OpenWrt v21.02.3: adjust config defaults

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>

config/Config-kernel.in

@@ -436,34 +436,22 @@ config KERNEL_PROVE_LOCKING
 	select KERNEL_DEBUG_KERNEL
 	default n
 
-config KERNEL_LOCKUP_DETECTOR
-	bool "Compile the kernel with detect Hard and Soft Lockups"
+config KERNEL_SOFTLOCKUP_DETECTOR
+	bool "Compile the kernel with detect Soft Lockups"
 	depends on KERNEL_DEBUG_KERNEL
 	help
 	  Say Y here to enable the kernel to act as a watchdog to detect
-	  hard and soft lockups.
+	  soft lockups.
 
 	  Softlockups are bugs that cause the kernel to loop in kernel
 	  mode for more than 20 seconds, without giving other tasks a
 	  chance to run.  The current stack trace is displayed upon
 	  detection and the system will stay locked up.
 
-	  Hardlockups are bugs that cause the CPU to loop in kernel mode
-	  for more than 10 seconds, without letting other interrupts have a
-	  chance to run.  The current stack trace is displayed upon detection
-	  and the system will stay locked up.
-
-	  The overhead should be minimal.  A periodic hrtimer runs to
-	  generate interrupts and kick the watchdog task every 4 seconds.
-	  An NMI is generated every 10 seconds or so to check for hardlockups.
-
-	  The frequency of hrtimer and NMI events and the soft and hard lockup
-	  thresholds can be controlled through the sysctl watchdog_thresh.
-
 config KERNEL_DETECT_HUNG_TASK
 	bool "Compile the kernel with detect Hung Tasks"
 	depends on KERNEL_DEBUG_KERNEL
-	default KERNEL_LOCKUP_DETECTOR
+	default KERNEL_SOFTLOCKUP_DETECTOR
 	help
 	  Say Y here to enable the kernel to detect "hung tasks",
 	  which are bugs that cause the task to be stuck in

feeds.conf.default

@@ -1,4 +1,4 @@
-src-git packages https://git.openwrt.org/feed/packages.git^e738d2faf1c4ed68094f1d5da075d2d92fb35049
-src-git luci https://git.openwrt.org/project/luci.git^2778366916f815d4af9534218bef10aa3aad3c01
-src-git routing https://git.openwrt.org/feed/routing.git^2baff33918c089fd3744c7192f8ae7a29c47a8d7
-src-git telephony https://git.openwrt.org/feed/telephony.git^ee64ec42e981e1f9e5a21cd3478497987ff76680
+src-git packages https://git.openwrt.org/feed/packages.git^78bcd00c13587571b5c79ed2fc3363aa674aaef7
+src-git luci https://git.openwrt.org/project/luci.git^fe09ab990256d8b63e76cc1ab2435baef921b8b4
+src-git routing https://git.openwrt.org/feed/routing.git^a0d61bddb3ce4ca54bd76af86c28f58feb6cc044
+src-git telephony https://git.openwrt.org/feed/telephony.git^0183c1adda0e7581698b0ea4bff7c08379acf447

include/feeds.mk

@@ -43,5 +43,11 @@ endef
 
 # 1: package name
 define GetABISuffix
-$(if $(filter-out kmod-%,$(1)),$(if $(ABIV_$(1)),$(ABIV_$(1)),$(foreach v,$(wildcard $(STAGING_DIR)/pkginfo/$(1).version),$(shell cat $(v)))))
+$(if $(ABIV_$(1)),$(ABIV_$(1)),$(call FormatABISuffix,$(1),$(foreach v,$(wildcard $(STAGING_DIR)/pkginfo/$(1).version),$(shell cat $(v)))))
+endef
+
+# 1: package name
+# 2: abi version
+define FormatABISuffix
+$(if $(filter-out kmod-%,$(1)),$(if $(2),$(if $(filter %0 %1 %2 %3 %4 %5 %6 %7 %8 %9,$(1)),-)$(2)))
 endef

include/kernel-version.mk

@@ -6,9 +6,9 @@ ifdef CONFIG_TESTING_KERNEL
   KERNEL_PATCHVER:=$(KERNEL_TESTING_PATCHVER)
 endif
 
-LINUX_VERSION-5.4 = .124
+LINUX_VERSION-5.4 = .188
 
-LINUX_KERNEL_HASH-5.4.124 = f7f29dda2b042d7b5986d18274413131cf70e17288c05e9a683df1f46c507d82
+LINUX_KERNEL_HASH-5.4.188 = 9fbc8bfdc28c9fce2307bdf7cf1172c9819df673397a411c40a5c3d0a570fdbc
 
 remove_uri_prefix=$(subst git://,,$(subst http://,,$(subst https://,,$(1))))
 sanitize_uri=$(call qstrip,$(subst @,_,$(subst :,_,$(subst .,_,$(subst -,_,$(subst /,_,$(1)))))))

include/package-ipkg.mk

@@ -99,7 +99,7 @@ _endef=endef
 
 ifeq ($(DUMP),)
   define BuildTarget/ipkg
-    ABIV_$(1):=$(if $(filter-out kmod-%,$(1)),$(ABI_VERSION))
+    ABIV_$(1):=$(call FormatABISuffix,$(1),$(ABI_VERSION))
     PDIR_$(1):=$(call FeedPackageDir,$(1))
     IPKG_$(1):=$$(PDIR_$(1))/$(1)$$(ABIV_$(1))_$(VERSION)_$(PKGARCH).ipk
     IDIR_$(1):=$(PKG_BUILD_DIR)/ipkg-$(PKGARCH)/$(1)

include/prereq-build.mk

@@ -153,20 +153,26 @@ $(eval $(call SetupHostCommand,perl,Please install Perl 5.x, \
 $(eval $(call CleanupPython2))
 
 $(eval $(call SetupHostCommand,python,Please install Python >= 3.5, \
+	python3.10 -V 2>&1 | grep 'Python 3', \
 	python3.9 -V 2>&1 | grep 'Python 3', \
 	python3.8 -V 2>&1 | grep 'Python 3', \
 	python3.7 -V 2>&1 | grep 'Python 3', \
 	python3.6 -V 2>&1 | grep 'Python 3', \
 	python3.5 -V 2>&1 | grep 'Python 3', \
-	python3 -V 2>&1 | grep -E 'Python 3\.[5-9]\.?'))
+	python3 -V 2>&1 | grep -E 'Python 3\.([5-9]|10)\.?'))
 
 $(eval $(call SetupHostCommand,python3,Please install Python >= 3.5, \
+	python3.10 -V 2>&1 | grep 'Python 3', \
 	python3.9 -V 2>&1 | grep 'Python 3', \
 	python3.8 -V 2>&1 | grep 'Python 3', \
 	python3.7 -V 2>&1 | grep 'Python 3', \
 	python3.6 -V 2>&1 | grep 'Python 3', \
 	python3.5 -V 2>&1 | grep 'Python 3', \
-	python3 -V 2>&1 | grep -E 'Python 3\.[5-9]\.?'))
+	python3 -V 2>&1 | grep -E 'Python 3\.([5-9]|10)\.?'))
+
+$(eval $(call TestHostCommand,python3-distutils, \
+	Please install the Python3 distutils module, \
+	$(STAGING_DIR_HOST)/bin/python3 -c 'import distutils'))
 
 $(eval $(call SetupHostCommand,git,Please install Git (git-core) >= 1.7.12.2, \
 	git --exec-path | xargs -I % -- grep -q -- --recursive %/git-submodule))
@@ -178,7 +184,9 @@ $(eval $(call SetupHostCommand,rsync,Please install 'rsync', \
 	rsync --version </dev/null))
 
 $(eval $(call SetupHostCommand,which,Please install 'which', \
-	which which | grep which))
+	/usr/bin/which which, \
+	/bin/which which, \
+	which which))
 
 $(STAGING_DIR_HOST)/bin/mkhash: $(SCRIPT_DIR)/mkhash.c
 	mkdir -p $(dir $@)

include/u-boot.mk

@@ -44,6 +44,7 @@ TARGET_DEP = TARGET_$(BUILD_TARGET)$(if $(BUILD_SUBTARGET),_$(BUILD_SUBTARGET))
 UBOOT_MAKE_FLAGS = \
 	HOSTCC="$(HOSTCC)" \
 	HOSTCFLAGS="$(HOST_CFLAGS) $(HOST_CPPFLAGS) -std=gnu11" \
+	LOCALVERSION="-OpenWrt-$(REVISION)" \
 	HOSTLDFLAGS="$(HOST_LDFLAGS)"
 
 define Build/U-Boot/Target

include/version.mk

@@ -23,13 +23,13 @@ PKG_CONFIG_DEPENDS += \
 sanitize = $(call tolower,$(subst _,-,$(subst $(space),-,$(1))))
 
 VERSION_NUMBER:=$(call qstrip,$(CONFIG_VERSION_NUMBER))
-VERSION_NUMBER:=$(if $(VERSION_NUMBER),$(VERSION_NUMBER),21.02.0-rc3)
+VERSION_NUMBER:=$(if $(VERSION_NUMBER),$(VERSION_NUMBER),21.02.3)
 
 VERSION_CODE:=$(call qstrip,$(CONFIG_VERSION_CODE))
-VERSION_CODE:=$(if $(VERSION_CODE),$(VERSION_CODE),r16172-2aba3e9784)
+VERSION_CODE:=$(if $(VERSION_CODE),$(VERSION_CODE),r16554-1d4dea6d4f)
 
 VERSION_REPO:=$(call qstrip,$(CONFIG_VERSION_REPO))
-VERSION_REPO:=$(if $(VERSION_REPO),$(VERSION_REPO),https://downloads.openwrt.org/releases/21.02.0-rc3)
+VERSION_REPO:=$(if $(VERSION_REPO),$(VERSION_REPO),https://downloads.openwrt.org/releases/21.02.3)
 
 VERSION_DIST:=$(call qstrip,$(CONFIG_VERSION_DIST))
 VERSION_DIST:=$(if $(VERSION_DIST),$(VERSION_DIST),OpenWrt)

package/Makefile

@@ -66,8 +66,10 @@ $(curdir)/install: $(TMP_DIR)/.build $(curdir)/merge $(if $(CONFIG_TARGET_PER_DE
 	- find $(STAGING_DIR_ROOT) -type d | $(XARGS) chmod 0755
 	rm -rf $(TARGET_DIR) $(TARGET_DIR_ORIG)
 	mkdir -p $(TARGET_DIR)/tmp
-	$(call opkg,$(TARGET_DIR)) install \
-		$(call opkg_package_files,$(foreach pkg,$(shell cat $(PACKAGE_INSTALL_FILES) 2>/dev/null),$(pkg)$(call GetABISuffix,$(pkg))))
+	$(file >$(TMP_DIR)/opkg_install_list,\
+	  $(call opkg_package_files,\
+	    $(foreach pkg,$(shell cat $(PACKAGE_INSTALL_FILES) 2>/dev/null),$(pkg)$(call GetABISuffix,$(pkg)))))
+	$(call opkg,$(TARGET_DIR)) install $$(cat $(TMP_DIR)/opkg_install_list)
 	@for file in $(PACKAGE_INSTALL_FILES); do \
 		[ -s $$file.flags ] || continue; \
 		for flag in `cat $$file.flags`; do \

package/base-files/files/bin/config_generate

@@ -114,9 +114,17 @@ generate_network() {
 			add network device
 			set network.@device[-1].name='br-$1'
 			set network.@device[-1].type='bridge'
-			set network.@device[-1].macaddr='$macaddr'
 		EOF
 		for port in $ports; do uci add_list network.@device[-1].ports="$port"; done
+		[ -n "$macaddr" ] && {
+			for port in $ports; do
+				uci -q batch <<-EOF
+					add network device
+					set network.@device[-1].name='$port'
+					set network.@device[-1].macaddr='$macaddr'
+				EOF
+			done
+		}
 		device=br-$1
 		type=
 		macaddr=""

package/base-files/files/etc/init.d/boot

@@ -21,9 +21,10 @@ boot() {
 	[ -f /proc/mounts ] || /sbin/mount_root
 	[ -f /proc/jffs2_bbc ] && echo "S" > /proc/jffs2_bbc
 
-	mkdir -p /var/run
-	mkdir -p /var/log
 	mkdir -p /var/lock
+	chmod 1777 /var/lock
+	mkdir -p /var/log
+	mkdir -p /var/run
 	mkdir -p /var/state
 	mkdir -p /var/tmp
 	mkdir -p /tmp/.uci
@@ -47,6 +48,7 @@ boot() {
 
 	/bin/config_generate
 	uci_apply_defaults
+	sync
 	
 	# temporary hack until configd exists
 	/sbin/reload_config

package/base-files/files/etc/init.d/system

@@ -4,8 +4,7 @@
 START=10
 USE_PROCD=1
 
-validate_system_section()
-{
+validate_system_section() {
 	uci_load_validate system system "$1" "$2" \
 		'hostname:string:OpenWrt' \
 		'conloglevel:uinteger' \
@@ -23,8 +22,9 @@ system_config() {
 	echo "$hostname" > /proc/sys/kernel/hostname
 	[ -z "$conloglevel" -a -z "$buffersize" ] || dmesg ${conloglevel:+-n $conloglevel} ${buffersize:+-s $buffersize}
 	echo "$timezone" > /tmp/TZ
-	[ -n "$zonename" ] && [ -f "/usr/share/zoneinfo/$zonename" ] && \
-		ln -sf "/usr/share/zoneinfo/$zonename" /tmp/localtime && rm -f /tmp/TZ
+	[ -n "$zonename" ] && [ -f "/usr/share/zoneinfo/${zonename// /_}" ] \
+		&& ln -sf "/usr/share/zoneinfo/${zonename// /_}" /tmp/localtime \
+		&& rm -f /tmp/TZ
 
 	# apply timezone to kernel
 	hwclock -u --systz
@@ -35,8 +35,7 @@ reload_service() {
 	config_foreach validate_system_section system system_config
 }
 
-service_triggers()
-{
+service_triggers() {
 	procd_add_reload_trigger "system"
 	procd_add_validation validate_system_section
 }

package/base-files/files/etc/rc.common

@@ -100,9 +100,9 @@ service_data() {
 }
 
 service_running() {
-	local service="${1:-$(basename $initscript)}"
-	local instance="${2:-*}"
-	procd_running "$service" "$instance" "$@"
+	local instance="${1:-*}"
+
+	procd_running "$(basename $initscript)" "$instance"
 }
 
 ${INIT_TRACE:+set -x}

package/base-files/files/lib/preinit/10_indicate_preinit

@@ -72,14 +72,20 @@ preinit_config_board() {
 
 	json_select network
 		json_select "lan"
-			json_get_vars ifname
+			json_get_vars device
+			json_get_values ports ports
 		json_select ..
 	json_select ..
 
-	[ -n "$ifname" ] || return
+	[ -n "$device" -o -n "$ports" ] || return
+
+	# swconfig uses $device and DSA uses ports
+	[ -z "$ports" ] && {
+		ports="$device"
+	}
 
 	# only use the first one
-	ifname=${ifname%% *}
+	ifname=${ports%% *}
 
 	if [ -x /sbin/swconfig ]; then
 		# configure the switch, if present
@@ -91,6 +97,8 @@ preinit_config_board() {
 	else
 		# trim any vlan ids
 		ifname=${ifname%\.*}
+		# trim any vlan modifiers like :t
+		ifname=${ifname%\:*}
 	fi
 
 	pi_ifname=$ifname

package/base-files/files/lib/upgrade/common.sh

@@ -267,7 +267,7 @@ get_partitions() { # <device> <filename>
 				local type="$1"
 				local lba="$(( $(hex_le32_to_cpu $4) * 0x100000000 + $(hex_le32_to_cpu $3) ))"
 				local end="$(( $(hex_le32_to_cpu $6) * 0x100000000 + $(hex_le32_to_cpu $5) ))"
-				local num="$(( $end - $lba ))"
+				local num="$(( $end - $lba + 1 ))"
 
 				[ "$type" = "00000000000000000000000000000000" ] && continue
 

package/base-files/files/sbin/wifi

@@ -130,10 +130,12 @@ wifi_updown() {
 		ubus_wifi_cmd "$cmd" "$2"
 		scan_wifi
 		cmd=up
+		ubus call network reload
 	}
 	[ reconf = "$1" ] && {
 		scan_wifi
 		cmd=reconf
+		ubus call network reload
 	}
 	ubus_wifi_cmd "$cmd" "$2"
 	_wifi_updown "$@"
@@ -246,7 +248,7 @@ case "$1" in
 	reload) wifi_reload "$2";;
 	reload_legacy) wifi_reload_legacy "$2";;
 	--help|help) usage;;
-	reconf) ubus call network reload; wifi_updown "reconf" "$2";;
-	''|up) ubus call network reload; wifi_updown "enable" "$2";;
+	reconf) wifi_updown "reconf" "$2";;
+	''|up) wifi_updown "enable" "$2";;
 	*) usage; exit 1;;
 esac

package/base-files/image-config.in

@@ -183,7 +183,7 @@ if VERSIONOPT
 	config VERSION_REPO
 		string
 		prompt "Release repository"
-		default "https://downloads.openwrt.org/releases/21.02.0-rc3"
+		default "https://downloads.openwrt.org/releases/21.02.3"
 		help
 			This is the repository address embedded in the image, it defaults
 			to the trunk snapshot repo; the url may contain the following placeholders:

package/boot/arm-trusted-firmware-bcm63xx/Makefile

@@ -0,0 +1,42 @@
+# SPDX-License-Identifier: GPL-2.0
+
+include $(TOPDIR)/rules.mk
+
+PKG_VERSION:=2.2
+PKG_RELEASE:=$(AUTORELEASE)
+
+PKG_SOURCE_PROTO:=git
+PKG_SOURCE_URL=$(PROJECT_GIT)/project/bcm63xx/atf.git
+PKG_SOURCE_DATE:=2021-12-24
+PKG_SOURCE_VERSION:=e6d46baf3fae79f693f90bf34f7284c3dfc64aef
+PKG_MIRROR_HASH:=9d5d04f572b1b6ddc6eb3064b9cb09f5fe982e82d350790041d35316349af124
+
+PKG_MAINTAINER:=Rafał Miłecki <rafal@milecki.pl>
+
+include $(INCLUDE_DIR)/trusted-firmware-a.mk
+include $(INCLUDE_DIR)/package.mk
+
+define Trusted-Firmware-A/Default
+  PLAT:=bcm
+  DEFAULT:=y
+endef
+
+define Trusted-Firmware-A/bcm4908
+  BUILD_TARGET:=bcm4908
+  NAME:=BCM4908
+  BRCM_CHIP=4908
+  TFA_IMAGE:=bl31.bin
+endef
+
+TFA_TARGETS:= \
+	bcm4908
+
+TFA_MAKE_FLAGS += \
+	BRCM_CHIP=$(BRCM_CHIP)
+
+define Package/trusted-firmware-a/install
+	$(INSTALL_DIR) $(STAGING_DIR_IMAGE)
+	$(INSTALL_DATA) $(PKG_BUILD_DIR)/build/$(PLAT)/release/$(TFA_IMAGE) $(STAGING_DIR_IMAGE)/
+endef
+
+$(eval $(call BuildPackage/Trusted-Firmware-A))

package/boot/uboot-at91/patches/001-fix-Wformat-security.patch

@@ -1,8 +1,6 @@
-diff --git a/cmd/version.c b/cmd/version.c
-index b2fffe99..bcbbeb18 100644
 --- a/cmd/version.c
 +++ b/cmd/version.c
-@@ -18,7 +18,7 @@ static int do_version(cmd_tbl_t *cmdtp, int flag, int argc, char * const argv[])
+@@ -18,7 +18,7 @@ static int do_version(cmd_tbl_t *cmdtp,
  {
  	char buf[DISPLAY_OPTIONS_BANNER_LENGTH];
  
@@ -11,11 +9,9 @@ index b2fffe99..bcbbeb18 100644
  #ifdef CC_VERSION_STRING
  	puts(CC_VERSION_STRING "\n");
  #endif
-diff --git a/drivers/pinctrl/pinctrl-uclass.c b/drivers/pinctrl/pinctrl-uclass.c
-index 3425ed11..8c2e1d5c 100644
 --- a/drivers/pinctrl/pinctrl-uclass.c
 +++ b/drivers/pinctrl/pinctrl-uclass.c
-@@ -368,7 +368,7 @@ int pinctrl_get_pin_name(struct udevice *dev, int selector, char *buf,
+@@ -368,7 +368,7 @@ int pinctrl_get_pin_name(struct udevice
  	if (!ops->get_pin_name)
  		return -ENOSYS;
  
@@ -24,11 +20,9 @@ index 3425ed11..8c2e1d5c 100644
  
  	return 0;
  }
-diff --git a/lib/efi_loader/efi_variable.c b/lib/efi_loader/efi_variable.c
-index c316bdfe..5fe8129c 100644
 --- a/lib/efi_loader/efi_variable.c
 +++ b/lib/efi_loader/efi_variable.c
-@@ -522,7 +522,7 @@ efi_status_t EFIAPI efi_set_variable(u16 *variable_name,
+@@ -522,7 +522,7 @@ efi_status_t EFIAPI efi_set_variable(u16
  
  	if (old_size)
  		/* APPEND_WRITE */

package/boot/uboot-at91/patches/010-fix_dtc_compilation_on_host_gcc10.patch

@@ -0,0 +1,46 @@
+From e33a814e772cdc36436c8c188d8c42d019fda639 Mon Sep 17 00:00:00 2001
+From: Dirk Mueller <dmueller@suse.com>
+Date: Tue, 14 Jan 2020 18:53:41 +0100
+Subject: [PATCH] scripts/dtc: Remove redundant YYLOC global declaration
+
+gcc 10 will default to -fno-common, which causes this error at link
+time:
+
+  (.text+0x0): multiple definition of `yylloc'; dtc-lexer.lex.o (symbol from plugin):(.text+0x0): first defined here
+
+This is because both dtc-lexer as well as dtc-parser define the same
+global symbol yyloc. Before with -fcommon those were merged into one
+defintion. The proper solution would be to to mark this as "extern",
+however that leads to:
+
+  dtc-lexer.l:26:16: error: redundant redeclaration of 'yylloc' [-Werror=redundant-decls]
+   26 | extern YYLTYPE yylloc;
+      |                ^~~~~~
+In file included from dtc-lexer.l:24:
+dtc-parser.tab.h:127:16: note: previous declaration of 'yylloc' was here
+  127 | extern YYLTYPE yylloc;
+      |                ^~~~~~
+cc1: all warnings being treated as errors
+
+which means the declaration is completely redundant and can just be
+dropped.
+
+Signed-off-by: Dirk Mueller <dmueller@suse.com>
+Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
+[robh: cherry-pick from upstream]
+Cc: stable@vger.kernel.org
+Signed-off-by: Rob Herring <robh@kernel.org>
+---
+ scripts/dtc/dtc-lexer.l | 1 -
+ 1 file changed, 1 deletion(-)
+
+--- a/scripts/dtc/dtc-lexer.l
++++ b/scripts/dtc/dtc-lexer.l
+@@ -38,7 +38,6 @@ LINECOMMENT	"//".*\n
+ #include "srcpos.h"
+ #include "dtc-parser.tab.h"
+ 
+-YYLTYPE yylloc;
+ extern bool treesource_error;
+ 
+ /* CAUTION: this will stop working if we ever use yyless() or yyunput() */

package/boot/uboot-bcm4908/Makefile

@@ -0,0 +1,48 @@
+# SPDX-License-Identifier: GPL-2.0-or-later
+
+include $(TOPDIR)/rules.mk
+include $(INCLUDE_DIR)/kernel.mk
+
+PKG_RELEASE:=$(AUTORELEASE)
+
+PKG_SOURCE_PROTO:=git
+PKG_SOURCE_URL:=https://git.openwrt.org/project/bcm63xx/u-boot.git
+PKG_SOURCE_DATE:=2022-03-03
+PKG_SOURCE_VERSION:=92e9eca819c9c898d9d2010e1a217726c42c8c47
+PKG_MIRROR_HASH:=11c37fe4c18d55e799153600d1cfd8ee9ca7da8326d0024c1d825f4a327c5f0d
+
+include $(INCLUDE_DIR)/u-boot.mk
+include $(INCLUDE_DIR)/package.mk
+
+define U-Boot/Default
+  BUILD_TARGET:=bcm4908
+  UBOOT_IMAGE:=u-boot-nodtb.bin
+  DEFAULT:=y
+endef
+
+define U-Boot/bcm4908
+  NAME:=Broadcom's BCM4908
+  UBOOT_CONFIG:=bcm94908
+endef
+
+UBOOT_TARGETS := \
+	bcm4908
+
+define Build/Prepare
+	$(call Build/Prepare/Default)
+	mkdir -p $(PKG_BUILD_DIR)/include/generated/
+	( cd $(PKG_BUILD_DIR)/board/broadcom/bcmbca/httpd/html/ && \
+	  $(STAGING_DIR_HOST)/bin/xxd -i index.html > ../../../../../include/generated/index.h && \
+	  $(STAGING_DIR_HOST)/bin/xxd -i flashing.html > ../../../../../include/generated/flashing.h && \
+	  $(STAGING_DIR_HOST)/bin/xxd -i fail.html > ../../../../../include/generated/fail.h && \
+	  $(STAGING_DIR_HOST)/bin/xxd -i 404.html > ../../../../../include/generated/404.h )
+endef
+
+define Build/InstallDev
+	$(INSTALL_DIR) $(STAGING_DIR_IMAGE)/u-boot
+	$(INSTALL_BIN) $(PKG_BUILD_DIR)/$(UBOOT_IMAGE) $(STAGING_DIR_IMAGE)/u-boot/
+	$(INSTALL_BIN) $(PKG_BUILD_DIR)/u-boot.dtb $(STAGING_DIR_IMAGE)/u-boot/
+	$(INSTALL_BIN) $(PKG_BUILD_DIR)/arch/arm/dts/*.dtb $(STAGING_DIR_IMAGE)/u-boot/
+endef
+
+$(eval $(call BuildPackage/U-Boot))

package/boot/uboot-bcm4908/patches/100-check-config-allow-to-complete-build-even-with-ad-ho.patch

@@ -0,0 +1,40 @@
+From: Masahiro Yamada <yamada.masahiro@socionext.com>
+Date: Mon, 26 Sep 2016 13:05:02 +0900
+Subject: [PATCH] check-config: allow to complete build even with ad-hoc CONFIG
+ options
+
+Currently, the check-config.sh terminates the build when unknown
+ad-hoc options are detected.  I think it is too much because we may
+want to patch config headers locally in a build/deployment project.
+
+So, let's relax check-config.sh to just warn even if it detects
+options that are not in the whitelist.  Instead, this check can be
+done at the end of build, along with other checks.  It will catch
+more attention.
+
+Even with this change, the Buildman tool catches new warnings,
+so Tom can give NACK to new ad-hoc options.
+
+Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
+---
+ scripts/check-config.sh | 3 +--
+ 1 file changed, 1 insertion(+), 2 deletions(-)
+
+--- a/scripts/check-config.sh
++++ b/scripts/check-config.sh
+@@ -50,14 +50,13 @@ cat `find ${srctree} -name "Kconfig*"` |sed -n \
+ 	|sort |uniq > ${ok}
+ comm -23 ${suspects} ${ok} >${new_adhoc}
+ if [ -s ${new_adhoc} ]; then
+-	echo >&2 "Error: You must add new CONFIG options using Kconfig"
++	echo >&2 "Warning: You must add new CONFIG options using Kconfig"
+ 	echo >&2 "The following new ad-hoc CONFIG options were detected:"
+ 	cat >&2 ${new_adhoc}
+ 	echo >&2
+ 	echo >&2 "Please add these via Kconfig instead. Find a suitable Kconfig"
+ 	echo >&2 "file and add a 'config' or 'menuconfig' option."
+ 	# Don't delete the temporary files in case they are useful
+-	exit 1
+ else
+ 	rm ${suspects} ${ok} ${new_adhoc}
+ fi

package/boot/uboot-bcm4908/patches/101-tools-fix-mkimage-static-compilation.patch

@@ -0,0 +1,24 @@
+From 8efe417aa9de654425cc01d0fc93be355a3f648d Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Rafa=C5=82=20Mi=C5=82ecki?= <rafal@milecki.pl>
+Date: Wed, 13 Oct 2021 11:04:45 +0200
+Subject: [PATCH] tools: fix mkimage static compilation
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
+---
+ tools/Makefile | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/tools/Makefile
++++ b/tools/Makefile
+@@ -157,7 +157,7 @@ ifneq ($(CONFIG_MX23)$(CONFIG_MX28)$(CON
+ HOSTCFLAGS_kwbimage.o += \
+ 	$(shell pkg-config --cflags libssl libcrypto 2> /dev/null || echo "")
+ HOSTLOADLIBES_mkimage += \
+-	$(shell pkg-config --libs libssl libcrypto 2> /dev/null || echo "-lssl -lcrypto")
++	$(shell pkg-config --libs --static libssl libcrypto 2> /dev/null || echo "-lssl -lcrypto -lpthread")
+ 
+ # OS X deprecate openssl in favour of CommonCrypto, supress deprecation
+ # warnings on those systems

package/boot/uboot-bcm4908/patches/200-configs-bcm94908-unset-CONFIG_SPL.patch

@@ -0,0 +1,38 @@
+From: =?UTF-8?q?Rafa=C5=82=20Mi=C5=82ecki?= <rafal@milecki.pl>
+Date: Fri, 4 Mar 2022 09:21:32 +0100
+Subject: [PATCH] configs: bcm94908: unset CONFIG_SPL
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Compiling SPL is always tricky as it needs to fit limited resources.
+Fortunately in most cases there is no need to replace SPL or TPL while
+flashing a new firmware.
+
+Compiling SPL for BCM4908 seems to fail with non-Broadcom toolchain:
+aarch64-openwrt-linux-musl-ld.bfd: u-boot-spl section `.u_boot_list' will not fit in region `.sram'
+aarch64-openwrt-linux-musl-ld.bfd: section .bss VMA [00000000822b9000,00000000822b93ef] overlaps section .u_boot_list VMA [00000000822b8f60,00000000822b9a87]
+aarch64-openwrt-linux-musl-ld.bfd: region `.sram' overflowed by 2696 bytes
+
+It also requires hashtable.h which has to be generated using some
+Broadcom's custom perl script that isn't integrated as this point.
+
+For now just disable SPL and use only last-stage U-Boot that must be
+shipped with every firmware.
+
+Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
+---
+ configs/bcm94908_defconfig | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/configs/bcm94908_defconfig
++++ b/configs/bcm94908_defconfig
+@@ -21,7 +21,7 @@ CONFIG_SPL_SERIAL_SUPPORT=y
+ CONFIG_TPL_LIBCOMMON_SUPPORT=y
+ CONFIG_TPL_LIBGENERIC_SUPPORT=y
+ CONFIG_NR_DRAM_BANKS=1
+-CONFIG_SPL=y
++# CONFIG_SPL is not set
+ CONFIG_SPL_LIBDISK_SUPPORT=y
+ CONFIG_ENV_VARS_UBOOT_CONFIG=y
+ CONFIG_TPL_SYS_MALLOC_F_LEN=0x11000

package/boot/uboot-bcm4908/patches/201-Assume-TPL-support-for-ATF-when-compiling-U-Boot-wit.patch

@@ -0,0 +1,55 @@
+From: =?UTF-8?q?Rafa=C5=82=20Mi=C5=82ecki?= <rafal@milecki.pl>
+Date: Fri, 4 Mar 2022 09:23:34 +0100
+Subject: [PATCH] Assume TPL support for ATF when compiling U-Boot without TPL
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Broadcom's U-Boot behaviour depends on compilation time check whether
+TPL was compiled with or without ATF support. There is no proper runtime
+check.
+
+When compiling just U-Boot (without SPL & TPL) there is no way to tell
+if it's going to work with TPL with or without ATF support.
+
+Modify code to blindly assume ATF support in TPL in such cases. It seems
+to be always true for Broadcom and we need some assumption as we don't
+deal with compiling SPL or TPL.
+
+Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
+---
+ arch/arm/mach-bcmbca/bcm4908/cpu.c | 2 +-
+ board/broadcom/bcmbca/board.c      | 4 ++--
+ 2 files changed, 3 insertions(+), 3 deletions(-)
+
+--- a/arch/arm/mach-bcmbca/bcm4908/cpu.c
++++ b/arch/arm/mach-bcmbca/bcm4908/cpu.c
+@@ -138,7 +138,7 @@ int get_nr_cpus()
+ 	return nr_cpus;
+ }
+ 
+-#if !defined(CONFIG_TPL_ATF)
++#if defined(CONFIG_TPL) && !defined(CONFIG_TPL_ATF)
+ void boot_secondary_cpu(unsigned long vector)
+ {
+ 	uint32_t cpu, nr_cpus = QUAD_CPUS;
+--- a/board/broadcom/bcmbca/board.c
++++ b/board/broadcom/bcmbca/board.c
+@@ -103,7 +103,7 @@ void board_spinor_init(void)
+ 
+ int board_init(void)
+ {
+-#if !defined(CONFIG_TPL_ATF)
++#if defined(CONFIG_TPL) && !defined(CONFIG_TPL_ATF)
+ 	unsigned long vector;
+ #endif
+ 	board_sdk_init_e();
+@@ -121,7 +121,7 @@ int board_init(void)
+ 	printf("$Uboot: "BUILD_TAG" $\n");
+ #endif
+ 
+-#if !defined(CONFIG_TPL_ATF)
++#if defined(CONFIG_TPL) && !defined(CONFIG_TPL_ATF)
+ #if defined(CONFIG_ARM64)
+ 	vector  = (unsigned long)&_start;
+ #else

package/boot/uboot-envtools/files/ath79

@@ -61,6 +61,8 @@ samsung,wam250|\
 ubnt,nanostation-m|\
 yuncore,a770|\
 yuncore,a782|\
+yuncore,a930|\
+yuncore,xd3200|\
 yuncore,xd4200|\
 zyxel,nbg6616)
 	ubootenv_add_uci_config "/dev/mtd1" "0x0" "0x10000" "0x10000"

package/boot/uboot-envtools/files/mvebu

@@ -18,7 +18,10 @@ buffalo,ls421de)
 	ubootenv_add_uci_config "/dev/mtd3" "0x0" "0x10000"
 	;;
 cznic,turris-omnia)
-	if grep -q 'U-Boot 2015.10-rc2' /dev/mtd0; then
+	idx="$(find_mtd_index u-boot-env)"
+	if [ -n "$idx" ]; then
+		ubootenv_add_uci_config "/dev/mtd${idx}" "0x0" "0x10000" "0x10000"
+	elif grep -q 'U-Boot 2015.10-rc2' /dev/mtd0; then
 		ubootenv_add_uci_config "/dev/mtd0" "0xc0000" "0x10000" "0x40000"
 	else
 		ubootenv_add_uci_config "/dev/mtd0" "0xf0000" "0x10000" "0x10000"

package/boot/uboot-lantiq/patches/0030-lzma-force-8bit-reads.patch

@@ -0,0 +1,57 @@
+From a40a6e16ed76e5e26a0f60226b64c311d4a62c9f Mon Sep 17 00:00:00 2001
+From: Mathias Kresin <dev@kresin.me>
+Date: Sun, 31 Oct 2021 23:04:54 +0100
+Subject: [PATCH] lzma: force 8bit reads
+
+At least since gcc 7.3.0 (OpenWrt 18.06) lwr/lwl are used in the
+assembly of LzmaProps_Decode. While the decission made by the compiler
+looks perfect fine, it triggers some obscure hang on lantiq danube-s
+v1.5 with MX29LV640EB NOR flash chips.
+
+Only if the offset 1 is used, the hang can be observed. Using any other
+offset works fine:
+
+  lwl s0,0(a1) - s0 == 0x6d000080
+  lwl s0,1(a1) - hangs
+  lwl s0,2(a1) - s0 == 0x0080xxxx
+  lwl s0,3(a1) - s0 == 0x80xxxxxx
+
+It isn't clear whether it is a limitation of the flash chip, the EBU or
+something else.
+
+Force 8bit reads to prevent gcc optimizing the read with lwr/lwl
+instructions.
+
+Signed-off-by: Mathias Kresin <dev@kresin.me>
+---
+ lib/lzma/LzmaDec.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+--- a/lib/lzma/LzmaDec.c
++++ b/lib/lzma/LzmaDec.c
+@@ -7,6 +7,7 @@
+ #include "LzmaDec.h"
+ 
+ #include <linux/string.h>
++#include <asm/io.h>
+ 
+ #define kNumTopBits 24
+ #define kTopValue ((UInt32)1 << kNumTopBits)
+@@ -703,7 +704,7 @@ static ELzmaDummy LzmaDec_TryDummy(const
+ 
+ static void LzmaDec_InitRc(CLzmaDec *p, const Byte *data)
+ {
+-  p->code = ((UInt32)data[1] << 24) | ((UInt32)data[2] << 16) | ((UInt32)data[3] << 8) | ((UInt32)data[4]);
++  p->code = ((UInt32)readb(&data[1]) << 24) | ((UInt32)readb(&data[2]) << 16) | ((UInt32)readb(&data[3]) << 8) | ((UInt32)readb(&data[4]));
+   p->range = 0xFFFFFFFF;
+   p->needFlush = 0;
+ }
+@@ -929,7 +930,7 @@ SRes LzmaProps_Decode(CLzmaProps *p, con
+   if (size < LZMA_PROPS_SIZE)
+     return SZ_ERROR_UNSUPPORTED;
+   else
+-    dicSize = data[1] | ((UInt32)data[2] << 8) | ((UInt32)data[3] << 16) | ((UInt32)data[4] << 24);
++    dicSize = readb(&data[1]) | ((UInt32)readb(&data[2]) << 8) | ((UInt32)readb(&data[3]) << 16) | ((UInt32)readb(&data[4]) << 24);
+ 
+   if (dicSize < LZMA_DIC_MIN)
+     dicSize = LZMA_DIC_MIN;

package/boot/uboot-lantiq/patches/101-fix-crypt-header-clash.patch

@@ -0,0 +1,172 @@
+Fix header clash with system /usr/include/sha1.h and sha256.h when libmd
+is installed.
+
+Backport of u-boot commit "includes: move openssl headers to include/u-boot"
+https://github.com/u-boot/u-boot/commit/2b9912e6a7df7b1f60beb7942bd0e6fa5f9d0167
+
+--- a/board/gdsys/p1022/controlcenterd-id.c
++++ b/board/gdsys/p1022/controlcenterd-id.c
+@@ -30,7 +30,7 @@
+ #include <i2c.h>
+ #include <mmc.h>
+ #include <tpm.h>
+-#include <sha1.h>
++#include <u-boot/sha1.h>
+ #include <asm/byteorder.h>
+ #include <asm/unaligned.h>
+ #include <pca9698.h>
+--- a/board/pcs440ep/pcs440ep.c
++++ b/board/pcs440ep/pcs440ep.c
+@@ -13,7 +13,7 @@
+ #include <asm/processor.h>
+ #include <spd_sdram.h>
+ #include <status_led.h>
+-#include <sha1.h>
++#include <u-boot/sha1.h>
+ #include <asm/io.h>
+ #include <net.h>
+ #include <ata.h>
+--- a/common/cmd_sha1sum.c
++++ b/common/cmd_sha1sum.c
+@@ -11,7 +11,7 @@
+ #include <common.h>
+ #include <command.h>
+ #include <hash.h>
+-#include <sha1.h>
++#include <u-boot/sha1.h>
+ 
+ int do_sha1sum(cmd_tbl_t *cmdtp, int flag, int argc, char * const argv[])
+ {
+--- a/common/hash.c
++++ b/common/hash.c
+@@ -14,8 +14,8 @@
+ #include <command.h>
+ #include <hw_sha.h>
+ #include <hash.h>
+-#include <sha1.h>
+-#include <sha256.h>
++#include <u-boot/sha1.h>
++#include <u-boot/sha256.h>
+ #include <asm/io.h>
+ #include <asm/errno.h>
+ 
+--- a/common/image-fit.c
++++ b/common/image-fit.c
+@@ -21,7 +21,7 @@ DECLARE_GLOBAL_DATA_PTR;
+ #endif /* !USE_HOSTCC*/
+ 
+ #include <bootstage.h>
+-#include <sha1.h>
++#include <u-boot/sha1.h>
+ #include <u-boot/crc.h>
+ #include <u-boot/md5.h>
+ 
+--- a/common/image.c
++++ b/common/image.c
+@@ -34,7 +34,7 @@
+ #endif
+ 
+ #include <u-boot/md5.h>
+-#include <sha1.h>
++#include <u-boot/sha1.h>
+ #include <asm/errno.h>
+ #include <asm/io.h>
+ 
+--- a/drivers/crypto/ace_sha.c
++++ b/drivers/crypto/ace_sha.c
+@@ -5,8 +5,8 @@
+  * SPDX-License-Identifier:	GPL-2.0+
+  */
+ #include <common.h>
+-#include <sha256.h>
+-#include <sha1.h>
++#include <u-boot/sha256.h>
++#include <u-boot/sha1.h>
+ #include <asm/errno.h>
+ #include "ace_sha.h"
+ 
+--- /dev/null
++++ b/include/u-boot/sha1.h
+@@ -0,0 +1 @@
++#include "../sha1.h"
+--- /dev/null
++++ b/include/u-boot/sha256.h
+@@ -0,0 +1 @@
++#include "../sha256.h"
+--- a/lib/rsa/rsa-verify.c
++++ b/lib/rsa/rsa-verify.c
+@@ -7,7 +7,7 @@
+ #include <common.h>
+ #include <fdtdec.h>
+ #include <rsa.h>
+-#include <sha1.h>
++#include <u-boot/sha1.h>
+ #include <asm/byteorder.h>
+ #include <asm/errno.h>
+ #include <asm/unaligned.h>
+--- a/lib/sha1.c
++++ b/lib/sha1.c
+@@ -36,7 +36,7 @@
+ #include <string.h>
+ #endif /* USE_HOSTCC */
+ #include <watchdog.h>
+-#include "sha1.h"
++#include <u-boot/sha1.h>
+ 
+ /*
+  * 32-bit integer manipulation macros (big endian)
+--- a/lib/sha256.c
++++ b/lib/sha256.c
+@@ -11,7 +11,7 @@
+ #endif /* USE_HOSTCC */
+ #include <watchdog.h>
+ #include <linux/string.h>
+-#include <sha256.h>
++#include <u-boot/sha256.h>
+ 
+ /*
+  * 32-bit integer manipulation macros (big endian)
+--- a/lib/tpm.c
++++ b/lib/tpm.c
+@@ -7,7 +7,7 @@
+ 
+ #include <common.h>
+ #include <stdarg.h>
+-#include <sha1.h>
++#include <u-boot/sha1.h>
+ #include <tpm.h>
+ #include <asm/unaligned.h>
+ 
+--- a/tools/imls/imls.c
++++ b/tools/imls/imls.c
+@@ -24,7 +24,7 @@
+ #include <mtd/mtd-user.h>
+ #endif
+ 
+-#include <sha1.h>
++#include <u-boot/sha1.h>
+ #include <libfdt.h>
+ #include <fdt_support.h>
+ #include <image.h>
+--- a/tools/mkimage.h
++++ b/tools/mkimage.h
+@@ -18,7 +18,7 @@
+ #include <sys/stat.h>
+ #include <time.h>
+ #include <unistd.h>
+-#include <sha1.h>
++#include <u-boot/sha1.h>
+ #include "fdt_host.h"
+ 
+ #undef MKIMAGE_DEBUG
+--- a/tools/ubsha1.c
++++ b/tools/ubsha1.c
+@@ -13,7 +13,7 @@
+ #include <errno.h>
+ #include <string.h>
+ #include <sys/stat.h>
+-#include "sha1.h"
++#include <u-boot/sha1.h>
+ 
+ int main (int argc, char **argv)
+ {

package/boot/uboot-layerscape/patches/010-fix_dtc_compilation_on_host_gcc10.patch

@@ -0,0 +1,46 @@
+From e33a814e772cdc36436c8c188d8c42d019fda639 Mon Sep 17 00:00:00 2001
+From: Dirk Mueller <dmueller@suse.com>
+Date: Tue, 14 Jan 2020 18:53:41 +0100
+Subject: [PATCH] scripts/dtc: Remove redundant YYLOC global declaration
+
+gcc 10 will default to -fno-common, which causes this error at link
+time:
+
+  (.text+0x0): multiple definition of `yylloc'; dtc-lexer.lex.o (symbol from plugin):(.text+0x0): first defined here
+
+This is because both dtc-lexer as well as dtc-parser define the same
+global symbol yyloc. Before with -fcommon those were merged into one
+defintion. The proper solution would be to to mark this as "extern",
+however that leads to:
+
+  dtc-lexer.l:26:16: error: redundant redeclaration of 'yylloc' [-Werror=redundant-decls]
+   26 | extern YYLTYPE yylloc;
+      |                ^~~~~~
+In file included from dtc-lexer.l:24:
+dtc-parser.tab.h:127:16: note: previous declaration of 'yylloc' was here
+  127 | extern YYLTYPE yylloc;
+      |                ^~~~~~
+cc1: all warnings being treated as errors
+
+which means the declaration is completely redundant and can just be
+dropped.
+
+Signed-off-by: Dirk Mueller <dmueller@suse.com>
+Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
+[robh: cherry-pick from upstream]
+Cc: stable@vger.kernel.org
+Signed-off-by: Rob Herring <robh@kernel.org>
+---
+ scripts/dtc/dtc-lexer.l | 1 -
+ 1 file changed, 1 deletion(-)
+
+--- a/scripts/dtc/dtc-lexer.l
++++ b/scripts/dtc/dtc-lexer.l
+@@ -38,7 +38,6 @@ LINECOMMENT	"//".*\n
+ #include "srcpos.h"
+ #include "dtc-parser.tab.h"
+ 
+-YYLTYPE yylloc;
+ extern bool treesource_error;
+ 
+ /* CAUTION: this will stop working if we ever use yyless() or yyunput() */

package/firmware/amd64-microcode/Makefile

@@ -1,47 +0,0 @@
-#
-# Copyright (C) 2018 OpenWrt.org
-#
-# This is free software, licensed under the GNU General Public License v2.
-# See /LICENSE for more information.
-#
-
-include $(TOPDIR)/rules.mk
-
-PKG_NAME:=amd64-microcode
-PKG_VERSION:=20191218
-PKG_RELEASE:=1
-
-PKG_SOURCE:=amd64-microcode_3.$(PKG_VERSION).$(PKG_RELEASE).tar.xz
-PKG_SOURCE_URL:=http://ftp.debian.org/debian/pool/non-free/a/amd64-microcode/
-PKG_HASH:=f469b79348097c5f04641b67a39d0ee5a2a1916c9556281626c04f2275d4132d
-PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-3.$(PKG_VERSION).$(PKG_RELEASE)
-
-PKG_LICENSE_FILE:=LICENSE.amd-ucode
-
-PKG_FLAGS:=nonshared
-
-include $(INCLUDE_DIR)/package.mk
-
-define Package/amd64-microcode
-  SECTION:=firmware
-  CATEGORY:=Firmware
-  URL:=$(PKG_SOURCE_URL)
-  DEPENDS:=@TARGET_x86
-  TITLE:=AMD64 CPU microcode
-endef
-
-define Build/Prepare
-	rm -rf $(PKG_BUILD_DIR)
-	mkdir -p $(PKG_BUILD_DIR)
-	$(TAR) -C $(BUILD_DIR) -xJf $(DL_DIR)/$(PKG_SOURCE)
-endef
-
-define Build/Compile
-endef
-
-define Package/amd64-microcode/install
-	$(INSTALL_DIR) $(1)/lib/firmware/amd-ucode
-	$(INSTALL_DATA) $(PKG_BUILD_DIR)/*.bin $(1)/lib/firmware/amd-ucode
-endef
-
-$(eval $(call BuildPackage,amd64-microcode))

package/firmware/cypress-firmware/Makefile

@@ -7,25 +7,24 @@
 
 include $(TOPDIR)/rules.mk
 
-UNPACK_CMD=unzip -q -p $(DL_DIR)/$(PKG_SOURCE) $(PKG_SOURCE_UNZIP) | gzip -dc | $(HOST_TAR) -C $(1) $(TAR_OPTIONS)
-
 PKG_NAME:=cypress-firmware
-PKG_VERSION:=v5.4.18-2020_0402
-PKG_RELEASE:=3
+PKG_VERSION:=5.4.18-2021_0812
+PKG_RELEASE:=1
 
-PKG_SOURCE_UNZIP:=cypress-firmware-$(PKG_VERSION).tar.gz
-PKG_SOURCE:=cypress-fmac-$(PKG_VERSION).zip
-PKG_SOURCE_URL:=https://community.cypress.com/gfawx74859/attachments/gfawx74859/resourcelibrary/1016/1/
-PKG_HASH:=b12b0570f462c2f3c26dde98b10235a845a7109037def1e7e51af728bcc1a958
+PKG_SOURCE_PROTO:=git
+PKG_SOURCE_URL:=https://github.com/Infineon/ifx-linux-firmware/
+PKG_MIRROR_HASH:=ac882b482dd401b53cdecc6004cd2bd3d65e888c19206dcf10931a28033ada4d
+PKG_SOURCE_VERSION:=release-v$(PKG_VERSION)
 
 PKG_MAINTAINER:=Álvaro Fernández Rojas <noltari@gmail.com>
+PKG_LICENSE_FILES:=LICENCE
 
 include $(INCLUDE_DIR)/package.mk
 
 define Package/cypress-firmware-default
   SECTION:=firmware
   CATEGORY:=Firmware
-  URL:=https://community.cypress.com/community/linux
+  URL:=https://community.infineon.com/
 endef
 
 define Build/Compile
@@ -41,10 +40,10 @@ endef
 define Package/cypress-firmware-43012-sdio/install
 	$(INSTALL_DIR) $(1)/lib/firmware/brcm
 	$(INSTALL_DATA) \
-		$(PKG_BUILD_DIR)/firmware/brcmfmac43012-sdio.bin \
+		$(PKG_BUILD_DIR)/firmware/cyfmac43012-sdio.bin \
 		$(1)/lib/firmware/brcm/brcmfmac43012-sdio.bin
 	$(INSTALL_DATA) \
-		$(PKG_BUILD_DIR)/firmware/brcmfmac43012-sdio.clm_blob \
+		$(PKG_BUILD_DIR)/firmware/cyfmac43012-sdio.clm_blob \
 		$(1)/lib/firmware/brcm/brcmfmac43012-sdio.clm_blob
 endef
 
@@ -59,7 +58,7 @@ endef
 define Package/cypress-firmware-43340-sdio/install
 	$(INSTALL_DIR) $(1)/lib/firmware/brcm
 	$(INSTALL_DATA) \
-		$(PKG_BUILD_DIR)/firmware/brcmfmac43340-sdio.bin \
+		$(PKG_BUILD_DIR)/firmware/cyfmac43340-sdio.bin \
 		$(1)/lib/firmware/brcm/brcmfmac43340-sdio.bin
 endef
 
@@ -76,7 +75,7 @@ endef
 define Package/cypress-firmware-43362-sdio/install
 	$(INSTALL_DIR) $(1)/lib/firmware/brcm
 	$(INSTALL_DATA) \
-		$(PKG_BUILD_DIR)/firmware/brcmfmac43362-sdio.bin \
+		$(PKG_BUILD_DIR)/firmware/cyfmac43362-sdio.bin \
 		$(1)/lib/firmware/brcm/brcmfmac43362-sdio.bin
 endef
 
@@ -91,7 +90,7 @@ endef
 define Package/cypress-firmware-4339-sdio/install
 	$(INSTALL_DIR) $(1)/lib/firmware/brcm
 	$(INSTALL_DATA) \
-		$(PKG_BUILD_DIR)/firmware/brcmfmac4339-sdio.bin \
+		$(PKG_BUILD_DIR)/firmware/cyfmac4339-sdio.bin \
 		$(1)/lib/firmware/brcm/brcmfmac4339-sdio.bin
 endef
 
@@ -108,10 +107,10 @@ endef
 define Package/cypress-firmware-43430-sdio/install
 	$(INSTALL_DIR) $(1)/lib/firmware/brcm
 	$(INSTALL_DATA) \
-		$(PKG_BUILD_DIR)/firmware/brcmfmac43430-sdio.bin \
+		$(PKG_BUILD_DIR)/firmware/cyfmac43430-sdio.bin \
 		$(1)/lib/firmware/brcm/brcmfmac43430-sdio.bin
 	$(INSTALL_DATA) \
-		$(PKG_BUILD_DIR)/firmware/brcmfmac43430-sdio.clm_blob \
+		$(PKG_BUILD_DIR)/firmware/cyfmac43430-sdio.clm_blob \
 		$(1)/lib/firmware/brcm/brcmfmac43430-sdio.clm_blob
 endef
 
@@ -128,10 +127,10 @@ endef
 define Package/cypress-firmware-43455-sdio/install
 	$(INSTALL_DIR) $(1)/lib/firmware/brcm
 	$(INSTALL_DATA) \
-		$(PKG_BUILD_DIR)/firmware/brcmfmac43455-sdio.bin \
+		$(PKG_BUILD_DIR)/firmware/cyfmac43455-sdio.bin \
 		$(1)/lib/firmware/brcm/brcmfmac43455-sdio.bin
 	$(INSTALL_DATA) \
-		$(PKG_BUILD_DIR)/firmware/brcmfmac43455-sdio.clm_blob \
+		$(PKG_BUILD_DIR)/firmware/cyfmac43455-sdio.clm_blob \
 		$(1)/lib/firmware/brcm/brcmfmac43455-sdio.clm_blob
 endef
 
@@ -146,10 +145,10 @@ endef
 define Package/cypress-firmware-4354-sdio/install
 	$(INSTALL_DIR) $(1)/lib/firmware/brcm
 	$(INSTALL_DATA) \
-		$(PKG_BUILD_DIR)/firmware/brcmfmac4354-sdio.bin \
+		$(PKG_BUILD_DIR)/firmware/cyfmac4354-sdio.bin \
 		$(1)/lib/firmware/brcm/brcmfmac4354-sdio.bin
 	$(INSTALL_DATA) \
-		$(PKG_BUILD_DIR)/firmware/brcmfmac4354-sdio.clm_blob \
+		$(PKG_BUILD_DIR)/firmware/cyfmac4354-sdio.clm_blob \
 		$(1)/lib/firmware/brcm/brcmfmac4354-sdio.clm_blob
 endef
 
@@ -164,10 +163,10 @@ endef
 define Package/cypress-firmware-4356-pcie/install
 	$(INSTALL_DIR) $(1)/lib/firmware/brcm
 	$(INSTALL_DATA) \
-		$(PKG_BUILD_DIR)/firmware/brcmfmac4356-pcie.bin \
+		$(PKG_BUILD_DIR)/firmware/cyfmac4356-pcie.bin \
 		$(1)/lib/firmware/brcm/brcmfmac4356-pcie.bin
 	$(INSTALL_DATA) \
-		$(PKG_BUILD_DIR)/firmware/brcmfmac4356-pcie.clm_blob \
+		$(PKG_BUILD_DIR)/firmware/cyfmac4356-pcie.clm_blob \
 		$(1)/lib/firmware/brcm/brcmfmac4356-pcie.clm_blob
 endef
 
@@ -182,10 +181,10 @@ endef
 define Package/cypress-firmware-4356-sdio/install
 	$(INSTALL_DIR) $(1)/lib/firmware/brcm
 	$(INSTALL_DATA) \
-		$(PKG_BUILD_DIR)/firmware/brcmfmac4356-sdio.bin \
+		$(PKG_BUILD_DIR)/firmware/cyfmac4356-sdio.bin \
 		$(1)/lib/firmware/brcm/brcmfmac4356-sdio.bin
 	$(INSTALL_DATA) \
-		$(PKG_BUILD_DIR)/firmware/brcmfmac4356-sdio.clm_blob \
+		$(PKG_BUILD_DIR)/firmware/cyfmac4356-sdio.clm_blob \
 		$(1)/lib/firmware/brcm/brcmfmac4356-sdio.clm_blob
 endef
 
@@ -200,51 +199,15 @@ endef
 define Package/cypress-firmware-43570-pcie/install
 	$(INSTALL_DIR) $(1)/lib/firmware/brcm
 	$(INSTALL_DATA) \
-		$(PKG_BUILD_DIR)/firmware/brcmfmac43570-pcie.bin \
+		$(PKG_BUILD_DIR)/firmware/cyfmac43570-pcie.bin \
 		$(1)/lib/firmware/brcm/brcmfmac43570-pcie.bin
 	$(INSTALL_DATA) \
-		$(PKG_BUILD_DIR)/firmware/brcmfmac43570-pcie.clm_blob \
+		$(PKG_BUILD_DIR)/firmware/cyfmac43570-pcie.clm_blob \
 		$(1)/lib/firmware/brcm/brcmfmac43570-pcie.clm_blob
 endef
 
 $(eval $(call BuildPackage,cypress-firmware-43570-pcie))
 
-# Cypress 4359 PCIe Firmware
-define Package/cypress-firmware-4359-pcie
-  $(Package/cypress-firmware-default)
-  TITLE:=CYW4359 FullMac PCIe firmware
-endef
-
-define Package/cypress-firmware-4359-pcie/install
-	$(INSTALL_DIR) $(1)/lib/firmware/brcm
-	$(INSTALL_DATA) \
-		$(PKG_BUILD_DIR)/firmware/brcmfmac4359-pcie.bin \
-		$(1)/lib/firmware/brcm/brcmfmac4359-pcie.bin
-	$(INSTALL_DATA) \
-		$(PKG_BUILD_DIR)/firmware/brcmfmac4359-pcie.clm_blob \
-		$(1)/lib/firmware/brcm/brcmfmac4359-pcie.clm_blob
-endef
-
-$(eval $(call BuildPackage,cypress-firmware-4359-pcie))
-
-# Cypress 4359 SDIO Firmware
-define Package/cypress-firmware-4359-sdio
-  $(Package/cypress-firmware-default)
-  TITLE:=CYW4359 FullMac SDIO firmware
-endef
-
-define Package/cypress-firmware-4359-sdio/install
-	$(INSTALL_DIR) $(1)/lib/firmware/brcm
-	$(INSTALL_DATA) \
-		$(PKG_BUILD_DIR)/firmware/brcmfmac4359-sdio.bin \
-		$(1)/lib/firmware/brcm/brcmfmac4359-sdio.bin
-	$(INSTALL_DATA) \
-		$(PKG_BUILD_DIR)/firmware/brcmfmac4359-sdio.clm_blob \
-		$(1)/lib/firmware/brcm/brcmfmac4359-sdio.clm_blob
-endef
-
-$(eval $(call BuildPackage,cypress-firmware-4359-sdio))
-
 # Cypress 4373 SDIO Firmware
 define Package/cypress-firmware-4373-sdio
   $(Package/cypress-firmware-default)
@@ -254,10 +217,10 @@ endef
 define Package/cypress-firmware-4373-sdio/install
 	$(INSTALL_DIR) $(1)/lib/firmware/brcm
 	$(INSTALL_DATA) \
-		$(PKG_BUILD_DIR)/firmware/brcmfmac4373-sdio.bin \
+		$(PKG_BUILD_DIR)/firmware/cyfmac4373-sdio.bin \
 		$(1)/lib/firmware/brcm/brcmfmac4373-sdio.bin
 	$(INSTALL_DATA) \
-		$(PKG_BUILD_DIR)/firmware/brcmfmac4373-sdio.clm_blob \
+		$(PKG_BUILD_DIR)/firmware/cyfmac4373-sdio.clm_blob \
 		$(1)/lib/firmware/brcm/brcmfmac4373-sdio.clm_blob
 endef
 
@@ -272,10 +235,10 @@ endef
 define Package/cypress-firmware-4373-usb/install
 	$(INSTALL_DIR) $(1)/lib/firmware/brcm
 	$(INSTALL_DATA) \
-		$(PKG_BUILD_DIR)/firmware/brcmfmac4373-usb.bin \
+		$(PKG_BUILD_DIR)/firmware/cyfmac4373-usb.bin \
 		$(1)/lib/firmware/brcm/brcmfmac4373-usb.bin
 	$(INSTALL_DATA) \
-		$(PKG_BUILD_DIR)/firmware/brcmfmac4373.clm_blob \
+		$(PKG_BUILD_DIR)/firmware/cyfmac4373.clm_blob \
 		$(1)/lib/firmware/brcm/brcmfmac4373.clm_blob
 endef
 
@@ -290,29 +253,11 @@ endef
 define Package/cypress-firmware-54591-pcie/install
 	$(INSTALL_DIR) $(1)/lib/firmware/brcm
 	$(INSTALL_DATA) \
-		$(PKG_BUILD_DIR)/firmware/brcmfmac54591-pcie.bin \
+		$(PKG_BUILD_DIR)/firmware/cyfmac54591-pcie.bin \
 		$(1)/lib/firmware/brcm/brcmfmac54591-pcie.bin
 	$(INSTALL_DATA) \
-		$(PKG_BUILD_DIR)/firmware/brcmfmac54591-pcie.clm_blob \
+		$(PKG_BUILD_DIR)/firmware/cyfmac54591-pcie.clm_blob \
 		$(1)/lib/firmware/brcm/brcmfmac54591-pcie.clm_blob
 endef
 
 $(eval $(call BuildPackage,cypress-firmware-54591-pcie))
-
-# Cypress 89459 PCIe Firmware
-define Package/cypress-firmware-89459-pcie
-  $(Package/cypress-firmware-default)
-  TITLE:=CYW89459 FullMac PCIe firmware
-endef
-
-define Package/cypress-firmware-89459-pcie/install
-	$(INSTALL_DIR) $(1)/lib/firmware/brcm
-	$(INSTALL_DATA) \
-		$(PKG_BUILD_DIR)/firmware/brcmfmac89459-pcie.bin \
-		$(1)/lib/firmware/brcm/brcmfmac89459-pcie.bin
-	$(INSTALL_DATA) \
-		$(PKG_BUILD_DIR)/firmware/brcmfmac89459-pcie.clm_blob \
-		$(1)/lib/firmware/brcm/brcmfmac89459-pcie.clm_blob
-endef
-
-$(eval $(call BuildPackage,cypress-firmware-89459-pcie))

package/firmware/cypress-nvram/Makefile

@@ -100,6 +100,9 @@ define Package/cypress-nvram-43455-sdio-rpi-4b/install
 	$(INSTALL_DATA) \
 		$(PKG_BUILD_DIR)/brcmfmac43455-sdio.raspberrypi,4-model-b.txt \
 		$(1)/lib/firmware/brcm/brcmfmac43455-sdio.raspberrypi,4-model-b.txt
+	$(INSTALL_DATA) \
+		$(PKG_BUILD_DIR)/brcmfmac43455-sdio.raspberrypi,4-model-b.txt \
+		$(1)/lib/firmware/brcm/brcmfmac43455-sdio.raspberrypi,4-compute-module.txt
 endef
 
 $(eval $(call BuildPackage,cypress-nvram-43455-sdio-rpi-4b))

package/firmware/intel-microcode/Makefile

@@ -8,13 +8,13 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=intel-microcode
-PKG_VERSION:=20200616
+PKG_VERSION:=20210608
 PKG_RELEASE:=1
 
-PKG_SOURCE:=intel-microcode_3.$(PKG_VERSION).$(PKG_RELEASE).tar.xz
+PKG_SOURCE:=intel-microcode_3.$(PKG_VERSION).2.tar.xz
 PKG_SOURCE_URL:=http://ftp.debian.org/debian/pool/non-free/i/intel-microcode/
-PKG_HASH:=bcc3b81c452fe4649a948c022475d76c1cdfbb730f36749a082f412f1406a3b9
-PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-3.$(PKG_VERSION).$(PKG_RELEASE)
+PKG_HASH:=fbf82688ffd0d87b352a35c57bd097ea014f0ad32c9c8f9629725c1b43d1c84d
+PKG_BUILD_DIR:=$(BUILD_DIR)/intel-microcode-3.$(PKG_VERSION).2
 
 PKG_BUILD_DEPENDS:=iucode-tool/host
 

package/firmware/linux-firmware/Makefile

@@ -8,12 +8,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=linux-firmware
-PKG_VERSION:=20201118
-PKG_RELEASE:=3
+PKG_VERSION:=20211216
+PKG_RELEASE:=1
 
 PKG_SOURCE_URL:=@KERNEL/linux/kernel/firmware
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
-PKG_HASH:=863d5a31da725b856a917280d1e3014929b3bc3d4e6e5faecf530c13afb7e2b9
+PKG_HASH:=eeddb4e6bef31fd1a3757f12ccc324929bbad97855c0b9ec5ed780f74de1837d
 
 PKG_MAINTAINER:=Felix Fietkau <nbd@nbd.name>
 

package/firmware/linux-firmware/amd.mk

@@ -0,0 +1,29 @@
+Package/amd64-microcode = $(call Package/firmware-default,AMD64 CPU microcode,@TARGET_x86)
+define Package/amd64-microcode/install
+	$(INSTALL_DIR) $(1)/lib/firmware/amd-ucode
+	$(CP) \
+		$(PKG_BUILD_DIR)/amd-ucode/*.bin \
+		$(1)/lib/firmware/amd-ucode
+endef
+
+$(eval $(call BuildPackage,amd64-microcode))
+
+Package/amdgpu-firmware = $(call Package/firmware-default,AMDGPU Video Driver firmware)
+define Package/amdgpu-firmware/install
+	$(INSTALL_DIR) $(1)/lib/firmware/amdgpu
+	$(CP) \
+		$(PKG_BUILD_DIR)/amdgpu/*.bin \
+		$(1)/lib/firmware/amdgpu
+endef
+
+$(eval $(call BuildPackage,amdgpu-firmware))
+
+Package/radeon-firmware = $(call Package/firmware-default,Radeon Video Driver firmware)
+define Package/radeon-firmware/install
+	$(INSTALL_DIR) $(1)/lib/firmware/radeon
+	$(CP) \
+		$(PKG_BUILD_DIR)/radeon/*.bin \
+		$(1)/lib/firmware/radeon
+endef
+
+$(eval $(call BuildPackage,radeon-firmware))

package/firmware/linux-firmware/amdgpu.mk

@@ -1,9 +0,0 @@
-Package/amdgpu-firmware = $(call Package/firmware-default,AMDGPU Video Driver firmware)
-define Package/amdgpu-firmware/install
-	$(INSTALL_DIR) $(1)/lib/firmware/amdgpu
-	$(CP) \
-		$(PKG_BUILD_DIR)/amdgpu/*.bin \
-		$(1)/lib/firmware/amdgpu
-endef
-
-$(eval $(call BuildPackage,amdgpu-firmware))

package/firmware/linux-firmware/broadcom.mk

@@ -34,24 +34,6 @@ define Package/brcmfmac-firmware-4329-sdio/install
 endef
 $(eval $(call BuildPackage,brcmfmac-firmware-4329-sdio))
 
-Package/brcmfmac-firmware-43362-sdio = $(call Package/firmware-default,Broadcom BCM43362 FullMac SDIO firmware)
-define Package/brcmfmac-firmware-43362-sdio/install
-	$(INSTALL_DIR) $(1)/lib/firmware/brcm
-	$(INSTALL_DATA) \
-		$(PKG_BUILD_DIR)/brcm/brcmfmac43362-sdio.bin \
-		$(1)/lib/firmware/brcm/brcmfmac43362-sdio.bin
-endef
-$(eval $(call BuildPackage,brcmfmac-firmware-43362-sdio))
-
-Package/brcmfmac-firmware-43430-sdio = $(call Package/firmware-default,Broadcom BCM43430 FullMac SDIO firmware)
-define Package/brcmfmac-firmware-43430-sdio/install
-	$(INSTALL_DIR) $(1)/lib/firmware/brcm
-	$(INSTALL_DATA) \
-		$(PKG_BUILD_DIR)/brcm/brcmfmac43430-sdio.bin \
-		$(1)/lib/firmware/brcm/brcmfmac43430-sdio.bin
-endef
-$(eval $(call BuildPackage,brcmfmac-firmware-43430-sdio))
-
 Package/brcmfmac-firmware-43430-sdio-rpi-3b = $(call Package/firmware-default,Broadcom BCM43430 NVRAM for Raspberry Pi 3B)
 define Package/brcmfmac-firmware-43430-sdio-rpi-3b/install
 	$(INSTALL_DIR) $(1)/lib/firmware/brcm
@@ -79,15 +61,6 @@ define Package/brcmfmac-firmware-43430a0-sdio/install
 endef
 $(eval $(call BuildPackage,brcmfmac-firmware-43430a0-sdio))
 
-Package/brcmfmac-firmware-43455-sdio = $(call Package/firmware-default,Broadcom BCM43455 FullMac SDIO firmware)
-define Package/brcmfmac-firmware-43455-sdio/install
-	$(INSTALL_DIR) $(1)/lib/firmware/brcm
-	$(INSTALL_DATA) \
-		$(PKG_BUILD_DIR)/brcm/brcmfmac43455-sdio.bin \
-		$(1)/lib/firmware/brcm/brcmfmac43455-sdio.bin
-endef
-$(eval $(call BuildPackage,brcmfmac-firmware-43455-sdio))
-
 Package/brcmfmac-firmware-43455-sdio-rpi-3b-plus = $(call Package/firmware-default,Broadcom BCM43455 NVRAM for Raspberry Pi 3B+)
 define Package/brcmfmac-firmware-43455-sdio-rpi-3b-plus/install
 	$(INSTALL_DIR) $(1)/lib/firmware/brcm

package/firmware/linux-firmware/qca_ath10k.mk

@@ -26,6 +26,23 @@ define Package/ath10k-firmware-qca4019/install
 endef
 $(eval $(call BuildPackage,ath10k-firmware-qca4019))
 
+Package/ath10k-board-qca9377 = $(call Package/firmware-default,ath10k qca9377 board firmware)
+define Package/ath10k-board-qca9377/install
+	$(INSTALL_DIR) $(1)/lib/firmware/ath10k/QCA9377/hw1.0
+	$(INSTALL_DATA) \
+		$(PKG_BUILD_DIR)/ath10k/QCA9377/hw1.0/board-2.bin \
+		$(1)/lib/firmware/ath10k/QCA9377/hw1.0/
+endef
+$(eval $(call BuildPackage,ath10k-board-qca9377))
+Package/ath10k-firmware-qca9377 = $(call Package/firmware-default,ath10k qca9377 firmware,+ath10k-board-qca9377)
+define Package/ath10k-firmware-qca9377/install
+	$(INSTALL_DIR) $(1)/lib/firmware/ath10k/QCA9377/hw1.0
+	$(INSTALL_DATA) \
+		$(PKG_BUILD_DIR)/ath10k/QCA9377/hw1.0/firmware-6.bin \
+		$(1)/lib/firmware/ath10k/QCA9377/hw1.0/firmware-6.bin
+endef
+$(eval $(call BuildPackage,ath10k-firmware-qca9377))
+
 Package/ath10k-board-qca9887 = $(call Package/firmware-default,ath10k qca9887 board firmware)
 define Package/ath10k-board-qca9887/install
 	$(INSTALL_DIR) $(1)/lib/firmware/ath10k/QCA9887/hw1.0

package/firmware/linux-firmware/radeon.mk

@@ -1,9 +0,0 @@
-Package/radeon-firmware = $(call Package/firmware-default,Radeon Video Driver firmware)
-define Package/radeon-firmware/install
-	$(INSTALL_DIR) $(1)/lib/firmware/radeon
-	$(CP) \
-		$(PKG_BUILD_DIR)/radeon/*.bin \
-		$(1)/lib/firmware/radeon
-endef
-
-$(eval $(call BuildPackage,radeon-firmware))

package/firmware/linux-firmware/realtek.mk

@@ -76,16 +76,10 @@ Package/rtl8723bu-firmware = $(call Package/firmware-default,RealTek RTL8723BU f
 define Package/rtl8723bu-firmware/install
 	$(INSTALL_DIR) $(1)/lib/firmware/rtlwifi
 	$(INSTALL_DATA) $(PKG_BUILD_DIR)/rtlwifi/rtl8723bu_nic.bin $(1)/lib/firmware/rtlwifi
+	ln -s rtl8723bu_nic.bin $(1)/lib/firmware/rtlwifi/rtl8723bs_nic.bin
 endef
 $(eval $(call BuildPackage,rtl8723bu-firmware))
 
-Package/rtl8723bs-firmware = $(call Package/firmware-default,RealTek RTL8723BS firmware)
-define Package/rtl8723bs-firmware/install
-	$(INSTALL_DIR) $(1)/lib/firmware/rtlwifi
-	$(INSTALL_DATA) $(PKG_BUILD_DIR)/rtlwifi/rtl8723bs*.bin $(1)/lib/firmware/rtlwifi
-endef
-$(eval $(call BuildPackage,rtl8723bs-firmware))
-
 Package/rtl8821ae-firmware = $(call Package/firmware-default,RealTek RTL8821AE firmware)
 define Package/rtl8821ae-firmware/install
 	$(INSTALL_DIR) $(1)/lib/firmware/rtlwifi

package/firmware/wireless-regdb/Makefile

@@ -1,12 +1,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=wireless-regdb
-PKG_VERSION:=2021.04.21
+PKG_VERSION:=2021.08.28
 PKG_RELEASE:=1
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
 PKG_SOURCE_URL:=@KERNEL/software/network/wireless-regdb/
-PKG_HASH:=9e4c02b2a9710df4dbdb327c39612e8cbbae6495987afeddaebab28c1ea3d8fa
+PKG_HASH:=cff370c410d1e6d316ae0a7fa8ac6278fdf1efca5d3d664aca7cfd2aafa54446
 
 PKG_MAINTAINER:=Felix Fietkau <nbd@nbd.name>
 

package/kernel/ath10k-ct/Makefile

@@ -1,16 +1,16 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=ath10k-ct
-PKG_RELEASE=2
+PKG_RELEASE:=$(AUTORELEASE)
 
 PKG_LICENSE:=GPLv2
 PKG_LICENSE_FILES:=
 
 PKG_SOURCE_URL:=https://github.com/greearb/ath10k-ct.git
 PKG_SOURCE_PROTO:=git
-PKG_SOURCE_DATE:=2021-01-11
-PKG_SOURCE_VERSION:=9fe1df7d4f783b6b0cd1c99d11979e5a6e6fc40b
-PKG_MIRROR_HASH:=4e30e256716611045e930b95eadaa8bfcadd5bdd8bbe3869cfe0f377920e812b
+PKG_SOURCE_DATE:=2021-09-22
+PKG_SOURCE_VERSION:=e6a7d5b5b834737cd12e357b5efdc2e42d923bf6
+PKG_MIRROR_HASH:=62a1b97089d3561730656ef73beb3cd77231ec636645115cc1bbb3c6c84a6fe3
 
 # Build the 5.10 ath10k-ct driver version.
 # Probably this should match as closely as

package/kernel/ath10k-ct/patches/164-ath10k-commit-rates-from-mac80211.patch

@@ -1,37 +0,0 @@
-From: Sven Eckelmann <sven@narfation.org>
-Date: Tue, 26 Feb 2019 08:06:35 +0100
-Subject: ath10k-ct: apply mac80211 rates to ath10k-ct rate state
-
-The rates from mac80211 have to be copied to the state of ath10k-ct or
-otherwise the ath10k_check_apply_special_rates function overwrites
-them again with some default values. This breaks for example the
-mcast_rate set for a wifi-iface.
-
-Signed-off-by: Sven Eckelmann <sven@narfation.org>
-
---- a/ath10k-5.10/mac.c
-+++ b/ath10k-5.10/mac.c
-@@ -6774,6 +6774,7 @@ static void ath10k_recalculate_mgmt_rate
- 		return;
- 	}
- 
-+	arvif->mgt_rate[def->chan->band] = hw_rate_code;
- 	vdev_param = ar->wmi.vdev_param->mgmt_rate;
- 	ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, vdev_param,
- 					hw_rate_code);
-@@ -7000,6 +7001,7 @@ static void ath10k_bss_info_changed(stru
- 			   "mac vdev %d mcast_rate %x\n",
- 			   arvif->vdev_id, rate);
- 
-+		arvif->mcast_rate[band] = rate;
- 		vdev_param = ar->wmi.vdev_param->mcast_data_rate;
- 		ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id,
- 						vdev_param, rate);
-@@ -7008,6 +7010,7 @@ static void ath10k_bss_info_changed(stru
- 				    "failed to set mcast rate on vdev %i: %d\n",
- 				    arvif->vdev_id,  ret);
- 
-+		arvif->bcast_rate[band] = rate;
- 		vdev_param = ar->wmi.vdev_param->bcast_data_rate;
- 		ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id,
- 						vdev_param, rate);

package/kernel/ath10k-ct/patches/201-ath10k-add-LED-and-GPIO-controlling-support-for-various-chipsets.patch

@@ -210,7 +210,7 @@ v13:
  
  #include "htt.h"
  #include "htc.h"
-@@ -1551,6 +1552,13 @@ struct ath10k {
+@@ -1557,6 +1558,13 @@ struct ath10k {
  	} testmode;
  
  	struct {
@@ -445,7 +445,7 @@ v13:
  {
 --- a/ath10k-5.10/wmi-tlv.c
 +++ b/ath10k-5.10/wmi-tlv.c
-@@ -4585,6 +4585,8 @@ static const struct wmi_ops wmi_tlv_ops
+@@ -4594,6 +4594,8 @@ static const struct wmi_ops wmi_tlv_ops
  	.gen_echo = ath10k_wmi_tlv_op_gen_echo,
  	.gen_vdev_spectral_conf = ath10k_wmi_tlv_op_gen_vdev_spectral_conf,
  	.gen_vdev_spectral_enable = ath10k_wmi_tlv_op_gen_vdev_spectral_enable,

package/kernel/ath10k-ct/patches/202-ath10k-use-tpt-trigger-by-default.patch

@@ -16,7 +16,7 @@ Signed-off-by: Mathias Kresin <dev@kresin.me>
 
 --- a/ath10k-5.10/core.h
 +++ b/ath10k-5.10/core.h
-@@ -1659,6 +1659,10 @@ struct ath10k {
+@@ -1665,6 +1665,10 @@ struct ath10k {
  	u8 csi_data[4096];
  	u16 csi_data_len;
  
@@ -42,7 +42,7 @@ Signed-off-by: Mathias Kresin <dev@kresin.me>
  	if (ret)
 --- a/ath10k-5.10/mac.c
 +++ b/ath10k-5.10/mac.c
-@@ -11400,7 +11400,7 @@ int ath10k_mac_register(struct ath10k *a
+@@ -11405,7 +11405,7 @@ int ath10k_mac_register(struct ath10k *a
  	ar->hw->weight_multiplier = ATH10K_AIRTIME_WEIGHT_MULTIPLIER;
  
  #ifdef CPTCFG_MAC80211_LEDS

package/kernel/bcm63xx-cfe/Makefile

@@ -2,13 +2,13 @@ include $(TOPDIR)/rules.mk
 include $(INCLUDE_DIR)/kernel.mk
 
 PKG_NAME:=bcm63xx-cfe
-PKG_RELEASE:=2
+PKG_RELEASE:=1
 
 PKG_SOURCE_URL:=https://github.com/openwrt/bcm63xx-cfe.git
 PKG_SOURCE_PROTO:=git
-PKG_SOURCE_DATE:=2021-03-05
-PKG_SOURCE_VERSION:=d03501629fc8b1ba8f9b0961d543c256a3d0098f
-PKG_MIRROR_HASH:=b32a6f68d59c8f4534def7ec2568ad7da7a612a605b9406328309c78115ee88d
+PKG_SOURCE_DATE:=2021-06-22
+PKG_SOURCE_VERSION:=e5050f37150b34deb547b50feccd0e7439cb5bd7
+PKG_MIRROR_HASH:=85fed9f4bdf23cf7d33a02f549ffe9073666890f786d5ffa484c0368552b75ae
 
 PKG_FLAGS:=nonshared
 

package/kernel/exfat/Makefile

@@ -7,12 +7,12 @@ include $(TOPDIR)/rules.mk
 include $(INCLUDE_DIR)/kernel.mk
 
 PKG_NAME:=exfat
-PKG_VERSION:=5.10.1
-PKG_RELEASE:=1
+PKG_VERSION:=5.12.3
+PKG_RELEASE:=$(AUTORELEASE)
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=https://codeload.github.com/namjaejeon/linux-exfat-oot/tar.gz/$(PKG_VERSION)?
-PKG_HASH:=0ff77dd7d39eb231d00c3c4909b9fad31ebeeb618bd6fa18fce142becc9c1f98
+PKG_HASH:=43889c73af76c466bbc904aff80354a62ecaa24c7b20e354ff735f5949907982
 PKG_BUILD_DIR:=$(KERNEL_BUILD_DIR)/linux-exfat-oot-$(PKG_VERSION)
 
 PKG_MAINTAINER:=

package/kernel/gpio-button-hotplug/src/gpio-button-hotplug.c

@@ -242,11 +242,11 @@ static int gpio_button_get_value(struct gpio_keys_button_data *bdata)
 	int val;
 
 	if (bdata->can_sleep)
-		val = !!gpio_get_value_cansleep(bdata->b->gpio);
+		val = !!gpiod_get_value_cansleep(bdata->gpiod);
 	else
-		val = !!gpio_get_value(bdata->b->gpio);
+		val = !!gpiod_get_value(bdata->gpiod);
 
-	return val ^ bdata->b->active_low;
+	return val;
 }
 
 static void gpio_keys_handle_button(struct gpio_keys_button_data *bdata)
@@ -365,7 +365,6 @@ gpio_keys_get_devtree_pdata(struct device *dev)
 	struct device_node *node, *pp;
 	struct gpio_keys_platform_data *pdata;
 	struct gpio_keys_button *button;
-	int error;
 	int nbuttons;
 	int i = 0;
 
@@ -375,14 +374,12 @@ gpio_keys_get_devtree_pdata(struct device *dev)
 
 	nbuttons = of_get_child_count(node);
 	if (nbuttons == 0)
-		return NULL;
+		return ERR_PTR(-EINVAL);
 
 	pdata = devm_kzalloc(dev, sizeof(*pdata) + nbuttons * (sizeof *button),
 		GFP_KERNEL);
-	if (!pdata) {
-		error = -ENOMEM;
-		goto err_out;
-	}
+	if (!pdata)
+		return ERR_PTR(-ENOMEM);
 
 	pdata->buttons = (struct gpio_keys_button *)(pdata + 1);
 	pdata->nbuttons = nbuttons;
@@ -391,37 +388,13 @@ gpio_keys_get_devtree_pdata(struct device *dev)
 	of_property_read_u32(node, "poll-interval", &pdata->poll_interval);
 
 	for_each_child_of_node(node, pp) {
-		enum of_gpio_flags flags;
-
-		if (!of_find_property(pp, "gpios", NULL)) {
-			pdata->nbuttons--;
-			dev_warn(dev, "Found button without gpios\n");
-			continue;
-		}
-
 		button = (struct gpio_keys_button *)(&pdata->buttons[i++]);
 
-		button->irq = irq_of_parse_and_map(pp, 0);
-
-		button->gpio = of_get_gpio_flags(pp, 0, &flags);
-		if (button->gpio < 0) {
-			error = button->gpio;
-			if (error != -ENOENT) {
-				if (error != -EPROBE_DEFER)
-					dev_err(dev,
-						"Failed to get gpio flags, error: %d\n",
-						error);
-				return ERR_PTR(error);
-			}
-		} else {
-			button->active_low = !!(flags & OF_GPIO_ACTIVE_LOW);
-		}
-
 		if (of_property_read_u32(pp, "linux,code", &button->code)) {
-			dev_err(dev, "Button without keycode: 0x%x\n",
-				button->gpio);
-			error = -EINVAL;
-			goto err_out;
+			dev_err(dev, "Button node '%s' without keycode\n",
+				pp->full_name);
+			of_node_put(pp);
+			return ERR_PTR(-EINVAL);
 		}
 
 		button->desc = of_get_property(pp, "label", NULL);
@@ -434,17 +407,12 @@ gpio_keys_get_devtree_pdata(struct device *dev)
 		if (of_property_read_u32(pp, "debounce-interval",
 					&button->debounce_interval))
 			button->debounce_interval = 5;
-	}
 
-	if (pdata->nbuttons == 0) {
-		error = -EINVAL;
-		goto err_out;
+		button->irq = irq_of_parse_and_map(pp, 0);
+		button->gpio = -ENOENT; /* mark this as device-tree */
 	}
 
 	return pdata;
-
-err_out:
-	return ERR_PTR(error);
 }
 
 static struct of_device_id gpio_keys_of_match[] = {
@@ -471,11 +439,12 @@ gpio_keys_get_devtree_pdata(struct device *dev)
 static int gpio_keys_button_probe(struct platform_device *pdev,
 		struct gpio_keys_button_dev **_bdev, int polled)
 {
-	struct gpio_keys_platform_data *pdata = pdev->dev.platform_data;
 	struct device *dev = &pdev->dev;
+	struct gpio_keys_platform_data *pdata = dev_get_platdata(dev);
 	struct gpio_keys_button_dev *bdev;
 	struct gpio_keys_button *buttons;
-	int error;
+	struct device_node *prev = NULL;
+	int error = 0;
 	int i;
 
 	if (!pdata) {
@@ -514,46 +483,67 @@ static int gpio_keys_button_probe(struct platform_device *pdev,
 	for (i = 0; i < pdata->nbuttons; i++) {
 		struct gpio_keys_button *button = &buttons[i];
 		struct gpio_keys_button_data *bdata = &bdev->data[i];
-		unsigned int gpio = button->gpio;
+		const char *desc = button->desc ? button->desc : DRV_NAME;
 
 		if (button->wakeup) {
 			dev_err(dev, "does not support wakeup\n");
-			return -EINVAL;
+			error = -EINVAL;
+			goto out;
 		}
 
 		bdata->map_entry = button_get_index(button->code);
 		if (bdata->map_entry < 0) {
-			dev_warn(dev, "does not support key code:%u\n",
+			dev_err(dev, "does not support key code:%u\n",
 				button->code);
-			continue;
+			error = -EINVAL;
+			goto out;
 		}
 
 		if (!(button->type == 0 || button->type == EV_KEY ||
 		      button->type == EV_SW)) {
-			dev_warn(dev, "only supports buttons or switches\n");
-			continue;
+			dev_err(dev, "only supports buttons or switches\n");
+			error = -EINVAL;
+			goto out;
 		}
 
-		error = devm_gpio_request(dev, gpio,
-				     button->desc ? button->desc : DRV_NAME);
-		if (error) {
-			dev_err(dev, "unable to claim gpio %u, err=%d\n",
-				gpio, error);
-			return error;
-		}
-		bdata->gpiod = gpio_to_desc(gpio);
-		if (!bdata->gpiod)
-			return -EINVAL;
+		if (gpio_is_valid(button->gpio)) {
+			/* legacy platform data... but is it the lookup table? */
+			bdata->gpiod = devm_gpiod_get_index(dev, desc, i,
+							    GPIOD_IN);
+			if (IS_ERR(bdata->gpiod)) {
+				/* or the legacy (button->gpio is good) way? */
+				error = devm_gpio_request_one(dev,
+					button->gpio, GPIOF_IN | (
+					button->active_low ? GPIOF_ACTIVE_LOW :
+					0), desc);
+				if (error) {
+					if (error != -EPROBE_DEFER) {
+						dev_err(dev, "unable to claim gpio %d, err=%d\n",
+							button->gpio, error);
+					}
+					goto out;
+				}
 
-		error = gpio_direction_input(gpio);
-		if (error) {
-			dev_err(dev,
-				"unable to set direction on gpio %u, err=%d\n",
-				gpio, error);
-			return error;
+				bdata->gpiod = gpio_to_desc(button->gpio);
+			}
+		} else {
+			/* Device-tree */
+			struct device_node *child =
+				of_get_next_child(dev->of_node, prev);
+
+			bdata->gpiod = devm_gpiod_get_from_of_node(dev,
+				child, "gpios", 0, GPIOD_IN, desc);
+
+			prev = child;
 		}
 
-		bdata->can_sleep = gpio_cansleep(gpio);
+		if (IS_ERR_OR_NULL(bdata->gpiod)) {
+			error = IS_ERR(bdata->gpiod) ? PTR_ERR(bdata->gpiod) :
+				-EINVAL;
+			goto out;
+		}
+
+		bdata->can_sleep = gpiod_cansleep(bdata->gpiod);
 		bdata->last_state = -1; /* Unknown state on boot */
 
 		if (bdev->polled) {
@@ -584,8 +574,11 @@ static int gpio_keys_button_probe(struct platform_device *pdev,
 	platform_set_drvdata(pdev, bdev);
 
 	*_bdev = bdev;
+	error = 0;
 
-	return 0;
+out:
+	of_node_put(prev);
+	return error;
 }
 
 static int gpio_keys_probe(struct platform_device *pdev)
@@ -594,9 +587,7 @@ static int gpio_keys_probe(struct platform_device *pdev)
 	struct gpio_keys_button_dev *bdev;
 	int ret, i;
 
-
 	ret = gpio_keys_button_probe(pdev, &bdev, 0);
-
 	if (ret)
 		return ret;
 
@@ -608,12 +599,8 @@ static int gpio_keys_probe(struct platform_device *pdev)
 
 		INIT_DELAYED_WORK(&bdata->work, gpio_keys_irq_work_func);
 
-		if (!bdata->gpiod)
-			continue;
-
 		if (!button->irq) {
-			bdata->irq = gpio_to_irq(button->gpio);
-
+			bdata->irq = gpiod_to_irq(bdata->gpiod);
 			if (bdata->irq < 0) {
 				dev_err(&pdev->dev, "failed to get irq for gpio:%d\n",
 					button->gpio);
@@ -631,7 +618,6 @@ static int gpio_keys_probe(struct platform_device *pdev)
 		ret = devm_request_threaded_irq(&pdev->dev,
 			bdata->irq, NULL, button_handle_irq,
 			irqflags, dev_name(&pdev->dev), bdata);
-
 		if (ret < 0) {
 			bdata->irq = 0;
 			dev_err(&pdev->dev, "failed to request irq:%d for gpio:%d\n",
@@ -653,14 +639,12 @@ static int gpio_keys_polled_probe(struct platform_device *pdev)
 	int ret;
 
 	ret = gpio_keys_button_probe(pdev, &bdev, 1);
-
 	if (ret)
 		return ret;
 
 	INIT_DELAYED_WORK(&bdev->work, gpio_keys_polled_poll);
 
 	pdata = bdev->pdata;
-
 	if (pdata->enable)
 		pdata->enable(bdev->dev);
 

package/kernel/linux/modules/leds.mk

@@ -84,6 +84,22 @@ endef
 $(eval $(call KernelPackage,ledtrig-oneshot))
 
 
+define KernelPackage/ledtrig-pattern
+  SUBMENU:=$(LEDS_MENU)
+  TITLE:=LED Pattern Trigger
+  KCONFIG:=CONFIG_LEDS_TRIGGER_PATTERN
+  FILES:=$(LED_TRIGGER_DIR)/ledtrig-pattern.ko
+  AUTOLOAD:=$(call AutoLoad,50,ledtrig-pattern)
+endef
+
+define KernelPackage/ledtrig-pattern/description
+ This allows LEDs to be controlled by a software or hardware pattern
+ which is a series of tuples, of brightness and duration (ms).
+endef
+
+$(eval $(call KernelPackage,ledtrig-pattern))
+
+
 define KernelPackage/leds-pca963x
   SUBMENU:=$(LEDS_MENU)
   TITLE:=PCA963x LED support
@@ -114,3 +130,17 @@ define KernelPackage/leds-pwm/description
 endef
 
 $(eval $(call KernelPackage,leds-pwm))
+
+define KernelPackage/leds-uleds
+  SUBMENU:=$(LEDS_MENU)
+  TITLE:=Userspace LEDs
+  KCONFIG:=CONFIG_LEDS_USER
+  FILES:=$(LINUX_DIR)/drivers/leds/uleds.ko
+  AUTOLOAD:=$(call AutoLoad,60,uleds,1)
+endef
+
+define KernelPackage/leds-uleds/description
+ This option enables support for userspace LEDs.
+endef
+
+$(eval $(call KernelPackage,leds-uleds))

package/kernel/linux/modules/netsupport.mk

@@ -721,7 +721,7 @@ $(eval $(call KernelPackage,mppe))
 
 
 SCHED_MODULES = $(patsubst $(LINUX_DIR)/net/sched/%.ko,%,$(wildcard $(LINUX_DIR)/net/sched/*.ko))
-SCHED_MODULES_CORE = sch_ingress sch_fq_codel sch_hfsc sch_htb sch_tbf cls_basic cls_fw cls_route cls_flow cls_tcindex cls_u32 em_u32 act_mirred act_skbedit cls_matchall
+SCHED_MODULES_CORE = sch_ingress sch_fq_codel sch_hfsc sch_htb sch_tbf cls_basic cls_fw cls_route cls_flow cls_tcindex cls_u32 em_u32 act_gact act_mirred act_skbedit cls_matchall
 SCHED_MODULES_FILTER = $(SCHED_MODULES_CORE) act_connmark act_ctinfo sch_cake sch_netem sch_mqprio em_ipset cls_bpf cls_flower act_bpf act_vlan
 SCHED_MODULES_EXTRA = $(filter-out $(SCHED_MODULES_FILTER),$(SCHED_MODULES))
 SCHED_FILES = $(patsubst %,$(LINUX_DIR)/net/sched/%.ko,$(filter $(SCHED_MODULES_CORE),$(SCHED_MODULES)))
@@ -745,6 +745,7 @@ define KernelPackage/sched-core
 	CONFIG_NET_CLS_ROUTE4 \
 	CONFIG_NET_CLS_TCINDEX \
 	CONFIG_NET_CLS_U32 \
+	CONFIG_NET_ACT_GACT \
 	CONFIG_NET_ACT_MIRRED \
 	CONFIG_NET_ACT_SKBEDIT \
 	CONFIG_NET_CLS_MATCHALL \
@@ -899,7 +900,6 @@ define KernelPackage/sched
 	CONFIG_NET_SCH_FQ \
 	CONFIG_NET_SCH_PIE \
 	CONFIG_NET_ACT_POLICE \
-	CONFIG_NET_ACT_GACT \
 	CONFIG_NET_ACT_IPT \
 	CONFIG_NET_ACT_PEDIT \
 	CONFIG_NET_ACT_SIMP \

package/kernel/mac80211/Makefile

@@ -10,10 +10,10 @@ include $(INCLUDE_DIR)/kernel.mk
 
 PKG_NAME:=mac80211
 
-PKG_VERSION:=5.10.42-1
+PKG_VERSION:=5.10.110-1
 PKG_RELEASE:=1
-PKG_SOURCE_URL:=@KERNEL/linux/kernel/projects/backports/stable/v5.10.42/
-PKG_HASH:=6876520105240844fdb32d1dcdf2bfdea291a37a96f16c892fda3776ba714fcb
+PKG_SOURCE_URL:=@KERNEL/linux/kernel/projects/backports/stable/v5.10.110/
+PKG_HASH:=3d958154080c059adaf26512430fd1a8888d65a2228e5e70e48d028201e148b1
 
 PKG_SOURCE:=backports-$(PKG_VERSION).tar.xz
 PKG_BUILD_DIR:=$(KERNEL_BUILD_DIR)/backports-$(PKG_VERSION)
@@ -434,9 +434,15 @@ config-$(call config_package,rsi91x-sdio) += RSI_SDIO
 
 config-$(CONFIG_LEDS_TRIGGERS) += MAC80211_LEDS
 
+C_DEFINES=
+
+ifeq ($(BUILD_VARIANT),smallbuffers)
+	C_DEFINES+= -DCONFIG_ATH10K_SMALLBUFFERS
+endif
+
 MAKE_OPTS:= -C "$(PKG_BUILD_DIR)" \
 	$(KERNEL_MAKE_FLAGS) \
-	EXTRA_CFLAGS="-I$(PKG_BUILD_DIR)/include $(IREMAP_CFLAGS)" \
+	EXTRA_CFLAGS="-I$(PKG_BUILD_DIR)/include $(IREMAP_CFLAGS) $(C_DEFINES)" \
 	KLIB_BUILD="$(LINUX_DIR)" \
 	MODPROBE=true \
 	KLIB=$(TARGET_MODULES_DIR) \

package/kernel/mac80211/ath.mk

@@ -1,5 +1,5 @@
 PKG_DRIVERS += \
-	ath ath5k ath6kl ath6kl-sdio ath6kl-usb ath9k ath9k-common ath9k-htc ath10k \
+	ath ath5k ath6kl ath6kl-sdio ath6kl-usb ath9k ath9k-common ath9k-htc ath10k ath10k-smallbuffers \
 	carl9170 owl-loader ar5523 wil6210
 
 PKG_CONFIG_DEPENDS += \
@@ -55,6 +55,7 @@ config-$(CONFIG_ATH10K_THERMAL) += ATH10K_THERMAL
 
 config-$(call config_package,ath9k-htc) += ATH9K_HTC
 config-$(call config_package,ath10k) += ATH10K ATH10K_PCI
+config-$(call config_package,ath10k-smallbuffers) += ATH10K ATH10K_PCI ATH10K_SMALLBUFFERS
 
 config-$(call config_package,ath5k) += ATH5K
 ifdef CONFIG_TARGET_ath25
@@ -260,6 +261,7 @@ define KernelPackage/ath10k
 	$(PKG_BUILD_DIR)/drivers/net/wireless/ath/ath10k/ath10k_core.ko \
 	$(PKG_BUILD_DIR)/drivers/net/wireless/ath/ath10k/ath10k_pci.ko
   AUTOLOAD:=$(call AutoProbe,ath10k_pci)
+  VARIANT:=regular
 endef
 
 define KernelPackage/ath10k/description
@@ -273,14 +275,20 @@ define KernelPackage/ath10k/config
        config ATH10K_LEDS
                bool "Enable LED support"
                default y
-               depends on PACKAGE_kmod-ath10k
+               depends on PACKAGE_kmod-ath10k || PACKAGE_kmod-ath10k-smallbuffers
 
        config ATH10K_THERMAL
                bool "Enable thermal sensors and throttling support"
-               depends on PACKAGE_kmod-ath10k
+               depends on PACKAGE_kmod-ath10k || PACKAGE_kmod-ath10k-smallbuffers
 
 endef
 
+define KernelPackage/ath10k-smallbuffers
+  $(call KernelPackage/ath10k)
+  TITLE+= (small buffers for low-RAM devices)
+  VARIANT:=smallbuffers
+endef
+
 define KernelPackage/carl9170
   $(call KernelPackage/mac80211/Default)
   TITLE:=Driver for Atheros AR9170 USB sticks

package/kernel/mac80211/files/lib/netifd/wireless/mac80211.sh

@@ -26,7 +26,6 @@ drv_mac80211_init_device_config() {
 	hostapd_common_add_device_config
 
 	config_add_string path phy 'macaddr:macaddr'
-	config_add_string hwmode
 	config_add_string tx_burst
 	config_add_string distance
 	config_add_int beacon_int chanbw frag rts
@@ -44,11 +43,26 @@ drv_mac80211_init_device_config() {
 		su_beamformee \
 		mu_beamformer \
 		mu_beamformee \
+		he_su_beamformer \
+		he_su_beamformee \
+		he_mu_beamformer \
 		vht_txop_ps \
 		htc_vht \
 		rx_antenna_pattern \
-		tx_antenna_pattern
-	config_add_int vht_max_a_mpdu_len_exp vht_max_mpdu vht_link_adapt vht160 rx_stbc tx_stbc
+		tx_antenna_pattern \
+		he_spr_sr_control \
+		he_twt_required
+	config_add_int \
+		beamformer_antennas \
+		beamformee_antennas \
+		vht_max_a_mpdu_len_exp \
+		vht_max_mpdu \
+		vht_link_adapt \
+		vht160 \
+		rx_stbc \
+		tx_stbc \
+		he_bss_color \
+		he_spr_non_srg_obss_pd_max_offset
 	config_add_boolean \
 		ldpc \
 		greenfield \
@@ -96,6 +110,23 @@ mac80211_add_capabilities() {
 	export -n -- "$__var=$__out"
 }
 
+mac80211_add_he_capabilities() {
+	local __out= oifs
+
+	oifs="$IFS"
+	IFS=:
+	for capab in "$@"; do
+		set -- $capab
+		[ "$(($4))" -gt 0 ] || continue
+		[ "$(((0x$2) & $3))" -gt 0 ] || {
+			eval "$1=0"
+			continue
+		}
+		append base_cfg "$1=1" "$N"
+	done
+	IFS="$oifs"
+}
+
 mac80211_hostapd_setup_base() {
 	local phy="$1"
 
@@ -119,6 +150,9 @@ mac80211_hostapd_setup_base() {
 	[ "$noscan" -gt 0 ] && hostapd_noscan=1
 	[ "$tx_burst" = 0 ] && tx_burst=
 
+	chan_ofs=0
+	[ "$band" = "6g" ] && chan_ofs=1
+
 	ieee80211n=1
 	ht_capab=
 	case "$htmode" in
@@ -126,7 +160,7 @@ mac80211_hostapd_setup_base() {
 		HT40*|VHT40|VHT80|VHT160|HE40|HE80|HE160)
 			case "$hwmode" in
 				a)
-					case "$(( ($channel / 4) % 2 ))" in
+					case "$(( (($channel / 4) + $chan_ofs) % 2 ))" in
 						1) ht_capab="[HT40+]";;
 						0) ht_capab="[HT40-]";;
 					esac
@@ -200,7 +234,7 @@ mac80211_hostapd_setup_base() {
 	case "$htmode" in
 		VHT20|HE20) enable_ac=1;;
 		VHT40|HE40)
-			case "$(( ($channel / 4) % 2 ))" in
+			case "$(( (($channel / 4) + $chan_ofs) % 2 ))" in
 				1) idx=$(($channel + 2));;
 				0) idx=$(($channel - 2));;
 			esac
@@ -208,7 +242,7 @@ mac80211_hostapd_setup_base() {
 			vht_center_seg0=$idx
 		;;
 		VHT80|HE80)
-			case "$(( ($channel / 4) % 4 ))" in
+			case "$(( (($channel / 4) + $chan_ofs) % 4 ))" in
 				1) idx=$(($channel + 6));;
 				2) idx=$(($channel + 2));;
 				3) idx=$(($channel - 2));;
@@ -219,15 +253,35 @@ mac80211_hostapd_setup_base() {
 			vht_center_seg0=$idx
 		;;
 		VHT160|HE160)
-			case "$channel" in
-				36|40|44|48|52|56|60|64) idx=50;;
-				100|104|108|112|116|120|124|128) idx=114;;
-			esac
+			if [ "$band" = "6g" ]; then
+				case "$channel" in
+					1|5|9|13|17|21|25|29) idx=15;;
+					33|37|41|45|49|53|57|61) idx=47;;
+					65|69|73|77|81|85|89|93) idx=79;;
+					97|101|105|109|113|117|121|125) idx=111;;
+					129|133|137|141|145|149|153|157) idx=143;;
+					161|165|169|173|177|181|185|189) idx=175;;
+					193|197|201|205|209|213|217|221) idx=207;;
+				esac
+			else
+				case "$channel" in
+					36|40|44|48|52|56|60|64) idx=50;;
+					100|104|108|112|116|120|124|128) idx=114;;
+				esac
+			fi
 			enable_ac=1
 			vht_oper_chwidth=2
 			vht_center_seg0=$idx
 		;;
 	esac
+	[ "$band" = "6g" ] && {
+		op_class=
+		case "$htmode" in
+			HE20) op_class=131;;
+			HE*) op_class=$((132 + $vht_oper_chwidth))
+		esac
+		[ -n "$op_class" ] && append base_cfg "op_class=$op_class" "$N"
+	}
 	[ "$hwmode" = "a" ] || enable_ac=0
 
 	if [ "$enable_ac" != "0" ]; then
@@ -242,6 +296,8 @@ mac80211_hostapd_setup_base() {
 			mu_beamformee:1 \
 			vht_txop_ps:1 \
 			htc_vht:1 \
+			beamformee_antennas:4 \
+			beamformer_antennas:4 \
 			rx_antenna_pattern:1 \
 			tx_antenna_pattern:1 \
 			vht_max_a_mpdu_len_exp:7 \
@@ -282,6 +338,18 @@ mac80211_hostapd_setup_base() {
 			RX-STBC-123:0x700:0x300:1 \
 			RX-STBC-1234:0x700:0x400:1 \
 
+		[ "$(($vht_cap & 0x800))" -gt 0 -a "$su_beamformer" -gt 0 ] && {
+			cap_ant="$(( ( ($vht_cap >> 16) & 3 ) + 1 ))"
+			[ "$cap_ant" -gt "$beamformer_antennas" ] && cap_ant="$beamformer_antennas"
+			[ "$cap_ant" -gt 1 ] && vht_capab="$vht_capab[SOUNDING-DIMENSION-$cap_ant]"
+		}
+
+		[ "$(($vht_cap & 0x1000))" -gt 0 -a "$su_beamformee" -gt 0 ] && {
+			cap_ant="$(( ( ($vht_cap >> 13) & 3 ) + 1 ))"
+			[ "$cap_ant" -gt "$beamformee_antennas" ] && cap_ant="$beamformee_antennas"
+			[ "$cap_ant" -gt 1 ] && vht_capab="$vht_capab[BF-ANTENNA-$cap_ant]"
+		}
+
 		# supported Channel widths
 		vht160_hw=0
 		[ "$(($vht_cap & 12))" -eq 4 -a 1 -le "$vht160" ] && \
@@ -337,16 +405,62 @@ mac80211_hostapd_setup_base() {
 	esac
 
 	if [ "$enable_ax" != "0" ]; then
+		json_get_vars \
+			he_su_beamformer:1 \
+			he_su_beamformee:0 \
+			he_mu_beamformer:1 \
+			he_twt_required:0 \
+			he_spr_sr_control:0 \
+			he_spr_non_srg_obss_pd_max_offset:1 \
+			he_bss_color
+
+		he_phy_cap=$(iw phy "$phy" info | awk -F "[()]" '/HE PHY Capabilities/ { print $2 }' | head -1)
+		he_phy_cap=${he_phy_cap:2}
+		he_mac_cap=$(iw phy "$phy" info | awk -F "[()]" '/HE MAC Capabilities/ { print $2 }' | head -1)
+		he_mac_cap=${he_mac_cap:2}
+
 		append base_cfg "ieee80211ax=1" "$N"
+		[ -n "$he_bss_color" ] && append base_cfg "he_bss_color=$he_bss_color" "$N"
 		[ "$hwmode" = "a" ] && {
 			append base_cfg "he_oper_chwidth=$vht_oper_chwidth" "$N"
 			append base_cfg "he_oper_centr_freq_seg0_idx=$vht_center_seg0" "$N"
 		}
+
+		mac80211_add_he_capabilities \
+			he_su_beamformer:${he_phy_cap:6:2}:0x80:$he_su_beamformer \
+			he_su_beamformee:${he_phy_cap:8:2}:0x1:$he_su_beamformee \
+			he_mu_beamformer:${he_phy_cap:8:2}:0x2:$he_mu_beamformer \
+			he_spr_sr_control:${he_phy_cap:14:2}:0x1:$he_spr_sr_control \
+			he_twt_required:${he_mac_cap:0:2}:0x6:$he_twt_required
+
+		[ "$he_spr_sr_control" -gt 0 ] && append base_cfg "he_spr_non_srg_obss_pd_max_offset=$he_spr_non_srg_obss_pd_max_offset" "$N"
+
 		append base_cfg "he_default_pe_duration=4" "$N"
 		append base_cfg "he_rts_threshold=1023" "$N"
-		append base_cfg "he_su_beamformer=1" "$N"
-		append base_cfg "he_su_beamformee=1" "$N"
-		append base_cfg "he_mu_beamformer=1" "$N"
+		append base_cfg "he_mu_edca_qos_info_param_count=0" "$N"
+		append base_cfg "he_mu_edca_qos_info_q_ack=0" "$N"
+		append base_cfg "he_mu_edca_qos_info_queue_request=0" "$N"
+		append base_cfg "he_mu_edca_qos_info_txop_request=0" "$N"
+		append base_cfg "he_mu_edca_ac_be_aifsn=8" "$N"
+		append base_cfg "he_mu_edca_ac_be_aci=0" "$N"
+		append base_cfg "he_mu_edca_ac_be_ecwmin=9" "$N"
+		append base_cfg "he_mu_edca_ac_be_ecwmax=10" "$N"
+		append base_cfg "he_mu_edca_ac_be_timer=255" "$N"
+		append base_cfg "he_mu_edca_ac_bk_aifsn=15" "$N"
+		append base_cfg "he_mu_edca_ac_bk_aci=1" "$N"
+		append base_cfg "he_mu_edca_ac_bk_ecwmin=9" "$N"
+		append base_cfg "he_mu_edca_ac_bk_ecwmax=10" "$N"
+		append base_cfg "he_mu_edca_ac_bk_timer=255" "$N"
+		append base_cfg "he_mu_edca_ac_vi_ecwmin=5" "$N"
+		append base_cfg "he_mu_edca_ac_vi_ecwmax=7" "$N"
+		append base_cfg "he_mu_edca_ac_vi_aifsn=5" "$N"
+		append base_cfg "he_mu_edca_ac_vi_aci=2" "$N"
+		append base_cfg "he_mu_edca_ac_vi_timer=255" "$N"
+		append base_cfg "he_mu_edca_ac_vo_aifsn=5" "$N"
+		append base_cfg "he_mu_edca_ac_vo_aci=3" "$N"
+		append base_cfg "he_mu_edca_ac_vo_ecwmin=5" "$N"
+		append base_cfg "he_mu_edca_ac_vo_ecwmax=7" "$N"
+		append base_cfg "he_mu_edca_ac_vo_timer=255" "$N"
 	fi
 
 	hostapd_prepare_device_config "$hostapd_conf_file" nl80211
@@ -528,7 +642,7 @@ mac80211_iw_interface_add() {
 		rc="$?"
 	}
 
-	[ "$rc" != 0 ] && wireless_setup_failed INTERFACE_CREATION_FAILED
+	[ "$rc" != 0 ] && echo "Failed to create interface $ifname"
 	return $rc
 }
 
@@ -689,14 +803,8 @@ mac80211_prepare_iw_htmode() {
 	case "$htmode" in
 		VHT20|HT20) iw_htmode=HT20;;
 		HT40*|VHT40|VHT160)
-			case "$hwmode" in
-				a)
-					case "$(( ($channel / 4) % 2 ))" in
-						1) iw_htmode="HT40+" ;;
-						0) iw_htmode="HT40-";;
-					esac
-				;;
-				*)
+			case "$band" in
+				2g)
 					case "$htmode" in
 						HT40+) iw_htmode="HT40+";;
 						HT40-) iw_htmode="HT40-";;
@@ -709,6 +817,12 @@ mac80211_prepare_iw_htmode() {
 						;;
 					esac
 				;;
+				*)
+					case "$(( ($channel / 4) % 2 ))" in
+						1) iw_htmode="HT40+" ;;
+						0) iw_htmode="HT40-";;
+					esac
+				;;
 			esac
 			[ "$auto_channel" -gt 0 ] && iw_htmode="HT40+"
 		;;
@@ -763,6 +877,7 @@ mac80211_setup_adhoc() {
 	mcval=
 	[ -n "$mcast_rate" ] && wpa_supplicant_add_rate mcval "$mcast_rate"
 
+	iw dev "$ifname" set type ibss
 	iw dev "$ifname" ibss join "$ssid" $freq $iw_htmode fixed-freq $bssid \
 		beacon-interval $beacon_int \
 		${brstr:+basic-rates $brstr} \
@@ -818,7 +933,6 @@ mac80211_setup_vif() {
 		mesh)
 			wireless_vif_parse_encryption
 			[ -z "$htmode" ] && htmode="NOHT";
-			freq="$(get_freq "$phy" "$channel")"
 			if [ "$wpa" -gt 0 -o "$auto_channel" -gt 0 ] || chan_is_dfs "$phy" "$channel"; then
 				mac80211_setup_supplicant $vif_enable || failed=1
 			else
@@ -832,7 +946,6 @@ mac80211_setup_vif() {
 		adhoc)
 			wireless_vif_parse_encryption
 			if [ "$wpa" -gt 0 -o "$auto_channel" -gt 0 ]; then
-				freq="$(get_freq "$phy" "$channel")"
 				mac80211_setup_supplicant_noctl $vif_enable || failed=1
 			else
 				mac80211_setup_adhoc $vif_enable
@@ -849,10 +962,30 @@ mac80211_setup_vif() {
 
 get_freq() {
 	local phy="$1"
-	local chan="$2"
-	iw "$phy" info | grep -E -m1 "(\* ${chan:-....} MHz${chan:+|\\[$chan\\]})" | grep MHz | awk '{print $2}'
+	local channel="$2"
+	local band="$3"
+
+	case "$band" in
+		2g) band="1:";;
+		5g) band="2:";;
+		60g) band="3:";;
+		6g) band="4:";;
+	esac
+
+	iw "$phy" info | awk -v band="$band" -v channel="[$channel]" '
+
+$1 ~ /Band/ {
+	band_match = band == $2
 }
 
+band_match && $3 == "MHz" && $4 == channel {
+	print $2
+	exit
+}
+'
+}
+
+
 chan_is_dfs() {
 	local phy="$1"
 	local chan="$2"
@@ -907,10 +1040,8 @@ drv_mac80211_setup() {
 		return 1
 	}
 
-	[ -z "$(uci -q -P /var/state show wireless._${phy})" ] && {
-		uci -q -P /var/state set wireless._${phy}=phy
-		wireless_set_data phy="$phy"
-	}
+	wireless_set_data phy="$phy"
+	[ -z "$(uci -q -P /var/state show wireless._${phy})" ] && uci -q -P /var/state set wireless._${phy}=phy
 
 	OLDAPLIST=$(uci -q -P /var/state get wireless._${phy}.aplist)
 	OLDSPLIST=$(uci -q -P /var/state get wireless._${phy}.splist)
@@ -935,7 +1066,7 @@ drv_mac80211_setup() {
 	done
 
 	# convert channel to frequency
-	[ "$auto_channel" -gt 0 ] || freq="$(get_freq "$phy" "$channel")"
+	[ "$auto_channel" -gt 0 ] || freq="$(get_freq "$phy" "$channel" "$band")"
 
 	[ -n "$country" ] && {
 		iw reg get | grep -q "^country $country:" || {
@@ -1003,6 +1134,7 @@ drv_mac80211_setup() {
 	[ -n "$hostapd_ctrl" ] && {
 		local no_reload=1
 		if [ -n "$(ubus list | grep hostapd.$primary_ap)" ]; then
+			no_reload=0
 			[ "${NEW_MD5}" = "${OLD_MD5}" ] || {
 				ubus call hostapd.$primary_ap reload
 				no_reload=$?
@@ -1077,6 +1209,10 @@ drv_mac80211_teardown() {
 	json_select data
 	json_get_vars phy
 	json_select ..
+	[ -n "$phy" ] || {
+		echo "Bug: PHY is undefined for device '$1'"
+		return 1
+	}
 
 	mac80211_interface_cleanup "$phy"
 	uci -q -P /var/state revert wireless._${phy}

package/kernel/mac80211/files/lib/wifi/mac80211.sh

@@ -57,6 +57,85 @@ check_mac80211_device() {
 	[ "$phy" = "$dev" ] && found=1
 }
 
+
+__get_band_defaults() {
+	local phy="$1"
+
+	( iw phy "$phy" info; echo ) | awk '
+BEGIN {
+        bands = ""
+}
+
+($1 == "Band" || $1 == "") && band {
+        if (channel) {
+		mode="NOHT"
+		if (ht) mode="HT20"
+		if (vht && band != "1:") mode="VHT80"
+		if (he) mode="HE80"
+		if (he && band == "1:") mode="HE20"
+                sub("\\[", "", channel)
+                sub("\\]", "", channel)
+                bands = bands band channel ":" mode " "
+        }
+        band=""
+}
+
+$1 == "Band" {
+        band = $2
+        channel = ""
+	vht = ""
+	ht = ""
+	he = ""
+}
+
+$0 ~ "Capabilities:" {
+	ht=1
+}
+
+$0 ~ "VHT Capabilities" {
+	vht=1
+}
+
+$0 ~ "HE Iftypes" {
+	he=1
+}
+
+$1 == "*" && $3 == "MHz" && $0 !~ /disabled/ && band && !channel {
+        channel = $4
+}
+
+END {
+        print bands
+}'
+}
+
+get_band_defaults() {
+	local phy="$1"
+
+	for c in $(__get_band_defaults "$phy"); do
+		local band="${c%%:*}"
+		c="${c#*:}"
+		local chan="${c%%:*}"
+		c="${c#*:}"
+		local mode="${c%%:*}"
+
+		case "$band" in
+			1) band=2g;;
+			2) band=5g;;
+			3) band=60g;;
+			4) band=6g;;
+			*) band="";;
+		esac
+
+		[ -n "$band" ] || continue
+		[ -n "$mode_band" -a "$band" = "6g" ] && return
+
+		mode_band="$band"
+		channel="$chan"
+		htmode="$mode"
+	done
+}
+
 detect_mac80211() {
 	devidx=0
 	config_load wireless
@@ -75,26 +154,12 @@ detect_mac80211() {
 		config_foreach check_mac80211_device wifi-device
 		[ "$found" -gt 0 ] && continue
 
-		mode_band="g"
-		channel="11"
+		mode_band=""
+		channel=""
 		htmode=""
 		ht_capab=""
 
-		iw phy "$dev" info | grep -q 'Capabilities:' && htmode=HT20
-
-		iw phy "$dev" info | grep -q '\* 5... MHz \[' && {
-			mode_band="a"
-			channel=$(iw phy "$dev" info | grep '\* 5... MHz \[' | grep '(disabled)' -v -m 1 | sed 's/[^[]*\[\|\].*//g')
-			iw phy "$dev" info | grep -q 'VHT Capabilities' && htmode="VHT80"
-		}
-
-		iw phy "$dev" info | grep -q '\* 5.... MHz \[' && {
-			mode_band="ad"
-			channel=$(iw phy "$dev" info | grep '\* 5.... MHz \[' | grep '(disabled)' -v -m 1 | sed 's/[^[]*\[\|\|\].*//g')
-			iw phy "$dev" info | grep -q 'Capabilities:' && htmode="HT20"
-		}
-
-		[ -n "$htmode" ] && ht_capab="set wireless.radio${devidx}.htmode=$htmode"
+		get_band_defaults "$dev"
 
 		path="$(mac80211_phy_to_path "$dev")"
 		if [ -n "$path" ]; then
@@ -106,10 +171,10 @@ detect_mac80211() {
 		uci -q batch <<-EOF
 			set wireless.radio${devidx}=wifi-device
 			set wireless.radio${devidx}.type=mac80211
-			set wireless.radio${devidx}.channel=${channel}
-			set wireless.radio${devidx}.hwmode=11${mode_band}
 			${dev_id}
-			${ht_capab}
+			set wireless.radio${devidx}.channel=${channel}
+			set wireless.radio${devidx}.band=${mode_band}
+			set wireless.radio${devidx}.htmode=$htmode
 			set wireless.radio${devidx}.disabled=1
 
 			set wireless.default_radio${devidx}=wifi-iface

package/kernel/mac80211/patches/ath/356-Revert-ath9k-interpret-requested-txpower-in-EIRP-dom.patch

@@ -8,7 +8,7 @@ This reverts commit 71f5137bf010c6faffab50c0ec15374c59c4a411.
 
 --- a/drivers/net/wireless/ath/ath9k/hw.c
 +++ b/drivers/net/wireless/ath/ath9k/hw.c
-@@ -2977,7 +2977,8 @@ void ath9k_hw_apply_txpower(struct ath_h
+@@ -2979,7 +2979,8 @@ void ath9k_hw_apply_txpower(struct ath_h
  {
  	struct ath_regulatory *reg = ath9k_hw_regulatory(ah);
  	struct ieee80211_channel *channel;
@@ -18,7 +18,7 @@ This reverts commit 71f5137bf010c6faffab50c0ec15374c59c4a411.
  	u16 ctl = NO_CTL;
  
  	if (!chan)
-@@ -2989,9 +2990,14 @@ void ath9k_hw_apply_txpower(struct ath_h
+@@ -2991,9 +2992,14 @@ void ath9k_hw_apply_txpower(struct ath_h
  	channel = chan->chan;
  	chan_pwr = min_t(int, channel->max_power * 2, MAX_COMBINED_POWER);
  	new_pwr = min_t(int, chan_pwr, reg->power_limit);

package/kernel/mac80211/patches/ath/365-ath9k-adjust-tx-power-reduction-for-US-regulatory-do.patch

@@ -11,7 +11,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
 
 --- a/drivers/net/wireless/ath/ath9k/hw.c
 +++ b/drivers/net/wireless/ath/ath9k/hw.c
-@@ -2996,6 +2996,10 @@ void ath9k_hw_apply_txpower(struct ath_h
+@@ -2998,6 +2998,10 @@ void ath9k_hw_apply_txpower(struct ath_h
  	if (ant_gain > max_gain)
  		ant_reduction = ant_gain - max_gain;
  

package/kernel/mac80211/patches/ath/400-ath_move_debug_code.patch

@@ -14,7 +14,7 @@
  CFLAGS_trace.o := -I$(src)
 --- a/drivers/net/wireless/ath/ath.h
 +++ b/drivers/net/wireless/ath/ath.h
-@@ -316,14 +316,7 @@ void _ath_dbg(struct ath_common *common,
+@@ -317,14 +317,7 @@ void _ath_dbg(struct ath_common *common,
  #endif /* CPTCFG_ATH_DEBUG */
  
  /** Returns string describing opmode, or NULL if unknown mode. */

package/kernel/mac80211/patches/ath/542-ath9k_debugfs_diag.patch

@@ -84,7 +84,7 @@
  	bool reset_power_on;
  	bool htc_reset_init;
  
-@@ -1076,6 +1084,7 @@ void ath9k_hw_check_nav(struct ath_hw *a
+@@ -1077,6 +1085,7 @@ void ath9k_hw_check_nav(struct ath_hw *a
  bool ath9k_hw_check_alive(struct ath_hw *ah);
  
  bool ath9k_hw_setpower(struct ath_hw *ah, enum ath9k_power_mode mode);
@@ -94,7 +94,7 @@
  struct ath_gen_timer *ath_gen_timer_alloc(struct ath_hw *ah,
 --- a/drivers/net/wireless/ath/ath9k/hw.c
 +++ b/drivers/net/wireless/ath/ath9k/hw.c
-@@ -1883,6 +1883,20 @@ u32 ath9k_hw_get_tsf_offset(struct times
+@@ -1882,6 +1882,20 @@ u32 ath9k_hw_get_tsf_offset(struct times
  }
  EXPORT_SYMBOL(ath9k_hw_get_tsf_offset);
  
@@ -115,7 +115,7 @@
  int ath9k_hw_reset(struct ath_hw *ah, struct ath9k_channel *chan,
  		   struct ath9k_hw_cal_data *caldata, bool fastcc)
  {
-@@ -2091,6 +2105,7 @@ int ath9k_hw_reset(struct ath_hw *ah, st
+@@ -2090,6 +2104,7 @@ int ath9k_hw_reset(struct ath_hw *ah, st
  		ar9003_hw_disable_phy_restart(ah);
  
  	ath9k_hw_apply_gpio_override(ah);
@@ -125,9 +125,9 @@
  		REG_SET_BIT(ah, AR_BTCOEX_WL_LNADIV, AR_BTCOEX_WL_LNADIV_FORCE_ON);
 --- a/drivers/net/wireless/ath/ath9k/main.c
 +++ b/drivers/net/wireless/ath/ath9k/main.c
-@@ -531,6 +531,11 @@ irqreturn_t ath_isr(int irq, void *dev)
- 	if (test_bit(ATH_OP_HW_RESET, &common->op_flags))
+@@ -538,6 +538,11 @@ irqreturn_t ath_isr(int irq, void *dev)
  		return IRQ_HANDLED;
+ 	}
  
 +	if (test_bit(ATH_DIAG_TRIGGER_ERROR, &ah->diag)) {
 +		status |= ATH9K_INT_FATAL;

package/kernel/mac80211/patches/ath/544-ath9k-ar933x-usb-hang-workaround.patch

@@ -40,7 +40,7 @@
  	return true;
  }
  
-@@ -1861,8 +1880,14 @@ static int ath9k_hw_do_fastcc(struct ath
+@@ -1860,8 +1879,14 @@ static int ath9k_hw_do_fastcc(struct ath
  	if (AR_SREV_9271(ah))
  		ar9002_hw_load_ani_reg(ah, chan);
  
@@ -55,7 +55,7 @@
  	return -EINVAL;
  }
  
-@@ -2116,6 +2141,9 @@ int ath9k_hw_reset(struct ath_hw *ah, st
+@@ -2115,6 +2140,9 @@ int ath9k_hw_reset(struct ath_hw *ah, st
  		ath9k_hw_set_radar_params(ah);
  	}
  

package/kernel/mac80211/patches/ath/551-ath9k_ubnt_uap_plus_hsr.patch

@@ -339,7 +339,7 @@
  
  static void ath9k_flush(struct ieee80211_hw *hw, struct ieee80211_vif *vif,
  			u32 queues, bool drop);
-@@ -652,6 +653,7 @@ void ath_reset_work(struct work_struct *
+@@ -659,6 +660,7 @@ void ath_reset_work(struct work_struct *
  static int ath9k_start(struct ieee80211_hw *hw)
  {
  	struct ath_softc *sc = hw->priv;
@@ -347,7 +347,7 @@
  	struct ath_hw *ah = sc->sc_ah;
  	struct ath_common *common = ath9k_hw_common(ah);
  	struct ieee80211_channel *curchan = sc->cur_chan->chandef.chan;
-@@ -730,6 +732,11 @@ static int ath9k_start(struct ieee80211_
+@@ -737,6 +739,11 @@ static int ath9k_start(struct ieee80211_
  					  AR_GPIO_OUTPUT_MUX_AS_OUTPUT);
  	}
  

package/kernel/mac80211/patches/ath/921-ath10k_init_devices_synchronously.patch

@@ -14,7 +14,7 @@ Signed-off-by: Sven Eckelmann <sven@open-mesh.com>
 
 --- a/drivers/net/wireless/ath/ath10k/core.c
 +++ b/drivers/net/wireless/ath/ath10k/core.c
-@@ -3189,6 +3189,16 @@ int ath10k_core_register(struct ath10k *
+@@ -3206,6 +3206,16 @@ int ath10k_core_register(struct ath10k *
  
  	queue_work(ar->workqueue, &ar->register_work);
  

package/kernel/mac80211/patches/ath/930-ath10k_add_tpt_led_trigger.patch

@@ -1,6 +1,6 @@
 --- a/drivers/net/wireless/ath/ath10k/mac.c
 +++ b/drivers/net/wireless/ath/ath10k/mac.c
-@@ -9708,6 +9708,21 @@ static int ath10k_mac_init_rd(struct ath
+@@ -9732,6 +9732,21 @@ static int ath10k_mac_init_rd(struct ath
  	return 0;
  }
  
@@ -22,7 +22,7 @@
  int ath10k_mac_register(struct ath10k *ar)
  {
  	static const u32 cipher_suites[] = {
-@@ -10057,6 +10072,12 @@ int ath10k_mac_register(struct ath10k *a
+@@ -10081,6 +10096,12 @@ int ath10k_mac_register(struct ath10k *a
  
  	ar->hw->weight_multiplier = ATH10K_AIRTIME_WEIGHT_MULTIPLIER;
  

package/kernel/mac80211/patches/ath/974-ath10k_add-LED-and-GPIO-controlling-support-for-various-chipsets.patch

@@ -140,7 +140,7 @@ v13:
  		.patch_load_addr = QCA988X_HW_2_0_PATCH_LOAD_ADDR,
  		.uart_pin = 7,
  		.cc_wraparound_type = ATH10K_HW_CC_WRAP_SHIFTED_ALL,
-@@ -130,6 +132,7 @@ static const struct ath10k_hw_params ath
+@@ -132,6 +134,7 @@ static const struct ath10k_hw_params ath
  		.dev_id = QCA9887_1_0_DEVICE_ID,
  		.bus = ATH10K_BUS_PCI,
  		.name = "qca9887 hw1.0",
@@ -148,7 +148,7 @@ v13:
  		.patch_load_addr = QCA9887_HW_1_0_PATCH_LOAD_ADDR,
  		.uart_pin = 7,
  		.cc_wraparound_type = ATH10K_HW_CC_WRAP_SHIFTED_ALL,
-@@ -335,6 +338,7 @@ static const struct ath10k_hw_params ath
+@@ -343,6 +346,7 @@ static const struct ath10k_hw_params ath
  		.dev_id = QCA99X0_2_0_DEVICE_ID,
  		.bus = ATH10K_BUS_PCI,
  		.name = "qca99x0 hw2.0",
@@ -156,7 +156,7 @@ v13:
  		.patch_load_addr = QCA99X0_HW_2_0_PATCH_LOAD_ADDR,
  		.uart_pin = 7,
  		.otp_exe_param = 0x00000700,
-@@ -375,6 +379,7 @@ static const struct ath10k_hw_params ath
+@@ -384,6 +388,7 @@ static const struct ath10k_hw_params ath
  		.dev_id = QCA9984_1_0_DEVICE_ID,
  		.bus = ATH10K_BUS_PCI,
  		.name = "qca9984/qca9994 hw1.0",
@@ -164,7 +164,7 @@ v13:
  		.patch_load_addr = QCA9984_HW_1_0_PATCH_LOAD_ADDR,
  		.uart_pin = 7,
  		.cc_wraparound_type = ATH10K_HW_CC_WRAP_SHIFTED_EACH,
-@@ -422,6 +427,7 @@ static const struct ath10k_hw_params ath
+@@ -432,6 +437,7 @@ static const struct ath10k_hw_params ath
  		.dev_id = QCA9888_2_0_DEVICE_ID,
  		.bus = ATH10K_BUS_PCI,
  		.name = "qca9888 hw2.0",
@@ -172,7 +172,7 @@ v13:
  		.patch_load_addr = QCA9888_HW_2_0_PATCH_LOAD_ADDR,
  		.uart_pin = 7,
  		.cc_wraparound_type = ATH10K_HW_CC_WRAP_SHIFTED_EACH,
-@@ -2904,6 +2910,10 @@ int ath10k_core_start(struct ath10k *ar,
+@@ -2921,6 +2927,10 @@ int ath10k_core_start(struct ath10k *ar,
  		goto err_hif_stop;
  	}
  
@@ -183,7 +183,7 @@ v13:
  	return 0;
  
  err_hif_stop:
-@@ -3162,9 +3172,18 @@ static void ath10k_core_register_work(st
+@@ -3179,9 +3189,18 @@ static void ath10k_core_register_work(st
  		goto err_spectral_destroy;
  	}
  
@@ -202,7 +202,7 @@ v13:
  err_spectral_destroy:
  	ath10k_spectral_destroy(ar);
  err_debug_destroy:
-@@ -3210,6 +3229,8 @@ void ath10k_core_unregister(struct ath10
+@@ -3227,6 +3246,8 @@ void ath10k_core_unregister(struct ath10
  	if (!test_bit(ATH10K_FLAG_CORE_REGISTERED, &ar->dev_flags))
  		return;
  
@@ -467,7 +467,7 @@ v13:
  static const struct wmi_peer_flags_map wmi_tlv_peer_flags_map = {
 --- a/drivers/net/wireless/ath/ath10k/wmi.c
 +++ b/drivers/net/wireless/ath/ath10k/wmi.c
-@@ -7468,6 +7468,49 @@ ath10k_wmi_op_gen_peer_set_param(struct
+@@ -7472,6 +7472,49 @@ ath10k_wmi_op_gen_peer_set_param(struct
  	return skb;
  }
  
@@ -517,7 +517,7 @@ v13:
  static struct sk_buff *
  ath10k_wmi_op_gen_set_psmode(struct ath10k *ar, u32 vdev_id,
  			     enum wmi_sta_ps_mode psmode)
-@@ -9156,6 +9199,9 @@ static const struct wmi_ops wmi_ops = {
+@@ -9160,6 +9203,9 @@ static const struct wmi_ops wmi_ops = {
  	.fw_stats_fill = ath10k_wmi_main_op_fw_stats_fill,
  	.get_vdev_subtype = ath10k_wmi_op_get_vdev_subtype,
  	.gen_echo = ath10k_wmi_op_gen_echo,
@@ -527,7 +527,7 @@ v13:
  	/* .gen_bcn_tmpl not implemented */
  	/* .gen_prb_tmpl not implemented */
  	/* .gen_p2p_go_bcn_ie not implemented */
-@@ -9226,6 +9272,8 @@ static const struct wmi_ops wmi_10_1_ops
+@@ -9230,6 +9276,8 @@ static const struct wmi_ops wmi_10_1_ops
  	.fw_stats_fill = ath10k_wmi_10x_op_fw_stats_fill,
  	.get_vdev_subtype = ath10k_wmi_op_get_vdev_subtype,
  	.gen_echo = ath10k_wmi_op_gen_echo,
@@ -536,7 +536,7 @@ v13:
  	/* .gen_bcn_tmpl not implemented */
  	/* .gen_prb_tmpl not implemented */
  	/* .gen_p2p_go_bcn_ie not implemented */
-@@ -9298,6 +9346,8 @@ static const struct wmi_ops wmi_10_2_ops
+@@ -9302,6 +9350,8 @@ static const struct wmi_ops wmi_10_2_ops
  	.gen_delba_send = ath10k_wmi_op_gen_delba_send,
  	.fw_stats_fill = ath10k_wmi_10x_op_fw_stats_fill,
  	.get_vdev_subtype = ath10k_wmi_op_get_vdev_subtype,
@@ -545,7 +545,7 @@ v13:
  	/* .gen_pdev_enable_adaptive_cca not implemented */
  };
  
-@@ -9369,6 +9419,8 @@ static const struct wmi_ops wmi_10_2_4_o
+@@ -9373,6 +9423,8 @@ static const struct wmi_ops wmi_10_2_4_o
  		ath10k_wmi_op_gen_pdev_enable_adaptive_cca,
  	.get_vdev_subtype = ath10k_wmi_10_2_4_op_get_vdev_subtype,
  	.gen_bb_timing = ath10k_wmi_10_2_4_op_gen_bb_timing,
@@ -554,7 +554,7 @@ v13:
  	/* .gen_bcn_tmpl not implemented */
  	/* .gen_prb_tmpl not implemented */
  	/* .gen_p2p_go_bcn_ie not implemented */
-@@ -9450,6 +9502,8 @@ static const struct wmi_ops wmi_10_4_ops
+@@ -9454,6 +9506,8 @@ static const struct wmi_ops wmi_10_4_ops
  	.gen_pdev_bss_chan_info_req = ath10k_wmi_10_2_op_gen_pdev_bss_chan_info,
  	.gen_echo = ath10k_wmi_op_gen_echo,
  	.gen_pdev_get_tpc_config = ath10k_wmi_10_2_4_op_gen_pdev_get_tpc_config,
@@ -565,7 +565,7 @@ v13:
  int ath10k_wmi_attach(struct ath10k *ar)
 --- a/drivers/net/wireless/ath/ath10k/wmi.h
 +++ b/drivers/net/wireless/ath/ath10k/wmi.h
-@@ -3027,6 +3027,41 @@ enum wmi_10_4_feature_mask {
+@@ -3030,6 +3030,41 @@ enum wmi_10_4_feature_mask {
  
  };
  

package/kernel/mac80211/patches/ath/975-ath10k-use-tpt-trigger-by-default.patch

@@ -42,7 +42,7 @@ Signed-off-by: Mathias Kresin <dev@kresin.me>
  	if (ret)
 --- a/drivers/net/wireless/ath/ath10k/mac.c
 +++ b/drivers/net/wireless/ath/ath10k/mac.c
-@@ -10074,7 +10074,7 @@ int ath10k_mac_register(struct ath10k *a
+@@ -10098,7 +10098,7 @@ int ath10k_mac_register(struct ath10k *a
  	ar->hw->weight_multiplier = ATH10K_AIRTIME_WEIGHT_MULTIPLIER;
  
  #ifdef CPTCFG_MAC80211_LEDS

package/kernel/mac80211/patches/ath/980-ath10k-fix-max-antenna-gain-unit.patch

@@ -1,49 +0,0 @@
-From: Sven Eckelmann <seckelmann@datto.com>
-Date: Tue, 11 Jun 2019 13:58:35 +0200
-Subject: ath10k: fix max antenna gain unit
-
-Most of the txpower for the ath10k firmware is stored as twicepower (0.5 dB
-steps). This isn't the case for max_antenna_gain - which is still expected
-by the firmware as dB.
-
-The firmware is converting it from dB to the internal (twicepower)
-representation when it calculates the limits of a channel. This can be seen
-in tpc_stats when configuring "12" as max_antenna_gain. Instead of the
-expected 12 (6 dB), the tpc_stats shows 24 (12 dB).
-
-Tested on QCA9888 and IPQ4019 with firmware 10.4-3.5.3-00057.
-
-Fixes: 02256930d9b8 ("ath10k: use proper tx power unit")
-Signed-off-by: Sven Eckelmann <seckelmann@datto.com>
-
-Forwarded: https://patchwork.kernel.org/patch/10986723/
-
---- a/drivers/net/wireless/ath/ath10k/mac.c
-+++ b/drivers/net/wireless/ath/ath10k/mac.c
-@@ -1038,7 +1038,7 @@ static int ath10k_monitor_vdev_start(str
- 	arg.channel.min_power = 0;
- 	arg.channel.max_power = channel->max_power * 2;
- 	arg.channel.max_reg_power = channel->max_reg_power * 2;
--	arg.channel.max_antenna_gain = channel->max_antenna_gain * 2;
-+	arg.channel.max_antenna_gain = channel->max_antenna_gain;
- 
- 	reinit_completion(&ar->vdev_setup_done);
- 	reinit_completion(&ar->vdev_delete_done);
-@@ -1484,7 +1484,7 @@ static int ath10k_vdev_start_restart(str
- 	arg.channel.min_power = 0;
- 	arg.channel.max_power = chandef->chan->max_power * 2;
- 	arg.channel.max_reg_power = chandef->chan->max_reg_power * 2;
--	arg.channel.max_antenna_gain = chandef->chan->max_antenna_gain * 2;
-+	arg.channel.max_antenna_gain = chandef->chan->max_antenna_gain;
- 
- 	if (arvif->vdev_type == WMI_VDEV_TYPE_AP) {
- 		arg.ssid = arvif->u.ap.ssid;
-@@ -3255,7 +3255,7 @@ static int ath10k_update_channel_list(st
- 			ch->min_power = 0;
- 			ch->max_power = channel->max_power * 2;
- 			ch->max_reg_power = channel->max_reg_power * 2;
--			ch->max_antenna_gain = channel->max_antenna_gain * 2;
-+			ch->max_antenna_gain = channel->max_antenna_gain;
- 			ch->reg_class_id = 0; /* FIXME */
- 
- 			/* FIXME: why use only legacy modes, why not any

package/kernel/mac80211/patches/ath/981-ath10k-adjust-tx-power-reduction-for-US-regulatory-d.patch

@@ -28,7 +28,7 @@ Forwarded: no
 
 --- a/drivers/net/wireless/ath/ath10k/mac.c
 +++ b/drivers/net/wireless/ath/ath10k/mac.c
-@@ -1006,6 +1006,40 @@ static inline int ath10k_vdev_setup_sync
+@@ -1010,6 +1010,40 @@ static inline int ath10k_vdev_setup_sync
  	return ar->last_wmi_vdev_start_status;
  }
  
@@ -69,7 +69,7 @@ Forwarded: no
  static int ath10k_monitor_vdev_start(struct ath10k *ar, int vdev_id)
  {
  	struct cfg80211_chan_def *chandef = NULL;
-@@ -1038,7 +1072,8 @@ static int ath10k_monitor_vdev_start(str
+@@ -1042,7 +1076,8 @@ static int ath10k_monitor_vdev_start(str
  	arg.channel.min_power = 0;
  	arg.channel.max_power = channel->max_power * 2;
  	arg.channel.max_reg_power = channel->max_reg_power * 2;
@@ -79,7 +79,7 @@ Forwarded: no
  
  	reinit_completion(&ar->vdev_setup_done);
  	reinit_completion(&ar->vdev_delete_done);
-@@ -1484,7 +1519,8 @@ static int ath10k_vdev_start_restart(str
+@@ -1488,7 +1523,8 @@ static int ath10k_vdev_start_restart(str
  	arg.channel.min_power = 0;
  	arg.channel.max_power = chandef->chan->max_power * 2;
  	arg.channel.max_reg_power = chandef->chan->max_reg_power * 2;
@@ -89,7 +89,7 @@ Forwarded: no
  
  	if (arvif->vdev_type == WMI_VDEV_TYPE_AP) {
  		arg.ssid = arvif->u.ap.ssid;
-@@ -3255,7 +3291,8 @@ static int ath10k_update_channel_list(st
+@@ -3259,7 +3295,8 @@ static int ath10k_update_channel_list(st
  			ch->min_power = 0;
  			ch->max_power = channel->max_power * 2;
  			ch->max_reg_power = channel->max_reg_power * 2;

package/kernel/mac80211/patches/ath/990-ath10k-small-buffers.patch

@@ -0,0 +1,64 @@
+--- a/drivers/net/wireless/ath/ath10k/htt.h
++++ b/drivers/net/wireless/ath/ath10k/htt.h
+@@ -236,7 +236,11 @@ enum htt_rx_ring_flags {
+ };
+ 
+ #define HTT_RX_RING_SIZE_MIN 128
++#ifndef CONFIG_ATH10K_SMALLBUFFERS
+ #define HTT_RX_RING_SIZE_MAX 2048
++#else
++#define HTT_RX_RING_SIZE_MAX 512
++#endif
+ #define HTT_RX_RING_SIZE HTT_RX_RING_SIZE_MAX
+ #define HTT_RX_RING_FILL_LEVEL (((HTT_RX_RING_SIZE) / 2) - 1)
+ #define HTT_RX_RING_FILL_LEVEL_DUAL_MAC (HTT_RX_RING_SIZE - 1)
+--- a/drivers/net/wireless/ath/ath10k/pci.c
++++ b/drivers/net/wireless/ath/ath10k/pci.c
+@@ -131,7 +131,11 @@ static const struct ce_attr pci_host_ce_
+ 		.flags = CE_ATTR_FLAGS,
+ 		.src_nentries = 0,
+ 		.src_sz_max = 2048,
++#ifndef CONFIG_ATH10K_SMALLBUFFERS
+ 		.dest_nentries = 512,
++#else
++		.dest_nentries = 128,
++#endif
+ 		.recv_cb = ath10k_pci_htt_htc_rx_cb,
+ 	},
+ 
+@@ -140,7 +144,11 @@ static const struct ce_attr pci_host_ce_
+ 		.flags = CE_ATTR_FLAGS,
+ 		.src_nentries = 0,
+ 		.src_sz_max = 2048,
++#ifndef CONFIG_ATH10K_SMALLBUFFERS
+ 		.dest_nentries = 128,
++#else
++		.dest_nentries = 64,
++#endif
+ 		.recv_cb = ath10k_pci_htc_rx_cb,
+ 	},
+ 
+@@ -167,7 +175,11 @@ static const struct ce_attr pci_host_ce_
+ 		.flags = CE_ATTR_FLAGS,
+ 		.src_nentries = 0,
+ 		.src_sz_max = 512,
++#ifndef CONFIG_ATH10K_SMALLBUFFERS
+ 		.dest_nentries = 512,
++#else
++		.dest_nentries = 128,
++#endif
+ 		.recv_cb = ath10k_pci_htt_rx_cb,
+ 	},
+ 
+@@ -192,7 +204,11 @@ static const struct ce_attr pci_host_ce_
+ 		.flags = CE_ATTR_FLAGS,
+ 		.src_nentries = 0,
+ 		.src_sz_max = 2048,
++#ifndef CONFIG_ATH10K_SMALLBUFFERS
+ 		.dest_nentries = 128,
++#else
++		.dest_nentries = 96,
++#endif
+ 		.recv_cb = ath10k_pci_pktlog_rx_cb,
+ 	},
+ 

package/kernel/mac80211/patches/brcm/860-brcmfmac-register-wiphy-s-during-module_init.patch

@@ -13,7 +13,7 @@ Signed-off-by: Rafał Miłecki <zajec5@gmail.com>
 
 --- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/firmware.c
 +++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/firmware.c
-@@ -431,6 +431,7 @@ struct brcmf_fw {
+@@ -433,6 +433,7 @@ struct brcmf_fw {
  	struct brcmf_fw_request *req;
  	u32 curpos;
  	void (*done)(struct device *dev, int err, struct brcmf_fw_request *req);
@@ -21,7 +21,7 @@ Signed-off-by: Rafał Miłecki <zajec5@gmail.com>
  };
  
  static void brcmf_fw_request_done(const struct firmware *fw, void *ctx);
-@@ -638,6 +639,8 @@ static void brcmf_fw_request_done(const
+@@ -640,6 +641,8 @@ static void brcmf_fw_request_done(const
  		fwctx->req = NULL;
  	}
  	fwctx->done(fwctx->dev, ret, fwctx->req);
@@ -30,7 +30,7 @@ Signed-off-by: Rafał Miłecki <zajec5@gmail.com>
  	kfree(fwctx);
  }
  
-@@ -662,6 +665,8 @@ int brcmf_fw_get_firmwares(struct device
+@@ -664,6 +667,8 @@ int brcmf_fw_get_firmwares(struct device
  {
  	struct brcmf_fw_item *first = &req->items[0];
  	struct brcmf_fw *fwctx;
@@ -39,7 +39,7 @@ Signed-off-by: Rafał Miłecki <zajec5@gmail.com>
  	int ret;
  
  	brcmf_dbg(TRACE, "enter: dev=%s\n", dev_name(dev));
-@@ -678,6 +683,9 @@ int brcmf_fw_get_firmwares(struct device
+@@ -680,6 +685,9 @@ int brcmf_fw_get_firmwares(struct device
  	fwctx->dev = dev;
  	fwctx->req = req;
  	fwctx->done = fw_cb;
@@ -49,7 +49,7 @@ Signed-off-by: Rafał Miłecki <zajec5@gmail.com>
  
  	ret = request_firmware_nowait(THIS_MODULE, true, first->path,
  				      fwctx->dev, GFP_KERNEL, fwctx,
-@@ -685,6 +693,12 @@ int brcmf_fw_get_firmwares(struct device
+@@ -687,6 +695,12 @@ int brcmf_fw_get_firmwares(struct device
  	if (ret < 0)
  		brcmf_fw_request_done(NULL, fwctx);
  

package/kernel/mac80211/patches/brcm/862-brcmfmac-Disable-power-management.patch

@@ -14,7 +14,7 @@ Signed-off-by: Phil Elwell <phil@raspberrypi.org>
 
 --- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c
 +++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c
-@@ -2958,6 +2958,10 @@ brcmf_cfg80211_set_power_mgmt(struct wip
+@@ -2961,6 +2961,10 @@ brcmf_cfg80211_set_power_mgmt(struct wip
  	 * preference in cfg struct to apply this to
  	 * FW later while initializing the dongle
  	 */

package/kernel/mac80211/patches/brcm/998-survey.patch

@@ -1,6 +1,6 @@
 --- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c
 +++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c
-@@ -2910,6 +2910,63 @@ done:
+@@ -2913,6 +2913,63 @@ done:
  }
  
  static int
@@ -64,7 +64,7 @@
  brcmf_cfg80211_dump_station(struct wiphy *wiphy, struct net_device *ndev,
  			    int idx, u8 *mac, struct station_info *sinfo)
  {
-@@ -3005,6 +3062,7 @@ static s32 brcmf_inform_single_bss(struc
+@@ -3008,6 +3065,7 @@ static s32 brcmf_inform_single_bss(struc
  	struct brcmu_chan ch;
  	u16 channel;
  	u32 freq;
@@ -72,7 +72,7 @@
  	u16 notify_capability;
  	u16 notify_interval;
  	u8 *notify_ie;
-@@ -3029,6 +3087,17 @@ static s32 brcmf_inform_single_bss(struc
+@@ -3032,6 +3090,17 @@ static s32 brcmf_inform_single_bss(struc
  		band = NL80211_BAND_5GHZ;
  
  	freq = ieee80211_channel_to_frequency(channel, band);
@@ -90,7 +90,7 @@
  	bss_data.chan = ieee80211_get_channel(wiphy, freq);
  	bss_data.scan_width = NL80211_BSS_CHAN_WIDTH_20;
  	bss_data.boottime_ns = ktime_to_ns(ktime_get_boottime());
-@@ -5515,6 +5584,7 @@ static struct cfg80211_ops brcmf_cfg8021
+@@ -5518,6 +5587,7 @@ static struct cfg80211_ops brcmf_cfg8021
  	.leave_ibss = brcmf_cfg80211_leave_ibss,
  	.get_station = brcmf_cfg80211_get_station,
  	.dump_station = brcmf_cfg80211_dump_station,

package/kernel/mac80211/patches/subsys/010-sync-nl80211_h.patch

@@ -0,0 +1,297 @@
+--- a/include/uapi/linux/nl80211.h
++++ b/include/uapi/linux/nl80211.h
+@@ -655,6 +655,9 @@
+  *	When a security association was established on an 802.1X network using
+  *	fast transition, this event should be followed by an
+  *	%NL80211_CMD_PORT_AUTHORIZED event.
++ *	Following a %NL80211_CMD_ROAM event userspace can issue
++ *	%NL80211_CMD_GET_SCAN in order to obtain the scan information for the
++ *	new BSS the card/driver roamed to.
+  * @NL80211_CMD_DISCONNECT: drop a given connection; also used to notify
+  *	userspace that a connection was dropped by the AP or due to other
+  *	reasons, for this the %NL80211_ATTR_DISCONNECTED_BY_AP and
+@@ -757,7 +760,8 @@
+  *	of any other interfaces, and other interfaces will again take
+  *	precedence when they are used.
+  *
+- * @NL80211_CMD_SET_WDS_PEER: Set the MAC address of the peer on a WDS interface.
++ * @NL80211_CMD_SET_WDS_PEER: Set the MAC address of the peer on a WDS interface
++ *	(no longer supported).
+  *
+  * @NL80211_CMD_SET_MULTICAST_TO_UNICAST: Configure if this AP should perform
+  *	multicast to unicast conversion. When enabled, all multicast packets
+@@ -1177,6 +1181,10 @@
+  *	includes the contents of the frame. %NL80211_ATTR_ACK flag is included
+  *	if the recipient acknowledged the frame.
+  *
++ * @NL80211_CMD_SET_SAR_SPECS: SAR power limitation configuration is
++ *	passed using %NL80211_ATTR_SAR_SPEC. %NL80211_ATTR_WIPHY is used to
++ *	specify the wiphy index to be applied to.
++ *
+  * @NL80211_CMD_MAX: highest used command number
+  * @__NL80211_CMD_AFTER_LAST: internal use
+  */
+@@ -1407,6 +1415,8 @@ enum nl80211_commands {
+ 
+ 	NL80211_CMD_CONTROL_PORT_FRAME_TX_STATUS,
+ 
++	NL80211_CMD_SET_SAR_SPECS,
++
+ 	/* add new commands above here */
+ 
+ 	/* used to define NL80211_CMD_MAX below */
+@@ -1750,8 +1760,9 @@ enum nl80211_commands {
+  *	specify just a single bitrate, which is to be used for the beacon.
+  *	The driver must also specify support for this with the extended
+  *	features NL80211_EXT_FEATURE_BEACON_RATE_LEGACY,
+- *	NL80211_EXT_FEATURE_BEACON_RATE_HT and
+- *	NL80211_EXT_FEATURE_BEACON_RATE_VHT.
++ *	NL80211_EXT_FEATURE_BEACON_RATE_HT,
++ *	NL80211_EXT_FEATURE_BEACON_RATE_VHT and
++ *	NL80211_EXT_FEATURE_BEACON_RATE_HE.
+  *
+  * @NL80211_ATTR_FRAME_MATCH: A binary attribute which typically must contain
+  *	at least one byte, currently used with @NL80211_CMD_REGISTER_FRAME.
+@@ -1955,8 +1966,15 @@ enum nl80211_commands {
+  * @NL80211_ATTR_PROBE_RESP: Probe Response template data. Contains the entire
+  *	probe-response frame. The DA field in the 802.11 header is zero-ed out,
+  *	to be filled by the FW.
+- * @NL80211_ATTR_DISABLE_HT:  Force HT capable interfaces to disable
+- *      this feature.  Currently, only supported in mac80211 drivers.
++ * @NL80211_ATTR_DISABLE_HT: Force HT capable interfaces to disable
++ *      this feature during association. This is a flag attribute.
++ *	Currently only supported in mac80211 drivers.
++ * @NL80211_ATTR_DISABLE_VHT: Force VHT capable interfaces to disable
++ *      this feature during association. This is a flag attribute.
++ *	Currently only supported in mac80211 drivers.
++ * @NL80211_ATTR_DISABLE_HE: Force HE capable interfaces to disable
++ *      this feature during association. This is a flag attribute.
++ *	Currently only supported in mac80211 drivers.
+  * @NL80211_ATTR_HT_CAPABILITY_MASK: Specify which bits of the
+  *      ATTR_HT_CAPABILITY to which attention should be paid.
+  *      Currently, only mac80211 NICs support this feature.
+@@ -2077,7 +2095,8 @@ enum nl80211_commands {
+  *	until the channel switch event.
+  * @NL80211_ATTR_CH_SWITCH_BLOCK_TX: flag attribute specifying that transmission
+  *	must be blocked on the current channel (before the channel switch
+- *	operation).
++ *	operation). Also included in the channel switch started event if quiet
++ *	was requested by the AP.
+  * @NL80211_ATTR_CSA_IES: Nested set of attributes containing the IE information
+  *	for the time while performing a channel switch.
+  * @NL80211_ATTR_CNTDWN_OFFS_BEACON: An array of offsets (u16) to the channel
+@@ -2527,6 +2546,20 @@ enum nl80211_commands {
+  *	override mask. Used with NL80211_ATTR_S1G_CAPABILITY in
+  *	NL80211_CMD_ASSOCIATE or NL80211_CMD_CONNECT.
+  *
++ * @NL80211_ATTR_SAE_PWE: Indicates the mechanism(s) allowed for SAE PWE
++ *	derivation in WPA3-Personal networks which are using SAE authentication.
++ *	This is a u8 attribute that encapsulates one of the values from
++ *	&enum nl80211_sae_pwe_mechanism.
++ *
++ * @NL80211_ATTR_SAR_SPEC: SAR power limitation specification when
++ *	used with %NL80211_CMD_SET_SAR_SPECS. The message contains fields
++ *	of %nl80211_sar_attrs which specifies the sar type and related
++ *	sar specs. Sar specs contains array of %nl80211_sar_specs_attrs.
++ *
++ * @NL80211_ATTR_RECONNECT_REQUESTED: flag attribute, used with deauth and
++ *	disassoc events to indicate that an immediate reconnect to the AP
++ *	is desired.
++ *
+  * @NUM_NL80211_ATTR: total number of nl80211_attrs available
+  * @NL80211_ATTR_MAX: highest attribute number currently defined
+  * @__NL80211_ATTR_AFTER_LAST: internal use
+@@ -3016,6 +3049,14 @@ enum nl80211_attrs {
+ 	NL80211_ATTR_S1G_CAPABILITY,
+ 	NL80211_ATTR_S1G_CAPABILITY_MASK,
+ 
++	NL80211_ATTR_SAE_PWE,
++
++	NL80211_ATTR_RECONNECT_REQUESTED,
++
++	NL80211_ATTR_SAR_SPEC,
++
++	NL80211_ATTR_DISABLE_HE,
++
+ 	/* add attributes here, update the policy in nl80211.c */
+ 
+ 	__NL80211_ATTR_AFTER_LAST,
+@@ -5896,6 +5937,19 @@ enum nl80211_feature_flags {
+  * @NL80211_EXT_FEATURE_UNSOL_BCAST_PROBE_RESP: Driver/device supports
+  *	unsolicited broadcast probe response transmission
+  *
++ * @NL80211_EXT_FEATURE_BEACON_RATE_HE: Driver supports beacon rate
++ *	configuration (AP/mesh) with HE rates.
++ *
++ * @NL80211_EXT_FEATURE_SECURE_LTF: Device supports secure LTF measurement
++ *      exchange protocol.
++ *
++ * @NL80211_EXT_FEATURE_SECURE_RTT: Device supports secure RTT measurement
++ *      exchange protocol.
++ *
++ * @NL80211_EXT_FEATURE_PROT_RANGE_NEGO_AND_MEASURE: Device supports management
++ *      frame protection for all management frames exchanged during the
++ *      negotiation and range measurement procedure.
++ *
+  * @NUM_NL80211_EXT_FEATURES: number of extended features.
+  * @MAX_NL80211_EXT_FEATURES: highest extended feature index.
+  */
+@@ -5956,6 +6010,10 @@ enum nl80211_ext_feature_index {
+ 	NL80211_EXT_FEATURE_SAE_OFFLOAD_AP,
+ 	NL80211_EXT_FEATURE_FILS_DISCOVERY,
+ 	NL80211_EXT_FEATURE_UNSOL_BCAST_PROBE_RESP,
++	NL80211_EXT_FEATURE_BEACON_RATE_HE,
++	NL80211_EXT_FEATURE_SECURE_LTF,
++	NL80211_EXT_FEATURE_SECURE_RTT,
++	NL80211_EXT_FEATURE_PROT_RANGE_NEGO_AND_MEASURE,
+ 
+ 	/* add new features before the definition below */
+ 	NUM_NL80211_EXT_FEATURES,
+@@ -6253,11 +6311,13 @@ struct nl80211_vendor_cmd_info {
+  * @NL80211_TDLS_PEER_HT: TDLS peer is HT capable.
+  * @NL80211_TDLS_PEER_VHT: TDLS peer is VHT capable.
+  * @NL80211_TDLS_PEER_WMM: TDLS peer is WMM capable.
++ * @NL80211_TDLS_PEER_HE: TDLS peer is HE capable.
+  */
+ enum nl80211_tdls_peer_capability {
+ 	NL80211_TDLS_PEER_HT = 1<<0,
+ 	NL80211_TDLS_PEER_VHT = 1<<1,
+ 	NL80211_TDLS_PEER_WMM = 1<<2,
++	NL80211_TDLS_PEER_HE = 1<<3,
+ };
+ 
+ /**
+@@ -6849,6 +6909,9 @@ enum nl80211_peer_measurement_ftm_capa {
+  *      if neither %NL80211_PMSR_FTM_REQ_ATTR_TRIGGER_BASED nor
+  *	%NL80211_PMSR_FTM_REQ_ATTR_NON_TRIGGER_BASED is set, EDCA based
+  *	ranging will be used.
++ * @NL80211_PMSR_FTM_REQ_ATTR_LMR_FEEDBACK: negotiate for LMR feedback. Only
++ *	valid if either %NL80211_PMSR_FTM_REQ_ATTR_TRIGGER_BASED or
++ *	%NL80211_PMSR_FTM_REQ_ATTR_NON_TRIGGER_BASED is set.
+  *
+  * @NUM_NL80211_PMSR_FTM_REQ_ATTR: internal
+  * @NL80211_PMSR_FTM_REQ_ATTR_MAX: highest attribute number
+@@ -6867,6 +6930,7 @@ enum nl80211_peer_measurement_ftm_req {
+ 	NL80211_PMSR_FTM_REQ_ATTR_REQUEST_CIVICLOC,
+ 	NL80211_PMSR_FTM_REQ_ATTR_TRIGGER_BASED,
+ 	NL80211_PMSR_FTM_REQ_ATTR_NON_TRIGGER_BASED,
++	NL80211_PMSR_FTM_REQ_ATTR_LMR_FEEDBACK,
+ 
+ 	/* keep last */
+ 	NUM_NL80211_PMSR_FTM_REQ_ATTR,
+@@ -7124,4 +7188,115 @@ enum nl80211_unsol_bcast_probe_resp_attr
+ 	NL80211_UNSOL_BCAST_PROBE_RESP_ATTR_MAX =
+ 		__NL80211_UNSOL_BCAST_PROBE_RESP_ATTR_LAST - 1
+ };
++
++/**
++ * enum nl80211_sae_pwe_mechanism - The mechanism(s) allowed for SAE PWE
++ *	derivation. Applicable only when WPA3-Personal SAE authentication is
++ *	used.
++ *
++ * @NL80211_SAE_PWE_UNSPECIFIED: not specified, used internally to indicate that
++ *	attribute is not present from userspace.
++ * @NL80211_SAE_PWE_HUNT_AND_PECK: hunting-and-pecking loop only
++ * @NL80211_SAE_PWE_HASH_TO_ELEMENT: hash-to-element only
++ * @NL80211_SAE_PWE_BOTH: both hunting-and-pecking loop and hash-to-element
++ *	can be used.
++ */
++enum nl80211_sae_pwe_mechanism {
++	NL80211_SAE_PWE_UNSPECIFIED,
++	NL80211_SAE_PWE_HUNT_AND_PECK,
++	NL80211_SAE_PWE_HASH_TO_ELEMENT,
++	NL80211_SAE_PWE_BOTH,
++};
++
++/**
++ * enum nl80211_sar_type - type of SAR specs
++ *
++ * @NL80211_SAR_TYPE_POWER: power limitation specified in 0.25dBm unit
++ *
++ */
++enum nl80211_sar_type {
++	NL80211_SAR_TYPE_POWER,
++
++	/* add new type here */
++
++	/* Keep last */
++	NUM_NL80211_SAR_TYPE,
++};
++
++/**
++ * enum nl80211_sar_attrs - Attributes for SAR spec
++ *
++ * @NL80211_SAR_ATTR_TYPE: the SAR type as defined in &enum nl80211_sar_type.
++ *
++ * @NL80211_SAR_ATTR_SPECS: Nested array of SAR power
++ *	limit specifications. Each specification contains a set
++ *	of %nl80211_sar_specs_attrs.
++ *
++ *	For SET operation, it contains array of %NL80211_SAR_ATTR_SPECS_POWER
++ *	and %NL80211_SAR_ATTR_SPECS_RANGE_INDEX.
++ *
++ *	For sar_capa dump, it contains array of
++ *	%NL80211_SAR_ATTR_SPECS_START_FREQ
++ *	and %NL80211_SAR_ATTR_SPECS_END_FREQ.
++ *
++ * @__NL80211_SAR_ATTR_LAST: Internal
++ * @NL80211_SAR_ATTR_MAX: highest sar attribute
++ *
++ * These attributes are used with %NL80211_CMD_SET_SAR_SPEC
++ */
++enum nl80211_sar_attrs {
++	__NL80211_SAR_ATTR_INVALID,
++
++	NL80211_SAR_ATTR_TYPE,
++	NL80211_SAR_ATTR_SPECS,
++
++	__NL80211_SAR_ATTR_LAST,
++	NL80211_SAR_ATTR_MAX = __NL80211_SAR_ATTR_LAST - 1,
++};
++
++/**
++ * enum nl80211_sar_specs_attrs - Attributes for SAR power limit specs
++ *
++ * @NL80211_SAR_ATTR_SPECS_POWER: Required (s32)value to specify the actual
++ *	power limit value in units of 0.25 dBm if type is
++ *	NL80211_SAR_TYPE_POWER. (i.e., a value of 44 represents 11 dBm).
++ *	0 means userspace doesn't have SAR limitation on this associated range.
++ *
++ * @NL80211_SAR_ATTR_SPECS_RANGE_INDEX: Required (u32) value to specify the
++ *	index of exported freq range table and the associated power limitation
++ *	is applied to this range.
++ *
++ *	Userspace isn't required to set all the ranges advertised by WLAN driver,
++ *	and userspace can skip some certain ranges. These skipped ranges don't
++ *	have SAR limitations, and they are same as setting the
++ *	%NL80211_SAR_ATTR_SPECS_POWER to any unreasonable high value because any
++ *	value higher than regulatory allowed value just means SAR power
++ *	limitation is removed, but it's required to set at least one range.
++ *	It's not allowed to set duplicated range in one SET operation.
++ *
++ *	Every SET operation overwrites previous SET operation.
++ *
++ * @NL80211_SAR_ATTR_SPECS_START_FREQ: Required (u32) value to specify the start
++ *	frequency of this range edge when registering SAR capability to wiphy.
++ *	It's not a channel center frequency. The unit is kHz.
++ *
++ * @NL80211_SAR_ATTR_SPECS_END_FREQ: Required (u32) value to specify the end
++ *	frequency of this range edge when registering SAR capability to wiphy.
++ *	It's not a channel center frequency. The unit is kHz.
++ *
++ * @__NL80211_SAR_ATTR_SPECS_LAST: Internal
++ * @NL80211_SAR_ATTR_SPECS_MAX: highest sar specs attribute
++ */
++enum nl80211_sar_specs_attrs {
++	__NL80211_SAR_ATTR_SPECS_INVALID,
++
++	NL80211_SAR_ATTR_SPECS_POWER,
++	NL80211_SAR_ATTR_SPECS_RANGE_INDEX,
++	NL80211_SAR_ATTR_SPECS_START_FREQ,
++	NL80211_SAR_ATTR_SPECS_END_FREQ,
++
++	__NL80211_SAR_ATTR_SPECS_LAST,
++	NL80211_SAR_ATTR_SPECS_MAX = __NL80211_SAR_ATTR_SPECS_LAST - 1,
++};
++
+ #endif /* __LINUX_NL80211_H */

package/kernel/mac80211/patches/subsys/100-remove-cryptoapi-dependencies.patch

@@ -439,7 +439,7 @@
  }
  
  
-@@ -543,13 +542,13 @@ ieee80211_crypto_ccmp_decrypt(struct iee
+@@ -546,13 +545,13 @@ ieee80211_crypto_ccmp_decrypt(struct iee
  			u8 aad[2 * AES_BLOCK_SIZE];
  			u8 b_0[AES_BLOCK_SIZE];
  			/* hardware didn't decrypt/verify MIC */
@@ -455,7 +455,7 @@
  				return RX_DROP_UNUSABLE;
  		}
  
-@@ -646,7 +645,7 @@ static int gcmp_encrypt_skb(struct ieee8
+@@ -649,7 +648,7 @@ static int gcmp_encrypt_skb(struct ieee8
  	u8 *pos;
  	u8 pn[6];
  	u64 pn64;
@@ -464,7 +464,7 @@
  	u8 j_0[AES_BLOCK_SIZE];
  
  	if (info->control.hw_key &&
-@@ -703,8 +702,10 @@ static int gcmp_encrypt_skb(struct ieee8
+@@ -706,8 +705,10 @@ static int gcmp_encrypt_skb(struct ieee8
  
  	pos += IEEE80211_GCMP_HDR_LEN;
  	gcmp_special_blocks(skb, pn, j_0, aad);
@@ -477,7 +477,7 @@
  }
  
  ieee80211_tx_result
-@@ -1133,9 +1134,9 @@ ieee80211_crypto_aes_gmac_encrypt(struct
+@@ -1139,9 +1140,9 @@ ieee80211_crypto_aes_gmac_encrypt(struct
  	struct ieee80211_key *key = tx->key;
  	struct ieee80211_mmie_16 *mmie;
  	struct ieee80211_hdr *hdr;
@@ -489,7 +489,7 @@
  
  	if (WARN_ON(skb_queue_len(&tx->skbs) != 1))
  		return TX_DROP;
-@@ -1181,7 +1182,7 @@ ieee80211_crypto_aes_gmac_decrypt(struct
+@@ -1187,7 +1188,7 @@ ieee80211_crypto_aes_gmac_decrypt(struct
  	struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(skb);
  	struct ieee80211_key *key = rx->key;
  	struct ieee80211_mmie_16 *mmie;

package/kernel/mac80211/patches/subsys/110-mac80211_keep_keys_on_stop_ap.patch

@@ -2,7 +2,7 @@ Used for AP+STA support in OpenWrt - preserve AP mode keys across STA reconnects
 
 --- a/net/mac80211/cfg.c
 +++ b/net/mac80211/cfg.c
-@@ -1288,7 +1288,6 @@ static int ieee80211_stop_ap(struct wiph
+@@ -1310,7 +1310,6 @@ static int ieee80211_stop_ap(struct wiph
  	sdata->vif.bss_conf.ftmr_params = NULL;
  
  	__sta_info_flush(sdata, true);

package/kernel/mac80211/patches/subsys/210-ap_scan.patch

@@ -1,6 +1,6 @@
 --- a/net/mac80211/cfg.c
 +++ b/net/mac80211/cfg.c
-@@ -2444,7 +2444,7 @@ static int ieee80211_scan(struct wiphy *
+@@ -2463,7 +2463,7 @@ static int ieee80211_scan(struct wiphy *
  		 * the  frames sent while scanning on other channel will be
  		 * lost)
  		 */

package/kernel/mac80211/patches/subsys/300-cfg80211-support-immediate-reconnect-request-hint.patch

@@ -14,7 +14,7 @@ Signed-off-by: Johannes Berg <johannes.berg@intel.com>
 
 --- a/include/net/cfg80211.h
 +++ b/include/net/cfg80211.h
-@@ -6410,13 +6410,15 @@ void cfg80211_abandon_assoc(struct net_d
+@@ -6408,13 +6408,15 @@ void cfg80211_abandon_assoc(struct net_d
   * @dev: network device
   * @buf: 802.11 frame (header + body)
   * @len: length of the frame data
@@ -31,31 +31,9 @@ Signed-off-by: Johannes Berg <johannes.berg@intel.com>
  
  /**
   * cfg80211_rx_unprot_mlme_mgmt - notification of unprotected mlme mgmt frame
---- a/include/uapi/linux/nl80211.h
-+++ b/include/uapi/linux/nl80211.h
-@@ -2527,6 +2527,10 @@ enum nl80211_commands {
-  *	override mask. Used with NL80211_ATTR_S1G_CAPABILITY in
-  *	NL80211_CMD_ASSOCIATE or NL80211_CMD_CONNECT.
-  *
-+ * @NL80211_ATTR_RECONNECT_REQUESTED: flag attribute, used with deauth and
-+ *	disassoc events to indicate that an immediate reconnect to the AP
-+ *	is desired.
-+ *
-  * @NUM_NL80211_ATTR: total number of nl80211_attrs available
-  * @NL80211_ATTR_MAX: highest attribute number currently defined
-  * @__NL80211_ATTR_AFTER_LAST: internal use
-@@ -3016,6 +3020,8 @@ enum nl80211_attrs {
- 	NL80211_ATTR_S1G_CAPABILITY,
- 	NL80211_ATTR_S1G_CAPABILITY_MASK,
- 
-+	NL80211_ATTR_RECONNECT_REQUESTED,
-+
- 	/* add attributes here, update the policy in nl80211.c */
- 
- 	__NL80211_ATTR_AFTER_LAST,
 --- a/net/mac80211/mlme.c
 +++ b/net/mac80211/mlme.c
-@@ -2734,7 +2734,7 @@ static void ieee80211_report_disconnect(
+@@ -2733,7 +2733,7 @@ static void ieee80211_report_disconnect(
  	};
  
  	if (tx)
@@ -64,7 +42,7 @@ Signed-off-by: Johannes Berg <johannes.berg@intel.com>
  	else
  		cfg80211_rx_mlme_mgmt(sdata->dev, buf, len);
  
-@@ -4724,7 +4724,8 @@ void ieee80211_mgd_quiesce(struct ieee80
+@@ -4734,7 +4734,8 @@ void ieee80211_mgd_quiesce(struct ieee80
  		if (ifmgd->auth_data)
  			ieee80211_destroy_auth_data(sdata, false);
  		cfg80211_tx_mlme_mgmt(sdata->dev, frame_buf,
@@ -174,7 +152,7 @@ Signed-off-by: Johannes Berg <johannes.berg@intel.com>
  };
  
  /* policy for the key attributes */
-@@ -15903,7 +15904,7 @@ static void nl80211_send_mlme_event(stru
+@@ -15914,7 +15915,7 @@ static void nl80211_send_mlme_event(stru
  				    const u8 *buf, size_t len,
  				    enum nl80211_commands cmd, gfp_t gfp,
  				    int uapsd_queues, const u8 *req_ies,
@@ -183,7 +161,7 @@ Signed-off-by: Johannes Berg <johannes.berg@intel.com>
  {
  	struct sk_buff *msg;
  	void *hdr;
-@@ -15925,6 +15926,9 @@ static void nl80211_send_mlme_event(stru
+@@ -15936,6 +15937,9 @@ static void nl80211_send_mlme_event(stru
  	     nla_put(msg, NL80211_ATTR_REQ_IE, req_ies_len, req_ies)))
  		goto nla_put_failure;
  
@@ -193,7 +171,7 @@ Signed-off-by: Johannes Berg <johannes.berg@intel.com>
  	if (uapsd_queues >= 0) {
  		struct nlattr *nla_wmm =
  			nla_nest_start_noflag(msg, NL80211_ATTR_STA_WME);
-@@ -15953,7 +15957,8 @@ void nl80211_send_rx_auth(struct cfg8021
+@@ -15964,7 +15968,8 @@ void nl80211_send_rx_auth(struct cfg8021
  			  size_t len, gfp_t gfp)
  {
  	nl80211_send_mlme_event(rdev, netdev, buf, len,
@@ -203,7 +181,7 @@ Signed-off-by: Johannes Berg <johannes.berg@intel.com>
  }
  
  void nl80211_send_rx_assoc(struct cfg80211_registered_device *rdev,
-@@ -15963,23 +15968,25 @@ void nl80211_send_rx_assoc(struct cfg802
+@@ -15974,23 +15979,25 @@ void nl80211_send_rx_assoc(struct cfg802
  {
  	nl80211_send_mlme_event(rdev, netdev, buf, len,
  				NL80211_CMD_ASSOCIATE, gfp, uapsd_queues,
@@ -234,7 +212,7 @@ Signed-off-by: Johannes Berg <johannes.berg@intel.com>
  }
  
  void cfg80211_rx_unprot_mlme_mgmt(struct net_device *dev, const u8 *buf,
-@@ -16010,7 +16017,7 @@ void cfg80211_rx_unprot_mlme_mgmt(struct
+@@ -16021,7 +16028,7 @@ void cfg80211_rx_unprot_mlme_mgmt(struct
  
  	trace_cfg80211_rx_unprot_mlme_mgmt(dev, buf, len);
  	nl80211_send_mlme_event(rdev, dev, buf, len, cmd, GFP_ATOMIC, -1,

package/kernel/mac80211/patches/subsys/301-mac80211-support-driver-based-disconnect-with-reconn.patch

@@ -47,7 +47,7 @@ Signed-off-by: Johannes Berg <johannes.berg@intel.com>
  	struct ieee80211_mgd_auth_data *auth_data;
 --- a/net/mac80211/mlme.c
 +++ b/net/mac80211/mlme.c
-@@ -2725,7 +2725,7 @@ EXPORT_SYMBOL(ieee80211_ap_probereq_get)
+@@ -2724,7 +2724,7 @@ EXPORT_SYMBOL(ieee80211_ap_probereq_get)
  
  static void ieee80211_report_disconnect(struct ieee80211_sub_if_data *sdata,
  					const u8 *buf, size_t len, bool tx,
@@ -56,7 +56,7 @@ Signed-off-by: Johannes Berg <johannes.berg@intel.com>
  {
  	struct ieee80211_event event = {
  		.type = MLME_EVENT,
-@@ -2734,7 +2734,7 @@ static void ieee80211_report_disconnect(
+@@ -2733,7 +2733,7 @@ static void ieee80211_report_disconnect(
  	};
  
  	if (tx)
@@ -65,7 +65,7 @@ Signed-off-by: Johannes Berg <johannes.berg@intel.com>
  	else
  		cfg80211_rx_mlme_mgmt(sdata->dev, buf, len);
  
-@@ -2756,13 +2756,18 @@ static void __ieee80211_disconnect(struc
+@@ -2755,13 +2755,18 @@ static void __ieee80211_disconnect(struc
  
  	tx = !sdata->csa_block_tx;
  
@@ -89,7 +89,7 @@ Signed-off-by: Johannes Berg <johannes.berg@intel.com>
  			       tx, frame_buf);
  	mutex_lock(&local->mtx);
  	sdata->vif.csa_active = false;
-@@ -2775,7 +2780,9 @@ static void __ieee80211_disconnect(struc
+@@ -2774,7 +2779,9 @@ static void __ieee80211_disconnect(struc
  	mutex_unlock(&local->mtx);
  
  	ieee80211_report_disconnect(sdata, frame_buf, sizeof(frame_buf), tx,
@@ -100,7 +100,7 @@ Signed-off-by: Johannes Berg <johannes.berg@intel.com>
  
  	sdata_unlock(sdata);
  }
-@@ -2794,6 +2801,13 @@ static void ieee80211_beacon_connection_
+@@ -2793,6 +2800,13 @@ static void ieee80211_beacon_connection_
  		sdata_info(sdata, "Connection to AP %pM lost\n",
  			   ifmgd->bssid);
  		__ieee80211_disconnect(sdata);
@@ -114,7 +114,7 @@ Signed-off-by: Johannes Berg <johannes.berg@intel.com>
  	} else {
  		ieee80211_mgd_probe_ap(sdata, true);
  	}
-@@ -2832,6 +2846,21 @@ void ieee80211_connection_loss(struct ie
+@@ -2831,6 +2845,21 @@ void ieee80211_connection_loss(struct ie
  }
  EXPORT_SYMBOL(ieee80211_connection_loss);
  
@@ -136,7 +136,7 @@ Signed-off-by: Johannes Berg <johannes.berg@intel.com>
  
  static void ieee80211_destroy_auth_data(struct ieee80211_sub_if_data *sdata,
  					bool assoc)
-@@ -3135,7 +3164,7 @@ static void ieee80211_rx_mgmt_deauth(str
+@@ -3141,7 +3170,7 @@ static void ieee80211_rx_mgmt_deauth(str
  		ieee80211_set_disassoc(sdata, 0, 0, false, NULL);
  
  		ieee80211_report_disconnect(sdata, (u8 *)mgmt, len, false,
@@ -145,7 +145,7 @@ Signed-off-by: Johannes Berg <johannes.berg@intel.com>
  		return;
  	}
  
-@@ -3184,7 +3213,8 @@ static void ieee80211_rx_mgmt_disassoc(s
+@@ -3190,7 +3219,8 @@ static void ieee80211_rx_mgmt_disassoc(s
  
  	ieee80211_set_disassoc(sdata, 0, 0, false, NULL);
  
@@ -155,7 +155,7 @@ Signed-off-by: Johannes Berg <johannes.berg@intel.com>
  }
  
  static void ieee80211_get_rates(struct ieee80211_supported_band *sband,
-@@ -4204,7 +4234,8 @@ static void ieee80211_rx_mgmt_beacon(str
+@@ -4214,7 +4244,8 @@ static void ieee80211_rx_mgmt_beacon(str
  				       true, deauth_buf);
  		ieee80211_report_disconnect(sdata, deauth_buf,
  					    sizeof(deauth_buf), true,
@@ -165,7 +165,7 @@ Signed-off-by: Johannes Berg <johannes.berg@intel.com>
  		return;
  	}
  
-@@ -4349,7 +4380,7 @@ static void ieee80211_sta_connection_los
+@@ -4359,7 +4390,7 @@ static void ieee80211_sta_connection_los
  			       tx, frame_buf);
  
  	ieee80211_report_disconnect(sdata, frame_buf, sizeof(frame_buf), true,
@@ -174,7 +174,7 @@ Signed-off-by: Johannes Berg <johannes.berg@intel.com>
  }
  
  static int ieee80211_auth(struct ieee80211_sub_if_data *sdata)
-@@ -5439,7 +5470,8 @@ int ieee80211_mgd_auth(struct ieee80211_
+@@ -5449,7 +5480,8 @@ int ieee80211_mgd_auth(struct ieee80211_
  
  		ieee80211_report_disconnect(sdata, frame_buf,
  					    sizeof(frame_buf), true,
@@ -184,7 +184,7 @@ Signed-off-by: Johannes Berg <johannes.berg@intel.com>
  	}
  
  	sdata_info(sdata, "authenticate with %pM\n", req->bss->bssid);
-@@ -5511,7 +5543,8 @@ int ieee80211_mgd_assoc(struct ieee80211
+@@ -5521,7 +5553,8 @@ int ieee80211_mgd_assoc(struct ieee80211
  
  		ieee80211_report_disconnect(sdata, frame_buf,
  					    sizeof(frame_buf), true,
@@ -194,7 +194,7 @@ Signed-off-by: Johannes Berg <johannes.berg@intel.com>
  	}
  
  	if (ifmgd->auth_data && !ifmgd->auth_data->done) {
-@@ -5810,7 +5843,7 @@ int ieee80211_mgd_deauth(struct ieee8021
+@@ -5824,7 +5857,7 @@ int ieee80211_mgd_deauth(struct ieee8021
  		ieee80211_destroy_auth_data(sdata, false);
  		ieee80211_report_disconnect(sdata, frame_buf,
  					    sizeof(frame_buf), true,
@@ -203,7 +203,7 @@ Signed-off-by: Johannes Berg <johannes.berg@intel.com>
  
  		return 0;
  	}
-@@ -5830,7 +5863,7 @@ int ieee80211_mgd_deauth(struct ieee8021
+@@ -5844,7 +5877,7 @@ int ieee80211_mgd_deauth(struct ieee8021
  		ieee80211_destroy_assoc_data(sdata, false, true);
  		ieee80211_report_disconnect(sdata, frame_buf,
  					    sizeof(frame_buf), true,
@@ -212,7 +212,7 @@ Signed-off-by: Johannes Berg <johannes.berg@intel.com>
  		return 0;
  	}
  
-@@ -5845,7 +5878,7 @@ int ieee80211_mgd_deauth(struct ieee8021
+@@ -5859,7 +5892,7 @@ int ieee80211_mgd_deauth(struct ieee8021
  				       req->reason_code, tx, frame_buf);
  		ieee80211_report_disconnect(sdata, frame_buf,
  					    sizeof(frame_buf), true,
@@ -221,7 +221,7 @@ Signed-off-by: Johannes Berg <johannes.berg@intel.com>
  		return 0;
  	}
  
-@@ -5878,7 +5911,7 @@ int ieee80211_mgd_disassoc(struct ieee80
+@@ -5892,7 +5925,7 @@ int ieee80211_mgd_disassoc(struct ieee80
  			       frame_buf);
  
  	ieee80211_report_disconnect(sdata, frame_buf, sizeof(frame_buf), true,

package/kernel/mac80211/patches/subsys/302-cfg80211-Add-support-to-configure-SAE-PWE-value-to-d.patch

@@ -0,0 +1,74 @@
+From: Rohan Dutta <drohan@codeaurora.org>
+Date: Tue, 27 Oct 2020 12:09:10 +0200
+Subject: [PATCH] cfg80211: Add support to configure SAE PWE value to drivers
+
+Add support to configure SAE PWE preference from userspace to drivers in
+both AP and STA modes. This is needed for cases where the driver takes
+care of Authentication frame processing (SME in the driver) so that
+correct enforcement of the acceptable PWE derivation mechanism can be
+performed.
+
+The userspace applications can pass the sae_pwe value using the
+NL80211_ATTR_SAE_PWE attribute in the NL80211_CMD_CONNECT and
+NL80211_CMD_START_AP commands to the driver. This allows selection
+between the hunting-and-pecking loop and hash-to-element options for PWE
+derivation. For backwards compatibility, this new attribute is optional
+and if not included, the driver is notified of the value being
+unspecified.
+
+Signed-off-by: Rohan Dutta <drohan@codeaurora.org>
+Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
+Link: https://lore.kernel.org/r/20201027100910.22283-1-jouni@codeaurora.org
+Signed-off-by: Johannes Berg <johannes.berg@intel.com>
+---
+
+--- a/include/net/cfg80211.h
++++ b/include/net/cfg80211.h
+@@ -1009,6 +1009,14 @@ struct survey_info {
+  * @sae_pwd: password for SAE authentication (for devices supporting SAE
+  *	offload)
+  * @sae_pwd_len: length of SAE password (for devices supporting SAE offload)
++ * @sae_pwe: The mechanisms allowed for SAE PWE derivation
++ *	NL80211_SAE_PWE_UNSPECIFIED: Not-specified, used to indicate userspace
++ *		did not specify any preference. The driver should follow its
++ *		internal policy in such a scenario.
++ *	NL80211_SAE_PWE_HUNT_AND_PECK: Allow hunting-and-pecking loop only
++ *	NL80211_SAE_PWE_HASH_TO_ELEMENT: Allow hash-to-element only
++ *	NL80211_SAE_PWE_BOTH: Allow either hunting-and-pecking loop
++ *		or hash-to-element
+  */
+ struct cfg80211_crypto_settings {
+ 	u32 wpa_versions;
+@@ -1027,6 +1035,7 @@ struct cfg80211_crypto_settings {
+ 	const u8 *psk;
+ 	const u8 *sae_pwd;
+ 	u8 sae_pwd_len;
++	enum nl80211_sae_pwe_mechanism sae_pwe;
+ };
+ 
+ /**
+--- a/net/wireless/nl80211.c
++++ b/net/wireless/nl80211.c
+@@ -736,6 +736,9 @@ static const struct nla_policy nl80211_p
+ 		NLA_POLICY_EXACT_LEN(IEEE80211_S1G_CAPABILITY_LEN),
+ 	[NL80211_ATTR_S1G_CAPABILITY_MASK] =
+ 		NLA_POLICY_EXACT_LEN(IEEE80211_S1G_CAPABILITY_LEN),
++	[NL80211_ATTR_SAE_PWE] =
++		NLA_POLICY_RANGE(NLA_U8, NL80211_SAE_PWE_HUNT_AND_PECK,
++				 NL80211_SAE_PWE_BOTH),
+ 	[NL80211_ATTR_RECONNECT_REQUESTED] = { .type = NLA_REJECT },
+ };
+ 
+@@ -9763,6 +9766,12 @@ static int nl80211_crypto_settings(struc
+ 			nla_len(info->attrs[NL80211_ATTR_SAE_PASSWORD]);
+ 	}
+ 
++	if (info->attrs[NL80211_ATTR_SAE_PWE])
++		settings->sae_pwe =
++			nla_get_u8(info->attrs[NL80211_ATTR_SAE_PWE]);
++	else
++		settings->sae_pwe = NL80211_SAE_PWE_UNSPECIFIED;
++
+ 	return 0;
+ }
+ 

package/kernel/mac80211/patches/subsys/306-mac80211-set-up-the-fwd_skb-dev-for-mesh-forwarding.patch

@@ -0,0 +1,62 @@
+From: Xing Song <xing.song@mediatek.com>
+Date: Tue, 23 Nov 2021 11:31:23 +0800
+Subject: [PATCH] mac80211: set up the fwd_skb->dev for mesh forwarding
+
+Mesh forwarding requires that the fwd_skb->dev is set up for TX handling,
+otherwise the following warning will be generated, so set it up for the
+pending frames.
+
+[   72.835674 ] WARNING: CPU: 0 PID: 1193 at __skb_flow_dissect+0x284/0x1298
+[   72.842379 ] Modules linked in: ksmbd pppoe ppp_async l2tp_ppp ...
+[   72.962020 ] CPU: 0 PID: 1193 Comm: kworker/u5:1 Tainted: P S 5.4.137 #0
+[   72.969938 ] Hardware name: MT7622_MT7531 RFB (DT)
+[   72.974659 ] Workqueue: napi_workq napi_workfn
+[   72.979025 ] pstate: 60000005 (nZCv daif -PAN -UAO)
+[   72.983822 ] pc : __skb_flow_dissect+0x284/0x1298
+[   72.988444 ] lr : __skb_flow_dissect+0x54/0x1298
+[   72.992977 ] sp : ffffffc010c738c0
+[   72.996293 ] x29: ffffffc010c738c0 x28: 0000000000000000
+[   73.001615 ] x27: 000000000000ffc2 x26: ffffff800c2eb818
+[   73.006937 ] x25: ffffffc010a987c8 x24: 00000000000000ce
+[   73.012259 ] x23: ffffffc010c73a28 x22: ffffffc010a99c60
+[   73.017581 ] x21: 000000000000ffc2 x20: ffffff80094da800
+[   73.022903 ] x19: 0000000000000000 x18: 0000000000000014
+[   73.028226 ] x17: 00000000084d16af x16: 00000000d1fc0bab
+[   73.033548 ] x15: 00000000715f6034 x14: 000000009dbdd301
+[   73.038870 ] x13: 00000000ea4dcbc3 x12: 0000000000000040
+[   73.044192 ] x11: 000000000eb00ff0 x10: 0000000000000000
+[   73.049513 ] x9 : 000000000eb00073 x8 : 0000000000000088
+[   73.054834 ] x7 : 0000000000000000 x6 : 0000000000000001
+[   73.060155 ] x5 : 0000000000000000 x4 : 0000000000000000
+[   73.065476 ] x3 : ffffffc010a98000 x2 : 0000000000000000
+[   73.070797 ] x1 : 0000000000000000 x0 : 0000000000000000
+[   73.076120 ] Call trace:
+[   73.078572 ]  __skb_flow_dissect+0x284/0x1298
+[   73.082846 ]  __skb_get_hash+0x7c/0x228
+[   73.086629 ]  ieee80211_txq_may_transmit+0x7fc/0x17b8 [mac80211]
+[   73.092564 ]  ieee80211_tx_prepare_skb+0x20c/0x268 [mac80211]
+[   73.098238 ]  ieee80211_tx_pending+0x144/0x330 [mac80211]
+[   73.103560 ]  tasklet_action_common.isra.16+0xb4/0x158
+[   73.108618 ]  tasklet_action+0x2c/0x38
+[   73.112286 ]  __do_softirq+0x168/0x3b0
+[   73.115954 ]  do_softirq.part.15+0x88/0x98
+[   73.119969 ]  __local_bh_enable_ip+0xb0/0xb8
+[   73.124156 ]  napi_workfn+0x58/0x90
+[   73.127565 ]  process_one_work+0x20c/0x478
+[   73.131579 ]  worker_thread+0x50/0x4f0
+[   73.135249 ]  kthread+0x124/0x128
+[   73.138484 ]  ret_from_fork+0x10/0x1c
+
+Signed-off-by: Xing Song <xing.song@mediatek.com>
+---
+
+--- a/net/mac80211/rx.c
++++ b/net/mac80211/rx.c
+@@ -2941,6 +2941,7 @@ ieee80211_rx_h_mesh_fwding(struct ieee80
+ 	if (!fwd_skb)
+ 		goto out;
+ 
++	fwd_skb->dev = sdata->dev;
+ 	fwd_hdr =  (struct ieee80211_hdr *) fwd_skb->data;
+ 	fwd_hdr->frame_control &= ~cpu_to_le16(IEEE80211_FCTL_RETRY);
+ 	info = IEEE80211_SKB_CB(fwd_skb);

package/kernel/mac80211/patches/subsys/311-net-fq_impl-drop-get_default_func-move-default-flow-.patch

@@ -132,7 +132,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
  	codel_vars_init(&txqi->def_cvars);
  	codel_stats_init(&txqi->cstats);
  	__skb_queue_head_init(&txqi->frags);
-@@ -3310,8 +3297,7 @@ static bool ieee80211_amsdu_aggregate(st
+@@ -3336,8 +3323,7 @@ static bool ieee80211_amsdu_aggregate(st
  	 */
  
  	tin = &txqi->tin;

package/kernel/mac80211/patches/subsys/312-net-fq_impl-do-not-maintain-a-backlog-sorted-list-of.patch

@@ -306,7 +306,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
  #endif
 --- a/net/mac80211/tx.c
 +++ b/net/mac80211/tx.c
-@@ -3364,8 +3364,6 @@ out_recalc:
+@@ -3398,8 +3398,6 @@ out_recalc:
  	if (head->len != orig_len) {
  		flow->backlog += head->len - orig_len;
  		tin->backlog_bytes += head->len - orig_len;

package/kernel/mac80211/patches/subsys/315-mac80211-add-rx-decapsulation-offload-support.patch

@@ -109,7 +109,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
  
 --- a/net/mac80211/driver-ops.h
 +++ b/net/mac80211/driver-ops.h
-@@ -1413,4 +1413,20 @@ static inline void drv_sta_set_4addr(str
+@@ -1416,4 +1416,20 @@ static inline void drv_sta_set_4addr(str
  	trace_drv_return_void(local);
  }
  
@@ -132,7 +132,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
  #endif /* __MAC80211_DRIVER_OPS */
 --- a/net/mac80211/iface.c
 +++ b/net/mac80211/iface.c
-@@ -835,7 +835,7 @@ static const struct net_device_ops ieee8
+@@ -856,7 +856,7 @@ static const struct net_device_ops ieee8
  
  };
  
@@ -141,7 +141,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
  {
  	switch (iftype) {
  	/* P2P GO and client are mapped to AP/STATION types */
-@@ -855,7 +855,7 @@ static bool ieee80211_set_sdata_offload_
+@@ -876,7 +876,7 @@ static bool ieee80211_set_sdata_offload_
  	flags = sdata->vif.offload_flags;
  
  	if (ieee80211_hw_check(&local->hw, SUPPORTS_TX_ENCAP_OFFLOAD) &&
@@ -150,7 +150,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
  		flags |= IEEE80211_OFFLOAD_ENCAP_ENABLED;
  
  		if (!ieee80211_hw_check(&local->hw, SUPPORTS_TX_FRAG) &&
-@@ -868,10 +868,21 @@ static bool ieee80211_set_sdata_offload_
+@@ -889,10 +889,21 @@ static bool ieee80211_set_sdata_offload_
  		flags &= ~IEEE80211_OFFLOAD_ENCAP_ENABLED;
  	}
  
@@ -172,7 +172,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
  	return true;
  }
  
-@@ -889,7 +900,7 @@ static void ieee80211_set_vif_encap_ops(
+@@ -910,7 +921,7 @@ static void ieee80211_set_vif_encap_ops(
  	}
  
  	if (!ieee80211_hw_check(&local->hw, SUPPORTS_TX_ENCAP_OFFLOAD) ||

package/kernel/mac80211/patches/subsys/316-mac80211-enable-QoS-support-for-nl80211-ctrl-port.patch

@@ -0,0 +1,116 @@
+From: Markus Theil <markus.theil@tu-ilmenau.de>
+Date: Sat, 6 Feb 2021 12:51:12 +0100
+Subject: [PATCH] mac80211: enable QoS support for nl80211 ctrl port
+
+This patch unifies sending control port frames
+over nl80211 and AF_PACKET sockets a little more.
+
+Before this patch, EAPOL frames got QoS prioritization
+only when using AF_PACKET sockets.
+
+__ieee80211_select_queue only selects a QoS-enabled queue
+for control port frames, when the control port protocol
+is set correctly on the skb. For the AF_PACKET path this
+works, but the nl80211 path used ETH_P_802_3.
+
+Another check for injected frames in wme.c then prevented
+the QoS TID to be copied in the frame.
+
+In order to fix this, get rid of the frame injection marking
+for nl80211 ctrl port and set the correct ethernet protocol.
+
+Please note:
+An erlier version of this path tried to prevent
+frame aggregation for control port frames in order to speed up
+the initial connection setup a little. This seemed to cause
+issues on my older Intel dvm-based hardware, and was therefore
+removed again. Future commits which try to reintroduce this
+have to check carefully how hw behaves with aggregated and
+non-aggregated traffic for the same TID.
+My NIC: Intel(R) Centrino(R) Ultimate-N 6300 AGN, REV=0x74
+
+Reported-by: kernel test robot <lkp@intel.com>
+Signed-off-by: Markus Theil <markus.theil@tu-ilmenau.de>
+Link: https://lore.kernel.org/r/20210206115112.567881-1-markus.theil@tu-ilmenau.de
+Signed-off-by: Johannes Berg <johannes.berg@intel.com>
+---
+
+--- a/net/mac80211/status.c
++++ b/net/mac80211/status.c
+@@ -628,16 +628,12 @@ static void ieee80211_report_ack_skb(str
+ 		u64 cookie = IEEE80211_SKB_CB(skb)->ack.cookie;
+ 		struct ieee80211_sub_if_data *sdata;
+ 		struct ieee80211_hdr *hdr = (void *)skb->data;
+-		__be16 ethertype = 0;
+-
+-		if (skb->len >= ETH_HLEN && skb->protocol == cpu_to_be16(ETH_P_802_3))
+-			skb_copy_bits(skb, 2 * ETH_ALEN, &ethertype, ETH_TLEN);
+ 
+ 		rcu_read_lock();
+ 		sdata = ieee80211_sdata_from_skb(local, skb);
+ 		if (sdata) {
+-			if (ethertype == sdata->control_port_protocol ||
+-			    ethertype == cpu_to_be16(ETH_P_PREAUTH))
++			if (skb->protocol == sdata->control_port_protocol ||
++			    skb->protocol == cpu_to_be16(ETH_P_PREAUTH))
+ 				cfg80211_control_port_tx_status(&sdata->wdev,
+ 								cookie,
+ 								skb->data,
+--- a/net/mac80211/tx.c
++++ b/net/mac80211/tx.c
+@@ -1195,9 +1195,7 @@ ieee80211_tx_prepare(struct ieee80211_su
+ 			tx->sta = rcu_dereference(sdata->u.vlan.sta);
+ 			if (!tx->sta && sdata->wdev.use_4addr)
+ 				return TX_DROP;
+-		} else if (info->flags & (IEEE80211_TX_INTFL_NL80211_FRAME_TX |
+-					  IEEE80211_TX_CTL_INJECTED) ||
+-			   tx->sdata->control_port_protocol == tx->skb->protocol) {
++		} else if (tx->sdata->control_port_protocol == tx->skb->protocol) {
+ 			tx->sta = sta_info_get_bss(sdata, hdr->addr1);
+ 		}
+ 		if (!tx->sta && !is_multicast_ether_addr(hdr->addr1))
+@@ -5455,6 +5453,7 @@ int ieee80211_tx_control_port(struct wip
+ {
+ 	struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
+ 	struct ieee80211_local *local = sdata->local;
++	struct sta_info *sta;
+ 	struct sk_buff *skb;
+ 	struct ethhdr *ehdr;
+ 	u32 ctrl_flags = 0;
+@@ -5477,8 +5476,7 @@ int ieee80211_tx_control_port(struct wip
+ 	if (cookie)
+ 		ctrl_flags |= IEEE80211_TX_CTL_REQ_TX_STATUS;
+ 
+-	flags |= IEEE80211_TX_INTFL_NL80211_FRAME_TX |
+-		 IEEE80211_TX_CTL_INJECTED;
++	flags |= IEEE80211_TX_INTFL_NL80211_FRAME_TX;
+ 
+ 	skb = dev_alloc_skb(local->hw.extra_tx_headroom +
+ 			    sizeof(struct ethhdr) + len);
+@@ -5495,10 +5493,25 @@ int ieee80211_tx_control_port(struct wip
+ 	ehdr->h_proto = proto;
+ 
+ 	skb->dev = dev;
+-	skb->protocol = htons(ETH_P_802_3);
++	skb->protocol = proto;
+ 	skb_reset_network_header(skb);
+ 	skb_reset_mac_header(skb);
+ 
++	/* update QoS header to prioritize control port frames if possible,
++	 * priorization also happens for control port frames send over
++	 * AF_PACKET
++	 */
++	rcu_read_lock();
++
++	if (ieee80211_lookup_ra_sta(sdata, skb, &sta) == 0 && !IS_ERR(sta)) {
++		u16 queue = __ieee80211_select_queue(sdata, sta, skb);
++
++		skb_set_queue_mapping(skb, queue);
++		skb_get_hash(skb);
++	}
++
++	rcu_read_unlock();
++
+ 	/* mutex lock is only needed for incrementing the cookie counter */
+ 	mutex_lock(&local->mtx);
+ 

package/kernel/mac80211/patches/subsys/371-mac80211-don-t-apply-flow-control-on-management-fram.patch

@@ -28,7 +28,7 @@ Signed-off-by: Johannes Berg <johannes.berg@intel.com>
   *
   * Transmit and frame generation functions.
   */
-@@ -1403,8 +1403,17 @@ static void ieee80211_txq_enqueue(struct
+@@ -1401,8 +1401,17 @@ static void ieee80211_txq_enqueue(struct
  	ieee80211_set_skb_enqueue_time(skb);
  
  	spin_lock_bh(&fq->lock);
@@ -48,7 +48,7 @@ Signed-off-by: Johannes Berg <johannes.berg@intel.com>
  	spin_unlock_bh(&fq->lock);
  }
  
-@@ -3846,6 +3855,9 @@ bool ieee80211_txq_airtime_check(struct
+@@ -3878,6 +3887,9 @@ bool ieee80211_txq_airtime_check(struct
  	if (!txq->sta)
  		return true;
  

package/kernel/mac80211/patches/subsys/372-mac80211-set-sk_pacing_shift-for-802.3-txpath.patch

@@ -9,7 +9,7 @@ Signed-off-by: Lorenzo Bianconi <lorenzo@kernel.org>
 
 --- a/net/mac80211/tx.c
 +++ b/net/mac80211/tx.c
-@@ -4173,6 +4173,9 @@ static bool ieee80211_tx_8023(struct iee
+@@ -4205,6 +4205,9 @@ static bool ieee80211_tx_8023(struct iee
  	unsigned long flags;
  	int q = info->hw_queue;
  

package/kernel/mac80211/patches/subsys/373-mac80211-support-Rx-timestamp-calculation-for-all-pr.patch

@@ -33,7 +33,7 @@ Signed-off-by: Johannes Berg <johannes.berg@intel.com>
  void ieee80211_vif_inc_num_mcast(struct ieee80211_sub_if_data *sdata);
 --- a/net/mac80211/util.c
 +++ b/net/mac80211/util.c
-@@ -3665,6 +3665,7 @@ u64 ieee80211_calculate_rx_timestamp(str
+@@ -3670,6 +3670,7 @@ u64 ieee80211_calculate_rx_timestamp(str
  	u64 ts = status->mactime;
  	struct rate_info ri;
  	u16 rate;
@@ -41,7 +41,7 @@ Signed-off-by: Johannes Berg <johannes.berg@intel.com>
  
  	if (WARN_ON(!ieee80211_have_rx_timestamp(status)))
  		return 0;
-@@ -3675,11 +3676,58 @@ u64 ieee80211_calculate_rx_timestamp(str
+@@ -3680,11 +3681,58 @@ u64 ieee80211_calculate_rx_timestamp(str
  
  	/* Fill cfg80211 rate info */
  	switch (status->encoding) {
@@ -100,7 +100,7 @@ Signed-off-by: Johannes Berg <johannes.berg@intel.com>
  		break;
  	case RX_ENC_VHT:
  		ri.flags |= RATE_INFO_FLAGS_VHT_MCS;
-@@ -3687,6 +3735,23 @@ u64 ieee80211_calculate_rx_timestamp(str
+@@ -3692,6 +3740,23 @@ u64 ieee80211_calculate_rx_timestamp(str
  		ri.nss = status->nss;
  		if (status->enc_flags & RX_ENC_FLAG_SHORT_GI)
  			ri.flags |= RATE_INFO_FLAGS_SHORT_GI;
@@ -124,7 +124,7 @@ Signed-off-by: Johannes Berg <johannes.berg@intel.com>
  		break;
  	default:
  		WARN_ON(1);
-@@ -3710,7 +3775,6 @@ u64 ieee80211_calculate_rx_timestamp(str
+@@ -3715,7 +3780,6 @@ u64 ieee80211_calculate_rx_timestamp(str
  		ri.legacy = DIV_ROUND_UP(bitrate, (1 << shift));
  
  		if (status->flag & RX_FLAG_MACTIME_PLCP_START) {

package/kernel/mac80211/patches/subsys/374-mac80211-move-A-MPDU-session-check-from-minstrel_ht-.patch

@@ -0,0 +1,126 @@
+From: Felix Fietkau <nbd@nbd.name>
+Date: Thu, 17 Jun 2021 17:56:54 +0200
+Subject: [PATCH] mac80211: move A-MPDU session check from minstrel_ht to
+ mac80211
+
+This avoids calling back into tx handlers from within the rate control module.
+Preparation for deferring rate control until tx dequeue
+
+Signed-off-by: Felix Fietkau <nbd@nbd.name>
+---
+
+--- a/include/net/mac80211.h
++++ b/include/net/mac80211.h
+@@ -6160,6 +6160,11 @@ enum rate_control_capabilities {
+ 	 * otherwise the NSS difference doesn't bother us.
+ 	 */
+ 	RATE_CTRL_CAPA_VHT_EXT_NSS_BW = BIT(0),
++	/**
++	 * @RATE_CTRL_CAPA_AMPDU_TRIGGER:
++	 * mac80211 should start A-MPDU sessions on tx
++	 */
++	RATE_CTRL_CAPA_AMPDU_TRIGGER = BIT(1),
+ };
+ 
+ struct rate_control_ops {
+--- a/net/mac80211/rc80211_minstrel_ht.c
++++ b/net/mac80211/rc80211_minstrel_ht.c
+@@ -1144,29 +1144,6 @@ minstrel_downgrade_prob_rate(struct mins
+ }
+ 
+ static void
+-minstrel_aggr_check(struct ieee80211_sta *pubsta, struct sk_buff *skb)
+-{
+-	struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;
+-	struct sta_info *sta = container_of(pubsta, struct sta_info, sta);
+-	u16 tid;
+-
+-	if (skb_get_queue_mapping(skb) == IEEE80211_AC_VO)
+-		return;
+-
+-	if (unlikely(!ieee80211_is_data_qos(hdr->frame_control)))
+-		return;
+-
+-	if (unlikely(skb->protocol == cpu_to_be16(ETH_P_PAE)))
+-		return;
+-
+-	tid = ieee80211_get_tid(hdr);
+-	if (likely(sta->ampdu_mlme.tid_tx[tid]))
+-		return;
+-
+-	ieee80211_start_tx_ba_session(pubsta, tid, 0);
+-}
+-
+-static void
+ minstrel_ht_tx_status(void *priv, struct ieee80211_supported_band *sband,
+                       void *priv_sta, struct ieee80211_tx_status *st)
+ {
+@@ -1461,10 +1438,6 @@ minstrel_ht_get_rate(void *priv, struct
+ 	struct minstrel_priv *mp = priv;
+ 	u16 sample_idx;
+ 
+-	if (!(info->flags & IEEE80211_TX_CTL_AMPDU) &&
+-	    !minstrel_ht_is_legacy_group(MI_RATE_GROUP(mi->max_prob_rate)))
+-		minstrel_aggr_check(sta, txrc->skb);
+-
+ 	info->flags |= mi->tx_flags;
+ 
+ #ifdef CPTCFG_MAC80211_DEBUGFS
+@@ -1870,6 +1843,7 @@ static u32 minstrel_ht_get_expected_thro
+ 
+ static const struct rate_control_ops mac80211_minstrel_ht = {
+ 	.name = "minstrel_ht",
++	.capa = RATE_CTRL_CAPA_AMPDU_TRIGGER,
+ 	.tx_status_ext = minstrel_ht_tx_status,
+ 	.get_rate = minstrel_ht_get_rate,
+ 	.rate_init = minstrel_ht_rate_init,
+--- a/net/mac80211/tx.c
++++ b/net/mac80211/tx.c
+@@ -3965,6 +3965,29 @@ void ieee80211_txq_schedule_start(struct
+ }
+ EXPORT_SYMBOL(ieee80211_txq_schedule_start);
+ 
++static void
++ieee80211_aggr_check(struct ieee80211_sub_if_data *sdata,
++		     struct sta_info *sta,
++		     struct sk_buff *skb)
++{
++	struct rate_control_ref *ref = sdata->local->rate_ctrl;
++	u16 tid;
++
++	if (!ref || !(ref->ops->capa & RATE_CTRL_CAPA_AMPDU_TRIGGER))
++		return;
++
++	if (!sta || !sta->sta.ht_cap.ht_supported ||
++	    !sta->sta.wme || skb_get_queue_mapping(skb) == IEEE80211_AC_VO ||
++	    skb->protocol == sdata->control_port_protocol)
++		return;
++
++	tid = skb->priority & IEEE80211_QOS_CTL_TID_MASK;
++	if (likely(sta->ampdu_mlme.tid_tx[tid]))
++		return;
++
++	ieee80211_start_tx_ba_session(&sta->sta, tid, 0);
++}
++
+ void __ieee80211_subif_start_xmit(struct sk_buff *skb,
+ 				  struct net_device *dev,
+ 				  u32 info_flags,
+@@ -3995,6 +4018,8 @@ void __ieee80211_subif_start_xmit(struct
+ 		skb_get_hash(skb);
+ 	}
+ 
++	ieee80211_aggr_check(sdata, sta, skb);
++
+ 	if (sta) {
+ 		struct ieee80211_fast_tx *fast_tx;
+ 
+@@ -4258,6 +4283,8 @@ static void ieee80211_8023_xmit(struct i
+ 
+ 	memset(info, 0, sizeof(*info));
+ 
++	ieee80211_aggr_check(sdata, sta, skb);
++
+ 	tid = skb->priority & IEEE80211_QOS_CTL_TAG1D_MASK;
+ 	tid_tx = rcu_dereference(sta->ampdu_mlme.tid_tx[tid]);
+ 	if (tid_tx) {

package/kernel/mac80211/patches/subsys/375-mac80211-call-ieee80211_tx_h_rate_ctrl-when-dequeue.patch

@@ -0,0 +1,114 @@
+From: Ryder Lee <ryder.lee@mediatek.com>
+Date: Fri, 28 May 2021 14:05:41 +0800
+Subject: [PATCH] mac80211: call ieee80211_tx_h_rate_ctrl() when dequeue
+
+Make ieee80211_tx_h_rate_ctrl() get called on dequeue to improve
+performance since it reduces the turnaround time for rate control.
+
+Signed-off-by: Ryder Lee <ryder.lee@mediatek.com>
+---
+
+--- a/net/mac80211/tx.c
++++ b/net/mac80211/tx.c
+@@ -1778,8 +1778,6 @@ static int invoke_tx_handlers_early(stru
+ 	CALL_TXH(ieee80211_tx_h_ps_buf);
+ 	CALL_TXH(ieee80211_tx_h_check_control_port_protocol);
+ 	CALL_TXH(ieee80211_tx_h_select_key);
+-	if (!ieee80211_hw_check(&tx->local->hw, HAS_RATE_CONTROL))
+-		CALL_TXH(ieee80211_tx_h_rate_ctrl);
+ 
+  txh_done:
+ 	if (unlikely(res == TX_DROP)) {
+@@ -1812,6 +1810,9 @@ static int invoke_tx_handlers_late(struc
+ 		goto txh_done;
+ 	}
+ 
++	if (!ieee80211_hw_check(&tx->local->hw, HAS_RATE_CONTROL))
++		CALL_TXH(ieee80211_tx_h_rate_ctrl);
++
+ 	CALL_TXH(ieee80211_tx_h_michael_mic_add);
+ 	CALL_TXH(ieee80211_tx_h_sequence);
+ 	CALL_TXH(ieee80211_tx_h_fragment);
+@@ -3416,15 +3417,21 @@ out:
+  * Can be called while the sta lock is held. Anything that can cause packets to
+  * be generated will cause deadlock!
+  */
+-static void ieee80211_xmit_fast_finish(struct ieee80211_sub_if_data *sdata,
+-				       struct sta_info *sta, u8 pn_offs,
+-				       struct ieee80211_key *key,
+-				       struct sk_buff *skb)
++static ieee80211_tx_result
++ieee80211_xmit_fast_finish(struct ieee80211_sub_if_data *sdata,
++			   struct sta_info *sta, u8 pn_offs,
++			   struct ieee80211_key *key,
++			   struct ieee80211_tx_data *tx)
+ {
++	struct sk_buff *skb = tx->skb;
+ 	struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
+ 	struct ieee80211_hdr *hdr = (void *)skb->data;
+ 	u8 tid = IEEE80211_NUM_TIDS;
+ 
++	if (!ieee80211_hw_check(&tx->local->hw, HAS_RATE_CONTROL) &&
++	    ieee80211_tx_h_rate_ctrl(tx) != TX_CONTINUE)
++		return TX_DROP;
++
+ 	if (key)
+ 		info->control.hw_key = &key->conf;
+ 
+@@ -3473,6 +3480,8 @@ static void ieee80211_xmit_fast_finish(s
+ 			break;
+ 		}
+ 	}
++
++	return TX_CONTINUE;
+ }
+ 
+ static bool ieee80211_xmit_fast(struct ieee80211_sub_if_data *sdata,
+@@ -3576,24 +3585,17 @@ static bool ieee80211_xmit_fast(struct i
+ 	tx.sta = sta;
+ 	tx.key = fast_tx->key;
+ 
+-	if (!ieee80211_hw_check(&local->hw, HAS_RATE_CONTROL)) {
+-		tx.skb = skb;
+-		r = ieee80211_tx_h_rate_ctrl(&tx);
+-		skb = tx.skb;
+-		tx.skb = NULL;
+-
+-		if (r != TX_CONTINUE) {
+-			if (r != TX_QUEUED)
+-				kfree_skb(skb);
+-			return true;
+-		}
+-	}
+-
+ 	if (ieee80211_queue_skb(local, sdata, sta, skb))
+ 		return true;
+ 
+-	ieee80211_xmit_fast_finish(sdata, sta, fast_tx->pn_offs,
+-				   fast_tx->key, skb);
++	tx.skb = skb;
++	r = ieee80211_xmit_fast_finish(sdata, sta, fast_tx->pn_offs,
++				       fast_tx->key, &tx);
++	tx.skb = NULL;
++	if (r == TX_DROP) {
++		kfree_skb(skb);
++		return true;
++	}
+ 
+ 	if (sdata->vif.type == NL80211_IFTYPE_AP_VLAN)
+ 		sdata = container_of(sdata->bss,
+@@ -3704,8 +3706,12 @@ begin:
+ 		    (tx.key->conf.flags & IEEE80211_KEY_FLAG_GENERATE_IV))
+ 			pn_offs = ieee80211_hdrlen(hdr->frame_control);
+ 
+-		ieee80211_xmit_fast_finish(sta->sdata, sta, pn_offs,
+-					   tx.key, skb);
++		r = ieee80211_xmit_fast_finish(sta->sdata, sta, pn_offs,
++					       tx.key, &tx);
++		if (r != TX_CONTINUE) {
++			ieee80211_free_txskb(&local->hw, skb);
++			goto begin;
++		}
+ 	} else {
+ 		if (invoke_tx_handlers_late(&tx))
+ 			goto begin;

package/kernel/mac80211/patches/subsys/376-mac80211-add-rate-control-support-for-encap-offload.patch

@@ -0,0 +1,126 @@
+From: Ryder Lee <ryder.lee@mediatek.com>
+Date: Fri, 28 May 2021 14:05:43 +0800
+Subject: [PATCH] mac80211: add rate control support for encap offload
+
+The software rate control cannot deal with encap offload, so fix it.
+
+Signed-off-by: Ryder Lee <ryder.lee@mediatek.com>
+---
+
+--- a/net/mac80211/rate.c
++++ b/net/mac80211/rate.c
+@@ -297,15 +297,11 @@ void ieee80211_check_rate_mask(struct ie
+ static bool rc_no_data_or_no_ack_use_min(struct ieee80211_tx_rate_control *txrc)
+ {
+ 	struct sk_buff *skb = txrc->skb;
+-	struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;
+ 	struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
+-	__le16 fc;
+-
+-	fc = hdr->frame_control;
+ 
+ 	return (info->flags & (IEEE80211_TX_CTL_NO_ACK |
+ 			       IEEE80211_TX_CTL_USE_MINRATE)) ||
+-		!ieee80211_is_data(fc);
++		!ieee80211_is_tx_data(skb);
+ }
+ 
+ static void rc_send_low_basicrate(struct ieee80211_tx_rate *rate,
+@@ -870,7 +866,6 @@ void ieee80211_get_tx_rates(struct ieee8
+ 			    int max_rates)
+ {
+ 	struct ieee80211_sub_if_data *sdata;
+-	struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;
+ 	struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
+ 	struct ieee80211_supported_band *sband;
+ 
+@@ -882,7 +877,7 @@ void ieee80211_get_tx_rates(struct ieee8
+ 	sdata = vif_to_sdata(vif);
+ 	sband = sdata->local->hw.wiphy->bands[info->band];
+ 
+-	if (ieee80211_is_data(hdr->frame_control))
++	if (ieee80211_is_tx_data(skb))
+ 		rate_control_apply_mask(sdata, sta, sband, dest, max_rates);
+ 
+ 	if (dest[0].idx < 0)
+--- a/net/mac80211/tx.c
++++ b/net/mac80211/tx.c
+@@ -679,6 +679,7 @@ ieee80211_tx_h_rate_ctrl(struct ieee8021
+ 	u32 len;
+ 	struct ieee80211_tx_rate_control txrc;
+ 	struct ieee80211_sta_rates *ratetbl = NULL;
++	bool encap = info->flags & IEEE80211_TX_CTL_HW_80211_ENCAP;
+ 	bool assoc = false;
+ 
+ 	memset(&txrc, 0, sizeof(txrc));
+@@ -720,7 +721,7 @@ ieee80211_tx_h_rate_ctrl(struct ieee8021
+ 	 * just wants a probe response.
+ 	 */
+ 	if (tx->sdata->vif.bss_conf.use_short_preamble &&
+-	    (ieee80211_is_data(hdr->frame_control) ||
++	    (ieee80211_is_tx_data(tx->skb) ||
+ 	     (tx->sta && test_sta_flag(tx->sta, WLAN_STA_SHORT_PREAMBLE))))
+ 		txrc.short_preamble = true;
+ 
+@@ -742,7 +743,8 @@ ieee80211_tx_h_rate_ctrl(struct ieee8021
+ 		 "%s: Dropped data frame as no usable bitrate found while "
+ 		 "scanning and associated. Target station: "
+ 		 "%pM on %d GHz band\n",
+-		 tx->sdata->name, hdr->addr1,
++		 tx->sdata->name,
++		 encap ? ((struct ethhdr *)hdr)->h_dest : hdr->addr1,
+ 		 info->band ? 5 : 2))
+ 		return TX_DROP;
+ 
+@@ -776,7 +778,7 @@ ieee80211_tx_h_rate_ctrl(struct ieee8021
+ 
+ 	if (txrc.reported_rate.idx < 0) {
+ 		txrc.reported_rate = tx->rate;
+-		if (tx->sta && ieee80211_is_data(hdr->frame_control))
++		if (tx->sta && ieee80211_is_tx_data(tx->skb))
+ 			tx->sta->tx_stats.last_rate = txrc.reported_rate;
+ 	} else if (tx->sta)
+ 		tx->sta->tx_stats.last_rate = txrc.reported_rate;
+@@ -3694,8 +3696,16 @@ begin:
+ 	else
+ 		info->flags &= ~IEEE80211_TX_CTL_AMPDU;
+ 
+-	if (info->flags & IEEE80211_TX_CTL_HW_80211_ENCAP)
++	if (info->flags & IEEE80211_TX_CTL_HW_80211_ENCAP) {
++		if (!ieee80211_hw_check(&local->hw, HAS_RATE_CONTROL)) {
++			r = ieee80211_tx_h_rate_ctrl(&tx);
++			if (r != TX_CONTINUE) {
++				ieee80211_free_txskb(&local->hw, skb);
++				goto begin;
++			}
++		}
+ 		goto encap_out;
++	}
+ 
+ 	if (info->control.flags & IEEE80211_TX_CTRL_FAST_XMIT) {
+ 		struct sta_info *sta = container_of(txq->sta, struct sta_info,
+--- a/include/net/mac80211.h
++++ b/include/net/mac80211.h
+@@ -6733,4 +6733,22 @@ struct sk_buff *ieee80211_get_fils_disco
+ struct sk_buff *
+ ieee80211_get_unsol_bcast_probe_resp_tmpl(struct ieee80211_hw *hw,
+ 					  struct ieee80211_vif *vif);
++
++/**
++ * ieee80211_is_tx_data - check if frame is a data frame
++ *
++ * The function is used to check if a frame is a data frame. Frames with
++ * hardware encapsulation enabled are data frames.
++ *
++ * @skb: the frame to be transmitted.
++ */
++static inline bool ieee80211_is_tx_data(struct sk_buff *skb)
++{
++	struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
++	struct ieee80211_hdr *hdr = (void *) skb->data;
++
++	return info->flags & IEEE80211_TX_CTL_HW_80211_ENCAP ||
++	       ieee80211_is_data(hdr->frame_control);
++}
++
+ #endif /* MAC80211_H */

package/kernel/mac80211/patches/subsys/377-mac80211-minstrel_ht-fix-sample-time-check.patch

@@ -0,0 +1,23 @@
+From: Felix Fietkau <nbd@nbd.name>
+Date: Thu, 17 Jun 2021 12:05:54 +0200
+Subject: [PATCH] mac80211: minstrel_ht: fix sample time check
+
+We need to skip sampling if the next sample time is after jiffies, not before.
+This patch fixes an issue where in some cases only very little sampling (or none
+at all) is performed, leading to really bad data rates
+
+Fixes: 80d55154b2f8 ("mac80211: minstrel_ht: significantly redesign the rate probing strategy")
+Signed-off-by: Felix Fietkau <nbd@nbd.name>
+---
+
+--- a/net/mac80211/rc80211_minstrel_ht.c
++++ b/net/mac80211/rc80211_minstrel_ht.c
+@@ -1450,7 +1450,7 @@ minstrel_ht_get_rate(void *priv, struct
+ 	    (info->control.flags & IEEE80211_TX_CTRL_PORT_CTRL_PROTO))
+ 		return;
+ 
+-	if (time_is_before_jiffies(mi->sample_time))
++	if (time_is_after_jiffies(mi->sample_time))
+ 		return;
+ 
+ 	mi->sample_time = jiffies + MINSTREL_SAMPLE_INTERVAL;

package/kernel/mac80211/patches/subsys/379-mac80211-fix-starting-aggregation-sessions-on-mesh-i.patch

@@ -0,0 +1,112 @@
+From: Felix Fietkau <nbd@nbd.name>
+Date: Tue, 29 Jun 2021 13:25:09 +0200
+Subject: [PATCH] mac80211: fix starting aggregation sessions on mesh
+ interfaces
+
+The logic for starting aggregation sessions was recently moved from minstrel_ht
+to mac80211, into the subif tx handler just after the sta lookup.
+Unfortunately this didn't work for mesh interfaces, since the sta lookup is
+deferred until a much later point in time on those.
+Fix this by also calling the aggregation check right after the deferred sta
+lookup.
+
+Fixes: 08a46c642001 ("mac80211: move A-MPDU session check from minstrel_ht to mac80211")
+Signed-off-by: Felix Fietkau <nbd@nbd.name>
+---
+
+--- a/net/mac80211/tx.c
++++ b/net/mac80211/tx.c
+@@ -1159,6 +1159,29 @@ static bool ieee80211_tx_prep_agg(struct
+ 	return queued;
+ }
+ 
++static void
++ieee80211_aggr_check(struct ieee80211_sub_if_data *sdata,
++		     struct sta_info *sta,
++		     struct sk_buff *skb)
++{
++	struct rate_control_ref *ref = sdata->local->rate_ctrl;
++	u16 tid;
++
++	if (!ref || !(ref->ops->capa & RATE_CTRL_CAPA_AMPDU_TRIGGER))
++		return;
++
++	if (!sta || !sta->sta.ht_cap.ht_supported ||
++	    !sta->sta.wme || skb_get_queue_mapping(skb) == IEEE80211_AC_VO ||
++	    skb->protocol == sdata->control_port_protocol)
++		return;
++
++	tid = skb->priority & IEEE80211_QOS_CTL_TID_MASK;
++	if (likely(sta->ampdu_mlme.tid_tx[tid]))
++		return;
++
++	ieee80211_start_tx_ba_session(&sta->sta, tid, 0);
++}
++
+ /*
+  * initialises @tx
+  * pass %NULL for the station if unknown, a valid pointer if known
+@@ -1172,6 +1195,7 @@ ieee80211_tx_prepare(struct ieee80211_su
+ 	struct ieee80211_local *local = sdata->local;
+ 	struct ieee80211_hdr *hdr;
+ 	struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
++	bool aggr_check = false;
+ 	int tid;
+ 
+ 	memset(tx, 0, sizeof(*tx));
+@@ -1200,8 +1224,10 @@ ieee80211_tx_prepare(struct ieee80211_su
+ 		} else if (tx->sdata->control_port_protocol == tx->skb->protocol) {
+ 			tx->sta = sta_info_get_bss(sdata, hdr->addr1);
+ 		}
+-		if (!tx->sta && !is_multicast_ether_addr(hdr->addr1))
++		if (!tx->sta && !is_multicast_ether_addr(hdr->addr1)) {
+ 			tx->sta = sta_info_get(sdata, hdr->addr1);
++			aggr_check = true;
++		}
+ 	}
+ 
+ 	if (tx->sta && ieee80211_is_data_qos(hdr->frame_control) &&
+@@ -1211,8 +1237,12 @@ ieee80211_tx_prepare(struct ieee80211_su
+ 		struct tid_ampdu_tx *tid_tx;
+ 
+ 		tid = ieee80211_get_tid(hdr);
+-
+ 		tid_tx = rcu_dereference(tx->sta->ampdu_mlme.tid_tx[tid]);
++		if (!tid_tx && aggr_check) {
++			ieee80211_aggr_check(sdata, tx->sta, skb);
++			tid_tx = rcu_dereference(tx->sta->ampdu_mlme.tid_tx[tid]);
++		}
++
+ 		if (tid_tx) {
+ 			bool queued;
+ 
+@@ -3981,29 +4011,6 @@ void ieee80211_txq_schedule_start(struct
+ }
+ EXPORT_SYMBOL(ieee80211_txq_schedule_start);
+ 
+-static void
+-ieee80211_aggr_check(struct ieee80211_sub_if_data *sdata,
+-		     struct sta_info *sta,
+-		     struct sk_buff *skb)
+-{
+-	struct rate_control_ref *ref = sdata->local->rate_ctrl;
+-	u16 tid;
+-
+-	if (!ref || !(ref->ops->capa & RATE_CTRL_CAPA_AMPDU_TRIGGER))
+-		return;
+-
+-	if (!sta || !sta->sta.ht_cap.ht_supported ||
+-	    !sta->sta.wme || skb_get_queue_mapping(skb) == IEEE80211_AC_VO ||
+-	    skb->protocol == sdata->control_port_protocol)
+-		return;
+-
+-	tid = skb->priority & IEEE80211_QOS_CTL_TID_MASK;
+-	if (likely(sta->ampdu_mlme.tid_tx[tid]))
+-		return;
+-
+-	ieee80211_start_tx_ba_session(&sta->sta, tid, 0);
+-}
+-
+ void __ieee80211_subif_start_xmit(struct sk_buff *skb,
+ 				  struct net_device *dev,
+ 				  u32 info_flags,

package/kernel/mac80211/patches/subsys/380-mac80211-introduce-aql_enable-node-in-debugfs.patch

@@ -0,0 +1,111 @@
+From: Lorenzo Bianconi <lorenzo@kernel.org>
+Date: Sat, 9 Jan 2021 18:57:51 +0100
+Subject: [PATCH] mac80211: introduce aql_enable node in debugfs
+
+Introduce aql_enable node in debugfs in order to enable/disable aql.
+This is useful for debugging purpose.
+
+Signed-off-by: Lorenzo Bianconi <lorenzo@kernel.org>
+Link: https://lore.kernel.org/r/e7a934d5d84e4796c4f97ea5de4e66c824296b07.1610214851.git.lorenzo@kernel.org
+Signed-off-by: Johannes Berg <johannes.berg@intel.com>
+---
+
+--- a/net/mac80211/debugfs.c
++++ b/net/mac80211/debugfs.c
+@@ -281,6 +281,56 @@ static const struct file_operations aql_
+ 	.llseek = default_llseek,
+ };
+ 
++static ssize_t aql_enable_read(struct file *file, char __user *user_buf,
++			       size_t count, loff_t *ppos)
++{
++	char buf[3];
++	int len;
++
++	len = scnprintf(buf, sizeof(buf), "%d\n",
++			!static_key_false(&aql_disable.key));
++
++	return simple_read_from_buffer(user_buf, count, ppos, buf, len);
++}
++
++static ssize_t aql_enable_write(struct file *file, const char __user *user_buf,
++				size_t count, loff_t *ppos)
++{
++	bool aql_disabled = static_key_false(&aql_disable.key);
++	char buf[3];
++	size_t len;
++
++	if (count > sizeof(buf))
++		return -EINVAL;
++
++	if (copy_from_user(buf, user_buf, count))
++		return -EFAULT;
++
++	buf[sizeof(buf) - 1] = '\0';
++	len = strlen(buf);
++	if (len > 0 && buf[len - 1] == '\n')
++		buf[len - 1] = 0;
++
++	if (buf[0] == '0' && buf[1] == '\0') {
++		if (!aql_disabled)
++			static_branch_inc(&aql_disable);
++	} else if (buf[0] == '1' && buf[1] == '\0') {
++		if (aql_disabled)
++			static_branch_dec(&aql_disable);
++	} else {
++		return -EINVAL;
++	}
++
++	return count;
++}
++
++static const struct file_operations aql_enable_ops = {
++	.write = aql_enable_write,
++	.read = aql_enable_read,
++	.open = simple_open,
++	.llseek = default_llseek,
++};
++
+ static ssize_t force_tx_status_read(struct file *file,
+ 				    char __user *user_buf,
+ 				    size_t count,
+@@ -569,6 +619,7 @@ void debugfs_hw_add(struct ieee80211_loc
+ 	DEBUGFS_ADD(power);
+ 	DEBUGFS_ADD(hw_conf);
+ 	DEBUGFS_ADD_MODE(force_tx_status, 0600);
++	DEBUGFS_ADD_MODE(aql_enable, 0600);
+ 
+ 	if (local->ops->wake_tx_queue)
+ 		DEBUGFS_ADD_MODE(aqm, 0600);
+--- a/net/mac80211/ieee80211_i.h
++++ b/net/mac80211/ieee80211_i.h
+@@ -1140,6 +1140,8 @@ enum mac80211_scan_state {
+ 	SCAN_ABORT,
+ };
+ 
++DECLARE_STATIC_KEY_FALSE(aql_disable);
++
+ struct ieee80211_local {
+ 	/* embed the driver visible part.
+ 	 * don't cast (use the static inlines below), but we keep
+--- a/net/mac80211/tx.c
++++ b/net/mac80211/tx.c
+@@ -3921,6 +3921,8 @@ void __ieee80211_schedule_txq(struct iee
+ }
+ EXPORT_SYMBOL(__ieee80211_schedule_txq);
+ 
++DEFINE_STATIC_KEY_FALSE(aql_disable);
++
+ bool ieee80211_txq_airtime_check(struct ieee80211_hw *hw,
+ 				 struct ieee80211_txq *txq)
+ {
+@@ -3930,6 +3932,9 @@ bool ieee80211_txq_airtime_check(struct
+ 	if (!wiphy_ext_feature_isset(local->hw.wiphy, NL80211_EXT_FEATURE_AQL))
+ 		return true;
+ 
++	if (static_branch_unlikely(&aql_disable))
++		return true;
++
+ 	if (!txq->sta)
+ 		return true;
+ 

package/kernel/mac80211/patches/subsys/381-mac80211-rearrange-struct-txq_info-for-fewer-holes.patch

@@ -0,0 +1,39 @@
+From: Johannes Berg <johannes.berg@intel.com>
+Date: Fri, 18 Jun 2021 13:41:44 +0300
+Subject: [PATCH] mac80211: rearrange struct txq_info for fewer holes
+
+We can slightly decrease the size of struct txq_info by
+rearranging some fields for fewer holes, so do that.
+
+Signed-off-by: Johannes Berg <johannes.berg@intel.com>
+Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
+Link: https://lore.kernel.org/r/iwlwifi.20210618133832.1bf019a1fe2e.Ib54622b8d6dc1a9a7dc484e573c073119450538b@changeid
+Signed-off-by: Johannes Berg <johannes.berg@intel.com>
+---
+
+--- a/net/mac80211/ieee80211_i.h
++++ b/net/mac80211/ieee80211_i.h
+@@ -5,7 +5,7 @@
+  * Copyright 2006-2007	Jiri Benc <jbenc@suse.cz>
+  * Copyright 2007-2010	Johannes Berg <johannes@sipsolutions.net>
+  * Copyright 2013-2015  Intel Mobile Communications GmbH
+- * Copyright (C) 2018-2020 Intel Corporation
++ * Copyright (C) 2018-2021 Intel Corporation
+  */
+ 
+ #ifndef IEEE80211_I_H
+@@ -848,9 +848,12 @@ struct txq_info {
+ 	struct fq_tin tin;
+ 	struct codel_vars def_cvars;
+ 	struct codel_stats cstats;
+-	struct sk_buff_head frags;
+-	struct list_head schedule_order;
++
+ 	u16 schedule_round;
++	struct list_head schedule_order;
++
++	struct sk_buff_head frags;
++
+ 	unsigned long flags;
+ 
+ 	/* keep last! */

package/kernel/mac80211/patches/subsys/384-nl80211-add-common-API-to-configure-SAR-power-limita.patch

@@ -0,0 +1,398 @@
+From: Carl Huang <cjhuang@codeaurora.org>
+Date: Thu, 3 Dec 2020 05:37:26 -0500
+Subject: [PATCH] nl80211: add common API to configure SAR power limitations
+
+NL80211_CMD_SET_SAR_SPECS is added to configure SAR from
+user space. NL80211_ATTR_SAR_SPEC is used to pass the SAR
+power specification when used with NL80211_CMD_SET_SAR_SPECS.
+
+Wireless driver needs to register SAR type, supported frequency
+ranges to wiphy, so user space can query it. The index in
+frequency range is used to specify which sub band the power
+limitation applies to. The SAR type is for compatibility, so later
+other SAR mechanism can be implemented without breaking the user
+space SAR applications.
+
+Normal process is user space queries the SAR capability, and
+gets the index of supported frequency ranges and associates the
+power limitation with this index and sends to kernel.
+
+Here is an example of message send to kernel:
+8c 00 00 00 08 00 01 00 00 00 00 00 38 00 2b 81
+08 00 01 00 00 00 00 00 2c 00 02 80 14 00 00 80
+08 00 02 00 00 00 00 00 08 00 01 00 38 00 00 00
+14 00 01 80 08 00 02 00 01 00 00 00 08 00 01 00
+48 00 00 00
+
+NL80211_CMD_SET_SAR_SPECS:  0x8c
+NL80211_ATTR_WIPHY:     0x01(phy idx is 0)
+NL80211_ATTR_SAR_SPEC:  0x812b (NLA_NESTED)
+NL80211_SAR_ATTR_TYPE:  0x00 (NL80211_SAR_TYPE_POWER)
+NL80211_SAR_ATTR_SPECS: 0x8002 (NLA_NESTED)
+freq range 0 power: 0x38 in 0.25dbm unit (14dbm)
+freq range 1 power: 0x48 in 0.25dbm unit (18dbm)
+
+Signed-off-by: Carl Huang <cjhuang@codeaurora.org>
+Reviewed-by: Brian Norris <briannorris@chromium.org>
+Reviewed-by: Abhishek Kumar <kuabhs@chromium.org>
+Link: https://lore.kernel.org/r/20201203103728.3034-2-cjhuang@codeaurora.org
+[minor edits, NLA parse cleanups]
+Signed-off-by: Johannes Berg <johannes.berg@intel.com>
+---
+
+--- a/include/net/cfg80211.h
++++ b/include/net/cfg80211.h
+@@ -1737,6 +1737,54 @@ struct station_info {
+ 	u8 connected_to_as;
+ };
+ 
++/**
++ * struct cfg80211_sar_sub_specs - sub specs limit
++ * @power: power limitation in 0.25dbm
++ * @freq_range_index: index the power limitation applies to
++ */
++struct cfg80211_sar_sub_specs {
++	s32 power;
++	u32 freq_range_index;
++};
++
++/**
++ * struct cfg80211_sar_specs - sar limit specs
++ * @type: it's set with power in 0.25dbm or other types
++ * @num_sub_specs: number of sar sub specs
++ * @sub_specs: memory to hold the sar sub specs
++ */
++struct cfg80211_sar_specs {
++	enum nl80211_sar_type type;
++	u32 num_sub_specs;
++	struct cfg80211_sar_sub_specs sub_specs[];
++};
++
++
++/**
++ * @struct cfg80211_sar_chan_ranges - sar frequency ranges
++ * @start_freq:  start range edge frequency
++ * @end_freq:    end range edge frequency
++ */
++struct cfg80211_sar_freq_ranges {
++	u32 start_freq;
++	u32 end_freq;
++};
++
++/**
++ * struct cfg80211_sar_capa - sar limit capability
++ * @type: it's set via power in 0.25dbm or other types
++ * @num_freq_ranges: number of frequency ranges
++ * @freq_ranges: memory to hold the freq ranges.
++ *
++ * Note: WLAN driver may append new ranges or split an existing
++ * range to small ones and then append them.
++ */
++struct cfg80211_sar_capa {
++	enum nl80211_sar_type type;
++	u32 num_freq_ranges;
++	const struct cfg80211_sar_freq_ranges *freq_ranges;
++};
++
+ #if IS_ENABLED(CPTCFG_CFG80211)
+ /**
+  * cfg80211_get_station - retrieve information about a given station
+@@ -4259,6 +4307,8 @@ struct cfg80211_ops {
+ 				  struct cfg80211_tid_config *tid_conf);
+ 	int	(*reset_tid_config)(struct wiphy *wiphy, struct net_device *dev,
+ 				    const u8 *peer, u8 tids);
++	int	(*set_sar_specs)(struct wiphy *wiphy,
++				 struct cfg80211_sar_specs *sar);
+ };
+ 
+ /*
+@@ -5030,6 +5080,8 @@ struct wiphy {
+ 
+ 	u8 max_data_retry_count;
+ 
++	const struct cfg80211_sar_capa *sar_capa;
++
+ 	char priv[] __aligned(NETDEV_ALIGN);
+ };
+ 
+--- a/net/wireless/nl80211.c
++++ b/net/wireless/nl80211.c
+@@ -405,6 +405,18 @@ nl80211_unsol_bcast_probe_resp_policy[NL
+ 						       .len = IEEE80211_MAX_DATA_LEN }
+ };
+ 
++static const struct nla_policy
++sar_specs_policy[NL80211_SAR_ATTR_SPECS_MAX + 1] = {
++	[NL80211_SAR_ATTR_SPECS_POWER] = { .type = NLA_S32 },
++	[NL80211_SAR_ATTR_SPECS_RANGE_INDEX] = {.type = NLA_U32 },
++};
++
++static const struct nla_policy
++sar_policy[NL80211_SAR_ATTR_MAX + 1] = {
++	[NL80211_SAR_ATTR_TYPE] = NLA_POLICY_MAX(NLA_U32, NUM_NL80211_SAR_TYPE),
++	[NL80211_SAR_ATTR_SPECS] = NLA_POLICY_NESTED_ARRAY(sar_specs_policy),
++};
++
+ static const struct nla_policy nl80211_policy[NUM_NL80211_ATTR] = {
+ 	[0] = { .strict_start_type = NL80211_ATTR_HE_OBSS_PD },
+ 	[NL80211_ATTR_WIPHY] = { .type = NLA_U32 },
+@@ -739,6 +751,7 @@ static const struct nla_policy nl80211_p
+ 	[NL80211_ATTR_SAE_PWE] =
+ 		NLA_POLICY_RANGE(NLA_U8, NL80211_SAE_PWE_HUNT_AND_PECK,
+ 				 NL80211_SAE_PWE_BOTH),
++	[NL80211_ATTR_SAR_SPEC] = NLA_POLICY_NESTED(sar_policy),
+ 	[NL80211_ATTR_RECONNECT_REQUESTED] = { .type = NLA_REJECT },
+ };
+ 
+@@ -2117,6 +2130,56 @@ fail:
+ 	return -ENOBUFS;
+ }
+ 
++static int
++nl80211_put_sar_specs(struct cfg80211_registered_device *rdev,
++		      struct sk_buff *msg)
++{
++	struct nlattr *sar_capa, *specs, *sub_freq_range;
++	u8 num_freq_ranges;
++	int i;
++
++	if (!rdev->wiphy.sar_capa)
++		return 0;
++
++	num_freq_ranges = rdev->wiphy.sar_capa->num_freq_ranges;
++
++	sar_capa = nla_nest_start(msg, NL80211_ATTR_SAR_SPEC);
++	if (!sar_capa)
++		return -ENOSPC;
++
++	if (nla_put_u32(msg, NL80211_SAR_ATTR_TYPE, rdev->wiphy.sar_capa->type))
++		goto fail;
++
++	specs = nla_nest_start(msg, NL80211_SAR_ATTR_SPECS);
++	if (!specs)
++		goto fail;
++
++	/* report supported freq_ranges */
++	for (i = 0; i < num_freq_ranges; i++) {
++		sub_freq_range = nla_nest_start(msg, i + 1);
++		if (!sub_freq_range)
++			goto fail;
++
++		if (nla_put_u32(msg, NL80211_SAR_ATTR_SPECS_START_FREQ,
++				rdev->wiphy.sar_capa->freq_ranges[i].start_freq))
++			goto fail;
++
++		if (nla_put_u32(msg, NL80211_SAR_ATTR_SPECS_END_FREQ,
++				rdev->wiphy.sar_capa->freq_ranges[i].end_freq))
++			goto fail;
++
++		nla_nest_end(msg, sub_freq_range);
++	}
++
++	nla_nest_end(msg, specs);
++	nla_nest_end(msg, sar_capa);
++
++	return 0;
++fail:
++	nla_nest_cancel(msg, sar_capa);
++	return -ENOBUFS;
++}
++
+ struct nl80211_dump_wiphy_state {
+ 	s64 filter_wiphy;
+ 	long start;
+@@ -2366,6 +2429,8 @@ static int nl80211_send_wiphy(struct cfg
+ 			CMD(set_multicast_to_unicast, SET_MULTICAST_TO_UNICAST);
+ 			CMD(update_connect_params, UPDATE_CONNECT_PARAMS);
+ 			CMD(update_ft_ies, UPDATE_FT_IES);
++			if (rdev->wiphy.sar_capa)
++				CMD(set_sar_specs, SET_SAR_SPECS);
+ 		}
+ #undef CMD
+ 
+@@ -2691,6 +2756,11 @@ static int nl80211_send_wiphy(struct cfg
+ 
+ 		if (nl80211_put_tid_config_support(rdev, msg))
+ 			goto nla_put_failure;
++		state->split_start++;
++		break;
++	case 16:
++		if (nl80211_put_sar_specs(rdev, msg))
++			goto nla_put_failure;
+ 
+ 		/* done */
+ 		state->split_start = 0;
+@@ -14724,6 +14794,111 @@ static void nl80211_post_doit(__genl_con
+ 	}
+ }
+ 
++static int nl80211_set_sar_sub_specs(struct cfg80211_registered_device *rdev,
++				     struct cfg80211_sar_specs *sar_specs,
++				     struct nlattr *spec[], int index)
++{
++	u32 range_index, i;
++
++	if (!sar_specs || !spec)
++		return -EINVAL;
++
++	if (!spec[NL80211_SAR_ATTR_SPECS_POWER] ||
++	    !spec[NL80211_SAR_ATTR_SPECS_RANGE_INDEX])
++		return -EINVAL;
++
++	range_index = nla_get_u32(spec[NL80211_SAR_ATTR_SPECS_RANGE_INDEX]);
++
++	/* check if range_index exceeds num_freq_ranges */
++	if (range_index >= rdev->wiphy.sar_capa->num_freq_ranges)
++		return -EINVAL;
++
++	/* check if range_index duplicates */
++	for (i = 0; i < index; i++) {
++		if (sar_specs->sub_specs[i].freq_range_index == range_index)
++			return -EINVAL;
++	}
++
++	sar_specs->sub_specs[index].power =
++		nla_get_s32(spec[NL80211_SAR_ATTR_SPECS_POWER]);
++
++	sar_specs->sub_specs[index].freq_range_index = range_index;
++
++	return 0;
++}
++
++static int nl80211_set_sar_specs(struct sk_buff *skb, struct genl_info *info)
++{
++	struct cfg80211_registered_device *rdev = info->user_ptr[0];
++	struct nlattr *spec[NL80211_SAR_ATTR_SPECS_MAX + 1];
++	struct nlattr *tb[NL80211_SAR_ATTR_MAX + 1];
++	struct cfg80211_sar_specs *sar_spec;
++	enum nl80211_sar_type type;
++	struct nlattr *spec_list;
++	u32 specs;
++	int rem, err;
++
++	if (!rdev->wiphy.sar_capa || !rdev->ops->set_sar_specs)
++		return -EOPNOTSUPP;
++
++	if (!info->attrs[NL80211_ATTR_SAR_SPEC])
++		return -EINVAL;
++
++	nla_parse_nested(tb, NL80211_SAR_ATTR_MAX,
++			 info->attrs[NL80211_ATTR_SAR_SPEC],
++			 NULL, NULL);
++
++	if (!tb[NL80211_SAR_ATTR_TYPE] || !tb[NL80211_SAR_ATTR_SPECS])
++		return -EINVAL;
++
++	type = nla_get_u32(tb[NL80211_SAR_ATTR_TYPE]);
++	if (type != rdev->wiphy.sar_capa->type)
++		return -EINVAL;
++
++	specs = 0;
++	nla_for_each_nested(spec_list, tb[NL80211_SAR_ATTR_SPECS], rem)
++		specs++;
++
++	if (specs > rdev->wiphy.sar_capa->num_freq_ranges)
++		return -EINVAL;
++
++	sar_spec = kzalloc(sizeof(*sar_spec) +
++			   specs * sizeof(struct cfg80211_sar_sub_specs),
++			   GFP_KERNEL);
++	if (!sar_spec)
++		return -ENOMEM;
++
++	sar_spec->type = type;
++	specs = 0;
++	nla_for_each_nested(spec_list, tb[NL80211_SAR_ATTR_SPECS], rem) {
++		nla_parse_nested(spec, NL80211_SAR_ATTR_SPECS_MAX,
++				 spec_list, NULL, NULL);
++
++		switch (type) {
++		case NL80211_SAR_TYPE_POWER:
++			if (nl80211_set_sar_sub_specs(rdev, sar_spec,
++						      spec, specs)) {
++				err = -EINVAL;
++				goto error;
++			}
++			break;
++		default:
++			err = -EINVAL;
++			goto error;
++		}
++		specs++;
++	}
++
++	sar_spec->num_sub_specs = specs;
++
++	rdev->cur_cmd_info = info;
++	err = rdev_set_sar_specs(rdev, sar_spec);
++	rdev->cur_cmd_info = NULL;
++error:
++	kfree(sar_spec);
++	return err;
++}
++
+ static __genl_const struct genl_ops nl80211_ops[] = {
+ 	{
+ 		.cmd = NL80211_CMD_GET_WIPHY,
+@@ -15587,6 +15762,14 @@ static const struct genl_small_ops nl802
+ 		.internal_flags = NL80211_FLAG_NEED_NETDEV |
+ 				  NL80211_FLAG_NEED_RTNL,
+ 	},
++	{
++		.cmd = NL80211_CMD_SET_SAR_SPECS,
++		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
++		.doit = nl80211_set_sar_specs,
++		.flags = GENL_UNS_ADMIN_PERM,
++		.internal_flags = NL80211_FLAG_NEED_WIPHY |
++				  NL80211_FLAG_NEED_RTNL,
++	},
+ };
+ 
+ static struct genl_family nl80211_fam __genl_ro_after_init = {
+--- a/net/wireless/rdev-ops.h
++++ b/net/wireless/rdev-ops.h
+@@ -1356,4 +1356,16 @@ static inline int rdev_reset_tid_config(
+ 	return ret;
+ }
+ 
++static inline int rdev_set_sar_specs(struct cfg80211_registered_device *rdev,
++				     struct cfg80211_sar_specs *sar)
++{
++	int ret;
++
++	trace_rdev_set_sar_specs(&rdev->wiphy, sar);
++	ret = rdev->ops->set_sar_specs(&rdev->wiphy, sar);
++	trace_rdev_return_int(&rdev->wiphy, ret);
++
++	return ret;
++}
++
+ #endif /* __CFG80211_RDEV_OPS */
+--- a/net/wireless/trace.h
++++ b/net/wireless/trace.h
+@@ -3551,6 +3551,25 @@ TRACE_EVENT(rdev_reset_tid_config,
+ 	TP_printk(WIPHY_PR_FMT ", " NETDEV_PR_FMT ", peer: " MAC_PR_FMT ", tids: 0x%x",
+ 		  WIPHY_PR_ARG, NETDEV_PR_ARG, MAC_PR_ARG(peer), __entry->tids)
+ );
++
++TRACE_EVENT(rdev_set_sar_specs,
++	TP_PROTO(struct wiphy *wiphy, struct cfg80211_sar_specs *sar),
++	TP_ARGS(wiphy, sar),
++	TP_STRUCT__entry(
++		WIPHY_ENTRY
++		__field(u16, type)
++		__field(u16, num)
++	),
++	TP_fast_assign(
++		WIPHY_ASSIGN;
++		__entry->type = sar->type;
++		__entry->num = sar->num_sub_specs;
++
++	),
++	TP_printk(WIPHY_PR_FMT ", Set type:%d, num_specs:%d",
++		  WIPHY_PR_ARG, __entry->type, __entry->num)
++);
++
+ #endif /* !__RDEV_OPS_TRACE || TRACE_HEADER_MULTI_READ */
+ 
+ #undef TRACE_INCLUDE_PATH

package/kernel/mac80211/patches/subsys/385-mac80211-add-ieee80211_set_sar_specs.patch

@@ -0,0 +1,51 @@
+From: Carl Huang <cjhuang@codeaurora.org>
+Date: Thu, 3 Dec 2020 05:37:27 -0500
+Subject: [PATCH] mac80211: add ieee80211_set_sar_specs
+
+This change registers ieee80211_set_sar_specs to
+mac80211_config_ops, so cfg80211 can call it.
+
+Signed-off-by: Carl Huang <cjhuang@codeaurora.org>
+Reviewed-by: Brian Norris <briannorris@chromium.org>
+Reviewed-by: Abhishek Kumar <kuabhs@chromium.org>
+Link: https://lore.kernel.org/r/20201203103728.3034-3-cjhuang@codeaurora.org
+Signed-off-by: Johannes Berg <johannes.berg@intel.com>
+---
+
+--- a/include/net/mac80211.h
++++ b/include/net/mac80211.h
+@@ -4207,6 +4207,8 @@ struct ieee80211_ops {
+ 				   struct ieee80211_vif *vif);
+ 	void (*sta_set_4addr)(struct ieee80211_hw *hw, struct ieee80211_vif *vif,
+ 			      struct ieee80211_sta *sta, bool enabled);
++	int (*set_sar_specs)(struct ieee80211_hw *hw,
++			     const struct cfg80211_sar_specs *sar);
+ 	void (*sta_set_decap_offload)(struct ieee80211_hw *hw,
+ 				      struct ieee80211_vif *vif,
+ 				      struct ieee80211_sta *sta, bool enabled);
+--- a/net/mac80211/cfg.c
++++ b/net/mac80211/cfg.c
+@@ -4136,6 +4136,17 @@ static int ieee80211_reset_tid_config(st
+ 	return ret;
+ }
+ 
++static int ieee80211_set_sar_specs(struct wiphy *wiphy,
++				   struct cfg80211_sar_specs *sar)
++{
++	struct ieee80211_local *local = wiphy_priv(wiphy);
++
++	if (!local->ops->set_sar_specs)
++		return -EOPNOTSUPP;
++
++	return local->ops->set_sar_specs(&local->hw, sar);
++}
++
+ const struct cfg80211_ops mac80211_config_ops = {
+ 	.add_virtual_intf = ieee80211_add_iface,
+ 	.del_virtual_intf = ieee80211_del_iface,
+@@ -4239,4 +4250,5 @@ const struct cfg80211_ops mac80211_confi
+ 	.probe_mesh_link = ieee80211_probe_mesh_link,
+ 	.set_tid_config = ieee80211_set_tid_config,
+ 	.reset_tid_config = ieee80211_reset_tid_config,
++	.set_sar_specs = ieee80211_set_sar_specs,
+ };

package/kernel/mac80211/patches/subsys/386-mac80211-check-per-vif-offload_flags-in-Tx-path.patch

@@ -0,0 +1,26 @@
+From: Ryder Lee <ryder.lee@mediatek.com>
+Date: Fri, 18 Jun 2021 04:38:59 +0800
+Subject: [PATCH] mac80211: check per vif offload_flags in Tx path
+
+offload_flags has been introduced to indicate encap status of each interface.
+An interface can encap offload at runtime, or if it has some extra limitations
+it can simply override the flags, so it's more flexible to check offload_flags
+in Tx path.
+
+Signed-off-by: Ryder Lee <ryder.lee@mediatek.com>
+Link: https://lore.kernel.org/r/177785418cf407808bf3a44760302d0647076990.1623961575.git.ryder.lee@mediatek.com
+Signed-off-by: Johannes Berg <johannes.berg@intel.com>
+---
+
+--- a/net/mac80211/tx.c
++++ b/net/mac80211/tx.c
+@@ -3335,6 +3335,9 @@ static bool ieee80211_amsdu_aggregate(st
+ 	if (!ieee80211_hw_check(&local->hw, TX_AMSDU))
+ 		return false;
+ 
++	if (sdata->vif.offload_flags & IEEE80211_OFFLOAD_ENCAP_ENABLED)
++		return false;
++
+ 	if (skb_is_gso(skb))
+ 		return false;
+ 

package/kernel/mac80211/patches/subsys/387-nl80211-add-support-for-BSS-coloring.patch

@@ -0,0 +1,485 @@
+From: John Crispin <john@phrozen.org>
+Date: Fri, 2 Jul 2021 19:44:07 +0200
+Subject: [PATCH] nl80211: add support for BSS coloring
+
+This patch adds support for BSS color collisions to the wireless subsystem.
+Add the required functionality to nl80211 that will notify about color
+collisions, triggering the color change and notifying when it is completed.
+
+Co-developed-by: Lorenzo Bianconi <lorenzo@kernel.org>
+Signed-off-by: Lorenzo Bianconi <lorenzo@kernel.org>
+Signed-off-by: John Crispin <john@phrozen.org>
+Link: https://lore.kernel.org/r/500b3582aec8fe2c42ef46f3117b148cb7cbceb5.1625247619.git.lorenzo@kernel.org
+[remove unnecessary NULL initialisation]
+Signed-off-by: Johannes Berg <johannes.berg@intel.com>
+---
+
+--- a/include/net/cfg80211.h
++++ b/include/net/cfg80211.h
+@@ -1252,6 +1252,27 @@ struct cfg80211_csa_settings {
+ #define CFG80211_MAX_NUM_DIFFERENT_CHANNELS 10
+ 
+ /**
++ * struct cfg80211_color_change_settings - color change settings
++ *
++ * Used for bss color change
++ *
++ * @beacon_color_change: beacon data while performing the color countdown
++ * @counter_offsets_beacon: offsets of the counters within the beacon (tail)
++ * @counter_offsets_presp: offsets of the counters within the probe response
++ * @beacon_next: beacon data to be used after the color change
++ * @count: number of beacons until the color change
++ * @color: the color used after the change
++ */
++struct cfg80211_color_change_settings {
++	struct cfg80211_beacon_data beacon_color_change;
++	u16 counter_offset_beacon;
++	u16 counter_offset_presp;
++	struct cfg80211_beacon_data beacon_next;
++	u8 count;
++	u8 color;
++};
++
++/**
+  * struct iface_combination_params - input parameters for interface combinations
+  *
+  * Used to pass interface combination parameters
+@@ -3979,6 +4000,8 @@ struct mgmt_frame_regs {
+  *	This callback may sleep.
+  * @reset_tid_config: Reset TID specific configuration for the peer, for the
+  *	given TIDs. This callback may sleep.
++ *
++ * @color_change: Initiate a color change.
+  */
+ struct cfg80211_ops {
+ 	int	(*suspend)(struct wiphy *wiphy, struct cfg80211_wowlan *wow);
+@@ -4309,6 +4332,9 @@ struct cfg80211_ops {
+ 				    const u8 *peer, u8 tids);
+ 	int	(*set_sar_specs)(struct wiphy *wiphy,
+ 				 struct cfg80211_sar_specs *sar);
++	int	(*color_change)(struct wiphy *wiphy,
++				struct net_device *dev,
++				struct cfg80211_color_change_settings *params);
+ };
+ 
+ /*
+@@ -8092,4 +8118,70 @@ void cfg80211_update_owe_info_event(stru
+  */
+ void cfg80211_bss_flush(struct wiphy *wiphy);
+ 
++/**
++ * cfg80211_bss_color_notify - notify about bss color event
++ * @dev: network device
++ * @gfp: allocation flags
++ * @cmd: the actual event we want to notify
++ * @count: the number of TBTTs until the color change happens
++ * @color_bitmap: representations of the colors that the local BSS is aware of
++ */
++int cfg80211_bss_color_notify(struct net_device *dev, gfp_t gfp,
++			      enum nl80211_commands cmd, u8 count,
++			      u64 color_bitmap);
++
++/**
++ * cfg80211_obss_color_collision_notify - notify about bss color collision
++ * @dev: network device
++ * @color_bitmap: representations of the colors that the local BSS is aware of
++ */
++static inline int cfg80211_obss_color_collision_notify(struct net_device *dev,
++						       u64 color_bitmap)
++{
++	return cfg80211_bss_color_notify(dev, GFP_KERNEL,
++					 NL80211_CMD_OBSS_COLOR_COLLISION,
++					 0, color_bitmap);
++}
++
++/**
++ * cfg80211_color_change_started_notify - notify color change start
++ * @dev: the device on which the color is switched
++ * @count: the number of TBTTs until the color change happens
++ *
++ * Inform the userspace about the color change that has started.
++ */
++static inline int cfg80211_color_change_started_notify(struct net_device *dev,
++						       u8 count)
++{
++	return cfg80211_bss_color_notify(dev, GFP_KERNEL,
++					 NL80211_CMD_COLOR_CHANGE_STARTED,
++					 count, 0);
++}
++
++/**
++ * cfg80211_color_change_aborted_notify - notify color change abort
++ * @dev: the device on which the color is switched
++ *
++ * Inform the userspace about the color change that has aborted.
++ */
++static inline int cfg80211_color_change_aborted_notify(struct net_device *dev)
++{
++	return cfg80211_bss_color_notify(dev, GFP_KERNEL,
++					 NL80211_CMD_COLOR_CHANGE_ABORTED,
++					 0, 0);
++}
++
++/**
++ * cfg80211_color_change_notify - notify color change completion
++ * @dev: the device on which the color was switched
++ *
++ * Inform the userspace about the color change that has completed.
++ */
++static inline int cfg80211_color_change_notify(struct net_device *dev)
++{
++	return cfg80211_bss_color_notify(dev, GFP_KERNEL,
++					 NL80211_CMD_COLOR_CHANGE_COMPLETED,
++					 0, 0);
++}
++
+ #endif /* __NET_CFG80211_H */
+--- a/include/uapi/linux/nl80211.h
++++ b/include/uapi/linux/nl80211.h
+@@ -1185,6 +1185,21 @@
+  *	passed using %NL80211_ATTR_SAR_SPEC. %NL80211_ATTR_WIPHY is used to
+  *	specify the wiphy index to be applied to.
+  *
++ * @NL80211_CMD_OBSS_COLOR_COLLISION: This notification is sent out whenever
++ *	mac80211/drv detects a bss color collision.
++ *
++ * @NL80211_CMD_COLOR_CHANGE_REQUEST: This command is used to indicate that
++ *	userspace wants to change the BSS color.
++ *
++ * @NL80211_CMD_COLOR_CHANGE_STARTED: Notify userland, that a color change has
++ *	started
++ *
++ * @NL80211_CMD_COLOR_CHANGE_ABORTED: Notify userland, that the color change has
++ *	been aborted
++ *
++ * @NL80211_CMD_COLOR_CHANGE_COMPLETED: Notify userland that the color change
++ *	has completed
++ *
+  * @NL80211_CMD_MAX: highest used command number
+  * @__NL80211_CMD_AFTER_LAST: internal use
+  */
+@@ -1417,6 +1432,14 @@ enum nl80211_commands {
+ 
+ 	NL80211_CMD_SET_SAR_SPECS,
+ 
++	NL80211_CMD_OBSS_COLOR_COLLISION,
++
++	NL80211_CMD_COLOR_CHANGE_REQUEST,
++
++	NL80211_CMD_COLOR_CHANGE_STARTED,
++	NL80211_CMD_COLOR_CHANGE_ABORTED,
++	NL80211_CMD_COLOR_CHANGE_COMPLETED,
++
+ 	/* add new commands above here */
+ 
+ 	/* used to define NL80211_CMD_MAX below */
+@@ -2560,6 +2583,16 @@ enum nl80211_commands {
+  *	disassoc events to indicate that an immediate reconnect to the AP
+  *	is desired.
+  *
++ * @NL80211_ATTR_OBSS_COLOR_BITMAP: bitmap of the u64 BSS colors for the
++ *	%NL80211_CMD_OBSS_COLOR_COLLISION event.
++ *
++ * @NL80211_ATTR_COLOR_CHANGE_COUNT: u8 attribute specifying the number of TBTT's
++ *	until the color switch event.
++ * @NL80211_ATTR_COLOR_CHANGE_COLOR: u8 attribute specifying the color that we are
++ *	switching to
++ * @NL80211_ATTR_COLOR_CHANGE_ELEMS: Nested set of attributes containing the IE
++ *	information for the time while performing a color switch.
++ *
+  * @NUM_NL80211_ATTR: total number of nl80211_attrs available
+  * @NL80211_ATTR_MAX: highest attribute number currently defined
+  * @__NL80211_ATTR_AFTER_LAST: internal use
+@@ -3057,6 +3090,12 @@ enum nl80211_attrs {
+ 
+ 	NL80211_ATTR_DISABLE_HE,
+ 
++	NL80211_ATTR_OBSS_COLOR_BITMAP,
++
++	NL80211_ATTR_COLOR_CHANGE_COUNT,
++	NL80211_ATTR_COLOR_CHANGE_COLOR,
++	NL80211_ATTR_COLOR_CHANGE_ELEMS,
++
+ 	/* add attributes here, update the policy in nl80211.c */
+ 
+ 	__NL80211_ATTR_AFTER_LAST,
+@@ -5950,6 +5989,9 @@ enum nl80211_feature_flags {
+  *      frame protection for all management frames exchanged during the
+  *      negotiation and range measurement procedure.
+  *
++ * @NL80211_EXT_FEATURE_BSS_COLOR: The driver supports BSS color collision
++ *	detection and change announcemnts.
++ *
+  * @NUM_NL80211_EXT_FEATURES: number of extended features.
+  * @MAX_NL80211_EXT_FEATURES: highest extended feature index.
+  */
+@@ -6014,6 +6056,7 @@ enum nl80211_ext_feature_index {
+ 	NL80211_EXT_FEATURE_SECURE_LTF,
+ 	NL80211_EXT_FEATURE_SECURE_RTT,
+ 	NL80211_EXT_FEATURE_PROT_RANGE_NEGO_AND_MEASURE,
++	NL80211_EXT_FEATURE_BSS_COLOR,
+ 
+ 	/* add new features before the definition below */
+ 	NUM_NL80211_EXT_FEATURES,
+--- a/net/wireless/nl80211.c
++++ b/net/wireless/nl80211.c
+@@ -753,6 +753,10 @@ static const struct nla_policy nl80211_p
+ 				 NL80211_SAE_PWE_BOTH),
+ 	[NL80211_ATTR_SAR_SPEC] = NLA_POLICY_NESTED(sar_policy),
+ 	[NL80211_ATTR_RECONNECT_REQUESTED] = { .type = NLA_REJECT },
++	[NL80211_ATTR_OBSS_COLOR_BITMAP] = { .type = NLA_U64 },
++	[NL80211_ATTR_COLOR_CHANGE_COUNT] = { .type = NLA_U8 },
++	[NL80211_ATTR_COLOR_CHANGE_COLOR] = { .type = NLA_U8 },
++	[NL80211_ATTR_COLOR_CHANGE_ELEMS] = NLA_POLICY_NESTED(nl80211_policy),
+ };
+ 
+ /* policy for the key attributes */
+@@ -14689,6 +14693,106 @@ bad_tid_conf:
+ 	return ret;
+ }
+ 
++static int nl80211_color_change(struct sk_buff *skb, struct genl_info *info)
++{
++	struct cfg80211_registered_device *rdev = info->user_ptr[0];
++	struct cfg80211_color_change_settings params = {};
++	struct net_device *dev = info->user_ptr[1];
++	struct wireless_dev *wdev = dev->ieee80211_ptr;
++	struct nlattr **tb;
++	u16 offset;
++	int err;
++
++	if (!rdev->ops->color_change)
++		return -EOPNOTSUPP;
++
++	if (!wiphy_ext_feature_isset(&rdev->wiphy,
++				     NL80211_EXT_FEATURE_BSS_COLOR))
++		return -EOPNOTSUPP;
++
++	if (wdev->iftype != NL80211_IFTYPE_AP)
++		return -EOPNOTSUPP;
++
++	if (!info->attrs[NL80211_ATTR_COLOR_CHANGE_COUNT] ||
++	    !info->attrs[NL80211_ATTR_COLOR_CHANGE_COLOR] ||
++	    !info->attrs[NL80211_ATTR_COLOR_CHANGE_ELEMS])
++		return -EINVAL;
++
++	params.count = nla_get_u8(info->attrs[NL80211_ATTR_COLOR_CHANGE_COUNT]);
++	params.color = nla_get_u8(info->attrs[NL80211_ATTR_COLOR_CHANGE_COLOR]);
++
++	err = nl80211_parse_beacon(rdev, info->attrs, &params.beacon_next);
++	if (err)
++		return err;
++
++	tb = kcalloc(NL80211_ATTR_MAX + 1, sizeof(*tb), GFP_KERNEL);
++	if (!tb)
++		return -ENOMEM;
++
++	err = nla_parse_nested(tb, NL80211_ATTR_MAX,
++			       info->attrs[NL80211_ATTR_COLOR_CHANGE_ELEMS],
++			       nl80211_policy, info->extack);
++	if (err)
++		goto out;
++
++	err = nl80211_parse_beacon(rdev, tb, &params.beacon_color_change);
++	if (err)
++		goto out;
++
++	if (!tb[NL80211_ATTR_CNTDWN_OFFS_BEACON]) {
++		err = -EINVAL;
++		goto out;
++	}
++
++	if (nla_len(tb[NL80211_ATTR_CNTDWN_OFFS_BEACON]) != sizeof(u16)) {
++		err = -EINVAL;
++		goto out;
++	}
++
++	offset = nla_get_u16(tb[NL80211_ATTR_CNTDWN_OFFS_BEACON]);
++	if (offset >= params.beacon_color_change.tail_len) {
++		err = -EINVAL;
++		goto out;
++	}
++
++	if (params.beacon_color_change.tail[offset] != params.count) {
++		err = -EINVAL;
++		goto out;
++	}
++
++	params.counter_offset_beacon = offset;
++
++	if (tb[NL80211_ATTR_CNTDWN_OFFS_PRESP]) {
++		if (nla_len(tb[NL80211_ATTR_CNTDWN_OFFS_PRESP]) !=
++		    sizeof(u16)) {
++			err = -EINVAL;
++			goto out;
++		}
++
++		offset = nla_get_u16(tb[NL80211_ATTR_CNTDWN_OFFS_PRESP]);
++		if (offset >= params.beacon_color_change.probe_resp_len) {
++			err = -EINVAL;
++			goto out;
++		}
++
++		if (params.beacon_color_change.probe_resp[offset] !=
++		    params.count) {
++			err = -EINVAL;
++			goto out;
++		}
++
++		params.counter_offset_presp = offset;
++	}
++
++	wdev_lock(wdev);
++	err = rdev_color_change(rdev, dev, &params);
++	wdev_unlock(wdev);
++
++out:
++	kfree(tb);
++	return err;
++}
++
+ #define NL80211_FLAG_NEED_WIPHY		0x01
+ #define NL80211_FLAG_NEED_NETDEV	0x02
+ #define NL80211_FLAG_NEED_RTNL		0x04
+@@ -15770,6 +15874,14 @@ static const struct genl_small_ops nl802
+ 		.internal_flags = NL80211_FLAG_NEED_WIPHY |
+ 				  NL80211_FLAG_NEED_RTNL,
+ 	},
++	{
++		.cmd = NL80211_CMD_COLOR_CHANGE_REQUEST,
++		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
++		.doit = nl80211_color_change,
++		.flags = GENL_UNS_ADMIN_PERM,
++		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
++				  NL80211_FLAG_NEED_RTNL,
++	},
+ };
+ 
+ static struct genl_family nl80211_fam __genl_ro_after_init = {
+@@ -17397,6 +17509,51 @@ void cfg80211_ch_switch_started_notify(s
+ }
+ EXPORT_SYMBOL(cfg80211_ch_switch_started_notify);
+ 
++int cfg80211_bss_color_notify(struct net_device *dev, gfp_t gfp,
++			      enum nl80211_commands cmd, u8 count,
++			      u64 color_bitmap)
++{
++	struct wireless_dev *wdev = dev->ieee80211_ptr;
++	struct wiphy *wiphy = wdev->wiphy;
++	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
++	struct sk_buff *msg;
++	void *hdr;
++
++	ASSERT_WDEV_LOCK(wdev);
++
++	trace_cfg80211_bss_color_notify(dev, cmd, count, color_bitmap);
++
++	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
++	if (!msg)
++		return -ENOMEM;
++
++	hdr = nl80211hdr_put(msg, 0, 0, 0, cmd);
++	if (!hdr)
++		goto nla_put_failure;
++
++	if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex))
++		goto nla_put_failure;
++
++	if (cmd == NL80211_CMD_COLOR_CHANGE_STARTED &&
++	    nla_put_u32(msg, NL80211_ATTR_COLOR_CHANGE_COUNT, count))
++		goto nla_put_failure;
++
++	if (cmd == NL80211_CMD_OBSS_COLOR_COLLISION &&
++	    nla_put_u64_64bit(msg, NL80211_ATTR_OBSS_COLOR_BITMAP,
++			      color_bitmap, NL80211_ATTR_PAD))
++		goto nla_put_failure;
++
++	genlmsg_end(msg, hdr);
++
++	return genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy),
++				       msg, 0, NL80211_MCGRP_MLME, gfp);
++
++nla_put_failure:
++	nlmsg_free(msg);
++	return -EINVAL;
++}
++EXPORT_SYMBOL(cfg80211_bss_color_notify);
++
+ void
+ nl80211_radar_notify(struct cfg80211_registered_device *rdev,
+ 		     const struct cfg80211_chan_def *chandef,
+--- a/net/wireless/rdev-ops.h
++++ b/net/wireless/rdev-ops.h
+@@ -1368,4 +1368,17 @@ static inline int rdev_set_sar_specs(str
+ 	return ret;
+ }
+ 
++static inline int rdev_color_change(struct cfg80211_registered_device *rdev,
++				    struct net_device *dev,
++				    struct cfg80211_color_change_settings *params)
++{
++	int ret;
++
++	trace_rdev_color_change(&rdev->wiphy, dev, params);
++	ret = rdev->ops->color_change(&rdev->wiphy, dev, params);
++	trace_rdev_return_int(&rdev->wiphy, ret);
++
++	return ret;
++}
++
+ #endif /* __CFG80211_RDEV_OPS */
+--- a/net/wireless/trace.h
++++ b/net/wireless/trace.h
+@@ -3570,6 +3570,52 @@ TRACE_EVENT(rdev_set_sar_specs,
+ 		  WIPHY_PR_ARG, __entry->type, __entry->num)
+ );
+ 
++TRACE_EVENT(rdev_color_change,
++	TP_PROTO(struct wiphy *wiphy, struct net_device *netdev,
++		 struct cfg80211_color_change_settings *params),
++	TP_ARGS(wiphy, netdev, params),
++	TP_STRUCT__entry(
++		WIPHY_ENTRY
++		NETDEV_ENTRY
++		__field(u8, count)
++		__field(u16, bcn_ofs)
++		__field(u16, pres_ofs)
++	),
++	TP_fast_assign(
++		WIPHY_ASSIGN;
++		NETDEV_ASSIGN;
++		__entry->count = params->count;
++		__entry->bcn_ofs = params->counter_offset_beacon;
++		__entry->pres_ofs = params->counter_offset_presp;
++	),
++	TP_printk(WIPHY_PR_FMT ", " NETDEV_PR_FMT
++		  ", count: %u",
++		  WIPHY_PR_ARG, NETDEV_PR_ARG,
++		  __entry->count)
++);
++
++TRACE_EVENT(cfg80211_bss_color_notify,
++	TP_PROTO(struct net_device *netdev,
++		 enum nl80211_commands cmd,
++		 u8 count, u64 color_bitmap),
++	TP_ARGS(netdev, cmd, count, color_bitmap),
++	TP_STRUCT__entry(
++		NETDEV_ENTRY
++		__field(enum nl80211_bss_scan_width, cmd)
++		__field(u8, count)
++		__field(u64, color_bitmap)
++	),
++	TP_fast_assign(
++		NETDEV_ASSIGN;
++		__entry->cmd = cmd;
++		__entry->count = count;
++		__entry->color_bitmap = color_bitmap;
++	),
++	TP_printk(NETDEV_PR_FMT ", cmd: %x, count: %u, bitmap: %llx",
++		  NETDEV_PR_ARG, __entry->cmd, __entry->count,
++		  __entry->color_bitmap)
++);
++
+ #endif /* !__RDEV_OPS_TRACE || TRACE_HEADER_MULTI_READ */
+ 
+ #undef TRACE_INCLUDE_PATH

package/kernel/mac80211/patches/subsys/388-mac80211-add-support-for-BSS-color-change.patch

@@ -0,0 +1,524 @@
+From: John Crispin <john@phrozen.org>
+Date: Fri, 2 Jul 2021 19:44:08 +0200
+Subject: [PATCH] mac80211: add support for BSS color change
+
+The color change announcement is very similar to how CSA works where
+we have an IE that includes a counter. When the counter hits 0, the new
+color is applied via an updated beacon.
+
+This patch makes the CSA counter functionality reusable, rather than
+implementing it again. This also allows for future reuse incase support
+for other counter IEs gets added.
+
+Co-developed-by: Lorenzo Bianconi <lorenzo@kernel.org>
+Signed-off-by: Lorenzo Bianconi <lorenzo@kernel.org>
+Signed-off-by: John Crispin <john@phrozen.org>
+Link: https://lore.kernel.org/r/057c1e67b82bee561ea44ce6a45a8462d3da6995.1625247619.git.lorenzo@kernel.org
+Signed-off-by: Johannes Berg <johannes.berg@intel.com>
+---
+
+--- a/include/net/mac80211.h
++++ b/include/net/mac80211.h
+@@ -1710,6 +1710,10 @@ enum ieee80211_offload_flags {
+  *	protected by fq->lock.
+  * @offload_flags: 802.3 -> 802.11 enapsulation offload flags, see
+  *	&enum ieee80211_offload_flags.
++ * @color_change_active: marks whether a color change is ongoing. Internally it is
++ *	write-protected by sdata_lock and local->mtx so holding either is fine
++ *	for read access.
++ * @color_change_color: the bss color that will be used after the change.
+  */
+ struct ieee80211_vif {
+ 	enum nl80211_iftype type;
+@@ -1738,6 +1742,9 @@ struct ieee80211_vif {
+ 
+ 	bool txqs_stopped[IEEE80211_NUM_ACS];
+ 
++	bool color_change_active;
++	u8 color_change_color;
++
+ 	/* must be last */
+ 	u8 drv_priv[] __aligned(sizeof(void *));
+ };
+@@ -4982,6 +4989,16 @@ void ieee80211_csa_finish(struct ieee802
+ bool ieee80211_beacon_cntdwn_is_complete(struct ieee80211_vif *vif);
+ 
+ /**
++ * ieee80211_color_change_finish - notify mac80211 about color change
++ * @vif: &struct ieee80211_vif pointer from the add_interface callback.
++ *
++ * After a color change announcement was scheduled and the counter in this
++ * announcement hits 1, this function must be called by the driver to
++ * notify mac80211 that the color can be changed
++ */
++void ieee80211_color_change_finish(struct ieee80211_vif *vif);
++
++/**
+  * ieee80211_proberesp_get - retrieve a Probe Response template
+  * @hw: pointer obtained from ieee80211_alloc_hw().
+  * @vif: &struct ieee80211_vif pointer from the add_interface callback.
+@@ -6726,6 +6743,18 @@ ieee80211_get_unsol_bcast_probe_resp_tmp
+ 					  struct ieee80211_vif *vif);
+ 
+ /**
++ * ieeee80211_obss_color_collision_notify - notify userland about a BSS color
++ * collision.
++ *
++ * @vif: &struct ieee80211_vif pointer from the add_interface callback.
++ * @color_bitmap: a 64 bit bitmap representing the colors that the local BSS is
++ *	aware of.
++ */
++void
++ieeee80211_obss_color_collision_notify(struct ieee80211_vif *vif,
++				       u64 color_bitmap);
++
++/**
+  * ieee80211_is_tx_data - check if frame is a data frame
+  *
+  * The function is used to check if a frame is a data frame. Frames with
+--- a/net/mac80211/cfg.c
++++ b/net/mac80211/cfg.c
+@@ -827,9 +827,11 @@ static int ieee80211_set_monitor_channel
+ 	return ret;
+ }
+ 
+-static int ieee80211_set_probe_resp(struct ieee80211_sub_if_data *sdata,
+-				    const u8 *resp, size_t resp_len,
+-				    const struct ieee80211_csa_settings *csa)
++static int
++ieee80211_set_probe_resp(struct ieee80211_sub_if_data *sdata,
++			 const u8 *resp, size_t resp_len,
++			 const struct ieee80211_csa_settings *csa,
++			 const struct ieee80211_color_change_settings *cca)
+ {
+ 	struct probe_resp *new, *old;
+ 
+@@ -849,6 +851,8 @@ static int ieee80211_set_probe_resp(stru
+ 		memcpy(new->cntdwn_counter_offsets, csa->counter_offsets_presp,
+ 		       csa->n_counter_offsets_presp *
+ 		       sizeof(new->cntdwn_counter_offsets[0]));
++	else if (cca)
++		new->cntdwn_counter_offsets[0] = cca->counter_offset_presp;
+ 
+ 	rcu_assign_pointer(sdata->u.ap.probe_resp, new);
+ 	if (old)
+@@ -954,7 +958,8 @@ static int ieee80211_set_ftm_responder_p
+ 
+ static int ieee80211_assign_beacon(struct ieee80211_sub_if_data *sdata,
+ 				   struct cfg80211_beacon_data *params,
+-				   const struct ieee80211_csa_settings *csa)
++				   const struct ieee80211_csa_settings *csa,
++				   const struct ieee80211_color_change_settings *cca)
+ {
+ 	struct beacon_data *new, *old;
+ 	int new_head_len, new_tail_len;
+@@ -1003,6 +1008,9 @@ static int ieee80211_assign_beacon(struc
+ 		memcpy(new->cntdwn_counter_offsets, csa->counter_offsets_beacon,
+ 		       csa->n_counter_offsets_beacon *
+ 		       sizeof(new->cntdwn_counter_offsets[0]));
++	} else if (cca) {
++		new->cntdwn_current_counter = cca->count;
++		new->cntdwn_counter_offsets[0] = cca->counter_offset_beacon;
+ 	}
+ 
+ 	/* copy in head */
+@@ -1019,7 +1027,7 @@ static int ieee80211_assign_beacon(struc
+ 			memcpy(new->tail, old->tail, new_tail_len);
+ 
+ 	err = ieee80211_set_probe_resp(sdata, params->probe_resp,
+-				       params->probe_resp_len, csa);
++				       params->probe_resp_len, csa, cca);
+ 	if (err < 0) {
+ 		kfree(new);
+ 		return err;
+@@ -1176,7 +1184,7 @@ static int ieee80211_start_ap(struct wip
+ 	if (ieee80211_hw_check(&local->hw, HAS_RATE_CONTROL))
+ 		sdata->vif.bss_conf.beacon_tx_rate = params->beacon_rate;
+ 
+-	err = ieee80211_assign_beacon(sdata, &params->beacon, NULL);
++	err = ieee80211_assign_beacon(sdata, &params->beacon, NULL, NULL);
+ 	if (err < 0)
+ 		goto error;
+ 	changed |= err;
+@@ -1234,17 +1242,17 @@ static int ieee80211_change_beacon(struc
+ 	sdata = IEEE80211_DEV_TO_SUB_IF(dev);
+ 	sdata_assert_lock(sdata);
+ 
+-	/* don't allow changing the beacon while CSA is in place - offset
++	/* don't allow changing the beacon while a countdown is in place - offset
+ 	 * of channel switch counter may change
+ 	 */
+-	if (sdata->vif.csa_active)
++	if (sdata->vif.csa_active || sdata->vif.color_change_active)
+ 		return -EBUSY;
+ 
+ 	old = sdata_dereference(sdata->u.ap.beacon, sdata);
+ 	if (!old)
+ 		return -ENOENT;
+ 
+-	err = ieee80211_assign_beacon(sdata, params, NULL);
++	err = ieee80211_assign_beacon(sdata, params, NULL, NULL);
+ 	if (err < 0)
+ 		return err;
+ 	ieee80211_bss_info_change_notify(sdata, err);
+@@ -3174,7 +3182,7 @@ static int ieee80211_set_after_csa_beaco
+ 	switch (sdata->vif.type) {
+ 	case NL80211_IFTYPE_AP:
+ 		err = ieee80211_assign_beacon(sdata, sdata->u.ap.next_beacon,
+-					      NULL);
++					      NULL, NULL);
+ 		kfree(sdata->u.ap.next_beacon);
+ 		sdata->u.ap.next_beacon = NULL;
+ 
+@@ -3340,7 +3348,7 @@ static int ieee80211_set_csa_beacon(stru
+ 		csa.n_counter_offsets_presp = params->n_counter_offsets_presp;
+ 		csa.count = params->count;
+ 
+-		err = ieee80211_assign_beacon(sdata, &params->beacon_csa, &csa);
++		err = ieee80211_assign_beacon(sdata, &params->beacon_csa, &csa, NULL);
+ 		if (err < 0) {
+ 			kfree(sdata->u.ap.next_beacon);
+ 			return err;
+@@ -3428,6 +3436,15 @@ static int ieee80211_set_csa_beacon(stru
+ 	return 0;
+ }
+ 
++static void ieee80211_color_change_abort(struct ieee80211_sub_if_data  *sdata)
++{
++	sdata->vif.color_change_active = false;
++	kfree(sdata->u.ap.next_beacon);
++	sdata->u.ap.next_beacon = NULL;
++
++	cfg80211_color_change_aborted_notify(sdata->dev);
++}
++
+ static int
+ __ieee80211_channel_switch(struct wiphy *wiphy, struct net_device *dev,
+ 			   struct cfg80211_csa_settings *params)
+@@ -3496,6 +3513,10 @@ __ieee80211_channel_switch(struct wiphy
+ 		goto out;
+ 	}
+ 
++	/* if there is a color change in progress, abort it */
++	if (sdata->vif.color_change_active)
++		ieee80211_color_change_abort(sdata);
++
+ 	err = ieee80211_set_csa_beacon(sdata, params, &changed);
+ 	if (err) {
+ 		ieee80211_vif_unreserve_chanctx(sdata);
+@@ -4147,6 +4168,196 @@ static int ieee80211_set_sar_specs(struc
+ 	return local->ops->set_sar_specs(&local->hw, sar);
+ }
+ 
++static int
++ieee80211_set_after_color_change_beacon(struct ieee80211_sub_if_data *sdata,
++					u32 *changed)
++{
++	switch (sdata->vif.type) {
++	case NL80211_IFTYPE_AP: {
++		int ret;
++
++		ret = ieee80211_assign_beacon(sdata, sdata->u.ap.next_beacon,
++					      NULL, NULL);
++		kfree(sdata->u.ap.next_beacon);
++		sdata->u.ap.next_beacon = NULL;
++
++		if (ret < 0)
++			return ret;
++
++		*changed |= ret;
++		break;
++	}
++	default:
++		WARN_ON_ONCE(1);
++		return -EINVAL;
++	}
++
++	return 0;
++}
++
++static int
++ieee80211_set_color_change_beacon(struct ieee80211_sub_if_data *sdata,
++				  struct cfg80211_color_change_settings *params,
++				  u32 *changed)
++{
++	struct ieee80211_color_change_settings color_change = {};
++	int err;
++
++	switch (sdata->vif.type) {
++	case NL80211_IFTYPE_AP:
++		sdata->u.ap.next_beacon =
++			cfg80211_beacon_dup(&params->beacon_next);
++		if (!sdata->u.ap.next_beacon)
++			return -ENOMEM;
++
++		if (params->count <= 1)
++			break;
++
++		color_change.counter_offset_beacon =
++			params->counter_offset_beacon;
++		color_change.counter_offset_presp =
++			params->counter_offset_presp;
++		color_change.count = params->count;
++
++		err = ieee80211_assign_beacon(sdata, &params->beacon_color_change,
++					      NULL, &color_change);
++		if (err < 0) {
++			kfree(sdata->u.ap.next_beacon);
++			return err;
++		}
++		*changed |= err;
++		break;
++	default:
++		return -EOPNOTSUPP;
++	}
++
++	return 0;
++}
++
++static void
++ieee80211_color_change_bss_config_notify(struct ieee80211_sub_if_data *sdata,
++					 u8 color, int enable, u32 changed)
++{
++	sdata->vif.bss_conf.he_bss_color.color = color;
++	sdata->vif.bss_conf.he_bss_color.enabled = enable;
++	changed |= BSS_CHANGED_HE_BSS_COLOR;
++
++	ieee80211_bss_info_change_notify(sdata, changed);
++}
++
++static int ieee80211_color_change_finalize(struct ieee80211_sub_if_data *sdata)
++{
++	struct ieee80211_local *local = sdata->local;
++	u32 changed = 0;
++	int err;
++
++	sdata_assert_lock(sdata);
++	lockdep_assert_held(&local->mtx);
++
++	sdata->vif.color_change_active = false;
++
++	err = ieee80211_set_after_color_change_beacon(sdata, &changed);
++	if (err) {
++		cfg80211_color_change_aborted_notify(sdata->dev);
++		return err;
++	}
++
++	ieee80211_color_change_bss_config_notify(sdata,
++						 sdata->vif.color_change_color,
++						 1, changed);
++	cfg80211_color_change_notify(sdata->dev);
++
++	return 0;
++}
++
++void ieee80211_color_change_finalize_work(struct work_struct *work)
++{
++	struct ieee80211_sub_if_data *sdata =
++		container_of(work, struct ieee80211_sub_if_data,
++			     color_change_finalize_work);
++	struct ieee80211_local *local = sdata->local;
++
++	sdata_lock(sdata);
++	mutex_lock(&local->mtx);
++
++	/* AP might have been stopped while waiting for the lock. */
++	if (!sdata->vif.color_change_active)
++		goto unlock;
++
++	if (!ieee80211_sdata_running(sdata))
++		goto unlock;
++
++	ieee80211_color_change_finalize(sdata);
++
++unlock:
++	mutex_unlock(&local->mtx);
++	sdata_unlock(sdata);
++}
++
++void ieee80211_color_change_finish(struct ieee80211_vif *vif)
++{
++	struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
++
++	ieee80211_queue_work(&sdata->local->hw,
++			     &sdata->color_change_finalize_work);
++}
++EXPORT_SYMBOL_GPL(ieee80211_color_change_finish);
++
++void
++ieeee80211_obss_color_collision_notify(struct ieee80211_vif *vif,
++				       u64 color_bitmap)
++{
++	struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
++
++	if (sdata->vif.color_change_active || sdata->vif.csa_active)
++		return;
++
++	cfg80211_obss_color_collision_notify(sdata->dev, color_bitmap);
++}
++EXPORT_SYMBOL_GPL(ieeee80211_obss_color_collision_notify);
++
++static int
++ieee80211_color_change(struct wiphy *wiphy, struct net_device *dev,
++		       struct cfg80211_color_change_settings *params)
++{
++	struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
++	struct ieee80211_local *local = sdata->local;
++	u32 changed = 0;
++	int err;
++
++	sdata_assert_lock(sdata);
++
++	mutex_lock(&local->mtx);
++
++	/* don't allow another color change if one is already active or if csa
++	 * is active
++	 */
++	if (sdata->vif.color_change_active || sdata->vif.csa_active) {
++		err = -EBUSY;
++		goto out;
++	}
++
++	err = ieee80211_set_color_change_beacon(sdata, params, &changed);
++	if (err)
++		goto out;
++
++	sdata->vif.color_change_active = true;
++	sdata->vif.color_change_color = params->color;
++
++	cfg80211_color_change_started_notify(sdata->dev, params->count);
++
++	if (changed)
++		ieee80211_color_change_bss_config_notify(sdata, 0, 0, changed);
++	else
++		/* if the beacon didn't change, we can finalize immediately */
++		ieee80211_color_change_finalize(sdata);
++
++out:
++	mutex_unlock(&local->mtx);
++
++	return err;
++}
++
+ const struct cfg80211_ops mac80211_config_ops = {
+ 	.add_virtual_intf = ieee80211_add_iface,
+ 	.del_virtual_intf = ieee80211_del_iface,
+@@ -4251,4 +4462,5 @@ const struct cfg80211_ops mac80211_confi
+ 	.set_tid_config = ieee80211_set_tid_config,
+ 	.reset_tid_config = ieee80211_reset_tid_config,
+ 	.set_sar_specs = ieee80211_set_sar_specs,
++	.color_change = ieee80211_color_change,
+ };
+--- a/net/mac80211/ieee80211_i.h
++++ b/net/mac80211/ieee80211_i.h
+@@ -248,6 +248,12 @@ struct ieee80211_csa_settings {
+ 	u8 count;
+ };
+ 
++struct ieee80211_color_change_settings {
++	u16 counter_offset_beacon;
++	u16 counter_offset_presp;
++	u8 count;
++};
++
+ struct beacon_data {
+ 	u8 *head, *tail;
+ 	int head_len, tail_len;
+@@ -932,6 +938,8 @@ struct ieee80211_sub_if_data {
+ 	bool csa_block_tx; /* write-protected by sdata_lock and local->mtx */
+ 	struct cfg80211_chan_def csa_chandef;
+ 
++	struct work_struct color_change_finalize_work;
++
+ 	struct list_head assigned_chanctx_list; /* protected by chanctx_mtx */
+ 	struct list_head reserved_chanctx_list; /* protected by chanctx_mtx */
+ 
+@@ -1900,6 +1908,9 @@ void ieee80211_csa_finalize_work(struct
+ int ieee80211_channel_switch(struct wiphy *wiphy, struct net_device *dev,
+ 			     struct cfg80211_csa_settings *params);
+ 
++/* color change handling */
++void ieee80211_color_change_finalize_work(struct work_struct *work);
++
+ /* interface handling */
+ #define MAC80211_SUPPORTED_FEATURES_TX	(NETIF_F_IP_CSUM | NETIF_F_IPV6_CSUM | \
+ 					 NETIF_F_HW_CSUM | NETIF_F_SG | \
+--- a/net/mac80211/iface.c
++++ b/net/mac80211/iface.c
+@@ -465,6 +465,7 @@ static void ieee80211_do_stop(struct iee
+ 	sdata_unlock(sdata);
+ 
+ 	cancel_work_sync(&sdata->csa_finalize_work);
++	cancel_work_sync(&sdata->color_change_finalize_work);
+ 
+ 	cancel_delayed_work_sync(&sdata->dfs_cac_timer_work);
+ 
+@@ -1639,6 +1640,7 @@ static void ieee80211_setup_sdata(struct
+ 	INIT_WORK(&sdata->work, ieee80211_iface_work);
+ 	INIT_WORK(&sdata->recalc_smps, ieee80211_recalc_smps_work);
+ 	INIT_WORK(&sdata->csa_finalize_work, ieee80211_csa_finalize_work);
++	INIT_WORK(&sdata->color_change_finalize_work, ieee80211_color_change_finalize_work);
+ 	INIT_LIST_HEAD(&sdata->assigned_chanctx_list);
+ 	INIT_LIST_HEAD(&sdata->reserved_chanctx_list);
+ 
+--- a/net/mac80211/tx.c
++++ b/net/mac80211/tx.c
+@@ -4802,11 +4802,11 @@ static int ieee80211_beacon_add_tim(stru
+ static void ieee80211_set_beacon_cntdwn(struct ieee80211_sub_if_data *sdata,
+ 					struct beacon_data *beacon)
+ {
++	u8 *beacon_data, count, max_count = 1;
+ 	struct probe_resp *resp;
+-	u8 *beacon_data;
+ 	size_t beacon_data_len;
++	u16 *bcn_offsets;
+ 	int i;
+-	u8 count = beacon->cntdwn_current_counter;
+ 
+ 	switch (sdata->vif.type) {
+ 	case NL80211_IFTYPE_AP:
+@@ -4826,21 +4826,27 @@ static void ieee80211_set_beacon_cntdwn(
+ 	}
+ 
+ 	rcu_read_lock();
+-	for (i = 0; i < IEEE80211_MAX_CNTDWN_COUNTERS_NUM; ++i) {
+-		resp = rcu_dereference(sdata->u.ap.probe_resp);
++	resp = rcu_dereference(sdata->u.ap.probe_resp);
+ 
+-		if (beacon->cntdwn_counter_offsets[i]) {
+-			if (WARN_ON_ONCE(beacon->cntdwn_counter_offsets[i] >=
+-					 beacon_data_len)) {
++	bcn_offsets = beacon->cntdwn_counter_offsets;
++	count = beacon->cntdwn_current_counter;
++	if (sdata->vif.csa_active)
++		max_count = IEEE80211_MAX_CNTDWN_COUNTERS_NUM;
++
++	for (i = 0; i < max_count; ++i) {
++		if (bcn_offsets[i]) {
++			if (WARN_ON_ONCE(bcn_offsets[i] >= beacon_data_len)) {
+ 				rcu_read_unlock();
+ 				return;
+ 			}
+-
+-			beacon_data[beacon->cntdwn_counter_offsets[i]] = count;
++			beacon_data[bcn_offsets[i]] = count;
+ 		}
+ 
+-		if (sdata->vif.type == NL80211_IFTYPE_AP && resp)
+-			resp->data[resp->cntdwn_counter_offsets[i]] = count;
++		if (sdata->vif.type == NL80211_IFTYPE_AP && resp) {
++			u16 *resp_offsets = resp->cntdwn_counter_offsets;
++
++			resp->data[resp_offsets[i]] = count;
++		}
+ 	}
+ 	rcu_read_unlock();
+ }
+@@ -5050,6 +5056,7 @@ __ieee80211_beacon_get(struct ieee80211_
+ 			if (offs) {
+ 				offs->tim_offset = beacon->head_len;
+ 				offs->tim_length = skb->len - beacon->head_len;
++				offs->cntdwn_counter_offs[0] = beacon->cntdwn_counter_offsets[0];
+ 
+ 				/* for AP the csa offsets are from tail */
+ 				csa_off_base = skb->len;