OpenWrt v21.02.0-rc3: adjust config defaults

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>

README.md

@@ -57,8 +57,8 @@ packages to OpenWrt, please find the fitting repository below.
 * [OpenWrt Packages](https://github.com/openwrt/packages): Community repository
   of ported packages.
 
-* [OpenWrt Routing](https://github.com/openwrt-routing/packages): Packages
-  specifically focused on (mesh) routing.
+* [OpenWrt Routing](https://github.com/openwrt/routing): Packages specifically
+  focused on (mesh) routing.
 
 ## Support Information
 
@@ -74,13 +74,13 @@ For a list of supported devices see the [OpenWrt Hardware Database](https://open
 ### Support Community
 
 * [Forum](https://forum.openwrt.org): For usage, projects, discussions and hardware advise.
-* [Support Chat](https://webchat.freenode.net/#openwrt): Channel `#openwrt` on freenode.net.
+* [Support Chat](https://webchat.oftc.net/#openwrt): Channel `#openwrt` on **oftc.net**.
 
 ### Developer Community
 
 * [Bug Reports](https://bugs.openwrt.org): Report bugs in OpenWrt
 * [Dev Mailing List](https://lists.openwrt.org/mailman/listinfo/openwrt-devel): Send patches
-* [Dev Chat](https://webchat.freenode.net/#openwrt-devel): Channel `#openwrt-devel` on freenode.net.
+* [Dev Chat](https://webchat.oftc.net/#openwrt-devel): Channel `#openwrt-devel` on **oftc.net**.
 
 ## License
 

feeds.conf.default

@@ -1,4 +1,4 @@
-src-git packages https://git.openwrt.org/feed/packages.git^920c4f29c55d26d8d602c1357ffd6b23a0df5914
-src-git luci https://git.openwrt.org/project/luci.git^09329fe7bb6571032570b21541c1991a3443cc07
-src-git routing https://git.openwrt.org/feed/routing.git^57533a25e84932a7e50b8483843c840f0924bc0c
-src-git telephony https://git.openwrt.org/feed/telephony.git^04e1378baf2b720395d284f661240e6f7f9cab35
+src-git packages https://git.openwrt.org/feed/packages.git^e738d2faf1c4ed68094f1d5da075d2d92fb35049
+src-git luci https://git.openwrt.org/project/luci.git^2778366916f815d4af9534218bef10aa3aad3c01
+src-git routing https://git.openwrt.org/feed/routing.git^2baff33918c089fd3744c7192f8ae7a29c47a8d7
+src-git telephony https://git.openwrt.org/feed/telephony.git^ee64ec42e981e1f9e5a21cd3478497987ff76680

include/image-commands.mk

@@ -240,8 +240,11 @@ define Build/jffs2
 endef
 
 define Build/kernel2minor
-	kernel2minor -k $@ -r $@.new $(1)
-	mv $@.new $@
+	$(eval temp_file := $(shell mktemp))
+	cp $@ $(temp_file)
+	kernel2minor -k $(temp_file) -r $(temp_file).new $(1)
+	mv $(temp_file).new $@
+	rm -f $(temp_file)
 endef
 
 define Build/kernel-bin

include/image.mk

@@ -419,7 +419,7 @@ DEFAULT_DEVICE_VARS := \
   DEVICE_DTS_CONFIG DEVICE_DTS_DIR DEVICE_FDT_NUM SOC BOARD_NAME \
   UIMAGE_MAGIC UIMAGE_NAME \
   SUPPORTED_DEVICES IMAGE_METADATA KERNEL_ENTRY KERNEL_LOADADDR \
-  UBOOT_PATH IMAGE_SIZE \
+  IMAGE_PREFIX DEVICE_PACKAGES UBOOT_PATH IMAGE_SIZE \
   DEVICE_COMPAT_VERSION DEVICE_COMPAT_MESSAGE \
   DEVICE_VENDOR DEVICE_MODEL DEVICE_VARIANT \
   DEVICE_ALT0_VENDOR DEVICE_ALT0_MODEL DEVICE_ALT0_VARIANT \

include/kernel-version.mk

@@ -6,9 +6,9 @@ ifdef CONFIG_TESTING_KERNEL
   KERNEL_PATCHVER:=$(KERNEL_TESTING_PATCHVER)
 endif
 
-LINUX_VERSION-5.4 = .119
+LINUX_VERSION-5.4 = .124
 
-LINUX_KERNEL_HASH-5.4.119 = 71e7decf1e8149a8aed88d30df4f2a62a6c6b168111de6b261685ac7c0ecb2a0
+LINUX_KERNEL_HASH-5.4.124 = f7f29dda2b042d7b5986d18274413131cf70e17288c05e9a683df1f46c507d82
 
 remove_uri_prefix=$(subst git://,,$(subst http://,,$(subst https://,,$(1))))
 sanitize_uri=$(call qstrip,$(subst @,_,$(subst :,_,$(subst .,_,$(subst -,_,$(subst /,_,$(1)))))))

include/version.mk

@@ -23,13 +23,13 @@ PKG_CONFIG_DEPENDS += \
 sanitize = $(call tolower,$(subst _,-,$(subst $(space),-,$(1))))
 
 VERSION_NUMBER:=$(call qstrip,$(CONFIG_VERSION_NUMBER))
-VERSION_NUMBER:=$(if $(VERSION_NUMBER),$(VERSION_NUMBER),21.02.0-rc2)
+VERSION_NUMBER:=$(if $(VERSION_NUMBER),$(VERSION_NUMBER),21.02.0-rc3)
 
 VERSION_CODE:=$(call qstrip,$(CONFIG_VERSION_CODE))
-VERSION_CODE:=$(if $(VERSION_CODE),$(VERSION_CODE),r16122-c2139eef27)
+VERSION_CODE:=$(if $(VERSION_CODE),$(VERSION_CODE),r16172-2aba3e9784)
 
 VERSION_REPO:=$(call qstrip,$(CONFIG_VERSION_REPO))
-VERSION_REPO:=$(if $(VERSION_REPO),$(VERSION_REPO),https://downloads.openwrt.org/releases/21.02.0-rc2)
+VERSION_REPO:=$(if $(VERSION_REPO),$(VERSION_REPO),https://downloads.openwrt.org/releases/21.02.0-rc3)
 
 VERSION_DIST:=$(call qstrip,$(CONFIG_VERSION_DIST))
 VERSION_DIST:=$(if $(VERSION_DIST),$(VERSION_DIST),OpenWrt)

package/base-files/image-config.in

@@ -183,7 +183,7 @@ if VERSIONOPT
 	config VERSION_REPO
 		string
 		prompt "Release repository"
-		default "https://downloads.openwrt.org/releases/21.02.0-rc2"
+		default "https://downloads.openwrt.org/releases/21.02.0-rc3"
 		help
 			This is the repository address embedded in the image, it defaults
 			to the trunk snapshot repo; the url may contain the following placeholders:

package/boot/uboot-envtools/files/ramips

@@ -26,6 +26,10 @@ allnet,all0256n-8m|\
 allnet,all5002)
 	ubootenv_add_uci_config "/dev/mtd1" "0x0" "0x10000" "0x10000"
 	;;
+ampedwireless,ally-00x19k|\
+ampedwireless,ally-r1900k)
+	ubootenv_add_uci_config "/dev/mtd1" "0x0" "0x1000" "0x20000" "4"
+	;;
 buffalo,wsr-1166dhp|\
 buffalo,wsr-600dhp|\
 mediatek,linkit-smart-7688|\
@@ -34,7 +38,8 @@ xiaomi,mi-router-3g-v2|\
 xiaomi,mi-router-4a-gigabit|\
 xiaomi,mi-router-4c|\
 xiaomi,miwifi-nano|\
-zbtlink,zbt-wg2626)
+zbtlink,zbt-wg2626|\
+zte,mf283plus)
 	ubootenv_add_uci_config "/dev/mtd1" "0x0" "0x1000" "0x10000"
 	;;
 hootoo,ht-tm05|\
@@ -43,9 +48,13 @@ ravpower,rp-wd03)
 	[ -n "$idx" ] && \
 		ubootenv_add_uci_config "/dev/mtd$idx" "0x4000" "0x1000" "0x1000"
 	;;
+jcg,q20)
+	ubootenv_add_uci_config "/dev/mtd1" "0x0" "0x20000" "0x20000"
+	;;
 linksys,ea7300-v1|\
 linksys,ea7300-v2|\
 linksys,ea7500-v2|\
+linksys,ea8100-v1|\
 xiaomi,mi-router-3g|\
 xiaomi,mi-router-3-pro|\
 xiaomi,mi-router-4|\
@@ -53,6 +62,11 @@ xiaomi,mi-router-ac2100|\
 xiaomi,redmi-router-ac2100)
 	ubootenv_add_uci_config "/dev/mtd1" "0x0" "0x1000" "0x20000"
 	;;
+zyxel,nr7101)
+	idx="$(find_mtd_index Config)"
+	[ -n "$idx" ] && \
+		ubootenv_add_uci_config "/dev/mtd$idx" "0x0" "0x1000" "0x80000"
+	;;
 esac
 
 config_load ubootenv

package/firmware/wireless-regdb/Makefile

@@ -1,12 +1,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=wireless-regdb
-PKG_VERSION:=2020.11.20
+PKG_VERSION:=2021.04.21
 PKG_RELEASE:=1
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
 PKG_SOURCE_URL:=@KERNEL/software/network/wireless-regdb/
-PKG_HASH:=b4164490d82ff7b0086e812ac42ab27baf57be24324d4c0ee1c5dd6ba27f2a52
+PKG_HASH:=9e4c02b2a9710df4dbdb327c39612e8cbbae6495987afeddaebab28c1ea3d8fa
 
 PKG_MAINTAINER:=Felix Fietkau <nbd@nbd.name>
 

package/kernel/linux/modules/usb.mk

@@ -561,7 +561,7 @@ $(eval $(call KernelPackage,usb-serial))
 
 define AddDepends/usb-serial
   SUBMENU:=$(USB_MENU)
-  DEPENDS+=kmod-usb-serial $(1)
+  DEPENDS+=+kmod-usb-serial $(1)
 endef
 
 

package/kernel/mac80211/Makefile

@@ -10,10 +10,10 @@ include $(INCLUDE_DIR)/kernel.mk
 
 PKG_NAME:=mac80211
 
-PKG_VERSION:=5.10.34-1
+PKG_VERSION:=5.10.42-1
 PKG_RELEASE:=1
-PKG_SOURCE_URL:=@KERNEL/linux/kernel/projects/backports/stable/v5.10.34/
-PKG_HASH:=03c4ca6bf47d4e50b91b61bc2943a98c788439e56ce2b4080bc4c94141c2c15b
+PKG_SOURCE_URL:=@KERNEL/linux/kernel/projects/backports/stable/v5.10.42/
+PKG_HASH:=6876520105240844fdb32d1dcdf2bfdea291a37a96f16c892fda3776ba714fcb
 
 PKG_SOURCE:=backports-$(PKG_VERSION).tar.xz
 PKG_BUILD_DIR:=$(KERNEL_BUILD_DIR)/backports-$(PKG_VERSION)

package/kernel/mac80211/patches/ath/080-ath10k_thermal_config.patch

@@ -37,7 +37,7 @@
  void ath10k_thermal_event_temperature(struct ath10k *ar, int temperature);
 --- a/local-symbols
 +++ b/local-symbols
-@@ -143,6 +143,7 @@ ATH10K_SNOC=
+@@ -142,6 +142,7 @@ ATH10K_SNOC=
  ATH10K_DEBUG=
  ATH10K_DEBUGFS=
  ATH10K_SPECTRAL=

package/kernel/mac80211/patches/ath/300-ath10k-add-CCMP-PN-replay-protection-for-fragmented-.patch

@@ -1,180 +0,0 @@
-From: Wen Gong <wgong@codeaurora.org>
-Date: Tue, 11 May 2021 20:02:52 +0200
-Subject: [PATCH] ath10k: add CCMP PN replay protection for fragmented
- frames for PCIe
-
-PN replay check for not fragmented frames is finished in the firmware,
-but this was not done for fragmented frames when ath10k is used with
-QCA6174/QCA6377 PCIe. mac80211 has the function
-ieee80211_rx_h_defragment() for PN replay check for fragmented frames,
-but this does not get checked with QCA6174 due to the
-ieee80211_has_protected() condition not matching the cleared Protected
-bit case.
-
-Validate the PN of received fragmented frames within ath10k when CCMP is
-used and drop the fragment if the PN is not correct (incremented by
-exactly one from the previous fragment). This applies only for
-QCA6174/QCA6377 PCIe.
-
-Tested-on: QCA6174 hw3.2 PCI WLAN.RM.4.4.1-00110-QCARMSWP-1
-
-Cc: stable@vger.kernel.org
-Signed-off-by: Wen Gong <wgong@codeaurora.org>
-Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
-Signed-off-by: Johannes Berg <johannes.berg@intel.com>
----
-
---- a/drivers/net/wireless/ath/ath10k/htt.h
-+++ b/drivers/net/wireless/ath/ath10k/htt.h
-@@ -846,6 +846,7 @@ enum htt_security_types {
- 
- #define ATH10K_HTT_TXRX_PEER_SECURITY_MAX 2
- #define ATH10K_TXRX_NUM_EXT_TIDS 19
-+#define ATH10K_TXRX_NON_QOS_TID 16
- 
- enum htt_security_flags {
- #define HTT_SECURITY_TYPE_MASK 0x7F
---- a/drivers/net/wireless/ath/ath10k/htt_rx.c
-+++ b/drivers/net/wireless/ath/ath10k/htt_rx.c
-@@ -1746,16 +1746,87 @@ static void ath10k_htt_rx_h_csum_offload
- 	msdu->ip_summed = ath10k_htt_rx_get_csum_state(msdu);
- }
- 
-+static u64 ath10k_htt_rx_h_get_pn(struct ath10k *ar, struct sk_buff *skb,
-+				  u16 offset,
-+				  enum htt_rx_mpdu_encrypt_type enctype)
-+{
-+	struct ieee80211_hdr *hdr;
-+	u64 pn = 0;
-+	u8 *ehdr;
-+
-+	hdr = (struct ieee80211_hdr *)(skb->data + offset);
-+	ehdr = skb->data + offset + ieee80211_hdrlen(hdr->frame_control);
-+
-+	if (enctype == HTT_RX_MPDU_ENCRYPT_AES_CCM_WPA2) {
-+		pn = ehdr[0];
-+		pn |= (u64)ehdr[1] << 8;
-+		pn |= (u64)ehdr[4] << 16;
-+		pn |= (u64)ehdr[5] << 24;
-+		pn |= (u64)ehdr[6] << 32;
-+		pn |= (u64)ehdr[7] << 40;
-+	}
-+	return pn;
-+}
-+
-+static bool ath10k_htt_rx_h_frag_pn_check(struct ath10k *ar,
-+					  struct sk_buff *skb,
-+					  u16 peer_id,
-+					  u16 offset,
-+					  enum htt_rx_mpdu_encrypt_type enctype)
-+{
-+	struct ath10k_peer *peer;
-+	union htt_rx_pn_t *last_pn, new_pn = {0};
-+	struct ieee80211_hdr *hdr;
-+	bool more_frags;
-+	u8 tid, frag_number;
-+	u32 seq;
-+
-+	peer = ath10k_peer_find_by_id(ar, peer_id);
-+	if (!peer) {
-+		ath10k_dbg(ar, ATH10K_DBG_HTT, "invalid peer for frag pn check\n");
-+		return false;
-+	}
-+
-+	hdr = (struct ieee80211_hdr *)(skb->data + offset);
-+	if (ieee80211_is_data_qos(hdr->frame_control))
-+		tid = ieee80211_get_tid(hdr);
-+	else
-+		tid = ATH10K_TXRX_NON_QOS_TID;
-+
-+	last_pn = &peer->frag_tids_last_pn[tid];
-+	new_pn.pn48 = ath10k_htt_rx_h_get_pn(ar, skb, offset, enctype);
-+	more_frags = ieee80211_has_morefrags(hdr->frame_control);
-+	frag_number = le16_to_cpu(hdr->seq_ctrl) & IEEE80211_SCTL_FRAG;
-+	seq = (__le16_to_cpu(hdr->seq_ctrl) & IEEE80211_SCTL_SEQ) >> 4;
-+
-+	if (frag_number == 0) {
-+		last_pn->pn48 = new_pn.pn48;
-+		peer->frag_tids_seq[tid] = seq;
-+	} else {
-+		if (seq != peer->frag_tids_seq[tid])
-+			return false;
-+
-+		if (new_pn.pn48 != last_pn->pn48 + 1)
-+			return false;
-+
-+		last_pn->pn48 = new_pn.pn48;
-+	}
-+
-+	return true;
-+}
-+
- static void ath10k_htt_rx_h_mpdu(struct ath10k *ar,
- 				 struct sk_buff_head *amsdu,
- 				 struct ieee80211_rx_status *status,
- 				 bool fill_crypt_header,
- 				 u8 *rx_hdr,
--				 enum ath10k_pkt_rx_err *err)
-+				 enum ath10k_pkt_rx_err *err,
-+				 u16 peer_id,
-+				 bool frag)
- {
- 	struct sk_buff *first;
- 	struct sk_buff *last;
--	struct sk_buff *msdu;
-+	struct sk_buff *msdu, *temp;
- 	struct htt_rx_desc *rxd;
- 	struct ieee80211_hdr *hdr;
- 	enum htt_rx_mpdu_encrypt_type enctype;
-@@ -1768,6 +1839,7 @@ static void ath10k_htt_rx_h_mpdu(struct
- 	bool is_decrypted;
- 	bool is_mgmt;
- 	u32 attention;
-+	bool frag_pn_check = true;
- 
- 	if (skb_queue_empty(amsdu))
- 		return;
-@@ -1866,6 +1938,24 @@ static void ath10k_htt_rx_h_mpdu(struct
- 	}
- 
- 	skb_queue_walk(amsdu, msdu) {
-+		if (frag && !fill_crypt_header && is_decrypted &&
-+		    enctype == HTT_RX_MPDU_ENCRYPT_AES_CCM_WPA2)
-+			frag_pn_check = ath10k_htt_rx_h_frag_pn_check(ar,
-+								      msdu,
-+								      peer_id,
-+								      0,
-+								      enctype);
-+
-+		if (!frag_pn_check) {
-+			/* Discard the fragment with invalid PN */
-+			temp = msdu->prev;
-+			__skb_unlink(msdu, amsdu);
-+			dev_kfree_skb_any(msdu);
-+			msdu = temp;
-+			frag_pn_check = true;
-+			continue;
-+		}
-+
- 		ath10k_htt_rx_h_csum_offload(msdu);
- 		ath10k_htt_rx_h_undecap(ar, msdu, status, first_hdr, enctype,
- 					is_decrypted);
-@@ -2071,7 +2161,8 @@ static int ath10k_htt_rx_handle_amsdu(st
- 		ath10k_htt_rx_h_unchain(ar, &amsdu, &drop_cnt, &unchain_cnt);
- 
- 	ath10k_htt_rx_h_filter(ar, &amsdu, rx_status, &drop_cnt_filter);
--	ath10k_htt_rx_h_mpdu(ar, &amsdu, rx_status, true, first_hdr, &err);
-+	ath10k_htt_rx_h_mpdu(ar, &amsdu, rx_status, true, first_hdr, &err, 0,
-+			     false);
- 	msdus_to_queue = skb_queue_len(&amsdu);
- 	ath10k_htt_rx_h_enqueue(ar, &amsdu, rx_status);
- 
-@@ -3027,7 +3118,7 @@ static int ath10k_htt_rx_in_ord_ind(stru
- 			ath10k_htt_rx_h_ppdu(ar, &amsdu, status, vdev_id);
- 			ath10k_htt_rx_h_filter(ar, &amsdu, status, NULL);
- 			ath10k_htt_rx_h_mpdu(ar, &amsdu, status, false, NULL,
--					     NULL);
-+					     NULL, peer_id, frag);
- 			ath10k_htt_rx_h_enqueue(ar, &amsdu, status);
- 			break;
- 		case -EAGAIN:

package/kernel/mac80211/patches/ath/301-ath10k-drop-fragments-with-multicast-DA-for-PCIe.patch

@@ -1,66 +0,0 @@
-From: Wen Gong <wgong@codeaurora.org>
-Date: Tue, 11 May 2021 20:02:53 +0200
-Subject: [PATCH] ath10k: drop fragments with multicast DA for PCIe
-
-Fragmentation is not used with multicast frames. Discard unexpected
-fragments with multicast DA. This fixes CVE-2020-26145.
-
-Tested-on: QCA6174 hw3.2 PCI WLAN.RM.4.4.1-00110-QCARMSWP-1
-
-Cc: stable@vger.kernel.org
-Signed-off-by: Wen Gong <wgong@codeaurora.org>
-Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
-Signed-off-by: Johannes Berg <johannes.berg@intel.com>
----
-
---- a/drivers/net/wireless/ath/ath10k/htt_rx.c
-+++ b/drivers/net/wireless/ath/ath10k/htt_rx.c
-@@ -1768,6 +1768,16 @@ static u64 ath10k_htt_rx_h_get_pn(struct
- 	return pn;
- }
- 
-+static bool ath10k_htt_rx_h_frag_multicast_check(struct ath10k *ar,
-+						 struct sk_buff *skb,
-+						 u16 offset)
-+{
-+	struct ieee80211_hdr *hdr;
-+
-+	hdr = (struct ieee80211_hdr *)(skb->data + offset);
-+	return !is_multicast_ether_addr(hdr->addr1);
-+}
-+
- static bool ath10k_htt_rx_h_frag_pn_check(struct ath10k *ar,
- 					  struct sk_buff *skb,
- 					  u16 peer_id,
-@@ -1839,7 +1849,7 @@ static void ath10k_htt_rx_h_mpdu(struct
- 	bool is_decrypted;
- 	bool is_mgmt;
- 	u32 attention;
--	bool frag_pn_check = true;
-+	bool frag_pn_check = true, multicast_check = true;
- 
- 	if (skb_queue_empty(amsdu))
- 		return;
-@@ -1946,13 +1956,20 @@ static void ath10k_htt_rx_h_mpdu(struct
- 								      0,
- 								      enctype);
- 
--		if (!frag_pn_check) {
--			/* Discard the fragment with invalid PN */
-+		if (frag)
-+			multicast_check = ath10k_htt_rx_h_frag_multicast_check(ar,
-+									       msdu,
-+									       0);
-+
-+		if (!frag_pn_check || !multicast_check) {
-+			/* Discard the fragment with invalid PN or multicast DA
-+			 */
- 			temp = msdu->prev;
- 			__skb_unlink(msdu, amsdu);
- 			dev_kfree_skb_any(msdu);
- 			msdu = temp;
- 			frag_pn_check = true;
-+			multicast_check = true;
- 			continue;
- 		}
- 

package/kernel/mac80211/patches/ath/302-ath10k-drop-fragments-with-multicast-DA-for-SDIO.patch

@@ -1,40 +0,0 @@
-From: Wen Gong <wgong@codeaurora.org>
-Date: Tue, 11 May 2021 20:02:54 +0200
-Subject: [PATCH] ath10k: drop fragments with multicast DA for SDIO
-
-Fragmentation is not used with multicast frames. Discard unexpected
-fragments with multicast DA. This fixes CVE-2020-26145.
-
-Tested-on: QCA6174 hw3.2 SDIO WLAN.RMH.4.4.1-00049
-
-Cc: stable@vger.kernel.org
-Signed-off-by: Wen Gong <wgong@codeaurora.org>
-Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
-Signed-off-by: Johannes Berg <johannes.berg@intel.com>
----
-
---- a/drivers/net/wireless/ath/ath10k/htt_rx.c
-+++ b/drivers/net/wireless/ath/ath10k/htt_rx.c
-@@ -2617,6 +2617,13 @@ static bool ath10k_htt_rx_proc_rx_frag_i
- 	rx_desc = (struct htt_hl_rx_desc *)(skb->data + tot_hdr_len);
- 	rx_desc_info = __le32_to_cpu(rx_desc->info);
- 
-+	hdr = (struct ieee80211_hdr *)((u8 *)rx_desc + rx_hl->fw_desc.len);
-+
-+	if (is_multicast_ether_addr(hdr->addr1)) {
-+		/* Discard the fragment with multicast DA */
-+		goto err;
-+	}
-+
- 	if (!MS(rx_desc_info, HTT_RX_DESC_HL_INFO_ENCRYPTED)) {
- 		spin_unlock_bh(&ar->data_lock);
- 		return ath10k_htt_rx_proc_rx_ind_hl(htt, &resp->rx_ind_hl, skb,
-@@ -2624,8 +2631,6 @@ static bool ath10k_htt_rx_proc_rx_frag_i
- 						    HTT_RX_NON_TKIP_MIC);
- 	}
- 
--	hdr = (struct ieee80211_hdr *)((u8 *)rx_desc + rx_hl->fw_desc.len);
--
- 	if (ieee80211_has_retry(hdr->frame_control))
- 		goto err;
- 

package/kernel/mac80211/patches/ath/303-ath10k-drop-MPDU-which-has-discard-flag-set-by-firmw.patch

@@ -1,54 +0,0 @@
-From: Wen Gong <wgong@codeaurora.org>
-Date: Tue, 11 May 2021 20:02:55 +0200
-Subject: [PATCH] ath10k: drop MPDU which has discard flag set by firmware
- for SDIO
-
-When the discard flag is set by the firmware for an MPDU, it should be
-dropped. This allows a mitigation for CVE-2020-24588 to be implemented
-in the firmware.
-
-Tested-on: QCA6174 hw3.2 SDIO WLAN.RMH.4.4.1-00049
-
-Cc: stable@vger.kernel.org
-Signed-off-by: Wen Gong <wgong@codeaurora.org>
-Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
-Signed-off-by: Johannes Berg <johannes.berg@intel.com>
----
-
---- a/drivers/net/wireless/ath/ath10k/htt_rx.c
-+++ b/drivers/net/wireless/ath/ath10k/htt_rx.c
-@@ -2312,6 +2312,11 @@ static bool ath10k_htt_rx_proc_rx_ind_hl
- 	fw_desc = &rx->fw_desc;
- 	rx_desc_len = fw_desc->len;
- 
-+	if (fw_desc->u.bits.discard) {
-+		ath10k_dbg(ar, ATH10K_DBG_HTT, "htt discard mpdu\n");
-+		goto err;
-+	}
-+
- 	/* I have not yet seen any case where num_mpdu_ranges > 1.
- 	 * qcacld does not seem handle that case either, so we introduce the
- 	 * same limitiation here as well.
---- a/drivers/net/wireless/ath/ath10k/rx_desc.h
-+++ b/drivers/net/wireless/ath/ath10k/rx_desc.h
-@@ -1282,7 +1282,19 @@ struct fw_rx_desc_base {
- #define FW_RX_DESC_UDP              (1 << 6)
- 
- struct fw_rx_desc_hl {
--	u8 info0;
-+	union {
-+		struct {
-+		u8 discard:1,
-+		   forward:1,
-+		   any_err:1,
-+		   dup_err:1,
-+		   reserved:1,
-+		   inspect:1,
-+		   extension:2;
-+		} bits;
-+		u8 info0;
-+	} u;
-+
- 	u8 version;
- 	u8 len;
- 	u8 flags;

package/kernel/mac80211/patches/ath/304-ath10k-Fix-TKIP-Michael-MIC-verification-for-PCIe.patch

@@ -1,48 +0,0 @@
-From: Wen Gong <wgong@codeaurora.org>
-Date: Tue, 11 May 2021 20:02:56 +0200
-Subject: [PATCH] ath10k: Fix TKIP Michael MIC verification for PCIe
-
-TKIP Michael MIC was not verified properly for PCIe cases since the
-validation steps in ieee80211_rx_h_michael_mic_verify() in mac80211 did
-not get fully executed due to unexpected flag values in
-ieee80211_rx_status.
-
-Fix this by setting the flags property to meet mac80211 expectations for
-performing Michael MIC validation there. This fixes CVE-2020-26141. It
-does the same as ath10k_htt_rx_proc_rx_ind_hl() for SDIO which passed
-MIC verification case. This applies only to QCA6174/QCA9377 PCIe.
-
-Tested-on: QCA6174 hw3.2 PCI WLAN.RM.4.4.1-00110-QCARMSWP-1
-
-Cc: stable@vger.kernel.org
-Signed-off-by: Wen Gong <wgong@codeaurora.org>
-Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
-Signed-off-by: Johannes Berg <johannes.berg@intel.com>
----
-
---- a/drivers/net/wireless/ath/ath10k/htt_rx.c
-+++ b/drivers/net/wireless/ath/ath10k/htt_rx.c
-@@ -1974,6 +1974,11 @@ static void ath10k_htt_rx_h_mpdu(struct
- 		}
- 
- 		ath10k_htt_rx_h_csum_offload(msdu);
-+
-+		if (frag && !fill_crypt_header &&
-+		    enctype == HTT_RX_MPDU_ENCRYPT_TKIP_WPA)
-+			status->flag &= ~RX_FLAG_MMIC_STRIPPED;
-+
- 		ath10k_htt_rx_h_undecap(ar, msdu, status, first_hdr, enctype,
- 					is_decrypted);
- 
-@@ -1991,6 +1996,11 @@ static void ath10k_htt_rx_h_mpdu(struct
- 
- 		hdr = (void *)msdu->data;
- 		hdr->frame_control &= ~__cpu_to_le16(IEEE80211_FCTL_PROTECTED);
-+
-+		if (frag && !fill_crypt_header &&
-+		    enctype == HTT_RX_MPDU_ENCRYPT_TKIP_WPA)
-+			status->flag &= ~RX_FLAG_IV_STRIPPED &
-+					~RX_FLAG_MMIC_STRIPPED;
- 	}
- }
- 

package/kernel/mac80211/patches/ath/305-ath10k-Validate-first-subframe-of-A-MSDU-before-proc.patch

@@ -1,109 +0,0 @@
-From: Sriram R <srirrama@codeaurora.org>
-Date: Tue, 11 May 2021 20:02:57 +0200
-Subject: [PATCH] ath10k: Validate first subframe of A-MSDU before
- processing the list
-
-In certain scenarios a normal MSDU can be received as an A-MSDU when
-the A-MSDU present bit of a QoS header gets flipped during reception.
-Since this bit is unauthenticated, the hardware crypto engine can pass
-the frame to the driver without any error indication.
-
-This could result in processing unintended subframes collected in the
-A-MSDU list. Hence, validate A-MSDU list by checking if the first frame
-has a valid subframe header.
-
-Comparing the non-aggregated MSDU and an A-MSDU, the fields of the first
-subframe DA matches the LLC/SNAP header fields of a normal MSDU.
-In order to avoid processing such frames, add a validation to
-filter such A-MSDU frames where the first subframe header DA matches
-with the LLC/SNAP header pattern.
-
-Tested-on: QCA9984 hw1.0 PCI 10.4-3.10-00047
-
-Cc: stable@vger.kernel.org
-Signed-off-by: Sriram R <srirrama@codeaurora.org>
-Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
-Signed-off-by: Johannes Berg <johannes.berg@intel.com>
----
-
---- a/drivers/net/wireless/ath/ath10k/htt_rx.c
-+++ b/drivers/net/wireless/ath/ath10k/htt_rx.c
-@@ -2108,14 +2108,62 @@ static void ath10k_htt_rx_h_unchain(stru
- 	ath10k_unchain_msdu(amsdu, unchain_cnt);
- }
- 
-+static bool ath10k_htt_rx_validate_amsdu(struct ath10k *ar,
-+					 struct sk_buff_head *amsdu)
-+{
-+	u8 *subframe_hdr;
-+	struct sk_buff *first;
-+	bool is_first, is_last;
-+	struct htt_rx_desc *rxd;
-+	struct ieee80211_hdr *hdr;
-+	size_t hdr_len, crypto_len;
-+	enum htt_rx_mpdu_encrypt_type enctype;
-+	int bytes_aligned = ar->hw_params.decap_align_bytes;
-+
-+	first = skb_peek(amsdu);
-+
-+	rxd = (void *)first->data - sizeof(*rxd);
-+	hdr = (void *)rxd->rx_hdr_status;
-+
-+	is_first = !!(rxd->msdu_end.common.info0 &
-+		      __cpu_to_le32(RX_MSDU_END_INFO0_FIRST_MSDU));
-+	is_last = !!(rxd->msdu_end.common.info0 &
-+		     __cpu_to_le32(RX_MSDU_END_INFO0_LAST_MSDU));
-+
-+	/* Return in case of non-aggregated msdu */
-+	if (is_first && is_last)
-+		return true;
-+
-+	/* First msdu flag is not set for the first msdu of the list */
-+	if (!is_first)
-+		return false;
-+
-+	enctype = MS(__le32_to_cpu(rxd->mpdu_start.info0),
-+		     RX_MPDU_START_INFO0_ENCRYPT_TYPE);
-+
-+	hdr_len = ieee80211_hdrlen(hdr->frame_control);
-+	crypto_len = ath10k_htt_rx_crypto_param_len(ar, enctype);
-+
-+	subframe_hdr = (u8 *)hdr + round_up(hdr_len, bytes_aligned) +
-+		       crypto_len;
-+
-+	/* Validate if the amsdu has a proper first subframe.
-+	 * There are chances a single msdu can be received as amsdu when
-+	 * the unauthenticated amsdu flag of a QoS header
-+	 * gets flipped in non-SPP AMSDU's, in such cases the first
-+	 * subframe has llc/snap header in place of a valid da.
-+	 * return false if the da matches rfc1042 pattern
-+	 */
-+	if (ether_addr_equal(subframe_hdr, rfc1042_header))
-+		return false;
-+
-+	return true;
-+}
-+
- static bool ath10k_htt_rx_amsdu_allowed(struct ath10k *ar,
- 					struct sk_buff_head *amsdu,
- 					struct ieee80211_rx_status *rx_status)
- {
--	/* FIXME: It might be a good idea to do some fuzzy-testing to drop
--	 * invalid/dangerous frames.
--	 */
--
- 	if (!rx_status->freq) {
- 		ath10k_dbg(ar, ATH10K_DBG_HTT, "no channel configured; ignoring frame(s)!\n");
- 		return false;
-@@ -2126,6 +2174,11 @@ static bool ath10k_htt_rx_amsdu_allowed(
- 		return false;
- 	}
- 
-+	if (!ath10k_htt_rx_validate_amsdu(ar, amsdu)) {
-+		ath10k_dbg(ar, ATH10K_DBG_HTT, "invalid amsdu received\n");
-+		return false;
-+	}
-+
- 	return true;
- }
- 

package/kernel/mac80211/patches/ath/402-ath_regd_optional.patch

@@ -82,7 +82,7 @@
  	help
 --- a/local-symbols
 +++ b/local-symbols
-@@ -86,6 +86,7 @@ ADM8211=
+@@ -85,6 +85,7 @@ ADM8211=
  ATH_COMMON=
  WLAN_VENDOR_ATH=
  ATH_DEBUG=

package/kernel/mac80211/patches/ath/551-ath9k_ubnt_uap_plus_hsr.patch

@@ -371,7 +371,7 @@
  
 --- a/local-symbols
 +++ b/local-symbols
-@@ -113,6 +113,7 @@ ATH9K_WOW=
+@@ -112,6 +112,7 @@ ATH9K_WOW=
  ATH9K_RFKILL=
  ATH9K_CHANNEL_CONTEXT=
  ATH9K_PCOEM=

package/kernel/mac80211/patches/ath/974-ath10k_add-LED-and-GPIO-controlling-support-for-various-chipsets.patch

@@ -114,7 +114,7 @@ v13:
  ath10k_core-$(CONFIG_DEV_COREDUMP) += coredump.o
 --- a/local-symbols
 +++ b/local-symbols
-@@ -146,6 +146,7 @@ ATH10K_DEBUG=
+@@ -145,6 +145,7 @@ ATH10K_DEBUG=
  ATH10K_DEBUGFS=
  ATH10K_SPECTRAL=
  ATH10K_THERMAL=
@@ -456,7 +456,7 @@ v13:
  {
 --- a/drivers/net/wireless/ath/ath10k/wmi-tlv.c
 +++ b/drivers/net/wireless/ath/ath10k/wmi-tlv.c
-@@ -4591,6 +4591,8 @@ static const struct wmi_ops wmi_tlv_ops
+@@ -4594,6 +4594,8 @@ static const struct wmi_ops wmi_tlv_ops
  	.gen_echo = ath10k_wmi_tlv_op_gen_echo,
  	.gen_vdev_spectral_conf = ath10k_wmi_tlv_op_gen_vdev_spectral_conf,
  	.gen_vdev_spectral_enable = ath10k_wmi_tlv_op_gen_vdev_spectral_enable,

package/kernel/mac80211/patches/brcm/860-brcmfmac-register-wiphy-s-during-module_init.patch

@@ -11,16 +11,6 @@ module loads successfully.
 Signed-off-by: Rafał Miłecki <zajec5@gmail.com>
 ---
 
---- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/core.c
-+++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/core.c
-@@ -1557,6 +1557,7 @@ int __init brcmf_core_init(void)
- {
- 	if (!schedule_work(&brcmf_driver_work))
- 		return -EBUSY;
-+	flush_work(&brcmf_driver_work);
- 
- 	return 0;
- }
 --- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/firmware.c
 +++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/firmware.c
 @@ -431,6 +431,7 @@ struct brcmf_fw {

package/kernel/mac80211/patches/build/001-fix_build.patch

@@ -55,8 +55,8 @@
 -				echo ""							;\
 -			done								\
 -		) > Kconfig.kernel							;\
--		kver=$$($(MAKE) --no-print-directory -C $(KLIB_BUILD) kernelversion |	\
--			sed 's/^\(\([3-5]\|2\.6\)\.[0-9]\+\).*/\1/;t;d')		;\
+-		kver=$$($(MAKE) --no-print-directory -C $(KLIB_BUILD) M=$(BACKPORT_DIR)	\
+-			kernelversion |	sed 's/^\(\([3-5]\|2\.6\)\.[0-9]\+\).*/\1/;t;d');\
 -		test "$$kver" != "" || echo "Kernel version parse failed!"		;\
 -		test "$$kver" != ""							;\
 -		kvers="$$(seq 14 39 | sed 's/^/2.6./')"					;\
@@ -112,8 +112,8 @@
 +	@echo " done."
 +
 +Kconfig.versions: Kconfig.kernel
-+	@kver=$$($(MAKE) --no-print-directory -C $(KLIB_BUILD) kernelversion |	\
-+		sed 's/^\(\([3-5]\|2\.6\)\.[0-9]\+\).*/\1/;t;d')		;\
++	@kver=$$($(MAKE) --no-print-directory -C $(KLIB_BUILD) M=$(BACKPORT_DIR) \
++		kernelversion |	sed 's/^\(\([3-5]\|2\.6\)\.[0-9]\+\).*/\1/;t;d');\
 +	test "$$kver" != "" || echo "Kernel version parse failed!"		;\
 +	test "$$kver" != ""							;\
 +	kvers="$$(seq 14 39 | sed 's/^/2.6./')"					;\

package/kernel/mac80211/patches/mwl/700-mwl8k-missing-pci-id-for-WNR854T.patch

@@ -1,6 +1,6 @@
 --- a/drivers/net/wireless/marvell/mwl8k.c
 +++ b/drivers/net/wireless/marvell/mwl8k.c
-@@ -5694,6 +5694,7 @@ MODULE_FIRMWARE("mwl8k/fmimage_8366.fw")
+@@ -5695,6 +5695,7 @@ MODULE_FIRMWARE("mwl8k/fmimage_8366.fw")
  MODULE_FIRMWARE(MWL8K_8366_AP_FW(MWL8K_8366_AP_FW_API));
  
  static const struct pci_device_id mwl8k_pci_id_table[] = {

package/kernel/mac80211/patches/mwl/940-mwl8k_init_devices_synchronously.patch

@@ -1,6 +1,6 @@
 --- a/drivers/net/wireless/marvell/mwl8k.c
 +++ b/drivers/net/wireless/marvell/mwl8k.c
-@@ -6279,6 +6279,8 @@ static int mwl8k_probe(struct pci_dev *p
+@@ -6280,6 +6280,8 @@ static int mwl8k_probe(struct pci_dev *p
  
  	priv->running_bsses = 0;
  
@@ -9,7 +9,7 @@
  	return rc;
  
  err_stop_firmware:
-@@ -6312,8 +6314,6 @@ static void mwl8k_remove(struct pci_dev
+@@ -6313,8 +6315,6 @@ static void mwl8k_remove(struct pci_dev
  		return;
  	priv = hw->priv;
  

package/kernel/mac80211/patches/rt2x00/602-rt2x00-introduce-rt2x00eeprom.patch

@@ -1,6 +1,6 @@
 --- a/local-symbols
 +++ b/local-symbols
-@@ -333,6 +333,7 @@ RT2X00_LIB_FIRMWARE=
+@@ -332,6 +332,7 @@ RT2X00_LIB_FIRMWARE=
  RT2X00_LIB_CRYPTO=
  RT2X00_LIB_LEDS=
  RT2X00_LIB_DEBUGFS=

package/kernel/mac80211/patches/subsys/100-remove-cryptoapi-dependencies.patch

@@ -379,7 +379,7 @@
  #endif /* AES_GCM_H */
 --- a/net/mac80211/wpa.c
 +++ b/net/mac80211/wpa.c
-@@ -311,7 +311,8 @@ ieee80211_crypto_tkip_decrypt(struct iee
+@@ -312,7 +312,8 @@ ieee80211_crypto_tkip_decrypt(struct iee
  }
  
  
@@ -389,7 +389,7 @@
  {
  	__le16 mask_fc;
  	int a4_included, mgmt;
-@@ -341,14 +342,8 @@ static void ccmp_special_blocks(struct s
+@@ -342,14 +343,8 @@ static void ccmp_special_blocks(struct s
  	else
  		qos_tid = 0;
  
@@ -406,7 +406,7 @@
  
  	/* Nonce: Nonce Flags | A2 | PN
  	 * Nonce Flags: Priority (b0..b3) | Management (b4) | Reserved (b5..b7)
-@@ -356,6 +351,8 @@ static void ccmp_special_blocks(struct s
+@@ -357,6 +352,8 @@ static void ccmp_special_blocks(struct s
  	b_0[1] = qos_tid | (mgmt << 4);
  	memcpy(&b_0[2], hdr->addr2, ETH_ALEN);
  	memcpy(&b_0[8], pn, IEEE80211_CCMP_PN_LEN);
@@ -415,7 +415,7 @@
  
  	/* AAD (extra authenticate-only data) / masked 802.11 header
  	 * FC | A1 | A2 | A3 | SC | [A4] | [QC] */
-@@ -412,7 +409,7 @@ static int ccmp_encrypt_skb(struct ieee8
+@@ -413,7 +410,7 @@ static int ccmp_encrypt_skb(struct ieee8
  	u8 *pos;
  	u8 pn[6];
  	u64 pn64;
@@ -424,7 +424,7 @@
  	u8 b_0[AES_BLOCK_SIZE];
  
  	if (info->control.hw_key &&
-@@ -467,9 +464,11 @@ static int ccmp_encrypt_skb(struct ieee8
+@@ -468,9 +465,11 @@ static int ccmp_encrypt_skb(struct ieee8
  		return 0;
  
  	pos += IEEE80211_CCMP_HDR_LEN;
@@ -439,7 +439,7 @@
  }
  
  
-@@ -542,13 +541,13 @@ ieee80211_crypto_ccmp_decrypt(struct iee
+@@ -543,13 +542,13 @@ ieee80211_crypto_ccmp_decrypt(struct iee
  			u8 aad[2 * AES_BLOCK_SIZE];
  			u8 b_0[AES_BLOCK_SIZE];
  			/* hardware didn't decrypt/verify MIC */
@@ -455,7 +455,7 @@
  				return RX_DROP_UNUSABLE;
  		}
  
-@@ -643,7 +642,7 @@ static int gcmp_encrypt_skb(struct ieee8
+@@ -646,7 +645,7 @@ static int gcmp_encrypt_skb(struct ieee8
  	u8 *pos;
  	u8 pn[6];
  	u64 pn64;
@@ -464,7 +464,7 @@
  	u8 j_0[AES_BLOCK_SIZE];
  
  	if (info->control.hw_key &&
-@@ -700,8 +699,10 @@ static int gcmp_encrypt_skb(struct ieee8
+@@ -703,8 +702,10 @@ static int gcmp_encrypt_skb(struct ieee8
  
  	pos += IEEE80211_GCMP_HDR_LEN;
  	gcmp_special_blocks(skb, pn, j_0, aad);
@@ -477,7 +477,7 @@
  }
  
  ieee80211_tx_result
-@@ -1128,9 +1129,9 @@ ieee80211_crypto_aes_gmac_encrypt(struct
+@@ -1133,9 +1134,9 @@ ieee80211_crypto_aes_gmac_encrypt(struct
  	struct ieee80211_key *key = tx->key;
  	struct ieee80211_mmie_16 *mmie;
  	struct ieee80211_hdr *hdr;
@@ -489,7 +489,7 @@
  
  	if (WARN_ON(skb_queue_len(&tx->skbs) != 1))
  		return TX_DROP;
-@@ -1176,7 +1177,7 @@ ieee80211_crypto_aes_gmac_decrypt(struct
+@@ -1181,7 +1182,7 @@ ieee80211_crypto_aes_gmac_decrypt(struct
  	struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(skb);
  	struct ieee80211_key *key = rx->key;
  	struct ieee80211_mmie_16 *mmie;

package/kernel/mac80211/patches/subsys/150-disable_addr_notifier.patch

@@ -18,7 +18,7 @@
  static int ieee80211_ifa6_changed(struct notifier_block *nb,
  				  unsigned long data, void *arg)
  {
-@@ -1312,14 +1312,14 @@ int ieee80211_register_hw(struct ieee802
+@@ -1315,14 +1315,14 @@ int ieee80211_register_hw(struct ieee802
  
  	rtnl_unlock();
  
@@ -35,7 +35,7 @@
  	local->ifa6_notifier.notifier_call = ieee80211_ifa6_changed;
  	result = register_inet6addr_notifier(&local->ifa6_notifier);
  	if (result)
-@@ -1328,13 +1328,13 @@ int ieee80211_register_hw(struct ieee802
+@@ -1331,13 +1331,13 @@ int ieee80211_register_hw(struct ieee802
  
  	return 0;
  
@@ -52,7 +52,7 @@
   fail_ifa:
  #endif
  	wiphy_unregister(local->hw.wiphy);
-@@ -1362,10 +1362,10 @@ void ieee80211_unregister_hw(struct ieee
+@@ -1365,10 +1365,10 @@ void ieee80211_unregister_hw(struct ieee
  	tasklet_kill(&local->tx_pending_tasklet);
  	tasklet_kill(&local->tasklet);
  

package/kernel/mac80211/patches/subsys/300-cfg80211-support-immediate-reconnect-request-hint.patch

@@ -55,7 +55,7 @@ Signed-off-by: Johannes Berg <johannes.berg@intel.com>
  	__NL80211_ATTR_AFTER_LAST,
 --- a/net/mac80211/mlme.c
 +++ b/net/mac80211/mlme.c
-@@ -2729,7 +2729,7 @@ static void ieee80211_report_disconnect(
+@@ -2734,7 +2734,7 @@ static void ieee80211_report_disconnect(
  	};
  
  	if (tx)
@@ -64,7 +64,7 @@ Signed-off-by: Johannes Berg <johannes.berg@intel.com>
  	else
  		cfg80211_rx_mlme_mgmt(sdata->dev, buf, len);
  
-@@ -4719,7 +4719,8 @@ void ieee80211_mgd_quiesce(struct ieee80
+@@ -4724,7 +4724,8 @@ void ieee80211_mgd_quiesce(struct ieee80
  		if (ifmgd->auth_data)
  			ieee80211_destroy_auth_data(sdata, false);
  		cfg80211_tx_mlme_mgmt(sdata->dev, frame_buf,

package/kernel/mac80211/patches/subsys/301-mac80211-support-driver-based-disconnect-with-reconn.patch

@@ -34,7 +34,7 @@ Signed-off-by: Johannes Berg <johannes.berg@intel.com>
   * @vif: &struct ieee80211_vif pointer from the add_interface callback.
 --- a/net/mac80211/ieee80211_i.h
 +++ b/net/mac80211/ieee80211_i.h
-@@ -461,7 +461,9 @@ struct ieee80211_if_managed {
+@@ -450,7 +450,9 @@ struct ieee80211_if_managed {
  	unsigned long probe_timeout;
  	int probe_send_count;
  	bool nullfunc_failed;
@@ -47,7 +47,7 @@ Signed-off-by: Johannes Berg <johannes.berg@intel.com>
  	struct ieee80211_mgd_auth_data *auth_data;
 --- a/net/mac80211/mlme.c
 +++ b/net/mac80211/mlme.c
-@@ -2720,7 +2720,7 @@ EXPORT_SYMBOL(ieee80211_ap_probereq_get)
+@@ -2725,7 +2725,7 @@ EXPORT_SYMBOL(ieee80211_ap_probereq_get)
  
  static void ieee80211_report_disconnect(struct ieee80211_sub_if_data *sdata,
  					const u8 *buf, size_t len, bool tx,
@@ -56,7 +56,7 @@ Signed-off-by: Johannes Berg <johannes.berg@intel.com>
  {
  	struct ieee80211_event event = {
  		.type = MLME_EVENT,
-@@ -2729,7 +2729,7 @@ static void ieee80211_report_disconnect(
+@@ -2734,7 +2734,7 @@ static void ieee80211_report_disconnect(
  	};
  
  	if (tx)
@@ -65,7 +65,7 @@ Signed-off-by: Johannes Berg <johannes.berg@intel.com>
  	else
  		cfg80211_rx_mlme_mgmt(sdata->dev, buf, len);
  
-@@ -2751,13 +2751,18 @@ static void __ieee80211_disconnect(struc
+@@ -2756,13 +2756,18 @@ static void __ieee80211_disconnect(struc
  
  	tx = !sdata->csa_block_tx;
  
@@ -89,7 +89,7 @@ Signed-off-by: Johannes Berg <johannes.berg@intel.com>
  			       tx, frame_buf);
  	mutex_lock(&local->mtx);
  	sdata->vif.csa_active = false;
-@@ -2770,7 +2775,9 @@ static void __ieee80211_disconnect(struc
+@@ -2775,7 +2780,9 @@ static void __ieee80211_disconnect(struc
  	mutex_unlock(&local->mtx);
  
  	ieee80211_report_disconnect(sdata, frame_buf, sizeof(frame_buf), tx,
@@ -100,7 +100,7 @@ Signed-off-by: Johannes Berg <johannes.berg@intel.com>
  
  	sdata_unlock(sdata);
  }
-@@ -2789,6 +2796,13 @@ static void ieee80211_beacon_connection_
+@@ -2794,6 +2801,13 @@ static void ieee80211_beacon_connection_
  		sdata_info(sdata, "Connection to AP %pM lost\n",
  			   ifmgd->bssid);
  		__ieee80211_disconnect(sdata);
@@ -114,7 +114,7 @@ Signed-off-by: Johannes Berg <johannes.berg@intel.com>
  	} else {
  		ieee80211_mgd_probe_ap(sdata, true);
  	}
-@@ -2827,6 +2841,21 @@ void ieee80211_connection_loss(struct ie
+@@ -2832,6 +2846,21 @@ void ieee80211_connection_loss(struct ie
  }
  EXPORT_SYMBOL(ieee80211_connection_loss);
  
@@ -136,7 +136,7 @@ Signed-off-by: Johannes Berg <johannes.berg@intel.com>
  
  static void ieee80211_destroy_auth_data(struct ieee80211_sub_if_data *sdata,
  					bool assoc)
-@@ -3130,7 +3159,7 @@ static void ieee80211_rx_mgmt_deauth(str
+@@ -3135,7 +3164,7 @@ static void ieee80211_rx_mgmt_deauth(str
  		ieee80211_set_disassoc(sdata, 0, 0, false, NULL);
  
  		ieee80211_report_disconnect(sdata, (u8 *)mgmt, len, false,
@@ -145,7 +145,7 @@ Signed-off-by: Johannes Berg <johannes.berg@intel.com>
  		return;
  	}
  
-@@ -3179,7 +3208,8 @@ static void ieee80211_rx_mgmt_disassoc(s
+@@ -3184,7 +3213,8 @@ static void ieee80211_rx_mgmt_disassoc(s
  
  	ieee80211_set_disassoc(sdata, 0, 0, false, NULL);
  
@@ -155,7 +155,7 @@ Signed-off-by: Johannes Berg <johannes.berg@intel.com>
  }
  
  static void ieee80211_get_rates(struct ieee80211_supported_band *sband,
-@@ -4199,7 +4229,8 @@ static void ieee80211_rx_mgmt_beacon(str
+@@ -4204,7 +4234,8 @@ static void ieee80211_rx_mgmt_beacon(str
  				       true, deauth_buf);
  		ieee80211_report_disconnect(sdata, deauth_buf,
  					    sizeof(deauth_buf), true,
@@ -165,7 +165,7 @@ Signed-off-by: Johannes Berg <johannes.berg@intel.com>
  		return;
  	}
  
-@@ -4344,7 +4375,7 @@ static void ieee80211_sta_connection_los
+@@ -4349,7 +4380,7 @@ static void ieee80211_sta_connection_los
  			       tx, frame_buf);
  
  	ieee80211_report_disconnect(sdata, frame_buf, sizeof(frame_buf), true,
@@ -174,7 +174,7 @@ Signed-off-by: Johannes Berg <johannes.berg@intel.com>
  }
  
  static int ieee80211_auth(struct ieee80211_sub_if_data *sdata)
-@@ -5434,7 +5465,8 @@ int ieee80211_mgd_auth(struct ieee80211_
+@@ -5439,7 +5470,8 @@ int ieee80211_mgd_auth(struct ieee80211_
  
  		ieee80211_report_disconnect(sdata, frame_buf,
  					    sizeof(frame_buf), true,
@@ -184,7 +184,7 @@ Signed-off-by: Johannes Berg <johannes.berg@intel.com>
  	}
  
  	sdata_info(sdata, "authenticate with %pM\n", req->bss->bssid);
-@@ -5506,7 +5538,8 @@ int ieee80211_mgd_assoc(struct ieee80211
+@@ -5511,7 +5543,8 @@ int ieee80211_mgd_assoc(struct ieee80211
  
  		ieee80211_report_disconnect(sdata, frame_buf,
  					    sizeof(frame_buf), true,
@@ -194,7 +194,7 @@ Signed-off-by: Johannes Berg <johannes.berg@intel.com>
  	}
  
  	if (ifmgd->auth_data && !ifmgd->auth_data->done) {
-@@ -5805,7 +5838,7 @@ int ieee80211_mgd_deauth(struct ieee8021
+@@ -5810,7 +5843,7 @@ int ieee80211_mgd_deauth(struct ieee8021
  		ieee80211_destroy_auth_data(sdata, false);
  		ieee80211_report_disconnect(sdata, frame_buf,
  					    sizeof(frame_buf), true,
@@ -203,7 +203,7 @@ Signed-off-by: Johannes Berg <johannes.berg@intel.com>
  
  		return 0;
  	}
-@@ -5825,7 +5858,7 @@ int ieee80211_mgd_deauth(struct ieee8021
+@@ -5830,7 +5863,7 @@ int ieee80211_mgd_deauth(struct ieee8021
  		ieee80211_destroy_assoc_data(sdata, false, true);
  		ieee80211_report_disconnect(sdata, frame_buf,
  					    sizeof(frame_buf), true,
@@ -212,7 +212,7 @@ Signed-off-by: Johannes Berg <johannes.berg@intel.com>
  		return 0;
  	}
  
-@@ -5840,7 +5873,7 @@ int ieee80211_mgd_deauth(struct ieee8021
+@@ -5845,7 +5878,7 @@ int ieee80211_mgd_deauth(struct ieee8021
  				       req->reason_code, tx, frame_buf);
  		ieee80211_report_disconnect(sdata, frame_buf,
  					    sizeof(frame_buf), true,
@@ -221,7 +221,7 @@ Signed-off-by: Johannes Berg <johannes.berg@intel.com>
  		return 0;
  	}
  
-@@ -5873,7 +5906,7 @@ int ieee80211_mgd_disassoc(struct ieee80
+@@ -5878,7 +5911,7 @@ int ieee80211_mgd_disassoc(struct ieee80
  			       frame_buf);
  
  	ieee80211_report_disconnect(sdata, frame_buf, sizeof(frame_buf), true,

package/kernel/mac80211/patches/subsys/311-net-fq_impl-drop-get_default_func-move-default-flow-.patch

@@ -68,7 +68,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
  static int fq_init(struct fq *fq, int flows_cnt)
 --- a/net/mac80211/ieee80211_i.h
 +++ b/net/mac80211/ieee80211_i.h
-@@ -857,7 +857,6 @@ enum txq_info_flags {
+@@ -846,7 +846,6 @@ enum txq_info_flags {
   */
  struct txq_info {
  	struct fq_tin tin;

package/kernel/mac80211/patches/subsys/315-mac80211-add-rx-decapsulation-offload-support.patch

@@ -132,7 +132,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
  #endif /* __MAC80211_DRIVER_OPS */
 --- a/net/mac80211/iface.c
 +++ b/net/mac80211/iface.c
-@@ -839,7 +839,7 @@ static const struct net_device_ops ieee8
+@@ -835,7 +835,7 @@ static const struct net_device_ops ieee8
  
  };
  
@@ -141,7 +141,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
  {
  	switch (iftype) {
  	/* P2P GO and client are mapped to AP/STATION types */
-@@ -859,7 +859,7 @@ static bool ieee80211_set_sdata_offload_
+@@ -855,7 +855,7 @@ static bool ieee80211_set_sdata_offload_
  	flags = sdata->vif.offload_flags;
  
  	if (ieee80211_hw_check(&local->hw, SUPPORTS_TX_ENCAP_OFFLOAD) &&
@@ -150,7 +150,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
  		flags |= IEEE80211_OFFLOAD_ENCAP_ENABLED;
  
  		if (!ieee80211_hw_check(&local->hw, SUPPORTS_TX_FRAG) &&
-@@ -872,10 +872,21 @@ static bool ieee80211_set_sdata_offload_
+@@ -868,10 +868,21 @@ static bool ieee80211_set_sdata_offload_
  		flags &= ~IEEE80211_OFFLOAD_ENCAP_ENABLED;
  	}
  
@@ -172,7 +172,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
  	return true;
  }
  
-@@ -893,7 +904,7 @@ static void ieee80211_set_vif_encap_ops(
+@@ -889,7 +900,7 @@ static void ieee80211_set_vif_encap_ops(
  	}
  
  	if (!ieee80211_hw_check(&local->hw, SUPPORTS_TX_ENCAP_OFFLOAD) ||
@@ -183,7 +183,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
  	enabled = bss->vif.offload_flags & IEEE80211_OFFLOAD_ENCAP_ENABLED;
 --- a/net/mac80211/rx.c
 +++ b/net/mac80211/rx.c
-@@ -4114,7 +4114,9 @@ void ieee80211_check_fast_rx(struct sta_
+@@ -4198,7 +4198,9 @@ void ieee80211_check_fast_rx(struct sta_
  		.vif_type = sdata->vif.type,
  		.control_port_protocol = sdata->control_port_protocol,
  	}, *old, *new = NULL;
@@ -193,7 +193,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
  
  	/* use sparse to check that we don't return without updating */
  	__acquire(check_fast_rx);
-@@ -4227,6 +4229,17 @@ void ieee80211_check_fast_rx(struct sta_
+@@ -4311,6 +4313,17 @@ void ieee80211_check_fast_rx(struct sta_
  	if (assign)
  		new = kmemdup(&fastrx, sizeof(fastrx), GFP_KERNEL);
  
@@ -211,7 +211,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
  	spin_lock_bh(&sta->lock);
  	old = rcu_dereference_protected(sta->fast_rx, true);
  	rcu_assign_pointer(sta->fast_rx, new);
-@@ -4273,6 +4286,108 @@ void ieee80211_check_fast_rx_iface(struc
+@@ -4357,6 +4370,108 @@ void ieee80211_check_fast_rx_iface(struc
  	mutex_unlock(&local->sta_mtx);
  }
  
@@ -320,7 +320,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
  static bool ieee80211_invoke_fast_rx(struct ieee80211_rx_data *rx,
  				     struct ieee80211_fast_rx *fast_rx)
  {
-@@ -4293,9 +4408,6 @@ static bool ieee80211_invoke_fast_rx(str
+@@ -4377,9 +4492,6 @@ static bool ieee80211_invoke_fast_rx(str
  	} addrs __aligned(2);
  	struct ieee80211_sta_rx_stats *stats = &sta->rx_stats;
  
@@ -330,7 +330,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
  	/* for parallel-rx, we need to have DUP_VALIDATED, otherwise we write
  	 * to a common data structure; drivers can implement that per queue
  	 * but we don't have that information in mac80211
-@@ -4369,32 +4481,6 @@ static bool ieee80211_invoke_fast_rx(str
+@@ -4453,32 +4565,6 @@ static bool ieee80211_invoke_fast_rx(str
  	    pskb_trim(skb, skb->len - fast_rx->icv_len))
  		goto drop;
  
@@ -363,7 +363,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
  	if (rx->key && !ieee80211_has_protected(hdr->frame_control))
  		goto drop;
  
-@@ -4406,12 +4492,6 @@ static bool ieee80211_invoke_fast_rx(str
+@@ -4490,12 +4576,6 @@ static bool ieee80211_invoke_fast_rx(str
  		return true;
  	}
  
@@ -376,7 +376,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
  	/* do the header conversion - first grab the addresses */
  	ether_addr_copy(addrs.da, skb->data + fast_rx->da_offs);
  	ether_addr_copy(addrs.sa, skb->data + fast_rx->sa_offs);
-@@ -4420,62 +4500,14 @@ static bool ieee80211_invoke_fast_rx(str
+@@ -4504,62 +4584,14 @@ static bool ieee80211_invoke_fast_rx(str
  	/* push the addresses in front */
  	memcpy(skb_push(skb, sizeof(addrs)), &addrs, sizeof(addrs));
  
@@ -443,7 +443,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
  	stats->dropped++;
  	return true;
  }
-@@ -4529,6 +4561,47 @@ static bool ieee80211_prepare_and_rx_han
+@@ -4613,6 +4645,47 @@ static bool ieee80211_prepare_and_rx_han
  	return true;
  }
  
@@ -491,7 +491,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
  /*
   * This is the actual Rx frames handler. as it belongs to Rx path it must
   * be called with rcu_read_lock protection.
-@@ -4766,15 +4839,20 @@ void ieee80211_rx_list(struct ieee80211_
+@@ -4850,15 +4923,20 @@ void ieee80211_rx_list(struct ieee80211_
  	 * if it was previously present.
  	 * Also, frames with less than 16 bytes are dropped.
  	 */

package/kernel/mac80211/patches/subsys/373-mac80211-support-Rx-timestamp-calculation-for-all-pr.patch

@@ -15,7 +15,7 @@ Signed-off-by: Johannes Berg <johannes.berg@intel.com>
 
 --- a/net/mac80211/ieee80211_i.h
 +++ b/net/mac80211/ieee80211_i.h
-@@ -1600,13 +1600,8 @@ ieee80211_have_rx_timestamp(struct ieee8
+@@ -1587,13 +1587,8 @@ ieee80211_have_rx_timestamp(struct ieee8
  {
  	WARN_ON_ONCE(status->flag & RX_FLAG_MACTIME_START &&
  		     status->flag & RX_FLAG_MACTIME_END);

package/kernel/mac80211/patches/subsys/380-mac80211-assure-all-fragments-are-encrypted.patch

@@ -1,69 +0,0 @@
-From: Mathy Vanhoef <Mathy.Vanhoef@kuleuven.be>
-Date: Tue, 11 May 2021 20:02:42 +0200
-Subject: [PATCH] mac80211: assure all fragments are encrypted
-
-Do not mix plaintext and encrypted fragments in protected Wi-Fi
-networks. This fixes CVE-2020-26147.
-
-Previously, an attacker was able to first forward a legitimate encrypted
-fragment towards a victim, followed by a plaintext fragment. The
-encrypted and plaintext fragment would then be reassembled. For further
-details see Section 6.3 and Appendix D in the paper "Fragment and Forge:
-Breaking Wi-Fi Through Frame Aggregation and Fragmentation".
-
-Because of this change there are now two equivalent conditions in the
-code to determine if a received fragment requires sequential PNs, so we
-also move this test to a separate function to make the code easier to
-maintain.
-
-Cc: stable@vger.kernel.org
-Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@kuleuven.be>
-Signed-off-by: Johannes Berg <johannes.berg@intel.com>
----
-
---- a/net/mac80211/rx.c
-+++ b/net/mac80211/rx.c
-@@ -2204,6 +2204,16 @@ ieee80211_reassemble_find(struct ieee802
- 	return NULL;
- }
- 
-+static bool requires_sequential_pn(struct ieee80211_rx_data *rx, __le16 fc)
-+{
-+	return rx->key &&
-+		(rx->key->conf.cipher == WLAN_CIPHER_SUITE_CCMP ||
-+		 rx->key->conf.cipher == WLAN_CIPHER_SUITE_CCMP_256 ||
-+		 rx->key->conf.cipher == WLAN_CIPHER_SUITE_GCMP ||
-+		 rx->key->conf.cipher == WLAN_CIPHER_SUITE_GCMP_256) &&
-+		ieee80211_has_protected(fc);
-+}
-+
- static ieee80211_rx_result debug_noinline
- ieee80211_rx_h_defragment(struct ieee80211_rx_data *rx)
- {
-@@ -2248,12 +2258,7 @@ ieee80211_rx_h_defragment(struct ieee802
- 		/* This is the first fragment of a new frame. */
- 		entry = ieee80211_reassemble_add(rx->sdata, frag, seq,
- 						 rx->seqno_idx, &(rx->skb));
--		if (rx->key &&
--		    (rx->key->conf.cipher == WLAN_CIPHER_SUITE_CCMP ||
--		     rx->key->conf.cipher == WLAN_CIPHER_SUITE_CCMP_256 ||
--		     rx->key->conf.cipher == WLAN_CIPHER_SUITE_GCMP ||
--		     rx->key->conf.cipher == WLAN_CIPHER_SUITE_GCMP_256) &&
--		    ieee80211_has_protected(fc)) {
-+		if (requires_sequential_pn(rx, fc)) {
- 			int queue = rx->security_idx;
- 
- 			/* Store CCMP/GCMP PN so that we can verify that the
-@@ -2295,11 +2300,7 @@ ieee80211_rx_h_defragment(struct ieee802
- 		u8 pn[IEEE80211_CCMP_PN_LEN], *rpn;
- 		int queue;
- 
--		if (!rx->key ||
--		    (rx->key->conf.cipher != WLAN_CIPHER_SUITE_CCMP &&
--		     rx->key->conf.cipher != WLAN_CIPHER_SUITE_CCMP_256 &&
--		     rx->key->conf.cipher != WLAN_CIPHER_SUITE_GCMP &&
--		     rx->key->conf.cipher != WLAN_CIPHER_SUITE_GCMP_256))
-+		if (!requires_sequential_pn(rx, fc))
- 			return RX_DROP_UNUSABLE;
- 		memcpy(pn, entry->last_pn, IEEE80211_CCMP_PN_LEN);
- 		for (i = IEEE80211_CCMP_PN_LEN - 1; i >= 0; i--) {

package/kernel/mac80211/patches/subsys/381-mac80211-prevent-mixed-key-and-fragment-cache-attack.patch

@@ -1,87 +0,0 @@
-From: Mathy Vanhoef <Mathy.Vanhoef@kuleuven.be>
-Date: Tue, 11 May 2021 20:02:43 +0200
-Subject: [PATCH] mac80211: prevent mixed key and fragment cache attacks
-
-Simultaneously prevent mixed key attacks (CVE-2020-24587) and fragment
-cache attacks (CVE-2020-24586). This is accomplished by assigning a
-unique color to every key (per interface) and using this to track which
-key was used to decrypt a fragment. When reassembling frames, it is
-now checked whether all fragments were decrypted using the same key.
-
-To assure that fragment cache attacks are also prevented, the ID that is
-assigned to keys is unique even over (re)associations and (re)connects.
-This means fragments separated by a (re)association or (re)connect will
-not be reassembled. Because mac80211 now also prevents the reassembly of
-mixed encrypted and plaintext fragments, all cache attacks are prevented.
-
-Cc: stable@vger.kernel.org
-Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@kuleuven.be>
-Signed-off-by: Johannes Berg <johannes.berg@intel.com>
----
-
---- a/net/mac80211/ieee80211_i.h
-+++ b/net/mac80211/ieee80211_i.h
-@@ -97,6 +97,7 @@ struct ieee80211_fragment_entry {
- 	u8 rx_queue;
- 	bool check_sequential_pn; /* needed for CCMP/GCMP */
- 	u8 last_pn[6]; /* PN of the last fragment if CCMP was used */
-+	unsigned int key_color;
- };
- 
- 
---- a/net/mac80211/key.c
-+++ b/net/mac80211/key.c
-@@ -799,6 +799,7 @@ int ieee80211_key_link(struct ieee80211_
- 		       struct ieee80211_sub_if_data *sdata,
- 		       struct sta_info *sta)
- {
-+	static atomic_t key_color = ATOMIC_INIT(0);
- 	struct ieee80211_key *old_key;
- 	int idx = key->conf.keyidx;
- 	bool pairwise = key->conf.flags & IEEE80211_KEY_FLAG_PAIRWISE;
-@@ -850,6 +851,12 @@ int ieee80211_key_link(struct ieee80211_
- 	key->sdata = sdata;
- 	key->sta = sta;
- 
-+	/*
-+	 * Assign a unique ID to every key so we can easily prevent mixed
-+	 * key and fragment cache attacks.
-+	 */
-+	key->color = atomic_inc_return(&key_color);
-+
- 	increment_tailroom_need_count(sdata);
- 
- 	ret = ieee80211_key_replace(sdata, sta, pairwise, old_key, key);
---- a/net/mac80211/key.h
-+++ b/net/mac80211/key.h
-@@ -128,6 +128,8 @@ struct ieee80211_key {
- 	} debugfs;
- #endif
- 
-+	unsigned int color;
-+
- 	/*
- 	 * key config, must be last because it contains key
- 	 * material as variable length member
---- a/net/mac80211/rx.c
-+++ b/net/mac80211/rx.c
-@@ -2265,6 +2265,7 @@ ieee80211_rx_h_defragment(struct ieee802
- 			 * next fragment has a sequential PN value.
- 			 */
- 			entry->check_sequential_pn = true;
-+			entry->key_color = rx->key->color;
- 			memcpy(entry->last_pn,
- 			       rx->key->u.ccmp.rx_pn[queue],
- 			       IEEE80211_CCMP_PN_LEN);
-@@ -2302,6 +2303,11 @@ ieee80211_rx_h_defragment(struct ieee802
- 
- 		if (!requires_sequential_pn(rx, fc))
- 			return RX_DROP_UNUSABLE;
-+
-+		/* Prevent mixed key and fragment cache attacks */
-+		if (entry->key_color != rx->key->color)
-+			return RX_DROP_UNUSABLE;
-+
- 		memcpy(pn, entry->last_pn, IEEE80211_CCMP_PN_LEN);
- 		for (i = IEEE80211_CCMP_PN_LEN - 1; i >= 0; i--) {
- 			pn[i]++;

package/kernel/mac80211/patches/subsys/382-mac80211-properly-handle-A-MSDUs-that-start-with-an-.patch

@@ -1,66 +0,0 @@
-From: Mathy Vanhoef <Mathy.Vanhoef@kuleuven.be>
-Date: Tue, 11 May 2021 20:02:44 +0200
-Subject: [PATCH] mac80211: properly handle A-MSDUs that start with an
- RFC 1042 header
-
-Properly parse A-MSDUs whose first 6 bytes happen to equal a rfc1042
-header. This can occur in practice when the destination MAC address
-equals AA:AA:03:00:00:00. More importantly, this simplifies the next
-patch to mitigate A-MSDU injection attacks.
-
-Cc: stable@vger.kernel.org
-Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@kuleuven.be>
-Signed-off-by: Johannes Berg <johannes.berg@intel.com>
----
-
---- a/include/net/cfg80211.h
-+++ b/include/net/cfg80211.h
-@@ -5628,7 +5628,7 @@ unsigned int ieee80211_get_mesh_hdrlen(s
-  */
- int ieee80211_data_to_8023_exthdr(struct sk_buff *skb, struct ethhdr *ehdr,
- 				  const u8 *addr, enum nl80211_iftype iftype,
--				  u8 data_offset);
-+				  u8 data_offset, bool is_amsdu);
- 
- /**
-  * ieee80211_data_to_8023 - convert an 802.11 data frame to 802.3
-@@ -5640,7 +5640,7 @@ int ieee80211_data_to_8023_exthdr(struct
- static inline int ieee80211_data_to_8023(struct sk_buff *skb, const u8 *addr,
- 					 enum nl80211_iftype iftype)
- {
--	return ieee80211_data_to_8023_exthdr(skb, NULL, addr, iftype, 0);
-+	return ieee80211_data_to_8023_exthdr(skb, NULL, addr, iftype, 0, false);
- }
- 
- /**
---- a/net/mac80211/rx.c
-+++ b/net/mac80211/rx.c
-@@ -2696,7 +2696,7 @@ __ieee80211_rx_h_amsdu(struct ieee80211_
- 	if (ieee80211_data_to_8023_exthdr(skb, &ethhdr,
- 					  rx->sdata->vif.addr,
- 					  rx->sdata->vif.type,
--					  data_offset))
-+					  data_offset, true))
- 		return RX_DROP_UNUSABLE;
- 
- 	ieee80211_amsdu_to_8023s(skb, &frame_list, dev->dev_addr,
---- a/net/wireless/util.c
-+++ b/net/wireless/util.c
-@@ -541,7 +541,7 @@ EXPORT_SYMBOL(ieee80211_get_mesh_hdrlen)
- 
- int ieee80211_data_to_8023_exthdr(struct sk_buff *skb, struct ethhdr *ehdr,
- 				  const u8 *addr, enum nl80211_iftype iftype,
--				  u8 data_offset)
-+				  u8 data_offset, bool is_amsdu)
- {
- 	struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;
- 	struct {
-@@ -629,7 +629,7 @@ int ieee80211_data_to_8023_exthdr(struct
- 	skb_copy_bits(skb, hdrlen, &payload, sizeof(payload));
- 	tmp.h_proto = payload.proto;
- 
--	if (likely((ether_addr_equal(payload.hdr, rfc1042_header) &&
-+	if (likely((!is_amsdu && ether_addr_equal(payload.hdr, rfc1042_header) &&
- 		    tmp.h_proto != htons(ETH_P_AARP) &&
- 		    tmp.h_proto != htons(ETH_P_IPX)) ||
- 		   ether_addr_equal(payload.hdr, bridge_tunnel_header)))

package/kernel/mac80211/patches/subsys/383-cfg80211-mitigate-A-MSDU-aggregation-attacks.patch

@@ -1,40 +0,0 @@
-From: Mathy Vanhoef <Mathy.Vanhoef@kuleuven.be>
-Date: Tue, 11 May 2021 20:02:45 +0200
-Subject: [PATCH] cfg80211: mitigate A-MSDU aggregation attacks
-
-Mitigate A-MSDU injection attacks (CVE-2020-24588) by detecting if the
-destination address of a subframe equals an RFC1042 (i.e., LLC/SNAP)
-header, and if so dropping the complete A-MSDU frame. This mitigates
-known attacks, although new (unknown) aggregation-based attacks may
-remain possible.
-
-This defense works because in A-MSDU aggregation injection attacks, a
-normal encrypted Wi-Fi frame is turned into an A-MSDU frame. This means
-the first 6 bytes of the first A-MSDU subframe correspond to an RFC1042
-header. In other words, the destination MAC address of the first A-MSDU
-subframe contains the start of an RFC1042 header during an aggregation
-attack. We can detect this and thereby prevent this specific attack.
-For details, see Section 7.2 of "Fragment and Forge: Breaking Wi-Fi
-Through Frame Aggregation and Fragmentation".
-
-Note that for kernel 4.9 and above this patch depends on "mac80211:
-properly handle A-MSDUs that start with a rfc1042 header". Otherwise
-this patch has no impact and attacks will remain possible.
-
-Cc: stable@vger.kernel.org
-Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@kuleuven.be>
-Signed-off-by: Johannes Berg <johannes.berg@intel.com>
----
-
---- a/net/wireless/util.c
-+++ b/net/wireless/util.c
-@@ -775,6 +775,9 @@ void ieee80211_amsdu_to_8023s(struct sk_
- 		remaining = skb->len - offset;
- 		if (subframe_len > remaining)
- 			goto purge;
-+		/* mitigate A-MSDU aggregation injection attacks */
-+		if (ether_addr_equal(eth.h_dest, rfc1042_header))
-+			goto purge;
- 
- 		offset += sizeof(struct ethhdr);
- 		last = remaining <= subframe_len + padding;

package/kernel/mac80211/patches/subsys/384-mac80211-drop-A-MSDUs-on-old-ciphers.patch

@@ -1,54 +0,0 @@
-From: Johannes Berg <johannes.berg@intel.com>
-Date: Tue, 11 May 2021 20:02:46 +0200
-Subject: [PATCH] mac80211: drop A-MSDUs on old ciphers
-
-With old ciphers (WEP and TKIP) we shouldn't be using A-MSDUs
-since A-MSDUs are only supported if we know that they are, and
-the only practical way for that is HT support which doesn't
-support old ciphers.
-
-However, we would normally accept them anyway. Since we check
-the MMIC before deaggregating A-MSDUs, and the A-MSDU bit in
-the QoS header is not protected in TKIP (or WEP), this enables
-attacks similar to CVE-2020-24588. To prevent that, drop A-MSDUs
-completely with old ciphers.
-
-Cc: stable@vger.kernel.org
-Signed-off-by: Johannes Berg <johannes.berg@intel.com>
----
-
---- a/net/mac80211/rx.c
-+++ b/net/mac80211/rx.c
-@@ -6,7 +6,7 @@
-  * Copyright 2007-2010	Johannes Berg <johannes@sipsolutions.net>
-  * Copyright 2013-2014  Intel Mobile Communications GmbH
-  * Copyright(c) 2015 - 2017 Intel Deutschland GmbH
-- * Copyright (C) 2018-2020 Intel Corporation
-+ * Copyright (C) 2018-2021 Intel Corporation
-  */
- 
- #include <linux/jiffies.h>
-@@ -2753,6 +2753,23 @@ ieee80211_rx_h_amsdu(struct ieee80211_rx
- 	if (is_multicast_ether_addr(hdr->addr1))
- 		return RX_DROP_UNUSABLE;
- 
-+	if (rx->key) {
-+		/*
-+		 * We should not receive A-MSDUs on pre-HT connections,
-+		 * and HT connections cannot use old ciphers. Thus drop
-+		 * them, as in those cases we couldn't even have SPP
-+		 * A-MSDUs or such.
-+		 */
-+		switch (rx->key->conf.cipher) {
-+		case WLAN_CIPHER_SUITE_WEP40:
-+		case WLAN_CIPHER_SUITE_WEP104:
-+		case WLAN_CIPHER_SUITE_TKIP:
-+			return RX_DROP_UNUSABLE;
-+		default:
-+			break;
-+		}
-+	}
-+
- 	return __ieee80211_rx_h_amsdu(rx, 0);
- }
- 

package/kernel/mac80211/patches/subsys/385-mac80211-add-fragment-cache-to-sta_info.patch

@@ -1,313 +0,0 @@
-From: Johannes Berg <johannes.berg@intel.com>
-Date: Tue, 11 May 2021 20:02:47 +0200
-Subject: [PATCH] mac80211: add fragment cache to sta_info
-
-Prior patches protected against fragmentation cache attacks
-by coloring keys, but this shows that it can lead to issues
-when multiple stations use the same sequence number. Add a
-fragment cache to struct sta_info (in addition to the one in
-the interface) to separate fragments for different stations
-properly.
-
-This then automatically clear most of the fragment cache when a
-station disconnects (or reassociates) from an AP, or when client
-interfaces disconnect from the network, etc.
-
-On the way, also fix the comment there since this brings us in line
-with the recommendation in 802.11-2016 ("An AP should support ...").
-Additionally, remove a useless condition (since there's no problem
-purging an already empty list).
-
-Cc: stable@vger.kernel.org
-Signed-off-by: Johannes Berg <johannes.berg@intel.com>
----
-
---- a/net/mac80211/ieee80211_i.h
-+++ b/net/mac80211/ieee80211_i.h
-@@ -50,12 +50,6 @@ struct ieee80211_local;
- #define IEEE80211_ENCRYPT_HEADROOM 8
- #define IEEE80211_ENCRYPT_TAILROOM 18
- 
--/* IEEE 802.11 (Ch. 9.5 Defragmentation) requires support for concurrent
-- * reception of at least three fragmented frames. This limit can be increased
-- * by changing this define, at the cost of slower frame reassembly and
-- * increased memory use (about 2 kB of RAM per entry). */
--#define IEEE80211_FRAGMENT_MAX 4
--
- /* power level hasn't been configured (or set to automatic) */
- #define IEEE80211_UNSET_POWER_LEVEL	INT_MIN
- 
-@@ -88,19 +82,6 @@ extern const u8 ieee80211_ac_to_qos_mask
- 
- #define IEEE80211_MAX_NAN_INSTANCE_ID 255
- 
--struct ieee80211_fragment_entry {
--	struct sk_buff_head skb_list;
--	unsigned long first_frag_time;
--	u16 seq;
--	u16 extra_len;
--	u16 last_frag;
--	u8 rx_queue;
--	bool check_sequential_pn; /* needed for CCMP/GCMP */
--	u8 last_pn[6]; /* PN of the last fragment if CCMP was used */
--	unsigned int key_color;
--};
--
--
- struct ieee80211_bss {
- 	u32 device_ts_beacon, device_ts_presp;
- 
-@@ -912,9 +893,7 @@ struct ieee80211_sub_if_data {
- 
- 	char name[IFNAMSIZ];
- 
--	/* Fragment table for host-based reassembly */
--	struct ieee80211_fragment_entry	fragments[IEEE80211_FRAGMENT_MAX];
--	unsigned int fragment_next;
-+	struct ieee80211_fragment_cache frags;
- 
- 	/* TID bitmap for NoAck policy */
- 	u16 noack_map;
-@@ -2329,4 +2308,7 @@ u32 ieee80211_calc_expected_tx_airtime(s
- #define debug_noinline
- #endif
- 
-+void ieee80211_init_frag_cache(struct ieee80211_fragment_cache *cache);
-+void ieee80211_destroy_frag_cache(struct ieee80211_fragment_cache *cache);
-+
- #endif /* IEEE80211_I_H */
---- a/net/mac80211/iface.c
-+++ b/net/mac80211/iface.c
-@@ -8,7 +8,7 @@
-  * Copyright 2008, Johannes Berg <johannes@sipsolutions.net>
-  * Copyright 2013-2014  Intel Mobile Communications GmbH
-  * Copyright (c) 2016        Intel Deutschland GmbH
-- * Copyright (C) 2018-2020 Intel Corporation
-+ * Copyright (C) 2018-2021 Intel Corporation
-  */
- #include <linux/slab.h>
- #include <linux/kernel.h>
-@@ -679,16 +679,12 @@ static void ieee80211_set_multicast_list
-  */
- static void ieee80211_teardown_sdata(struct ieee80211_sub_if_data *sdata)
- {
--	int i;
--
- 	/* free extra data */
- 	ieee80211_free_keys(sdata, false);
- 
- 	ieee80211_debugfs_remove_netdev(sdata);
- 
--	for (i = 0; i < IEEE80211_FRAGMENT_MAX; i++)
--		__skb_queue_purge(&sdata->fragments[i].skb_list);
--	sdata->fragment_next = 0;
-+	ieee80211_destroy_frag_cache(&sdata->frags);
- 
- 	if (ieee80211_vif_is_mesh(&sdata->vif))
- 		ieee80211_mesh_teardown_sdata(sdata);
-@@ -2038,8 +2034,7 @@ int ieee80211_if_add(struct ieee80211_lo
- 	sdata->wdev.wiphy = local->hw.wiphy;
- 	sdata->local = local;
- 
--	for (i = 0; i < IEEE80211_FRAGMENT_MAX; i++)
--		skb_queue_head_init(&sdata->fragments[i].skb_list);
-+	ieee80211_init_frag_cache(&sdata->frags);
- 
- 	INIT_LIST_HEAD(&sdata->key_list);
- 
---- a/net/mac80211/rx.c
-+++ b/net/mac80211/rx.c
-@@ -2133,19 +2133,34 @@ ieee80211_rx_h_decrypt(struct ieee80211_
- 	return result;
- }
- 
-+void ieee80211_init_frag_cache(struct ieee80211_fragment_cache *cache)
-+{
-+	int i;
-+
-+	for (i = 0; i < ARRAY_SIZE(cache->entries); i++)
-+		skb_queue_head_init(&cache->entries[i].skb_list);
-+}
-+
-+void ieee80211_destroy_frag_cache(struct ieee80211_fragment_cache *cache)
-+{
-+	int i;
-+
-+	for (i = 0; i < ARRAY_SIZE(cache->entries); i++)
-+		__skb_queue_purge(&cache->entries[i].skb_list);
-+}
-+
- static inline struct ieee80211_fragment_entry *
--ieee80211_reassemble_add(struct ieee80211_sub_if_data *sdata,
-+ieee80211_reassemble_add(struct ieee80211_fragment_cache *cache,
- 			 unsigned int frag, unsigned int seq, int rx_queue,
- 			 struct sk_buff **skb)
- {
- 	struct ieee80211_fragment_entry *entry;
- 
--	entry = &sdata->fragments[sdata->fragment_next++];
--	if (sdata->fragment_next >= IEEE80211_FRAGMENT_MAX)
--		sdata->fragment_next = 0;
-+	entry = &cache->entries[cache->next++];
-+	if (cache->next >= IEEE80211_FRAGMENT_MAX)
-+		cache->next = 0;
- 
--	if (!skb_queue_empty(&entry->skb_list))
--		__skb_queue_purge(&entry->skb_list);
-+	__skb_queue_purge(&entry->skb_list);
- 
- 	__skb_queue_tail(&entry->skb_list, *skb); /* no need for locking */
- 	*skb = NULL;
-@@ -2160,14 +2175,14 @@ ieee80211_reassemble_add(struct ieee8021
- }
- 
- static inline struct ieee80211_fragment_entry *
--ieee80211_reassemble_find(struct ieee80211_sub_if_data *sdata,
-+ieee80211_reassemble_find(struct ieee80211_fragment_cache *cache,
- 			  unsigned int frag, unsigned int seq,
- 			  int rx_queue, struct ieee80211_hdr *hdr)
- {
- 	struct ieee80211_fragment_entry *entry;
- 	int i, idx;
- 
--	idx = sdata->fragment_next;
-+	idx = cache->next;
- 	for (i = 0; i < IEEE80211_FRAGMENT_MAX; i++) {
- 		struct ieee80211_hdr *f_hdr;
- 		struct sk_buff *f_skb;
-@@ -2176,7 +2191,7 @@ ieee80211_reassemble_find(struct ieee802
- 		if (idx < 0)
- 			idx = IEEE80211_FRAGMENT_MAX - 1;
- 
--		entry = &sdata->fragments[idx];
-+		entry = &cache->entries[idx];
- 		if (skb_queue_empty(&entry->skb_list) || entry->seq != seq ||
- 		    entry->rx_queue != rx_queue ||
- 		    entry->last_frag + 1 != frag)
-@@ -2217,6 +2232,7 @@ static bool requires_sequential_pn(struc
- static ieee80211_rx_result debug_noinline
- ieee80211_rx_h_defragment(struct ieee80211_rx_data *rx)
- {
-+	struct ieee80211_fragment_cache *cache = &rx->sdata->frags;
- 	struct ieee80211_hdr *hdr;
- 	u16 sc;
- 	__le16 fc;
-@@ -2238,6 +2254,9 @@ ieee80211_rx_h_defragment(struct ieee802
- 		goto out_no_led;
- 	}
- 
-+	if (rx->sta)
-+		cache = &rx->sta->frags;
-+
- 	if (likely(!ieee80211_has_morefrags(fc) && frag == 0))
- 		goto out;
- 
-@@ -2256,7 +2275,7 @@ ieee80211_rx_h_defragment(struct ieee802
- 
- 	if (frag == 0) {
- 		/* This is the first fragment of a new frame. */
--		entry = ieee80211_reassemble_add(rx->sdata, frag, seq,
-+		entry = ieee80211_reassemble_add(cache, frag, seq,
- 						 rx->seqno_idx, &(rx->skb));
- 		if (requires_sequential_pn(rx, fc)) {
- 			int queue = rx->security_idx;
-@@ -2284,7 +2303,7 @@ ieee80211_rx_h_defragment(struct ieee802
- 	/* This is a fragment for a frame that should already be pending in
- 	 * fragment cache. Add this fragment to the end of the pending entry.
- 	 */
--	entry = ieee80211_reassemble_find(rx->sdata, frag, seq,
-+	entry = ieee80211_reassemble_find(cache, frag, seq,
- 					  rx->seqno_idx, hdr);
- 	if (!entry) {
- 		I802_DEBUG_INC(rx->local->rx_handlers_drop_defrag);
---- a/net/mac80211/sta_info.c
-+++ b/net/mac80211/sta_info.c
-@@ -4,7 +4,7 @@
-  * Copyright 2006-2007	Jiri Benc <jbenc@suse.cz>
-  * Copyright 2013-2014  Intel Mobile Communications GmbH
-  * Copyright (C) 2015 - 2017 Intel Deutschland GmbH
-- * Copyright (C) 2018-2020 Intel Corporation
-+ * Copyright (C) 2018-2021 Intel Corporation
-  */
- 
- #include <linux/module.h>
-@@ -393,6 +393,8 @@ struct sta_info *sta_info_alloc(struct i
- 
- 	u64_stats_init(&sta->rx_stats.syncp);
- 
-+	ieee80211_init_frag_cache(&sta->frags);
-+
- 	sta->sta_state = IEEE80211_STA_NONE;
- 
- 	/* Mark TID as unreserved */
-@@ -1103,6 +1105,8 @@ static void __sta_info_destroy_part2(str
- 
- 	ieee80211_sta_debugfs_remove(sta);
- 
-+	ieee80211_destroy_frag_cache(&sta->frags);
-+
- 	cleanup_single_sta(sta);
- }
- 
---- a/net/mac80211/sta_info.h
-+++ b/net/mac80211/sta_info.h
-@@ -3,7 +3,7 @@
-  * Copyright 2002-2005, Devicescape Software, Inc.
-  * Copyright 2013-2014  Intel Mobile Communications GmbH
-  * Copyright(c) 2015-2017 Intel Deutschland GmbH
-- * Copyright(c) 2020 Intel Corporation
-+ * Copyright(c) 2020-2021 Intel Corporation
-  */
- 
- #ifndef STA_INFO_H
-@@ -439,6 +439,33 @@ struct ieee80211_sta_rx_stats {
- };
- 
- /*
-+ * IEEE 802.11-2016 (10.6 "Defragmentation") recommends support for "concurrent
-+ * reception of at least one MSDU per access category per associated STA"
-+ * on APs, or "at least one MSDU per access category" on other interface types.
-+ *
-+ * This limit can be increased by changing this define, at the cost of slower
-+ * frame reassembly and increased memory use while fragments are pending.
-+ */
-+#define IEEE80211_FRAGMENT_MAX 4
-+
-+struct ieee80211_fragment_entry {
-+	struct sk_buff_head skb_list;
-+	unsigned long first_frag_time;
-+	u16 seq;
-+	u16 extra_len;
-+	u16 last_frag;
-+	u8 rx_queue;
-+	bool check_sequential_pn; /* needed for CCMP/GCMP */
-+	u8 last_pn[6]; /* PN of the last fragment if CCMP was used */
-+	unsigned int key_color;
-+};
-+
-+struct ieee80211_fragment_cache {
-+	struct ieee80211_fragment_entry	entries[IEEE80211_FRAGMENT_MAX];
-+	unsigned int next;
-+};
-+
-+/*
-  * The bandwidth threshold below which the per-station CoDel parameters will be
-  * scaled to be more lenient (to prevent starvation of slow stations). This
-  * value will be scaled by the number of active stations when it is being
-@@ -531,6 +558,7 @@ struct ieee80211_sta_rx_stats {
-  * @status_stats.last_ack_signal: last ACK signal
-  * @status_stats.ack_signal_filled: last ACK signal validity
-  * @status_stats.avg_ack_signal: average ACK signal
-+ * @frags: fragment cache
-  */
- struct sta_info {
- 	/* General information, mostly static */
-@@ -639,6 +667,8 @@ struct sta_info {
- 
- 	struct cfg80211_chan_def tdls_chandef;
- 
-+	struct ieee80211_fragment_cache frags;
-+
- 	/* keep last! */
- 	struct ieee80211_sta sta;
- };

package/kernel/mac80211/patches/subsys/386-mac80211-check-defrag-PN-against-current-frame.patch

@@ -1,109 +0,0 @@
-From: Johannes Berg <johannes.berg@intel.com>
-Date: Tue, 11 May 2021 20:02:48 +0200
-Subject: [PATCH] mac80211: check defrag PN against current frame
-
-As pointed out by Mathy Vanhoef, we implement the RX PN check
-on fragmented frames incorrectly - we check against the last
-received PN prior to the new frame, rather than to the one in
-this frame itself.
-
-Prior patches addressed the security issue here, but in order
-to be able to reason better about the code, fix it to really
-compare against the current frame's PN, not the last stored
-one.
-
-Cc: stable@vger.kernel.org
-Signed-off-by: Johannes Berg <johannes.berg@intel.com>
----
-
---- a/net/mac80211/ieee80211_i.h
-+++ b/net/mac80211/ieee80211_i.h
-@@ -227,8 +227,15 @@ struct ieee80211_rx_data {
- 	 */
- 	int security_idx;
- 
--	u32 tkip_iv32;
--	u16 tkip_iv16;
-+	union {
-+		struct {
-+			u32 iv32;
-+			u16 iv16;
-+		} tkip;
-+		struct {
-+			u8 pn[IEEE80211_CCMP_PN_LEN];
-+		} ccm_gcm;
-+	};
- };
- 
- struct ieee80211_csa_settings {
---- a/net/mac80211/rx.c
-+++ b/net/mac80211/rx.c
-@@ -2318,7 +2318,6 @@ ieee80211_rx_h_defragment(struct ieee802
- 	if (entry->check_sequential_pn) {
- 		int i;
- 		u8 pn[IEEE80211_CCMP_PN_LEN], *rpn;
--		int queue;
- 
- 		if (!requires_sequential_pn(rx, fc))
- 			return RX_DROP_UNUSABLE;
-@@ -2333,8 +2332,8 @@ ieee80211_rx_h_defragment(struct ieee802
- 			if (pn[i])
- 				break;
- 		}
--		queue = rx->security_idx;
--		rpn = rx->key->u.ccmp.rx_pn[queue];
-+
-+		rpn = rx->ccm_gcm.pn;
- 		if (memcmp(pn, rpn, IEEE80211_CCMP_PN_LEN))
- 			return RX_DROP_UNUSABLE;
- 		memcpy(entry->last_pn, pn, IEEE80211_CCMP_PN_LEN);
---- a/net/mac80211/wpa.c
-+++ b/net/mac80211/wpa.c
-@@ -3,6 +3,7 @@
-  * Copyright 2002-2004, Instant802 Networks, Inc.
-  * Copyright 2008, Jouni Malinen <j@w1.fi>
-  * Copyright (C) 2016-2017 Intel Deutschland GmbH
-+ * Copyright (C) 2020-2021 Intel Corporation
-  */
- 
- #include <linux/netdevice.h>
-@@ -167,8 +168,8 @@ ieee80211_rx_h_michael_mic_verify(struct
- 
- update_iv:
- 	/* update IV in key information to be able to detect replays */
--	rx->key->u.tkip.rx[rx->security_idx].iv32 = rx->tkip_iv32;
--	rx->key->u.tkip.rx[rx->security_idx].iv16 = rx->tkip_iv16;
-+	rx->key->u.tkip.rx[rx->security_idx].iv32 = rx->tkip.iv32;
-+	rx->key->u.tkip.rx[rx->security_idx].iv16 = rx->tkip.iv16;
- 
- 	return RX_CONTINUE;
- 
-@@ -294,8 +295,8 @@ ieee80211_crypto_tkip_decrypt(struct iee
- 					  key, skb->data + hdrlen,
- 					  skb->len - hdrlen, rx->sta->sta.addr,
- 					  hdr->addr1, hwaccel, rx->security_idx,
--					  &rx->tkip_iv32,
--					  &rx->tkip_iv16);
-+					  &rx->tkip.iv32,
-+					  &rx->tkip.iv16);
- 	if (res != TKIP_DECRYPT_OK)
- 		return RX_DROP_UNUSABLE;
- 
-@@ -552,6 +553,8 @@ ieee80211_crypto_ccmp_decrypt(struct iee
- 		}
- 
- 		memcpy(key->u.ccmp.rx_pn[queue], pn, IEEE80211_CCMP_PN_LEN);
-+		if (unlikely(ieee80211_is_frag(hdr)))
-+			memcpy(rx->ccm_gcm.pn, pn, IEEE80211_CCMP_PN_LEN);
- 	}
- 
- 	/* Remove CCMP header and MIC */
-@@ -782,6 +785,8 @@ ieee80211_crypto_gcmp_decrypt(struct iee
- 		}
- 
- 		memcpy(key->u.gcmp.rx_pn[queue], pn, IEEE80211_GCMP_PN_LEN);
-+		if (unlikely(ieee80211_is_frag(hdr)))
-+			memcpy(rx->ccm_gcm.pn, pn, IEEE80211_CCMP_PN_LEN);
- 	}
- 
- 	/* Remove GCMP header and MIC */

package/kernel/mac80211/patches/subsys/387-mac80211-prevent-attacks-on-TKIP-WEP-as-well.patch

@@ -1,62 +0,0 @@
-From: Johannes Berg <johannes.berg@intel.com>
-Date: Tue, 11 May 2021 20:02:49 +0200
-Subject: [PATCH] mac80211: prevent attacks on TKIP/WEP as well
-
-Similar to the issues fixed in previous patches, TKIP and WEP
-should be protected even if for TKIP we have the Michael MIC
-protecting it, and WEP is broken anyway.
-
-However, this also somewhat protects potential other algorithms
-that drivers might implement.
-
-Cc: stable@vger.kernel.org
-Signed-off-by: Johannes Berg <johannes.berg@intel.com>
----
-
---- a/net/mac80211/rx.c
-+++ b/net/mac80211/rx.c
-@@ -2284,6 +2284,7 @@ ieee80211_rx_h_defragment(struct ieee802
- 			 * next fragment has a sequential PN value.
- 			 */
- 			entry->check_sequential_pn = true;
-+			entry->is_protected = true;
- 			entry->key_color = rx->key->color;
- 			memcpy(entry->last_pn,
- 			       rx->key->u.ccmp.rx_pn[queue],
-@@ -2296,6 +2297,9 @@ ieee80211_rx_h_defragment(struct ieee802
- 				     sizeof(rx->key->u.gcmp.rx_pn[queue]));
- 			BUILD_BUG_ON(IEEE80211_CCMP_PN_LEN !=
- 				     IEEE80211_GCMP_PN_LEN);
-+		} else if (rx->key && ieee80211_has_protected(fc)) {
-+			entry->is_protected = true;
-+			entry->key_color = rx->key->color;
- 		}
- 		return RX_QUEUED;
- 	}
-@@ -2337,6 +2341,14 @@ ieee80211_rx_h_defragment(struct ieee802
- 		if (memcmp(pn, rpn, IEEE80211_CCMP_PN_LEN))
- 			return RX_DROP_UNUSABLE;
- 		memcpy(entry->last_pn, pn, IEEE80211_CCMP_PN_LEN);
-+	} else if (entry->is_protected &&
-+		   (!rx->key || !ieee80211_has_protected(fc) ||
-+		    rx->key->color != entry->key_color)) {
-+		/* Drop this as a mixed key or fragment cache attack, even
-+		 * if for TKIP Michael MIC should protect us, and WEP is a
-+		 * lost cause anyway.
-+		 */
-+		return RX_DROP_UNUSABLE;
- 	}
- 
- 	skb_pull(rx->skb, ieee80211_hdrlen(fc));
---- a/net/mac80211/sta_info.h
-+++ b/net/mac80211/sta_info.h
-@@ -455,7 +455,8 @@ struct ieee80211_fragment_entry {
- 	u16 extra_len;
- 	u16 last_frag;
- 	u8 rx_queue;
--	bool check_sequential_pn; /* needed for CCMP/GCMP */
-+	u8 check_sequential_pn:1, /* needed for CCMP/GCMP */
-+	   is_protected:1;
- 	u8 last_pn[6]; /* PN of the last fragment if CCMP was used */
- 	unsigned int key_color;
- };

package/kernel/mac80211/patches/subsys/388-mac80211-do-not-accept-forward-invalid-EAPOL-frames.patch

@@ -1,94 +0,0 @@
-From: Johannes Berg <johannes.berg@intel.com>
-Date: Tue, 11 May 2021 20:02:50 +0200
-Subject: [PATCH] mac80211: do not accept/forward invalid EAPOL frames
-
-EAPOL frames are used for authentication and key management between the
-AP and each individual STA associated in the BSS. Those frames are not
-supposed to be sent by one associated STA to another associated STA
-(either unicast for broadcast/multicast).
-
-Similarly, in 802.11 they're supposed to be sent to the authenticator
-(AP) address.
-
-Since it is possible for unexpected EAPOL frames to result in misbehavior
-in supplicant implementations, it is better for the AP to not allow such
-cases to be forwarded to other clients either directly, or indirectly if
-the AP interface is part of a bridge.
-
-Accept EAPOL (control port) frames only if they're transmitted to the
-own address, or, due to interoperability concerns, to the PAE group
-address.
-
-Disable forwarding of EAPOL (or well, the configured control port
-protocol) frames back to wireless medium in all cases. Previously, these
-frames were accepted from fully authenticated and authorized stations
-and also from unauthenticated stations for one of the cases.
-
-Additionally, to avoid forwarding by the bridge, rewrite the PAE group
-address case to the local MAC address.
-
-Cc: stable@vger.kernel.org
-Co-developed-by: Jouni Malinen <jouni@codeaurora.org>
-Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
-Signed-off-by: Johannes Berg <johannes.berg@intel.com>
----
-
---- a/net/mac80211/rx.c
-+++ b/net/mac80211/rx.c
-@@ -2541,13 +2541,13 @@ static bool ieee80211_frame_allowed(stru
- 	struct ethhdr *ehdr = (struct ethhdr *) rx->skb->data;
- 
- 	/*
--	 * Allow EAPOL frames to us/the PAE group address regardless
--	 * of whether the frame was encrypted or not.
-+	 * Allow EAPOL frames to us/the PAE group address regardless of
-+	 * whether the frame was encrypted or not, and always disallow
-+	 * all other destination addresses for them.
- 	 */
--	if (ehdr->h_proto == rx->sdata->control_port_protocol &&
--	    (ether_addr_equal(ehdr->h_dest, rx->sdata->vif.addr) ||
--	     ether_addr_equal(ehdr->h_dest, pae_group_addr)))
--		return true;
-+	if (unlikely(ehdr->h_proto == rx->sdata->control_port_protocol))
-+		return ether_addr_equal(ehdr->h_dest, rx->sdata->vif.addr) ||
-+		       ether_addr_equal(ehdr->h_dest, pae_group_addr);
- 
- 	if (ieee80211_802_1x_port_control(rx) ||
- 	    ieee80211_drop_unencrypted(rx, fc))
-@@ -2572,8 +2572,28 @@ static void ieee80211_deliver_skb_to_loc
- 		cfg80211_rx_control_port(dev, skb, noencrypt);
- 		dev_kfree_skb(skb);
- 	} else {
-+		struct ethhdr *ehdr = (void *)skb_mac_header(skb);
-+
- 		memset(skb->cb, 0, sizeof(skb->cb));
- 
-+		/*
-+		 * 802.1X over 802.11 requires that the authenticator address
-+		 * be used for EAPOL frames. However, 802.1X allows the use of
-+		 * the PAE group address instead. If the interface is part of
-+		 * a bridge and we pass the frame with the PAE group address,
-+		 * then the bridge will forward it to the network (even if the
-+		 * client was not associated yet), which isn't supposed to
-+		 * happen.
-+		 * To avoid that, rewrite the destination address to our own
-+		 * address, so that the authenticator (e.g. hostapd) will see
-+		 * the frame, but bridge won't forward it anywhere else. Note
-+		 * that due to earlier filtering, the only other address can
-+		 * be the PAE group address.
-+		 */
-+		if (unlikely(skb->protocol == sdata->control_port_protocol &&
-+			     !ether_addr_equal(ehdr->h_dest, sdata->vif.addr)))
-+			ether_addr_copy(ehdr->h_dest, sdata->vif.addr);
-+
- 		/* deliver to local stack */
- 		if (rx->list)
- #if LINUX_VERSION_IS_GEQ(4,19,0)
-@@ -2617,6 +2637,7 @@ ieee80211_deliver_skb(struct ieee80211_r
- 	if ((sdata->vif.type == NL80211_IFTYPE_AP ||
- 	     sdata->vif.type == NL80211_IFTYPE_AP_VLAN) &&
- 	    !(sdata->flags & IEEE80211_SDATA_DONT_BRIDGE_PACKETS) &&
-+	    ehdr->h_proto != rx->sdata->control_port_protocol &&
- 	    (sdata->vif.type != NL80211_IFTYPE_AP_VLAN || !sdata->u.vlan.sta)) {
- 		if (is_multicast_ether_addr(ehdr->h_dest) &&
- 		    ieee80211_vif_get_num_mcast_if(sdata) != 0) {

package/kernel/mac80211/patches/subsys/389-mac80211-extend-protection-against-mixed-key-and-fra.patch

@@ -1,68 +0,0 @@
-From: Wen Gong <wgong@codeaurora.org>
-Date: Tue, 11 May 2021 20:02:51 +0200
-Subject: [PATCH] mac80211: extend protection against mixed key and
- fragment cache attacks
-
-For some chips/drivers, e.g., QCA6174 with ath10k, the decryption is
-done by the hardware, and the Protected bit in the Frame Control field
-is cleared in the lower level driver before the frame is passed to
-mac80211. In such cases, the condition for ieee80211_has_protected() is
-not met in ieee80211_rx_h_defragment() of mac80211 and the new security
-validation steps are not executed.
-
-Extend mac80211 to cover the case where the Protected bit has been
-cleared, but the frame is indicated as having been decrypted by the
-hardware. This extends protection against mixed key and fragment cache
-attack for additional drivers/chips. This fixes CVE-2020-24586 and
-CVE-2020-24587 for such cases.
-
-Tested-on: QCA6174 hw3.2 PCI WLAN.RM.4.4.1-00110-QCARMSWP-1
-
-Cc: stable@vger.kernel.org
-Signed-off-by: Wen Gong <wgong@codeaurora.org>
-Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
-Signed-off-by: Johannes Berg <johannes.berg@intel.com>
----
-
---- a/net/mac80211/rx.c
-+++ b/net/mac80211/rx.c
-@@ -2239,6 +2239,7 @@ ieee80211_rx_h_defragment(struct ieee802
- 	unsigned int frag, seq;
- 	struct ieee80211_fragment_entry *entry;
- 	struct sk_buff *skb;
-+	struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(rx->skb);
- 
- 	hdr = (struct ieee80211_hdr *)rx->skb->data;
- 	fc = hdr->frame_control;
-@@ -2297,7 +2298,9 @@ ieee80211_rx_h_defragment(struct ieee802
- 				     sizeof(rx->key->u.gcmp.rx_pn[queue]));
- 			BUILD_BUG_ON(IEEE80211_CCMP_PN_LEN !=
- 				     IEEE80211_GCMP_PN_LEN);
--		} else if (rx->key && ieee80211_has_protected(fc)) {
-+		} else if (rx->key &&
-+			   (ieee80211_has_protected(fc) ||
-+			    (status->flag & RX_FLAG_DECRYPTED))) {
- 			entry->is_protected = true;
- 			entry->key_color = rx->key->color;
- 		}
-@@ -2342,13 +2345,19 @@ ieee80211_rx_h_defragment(struct ieee802
- 			return RX_DROP_UNUSABLE;
- 		memcpy(entry->last_pn, pn, IEEE80211_CCMP_PN_LEN);
- 	} else if (entry->is_protected &&
--		   (!rx->key || !ieee80211_has_protected(fc) ||
-+		   (!rx->key ||
-+		    (!ieee80211_has_protected(fc) &&
-+		     !(status->flag & RX_FLAG_DECRYPTED)) ||
- 		    rx->key->color != entry->key_color)) {
- 		/* Drop this as a mixed key or fragment cache attack, even
- 		 * if for TKIP Michael MIC should protect us, and WEP is a
- 		 * lost cause anyway.
- 		 */
- 		return RX_DROP_UNUSABLE;
-+	} else if (entry->is_protected && rx->key &&
-+		   entry->key_color != rx->key->color &&
-+		   (status->flag & RX_FLAG_DECRYPTED)) {
-+		return RX_DROP_UNUSABLE;
- 	}
- 
- 	skb_pull(rx->skb, ieee80211_hdrlen(fc));

package/libs/libjson-c/Makefile

@@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=json-c
 PKG_VERSION:=0.15
-PKG_RELEASE:=1
+PKG_RELEASE:=2
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-nodoc.tar.gz
 PKG_SOURCE_URL:=https://s3.amazonaws.com/json-c_releases/releases/
@@ -20,6 +20,7 @@ PKG_LICENSE:=MIT
 PKG_LICENSE_FILES:=COPYING
 PKG_CPE_ID:=cpe:/a:json-c_project:json-c
 
+PKG_FLAGS := nonshared
 PKG_BUILD_PARALLEL:=1
 HOST_BUILD_PREFIX:=$(STAGING_DIR_HOST)
 

package/libs/libnl-tiny/Makefile

@@ -8,7 +8,7 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=libnl-tiny
-PKG_RELEASE:=1
+PKG_RELEASE:=2
 
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL=$(PROJECT_GIT)/project/libnl-tiny.git
@@ -17,6 +17,8 @@ PKG_SOURCE_VERSION:=c291088f631d1694f7ba0444b59677b194348da8
 PKG_MIRROR_HASH:=99bcce12701bb34dadb39689d95c2c5cf1e27719d0ecfd645d3957a8947025ac
 CMAKE_INSTALL:=1
 
+PKG_FLAGS := nonshared
+
 PKG_LICENSE:=LGPL-2.1
 PKG_MAINTAINER:=Felix Fietkau <nbd@nbd.name>
 

package/libs/libubox/Makefile

@@ -1,7 +1,7 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=libubox
-PKG_RELEASE=1
+PKG_RELEASE=2
 
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL=$(PROJECT_GIT)/project/libubox.git
@@ -11,6 +11,8 @@ PKG_SOURCE_VERSION:=b14c4688612c05c78ce984d7bde633bce8703b1e
 PKG_ABI_VERSION:=$(call abi_version_str,$(PKG_SOURCE_DATE))
 CMAKE_INSTALL:=1
 
+PKG_FLAGS := nonshared
+
 PKG_LICENSE:=ISC
 PKG_LICENSE_FILES:=
 

package/network/utils/umbim/files/lib/netifd/proto/mbim.sh

@@ -155,7 +155,7 @@ proto_mbim_setup() {
 		sleep 15
 	}
 
-	return $rt
+	return $ret
 }
 
 proto_mbim_teardown() {

package/system/opkg/Makefile

@@ -14,9 +14,9 @@ PKG_FLAGS:=essential
 
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://git.openwrt.org/project/opkg-lede.git
-PKG_SOURCE_DATE:=2021-03-15
-PKG_SOURCE_VERSION:=5936c4f9660248284e8a9b040ea3153d3ea888de
-PKG_MIRROR_HASH:=b873c209baaf4f150c89646d58e4a0072f807d24b02c320ab8c7ae9180c13240
+PKG_SOURCE_DATE:=2021-06-13
+PKG_SOURCE_VERSION:=1bf042dd06751b693a8544d2317e5b969d666b69
+PKG_MIRROR_HASH:=aeda4e0f11805bf95fc7be6d38391ce579acd965c8ba6a490b3e8669815b7264
 
 PKG_LICENSE:=GPL-2.0
 PKG_LICENSE_FILES:=COPYING

package/system/ubus/Makefile

@@ -1,13 +1,13 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=ubus
-PKG_RELEASE:=1
+PKG_RELEASE:=2
 
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL=$(PROJECT_GIT)/project/ubus.git
-PKG_SOURCE_DATE:=2021-02-15
-PKG_SOURCE_VERSION:=2537be01858710e714c329153760c64fe3f8a73e
-PKG_MIRROR_HASH:=da1f4959fbe3d51cbc6b7c08b24307f43a80911b395cac834b9f4161c195152f
+PKG_SOURCE_DATE:=2021-06-03
+PKG_SOURCE_VERSION:=a8cf678230ed163ff7a07eb1e2c872f9d655460a
+PKG_MIRROR_HASH:=aee34cd1c1aa0f1a459dda0b2c6cbdb6b66e67147ebd1bcbb2a16a2ef923d008
 PKG_ABI_VERSION:=$(call abi_version_str,$(PKG_SOURCE_DATE))
 CMAKE_INSTALL:=1
 
@@ -15,6 +15,7 @@ PKG_LICENSE:=LGPL-2.1
 PKG_LICENSE_FILES:=
 PKG_MAINTAINER:=Felix Fietkau <nbd@nbd.name>
 
+PKG_FLAGS := nonshared
 PKG_ASLR_PIE_REGULAR:=1
 
 include $(INCLUDE_DIR)/package.mk

package/system/uci/Makefile

@@ -9,7 +9,7 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=uci
-PKG_RELEASE:=4
+PKG_RELEASE:=5
 
 PKG_SOURCE_URL=$(PROJECT_GIT)/project/uci.git
 PKG_SOURCE_PROTO:=git
@@ -23,6 +23,7 @@ PKG_LICENSE_FILES:=
 PKG_MAINTAINER:=Felix Fietkau <nbd@nbd.name>
 
 PKG_BUILD_PARALLEL:=0
+PKG_FLAGS := nonshared
 
 include $(INCLUDE_DIR)/package.mk
 include $(INCLUDE_DIR)/cmake.mk

package/utils/lua/Makefile

@@ -9,13 +9,14 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=lua
 PKG_VERSION:=5.1.5
-PKG_RELEASE:=8
+PKG_RELEASE:=9
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=http://www.lua.org/ftp/ \
 	http://www.tecgraf.puc-rio.br/lua/ftp/
 PKG_HASH:=2640fc56a795f29d28ef15e13c34a47e223960b0240e8cb0a82d9b0738695333
 PKG_BUILD_PARALLEL:=1
+PKG_FLAGS := nonshared
 
 PKG_LICENSE:=MIT
 PKG_LICENSE_FILES:=COPYRIGHT

target/linux/apm821xx/patches-5.4/801-usb-xhci-add-firmware-loader-for-uPD720201-and-uPD72.patch

@@ -93,7 +93,7 @@ Signed-off-by: Vinod Koul <vkoul@kernel.org>
  static const char hcd_name[] = "xhci_hcd";
  
  static struct hc_driver __read_mostly xhci_pci_hc_driver;
-@@ -307,6 +347,873 @@ static void xhci_pme_acpi_rtd3_enable(st
+@@ -309,6 +349,873 @@ static void xhci_pme_acpi_rtd3_enable(st
  static void xhci_pme_acpi_rtd3_enable(struct pci_dev *dev) { }
  #endif /* CONFIG_ACPI */
  
@@ -967,7 +967,7 @@ Signed-off-by: Vinod Koul <vkoul@kernel.org>
  /* called during probe() after chip reset completes */
  static int xhci_pci_setup(struct usb_hcd *hcd)
  {
-@@ -348,6 +1255,27 @@ static int xhci_pci_probe(struct pci_dev
+@@ -350,6 +1257,27 @@ static int xhci_pci_probe(struct pci_dev
  	struct hc_driver *driver;
  	struct usb_hcd *hcd;
  
@@ -995,7 +995,7 @@ Signed-off-by: Vinod Koul <vkoul@kernel.org>
  	driver = (struct hc_driver *)id->driver_data;
  
  	/* Prevent runtime suspending between USB-2 and USB-3 initialization */
-@@ -409,6 +1337,16 @@ static void xhci_pci_remove(struct pci_d
+@@ -411,6 +1339,16 @@ static void xhci_pci_remove(struct pci_d
  {
  	struct xhci_hcd *xhci;
  
@@ -1012,7 +1012,7 @@ Signed-off-by: Vinod Koul <vkoul@kernel.org>
  	xhci = hcd_to_xhci(pci_get_drvdata(dev));
  	xhci->xhc_state |= XHCI_STATE_REMOVING;
  
-@@ -548,6 +1486,11 @@ static int xhci_pci_resume(struct usb_hc
+@@ -550,6 +1488,11 @@ static int xhci_pci_resume(struct usb_hc
  	if (pdev->vendor == PCI_VENDOR_ID_INTEL)
  		usb_enable_intel_xhci_ports(pdev);
  

target/linux/apm821xx/patches-5.4/802-usb-xhci-force-msi-renesas-xhci.patch

@@ -13,7 +13,7 @@ produce a noisy warning.
 
 --- a/drivers/usb/host/xhci-pci.c
 +++ b/drivers/usb/host/xhci-pci.c
-@@ -286,6 +286,7 @@ static void xhci_pci_quirks(struct devic
+@@ -288,6 +288,7 @@ static void xhci_pci_quirks(struct devic
  	    pdev->device == 0x0015) {
  		xhci->quirks |= XHCI_RESET_ON_RESUME;
  		xhci->quirks |= XHCI_ZERO_64B_REGS;

target/linux/at91/image/sam9x.mk

@@ -116,8 +116,8 @@ define Device/calamp_lmu5000
   $(Device/production)
   DEVICE_VENDOR := CalAmp
   DEVICE_MODEL := LMU5000
-  DEVICE_PACKAGES := kmod-rtc-pcf2123 kmod-usb-acm kmod-usb-serial \
-    kmod-usb-serial-option kmod-usb-serial-sierrawireless kmod-gpio-mcp23s08
+  DEVICE_PACKAGES := kmod-rtc-pcf2123 kmod-usb-acm \
+	kmod-usb-serial-option kmod-usb-serial-sierrawireless kmod-gpio-mcp23s08
 endef
 TARGET_DEVICES += calamp_lmu5000
 

target/linux/ath79/dts/ar7240_engenius_enh202-v1.dts

@@ -1,10 +1,10 @@
 // SPDX-License-Identifier: GPL-2.0-or-later OR MIT
 
 #include "ar7240.dtsi"
+#include "ar724x_senao_loader-64k.dtsi"
 
 #include <dt-bindings/gpio/gpio.h>
 #include <dt-bindings/input/input.h>
-#include <dt-bindings/mtd/partitions/uimage.h>
 
 / {
 	compatible = "engenius,enh202-v1", "qca,ar7240";
@@ -69,92 +69,6 @@
 			linux,default-trigger = "phy0tpt";
 		};
 	};
-
-	virtual_flash {
-		compatible = "mtd-concat";
-
-		devices = <&fwconcat0 &fwconcat1>;
-
-		partitions {
-			compatible = "fixed-partitions";
-			#address-cells = <1>;
-			#size-cells = <1>;
-
-			partition@0 {
-				compatible = "openwrt,uimage", "denx,uimage";
-				openwrt,ih-magic = <IH_MAGIC_OKLI>;
-				label = "firmware";
-				reg = <0x0 0x0>;
-			};
-		};
-	};
-};
-
-&spi {
-	status = "okay";
-
-	flash@0 {
-		compatible = "jedec,spi-nor";
-		reg = <0>;
-		spi-max-frequency = <20000000>;
-
-		partitions {
-			compatible = "fixed-partitions";
-			#address-cells = <1>;
-			#size-cells = <1>;
-
-			partition@0 {
-				label = "u-boot";
-				reg = <0x0 0x40000>;
-				read-only;
-			};
-
-			partition@40000 {
-				label = "u-boot-env";
-				reg = <0x40000 0x10000>;
-			};
-
-			partition@50000 {
-				label = "custom";
-				reg = <0x50000 0x50000>;
-				read-only;
-			};
-
-			partition@a0000 {
-				label = "loader";
-				reg = <0xa0000 0x10000>;
-				read-only;
-			};
-
-			fwconcat1: partition@b0000 {
-				label = "fwconcat1";
-				reg = <0xb0000 0xf0000>;
-			};
-
-			partition@1a0000 {
-				label = "fakeroot";
-				reg = <0x1a0000 0x10000>;
-				read-only;
-			};
-
-			fwconcat0: partition@1b0000 {
-				label = "fwconcat0";
-				reg = <0x1b0000 0x4c0000>;
-			};
-
-			partition@670000 {
-				label = "failsafe";
-				reg = <0x670000 0x180000>;
-				read-only;
-			};
-
-			art: partition@7f0000 {
-				label = "art";
-				reg = <0x7f0000 0x10000>;
-				read-only;
-			};
-		};
-	};
 };
 
 &eth0 {

target/linux/ath79/dts/ar7242_engenius_eap350-v1.dts

@@ -1,10 +1,10 @@
 // SPDX-License-Identifier: GPL-2.0-or-later OR MIT
 
 #include "ar7242.dtsi"
+#include "ar724x_senao_loader-4k.dtsi"
 
 #include <dt-bindings/gpio/gpio.h>
 #include <dt-bindings/input/input.h>
-#include <dt-bindings/mtd/partitions/uimage.h>
 
 / {
 	compatible = "engenius,eap350-v1", "qca,ar7242";
@@ -48,92 +48,6 @@
 			linux,default-trigger = "phy0tpt";
 		};
 	};
-
-	virtual_flash {
-		compatible = "mtd-concat";
-
-		devices = <&fwconcat0 &fwconcat1>;
-
-		partitions {
-			compatible = "fixed-partitions";
-			#address-cells = <1>;
-			#size-cells = <1>;
-
-			partition@0 {
-				compatible = "openwrt,uimage", "denx,uimage";
-				openwrt,ih-magic = <IH_MAGIC_OKLI>;
-				label = "firmware";
-				reg = <0x0 0x0>;
-			};
-		};
-	};
-};
-
-&spi {
-	status = "okay";
-
-	flash@0 {
-		compatible = "jedec,spi-nor";
-		reg = <0>;
-		spi-max-frequency = <20000000>;
-
-		partitions {
-			compatible = "fixed-partitions";
-			#address-cells = <1>;
-			#size-cells = <1>;
-
-			partition@0 {
-				label = "u-boot";
-				reg = <0x0 0x40000>;
-				read-only;
-			};
-
-			partition@40000 {
-				label = "u-boot-env";
-				reg = <0x40000 0x10000>;
-			};
-
-			partition@50000 {
-				label = "custom";
-				reg = <0x50000 0x50000>;
-				read-only;
-			};
-
-			partition@a0000 {
-				label = "loader";
-				reg = <0xa0000 0x10000>;
-				read-only;
-			};
-
-			fwconcat1: partition@b0000 {
-				label = "fwconcat1";
-				reg = <0xb0000 0xf0000>;
-			};
-
-			partition@1a0000 {
-				label = "fakeroot";
-				reg = <0x1a0000 0x10000>;
-				read-only;
-			};
-
-			fwconcat0: partition@1b0000 {
-				label = "fwconcat0";
-				reg = <0x1b0000 0x4c0000>;
-			};
-
-			partition@670000 {
-				label = "failsafe";
-				reg = <0x670000 0x180000>;
-				read-only;
-			};
-
-			art: partition@7f0000 {
-				label = "art";
-				reg = <0x7f0000 0x10000>;
-				read-only;
-			};
-		};
-	};
 };
 
 &mdio0 {

target/linux/ath79/dts/ar7242_engenius_ecb350-v1.dts

@@ -1,10 +1,10 @@
 // SPDX-License-Identifier: GPL-2.0-or-later OR MIT
 
 #include "ar7242.dtsi"
+#include "ar724x_senao_loader-4k.dtsi"
 
 #include <dt-bindings/gpio/gpio.h>
 #include <dt-bindings/input/input.h>
-#include <dt-bindings/mtd/partitions/uimage.h>
 
 / {
 	compatible = "engenius,ecb350-v1", "qca,ar7242";
@@ -48,92 +48,6 @@
 			linux,default-trigger = "phy0tpt";
 		};
 	};
-
-	virtual_flash {
-		compatible = "mtd-concat";
-
-		devices = <&fwconcat0 &fwconcat1>;
-
-		partitions {
-			compatible = "fixed-partitions";
-			#address-cells = <1>;
-			#size-cells = <1>;
-
-			partition@0 {
-				compatible = "openwrt,uimage", "denx,uimage";
-				openwrt,ih-magic = <IH_MAGIC_OKLI>;
-				label = "firmware";
-				reg = <0x0 0x0>;
-			};
-		};
-	};
-};
-
-&spi {
-	status = "okay";
-
-	flash@0 {
-		compatible = "jedec,spi-nor";
-		reg = <0>;
-		spi-max-frequency = <20000000>;
-
-		partitions {
-			compatible = "fixed-partitions";
-			#address-cells = <1>;
-			#size-cells = <1>;
-
-			partition@0 {
-				label = "u-boot";
-				reg = <0x0 0x40000>;
-				read-only;
-			};
-
-			partition@40000 {
-				label = "u-boot-env";
-				reg = <0x40000 0x10000>;
-			};
-
-			partition@50000 {
-				label = "custom";
-				reg = <0x50000 0x50000>;
-				read-only;
-			};
-
-			partition@a0000 {
-				label = "loader";
-				reg = <0xa0000 0x10000>;
-				read-only;
-			};
-
-			fwconcat1: partition@b0000 {
-				label = "fwconcat1";
-				reg = <0xb0000 0xf0000>;
-			};
-
-			partition@1a0000 {
-				label = "fakeroot";
-				reg = <0x1a0000 0x10000>;
-				read-only;
-			};
-
-			fwconcat0: partition@1b0000 {
-				label = "fwconcat0";
-				reg = <0x1b0000 0x4c0000>;
-			};
-
-			partition@670000 {
-				label = "failsafe";
-				reg = <0x670000 0x180000>;
-				read-only;
-			};
-
-			art: partition@7f0000 {
-				label = "art";
-				reg = <0x7f0000 0x10000>;
-				read-only;
-			};
-		};
-	};
 };
 
 &mdio0 {

target/linux/ath79/dts/ar724x_senao_loader-4k.dtsi

@@ -0,0 +1,84 @@
+// SPDX-License-Identifier: GPL-2.0-or-later OR MIT
+
+#include <dt-bindings/mtd/partitions/uimage.h>
+
+/ {
+	virtual_flash {
+		compatible = "mtd-concat";
+
+		devices = <&fwconcat0 &fwconcat1>;
+
+		partitions {
+			compatible = "fixed-partitions";
+			#address-cells = <1>;
+			#size-cells = <1>;
+
+			partition@0 {
+				compatible = "openwrt,uimage", "denx,uimage";
+				openwrt,ih-magic = <0x73714f4b>;
+				label = "firmware";
+				reg = <0x0 0x0>;
+			};
+		};
+	};
+};
+
+&spi {
+	status = "okay";
+
+	flash@0 {
+		compatible = "jedec,spi-nor";
+		reg = <0>;
+		spi-max-frequency = <20000000>;
+
+		partitions {
+			compatible = "fixed-partitions";
+			#address-cells = <1>;
+			#size-cells = <1>;
+
+			partition@0 {
+				label = "u-boot";
+				reg = <0x0 0x40000>;
+				read-only;
+			};
+
+			partition@40000 {
+				label = "u-boot-env";
+				reg = <0x40000 0x10000>;
+			};
+
+			partition@50000 {
+				label = "custom";
+				reg = <0x50000 0x50000>;
+				read-only;
+			};
+
+			partition@a0000 {
+				label = "loader";
+				reg = <0xa0000 0x1000>;
+			};
+
+			fwconcat1: partition@a1000 {
+				label = "fwconcat1";
+				reg = <0xa1000 0xff000>;
+			};
+
+			fwconcat0: partition@1a0000 {
+				label = "fwconcat0";
+				reg = <0x1a0000 0x4d0000>;
+			};
+
+			partition@670000 {
+				label = "failsafe";
+				reg = <0x670000 0x180000>;
+				read-only;
+			};
+
+			art: partition@7f0000 {
+				label = "art";
+				reg = <0x7f0000 0x10000>;
+				read-only;
+			};
+		};
+	};
+};

target/linux/ath79/dts/ar724x_senao_loader-64k.dtsi

@@ -0,0 +1,84 @@
+// SPDX-License-Identifier: GPL-2.0-or-later OR MIT
+
+#include <dt-bindings/mtd/partitions/uimage.h>
+
+/ {
+	virtual_flash {
+		compatible = "mtd-concat";
+
+		devices = <&fwconcat0 &fwconcat1>;
+
+		partitions {
+			compatible = "fixed-partitions";
+			#address-cells = <1>;
+			#size-cells = <1>;
+
+			partition@0 {
+				compatible = "openwrt,uimage", "denx,uimage";
+				openwrt,ih-magic = <0x73714f4b>;
+				label = "firmware";
+				reg = <0x0 0x0>;
+			};
+		};
+	};
+};
+
+&spi {
+	status = "okay";
+
+	flash@0 {
+		compatible = "jedec,spi-nor";
+		reg = <0>;
+		spi-max-frequency = <20000000>;
+
+		partitions {
+			compatible = "fixed-partitions";
+			#address-cells = <1>;
+			#size-cells = <1>;
+
+			partition@0 {
+				label = "u-boot";
+				reg = <0x0 0x40000>;
+				read-only;
+			};
+
+			partition@40000 {
+				label = "u-boot-env";
+				reg = <0x40000 0x10000>;
+			};
+
+			partition@50000 {
+				label = "custom";
+				reg = <0x50000 0x50000>;
+				read-only;
+			};
+
+			partition@a0000 {
+				label = "loader";
+				reg = <0xa0000 0x10000>;
+			};
+
+			fwconcat1: partition@b0000 {
+				label = "fwconcat1";
+				reg = <0xb0000 0xf0000>;
+			};
+
+			fwconcat0: partition@1a0000 {
+				label = "fwconcat0";
+				reg = <0x1a0000 0x4d0000>;
+			};
+
+			partition@670000 {
+				label = "failsafe";
+				reg = <0x670000 0x180000>;
+				read-only;
+			};
+
+			art: partition@7f0000 {
+				label = "art";
+				reg = <0x7f0000 0x10000>;
+				read-only;
+			};
+		};
+	};
+};

target/linux/ath79/dts/ar9341_engenius_eap300-v2.dts

@@ -1,10 +1,10 @@
 // SPDX-License-Identifier: GPL-2.0-or-later OR MIT
 
 #include "ar9341.dtsi"
+#include "ar934x_senao_loader.dtsi"
 
 #include <dt-bindings/gpio/gpio.h>
 #include <dt-bindings/input/input.h>
-#include <dt-bindings/mtd/partitions/uimage.h>
 
 / {
 	model = "Engenius EAP300 v2";
@@ -43,96 +43,6 @@
 			linux,default-trigger = "phy0tpt";
 		};
 	};
-
-	virtual_flash {
-		compatible = "mtd-concat";
-
-		devices = <&fwconcat0 &fwconcat1>;
-
-		partitions {
-			compatible = "fixed-partitions";
-			#address-cells = <1>;
-			#size-cells = <1>;
-
-			partition@0 {
-				compatible = "openwrt,uimage", "denx,uimage";
-				openwrt,ih-magic = <IH_MAGIC_OKLI>;
-				label = "firmware";
-				reg = <0x0 0x0>;
-			};
-		};
-	};
-};
-
-&ref {
-	clock-frequency = <40000000>;
-};
-
-&spi {
-	status = "okay";
-
-	flash@0 {
-		compatible = "jedec,spi-nor";
-		reg = <0>;
-		spi-max-frequency = <20000000>;
-
-		partitions {
-			compatible = "fixed-partitions";
-			#address-cells = <1>;
-			#size-cells = <1>;
-
-			partition@0 {
-				label = "u-boot";
-				reg = <0x000000 0x040000>;
-				read-only;
-			};
-
-			partition@40000 {
-				label = "u-boot-env";
-				reg = <0x040000 0x010000>;
-			};
-
-			partition@50000 {
-				label = "custom";
-				reg = <0x050000 0x050000>;
-				read-only;
-			};
-
-			partition@a0000 {
-				label = "loader";
-				reg = <0x0a0000 0x010000>;
-				read-only;
-			};
-
-			fwconcat1: partition@b0000 {
-				label = "fwconcat1";
-				reg = <0x0b0000 0x170000>;
-			};
-
-			partition@220000 {
-				label = "fakeroot";
-				reg = <0x220000 0x010000>;
-				read-only;
-			};
-
-			fwconcat0: partition@230000 {
-				label = "fwconcat0";
-				reg = <0x230000 0xbc0000>;
-			};
-
-			partition@df0000 {
-				label = "failsafe";
-				reg = <0xdf0000 0x200000>;
-				read-only;
-			};
-
-			art: partition@ff0000 {
-				label = "art";
-				reg = <0xff0000 0x010000>;
-				read-only;
-			};
-		};
-	};
 };
 
 &eth1 {

target/linux/ath79/dts/ar9341_engenius_ens202ext-v1.dts

@@ -1,10 +1,10 @@
 // SPDX-License-Identifier: GPL-2.0-or-later OR MIT
 
 #include "ar9341.dtsi"
+#include "ar934x_senao_loader.dtsi"
 
 #include <dt-bindings/gpio/gpio.h>
 #include <dt-bindings/input/input.h>
-#include <dt-bindings/mtd/partitions/uimage.h>
 
 / {
 	model = "Engenius ENS202EXT v1";
@@ -58,96 +58,6 @@
 			gpios = <&gpio 0 GPIO_ACTIVE_LOW>;
 		};
 	};
-
-	virtual_flash {
-		compatible = "mtd-concat";
-
-		devices = <&fwconcat0 &fwconcat1>;
-
-		partitions {
-			compatible = "fixed-partitions";
-			#address-cells = <1>;
-			#size-cells = <1>;
-
-			partition@0 {
-				compatible = "openwrt,uimage", "denx,uimage";
-				openwrt,ih-magic = <IH_MAGIC_OKLI>;
-				label = "firmware";
-				reg = <0x0 0x0>;
-			};
-		};
-	};
-};
-
-&ref {
-	clock-frequency = <40000000>;
-};
-
-&spi {
-	status = "okay";
-
-	flash@0 {
-		compatible = "jedec,spi-nor";
-		reg = <0>;
-		spi-max-frequency = <40000000>;
-
-		partitions {
-			compatible = "fixed-partitions";
-			#address-cells = <1>;
-			#size-cells = <1>;
-
-			partition@0 {
-				label = "u-boot";
-				reg = <0x000000 0x040000>;
-				read-only;
-			};
-
-			partition@40000 {
-				label = "u-boot-env";
-				reg = <0x040000 0x010000>;
-			};
-
-			partition@50000 {
-				label = "custom";
-				reg = <0x050000 0x050000>;
-				read-only;
-			};
-
-			partition@a0000 {
-				label = "loader";
-				reg = <0x0a0000 0x010000>;
-				read-only;
-			};
-
-			fwconcat1: partition@b0000 {
-				label = "fwconcat1";
-				reg = <0x0b0000 0x170000>;
-			};
-
-			partition@220000 {
-				label = "fakeroot";
-				reg = <0x220000 0x010000>;
-				read-only;
-			};
-
-			fwconcat0: partition@230000 {
-				label = "fwconcat0";
-				reg = <0x230000 0xbc0000>;
-			};
-
-			partition@df0000 {
-				label = "failsafe";
-				reg = <0xdf0000 0x200000>;
-				read-only;
-			};
-
-			art: partition@ff0000 {
-				label = "art";
-				reg = <0xff0000 0x010000>;
-				read-only;
-			};
-		};
-	};
 };
 
 &eth0 {

target/linux/ath79/dts/ar9344_engenius_exx600.dtsi

@@ -1,10 +1,10 @@
 // SPDX-License-Identifier: GPL-2.0-or-later OR MIT
 
 #include "ar9344.dtsi"
+#include "ar934x_senao_loader.dtsi"
 
 #include <dt-bindings/gpio/gpio.h>
 #include <dt-bindings/input/input.h>
-#include <dt-bindings/mtd/partitions/uimage.h>
 
 / {
 	aliases {
@@ -35,96 +35,6 @@
 			linux,default-trigger = "phy1tpt";
 		};
 	};
-
-	virtual_flash {
-		compatible = "mtd-concat";
-
-		devices = <&fwconcat0 &fwconcat1>;
-
-		partitions {
-			compatible = "fixed-partitions";
-			#address-cells = <1>;
-			#size-cells = <1>;
-
-			partition@0 {
-				compatible = "openwrt,uimage", "denx,uimage";
-				openwrt,ih-magic = <IH_MAGIC_OKLI>;
-				label = "firmware";
-				reg = <0x0 0x0>;
-			};
-		};
-	};
-};
-
-&ref {
-	clock-frequency = <40000000>;
-};
-
-&spi {
-	status = "okay";
-
-	flash@0 {
-		compatible = "jedec,spi-nor";
-		reg = <0>;
-		spi-max-frequency = <40000000>;
-
-		partitions {
-			compatible = "fixed-partitions";
-			#address-cells = <1>;
-			#size-cells = <1>;
-
-			partition@0 {
-				label = "u-boot";
-				reg = <0x000000 0x040000>;
-				read-only;
-			};
-
-			partition@40000 {
-				label = "u-boot-env";
-				reg = <0x040000 0x010000>;
-			};
-
-			partition@50000 {
-				label = "custom";
-				reg = <0x050000 0x050000>;
-				read-only;
-			};
-
-			partition@a0000 {
-				label = "loader";
-				reg = <0x0a0000 0x010000>;
-				read-only;
-			};
-
-			fwconcat1: partition@b0000 {
-				label = "fwconcat1";
-				reg = <0x0b0000 0x170000>;
-			};
-
-			partition@220000 {
-				label = "fakeroot";
-				reg = <0x220000 0x010000>;
-				read-only;
-			};
-
-			fwconcat0: partition@230000 {
-				label = "fwconcat0";
-				reg = <0x230000 0xbc0000>;
-			};
-
-			partition@df0000 {
-				label = "failsafe";
-				reg = <0xdf0000 0x200000>;
-				read-only;
-			};
-
-			art: partition@ff0000 {
-				label = "art";
-				reg = <0xff0000 0x010000>;
-				read-only;
-			};
-		};
-	};
 };
 
 &mdio0 {

target/linux/ath79/dts/ar9344_wd_mynet-wifi-rangeextender.dts

@@ -144,10 +144,10 @@
 &eth0 {
 	status = "okay";
 
-	pll-data = <0x0e000000 0x3c000101 0x3c001313>;
+	pll-data = <0x02000000 0x00000101 0x00001313>;
 
 	/* ethernet MAC is stored in nvram */
-	phy-mode = "rgmii";
+	phy-mode = "rgmii-id";
 	phy-handle = <&phy4>;
 
 	gmac-config {

target/linux/ath79/dts/ar934x_senao_loader.dtsi

@@ -0,0 +1,88 @@
+// SPDX-License-Identifier: GPL-2.0-or-later OR MIT
+
+#include <dt-bindings/mtd/partitions/uimage.h>
+
+/ {
+	virtual_flash {
+		compatible = "mtd-concat";
+
+		devices = <&fwconcat0 &fwconcat1>;
+
+		partitions {
+			compatible = "fixed-partitions";
+			#address-cells = <1>;
+			#size-cells = <1>;
+
+			partition@0 {
+				compatible = "openwrt,uimage", "denx,uimage";
+				openwrt,ih-magic = <0x73714f4b>;
+				label = "firmware";
+				reg = <0x0 0x0>;
+			};
+		};
+	};
+};
+
+&ref {
+	clock-frequency = <40000000>;
+};
+
+&spi {
+	status = "okay";
+
+	flash@0 {
+		compatible = "jedec,spi-nor";
+		reg = <0>;
+		spi-max-frequency = <40000000>;
+
+		partitions {
+			compatible = "fixed-partitions";
+			#address-cells = <1>;
+			#size-cells = <1>;
+
+			partition@0 {
+				label = "u-boot";
+				reg = <0x000000 0x040000>;
+				read-only;
+			};
+
+			partition@40000 {
+				label = "u-boot-env";
+				reg = <0x040000 0x010000>;
+			};
+
+			partition@50000 {
+				label = "custom";
+				reg = <0x050000 0x050000>;
+				read-only;
+			};
+
+			partition@a0000 {
+				label = "loader";
+				reg = <0x0a0000 0x010000>;
+			};
+
+			fwconcat1: partition@b0000 {
+				label = "fwconcat1";
+				reg = <0x0b0000 0x170000>;
+			};
+
+			fwconcat0: partition@220000 {
+				label = "fwconcat0";
+				reg = <0x220000 0xbd0000>;
+			};
+
+			partition@df0000 {
+				label = "failsafe";
+				reg = <0xdf0000 0x200000>;
+				read-only;
+			};
+
+			art: partition@ff0000 {
+				label = "art";
+				reg = <0xff0000 0x010000>;
+				read-only;
+			};
+		};
+	};
+};

target/linux/ath79/dts/qca9557_engenius_eap1200h.dts

@@ -1,10 +1,9 @@
 // SPDX-License-Identifier: GPL-2.0-or-later OR MIT
 
-#include "qca955x.dtsi"
+#include "qca955x_senao_loader.dtsi"
 
 #include <dt-bindings/gpio/gpio.h>
 #include <dt-bindings/input/input.h>
-#include <dt-bindings/mtd/partitions/uimage.h>
 
 / {
 	compatible = "engenius,eap1200h", "qca,qca9557";
@@ -55,91 +54,13 @@
 			gpios = <&gpio 19 GPIO_ACTIVE_LOW>;
 		};
 	};
-
-	virtual_flash {
-		compatible = "mtd-concat";
-
-		devices = <&fwconcat0 &fwconcat1>;
-
-		partitions {
-			compatible = "fixed-partitions";
-			#address-cells = <1>;
-			#size-cells = <1>;
-
-			partition@0 {
-				compatible = "openwrt,uimage", "denx,uimage";
-				openwrt,ih-magic = <IH_MAGIC_OKLI>;
-				label = "firmware";
-				reg = <0x0 0x0>;
-			};
-		};
-	};
 };
 
-&spi {
-	status = "okay";
-
-	flash@0 {
-		compatible = "jedec,spi-nor";
-		reg = <0>;
-		spi-max-frequency = <40000000>;
-
-		partitions {
-			compatible = "fixed-partitions";
-			#address-cells = <1>;
-			#size-cells = <1>;
-
-			partition@0 {
-				label = "u-boot";
-				reg = <0x000000 0x040000>;
-				read-only;
-			};
-
-			partition@40000 {
-				label = "u-boot-env";
-				reg = <0x040000 0x010000>;
-			};
-
-			partition@50000 {
-				label = "custom";
-				reg = <0x050000 0x050000>;
-				read-only;
-			};
-
-			partition@a0000 {
-				label = "loader";
-				reg = <0x0a0000 0x010000>;
-				read-only;
-			};
-
-			fwconcat1: partition@b0000 {
-				label = "fwconcat1";
-				reg = <0x0b0000 0x170000>;
-			};
-
-			partition@220000 {
-				label = "fakeroot";
-				reg = <0x220000 0x010000>;
-				read-only;
-			};
-
-			fwconcat0: partition@230000 {
-				label = "fwconcat0";
-				reg = <0x230000 0xb40000>;
-			};
-
-			partition@d70000 {
-				label = "failsafe";
-				reg = <0xd70000 0x280000>;
-				read-only;
-			};
-
-			art: partition@ff0000 {
-				label = "art";
-				reg = <0xff0000 0x010000>;
-				read-only;
-			};
-		};
+&partitions {
+	art: partition@ff0000 {
+		label = "art";
+		reg = <0xff0000 0x010000>;
+		read-only;
 	};
 };
 
@@ -164,16 +85,6 @@
 	pll-data = <0x82000000 0x80000101 0x80001313>;
 };
 
-&pcie0 {
-	status = "okay";
-
-	wifi@0,0,0 {
-		compatible = "qcom,ath10k";
-		reg = <0x0 0 0 0 0>;
-		qca,no-eeprom;
-	};
-};
-
 &wmac {
 	status = "okay";
 

target/linux/ath79/dts/qca9557_engenius_enstationac-v1.dts

@@ -1,10 +1,9 @@
 // SPDX-License-Identifier: GPL-2.0-or-later OR MIT
 
-#include "qca955x.dtsi"
+#include "qca955x_senao_loader.dtsi"
 
 #include <dt-bindings/gpio/gpio.h>
 #include <dt-bindings/input/input.h>
-#include <dt-bindings/mtd/partitions/uimage.h>
 
 / {
 	compatible = "engenius,enstationac-v1", "qca,qca9557";
@@ -59,91 +58,13 @@
 			gpios = <&gpio 18 GPIO_ACTIVE_LOW>;
 		};
 	};
-
-	virtual_flash {
-		compatible = "mtd-concat";
-
-		devices = <&fwconcat0 &fwconcat1>;
-
-		partitions {
-			compatible = "fixed-partitions";
-			#address-cells = <1>;
-			#size-cells = <1>;
-
-			partition@0 {
-				compatible = "openwrt,uimage", "denx,uimage";
-				openwrt,ih-magic = <IH_MAGIC_OKLI>;
-				label = "firmware";
-				reg = <0x0 0x0>;
-			};
-		};
-	};
 };
 
-&spi {
-	status = "okay";
-
-	flash@0 {
-		compatible = "jedec,spi-nor";
-		reg = <0>;
-		spi-max-frequency = <40000000>;
-
-		partitions {
-			compatible = "fixed-partitions";
-			#address-cells = <1>;
-			#size-cells = <1>;
-
-			partition@0 {
-				label = "u-boot";
-				reg = <0x000000 0x040000>;
-				read-only;
-			};
-
-			partition@40000 {
-				label = "u-boot-env";
-				reg = <0x040000 0x010000>;
-			};
-
-			partition@50000 {
-				label = "custom";
-				reg = <0x050000 0x050000>;
-				read-only;
-			};
-
-			partition@a0000 {
-				label = "loader";
-				reg = <0x0a0000 0x010000>;
-				read-only;
-			};
-
-			fwconcat1: partition@b0000 {
-				label = "fwconcat1";
-				reg = <0x0b0000 0x170000>;
-			};
-
-			partition@220000 {
-				label = "fakeroot";
-				reg = <0x220000 0x010000>;
-				read-only;
-			};
-
-			fwconcat0: partition@230000 {
-				label = "fwconcat0";
-				reg = <0x230000 0xb40000>;
-			};
-
-			partition@d70000 {
-				label = "failsafe";
-				reg = <0xd70000 0x280000>;
-				read-only;
-			};
-
-			art: partition@ff0000 {
-				label = "art";
-				reg = <0xff0000 0x010000>;
-				read-only;
-			};
-		};
+&partitions {
+	art: partition@ff0000 {
+		label = "art";
+		reg = <0xff0000 0x010000>;
+		read-only;
 	};
 };
 
@@ -187,13 +108,3 @@
 
 	qca955x-sgmii-fixup;
 };
-
-&pcie0 {
-	status = "okay";
-
-	wifi@0,0,0 {
-		compatible = "qcom,ath10k";
-		reg = <0x0 0 0 0 0>;
-		qca,no-eeprom;
-	};
-};

target/linux/ath79/dts/qca9558_allnet_all-wap02860ac.dts

@@ -1,13 +1,13 @@
 // SPDX-License-Identifier: GPL-2.0-or-later OR MIT
 
-#include "qca955x.dtsi"
+#include "qca955x_senao_loader.dtsi"
 
 #include <dt-bindings/gpio/gpio.h>
 #include <dt-bindings/input/input.h>
 
 / {
-	model = "ALLNET ALL-WAP02860AC";
 	compatible = "allnet,all-wap02860ac", "qca,qca9558";
+	model = "ALLNET ALL-WAP02860AC";
 
 	aliases {
 		label-mac-device = &eth0;
@@ -22,8 +22,9 @@
 
 		reset {
 			label = "reset";
-			linux,code = <KEY_RESTART>;
 			gpios = <&gpio 17 GPIO_ACTIVE_LOW>;
+			debounce-interval = <60>;
+			linux,code = <KEY_RESTART>;
 		};
 	};
 
@@ -58,11 +59,12 @@
 &eth0 {
 	status = "okay";
 
-	pll-data = <0x8e000000 0x80000101 0x80001313>;
-	phy-handle = <&phy5>;
-	phy-mode = "rgmii-rxid";
-
 	mtd-mac-address = <&art 0x0>;
+
+	phy-handle = <&phy5>;
+	phy-mode = "rgmii-id";
+
+	pll-data = <0x82000000 0x80000101 0x80001313>;
 };
 
 &mdio0 {
@@ -75,67 +77,11 @@
 	};
 };
 
-&pcie0 {
-	status = "okay";
-
-	wifi@0,0 {
-		compatible = "qcom,ath10k";
-		reg = <0 0 0 0 0>;
-	};
-};
-
-&pll {
-	clocks = <&extosc>;
-};
-
-&spi {
-	status = "okay";
-
-	flash@0 {
-		compatible = "jedec,spi-nor";
-		reg = <0>;
-		spi-max-frequency = <25000000>;
-
-		partitions {
-			compatible = "fixed-partitions";
-			#address-cells = <1>;
-			#size-cells = <1>;
-
-			partition@0 {
-				label = "u-boot";
-				reg = <0x000000 0x040000>;
-				read-only;
-			};
-
-			partition@40000 {
-				label = "u-boot-env";
-				reg = <0x040000 0x010000>;
-			};
-
-			partition@50000 {
-				label = "custom";
-				reg = <0x050000 0x050000>;
-				read-only;
-			};
-
-			partition@a0000 {
-				compatible = "denx,uimage";
-				label = "firmware";
-				reg = <0x0a0000 0xcd0000>;
-			};
-
-			partition@d70000 {
-				label = "failsafe";
-				reg = <0xd70000 0x280000>;
-				read-only;
-			};
-
-			art: partition@ff0000 {
-				label = "art";
-				reg = <0xff0000 0x010000>;
-				read-only;
-			};
-		};
+&partitions {
+	art: partition@ff0000 {
+		label = "art";
+		reg = <0xff0000 0x010000>;
+		read-only;
 	};
 };
 
@@ -145,5 +91,4 @@
 	mtd-cal-data = <&art 0x1000>;
 	mtd-mac-address = <&art 0x0>;
 	mtd-mac-address-increment = <1>;
-	qca-no-eeprom;
 };

target/linux/ath79/dts/qca955x_senao_loader.dtsi

@@ -0,0 +1,91 @@
+// SPDX-License-Identifier: GPL-2.0-or-later OR MIT
+
+#include "qca955x.dtsi"
+
+#include <dt-bindings/mtd/partitions/uimage.h>
+
+/ {
+	virtual_flash {
+		compatible = "mtd-concat";
+
+		devices = <&fwconcat0 &fwconcat1>;
+
+		partitions {
+			compatible = "fixed-partitions";
+			#address-cells = <1>;
+			#size-cells = <1>;
+
+			partition@0 {
+				compatible = "openwrt,uimage", "denx,uimage";
+				openwrt,ih-magic = <0x73714f4b>;
+				label = "firmware";
+				reg = <0x0 0x0>;
+			};
+		};
+	};
+};
+
+&pcie0 {
+	status = "okay";
+
+	wifi@0,0,0 {
+		compatible = "qcom,ath10k";
+		reg = <0x0 0 0 0 0>;
+	};
+};
+
+&spi {
+	status = "okay";
+
+	flash@0 {
+		compatible = "jedec,spi-nor";
+		reg = <0>;
+		spi-max-frequency = <40000000>;
+
+		partitions: partitions {
+			compatible = "fixed-partitions";
+			#address-cells = <1>;
+			#size-cells = <1>;
+
+			partition@0 {
+				label = "u-boot";
+				reg = <0x000000 0x040000>;
+				read-only;
+			};
+
+			partition@40000 {
+				label = "u-boot-env";
+				reg = <0x040000 0x010000>;
+			};
+
+			partition@50000 {
+				label = "custom";
+				reg = <0x050000 0x050000>;
+				read-only;
+			};
+
+			partition@a0000 {
+				label = "loader";
+				reg = <0x0a0000 0x010000>;
+			};
+
+			fwconcat1: partition@b0000 {
+				label = "fwconcat1";
+				reg = <0x0b0000 0x170000>;
+			};
+
+			fwconcat0: partition@220000 {
+				label = "fwconcat0";
+				reg = <0x220000 0xb50000>;
+			};
+
+			partition@d70000 {
+				label = "failsafe";
+				reg = <0xd70000 0x280000>;
+				read-only;
+			};
+
+			/* additional partitions in device DTS files */
+		};
+	};
+};

target/linux/ath79/generic/base-files/lib/upgrade/failsafe_datachk.sh

@@ -0,0 +1,64 @@
+# U-Boot with the datachk patchset requires image sizes, offsets,
+# and checksums to be provided in the U-Boot environment.
+# This script is based on the dualboot version for devices that come with 2 OS partitions.
+# For Senao boards with a "failsafe" partition image, the process is almost the same.
+# Instead of booting a secondary instalation on checksum failure,
+# the failsafe image is booted instead.
+# These boards also use the OKLI lzma kernel loader and mtd-concat
+# So the kernel check is for the loader, the rootfs check is for kernel + rootfs
+
+platform_do_upgrade_failsafe_datachk() {
+	local setenv_script="/tmp/fw_env_upgrade"
+
+	local flash_base=0x9f000000
+
+	local kernel_mtd=$(find_mtd_index ${KERNEL_PART:-kernel})
+	local rootfs_mtd=$(find_mtd_index ${ROOTFS_PART:-rootfs})
+
+	local kernel_offset=$(cat /sys/class/mtd/mtd${kernel_mtd}/offset)
+	local rootfs_offset=$(cat /sys/class/mtd/mtd${rootfs_mtd}/offset)
+
+	if [ -n "$IMAGE_LIST" ]; then
+		KERNEL_FILE=$($IMAGE_LIST | grep $KERNEL_FILE)
+		ROOTFS_FILE=$($IMAGE_LIST | grep $ROOTFS_FILE)
+	fi
+
+	local kernel_size=$($IMAGE_CMD $KERNEL_FILE | wc -c)
+	local rootfs_size=$($IMAGE_CMD $ROOTFS_FILE | wc -c)
+
+	# rootfs without JFFS2
+	local rootfs_blocks=$((rootfs_size / 4096))
+	rootfs_size=$((rootfs_blocks * 4096))
+
+	local kernel_md5=$($IMAGE_CMD $KERNEL_FILE | md5sum | cut -d ' ' -f1)
+	local rootfs_md5=$($IMAGE_CMD $ROOTFS_FILE | dd bs=4k count=$rootfs_blocks iflag=fullblock | md5sum | cut -d ' ' -f1)
+
+	# prepare new u-boot-env vars
+	printf "vmlinux_start_addr 0x%08x\n" $((flash_base + kernel_offset)) >> $setenv_script
+	printf "vmlinux_size 0x%08x\n" ${kernel_size} >> $setenv_script
+	printf "vmlinux_checksum %s\n" ${kernel_md5} >> $setenv_script
+
+	printf "rootfs_start_addr 0x%08x\n" $((flash_base + rootfs_offset)) >> $setenv_script
+	printf "rootfs_size 0x%08x\n" ${rootfs_size} >> $setenv_script
+	printf "rootfs_checksum %s\n" ${rootfs_md5} >> $setenv_script
+
+	# store u-boot-env
+	mkdir -p /var/lock
+	fw_setenv -s $setenv_script || {
+		echo 'failed to update U-Boot environment'
+		exit 1
+	}
+
+	# sysupgrade
+	sleep 2
+	sync
+	echo 3 > /proc/sys/vm/drop_caches
+	$IMAGE_CMD $KERNEL_FILE | mtd $MTD_ARGS write - ${KERNEL_PART:-kernel}
+	sleep 2
+	sync
+	if [ -n "$UPGRADE_BACKUP" ]; then
+		$IMAGE_CMD $ROOTFS_FILE | mtd $MTD_ARGS $MTD_CONFIG_ARGS -j $UPGRADE_BACKUP write - ${ROOTFS_PART:-rootfs}
+	else
+		$IMAGE_CMD $ROOTFS_FILE | mtd $MTD_ARGS write - ${ROOTFS_PART:-rootfs}
+	fi
+}

target/linux/ath79/generic/base-files/lib/upgrade/platform.sh

@@ -47,6 +47,21 @@ platform_do_upgrade() {
 	adtran,bsap1840)
 		redboot_fis_do_upgrade "$1" vmlinux_2
 		;;
+	allnet,all-wap02860ac|\
+	engenius,eap1200h|\
+	engenius,eap300-v2|\
+	engenius,eap600|\
+	engenius,ecb600|\
+	engenius,ens202ext-v1|\
+	engenius,enstationac-v1)
+		IMAGE_LIST="tar tzf $1"
+		IMAGE_CMD="tar xzOf $1"
+		KERNEL_PART="loader"
+		ROOTFS_PART="fwconcat0"
+		KERNEL_FILE="uImage-lzma.bin"
+		ROOTFS_FILE="root.squashfs"
+		platform_do_upgrade_failsafe_datachk "$1"
+		;;
 	jjplus,ja76pf2)
 		redboot_fis_do_upgrade "$1" linux
 		;;

target/linux/ath79/image/Makefile

@@ -4,6 +4,7 @@ include $(INCLUDE_DIR)/image.mk
 KERNEL_LOADADDR = 0x80060000
 
 DEVICE_VARS += LOADER_FLASH_OFFS LOADER_TYPE
+DEVICE_VARS += LOADER_FLASH_MAX LOADER_KERNEL_MAGIC
 DEVICE_VARS += NETGEAR_BOARD_ID NETGEAR_HW_ID
 DEVICE_VARS += RAS_BOARD RAS_ROOTFS_SIZE RAS_VERSION
 
@@ -30,7 +31,10 @@ define Build/loader-kernel
 endef
 
 define Build/loader-okli-compile
-	$(call Build/loader-common,FLASH_OFFS=$(LOADER_FLASH_OFFS) FLASH_MAX=0)
+	$(call Build/loader-common, \
+		FLASH_OFFS=$(LOADER_FLASH_OFFS) \
+		FLASH_MAX=$(LOADER_FLASH_MAX) \
+		KERNEL_MAGIC=$(LOADER_KERNEL_MAGIC) )
 endef
 
 # Arguments: <output name> <kernel offset>
@@ -66,6 +70,10 @@ define Device/Default
   BLOCKSIZE := 64k
   KERNEL := kernel-bin | append-dtb | lzma | uImage lzma
   KERNEL_INITRAMFS := kernel-bin | append-dtb | lzma | uImage lzma
+  LOADER_KERNEL_MAGIC :=
+  LOADER_FLASH_MAX :=
+  LOADER_FLASH_OFFS :=
+  LOADER_TYPE :=
   COMPILE :=
   IMAGES := sysupgrade.bin
   IMAGE/sysupgrade.bin = append-kernel | pad-to $$$$(BLOCKSIZE) | \

target/linux/ath79/image/common-senao.mk

@@ -1,33 +1,40 @@
-DEVICE_VARS += ENGENIUS_IMGNAME
+DEVICE_VARS += SENAO_IMGNAME
 
 # This needs to make /tmp/_sys/sysupgrade.tgz an empty file prior to
 # sysupgrade, as otherwise it will implant the old configuration from
 # OEM firmware when writing rootfs from factory.bin
-define Build/engenius-tar-gz
+# rootfs size and checksum is taken from a squashfs header
+# the header does not exist, therefore, supply the size and md5
+define Build/senao-tar-gz
 	-[ -f "$@" ] && \
 	mkdir -p $@.tmp && \
 	touch $@.tmp/failsafe.bin && \
 	echo '#!/bin/sh' > $@.tmp/before-upgrade.sh && \
 	echo ': > /tmp/_sys/sysupgrade.tgz' >> $@.tmp/before-upgrade.sh && \
+	echo -n $$(( $$(cat $@ | wc -c) / 4096 * 4096 )) > $@.len && \
+	dd if=$@ bs=$$(cat $@.len) count=1 | md5sum - | cut -d ' ' -f 1 > $@.md5 && \
+	echo '#!/bin/sh' > $@.tmp/after-upgrade.sh && \
+	printf 'fw_setenv rootfs_size 0x%08x\n' $$(cat $@.len) >> $@.tmp/after-upgrade.sh && \
+	printf 'fw_setenv rootfs_checksum %s\n' $$(cat $@.md5) >> $@.tmp/after-upgrade.sh && \
 	$(CP) $(KDIR)/loader-$(DEVICE_NAME).uImage \
 		$@.tmp/openwrt-$(word 1,$(1))-uImage-lzma.bin && \
 	$(CP) $@ $@.tmp/openwrt-$(word 1,$(1))-root.squashfs && \
 	$(TAR) -cp --numeric-owner --owner=0 --group=0 --mode=a-s --sort=name \
 		$(if $(SOURCE_DATE_EPOCH),--mtime="@$(SOURCE_DATE_EPOCH)") \
 		-C $@.tmp . | gzip -9n > $@ && \
-	rm -rf $@.tmp
+	rm -rf $@.tmp $@.len $@.md5
 endef
 
-define Device/engenius_loader_okli
-  DEVICE_VENDOR := EnGenius
-  KERNEL := kernel-bin | append-dtb | lzma | uImage lzma -M 0x4f4b4c49
+define Device/senao_loader_okli
+  KERNEL := kernel-bin | append-dtb | lzma | uImage lzma -M 0x73714f4b
+  LOADER_KERNEL_MAGIC := 0x73714f4b
   LOADER_TYPE := bin
   COMPILE := loader-$(1).bin loader-$(1).uImage
   COMPILE/loader-$(1).bin := loader-okli-compile
   COMPILE/loader-$(1).uImage := append-loader-okli $(1) | pad-to 64k | lzma | \
 	uImage lzma
   IMAGES += factory.bin
-  IMAGE/factory.bin := append-squashfs-fakeroot-be | pad-to $$$$(BLOCKSIZE) | \
-	append-kernel | pad-to $$$$(BLOCKSIZE) | append-rootfs | pad-rootfs | \
-	check-size | engenius-tar-gz $$$$(ENGENIUS_IMGNAME)
+  IMAGE/factory.bin := append-kernel | pad-to $$$$(BLOCKSIZE) | append-rootfs | pad-rootfs | \
+	check-size | senao-tar-gz $$$$(SENAO_IMGNAME)
+  IMAGE/sysupgrade.bin := $$(IMAGE/factory.bin) | append-metadata
 endef

target/linux/ath79/image/generic-tp-link.mk

@@ -492,7 +492,7 @@ define Device/tplink_tl-mr6400-v1
   DEVICE_MODEL := TL-MR6400
   DEVICE_VARIANT := v1
   TPLINK_HWID := 0x64000001
-  DEVICE_PACKAGES := kmod-usb2 kmod-usb-net-rndis kmod-usb-serial \
+  DEVICE_PACKAGES := kmod-usb2 kmod-usb-net-rndis \
 	kmod-usb-serial-option adb-enablemodem
   SUPPORTED_DEVICES += tl-mr6400
 endef

target/linux/ath79/image/generic.mk

@@ -1,6 +1,6 @@
 include ./common-buffalo.mk
-include ./common-engenius.mk
 include ./common-netgear.mk
+include ./common-senao.mk
 include ./common-tp-link.mk
 include ./common-yuncore.mk
 
@@ -290,11 +290,14 @@ endef
 TARGET_DEVICES += alfa-network_r36a
 
 define Device/allnet_all-wap02860ac
+  $(Device/senao_loader_okli)
   SOC := qca9558
   DEVICE_VENDOR := ALLNET
   DEVICE_MODEL := ALL-WAP02860AC
   DEVICE_PACKAGES := ath10k-firmware-qca988x-ct kmod-ath10k-ct
-  IMAGE_SIZE := 13120k
+  IMAGE_SIZE := 11584k
+  LOADER_FLASH_OFFS := 0x220000
+  SENAO_IMGNAME := senao-allwap02860ac
 endef
 TARGET_DEVICES += allnet_all-wap02860ac
 
@@ -989,34 +992,37 @@ endef
 TARGET_DEVICES += embeddedwireless_dorin
 
 define Device/engenius_eap1200h
-  $(Device/engenius_loader_okli)
+  $(Device/senao_loader_okli)
   SOC := qca9557
+  DEVICE_VENDOR := EnGenius
   DEVICE_MODEL := EAP1200H
   DEVICE_PACKAGES := ath10k-firmware-qca988x-ct kmod-ath10k-ct
-  IMAGE_SIZE := 11520k
-  LOADER_FLASH_OFFS := 0x230000
-  ENGENIUS_IMGNAME := ar71xx-generic-eap1200h
+  IMAGE_SIZE := 11584k
+  LOADER_FLASH_OFFS := 0x220000
+  SENAO_IMGNAME := ar71xx-generic-eap1200h
 endef
 TARGET_DEVICES += engenius_eap1200h
 
 define Device/engenius_eap300-v2
-  $(Device/engenius_loader_okli)
+  $(Device/senao_loader_okli)
   SOC := ar9341
+  DEVICE_VENDOR := EnGenius
   DEVICE_MODEL := EAP300
   DEVICE_VARIANT := v2
-  IMAGE_SIZE := 12032k
-  LOADER_FLASH_OFFS := 0x230000
-  ENGENIUS_IMGNAME := senao-eap300v2
+  IMAGE_SIZE := 12096k
+  LOADER_FLASH_OFFS := 0x220000
+  SENAO_IMGNAME := senao-eap300v2
 endef
 TARGET_DEVICES += engenius_eap300-v2
 
 define Device/engenius_eap600
-  $(Device/engenius_loader_okli)
+  $(Device/senao_loader_okli)
   SOC := ar9344
+  DEVICE_VENDOR := EnGenius
   DEVICE_MODEL := EAP600
-  IMAGE_SIZE := 12032k
-  LOADER_FLASH_OFFS := 0x230000
-  ENGENIUS_IMGNAME := senao-eap600
+  IMAGE_SIZE := 12096k
+  LOADER_FLASH_OFFS := 0x220000
+  SENAO_IMGNAME := senao-eap600
 endef
 TARGET_DEVICES += engenius_eap600
 
@@ -1047,36 +1053,39 @@ endef
 TARGET_DEVICES += engenius_ecb1750
 
 define Device/engenius_ecb600
-  $(Device/engenius_loader_okli)
+  $(Device/senao_loader_okli)
   SOC := ar9344
+  DEVICE_VENDOR := EnGenius
   DEVICE_MODEL := ECB600
-  IMAGE_SIZE := 12032k
-  LOADER_FLASH_OFFS := 0x230000
-  ENGENIUS_IMGNAME := senao-ecb600
+  IMAGE_SIZE := 12096k
+  LOADER_FLASH_OFFS := 0x220000
+  SENAO_IMGNAME := senao-ecb600
 endef
 TARGET_DEVICES += engenius_ecb600
 
 define Device/engenius_ens202ext-v1
-  $(Device/engenius_loader_okli)
+  $(Device/senao_loader_okli)
   SOC := ar9341
+  DEVICE_VENDOR := EnGenius
   DEVICE_MODEL := ENS202EXT
   DEVICE_VARIANT := v1
   DEVICE_PACKAGES := rssileds
-  IMAGE_SIZE := 12032k
-  LOADER_FLASH_OFFS := 0x230000
-  ENGENIUS_IMGNAME := senao-ens202ext
+  IMAGE_SIZE := 12096k
+  LOADER_FLASH_OFFS := 0x220000
+  SENAO_IMGNAME := senao-ens202ext
 endef
 TARGET_DEVICES += engenius_ens202ext-v1
 
 define Device/engenius_enstationac-v1
-  $(Device/engenius_loader_okli)
+  $(Device/senao_loader_okli)
   SOC := qca9557
+  DEVICE_VENDOR := EnGenius
   DEVICE_MODEL := EnStationAC
   DEVICE_VARIANT := v1
   DEVICE_PACKAGES := ath10k-firmware-qca988x-ct kmod-ath10k-ct rssileds
-  IMAGE_SIZE := 11520k
-  LOADER_FLASH_OFFS := 0x230000
-  ENGENIUS_IMGNAME := ar71xx-generic-enstationac
+  IMAGE_SIZE := 11584k
+  LOADER_FLASH_OFFS := 0x220000
+  SENAO_IMGNAME := ar71xx-generic-enstationac
 endef
 TARGET_DEVICES += engenius_enstationac-v1
 
@@ -1116,7 +1125,7 @@ define Device/etactica_eg200
   DEVICE_VENDOR := eTactica
   DEVICE_MODEL := EG200
   DEVICE_PACKAGES := kmod-usb-chipidea2 kmod-ledtrig-oneshot \
-	kmod-usb-serial kmod-usb-serial-ftdi kmod-usb-storage kmod-fs-ext4
+	kmod-usb-serial-ftdi kmod-usb-storage kmod-fs-ext4
   IMAGE_SIZE := 16000k
   SUPPORTED_DEVICES += rme-eg200
 endef
@@ -2219,7 +2228,7 @@ define Device/zbtlink_zbt-wd323
   DEVICE_MODEL := WD323
   IMAGE_SIZE := 16000k
   DEVICE_PACKAGES := kmod-usb2 kmod-i2c-gpio kmod-rtc-pcf8563 \
-	kmod-usb-serial kmod-usb-serial-cp210x uqmi
+	kmod-usb-serial-cp210x uqmi
 endef
 TARGET_DEVICES += zbtlink_zbt-wd323
 

target/linux/ath79/image/lzma-loader/Makefile

@@ -13,6 +13,7 @@ LOADADDR	:= 0x80060000
 LOADER		:= loader.bin
 LOADER_NAME	:= $(basename $(notdir $(LOADER)))
 LOADER_DATA	:=
+KERNEL_MAGIC	:=
 TARGET_DIR	:=
 FLASH_OFFS	:=
 FLASH_MAX	:=
@@ -41,6 +42,7 @@ loader-compile: $(PKG_BUILD_DIR)/.prepared
 		LZMA_TEXT_START=$(LZMA_TEXT_START) \
 		LOADADDR=$(LOADADDR) \
 		LOADER_DATA=$(LOADER_DATA) \
+		KERNEL_MAGIC=$(KERNEL_MAGIC) \
 		FLASH_OFFS=$(FLASH_OFFS) \
 		FLASH_MAX=$(FLASH_MAX) \
 		BOARD="$(BOARD)" \

target/linux/ath79/image/lzma-loader/src/Makefile

@@ -18,6 +18,7 @@
 LOADADDR	:=
 LZMA_TEXT_START	:= 0x80a00000
 LOADER_DATA	:=
+KERNEL_MAGIC	:=
 BOARD		:=
 FLASH_OFFS	:=
 FLASH_MAX	:=
@@ -54,6 +55,10 @@ OBJECTS		+= data.o
 CFLAGS		+= -DLZMA_WRAPPER=1 -DLOADADDR=$(LOADADDR)
 endif
 
+ifneq ($(strip $(KERNEL_MAGIC)),)
+CFLAGS		+= -DCONFIG_KERNEL_MAGIC=$(KERNEL_MAGIC)
+endif
+
 ifneq ($(strip $(KERNEL_CMDLINE)),)
 CFLAGS		+= -DCONFIG_KERNEL_CMDLINE='"$(KERNEL_CMDLINE)"'
 endif

target/linux/ath79/image/lzma-loader/src/loader.c

@@ -189,7 +189,11 @@ static void lzma_init_data(void)
 
 		p = flash_base + flash_ofs;
 		magic = get_be32(p);
+#ifdef CONFIG_KERNEL_MAGIC
+		if (magic == CONFIG_KERNEL_MAGIC) {
+#else
 		if (magic == IH_MAGIC_OKLI) {
+#endif
 			hdr = (struct image_header *) p;
 			break;
 		}

target/linux/ath79/image/tiny.mk

@@ -1,5 +1,5 @@
 include ./common-buffalo.mk
-include ./common-engenius.mk
+include ./common-senao.mk
 
 define Device/buffalo_whr-g301n
   $(Device/buffalo_common)
@@ -32,36 +32,41 @@ endef
 TARGET_DEVICES += dlink_dir-615-e4
 
 define Device/engenius_eap350-v1
-  $(Device/engenius_loader_okli)
+  $(Device/senao_loader_okli)
+  BLOCKSIZE := 4k
   SOC := ar7242
+  DEVICE_VENDOR := EnGenius
   DEVICE_MODEL := EAP350
   DEVICE_VARIANT := v1
-  IMAGE_SIZE := 4864k
-  LOADER_FLASH_OFFS := 0x1b0000
-  ENGENIUS_IMGNAME := senao-eap350
+  IMAGE_SIZE := 4928k
+  LOADER_FLASH_OFFS := 0x1a0000
+  SENAO_IMGNAME := senao-eap350
 endef
 TARGET_DEVICES += engenius_eap350-v1
 
 define Device/engenius_ecb350-v1
-  $(Device/engenius_loader_okli)
+  $(Device/senao_loader_okli)
+  BLOCKSIZE := 4k
   SOC := ar7242
+  DEVICE_VENDOR := EnGenius
   DEVICE_MODEL := ECB350
   DEVICE_VARIANT := v1
-  IMAGE_SIZE := 4864k
-  LOADER_FLASH_OFFS := 0x1b0000
-  ENGENIUS_IMGNAME := senao-ecb350
+  IMAGE_SIZE := 4928k
+  LOADER_FLASH_OFFS := 0x1a0000
+  SENAO_IMGNAME := senao-ecb350
 endef
 TARGET_DEVICES += engenius_ecb350-v1
 
 define Device/engenius_enh202-v1
-  $(Device/engenius_loader_okli)
+  $(Device/senao_loader_okli)
   SOC := ar7240
+  DEVICE_VENDOR := EnGenius
   DEVICE_MODEL := ENH202
   DEVICE_VARIANT := v1
   DEVICE_PACKAGES := rssileds
-  IMAGE_SIZE := 4864k
-  LOADER_FLASH_OFFS := 0x1b0000
-  ENGENIUS_IMGNAME := senao-enh202
+  IMAGE_SIZE := 4928k
+  LOADER_FLASH_OFFS := 0x1a0000
+  SENAO_IMGNAME := senao-enh202
 endef
 TARGET_DEVICES += engenius_enh202-v1
 

target/linux/ath79/patches-5.4/921-serial-core-add-support-for-boot-console-with-arbitr.patch

@@ -30,7 +30,7 @@ Signed-off-by: Sungbo Eo <mans0n@gorani.run>
  			uport->cons->cflag = 0;
  		}
  		/*
-@@ -2108,8 +2110,10 @@ uart_set_options(struct uart_port *port,
+@@ -2110,8 +2112,10 @@ uart_set_options(struct uart_port *port,
  	 * Allow the setting of the UART parameters with a NULL console
  	 * too:
  	 */

target/linux/ath79/tiny/base-files/lib/upgrade/failsafe_datachk.sh

@@ -0,0 +1,64 @@
+# U-Boot with the datachk patchset requires image sizes, offsets,
+# and checksums to be provided in the U-Boot environment.
+# This script is based on the dualboot version for devices that come with 2 OS partitions.
+# For Senao boards with a "failsafe" partition image, the process is almost the same.
+# Instead of booting a secondary instalation on checksum failure,
+# the failsafe image is booted instead.
+# These boards also use the OKLI lzma kernel loader and mtd-concat
+# So the kernel check is for the loader, the rootfs check is for kernel + rootfs
+
+platform_do_upgrade_failsafe_datachk() {
+	local setenv_script="/tmp/fw_env_upgrade"
+
+	local flash_base=0x9f000000
+
+	local kernel_mtd=$(find_mtd_index ${KERNEL_PART:-kernel})
+	local rootfs_mtd=$(find_mtd_index ${ROOTFS_PART:-rootfs})
+
+	local kernel_offset=$(cat /sys/class/mtd/mtd${kernel_mtd}/offset)
+	local rootfs_offset=$(cat /sys/class/mtd/mtd${rootfs_mtd}/offset)
+
+	if [ -n "$IMAGE_LIST" ]; then
+		KERNEL_FILE=$($IMAGE_LIST | grep $KERNEL_FILE)
+		ROOTFS_FILE=$($IMAGE_LIST | grep $ROOTFS_FILE)
+	fi
+
+	local kernel_size=$($IMAGE_CMD $KERNEL_FILE | wc -c)
+	local rootfs_size=$($IMAGE_CMD $ROOTFS_FILE | wc -c)
+
+	# rootfs without JFFS2
+	local rootfs_blocks=$((rootfs_size / 4096))
+	rootfs_size=$((rootfs_blocks * 4096))
+
+	local kernel_md5=$($IMAGE_CMD $KERNEL_FILE | md5sum | cut -d ' ' -f1)
+	local rootfs_md5=$($IMAGE_CMD $ROOTFS_FILE | dd bs=4k count=$rootfs_blocks iflag=fullblock | md5sum | cut -d ' ' -f1)
+
+	# prepare new u-boot-env vars
+	printf "vmlinux_start_addr 0x%08x\n" $((flash_base + kernel_offset)) >> $setenv_script
+	printf "vmlinux_size 0x%08x\n" ${kernel_size} >> $setenv_script
+	printf "vmlinux_checksum %s\n" ${kernel_md5} >> $setenv_script
+
+	printf "rootfs_start_addr 0x%08x\n" $((flash_base + rootfs_offset)) >> $setenv_script
+	printf "rootfs_size 0x%08x\n" ${rootfs_size} >> $setenv_script
+	printf "rootfs_checksum %s\n" ${rootfs_md5} >> $setenv_script
+
+	# store u-boot-env
+	mkdir -p /var/lock
+	fw_setenv -s $setenv_script || {
+		echo 'failed to update U-Boot environment'
+		exit 1
+	}
+
+	# sysupgrade
+	sleep 2
+	sync
+	echo 3 > /proc/sys/vm/drop_caches
+	$IMAGE_CMD $KERNEL_FILE | mtd $MTD_ARGS write - ${KERNEL_PART:-kernel}
+	sleep 2
+	sync
+	if [ -n "$UPGRADE_BACKUP" ]; then
+		$IMAGE_CMD $ROOTFS_FILE | mtd $MTD_ARGS $MTD_CONFIG_ARGS -j $UPGRADE_BACKUP write - ${ROOTFS_PART:-rootfs}
+	else
+		$IMAGE_CMD $ROOTFS_FILE | mtd $MTD_ARGS write - ${ROOTFS_PART:-rootfs}
+	fi
+}

target/linux/ath79/tiny/base-files/lib/upgrade/platform.sh

@@ -5,6 +5,9 @@
 PART_NAME=firmware
 REQUIRE_IMAGE_METADATA=1
 
+RAMFS_COPY_BIN='fw_setenv'
+RAMFS_COPY_DATA='/etc/fw_env.config'
+
 platform_check_image() {
 	return 0
 }
@@ -13,6 +16,17 @@ platform_do_upgrade() {
 	local board=$(board_name)
 
 	case "$board" in
+	engenius,eap350-v1|\
+	engenius,ecb350-v1|\
+	engenius,enh202-v1)
+		IMAGE_LIST="tar tzf $1"
+		IMAGE_CMD="tar xzOf $1"
+		KERNEL_PART="loader"
+		ROOTFS_PART="fwconcat0"
+		KERNEL_FILE="uImage-lzma.bin"
+		ROOTFS_FILE="root.squashfs"
+		platform_do_upgrade_failsafe_datachk "$1"
+		;;
 	*)
 		default_do_upgrade "$1"
 		;;

target/linux/bcm27xx/patches-5.4/950-0211-usb-xhci-Show-that-the-VIA-VL805-supports-LPM.patch

@@ -10,7 +10,7 @@ Signed-off-by: Phil Elwell <phil@raspberrypi.org>
 
 --- a/drivers/usb/host/xhci-pci.c
 +++ b/drivers/usb/host/xhci-pci.c
-@@ -255,6 +255,10 @@ static void xhci_pci_quirks(struct devic
+@@ -257,6 +257,10 @@ static void xhci_pci_quirks(struct devic
  			pdev->device == 0x3432)
  		xhci->quirks |= XHCI_BROKEN_STREAMS;
  

target/linux/bcm27xx/patches-5.4/950-0264-xhci-add-quirk-for-host-controllers-that-don-t-updat.patch

@@ -23,7 +23,7 @@ Signed-off-by: Jonathan Bell <jonathan@raspberrypi.org>
 
 --- a/drivers/usb/host/xhci-pci.c
 +++ b/drivers/usb/host/xhci-pci.c
-@@ -256,8 +256,10 @@ static void xhci_pci_quirks(struct devic
+@@ -258,8 +258,10 @@ static void xhci_pci_quirks(struct devic
  		xhci->quirks |= XHCI_BROKEN_STREAMS;
  
  	if (pdev->vendor == PCI_VENDOR_ID_VIA &&

target/linux/bcm27xx/patches-5.4/950-0297-arch-arm-Add-model-string-to-cpuinfo.patch

@@ -10,7 +10,7 @@ Signed-off-by: Phil Elwell <phil@raspberrypi.org>
 
 --- a/arch/arm/kernel/setup.c
 +++ b/arch/arm/kernel/setup.c
-@@ -1240,6 +1240,8 @@ static int c_show(struct seq_file *m, vo
+@@ -1249,6 +1249,8 @@ static int c_show(struct seq_file *m, vo
  {
  	int i, j;
  	u32 cpuid;
@@ -19,7 +19,7 @@ Signed-off-by: Phil Elwell <phil@raspberrypi.org>
  
  	for_each_online_cpu(i) {
  		/*
-@@ -1299,6 +1301,14 @@ static int c_show(struct seq_file *m, vo
+@@ -1308,6 +1310,14 @@ static int c_show(struct seq_file *m, vo
  	seq_printf(m, "Revision\t: %04x\n", system_rev);
  	seq_printf(m, "Serial\t\t: %s\n", system_serial);
  

target/linux/bcm27xx/patches-5.4/950-0441-PCI-of-Add-inbound-resource-parsing-to-helpers.patch

@@ -382,7 +382,7 @@ Cc: linux-rockchip@lists.infradead.org
  
 --- a/drivers/pci/pci.h
 +++ b/drivers/pci/pci.h
-@@ -637,11 +637,15 @@ static inline void pci_release_bus_of_no
+@@ -643,11 +643,15 @@ static inline void pci_release_bus_of_no
  #if defined(CONFIG_OF_ADDRESS)
  int devm_of_pci_get_host_bridge_resources(struct device *dev,
  			unsigned char busno, unsigned char bus_max,

target/linux/bcm27xx/patches-5.4/950-0993-xhci-quirks-add-link-TRB-quirk-for-VL805.patch

@@ -22,7 +22,7 @@ Signed-off-by: Jonathan Bell <jonathan@raspberrypi.com>
 
 --- a/drivers/usb/host/xhci-pci.c
 +++ b/drivers/usb/host/xhci-pci.c
-@@ -259,6 +259,7 @@ static void xhci_pci_quirks(struct devic
+@@ -261,6 +261,7 @@ static void xhci_pci_quirks(struct devic
  			pdev->device == 0x3483) {
  		xhci->quirks |= XHCI_LPM_SUPPORT;
  		xhci->quirks |= XHCI_EP_CTX_BROKEN_DCS;

target/linux/generic/backport-5.4/700-v5.5-net-core-allow-fast-GRO-for-skbs-with-Ethernet-heade.patch

@@ -66,7 +66,7 @@ Signed-off-by: David S. Miller <davem@davemloft.net>
 
 --- a/net/core/dev.c
 +++ b/net/core/dev.c
-@@ -5404,8 +5404,7 @@ static inline void skb_gro_reset_offset(
+@@ -5423,8 +5423,7 @@ static inline void skb_gro_reset_offset(
  	NAPI_GRO_CB(skb)->frag0 = NULL;
  	NAPI_GRO_CB(skb)->frag0_len = 0;
  

target/linux/generic/backport-5.4/745-v5.7-net-dsa-mt7530-add-support-for-port-mirroring.patch

@@ -17,7 +17,7 @@ Signed-off-by: David S. Miller <davem@davemloft.net>
 
 --- a/drivers/net/dsa/mt7530.c
 +++ b/drivers/net/dsa/mt7530.c
-@@ -1153,6 +1153,64 @@ mt7530_port_vlan_del(struct dsa_switch *
+@@ -1145,6 +1145,64 @@ mt7530_port_vlan_del(struct dsa_switch *
  	return 0;
  }
  
@@ -82,7 +82,7 @@ Signed-off-by: David S. Miller <davem@davemloft.net>
  static enum dsa_tag_protocol
  mtk_get_tag_protocol(struct dsa_switch *ds, int port)
  {
-@@ -1530,6 +1588,8 @@ static const struct dsa_switch_ops mt753
+@@ -1522,6 +1580,8 @@ static const struct dsa_switch_ops mt753
  	.port_vlan_prepare	= mt7530_port_vlan_prepare,
  	.port_vlan_add		= mt7530_port_vlan_add,
  	.port_vlan_del		= mt7530_port_vlan_del,

target/linux/generic/backport-5.4/752-v5.8-net-dsa-provide-an-option-for-drivers-to-always-rece.patch

@@ -101,7 +101,7 @@ Signed-off-by: David S. Miller <davem@davemloft.net>
  		return 0;
  
  	/* Do not deprogram the CPU port as it may be shared with other user
-@@ -1118,7 +1118,7 @@ static int dsa_slave_vlan_rx_add_vid(str
+@@ -1120,7 +1120,7 @@ static int dsa_slave_vlan_rx_add_vid(str
  	 * need to emulate the switchdev prepare + commit phase.
  	 */
  	if (dp->bridge_dev) {
@@ -110,7 +110,7 @@ Signed-off-by: David S. Miller <davem@davemloft.net>
  			return 0;
  
  		/* br_vlan_get_info() returns -EINVAL or -ENOENT if the
-@@ -1152,7 +1152,7 @@ static int dsa_slave_vlan_rx_kill_vid(st
+@@ -1154,7 +1154,7 @@ static int dsa_slave_vlan_rx_kill_vid(st
  	 * need to emulate the switchdev prepare + commit phase.
  	 */
  	if (dp->bridge_dev) {

target/linux/generic/backport-5.4/753-v5.8-net-dsa-mt7530-fix-VLAN-setup.patch

@@ -15,7 +15,7 @@ Signed-off-by: David S. Miller <davem@davemloft.net>
 
 --- a/drivers/net/dsa/mt7530.c
 +++ b/drivers/net/dsa/mt7530.c
-@@ -1093,12 +1093,6 @@ mt7530_port_vlan_add(struct dsa_switch *
+@@ -1085,12 +1085,6 @@ mt7530_port_vlan_add(struct dsa_switch *
  	struct mt7530_priv *priv = ds->priv;
  	u16 vid;
  
@@ -28,7 +28,7 @@ Signed-off-by: David S. Miller <davem@davemloft.net>
  	mutex_lock(&priv->reg_mutex);
  
  	for (vid = vlan->vid_begin; vid <= vlan->vid_end; ++vid) {
-@@ -1124,12 +1118,6 @@ mt7530_port_vlan_del(struct dsa_switch *
+@@ -1116,12 +1110,6 @@ mt7530_port_vlan_del(struct dsa_switch *
  	struct mt7530_priv *priv = ds->priv;
  	u16 vid, pvid;
  
@@ -41,7 +41,7 @@ Signed-off-by: David S. Miller <davem@davemloft.net>
  	mutex_lock(&priv->reg_mutex);
  
  	pvid = priv->ports[port].pvid;
-@@ -1242,6 +1230,7 @@ mt7530_setup(struct dsa_switch *ds)
+@@ -1234,6 +1222,7 @@ mt7530_setup(struct dsa_switch *ds)
  	 * as two netdev instances.
  	 */
  	dn = ds->ports[MT7530_CPU_PORT].master->dev.of_node->parent;

target/linux/generic/backport-5.4/760-net-ethernet-mediatek-Integrate-GDM-PSE-setup-operat.patch

@@ -10,7 +10,7 @@ Signed-off-by: David S. Miller <davem@davemloft.net>
 
 --- a/drivers/net/ethernet/mediatek/mtk_eth_soc.c
 +++ b/drivers/net/ethernet/mediatek/mtk_eth_soc.c
-@@ -2211,6 +2211,28 @@ static int mtk_start_dma(struct mtk_eth
+@@ -2232,6 +2232,28 @@ static int mtk_start_dma(struct mtk_eth
  	return 0;
  }
  
@@ -39,7 +39,7 @@ Signed-off-by: David S. Miller <davem@davemloft.net>
  static int mtk_open(struct net_device *dev)
  {
  	struct mtk_mac *mac = netdev_priv(dev);
-@@ -2406,8 +2428,6 @@ static int mtk_hw_init(struct mtk_eth *e
+@@ -2427,8 +2449,6 @@ static int mtk_hw_init(struct mtk_eth *e
  	mtk_w32(eth, 0, MTK_QDMA_DELAY_INT);
  	mtk_tx_irq_disable(eth, ~0);
  	mtk_rx_irq_disable(eth, ~0);
@@ -48,7 +48,7 @@ Signed-off-by: David S. Miller <davem@davemloft.net>
  
  	/* FE int grouping */
  	mtk_w32(eth, MTK_TX_DONE_INT, MTK_PDMA_INT_GRP1);
-@@ -2416,18 +2436,7 @@ static int mtk_hw_init(struct mtk_eth *e
+@@ -2437,18 +2457,7 @@ static int mtk_hw_init(struct mtk_eth *e
  	mtk_w32(eth, MTK_RX_DONE_INT, MTK_QDMA_INT_GRP2);
  	mtk_w32(eth, 0x21021000, MTK_FE_INT_GRP);
  

target/linux/generic/backport-5.4/761-net-ethernet-mediatek-Refine-the-timing-of-GDM-PSE-s.patch

@@ -15,7 +15,7 @@ Signed-off-by: David S. Miller <davem@davemloft.net>
 
 --- a/drivers/net/ethernet/mediatek/mtk_eth_soc.c
 +++ b/drivers/net/ethernet/mediatek/mtk_eth_soc.c
-@@ -2215,6 +2215,9 @@ static void mtk_gdm_config(struct mtk_et
+@@ -2236,6 +2236,9 @@ static void mtk_gdm_config(struct mtk_et
  {
  	int i;
  
@@ -25,7 +25,7 @@ Signed-off-by: David S. Miller <davem@davemloft.net>
  	for (i = 0; i < MTK_MAC_COUNT; i++) {
  		u32 val = mtk_r32(eth, MTK_GDMA_FWD_CFG(i));
  
-@@ -2253,6 +2256,8 @@ static int mtk_open(struct net_device *d
+@@ -2274,6 +2277,8 @@ static int mtk_open(struct net_device *d
  		if (err)
  			return err;
  
@@ -34,7 +34,7 @@ Signed-off-by: David S. Miller <davem@davemloft.net>
  		napi_enable(&eth->tx_napi);
  		napi_enable(&eth->rx_napi);
  		mtk_tx_irq_enable(eth, MTK_TX_DONE_INT);
-@@ -2436,8 +2441,6 @@ static int mtk_hw_init(struct mtk_eth *e
+@@ -2457,8 +2462,6 @@ static int mtk_hw_init(struct mtk_eth *e
  	mtk_w32(eth, MTK_RX_DONE_INT, MTK_QDMA_INT_GRP2);
  	mtk_w32(eth, 0x21021000, MTK_FE_INT_GRP);
  

target/linux/generic/backport-5.4/762-net-ethernet-mediatek-Enable-GDM-GDMA_DROP_ALL-mode.patch

@@ -12,7 +12,7 @@ Signed-off-by: David S. Miller <davem@davemloft.net>
 
 --- a/drivers/net/ethernet/mediatek/mtk_eth_soc.c
 +++ b/drivers/net/ethernet/mediatek/mtk_eth_soc.c
-@@ -2310,6 +2310,8 @@ static int mtk_stop(struct net_device *d
+@@ -2331,6 +2331,8 @@ static int mtk_stop(struct net_device *d
  	if (!refcount_dec_and_test(&eth->dma_refcnt))
  		return 0;
  

target/linux/generic/backport-5.4/771-v5.12-net-dsa-be-louder-when-a-non-legacy-FDB-operation-fa.patch

@@ -25,7 +25,7 @@ Signed-off-by: Jakub Kicinski <kuba@kernel.org>
 
 --- a/net/dsa/slave.c
 +++ b/net/dsa/slave.c
-@@ -1590,7 +1590,9 @@ static void dsa_slave_switchdev_event_wo
+@@ -1592,7 +1592,9 @@ static void dsa_slave_switchdev_event_wo
  
  		err = dsa_port_fdb_add(dp, fdb_info->addr, fdb_info->vid);
  		if (err) {
@@ -36,7 +36,7 @@ Signed-off-by: Jakub Kicinski <kuba@kernel.org>
  			break;
  		}
  		fdb_info->offloaded = true;
-@@ -1605,9 +1607,11 @@ static void dsa_slave_switchdev_event_wo
+@@ -1607,9 +1609,11 @@ static void dsa_slave_switchdev_event_wo
  
  		err = dsa_port_fdb_del(dp, fdb_info->addr, fdb_info->vid);
  		if (err) {

target/linux/generic/backport-5.4/772-v5.12-net-dsa-don-t-use-switchdev_notifier_fdb_info-in-dsa.patch

@@ -54,7 +54,7 @@ Signed-off-by: Jakub Kicinski <kuba@kernel.org>
  	struct sk_buff *	(*xmit)(struct sk_buff *skb,
 --- a/net/dsa/slave.c
 +++ b/net/dsa/slave.c
-@@ -1565,76 +1565,66 @@ static int dsa_slave_netdevice_event(str
+@@ -1567,76 +1567,66 @@ static int dsa_slave_netdevice_event(str
  	return NOTIFY_DONE;
  }
  
@@ -167,7 +167,7 @@ Signed-off-by: Jakub Kicinski <kuba@kernel.org>
  }
  
  /* Called under rcu_read_lock() */
-@@ -1642,7 +1632,9 @@ static int dsa_slave_switchdev_event(str
+@@ -1644,7 +1634,9 @@ static int dsa_slave_switchdev_event(str
  				     unsigned long event, void *ptr)
  {
  	struct net_device *dev = switchdev_notifier_info_to_dev(ptr);
@@ -177,7 +177,7 @@ Signed-off-by: Jakub Kicinski <kuba@kernel.org>
  	int err;
  
  	if (event == SWITCHDEV_PORT_ATTR_SET) {
-@@ -1655,20 +1647,32 @@ static int dsa_slave_switchdev_event(str
+@@ -1657,20 +1649,32 @@ static int dsa_slave_switchdev_event(str
  	if (!dsa_slave_dev_check(dev))
  		return NOTIFY_DONE;
  
@@ -213,7 +213,7 @@ Signed-off-by: Jakub Kicinski <kuba@kernel.org>
  		dev_hold(dev);
  		break;
  	default:
-@@ -1678,10 +1682,6 @@ static int dsa_slave_switchdev_event(str
+@@ -1680,10 +1684,6 @@ static int dsa_slave_switchdev_event(str
  
  	dsa_schedule_work(&switchdev_work->work);
  	return NOTIFY_OK;

target/linux/generic/backport-5.4/773-v5.12-net-dsa-move-switchdev-event-implementation-under-th.patch

@@ -20,7 +20,7 @@ Signed-off-by: Jakub Kicinski <kuba@kernel.org>
 
 --- a/net/dsa/slave.c
 +++ b/net/dsa/slave.c
-@@ -1637,31 +1637,29 @@ static int dsa_slave_switchdev_event(str
+@@ -1639,31 +1639,29 @@ static int dsa_slave_switchdev_event(str
  	struct dsa_port *dp;
  	int err;
  
@@ -68,7 +68,7 @@ Signed-off-by: Jakub Kicinski <kuba@kernel.org>
  		fdb_info = ptr;
  
  		if (!fdb_info->added_by_user) {
-@@ -1674,13 +1672,12 @@ static int dsa_slave_switchdev_event(str
+@@ -1676,13 +1674,12 @@ static int dsa_slave_switchdev_event(str
  		switchdev_work->vid = fdb_info->vid;
  
  		dev_hold(dev);

target/linux/generic/backport-5.4/774-v5.12-net-dsa-exit-early-in-dsa_slave_switchdev_event-if-w.patch

@@ -30,7 +30,7 @@ Signed-off-by: Jakub Kicinski <kuba@kernel.org>
 
 --- a/net/dsa/slave.c
 +++ b/net/dsa/slave.c
-@@ -1650,6 +1650,9 @@ static int dsa_slave_switchdev_event(str
+@@ -1652,6 +1652,9 @@ static int dsa_slave_switchdev_event(str
  
  		dp = dsa_slave_to_port(dev);
  

target/linux/generic/backport-5.4/775-v5.12-net-dsa-listen-for-SWITCHDEV_-FDB-DEL-_ADD_TO_DEVICE.patch

@@ -172,7 +172,7 @@ Signed-off-by: DENG Qingfang <dqfext@gmail.com>
  	 */
 --- a/net/dsa/slave.c
 +++ b/net/dsa/slave.c
-@@ -1627,6 +1627,25 @@ static void dsa_slave_switchdev_event_wo
+@@ -1629,6 +1629,25 @@ static void dsa_slave_switchdev_event_wo
  		dev_put(dp->slave);
  }
  
@@ -198,7 +198,7 @@ Signed-off-by: DENG Qingfang <dqfext@gmail.com>
  /* Called under rcu_read_lock() */
  static int dsa_slave_switchdev_event(struct notifier_block *unused,
  				     unsigned long event, void *ptr)
-@@ -1645,10 +1664,37 @@ static int dsa_slave_switchdev_event(str
+@@ -1647,10 +1666,37 @@ static int dsa_slave_switchdev_event(str
  		return notifier_from_errno(err);
  	case SWITCHDEV_FDB_ADD_TO_DEVICE:
  	case SWITCHDEV_FDB_DEL_TO_DEVICE:
@@ -239,7 +239,7 @@ Signed-off-by: DENG Qingfang <dqfext@gmail.com>
  
  		if (!dp->ds->ops->port_fdb_add || !dp->ds->ops->port_fdb_del)
  			return NOTIFY_DONE;
-@@ -1663,18 +1709,13 @@ static int dsa_slave_switchdev_event(str
+@@ -1665,18 +1711,13 @@ static int dsa_slave_switchdev_event(str
  		switchdev_work->port = dp->index;
  		switchdev_work->event = event;
  

target/linux/generic/hack-5.4/661-use_fq_codel_by_default.patch

@@ -14,7 +14,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
 
 --- a/include/net/sch_generic.h
 +++ b/include/net/sch_generic.h
-@@ -570,12 +570,13 @@ extern struct Qdisc_ops noop_qdisc_ops;
+@@ -603,12 +603,13 @@ extern struct Qdisc_ops noop_qdisc_ops;
  extern struct Qdisc_ops pfifo_fast_ops;
  extern struct Qdisc_ops mq_qdisc_ops;
  extern struct Qdisc_ops noqueue_qdisc_ops;
@@ -82,8 +82,8 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
 +const struct Qdisc_ops *default_qdisc_ops = &fq_codel_qdisc_ops;
  EXPORT_SYMBOL(default_qdisc_ops);
  
- /* Main transmission queue. */
-@@ -1035,12 +1035,12 @@ static void attach_one_default_qdisc(str
+ static void qdisc_maybe_clear_missed(struct Qdisc *q,
+@@ -1079,12 +1079,12 @@ static void attach_one_default_qdisc(str
  				     void *_unused)
  {
  	struct Qdisc *qdisc;

target/linux/generic/hack-5.4/662-remove_pfifo_fast.patch

@@ -10,7 +10,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
 
 --- a/net/sched/sch_generic.c
 +++ b/net/sched/sch_generic.c
-@@ -595,211 +595,6 @@ struct Qdisc_ops noqueue_qdisc_ops __rea
+@@ -620,230 +620,6 @@ struct Qdisc_ops noqueue_qdisc_ops __rea
  	.owner		=	THIS_MODULE,
  };
  
@@ -64,8 +64,10 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
 -{
 -	struct pfifo_fast_priv *priv = qdisc_priv(qdisc);
 -	struct sk_buff *skb = NULL;
+-	bool need_retry = true;
 -	int band;
 -
+-retry:
 -	for (band = 0; band < PFIFO_FAST_BANDS && !skb; band++) {
 -		struct skb_array *q = band2list(priv, band);
 -
@@ -76,6 +78,23 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
 -	}
 -	if (likely(skb)) {
 -		qdisc_update_stats_at_dequeue(qdisc, skb);
+-	} else if (need_retry &&
+-		   test_bit(__QDISC_STATE_MISSED, &qdisc->state)) {
+-		/* Delay clearing the STATE_MISSED here to reduce
+-		 * the overhead of the second spin_trylock() in
+-		 * qdisc_run_begin() and __netif_schedule() calling
+-		 * in qdisc_run_end().
+-		 */
+-		clear_bit(__QDISC_STATE_MISSED, &qdisc->state);
+-
+-		/* Make sure dequeuing happens after clearing
+-		 * STATE_MISSED.
+-		 */
+-		smp_mb__after_atomic();
+-
+-		need_retry = false;
+-
+-		goto retry;
 -	} else {
 -		WRITE_ONCE(qdisc->empty, true);
 -	}