-pecking loop only
++ *	NL80211_SAE_PWE_HASH_TO_ELEMENT: Allow hash-to-element only
++ *	NL80211_SAE_PWE_BOTH: Allow either hunting-and-pecking loop
++ *		or hash-to-element
+  */
+ struct cfg80211_crypto_settings {
+ 	u32 wpa_versions;
+@@ -1027,6 +1035,7 @@ struct cfg80211_crypto_settings {
+ 	const u8 *psk;
+ 	const u8 *sae_pwd;
+ 	u8 sae_pwd_len;
++	enum nl80211_sae_pwe_mechanism sae_pwe;
+ };
+ 
+ /**
+--- a/net/wireless/nl80211.c
++++ b/net/wireless/nl80211.c
+@@ -736,6 +736,9 @@ static const struct nla_policy nl80211_p
+ 		NLA_POLICY_EXACT_LEN(IEEE80211_S1G_CAPABILITY_LEN),
+ 	[NL80211_ATTR_S1G_CAPABILITY_MASK] =
+ 		NLA_POLICY_EXACT_LEN(IEEE80211_S1G_CAPABILITY_LEN),
++	[NL80211_ATTR_SAE_PWE] =
++		NLA_POLICY_RANGE(NLA_U8, NL80211_SAE_PWE_HUNT_AND_PECK,
++				 NL80211_SAE_PWE_BOTH),
+ 	[NL80211_ATTR_RECONNECT_REQUESTED] = { .type = NLA_REJECT },
+ };
+ 
+@@ -9764,6 +9767,12 @@ static int nl80211_crypto_settings(struc
+ 			nla_len(info->attrs[NL80211_ATTR_SAE_PASSWORD]);
+ 	}
+ 
++	if (info->attrs[NL80211_ATTR_SAE_PWE])
++		settings->sae_pwe =
++			nla_get_u8(info->attrs[NL80211_ATTR_SAE_PWE]);
++	else
++		settings->sae_pwe = NL80211_SAE_PWE_UNSPECIFIED;
++
+ 	return 0;
+ }
+ 

package/kernel/mac80211/patches/subsys/311-net-fq_impl-drop-get_default_func-move-default-flow-.patch

@@ -68,7 +68,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
  static int fq_init(struct fq *fq, int flows_cnt)
 --- a/net/mac80211/ieee80211_i.h
 +++ b/net/mac80211/ieee80211_i.h
-@@ -857,7 +857,6 @@ enum txq_info_flags {
+@@ -846,7 +846,6 @@ enum txq_info_flags {
   */
  struct txq_info {
  	struct fq_tin tin;

package/kernel/mac80211/patches/subsys/315-mac80211-add-rx-decapsulation-offload-support.patch

@@ -132,7 +132,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
  #endif /* __MAC80211_DRIVER_OPS */
 --- a/net/mac80211/iface.c
 +++ b/net/mac80211/iface.c
-@@ -839,7 +839,7 @@ static const struct net_device_ops ieee8
+@@ -835,7 +835,7 @@ static const struct net_device_ops ieee8
  
  };
  
@@ -141,7 +141,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
  {
  	switch (iftype) {
  	/* P2P GO and client are mapped to AP/STATION types */
-@@ -859,7 +859,7 @@ static bool ieee80211_set_sdata_offload_
+@@ -855,7 +855,7 @@ static bool ieee80211_set_sdata_offload_
  	flags = sdata->vif.offload_flags;
  
  	if (ieee80211_hw_check(&local->hw, SUPPORTS_TX_ENCAP_OFFLOAD) &&
@@ -150,7 +150,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
  		flags |= IEEE80211_OFFLOAD_ENCAP_ENABLED;
  
  		if (!ieee80211_hw_check(&local->hw, SUPPORTS_TX_FRAG) &&
-@@ -872,10 +872,21 @@ static bool ieee80211_set_sdata_offload_
+@@ -868,10 +868,21 @@ static bool ieee80211_set_sdata_offload_
  		flags &= ~IEEE80211_OFFLOAD_ENCAP_ENABLED;
  	}
  
@@ -172,7 +172,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
  	return true;
  }
  
-@@ -893,7 +904,7 @@ static void ieee80211_set_vif_encap_ops(
+@@ -889,7 +900,7 @@ static void ieee80211_set_vif_encap_ops(
  	}
  
  	if (!ieee80211_hw_check(&local->hw, SUPPORTS_TX_ENCAP_OFFLOAD) ||
@@ -183,7 +183,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
  	enabled = bss->vif.offload_flags & IEEE80211_OFFLOAD_ENCAP_ENABLED;
 --- a/net/mac80211/rx.c
 +++ b/net/mac80211/rx.c
-@@ -4114,7 +4114,9 @@ void ieee80211_check_fast_rx(struct sta_
+@@ -4198,7 +4198,9 @@ void ieee80211_check_fast_rx(struct sta_
  		.vif_type = sdata->vif.type,
  		.control_port_protocol = sdata->control_port_protocol,
  	}, *old, *new = NULL;
@@ -193,7 +193,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
  
  	/* use sparse to check that we don't return without updating */
  	__acquire(check_fast_rx);
-@@ -4227,6 +4229,17 @@ void ieee80211_check_fast_rx(struct sta_
+@@ -4311,6 +4313,17 @@ void ieee80211_check_fast_rx(struct sta_
  	if (assign)
  		new = kmemdup(&fastrx, sizeof(fastrx), GFP_KERNEL);
  
@@ -211,7 +211,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
  	spin_lock_bh(&sta->lock);
  	old = rcu_dereference_protected(sta->fast_rx, true);
  	rcu_assign_pointer(sta->fast_rx, new);
-@@ -4273,6 +4286,108 @@ void ieee80211_check_fast_rx_iface(struc
+@@ -4357,6 +4370,108 @@ void ieee80211_check_fast_rx_iface(struc
  	mutex_unlock(&local->sta_mtx);
  }
  
@@ -320,7 +320,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
  static bool ieee80211_invoke_fast_rx(struct ieee80211_rx_data *rx,
  				     struct ieee80211_fast_rx *fast_rx)
  {
-@@ -4293,9 +4408,6 @@ static bool ieee80211_invoke_fast_rx(str
+@@ -4377,9 +4492,6 @@ static bool ieee80211_invoke_fast_rx(str
  	} addrs __aligned(2);
  	struct ieee80211_sta_rx_stats *stats = &sta->rx_stats;
  
@@ -330,7 +330,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
  	/* for parallel-rx, we need to have DUP_VALIDATED, otherwise we write
  	 * to a common data structure; drivers can implement that per queue
  	 * but we don't have that information in mac80211
-@@ -4369,32 +4481,6 @@ static bool ieee80211_invoke_fast_rx(str
+@@ -4453,32 +4565,6 @@ static bool ieee80211_invoke_fast_rx(str
  	    pskb_trim(skb, skb->len - fast_rx->icv_len))
  		goto drop;
  
@@ -363,7 +363,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
  	if (rx->key && !ieee80211_has_protected(hdr->frame_control))
  		goto drop;
  
-@@ -4406,12 +4492,6 @@ static bool ieee80211_invoke_fast_rx(str
+@@ -4490,12 +4576,6 @@ static bool ieee80211_invoke_fast_rx(str
  		return true;
  	}
  
@@ -376,7 +376,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
  	/* do the header conversion - first grab the addresses */
  	ether_addr_copy(addrs.da, skb->data + fast_rx->da_offs);
  	ether_addr_copy(addrs.sa, skb->data + fast_rx->sa_offs);
-@@ -4420,62 +4500,14 @@ static bool ieee80211_invoke_fast_rx(str
+@@ -4504,62 +4584,14 @@ static bool ieee80211_invoke_fast_rx(str
  	/* push the addresses in front */
  	memcpy(skb_push(skb, sizeof(addrs)), &addrs, sizeof(addrs));
  
@@ -443,7 +443,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
  	stats->dropped++;
  	return true;
  }
-@@ -4529,6 +4561,47 @@ static bool ieee80211_prepare_and_rx_han
+@@ -4613,6 +4645,47 @@ static bool ieee80211_prepare_and_rx_han
  	return true;
  }
  
@@ -491,7 +491,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
  /*
   * This is the actual Rx frames handler. as it belongs to Rx path it must
   * be called with rcu_read_lock protection.
-@@ -4766,15 +4839,20 @@ void ieee80211_rx_list(struct ieee80211_
+@@ -4850,15 +4923,20 @@ void ieee80211_rx_list(struct ieee80211_
  	 * if it was previously present.
  	 * Also, frames with less than 16 bytes are dropped.
  	 */

package/kernel/mac80211/patches/subsys/316-mac80211-enable-QoS-support-for-nl80211-ctrl-port.patch

@@ -0,0 +1,116 @@
+From: Markus Theil <markus.theil@tu-ilmenau.de>
+Date: Sat, 6 Feb 2021 12:51:12 +0100
+Subject: [PATCH] mac80211: enable QoS support for nl80211 ctrl port
+
+This patch unifies sending control port frames
+over nl80211 and AF_PACKET sockets a little more.
+
+Before this patch, EAPOL frames got QoS prioritization
+only when using AF_PACKET sockets.
+
+__ieee80211_select_queue only selects a QoS-enabled queue
+for control port frames, when the control port protocol
+is set correctly on the skb. For the AF_PACKET path this
+works, but the nl80211 path used ETH_P_802_3.
+
+Another check for injected frames in wme.c then prevented
+the QoS TID to be copied in the frame.
+
+In order to fix this, get rid of the frame injection marking
+for nl80211 ctrl port and set the correct ethernet protocol.
+
+Please note:
+An erlier version of this path tried to prevent
+frame aggregation for control port frames in order to speed up
+the initial connection setup a little. This seemed to cause
+issues on my older Intel dvm-based hardware, and was therefore
+removed again. Future commits which try to reintroduce this
+have to check carefully how hw behaves with aggregated and
+non-aggregated traffic for the same TID.
+My NIC: Intel(R) Centrino(R) Ultimate-N 6300 AGN, REV=0x74
+
+Reported-by: kernel test robot <lkp@intel.com>
+Signed-off-by: Markus Theil <markus.theil@tu-ilmenau.de>
+Link: https://lore.kernel.org/r/20210206115112.567881-1-markus.theil@tu-ilmenau.de
+Signed-off-by: Johannes Berg <johannes.berg@intel.com>
+---
+
+--- a/net/mac80211/status.c
++++ b/net/mac80211/status.c
+@@ -628,16 +628,12 @@ static void ieee80211_report_ack_skb(str
+ 		u64 cookie = IEEE80211_SKB_CB(skb)->ack.cookie;
+ 		struct ieee80211_sub_if_data *sdata;
+ 		struct ieee80211_hdr *hdr = (void *)skb->data;
+-		__be16 ethertype = 0;
+-
+-		if (skb->len >= ETH_HLEN && skb->protocol == cpu_to_be16(ETH_P_802_3))
+-			skb_copy_bits(skb, 2 * ETH_ALEN, &ethertype, ETH_TLEN);
+ 
+ 		rcu_read_lock();
+ 		sdata = ieee80211_sdata_from_skb(local, skb);
+ 		if (sdata) {
+-			if (ethertype == sdata->control_port_protocol ||
+-			    ethertype == cpu_to_be16(ETH_P_PREAUTH))
++			if (skb->protocol == sdata->control_port_protocol ||
++			    skb->protocol == cpu_to_be16(ETH_P_PREAUTH))
+ 				cfg80211_control_port_tx_status(&sdata->wdev,
+ 								cookie,
+ 								skb->data,
+--- a/net/mac80211/tx.c
++++ b/net/mac80211/tx.c
+@@ -1195,9 +1195,7 @@ ieee80211_tx_prepare(struct ieee80211_su
+ 			tx->sta = rcu_dereference(sdata->u.vlan.sta);
+ 			if (!tx->sta && sdata->wdev.use_4addr)
+ 				return TX_DROP;
+-		} else if (info->flags & (IEEE80211_TX_INTFL_NL80211_FRAME_TX |
+-					  IEEE80211_TX_CTL_INJECTED) ||
+-			   tx->sdata->control_port_protocol == tx->skb->protocol) {
++		} else if (tx->sdata->control_port_protocol == tx->skb->protocol) {
+ 			tx->sta = sta_info_get_bss(sdata, hdr->addr1);
+ 		}
+ 		if (!tx->sta && !is_multicast_ether_addr(hdr->addr1))
+@@ -5421,6 +5419,7 @@ int ieee80211_tx_control_port(struct wip
+ {
+ 	struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
+ 	struct ieee80211_local *local = sdata->local;
++	struct sta_info *sta;
+ 	struct sk_buff *skb;
+ 	struct ethhdr *ehdr;
+ 	u32 ctrl_flags = 0;
+@@ -5443,8 +5442,7 @@ int ieee80211_tx_control_port(struct wip
+ 	if (cookie)
+ 		ctrl_flags |= IEEE80211_TX_CTL_REQ_TX_STATUS;
+ 
+-	flags |= IEEE80211_TX_INTFL_NL80211_FRAME_TX |
+-		 IEEE80211_TX_CTL_INJECTED;
++	flags |= IEEE80211_TX_INTFL_NL80211_FRAME_TX;
+ 
+ 	skb = dev_alloc_skb(local->hw.extra_tx_headroom +
+ 			    sizeof(struct ethhdr) + len);
+@@ -5461,10 +5459,25 @@ int ieee80211_tx_control_port(struct wip
+ 	ehdr->h_proto = proto;
+ 
+ 	skb->dev = dev;
+-	skb->protocol = htons(ETH_P_802_3);
++	skb->protocol = proto;
+ 	skb_reset_network_header(skb);
+ 	skb_reset_mac_header(skb);
+ 
++	/* update QoS header to prioritize control port frames if possible,
++	 * priorization also happens for control port frames send over
++	 * AF_PACKET
++	 */
++	rcu_read_lock();
++
++	if (ieee80211_lookup_ra_sta(sdata, skb, &sta) == 0 && !IS_ERR(sta)) {
++		u16 queue = __ieee80211_select_queue(sdata, sta, skb);
++
++		skb_set_queue_mapping(skb, queue);
++		skb_get_hash(skb);
++	}
++
++	rcu_read_unlock();
++
+ 	/* mutex lock is only needed for incrementing the cookie counter */
+ 	mutex_lock(&local->mtx);
+ 

package/kernel/mac80211/patches/subsys/371-mac80211-don-t-apply-flow-control-on-management-fram.patch

@@ -28,7 +28,7 @@ Signed-off-by: Johannes Berg <johannes.berg@intel.com>
   *
   * Transmit and frame generation functions.
   */
-@@ -1403,8 +1403,17 @@ static void ieee80211_txq_enqueue(struct
+@@ -1401,8 +1401,17 @@ static void ieee80211_txq_enqueue(struct
  	ieee80211_set_skb_enqueue_time(skb);
  
  	spin_lock_bh(&fq->lock);
@@ -48,7 +48,7 @@ Signed-off-by: Johannes Berg <johannes.berg@intel.com>
  	spin_unlock_bh(&fq->lock);
  }
  
-@@ -3846,6 +3855,9 @@ bool ieee80211_txq_airtime_check(struct
+@@ -3844,6 +3853,9 @@ bool ieee80211_txq_airtime_check(struct
  	if (!txq->sta)
  		return true;
  

package/kernel/mac80211/patches/subsys/372-mac80211-set-sk_pacing_shift-for-802.3-txpath.patch

@@ -9,7 +9,7 @@ Signed-off-by: Lorenzo Bianconi <lorenzo@kernel.org>
 
 --- a/net/mac80211/tx.c
 +++ b/net/mac80211/tx.c
-@@ -4173,6 +4173,9 @@ static bool ieee80211_tx_8023(struct iee
+@@ -4171,6 +4171,9 @@ static bool ieee80211_tx_8023(struct iee
  	unsigned long flags;
  	int q = info->hw_queue;
  

package/kernel/mac80211/patches/subsys/373-mac80211-support-Rx-timestamp-calculation-for-all-pr.patch

@@ -15,7 +15,7 @@ Signed-off-by: Johannes Berg <johannes.berg@intel.com>
 
 --- a/net/mac80211/ieee80211_i.h
 +++ b/net/mac80211/ieee80211_i.h
-@@ -1600,13 +1600,8 @@ ieee80211_have_rx_timestamp(struct ieee8
+@@ -1587,13 +1587,8 @@ ieee80211_have_rx_timestamp(struct ieee8
  {
  	WARN_ON_ONCE(status->flag & RX_FLAG_MACTIME_START &&
  		     status->flag & RX_FLAG_MACTIME_END);

package/kernel/mac80211/patches/subsys/374-mac80211-move-A-MPDU-session-check-from-minstrel_ht-.patch

@@ -0,0 +1,126 @@
+From: Felix Fietkau <nbd@nbd.name>
+Date: Thu, 17 Jun 2021 17:56:54 +0200
+Subject: [PATCH] mac80211: move A-MPDU session check from minstrel_ht to
+ mac80211
+
+This avoids calling back into tx handlers from within the rate control module.
+Preparation for deferring rate control until tx dequeue
+
+Signed-off-by: Felix Fietkau <nbd@nbd.name>
+---
+
+--- a/include/net/mac80211.h
++++ b/include/net/mac80211.h
+@@ -6160,6 +6160,11 @@ enum rate_control_capabilities {
+ 	 * otherwise the NSS difference doesn't bother us.
+ 	 */
+ 	RATE_CTRL_CAPA_VHT_EXT_NSS_BW = BIT(0),
++	/**
++	 * @RATE_CTRL_CAPA_AMPDU_TRIGGER:
++	 * mac80211 should start A-MPDU sessions on tx
++	 */
++	RATE_CTRL_CAPA_AMPDU_TRIGGER = BIT(1),
+ };
+ 
+ struct rate_control_ops {
+--- a/net/mac80211/rc80211_minstrel_ht.c
++++ b/net/mac80211/rc80211_minstrel_ht.c
+@@ -1153,29 +1153,6 @@ minstrel_downgrade_prob_rate(struct mins
+ }
+ 
+ static void
+-minstrel_aggr_check(struct ieee80211_sta *pubsta, struct sk_buff *skb)
+-{
+-	struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;
+-	struct sta_info *sta = container_of(pubsta, struct sta_info, sta);
+-	u16 tid;
+-
+-	if (skb_get_queue_mapping(skb) == IEEE80211_AC_VO)
+-		return;
+-
+-	if (unlikely(!ieee80211_is_data_qos(hdr->frame_control)))
+-		return;
+-
+-	if (unlikely(skb->protocol == cpu_to_be16(ETH_P_PAE)))
+-		return;
+-
+-	tid = ieee80211_get_tid(hdr);
+-	if (likely(sta->ampdu_mlme.tid_tx[tid]))
+-		return;
+-
+-	ieee80211_start_tx_ba_session(pubsta, tid, 0);
+-}
+-
+-static void
+ minstrel_ht_tx_status(void *priv, struct ieee80211_supported_band *sband,
+                       void *priv_sta, struct ieee80211_tx_status *st)
+ {
+@@ -1477,10 +1454,6 @@ minstrel_ht_get_rate(void *priv, struct
+ 	struct minstrel_priv *mp = priv;
+ 	u16 sample_idx;
+ 
+-	if (!(info->flags & IEEE80211_TX_CTL_AMPDU) &&
+-	    !minstrel_ht_is_legacy_group(MI_RATE_GROUP(mi->max_prob_rate)))
+-		minstrel_aggr_check(sta, txrc->skb);
+-
+ 	info->flags |= mi->tx_flags;
+ 
+ #ifdef CPTCFG_MAC80211_DEBUGFS
+@@ -1894,6 +1867,7 @@ static u32 minstrel_ht_get_expected_thro
+ 
+ static const struct rate_control_ops mac80211_minstrel_ht = {
+ 	.name = "minstrel_ht",
++	.capa = RATE_CTRL_CAPA_AMPDU_TRIGGER,
+ 	.tx_status_ext = minstrel_ht_tx_status,
+ 	.get_rate = minstrel_ht_get_rate,
+ 	.rate_init = minstrel_ht_rate_init,
+--- a/net/mac80211/tx.c
++++ b/net/mac80211/tx.c
+@@ -3931,6 +3931,29 @@ void ieee80211_txq_schedule_start(struct
+ }
+ EXPORT_SYMBOL(ieee80211_txq_schedule_start);
+ 
++static void
++ieee80211_aggr_check(struct ieee80211_sub_if_data *sdata,
++		     struct sta_info *sta,
++		     struct sk_buff *skb)
++{
++	struct rate_control_ref *ref = sdata->local->rate_ctrl;
++	u16 tid;
++
++	if (!ref || !(ref->ops->capa & RATE_CTRL_CAPA_AMPDU_TRIGGER))
++		return;
++
++	if (!sta || !sta->sta.ht_cap.ht_supported ||
++	    !sta->sta.wme || skb_get_queue_mapping(skb) == IEEE80211_AC_VO ||
++	    skb->protocol == sdata->control_port_protocol)
++		return;
++
++	tid = skb->priority & IEEE80211_QOS_CTL_TID_MASK;
++	if (likely(sta->ampdu_mlme.tid_tx[tid]))
++		return;
++
++	ieee80211_start_tx_ba_session(&sta->sta, tid, 0);
++}
++
+ void __ieee80211_subif_start_xmit(struct sk_buff *skb,
+ 				  struct net_device *dev,
+ 				  u32 info_flags,
+@@ -3961,6 +3984,8 @@ void __ieee80211_subif_start_xmit(struct
+ 		skb_get_hash(skb);
+ 	}
+ 
++	ieee80211_aggr_check(sdata, sta, skb);
++
+ 	if (sta) {
+ 		struct ieee80211_fast_tx *fast_tx;
+ 
+@@ -4224,6 +4249,8 @@ static void ieee80211_8023_xmit(struct i
+ 
+ 	memset(info, 0, sizeof(*info));
+ 
++	ieee80211_aggr_check(sdata, sta, skb);
++
+ 	tid = skb->priority & IEEE80211_QOS_CTL_TAG1D_MASK;
+ 	tid_tx = rcu_dereference(sta->ampdu_mlme.tid_tx[tid]);
+ 	if (tid_tx) {

package/kernel/mac80211/patches/subsys/375-mac80211-call-ieee80211_tx_h_rate_ctrl-when-dequeue.patch

@@ -0,0 +1,114 @@
+From: Ryder Lee <ryder.lee@mediatek.com>
+Date: Fri, 28 May 2021 14:05:41 +0800
+Subject: [PATCH] mac80211: call ieee80211_tx_h_rate_ctrl() when dequeue
+
+Make ieee80211_tx_h_rate_ctrl() get called on dequeue to improve
+performance since it reduces the turnaround time for rate control.
+
+Signed-off-by: Ryder Lee <ryder.lee@mediatek.com>
+---
+
+--- a/net/mac80211/tx.c
++++ b/net/mac80211/tx.c
+@@ -1778,8 +1778,6 @@ static int invoke_tx_handlers_early(stru
+ 	CALL_TXH(ieee80211_tx_h_ps_buf);
+ 	CALL_TXH(ieee80211_tx_h_check_control_port_protocol);
+ 	CALL_TXH(ieee80211_tx_h_select_key);
+-	if (!ieee80211_hw_check(&tx->local->hw, HAS_RATE_CONTROL))
+-		CALL_TXH(ieee80211_tx_h_rate_ctrl);
+ 
+  txh_done:
+ 	if (unlikely(res == TX_DROP)) {
+@@ -1812,6 +1810,9 @@ static int invoke_tx_handlers_late(struc
+ 		goto txh_done;
+ 	}
+ 
++	if (!ieee80211_hw_check(&tx->local->hw, HAS_RATE_CONTROL))
++		CALL_TXH(ieee80211_tx_h_rate_ctrl);
++
+ 	CALL_TXH(ieee80211_tx_h_michael_mic_add);
+ 	CALL_TXH(ieee80211_tx_h_sequence);
+ 	CALL_TXH(ieee80211_tx_h_fragment);
+@@ -3382,15 +3383,21 @@ out:
+  * Can be called while the sta lock is held. Anything that can cause packets to
+  * be generated will cause deadlock!
+  */
+-static void ieee80211_xmit_fast_finish(struct ieee80211_sub_if_data *sdata,
+-				       struct sta_info *sta, u8 pn_offs,
+-				       struct ieee80211_key *key,
+-				       struct sk_buff *skb)
++static ieee80211_tx_result
++ieee80211_xmit_fast_finish(struct ieee80211_sub_if_data *sdata,
++			   struct sta_info *sta, u8 pn_offs,
++			   struct ieee80211_key *key,
++			   struct ieee80211_tx_data *tx)
+ {
++	struct sk_buff *skb = tx->skb;
+ 	struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
+ 	struct ieee80211_hdr *hdr = (void *)skb->data;
+ 	u8 tid = IEEE80211_NUM_TIDS;
+ 
++	if (!ieee80211_hw_check(&tx->local->hw, HAS_RATE_CONTROL) &&
++	    ieee80211_tx_h_rate_ctrl(tx) != TX_CONTINUE)
++		return TX_DROP;
++
+ 	if (key)
+ 		info->control.hw_key = &key->conf;
+ 
+@@ -3439,6 +3446,8 @@ static void ieee80211_xmit_fast_finish(s
+ 			break;
+ 		}
+ 	}
++
++	return TX_CONTINUE;
+ }
+ 
+ static bool ieee80211_xmit_fast(struct ieee80211_sub_if_data *sdata,
+@@ -3542,24 +3551,17 @@ static bool ieee80211_xmit_fast(struct i
+ 	tx.sta = sta;
+ 	tx.key = fast_tx->key;
+ 
+-	if (!ieee80211_hw_check(&local->hw, HAS_RATE_CONTROL)) {
+-		tx.skb = skb;
+-		r = ieee80211_tx_h_rate_ctrl(&tx);
+-		skb = tx.skb;
+-		tx.skb = NULL;
+-
+-		if (r != TX_CONTINUE) {
+-			if (r != TX_QUEUED)
+-				kfree_skb(skb);
+-			return true;
+-		}
+-	}
+-
+ 	if (ieee80211_queue_skb(local, sdata, sta, skb))
+ 		return true;
+ 
+-	ieee80211_xmit_fast_finish(sdata, sta, fast_tx->pn_offs,
+-				   fast_tx->key, skb);
++	tx.skb = skb;
++	r = ieee80211_xmit_fast_finish(sdata, sta, fast_tx->pn_offs,
++				       fast_tx->key, &tx);
++	tx.skb = NULL;
++	if (r == TX_DROP) {
++		kfree_skb(skb);
++		return true;
++	}
+ 
+ 	if (sdata->vif.type == NL80211_IFTYPE_AP_VLAN)
+ 		sdata = container_of(sdata->bss,
+@@ -3670,8 +3672,12 @@ begin:
+ 		    (tx.key->conf.flags & IEEE80211_KEY_FLAG_GENERATE_IV))
+ 			pn_offs = ieee80211_hdrlen(hdr->frame_control);
+ 
+-		ieee80211_xmit_fast_finish(sta->sdata, sta, pn_offs,
+-					   tx.key, skb);
++		r = ieee80211_xmit_fast_finish(sta->sdata, sta, pn_offs,
++					       tx.key, &tx);
++		if (r != TX_CONTINUE) {
++			ieee80211_free_txskb(&local->hw, skb);
++			goto begin;
++		}
+ 	} else {
+ 		if (invoke_tx_handlers_late(&tx))
+ 			goto begin;

package/kernel/mac80211/patches/subsys/376-mac80211-add-rate-control-support-for-encap-offload.patch

@@ -0,0 +1,119 @@
+From: Ryder Lee <ryder.lee@mediatek.com>
+Date: Fri, 28 May 2021 14:05:43 +0800
+Subject: [PATCH] mac80211: add rate control support for encap offload
+
+The software rate control cannot deal with encap offload, so fix it.
+
+Signed-off-by: Ryder Lee <ryder.lee@mediatek.com>
+---
+
+--- a/net/mac80211/ieee80211_i.h
++++ b/net/mac80211/ieee80211_i.h
+@@ -2024,6 +2024,15 @@ static inline void ieee80211_tx_skb(stru
+ 	ieee80211_tx_skb_tid(sdata, skb, 7);
+ }
+ 
++static inline bool ieee80211_is_tx_data(struct sk_buff *skb)
++{
++	struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)skb->data;
++	struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
++
++	return info->flags & IEEE80211_TX_CTL_HW_80211_ENCAP ||
++	       ieee80211_is_data(hdr->frame_control);
++}
++
+ u32 ieee802_11_parse_elems_crc(const u8 *start, size_t len, bool action,
+ 			       struct ieee802_11_elems *elems,
+ 			       u64 filter, u32 crc, u8 *transmitter_bssid,
+--- a/net/mac80211/rate.c
++++ b/net/mac80211/rate.c
+@@ -297,15 +297,11 @@ void ieee80211_check_rate_mask(struct ie
+ static bool rc_no_data_or_no_ack_use_min(struct ieee80211_tx_rate_control *txrc)
+ {
+ 	struct sk_buff *skb = txrc->skb;
+-	struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;
+ 	struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
+-	__le16 fc;
+-
+-	fc = hdr->frame_control;
+ 
+ 	return (info->flags & (IEEE80211_TX_CTL_NO_ACK |
+ 			       IEEE80211_TX_CTL_USE_MINRATE)) ||
+-		!ieee80211_is_data(fc);
++		!ieee80211_is_tx_data(skb);
+ }
+ 
+ static void rc_send_low_basicrate(struct ieee80211_tx_rate *rate,
+@@ -870,7 +866,6 @@ void ieee80211_get_tx_rates(struct ieee8
+ 			    int max_rates)
+ {
+ 	struct ieee80211_sub_if_data *sdata;
+-	struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;
+ 	struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
+ 	struct ieee80211_supported_band *sband;
+ 
+@@ -882,7 +877,7 @@ void ieee80211_get_tx_rates(struct ieee8
+ 	sdata = vif_to_sdata(vif);
+ 	sband = sdata->local->hw.wiphy->bands[info->band];
+ 
+-	if (ieee80211_is_data(hdr->frame_control))
++	if (ieee80211_is_tx_data(skb))
+ 		rate_control_apply_mask(sdata, sta, sband, dest, max_rates);
+ 
+ 	if (dest[0].idx < 0)
+--- a/net/mac80211/tx.c
++++ b/net/mac80211/tx.c
+@@ -679,6 +679,7 @@ ieee80211_tx_h_rate_ctrl(struct ieee8021
+ 	u32 len;
+ 	struct ieee80211_tx_rate_control txrc;
+ 	struct ieee80211_sta_rates *ratetbl = NULL;
++	bool encap = info->flags & IEEE80211_TX_CTL_HW_80211_ENCAP;
+ 	bool assoc = false;
+ 
+ 	memset(&txrc, 0, sizeof(txrc));
+@@ -720,7 +721,7 @@ ieee80211_tx_h_rate_ctrl(struct ieee8021
+ 	 * just wants a probe response.
+ 	 */
+ 	if (tx->sdata->vif.bss_conf.use_short_preamble &&
+-	    (ieee80211_is_data(hdr->frame_control) ||
++	    (ieee80211_is_tx_data(tx->skb) ||
+ 	     (tx->sta && test_sta_flag(tx->sta, WLAN_STA_SHORT_PREAMBLE))))
+ 		txrc.short_preamble = true;
+ 
+@@ -742,7 +743,8 @@ ieee80211_tx_h_rate_ctrl(struct ieee8021
+ 		 "%s: Dropped data frame as no usable bitrate found while "
+ 		 "scanning and associated. Target station: "
+ 		 "%pM on %d GHz band\n",
+-		 tx->sdata->name, hdr->addr1,
++		 tx->sdata->name,
++		 encap ? ((struct ethhdr *)hdr)->h_dest : hdr->addr1,
+ 		 info->band ? 5 : 2))
+ 		return TX_DROP;
+ 
+@@ -776,7 +778,7 @@ ieee80211_tx_h_rate_ctrl(struct ieee8021
+ 
+ 	if (txrc.reported_rate.idx < 0) {
+ 		txrc.reported_rate = tx->rate;
+-		if (tx->sta && ieee80211_is_data(hdr->frame_control))
++		if (tx->sta && ieee80211_is_tx_data(tx->skb))
+ 			tx->sta->tx_stats.last_rate = txrc.reported_rate;
+ 	} else if (tx->sta)
+ 		tx->sta->tx_stats.last_rate = txrc.reported_rate;
+@@ -3660,8 +3662,16 @@ begin:
+ 	else
+ 		info->flags &= ~IEEE80211_TX_CTL_AMPDU;
+ 
+-	if (info->flags & IEEE80211_TX_CTL_HW_80211_ENCAP)
++	if (info->flags & IEEE80211_TX_CTL_HW_80211_ENCAP) {
++		if (!ieee80211_hw_check(&local->hw, HAS_RATE_CONTROL)) {
++			r = ieee80211_tx_h_rate_ctrl(&tx);
++			if (r != TX_CONTINUE) {
++				ieee80211_free_txskb(&local->hw, skb);
++				goto begin;
++			}
++		}
+ 		goto encap_out;
++	}
+ 
+ 	if (info->control.flags & IEEE80211_TX_CTRL_FAST_XMIT) {
+ 		struct sta_info *sta = container_of(txq->sta, struct sta_info,

package/kernel/mac80211/patches/subsys/377-mac80211-minstrel_ht-fix-sample-time-check.patch

@@ -0,0 +1,23 @@
+From: Felix Fietkau <nbd@nbd.name>
+Date: Thu, 17 Jun 2021 12:05:54 +0200
+Subject: [PATCH] mac80211: minstrel_ht: fix sample time check
+
+We need to skip sampling if the next sample time is after jiffies, not before.
+This patch fixes an issue where in some cases only very little sampling (or none
+at all) is performed, leading to really bad data rates
+
+Fixes: 80d55154b2f8 ("mac80211: minstrel_ht: significantly redesign the rate probing strategy")
+Signed-off-by: Felix Fietkau <nbd@nbd.name>
+---
+
+--- a/net/mac80211/rc80211_minstrel_ht.c
++++ b/net/mac80211/rc80211_minstrel_ht.c
+@@ -1466,7 +1466,7 @@ minstrel_ht_get_rate(void *priv, struct
+ 	    (info->control.flags & IEEE80211_TX_CTRL_PORT_CTRL_PROTO))
+ 		return;
+ 
+-	if (time_is_before_jiffies(mi->sample_time))
++	if (time_is_after_jiffies(mi->sample_time))
+ 		return;
+ 
+ 	mi->sample_time = jiffies + MINSTREL_SAMPLE_INTERVAL;

package/kernel/mac80211/patches/subsys/378-mac80211-remove-iwlwifi-specific-workaround-that-bro.patch

@@ -0,0 +1,51 @@
+From: Felix Fietkau <nbd@nbd.name>
+Date: Sat, 19 Jun 2021 12:10:14 +0200
+Subject: [PATCH] mac80211: remove iwlwifi specific workaround that broke sta
+ NDP tx
+
+Sending nulldata packets is important for sw AP link probing and detecting
+4-address mode links. The checks that dropped these packets were apparently
+added to work around an iwlwifi firmware bug with multi-TID aggregation.
+
+Fixes: 41cbb0f5a295 ("mac80211: add support for HE")
+Cc: stable@vger.kernel.org
+Signed-off-by: Felix Fietkau <nbd@nbd.name>
+---
+
+--- a/drivers/net/wireless/intel/iwlwifi/mvm/tx.c
++++ b/drivers/net/wireless/intel/iwlwifi/mvm/tx.c
+@@ -1085,6 +1085,9 @@ static int iwl_mvm_tx_mpdu(struct iwl_mv
+ 	if (WARN_ON_ONCE(mvmsta->sta_id == IWL_MVM_INVALID_STA))
+ 		return -1;
+ 
++	if (unlikely(ieee80211_is_any_nullfunc(fc)) && sta->he_cap.has_he)
++		return -1;
++
+ 	if (unlikely(ieee80211_is_probe_resp(fc)))
+ 		iwl_mvm_probe_resp_set_noa(mvm, skb);
+ 
+--- a/net/mac80211/mlme.c
++++ b/net/mac80211/mlme.c
+@@ -1094,11 +1094,6 @@ void ieee80211_send_nullfunc(struct ieee
+ 	struct ieee80211_hdr_3addr *nullfunc;
+ 	struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
+ 
+-	/* Don't send NDPs when STA is connected HE */
+-	if (sdata->vif.type == NL80211_IFTYPE_STATION &&
+-	    !(ifmgd->flags & IEEE80211_STA_DISABLE_HE))
+-		return;
+-
+ 	skb = ieee80211_nullfunc_get(&local->hw, &sdata->vif,
+ 		!ieee80211_hw_check(&local->hw, DOESNT_SUPPORT_QOS_NDP));
+ 	if (!skb)
+@@ -1130,10 +1125,6 @@ static void ieee80211_send_4addr_nullfun
+ 	if (WARN_ON(sdata->vif.type != NL80211_IFTYPE_STATION))
+ 		return;
+ 
+-	/* Don't send NDPs when connected HE */
+-	if (!(sdata->u.mgd.flags & IEEE80211_STA_DISABLE_HE))
+-		return;
+-
+ 	skb = dev_alloc_skb(local->hw.extra_tx_headroom + 30);
+ 	if (!skb)
+ 		return;

package/kernel/mac80211/patches/subsys/379-mac80211-fix-starting-aggregation-sessions-on-mesh-i.patch

@@ -0,0 +1,112 @@
+From: Felix Fietkau <nbd@nbd.name>
+Date: Tue, 29 Jun 2021 13:25:09 +0200
+Subject: [PATCH] mac80211: fix starting aggregation sessions on mesh
+ interfaces
+
+The logic for starting aggregation sessions was recently moved from minstrel_ht
+to mac80211, into the subif tx handler just after the sta lookup.
+Unfortunately this didn't work for mesh interfaces, since the sta lookup is
+deferred until a much later point in time on those.
+Fix this by also calling the aggregation check right after the deferred sta
+lookup.
+
+Fixes: 08a46c642001 ("mac80211: move A-MPDU session check from minstrel_ht to mac80211")
+Signed-off-by: Felix Fietkau <nbd@nbd.name>
+---
+
+--- a/net/mac80211/tx.c
++++ b/net/mac80211/tx.c
+@@ -1159,6 +1159,29 @@ static bool ieee80211_tx_prep_agg(struct
+ 	return queued;
+ }
+ 
++static void
++ieee80211_aggr_check(struct ieee80211_sub_if_data *sdata,
++		     struct sta_info *sta,
++		     struct sk_buff *skb)
++{
++	struct rate_control_ref *ref = sdata->local->rate_ctrl;
++	u16 tid;
++
++	if (!ref || !(ref->ops->capa & RATE_CTRL_CAPA_AMPDU_TRIGGER))
++		return;
++
++	if (!sta || !sta->sta.ht_cap.ht_supported ||
++	    !sta->sta.wme || skb_get_queue_mapping(skb) == IEEE80211_AC_VO ||
++	    skb->protocol == sdata->control_port_protocol)
++		return;
++
++	tid = skb->priority & IEEE80211_QOS_CTL_TID_MASK;
++	if (likely(sta->ampdu_mlme.tid_tx[tid]))
++		return;
++
++	ieee80211_start_tx_ba_session(&sta->sta, tid, 0);
++}
++
+ /*
+  * initialises @tx
+  * pass %NULL for the station if unknown, a valid pointer if known
+@@ -1172,6 +1195,7 @@ ieee80211_tx_prepare(struct ieee80211_su
+ 	struct ieee80211_local *local = sdata->local;
+ 	struct ieee80211_hdr *hdr;
+ 	struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
++	bool aggr_check = false;
+ 	int tid;
+ 
+ 	memset(tx, 0, sizeof(*tx));
+@@ -1200,8 +1224,10 @@ ieee80211_tx_prepare(struct ieee80211_su
+ 		} else if (tx->sdata->control_port_protocol == tx->skb->protocol) {
+ 			tx->sta = sta_info_get_bss(sdata, hdr->addr1);
+ 		}
+-		if (!tx->sta && !is_multicast_ether_addr(hdr->addr1))
++		if (!tx->sta && !is_multicast_ether_addr(hdr->addr1)) {
+ 			tx->sta = sta_info_get(sdata, hdr->addr1);
++			aggr_check = true;
++		}
+ 	}
+ 
+ 	if (tx->sta && ieee80211_is_data_qos(hdr->frame_control) &&
+@@ -1211,8 +1237,12 @@ ieee80211_tx_prepare(struct ieee80211_su
+ 		struct tid_ampdu_tx *tid_tx;
+ 
+ 		tid = ieee80211_get_tid(hdr);
+-
+ 		tid_tx = rcu_dereference(tx->sta->ampdu_mlme.tid_tx[tid]);
++		if (!tid_tx && aggr_check) {
++			ieee80211_aggr_check(sdata, tx->sta, skb);
++			tid_tx = rcu_dereference(tx->sta->ampdu_mlme.tid_tx[tid]);
++		}
++
+ 		if (tid_tx) {
+ 			bool queued;
+ 
+@@ -3947,29 +3977,6 @@ void ieee80211_txq_schedule_start(struct
+ }
+ EXPORT_SYMBOL(ieee80211_txq_schedule_start);
+ 
+-static void
+-ieee80211_aggr_check(struct ieee80211_sub_if_data *sdata,
+-		     struct sta_info *sta,
+-		     struct sk_buff *skb)
+-{
+-	struct rate_control_ref *ref = sdata->local->rate_ctrl;
+-	u16 tid;
+-
+-	if (!ref || !(ref->ops->capa & RATE_CTRL_CAPA_AMPDU_TRIGGER))
+-		return;
+-
+-	if (!sta || !sta->sta.ht_cap.ht_supported ||
+-	    !sta->sta.wme || skb_get_queue_mapping(skb) == IEEE80211_AC_VO ||
+-	    skb->protocol == sdata->control_port_protocol)
+-		return;
+-
+-	tid = skb->priority & IEEE80211_QOS_CTL_TID_MASK;
+-	if (likely(sta->ampdu_mlme.tid_tx[tid]))
+-		return;
+-
+-	ieee80211_start_tx_ba_session(&sta->sta, tid, 0);
+-}
+-
+ void __ieee80211_subif_start_xmit(struct sk_buff *skb,
+ 				  struct net_device *dev,
+ 				  u32 info_flags,

package/kernel/mac80211/patches/subsys/380-mac80211-assure-all-fragments-are-encrypted.patch

@@ -1,69 +0,0 @@
-From: Mathy Vanhoef <Mathy.Vanhoef@kuleuven.be>
-Date: Tue, 11 May 2021 20:02:42 +0200
-Subject: [PATCH] mac80211: assure all fragments are encrypted
-
-Do not mix plaintext and encrypted fragments in protected Wi-Fi
-networks. This fixes CVE-2020-26147.
-
-Previously, an attacker was able to first forward a legitimate encrypted
-fragment towards a victim, followed by a plaintext fragment. The
-encrypted and plaintext fragment would then be reassembled. For further
-details see Section 6.3 and Appendix D in the paper "Fragment and Forge:
-Breaking Wi-Fi Through Frame Aggregation and Fragmentation".
-
-Because of this change there are now two equivalent conditions in the
-code to determine if a received fragment requires sequential PNs, so we
-also move this test to a separate function to make the code easier to
-maintain.
-
-Cc: stable@vger.kernel.org
-Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@kuleuven.be>
-Signed-off-by: Johannes Berg <johannes.berg@intel.com>
----
-
---- a/net/mac80211/rx.c
-+++ b/net/mac80211/rx.c
-@@ -2204,6 +2204,16 @@ ieee80211_reassemble_find(struct ieee802
- 	return NULL;
- }
- 
-+static bool requires_sequential_pn(struct ieee80211_rx_data *rx, __le16 fc)
-+{
-+	return rx->key &&
-+		(rx->key->conf.cipher == WLAN_CIPHER_SUITE_CCMP ||
-+		 rx->key->conf.cipher == WLAN_CIPHER_SUITE_CCMP_256 ||
-+		 rx->key->conf.cipher == WLAN_CIPHER_SUITE_GCMP ||
-+		 rx->key->conf.cipher == WLAN_CIPHER_SUITE_GCMP_256) &&
-+		ieee80211_has_protected(fc);
-+}
-+
- static ieee80211_rx_result debug_noinline
- ieee80211_rx_h_defragment(struct ieee80211_rx_data *rx)
- {
-@@ -2248,12 +2258,7 @@ ieee80211_rx_h_defragment(struct ieee802
- 		/* This is the first fragment of a new frame. */
- 		entry = ieee80211_reassemble_add(rx->sdata, frag, seq,
- 						 rx->seqno_idx, &(rx->skb));
--		if (rx->key &&
--		    (rx->key->conf.cipher == WLAN_CIPHER_SUITE_CCMP ||
--		     rx->key->conf.cipher == WLAN_CIPHER_SUITE_CCMP_256 ||
--		     rx->key->conf.cipher == WLAN_CIPHER_SUITE_GCMP ||
--		     rx->key->conf.cipher == WLAN_CIPHER_SUITE_GCMP_256) &&
--		    ieee80211_has_protected(fc)) {
-+		if (requires_sequential_pn(rx, fc)) {
- 			int queue = rx->security_idx;
- 
- 			/* Store CCMP/GCMP PN so that we can verify that the
-@@ -2295,11 +2300,7 @@ ieee80211_rx_h_defragment(struct ieee802
- 		u8 pn[IEEE80211_CCMP_PN_LEN], *rpn;
- 		int queue;
- 
--		if (!rx->key ||
--		    (rx->key->conf.cipher != WLAN_CIPHER_SUITE_CCMP &&
--		     rx->key->conf.cipher != WLAN_CIPHER_SUITE_CCMP_256 &&
--		     rx->key->conf.cipher != WLAN_CIPHER_SUITE_GCMP &&
--		     rx->key->conf.cipher != WLAN_CIPHER_SUITE_GCMP_256))
-+		if (!requires_sequential_pn(rx, fc))
- 			return RX_DROP_UNUSABLE;
- 		memcpy(pn, entry->last_pn, IEEE80211_CCMP_PN_LEN);
- 		for (i = IEEE80211_CCMP_PN_LEN - 1; i >= 0; i--) {

package/kernel/mac80211/patches/subsys/381-mac80211-prevent-mixed-key-and-fragment-cache-attack.patch

@@ -1,87 +0,0 @@
-From: Mathy Vanhoef <Mathy.Vanhoef@kuleuven.be>
-Date: Tue, 11 May 2021 20:02:43 +0200
-Subject: [PATCH] mac80211: prevent mixed key and fragment cache attacks
-
-Simultaneously prevent mixed key attacks (CVE-2020-24587) and fragment
-cache attacks (CVE-2020-24586). This is accomplished by assigning a
-unique color to every key (per interface) and using this to track which
-key was used to decrypt a fragment. When reassembling frames, it is
-now checked whether all fragments were decrypted using the same key.
-
-To assure that fragment cache attacks are also prevented, the ID that is
-assigned to keys is unique even over (re)associations and (re)connects.
-This means fragments separated by a (re)association or (re)connect will
-not be reassembled. Because mac80211 now also prevents the reassembly of
-mixed encrypted and plaintext fragments, all cache attacks are prevented.
-
-Cc: stable@vger.kernel.org
-Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@kuleuven.be>
-Signed-off-by: Johannes Berg <johannes.berg@intel.com>
----
-
---- a/net/mac80211/ieee80211_i.h
-+++ b/net/mac80211/ieee80211_i.h
-@@ -97,6 +97,7 @@ struct ieee80211_fragment_entry {
- 	u8 rx_queue;
- 	bool check_sequential_pn; /* needed for CCMP/GCMP */
- 	u8 last_pn[6]; /* PN of the last fragment if CCMP was used */
-+	unsigned int key_color;
- };
- 
- 
---- a/net/mac80211/key.c
-+++ b/net/mac80211/key.c
-@@ -799,6 +799,7 @@ int ieee80211_key_link(struct ieee80211_
- 		       struct ieee80211_sub_if_data *sdata,
- 		       struct sta_info *sta)
- {
-+	static atomic_t key_color = ATOMIC_INIT(0);
- 	struct ieee80211_key *old_key;
- 	int idx = key->conf.keyidx;
- 	bool pairwise = key->conf.flags & IEEE80211_KEY_FLAG_PAIRWISE;
-@@ -850,6 +851,12 @@ int ieee80211_key_link(struct ieee80211_
- 	key->sdata = sdata;
- 	key->sta = sta;
- 
-+	/*
-+	 * Assign a unique ID to every key so we can easily prevent mixed
-+	 * key and fragment cache attacks.
-+	 */
-+	key->color = atomic_inc_return(&key_color);
-+
- 	increment_tailroom_need_count(sdata);
- 
- 	ret = ieee80211_key_replace(sdata, sta, pairwise, old_key, key);
---- a/net/mac80211/key.h
-+++ b/net/mac80211/key.h
-@@ -128,6 +128,8 @@ struct ieee80211_key {
- 	} debugfs;
- #endif
- 
-+	unsigned int color;
-+
- 	/*
- 	 * key config, must be last because it contains key
- 	 * material as variable length member
---- a/net/mac80211/rx.c
-+++ b/net/mac80211/rx.c
-@@ -2265,6 +2265,7 @@ ieee80211_rx_h_defragment(struct ieee802
- 			 * next fragment has a sequential PN value.
- 			 */
- 			entry->check_sequential_pn = true;
-+			entry->key_color = rx->key->color;
- 			memcpy(entry->last_pn,
- 			       rx->key->u.ccmp.rx_pn[queue],
- 			       IEEE80211_CCMP_PN_LEN);
-@@ -2302,6 +2303,11 @@ ieee80211_rx_h_defragment(struct ieee802
- 
- 		if (!requires_sequential_pn(rx, fc))
- 			return RX_DROP_UNUSABLE;
-+
-+		/* Prevent mixed key and fragment cache attacks */
-+		if (entry->key_color != rx->key->color)
-+			return RX_DROP_UNUSABLE;
-+
- 		memcpy(pn, entry->last_pn, IEEE80211_CCMP_PN_LEN);
- 		for (i = IEEE80211_CCMP_PN_LEN - 1; i >= 0; i--) {
- 			pn[i]++;

package/kernel/mac80211/patches/subsys/382-mac80211-properly-handle-A-MSDUs-that-start-with-an-.patch

@@ -1,66 +0,0 @@
-From: Mathy Vanhoef <Mathy.Vanhoef@kuleuven.be>
-Date: Tue, 11 May 2021 20:02:44 +0200
-Subject: [PATCH] mac80211: properly handle A-MSDUs that start with an
- RFC 1042 header
-
-Properly parse A-MSDUs whose first 6 bytes happen to equal a rfc1042
-header. This can occur in practice when the destination MAC address
-equals AA:AA:03:00:00:00. More importantly, this simplifies the next
-patch to mitigate A-MSDU injection attacks.
-
-Cc: stable@vger.kernel.org
-Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@kuleuven.be>
-Signed-off-by: Johannes Berg <johannes.berg@intel.com>
----
-
---- a/include/net/cfg80211.h
-+++ b/include/net/cfg80211.h
-@@ -5628,7 +5628,7 @@ unsigned int ieee80211_get_mesh_hdrlen(s
-  */
- int ieee80211_data_to_8023_exthdr(struct sk_buff *skb, struct ethhdr *ehdr,
- 				  const u8 *addr, enum nl80211_iftype iftype,
--				  u8 data_offset);
-+				  u8 data_offset, bool is_amsdu);
- 
- /**
-  * ieee80211_data_to_8023 - convert an 802.11 data frame to 802.3
-@@ -5640,7 +5640,7 @@ int ieee80211_data_to_8023_exthdr(struct
- static inline int ieee80211_data_to_8023(struct sk_buff *skb, const u8 *addr,
- 					 enum nl80211_iftype iftype)
- {
--	return ieee80211_data_to_8023_exthdr(skb, NULL, addr, iftype, 0);
-+	return ieee80211_data_to_8023_exthdr(skb, NULL, addr, iftype, 0, false);
- }
- 
- /**
---- a/net/mac80211/rx.c
-+++ b/net/mac80211/rx.c
-@@ -2696,7 +2696,7 @@ __ieee80211_rx_h_amsdu(struct ieee80211_
- 	if (ieee80211_data_to_8023_exthdr(skb, &ethhdr,
- 					  rx->sdata->vif.addr,
- 					  rx->sdata->vif.type,
--					  data_offset))
-+					  data_offset, true))
- 		return RX_DROP_UNUSABLE;
- 
- 	ieee80211_amsdu_to_8023s(skb, &frame_list, dev->dev_addr,
---- a/net/wireless/util.c
-+++ b/net/wireless/util.c
-@@ -541,7 +541,7 @@ EXPORT_SYMBOL(ieee80211_get_mesh_hdrlen)
- 
- int ieee80211_data_to_8023_exthdr(struct sk_buff *skb, struct ethhdr *ehdr,
- 				  const u8 *addr, enum nl80211_iftype iftype,
--				  u8 data_offset)
-+				  u8 data_offset, bool is_amsdu)
- {
- 	struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;
- 	struct {
-@@ -629,7 +629,7 @@ int ieee80211_data_to_8023_exthdr(struct
- 	skb_copy_bits(skb, hdrlen, &payload, sizeof(payload));
- 	tmp.h_proto = payload.proto;
- 
--	if (likely((ether_addr_equal(payload.hdr, rfc1042_header) &&
-+	if (likely((!is_amsdu && ether_addr_equal(payload.hdr, rfc1042_header) &&
- 		    tmp.h_proto != htons(ETH_P_AARP) &&
- 		    tmp.h_proto != htons(ETH_P_IPX)) ||
- 		   ether_addr_equal(payload.hdr, bridge_tunnel_header)))

package/kernel/mac80211/patches/subsys/383-cfg80211-mitigate-A-MSDU-aggregation-attacks.patch

@@ -1,40 +0,0 @@
-From: Mathy Vanhoef <Mathy.Vanhoef@kuleuven.be>
-Date: Tue, 11 May 2021 20:02:45 +0200
-Subject: [PATCH] cfg80211: mitigate A-MSDU aggregation attacks
-
-Mitigate A-MSDU injection attacks (CVE-2020-24588) by detecting if the
-destination address of a subframe equals an RFC1042 (i.e., LLC/SNAP)
-header, and if so dropping the complete A-MSDU frame. This mitigates
-known attacks, although new (unknown) aggregation-based attacks may
-remain possible.
-
-This defense works because in A-MSDU aggregation injection attacks, a
-normal encrypted Wi-Fi frame is turned into an A-MSDU frame. This means
-the first 6 bytes of the first A-MSDU subframe correspond to an RFC1042
-header. In other words, the destination MAC address of the first A-MSDU
-subframe contains the start of an RFC1042 header during an aggregation
-attack. We can detect this and thereby prevent this specific attack.
-For details, see Section 7.2 of "Fragment and Forge: Breaking Wi-Fi
-Through Frame Aggregation and Fragmentation".
-
-Note that for kernel 4.9 and above this patch depends on "mac80211:
-properly handle A-MSDUs that start with a rfc1042 header". Otherwise
-this patch has no impact and attacks will remain possible.
-
-Cc: stable@vger.kernel.org
-Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@kuleuven.be>
-Signed-off-by: Johannes Berg <johannes.berg@intel.com>
----
-
---- a/net/wireless/util.c
-+++ b/net/wireless/util.c
-@@ -775,6 +775,9 @@ void ieee80211_amsdu_to_8023s(struct sk_
- 		remaining = skb->len - offset;
- 		if (subframe_len > remaining)
- 			goto purge;
-+		/* mitigate A-MSDU aggregation injection attacks */
-+		if (ether_addr_equal(eth.h_dest, rfc1042_header))
-+			goto purge;
- 
- 		offset += sizeof(struct ethhdr);
- 		last = remaining <= subframe_len + padding;

package/kernel/mac80211/patches/subsys/384-mac80211-drop-A-MSDUs-on-old-ciphers.patch

@@ -1,54 +0,0 @@
-From: Johannes Berg <johannes.berg@intel.com>
-Date: Tue, 11 May 2021 20:02:46 +0200
-Subject: [PATCH] mac80211: drop A-MSDUs on old ciphers
-
-With old ciphers (WEP and TKIP) we shouldn't be using A-MSDUs
-since A-MSDUs are only supported if we know that they are, and
-the only practical way for that is HT support which doesn't
-support old ciphers.
-
-However, we would normally accept them anyway. Since we check
-the MMIC before deaggregating A-MSDUs, and the A-MSDU bit in
-the QoS header is not protected in TKIP (or WEP), this enables
-attacks similar to CVE-2020-24588. To prevent that, drop A-MSDUs
-completely with old ciphers.
-
-Cc: stable@vger.kernel.org
-Signed-off-by: Johannes Berg <johannes.berg@intel.com>
----
-
---- a/net/mac80211/rx.c
-+++ b/net/mac80211/rx.c
-@@ -6,7 +6,7 @@
-  * Copyright 2007-2010	Johannes Berg <johannes@sipsolutions.net>
-  * Copyright 2013-2014  Intel Mobile Communications GmbH
-  * Copyright(c) 2015 - 2017 Intel Deutschland GmbH
-- * Copyright (C) 2018-2020 Intel Corporation
-+ * Copyright (C) 2018-2021 Intel Corporation
-  */
- 
- #include <linux/jiffies.h>
-@@ -2753,6 +2753,23 @@ ieee80211_rx_h_amsdu(struct ieee80211_rx
- 	if (is_multicast_ether_addr(hdr->addr1))
- 		return RX_DROP_UNUSABLE;
- 
-+	if (rx->key) {
-+		/*
-+		 * We should not receive A-MSDUs on pre-HT connections,
-+		 * and HT connections cannot use old ciphers. Thus drop
-+		 * them, as in those cases we couldn't even have SPP
-+		 * A-MSDUs or such.
-+		 */
-+		switch (rx->key->conf.cipher) {
-+		case WLAN_CIPHER_SUITE_WEP40:
-+		case WLAN_CIPHER_SUITE_WEP104:
-+		case WLAN_CIPHER_SUITE_TKIP:
-+			return RX_DROP_UNUSABLE;
-+		default:
-+			break;
-+		}
-+	}
-+
- 	return __ieee80211_rx_h_amsdu(rx, 0);
- }
- 

package/kernel/mac80211/patches/subsys/385-mac80211-add-fragment-cache-to-sta_info.patch

@@ -1,313 +0,0 @@
-From: Johannes Berg <johannes.berg@intel.com>
-Date: Tue, 11 May 2021 20:02:47 +0200
-Subject: [PATCH] mac80211: add fragment cache to sta_info
-
-Prior patches protected against fragmentation cache attacks
-by coloring keys, but this shows that it can lead to issues
-when multiple stations use the same sequence number. Add a
-fragment cache to struct sta_info (in addition to the one in
-the interface) to separate fragments for different stations
-properly.
-
-This then automatically clear most of the fragment cache when a
-station disconnects (or reassociates) from an AP, or when client
-interfaces disconnect from the network, etc.
-
-On the way, also fix the comment there since this brings us in line
-with the recommendation in 802.11-2016 ("An AP should support ...").
-Additionally, remove a useless condition (since there's no problem
-purging an already empty list).
-
-Cc: stable@vger.kernel.org
-Signed-off-by: Johannes Berg <johannes.berg@intel.com>
----
-
---- a/net/mac80211/ieee80211_i.h
-+++ b/net/mac80211/ieee80211_i.h
-@@ -50,12 +50,6 @@ struct ieee80211_local;
- #define IEEE80211_ENCRYPT_HEADROOM 8
- #define IEEE80211_ENCRYPT_TAILROOM 18
- 
--/* IEEE 802.11 (Ch. 9.5 Defragmentation) requires support for concurrent
-- * reception of at least three fragmented frames. This limit can be increased
-- * by changing this define, at the cost of slower frame reassembly and
-- * increased memory use (about 2 kB of RAM per entry). */
--#define IEEE80211_FRAGMENT_MAX 4
--
- /* power level hasn't been configured (or set to automatic) */
- #define IEEE80211_UNSET_POWER_LEVEL	INT_MIN
- 
-@@ -88,19 +82,6 @@ extern const u8 ieee80211_ac_to_qos_mask
- 
- #define IEEE80211_MAX_NAN_INSTANCE_ID 255
- 
--struct ieee80211_fragment_entry {
--	struct sk_buff_head skb_list;
--	unsigned long first_frag_time;
--	u16 seq;
--	u16 extra_len;
--	u16 last_frag;
--	u8 rx_queue;
--	bool check_sequential_pn; /* needed for CCMP/GCMP */
--	u8 last_pn[6]; /* PN of the last fragment if CCMP was used */
--	unsigned int key_color;
--};
--
--
- struct ieee80211_bss {
- 	u32 device_ts_beacon, device_ts_presp;
- 
-@@ -912,9 +893,7 @@ struct ieee80211_sub_if_data {
- 
- 	char name[IFNAMSIZ];
- 
--	/* Fragment table for host-based reassembly */
--	struct ieee80211_fragment_entry	fragments[IEEE80211_FRAGMENT_MAX];
--	unsigned int fragment_next;
-+	struct ieee80211_fragment_cache frags;
- 
- 	/* TID bitmap for NoAck policy */
- 	u16 noack_map;
-@@ -2329,4 +2308,7 @@ u32 ieee80211_calc_expected_tx_airtime(s
- #define debug_noinline
- #endif
- 
-+void ieee80211_init_frag_cache(struct ieee80211_fragment_cache *cache);
-+void ieee80211_destroy_frag_cache(struct ieee80211_fragment_cache *cache);
-+
- #endif /* IEEE80211_I_H */
---- a/net/mac80211/iface.c
-+++ b/net/mac80211/iface.c
-@@ -8,7 +8,7 @@
-  * Copyright 2008, Johannes Berg <johannes@sipsolutions.net>
-  * Copyright 2013-2014  Intel Mobile Communications GmbH
-  * Copyright (c) 2016        Intel Deutschland GmbH
-- * Copyright (C) 2018-2020 Intel Corporation
-+ * Copyright (C) 2018-2021 Intel Corporation
-  */
- #include <linux/slab.h>
- #include <linux/kernel.h>
-@@ -679,16 +679,12 @@ static void ieee80211_set_multicast_list
-  */
- static void ieee80211_teardown_sdata(struct ieee80211_sub_if_data *sdata)
- {
--	int i;
--
- 	/* free extra data */
- 	ieee80211_free_keys(sdata, false);
- 
- 	ieee80211_debugfs_remove_netdev(sdata);
- 
--	for (i = 0; i < IEEE80211_FRAGMENT_MAX; i++)
--		__skb_queue_purge(&sdata->fragments[i].skb_list);
--	sdata->fragment_next = 0;
-+	ieee80211_destroy_frag_cache(&sdata->frags);
- 
- 	if (ieee80211_vif_is_mesh(&sdata->vif))
- 		ieee80211_mesh_teardown_sdata(sdata);
-@@ -2038,8 +2034,7 @@ int ieee80211_if_add(struct ieee80211_lo
- 	sdata->wdev.wiphy = local->hw.wiphy;
- 	sdata->local = local;
- 
--	for (i = 0; i < IEEE80211_FRAGMENT_MAX; i++)
--		skb_queue_head_init(&sdata->fragments[i].skb_list);
-+	ieee80211_init_frag_cache(&sdata->frags);
- 
- 	INIT_LIST_HEAD(&sdata->key_list);
- 
---- a/net/mac80211/rx.c
-+++ b/net/mac80211/rx.c
-@@ -2133,19 +2133,34 @@ ieee80211_rx_h_decrypt(struct ieee80211_
- 	return result;
- }
- 
-+void ieee80211_init_frag_cache(struct ieee80211_fragment_cache *cache)
-+{
-+	int i;
-+
-+	for (i = 0; i < ARRAY_SIZE(cache->entries); i++)
-+		skb_queue_head_init(&cache->entries[i].skb_list);
-+}
-+
-+void ieee80211_destroy_frag_cache(struct ieee80211_fragment_cache *cache)
-+{
-+	int i;
-+
-+	for (i = 0; i < ARRAY_SIZE(cache->entries); i++)
-+		__skb_queue_purge(&cache->entries[i].skb_list);
-+}
-+
- static inline struct ieee80211_fragment_entry *
--ieee80211_reassemble_add(struct ieee80211_sub_if_data *sdata,
-+ieee80211_reassemble_add(struct ieee80211_fragment_cache *cache,
- 			 unsigned int frag, unsigned int seq, int rx_queue,
- 			 struct sk_buff **skb)
- {
- 	struct ieee80211_fragment_entry *entry;
- 
--	entry = &sdata->fragments[sdata->fragment_next++];
--	if (sdata->fragment_next >= IEEE80211_FRAGMENT_MAX)
--		sdata->fragment_next = 0;
-+	entry = &cache->entries[cache->next++];
-+	if (cache->next >= IEEE80211_FRAGMENT_MAX)
-+		cache->next = 0;
- 
--	if (!skb_queue_empty(&entry->skb_list))
--		__skb_queue_purge(&entry->skb_list);
-+	__skb_queue_purge(&entry->skb_list);
- 
- 	__skb_queue_tail(&entry->skb_list, *skb); /* no need for locking */
- 	*skb = NULL;
-@@ -2160,14 +2175,14 @@ ieee80211_reassemble_add(struct ieee8021
- }
- 
- static inline struct ieee80211_fragment_entry *
--ieee80211_reassemble_find(struct ieee80211_sub_if_data *sdata,
-+ieee80211_reassemble_find(struct ieee80211_fragment_cache *cache,
- 			  unsigned int frag, unsigned int seq,
- 			  int rx_queue, struct ieee80211_hdr *hdr)
- {
- 	struct ieee80211_fragment_entry *entry;
- 	int i, idx;
- 
--	idx = sdata->fragment_next;
-+	idx = cache->next;
- 	for (i = 0; i < IEEE80211_FRAGMENT_MAX; i++) {
- 		struct ieee80211_hdr *f_hdr;
- 		struct sk_buff *f_skb;
-@@ -2176,7 +2191,7 @@ ieee80211_reassemble_find(struct ieee802
- 		if (idx < 0)
- 			idx = IEEE80211_FRAGMENT_MAX - 1;
- 
--		entry = &sdata->fragments[idx];
-+		entry = &cache->entries[idx];
- 		if (skb_queue_empty(&entry->skb_list) || entry->seq != seq ||
- 		    entry->rx_queue != rx_queue ||
- 		    entry->last_frag + 1 != frag)
-@@ -2217,6 +2232,7 @@ static bool requires_sequential_pn(struc
- static ieee80211_rx_result debug_noinline
- ieee80211_rx_h_defragment(struct ieee80211_rx_data *rx)
- {
-+	struct ieee80211_fragment_cache *cache = &rx->sdata->frags;
- 	struct ieee80211_hdr *hdr;
- 	u16 sc;
- 	__le16 fc;
-@@ -2238,6 +2254,9 @@ ieee80211_rx_h_defragment(struct ieee802
- 		goto out_no_led;
- 	}
- 
-+	if (rx->sta)
-+		cache = &rx->sta->frags;
-+
- 	if (likely(!ieee80211_has_morefrags(fc) && frag == 0))
- 		goto out;
- 
-@@ -2256,7 +2275,7 @@ ieee80211_rx_h_defragment(struct ieee802
- 
- 	if (frag == 0) {
- 		/* This is the first fragment of a new frame. */
--		entry = ieee80211_reassemble_add(rx->sdata, frag, seq,
-+		entry = ieee80211_reassemble_add(cache, frag, seq,
- 						 rx->seqno_idx, &(rx->skb));
- 		if (requires_sequential_pn(rx, fc)) {
- 			int queue = rx->security_idx;
-@@ -2284,7 +2303,7 @@ ieee80211_rx_h_defragment(struct ieee802
- 	/* This is a fragment for a frame that should already be pending in
- 	 * fragment cache. Add this fragment to the end of the pending entry.
- 	 */
--	entry = ieee80211_reassemble_find(rx->sdata, frag, seq,
-+	entry = ieee80211_reassemble_find(cache, frag, seq,
- 					  rx->seqno_idx, hdr);
- 	if (!entry) {
- 		I802_DEBUG_INC(rx->local->rx_handlers_drop_defrag);
---- a/net/mac80211/sta_info.c
-+++ b/net/mac80211/sta_info.c
-@@ -4,7 +4,7 @@
-  * Copyright 2006-2007	Jiri Benc <jbenc@suse.cz>
-  * Copyright 2013-2014  Intel Mobile Communications GmbH
-  * Copyright (C) 2015 - 2017 Intel Deutschland GmbH
-- * Copyright (C) 2018-2020 Intel Corporation
-+ * Copyright (C) 2018-2021 Intel Corporation
-  */
- 
- #include <linux/module.h>
-@@ -393,6 +393,8 @@ struct sta_info *sta_info_alloc(struct i
- 
- 	u64_stats_init(&sta->rx_stats.syncp);
- 
-+	ieee80211_init_frag_cache(&sta->frags);
-+
- 	sta->sta_state = IEEE80211_STA_NONE;
- 
- 	/* Mark TID as unreserved */
-@@ -1103,6 +1105,8 @@ static void __sta_info_destroy_part2(str
- 
- 	ieee80211_sta_debugfs_remove(sta);
- 
-+	ieee80211_destroy_frag_cache(&sta->frags);
-+
- 	cleanup_single_sta(sta);
- }
- 
---- a/net/mac80211/sta_info.h
-+++ b/net/mac80211/sta_info.h
-@@ -3,7 +3,7 @@
-  * Copyright 2002-2005, Devicescape Software, Inc.
-  * Copyright 2013-2014  Intel Mobile Communications GmbH
-  * Copyright(c) 2015-2017 Intel Deutschland GmbH
-- * Copyright(c) 2020 Intel Corporation
-+ * Copyright(c) 2020-2021 Intel Corporation
-  */
- 
- #ifndef STA_INFO_H
-@@ -439,6 +439,33 @@ struct ieee80211_sta_rx_stats {
- };
- 
- /*
-+ * IEEE 802.11-2016 (10.6 "Defragmentation") recommends support for "concurrent
-+ * reception of at least one MSDU per access category per associated STA"
-+ * on APs, or "at least one MSDU per access category" on other interface types.
-+ *
-+ * This limit can be increased by changing this define, at the cost of slower
-+ * frame reassembly and increased memory use while fragments are pending.
-+ */
-+#define IEEE80211_FRAGMENT_MAX 4
-+
-+struct ieee80211_fragment_entry {
-+	struct sk_buff_head skb_list;
-+	unsigned long first_frag_time;
-+	u16 seq;
-+	u16 extra_len;
-+	u16 last_frag;
-+	u8 rx_queue;
-+	bool check_sequential_pn; /* needed for CCMP/GCMP */
-+	u8 last_pn[6]; /* PN of the last fragment if CCMP was used */
-+	unsigned int key_color;
-+};
-+
-+struct ieee80211_fragment_cache {
-+	struct ieee80211_fragment_entry	entries[IEEE80211_FRAGMENT_MAX];
-+	unsigned int next;
-+};
-+
-+/*
-  * The bandwidth threshold below which the per-station CoDel parameters will be
-  * scaled to be more lenient (to prevent starvation of slow stations). This
-  * value will be scaled by the number of active stations when it is being
-@@ -531,6 +558,7 @@ struct ieee80211_sta_rx_stats {
-  * @status_stats.last_ack_signal: last ACK signal
-  * @status_stats.ack_signal_filled: last ACK signal validity
-  * @status_stats.avg_ack_signal: average ACK signal
-+ * @frags: fragment cache
-  */
- struct sta_info {
- 	/* General information, mostly static */
-@@ -639,6 +667,8 @@ struct sta_info {
- 
- 	struct cfg80211_chan_def tdls_chandef;
- 
-+	struct ieee80211_fragment_cache frags;
-+
- 	/* keep last! */
- 	struct ieee80211_sta sta;
- };

package/kernel/mac80211/patches/subsys/386-mac80211-check-defrag-PN-against-current-frame.patch

@@ -1,109 +0,0 @@
-From: Johannes Berg <johannes.berg@intel.com>
-Date: Tue, 11 May 2021 20:02:48 +0200
-Subject: [PATCH] mac80211: check defrag PN against current frame
-
-As pointed out by Mathy Vanhoef, we implement the RX PN check
-on fragmented frames incorrectly - we check against the last
-received PN prior to the new frame, rather than to the one in
-this frame itself.
-
-Prior patches addressed the security issue here, but in order
-to be able to reason better about the code, fix it to really
-compare against the current frame's PN, not the last stored
-one.
-
-Cc: stable@vger.kernel.org
-Signed-off-by: Johannes Berg <johannes.berg@intel.com>
----
-
---- a/net/mac80211/ieee80211_i.h
-+++ b/net/mac80211/ieee80211_i.h
-@@ -227,8 +227,15 @@ struct ieee80211_rx_data {
- 	 */
- 	int security_idx;
- 
--	u32 tkip_iv32;
--	u16 tkip_iv16;
-+	union {
-+		struct {
-+			u32 iv32;
-+			u16 iv16;
-+		} tkip;
-+		struct {
-+			u8 pn[IEEE80211_CCMP_PN_LEN];
-+		} ccm_gcm;
-+	};
- };
- 
- struct ieee80211_csa_settings {
---- a/net/mac80211/rx.c
-+++ b/net/mac80211/rx.c
-@@ -2318,7 +2318,6 @@ ieee80211_rx_h_defragment(struct ieee802
- 	if (entry->check_sequential_pn) {
- 		int i;
- 		u8 pn[IEEE80211_CCMP_PN_LEN], *rpn;
--		int queue;
- 
- 		if (!requires_sequential_pn(rx, fc))
- 			return RX_DROP_UNUSABLE;
-@@ -2333,8 +2332,8 @@ ieee80211_rx_h_defragment(struct ieee802
- 			if (pn[i])
- 				break;
- 		}
--		queue = rx->security_idx;
--		rpn = rx->key->u.ccmp.rx_pn[queue];
-+
-+		rpn = rx->ccm_gcm.pn;
- 		if (memcmp(pn, rpn, IEEE80211_CCMP_PN_LEN))
- 			return RX_DROP_UNUSABLE;
- 		memcpy(entry->last_pn, pn, IEEE80211_CCMP_PN_LEN);
---- a/net/mac80211/wpa.c
-+++ b/net/mac80211/wpa.c
-@@ -3,6 +3,7 @@
-  * Copyright 2002-2004, Instant802 Networks, Inc.
-  * Copyright 2008, Jouni Malinen <j@w1.fi>
-  * Copyright (C) 2016-2017 Intel Deutschland GmbH
-+ * Copyright (C) 2020-2021 Intel Corporation
-  */
- 
- #include <linux/netdevice.h>
-@@ -167,8 +168,8 @@ ieee80211_rx_h_michael_mic_verify(struct
- 
- update_iv:
- 	/* update IV in key information to be able to detect replays */
--	rx->key->u.tkip.rx[rx->security_idx].iv32 = rx->tkip_iv32;
--	rx->key->u.tkip.rx[rx->security_idx].iv16 = rx->tkip_iv16;
-+	rx->key->u.tkip.rx[rx->security_idx].iv32 = rx->tkip.iv32;
-+	rx->key->u.tkip.rx[rx->security_idx].iv16 = rx->tkip.iv16;
- 
- 	return RX_CONTINUE;
- 
-@@ -294,8 +295,8 @@ ieee80211_crypto_tkip_decrypt(struct iee
- 					  key, skb->data + hdrlen,
- 					  skb->len - hdrlen, rx->sta->sta.addr,
- 					  hdr->addr1, hwaccel, rx->security_idx,
--					  &rx->tkip_iv32,
--					  &rx->tkip_iv16);
-+					  &rx->tkip.iv32,
-+					  &rx->tkip.iv16);
- 	if (res != TKIP_DECRYPT_OK)
- 		return RX_DROP_UNUSABLE;
- 
-@@ -552,6 +553,8 @@ ieee80211_crypto_ccmp_decrypt(struct iee
- 		}
- 
- 		memcpy(key->u.ccmp.rx_pn[queue], pn, IEEE80211_CCMP_PN_LEN);
-+		if (unlikely(ieee80211_is_frag(hdr)))
-+			memcpy(rx->ccm_gcm.pn, pn, IEEE80211_CCMP_PN_LEN);
- 	}
- 
- 	/* Remove CCMP header and MIC */
-@@ -782,6 +785,8 @@ ieee80211_crypto_gcmp_decrypt(struct iee
- 		}
- 
- 		memcpy(key->u.gcmp.rx_pn[queue], pn, IEEE80211_GCMP_PN_LEN);
-+		if (unlikely(ieee80211_is_frag(hdr)))
-+			memcpy(rx->ccm_gcm.pn, pn, IEEE80211_CCMP_PN_LEN);
- 	}
- 
- 	/* Remove GCMP header and MIC */

package/kernel/mac80211/patches/subsys/387-mac80211-prevent-attacks-on-TKIP-WEP-as-well.patch

@@ -1,62 +0,0 @@
-From: Johannes Berg <johannes.berg@intel.com>
-Date: Tue, 11 May 2021 20:02:49 +0200
-Subject: [PATCH] mac80211: prevent attacks on TKIP/WEP as well
-
-Similar to the issues fixed in previous patches, TKIP and WEP
-should be protected even if for TKIP we have the Michael MIC
-protecting it, and WEP is broken anyway.
-
-However, this also somewhat protects potential other algorithms
-that drivers might implement.
-
-Cc: stable@vger.kernel.org
-Signed-off-by: Johannes Berg <johannes.berg@intel.com>
----
-
---- a/net/mac80211/rx.c
-+++ b/net/mac80211/rx.c
-@@ -2284,6 +2284,7 @@ ieee80211_rx_h_defragment(struct ieee802
- 			 * next fragment has a sequential PN value.
- 			 */
- 			entry->check_sequential_pn = true;
-+			entry->is_protected = true;
- 			entry->key_color = rx->key->color;
- 			memcpy(entry->last_pn,
- 			       rx->key->u.ccmp.rx_pn[queue],
-@@ -2296,6 +2297,9 @@ ieee80211_rx_h_defragment(struct ieee802
- 				     sizeof(rx->key->u.gcmp.rx_pn[queue]));
- 			BUILD_BUG_ON(IEEE80211_CCMP_PN_LEN !=
- 				     IEEE80211_GCMP_PN_LEN);
-+		} else if (rx->key && ieee80211_has_protected(fc)) {
-+			entry->is_protected = true;
-+			entry->key_color = rx->key->color;
- 		}
- 		return RX_QUEUED;
- 	}
-@@ -2337,6 +2341,14 @@ ieee80211_rx_h_defragment(struct ieee802
- 		if (memcmp(pn, rpn, IEEE80211_CCMP_PN_LEN))
- 			return RX_DROP_UNUSABLE;
- 		memcpy(entry->last_pn, pn, IEEE80211_CCMP_PN_LEN);
-+	} else if (entry->is_protected &&
-+		   (!rx->key || !ieee80211_has_protected(fc) ||
-+		    rx->key->color != entry->key_color)) {
-+		/* Drop this as a mixed key or fragment cache attack, even
-+		 * if for TKIP Michael MIC should protect us, and WEP is a
-+		 * lost cause anyway.
-+		 */
-+		return RX_DROP_UNUSABLE;
- 	}
- 
- 	skb_pull(rx->skb, ieee80211_hdrlen(fc));
---- a/net/mac80211/sta_info.h
-+++ b/net/mac80211/sta_info.h
-@@ -455,7 +455,8 @@ struct ieee80211_fragment_entry {
- 	u16 extra_len;
- 	u16 last_frag;
- 	u8 rx_queue;
--	bool check_sequential_pn; /* needed for CCMP/GCMP */
-+	u8 check_sequential_pn:1, /* needed for CCMP/GCMP */
-+	   is_protected:1;
- 	u8 last_pn[6]; /* PN of the last fragment if CCMP was used */
- 	unsigned int key_color;
- };

package/kernel/mac80211/patches/subsys/388-mac80211-do-not-accept-forward-invalid-EAPOL-frames.patch

@@ -1,94 +0,0 @@
-From: Johannes Berg <johannes.berg@intel.com>
-Date: Tue, 11 May 2021 20:02:50 +0200
-Subject: [PATCH] mac80211: do not accept/forward invalid EAPOL frames
-
-EAPOL frames are used for authentication and key management between the
-AP and each individual STA associated in the BSS. Those frames are not
-supposed to be sent by one associated STA to another associated STA
-(either unicast for broadcast/multicast).
-
-Similarly, in 802.11 they're supposed to be sent to the authenticator
-(AP) address.
-
-Since it is possible for unexpected EAPOL frames to result in misbehavior
-in supplicant implementations, it is better for the AP to not allow such
-cases to be forwarded to other clients either directly, or indirectly if
-the AP interface is part of a bridge.
-
-Accept EAPOL (control port) frames only if they're transmitted to the
-own address, or, due to interoperability concerns, to the PAE group
-address.
-
-Disable forwarding of EAPOL (or well, the configured control port
-protocol) frames back to wireless medium in all cases. Previously, these
-frames were accepted from fully authenticated and authorized stations
-and also from unauthenticated stations for one of the cases.
-
-Additionally, to avoid forwarding by the bridge, rewrite the PAE group
-address case to the local MAC address.
-
-Cc: stable@vger.kernel.org
-Co-developed-by: Jouni Malinen <jouni@codeaurora.org>
-Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
-Signed-off-by: Johannes Berg <johannes.berg@intel.com>
----
-
---- a/net/mac80211/rx.c
-+++ b/net/mac80211/rx.c
-@@ -2541,13 +2541,13 @@ static bool ieee80211_frame_allowed(stru
- 	struct ethhdr *ehdr = (struct ethhdr *) rx->skb->data;
- 
- 	/*
--	 * Allow EAPOL frames to us/the PAE group address regardless
--	 * of whether the frame was encrypted or not.
-+	 * Allow EAPOL frames to us/the PAE group address regardless of
-+	 * whether the frame was encrypted or not, and always disallow
-+	 * all other destination addresses for them.
- 	 */
--	if (ehdr->h_proto == rx->sdata->control_port_protocol &&
--	    (ether_addr_equal(ehdr->h_dest, rx->sdata->vif.addr) ||
--	     ether_addr_equal(ehdr->h_dest, pae_group_addr)))
--		return true;
-+	if (unlikely(ehdr->h_proto == rx->sdata->control_port_protocol))
-+		return ether_addr_equal(ehdr->h_dest, rx->sdata->vif.addr) ||
-+		       ether_addr_equal(ehdr->h_dest, pae_group_addr);
- 
- 	if (ieee80211_802_1x_port_control(rx) ||
- 	    ieee80211_drop_unencrypted(rx, fc))
-@@ -2572,8 +2572,28 @@ static void ieee80211_deliver_skb_to_loc
- 		cfg80211_rx_control_port(dev, skb, noencrypt);
- 		dev_kfree_skb(skb);
- 	} else {
-+		struct ethhdr *ehdr = (void *)skb_mac_header(skb);
-+
- 		memset(skb->cb, 0, sizeof(skb->cb));
- 
-+		/*
-+		 * 802.1X over 802.11 requires that the authenticator address
-+		 * be used for EAPOL frames. However, 802.1X allows the use of
-+		 * the PAE group address instead. If the interface is part of
-+		 * a bridge and we pass the frame with the PAE group address,
-+		 * then the bridge will forward it to the network (even if the
-+		 * client was not associated yet), which isn't supposed to
-+		 * happen.
-+		 * To avoid that, rewrite the destination address to our own
-+		 * address, so that the authenticator (e.g. hostapd) will see
-+		 * the frame, but bridge won't forward it anywhere else. Note
-+		 * that due to earlier filtering, the only other address can
-+		 * be the PAE group address.
-+		 */
-+		if (unlikely(skb->protocol == sdata->control_port_protocol &&
-+			     !ether_addr_equal(ehdr->h_dest, sdata->vif.addr)))
-+			ether_addr_copy(ehdr->h_dest, sdata->vif.addr);
-+
- 		/* deliver to local stack */
- 		if (rx->list)
- #if LINUX_VERSION_IS_GEQ(4,19,0)
-@@ -2617,6 +2637,7 @@ ieee80211_deliver_skb(struct ieee80211_r
- 	if ((sdata->vif.type == NL80211_IFTYPE_AP ||
- 	     sdata->vif.type == NL80211_IFTYPE_AP_VLAN) &&
- 	    !(sdata->flags & IEEE80211_SDATA_DONT_BRIDGE_PACKETS) &&
-+	    ehdr->h_proto != rx->sdata->control_port_protocol &&
- 	    (sdata->vif.type != NL80211_IFTYPE_AP_VLAN || !sdata->u.vlan.sta)) {
- 		if (is_multicast_ether_addr(ehdr->h_dest) &&
- 		    ieee80211_vif_get_num_mcast_if(sdata) != 0) {

package/kernel/mac80211/patches/subsys/389-mac80211-extend-protection-against-mixed-key-and-fra.patch

@@ -1,68 +0,0 @@
-From: Wen Gong <wgong@codeaurora.org>
-Date: Tue, 11 May 2021 20:02:51 +0200
-Subject: [PATCH] mac80211: extend protection against mixed key and
- fragment cache attacks
-
-For some chips/drivers, e.g., QCA6174 with ath10k, the decryption is
-done by the hardware, and the Protected bit in the Frame Control field
-is cleared in the lower level driver before the frame is passed to
-mac80211. In such cases, the condition for ieee80211_has_protected() is
-not met in ieee80211_rx_h_defragment() of mac80211 and the new security
-validation steps are not executed.
-
-Extend mac80211 to cover the case where the Protected bit has been
-cleared, but the frame is indicated as having been decrypted by the
-hardware. This extends protection against mixed key and fragment cache
-attack for additional drivers/chips. This fixes CVE-2020-24586 and
-CVE-2020-24587 for such cases.
-
-Tested-on: QCA6174 hw3.2 PCI WLAN.RM.4.4.1-00110-QCARMSWP-1
-
-Cc: stable@vger.kernel.org
-Signed-off-by: Wen Gong <wgong@codeaurora.org>
-Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
-Signed-off-by: Johannes Berg <johannes.berg@intel.com>
----
-
---- a/net/mac80211/rx.c
-+++ b/net/mac80211/rx.c
-@@ -2239,6 +2239,7 @@ ieee80211_rx_h_defragment(struct ieee802
- 	unsigned int frag, seq;
- 	struct ieee80211_fragment_entry *entry;
- 	struct sk_buff *skb;
-+	struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(rx->skb);
- 
- 	hdr = (struct ieee80211_hdr *)rx->skb->data;
- 	fc = hdr->frame_control;
-@@ -2297,7 +2298,9 @@ ieee80211_rx_h_defragment(struct ieee802
- 				     sizeof(rx->key->u.gcmp.rx_pn[queue]));
- 			BUILD_BUG_ON(IEEE80211_CCMP_PN_LEN !=
- 				     IEEE80211_GCMP_PN_LEN);
--		} else if (rx->key && ieee80211_has_protected(fc)) {
-+		} else if (rx->key &&
-+			   (ieee80211_has_protected(fc) ||
-+			    (status->flag & RX_FLAG_DECRYPTED))) {
- 			entry->is_protected = true;
- 			entry->key_color = rx->key->color;
- 		}
-@@ -2342,13 +2345,19 @@ ieee80211_rx_h_defragment(struct ieee802
- 			return RX_DROP_UNUSABLE;
- 		memcpy(entry->last_pn, pn, IEEE80211_CCMP_PN_LEN);
- 	} else if (entry->is_protected &&
--		   (!rx->key || !ieee80211_has_protected(fc) ||
-+		   (!rx->key ||
-+		    (!ieee80211_has_protected(fc) &&
-+		     !(status->flag & RX_FLAG_DECRYPTED)) ||
- 		    rx->key->color != entry->key_color)) {
- 		/* Drop this as a mixed key or fragment cache attack, even
- 		 * if for TKIP Michael MIC should protect us, and WEP is a
- 		 * lost cause anyway.
- 		 */
- 		return RX_DROP_UNUSABLE;
-+	} else if (entry->is_protected && rx->key &&
-+		   entry->key_color != rx->key->color &&
-+		   (status->flag & RX_FLAG_DECRYPTED)) {
-+		return RX_DROP_UNUSABLE;
- 	}
- 
- 	skb_pull(rx->skb, ieee80211_hdrlen(fc));

package/kernel/mac80211/patches/subsys/500-mac80211_configure_antenna_gain.patch

@@ -1,6 +1,6 @@
 --- a/include/net/cfg80211.h
 +++ b/include/net/cfg80211.h
-@@ -3736,6 +3736,7 @@ struct mgmt_frame_regs {
+@@ -3745,6 +3745,7 @@ struct mgmt_frame_regs {
   *	(as advertised by the nl80211 feature flag.)
   * @get_tx_power: store the current TX power into the dbm variable;
   *	return 0 if successful
@@ -8,7 +8,7 @@
   *
   * @set_wds_peer: set the WDS peer for a WDS interface
   *
-@@ -4058,6 +4059,7 @@ struct cfg80211_ops {
+@@ -4067,6 +4068,7 @@ struct cfg80211_ops {
  				enum nl80211_tx_power_setting type, int mbm);
  	int	(*get_tx_power)(struct wiphy *wiphy, struct wireless_dev *wdev,
  				int *dbm);
@@ -36,7 +36,7 @@
  	u8 ps_dtim_period;
 --- a/include/uapi/linux/nl80211.h
 +++ b/include/uapi/linux/nl80211.h
-@@ -2531,6 +2531,9 @@ enum nl80211_commands {
+@@ -2560,6 +2560,9 @@ enum nl80211_commands {
   *	disassoc events to indicate that an immediate reconnect to the AP
   *	is desired.
   *
@@ -46,9 +46,9 @@
   * @NUM_NL80211_ATTR: total number of nl80211_attrs available
   * @NL80211_ATTR_MAX: highest attribute number currently defined
   * @__NL80211_ATTR_AFTER_LAST: internal use
-@@ -3022,6 +3025,8 @@ enum nl80211_attrs {
+@@ -3057,6 +3060,8 @@ enum nl80211_attrs {
  
- 	NL80211_ATTR_RECONNECT_REQUESTED,
+ 	NL80211_ATTR_DISABLE_HE,
  
 +	NL80211_ATTR_WIPHY_ANTENNA_GAIN,
 +
@@ -129,15 +129,15 @@
  	local->hw.max_mtu = IEEE80211_MAX_DATA_LEN;
 --- a/net/wireless/nl80211.c
 +++ b/net/wireless/nl80211.c
-@@ -737,6 +737,7 @@ static const struct nla_policy nl80211_p
- 	[NL80211_ATTR_S1G_CAPABILITY_MASK] =
- 		NLA_POLICY_EXACT_LEN(IEEE80211_S1G_CAPABILITY_LEN),
+@@ -740,6 +740,7 @@ static const struct nla_policy nl80211_p
+ 		NLA_POLICY_RANGE(NLA_U8, NL80211_SAE_PWE_HUNT_AND_PECK,
+ 				 NL80211_SAE_PWE_BOTH),
  	[NL80211_ATTR_RECONNECT_REQUESTED] = { .type = NLA_REJECT },
 +	[NL80211_ATTR_WIPHY_ANTENNA_GAIN] = { .type = NLA_U32 },
  };
  
  /* policy for the key attributes */
-@@ -3245,6 +3246,20 @@ static int nl80211_set_wiphy(struct sk_b
+@@ -3248,6 +3249,20 @@ static int nl80211_set_wiphy(struct sk_b
  		if (result)
  			return result;
  	}

package/kernel/mt76/Makefile

@@ -8,9 +8,9 @@ PKG_LICENSE_FILES:=
 
 PKG_SOURCE_URL:=https://github.com/openwrt/mt76
 PKG_SOURCE_PROTO:=git
-PKG_SOURCE_DATE:=2021-05-15
-PKG_SOURCE_VERSION:=9d736545bb5ac9707e60b7900b7d6b290492e24d
-PKG_MIRROR_HASH:=8fd98f488579c18cfd8c442cff1796dcd70e2ecbc59c5d5b92ee8c0f06efafcf
+PKG_SOURCE_DATE:=2021-06-06
+PKG_SOURCE_VERSION:=22b690334c0f49b11534cc2e331c9d5e17c4a0bc
+PKG_MIRROR_HASH:=ff5e563935919d2e40c1e7254ef3bc06f7ecc5e69f8ddd12903e8f5de942d630
 
 PKG_MAINTAINER:=Felix Fietkau <nbd@nbd.name>
 PKG_BUILD_PARALLEL:=1
@@ -155,7 +155,7 @@ define KernelPackage/mt7615-common
   $(KernelPackage/mt76-default)
   TITLE:=MediaTek MT7615 wireless driver common code
   HIDDEN:=1
-  DEPENDS+=@PCI_SUPPORT +kmod-mt76-core +kmod-mt76-connac
+  DEPENDS+=@PCI_SUPPORT +kmod-mt76-core +kmod-mt76-connac +kmod-hwmon-core
   FILES:= $(PKG_BUILD_DIR)/mt7615/mt7615-common.ko
 endef
 
@@ -213,7 +213,7 @@ endef
 define KernelPackage/mt7915e
   $(KernelPackage/mt76-default)
   TITLE:=MediaTek MT7915e wireless driver
-  DEPENDS+=@PCI_SUPPORT +kmod-mt7615-common +@DRIVER_11AX_SUPPORT
+  DEPENDS+=@PCI_SUPPORT +kmod-mt7615-common +kmod-hwmon-core +kmod-thermal +@DRIVER_11AX_SUPPORT
   FILES:= $(PKG_BUILD_DIR)/mt7915/mt7915e.ko
   AUTOLOAD:=$(call AutoProbe,mt7915e)
 endef

package/libs/libjson-c/Makefile

@@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=json-c
 PKG_VERSION:=0.15
-PKG_RELEASE:=1
+PKG_RELEASE:=2
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-nodoc.tar.gz
 PKG_SOURCE_URL:=https://s3.amazonaws.com/json-c_releases/releases/

package/libs/libnl-tiny/Makefile

@@ -8,7 +8,7 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=libnl-tiny
-PKG_RELEASE:=1
+PKG_RELEASE:=2
 
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL=$(PROJECT_GIT)/project/libnl-tiny.git

package/libs/libubox/Makefile

@@ -1,7 +1,7 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=libubox
-PKG_RELEASE=1
+PKG_RELEASE=2
 
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL=$(PROJECT_GIT)/project/libubox.git

package/libs/libusb/Makefile

@@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=libusb
 PKG_VERSION:=1.0.24
-PKG_RELEASE:=1
+PKG_RELEASE:=$(AUTORELEASE)
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
 PKG_SOURCE_URL:=\

package/libs/libusb/patches/001-Correct-a-typo-in-the-Changelog-and-clean-up-a-stray.patch

@@ -0,0 +1,29 @@
+From 369af149e3ad92514a2d24f112cedfeb7acaf558 Mon Sep 17 00:00:00 2001
+From: Chris Dickens <christopher.a.dickens@gmail.com>
+Date: Sun, 13 Dec 2020 15:46:27 -0800
+Subject: [PATCH] Correct a typo in the Changelog and clean up a stray file
+
+Signed-off-by: Chris Dickens <christopher.a.dickens@gmail.com>
+---
+ ChangeLog             | 2 +-
+ libusb/version_nano.h | 2 +-
+ test                  | 0
+ 3 files changed, 2 insertions(+), 2 deletions(-)
+ delete mode 100644 test
+
+--- a/ChangeLog
++++ b/ChangeLog
+@@ -12,7 +12,7 @@ visit: http://log.libusb.info
+ * Darwin (macOS): use IOUSBDevice as darwin_device_class explicitly (#693)
+ * Linux: Drop support for kernel older than 2.6.32
+ * Linux: Provide an event thread name (#689)
+-* Linux: Wait until all USBs have been reaped before freeing them (#607)
++* Linux: Wait until all URBs have been reaped before freeing them (#607)
+ * NetBSD: Recognize device timeouts (#710)
+ * OpenBSD: Allow opening ugen devices multiple times (#763)
+ * OpenBSD: Support libusb_get_port_number() (#764)
+--- a/libusb/version_nano.h
++++ b/libusb/version_nano.h
+@@ -1 +1 @@
+-#define LIBUSB_NANO 11584
++#define LIBUSB_NANO 11585

package/libs/libusb/patches/002-linux_usbfs-Fix-parsing-of-descriptors-for-multi-con.patch

@@ -0,0 +1,61 @@
+From f6d2cb561402c3b6d3627c0eb89e009b503d9067 Mon Sep 17 00:00:00 2001
+From: Chris Dickens <christopher.a.dickens@gmail.com>
+Date: Sun, 13 Dec 2020 15:49:19 -0800
+Subject: [PATCH] linux_usbfs: Fix parsing of descriptors for
+ multi-configuration devices
+
+Commit e2be556bd2 ("linux_usbfs: Parse config descriptors during device
+initialization") introduced a regression for devices with multiple
+configurations. The logic that verifies the reported length of the
+configuration descriptors failed to count the length of the
+configuration descriptor itself and would truncate the actual length by
+9 bytes, leading to a parsing error for subsequent descriptors.
+
+Closes #825
+
+Signed-off-by: Chris Dickens <christopher.a.dickens@gmail.com>
+---
+ libusb/os/linux_usbfs.c | 12 ++++++++----
+ libusb/version_nano.h   |  2 +-
+ 2 files changed, 9 insertions(+), 5 deletions(-)
+
+--- a/libusb/os/linux_usbfs.c
++++ b/libusb/os/linux_usbfs.c
+@@ -641,7 +641,12 @@ static int seek_to_next_config(struct li
+ 	uint8_t *buffer, size_t len)
+ {
+ 	struct usbi_descriptor_header *header;
+-	int offset = 0;
++	int offset;
++
++	/* Start seeking past the config descriptor */
++	offset = LIBUSB_DT_CONFIG_SIZE;
++	buffer += LIBUSB_DT_CONFIG_SIZE;
++	len -= LIBUSB_DT_CONFIG_SIZE;
+ 
+ 	while (len > 0) {
+ 		if (len < 2) {
+@@ -718,7 +723,7 @@ static int parse_config_descriptors(stru
+ 		}
+ 
+ 		if (priv->sysfs_dir) {
+-			 /*
++			/*
+ 			 * In sysfs wTotalLength is ignored, instead the kernel returns a
+ 			 * config descriptor with verified bLength fields, with descriptors
+ 			 * with an invalid bLength removed.
+@@ -727,8 +732,7 @@ static int parse_config_descriptors(stru
+ 			int offset;
+ 
+ 			if (num_configs > 1 && idx < num_configs - 1) {
+-				offset = seek_to_next_config(ctx, buffer + LIBUSB_DT_CONFIG_SIZE,
+-							     remaining - LIBUSB_DT_CONFIG_SIZE);
++				offset = seek_to_next_config(ctx, buffer, remaining);
+ 				if (offset < 0)
+ 					return offset;
+ 				sysfs_config_len = (uint16_t)offset;
+--- a/libusb/version_nano.h
++++ b/libusb/version_nano.h
+@@ -1 +1 @@
+-#define LIBUSB_NANO 11585
++#define LIBUSB_NANO 11586

package/libs/mbedtls/Makefile

@@ -8,13 +8,13 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=mbedtls
-PKG_VERSION:=2.16.10
-PKG_RELEASE:=1
+PKG_VERSION:=2.16.11
+PKG_RELEASE:=$(AUTORELEASE)
 PKG_USE_MIPS16:=0
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=https://codeload.github.com/ARMmbed/mbedtls/tar.gz/v$(PKG_VERSION)?
-PKG_HASH:=96257bb03b30300b2f35f861ffe204ed957e9fd0329d80646fe57fc49f589b29
+PKG_HASH:=c18e7e9abf95e69e425260493720470021384a1728417042060a35d0b7b18b41
 
 PKG_BUILD_PARALLEL:=1
 PKG_LICENSE:=GPL-2.0-or-later

package/libs/openssl/Makefile

@@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=openssl
 PKG_BASE:=1.1.1
-PKG_BUGFIX:=k
+PKG_BUGFIX:=l
 PKG_VERSION:=$(PKG_BASE)$(PKG_BUGFIX)
 PKG_RELEASE:=1
 PKG_USE_MIPS16:=0
@@ -26,7 +26,7 @@ PKG_SOURCE_URL:= \
 	ftp://ftp.pca.dfn.de/pub/tools/net/openssl/source/ \
 	ftp://ftp.pca.dfn.de/pub/tools/net/openssl/source/old/$(PKG_BASE)/
 
-PKG_HASH:=892a0875b9872acd04a9fde79b1f943075d5ea162415de3047c327df33fbaee5
+PKG_HASH:=0b7a3e5e59c34827fe0c3a74b7ec8baef302b98fa80088d7f9153aa16fa76bd1
 
 PKG_LICENSE:=OpenSSL
 PKG_LICENSE_FILES:=LICENSE

package/libs/openssl/patches/410-eng_devcrypto-add-configuration-options.patch

@@ -1,4 +1,4 @@
-From 1c2fabcdb34e436286b4a8760cfbfbff11ea551a Mon Sep 17 00:00:00 2001
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
 From: Eneas U de Queiroz <cote2004-github@yahoo.com>
 Date: Sat, 3 Nov 2018 15:41:10 -0300
 Subject: eng_devcrypto: add configuration options
@@ -14,7 +14,6 @@ Reviewed-by: Richard Levitte <levitte@openssl.org>
 (Merged from https://github.com/openssl/openssl/pull/7585)
 
 diff --git a/crypto/engine/eng_devcrypto.c b/crypto/engine/eng_devcrypto.c
-index a2c9a966f7..5ec38ca8f3 100644
 --- a/crypto/engine/eng_devcrypto.c
 +++ b/crypto/engine/eng_devcrypto.c
 @@ -16,6 +16,7 @@
@@ -558,7 +557,7 @@ index a2c9a966f7..5ec38ca8f3 100644
  /******************************************************************************
   *
   * LOAD / UNLOAD
-@@ -793,6 +1109,8 @@ void engine_load_devcrypto_int()
+@@ -806,6 +1122,8 @@ void engine_load_devcrypto_int()
  
      if (!ENGINE_set_id(e, "devcrypto")
          || !ENGINE_set_name(e, "/dev/crypto engine")

package/libs/wolfssl/Makefile

@@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=wolfssl
 PKG_VERSION:=4.7.0-stable
-PKG_RELEASE:=1
+PKG_RELEASE:=2
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=https://github.com/wolfSSL/wolfssl/archive/v$(PKG_VERSION)

package/libs/wolfssl/patches/200-ecc-rng.patch

@@ -0,0 +1,50 @@
+Since commit 6467de5a8840 ("Randomize z ordinates in scalar
+mult when timing resistant") wolfssl requires a RNG for an EC
+key when the hardened built option is selected.
+
+wc_ecc_set_rng is only available when built hardened, so there
+is no safe way to install the RNG to the key regardless whether
+or not wolfssl is compiled hardened.
+
+Always export wc_ecc_set_rng so tools such as hostapd can install
+RNG regardless of the built settings for wolfssl.
+
+--- a/wolfcrypt/src/ecc.c
++++ b/wolfcrypt/src/ecc.c
+@@ -10293,21 +10293,21 @@ void wc_ecc_fp_free(void)
+ 
+ #endif /* FP_ECC */
+ 
+-#ifdef ECC_TIMING_RESISTANT
+ int wc_ecc_set_rng(ecc_key* key, WC_RNG* rng)
+ {
+     int err = 0;
+ 
++#ifdef ECC_TIMING_RESISTANT
+     if (key == NULL) {
+         err = BAD_FUNC_ARG;
+     }
+     else {
+         key->rng = rng;
+     }
++#endif
+ 
+     return err;
+ }
+-#endif
+ 
+ #ifdef HAVE_ECC_ENCRYPT
+ 
+--- a/wolfssl/wolfcrypt/ecc.h
++++ b/wolfssl/wolfcrypt/ecc.h
+@@ -584,10 +584,8 @@ WOLFSSL_API
+ void wc_ecc_fp_free(void);
+ WOLFSSL_LOCAL
+ void wc_ecc_fp_init(void);
+-#ifdef ECC_TIMING_RESISTANT
+ WOLFSSL_API
+ int wc_ecc_set_rng(ecc_key* key, WC_RNG* rng);
+-#endif
+ 
+ WOLFSSL_API
+ int wc_ecc_set_curve(ecc_key* key, int keysize, int curve_id);

package/network/config/netifd/Makefile

@@ -5,9 +5,9 @@ PKG_RELEASE:=1
 
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL=$(PROJECT_GIT)/project/netifd.git
-PKG_SOURCE_DATE:=2021-05-26
-PKG_SOURCE_VERSION:=899c2a4520526d43113f73cf673f20e2486a40fb
-PKG_MIRROR_HASH:=354905192b30af88ea953241ed332555e67cdb7e3b54dd139250bf1e6ad3a709
+PKG_SOURCE_DATE:=2021-07-26
+PKG_SOURCE_VERSION:=440eb0647708274cc8d7d9e7c2bb0cfdfba90023
+PKG_MIRROR_HASH:=eed957036ab608fdc49bdf801fc5b4405fcd2a3a5e5d3343ec39898e156c10e9
 PKG_MAINTAINER:=Felix Fietkau <nbd@nbd.name>
 
 PKG_LICENSE:=GPL-2.0

package/network/config/qos-scripts/Makefile

@@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=qos-scripts
 PKG_VERSION:=1.3.1
-PKG_RELEASE:=2
+PKG_RELEASE:=$(AUTORELEASE)
 PKG_LICENSE:=GPL-2.0
 
 PKG_MAINTAINER:=Felix Fietkau <nbd@nbd.name>

package/network/config/qos-scripts/files/usr/lib/qos/generate.sh

@@ -326,7 +326,8 @@ start_interface() {
 			append cstr "$classnr:$prio:$avgrate:$pktsize:$pktdelay:$maxrate:$qdisc:$filter" "$N"
 		done
 		append ${prefix}q "$(tcrules)" "$N"
-		export dev_${dir}="ip link set $dev up >&- 2>&-
+		export dev_${dir}="ip link add ${dev} type ifb >&- 2>&-
+ip link set $dev up >&- 2>&-
 tc qdisc del dev $dev root >&- 2>&-
 tc qdisc add dev $dev root handle 1: hfsc default ${class_default}0
 tc class add dev $dev parent 1: classid 1:1 hfsc sc rate ${rate}kbit ul rate ${rate}kbit"

package/network/services/dnsmasq/files/dnsmasq.init

@@ -19,6 +19,7 @@ BASEDHCPSTAMPFILE="/var/run/dnsmasq"
 DHCPBOGUSHOSTNAMEFILE="/usr/share/dnsmasq/dhcpbogushostname.conf"
 RFC6761FILE="/usr/share/dnsmasq/rfc6761.conf"
 DHCPSCRIPT="/usr/lib/dnsmasq/dhcp-script.sh"
+DHCPSCRIPT_DEPENDS="/usr/share/libubox/jshn.sh /usr/bin/jshn /bin/ubus"
 
 DNSMASQ_DHCP_VER=4
 
@@ -161,7 +162,7 @@ append_server() {
 }
 
 append_rev_server() {
-        xappend "--rev-server=$1"
+	xappend "--rev-server=$1"
 }
 
 append_address() {
@@ -186,7 +187,22 @@ append_notinterface() {
 	xappend "--except-interface=$ifname"
 }
 
+ismounted() {
+	local filename="$1"
+	local dirname
+	for dirname in $EXTRA_MOUNT ; do
+		case "$filename" in
+			"${dirname}/"* | "${dirname}" )
+				return 1
+				;;
+		esac
+	done
+
+	return 0
+}
+
 append_addnhosts() {
+	ismounted "$1" || append EXTRA_MOUNT "$1"
 	xappend "--addn-hosts=$1"
 }
 
@@ -801,9 +817,10 @@ dnsmasq_start()
 	config_get_bool disabled "$cfg" disabled 0
 	[ "$disabled" -gt 0 ] && return 0
 
-	# reset list of DOMAINS and DNS servers (for each dnsmasq instance)
+	# reset list of DOMAINS, DNS servers and EXTRA mounts (for each dnsmasq instance)
 	DNS_SERVERS=""
 	DOMAIN=""
+	EXTRA_MOUNT=""
 	CONFIGFILE="${BASECONFIGFILE}.${cfg}"
 	CONFIGFILE_TMP="${CONFIGFILE}.$$"
 	HOSTFILE="${BASEHOSTFILE}.${cfg}"
@@ -878,8 +895,16 @@ dnsmasq_start()
 	append_bool "$cfg" noresolv "--no-resolv"
 	append_bool "$cfg" localise_queries "--localise-queries"
 	append_bool "$cfg" readethers "--read-ethers"
-	append_bool "$cfg" dbus "--enable-dbus"
-	append_bool "$cfg" ubus "--enable-ubus"	1
+
+	local instance_name="dnsmasq.$cfg"
+	if [ "$cfg" = "$DEFAULT_INSTANCE" ]; then
+		instance_name="dnsmasq"
+	fi
+	config_get_bool dbus "$cfg" "dbus" 0
+	[ $dbus -gt 0 ] && xappend "--enable-dbus=uk.org.thekelleys.$instance_name"
+	config_get_bool ubus "$cfg" "ubus" 1
+	[ $ubus -gt 0 ] && xappend "--enable-ubus=$instance_name"
+
 	append_bool "$cfg" expandhosts "--expand-hosts"
 	config_get tftp_root "$cfg" "tftp_root"
 	[ -n "$tftp_root" ] && mkdir -p "$tftp_root" && append_bool "$cfg" enable_tftp "--enable-tftp"
@@ -907,7 +932,7 @@ dnsmasq_start()
 	append_parm "$cfg" "minport" "--min-port"
 	append_parm "$cfg" "maxport" "--max-port"
 	append_parm "$cfg" "domain" "--domain"
-	append_parm "$cfg" "local" "--server"
+	append_parm "$cfg" "local" "--local"
 	config_list_foreach "$cfg" "listen_address" append_listenaddress
 	config_list_foreach "$cfg" "server" append_server
 	config_list_foreach "$cfg" "rev_server" append_rev_server
@@ -917,6 +942,14 @@ dnsmasq_start()
 		config_list_foreach "$cfg" "interface" append_interface
 		config_list_foreach "$cfg" "notinterface" append_notinterface
 	}
+	config_get_bool ignore_hosts_dir "$cfg" ignore_hosts_dir 0
+	if [ "$ignore_hosts_dir" = "1" ]; then
+		xappend "--addn-hosts=$HOSTFILE"
+		append EXTRA_MOUNT "$HOSTFILE"
+	else
+		xappend "--addn-hosts=$(dirname $HOSTFILE)"
+		append EXTRA_MOUNT "$(dirname $HOSTFILE)"
+	fi
 	config_list_foreach "$cfg" "addnhosts" append_addnhosts
 	config_list_foreach "$cfg" "bogusnxdomain" append_bogusnxdomain
 	append_parm "$cfg" "leasefile" "--dhcp-leasefile" "/tmp/dhcp.leases"
@@ -1012,7 +1045,6 @@ dnsmasq_start()
 
 	xappend "--dhcp-broadcast=tag:needs-broadcast"
 
-	xappend "--addn-hosts=$(dirname $HOSTFILE)"
 
 	config_get dnsmasqconfdir "$cfg" confdir "/tmp/dnsmasq.d"
 	xappend "--conf-dir=$dnsmasqconfdir"
@@ -1106,7 +1138,10 @@ dnsmasq_start()
 	procd_set_param respawn
 
 	procd_add_jail dnsmasq ubus log
-	procd_add_jail_mount $CONFIGFILE $TRUSTANCHORSFILE $HOSTFILE $RFC6761FILE $DHCPBOGUSHOSTNAMEFILE /etc/passwd /etc/group /etc/TZ /dev/null /dev/urandom $dnsmasqconffile $dnsmasqconfdir $resolvdir $user_dhcpscript /etc/hosts /etc/ethers /sbin/hotplug-call $EXTRA_MOUNT $DHCPSCRIPT
+	procd_add_jail_mount $CONFIGFILE $DHCPBOGUSHOSTNAMEFILE $DHCPSCRIPT $DHCPSCRIPT_DEPENDS
+	procd_add_jail_mount $EXTRA_MOUNT $RFC6761FILE $TRUSTANCHORSFILE
+	procd_add_jail_mount $dnsmasqconffile $dnsmasqconfdir $resolvdir $user_dhcpscript
+	procd_add_jail_mount /etc/passwd /etc/group /etc/TZ /etc/hosts /etc/ethers
 	procd_add_jail_mount_rw /var/run/dnsmasq/ $leasefile
 
 	procd_close_instance
@@ -1155,6 +1190,7 @@ boot()
 start_service() {
 	local instance="$1"
 	local instance_found=0
+	local first_instance=""
 
 	. /lib/functions/network.sh
 
@@ -1165,10 +1201,27 @@ start_service() {
 			if [ -n "$instance" ] && [ "$instance" = "$name" ]; then
 				instance_found=1
 			fi
+			if [ -z "$DEFAULT_INSTANCE" ]; then
+				local disabled
+				config_get_bool disabled "$name" disabled 0
+				if [ "$disabled" -eq 0 ]; then
+					# First enabled section will be assigned default instance name.
+					# Unnamed sections get precedence over named sections.
+					if expr "$cfg" : 'cfg[0-9a-f]*$' >/dev/null = "9"; then # See uci_fixup_section.
+						DEFAULT_INSTANCE="$name" # Unnamed config section.
+					elif [ -z "$first_instance" ]; then
+						first_instance="$name"
+					fi
+				fi
+			fi
 		fi
 	}
 
+	DEFAULT_INSTANCE=""
 	config_load dhcp
+	if [ -z "$DEFAULT_INSTANCE" ]; then
+		DEFAULT_INSTANCE="$first_instance" # No unnamed config section was found.
+	fi
 
 	if [ -n "$instance" ]; then
 		[ "$instance_found" -gt 0 ] || return

package/network/services/hostapd/Makefile

@@ -7,7 +7,7 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=hostapd
-PKG_RELEASE:=32
+PKG_RELEASE:=35
 
 PKG_SOURCE_URL:=http://w1.fi/hostap.git
 PKG_SOURCE_PROTO:=git

package/network/services/hostapd/files/hostapd.sh

@@ -92,7 +92,7 @@ hostapd_common_add_device_config() {
 	config_add_array basic_rate
 	config_add_array supported_rates
 
-	config_add_string country
+	config_add_string country country3
 	config_add_boolean country_ie doth
 	config_add_boolean spectrum_mgmt_required
 	config_add_int local_pwr_constraint
@@ -114,7 +114,7 @@ hostapd_prepare_device_config() {
 
 	local base_cfg=
 
-	json_get_vars country country_ie beacon_int:100 dtim_period:2 doth require_mode legacy_rates \
+	json_get_vars country country3 country_ie beacon_int:100 dtim_period:2 doth require_mode legacy_rates \
 		acs_chan_bias local_pwr_constraint spectrum_mgmt_required airtime_mode cell_density
 
 	hostapd_set_log_options base_cfg
@@ -128,6 +128,7 @@ hostapd_prepare_device_config() {
 
 	[ -n "$country" ] && {
 		append base_cfg "country_code=$country" "$N"
+		[ -n "$country3" ] && append base_cfg "country3=$country3" "$N"
 
 		[ "$country_ie" -gt 0 ] && {
 			append base_cfg "ieee80211d=1" "$N"
@@ -251,6 +252,8 @@ hostapd_common_add_bss_config() {
 	config_add_int acct_port
 	config_add_int acct_interval
 
+	config_add_int bss_load_update_period chan_util_avg_period
+
 	config_add_string dae_client
 	config_add_string dae_secret
 	config_add_int dae_port
@@ -281,7 +284,7 @@ hostapd_common_add_bss_config() {
 	config_add_string wps_device_type wps_device_name wps_manufacturer wps_pin
 	config_add_string multi_ap_backhaul_ssid multi_ap_backhaul_key
 
-	config_add_boolean wnm_sleep_mode bss_transition
+	config_add_boolean wnm_sleep_mode wnm_sleep_mode_no_keys bss_transition
 	config_add_int time_advertisement
 	config_add_string time_zone
 
@@ -703,13 +706,17 @@ hostapd_set_bss_options() {
 		append bss_conf "iapp_interface=$ifname" "$N"
 	}
 
-	json_get_vars time_advertisement time_zone wnm_sleep_mode bss_transition
+	json_get_vars time_advertisement time_zone wnm_sleep_mode wnm_sleep_mode_no_keys bss_transition
 	set_default bss_transition 0
 	set_default wnm_sleep_mode 0
+	set_default wnm_sleep_mode_no_keys 0
 
 	[ -n "$time_advertisement" ] && append bss_conf "time_advertisement=$time_advertisement" "$N"
 	[ -n "$time_zone" ] && append bss_conf "time_zone=$time_zone" "$N"
-	[ "$wnm_sleep_mode" -eq "1" ] && append bss_conf "wnm_sleep_mode=1" "$N"
+	if [ "$wnm_sleep_mode" -eq "1" ]; then
+		append bss_conf "wnm_sleep_mode=1" "$N"
+		[ "$wnm_sleep_mode_no_keys" -eq "1" ] && append bss_conf "wnm_sleep_mode_no_keys=1" "$N"
+	fi
 	[ "$bss_transition" -eq "1" ] && append bss_conf "bss_transition=1" "$N"
 
 	json_get_vars ieee80211k rrm_neighbor_report rrm_beacon_report

package/network/services/hostapd/patches/802-wolfssl-init-RNG-with-ECC-key.patch

@@ -0,0 +1,48 @@
+From 21ce83b4ae2b9563175fdb4fc4312096cc399cf8 Mon Sep 17 00:00:00 2001
+From: David Bauer <mail@david-bauer.net>
+Date: Wed, 5 May 2021 00:44:34 +0200
+Subject: [PATCH] wolfssl: add RNG to EC key
+
+Since upstream commit 6467de5a8840 ("Randomize z ordinates in
+scalar mult when timing resistant") WolfSSL requires a RNG for
+the EC key when built hardened which is the default.
+
+Set the RNG for the EC key to fix connections for OWE clients.
+
+Signed-off-by: David Bauer <mail@david-bauer.net>
+---
+ src/crypto/crypto_wolfssl.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/src/crypto/crypto_wolfssl.c b/src/crypto/crypto_wolfssl.c
+index 2e4bf8962..ed2528159 100644
+--- a/src/crypto/crypto_wolfssl.c
++++ b/src/crypto/crypto_wolfssl.c
+@@ -1303,6 +1303,7 @@ int ecc_projective_add_point(ecc_point *P, ecc_point *Q, ecc_point *R,
+ 
+ struct crypto_ec {
+ 	ecc_key key;
++	WC_RNG rng;
+ 	mp_int a;
+ 	mp_int prime;
+ 	mp_int order;
+@@ -1357,6 +1358,8 @@ struct crypto_ec * crypto_ec_init(int group)
+ 		return NULL;
+ 
+ 	if (wc_ecc_init(&e->key) != 0 ||
++	    wc_InitRng(&e->rng) != 0 ||
++	    wc_ecc_set_rng(&e->key, &e->rng) != 0 ||
+ 	    wc_ecc_set_curve(&e->key, 0, curve_id) != 0 ||
+ 	    mp_init(&e->a) != MP_OKAY ||
+ 	    mp_init(&e->prime) != MP_OKAY ||
+@@ -1388,6 +1391,7 @@ void crypto_ec_deinit(struct crypto_ec* e)
+ 	mp_clear(&e->order);
+ 	mp_clear(&e->prime);
+ 	mp_clear(&e->a);
++	wc_FreeRng(&e->rng);
+ 	wc_ecc_free(&e->key);
+ 	os_free(e);
+ }
+-- 
+2.31.1
+

package/network/services/odhcpd/Makefile

@@ -12,9 +12,9 @@ PKG_RELEASE:=$(AUTORELEASE)
 
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL=$(PROJECT_GIT)/project/odhcpd.git
-PKG_SOURCE_DATE:=2021-01-06
-PKG_SOURCE_VERSION:=8d8a8cd35137ff0fa11b6be455fdd596a8d7d2e9
-PKG_MIRROR_HASH:=7149b4a434a35c1e64b20c708c0abbd381e034a2a1b4fbc1b7da0b039568b5b5
+PKG_SOURCE_DATE:=2021-07-18
+PKG_SOURCE_VERSION:=bc9d317f2921ae6b529f2c9f8de79b75992e206f
+PKG_MIRROR_HASH:=be96c4984821b8af95bfee1a29c082bb9eaa052cd3e03d8632ff02afd2debc81
 
 PKG_MAINTAINER:=Hans Dedecker <dedeckeh@gmail.com>
 PKG_LICENSE:=GPL-2.0

package/network/utils/comgt/files/3g.usb

@@ -23,6 +23,8 @@ find_3g_iface() {
 	fi
 }
 
+[ "$ACTION" = add ] || [ "$ACTION" = remove ] || exit 0
+
 case "$DEVICENAME" in
 	tty*)
 		[ -e "/dev/$DEVICENAME" ] || [ "$ACTION" = remove ] || exit 0

package/network/utils/iw/Makefile

@@ -8,12 +8,13 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=iw
-PKG_VERSION:=5.9
-PKG_RELEASE:=1
+PKG_VERSION:=5.9-8fab0c9e
+PKG_RELEASE:=$(AUTORELEASE)
 
-PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
-PKG_SOURCE_URL:=@KERNEL/software/network/iw
-PKG_HASH:=293a07109aeb7e36267cf59e3ce52857e9ffae3a6666eb8ac77894b1839fe1f2
+PKG_SOURCE_PROTO:=git
+PKG_SOURCE_URL:=https://git.kernel.org/pub/scm/linux/kernel/git/jberg/iw.git
+PKG_SOURCE_VERSION:=8fab0c9ee9db217587a58efcc37421c86edcb638
+PKG_MIRROR_HASH:=797b322bc03952f3127ae0a7da476c14ada1bbe9a9ae234a56dd6f864c568e16
 
 PKG_MAINTAINER:=Felix Fietkau <nbd@nbd.name>
 PKG_LICENSE:=GPL-2.0

package/network/utils/iw/patches/001-nl80211_h_sync.patch

@@ -1,9 +1,99 @@
 --- a/nl80211.h
 +++ b/nl80211.h
-@@ -2527,6 +2527,13 @@ enum nl80211_commands {
+@@ -655,6 +655,9 @@
+  *	When a security association was established on an 802.1X network using
+  *	fast transition, this event should be followed by an
+  *	%NL80211_CMD_PORT_AUTHORIZED event.
++ *	Following a %NL80211_CMD_ROAM event userspace can issue
++ *	%NL80211_CMD_GET_SCAN in order to obtain the scan information for the
++ *	new BSS the card/driver roamed to.
+  * @NL80211_CMD_DISCONNECT: drop a given connection; also used to notify
+  *	userspace that a connection was dropped by the AP or due to other
+  *	reasons, for this the %NL80211_ATTR_DISCONNECTED_BY_AP and
+@@ -757,7 +760,8 @@
+  *	of any other interfaces, and other interfaces will again take
+  *	precedence when they are used.
+  *
+- * @NL80211_CMD_SET_WDS_PEER: Set the MAC address of the peer on a WDS interface.
++ * @NL80211_CMD_SET_WDS_PEER: Set the MAC address of the peer on a WDS interface
++ *	(no longer supported).
+  *
+  * @NL80211_CMD_SET_MULTICAST_TO_UNICAST: Configure if this AP should perform
+  *	multicast to unicast conversion. When enabled, all multicast packets
+@@ -1177,6 +1181,10 @@
+  *	includes the contents of the frame. %NL80211_ATTR_ACK flag is included
+  *	if the recipient acknowledged the frame.
+  *
++ * @NL80211_CMD_SET_SAR_SPECS: SAR power limitation configuration is
++ *	passed using %NL80211_ATTR_SAR_SPEC. %NL80211_ATTR_WIPHY is used to
++ *	specify the wiphy index to be applied to.
++ *
+  * @NL80211_CMD_MAX: highest used command number
+  * @__NL80211_CMD_AFTER_LAST: internal use
+  */
+@@ -1407,6 +1415,8 @@ enum nl80211_commands {
+ 
+ 	NL80211_CMD_CONTROL_PORT_FRAME_TX_STATUS,
+ 
++	NL80211_CMD_SET_SAR_SPECS,
++
+ 	/* add new commands above here */
+ 
+ 	/* used to define NL80211_CMD_MAX below */
+@@ -1750,8 +1760,9 @@ enum nl80211_commands {
+  *	specify just a single bitrate, which is to be used for the beacon.
+  *	The driver must also specify support for this with the extended
+  *	features NL80211_EXT_FEATURE_BEACON_RATE_LEGACY,
+- *	NL80211_EXT_FEATURE_BEACON_RATE_HT and
+- *	NL80211_EXT_FEATURE_BEACON_RATE_VHT.
++ *	NL80211_EXT_FEATURE_BEACON_RATE_HT,
++ *	NL80211_EXT_FEATURE_BEACON_RATE_VHT and
++ *	NL80211_EXT_FEATURE_BEACON_RATE_HE.
+  *
+  * @NL80211_ATTR_FRAME_MATCH: A binary attribute which typically must contain
+  *	at least one byte, currently used with @NL80211_CMD_REGISTER_FRAME.
+@@ -1955,8 +1966,15 @@ enum nl80211_commands {
+  * @NL80211_ATTR_PROBE_RESP: Probe Response template data. Contains the entire
+  *	probe-response frame. The DA field in the 802.11 header is zero-ed out,
+  *	to be filled by the FW.
+- * @NL80211_ATTR_DISABLE_HT:  Force HT capable interfaces to disable
+- *      this feature.  Currently, only supported in mac80211 drivers.
++ * @NL80211_ATTR_DISABLE_HT: Force HT capable interfaces to disable
++ *      this feature during association. This is a flag attribute.
++ *	Currently only supported in mac80211 drivers.
++ * @NL80211_ATTR_DISABLE_VHT: Force VHT capable interfaces to disable
++ *      this feature during association. This is a flag attribute.
++ *	Currently only supported in mac80211 drivers.
++ * @NL80211_ATTR_DISABLE_HE: Force HE capable interfaces to disable
++ *      this feature during association. This is a flag attribute.
++ *	Currently only supported in mac80211 drivers.
+  * @NL80211_ATTR_HT_CAPABILITY_MASK: Specify which bits of the
+  *      ATTR_HT_CAPABILITY to which attention should be paid.
+  *      Currently, only mac80211 NICs support this feature.
+@@ -2077,7 +2095,8 @@ enum nl80211_commands {
+  *	until the channel switch event.
+  * @NL80211_ATTR_CH_SWITCH_BLOCK_TX: flag attribute specifying that transmission
+  *	must be blocked on the current channel (before the channel switch
+- *	operation).
++ *	operation). Also included in the channel switch started event if quiet
++ *	was requested by the AP.
+  * @NL80211_ATTR_CSA_IES: Nested set of attributes containing the IE information
+  *	for the time while performing a channel switch.
+  * @NL80211_ATTR_CNTDWN_OFFS_BEACON: An array of offsets (u16) to the channel
+@@ -2527,6 +2546,23 @@ enum nl80211_commands {
   *	override mask. Used with NL80211_ATTR_S1G_CAPABILITY in
   *	NL80211_CMD_ASSOCIATE or NL80211_CMD_CONNECT.
   *
++ * @NL80211_ATTR_SAE_PWE: Indicates the mechanism(s) allowed for SAE PWE
++ *	derivation in WPA3-Personal networks which are using SAE authentication.
++ *	This is a u8 attribute that encapsulates one of the values from
++ *	&enum nl80211_sae_pwe_mechanism.
++ *
++ * @NL80211_ATTR_SAR_SPEC: SAR power limitation specification when
++ *	used with %NL80211_CMD_SET_SAR_SPECS. The message contains fields
++ *	of %nl80211_sar_attrs which specifies the sar type and related
++ *	sar specs. Sar specs contains array of %nl80211_sar_specs_attrs.
++ *
 + * @NL80211_ATTR_RECONNECT_REQUESTED: flag attribute, used with deauth and
 + *	disassoc events to indicate that an immediate reconnect to the AP
 + *	is desired.
@@ -14,14 +104,199 @@
   * @NUM_NL80211_ATTR: total number of nl80211_attrs available
   * @NL80211_ATTR_MAX: highest attribute number currently defined
   * @__NL80211_ATTR_AFTER_LAST: internal use
-@@ -3016,6 +3023,10 @@ enum nl80211_attrs {
+@@ -3016,6 +3052,16 @@ enum nl80211_attrs {
  	NL80211_ATTR_S1G_CAPABILITY,
  	NL80211_ATTR_S1G_CAPABILITY_MASK,
  
++	NL80211_ATTR_SAE_PWE,
++
 +	NL80211_ATTR_RECONNECT_REQUESTED,
 +
++	NL80211_ATTR_SAR_SPEC,
++
++	NL80211_ATTR_DISABLE_HE,
++
 +	NL80211_ATTR_WIPHY_ANTENNA_GAIN,
 +
  	/* add attributes here, update the policy in nl80211.c */
  
  	__NL80211_ATTR_AFTER_LAST,
+@@ -5896,6 +5942,19 @@ enum nl80211_feature_flags {
+  * @NL80211_EXT_FEATURE_UNSOL_BCAST_PROBE_RESP: Driver/device supports
+  *	unsolicited broadcast probe response transmission
+  *
++ * @NL80211_EXT_FEATURE_BEACON_RATE_HE: Driver supports beacon rate
++ *	configuration (AP/mesh) with HE rates.
++ *
++ * @NL80211_EXT_FEATURE_SECURE_LTF: Device supports secure LTF measurement
++ *      exchange protocol.
++ *
++ * @NL80211_EXT_FEATURE_SECURE_RTT: Device supports secure RTT measurement
++ *      exchange protocol.
++ *
++ * @NL80211_EXT_FEATURE_PROT_RANGE_NEGO_AND_MEASURE: Device supports management
++ *      frame protection for all management frames exchanged during the
++ *      negotiation and range measurement procedure.
++ *
+  * @NUM_NL80211_EXT_FEATURES: number of extended features.
+  * @MAX_NL80211_EXT_FEATURES: highest extended feature index.
+  */
+@@ -5956,6 +6015,10 @@ enum nl80211_ext_feature_index {
+ 	NL80211_EXT_FEATURE_SAE_OFFLOAD_AP,
+ 	NL80211_EXT_FEATURE_FILS_DISCOVERY,
+ 	NL80211_EXT_FEATURE_UNSOL_BCAST_PROBE_RESP,
++	NL80211_EXT_FEATURE_BEACON_RATE_HE,
++	NL80211_EXT_FEATURE_SECURE_LTF,
++	NL80211_EXT_FEATURE_SECURE_RTT,
++	NL80211_EXT_FEATURE_PROT_RANGE_NEGO_AND_MEASURE,
+ 
+ 	/* add new features before the definition below */
+ 	NUM_NL80211_EXT_FEATURES,
+@@ -6253,11 +6316,13 @@ struct nl80211_vendor_cmd_info {
+  * @NL80211_TDLS_PEER_HT: TDLS peer is HT capable.
+  * @NL80211_TDLS_PEER_VHT: TDLS peer is VHT capable.
+  * @NL80211_TDLS_PEER_WMM: TDLS peer is WMM capable.
++ * @NL80211_TDLS_PEER_HE: TDLS peer is HE capable.
+  */
+ enum nl80211_tdls_peer_capability {
+ 	NL80211_TDLS_PEER_HT = 1<<0,
+ 	NL80211_TDLS_PEER_VHT = 1<<1,
+ 	NL80211_TDLS_PEER_WMM = 1<<2,
++	NL80211_TDLS_PEER_HE = 1<<3,
+ };
+ 
+ /**
+@@ -6849,6 +6914,9 @@ enum nl80211_peer_measurement_ftm_capa {
+  *      if neither %NL80211_PMSR_FTM_REQ_ATTR_TRIGGER_BASED nor
+  *	%NL80211_PMSR_FTM_REQ_ATTR_NON_TRIGGER_BASED is set, EDCA based
+  *	ranging will be used.
++ * @NL80211_PMSR_FTM_REQ_ATTR_LMR_FEEDBACK: negotiate for LMR feedback. Only
++ *	valid if either %NL80211_PMSR_FTM_REQ_ATTR_TRIGGER_BASED or
++ *	%NL80211_PMSR_FTM_REQ_ATTR_NON_TRIGGER_BASED is set.
+  *
+  * @NUM_NL80211_PMSR_FTM_REQ_ATTR: internal
+  * @NL80211_PMSR_FTM_REQ_ATTR_MAX: highest attribute number
+@@ -6867,6 +6935,7 @@ enum nl80211_peer_measurement_ftm_req {
+ 	NL80211_PMSR_FTM_REQ_ATTR_REQUEST_CIVICLOC,
+ 	NL80211_PMSR_FTM_REQ_ATTR_TRIGGER_BASED,
+ 	NL80211_PMSR_FTM_REQ_ATTR_NON_TRIGGER_BASED,
++	NL80211_PMSR_FTM_REQ_ATTR_LMR_FEEDBACK,
+ 
+ 	/* keep last */
+ 	NUM_NL80211_PMSR_FTM_REQ_ATTR,
+@@ -7124,4 +7193,115 @@ enum nl80211_unsol_bcast_probe_resp_attr
+ 	NL80211_UNSOL_BCAST_PROBE_RESP_ATTR_MAX =
+ 		__NL80211_UNSOL_BCAST_PROBE_RESP_ATTR_LAST - 1
+ };
++
++/**
++ * enum nl80211_sae_pwe_mechanism - The mechanism(s) allowed for SAE PWE
++ *	derivation. Applicable only when WPA3-Personal SAE authentication is
++ *	used.
++ *
++ * @NL80211_SAE_PWE_UNSPECIFIED: not specified, used internally to indicate that
++ *	attribute is not present from userspace.
++ * @NL80211_SAE_PWE_HUNT_AND_PECK: hunting-and-pecking loop only
++ * @NL80211_SAE_PWE_HASH_TO_ELEMENT: hash-to-element only
++ * @NL80211_SAE_PWE_BOTH: both hunting-and-pecking loop and hash-to-element
++ *	can be used.
++ */
++enum nl80211_sae_pwe_mechanism {
++	NL80211_SAE_PWE_UNSPECIFIED,
++	NL80211_SAE_PWE_HUNT_AND_PECK,
++	NL80211_SAE_PWE_HASH_TO_ELEMENT,
++	NL80211_SAE_PWE_BOTH,
++};
++
++/**
++ * enum nl80211_sar_type - type of SAR specs
++ *
++ * @NL80211_SAR_TYPE_POWER: power limitation specified in 0.25dBm unit
++ *
++ */
++enum nl80211_sar_type {
++	NL80211_SAR_TYPE_POWER,
++
++	/* add new type here */
++
++	/* Keep last */
++	NUM_NL80211_SAR_TYPE,
++};
++
++/**
++ * enum nl80211_sar_attrs - Attributes for SAR spec
++ *
++ * @NL80211_SAR_ATTR_TYPE: the SAR type as defined in &enum nl80211_sar_type.
++ *
++ * @NL80211_SAR_ATTR_SPECS: Nested array of SAR power
++ *	limit specifications. Each specification contains a set
++ *	of %nl80211_sar_specs_attrs.
++ *
++ *	For SET operation, it contains array of %NL80211_SAR_ATTR_SPECS_POWER
++ *	and %NL80211_SAR_ATTR_SPECS_RANGE_INDEX.
++ *
++ *	For sar_capa dump, it contains array of
++ *	%NL80211_SAR_ATTR_SPECS_START_FREQ
++ *	and %NL80211_SAR_ATTR_SPECS_END_FREQ.
++ *
++ * @__NL80211_SAR_ATTR_LAST: Internal
++ * @NL80211_SAR_ATTR_MAX: highest sar attribute
++ *
++ * These attributes are used with %NL80211_CMD_SET_SAR_SPEC
++ */
++enum nl80211_sar_attrs {
++	__NL80211_SAR_ATTR_INVALID,
++
++	NL80211_SAR_ATTR_TYPE,
++	NL80211_SAR_ATTR_SPECS,
++
++	__NL80211_SAR_ATTR_LAST,
++	NL80211_SAR_ATTR_MAX = __NL80211_SAR_ATTR_LAST - 1,
++};
++
++/**
++ * enum nl80211_sar_specs_attrs - Attributes for SAR power limit specs
++ *
++ * @NL80211_SAR_ATTR_SPECS_POWER: Required (s32)value to specify the actual
++ *	power limit value in units of 0.25 dBm if type is
++ *	NL80211_SAR_TYPE_POWER. (i.e., a value of 44 represents 11 dBm).
++ *	0 means userspace doesn't have SAR limitation on this associated range.
++ *
++ * @NL80211_SAR_ATTR_SPECS_RANGE_INDEX: Required (u32) value to specify the
++ *	index of exported freq range table and the associated power limitation
++ *	is applied to this range.
++ *
++ *	Userspace isn't required to set all the ranges advertised by WLAN driver,
++ *	and userspace can skip some certain ranges. These skipped ranges don't
++ *	have SAR limitations, and they are same as setting the
++ *	%NL80211_SAR_ATTR_SPECS_POWER to any unreasonable high value because any
++ *	value higher than regulatory allowed value just means SAR power
++ *	limitation is removed, but it's required to set at least one range.
++ *	It's not allowed to set duplicated range in one SET operation.
++ *
++ *	Every SET operation overwrites previous SET operation.
++ *
++ * @NL80211_SAR_ATTR_SPECS_START_FREQ: Required (u32) value to specify the start
++ *	frequency of this range edge when registering SAR capability to wiphy.
++ *	It's not a channel center frequency. The unit is kHz.
++ *
++ * @NL80211_SAR_ATTR_SPECS_END_FREQ: Required (u32) value to specify the end
++ *	frequency of this range edge when registering SAR capability to wiphy.
++ *	It's not a channel center frequency. The unit is kHz.
++ *
++ * @__NL80211_SAR_ATTR_SPECS_LAST: Internal
++ * @NL80211_SAR_ATTR_SPECS_MAX: highest sar specs attribute
++ */
++enum nl80211_sar_specs_attrs {
++	__NL80211_SAR_ATTR_SPECS_INVALID,
++
++	NL80211_SAR_ATTR_SPECS_POWER,
++	NL80211_SAR_ATTR_SPECS_RANGE_INDEX,
++	NL80211_SAR_ATTR_SPECS_START_FREQ,
++	NL80211_SAR_ATTR_SPECS_END_FREQ,
++
++	__NL80211_SAR_ATTR_SPECS_LAST,
++	NL80211_SAR_ATTR_SPECS_MAX = __NL80211_SAR_ATTR_SPECS_LAST - 1,
++};
++
+ #endif /* __LINUX_NL80211_H */

package/network/utils/iw/patches/200-reduce_size.patch

@@ -1,6 +1,6 @@
 --- a/event.c
 +++ b/event.c
-@@ -944,6 +944,7 @@ static int print_event(struct nl_msg *ms
+@@ -956,6 +956,7 @@ static int print_event(struct nl_msg *ms
  	}
  
  	switch (gnlh->cmd) {
@@ -8,7 +8,7 @@
  	case NL80211_CMD_NEW_WIPHY:
  		printf("renamed to %s\n", nla_get_string(tb[NL80211_ATTR_WIPHY_NAME]));
  		break;
-@@ -979,6 +980,7 @@ static int print_event(struct nl_msg *ms
+@@ -991,6 +992,7 @@ static int print_event(struct nl_msg *ms
  	case NL80211_CMD_SCHED_SCAN_RESULTS:
  		printf("got scheduled scan results\n");
  		break;
@@ -16,7 +16,7 @@
  	case NL80211_CMD_WIPHY_REG_CHANGE:
  	case NL80211_CMD_REG_CHANGE:
  		if (gnlh->cmd == NL80211_CMD_WIPHY_REG_CHANGE)
-@@ -1061,6 +1063,7 @@ static int print_event(struct nl_msg *ms
+@@ -1073,6 +1075,7 @@ static int print_event(struct nl_msg *ms
  		mac_addr_n2a(macbuf, nla_data(tb[NL80211_ATTR_MAC]));
  		printf("del station %s\n", macbuf);
  		break;
@@ -24,7 +24,7 @@
  	case NL80211_CMD_JOIN_IBSS:
  		mac_addr_n2a(macbuf, nla_data(tb[NL80211_ATTR_MAC]));
  		printf("IBSS %s joined\n", macbuf);
-@@ -1254,9 +1257,9 @@ static int print_event(struct nl_msg *ms
+@@ -1271,9 +1274,9 @@ static int print_event(struct nl_msg *ms
  	case NL80211_CMD_CH_SWITCH_NOTIFY:
  		parse_ch_switch_notify(tb, gnlh->cmd);
  		break;
@@ -134,7 +134,7 @@
  {
 --- a/scan.c
 +++ b/scan.c
-@@ -1297,6 +1297,9 @@ static void print_ht_op(const uint8_t ty
+@@ -1306,6 +1306,9 @@ static void print_ht_op(const uint8_t ty
  	printf("\t\t * secondary channel offset: %s\n",
  		ht_secondary_offset[data[1] & 0x3]);
  	printf("\t\t * STA channel width: %s\n", sta_chan_width[(data[1] & 0x4)>>2]);
@@ -144,7 +144,7 @@
  	printf("\t\t * RIFS: %d\n", (data[1] & 0x8)>>3);
  	printf("\t\t * HT protection: %s\n", protection[data[2] & 0x3]);
  	printf("\t\t * non-GF present: %d\n", (data[2] & 0x4) >> 2);
-@@ -1707,6 +1710,14 @@ static void print_ie(const struct ie_pri
+@@ -1716,6 +1719,14 @@ static void print_ie(const struct ie_pri
  
  static const struct ie_print ieprinters[] = {
  	[0] = { "SSID", print_ssid, 0, 32, BIT(PRINT_SCAN) | BIT(PRINT_LINK), },
@@ -159,7 +159,7 @@
  	[1] = { "Supported rates", print_supprates, 0, 255, BIT(PRINT_SCAN), },
  	[3] = { "DS Parameter set", print_ds, 1, 1, BIT(PRINT_SCAN), },
  	[5] = { "TIM", print_tim, 4, 255, BIT(PRINT_SCAN), },
-@@ -1716,26 +1727,20 @@ static const struct ie_print ieprinters[
+@@ -1725,26 +1736,20 @@ static const struct ie_print ieprinters[
  	[32] = { "Power constraint", print_powerconstraint, 1, 1, BIT(PRINT_SCAN), },
  	[35] = { "TPC report", print_tpcreport, 2, 2, BIT(PRINT_SCAN), },
  	[42] = { "ERP", print_erp, 1, 255, BIT(PRINT_SCAN), },
@@ -187,15 +187,15 @@
  };
  
  static void print_wifi_wpa(const uint8_t type, uint8_t len, const uint8_t *data,
-@@ -2279,6 +2284,7 @@ void print_ies(unsigned char *ie, int ie
+@@ -2326,6 +2331,7 @@ void print_ies(unsigned char *ie, int ie
  		    ieprinters[ie[0]].flags & BIT(ptype)) {
  			print_ie(&ieprinters[ie[0]],
  				 ie[0], ie[1], ie + 2, &ie_buffer);
 +#ifdef IW_FULL
  		} else if (ie[0] == 221 /* vendor */) {
  			print_vendor(ie[1], ie + 2, unknown, ptype);
- 		} else if (unknown) {
-@@ -2288,6 +2294,7 @@ void print_ies(unsigned char *ie, int ie
+ 		} else if (ie[0] == 255 /* extension */) {
+@@ -2337,6 +2343,7 @@ void print_ies(unsigned char *ie, int ie
  			for (i=0; i<ie[1]; i++)
  				printf(" %.2x", ie[2+i]);
  			printf("\n");
@@ -203,7 +203,7 @@
  		}
  		ielen -= ie[1] + 2;
  		ie += ie[1] + 2;
-@@ -2328,6 +2335,7 @@ static void print_capa_non_dmg(__u16 cap
+@@ -2377,6 +2384,7 @@ static void print_capa_non_dmg(__u16 cap
  		printf(" ESS");
  	if (capa & WLAN_CAPABILITY_IBSS)
  		printf(" IBSS");
@@ -211,7 +211,7 @@
  	if (capa & WLAN_CAPABILITY_CF_POLLABLE)
  		printf(" CfPollable");
  	if (capa & WLAN_CAPABILITY_CF_POLL_REQUEST)
-@@ -2356,6 +2364,7 @@ static void print_capa_non_dmg(__u16 cap
+@@ -2405,6 +2413,7 @@ static void print_capa_non_dmg(__u16 cap
  		printf(" DelayedBACK");
  	if (capa & WLAN_CAPABILITY_IMM_BACK)
  		printf(" ImmediateBACK");
@@ -219,7 +219,7 @@
  }
  
  static int print_bss_handler(struct nl_msg *msg, void *arg)
-@@ -2440,8 +2449,10 @@ static int print_bss_handler(struct nl_m
+@@ -2489,8 +2498,10 @@ static int print_bss_handler(struct nl_m
  	if (bss[NL80211_BSS_FREQUENCY]) {
  		int freq = nla_get_u32(bss[NL80211_BSS_FREQUENCY]);
  		printf("\tfreq: %d\n", freq);
@@ -230,7 +230,7 @@
  	}
  	if (bss[NL80211_BSS_BEACON_INTERVAL])
  		printf("\tbeacon interval: %d TUs\n",
-@@ -2635,6 +2646,7 @@ static int handle_stop_sched_scan(struct
+@@ -2684,6 +2695,7 @@ static int handle_stop_sched_scan(struct
  	return 0;
  }
  
@@ -238,7 +238,7 @@
  COMMAND(scan, sched_start,
  	SCHED_SCAN_OPTIONS,
  	NL80211_CMD_START_SCHED_SCAN, 0, CIB_NETDEV, handle_start_sched_scan,
-@@ -2645,3 +2657,4 @@ COMMAND(scan, sched_start,
+@@ -2694,3 +2706,4 @@ COMMAND(scan, sched_start,
  COMMAND(scan, sched_stop, "",
  	NL80211_CMD_STOP_SCHED_SCAN, 0, CIB_NETDEV, handle_stop_sched_scan,
  	"Stop an ongoing scheduled scan.");

package/network/utils/iwinfo/Makefile

@@ -7,25 +7,17 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=libiwinfo
-PKG_RELEASE:=1
+PKG_RELEASE:=2.1
 
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL=$(PROJECT_GIT)/project/iwinfo.git
-PKG_SOURCE_DATE:=2021-01-31
-PKG_SOURCE_VERSION:=4a32b33e9606f1bc1125f4bc24b0581349e55f2e
-PKG_MIRROR_HASH:=414e5d150efaadba21103e66f862be66a94dcf83c16a2850f7c05051a9b0739d
+PKG_SOURCE_DATE:=2021-04-30
+PKG_SOURCE_VERSION:=c45f0b584b4b86f8250f90ea19afca271c114fa2
+PKG_MIRROR_HASH:=24ad04791254a0523cd15a4fec6116d9ff121e006c93e5e41459f91347b33ec2
 PKG_MAINTAINER:=Jo-Philipp Wich <jo@mein.io>
 PKG_LICENSE:=GPL-2.0
 
-PKG_FLAGS := nonshared
-
-PKG_CONFIG_DEPENDS := \
-	CONFIG_PACKAGE_kmod-brcm-wl \
-	CONFIG_PACKAGE_kmod-brcm-wl-mini \
-	CONFIG_PACKAGE_kmod-brcm-wl-mimo \
-	CONFIG_PACKAGE_kmod-cfg80211
-
-IWINFO_ABI_VERSION:=20210106
+IWINFO_ABI_VERSION:=20210430
 
 include $(INCLUDE_DIR)/package.mk
 
@@ -34,13 +26,13 @@ define Package/libiwinfo
   SECTION:=libs
   CATEGORY:=Libraries
   TITLE:=Generalized Wireless Information Library (iwinfo)
-  DEPENDS:=+PACKAGE_kmod-cfg80211:libnl-tiny +libuci +libubus
+  DEPENDS:=+libnl-tiny +libuci +libubus +libiwinfo-data
   ABI_VERSION:=$(IWINFO_ABI_VERSION)
 endef
 
 define Package/libiwinfo/description
-  Wireless information library with consistent interface for proprietary Broadcom,
-  nl80211 and wext driver interfaces.
+  Wireless information library with simplified API for nl80211
+  and wext driver interfaces.
 endef
 
 
@@ -58,6 +50,12 @@ define Package/libiwinfo-lua/description
 endef
 
 
+define Package/libiwinfo-data
+  TITLE:=libiwinfo Lua binding
+  HIDDEN:=1
+endef
+
+
 define Package/iwinfo
   SECTION:=utils
   CATEGORY:=Utilities
@@ -73,12 +71,6 @@ endef
 define Build/Configure
 endef
 
-IWINFO_BACKENDS := \
-	$(if $(CONFIG_PACKAGE_kmod-brcm-wl),wl) \
-	$(if $(CONFIG_PACKAGE_kmod-brcm-wl-mini),wl) \
-	$(if $(CONFIG_PACKAGE_kmod-brcm-wl-mimo),wl) \
-	$(if $(CONFIG_PACKAGE_kmod-cfg80211),nl80211)
-
 TARGET_CFLAGS += \
 	-I$(STAGING_DIR)/usr/include/libnl-tiny \
 	-I$(STAGING_DIR)/usr/include \
@@ -88,7 +80,7 @@ MAKE_FLAGS += \
 	FPIC="$(FPIC)" \
 	CFLAGS="$(TARGET_CFLAGS)" \
 	LDFLAGS="$(TARGET_LDFLAGS)" \
-	BACKENDS="$(IWINFO_BACKENDS)" \
+	BACKENDS="nl80211" \
 	SOVERSION="$(IWINFO_ABI_VERSION)"
 
 define Build/InstallDev
@@ -104,8 +96,6 @@ endef
 define Package/libiwinfo/install
 	$(INSTALL_DIR) $(1)/usr/lib
 	$(INSTALL_BIN) $(PKG_BUILD_DIR)/libiwinfo.so.$(IWINFO_ABI_VERSION) $(1)/usr/lib/libiwinfo.so.$(IWINFO_ABI_VERSION)
-	$(INSTALL_DIR) $(1)/usr/share/libiwinfo
-	$(INSTALL_DATA) $(PKG_BUILD_DIR)/hardware.txt $(1)/usr/share/libiwinfo/hardware.txt
 endef
 
 define Package/libiwinfo-lua/install
@@ -113,6 +103,11 @@ define Package/libiwinfo-lua/install
 	$(INSTALL_BIN) $(PKG_BUILD_DIR)/iwinfo.so $(1)/usr/lib/lua/iwinfo.so
 endef
 
+define Package/libiwinfo-data/install
+	$(INSTALL_DIR) $(1)/usr/share/libiwinfo
+	$(INSTALL_DATA) $(PKG_BUILD_DIR)/hardware.txt $(1)/usr/share/libiwinfo/devices.txt
+endef
+
 define Package/iwinfo/install
 	$(INSTALL_DIR) $(1)/usr/bin
 	$(INSTALL_BIN) $(PKG_BUILD_DIR)/iwinfo $(1)/usr/bin/iwinfo
@@ -120,4 +115,5 @@ endef
 
 $(eval $(call BuildPackage,libiwinfo))
 $(eval $(call BuildPackage,libiwinfo-lua))
+$(eval $(call BuildPackage,libiwinfo-data))
 $(eval $(call BuildPackage,iwinfo))

package/network/utils/iwinfo/patches/0001-iwinfo-rename-hardware.txt-to-devices.txt.patch

@@ -0,0 +1,26 @@
+From a0a0e02dd91d14a50155390d5fd3b95d6ec87bf4 Mon Sep 17 00:00:00 2001
+From: Jo-Philipp Wich <jo@mein.io>
+Date: Sun, 11 Jul 2021 15:56:35 +0200
+Subject: [PATCH] iwinfo: rename hardware.txt to devices.txt
+
+Signed-off-by: Jo-Philipp Wich <jo@mein.io>
+---
+ include/iwinfo.h            | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/include/iwinfo.h b/include/iwinfo.h
+index f7097cc..8469ee7 100644
+--- a/include/iwinfo.h
++++ b/include/iwinfo.h
+@@ -255,7 +255,7 @@ struct iwinfo_hardware_entry {
+ 
+ extern const struct iwinfo_iso3166_label IWINFO_ISO3166_NAMES[];
+ 
+-#define IWINFO_HARDWARE_FILE	"/usr/share/libiwinfo/hardware.txt"
++#define IWINFO_HARDWARE_FILE	"/usr/share/libiwinfo/devices.txt"
+ 
+ 
+ struct iwinfo_ops {
+-- 
+2.30.2
+

package/network/utils/umbim/files/lib/netifd/proto/mbim.sh

@@ -155,7 +155,7 @@ proto_mbim_setup() {
 		sleep 15
 	}
 
-	return $rt
+	return $ret
 }
 
 proto_mbim_teardown() {

package/system/opkg/Makefile

@@ -14,9 +14,9 @@ PKG_FLAGS:=essential
 
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://git.openwrt.org/project/opkg-lede.git
-PKG_SOURCE_DATE:=2021-03-15
-PKG_SOURCE_VERSION:=5936c4f9660248284e8a9b040ea3153d3ea888de
-PKG_MIRROR_HASH:=b873c209baaf4f150c89646d58e4a0072f807d24b02c320ab8c7ae9180c13240
+PKG_SOURCE_DATE:=2021-06-13
+PKG_SOURCE_VERSION:=1bf042dd06751b693a8544d2317e5b969d666b69
+PKG_MIRROR_HASH:=aeda4e0f11805bf95fc7be6d38391ce579acd965c8ba6a490b3e8669815b7264
 
 PKG_LICENSE:=GPL-2.0
 PKG_LICENSE_FILES:=COPYING