OpenWrt v21.02.4: adjust config defaults

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
firmware: intel-microcode: update to 20220809
2022-10-09 19:13:29 +02:00 · 2022-10-09 17:43:41 +02:00 · 2022-10-09 16:31:48 +02:00 · 2022-10-09 16:31:41 +02:00 · 2022-10-09 16:31:30 +02:00 · 2022-10-05 22:21:18 +02:00
882 changed files with 22830 additions and 6093 deletions
--- a/2
+++ b/2
@@ -14,7 +14,7 @@ $(if $(findstring $(space),$(TOPDIR)),$(error ERROR: The path to the OpenWrt dir

 world:

-DISTRO_PKG_CONFIG:=$(shell which -a pkg-config | grep -E '\/usr' | head -n 1)
+DISTRO_PKG_CONFIG:=$(shell which -a pkg-config | grep '/usr' | head -n 1)
 export PATH:=$(TOPDIR)/staging_dir/host/bin:$(PATH)

 ifneq ($(OPENWRT_BUILD),1)
--- a/config/Config-build.in
+++ b/config/Config-build.in
@@ -58,6 +58,10 @@ menu "Global build settings"
 		bool "Enable signature checking in opkg"
 		default SIGNED_PACKAGES

+	config DOWNLOAD_CHECK_CERTIFICATE
+		bool "Enable TLS certificate verification during package download"
+		default y
+
 	comment "General build options"

 	config TESTING_KERNEL
--- a/config/Config-devel.in
+++ b/config/Config-devel.in
@@ -74,6 +74,11 @@ menuconfig DEVEL
 		  Store ccache in this directory.
 		  If not set, uses './.ccache'

+	config KERNEL_CFLAGS
+		string "Kernel extra CFLAGS" if DEVEL
+		default "-falign-functions=32" if TARGET_bcm53xx
+		default ""
+
 	config EXTERNAL_KERNEL_TREE
 		string "Use external kernel tree" if DEVEL
 		default ""
--- a/feeds.conf.default
+++ b/feeds.conf.default
@@ -1,4 +1,4 @@
-src-git packages https://git.openwrt.org/feed/packages.git^ded142471e36831d2af63c7fe5062c4367f8ccd2
-src-git luci https://git.openwrt.org/project/luci.git^d24760e60a83b63f316c7b186e30636b5baa5481
-src-git routing https://git.openwrt.org/feed/routing.git^9e7698f20d1edf8f912fbce2f21400f3cc772b31
-src-git telephony https://git.openwrt.org/feed/telephony.git^ed2719867150a9bfc85bf41dff52ef8443820f2a
+src-git-full packages https://git.openwrt.org/feed/packages.git^82629531b73b21b63d0d820419c419019ef96830
+src-git-full luci https://git.openwrt.org/project/luci.git^3923199f8e0e746929a8804c43f9064283b9f785
+src-git-full routing https://git.openwrt.org/feed/routing.git^25e76489c83cfcee61e36a491896e1e9bfc3ec13
+src-git-full telephony https://git.openwrt.org/feed/telephony.git^89cc8fccf757614eac1d45a684f4971393e0d984
--- a/include/kernel-version.mk
+++ b/include/kernel-version.mk
@@ -6,9 +6,9 @@ ifdef CONFIG_TESTING_KERNEL
  KERNEL_PATCHVER:=$(KERNEL_TESTING_PATCHVER)
 endif

-LINUX_VERSION-5.4 = .154
+LINUX_VERSION-5.4 = .215

-LINUX_KERNEL_HASH-5.4.154 = 058994f4666b6b0474a4d5228583e394594e406783b7e93d487c2a66c35f3c06
+LINUX_KERNEL_HASH-5.4.215 = 2d2bf7c3a25297f2b4686aa50a7cdaac68b52fc4c81b2cd3dddfe9f592b34ebd

 remove_uri_prefix=$(subst git://,,$(subst http://,,$(subst https://,,$(1))))
 sanitize_uri=$(call qstrip,$(subst @,_,$(subst :,_,$(subst .,_,$(subst -,_,$(subst /,_,$(1)))))))
--- a/include/kernel.mk
+++ b/include/kernel.mk
@@ -101,7 +101,7 @@ endif
 KERNEL_MAKE = $(MAKE) $(KERNEL_MAKEOPTS)

 KERNEL_MAKE_FLAGS = \
-	KCFLAGS="$(call iremap,$(BUILD_DIR),$(notdir $(BUILD_DIR)))" \
+	KCFLAGS="$(call iremap,$(BUILD_DIR),$(notdir $(BUILD_DIR))) $(filter-out -fno-plt,$(call qstrip,$(CONFIG_EXTRA_OPTIMIZATION))) $(call qstrip,$(CONFIG_KERNEL_CFLAGS))" \
 	HOSTCFLAGS="$(HOST_CFLAGS) -Wall -Wmissing-prototypes -Wstrict-prototypes" \
 	CROSS_COMPILE="$(KERNEL_CROSS)" \
 	ARCH="$(LINUX_KARCH)" \
--- a/include/prereq-build.mk
+++ b/include/prereq-build.mk
@@ -153,22 +153,24 @@ $(eval $(call SetupHostCommand,perl,Please install Perl 5.x, \
 $(eval $(call CleanupPython2))

 $(eval $(call SetupHostCommand,python,Please install Python >= 3.5, \
+	python3.11 -V 2>&1 | grep 'Python 3', \
 	python3.10 -V 2>&1 | grep 'Python 3', \
 	python3.9 -V 2>&1 | grep 'Python 3', \
 	python3.8 -V 2>&1 | grep 'Python 3', \
 	python3.7 -V 2>&1 | grep 'Python 3', \
 	python3.6 -V 2>&1 | grep 'Python 3', \
 	python3.5 -V 2>&1 | grep 'Python 3', \
-	python3 -V 2>&1 | grep -E 'Python 3\.([5-9]|10)\.?'))
+	python3 -V 2>&1 | grep -E 'Python 3\.([5-9]|[0-9][0-9])\.?'))

 $(eval $(call SetupHostCommand,python3,Please install Python >= 3.5, \
+	python3.11 -V 2>&1 | grep 'Python 3', \
 	python3.10 -V 2>&1 | grep 'Python 3', \
 	python3.9 -V 2>&1 | grep 'Python 3', \
 	python3.8 -V 2>&1 | grep 'Python 3', \
 	python3.7 -V 2>&1 | grep 'Python 3', \
 	python3.6 -V 2>&1 | grep 'Python 3', \
 	python3.5 -V 2>&1 | grep 'Python 3', \
-	python3 -V 2>&1 | grep -E 'Python 3\.([5-9]|10)\.?'))
+	python3 -V 2>&1 | grep -E 'Python 3\.([5-9]|[0-9][0-9])\.?'))

 $(eval $(call TestHostCommand,python3-distutils, \
 	Please install the Python3 distutils module, \
@@ -192,9 +194,11 @@ $(STAGING_DIR_HOST)/bin/mkhash: $(SCRIPT_DIR)/mkhash.c
 	mkdir -p $(dir $@)
 	$(CC) -O2 -I$(TOPDIR)/tools/include -o $@ $<

-prereq: $(STAGING_DIR_HOST)/bin/mkhash
+$(STAGING_DIR_HOST)/bin/xxd: $(SCRIPT_DIR)/xxdi.pl
+	$(LN) $< $@
+
+prereq: $(STAGING_DIR_HOST)/bin/mkhash $(STAGING_DIR_HOST)/bin/xxd

 # Install ldconfig stub
 $(eval $(call TestHostCommand,ldconfig-stub,Failed to install stub, \
-	touch $(STAGING_DIR_HOST)/bin/ldconfig && \
-	chmod +x $(STAGING_DIR_HOST)/bin/ldconfig))
+	$(LN) /bin/true $(STAGING_DIR_HOST)/bin/ldconfig))
--- a/include/u-boot.mk
+++ b/include/u-boot.mk
@@ -44,6 +44,7 @@ TARGET_DEP = TARGET_$(BUILD_TARGET)$(if $(BUILD_SUBTARGET),_$(BUILD_SUBTARGET))
 UBOOT_MAKE_FLAGS = \
 	HOSTCC="$(HOSTCC)" \
 	HOSTCFLAGS="$(HOST_CFLAGS) $(HOST_CPPFLAGS) -std=gnu11" \
+	LOCALVERSION="-OpenWrt-$(REVISION)" \
 	HOSTLDFLAGS="$(HOST_LDFLAGS)"

 define Build/U-Boot/Target
--- a/include/version.mk
+++ b/include/version.mk
@@ -23,13 +23,13 @@ PKG_CONFIG_DEPENDS += \
 sanitize = $(call tolower,$(subst _,-,$(subst $(space),-,$(1))))

 VERSION_NUMBER:=$(call qstrip,$(CONFIG_VERSION_NUMBER))
-VERSION_NUMBER:=$(if $(VERSION_NUMBER),$(VERSION_NUMBER),21.02.1)
+VERSION_NUMBER:=$(if $(VERSION_NUMBER),$(VERSION_NUMBER),21.02.4)

 VERSION_CODE:=$(call qstrip,$(CONFIG_VERSION_CODE))
-VERSION_CODE:=$(if $(VERSION_CODE),$(VERSION_CODE),r16325-88151b8303)
+VERSION_CODE:=$(if $(VERSION_CODE),$(VERSION_CODE),r16685-82ebc173b3)

 VERSION_REPO:=$(call qstrip,$(CONFIG_VERSION_REPO))
-VERSION_REPO:=$(if $(VERSION_REPO),$(VERSION_REPO),https://downloads.openwrt.org/releases/21.02.1)
+VERSION_REPO:=$(if $(VERSION_REPO),$(VERSION_REPO),https://downloads.openwrt.org/releases/21.02.4)

 VERSION_DIST:=$(call qstrip,$(CONFIG_VERSION_DIST))
 VERSION_DIST:=$(if $(VERSION_DIST),$(VERSION_DIST),OpenWrt)
--- a/package/Makefile
+++ b/package/Makefile
@@ -66,8 +66,10 @@ $(curdir)/install: $(TMP_DIR)/.build $(curdir)/merge $(if $(CONFIG_TARGET_PER_DE
 	- find $(STAGING_DIR_ROOT) -type d | $(XARGS) chmod 0755
 	rm -rf $(TARGET_DIR) $(TARGET_DIR_ORIG)
 	mkdir -p $(TARGET_DIR)/tmp
-	$(call opkg,$(TARGET_DIR)) install \
-		$(call opkg_package_files,$(foreach pkg,$(shell cat $(PACKAGE_INSTALL_FILES) 2>/dev/null),$(pkg)$(call GetABISuffix,$(pkg))))
+	$(file >$(TMP_DIR)/opkg_install_list,\
+	  $(call opkg_package_files,\
+	    $(foreach pkg,$(shell cat $(PACKAGE_INSTALL_FILES) 2>/dev/null),$(pkg)$(call GetABISuffix,$(pkg)))))
+	$(call opkg,$(TARGET_DIR)) install $$(cat $(TMP_DIR)/opkg_install_list)
 	@for file in $(PACKAGE_INSTALL_FILES); do \
 		[ -s $$file.flags ] || continue; \
 		for flag in `cat $$file.flags`; do \
--- a/package/base-files/files/etc/init.d/boot
+++ b/package/base-files/files/etc/init.d/boot
@@ -21,9 +21,10 @@ boot() {
 	[ -f /proc/mounts ] || /sbin/mount_root
 	[ -f /proc/jffs2_bbc ] && echo "S" > /proc/jffs2_bbc

-	mkdir -p /var/run
-	mkdir -p /var/log
 	mkdir -p /var/lock
+	chmod 1777 /var/lock
+	mkdir -p /var/log
+	mkdir -p /var/run
 	mkdir -p /var/state
 	mkdir -p /var/tmp
 	mkdir -p /tmp/.uci
@@ -47,6 +48,7 @@ boot() {

 	/bin/config_generate
 	uci_apply_defaults
+	sync
 	
 	# temporary hack until configd exists
 	/sbin/reload_config
--- a/package/base-files/files/etc/rc.common
+++ b/package/base-files/files/etc/rc.common
@@ -100,9 +100,9 @@ service_data() {
 }

 service_running() {
-	local service="${1:-$(basename $initscript)}"
-	local instance="${2:-*}"
-	procd_running "$service" "$instance" "$@"
+	local instance="${1:-*}"
+
+	procd_running "$(basename $initscript)" "$instance"
 }

 ${INIT_TRACE:+set -x}
--- a/package/base-files/files/lib/functions/uci-defaults.sh
+++ b/package/base-files/files/lib/functions/uci-defaults.sh
@@ -418,6 +418,15 @@ ucidef_set_led_default() {
 	json_select ..
 }

+ucidef_set_led_heartbeat() {
+	_ucidef_set_led_common "$1" "$2" "$3"
+
+	json_add_string trigger heartbeat
+	json_select ..
+
+	json_select ..
+}
+
 ucidef_set_led_gpio() {
 	local gpio="$4"
 	local inverted="$5"
--- a/package/base-files/files/lib/upgrade/common.sh
+++ b/package/base-files/files/lib/upgrade/common.sh
@@ -267,7 +267,7 @@ get_partitions() { # <device> <filename>
 				local type="$1"
 				local lba="$(( $(hex_le32_to_cpu $4) * 0x100000000 + $(hex_le32_to_cpu $3) ))"
 				local end="$(( $(hex_le32_to_cpu $6) * 0x100000000 + $(hex_le32_to_cpu $5) ))"
-				local num="$(( $end - $lba ))"
+				local num="$(( $end - $lba + 1 ))"

 				[ "$type" = "00000000000000000000000000000000" ] && continue

--- a/package/base-files/image-config.in
+++ b/package/base-files/image-config.in
@@ -183,7 +183,7 @@ if VERSIONOPT
 	config VERSION_REPO
 		string
 		prompt "Release repository"
-		default "https://downloads.openwrt.org/releases/21.02.1"
+		default "https://downloads.openwrt.org/releases/21.02.4"
 		help
 			This is the repository address embedded in the image, it defaults
 			to the trunk snapshot repo; the url may contain the following placeholders:
--- a/package/boot/arm-trusted-firmware-bcm63xx/Makefile
+++ b/package/boot/arm-trusted-firmware-bcm63xx/Makefile
@@ -0,0 +1,42 @@
+# SPDX-License-Identifier: GPL-2.0
+
+include $(TOPDIR)/rules.mk
+
+PKG_VERSION:=2.2
+PKG_RELEASE:=$(AUTORELEASE)
+
+PKG_SOURCE_PROTO:=git
+PKG_SOURCE_URL=$(PROJECT_GIT)/project/bcm63xx/atf.git
+PKG_SOURCE_DATE:=2021-12-24
+PKG_SOURCE_VERSION:=e6d46baf3fae79f693f90bf34f7284c3dfc64aef
+PKG_MIRROR_HASH:=9d5d04f572b1b6ddc6eb3064b9cb09f5fe982e82d350790041d35316349af124
+
+PKG_MAINTAINER:=Rafał Miłecki <rafal@milecki.pl>
+
+include $(INCLUDE_DIR)/trusted-firmware-a.mk
+include $(INCLUDE_DIR)/package.mk
+
+define Trusted-Firmware-A/Default
+  PLAT:=bcm
+  DEFAULT:=y
+endef
+
+define Trusted-Firmware-A/bcm4908
+  BUILD_TARGET:=bcm4908
+  NAME:=BCM4908
+  BRCM_CHIP=4908
+  TFA_IMAGE:=bl31.bin
+endef
+
+TFA_TARGETS:= \
+	bcm4908
+
+TFA_MAKE_FLAGS += \
+	BRCM_CHIP=$(BRCM_CHIP)
+
+define Package/trusted-firmware-a/install
+	$(INSTALL_DIR) $(STAGING_DIR_IMAGE)
+	$(INSTALL_DATA) $(PKG_BUILD_DIR)/build/$(PLAT)/release/$(TFA_IMAGE) $(STAGING_DIR_IMAGE)/
+endef
+
+$(eval $(call BuildPackage/Trusted-Firmware-A))
--- a/package/boot/uboot-bcm4908/Makefile
+++ b/package/boot/uboot-bcm4908/Makefile
@@ -0,0 +1,56 @@
+# SPDX-License-Identifier: GPL-2.0-or-later
+
+include $(TOPDIR)/rules.mk
+include $(INCLUDE_DIR)/kernel.mk
+
+PKG_RELEASE:=$(AUTORELEASE)
+
+PKG_SOURCE_PROTO:=git
+PKG_SOURCE_URL:=https://git.openwrt.org/project/bcm63xx/u-boot.git
+PKG_SOURCE_DATE:=2022-03-15
+PKG_SOURCE_VERSION:=0625aad74d1f5b6f9c068955ad3fd7f6df635e50
+PKG_MIRROR_HASH:=0602e0e4f101ead206940eccca832b75191905c1e81290340a89b07dbee7a6ce
+
+include $(INCLUDE_DIR)/u-boot.mk
+include $(INCLUDE_DIR)/package.mk
+
+define U-Boot/Default
+  BUILD_TARGET:=bcm4908
+  UBOOT_IMAGE:=u-boot-nodtb.bin
+  DEFAULT:=y
+endef
+
+define U-Boot/bcm4908
+  NAME:=Broadcom's BCM4908
+  UBOOT_CONFIG:=bcm94908
+  SOC:=bcm4908
+endef
+
+define U-Boot/bcm4912
+  NAME:=Broadcom's BCM4912
+  UBOOT_CONFIG:=bcm94912
+  SOC:=bcm4912
+endef
+
+UBOOT_TARGETS := \
+	bcm4908 \
+	bcm4912
+
+define Build/Prepare
+	$(call Build/Prepare/Default)
+	mkdir -p $(PKG_BUILD_DIR)/include/generated/
+	( cd $(PKG_BUILD_DIR)/board/broadcom/bcmbca/httpd/html/ && \
+	  $(STAGING_DIR_HOST)/bin/xxd -i index.html > ../../../../../include/generated/index.h && \
+	  $(STAGING_DIR_HOST)/bin/xxd -i flashing.html > ../../../../../include/generated/flashing.h && \
+	  $(STAGING_DIR_HOST)/bin/xxd -i fail.html > ../../../../../include/generated/fail.h && \
+	  $(STAGING_DIR_HOST)/bin/xxd -i 404.html > ../../../../../include/generated/404.h )
+endef
+
+define Build/InstallDev
+	$(INSTALL_DIR) $(STAGING_DIR_IMAGE)/u-boot
+	$(INSTALL_BIN) $(PKG_BUILD_DIR)/$(UBOOT_IMAGE) $(STAGING_DIR_IMAGE)/u-boot/u-boot-$(SOC).bin
+	$(INSTALL_BIN) $(PKG_BUILD_DIR)/u-boot.dtb $(STAGING_DIR_IMAGE)/u-boot/u-boot-$(SOC).dtb
+	$(INSTALL_BIN) $(PKG_BUILD_DIR)/arch/arm/dts/*.dtb $(STAGING_DIR_IMAGE)/u-boot/
+endef
+
+$(eval $(call BuildPackage/U-Boot))
--- a/package/boot/uboot-bcm4908/patches/100-check-config-allow-to-complete-build-even-with-ad-ho.patch
+++ b/package/boot/uboot-bcm4908/patches/100-check-config-allow-to-complete-build-even-with-ad-ho.patch
@@ -0,0 +1,40 @@
+From: Masahiro Yamada <yamada.masahiro@socionext.com>
+Date: Mon, 26 Sep 2016 13:05:02 +0900
+Subject: [PATCH] check-config: allow to complete build even with ad-hoc CONFIG
+ options
+
+Currently, the check-config.sh terminates the build when unknown
+ad-hoc options are detected.  I think it is too much because we may
+want to patch config headers locally in a build/deployment project.
+
+So, let's relax check-config.sh to just warn even if it detects
+options that are not in the whitelist.  Instead, this check can be
+done at the end of build, along with other checks.  It will catch
+more attention.
+
+Even with this change, the Buildman tool catches new warnings,
+so Tom can give NACK to new ad-hoc options.
+
+Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
+---
+ scripts/check-config.sh | 3 +--
+ 1 file changed, 1 insertion(+), 2 deletions(-)
+
+--- a/scripts/check-config.sh
+++ b/scripts/check-config.sh
+@@ -50,14 +50,13 @@ cat `find ${srctree} -name "Kconfig*"` |sed -n \
+ 	|sort |uniq > ${ok}
+ comm -23 ${suspects} ${ok} >${new_adhoc}
+ if [ -s ${new_adhoc} ]; then
+-	echo >&2 "Error: You must add new CONFIG options using Kconfig"
+	echo >&2 "Warning: You must add new CONFIG options using Kconfig"
+ 	echo >&2 "The following new ad-hoc CONFIG options were detected:"
+ 	cat >&2 ${new_adhoc}
+ 	echo >&2
+ 	echo >&2 "Please add these via Kconfig instead. Find a suitable Kconfig"
+ 	echo >&2 "file and add a 'config' or 'menuconfig' option."
+ 	# Don't delete the temporary files in case they are useful
+-	exit 1
+ else
+ 	rm ${suspects} ${ok} ${new_adhoc}
+ fi
--- a/package/boot/uboot-bcm4908/patches/101-tools-fix-mkimage-static-compilation.patch
+++ b/package/boot/uboot-bcm4908/patches/101-tools-fix-mkimage-static-compilation.patch
@@ -0,0 +1,24 @@
+From 8efe417aa9de654425cc01d0fc93be355a3f648d Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Rafa=C5=82=20Mi=C5=82ecki?= <rafal@milecki.pl>
+Date: Wed, 13 Oct 2021 11:04:45 +0200
+Subject: [PATCH] tools: fix mkimage static compilation
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
+---
+ tools/Makefile | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/tools/Makefile
+++ b/tools/Makefile
+@@ -157,7 +157,7 @@ ifneq ($(CONFIG_MX23)$(CONFIG_MX28)$(CON
+ HOSTCFLAGS_kwbimage.o += \
+ 	$(shell pkg-config --cflags libssl libcrypto 2> /dev/null || echo "")
+ HOSTLOADLIBES_mkimage += \
+-	$(shell pkg-config --libs libssl libcrypto 2> /dev/null || echo "-lssl -lcrypto")
+	$(shell pkg-config --libs --static libssl libcrypto 2> /dev/null || echo "-lssl -lcrypto -lpthread")
+ 
+ # OS X deprecate openssl in favour of CommonCrypto, supress deprecation
+ # warnings on those systems
--- a/package/boot/uboot-bcm4908/patches/200-configs-bcm94908-unset-CONFIG_SPL.patch
+++ b/package/boot/uboot-bcm4908/patches/200-configs-bcm94908-unset-CONFIG_SPL.patch
@@ -0,0 +1,50 @@
+From: =?UTF-8?q?Rafa=C5=82=20Mi=C5=82ecki?= <rafal@milecki.pl>
+Date: Fri, 4 Mar 2022 09:21:32 +0100
+Subject: [PATCH] configs: bcm94908: unset CONFIG_SPL
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Compiling SPL is always tricky as it needs to fit limited resources.
+Fortunately in most cases there is no need to replace SPL or TPL while
+flashing a new firmware.
+
+Compiling SPL for BCM4908 seems to fail with non-Broadcom toolchain:
+aarch64-openwrt-linux-musl-ld.bfd: u-boot-spl section `.u_boot_list' will not fit in region `.sram'
+aarch64-openwrt-linux-musl-ld.bfd: section .bss VMA [00000000822b9000,00000000822b93ef] overlaps section .u_boot_list VMA [00000000822b8f60,00000000822b9a87]
+aarch64-openwrt-linux-musl-ld.bfd: region `.sram' overflowed by 2696 bytes
+
+It also requires hashtable.h which has to be generated using some
+Broadcom's custom perl script that isn't integrated as this point.
+
+For now just disable SPL and use only last-stage U-Boot that must be
+shipped with every firmware.
+
+Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
+---
+ configs/bcm94908_defconfig | 2 +-
+ configs/bcm94912_defconfig | 2 +-
+ 2 files changed, 2 insertions(+), 2 deletions(-)
+
+--- a/configs/bcm94908_defconfig
+++ b/configs/bcm94908_defconfig
+@@ -21,7 +21,7 @@ CONFIG_SPL_SERIAL_SUPPORT=y
+ CONFIG_TPL_LIBCOMMON_SUPPORT=y
+ CONFIG_TPL_LIBGENERIC_SUPPORT=y
+ CONFIG_NR_DRAM_BANKS=1
+-CONFIG_SPL=y
+# CONFIG_SPL is not set
+ CONFIG_SPL_LIBDISK_SUPPORT=y
+ CONFIG_ENV_VARS_UBOOT_CONFIG=y
+ CONFIG_TPL_SYS_MALLOC_F_LEN=0x11000
+--- a/configs/bcm94912_defconfig
+++ b/configs/bcm94912_defconfig
+@@ -22,7 +22,7 @@ CONFIG_TPL_LIBCOMMON_SUPPORT=y
+ CONFIG_TPL_LIBGENERIC_SUPPORT=y
+ CONFIG_SPL_SYS_MALLOC_F_LEN=0x2000
+ CONFIG_NR_DRAM_BANKS=2
+-CONFIG_SPL=y
+# CONFIG_SPL is not set
+ CONFIG_SPL_LIBDISK_SUPPORT=y
+ CONFIG_ENV_VARS_UBOOT_CONFIG=y
+ CONFIG_TPL_SYS_MALLOC_F_LEN=0x10000
--- a/package/boot/uboot-bcm4908/patches/201-Assume-TPL-support-for-ATF-when-compiling-U-Boot-wit.patch
+++ b/package/boot/uboot-bcm4908/patches/201-Assume-TPL-support-for-ATF-when-compiling-U-Boot-wit.patch
@@ -0,0 +1,67 @@
+From: =?UTF-8?q?Rafa=C5=82=20Mi=C5=82ecki?= <rafal@milecki.pl>
+Date: Fri, 4 Mar 2022 09:23:34 +0100
+Subject: [PATCH] Assume TPL support for ATF when compiling U-Boot without TPL
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Broadcom's U-Boot behaviour depends on compilation time check whether
+TPL was compiled with or without ATF support. There is no proper runtime
+check.
+
+When compiling just U-Boot (without SPL & TPL) there is no way to tell
+if it's going to work with TPL with or without ATF support.
+
+Modify code to blindly assume ATF support in TPL in such cases. It seems
+to be always true for Broadcom and we need some assumption as we don't
+deal with compiling SPL or TPL.
+
+Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
+---
+ arch/arm/mach-bcmbca/bcm4908/cpu.c | 2 +-
+ arch/arm/mach-bcmbca/bcm4912/cpu.c | 2 +-
+ board/broadcom/bcmbca/board.c      | 4 ++--
+ 3 files changed, 4 insertions(+), 4 deletions(-)
+
+--- a/arch/arm/mach-bcmbca/bcm4908/cpu.c
+++ b/arch/arm/mach-bcmbca/bcm4908/cpu.c
+@@ -138,7 +138,7 @@ int get_nr_cpus()
+ 	return nr_cpus;
+ }
+ 
+-#if !defined(CONFIG_TPL_ATF)
+#if defined(CONFIG_TPL) && !defined(CONFIG_TPL_ATF)
+ void boot_secondary_cpu(unsigned long vector)
+ {
+ 	uint32_t cpu, nr_cpus = QUAD_CPUS;
+--- a/arch/arm/mach-bcmbca/bcm4912/cpu.c
+++ b/arch/arm/mach-bcmbca/bcm4912/cpu.c
+@@ -174,7 +174,7 @@ int bcmbca_get_boot_device(void)
+ 	return BOOT_DEVICE_NONE;
+ }
+ 
+-#if !defined(CONFIG_TPL_ATF)
+#if defined(CONFIG_TPL) && !defined(CONFIG_TPL_ATF)
+ void boot_secondary_cpu(unsigned long vector)
+ {
+ 	uint32_t cpu, nr_cpus = 4;
+--- a/board/broadcom/bcmbca/board.c
+++ b/board/broadcom/bcmbca/board.c
+@@ -103,7 +103,7 @@ void board_spinor_init(void)
+ 
+ int board_init(void)
+ {
+-#if !defined(CONFIG_TPL_ATF)
+#if defined(CONFIG_TPL) && !defined(CONFIG_TPL_ATF)
+ 	unsigned long vector;
+ #endif
+ 	board_sdk_init_e();
+@@ -121,7 +121,7 @@ int board_init(void)
+ 	printf("$Uboot: "BUILD_TAG" $\n");
+ #endif
+ 
+-#if !defined(CONFIG_TPL_ATF)
+#if defined(CONFIG_TPL) && !defined(CONFIG_TPL_ATF)
+ #if defined(CONFIG_ARM64)
+ 	vector  = (unsigned long)&_start;
+ #else
--- a/package/boot/uboot-envtools/files/ath79
+++ b/package/boot/uboot-envtools/files/ath79
@@ -61,6 +61,8 @@ samsung,wam250|\
 ubnt,nanostation-m|\
 yuncore,a770|\
 yuncore,a782|\
+yuncore,a930|\
+yuncore,xd3200|\
 yuncore,xd4200|\
 zyxel,nbg6616)
 	ubootenv_add_uci_config "/dev/mtd1" "0x0" "0x10000" "0x10000"
--- a/package/boot/uboot-envtools/files/mvebu
+++ b/package/boot/uboot-envtools/files/mvebu
@@ -18,7 +18,10 @@ buffalo,ls421de)
 	ubootenv_add_uci_config "/dev/mtd3" "0x0" "0x10000"
 	;;
 cznic,turris-omnia)
-	if grep -q 'U-Boot 2015.10-rc2' /dev/mtd0; then
+	idx="$(find_mtd_index u-boot-env)"
+	if [ -n "$idx" ]; then
+		ubootenv_add_uci_config "/dev/mtd${idx}" "0x0" "0x10000" "0x10000"
+	elif grep -q 'U-Boot 2015.10-rc2' /dev/mtd0; then
 		ubootenv_add_uci_config "/dev/mtd0" "0xc0000" "0x10000" "0x40000"
 	else
 		ubootenv_add_uci_config "/dev/mtd0" "0xf0000" "0x10000" "0x10000"
--- a/package/boot/uboot-envtools/files/ramips
+++ b/package/boot/uboot-envtools/files/ramips
@@ -18,12 +18,14 @@ alfa-network,awusfree1|\
 alfa-network,quad-e4g|\
 alfa-network,r36m-e4g|\
 alfa-network,tube-e4g|\
-engenius,esr600h)
+engenius,esr600h|\
+sitecom,wlr-4100-v1-002)
 	ubootenv_add_uci_config "/dev/mtd1" "0x0" "0x1000" "0x1000"
 	;;
 allnet,all0256n-4m|\
 allnet,all0256n-8m|\
-allnet,all5002)
+allnet,all5002|\
+yuncore,ax820)
 	ubootenv_add_uci_config "/dev/mtd1" "0x0" "0x10000" "0x10000"
 	;;
 ampedwireless,ally-00x19k|\
--- a/package/boot/uboot-lantiq/patches/0030-lzma-force-8bit-reads.patch
+++ b/package/boot/uboot-lantiq/patches/0030-lzma-force-8bit-reads.patch
@@ -0,0 +1,57 @@
+From a40a6e16ed76e5e26a0f60226b64c311d4a62c9f Mon Sep 17 00:00:00 2001
+From: Mathias Kresin <dev@kresin.me>
+Date: Sun, 31 Oct 2021 23:04:54 +0100
+Subject: [PATCH] lzma: force 8bit reads
+
+At least since gcc 7.3.0 (OpenWrt 18.06) lwr/lwl are used in the
+assembly of LzmaProps_Decode. While the decission made by the compiler
+looks perfect fine, it triggers some obscure hang on lantiq danube-s
+v1.5 with MX29LV640EB NOR flash chips.
+
+Only if the offset 1 is used, the hang can be observed. Using any other
+offset works fine:
+
+  lwl s0,0(a1) - s0 == 0x6d000080
+  lwl s0,1(a1) - hangs
+  lwl s0,2(a1) - s0 == 0x0080xxxx
+  lwl s0,3(a1) - s0 == 0x80xxxxxx
+
+It isn't clear whether it is a limitation of the flash chip, the EBU or
+something else.
+
+Force 8bit reads to prevent gcc optimizing the read with lwr/lwl
+instructions.
+
+Signed-off-by: Mathias Kresin <dev@kresin.me>
+---
+ lib/lzma/LzmaDec.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+--- a/lib/lzma/LzmaDec.c
+++ b/lib/lzma/LzmaDec.c
+@@ -7,6 +7,7 @@
+ #include "LzmaDec.h"
+ 
+ #include <linux/string.h>
+#include <asm/io.h>
+ 
+ #define kNumTopBits 24
+ #define kTopValue ((UInt32)1 << kNumTopBits)
+@@ -703,7 +704,7 @@ static ELzmaDummy LzmaDec_TryDummy(const
+ 
+ static void LzmaDec_InitRc(CLzmaDec *p, const Byte *data)
+ {
+-  p->code = ((UInt32)data[1] << 24) | ((UInt32)data[2] << 16) | ((UInt32)data[3] << 8) | ((UInt32)data[4]);
+  p->code = ((UInt32)readb(&data[1]) << 24) | ((UInt32)readb(&data[2]) << 16) | ((UInt32)readb(&data[3]) << 8) | ((UInt32)readb(&data[4]));
+   p->range = 0xFFFFFFFF;
+   p->needFlush = 0;
+ }
+@@ -929,7 +930,7 @@ SRes LzmaProps_Decode(CLzmaProps *p, con
+   if (size < LZMA_PROPS_SIZE)
+     return SZ_ERROR_UNSUPPORTED;
+   else
+-    dicSize = data[1] | ((UInt32)data[2] << 8) | ((UInt32)data[3] << 16) | ((UInt32)data[4] << 24);
+    dicSize = readb(&data[1]) | ((UInt32)readb(&data[2]) << 8) | ((UInt32)readb(&data[3]) << 16) | ((UInt32)readb(&data[4]) << 24);
+ 
+   if (dicSize < LZMA_DIC_MIN)
+     dicSize = LZMA_DIC_MIN;
--- a/package/boot/uboot-sunxi/Makefile
+++ b/package/boot/uboot-sunxi/Makefile
@@ -301,6 +301,12 @@ define U-Boot/Bananapi_M2_Ultra
  BUILD_DEVICES:=sinovoip_bananapi-m2-ultra
 endef

+define U-Boot/bananapi_m2_berry
+  BUILD_SUBTARGET:=cortexa7
+  NAME:=Bananapi M2 Berry
+  BUILD_DEVICES:=sinovoip_bananapi-m2-berry
+endef
+
 UBOOT_TARGETS := \
 	a64-olinuxino \
 	a64-olinuxino-emmc \
@@ -312,6 +318,7 @@ UBOOT_TARGETS := \
 	A20-OLinuXino_MICRO \
 	bananapi_m2_plus_h3 \
 	Bananapi \
+	bananapi_m2_berry \
 	Bananapi_M2_Ultra \
 	Bananapro \
 	Cubieboard \
--- a/package/firmware/amd64-microcode/Makefile
+++ b/package/firmware/amd64-microcode/Makefile
@@ -1,47 +0,0 @@
-#
-# Copyright (C) 2018 OpenWrt.org
-#
-# This is free software, licensed under the GNU General Public License v2.
-# See /LICENSE for more information.
-#
-
-include $(TOPDIR)/rules.mk
-
-PKG_NAME:=amd64-microcode
-PKG_VERSION:=20191218
-PKG_RELEASE:=1
-
-PKG_SOURCE:=amd64-microcode_3.$(PKG_VERSION).$(PKG_RELEASE).tar.xz
-PKG_SOURCE_URL:=http://ftp.debian.org/debian/pool/non-free/a/amd64-microcode/
-PKG_HASH:=f469b79348097c5f04641b67a39d0ee5a2a1916c9556281626c04f2275d4132d
-PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-3.$(PKG_VERSION).$(PKG_RELEASE)
-
-PKG_LICENSE_FILE:=LICENSE.amd-ucode
-
-PKG_FLAGS:=nonshared
-
-include $(INCLUDE_DIR)/package.mk
-
-define Package/amd64-microcode
-  SECTION:=firmware
-  CATEGORY:=Firmware
-  URL:=$(PKG_SOURCE_URL)
-  DEPENDS:=@TARGET_x86
-  TITLE:=AMD64 CPU microcode
-endef
-
-define Build/Prepare
-	rm -rf $(PKG_BUILD_DIR)
-	mkdir -p $(PKG_BUILD_DIR)
-	$(TAR) -C $(BUILD_DIR) -xJf $(DL_DIR)/$(PKG_SOURCE)
-endef
-
-define Build/Compile
-endef
-
-define Package/amd64-microcode/install
-	$(INSTALL_DIR) $(1)/lib/firmware/amd-ucode
-	$(INSTALL_DATA) $(PKG_BUILD_DIR)/*.bin $(1)/lib/firmware/amd-ucode
-endef
-
-$(eval $(call BuildPackage,amd64-microcode))
--- a/package/firmware/cypress-firmware/Makefile
+++ b/package/firmware/cypress-firmware/Makefile
@@ -7,25 +7,24 @@

 include $(TOPDIR)/rules.mk

-UNPACK_CMD=unzip -q -p $(DL_DIR)/$(PKG_SOURCE) $(PKG_SOURCE_UNZIP) | gzip -dc | $(HOST_TAR) -C $(1) $(TAR_OPTIONS)
-
 PKG_NAME:=cypress-firmware
-PKG_VERSION:=v5.4.18-2020_0402
-PKG_RELEASE:=3
+PKG_VERSION:=5.4.18-2021_0812
+PKG_RELEASE:=1

-PKG_SOURCE_UNZIP:=cypress-firmware-$(PKG_VERSION).tar.gz
-PKG_SOURCE:=cypress-fmac-$(PKG_VERSION).zip
-PKG_SOURCE_URL:=https://community.cypress.com/gfawx74859/attachments/gfawx74859/resourcelibrary/1016/1/
-PKG_HASH:=b12b0570f462c2f3c26dde98b10235a845a7109037def1e7e51af728bcc1a958
+PKG_SOURCE_PROTO:=git
+PKG_SOURCE_URL:=https://github.com/Infineon/ifx-linux-firmware/
+PKG_MIRROR_HASH:=ac882b482dd401b53cdecc6004cd2bd3d65e888c19206dcf10931a28033ada4d
+PKG_SOURCE_VERSION:=release-v$(PKG_VERSION)

 PKG_MAINTAINER:=Álvaro Fernández Rojas <noltari@gmail.com>
+PKG_LICENSE_FILES:=LICENCE

 include $(INCLUDE_DIR)/package.mk

 define Package/cypress-firmware-default
  SECTION:=firmware
  CATEGORY:=Firmware
-  URL:=https://community.cypress.com/community/linux
+  URL:=https://community.infineon.com/
 endef

 define Build/Compile
@@ -41,10 +40,10 @@ endef
 define Package/cypress-firmware-43012-sdio/install
 	$(INSTALL_DIR) $(1)/lib/firmware/brcm
 	$(INSTALL_DATA) \
-		$(PKG_BUILD_DIR)/firmware/brcmfmac43012-sdio.bin \
+		$(PKG_BUILD_DIR)/firmware/cyfmac43012-sdio.bin \
 		$(1)/lib/firmware/brcm/brcmfmac43012-sdio.bin
 	$(INSTALL_DATA) \
-		$(PKG_BUILD_DIR)/firmware/brcmfmac43012-sdio.clm_blob \
+		$(PKG_BUILD_DIR)/firmware/cyfmac43012-sdio.clm_blob \
 		$(1)/lib/firmware/brcm/brcmfmac43012-sdio.clm_blob
 endef

@@ -59,7 +58,7 @@ endef
 define Package/cypress-firmware-43340-sdio/install
 	$(INSTALL_DIR) $(1)/lib/firmware/brcm
 	$(INSTALL_DATA) \
-		$(PKG_BUILD_DIR)/firmware/brcmfmac43340-sdio.bin \
+		$(PKG_BUILD_DIR)/firmware/cyfmac43340-sdio.bin \
 		$(1)/lib/firmware/brcm/brcmfmac43340-sdio.bin
 endef

@@ -76,7 +75,7 @@ endef
 define Package/cypress-firmware-43362-sdio/install
 	$(INSTALL_DIR) $(1)/lib/firmware/brcm
 	$(INSTALL_DATA) \
-		$(PKG_BUILD_DIR)/firmware/brcmfmac43362-sdio.bin \
+		$(PKG_BUILD_DIR)/firmware/cyfmac43362-sdio.bin \
 		$(1)/lib/firmware/brcm/brcmfmac43362-sdio.bin
 endef

@@ -91,7 +90,7 @@ endef
 define Package/cypress-firmware-4339-sdio/install
 	$(INSTALL_DIR) $(1)/lib/firmware/brcm
 	$(INSTALL_DATA) \
-		$(PKG_BUILD_DIR)/firmware/brcmfmac4339-sdio.bin \
+		$(PKG_BUILD_DIR)/firmware/cyfmac4339-sdio.bin \
 		$(1)/lib/firmware/brcm/brcmfmac4339-sdio.bin
 endef

@@ -108,10 +107,10 @@ endef
 define Package/cypress-firmware-43430-sdio/install
 	$(INSTALL_DIR) $(1)/lib/firmware/brcm
 	$(INSTALL_DATA) \
-		$(PKG_BUILD_DIR)/firmware/brcmfmac43430-sdio.bin \
+		$(PKG_BUILD_DIR)/firmware/cyfmac43430-sdio.bin \
 		$(1)/lib/firmware/brcm/brcmfmac43430-sdio.bin
 	$(INSTALL_DATA) \
-		$(PKG_BUILD_DIR)/firmware/brcmfmac43430-sdio.clm_blob \
+		$(PKG_BUILD_DIR)/firmware/cyfmac43430-sdio.clm_blob \
 		$(1)/lib/firmware/brcm/brcmfmac43430-sdio.clm_blob
 endef

@@ -128,10 +127,10 @@ endef
 define Package/cypress-firmware-43455-sdio/install
 	$(INSTALL_DIR) $(1)/lib/firmware/brcm
 	$(INSTALL_DATA) \
-		$(PKG_BUILD_DIR)/firmware/brcmfmac43455-sdio.bin \
+		$(PKG_BUILD_DIR)/firmware/cyfmac43455-sdio.bin \
 		$(1)/lib/firmware/brcm/brcmfmac43455-sdio.bin
 	$(INSTALL_DATA) \
-		$(PKG_BUILD_DIR)/firmware/brcmfmac43455-sdio.clm_blob \
+		$(PKG_BUILD_DIR)/firmware/cyfmac43455-sdio.clm_blob \
 		$(1)/lib/firmware/brcm/brcmfmac43455-sdio.clm_blob
 endef

@@ -146,10 +145,10 @@ endef
 define Package/cypress-firmware-4354-sdio/install
 	$(INSTALL_DIR) $(1)/lib/firmware/brcm
 	$(INSTALL_DATA) \
-		$(PKG_BUILD_DIR)/firmware/brcmfmac4354-sdio.bin \
+		$(PKG_BUILD_DIR)/firmware/cyfmac4354-sdio.bin \
 		$(1)/lib/firmware/brcm/brcmfmac4354-sdio.bin
 	$(INSTALL_DATA) \
-		$(PKG_BUILD_DIR)/firmware/brcmfmac4354-sdio.clm_blob \
+		$(PKG_BUILD_DIR)/firmware/cyfmac4354-sdio.clm_blob \
 		$(1)/lib/firmware/brcm/brcmfmac4354-sdio.clm_blob
 endef

@@ -164,10 +163,10 @@ endef
 define Package/cypress-firmware-4356-pcie/install
 	$(INSTALL_DIR) $(1)/lib/firmware/brcm
 	$(INSTALL_DATA) \
-		$(PKG_BUILD_DIR)/firmware/brcmfmac4356-pcie.bin \
+		$(PKG_BUILD_DIR)/firmware/cyfmac4356-pcie.bin \
 		$(1)/lib/firmware/brcm/brcmfmac4356-pcie.bin
 	$(INSTALL_DATA) \
-		$(PKG_BUILD_DIR)/firmware/brcmfmac4356-pcie.clm_blob \
+		$(PKG_BUILD_DIR)/firmware/cyfmac4356-pcie.clm_blob \
 		$(1)/lib/firmware/brcm/brcmfmac4356-pcie.clm_blob
 endef

@@ -182,10 +181,10 @@ endef
 define Package/cypress-firmware-4356-sdio/install
 	$(INSTALL_DIR) $(1)/lib/firmware/brcm
 	$(INSTALL_DATA) \
-		$(PKG_BUILD_DIR)/firmware/brcmfmac4356-sdio.bin \
+		$(PKG_BUILD_DIR)/firmware/cyfmac4356-sdio.bin \
 		$(1)/lib/firmware/brcm/brcmfmac4356-sdio.bin
 	$(INSTALL_DATA) \
-		$(PKG_BUILD_DIR)/firmware/brcmfmac4356-sdio.clm_blob \
+		$(PKG_BUILD_DIR)/firmware/cyfmac4356-sdio.clm_blob \
 		$(1)/lib/firmware/brcm/brcmfmac4356-sdio.clm_blob
 endef

@@ -200,51 +199,15 @@ endef
 define Package/cypress-firmware-43570-pcie/install
 	$(INSTALL_DIR) $(1)/lib/firmware/brcm
 	$(INSTALL_DATA) \
-		$(PKG_BUILD_DIR)/firmware/brcmfmac43570-pcie.bin \
+		$(PKG_BUILD_DIR)/firmware/cyfmac43570-pcie.bin \
 		$(1)/lib/firmware/brcm/brcmfmac43570-pcie.bin
 	$(INSTALL_DATA) \
-		$(PKG_BUILD_DIR)/firmware/brcmfmac43570-pcie.clm_blob \
+		$(PKG_BUILD_DIR)/firmware/cyfmac43570-pcie.clm_blob \
 		$(1)/lib/firmware/brcm/brcmfmac43570-pcie.clm_blob
 endef

 $(eval $(call BuildPackage,cypress-firmware-43570-pcie))

-# Cypress 4359 PCIe Firmware
-define Package/cypress-firmware-4359-pcie
-  $(Package/cypress-firmware-default)
-  TITLE:=CYW4359 FullMac PCIe firmware
-endef
-
-define Package/cypress-firmware-4359-pcie/install
-	$(INSTALL_DIR) $(1)/lib/firmware/brcm
-	$(INSTALL_DATA) \
-		$(PKG_BUILD_DIR)/firmware/brcmfmac4359-pcie.bin \
-		$(1)/lib/firmware/brcm/brcmfmac4359-pcie.bin
-	$(INSTALL_DATA) \
-		$(PKG_BUILD_DIR)/firmware/brcmfmac4359-pcie.clm_blob \
-		$(1)/lib/firmware/brcm/brcmfmac4359-pcie.clm_blob
-endef
-
-$(eval $(call BuildPackage,cypress-firmware-4359-pcie))
-
-# Cypress 4359 SDIO Firmware
-define Package/cypress-firmware-4359-sdio
-  $(Package/cypress-firmware-default)
-  TITLE:=CYW4359 FullMac SDIO firmware
-endef
-
-define Package/cypress-firmware-4359-sdio/install
-	$(INSTALL_DIR) $(1)/lib/firmware/brcm
-	$(INSTALL_DATA) \
-		$(PKG_BUILD_DIR)/firmware/brcmfmac4359-sdio.bin \
-		$(1)/lib/firmware/brcm/brcmfmac4359-sdio.bin
-	$(INSTALL_DATA) \
-		$(PKG_BUILD_DIR)/firmware/brcmfmac4359-sdio.clm_blob \
-		$(1)/lib/firmware/brcm/brcmfmac4359-sdio.clm_blob
-endef
-
-$(eval $(call BuildPackage,cypress-firmware-4359-sdio))
-
 # Cypress 4373 SDIO Firmware
 define Package/cypress-firmware-4373-sdio
  $(Package/cypress-firmware-default)
@@ -254,10 +217,10 @@ endef
 define Package/cypress-firmware-4373-sdio/install
 	$(INSTALL_DIR) $(1)/lib/firmware/brcm
 	$(INSTALL_DATA) \
-		$(PKG_BUILD_DIR)/firmware/brcmfmac4373-sdio.bin \
+		$(PKG_BUILD_DIR)/firmware/cyfmac4373-sdio.bin \
 		$(1)/lib/firmware/brcm/brcmfmac4373-sdio.bin
 	$(INSTALL_DATA) \
-		$(PKG_BUILD_DIR)/firmware/brcmfmac4373-sdio.clm_blob \
+		$(PKG_BUILD_DIR)/firmware/cyfmac4373-sdio.clm_blob \
 		$(1)/lib/firmware/brcm/brcmfmac4373-sdio.clm_blob
 endef

@@ -272,10 +235,10 @@ endef
 define Package/cypress-firmware-4373-usb/install
 	$(INSTALL_DIR) $(1)/lib/firmware/brcm
 	$(INSTALL_DATA) \
-		$(PKG_BUILD_DIR)/firmware/brcmfmac4373-usb.bin \
+		$(PKG_BUILD_DIR)/firmware/cyfmac4373-usb.bin \
 		$(1)/lib/firmware/brcm/brcmfmac4373-usb.bin
 	$(INSTALL_DATA) \
-		$(PKG_BUILD_DIR)/firmware/brcmfmac4373.clm_blob \
+		$(PKG_BUILD_DIR)/firmware/cyfmac4373.clm_blob \
 		$(1)/lib/firmware/brcm/brcmfmac4373.clm_blob
 endef

@@ -290,29 +253,11 @@ endef
 define Package/cypress-firmware-54591-pcie/install
 	$(INSTALL_DIR) $(1)/lib/firmware/brcm
 	$(INSTALL_DATA) \
-		$(PKG_BUILD_DIR)/firmware/brcmfmac54591-pcie.bin \
+		$(PKG_BUILD_DIR)/firmware/cyfmac54591-pcie.bin \
 		$(1)/lib/firmware/brcm/brcmfmac54591-pcie.bin
 	$(INSTALL_DATA) \
-		$(PKG_BUILD_DIR)/firmware/brcmfmac54591-pcie.clm_blob \
+		$(PKG_BUILD_DIR)/firmware/cyfmac54591-pcie.clm_blob \
 		$(1)/lib/firmware/brcm/brcmfmac54591-pcie.clm_blob
 endef

 $(eval $(call BuildPackage,cypress-firmware-54591-pcie))
-
-# Cypress 89459 PCIe Firmware
-define Package/cypress-firmware-89459-pcie
-  $(Package/cypress-firmware-default)
-  TITLE:=CYW89459 FullMac PCIe firmware
-endef
-
-define Package/cypress-firmware-89459-pcie/install
-	$(INSTALL_DIR) $(1)/lib/firmware/brcm
-	$(INSTALL_DATA) \
-		$(PKG_BUILD_DIR)/firmware/brcmfmac89459-pcie.bin \
-		$(1)/lib/firmware/brcm/brcmfmac89459-pcie.bin
-	$(INSTALL_DATA) \
-		$(PKG_BUILD_DIR)/firmware/brcmfmac89459-pcie.clm_blob \
-		$(1)/lib/firmware/brcm/brcmfmac89459-pcie.clm_blob
-endef
-
-$(eval $(call BuildPackage,cypress-firmware-89459-pcie))
--- a/package/firmware/cypress-nvram/Makefile
+++ b/package/firmware/cypress-nvram/Makefile
@@ -100,6 +100,9 @@ define Package/cypress-nvram-43455-sdio-rpi-4b/install
 	$(INSTALL_DATA) \
 		$(PKG_BUILD_DIR)/brcmfmac43455-sdio.raspberrypi,4-model-b.txt \
 		$(1)/lib/firmware/brcm/brcmfmac43455-sdio.raspberrypi,4-model-b.txt
+	$(INSTALL_DATA) \
+		$(PKG_BUILD_DIR)/brcmfmac43455-sdio.raspberrypi,4-model-b.txt \
+		$(1)/lib/firmware/brcm/brcmfmac43455-sdio.raspberrypi,4-compute-module.txt
 endef

 $(eval $(call BuildPackage,cypress-nvram-43455-sdio-rpi-4b))
--- a/package/firmware/intel-microcode/Makefile
+++ b/package/firmware/intel-microcode/Makefile
@@ -8,13 +8,13 @@
 include $(TOPDIR)/rules.mk

 PKG_NAME:=intel-microcode
-PKG_VERSION:=20200616
+PKG_VERSION:=20220809
 PKG_RELEASE:=1

-PKG_SOURCE:=intel-microcode_3.$(PKG_VERSION).$(PKG_RELEASE).tar.xz
+PKG_SOURCE:=intel-microcode_3.$(PKG_VERSION).1.tar.xz
 PKG_SOURCE_URL:=http://ftp.debian.org/debian/pool/non-free/i/intel-microcode/
-PKG_HASH:=bcc3b81c452fe4649a948c022475d76c1cdfbb730f36749a082f412f1406a3b9
-PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-3.$(PKG_VERSION).$(PKG_RELEASE)
+PKG_HASH:=4cf6c3638bb52d9d45c1916af866fd0929628a6f459daac3edfd369149e9c665
+PKG_BUILD_DIR:=$(BUILD_DIR)/intel-microcode-3.$(PKG_VERSION).1

 PKG_BUILD_DEPENDS:=iucode-tool/host

--- a/package/firmware/linux-firmware/Makefile
+++ b/package/firmware/linux-firmware/Makefile
@@ -8,12 +8,12 @@
 include $(TOPDIR)/rules.mk

 PKG_NAME:=linux-firmware
-PKG_VERSION:=20201118
-PKG_RELEASE:=3
+PKG_VERSION:=20211216
+PKG_RELEASE:=1

 PKG_SOURCE_URL:=@KERNEL/linux/kernel/firmware
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
-PKG_HASH:=863d5a31da725b856a917280d1e3014929b3bc3d4e6e5faecf530c13afb7e2b9
+PKG_HASH:=eeddb4e6bef31fd1a3757f12ccc324929bbad97855c0b9ec5ed780f74de1837d

 PKG_MAINTAINER:=Felix Fietkau <nbd@nbd.name>

--- a/package/firmware/linux-firmware/amd.mk
+++ b/package/firmware/linux-firmware/amd.mk
@@ -0,0 +1,29 @@
+Package/amd64-microcode = $(call Package/firmware-default,AMD64 CPU microcode,@TARGET_x86)
+define Package/amd64-microcode/install
+	$(INSTALL_DIR) $(1)/lib/firmware/amd-ucode
+	$(CP) \
+		$(PKG_BUILD_DIR)/amd-ucode/*.bin \
+		$(1)/lib/firmware/amd-ucode
+endef
+
+$(eval $(call BuildPackage,amd64-microcode))
+
+Package/amdgpu-firmware = $(call Package/firmware-default,AMDGPU Video Driver firmware)
+define Package/amdgpu-firmware/install
+	$(INSTALL_DIR) $(1)/lib/firmware/amdgpu
+	$(CP) \
+		$(PKG_BUILD_DIR)/amdgpu/*.bin \
+		$(1)/lib/firmware/amdgpu
+endef
+
+$(eval $(call BuildPackage,amdgpu-firmware))
+
+Package/radeon-firmware = $(call Package/firmware-default,Radeon Video Driver firmware)
+define Package/radeon-firmware/install
+	$(INSTALL_DIR) $(1)/lib/firmware/radeon
+	$(CP) \
+		$(PKG_BUILD_DIR)/radeon/*.bin \
+		$(1)/lib/firmware/radeon
+endef
+
+$(eval $(call BuildPackage,radeon-firmware))
--- a/package/firmware/linux-firmware/amdgpu.mk
+++ b/package/firmware/linux-firmware/amdgpu.mk
@@ -1,9 +0,0 @@
-Package/amdgpu-firmware = $(call Package/firmware-default,AMDGPU Video Driver firmware)
-define Package/amdgpu-firmware/install
-	$(INSTALL_DIR) $(1)/lib/firmware/amdgpu
-	$(CP) \
-		$(PKG_BUILD_DIR)/amdgpu/*.bin \
-		$(1)/lib/firmware/amdgpu
-endef
-
-$(eval $(call BuildPackage,amdgpu-firmware))
--- a/package/firmware/linux-firmware/broadcom.mk
+++ b/package/firmware/linux-firmware/broadcom.mk
@@ -34,24 +34,6 @@ define Package/brcmfmac-firmware-4329-sdio/install
 endef
 $(eval $(call BuildPackage,brcmfmac-firmware-4329-sdio))

-Package/brcmfmac-firmware-43362-sdio = $(call Package/firmware-default,Broadcom BCM43362 FullMac SDIO firmware)
-define Package/brcmfmac-firmware-43362-sdio/install
-	$(INSTALL_DIR) $(1)/lib/firmware/brcm
-	$(INSTALL_DATA) \
-		$(PKG_BUILD_DIR)/brcm/brcmfmac43362-sdio.bin \
-		$(1)/lib/firmware/brcm/brcmfmac43362-sdio.bin
-endef
-$(eval $(call BuildPackage,brcmfmac-firmware-43362-sdio))
-
-Package/brcmfmac-firmware-43430-sdio = $(call Package/firmware-default,Broadcom BCM43430 FullMac SDIO firmware)
-define Package/brcmfmac-firmware-43430-sdio/install
-	$(INSTALL_DIR) $(1)/lib/firmware/brcm
-	$(INSTALL_DATA) \
-		$(PKG_BUILD_DIR)/brcm/brcmfmac43430-sdio.bin \
-		$(1)/lib/firmware/brcm/brcmfmac43430-sdio.bin
-endef
-$(eval $(call BuildPackage,brcmfmac-firmware-43430-sdio))
-
 Package/brcmfmac-firmware-43430-sdio-rpi-3b = $(call Package/firmware-default,Broadcom BCM43430 NVRAM for Raspberry Pi 3B)
 define Package/brcmfmac-firmware-43430-sdio-rpi-3b/install
 	$(INSTALL_DIR) $(1)/lib/firmware/brcm
@@ -79,15 +61,6 @@ define Package/brcmfmac-firmware-43430a0-sdio/install
 endef
 $(eval $(call BuildPackage,brcmfmac-firmware-43430a0-sdio))

-Package/brcmfmac-firmware-43455-sdio = $(call Package/firmware-default,Broadcom BCM43455 FullMac SDIO firmware)
-define Package/brcmfmac-firmware-43455-sdio/install
-	$(INSTALL_DIR) $(1)/lib/firmware/brcm
-	$(INSTALL_DATA) \
-		$(PKG_BUILD_DIR)/brcm/brcmfmac43455-sdio.bin \
-		$(1)/lib/firmware/brcm/brcmfmac43455-sdio.bin
-endef
-$(eval $(call BuildPackage,brcmfmac-firmware-43455-sdio))
-
 Package/brcmfmac-firmware-43455-sdio-rpi-3b-plus = $(call Package/firmware-default,Broadcom BCM43455 NVRAM for Raspberry Pi 3B+)
 define Package/brcmfmac-firmware-43455-sdio-rpi-3b-plus/install
 	$(INSTALL_DIR) $(1)/lib/firmware/brcm
--- a/package/firmware/linux-firmware/qca_ath10k.mk
+++ b/package/firmware/linux-firmware/qca_ath10k.mk
@@ -26,6 +26,23 @@ define Package/ath10k-firmware-qca4019/install
 endef
 $(eval $(call BuildPackage,ath10k-firmware-qca4019))

+Package/ath10k-board-qca9377 = $(call Package/firmware-default,ath10k qca9377 board firmware)
+define Package/ath10k-board-qca9377/install
+	$(INSTALL_DIR) $(1)/lib/firmware/ath10k/QCA9377/hw1.0
+	$(INSTALL_DATA) \
+		$(PKG_BUILD_DIR)/ath10k/QCA9377/hw1.0/board-2.bin \
+		$(1)/lib/firmware/ath10k/QCA9377/hw1.0/
+endef
+$(eval $(call BuildPackage,ath10k-board-qca9377))
+Package/ath10k-firmware-qca9377 = $(call Package/firmware-default,ath10k qca9377 firmware,+ath10k-board-qca9377)
+define Package/ath10k-firmware-qca9377/install
+	$(INSTALL_DIR) $(1)/lib/firmware/ath10k/QCA9377/hw1.0
+	$(INSTALL_DATA) \
+		$(PKG_BUILD_DIR)/ath10k/QCA9377/hw1.0/firmware-6.bin \
+		$(1)/lib/firmware/ath10k/QCA9377/hw1.0/firmware-6.bin
+endef
+$(eval $(call BuildPackage,ath10k-firmware-qca9377))
+
 Package/ath10k-board-qca9887 = $(call Package/firmware-default,ath10k qca9887 board firmware)
 define Package/ath10k-board-qca9887/install
 	$(INSTALL_DIR) $(1)/lib/firmware/ath10k/QCA9887/hw1.0
--- a/package/firmware/linux-firmware/radeon.mk
+++ b/package/firmware/linux-firmware/radeon.mk
@@ -1,9 +0,0 @@
-Package/radeon-firmware = $(call Package/firmware-default,Radeon Video Driver firmware)
-define Package/radeon-firmware/install
-	$(INSTALL_DIR) $(1)/lib/firmware/radeon
-	$(CP) \
-		$(PKG_BUILD_DIR)/radeon/*.bin \
-		$(1)/lib/firmware/radeon
-endef
-
-$(eval $(call BuildPackage,radeon-firmware))
--- a/package/firmware/linux-firmware/realtek.mk
+++ b/package/firmware/linux-firmware/realtek.mk
@@ -76,16 +76,10 @@ Package/rtl8723bu-firmware = $(call Package/firmware-default,RealTek RTL8723BU f
 define Package/rtl8723bu-firmware/install
 	$(INSTALL_DIR) $(1)/lib/firmware/rtlwifi
 	$(INSTALL_DATA) $(PKG_BUILD_DIR)/rtlwifi/rtl8723bu_nic.bin $(1)/lib/firmware/rtlwifi
+	ln -s rtl8723bu_nic.bin $(1)/lib/firmware/rtlwifi/rtl8723bs_nic.bin
 endef
 $(eval $(call BuildPackage,rtl8723bu-firmware))

-Package/rtl8723bs-firmware = $(call Package/firmware-default,RealTek RTL8723BS firmware)
-define Package/rtl8723bs-firmware/install
-	$(INSTALL_DIR) $(1)/lib/firmware/rtlwifi
-	$(INSTALL_DATA) $(PKG_BUILD_DIR)/rtlwifi/rtl8723bs*.bin $(1)/lib/firmware/rtlwifi
-endef
-$(eval $(call BuildPackage,rtl8723bs-firmware))
-
 Package/rtl8821ae-firmware = $(call Package/firmware-default,RealTek RTL8821AE firmware)
 define Package/rtl8821ae-firmware/install
 	$(INSTALL_DIR) $(1)/lib/firmware/rtlwifi
--- a/package/firmware/wireless-regdb/Makefile
+++ b/package/firmware/wireless-regdb/Makefile
@@ -1,12 +1,12 @@
 include $(TOPDIR)/rules.mk

 PKG_NAME:=wireless-regdb
-PKG_VERSION:=2021.04.21
+PKG_VERSION:=2022.08.12
 PKG_RELEASE:=1

 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
 PKG_SOURCE_URL:=@KERNEL/software/network/wireless-regdb/
-PKG_HASH:=9e4c02b2a9710df4dbdb327c39612e8cbbae6495987afeddaebab28c1ea3d8fa
+PKG_HASH:=59c8f7d17966db71b27f90e735ee8f5b42ca3527694a8c5e6e9b56bd379c3b84

 PKG_MAINTAINER:=Felix Fietkau <nbd@nbd.name>

--- a/package/firmware/wireless-regdb/patches/500-world-regd-5GHz.patch
+++ b/package/firmware/wireless-regdb/patches/500-world-regd-5GHz.patch
@@ -5,7 +5,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
 ---
 --- a/db.txt
 +++ b/db.txt
-@@ -16,7 +16,7 @@ country 00:
+@@ -19,7 +19,7 @@ country 00:
 	# Channel 14. Only JP enables this and for 802.11b only
 	(2474 - 2494 @ 20), (20), NO-IR, NO-OFDM
 	# Channel 36 - 48
--- a/package/kernel/bcm63xx-cfe/Makefile
+++ b/package/kernel/bcm63xx-cfe/Makefile
@@ -2,13 +2,13 @@ include $(TOPDIR)/rules.mk
 include $(INCLUDE_DIR)/kernel.mk

 PKG_NAME:=bcm63xx-cfe
-PKG_RELEASE:=2
+PKG_RELEASE:=1

 PKG_SOURCE_URL:=https://github.com/openwrt/bcm63xx-cfe.git
 PKG_SOURCE_PROTO:=git
-PKG_SOURCE_DATE:=2021-03-05
-PKG_SOURCE_VERSION:=d03501629fc8b1ba8f9b0961d543c256a3d0098f
-PKG_MIRROR_HASH:=b32a6f68d59c8f4534def7ec2568ad7da7a612a605b9406328309c78115ee88d
+PKG_SOURCE_DATE:=2021-06-22
+PKG_SOURCE_VERSION:=e5050f37150b34deb547b50feccd0e7439cb5bd7
+PKG_MIRROR_HASH:=85fed9f4bdf23cf7d33a02f549ffe9073666890f786d5ffa484c0368552b75ae

 PKG_FLAGS:=nonshared

--- a/package/kernel/cryptodev-linux/Makefile
+++ b/package/kernel/cryptodev-linux/Makefile
@@ -10,12 +10,12 @@ include $(TOPDIR)/rules.mk
 include $(INCLUDE_DIR)/kernel.mk

 PKG_NAME:=cryptodev-linux
-PKG_VERSION:=1.11
-PKG_RELEASE:=1
+PKG_VERSION:=1.12
+PKG_RELEASE:=$(AUTORELEASE)

 PKG_SOURCE_URL:=https://codeload.github.com/$(PKG_NAME)/$(PKG_NAME)/tar.gz/$(PKG_NAME)-$(PKG_VERSION)?
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
-PKG_HASH:=d71fd8dafc40147586f5bc6acca8fce5088d9c576d1142fe5aeb7b0813186a11
+PKG_HASH:=f51c2254749233b1b1d7ec9445158bd709f124f88e1c650fe2faac83c3a81938
 PKG_LICENSE:=GPL-2.0
 PKG_LICENSE_FILES:=COPYING

--- a/package/kernel/cryptodev-linux/patches/010-fix-build-for-kernel-v5.9-rc1.patch
+++ b/package/kernel/cryptodev-linux/patches/010-fix-build-for-kernel-v5.9-rc1.patch
@@ -1,32 +0,0 @@
-From 2f5e08aebf9229599aae7f25db752f74221cd71d Mon Sep 17 00:00:00 2001
-From: Joan Bruguera <joanbrugueram@gmail.com>
-Date: Fri, 14 Aug 2020 00:13:38 +0200
-Subject: [PATCH] Fix build for Linux 5.9-rc1
-
-See also: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=64019a2e467a288a16b65ab55ddcbf58c1b00187
-          https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=bce617edecada007aee8610fbe2c14d10b8de2f6
-          https://lore.kernel.org/lkml/CAHk-=wj_V2Tps2QrMn20_W0OJF9xqNh52XSGA42s-ZJ8Y+GyKw@mail.gmail.com/
-
-Signed-off-by: Joan Bruguera <joanbrugueram@gmail.com>
---
- zc.c | 6 +++++-
- 1 file changed, 5 insertions(+), 1 deletion(-)
-
--- a/zc.c
-+++ b/zc.c
-@@ -76,10 +76,14 @@ int __get_userbuf(uint8_t __user *addr,
- 	ret = get_user_pages_remote(task, mm,
- 			(unsigned long)addr, pgcount, write ? FOLL_WRITE : 0,
- 			pg, NULL);
-#else
-+#elif (LINUX_VERSION_CODE < KERNEL_VERSION(5, 9, 0))
- 	ret = get_user_pages_remote(task, mm,
- 			(unsigned long)addr, pgcount, write ? FOLL_WRITE : 0,
- 			pg, NULL, NULL);
-+#else
-+	ret = get_user_pages_remote(mm,
-+			(unsigned long)addr, pgcount, write ? FOLL_WRITE : 0,
-+			pg, NULL, NULL);
- #endif
- #if (LINUX_VERSION_CODE < KERNEL_VERSION(5, 8, 0))
- 	up_read(&mm->mmap_sem);
--- a/package/kernel/exfat/Makefile
+++ b/package/kernel/exfat/Makefile
@@ -7,12 +7,12 @@ include $(TOPDIR)/rules.mk
 include $(INCLUDE_DIR)/kernel.mk

 PKG_NAME:=exfat
-PKG_VERSION:=5.12.3
+PKG_VERSION:=5.19.1
 PKG_RELEASE:=$(AUTORELEASE)

 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=https://codeload.github.com/namjaejeon/linux-exfat-oot/tar.gz/$(PKG_VERSION)?
-PKG_HASH:=43889c73af76c466bbc904aff80354a62ecaa24c7b20e354ff735f5949907982
+PKG_HASH:=80750bfa3bcdf743ca0d027be8244cc7b6ccd78f20304c2cabbb4011c88e4f0a
 PKG_BUILD_DIR:=$(KERNEL_BUILD_DIR)/linux-exfat-oot-$(PKG_VERSION)

 PKG_MAINTAINER:=
--- a/package/kernel/gpio-button-hotplug/src/gpio-button-hotplug.c
+++ b/package/kernel/gpio-button-hotplug/src/gpio-button-hotplug.c
@@ -242,11 +242,11 @@ static int gpio_button_get_value(struct gpio_keys_button_data *bdata)
 	int val;

 	if (bdata->can_sleep)
-		val = !!gpio_get_value_cansleep(bdata->b->gpio);
+		val = !!gpiod_get_value_cansleep(bdata->gpiod);
 	else
-		val = !!gpio_get_value(bdata->b->gpio);
+		val = !!gpiod_get_value(bdata->gpiod);

-	return val ^ bdata->b->active_low;
+	return val;
 }

 static void gpio_keys_handle_button(struct gpio_keys_button_data *bdata)
@@ -365,7 +365,6 @@ gpio_keys_get_devtree_pdata(struct device *dev)
 	struct device_node *node, *pp;
 	struct gpio_keys_platform_data *pdata;
 	struct gpio_keys_button *button;
-	int error;
 	int nbuttons;
 	int i = 0;

@@ -375,14 +374,12 @@ gpio_keys_get_devtree_pdata(struct device *dev)

 	nbuttons = of_get_child_count(node);
 	if (nbuttons == 0)
-		return NULL;
+		return ERR_PTR(-EINVAL);

 	pdata = devm_kzalloc(dev, sizeof(*pdata) + nbuttons * (sizeof *button),
 		GFP_KERNEL);
-	if (!pdata) {
-		error = -ENOMEM;
-		goto err_out;
-	}
+	if (!pdata)
+		return ERR_PTR(-ENOMEM);

 	pdata->buttons = (struct gpio_keys_button *)(pdata + 1);
 	pdata->nbuttons = nbuttons;
@@ -391,37 +388,13 @@ gpio_keys_get_devtree_pdata(struct device *dev)
 	of_property_read_u32(node, "poll-interval", &pdata->poll_interval);

 	for_each_child_of_node(node, pp) {
-		enum of_gpio_flags flags;
-
-		if (!of_find_property(pp, "gpios", NULL)) {
-			pdata->nbuttons--;
-			dev_warn(dev, "Found button without gpios\n");
-			continue;
-		}
-
 		button = (struct gpio_keys_button *)(&pdata->buttons[i++]);

-		button->irq = irq_of_parse_and_map(pp, 0);
-
-		button->gpio = of_get_gpio_flags(pp, 0, &flags);
-		if (button->gpio < 0) {
-			error = button->gpio;
-			if (error != -ENOENT) {
-				if (error != -EPROBE_DEFER)
-					dev_err(dev,
-						"Failed to get gpio flags, error: %d\n",
-						error);
-				return ERR_PTR(error);
-			}
-		} else {
-			button->active_low = !!(flags & OF_GPIO_ACTIVE_LOW);
-		}
-
 		if (of_property_read_u32(pp, "linux,code", &button->code)) {
-			dev_err(dev, "Button without keycode: 0x%x\n",
-				button->gpio);
-			error = -EINVAL;
-			goto err_out;
+			dev_err(dev, "Button node '%s' without keycode\n",
+				pp->full_name);
+			of_node_put(pp);
+			return ERR_PTR(-EINVAL);
 		}

 		button->desc = of_get_property(pp, "label", NULL);
@@ -434,17 +407,12 @@ gpio_keys_get_devtree_pdata(struct device *dev)
 		if (of_property_read_u32(pp, "debounce-interval",
 					&button->debounce_interval))
 			button->debounce_interval = 5;
-	}

-	if (pdata->nbuttons == 0) {
-		error = -EINVAL;
-		goto err_out;
+		button->irq = irq_of_parse_and_map(pp, 0);
+		button->gpio = -ENOENT; /* mark this as device-tree */
 	}

 	return pdata;
-
-err_out:
-	return ERR_PTR(error);
 }

 static struct of_device_id gpio_keys_of_match[] = {
@@ -471,11 +439,12 @@ gpio_keys_get_devtree_pdata(struct device *dev)
 static int gpio_keys_button_probe(struct platform_device *pdev,
 		struct gpio_keys_button_dev **_bdev, int polled)
 {
-	struct gpio_keys_platform_data *pdata = pdev->dev.platform_data;
 	struct device *dev = &pdev->dev;
+	struct gpio_keys_platform_data *pdata = dev_get_platdata(dev);
 	struct gpio_keys_button_dev *bdev;
 	struct gpio_keys_button *buttons;
-	int error;
+	struct device_node *prev = NULL;
+	int error = 0;
 	int i;

 	if (!pdata) {
@@ -514,46 +483,67 @@ static int gpio_keys_button_probe(struct platform_device *pdev,
 	for (i = 0; i < pdata->nbuttons; i++) {
 		struct gpio_keys_button *button = &buttons[i];
 		struct gpio_keys_button_data *bdata = &bdev->data[i];
-		unsigned int gpio = button->gpio;
+		const char *desc = button->desc ? button->desc : DRV_NAME;

 		if (button->wakeup) {
 			dev_err(dev, "does not support wakeup\n");
-			return -EINVAL;
+			error = -EINVAL;
+			goto out;
 		}

 		bdata->map_entry = button_get_index(button->code);
 		if (bdata->map_entry < 0) {
-			dev_warn(dev, "does not support key code:%u\n",
+			dev_err(dev, "does not support key code:%u\n",
 				button->code);
-			continue;
+			error = -EINVAL;
+			goto out;
 		}

 		if (!(button->type == 0 || button->type == EV_KEY ||
 		      button->type == EV_SW)) {
-			dev_warn(dev, "only supports buttons or switches\n");
-			continue;
+			dev_err(dev, "only supports buttons or switches\n");
+			error = -EINVAL;
+			goto out;
 		}

-		error = devm_gpio_request(dev, gpio,
-				     button->desc ? button->desc : DRV_NAME);
-		if (error) {
-			dev_err(dev, "unable to claim gpio %u, err=%d\n",
-				gpio, error);
-			return error;
-		}
-		bdata->gpiod = gpio_to_desc(gpio);
-		if (!bdata->gpiod)
-			return -EINVAL;
+		if (gpio_is_valid(button->gpio)) {
+			/* legacy platform data... but is it the lookup table? */
+			bdata->gpiod = devm_gpiod_get_index(dev, desc, i,
+							    GPIOD_IN);
+			if (IS_ERR(bdata->gpiod)) {
+				/* or the legacy (button->gpio is good) way? */
+				error = devm_gpio_request_one(dev,
+					button->gpio, GPIOF_IN | (
+					button->active_low ? GPIOF_ACTIVE_LOW :
+					0), desc);
+				if (error) {
+					if (error != -EPROBE_DEFER) {
+						dev_err(dev, "unable to claim gpio %d, err=%d\n",
+							button->gpio, error);
+					}
+					goto out;
+				}

-		error = gpio_direction_input(gpio);
-		if (error) {
-			dev_err(dev,
-				"unable to set direction on gpio %u, err=%d\n",
-				gpio, error);
-			return error;
+				bdata->gpiod = gpio_to_desc(button->gpio);
+			}
+		} else {
+			/* Device-tree */
+			struct device_node *child =
+				of_get_next_child(dev->of_node, prev);
+
+			bdata->gpiod = devm_gpiod_get_from_of_node(dev,
+				child, "gpios", 0, GPIOD_IN, desc);
+
+			prev = child;
 		}

-		bdata->can_sleep = gpio_cansleep(gpio);
+		if (IS_ERR_OR_NULL(bdata->gpiod)) {
+			error = IS_ERR(bdata->gpiod) ? PTR_ERR(bdata->gpiod) :
+				-EINVAL;
+			goto out;
+		}
+
+		bdata->can_sleep = gpiod_cansleep(bdata->gpiod);
 		bdata->last_state = -1; /* Unknown state on boot */

 		if (bdev->polled) {
@@ -584,8 +574,11 @@ static int gpio_keys_button_probe(struct platform_device *pdev,
 	platform_set_drvdata(pdev, bdev);

 	*_bdev = bdev;
+	error = 0;

-	return 0;
+out:
+	of_node_put(prev);
+	return error;
 }

 static int gpio_keys_probe(struct platform_device *pdev)
@@ -594,9 +587,7 @@ static int gpio_keys_probe(struct platform_device *pdev)
 	struct gpio_keys_button_dev *bdev;
 	int ret, i;

-
 	ret = gpio_keys_button_probe(pdev, &bdev, 0);
-
 	if (ret)
 		return ret;

@@ -608,12 +599,8 @@ static int gpio_keys_probe(struct platform_device *pdev)

 		INIT_DELAYED_WORK(&bdata->work, gpio_keys_irq_work_func);

-		if (!bdata->gpiod)
-			continue;
-
 		if (!button->irq) {
-			bdata->irq = gpio_to_irq(button->gpio);
-
+			bdata->irq = gpiod_to_irq(bdata->gpiod);
 			if (bdata->irq < 0) {
 				dev_err(&pdev->dev, "failed to get irq for gpio:%d\n",
 					button->gpio);
@@ -631,7 +618,6 @@ static int gpio_keys_probe(struct platform_device *pdev)
 		ret = devm_request_threaded_irq(&pdev->dev,
 			bdata->irq, NULL, button_handle_irq,
 			irqflags, dev_name(&pdev->dev), bdata);
-
 		if (ret < 0) {
 			bdata->irq = 0;
 			dev_err(&pdev->dev, "failed to request irq:%d for gpio:%d\n",
@@ -653,14 +639,12 @@ static int gpio_keys_polled_probe(struct platform_device *pdev)
 	int ret;

 	ret = gpio_keys_button_probe(pdev, &bdev, 1);
-
 	if (ret)
 		return ret;

 	INIT_DELAYED_WORK(&bdev->work, gpio_keys_polled_poll);

 	pdata = bdev->pdata;
-
 	if (pdata->enable)
 		pdata->enable(bdev->dev);

--- a/package/kernel/linux/modules/crypto.mk
+++ b/package/kernel/linux/modules/crypto.mk
@@ -440,28 +440,6 @@ endef
 $(eval $(call KernelPackage,crypto-kpp))


-define KernelPackage/crypto-lib-blake2s
-  TITLE:=BLAKE2s hash function library
-  KCONFIG:=CONFIG_CRYPTO_LIB_BLAKE2S
-  HIDDEN:=1
-  FILES:= \
-	$(LINUX_DIR)/lib/crypto/libblake2s.ko \
-	$(LINUX_DIR)/lib/crypto/libblake2s-generic.ko
-  $(call AddDepends/crypto,+PACKAGE_kmod-crypto-hash:kmod-crypto-hash)
-endef
-
-define KernelPackage/crypto-lib-blake2s/config
-  imply PACKAGE_kmod-crypto-hash
-endef
-
-define KernelPackage/crypto-lib-blake2s/x86/64
-  KCONFIG+=CONFIG_CRYPTO_BLAKE2S_X86
-  FILES+=$(LINUX_DIR)/arch/x86/crypto/blake2s-x86_64.ko
-endef
-
-$(eval $(call KernelPackage,crypto-lib-blake2s))
-
-
 define KernelPackage/crypto-lib-chacha20
  TITLE:=ChaCha library interface
  KCONFIG:=CONFIG_CRYPTO_LIB_CHACHA
--- a/package/kernel/linux/modules/leds.mk
+++ b/package/kernel/linux/modules/leds.mk
@@ -84,6 +84,22 @@ endef
 $(eval $(call KernelPackage,ledtrig-oneshot))


+define KernelPackage/ledtrig-pattern
+  SUBMENU:=$(LEDS_MENU)
+  TITLE:=LED Pattern Trigger
+  KCONFIG:=CONFIG_LEDS_TRIGGER_PATTERN
+  FILES:=$(LED_TRIGGER_DIR)/ledtrig-pattern.ko
+  AUTOLOAD:=$(call AutoLoad,50,ledtrig-pattern)
+endef
+
+define KernelPackage/ledtrig-pattern/description
+ This allows LEDs to be controlled by a software or hardware pattern
+ which is a series of tuples, of brightness and duration (ms).
+endef
+
+$(eval $(call KernelPackage,ledtrig-pattern))
+
+
 define KernelPackage/leds-pca963x
  SUBMENU:=$(LEDS_MENU)
  TITLE:=PCA963x LED support
@@ -114,3 +130,17 @@ define KernelPackage/leds-pwm/description
 endef

 $(eval $(call KernelPackage,leds-pwm))
+
+define KernelPackage/leds-uleds
+  SUBMENU:=$(LEDS_MENU)
+  TITLE:=Userspace LEDs
+  KCONFIG:=CONFIG_LEDS_USER
+  FILES:=$(LINUX_DIR)/drivers/leds/uleds.ko
+  AUTOLOAD:=$(call AutoLoad,60,uleds,1)
+endef
+
+define KernelPackage/leds-uleds/description
+ This option enables support for userspace LEDs.
+endef
+
+$(eval $(call KernelPackage,leds-uleds))
--- a/package/kernel/linux/modules/netsupport.mk
+++ b/package/kernel/linux/modules/netsupport.mk
@@ -1263,7 +1263,6 @@ define KernelPackage/wireguard
  SUBMENU:=$(NETWORK_SUPPORT_MENU)
  TITLE:=WireGuard secure network tunnel
  DEPENDS:= \
-	  +kmod-crypto-lib-blake2s \
 	  +kmod-crypto-lib-chacha20poly1305 \
 	  +kmod-crypto-lib-curve25519 \
 	  +kmod-udptunnel4 \
--- a/package/kernel/mac80211/Makefile
+++ b/package/kernel/mac80211/Makefile
@@ -10,10 +10,10 @@ include $(INCLUDE_DIR)/kernel.mk

 PKG_NAME:=mac80211

-PKG_VERSION:=5.10.68-1
+PKG_VERSION:=5.10.110-1
 PKG_RELEASE:=1
-PKG_SOURCE_URL:=@KERNEL/linux/kernel/projects/backports/stable/v5.10.68/
-PKG_HASH:=bba161b0084590c677a84b80993709e388a3c478f29ed0c475d4fce1b9162968
+PKG_SOURCE_URL:=@KERNEL/linux/kernel/projects/backports/stable/v5.10.110/
+PKG_HASH:=3d958154080c059adaf26512430fd1a8888d65a2228e5e70e48d028201e148b1

 PKG_SOURCE:=backports-$(PKG_VERSION).tar.xz
 PKG_BUILD_DIR:=$(KERNEL_BUILD_DIR)/backports-$(PKG_VERSION)
@@ -434,9 +434,15 @@ config-$(call config_package,rsi91x-sdio) += RSI_SDIO

 config-$(CONFIG_LEDS_TRIGGERS) += MAC80211_LEDS

+C_DEFINES=
+
+ifeq ($(BUILD_VARIANT),smallbuffers)
+	C_DEFINES+= -DCONFIG_ATH10K_SMALLBUFFERS
+endif
+
 MAKE_OPTS:= -C "$(PKG_BUILD_DIR)" \
 	$(KERNEL_MAKE_FLAGS) \
-	EXTRA_CFLAGS="-I$(PKG_BUILD_DIR)/include $(IREMAP_CFLAGS)" \
+	EXTRA_CFLAGS="-I$(PKG_BUILD_DIR)/include $(IREMAP_CFLAGS) $(C_DEFINES)" \
 	KLIB_BUILD="$(LINUX_DIR)" \
 	MODPROBE=true \
 	KLIB=$(TARGET_MODULES_DIR) \
--- a/package/kernel/mac80211/ath.mk
+++ b/package/kernel/mac80211/ath.mk
@@ -1,5 +1,5 @@
 PKG_DRIVERS += \
-	ath ath5k ath6kl ath6kl-sdio ath6kl-usb ath9k ath9k-common ath9k-htc ath10k \
+	ath ath5k ath6kl ath6kl-sdio ath6kl-usb ath9k ath9k-common ath9k-htc ath10k ath10k-smallbuffers \
 	carl9170 owl-loader ar5523 wil6210

 PKG_CONFIG_DEPENDS += \
@@ -55,6 +55,7 @@ config-$(CONFIG_ATH10K_THERMAL) += ATH10K_THERMAL

 config-$(call config_package,ath9k-htc) += ATH9K_HTC
 config-$(call config_package,ath10k) += ATH10K ATH10K_PCI
+config-$(call config_package,ath10k-smallbuffers) += ATH10K ATH10K_PCI ATH10K_SMALLBUFFERS

 config-$(call config_package,ath5k) += ATH5K
 ifdef CONFIG_TARGET_ath25
@@ -260,6 +261,7 @@ define KernelPackage/ath10k
 	$(PKG_BUILD_DIR)/drivers/net/wireless/ath/ath10k/ath10k_core.ko \
 	$(PKG_BUILD_DIR)/drivers/net/wireless/ath/ath10k/ath10k_pci.ko
  AUTOLOAD:=$(call AutoProbe,ath10k_pci)
+  VARIANT:=regular
 endef

 define KernelPackage/ath10k/description
@@ -273,14 +275,20 @@ define KernelPackage/ath10k/config
       config ATH10K_LEDS
               bool "Enable LED support"
               default y
-               depends on PACKAGE_kmod-ath10k
+               depends on PACKAGE_kmod-ath10k || PACKAGE_kmod-ath10k-smallbuffers

       config ATH10K_THERMAL
               bool "Enable thermal sensors and throttling support"
-               depends on PACKAGE_kmod-ath10k
+               depends on PACKAGE_kmod-ath10k || PACKAGE_kmod-ath10k-smallbuffers

 endef

+define KernelPackage/ath10k-smallbuffers
+  $(call KernelPackage/ath10k)
+  TITLE+= (small buffers for low-RAM devices)
+  VARIANT:=smallbuffers
+endef
+
 define KernelPackage/carl9170
  $(call KernelPackage/mac80211/Default)
  TITLE:=Driver for Atheros AR9170 USB sticks
--- a/package/kernel/mac80211/files/lib/netifd/wireless/mac80211.sh
+++ b/package/kernel/mac80211/files/lib/netifd/wireless/mac80211.sh
@@ -26,7 +26,6 @@ drv_mac80211_init_device_config() {
 	hostapd_common_add_device_config

 	config_add_string path phy 'macaddr:macaddr'
-	config_add_string hwmode
 	config_add_string tx_burst
 	config_add_string distance
 	config_add_int beacon_int chanbw frag rts
@@ -44,11 +43,26 @@ drv_mac80211_init_device_config() {
 		su_beamformee \
 		mu_beamformer \
 		mu_beamformee \
+		he_su_beamformer \
+		he_su_beamformee \
+		he_mu_beamformer \
 		vht_txop_ps \
 		htc_vht \
 		rx_antenna_pattern \
-		tx_antenna_pattern
-	config_add_int vht_max_a_mpdu_len_exp vht_max_mpdu vht_link_adapt vht160 rx_stbc tx_stbc
+		tx_antenna_pattern \
+		he_spr_sr_control \
+		he_twt_required
+	config_add_int \
+		beamformer_antennas \
+		beamformee_antennas \
+		vht_max_a_mpdu_len_exp \
+		vht_max_mpdu \
+		vht_link_adapt \
+		vht160 \
+		rx_stbc \
+		tx_stbc \
+		he_bss_color \
+		he_spr_non_srg_obss_pd_max_offset
 	config_add_boolean \
 		ldpc \
 		greenfield \
@@ -96,6 +110,23 @@ mac80211_add_capabilities() {
 	export -n -- "$__var=$__out"
 }

+mac80211_add_he_capabilities() {
+	local __out= oifs
+
+	oifs="$IFS"
+	IFS=:
+	for capab in "$@"; do
+		set -- $capab
+		[ "$(($4))" -gt 0 ] || continue
+		[ "$(((0x$2) & $3))" -gt 0 ] || {
+			eval "$1=0"
+			continue
+		}
+		append base_cfg "$1=1" "$N"
+	done
+	IFS="$oifs"
+}
+
 mac80211_hostapd_setup_base() {
 	local phy="$1"

@@ -119,6 +150,9 @@ mac80211_hostapd_setup_base() {
 	[ "$noscan" -gt 0 ] && hostapd_noscan=1
 	[ "$tx_burst" = 0 ] && tx_burst=

+	chan_ofs=0
+	[ "$band" = "6g" ] && chan_ofs=1
+
 	ieee80211n=1
 	ht_capab=
 	case "$htmode" in
@@ -126,7 +160,7 @@ mac80211_hostapd_setup_base() {
 		HT40*|VHT40|VHT80|VHT160|HE40|HE80|HE160)
 			case "$hwmode" in
 				a)
-					case "$(( ($channel / 4) % 2 ))" in
+					case "$(( (($channel / 4) + $chan_ofs) % 2 ))" in
 						1) ht_capab="[HT40+]";;
 						0) ht_capab="[HT40-]";;
 					esac
@@ -200,7 +234,7 @@ mac80211_hostapd_setup_base() {
 	case "$htmode" in
 		VHT20|HE20) enable_ac=1;;
 		VHT40|HE40)
-			case "$(( ($channel / 4) % 2 ))" in
+			case "$(( (($channel / 4) + $chan_ofs) % 2 ))" in
 				1) idx=$(($channel + 2));;
 				0) idx=$(($channel - 2));;
 			esac
@@ -208,7 +242,7 @@ mac80211_hostapd_setup_base() {
 			vht_center_seg0=$idx
 		;;
 		VHT80|HE80)
-			case "$(( ($channel / 4) % 4 ))" in
+			case "$(( (($channel / 4) + $chan_ofs) % 4 ))" in
 				1) idx=$(($channel + 6));;
 				2) idx=$(($channel + 2));;
 				3) idx=$(($channel - 2));;
@@ -219,15 +253,35 @@ mac80211_hostapd_setup_base() {
 			vht_center_seg0=$idx
 		;;
 		VHT160|HE160)
-			case "$channel" in
-				36|40|44|48|52|56|60|64) idx=50;;
-				100|104|108|112|116|120|124|128) idx=114;;
-			esac
+			if [ "$band" = "6g" ]; then
+				case "$channel" in
+					1|5|9|13|17|21|25|29) idx=15;;
+					33|37|41|45|49|53|57|61) idx=47;;
+					65|69|73|77|81|85|89|93) idx=79;;
+					97|101|105|109|113|117|121|125) idx=111;;
+					129|133|137|141|145|149|153|157) idx=143;;
+					161|165|169|173|177|181|185|189) idx=175;;
+					193|197|201|205|209|213|217|221) idx=207;;
+				esac
+			else
+				case "$channel" in
+					36|40|44|48|52|56|60|64) idx=50;;
+					100|104|108|112|116|120|124|128) idx=114;;
+				esac
+			fi
 			enable_ac=1
 			vht_oper_chwidth=2
 			vht_center_seg0=$idx
 		;;
 	esac
+	[ "$band" = "6g" ] && {
+		op_class=
+		case "$htmode" in
+			HE20) op_class=131;;
+			HE*) op_class=$((132 + $vht_oper_chwidth))
+		esac
+		[ -n "$op_class" ] && append base_cfg "op_class=$op_class" "$N"
+	}
 	[ "$hwmode" = "a" ] || enable_ac=0

 	if [ "$enable_ac" != "0" ]; then
@@ -242,6 +296,8 @@ mac80211_hostapd_setup_base() {
 			mu_beamformee:1 \
 			vht_txop_ps:1 \
 			htc_vht:1 \
+			beamformee_antennas:4 \
+			beamformer_antennas:4 \
 			rx_antenna_pattern:1 \
 			tx_antenna_pattern:1 \
 			vht_max_a_mpdu_len_exp:7 \
@@ -282,6 +338,18 @@ mac80211_hostapd_setup_base() {
 			RX-STBC-123:0x700:0x300:1 \
 			RX-STBC-1234:0x700:0x400:1 \

+		[ "$(($vht_cap & 0x800))" -gt 0 -a "$su_beamformer" -gt 0 ] && {
+			cap_ant="$(( ( ($vht_cap >> 16) & 3 ) + 1 ))"
+			[ "$cap_ant" -gt "$beamformer_antennas" ] && cap_ant="$beamformer_antennas"
+			[ "$cap_ant" -gt 1 ] && vht_capab="$vht_capab[SOUNDING-DIMENSION-$cap_ant]"
+		}
+
+		[ "$(($vht_cap & 0x1000))" -gt 0 -a "$su_beamformee" -gt 0 ] && {
+			cap_ant="$(( ( ($vht_cap >> 13) & 3 ) + 1 ))"
+			[ "$cap_ant" -gt "$beamformee_antennas" ] && cap_ant="$beamformee_antennas"
+			[ "$cap_ant" -gt 1 ] && vht_capab="$vht_capab[BF-ANTENNA-$cap_ant]"
+		}
+
 		# supported Channel widths
 		vht160_hw=0
 		[ "$(($vht_cap & 12))" -eq 4 -a 1 -le "$vht160" ] && \
@@ -337,16 +405,62 @@ mac80211_hostapd_setup_base() {
 	esac

 	if [ "$enable_ax" != "0" ]; then
+		json_get_vars \
+			he_su_beamformer:1 \
+			he_su_beamformee:0 \
+			he_mu_beamformer:1 \
+			he_twt_required:0 \
+			he_spr_sr_control:0 \
+			he_spr_non_srg_obss_pd_max_offset:1 \
+			he_bss_color
+
+		he_phy_cap=$(iw phy "$phy" info | awk -F "[()]" '/HE PHY Capabilities/ { print $2 }' | head -1)
+		he_phy_cap=${he_phy_cap:2}
+		he_mac_cap=$(iw phy "$phy" info | awk -F "[()]" '/HE MAC Capabilities/ { print $2 }' | head -1)
+		he_mac_cap=${he_mac_cap:2}
+
 		append base_cfg "ieee80211ax=1" "$N"
+		[ -n "$he_bss_color" ] && append base_cfg "he_bss_color=$he_bss_color" "$N"
 		[ "$hwmode" = "a" ] && {
 			append base_cfg "he_oper_chwidth=$vht_oper_chwidth" "$N"
 			append base_cfg "he_oper_centr_freq_seg0_idx=$vht_center_seg0" "$N"
 		}
+
+		mac80211_add_he_capabilities \
+			he_su_beamformer:${he_phy_cap:6:2}:0x80:$he_su_beamformer \
+			he_su_beamformee:${he_phy_cap:8:2}:0x1:$he_su_beamformee \
+			he_mu_beamformer:${he_phy_cap:8:2}:0x2:$he_mu_beamformer \
+			he_spr_sr_control:${he_phy_cap:14:2}:0x1:$he_spr_sr_control \
+			he_twt_required:${he_mac_cap:0:2}:0x6:$he_twt_required
+
+		[ "$he_spr_sr_control" -gt 0 ] && append base_cfg "he_spr_non_srg_obss_pd_max_offset=$he_spr_non_srg_obss_pd_max_offset" "$N"
+
 		append base_cfg "he_default_pe_duration=4" "$N"
 		append base_cfg "he_rts_threshold=1023" "$N"
-		append base_cfg "he_su_beamformer=1" "$N"
-		append base_cfg "he_su_beamformee=1" "$N"
-		append base_cfg "he_mu_beamformer=1" "$N"
+		append base_cfg "he_mu_edca_qos_info_param_count=0" "$N"
+		append base_cfg "he_mu_edca_qos_info_q_ack=0" "$N"
+		append base_cfg "he_mu_edca_qos_info_queue_request=0" "$N"
+		append base_cfg "he_mu_edca_qos_info_txop_request=0" "$N"
+		append base_cfg "he_mu_edca_ac_be_aifsn=8" "$N"
+		append base_cfg "he_mu_edca_ac_be_aci=0" "$N"
+		append base_cfg "he_mu_edca_ac_be_ecwmin=9" "$N"
+		append base_cfg "he_mu_edca_ac_be_ecwmax=10" "$N"
+		append base_cfg "he_mu_edca_ac_be_timer=255" "$N"
+		append base_cfg "he_mu_edca_ac_bk_aifsn=15" "$N"
+		append base_cfg "he_mu_edca_ac_bk_aci=1" "$N"
+		append base_cfg "he_mu_edca_ac_bk_ecwmin=9" "$N"
+		append base_cfg "he_mu_edca_ac_bk_ecwmax=10" "$N"
+		append base_cfg "he_mu_edca_ac_bk_timer=255" "$N"
+		append base_cfg "he_mu_edca_ac_vi_ecwmin=5" "$N"
+		append base_cfg "he_mu_edca_ac_vi_ecwmax=7" "$N"
+		append base_cfg "he_mu_edca_ac_vi_aifsn=5" "$N"
+		append base_cfg "he_mu_edca_ac_vi_aci=2" "$N"
+		append base_cfg "he_mu_edca_ac_vi_timer=255" "$N"
+		append base_cfg "he_mu_edca_ac_vo_aifsn=5" "$N"
+		append base_cfg "he_mu_edca_ac_vo_aci=3" "$N"
+		append base_cfg "he_mu_edca_ac_vo_ecwmin=5" "$N"
+		append base_cfg "he_mu_edca_ac_vo_ecwmax=7" "$N"
+		append base_cfg "he_mu_edca_ac_vo_timer=255" "$N"
 	fi

 	hostapd_prepare_device_config "$hostapd_conf_file" nl80211
@@ -528,7 +642,7 @@ mac80211_iw_interface_add() {
 		rc="$?"
 	}

-	[ "$rc" != 0 ] && wireless_setup_failed INTERFACE_CREATION_FAILED
+	[ "$rc" != 0 ] && echo "Failed to create interface $ifname"
 	return $rc
 }

@@ -689,14 +803,8 @@ mac80211_prepare_iw_htmode() {
 	case "$htmode" in
 		VHT20|HT20) iw_htmode=HT20;;
 		HT40*|VHT40|VHT160)
-			case "$hwmode" in
-				a)
-					case "$(( ($channel / 4) % 2 ))" in
-						1) iw_htmode="HT40+" ;;
-						0) iw_htmode="HT40-";;
-					esac
-				;;
-				*)
+			case "$band" in
+				2g)
 					case "$htmode" in
 						HT40+) iw_htmode="HT40+";;
 						HT40-) iw_htmode="HT40-";;
@@ -709,6 +817,12 @@ mac80211_prepare_iw_htmode() {
 						;;
 					esac
 				;;
+				*)
+					case "$(( ($channel / 4) % 2 ))" in
+						1) iw_htmode="HT40+" ;;
+						0) iw_htmode="HT40-";;
+					esac
+				;;
 			esac
 			[ "$auto_channel" -gt 0 ] && iw_htmode="HT40+"
 		;;
@@ -763,6 +877,7 @@ mac80211_setup_adhoc() {
 	mcval=
 	[ -n "$mcast_rate" ] && wpa_supplicant_add_rate mcval "$mcast_rate"

+	iw dev "$ifname" set type ibss
 	iw dev "$ifname" ibss join "$ssid" $freq $iw_htmode fixed-freq $bssid \
 		beacon-interval $beacon_int \
 		${brstr:+basic-rates $brstr} \
@@ -818,7 +933,6 @@ mac80211_setup_vif() {
 		mesh)
 			wireless_vif_parse_encryption
 			[ -z "$htmode" ] && htmode="NOHT";
-			freq="$(get_freq "$phy" "$channel")"
 			if [ "$wpa" -gt 0 -o "$auto_channel" -gt 0 ] || chan_is_dfs "$phy" "$channel"; then
 				mac80211_setup_supplicant $vif_enable || failed=1
 			else
@@ -832,7 +946,6 @@ mac80211_setup_vif() {
 		adhoc)
 			wireless_vif_parse_encryption
 			if [ "$wpa" -gt 0 -o "$auto_channel" -gt 0 ]; then
-				freq="$(get_freq "$phy" "$channel")"
 				mac80211_setup_supplicant_noctl $vif_enable || failed=1
 			else
 				mac80211_setup_adhoc $vif_enable
@@ -849,10 +962,30 @@ mac80211_setup_vif() {

 get_freq() {
 	local phy="$1"
-	local chan="$2"
-	iw "$phy" info | grep -E -m1 "(\* ${chan:-....} MHz${chan:+|\\[$chan\\]})" | grep MHz | awk '{print $2}'
+	local channel="$2"
+	local band="$3"
+
+	case "$band" in
+		2g) band="1:";;
+		5g) band="2:";;
+		60g) band="3:";;
+		6g) band="4:";;
+	esac
+
+	iw "$phy" info | awk -v band="$band" -v channel="[$channel]" '
+
+$1 ~ /Band/ {
+	band_match = band == $2
 }

+band_match && $3 == "MHz" && $4 == channel {
+	print $2
+	exit
+}
+'
+}
+
+
 chan_is_dfs() {
 	local phy="$1"
 	local chan="$2"
@@ -933,7 +1066,7 @@ drv_mac80211_setup() {
 	done

 	# convert channel to frequency
-	[ "$auto_channel" -gt 0 ] || freq="$(get_freq "$phy" "$channel")"
+	[ "$auto_channel" -gt 0 ] || freq="$(get_freq "$phy" "$channel" "$band")"

 	[ -n "$country" ] && {
 		iw reg get | grep -q "^country $country:" || {
--- a/package/kernel/mac80211/files/lib/wifi/mac80211.sh
+++ b/package/kernel/mac80211/files/lib/wifi/mac80211.sh
@@ -57,6 +57,85 @@ check_mac80211_device() {
 	[ "$phy" = "$dev" ] && found=1
 }

+
+__get_band_defaults() {
+	local phy="$1"
+
+	( iw phy "$phy" info; echo ) | awk '
+BEGIN {
+        bands = ""
+}
+
+($1 == "Band" || $1 == "") && band {
+        if (channel) {
+		mode="NOHT"
+		if (ht) mode="HT20"
+		if (vht && band != "1:") mode="VHT80"
+		if (he) mode="HE80"
+		if (he && band == "1:") mode="HE20"
+                sub("\\[", "", channel)
+                sub("\\]", "", channel)
+                bands = bands band channel ":" mode " "
+        }
+        band=""
+}
+
+$1 == "Band" {
+        band = $2
+        channel = ""
+	vht = ""
+	ht = ""
+	he = ""
+}
+
+$0 ~ "Capabilities:" {
+	ht=1
+}
+
+$0 ~ "VHT Capabilities" {
+	vht=1
+}
+
+$0 ~ "HE Iftypes" {
+	he=1
+}
+
+$1 == "*" && $3 == "MHz" && $0 !~ /disabled/ && band && !channel {
+        channel = $4
+}
+
+END {
+        print bands
+}'
+}
+
+get_band_defaults() {
+	local phy="$1"
+
+	for c in $(__get_band_defaults "$phy"); do
+		local band="${c%%:*}"
+		c="${c#*:}"
+		local chan="${c%%:*}"
+		c="${c#*:}"
+		local mode="${c%%:*}"
+
+		case "$band" in
+			1) band=2g;;
+			2) band=5g;;
+			3) band=60g;;
+			4) band=6g;;
+			*) band="";;
+		esac
+
+		[ -n "$band" ] || continue
+		[ -n "$mode_band" -a "$band" = "6g" ] && return
+
+		mode_band="$band"
+		channel="$chan"
+		htmode="$mode"
+	done
+}
+
 detect_mac80211() {
 	devidx=0
 	config_load wireless
@@ -75,26 +154,12 @@ detect_mac80211() {
 		config_foreach check_mac80211_device wifi-device
 		[ "$found" -gt 0 ] && continue

-		mode_band="g"
-		channel="11"
+		mode_band=""
+		channel=""
 		htmode=""
 		ht_capab=""

-		iw phy "$dev" info | grep -q 'Capabilities:' && htmode=HT20
-
-		iw phy "$dev" info | grep -q '\* 5... MHz \[' && {
-			mode_band="a"
-			channel=$(iw phy "$dev" info | grep '\* 5... MHz \[' | grep '(disabled)' -v -m 1 | sed 's/[^[]*\[\|\].*//g')
-			iw phy "$dev" info | grep -q 'VHT Capabilities' && htmode="VHT80"
-		}
-
-		iw phy "$dev" info | grep -q '\* 5.... MHz \[' && {
-			mode_band="ad"
-			channel=$(iw phy "$dev" info | grep '\* 5.... MHz \[' | grep '(disabled)' -v -m 1 | sed 's/[^[]*\[\|\|\].*//g')
-			iw phy "$dev" info | grep -q 'Capabilities:' && htmode="HT20"
-		}
-
-		[ -n "$htmode" ] && ht_capab="set wireless.radio${devidx}.htmode=$htmode"
+		get_band_defaults "$dev"

 		path="$(mac80211_phy_to_path "$dev")"
 		if [ -n "$path" ]; then
@@ -106,10 +171,10 @@ detect_mac80211() {
 		uci -q batch <<-EOF
 			set wireless.radio${devidx}=wifi-device
 			set wireless.radio${devidx}.type=mac80211
-			set wireless.radio${devidx}.channel=${channel}
-			set wireless.radio${devidx}.hwmode=11${mode_band}
 			${dev_id}
-			${ht_capab}
+			set wireless.radio${devidx}.channel=${channel}
+			set wireless.radio${devidx}.band=${mode_band}
+			set wireless.radio${devidx}.htmode=$htmode
 			set wireless.radio${devidx}.disabled=1

 			set wireless.default_radio${devidx}=wifi-iface
--- a/package/kernel/mac80211/patches/ath/542-ath9k_debugfs_diag.patch
+++ b/package/kernel/mac80211/patches/ath/542-ath9k_debugfs_diag.patch
@@ -125,9 +125,9 @@
 		REG_SET_BIT(ah, AR_BTCOEX_WL_LNADIV, AR_BTCOEX_WL_LNADIV_FORCE_ON);
 --- a/drivers/net/wireless/ath/ath9k/main.c
 +++ b/drivers/net/wireless/ath/ath9k/main.c
-@@ -536,6 +536,11 @@ irqreturn_t ath_isr(int irq, void *dev)
- 	if (test_bit(ATH_OP_HW_RESET, &common->op_flags))
+@@ -538,6 +538,11 @@ irqreturn_t ath_isr(int irq, void *dev)
 		return IRQ_HANDLED;
+ 	}
 
 +	if (test_bit(ATH_DIAG_TRIGGER_ERROR, &ah->diag)) {
 +		status |= ATH9K_INT_FATAL;
--- a/package/kernel/mac80211/patches/ath/551-ath9k_ubnt_uap_plus_hsr.patch
+++ b/package/kernel/mac80211/patches/ath/551-ath9k_ubnt_uap_plus_hsr.patch
@@ -339,7 +339,7 @@
 
 static void ath9k_flush(struct ieee80211_hw *hw, struct ieee80211_vif *vif,
 			u32 queues, bool drop);
-@@ -657,6 +658,7 @@ void ath_reset_work(struct work_struct *
+@@ -659,6 +660,7 @@ void ath_reset_work(struct work_struct *
 static int ath9k_start(struct ieee80211_hw *hw)
 {
 	struct ath_softc *sc = hw->priv;
@@ -347,7 +347,7 @@
 	struct ath_hw *ah = sc->sc_ah;
 	struct ath_common *common = ath9k_hw_common(ah);
 	struct ieee80211_channel *curchan = sc->cur_chan->chandef.chan;
-@@ -735,6 +737,11 @@ static int ath9k_start(struct ieee80211_
+@@ -737,6 +739,11 @@ static int ath9k_start(struct ieee80211_
 					  AR_GPIO_OUTPUT_MUX_AS_OUTPUT);
 	}
 
--- a/package/kernel/mac80211/patches/ath/580-ath9k_ar9561_fix_bias_level.patch
+++ b/package/kernel/mac80211/patches/ath/580-ath9k_ar9561_fix_bias_level.patch
@@ -0,0 +1,47 @@
+From 4509e523dba46f789377cfec6f20579adf743416 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Thibaut=20VAR=C3=88NE?= <hacks+kernel@slashdirt.org>
+Date: Sun, 17 Apr 2022 11:31:35 +0200
+Subject: [PATCH v2] ath9k: fix QCA9561 PA bias level
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+This patch fixes an invalid TX PA DC bias level on QCA9561, which
+results in a very low output power and very low throughput as devices
+are further away from the AP (compared to other 2.4GHz APs).
+
+This patch was suggested by Felix Fietkau, who noted[1]:
+"The value written to that register is wrong, because while the mask
+definition AR_CH0_TOP2_XPABIASLVL uses a different value for 9561, the
+shift definition AR_CH0_TOP2_XPABIASLVL_S is hardcoded to 12, which is
+wrong for 9561."
+
+In real life testing, without this patch the 2.4GHz throughput on
+Yuncore XD3200 is around 10Mbps sitting next to the AP, and closer to
+practical maximum with the patch applied.
+
+[1] https://lore.kernel.org/all/91c58969-c60e-2f41-00ac-737786d435ae@nbd.name
+
+Signed-off-by: Thibaut VARÈNE <hacks+kernel@slashdirt.org>
+---
+v2: Adjust #define per Felix's suggestion
+---
+ drivers/net/wireless/ath/ath9k/ar9003_phy.h | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/drivers/net/wireless/ath/ath9k/ar9003_phy.h b/drivers/net/wireless/ath/ath9k/ar9003_phy.h
+index a171dbb29..ad949eb02 100644
+--- a/drivers/net/wireless/ath/ath9k/ar9003_phy.h
+++ b/drivers/net/wireless/ath/ath9k/ar9003_phy.h
+@@ -720,7 +720,7 @@
+ #define AR_CH0_TOP2		(AR_SREV_9300(ah) ? 0x1628c : \
+ 					(AR_SREV_9462(ah) ? 0x16290 : 0x16284))
+ #define AR_CH0_TOP2_XPABIASLVL		(AR_SREV_9561(ah) ? 0x1e00 : 0xf000)
+-#define AR_CH0_TOP2_XPABIASLVL_S	12
+#define AR_CH0_TOP2_XPABIASLVL_S	(AR_SREV_9561(ah) ? 9 : 12)
+ 
+ #define AR_CH0_XTAL		(AR_SREV_9300(ah) ? 0x16294 : \
+ 				 ((AR_SREV_9462(ah) || AR_SREV_9565(ah)) ? 0x16298 : \
+-- 
+2.30.2
+
--- a/package/kernel/mac80211/patches/ath/921-ath10k_init_devices_synchronously.patch
+++ b/package/kernel/mac80211/patches/ath/921-ath10k_init_devices_synchronously.patch
@@ -14,7 +14,7 @@ Signed-off-by: Sven Eckelmann <sven@open-mesh.com>

 --- a/drivers/net/wireless/ath/ath10k/core.c
 +++ b/drivers/net/wireless/ath/ath10k/core.c
-@@ -3189,6 +3189,16 @@ int ath10k_core_register(struct ath10k *
+@@ -3206,6 +3206,16 @@ int ath10k_core_register(struct ath10k *
 
 	queue_work(ar->workqueue, &ar->register_work);
 
--- a/package/kernel/mac80211/patches/ath/930-ath10k_add_tpt_led_trigger.patch
+++ b/package/kernel/mac80211/patches/ath/930-ath10k_add_tpt_led_trigger.patch
@@ -1,6 +1,6 @@
 --- a/drivers/net/wireless/ath/ath10k/mac.c
 +++ b/drivers/net/wireless/ath/ath10k/mac.c
-@@ -9709,6 +9709,21 @@ static int ath10k_mac_init_rd(struct ath
+@@ -9732,6 +9732,21 @@ static int ath10k_mac_init_rd(struct ath
 	return 0;
 }
 
@@ -22,7 +22,7 @@
 int ath10k_mac_register(struct ath10k *ar)
 {
 	static const u32 cipher_suites[] = {
-@@ -10058,6 +10073,12 @@ int ath10k_mac_register(struct ath10k *a
+@@ -10081,6 +10096,12 @@ int ath10k_mac_register(struct ath10k *a
 
 	ar->hw->weight_multiplier = ATH10K_AIRTIME_WEIGHT_MULTIPLIER;
 
--- a/package/kernel/mac80211/patches/ath/974-ath10k_add-LED-and-GPIO-controlling-support-for-various-chipsets.patch
+++ b/package/kernel/mac80211/patches/ath/974-ath10k_add-LED-and-GPIO-controlling-support-for-various-chipsets.patch
@@ -140,7 +140,7 @@ v13:
 		.patch_load_addr = QCA988X_HW_2_0_PATCH_LOAD_ADDR,
 		.uart_pin = 7,
 		.cc_wraparound_type = ATH10K_HW_CC_WRAP_SHIFTED_ALL,
-@@ -130,6 +132,7 @@ static const struct ath10k_hw_params ath
+@@ -132,6 +134,7 @@ static const struct ath10k_hw_params ath
 		.dev_id = QCA9887_1_0_DEVICE_ID,
 		.bus = ATH10K_BUS_PCI,
 		.name = "qca9887 hw1.0",
@@ -148,7 +148,7 @@ v13:
 		.patch_load_addr = QCA9887_HW_1_0_PATCH_LOAD_ADDR,
 		.uart_pin = 7,
 		.cc_wraparound_type = ATH10K_HW_CC_WRAP_SHIFTED_ALL,
-@@ -335,6 +338,7 @@ static const struct ath10k_hw_params ath
+@@ -343,6 +346,7 @@ static const struct ath10k_hw_params ath
 		.dev_id = QCA99X0_2_0_DEVICE_ID,
 		.bus = ATH10K_BUS_PCI,
 		.name = "qca99x0 hw2.0",
@@ -156,7 +156,7 @@ v13:
 		.patch_load_addr = QCA99X0_HW_2_0_PATCH_LOAD_ADDR,
 		.uart_pin = 7,
 		.otp_exe_param = 0x00000700,
-@@ -375,6 +379,7 @@ static const struct ath10k_hw_params ath
+@@ -384,6 +388,7 @@ static const struct ath10k_hw_params ath
 		.dev_id = QCA9984_1_0_DEVICE_ID,
 		.bus = ATH10K_BUS_PCI,
 		.name = "qca9984/qca9994 hw1.0",
@@ -164,7 +164,7 @@ v13:
 		.patch_load_addr = QCA9984_HW_1_0_PATCH_LOAD_ADDR,
 		.uart_pin = 7,
 		.cc_wraparound_type = ATH10K_HW_CC_WRAP_SHIFTED_EACH,
-@@ -422,6 +427,7 @@ static const struct ath10k_hw_params ath
+@@ -432,6 +437,7 @@ static const struct ath10k_hw_params ath
 		.dev_id = QCA9888_2_0_DEVICE_ID,
 		.bus = ATH10K_BUS_PCI,
 		.name = "qca9888 hw2.0",
@@ -172,7 +172,7 @@ v13:
 		.patch_load_addr = QCA9888_HW_2_0_PATCH_LOAD_ADDR,
 		.uart_pin = 7,
 		.cc_wraparound_type = ATH10K_HW_CC_WRAP_SHIFTED_EACH,
-@@ -2904,6 +2910,10 @@ int ath10k_core_start(struct ath10k *ar,
+@@ -2921,6 +2927,10 @@ int ath10k_core_start(struct ath10k *ar,
 		goto err_hif_stop;
 	}
 
@@ -183,7 +183,7 @@ v13:
 	return 0;
 
 err_hif_stop:
-@@ -3162,9 +3172,18 @@ static void ath10k_core_register_work(st
+@@ -3179,9 +3189,18 @@ static void ath10k_core_register_work(st
 		goto err_spectral_destroy;
 	}
 
@@ -202,7 +202,7 @@ v13:
 err_spectral_destroy:
 	ath10k_spectral_destroy(ar);
 err_debug_destroy:
-@@ -3210,6 +3229,8 @@ void ath10k_core_unregister(struct ath10
+@@ -3227,6 +3246,8 @@ void ath10k_core_unregister(struct ath10
 	if (!test_bit(ATH10K_FLAG_CORE_REGISTERED, &ar->dev_flags))
 		return;
 
@@ -467,7 +467,7 @@ v13:
 static const struct wmi_peer_flags_map wmi_tlv_peer_flags_map = {
 --- a/drivers/net/wireless/ath/ath10k/wmi.c
 +++ b/drivers/net/wireless/ath/ath10k/wmi.c
-@@ -7468,6 +7468,49 @@ ath10k_wmi_op_gen_peer_set_param(struct
+@@ -7472,6 +7472,49 @@ ath10k_wmi_op_gen_peer_set_param(struct
 	return skb;
 }
 
@@ -517,7 +517,7 @@ v13:
 static struct sk_buff *
 ath10k_wmi_op_gen_set_psmode(struct ath10k *ar, u32 vdev_id,
 			     enum wmi_sta_ps_mode psmode)
-@@ -9156,6 +9199,9 @@ static const struct wmi_ops wmi_ops = {
+@@ -9160,6 +9203,9 @@ static const struct wmi_ops wmi_ops = {
 	.fw_stats_fill = ath10k_wmi_main_op_fw_stats_fill,
 	.get_vdev_subtype = ath10k_wmi_op_get_vdev_subtype,
 	.gen_echo = ath10k_wmi_op_gen_echo,
@@ -527,7 +527,7 @@ v13:
 	/* .gen_bcn_tmpl not implemented */
 	/* .gen_prb_tmpl not implemented */
 	/* .gen_p2p_go_bcn_ie not implemented */
-@@ -9226,6 +9272,8 @@ static const struct wmi_ops wmi_10_1_ops
+@@ -9230,6 +9276,8 @@ static const struct wmi_ops wmi_10_1_ops
 	.fw_stats_fill = ath10k_wmi_10x_op_fw_stats_fill,
 	.get_vdev_subtype = ath10k_wmi_op_get_vdev_subtype,
 	.gen_echo = ath10k_wmi_op_gen_echo,
@@ -536,7 +536,7 @@ v13:
 	/* .gen_bcn_tmpl not implemented */
 	/* .gen_prb_tmpl not implemented */
 	/* .gen_p2p_go_bcn_ie not implemented */
-@@ -9298,6 +9346,8 @@ static const struct wmi_ops wmi_10_2_ops
+@@ -9302,6 +9350,8 @@ static const struct wmi_ops wmi_10_2_ops
 	.gen_delba_send = ath10k_wmi_op_gen_delba_send,
 	.fw_stats_fill = ath10k_wmi_10x_op_fw_stats_fill,
 	.get_vdev_subtype = ath10k_wmi_op_get_vdev_subtype,
@@ -545,7 +545,7 @@ v13:
 	/* .gen_pdev_enable_adaptive_cca not implemented */
 };
 
-@@ -9369,6 +9419,8 @@ static const struct wmi_ops wmi_10_2_4_o
+@@ -9373,6 +9423,8 @@ static const struct wmi_ops wmi_10_2_4_o
 		ath10k_wmi_op_gen_pdev_enable_adaptive_cca,
 	.get_vdev_subtype = ath10k_wmi_10_2_4_op_get_vdev_subtype,
 	.gen_bb_timing = ath10k_wmi_10_2_4_op_gen_bb_timing,
@@ -554,7 +554,7 @@ v13:
 	/* .gen_bcn_tmpl not implemented */
 	/* .gen_prb_tmpl not implemented */
 	/* .gen_p2p_go_bcn_ie not implemented */
-@@ -9450,6 +9502,8 @@ static const struct wmi_ops wmi_10_4_ops
+@@ -9454,6 +9506,8 @@ static const struct wmi_ops wmi_10_4_ops
 	.gen_pdev_bss_chan_info_req = ath10k_wmi_10_2_op_gen_pdev_bss_chan_info,
 	.gen_echo = ath10k_wmi_op_gen_echo,
 	.gen_pdev_get_tpc_config = ath10k_wmi_10_2_4_op_gen_pdev_get_tpc_config,
@@ -565,7 +565,7 @@ v13:
 int ath10k_wmi_attach(struct ath10k *ar)
 --- a/drivers/net/wireless/ath/ath10k/wmi.h
 +++ b/drivers/net/wireless/ath/ath10k/wmi.h
-@@ -3027,6 +3027,41 @@ enum wmi_10_4_feature_mask {
+@@ -3030,6 +3030,41 @@ enum wmi_10_4_feature_mask {
 
 };
 
--- a/package/kernel/mac80211/patches/ath/975-ath10k-use-tpt-trigger-by-default.patch
+++ b/package/kernel/mac80211/patches/ath/975-ath10k-use-tpt-trigger-by-default.patch
@@ -42,7 +42,7 @@ Signed-off-by: Mathias Kresin <dev@kresin.me>
 	if (ret)
 --- a/drivers/net/wireless/ath/ath10k/mac.c
 +++ b/drivers/net/wireless/ath/ath10k/mac.c
-@@ -10075,7 +10075,7 @@ int ath10k_mac_register(struct ath10k *a
+@@ -10098,7 +10098,7 @@ int ath10k_mac_register(struct ath10k *a
 	ar->hw->weight_multiplier = ATH10K_AIRTIME_WEIGHT_MULTIPLIER;
 
 #ifdef CPTCFG_MAC80211_LEDS
--- a/package/kernel/mac80211/patches/ath/980-ath10k-fix-max-antenna-gain-unit.patch
+++ b/package/kernel/mac80211/patches/ath/980-ath10k-fix-max-antenna-gain-unit.patch
@@ -1,49 +0,0 @@
-From: Sven Eckelmann <seckelmann@datto.com>
-Date: Tue, 11 Jun 2019 13:58:35 +0200
-Subject: ath10k: fix max antenna gain unit
-
-Most of the txpower for the ath10k firmware is stored as twicepower (0.5 dB
-steps). This isn't the case for max_antenna_gain - which is still expected
-by the firmware as dB.
-
-The firmware is converting it from dB to the internal (twicepower)
-representation when it calculates the limits of a channel. This can be seen
-in tpc_stats when configuring "12" as max_antenna_gain. Instead of the
-expected 12 (6 dB), the tpc_stats shows 24 (12 dB).
-
-Tested on QCA9888 and IPQ4019 with firmware 10.4-3.5.3-00057.
-
-Fixes: 02256930d9b8 ("ath10k: use proper tx power unit")
-Signed-off-by: Sven Eckelmann <seckelmann@datto.com>
-
-Forwarded: https://patchwork.kernel.org/patch/10986723/
-
--- a/drivers/net/wireless/ath/ath10k/mac.c
-+++ b/drivers/net/wireless/ath/ath10k/mac.c
-@@ -1038,7 +1038,7 @@ static int ath10k_monitor_vdev_start(str
- 	arg.channel.min_power = 0;
- 	arg.channel.max_power = channel->max_power * 2;
- 	arg.channel.max_reg_power = channel->max_reg_power * 2;
-	arg.channel.max_antenna_gain = channel->max_antenna_gain * 2;
-+	arg.channel.max_antenna_gain = channel->max_antenna_gain;
- 
- 	reinit_completion(&ar->vdev_setup_done);
- 	reinit_completion(&ar->vdev_delete_done);
-@@ -1484,7 +1484,7 @@ static int ath10k_vdev_start_restart(str
- 	arg.channel.min_power = 0;
- 	arg.channel.max_power = chandef->chan->max_power * 2;
- 	arg.channel.max_reg_power = chandef->chan->max_reg_power * 2;
-	arg.channel.max_antenna_gain = chandef->chan->max_antenna_gain * 2;
-+	arg.channel.max_antenna_gain = chandef->chan->max_antenna_gain;
- 
- 	if (arvif->vdev_type == WMI_VDEV_TYPE_AP) {
- 		arg.ssid = arvif->u.ap.ssid;
-@@ -3255,7 +3255,7 @@ static int ath10k_update_channel_list(st
- 			ch->min_power = 0;
- 			ch->max_power = channel->max_power * 2;
- 			ch->max_reg_power = channel->max_reg_power * 2;
-			ch->max_antenna_gain = channel->max_antenna_gain * 2;
-+			ch->max_antenna_gain = channel->max_antenna_gain;
- 			ch->reg_class_id = 0; /* FIXME */
- 
- 			/* FIXME: why use only legacy modes, why not any
--- a/package/kernel/mac80211/patches/ath/981-ath10k-adjust-tx-power-reduction-for-US-regulatory-d.patch
+++ b/package/kernel/mac80211/patches/ath/981-ath10k-adjust-tx-power-reduction-for-US-regulatory-d.patch
@@ -28,7 +28,7 @@ Forwarded: no

 --- a/drivers/net/wireless/ath/ath10k/mac.c
 +++ b/drivers/net/wireless/ath/ath10k/mac.c
-@@ -1006,6 +1006,40 @@ static inline int ath10k_vdev_setup_sync
+@@ -1010,6 +1010,40 @@ static inline int ath10k_vdev_setup_sync
 	return ar->last_wmi_vdev_start_status;
 }
 
@@ -69,7 +69,7 @@ Forwarded: no
 static int ath10k_monitor_vdev_start(struct ath10k *ar, int vdev_id)
 {
 	struct cfg80211_chan_def *chandef = NULL;
-@@ -1038,7 +1072,8 @@ static int ath10k_monitor_vdev_start(str
+@@ -1042,7 +1076,8 @@ static int ath10k_monitor_vdev_start(str
 	arg.channel.min_power = 0;
 	arg.channel.max_power = channel->max_power * 2;
 	arg.channel.max_reg_power = channel->max_reg_power * 2;
@@ -79,7 +79,7 @@ Forwarded: no
 
 	reinit_completion(&ar->vdev_setup_done);
 	reinit_completion(&ar->vdev_delete_done);
-@@ -1484,7 +1519,8 @@ static int ath10k_vdev_start_restart(str
+@@ -1488,7 +1523,8 @@ static int ath10k_vdev_start_restart(str
 	arg.channel.min_power = 0;
 	arg.channel.max_power = chandef->chan->max_power * 2;
 	arg.channel.max_reg_power = chandef->chan->max_reg_power * 2;
@@ -89,7 +89,7 @@ Forwarded: no
 
 	if (arvif->vdev_type == WMI_VDEV_TYPE_AP) {
 		arg.ssid = arvif->u.ap.ssid;
-@@ -3255,7 +3291,8 @@ static int ath10k_update_channel_list(st
+@@ -3259,7 +3295,8 @@ static int ath10k_update_channel_list(st
 			ch->min_power = 0;
 			ch->max_power = channel->max_power * 2;
 			ch->max_reg_power = channel->max_reg_power * 2;
--- a/package/kernel/mac80211/patches/ath/990-ath10k-small-buffers.patch
+++ b/package/kernel/mac80211/patches/ath/990-ath10k-small-buffers.patch
@@ -0,0 +1,64 @@
+--- a/drivers/net/wireless/ath/ath10k/htt.h
+++ b/drivers/net/wireless/ath/ath10k/htt.h
+@@ -236,7 +236,11 @@ enum htt_rx_ring_flags {
+ };
+ 
+ #define HTT_RX_RING_SIZE_MIN 128
+#ifndef CONFIG_ATH10K_SMALLBUFFERS
+ #define HTT_RX_RING_SIZE_MAX 2048
+#else
+#define HTT_RX_RING_SIZE_MAX 512
+#endif
+ #define HTT_RX_RING_SIZE HTT_RX_RING_SIZE_MAX
+ #define HTT_RX_RING_FILL_LEVEL (((HTT_RX_RING_SIZE) / 2) - 1)
+ #define HTT_RX_RING_FILL_LEVEL_DUAL_MAC (HTT_RX_RING_SIZE - 1)
+--- a/drivers/net/wireless/ath/ath10k/pci.c
+++ b/drivers/net/wireless/ath/ath10k/pci.c
+@@ -131,7 +131,11 @@ static const struct ce_attr pci_host_ce_
+ 		.flags = CE_ATTR_FLAGS,
+ 		.src_nentries = 0,
+ 		.src_sz_max = 2048,
+#ifndef CONFIG_ATH10K_SMALLBUFFERS
+ 		.dest_nentries = 512,
+#else
+		.dest_nentries = 128,
+#endif
+ 		.recv_cb = ath10k_pci_htt_htc_rx_cb,
+ 	},
+ 
+@@ -140,7 +144,11 @@ static const struct ce_attr pci_host_ce_
+ 		.flags = CE_ATTR_FLAGS,
+ 		.src_nentries = 0,
+ 		.src_sz_max = 2048,
+#ifndef CONFIG_ATH10K_SMALLBUFFERS
+ 		.dest_nentries = 128,
+#else
+		.dest_nentries = 64,
+#endif
+ 		.recv_cb = ath10k_pci_htc_rx_cb,
+ 	},
+ 
+@@ -167,7 +175,11 @@ static const struct ce_attr pci_host_ce_
+ 		.flags = CE_ATTR_FLAGS,
+ 		.src_nentries = 0,
+ 		.src_sz_max = 512,
+#ifndef CONFIG_ATH10K_SMALLBUFFERS
+ 		.dest_nentries = 512,
+#else
+		.dest_nentries = 128,
+#endif
+ 		.recv_cb = ath10k_pci_htt_rx_cb,
+ 	},
+ 
+@@ -192,7 +204,11 @@ static const struct ce_attr pci_host_ce_
+ 		.flags = CE_ATTR_FLAGS,
+ 		.src_nentries = 0,
+ 		.src_sz_max = 2048,
+#ifndef CONFIG_ATH10K_SMALLBUFFERS
+ 		.dest_nentries = 128,
+#else
+		.dest_nentries = 96,
+#endif
+ 		.recv_cb = ath10k_pci_pktlog_rx_cb,
+ 	},
+ 
--- a/package/kernel/mac80211/patches/brcm/860-brcmfmac-register-wiphy-s-during-module_init.patch
+++ b/package/kernel/mac80211/patches/brcm/860-brcmfmac-register-wiphy-s-during-module_init.patch
@@ -13,7 +13,7 @@ Signed-off-by: Rafał Miłecki <zajec5@gmail.com>

 --- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/firmware.c
 +++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/firmware.c
-@@ -431,6 +431,7 @@ struct brcmf_fw {
+@@ -433,6 +433,7 @@ struct brcmf_fw {
 	struct brcmf_fw_request *req;
 	u32 curpos;
 	void (*done)(struct device *dev, int err, struct brcmf_fw_request *req);
@@ -21,7 +21,7 @@ Signed-off-by: Rafał Miłecki <zajec5@gmail.com>
 };
 
 static void brcmf_fw_request_done(const struct firmware *fw, void *ctx);
-@@ -638,6 +639,8 @@ static void brcmf_fw_request_done(const
+@@ -640,6 +641,8 @@ static void brcmf_fw_request_done(const
 		fwctx->req = NULL;
 	}
 	fwctx->done(fwctx->dev, ret, fwctx->req);
@@ -30,7 +30,7 @@ Signed-off-by: Rafał Miłecki <zajec5@gmail.com>
 	kfree(fwctx);
 }
 
-@@ -662,6 +665,8 @@ int brcmf_fw_get_firmwares(struct device
+@@ -664,6 +667,8 @@ int brcmf_fw_get_firmwares(struct device
 {
 	struct brcmf_fw_item *first = &req->items[0];
 	struct brcmf_fw *fwctx;
@@ -39,7 +39,7 @@ Signed-off-by: Rafał Miłecki <zajec5@gmail.com>
 	int ret;
 
 	brcmf_dbg(TRACE, "enter: dev=%s\n", dev_name(dev));
-@@ -678,6 +683,9 @@ int brcmf_fw_get_firmwares(struct device
+@@ -680,6 +685,9 @@ int brcmf_fw_get_firmwares(struct device
 	fwctx->dev = dev;
 	fwctx->req = req;
 	fwctx->done = fw_cb;
@@ -49,7 +49,7 @@ Signed-off-by: Rafał Miłecki <zajec5@gmail.com>
 
 	ret = request_firmware_nowait(THIS_MODULE, true, first->path,
 				      fwctx->dev, GFP_KERNEL, fwctx,
-@@ -685,6 +693,12 @@ int brcmf_fw_get_firmwares(struct device
+@@ -687,6 +695,12 @@ int brcmf_fw_get_firmwares(struct device
 	if (ret < 0)
 		brcmf_fw_request_done(NULL, fwctx);
 
--- a/package/kernel/mac80211/patches/subsys/100-remove-cryptoapi-dependencies.patch
+++ b/package/kernel/mac80211/patches/subsys/100-remove-cryptoapi-dependencies.patch
@@ -439,7 +439,7 @@
 }
 
 
-@@ -543,13 +542,13 @@ ieee80211_crypto_ccmp_decrypt(struct iee
+@@ -546,13 +545,13 @@ ieee80211_crypto_ccmp_decrypt(struct iee
 			u8 aad[2 * AES_BLOCK_SIZE];
 			u8 b_0[AES_BLOCK_SIZE];
 			/* hardware didn't decrypt/verify MIC */
@@ -455,7 +455,7 @@
 				return RX_DROP_UNUSABLE;
 		}
 
-@@ -646,7 +645,7 @@ static int gcmp_encrypt_skb(struct ieee8
+@@ -649,7 +648,7 @@ static int gcmp_encrypt_skb(struct ieee8
 	u8 *pos;
 	u8 pn[6];
 	u64 pn64;
@@ -464,7 +464,7 @@
 	u8 j_0[AES_BLOCK_SIZE];
 
 	if (info->control.hw_key &&
-@@ -703,8 +702,10 @@ static int gcmp_encrypt_skb(struct ieee8
+@@ -706,8 +705,10 @@ static int gcmp_encrypt_skb(struct ieee8
 
 	pos += IEEE80211_GCMP_HDR_LEN;
 	gcmp_special_blocks(skb, pn, j_0, aad);
@@ -477,7 +477,7 @@
 }
 
 ieee80211_tx_result
-@@ -1133,9 +1134,9 @@ ieee80211_crypto_aes_gmac_encrypt(struct
+@@ -1139,9 +1140,9 @@ ieee80211_crypto_aes_gmac_encrypt(struct
 	struct ieee80211_key *key = tx->key;
 	struct ieee80211_mmie_16 *mmie;
 	struct ieee80211_hdr *hdr;
@@ -489,7 +489,7 @@
 
 	if (WARN_ON(skb_queue_len(&tx->skbs) != 1))
 		return TX_DROP;
-@@ -1181,7 +1182,7 @@ ieee80211_crypto_aes_gmac_decrypt(struct
+@@ -1187,7 +1188,7 @@ ieee80211_crypto_aes_gmac_decrypt(struct
 	struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(skb);
 	struct ieee80211_key *key = rx->key;
 	struct ieee80211_mmie_16 *mmie;
--- a/package/kernel/mac80211/patches/subsys/110-mac80211_keep_keys_on_stop_ap.patch
+++ b/package/kernel/mac80211/patches/subsys/110-mac80211_keep_keys_on_stop_ap.patch
@@ -2,7 +2,7 @@ Used for AP+STA support in OpenWrt - preserve AP mode keys across STA reconnects

 --- a/net/mac80211/cfg.c
 +++ b/net/mac80211/cfg.c
-@@ -1307,7 +1307,6 @@ static int ieee80211_stop_ap(struct wiph
+@@ -1310,7 +1310,6 @@ static int ieee80211_stop_ap(struct wiph
 	sdata->vif.bss_conf.ftmr_params = NULL;
 
 	__sta_info_flush(sdata, true);
--- a/package/kernel/mac80211/patches/subsys/300-cfg80211-support-immediate-reconnect-request-hint.patch
+++ b/package/kernel/mac80211/patches/subsys/300-cfg80211-support-immediate-reconnect-request-hint.patch
@@ -14,7 +14,7 @@ Signed-off-by: Johannes Berg <johannes.berg@intel.com>

 --- a/include/net/cfg80211.h
 +++ b/include/net/cfg80211.h
-@@ -6410,13 +6410,15 @@ void cfg80211_abandon_assoc(struct net_d
+@@ -6408,13 +6408,15 @@ void cfg80211_abandon_assoc(struct net_d
  * @dev: network device
  * @buf: 802.11 frame (header + body)
  * @len: length of the frame data
@@ -33,7 +33,7 @@ Signed-off-by: Johannes Berg <johannes.berg@intel.com>
  * cfg80211_rx_unprot_mlme_mgmt - notification of unprotected mlme mgmt frame
 --- a/net/mac80211/mlme.c
 +++ b/net/mac80211/mlme.c
-@@ -2725,7 +2725,7 @@ static void ieee80211_report_disconnect(
+@@ -2733,7 +2733,7 @@ static void ieee80211_report_disconnect(
 	};
 
 	if (tx)
@@ -42,7 +42,7 @@ Signed-off-by: Johannes Berg <johannes.berg@intel.com>
 	else
 		cfg80211_rx_mlme_mgmt(sdata->dev, buf, len);
 
-@@ -4719,7 +4719,8 @@ void ieee80211_mgd_quiesce(struct ieee80
+@@ -4734,7 +4734,8 @@ void ieee80211_mgd_quiesce(struct ieee80
 		if (ifmgd->auth_data)
 			ieee80211_destroy_auth_data(sdata, false);
 		cfg80211_tx_mlme_mgmt(sdata->dev, frame_buf,
@@ -152,7 +152,7 @@ Signed-off-by: Johannes Berg <johannes.berg@intel.com>
 };
 
 /* policy for the key attributes */
-@@ -15902,7 +15903,7 @@ static void nl80211_send_mlme_event(stru
+@@ -15914,7 +15915,7 @@ static void nl80211_send_mlme_event(stru
 				    const u8 *buf, size_t len,
 				    enum nl80211_commands cmd, gfp_t gfp,
 				    int uapsd_queues, const u8 *req_ies,
@@ -161,7 +161,7 @@ Signed-off-by: Johannes Berg <johannes.berg@intel.com>
 {
 	struct sk_buff *msg;
 	void *hdr;
-@@ -15924,6 +15925,9 @@ static void nl80211_send_mlme_event(stru
+@@ -15936,6 +15937,9 @@ static void nl80211_send_mlme_event(stru
 	     nla_put(msg, NL80211_ATTR_REQ_IE, req_ies_len, req_ies)))
 		goto nla_put_failure;
 
@@ -171,7 +171,7 @@ Signed-off-by: Johannes Berg <johannes.berg@intel.com>
 	if (uapsd_queues >= 0) {
 		struct nlattr *nla_wmm =
 			nla_nest_start_noflag(msg, NL80211_ATTR_STA_WME);
-@@ -15952,7 +15956,8 @@ void nl80211_send_rx_auth(struct cfg8021
+@@ -15964,7 +15968,8 @@ void nl80211_send_rx_auth(struct cfg8021
 			  size_t len, gfp_t gfp)
 {
 	nl80211_send_mlme_event(rdev, netdev, buf, len,
@@ -181,7 +181,7 @@ Signed-off-by: Johannes Berg <johannes.berg@intel.com>
 }
 
 void nl80211_send_rx_assoc(struct cfg80211_registered_device *rdev,
-@@ -15962,23 +15967,25 @@ void nl80211_send_rx_assoc(struct cfg802
+@@ -15974,23 +15979,25 @@ void nl80211_send_rx_assoc(struct cfg802
 {
 	nl80211_send_mlme_event(rdev, netdev, buf, len,
 				NL80211_CMD_ASSOCIATE, gfp, uapsd_queues,
@@ -212,7 +212,7 @@ Signed-off-by: Johannes Berg <johannes.berg@intel.com>
 }
 
 void cfg80211_rx_unprot_mlme_mgmt(struct net_device *dev, const u8 *buf,
-@@ -16009,7 +16016,7 @@ void cfg80211_rx_unprot_mlme_mgmt(struct
+@@ -16021,7 +16028,7 @@ void cfg80211_rx_unprot_mlme_mgmt(struct
 
 	trace_cfg80211_rx_unprot_mlme_mgmt(dev, buf, len);
 	nl80211_send_mlme_event(rdev, dev, buf, len, cmd, GFP_ATOMIC, -1,
--- a/package/kernel/mac80211/patches/subsys/301-mac80211-support-driver-based-disconnect-with-reconn.patch
+++ b/package/kernel/mac80211/patches/subsys/301-mac80211-support-driver-based-disconnect-with-reconn.patch
@@ -47,7 +47,7 @@ Signed-off-by: Johannes Berg <johannes.berg@intel.com>
 	struct ieee80211_mgd_auth_data *auth_data;
 --- a/net/mac80211/mlme.c
 +++ b/net/mac80211/mlme.c
-@@ -2716,7 +2716,7 @@ EXPORT_SYMBOL(ieee80211_ap_probereq_get)
+@@ -2724,7 +2724,7 @@ EXPORT_SYMBOL(ieee80211_ap_probereq_get)
 
 static void ieee80211_report_disconnect(struct ieee80211_sub_if_data *sdata,
 					const u8 *buf, size_t len, bool tx,
@@ -56,7 +56,7 @@ Signed-off-by: Johannes Berg <johannes.berg@intel.com>
 {
 	struct ieee80211_event event = {
 		.type = MLME_EVENT,
-@@ -2725,7 +2725,7 @@ static void ieee80211_report_disconnect(
+@@ -2733,7 +2733,7 @@ static void ieee80211_report_disconnect(
 	};
 
 	if (tx)
@@ -65,7 +65,7 @@ Signed-off-by: Johannes Berg <johannes.berg@intel.com>
 	else
 		cfg80211_rx_mlme_mgmt(sdata->dev, buf, len);
 
-@@ -2747,13 +2747,18 @@ static void __ieee80211_disconnect(struc
+@@ -2755,13 +2755,18 @@ static void __ieee80211_disconnect(struc
 
 	tx = !sdata->csa_block_tx;
 
@@ -89,7 +89,7 @@ Signed-off-by: Johannes Berg <johannes.berg@intel.com>
 			       tx, frame_buf);
 	mutex_lock(&local->mtx);
 	sdata->vif.csa_active = false;
-@@ -2766,7 +2771,9 @@ static void __ieee80211_disconnect(struc
+@@ -2774,7 +2779,9 @@ static void __ieee80211_disconnect(struc
 	mutex_unlock(&local->mtx);
 
 	ieee80211_report_disconnect(sdata, frame_buf, sizeof(frame_buf), tx,
@@ -100,7 +100,7 @@ Signed-off-by: Johannes Berg <johannes.berg@intel.com>
 
 	sdata_unlock(sdata);
 }
-@@ -2785,6 +2792,13 @@ static void ieee80211_beacon_connection_
+@@ -2793,6 +2800,13 @@ static void ieee80211_beacon_connection_
 		sdata_info(sdata, "Connection to AP %pM lost\n",
 			   ifmgd->bssid);
 		__ieee80211_disconnect(sdata);
@@ -114,7 +114,7 @@ Signed-off-by: Johannes Berg <johannes.berg@intel.com>
 	} else {
 		ieee80211_mgd_probe_ap(sdata, true);
 	}
-@@ -2823,6 +2837,21 @@ void ieee80211_connection_loss(struct ie
+@@ -2831,6 +2845,21 @@ void ieee80211_connection_loss(struct ie
 }
 EXPORT_SYMBOL(ieee80211_connection_loss);
 
@@ -136,7 +136,7 @@ Signed-off-by: Johannes Berg <johannes.berg@intel.com>
 
 static void ieee80211_destroy_auth_data(struct ieee80211_sub_if_data *sdata,
 					bool assoc)
-@@ -3126,7 +3155,7 @@ static void ieee80211_rx_mgmt_deauth(str
+@@ -3141,7 +3170,7 @@ static void ieee80211_rx_mgmt_deauth(str
 		ieee80211_set_disassoc(sdata, 0, 0, false, NULL);
 
 		ieee80211_report_disconnect(sdata, (u8 *)mgmt, len, false,
@@ -145,7 +145,7 @@ Signed-off-by: Johannes Berg <johannes.berg@intel.com>
 		return;
 	}
 
-@@ -3175,7 +3204,8 @@ static void ieee80211_rx_mgmt_disassoc(s
+@@ -3190,7 +3219,8 @@ static void ieee80211_rx_mgmt_disassoc(s
 
 	ieee80211_set_disassoc(sdata, 0, 0, false, NULL);
 
@@ -155,7 +155,7 @@ Signed-off-by: Johannes Berg <johannes.berg@intel.com>
 }
 
 static void ieee80211_get_rates(struct ieee80211_supported_band *sband,
-@@ -4199,7 +4229,8 @@ static void ieee80211_rx_mgmt_beacon(str
+@@ -4214,7 +4244,8 @@ static void ieee80211_rx_mgmt_beacon(str
 				       true, deauth_buf);
 		ieee80211_report_disconnect(sdata, deauth_buf,
 					    sizeof(deauth_buf), true,
@@ -165,7 +165,7 @@ Signed-off-by: Johannes Berg <johannes.berg@intel.com>
 		return;
 	}
 
-@@ -4344,7 +4375,7 @@ static void ieee80211_sta_connection_los
+@@ -4359,7 +4390,7 @@ static void ieee80211_sta_connection_los
 			       tx, frame_buf);
 
 	ieee80211_report_disconnect(sdata, frame_buf, sizeof(frame_buf), true,
@@ -174,7 +174,7 @@ Signed-off-by: Johannes Berg <johannes.berg@intel.com>
 }
 
 static int ieee80211_auth(struct ieee80211_sub_if_data *sdata)
-@@ -5434,7 +5465,8 @@ int ieee80211_mgd_auth(struct ieee80211_
+@@ -5449,7 +5480,8 @@ int ieee80211_mgd_auth(struct ieee80211_
 
 		ieee80211_report_disconnect(sdata, frame_buf,
 					    sizeof(frame_buf), true,
@@ -184,7 +184,7 @@ Signed-off-by: Johannes Berg <johannes.berg@intel.com>
 	}
 
 	sdata_info(sdata, "authenticate with %pM\n", req->bss->bssid);
-@@ -5506,7 +5538,8 @@ int ieee80211_mgd_assoc(struct ieee80211
+@@ -5521,7 +5553,8 @@ int ieee80211_mgd_assoc(struct ieee80211
 
 		ieee80211_report_disconnect(sdata, frame_buf,
 					    sizeof(frame_buf), true,
@@ -194,7 +194,7 @@ Signed-off-by: Johannes Berg <johannes.berg@intel.com>
 	}
 
 	if (ifmgd->auth_data && !ifmgd->auth_data->done) {
-@@ -5809,7 +5842,7 @@ int ieee80211_mgd_deauth(struct ieee8021
+@@ -5824,7 +5857,7 @@ int ieee80211_mgd_deauth(struct ieee8021
 		ieee80211_destroy_auth_data(sdata, false);
 		ieee80211_report_disconnect(sdata, frame_buf,
 					    sizeof(frame_buf), true,
@@ -203,7 +203,7 @@ Signed-off-by: Johannes Berg <johannes.berg@intel.com>
 
 		return 0;
 	}
-@@ -5829,7 +5862,7 @@ int ieee80211_mgd_deauth(struct ieee8021
+@@ -5844,7 +5877,7 @@ int ieee80211_mgd_deauth(struct ieee8021
 		ieee80211_destroy_assoc_data(sdata, false, true);
 		ieee80211_report_disconnect(sdata, frame_buf,
 					    sizeof(frame_buf), true,
@@ -212,7 +212,7 @@ Signed-off-by: Johannes Berg <johannes.berg@intel.com>
 		return 0;
 	}
 
-@@ -5844,7 +5877,7 @@ int ieee80211_mgd_deauth(struct ieee8021
+@@ -5859,7 +5892,7 @@ int ieee80211_mgd_deauth(struct ieee8021
 				       req->reason_code, tx, frame_buf);
 		ieee80211_report_disconnect(sdata, frame_buf,
 					    sizeof(frame_buf), true,
@@ -221,7 +221,7 @@ Signed-off-by: Johannes Berg <johannes.berg@intel.com>
 		return 0;
 	}
 
-@@ -5877,7 +5910,7 @@ int ieee80211_mgd_disassoc(struct ieee80
+@@ -5892,7 +5925,7 @@ int ieee80211_mgd_disassoc(struct ieee80
 			       frame_buf);
 
 	ieee80211_report_disconnect(sdata, frame_buf, sizeof(frame_buf), true,
--- a/package/kernel/mac80211/patches/subsys/306-mac80211-set-up-the-fwd_skb-dev-for-mesh-forwarding.patch
+++ b/package/kernel/mac80211/patches/subsys/306-mac80211-set-up-the-fwd_skb-dev-for-mesh-forwarding.patch
@@ -0,0 +1,62 @@
+From: Xing Song <xing.song@mediatek.com>
+Date: Tue, 23 Nov 2021 11:31:23 +0800
+Subject: [PATCH] mac80211: set up the fwd_skb->dev for mesh forwarding
+
+Mesh forwarding requires that the fwd_skb->dev is set up for TX handling,
+otherwise the following warning will be generated, so set it up for the
+pending frames.
+
+[   72.835674 ] WARNING: CPU: 0 PID: 1193 at __skb_flow_dissect+0x284/0x1298
+[   72.842379 ] Modules linked in: ksmbd pppoe ppp_async l2tp_ppp ...
+[   72.962020 ] CPU: 0 PID: 1193 Comm: kworker/u5:1 Tainted: P S 5.4.137 #0
+[   72.969938 ] Hardware name: MT7622_MT7531 RFB (DT)
+[   72.974659 ] Workqueue: napi_workq napi_workfn
+[   72.979025 ] pstate: 60000005 (nZCv daif -PAN -UAO)
+[   72.983822 ] pc : __skb_flow_dissect+0x284/0x1298
+[   72.988444 ] lr : __skb_flow_dissect+0x54/0x1298
+[   72.992977 ] sp : ffffffc010c738c0
+[   72.996293 ] x29: ffffffc010c738c0 x28: 0000000000000000
+[   73.001615 ] x27: 000000000000ffc2 x26: ffffff800c2eb818
+[   73.006937 ] x25: ffffffc010a987c8 x24: 00000000000000ce
+[   73.012259 ] x23: ffffffc010c73a28 x22: ffffffc010a99c60
+[   73.017581 ] x21: 000000000000ffc2 x20: ffffff80094da800
+[   73.022903 ] x19: 0000000000000000 x18: 0000000000000014
+[   73.028226 ] x17: 00000000084d16af x16: 00000000d1fc0bab
+[   73.033548 ] x15: 00000000715f6034 x14: 000000009dbdd301
+[   73.038870 ] x13: 00000000ea4dcbc3 x12: 0000000000000040
+[   73.044192 ] x11: 000000000eb00ff0 x10: 0000000000000000
+[   73.049513 ] x9 : 000000000eb00073 x8 : 0000000000000088
+[   73.054834 ] x7 : 0000000000000000 x6 : 0000000000000001
+[   73.060155 ] x5 : 0000000000000000 x4 : 0000000000000000
+[   73.065476 ] x3 : ffffffc010a98000 x2 : 0000000000000000
+[   73.070797 ] x1 : 0000000000000000 x0 : 0000000000000000
+[   73.076120 ] Call trace:
+[   73.078572 ]  __skb_flow_dissect+0x284/0x1298
+[   73.082846 ]  __skb_get_hash+0x7c/0x228
+[   73.086629 ]  ieee80211_txq_may_transmit+0x7fc/0x17b8 [mac80211]
+[   73.092564 ]  ieee80211_tx_prepare_skb+0x20c/0x268 [mac80211]
+[   73.098238 ]  ieee80211_tx_pending+0x144/0x330 [mac80211]
+[   73.103560 ]  tasklet_action_common.isra.16+0xb4/0x158
+[   73.108618 ]  tasklet_action+0x2c/0x38
+[   73.112286 ]  __do_softirq+0x168/0x3b0
+[   73.115954 ]  do_softirq.part.15+0x88/0x98
+[   73.119969 ]  __local_bh_enable_ip+0xb0/0xb8
+[   73.124156 ]  napi_workfn+0x58/0x90
+[   73.127565 ]  process_one_work+0x20c/0x478
+[   73.131579 ]  worker_thread+0x50/0x4f0
+[   73.135249 ]  kthread+0x124/0x128
+[   73.138484 ]  ret_from_fork+0x10/0x1c
+
+Signed-off-by: Xing Song <xing.song@mediatek.com>
+---
+
+--- a/net/mac80211/rx.c
+++ b/net/mac80211/rx.c
+@@ -2941,6 +2941,7 @@ ieee80211_rx_h_mesh_fwding(struct ieee80
+ 	if (!fwd_skb)
+ 		goto out;
+ 
+	fwd_skb->dev = sdata->dev;
+ 	fwd_hdr =  (struct ieee80211_hdr *) fwd_skb->data;
+ 	fwd_hdr->frame_control &= ~cpu_to_le16(IEEE80211_FCTL_RETRY);
+ 	info = IEEE80211_SKB_CB(fwd_skb);
--- a/package/kernel/mac80211/patches/subsys/311-net-fq_impl-drop-get_default_func-move-default-flow-.patch
+++ b/package/kernel/mac80211/patches/subsys/311-net-fq_impl-drop-get_default_func-move-default-flow-.patch
@@ -132,7 +132,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
 	codel_vars_init(&txqi->def_cvars);
 	codel_stats_init(&txqi->cstats);
 	__skb_queue_head_init(&txqi->frags);
-@@ -3332,8 +3319,7 @@ static bool ieee80211_amsdu_aggregate(st
+@@ -3336,8 +3323,7 @@ static bool ieee80211_amsdu_aggregate(st
 	 */
 
 	tin = &txqi->tin;
--- a/package/kernel/mac80211/patches/subsys/312-net-fq_impl-do-not-maintain-a-backlog-sorted-list-of.patch
+++ b/package/kernel/mac80211/patches/subsys/312-net-fq_impl-do-not-maintain-a-backlog-sorted-list-of.patch
@@ -306,7 +306,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
 #endif
 --- a/net/mac80211/tx.c
 +++ b/net/mac80211/tx.c
-@@ -3386,8 +3386,6 @@ out_recalc:
+@@ -3398,8 +3398,6 @@ out_recalc:
 	if (head->len != orig_len) {
 		flow->backlog += head->len - orig_len;
 		tin->backlog_bytes += head->len - orig_len;
--- a/package/kernel/mac80211/patches/subsys/315-mac80211-add-rx-decapsulation-offload-support.patch
+++ b/package/kernel/mac80211/patches/subsys/315-mac80211-add-rx-decapsulation-offload-support.patch
@@ -109,7 +109,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
 
 --- a/net/mac80211/driver-ops.h
 +++ b/net/mac80211/driver-ops.h
-@@ -1413,4 +1413,20 @@ static inline void drv_sta_set_4addr(str
+@@ -1416,4 +1416,20 @@ static inline void drv_sta_set_4addr(str
 	trace_drv_return_void(local);
 }
 
@@ -183,7 +183,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
 	enabled = bss->vif.offload_flags & IEEE80211_OFFLOAD_ENCAP_ENABLED;
 --- a/net/mac80211/rx.c
 +++ b/net/mac80211/rx.c
-@@ -4195,7 +4195,9 @@ void ieee80211_check_fast_rx(struct sta_
+@@ -4198,7 +4198,9 @@ void ieee80211_check_fast_rx(struct sta_
 		.vif_type = sdata->vif.type,
 		.control_port_protocol = sdata->control_port_protocol,
 	}, *old, *new = NULL;
@@ -193,7 +193,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
 
 	/* use sparse to check that we don't return without updating */
 	__acquire(check_fast_rx);
-@@ -4308,6 +4310,17 @@ void ieee80211_check_fast_rx(struct sta_
+@@ -4311,6 +4313,17 @@ void ieee80211_check_fast_rx(struct sta_
 	if (assign)
 		new = kmemdup(&fastrx, sizeof(fastrx), GFP_KERNEL);
 
@@ -211,7 +211,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
 	spin_lock_bh(&sta->lock);
 	old = rcu_dereference_protected(sta->fast_rx, true);
 	rcu_assign_pointer(sta->fast_rx, new);
-@@ -4354,6 +4367,108 @@ void ieee80211_check_fast_rx_iface(struc
+@@ -4357,6 +4370,108 @@ void ieee80211_check_fast_rx_iface(struc
 	mutex_unlock(&local->sta_mtx);
 }
 
@@ -320,7 +320,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
 static bool ieee80211_invoke_fast_rx(struct ieee80211_rx_data *rx,
 				     struct ieee80211_fast_rx *fast_rx)
 {
-@@ -4374,9 +4489,6 @@ static bool ieee80211_invoke_fast_rx(str
+@@ -4377,9 +4492,6 @@ static bool ieee80211_invoke_fast_rx(str
 	} addrs __aligned(2);
 	struct ieee80211_sta_rx_stats *stats = &sta->rx_stats;
 
@@ -330,7 +330,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
 	/* for parallel-rx, we need to have DUP_VALIDATED, otherwise we write
 	 * to a common data structure; drivers can implement that per queue
 	 * but we don't have that information in mac80211
-@@ -4450,32 +4562,6 @@ static bool ieee80211_invoke_fast_rx(str
+@@ -4453,32 +4565,6 @@ static bool ieee80211_invoke_fast_rx(str
 	    pskb_trim(skb, skb->len - fast_rx->icv_len))
 		goto drop;
 
@@ -363,7 +363,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
 	if (rx->key && !ieee80211_has_protected(hdr->frame_control))
 		goto drop;
 
-@@ -4487,12 +4573,6 @@ static bool ieee80211_invoke_fast_rx(str
+@@ -4490,12 +4576,6 @@ static bool ieee80211_invoke_fast_rx(str
 		return true;
 	}
 
@@ -376,7 +376,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
 	/* do the header conversion - first grab the addresses */
 	ether_addr_copy(addrs.da, skb->data + fast_rx->da_offs);
 	ether_addr_copy(addrs.sa, skb->data + fast_rx->sa_offs);
-@@ -4501,62 +4581,14 @@ static bool ieee80211_invoke_fast_rx(str
+@@ -4504,62 +4584,14 @@ static bool ieee80211_invoke_fast_rx(str
 	/* push the addresses in front */
 	memcpy(skb_push(skb, sizeof(addrs)), &addrs, sizeof(addrs));
 
@@ -443,7 +443,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
 	stats->dropped++;
 	return true;
 }
-@@ -4610,6 +4642,47 @@ static bool ieee80211_prepare_and_rx_han
+@@ -4613,6 +4645,47 @@ static bool ieee80211_prepare_and_rx_han
 	return true;
 }
 
@@ -491,7 +491,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
 /*
  * This is the actual Rx frames handler. as it belongs to Rx path it must
  * be called with rcu_read_lock protection.
-@@ -4847,15 +4920,20 @@ void ieee80211_rx_list(struct ieee80211_
+@@ -4850,15 +4923,20 @@ void ieee80211_rx_list(struct ieee80211_
 	 * if it was previously present.
 	 * Also, frames with less than 16 bytes are dropped.
 	 */
--- a/package/kernel/mac80211/patches/subsys/316-mac80211-enable-QoS-support-for-nl80211-ctrl-port.patch
+++ b/package/kernel/mac80211/patches/subsys/316-mac80211-enable-QoS-support-for-nl80211-ctrl-port.patch
@@ -69,7 +69,7 @@ Signed-off-by: Johannes Berg <johannes.berg@intel.com>
 			tx->sta = sta_info_get_bss(sdata, hdr->addr1);
 		}
 		if (!tx->sta && !is_multicast_ether_addr(hdr->addr1))
-@@ -5443,6 +5441,7 @@ int ieee80211_tx_control_port(struct wip
+@@ -5455,6 +5453,7 @@ int ieee80211_tx_control_port(struct wip
 {
 	struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
 	struct ieee80211_local *local = sdata->local;
@@ -77,7 +77,7 @@ Signed-off-by: Johannes Berg <johannes.berg@intel.com>
 	struct sk_buff *skb;
 	struct ethhdr *ehdr;
 	u32 ctrl_flags = 0;
-@@ -5465,8 +5464,7 @@ int ieee80211_tx_control_port(struct wip
+@@ -5477,8 +5476,7 @@ int ieee80211_tx_control_port(struct wip
 	if (cookie)
 		ctrl_flags |= IEEE80211_TX_CTL_REQ_TX_STATUS;
 
@@ -87,7 +87,7 @@ Signed-off-by: Johannes Berg <johannes.berg@intel.com>
 
 	skb = dev_alloc_skb(local->hw.extra_tx_headroom +
 			    sizeof(struct ethhdr) + len);
-@@ -5483,10 +5481,25 @@ int ieee80211_tx_control_port(struct wip
+@@ -5495,10 +5493,25 @@ int ieee80211_tx_control_port(struct wip
 	ehdr->h_proto = proto;
 
 	skb->dev = dev;
--- a/package/kernel/mac80211/patches/subsys/371-mac80211-don-t-apply-flow-control-on-management-fram.patch
+++ b/package/kernel/mac80211/patches/subsys/371-mac80211-don-t-apply-flow-control-on-management-fram.patch
@@ -48,7 +48,7 @@ Signed-off-by: Johannes Berg <johannes.berg@intel.com>
 	spin_unlock_bh(&fq->lock);
 }
 
-@@ -3866,6 +3875,9 @@ bool ieee80211_txq_airtime_check(struct
+@@ -3878,6 +3887,9 @@ bool ieee80211_txq_airtime_check(struct
 	if (!txq->sta)
 		return true;
 
--- a/package/kernel/mac80211/patches/subsys/372-mac80211-set-sk_pacing_shift-for-802.3-txpath.patch
+++ b/package/kernel/mac80211/patches/subsys/372-mac80211-set-sk_pacing_shift-for-802.3-txpath.patch
@@ -9,7 +9,7 @@ Signed-off-by: Lorenzo Bianconi <lorenzo@kernel.org>

 --- a/net/mac80211/tx.c
 +++ b/net/mac80211/tx.c
-@@ -4193,6 +4193,9 @@ static bool ieee80211_tx_8023(struct iee
+@@ -4205,6 +4205,9 @@ static bool ieee80211_tx_8023(struct iee
 	unsigned long flags;
 	int q = info->hw_queue;
 
--- a/package/kernel/mac80211/patches/subsys/373-mac80211-support-Rx-timestamp-calculation-for-all-pr.patch
+++ b/package/kernel/mac80211/patches/subsys/373-mac80211-support-Rx-timestamp-calculation-for-all-pr.patch
@@ -33,7 +33,7 @@ Signed-off-by: Johannes Berg <johannes.berg@intel.com>
 void ieee80211_vif_inc_num_mcast(struct ieee80211_sub_if_data *sdata);
 --- a/net/mac80211/util.c
 +++ b/net/mac80211/util.c
-@@ -3665,6 +3665,7 @@ u64 ieee80211_calculate_rx_timestamp(str
+@@ -3670,6 +3670,7 @@ u64 ieee80211_calculate_rx_timestamp(str
 	u64 ts = status->mactime;
 	struct rate_info ri;
 	u16 rate;
@@ -41,7 +41,7 @@ Signed-off-by: Johannes Berg <johannes.berg@intel.com>
 
 	if (WARN_ON(!ieee80211_have_rx_timestamp(status)))
 		return 0;
-@@ -3675,11 +3676,58 @@ u64 ieee80211_calculate_rx_timestamp(str
+@@ -3680,11 +3681,58 @@ u64 ieee80211_calculate_rx_timestamp(str
 
 	/* Fill cfg80211 rate info */
 	switch (status->encoding) {
@@ -100,7 +100,7 @@ Signed-off-by: Johannes Berg <johannes.berg@intel.com>
 		break;
 	case RX_ENC_VHT:
 		ri.flags |= RATE_INFO_FLAGS_VHT_MCS;
-@@ -3687,6 +3735,23 @@ u64 ieee80211_calculate_rx_timestamp(str
+@@ -3692,6 +3740,23 @@ u64 ieee80211_calculate_rx_timestamp(str
 		ri.nss = status->nss;
 		if (status->enc_flags & RX_ENC_FLAG_SHORT_GI)
 			ri.flags |= RATE_INFO_FLAGS_SHORT_GI;
@@ -124,7 +124,7 @@ Signed-off-by: Johannes Berg <johannes.berg@intel.com>
 		break;
 	default:
 		WARN_ON(1);
-@@ -3710,7 +3775,6 @@ u64 ieee80211_calculate_rx_timestamp(str
+@@ -3715,7 +3780,6 @@ u64 ieee80211_calculate_rx_timestamp(str
 		ri.legacy = DIV_ROUND_UP(bitrate, (1 << shift));
 
 		if (status->flag & RX_FLAG_MACTIME_PLCP_START) {
--- a/package/kernel/mac80211/patches/subsys/374-mac80211-move-A-MPDU-session-check-from-minstrel_ht-.patch
+++ b/package/kernel/mac80211/patches/subsys/374-mac80211-move-A-MPDU-session-check-from-minstrel_ht-.patch
@@ -76,7 +76,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
 	.rate_init = minstrel_ht_rate_init,
 --- a/net/mac80211/tx.c
 +++ b/net/mac80211/tx.c
-@@ -3953,6 +3953,29 @@ void ieee80211_txq_schedule_start(struct
+@@ -3965,6 +3965,29 @@ void ieee80211_txq_schedule_start(struct
 }
 EXPORT_SYMBOL(ieee80211_txq_schedule_start);
 
@@ -106,7 +106,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
 void __ieee80211_subif_start_xmit(struct sk_buff *skb,
 				  struct net_device *dev,
 				  u32 info_flags,
-@@ -3983,6 +4006,8 @@ void __ieee80211_subif_start_xmit(struct
+@@ -3995,6 +4018,8 @@ void __ieee80211_subif_start_xmit(struct
 		skb_get_hash(skb);
 	}
 
@@ -115,7 +115,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
 	if (sta) {
 		struct ieee80211_fast_tx *fast_tx;
 
-@@ -4246,6 +4271,8 @@ static void ieee80211_8023_xmit(struct i
+@@ -4258,6 +4283,8 @@ static void ieee80211_8023_xmit(struct i
 
 	memset(info, 0, sizeof(*info));
 
--- a/package/kernel/mac80211/patches/subsys/375-mac80211-call-ieee80211_tx_h_rate_ctrl-when-dequeue.patch
+++ b/package/kernel/mac80211/patches/subsys/375-mac80211-call-ieee80211_tx_h_rate_ctrl-when-dequeue.patch
@@ -29,7 +29,7 @@ Signed-off-by: Ryder Lee <ryder.lee@mediatek.com>
 	CALL_TXH(ieee80211_tx_h_michael_mic_add);
 	CALL_TXH(ieee80211_tx_h_sequence);
 	CALL_TXH(ieee80211_tx_h_fragment);
-@@ -3404,15 +3405,21 @@ out:
+@@ -3416,15 +3417,21 @@ out:
  * Can be called while the sta lock is held. Anything that can cause packets to
  * be generated will cause deadlock!
  */
@@ -55,7 +55,7 @@ Signed-off-by: Ryder Lee <ryder.lee@mediatek.com>
 	if (key)
 		info->control.hw_key = &key->conf;
 
-@@ -3461,6 +3468,8 @@ static void ieee80211_xmit_fast_finish(s
+@@ -3473,6 +3480,8 @@ static void ieee80211_xmit_fast_finish(s
 			break;
 		}
 	}
@@ -64,7 +64,7 @@ Signed-off-by: Ryder Lee <ryder.lee@mediatek.com>
 }
 
 static bool ieee80211_xmit_fast(struct ieee80211_sub_if_data *sdata,
-@@ -3564,24 +3573,17 @@ static bool ieee80211_xmit_fast(struct i
+@@ -3576,24 +3585,17 @@ static bool ieee80211_xmit_fast(struct i
 	tx.sta = sta;
 	tx.key = fast_tx->key;
 
@@ -97,7 +97,7 @@ Signed-off-by: Ryder Lee <ryder.lee@mediatek.com>
 
 	if (sdata->vif.type == NL80211_IFTYPE_AP_VLAN)
 		sdata = container_of(sdata->bss,
-@@ -3692,8 +3694,12 @@ begin:
+@@ -3704,8 +3706,12 @@ begin:
 		    (tx.key->conf.flags & IEEE80211_KEY_FLAG_GENERATE_IV))
 			pn_offs = ieee80211_hdrlen(hdr->frame_control);
 
--- a/package/kernel/mac80211/patches/subsys/376-mac80211-add-rate-control-support-for-encap-offload.patch
+++ b/package/kernel/mac80211/patches/subsys/376-mac80211-add-rate-control-support-for-encap-offload.patch
@@ -7,24 +7,6 @@ The software rate control cannot deal with encap offload, so fix it.
 Signed-off-by: Ryder Lee <ryder.lee@mediatek.com>
 ---

--- a/net/mac80211/ieee80211_i.h
-+++ b/net/mac80211/ieee80211_i.h
-@@ -2024,6 +2024,15 @@ static inline void ieee80211_tx_skb(stru
- 	ieee80211_tx_skb_tid(sdata, skb, 7);
- }
- 
-+static inline bool ieee80211_is_tx_data(struct sk_buff *skb)
-+{
-+	struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)skb->data;
-+	struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
-+
-+	return info->flags & IEEE80211_TX_CTL_HW_80211_ENCAP ||
-+	       ieee80211_is_data(hdr->frame_control);
-+}
-+
- u32 ieee802_11_parse_elems_crc(const u8 *start, size_t len, bool action,
- 			       struct ieee802_11_elems *elems,
- 			       u64 filter, u32 crc, u8 *transmitter_bssid,
 --- a/net/mac80211/rate.c
 +++ b/net/mac80211/rate.c
@@ -297,15 +297,11 @@ void ieee80211_check_rate_mask(struct ie
@@ -99,7 +81,7 @@ Signed-off-by: Ryder Lee <ryder.lee@mediatek.com>
 			tx->sta->tx_stats.last_rate = txrc.reported_rate;
 	} else if (tx->sta)
 		tx->sta->tx_stats.last_rate = txrc.reported_rate;
-@@ -3682,8 +3684,16 @@ begin:
+@@ -3694,8 +3696,16 @@ begin:
 	else
 		info->flags &= ~IEEE80211_TX_CTL_AMPDU;
 
@@ -117,3 +99,28 @@ Signed-off-by: Ryder Lee <ryder.lee@mediatek.com>
 
 	if (info->control.flags & IEEE80211_TX_CTRL_FAST_XMIT) {
 		struct sta_info *sta = container_of(txq->sta, struct sta_info,
+--- a/include/net/mac80211.h
+++ b/include/net/mac80211.h
+@@ -6733,4 +6733,22 @@ struct sk_buff *ieee80211_get_fils_disco
+ struct sk_buff *
+ ieee80211_get_unsol_bcast_probe_resp_tmpl(struct ieee80211_hw *hw,
+ 					  struct ieee80211_vif *vif);
+
+/**
+ * ieee80211_is_tx_data - check if frame is a data frame
+ *
+ * The function is used to check if a frame is a data frame. Frames with
+ * hardware encapsulation enabled are data frames.
+ *
+ * @skb: the frame to be transmitted.
+ */
+static inline bool ieee80211_is_tx_data(struct sk_buff *skb)
+{
+	struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
+	struct ieee80211_hdr *hdr = (void *) skb->data;
+
+	return info->flags & IEEE80211_TX_CTL_HW_80211_ENCAP ||
+	       ieee80211_is_data(hdr->frame_control);
+}
+
+ #endif /* MAC80211_H */
--- a/package/kernel/mac80211/patches/subsys/379-mac80211-fix-starting-aggregation-sessions-on-mesh-i.patch
+++ b/package/kernel/mac80211/patches/subsys/379-mac80211-fix-starting-aggregation-sessions-on-mesh-i.patch
@@ -80,7 +80,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
 		if (tid_tx) {
 			bool queued;
 
-@@ -3969,29 +3999,6 @@ void ieee80211_txq_schedule_start(struct
+@@ -3981,29 +4011,6 @@ void ieee80211_txq_schedule_start(struct
 }
 EXPORT_SYMBOL(ieee80211_txq_schedule_start);
 
--- a/package/kernel/mac80211/patches/subsys/380-mac80211-introduce-aql_enable-node-in-debugfs.patch
+++ b/package/kernel/mac80211/patches/subsys/380-mac80211-introduce-aql_enable-node-in-debugfs.patch
@@ -0,0 +1,111 @@
+From: Lorenzo Bianconi <lorenzo@kernel.org>
+Date: Sat, 9 Jan 2021 18:57:51 +0100
+Subject: [PATCH] mac80211: introduce aql_enable node in debugfs
+
+Introduce aql_enable node in debugfs in order to enable/disable aql.
+This is useful for debugging purpose.
+
+Signed-off-by: Lorenzo Bianconi <lorenzo@kernel.org>
+Link: https://lore.kernel.org/r/e7a934d5d84e4796c4f97ea5de4e66c824296b07.1610214851.git.lorenzo@kernel.org
+Signed-off-by: Johannes Berg <johannes.berg@intel.com>
+---
+
+--- a/net/mac80211/debugfs.c
+++ b/net/mac80211/debugfs.c
+@@ -281,6 +281,56 @@ static const struct file_operations aql_
+ 	.llseek = default_llseek,
+ };
+ 
+static ssize_t aql_enable_read(struct file *file, char __user *user_buf,
+			       size_t count, loff_t *ppos)
+{
+	char buf[3];
+	int len;
+
+	len = scnprintf(buf, sizeof(buf), "%d\n",
+			!static_key_false(&aql_disable.key));
+
+	return simple_read_from_buffer(user_buf, count, ppos, buf, len);
+}
+
+static ssize_t aql_enable_write(struct file *file, const char __user *user_buf,
+				size_t count, loff_t *ppos)
+{
+	bool aql_disabled = static_key_false(&aql_disable.key);
+	char buf[3];
+	size_t len;
+
+	if (count > sizeof(buf))
+		return -EINVAL;
+
+	if (copy_from_user(buf, user_buf, count))
+		return -EFAULT;
+
+	buf[sizeof(buf) - 1] = '\0';
+	len = strlen(buf);
+	if (len > 0 && buf[len - 1] == '\n')
+		buf[len - 1] = 0;
+
+	if (buf[0] == '0' && buf[1] == '\0') {
+		if (!aql_disabled)
+			static_branch_inc(&aql_disable);
+	} else if (buf[0] == '1' && buf[1] == '\0') {
+		if (aql_disabled)
+			static_branch_dec(&aql_disable);
+	} else {
+		return -EINVAL;
+	}
+
+	return count;
+}
+
+static const struct file_operations aql_enable_ops = {
+	.write = aql_enable_write,
+	.read = aql_enable_read,
+	.open = simple_open,
+	.llseek = default_llseek,
+};
+
+ static ssize_t force_tx_status_read(struct file *file,
+ 				    char __user *user_buf,
+ 				    size_t count,
+@@ -569,6 +619,7 @@ void debugfs_hw_add(struct ieee80211_loc
+ 	DEBUGFS_ADD(power);
+ 	DEBUGFS_ADD(hw_conf);
+ 	DEBUGFS_ADD_MODE(force_tx_status, 0600);
+	DEBUGFS_ADD_MODE(aql_enable, 0600);
+ 
+ 	if (local->ops->wake_tx_queue)
+ 		DEBUGFS_ADD_MODE(aqm, 0600);
+--- a/net/mac80211/ieee80211_i.h
+++ b/net/mac80211/ieee80211_i.h
+@@ -1140,6 +1140,8 @@ enum mac80211_scan_state {
+ 	SCAN_ABORT,
+ };
+ 
+DECLARE_STATIC_KEY_FALSE(aql_disable);
+
+ struct ieee80211_local {
+ 	/* embed the driver visible part.
+ 	 * don't cast (use the static inlines below), but we keep
+--- a/net/mac80211/tx.c
+++ b/net/mac80211/tx.c
+@@ -3921,6 +3921,8 @@ void __ieee80211_schedule_txq(struct iee
+ }
+ EXPORT_SYMBOL(__ieee80211_schedule_txq);
+ 
+DEFINE_STATIC_KEY_FALSE(aql_disable);
+
+ bool ieee80211_txq_airtime_check(struct ieee80211_hw *hw,
+ 				 struct ieee80211_txq *txq)
+ {
+@@ -3930,6 +3932,9 @@ bool ieee80211_txq_airtime_check(struct
+ 	if (!wiphy_ext_feature_isset(local->hw.wiphy, NL80211_EXT_FEATURE_AQL))
+ 		return true;
+ 
+	if (static_branch_unlikely(&aql_disable))
+		return true;
+
+ 	if (!txq->sta)
+ 		return true;
+ 
--- a/package/kernel/mac80211/patches/subsys/381-mac80211-rearrange-struct-txq_info-for-fewer-holes.patch
+++ b/package/kernel/mac80211/patches/subsys/381-mac80211-rearrange-struct-txq_info-for-fewer-holes.patch
@@ -0,0 +1,39 @@
+From: Johannes Berg <johannes.berg@intel.com>
+Date: Fri, 18 Jun 2021 13:41:44 +0300
+Subject: [PATCH] mac80211: rearrange struct txq_info for fewer holes
+
+We can slightly decrease the size of struct txq_info by
+rearranging some fields for fewer holes, so do that.
+
+Signed-off-by: Johannes Berg <johannes.berg@intel.com>
+Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
+Link: https://lore.kernel.org/r/iwlwifi.20210618133832.1bf019a1fe2e.Ib54622b8d6dc1a9a7dc484e573c073119450538b@changeid
+Signed-off-by: Johannes Berg <johannes.berg@intel.com>
+---
+
+--- a/net/mac80211/ieee80211_i.h
+++ b/net/mac80211/ieee80211_i.h
+@@ -5,7 +5,7 @@
+  * Copyright 2006-2007	Jiri Benc <jbenc@suse.cz>
+  * Copyright 2007-2010	Johannes Berg <johannes@sipsolutions.net>
+  * Copyright 2013-2015  Intel Mobile Communications GmbH
+- * Copyright (C) 2018-2020 Intel Corporation
+ * Copyright (C) 2018-2021 Intel Corporation
+  */
+ 
+ #ifndef IEEE80211_I_H
+@@ -848,9 +848,12 @@ struct txq_info {
+ 	struct fq_tin tin;
+ 	struct codel_vars def_cvars;
+ 	struct codel_stats cstats;
+-	struct sk_buff_head frags;
+-	struct list_head schedule_order;
+
+ 	u16 schedule_round;
+	struct list_head schedule_order;
+
+	struct sk_buff_head frags;
+
+ 	unsigned long flags;
+ 
+ 	/* keep last! */
--- a/package/kernel/mac80211/patches/subsys/382-mac80211-Switch-to-a-virtual-time-based-airtime-sche.patch
+++ b/package/kernel/mac80211/patches/subsys/382-mac80211-Switch-to-a-virtual-time-based-airtime-sche.patch
--- a/package/kernel/mac80211/patches/subsys/384-nl80211-add-common-API-to-configure-SAR-power-limita.patch
+++ b/package/kernel/mac80211/patches/subsys/384-nl80211-add-common-API-to-configure-SAR-power-limita.patch
@@ -0,0 +1,398 @@
+From: Carl Huang <cjhuang@codeaurora.org>
+Date: Thu, 3 Dec 2020 05:37:26 -0500
+Subject: [PATCH] nl80211: add common API to configure SAR power limitations
+
+NL80211_CMD_SET_SAR_SPECS is added to configure SAR from
+user space. NL80211_ATTR_SAR_SPEC is used to pass the SAR
+power specification when used with NL80211_CMD_SET_SAR_SPECS.
+
+Wireless driver needs to register SAR type, supported frequency
+ranges to wiphy, so user space can query it. The index in
+frequency range is used to specify which sub band the power
+limitation applies to. The SAR type is for compatibility, so later
+other SAR mechanism can be implemented without breaking the user
+space SAR applications.
+
+Normal process is user space queries the SAR capability, and
+gets the index of supported frequency ranges and associates the
+power limitation with this index and sends to kernel.
+
+Here is an example of message send to kernel:
+8c 00 00 00 08 00 01 00 00 00 00 00 38 00 2b 81
+08 00 01 00 00 00 00 00 2c 00 02 80 14 00 00 80
+08 00 02 00 00 00 00 00 08 00 01 00 38 00 00 00
+14 00 01 80 08 00 02 00 01 00 00 00 08 00 01 00
+48 00 00 00
+
+NL80211_CMD_SET_SAR_SPECS:  0x8c
+NL80211_ATTR_WIPHY:     0x01(phy idx is 0)
+NL80211_ATTR_SAR_SPEC:  0x812b (NLA_NESTED)
+NL80211_SAR_ATTR_TYPE:  0x00 (NL80211_SAR_TYPE_POWER)
+NL80211_SAR_ATTR_SPECS: 0x8002 (NLA_NESTED)
+freq range 0 power: 0x38 in 0.25dbm unit (14dbm)
+freq range 1 power: 0x48 in 0.25dbm unit (18dbm)
+
+Signed-off-by: Carl Huang <cjhuang@codeaurora.org>
+Reviewed-by: Brian Norris <briannorris@chromium.org>
+Reviewed-by: Abhishek Kumar <kuabhs@chromium.org>
+Link: https://lore.kernel.org/r/20201203103728.3034-2-cjhuang@codeaurora.org
+[minor edits, NLA parse cleanups]
+Signed-off-by: Johannes Berg <johannes.berg@intel.com>
+---
+
+--- a/include/net/cfg80211.h
+++ b/include/net/cfg80211.h
+@@ -1737,6 +1737,54 @@ struct station_info {
+ 	u8 connected_to_as;
+ };
+ 
+/**
+ * struct cfg80211_sar_sub_specs - sub specs limit
+ * @power: power limitation in 0.25dbm
+ * @freq_range_index: index the power limitation applies to
+ */
+struct cfg80211_sar_sub_specs {
+	s32 power;
+	u32 freq_range_index;
+};
+
+/**
+ * struct cfg80211_sar_specs - sar limit specs
+ * @type: it's set with power in 0.25dbm or other types
+ * @num_sub_specs: number of sar sub specs
+ * @sub_specs: memory to hold the sar sub specs
+ */
+struct cfg80211_sar_specs {
+	enum nl80211_sar_type type;
+	u32 num_sub_specs;
+	struct cfg80211_sar_sub_specs sub_specs[];
+};
+
+
+/**
+ * @struct cfg80211_sar_chan_ranges - sar frequency ranges
+ * @start_freq:  start range edge frequency
+ * @end_freq:    end range edge frequency
+ */
+struct cfg80211_sar_freq_ranges {
+	u32 start_freq;
+	u32 end_freq;
+};
+
+/**
+ * struct cfg80211_sar_capa - sar limit capability
+ * @type: it's set via power in 0.25dbm or other types
+ * @num_freq_ranges: number of frequency ranges
+ * @freq_ranges: memory to hold the freq ranges.
+ *
+ * Note: WLAN driver may append new ranges or split an existing
+ * range to small ones and then append them.
+ */
+struct cfg80211_sar_capa {
+	enum nl80211_sar_type type;
+	u32 num_freq_ranges;
+	const struct cfg80211_sar_freq_ranges *freq_ranges;
+};
+
+ #if IS_ENABLED(CPTCFG_CFG80211)
+ /**
+  * cfg80211_get_station - retrieve information about a given station
+@@ -4259,6 +4307,8 @@ struct cfg80211_ops {
+ 				  struct cfg80211_tid_config *tid_conf);
+ 	int	(*reset_tid_config)(struct wiphy *wiphy, struct net_device *dev,
+ 				    const u8 *peer, u8 tids);
+	int	(*set_sar_specs)(struct wiphy *wiphy,
+				 struct cfg80211_sar_specs *sar);
+ };
+ 
+ /*
+@@ -5030,6 +5080,8 @@ struct wiphy {
+ 
+ 	u8 max_data_retry_count;
+ 
+	const struct cfg80211_sar_capa *sar_capa;
+
+ 	char priv[] __aligned(NETDEV_ALIGN);
+ };
+ 
+--- a/net/wireless/nl80211.c
+++ b/net/wireless/nl80211.c
+@@ -405,6 +405,18 @@ nl80211_unsol_bcast_probe_resp_policy[NL
+ 						       .len = IEEE80211_MAX_DATA_LEN }
+ };
+ 
+static const struct nla_policy
+sar_specs_policy[NL80211_SAR_ATTR_SPECS_MAX + 1] = {
+	[NL80211_SAR_ATTR_SPECS_POWER] = { .type = NLA_S32 },
+	[NL80211_SAR_ATTR_SPECS_RANGE_INDEX] = {.type = NLA_U32 },
+};
+
+static const struct nla_policy
+sar_policy[NL80211_SAR_ATTR_MAX + 1] = {
+	[NL80211_SAR_ATTR_TYPE] = NLA_POLICY_MAX(NLA_U32, NUM_NL80211_SAR_TYPE),
+	[NL80211_SAR_ATTR_SPECS] = NLA_POLICY_NESTED_ARRAY(sar_specs_policy),
+};
+
+ static const struct nla_policy nl80211_policy[NUM_NL80211_ATTR] = {
+ 	[0] = { .strict_start_type = NL80211_ATTR_HE_OBSS_PD },
+ 	[NL80211_ATTR_WIPHY] = { .type = NLA_U32 },
+@@ -739,6 +751,7 @@ static const struct nla_policy nl80211_p
+ 	[NL80211_ATTR_SAE_PWE] =
+ 		NLA_POLICY_RANGE(NLA_U8, NL80211_SAE_PWE_HUNT_AND_PECK,
+ 				 NL80211_SAE_PWE_BOTH),
+	[NL80211_ATTR_SAR_SPEC] = NLA_POLICY_NESTED(sar_policy),
+ 	[NL80211_ATTR_RECONNECT_REQUESTED] = { .type = NLA_REJECT },
+ };
+ 
+@@ -2117,6 +2130,56 @@ fail:
+ 	return -ENOBUFS;
+ }
+ 
+static int
+nl80211_put_sar_specs(struct cfg80211_registered_device *rdev,
+		      struct sk_buff *msg)
+{
+	struct nlattr *sar_capa, *specs, *sub_freq_range;
+	u8 num_freq_ranges;
+	int i;
+
+	if (!rdev->wiphy.sar_capa)
+		return 0;
+
+	num_freq_ranges = rdev->wiphy.sar_capa->num_freq_ranges;
+
+	sar_capa = nla_nest_start(msg, NL80211_ATTR_SAR_SPEC);
+	if (!sar_capa)
+		return -ENOSPC;
+
+	if (nla_put_u32(msg, NL80211_SAR_ATTR_TYPE, rdev->wiphy.sar_capa->type))
+		goto fail;
+
+	specs = nla_nest_start(msg, NL80211_SAR_ATTR_SPECS);
+	if (!specs)
+		goto fail;
+
+	/* report supported freq_ranges */
+	for (i = 0; i < num_freq_ranges; i++) {
+		sub_freq_range = nla_nest_start(msg, i + 1);
+		if (!sub_freq_range)
+			goto fail;
+
+		if (nla_put_u32(msg, NL80211_SAR_ATTR_SPECS_START_FREQ,
+				rdev->wiphy.sar_capa->freq_ranges[i].start_freq))
+			goto fail;
+
+		if (nla_put_u32(msg, NL80211_SAR_ATTR_SPECS_END_FREQ,
+				rdev->wiphy.sar_capa->freq_ranges[i].end_freq))
+			goto fail;
+
+		nla_nest_end(msg, sub_freq_range);
+	}
+
+	nla_nest_end(msg, specs);
+	nla_nest_end(msg, sar_capa);
+
+	return 0;
+fail:
+	nla_nest_cancel(msg, sar_capa);
+	return -ENOBUFS;
+}
+
+ struct nl80211_dump_wiphy_state {
+ 	s64 filter_wiphy;
+ 	long start;
+@@ -2366,6 +2429,8 @@ static int nl80211_send_wiphy(struct cfg
+ 			CMD(set_multicast_to_unicast, SET_MULTICAST_TO_UNICAST);
+ 			CMD(update_connect_params, UPDATE_CONNECT_PARAMS);
+ 			CMD(update_ft_ies, UPDATE_FT_IES);
+			if (rdev->wiphy.sar_capa)
+				CMD(set_sar_specs, SET_SAR_SPECS);
+ 		}
+ #undef CMD
+ 
+@@ -2691,6 +2756,11 @@ static int nl80211_send_wiphy(struct cfg
+ 
+ 		if (nl80211_put_tid_config_support(rdev, msg))
+ 			goto nla_put_failure;
+		state->split_start++;
+		break;
+	case 16:
+		if (nl80211_put_sar_specs(rdev, msg))
+			goto nla_put_failure;
+ 
+ 		/* done */
+ 		state->split_start = 0;
+@@ -14724,6 +14794,111 @@ static void nl80211_post_doit(__genl_con
+ 	}
+ }
+ 
+static int nl80211_set_sar_sub_specs(struct cfg80211_registered_device *rdev,
+				     struct cfg80211_sar_specs *sar_specs,
+				     struct nlattr *spec[], int index)
+{
+	u32 range_index, i;
+
+	if (!sar_specs || !spec)
+		return -EINVAL;
+
+	if (!spec[NL80211_SAR_ATTR_SPECS_POWER] ||
+	    !spec[NL80211_SAR_ATTR_SPECS_RANGE_INDEX])
+		return -EINVAL;
+
+	range_index = nla_get_u32(spec[NL80211_SAR_ATTR_SPECS_RANGE_INDEX]);
+
+	/* check if range_index exceeds num_freq_ranges */
+	if (range_index >= rdev->wiphy.sar_capa->num_freq_ranges)
+		return -EINVAL;
+
+	/* check if range_index duplicates */
+	for (i = 0; i < index; i++) {
+		if (sar_specs->sub_specs[i].freq_range_index == range_index)
+			return -EINVAL;
+	}
+
+	sar_specs->sub_specs[index].power =
+		nla_get_s32(spec[NL80211_SAR_ATTR_SPECS_POWER]);
+
+	sar_specs->sub_specs[index].freq_range_index = range_index;
+
+	return 0;
+}
+
+static int nl80211_set_sar_specs(struct sk_buff *skb, struct genl_info *info)
+{
+	struct cfg80211_registered_device *rdev = info->user_ptr[0];
+	struct nlattr *spec[NL80211_SAR_ATTR_SPECS_MAX + 1];
+	struct nlattr *tb[NL80211_SAR_ATTR_MAX + 1];
+	struct cfg80211_sar_specs *sar_spec;
+	enum nl80211_sar_type type;
+	struct nlattr *spec_list;
+	u32 specs;
+	int rem, err;
+
+	if (!rdev->wiphy.sar_capa || !rdev->ops->set_sar_specs)
+		return -EOPNOTSUPP;
+
+	if (!info->attrs[NL80211_ATTR_SAR_SPEC])
+		return -EINVAL;
+
+	nla_parse_nested(tb, NL80211_SAR_ATTR_MAX,
+			 info->attrs[NL80211_ATTR_SAR_SPEC],
+			 NULL, NULL);
+
+	if (!tb[NL80211_SAR_ATTR_TYPE] || !tb[NL80211_SAR_ATTR_SPECS])
+		return -EINVAL;
+
+	type = nla_get_u32(tb[NL80211_SAR_ATTR_TYPE]);
+	if (type != rdev->wiphy.sar_capa->type)
+		return -EINVAL;
+
+	specs = 0;
+	nla_for_each_nested(spec_list, tb[NL80211_SAR_ATTR_SPECS], rem)
+		specs++;
+
+	if (specs > rdev->wiphy.sar_capa->num_freq_ranges)
+		return -EINVAL;
+
+	sar_spec = kzalloc(sizeof(*sar_spec) +
+			   specs * sizeof(struct cfg80211_sar_sub_specs),
+			   GFP_KERNEL);
+	if (!sar_spec)
+		return -ENOMEM;
+
+	sar_spec->type = type;
+	specs = 0;
+	nla_for_each_nested(spec_list, tb[NL80211_SAR_ATTR_SPECS], rem) {
+		nla_parse_nested(spec, NL80211_SAR_ATTR_SPECS_MAX,
+				 spec_list, NULL, NULL);
+
+		switch (type) {
+		case NL80211_SAR_TYPE_POWER:
+			if (nl80211_set_sar_sub_specs(rdev, sar_spec,
+						      spec, specs)) {
+				err = -EINVAL;
+				goto error;
+			}
+			break;
+		default:
+			err = -EINVAL;
+			goto error;
+		}
+		specs++;
+	}
+
+	sar_spec->num_sub_specs = specs;
+
+	rdev->cur_cmd_info = info;
+	err = rdev_set_sar_specs(rdev, sar_spec);
+	rdev->cur_cmd_info = NULL;
+error:
+	kfree(sar_spec);
+	return err;
+}
+
+ static __genl_const struct genl_ops nl80211_ops[] = {
+ 	{
+ 		.cmd = NL80211_CMD_GET_WIPHY,
+@@ -15587,6 +15762,14 @@ static const struct genl_small_ops nl802
+ 		.internal_flags = NL80211_FLAG_NEED_NETDEV |
+ 				  NL80211_FLAG_NEED_RTNL,
+ 	},
+	{
+		.cmd = NL80211_CMD_SET_SAR_SPECS,
+		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
+		.doit = nl80211_set_sar_specs,
+		.flags = GENL_UNS_ADMIN_PERM,
+		.internal_flags = NL80211_FLAG_NEED_WIPHY |
+				  NL80211_FLAG_NEED_RTNL,
+	},
+ };
+ 
+ static struct genl_family nl80211_fam __genl_ro_after_init = {
+--- a/net/wireless/rdev-ops.h
+++ b/net/wireless/rdev-ops.h
+@@ -1356,4 +1356,16 @@ static inline int rdev_reset_tid_config(
+ 	return ret;
+ }
+ 
+static inline int rdev_set_sar_specs(struct cfg80211_registered_device *rdev,
+				     struct cfg80211_sar_specs *sar)
+{
+	int ret;
+
+	trace_rdev_set_sar_specs(&rdev->wiphy, sar);
+	ret = rdev->ops->set_sar_specs(&rdev->wiphy, sar);
+	trace_rdev_return_int(&rdev->wiphy, ret);
+
+	return ret;
+}
+
+ #endif /* __CFG80211_RDEV_OPS */
+--- a/net/wireless/trace.h
+++ b/net/wireless/trace.h
+@@ -3551,6 +3551,25 @@ TRACE_EVENT(rdev_reset_tid_config,
+ 	TP_printk(WIPHY_PR_FMT ", " NETDEV_PR_FMT ", peer: " MAC_PR_FMT ", tids: 0x%x",
+ 		  WIPHY_PR_ARG, NETDEV_PR_ARG, MAC_PR_ARG(peer), __entry->tids)
+ );
+
+TRACE_EVENT(rdev_set_sar_specs,
+	TP_PROTO(struct wiphy *wiphy, struct cfg80211_sar_specs *sar),
+	TP_ARGS(wiphy, sar),
+	TP_STRUCT__entry(
+		WIPHY_ENTRY
+		__field(u16, type)
+		__field(u16, num)
+	),
+	TP_fast_assign(
+		WIPHY_ASSIGN;
+		__entry->type = sar->type;
+		__entry->num = sar->num_sub_specs;
+
+	),
+	TP_printk(WIPHY_PR_FMT ", Set type:%d, num_specs:%d",
+		  WIPHY_PR_ARG, __entry->type, __entry->num)
+);
+
+ #endif /* !__RDEV_OPS_TRACE || TRACE_HEADER_MULTI_READ */
+ 
+ #undef TRACE_INCLUDE_PATH
--- a/package/kernel/mac80211/patches/subsys/385-mac80211-add-ieee80211_set_sar_specs.patch
+++ b/package/kernel/mac80211/patches/subsys/385-mac80211-add-ieee80211_set_sar_specs.patch
@@ -0,0 +1,51 @@
+From: Carl Huang <cjhuang@codeaurora.org>
+Date: Thu, 3 Dec 2020 05:37:27 -0500
+Subject: [PATCH] mac80211: add ieee80211_set_sar_specs
+
+This change registers ieee80211_set_sar_specs to
+mac80211_config_ops, so cfg80211 can call it.
+
+Signed-off-by: Carl Huang <cjhuang@codeaurora.org>
+Reviewed-by: Brian Norris <briannorris@chromium.org>
+Reviewed-by: Abhishek Kumar <kuabhs@chromium.org>
+Link: https://lore.kernel.org/r/20201203103728.3034-3-cjhuang@codeaurora.org
+Signed-off-by: Johannes Berg <johannes.berg@intel.com>
+---
+
+--- a/include/net/mac80211.h
+++ b/include/net/mac80211.h
+@@ -4207,6 +4207,8 @@ struct ieee80211_ops {
+ 				   struct ieee80211_vif *vif);
+ 	void (*sta_set_4addr)(struct ieee80211_hw *hw, struct ieee80211_vif *vif,
+ 			      struct ieee80211_sta *sta, bool enabled);
+	int (*set_sar_specs)(struct ieee80211_hw *hw,
+			     const struct cfg80211_sar_specs *sar);
+ 	void (*sta_set_decap_offload)(struct ieee80211_hw *hw,
+ 				      struct ieee80211_vif *vif,
+ 				      struct ieee80211_sta *sta, bool enabled);
+--- a/net/mac80211/cfg.c
+++ b/net/mac80211/cfg.c
+@@ -4136,6 +4136,17 @@ static int ieee80211_reset_tid_config(st
+ 	return ret;
+ }
+ 
+static int ieee80211_set_sar_specs(struct wiphy *wiphy,
+				   struct cfg80211_sar_specs *sar)
+{
+	struct ieee80211_local *local = wiphy_priv(wiphy);
+
+	if (!local->ops->set_sar_specs)
+		return -EOPNOTSUPP;
+
+	return local->ops->set_sar_specs(&local->hw, sar);
+}
+
+ const struct cfg80211_ops mac80211_config_ops = {
+ 	.add_virtual_intf = ieee80211_add_iface,
+ 	.del_virtual_intf = ieee80211_del_iface,
+@@ -4239,4 +4250,5 @@ const struct cfg80211_ops mac80211_confi
+ 	.probe_mesh_link = ieee80211_probe_mesh_link,
+ 	.set_tid_config = ieee80211_set_tid_config,
+ 	.reset_tid_config = ieee80211_reset_tid_config,
+	.set_sar_specs = ieee80211_set_sar_specs,
+ };
--- a/package/kernel/mac80211/patches/subsys/386-mac80211-check-per-vif-offload_flags-in-Tx-path.patch
+++ b/package/kernel/mac80211/patches/subsys/386-mac80211-check-per-vif-offload_flags-in-Tx-path.patch
@@ -0,0 +1,26 @@
+From: Ryder Lee <ryder.lee@mediatek.com>
+Date: Fri, 18 Jun 2021 04:38:59 +0800
+Subject: [PATCH] mac80211: check per vif offload_flags in Tx path
+
+offload_flags has been introduced to indicate encap status of each interface.
+An interface can encap offload at runtime, or if it has some extra limitations
+it can simply override the flags, so it's more flexible to check offload_flags
+in Tx path.
+
+Signed-off-by: Ryder Lee <ryder.lee@mediatek.com>
+Link: https://lore.kernel.org/r/177785418cf407808bf3a44760302d0647076990.1623961575.git.ryder.lee@mediatek.com
+Signed-off-by: Johannes Berg <johannes.berg@intel.com>
+---
+
+--- a/net/mac80211/tx.c
+++ b/net/mac80211/tx.c
+@@ -3335,6 +3335,9 @@ static bool ieee80211_amsdu_aggregate(st
+ 	if (!ieee80211_hw_check(&local->hw, TX_AMSDU))
+ 		return false;
+ 
+	if (sdata->vif.offload_flags & IEEE80211_OFFLOAD_ENCAP_ENABLED)
+		return false;
+
+ 	if (skb_is_gso(skb))
+ 		return false;
+ 
--- a/package/kernel/mac80211/patches/subsys/387-nl80211-add-support-for-BSS-coloring.patch
+++ b/package/kernel/mac80211/patches/subsys/387-nl80211-add-support-for-BSS-coloring.patch
@@ -0,0 +1,485 @@
+From: John Crispin <john@phrozen.org>
+Date: Fri, 2 Jul 2021 19:44:07 +0200
+Subject: [PATCH] nl80211: add support for BSS coloring
+
+This patch adds support for BSS color collisions to the wireless subsystem.
+Add the required functionality to nl80211 that will notify about color
+collisions, triggering the color change and notifying when it is completed.
+
+Co-developed-by: Lorenzo Bianconi <lorenzo@kernel.org>
+Signed-off-by: Lorenzo Bianconi <lorenzo@kernel.org>
+Signed-off-by: John Crispin <john@phrozen.org>
+Link: https://lore.kernel.org/r/500b3582aec8fe2c42ef46f3117b148cb7cbceb5.1625247619.git.lorenzo@kernel.org
+[remove unnecessary NULL initialisation]
+Signed-off-by: Johannes Berg <johannes.berg@intel.com>
+---
+
+--- a/include/net/cfg80211.h
+++ b/include/net/cfg80211.h
+@@ -1252,6 +1252,27 @@ struct cfg80211_csa_settings {
+ #define CFG80211_MAX_NUM_DIFFERENT_CHANNELS 10
+ 
+ /**
+ * struct cfg80211_color_change_settings - color change settings
+ *
+ * Used for bss color change
+ *
+ * @beacon_color_change: beacon data while performing the color countdown
+ * @counter_offsets_beacon: offsets of the counters within the beacon (tail)
+ * @counter_offsets_presp: offsets of the counters within the probe response
+ * @beacon_next: beacon data to be used after the color change
+ * @count: number of beacons until the color change
+ * @color: the color used after the change
+ */
+struct cfg80211_color_change_settings {
+	struct cfg80211_beacon_data beacon_color_change;
+	u16 counter_offset_beacon;
+	u16 counter_offset_presp;
+	struct cfg80211_beacon_data beacon_next;
+	u8 count;
+	u8 color;
+};
+
+/**
+  * struct iface_combination_params - input parameters for interface combinations
+  *
+  * Used to pass interface combination parameters
+@@ -3979,6 +4000,8 @@ struct mgmt_frame_regs {
+  *	This callback may sleep.
+  * @reset_tid_config: Reset TID specific configuration for the peer, for the
+  *	given TIDs. This callback may sleep.
+ *
+ * @color_change: Initiate a color change.
+  */
+ struct cfg80211_ops {
+ 	int	(*suspend)(struct wiphy *wiphy, struct cfg80211_wowlan *wow);
+@@ -4309,6 +4332,9 @@ struct cfg80211_ops {
+ 				    const u8 *peer, u8 tids);
+ 	int	(*set_sar_specs)(struct wiphy *wiphy,
+ 				 struct cfg80211_sar_specs *sar);
+	int	(*color_change)(struct wiphy *wiphy,
+				struct net_device *dev,
+				struct cfg80211_color_change_settings *params);
+ };
+ 
+ /*
+@@ -8092,4 +8118,70 @@ void cfg80211_update_owe_info_event(stru
+  */
+ void cfg80211_bss_flush(struct wiphy *wiphy);
+ 
+/**
+ * cfg80211_bss_color_notify - notify about bss color event
+ * @dev: network device
+ * @gfp: allocation flags
+ * @cmd: the actual event we want to notify
+ * @count: the number of TBTTs until the color change happens
+ * @color_bitmap: representations of the colors that the local BSS is aware of
+ */
+int cfg80211_bss_color_notify(struct net_device *dev, gfp_t gfp,
+			      enum nl80211_commands cmd, u8 count,
+			      u64 color_bitmap);
+
+/**
+ * cfg80211_obss_color_collision_notify - notify about bss color collision
+ * @dev: network device
+ * @color_bitmap: representations of the colors that the local BSS is aware of
+ */
+static inline int cfg80211_obss_color_collision_notify(struct net_device *dev,
+						       u64 color_bitmap)
+{
+	return cfg80211_bss_color_notify(dev, GFP_KERNEL,
+					 NL80211_CMD_OBSS_COLOR_COLLISION,
+					 0, color_bitmap);
+}
+
+/**
+ * cfg80211_color_change_started_notify - notify color change start
+ * @dev: the device on which the color is switched
+ * @count: the number of TBTTs until the color change happens
+ *
+ * Inform the userspace about the color change that has started.
+ */
+static inline int cfg80211_color_change_started_notify(struct net_device *dev,
+						       u8 count)
+{
+	return cfg80211_bss_color_notify(dev, GFP_KERNEL,
+					 NL80211_CMD_COLOR_CHANGE_STARTED,
+					 count, 0);
+}
+
+/**
+ * cfg80211_color_change_aborted_notify - notify color change abort
+ * @dev: the device on which the color is switched
+ *
+ * Inform the userspace about the color change that has aborted.
+ */
+static inline int cfg80211_color_change_aborted_notify(struct net_device *dev)
+{
+	return cfg80211_bss_color_notify(dev, GFP_KERNEL,
+					 NL80211_CMD_COLOR_CHANGE_ABORTED,
+					 0, 0);
+}
+
+/**
+ * cfg80211_color_change_notify - notify color change completion
+ * @dev: the device on which the color was switched
+ *
+ * Inform the userspace about the color change that has completed.
+ */
+static inline int cfg80211_color_change_notify(struct net_device *dev)
+{
+	return cfg80211_bss_color_notify(dev, GFP_KERNEL,
+					 NL80211_CMD_COLOR_CHANGE_COMPLETED,
+					 0, 0);
+}
+
+ #endif /* __NET_CFG80211_H */
+--- a/include/uapi/linux/nl80211.h
+++ b/include/uapi/linux/nl80211.h
+@@ -1185,6 +1185,21 @@
+  *	passed using %NL80211_ATTR_SAR_SPEC. %NL80211_ATTR_WIPHY is used to
+  *	specify the wiphy index to be applied to.
+  *
+ * @NL80211_CMD_OBSS_COLOR_COLLISION: This notification is sent out whenever
+ *	mac80211/drv detects a bss color collision.
+ *
+ * @NL80211_CMD_COLOR_CHANGE_REQUEST: This command is used to indicate that
+ *	userspace wants to change the BSS color.
+ *
+ * @NL80211_CMD_COLOR_CHANGE_STARTED: Notify userland, that a color change has
+ *	started
+ *
+ * @NL80211_CMD_COLOR_CHANGE_ABORTED: Notify userland, that the color change has
+ *	been aborted
+ *
+ * @NL80211_CMD_COLOR_CHANGE_COMPLETED: Notify userland that the color change
+ *	has completed
+ *
+  * @NL80211_CMD_MAX: highest used command number
+  * @__NL80211_CMD_AFTER_LAST: internal use
+  */
+@@ -1417,6 +1432,14 @@ enum nl80211_commands {
+ 
+ 	NL80211_CMD_SET_SAR_SPECS,
+ 
+	NL80211_CMD_OBSS_COLOR_COLLISION,
+
+	NL80211_CMD_COLOR_CHANGE_REQUEST,
+
+	NL80211_CMD_COLOR_CHANGE_STARTED,
+	NL80211_CMD_COLOR_CHANGE_ABORTED,
+	NL80211_CMD_COLOR_CHANGE_COMPLETED,
+
+ 	/* add new commands above here */
+ 
+ 	/* used to define NL80211_CMD_MAX below */
+@@ -2560,6 +2583,16 @@ enum nl80211_commands {
+  *	disassoc events to indicate that an immediate reconnect to the AP
+  *	is desired.
+  *
+ * @NL80211_ATTR_OBSS_COLOR_BITMAP: bitmap of the u64 BSS colors for the
+ *	%NL80211_CMD_OBSS_COLOR_COLLISION event.
+ *
+ * @NL80211_ATTR_COLOR_CHANGE_COUNT: u8 attribute specifying the number of TBTT's
+ *	until the color switch event.
+ * @NL80211_ATTR_COLOR_CHANGE_COLOR: u8 attribute specifying the color that we are
+ *	switching to
+ * @NL80211_ATTR_COLOR_CHANGE_ELEMS: Nested set of attributes containing the IE
+ *	information for the time while performing a color switch.
+ *
+  * @NUM_NL80211_ATTR: total number of nl80211_attrs available
+  * @NL80211_ATTR_MAX: highest attribute number currently defined
+  * @__NL80211_ATTR_AFTER_LAST: internal use
+@@ -3057,6 +3090,12 @@ enum nl80211_attrs {
+ 
+ 	NL80211_ATTR_DISABLE_HE,
+ 
+	NL80211_ATTR_OBSS_COLOR_BITMAP,
+
+	NL80211_ATTR_COLOR_CHANGE_COUNT,
+	NL80211_ATTR_COLOR_CHANGE_COLOR,
+	NL80211_ATTR_COLOR_CHANGE_ELEMS,
+
+ 	/* add attributes here, update the policy in nl80211.c */
+ 
+ 	__NL80211_ATTR_AFTER_LAST,
+@@ -5950,6 +5989,9 @@ enum nl80211_feature_flags {
+  *      frame protection for all management frames exchanged during the
+  *      negotiation and range measurement procedure.
+  *
+ * @NL80211_EXT_FEATURE_BSS_COLOR: The driver supports BSS color collision
+ *	detection and change announcemnts.
+ *
+  * @NUM_NL80211_EXT_FEATURES: number of extended features.
+  * @MAX_NL80211_EXT_FEATURES: highest extended feature index.
+  */
+@@ -6014,6 +6056,7 @@ enum nl80211_ext_feature_index {
+ 	NL80211_EXT_FEATURE_SECURE_LTF,
+ 	NL80211_EXT_FEATURE_SECURE_RTT,
+ 	NL80211_EXT_FEATURE_PROT_RANGE_NEGO_AND_MEASURE,
+	NL80211_EXT_FEATURE_BSS_COLOR,
+ 
+ 	/* add new features before the definition below */
+ 	NUM_NL80211_EXT_FEATURES,
+--- a/net/wireless/nl80211.c
+++ b/net/wireless/nl80211.c
+@@ -753,6 +753,10 @@ static const struct nla_policy nl80211_p
+ 				 NL80211_SAE_PWE_BOTH),
+ 	[NL80211_ATTR_SAR_SPEC] = NLA_POLICY_NESTED(sar_policy),
+ 	[NL80211_ATTR_RECONNECT_REQUESTED] = { .type = NLA_REJECT },
+	[NL80211_ATTR_OBSS_COLOR_BITMAP] = { .type = NLA_U64 },
+	[NL80211_ATTR_COLOR_CHANGE_COUNT] = { .type = NLA_U8 },
+	[NL80211_ATTR_COLOR_CHANGE_COLOR] = { .type = NLA_U8 },
+	[NL80211_ATTR_COLOR_CHANGE_ELEMS] = NLA_POLICY_NESTED(nl80211_policy),
+ };
+ 
+ /* policy for the key attributes */
+@@ -14689,6 +14693,106 @@ bad_tid_conf:
+ 	return ret;
+ }
+ 
+static int nl80211_color_change(struct sk_buff *skb, struct genl_info *info)
+{
+	struct cfg80211_registered_device *rdev = info->user_ptr[0];
+	struct cfg80211_color_change_settings params = {};
+	struct net_device *dev = info->user_ptr[1];
+	struct wireless_dev *wdev = dev->ieee80211_ptr;
+	struct nlattr **tb;
+	u16 offset;
+	int err;
+
+	if (!rdev->ops->color_change)
+		return -EOPNOTSUPP;
+
+	if (!wiphy_ext_feature_isset(&rdev->wiphy,
+				     NL80211_EXT_FEATURE_BSS_COLOR))
+		return -EOPNOTSUPP;
+
+	if (wdev->iftype != NL80211_IFTYPE_AP)
+		return -EOPNOTSUPP;
+
+	if (!info->attrs[NL80211_ATTR_COLOR_CHANGE_COUNT] ||
+	    !info->attrs[NL80211_ATTR_COLOR_CHANGE_COLOR] ||
+	    !info->attrs[NL80211_ATTR_COLOR_CHANGE_ELEMS])
+		return -EINVAL;
+
+	params.count = nla_get_u8(info->attrs[NL80211_ATTR_COLOR_CHANGE_COUNT]);
+	params.color = nla_get_u8(info->attrs[NL80211_ATTR_COLOR_CHANGE_COLOR]);
+
+	err = nl80211_parse_beacon(rdev, info->attrs, &params.beacon_next);
+	if (err)
+		return err;
+
+	tb = kcalloc(NL80211_ATTR_MAX + 1, sizeof(*tb), GFP_KERNEL);
+	if (!tb)
+		return -ENOMEM;
+
+	err = nla_parse_nested(tb, NL80211_ATTR_MAX,
+			       info->attrs[NL80211_ATTR_COLOR_CHANGE_ELEMS],
+			       nl80211_policy, info->extack);
+	if (err)
+		goto out;
+
+	err = nl80211_parse_beacon(rdev, tb, &params.beacon_color_change);
+	if (err)
+		goto out;
+
+	if (!tb[NL80211_ATTR_CNTDWN_OFFS_BEACON]) {
+		err = -EINVAL;
+		goto out;
+	}
+
+	if (nla_len(tb[NL80211_ATTR_CNTDWN_OFFS_BEACON]) != sizeof(u16)) {
+		err = -EINVAL;
+		goto out;
+	}
+
+	offset = nla_get_u16(tb[NL80211_ATTR_CNTDWN_OFFS_BEACON]);
+	if (offset >= params.beacon_color_change.tail_len) {
+		err = -EINVAL;
+		goto out;
+	}
+
+	if (params.beacon_color_change.tail[offset] != params.count) {
+		err = -EINVAL;
+		goto out;
+	}
+
+	params.counter_offset_beacon = offset;
+
+	if (tb[NL80211_ATTR_CNTDWN_OFFS_PRESP]) {
+		if (nla_len(tb[NL80211_ATTR_CNTDWN_OFFS_PRESP]) !=
+		    sizeof(u16)) {
+			err = -EINVAL;
+			goto out;
+		}
+
+		offset = nla_get_u16(tb[NL80211_ATTR_CNTDWN_OFFS_PRESP]);
+		if (offset >= params.beacon_color_change.probe_resp_len) {
+			err = -EINVAL;
+			goto out;
+		}
+
+		if (params.beacon_color_change.probe_resp[offset] !=
+		    params.count) {
+			err = -EINVAL;
+			goto out;
+		}
+
+		params.counter_offset_presp = offset;
+	}
+
+	wdev_lock(wdev);
+	err = rdev_color_change(rdev, dev, &params);
+	wdev_unlock(wdev);
+
+out:
+	kfree(tb);
+	return err;
+}
+
+ #define NL80211_FLAG_NEED_WIPHY		0x01
+ #define NL80211_FLAG_NEED_NETDEV	0x02
+ #define NL80211_FLAG_NEED_RTNL		0x04
+@@ -15770,6 +15874,14 @@ static const struct genl_small_ops nl802
+ 		.internal_flags = NL80211_FLAG_NEED_WIPHY |
+ 				  NL80211_FLAG_NEED_RTNL,
+ 	},
+	{
+		.cmd = NL80211_CMD_COLOR_CHANGE_REQUEST,
+		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
+		.doit = nl80211_color_change,
+		.flags = GENL_UNS_ADMIN_PERM,
+		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
+				  NL80211_FLAG_NEED_RTNL,
+	},
+ };
+ 
+ static struct genl_family nl80211_fam __genl_ro_after_init = {
+@@ -17397,6 +17509,51 @@ void cfg80211_ch_switch_started_notify(s
+ }
+ EXPORT_SYMBOL(cfg80211_ch_switch_started_notify);
+ 
+int cfg80211_bss_color_notify(struct net_device *dev, gfp_t gfp,
+			      enum nl80211_commands cmd, u8 count,
+			      u64 color_bitmap)
+{
+	struct wireless_dev *wdev = dev->ieee80211_ptr;
+	struct wiphy *wiphy = wdev->wiphy;
+	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
+	struct sk_buff *msg;
+	void *hdr;
+
+	ASSERT_WDEV_LOCK(wdev);
+
+	trace_cfg80211_bss_color_notify(dev, cmd, count, color_bitmap);
+
+	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
+	if (!msg)
+		return -ENOMEM;
+
+	hdr = nl80211hdr_put(msg, 0, 0, 0, cmd);
+	if (!hdr)
+		goto nla_put_failure;
+
+	if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex))
+		goto nla_put_failure;
+
+	if (cmd == NL80211_CMD_COLOR_CHANGE_STARTED &&
+	    nla_put_u32(msg, NL80211_ATTR_COLOR_CHANGE_COUNT, count))
+		goto nla_put_failure;
+
+	if (cmd == NL80211_CMD_OBSS_COLOR_COLLISION &&
+	    nla_put_u64_64bit(msg, NL80211_ATTR_OBSS_COLOR_BITMAP,
+			      color_bitmap, NL80211_ATTR_PAD))
+		goto nla_put_failure;
+
+	genlmsg_end(msg, hdr);
+
+	return genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy),
+				       msg, 0, NL80211_MCGRP_MLME, gfp);
+
+nla_put_failure:
+	nlmsg_free(msg);
+	return -EINVAL;
+}
+EXPORT_SYMBOL(cfg80211_bss_color_notify);
+
+ void
+ nl80211_radar_notify(struct cfg80211_registered_device *rdev,
+ 		     const struct cfg80211_chan_def *chandef,
+--- a/net/wireless/rdev-ops.h
+++ b/net/wireless/rdev-ops.h
+@@ -1368,4 +1368,17 @@ static inline int rdev_set_sar_specs(str
+ 	return ret;
+ }
+ 
+static inline int rdev_color_change(struct cfg80211_registered_device *rdev,
+				    struct net_device *dev,
+				    struct cfg80211_color_change_settings *params)
+{
+	int ret;
+
+	trace_rdev_color_change(&rdev->wiphy, dev, params);
+	ret = rdev->ops->color_change(&rdev->wiphy, dev, params);
+	trace_rdev_return_int(&rdev->wiphy, ret);
+
+	return ret;
+}
+
+ #endif /* __CFG80211_RDEV_OPS */
+--- a/net/wireless/trace.h
+++ b/net/wireless/trace.h
+@@ -3570,6 +3570,52 @@ TRACE_EVENT(rdev_set_sar_specs,
+ 		  WIPHY_PR_ARG, __entry->type, __entry->num)
+ );
+ 
+TRACE_EVENT(rdev_color_change,
+	TP_PROTO(struct wiphy *wiphy, struct net_device *netdev,
+		 struct cfg80211_color_change_settings *params),
+	TP_ARGS(wiphy, netdev, params),
+	TP_STRUCT__entry(
+		WIPHY_ENTRY
+		NETDEV_ENTRY
+		__field(u8, count)
+		__field(u16, bcn_ofs)
+		__field(u16, pres_ofs)
+	),
+	TP_fast_assign(
+		WIPHY_ASSIGN;
+		NETDEV_ASSIGN;
+		__entry->count = params->count;
+		__entry->bcn_ofs = params->counter_offset_beacon;
+		__entry->pres_ofs = params->counter_offset_presp;
+	),
+	TP_printk(WIPHY_PR_FMT ", " NETDEV_PR_FMT
+		  ", count: %u",
+		  WIPHY_PR_ARG, NETDEV_PR_ARG,
+		  __entry->count)
+);
+
+TRACE_EVENT(cfg80211_bss_color_notify,
+	TP_PROTO(struct net_device *netdev,
+		 enum nl80211_commands cmd,
+		 u8 count, u64 color_bitmap),
+	TP_ARGS(netdev, cmd, count, color_bitmap),
+	TP_STRUCT__entry(
+		NETDEV_ENTRY
+		__field(enum nl80211_bss_scan_width, cmd)
+		__field(u8, count)
+		__field(u64, color_bitmap)
+	),
+	TP_fast_assign(
+		NETDEV_ASSIGN;
+		__entry->cmd = cmd;
+		__entry->count = count;
+		__entry->color_bitmap = color_bitmap;
+	),
+	TP_printk(NETDEV_PR_FMT ", cmd: %x, count: %u, bitmap: %llx",
+		  NETDEV_PR_ARG, __entry->cmd, __entry->count,
+		  __entry->color_bitmap)
+);
+
+ #endif /* !__RDEV_OPS_TRACE || TRACE_HEADER_MULTI_READ */
+ 
+ #undef TRACE_INCLUDE_PATH
--- a/package/kernel/mac80211/patches/subsys/388-mac80211-add-support-for-BSS-color-change.patch
+++ b/package/kernel/mac80211/patches/subsys/388-mac80211-add-support-for-BSS-color-change.patch
@@ -0,0 +1,524 @@
+From: John Crispin <john@phrozen.org>
+Date: Fri, 2 Jul 2021 19:44:08 +0200
+Subject: [PATCH] mac80211: add support for BSS color change
+
+The color change announcement is very similar to how CSA works where
+we have an IE that includes a counter. When the counter hits 0, the new
+color is applied via an updated beacon.
+
+This patch makes the CSA counter functionality reusable, rather than
+implementing it again. This also allows for future reuse incase support
+for other counter IEs gets added.
+
+Co-developed-by: Lorenzo Bianconi <lorenzo@kernel.org>
+Signed-off-by: Lorenzo Bianconi <lorenzo@kernel.org>
+Signed-off-by: John Crispin <john@phrozen.org>
+Link: https://lore.kernel.org/r/057c1e67b82bee561ea44ce6a45a8462d3da6995.1625247619.git.lorenzo@kernel.org
+Signed-off-by: Johannes Berg <johannes.berg@intel.com>
+---
+
+--- a/include/net/mac80211.h
+++ b/include/net/mac80211.h
+@@ -1710,6 +1710,10 @@ enum ieee80211_offload_flags {
+  *	protected by fq->lock.
+  * @offload_flags: 802.3 -> 802.11 enapsulation offload flags, see
+  *	&enum ieee80211_offload_flags.
+ * @color_change_active: marks whether a color change is ongoing. Internally it is
+ *	write-protected by sdata_lock and local->mtx so holding either is fine
+ *	for read access.
+ * @color_change_color: the bss color that will be used after the change.
+  */
+ struct ieee80211_vif {
+ 	enum nl80211_iftype type;
+@@ -1738,6 +1742,9 @@ struct ieee80211_vif {
+ 
+ 	bool txqs_stopped[IEEE80211_NUM_ACS];
+ 
+	bool color_change_active;
+	u8 color_change_color;
+
+ 	/* must be last */
+ 	u8 drv_priv[] __aligned(sizeof(void *));
+ };
+@@ -4982,6 +4989,16 @@ void ieee80211_csa_finish(struct ieee802
+ bool ieee80211_beacon_cntdwn_is_complete(struct ieee80211_vif *vif);
+ 
+ /**
+ * ieee80211_color_change_finish - notify mac80211 about color change
+ * @vif: &struct ieee80211_vif pointer from the add_interface callback.
+ *
+ * After a color change announcement was scheduled and the counter in this
+ * announcement hits 1, this function must be called by the driver to
+ * notify mac80211 that the color can be changed
+ */
+void ieee80211_color_change_finish(struct ieee80211_vif *vif);
+
+/**
+  * ieee80211_proberesp_get - retrieve a Probe Response template
+  * @hw: pointer obtained from ieee80211_alloc_hw().
+  * @vif: &struct ieee80211_vif pointer from the add_interface callback.
+@@ -6726,6 +6743,18 @@ ieee80211_get_unsol_bcast_probe_resp_tmp
+ 					  struct ieee80211_vif *vif);
+ 
+ /**
+ * ieeee80211_obss_color_collision_notify - notify userland about a BSS color
+ * collision.
+ *
+ * @vif: &struct ieee80211_vif pointer from the add_interface callback.
+ * @color_bitmap: a 64 bit bitmap representing the colors that the local BSS is
+ *	aware of.
+ */
+void
+ieeee80211_obss_color_collision_notify(struct ieee80211_vif *vif,
+				       u64 color_bitmap);
+
+/**
+  * ieee80211_is_tx_data - check if frame is a data frame
+  *
+  * The function is used to check if a frame is a data frame. Frames with
+--- a/net/mac80211/cfg.c
+++ b/net/mac80211/cfg.c
+@@ -827,9 +827,11 @@ static int ieee80211_set_monitor_channel
+ 	return ret;
+ }
+ 
+-static int ieee80211_set_probe_resp(struct ieee80211_sub_if_data *sdata,
+-				    const u8 *resp, size_t resp_len,
+-				    const struct ieee80211_csa_settings *csa)
+static int
+ieee80211_set_probe_resp(struct ieee80211_sub_if_data *sdata,
+			 const u8 *resp, size_t resp_len,
+			 const struct ieee80211_csa_settings *csa,
+			 const struct ieee80211_color_change_settings *cca)
+ {
+ 	struct probe_resp *new, *old;
+ 
+@@ -849,6 +851,8 @@ static int ieee80211_set_probe_resp(stru
+ 		memcpy(new->cntdwn_counter_offsets, csa->counter_offsets_presp,
+ 		       csa->n_counter_offsets_presp *
+ 		       sizeof(new->cntdwn_counter_offsets[0]));
+	else if (cca)
+		new->cntdwn_counter_offsets[0] = cca->counter_offset_presp;
+ 
+ 	rcu_assign_pointer(sdata->u.ap.probe_resp, new);
+ 	if (old)
+@@ -954,7 +958,8 @@ static int ieee80211_set_ftm_responder_p
+ 
+ static int ieee80211_assign_beacon(struct ieee80211_sub_if_data *sdata,
+ 				   struct cfg80211_beacon_data *params,
+-				   const struct ieee80211_csa_settings *csa)
+				   const struct ieee80211_csa_settings *csa,
+				   const struct ieee80211_color_change_settings *cca)
+ {
+ 	struct beacon_data *new, *old;
+ 	int new_head_len, new_tail_len;
+@@ -1003,6 +1008,9 @@ static int ieee80211_assign_beacon(struc
+ 		memcpy(new->cntdwn_counter_offsets, csa->counter_offsets_beacon,
+ 		       csa->n_counter_offsets_beacon *
+ 		       sizeof(new->cntdwn_counter_offsets[0]));
+	} else if (cca) {
+		new->cntdwn_current_counter = cca->count;
+		new->cntdwn_counter_offsets[0] = cca->counter_offset_beacon;
+ 	}
+ 
+ 	/* copy in head */
+@@ -1019,7 +1027,7 @@ static int ieee80211_assign_beacon(struc
+ 			memcpy(new->tail, old->tail, new_tail_len);
+ 
+ 	err = ieee80211_set_probe_resp(sdata, params->probe_resp,
+-				       params->probe_resp_len, csa);
+				       params->probe_resp_len, csa, cca);
+ 	if (err < 0) {
+ 		kfree(new);
+ 		return err;
+@@ -1176,7 +1184,7 @@ static int ieee80211_start_ap(struct wip
+ 	if (ieee80211_hw_check(&local->hw, HAS_RATE_CONTROL))
+ 		sdata->vif.bss_conf.beacon_tx_rate = params->beacon_rate;
+ 
+-	err = ieee80211_assign_beacon(sdata, &params->beacon, NULL);
+	err = ieee80211_assign_beacon(sdata, &params->beacon, NULL, NULL);
+ 	if (err < 0)
+ 		goto error;
+ 	changed |= err;
+@@ -1234,17 +1242,17 @@ static int ieee80211_change_beacon(struc
+ 	sdata = IEEE80211_DEV_TO_SUB_IF(dev);
+ 	sdata_assert_lock(sdata);
+ 
+-	/* don't allow changing the beacon while CSA is in place - offset
+	/* don't allow changing the beacon while a countdown is in place - offset
+ 	 * of channel switch counter may change
+ 	 */
+-	if (sdata->vif.csa_active)
+	if (sdata->vif.csa_active || sdata->vif.color_change_active)
+ 		return -EBUSY;
+ 
+ 	old = sdata_dereference(sdata->u.ap.beacon, sdata);
+ 	if (!old)
+ 		return -ENOENT;
+ 
+-	err = ieee80211_assign_beacon(sdata, params, NULL);
+	err = ieee80211_assign_beacon(sdata, params, NULL, NULL);
+ 	if (err < 0)
+ 		return err;
+ 	ieee80211_bss_info_change_notify(sdata, err);
+@@ -3174,7 +3182,7 @@ static int ieee80211_set_after_csa_beaco
+ 	switch (sdata->vif.type) {
+ 	case NL80211_IFTYPE_AP:
+ 		err = ieee80211_assign_beacon(sdata, sdata->u.ap.next_beacon,
+-					      NULL);
+					      NULL, NULL);
+ 		kfree(sdata->u.ap.next_beacon);
+ 		sdata->u.ap.next_beacon = NULL;
+ 
+@@ -3340,7 +3348,7 @@ static int ieee80211_set_csa_beacon(stru
+ 		csa.n_counter_offsets_presp = params->n_counter_offsets_presp;
+ 		csa.count = params->count;
+ 
+-		err = ieee80211_assign_beacon(sdata, &params->beacon_csa, &csa);
+		err = ieee80211_assign_beacon(sdata, &params->beacon_csa, &csa, NULL);
+ 		if (err < 0) {
+ 			kfree(sdata->u.ap.next_beacon);
+ 			return err;
+@@ -3428,6 +3436,15 @@ static int ieee80211_set_csa_beacon(stru
+ 	return 0;
+ }
+ 
+static void ieee80211_color_change_abort(struct ieee80211_sub_if_data  *sdata)
+{
+	sdata->vif.color_change_active = false;
+	kfree(sdata->u.ap.next_beacon);
+	sdata->u.ap.next_beacon = NULL;
+
+	cfg80211_color_change_aborted_notify(sdata->dev);
+}
+
+ static int
+ __ieee80211_channel_switch(struct wiphy *wiphy, struct net_device *dev,
+ 			   struct cfg80211_csa_settings *params)
+@@ -3496,6 +3513,10 @@ __ieee80211_channel_switch(struct wiphy
+ 		goto out;
+ 	}
+ 
+	/* if there is a color change in progress, abort it */
+	if (sdata->vif.color_change_active)
+		ieee80211_color_change_abort(sdata);
+
+ 	err = ieee80211_set_csa_beacon(sdata, params, &changed);
+ 	if (err) {
+ 		ieee80211_vif_unreserve_chanctx(sdata);
+@@ -4147,6 +4168,196 @@ static int ieee80211_set_sar_specs(struc
+ 	return local->ops->set_sar_specs(&local->hw, sar);
+ }
+ 
+static int
+ieee80211_set_after_color_change_beacon(struct ieee80211_sub_if_data *sdata,
+					u32 *changed)
+{
+	switch (sdata->vif.type) {
+	case NL80211_IFTYPE_AP: {
+		int ret;
+
+		ret = ieee80211_assign_beacon(sdata, sdata->u.ap.next_beacon,
+					      NULL, NULL);
+		kfree(sdata->u.ap.next_beacon);
+		sdata->u.ap.next_beacon = NULL;
+
+		if (ret < 0)
+			return ret;
+
+		*changed |= ret;
+		break;
+	}
+	default:
+		WARN_ON_ONCE(1);
+		return -EINVAL;
+	}
+
+	return 0;
+}
+
+static int
+ieee80211_set_color_change_beacon(struct ieee80211_sub_if_data *sdata,
+				  struct cfg80211_color_change_settings *params,
+				  u32 *changed)
+{
+	struct ieee80211_color_change_settings color_change = {};
+	int err;
+
+	switch (sdata->vif.type) {
+	case NL80211_IFTYPE_AP:
+		sdata->u.ap.next_beacon =
+			cfg80211_beacon_dup(&params->beacon_next);
+		if (!sdata->u.ap.next_beacon)
+			return -ENOMEM;
+
+		if (params->count <= 1)
+			break;
+
+		color_change.counter_offset_beacon =
+			params->counter_offset_beacon;
+		color_change.counter_offset_presp =
+			params->counter_offset_presp;
+		color_change.count = params->count;
+
+		err = ieee80211_assign_beacon(sdata, &params->beacon_color_change,
+					      NULL, &color_change);
+		if (err < 0) {
+			kfree(sdata->u.ap.next_beacon);
+			return err;
+		}
+		*changed |= err;
+		break;
+	default:
+		return -EOPNOTSUPP;
+	}
+
+	return 0;
+}
+
+static void
+ieee80211_color_change_bss_config_notify(struct ieee80211_sub_if_data *sdata,
+					 u8 color, int enable, u32 changed)
+{
+	sdata->vif.bss_conf.he_bss_color.color = color;
+	sdata->vif.bss_conf.he_bss_color.enabled = enable;
+	changed |= BSS_CHANGED_HE_BSS_COLOR;
+
+	ieee80211_bss_info_change_notify(sdata, changed);
+}
+
+static int ieee80211_color_change_finalize(struct ieee80211_sub_if_data *sdata)
+{
+	struct ieee80211_local *local = sdata->local;
+	u32 changed = 0;
+	int err;
+
+	sdata_assert_lock(sdata);
+	lockdep_assert_held(&local->mtx);
+
+	sdata->vif.color_change_active = false;
+
+	err = ieee80211_set_after_color_change_beacon(sdata, &changed);
+	if (err) {
+		cfg80211_color_change_aborted_notify(sdata->dev);
+		return err;
+	}
+
+	ieee80211_color_change_bss_config_notify(sdata,
+						 sdata->vif.color_change_color,
+						 1, changed);
+	cfg80211_color_change_notify(sdata->dev);
+
+	return 0;
+}
+
+void ieee80211_color_change_finalize_work(struct work_struct *work)
+{
+	struct ieee80211_sub_if_data *sdata =
+		container_of(work, struct ieee80211_sub_if_data,
+			     color_change_finalize_work);
+	struct ieee80211_local *local = sdata->local;
+
+	sdata_lock(sdata);
+	mutex_lock(&local->mtx);
+
+	/* AP might have been stopped while waiting for the lock. */
+	if (!sdata->vif.color_change_active)
+		goto unlock;
+
+	if (!ieee80211_sdata_running(sdata))
+		goto unlock;
+
+	ieee80211_color_change_finalize(sdata);
+
+unlock:
+	mutex_unlock(&local->mtx);
+	sdata_unlock(sdata);
+}
+
+void ieee80211_color_change_finish(struct ieee80211_vif *vif)
+{
+	struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
+
+	ieee80211_queue_work(&sdata->local->hw,
+			     &sdata->color_change_finalize_work);
+}
+EXPORT_SYMBOL_GPL(ieee80211_color_change_finish);
+
+void
+ieeee80211_obss_color_collision_notify(struct ieee80211_vif *vif,
+				       u64 color_bitmap)
+{
+	struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
+
+	if (sdata->vif.color_change_active || sdata->vif.csa_active)
+		return;
+
+	cfg80211_obss_color_collision_notify(sdata->dev, color_bitmap);
+}
+EXPORT_SYMBOL_GPL(ieeee80211_obss_color_collision_notify);
+
+static int
+ieee80211_color_change(struct wiphy *wiphy, struct net_device *dev,
+		       struct cfg80211_color_change_settings *params)
+{
+	struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
+	struct ieee80211_local *local = sdata->local;
+	u32 changed = 0;
+	int err;
+
+	sdata_assert_lock(sdata);
+
+	mutex_lock(&local->mtx);
+
+	/* don't allow another color change if one is already active or if csa
+	 * is active
+	 */
+	if (sdata->vif.color_change_active || sdata->vif.csa_active) {
+		err = -EBUSY;
+		goto out;
+	}
+
+	err = ieee80211_set_color_change_beacon(sdata, params, &changed);
+	if (err)
+		goto out;
+
+	sdata->vif.color_change_active = true;
+	sdata->vif.color_change_color = params->color;
+
+	cfg80211_color_change_started_notify(sdata->dev, params->count);
+
+	if (changed)
+		ieee80211_color_change_bss_config_notify(sdata, 0, 0, changed);
+	else
+		/* if the beacon didn't change, we can finalize immediately */
+		ieee80211_color_change_finalize(sdata);
+
+out:
+	mutex_unlock(&local->mtx);
+
+	return err;
+}
+
+ const struct cfg80211_ops mac80211_config_ops = {
+ 	.add_virtual_intf = ieee80211_add_iface,
+ 	.del_virtual_intf = ieee80211_del_iface,
+@@ -4251,4 +4462,5 @@ const struct cfg80211_ops mac80211_confi
+ 	.set_tid_config = ieee80211_set_tid_config,
+ 	.reset_tid_config = ieee80211_reset_tid_config,
+ 	.set_sar_specs = ieee80211_set_sar_specs,
+	.color_change = ieee80211_color_change,
+ };
+--- a/net/mac80211/ieee80211_i.h
+++ b/net/mac80211/ieee80211_i.h
+@@ -248,6 +248,12 @@ struct ieee80211_csa_settings {
+ 	u8 count;
+ };
+ 
+struct ieee80211_color_change_settings {
+	u16 counter_offset_beacon;
+	u16 counter_offset_presp;
+	u8 count;
+};
+
+ struct beacon_data {
+ 	u8 *head, *tail;
+ 	int head_len, tail_len;
+@@ -932,6 +938,8 @@ struct ieee80211_sub_if_data {
+ 	bool csa_block_tx; /* write-protected by sdata_lock and local->mtx */
+ 	struct cfg80211_chan_def csa_chandef;
+ 
+	struct work_struct color_change_finalize_work;
+
+ 	struct list_head assigned_chanctx_list; /* protected by chanctx_mtx */
+ 	struct list_head reserved_chanctx_list; /* protected by chanctx_mtx */
+ 
+@@ -1900,6 +1908,9 @@ void ieee80211_csa_finalize_work(struct
+ int ieee80211_channel_switch(struct wiphy *wiphy, struct net_device *dev,
+ 			     struct cfg80211_csa_settings *params);
+ 
+/* color change handling */
+void ieee80211_color_change_finalize_work(struct work_struct *work);
+
+ /* interface handling */
+ #define MAC80211_SUPPORTED_FEATURES_TX	(NETIF_F_IP_CSUM | NETIF_F_IPV6_CSUM | \
+ 					 NETIF_F_HW_CSUM | NETIF_F_SG | \
+--- a/net/mac80211/iface.c
+++ b/net/mac80211/iface.c
+@@ -465,6 +465,7 @@ static void ieee80211_do_stop(struct iee
+ 	sdata_unlock(sdata);
+ 
+ 	cancel_work_sync(&sdata->csa_finalize_work);
+	cancel_work_sync(&sdata->color_change_finalize_work);
+ 
+ 	cancel_delayed_work_sync(&sdata->dfs_cac_timer_work);
+ 
+@@ -1639,6 +1640,7 @@ static void ieee80211_setup_sdata(struct
+ 	INIT_WORK(&sdata->work, ieee80211_iface_work);
+ 	INIT_WORK(&sdata->recalc_smps, ieee80211_recalc_smps_work);
+ 	INIT_WORK(&sdata->csa_finalize_work, ieee80211_csa_finalize_work);
+	INIT_WORK(&sdata->color_change_finalize_work, ieee80211_color_change_finalize_work);
+ 	INIT_LIST_HEAD(&sdata->assigned_chanctx_list);
+ 	INIT_LIST_HEAD(&sdata->reserved_chanctx_list);
+ 
+--- a/net/mac80211/tx.c
+++ b/net/mac80211/tx.c
+@@ -4802,11 +4802,11 @@ static int ieee80211_beacon_add_tim(stru
+ static void ieee80211_set_beacon_cntdwn(struct ieee80211_sub_if_data *sdata,
+ 					struct beacon_data *beacon)
+ {
+	u8 *beacon_data, count, max_count = 1;
+ 	struct probe_resp *resp;
+-	u8 *beacon_data;
+ 	size_t beacon_data_len;
+	u16 *bcn_offsets;
+ 	int i;
+-	u8 count = beacon->cntdwn_current_counter;
+ 
+ 	switch (sdata->vif.type) {
+ 	case NL80211_IFTYPE_AP:
+@@ -4826,21 +4826,27 @@ static void ieee80211_set_beacon_cntdwn(
+ 	}
+ 
+ 	rcu_read_lock();
+-	for (i = 0; i < IEEE80211_MAX_CNTDWN_COUNTERS_NUM; ++i) {
+-		resp = rcu_dereference(sdata->u.ap.probe_resp);
+	resp = rcu_dereference(sdata->u.ap.probe_resp);
+ 
+-		if (beacon->cntdwn_counter_offsets[i]) {
+-			if (WARN_ON_ONCE(beacon->cntdwn_counter_offsets[i] >=
+-					 beacon_data_len)) {
+	bcn_offsets = beacon->cntdwn_counter_offsets;
+	count = beacon->cntdwn_current_counter;
+	if (sdata->vif.csa_active)
+		max_count = IEEE80211_MAX_CNTDWN_COUNTERS_NUM;
+
+	for (i = 0; i < max_count; ++i) {
+		if (bcn_offsets[i]) {
+			if (WARN_ON_ONCE(bcn_offsets[i] >= beacon_data_len)) {
+ 				rcu_read_unlock();
+ 				return;
+ 			}
+-
+-			beacon_data[beacon->cntdwn_counter_offsets[i]] = count;
+			beacon_data[bcn_offsets[i]] = count;
+ 		}
+ 
+-		if (sdata->vif.type == NL80211_IFTYPE_AP && resp)
+-			resp->data[resp->cntdwn_counter_offsets[i]] = count;
+		if (sdata->vif.type == NL80211_IFTYPE_AP && resp) {
+			u16 *resp_offsets = resp->cntdwn_counter_offsets;
+
+			resp->data[resp_offsets[i]] = count;
+		}
+ 	}
+ 	rcu_read_unlock();
+ }
+@@ -5050,6 +5056,7 @@ __ieee80211_beacon_get(struct ieee80211_
+ 			if (offs) {
+ 				offs->tim_offset = beacon->head_len;
+ 				offs->tim_length = skb->len - beacon->head_len;
+				offs->cntdwn_counter_offs[0] = beacon->cntdwn_counter_offsets[0];
+ 
+ 				/* for AP the csa offsets are from tail */
+ 				csa_off_base = skb->len;
--- a/package/kernel/mac80211/patches/subsys/389-ieee80211-add-TWT-element-definitions.patch
+++ b/package/kernel/mac80211/patches/subsys/389-ieee80211-add-TWT-element-definitions.patch
@@ -0,0 +1,112 @@
+From: Lorenzo Bianconi <lorenzo@kernel.org>
+Date: Mon, 23 Aug 2021 20:02:38 +0200
+Subject: [PATCH] ieee80211: add TWT element definitions
+
+Introduce TWT definitions and TWT Information element structure
+in ieee80211.h
+
+Tested-by: Peter Chiu <chui-hao.chiu@mediatek.com>
+Signed-off-by: Lorenzo Bianconi <lorenzo@kernel.org>
+Link: https://lore.kernel.org/r/71d8b581fe4b5abc5b92f8d77ac2de3e2f7591b6.1629741512.git.lorenzo@kernel.org
+Signed-off-by: Johannes Berg <johannes.berg@intel.com>
+---
+
+--- a/include/linux/ieee80211.h
+++ b/include/linux/ieee80211.h
+@@ -1088,6 +1088,48 @@ struct ieee80211_ext {
+ 	} u;
+ } __packed __aligned(2);
+ 
+#define IEEE80211_TWT_CONTROL_NDP			BIT(0)
+#define IEEE80211_TWT_CONTROL_RESP_MODE			BIT(1)
+#define IEEE80211_TWT_CONTROL_NEG_TYPE_BROADCAST	BIT(3)
+#define IEEE80211_TWT_CONTROL_RX_DISABLED		BIT(4)
+#define IEEE80211_TWT_CONTROL_WAKE_DUR_UNIT		BIT(5)
+
+#define IEEE80211_TWT_REQTYPE_REQUEST			BIT(0)
+#define IEEE80211_TWT_REQTYPE_SETUP_CMD			GENMASK(3, 1)
+#define IEEE80211_TWT_REQTYPE_TRIGGER			BIT(4)
+#define IEEE80211_TWT_REQTYPE_IMPLICIT			BIT(5)
+#define IEEE80211_TWT_REQTYPE_FLOWTYPE			BIT(6)
+#define IEEE80211_TWT_REQTYPE_FLOWID			GENMASK(9, 7)
+#define IEEE80211_TWT_REQTYPE_WAKE_INT_EXP		GENMASK(14, 10)
+#define IEEE80211_TWT_REQTYPE_PROTECTION		BIT(15)
+
+enum ieee80211_twt_setup_cmd {
+	TWT_SETUP_CMD_REQUEST,
+	TWT_SETUP_CMD_SUGGEST,
+	TWT_SETUP_CMD_DEMAND,
+	TWT_SETUP_CMD_GROUPING,
+	TWT_SETUP_CMD_ACCEPT,
+	TWT_SETUP_CMD_ALTERNATE,
+	TWT_SETUP_CMD_DICTATE,
+	TWT_SETUP_CMD_REJECT,
+};
+
+struct ieee80211_twt_params {
+	__le16 req_type;
+	__le64 twt;
+	u8 min_twt_dur;
+	__le16 mantissa;
+	u8 channel;
+} __packed;
+
+struct ieee80211_twt_setup {
+	u8 dialog_token;
+	u8 element_id;
+	u8 length;
+	u8 control;
+	u8 params[];
+} __packed;
+
+ struct ieee80211_mgmt {
+ 	__le16 frame_control;
+ 	__le16 duration;
+@@ -1252,6 +1294,10 @@ struct ieee80211_mgmt {
+ 					__le16 toa_error;
+ 					u8 variable[0];
+ 				} __packed ftm;
+				struct {
+					u8 action_code;
+					u8 variable[];
+				} __packed s1g;
+ 			} u;
+ 		} __packed action;
+ 	} u;
+@@ -2880,6 +2926,7 @@ enum ieee80211_eid {
+ 	WLAN_EID_AID_RESPONSE = 211,
+ 	WLAN_EID_S1G_BCN_COMPAT = 213,
+ 	WLAN_EID_S1G_SHORT_BCN_INTERVAL = 214,
+	WLAN_EID_S1G_TWT = 216,
+ 	WLAN_EID_S1G_CAPABILITIES = 217,
+ 	WLAN_EID_VENDOR_SPECIFIC = 221,
+ 	WLAN_EID_QOS_PARAMETER = 222,
+@@ -2948,6 +2995,7 @@ enum ieee80211_category {
+ 	WLAN_CATEGORY_FST = 18,
+ 	WLAN_CATEGORY_UNPROT_DMG = 20,
+ 	WLAN_CATEGORY_VHT = 21,
+	WLAN_CATEGORY_S1G = 22,
+ 	WLAN_CATEGORY_VENDOR_SPECIFIC_PROTECTED = 126,
+ 	WLAN_CATEGORY_VENDOR_SPECIFIC = 127,
+ };
+@@ -3021,6 +3069,20 @@ enum ieee80211_key_len {
+ 	WLAN_KEY_LEN_BIP_GMAC_256 = 32,
+ };
+ 
+enum ieee80211_s1g_actioncode {
+	WLAN_S1G_AID_SWITCH_REQUEST,
+	WLAN_S1G_AID_SWITCH_RESPONSE,
+	WLAN_S1G_SYNC_CONTROL,
+	WLAN_S1G_STA_INFO_ANNOUNCE,
+	WLAN_S1G_EDCA_PARAM_SET,
+	WLAN_S1G_EL_OPERATION,
+	WLAN_S1G_TWT_SETUP,
+	WLAN_S1G_TWT_TEARDOWN,
+	WLAN_S1G_SECT_GROUP_ID_LIST,
+	WLAN_S1G_SECT_ID_FEEDBACK,
+	WLAN_S1G_TWT_INFORMATION = 11,
+};
+
+ #define IEEE80211_WEP_IV_LEN		4
+ #define IEEE80211_WEP_ICV_LEN		4
+ #define IEEE80211_CCMP_HDR_LEN		8
--- a/package/kernel/mac80211/patches/subsys/390-mac80211-introduce-individual-TWT-support-in-AP-mode.patch
+++ b/package/kernel/mac80211/patches/subsys/390-mac80211-introduce-individual-TWT-support-in-AP-mode.patch
@@ -0,0 +1,576 @@
+From: Lorenzo Bianconi <lorenzo@kernel.org>
+Date: Mon, 23 Aug 2021 20:02:39 +0200
+Subject: [PATCH] mac80211: introduce individual TWT support in AP mode
+
+Introduce TWT action frames parsing support to mac80211.
+Currently just individual TWT agreement are support in AP mode.
+Whenever the AP receives a TWT action frame from an associated client,
+after performing sanity checks, it will notify the underlay driver with
+requested parameters in order to check if they are supported and if there
+is enough room for a new agreement. The driver is expected to set the
+agreement result and report it to mac80211.
+
+Drivers supporting this have two new callbacks:
+ - add_twt_setup (mandatory)
+ - twt_teardown_request (optional)
+
+mac80211 will send an action frame reply according to the result
+reported by the driver.
+
+Tested-by: Peter Chiu <chui-hao.chiu@mediatek.com>
+Signed-off-by: Lorenzo Bianconi <lorenzo@kernel.org>
+Link: https://lore.kernel.org/r/257512f2e22ba42b9f2624942a128dd8f141de4b.1629741512.git.lorenzo@kernel.org
+[use le16p_replace_bits(), minor cleanups, use (void *) casts,
+ fix to use ieee80211_get_he_iftype_cap() correctly]
+Signed-off-by: Johannes Berg <johannes.berg@intel.com>
+---
+
+--- a/include/net/mac80211.h
+++ b/include/net/mac80211.h
+@@ -4219,6 +4219,11 @@ struct ieee80211_ops {
+ 	void (*sta_set_decap_offload)(struct ieee80211_hw *hw,
+ 				      struct ieee80211_vif *vif,
+ 				      struct ieee80211_sta *sta, bool enabled);
+	void (*add_twt_setup)(struct ieee80211_hw *hw,
+			      struct ieee80211_sta *sta,
+			      struct ieee80211_twt_setup *twt);
+	void (*twt_teardown_request)(struct ieee80211_hw *hw,
+				     struct ieee80211_sta *sta, u8 flowid);
+ };
+ 
+ /**
+--- a/net/mac80211/driver-ops.h
+++ b/net/mac80211/driver-ops.h
+@@ -1432,4 +1432,40 @@ static inline void drv_sta_set_decap_off
+ 	trace_drv_return_void(local);
+ }
+ 
+static inline void drv_add_twt_setup(struct ieee80211_local *local,
+				     struct ieee80211_sub_if_data *sdata,
+				     struct ieee80211_sta *sta,
+				     struct ieee80211_twt_setup *twt)
+{
+	struct ieee80211_twt_params *twt_agrt;
+
+	might_sleep();
+
+	if (!check_sdata_in_driver(sdata))
+		return;
+
+	twt_agrt = (void *)twt->params;
+
+	trace_drv_add_twt_setup(local, sta, twt, twt_agrt);
+	local->ops->add_twt_setup(&local->hw, sta, twt);
+	trace_drv_return_void(local);
+}
+
+static inline void drv_twt_teardown_request(struct ieee80211_local *local,
+					    struct ieee80211_sub_if_data *sdata,
+					    struct ieee80211_sta *sta,
+					    u8 flowid)
+{
+	might_sleep();
+	if (!check_sdata_in_driver(sdata))
+		return;
+
+	if (!local->ops->twt_teardown_request)
+		return;
+
+	trace_drv_twt_teardown_request(local, sta, flowid);
+	local->ops->twt_teardown_request(&local->hw, sta, flowid);
+	trace_drv_return_void(local);
+}
+
+ #endif /* __MAC80211_DRIVER_OPS */
+--- a/net/mac80211/ieee80211_i.h
+++ b/net/mac80211/ieee80211_i.h
+@@ -954,6 +954,7 @@ struct ieee80211_sub_if_data {
+ 
+ 	struct work_struct work;
+ 	struct sk_buff_head skb_queue;
+	struct sk_buff_head status_queue;
+ 
+ 	u8 needed_rx_chains;
+ 	enum ieee80211_smps_mode smps_mode;
+@@ -2093,6 +2094,11 @@ ieee80211_he_op_ie_to_bss_conf(struct ie
+ 
+ /* S1G */
+ void ieee80211_s1g_sta_rate_init(struct sta_info *sta);
+bool ieee80211_s1g_is_twt_setup(struct sk_buff *skb);
+void ieee80211_s1g_rx_twt_action(struct ieee80211_sub_if_data *sdata,
+				 struct sk_buff *skb);
+void ieee80211_s1g_status_twt_action(struct ieee80211_sub_if_data *sdata,
+				     struct sk_buff *skb);
+ 
+ /* Spectrum management */
+ void ieee80211_process_measurement_req(struct ieee80211_sub_if_data *sdata,
+--- a/net/mac80211/iface.c
+++ b/net/mac80211/iface.c
+@@ -563,6 +563,7 @@ static void ieee80211_do_stop(struct iee
+ 		 */
+ 		ieee80211_free_keys(sdata, true);
+ 		skb_queue_purge(&sdata->skb_queue);
+		skb_queue_purge(&sdata->status_queue);
+ 	}
+ 
+ 	spin_lock_irqsave(&local->queue_stop_reason_lock, flags);
+@@ -1070,6 +1071,7 @@ int ieee80211_add_virtual_monitor(struct
+ 	}
+ 
+ 	skb_queue_head_init(&sdata->skb_queue);
+	skb_queue_head_init(&sdata->status_queue);
+ 	INIT_WORK(&sdata->work, ieee80211_iface_work);
+ 
+ 	return 0;
+@@ -1442,6 +1444,24 @@ static void ieee80211_if_setup_no_queue(
+ #endif
+ }
+ 
+static void ieee80211_iface_process_status(struct ieee80211_sub_if_data *sdata,
+					   struct sk_buff *skb)
+{
+	struct ieee80211_mgmt *mgmt = (void *)skb->data;
+
+	if (ieee80211_is_action(mgmt->frame_control) &&
+	    mgmt->u.action.category == WLAN_CATEGORY_S1G) {
+		switch (mgmt->u.action.u.s1g.action_code) {
+		case WLAN_S1G_TWT_TEARDOWN:
+		case WLAN_S1G_TWT_SETUP:
+			ieee80211_s1g_status_twt_action(sdata, skb);
+			break;
+		default:
+			break;
+		}
+	}
+}
+
+ static void ieee80211_iface_work(struct work_struct *work)
+ {
+ 	struct ieee80211_sub_if_data *sdata =
+@@ -1519,6 +1539,16 @@ static void ieee80211_iface_work(struct
+ 				WARN_ON(1);
+ 				break;
+ 			}
+		} else if (ieee80211_is_action(mgmt->frame_control) &&
+			   mgmt->u.action.category == WLAN_CATEGORY_S1G) {
+			switch (mgmt->u.action.u.s1g.action_code) {
+			case WLAN_S1G_TWT_TEARDOWN:
+			case WLAN_S1G_TWT_SETUP:
+				ieee80211_s1g_rx_twt_action(sdata, skb);
+				break;
+			default:
+				break;
+			}
+ 		} else if (ieee80211_is_ext(mgmt->frame_control)) {
+ 			if (sdata->vif.type == NL80211_IFTYPE_STATION)
+ 				ieee80211_sta_rx_queued_ext(sdata, skb);
+@@ -1574,6 +1604,12 @@ static void ieee80211_iface_work(struct
+ 		kfree_skb(skb);
+ 	}
+ 
+	/* process status queue */
+	while ((skb = skb_dequeue(&sdata->status_queue))) {
+		ieee80211_iface_process_status(sdata, skb);
+		kfree_skb(skb);
+	}
+
+ 	/* then other type-dependent work */
+ 	switch (sdata->vif.type) {
+ 	case NL80211_IFTYPE_STATION:
+@@ -1637,6 +1673,7 @@ static void ieee80211_setup_sdata(struct
+ 	}
+ 
+ 	skb_queue_head_init(&sdata->skb_queue);
+	skb_queue_head_init(&sdata->status_queue);
+ 	INIT_WORK(&sdata->work, ieee80211_iface_work);
+ 	INIT_WORK(&sdata->recalc_smps, ieee80211_recalc_smps_work);
+ 	INIT_WORK(&sdata->csa_finalize_work, ieee80211_csa_finalize_work);
+--- a/net/mac80211/rx.c
+++ b/net/mac80211/rx.c
+@@ -3210,6 +3210,68 @@ ieee80211_rx_h_mgmt_check(struct ieee802
+ 	return RX_CONTINUE;
+ }
+ 
+static bool
+ieee80211_process_rx_twt_action(struct ieee80211_rx_data *rx)
+{
+	struct ieee80211_mgmt *mgmt = (struct ieee80211_mgmt *)rx->skb->data;
+	struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(rx->skb);
+	struct ieee80211_sub_if_data *sdata = rx->sdata;
+	const struct ieee80211_sta_he_cap *hecap;
+	struct ieee80211_supported_band *sband;
+
+	/* TWT actions are only supported in AP for the moment */
+	if (sdata->vif.type != NL80211_IFTYPE_AP)
+		return false;
+
+	if (!rx->local->ops->add_twt_setup)
+		return false;
+
+	sband = rx->local->hw.wiphy->bands[status->band];
+	hecap = ieee80211_get_he_iftype_cap(sband,
+					    ieee80211_vif_type_p2p(&sdata->vif));
+	if (!hecap)
+		return false;
+
+	if (!(hecap->he_cap_elem.mac_cap_info[0] &
+	      IEEE80211_HE_MAC_CAP0_TWT_RES))
+		return false;
+
+	if (!rx->sta)
+		return false;
+
+	switch (mgmt->u.action.u.s1g.action_code) {
+	case WLAN_S1G_TWT_SETUP: {
+		struct ieee80211_twt_setup *twt;
+
+		if (rx->skb->len < IEEE80211_MIN_ACTION_SIZE +
+				   1 + /* action code */
+				   sizeof(struct ieee80211_twt_setup) +
+				   2 /* TWT req_type agrt */)
+			break;
+
+		twt = (void *)mgmt->u.action.u.s1g.variable;
+		if (twt->element_id != WLAN_EID_S1G_TWT)
+			break;
+
+		if (rx->skb->len < IEEE80211_MIN_ACTION_SIZE +
+				   4 + /* action code + token + tlv */
+				   twt->length)
+			break;
+
+		return true; /* queue the frame */
+	}
+	case WLAN_S1G_TWT_TEARDOWN:
+		if (rx->skb->len < IEEE80211_MIN_ACTION_SIZE + 2)
+			break;
+
+		return true; /* queue the frame */
+	default:
+		break;
+	}
+
+	return false;
+}
+
+ static ieee80211_rx_result debug_noinline
+ ieee80211_rx_h_action(struct ieee80211_rx_data *rx)
+ {
+@@ -3489,6 +3551,17 @@ ieee80211_rx_h_action(struct ieee80211_r
+ 		    !mesh_path_sel_is_hwmp(sdata))
+ 			break;
+ 		goto queue;
+	case WLAN_CATEGORY_S1G:
+		switch (mgmt->u.action.u.s1g.action_code) {
+		case WLAN_S1G_TWT_SETUP:
+		case WLAN_S1G_TWT_TEARDOWN:
+			if (ieee80211_process_rx_twt_action(rx))
+				goto queue;
+			break;
+		default:
+			break;
+		}
+		break;
+ 	}
+ 
+ 	return RX_CONTINUE;
+--- a/net/mac80211/s1g.c
+++ b/net/mac80211/s1g.c
+@@ -6,6 +6,7 @@
+ #include <linux/ieee80211.h>
+ #include <net/mac80211.h>
+ #include "ieee80211_i.h"
+#include "driver-ops.h"
+ 
+ void ieee80211_s1g_sta_rate_init(struct sta_info *sta)
+ {
+@@ -14,3 +15,182 @@ void ieee80211_s1g_sta_rate_init(struct
+ 	sta->rx_stats.last_rate =
+ 			STA_STATS_FIELD(TYPE, STA_STATS_RATE_TYPE_S1G);
+ }
+
+bool ieee80211_s1g_is_twt_setup(struct sk_buff *skb)
+{
+	struct ieee80211_mgmt *mgmt = (struct ieee80211_mgmt *)skb->data;
+
+	if (likely(!ieee80211_is_action(mgmt->frame_control)))
+		return false;
+
+	if (likely(mgmt->u.action.category != WLAN_CATEGORY_S1G))
+		return false;
+
+	return mgmt->u.action.u.s1g.action_code == WLAN_S1G_TWT_SETUP;
+}
+
+static void
+ieee80211_s1g_send_twt_setup(struct ieee80211_sub_if_data *sdata, const u8 *da,
+			     const u8 *bssid, struct ieee80211_twt_setup *twt)
+{
+	int len = IEEE80211_MIN_ACTION_SIZE + 4 + twt->length;
+	struct ieee80211_local *local = sdata->local;
+	struct ieee80211_mgmt *mgmt;
+	struct sk_buff *skb;
+
+	skb = dev_alloc_skb(local->hw.extra_tx_headroom + len);
+	if (!skb)
+		return;
+
+	skb_reserve(skb, local->hw.extra_tx_headroom);
+	mgmt = skb_put_zero(skb, len);
+	mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT |
+					  IEEE80211_STYPE_ACTION);
+	memcpy(mgmt->da, da, ETH_ALEN);
+	memcpy(mgmt->sa, sdata->vif.addr, ETH_ALEN);
+	memcpy(mgmt->bssid, bssid, ETH_ALEN);
+
+	mgmt->u.action.category = WLAN_CATEGORY_S1G;
+	mgmt->u.action.u.s1g.action_code = WLAN_S1G_TWT_SETUP;
+	memcpy(mgmt->u.action.u.s1g.variable, twt, 3 + twt->length);
+
+	IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT |
+					IEEE80211_TX_INTFL_MLME_CONN_TX |
+					IEEE80211_TX_CTL_REQ_TX_STATUS;
+	ieee80211_tx_skb(sdata, skb);
+}
+
+static void
+ieee80211_s1g_send_twt_teardown(struct ieee80211_sub_if_data *sdata,
+				const u8 *da, const u8 *bssid, u8 flowid)
+{
+	struct ieee80211_local *local = sdata->local;
+	struct ieee80211_mgmt *mgmt;
+	struct sk_buff *skb;
+	u8 *id;
+
+	skb = dev_alloc_skb(local->hw.extra_tx_headroom +
+			    IEEE80211_MIN_ACTION_SIZE + 2);
+	if (!skb)
+		return;
+
+	skb_reserve(skb, local->hw.extra_tx_headroom);
+	mgmt = skb_put_zero(skb, IEEE80211_MIN_ACTION_SIZE + 2);
+	mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT |
+					  IEEE80211_STYPE_ACTION);
+	memcpy(mgmt->da, da, ETH_ALEN);
+	memcpy(mgmt->sa, sdata->vif.addr, ETH_ALEN);
+	memcpy(mgmt->bssid, bssid, ETH_ALEN);
+
+	mgmt->u.action.category = WLAN_CATEGORY_S1G;
+	mgmt->u.action.u.s1g.action_code = WLAN_S1G_TWT_TEARDOWN;
+	id = (u8 *)mgmt->u.action.u.s1g.variable;
+	*id = flowid;
+
+	IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT |
+					IEEE80211_TX_CTL_REQ_TX_STATUS;
+	ieee80211_tx_skb(sdata, skb);
+}
+
+static void
+ieee80211_s1g_rx_twt_setup(struct ieee80211_sub_if_data *sdata,
+			   struct sta_info *sta, struct sk_buff *skb)
+{
+	struct ieee80211_mgmt *mgmt = (void *)skb->data;
+	struct ieee80211_twt_setup *twt = (void *)mgmt->u.action.u.s1g.variable;
+	struct ieee80211_twt_params *twt_agrt = (void *)twt->params;
+
+	twt_agrt->req_type &= cpu_to_le16(~IEEE80211_TWT_REQTYPE_REQUEST);
+
+	/* broadcast TWT not supported yet */
+	if (twt->control & IEEE80211_TWT_CONTROL_NEG_TYPE_BROADCAST) {
+		le16p_replace_bits(&twt_agrt->req_type,
+				   TWT_SETUP_CMD_REJECT,
+				   IEEE80211_TWT_REQTYPE_SETUP_CMD);
+		goto out;
+	}
+
+	drv_add_twt_setup(sdata->local, sdata, &sta->sta, twt);
+out:
+	ieee80211_s1g_send_twt_setup(sdata, mgmt->sa, sdata->vif.addr, twt);
+}
+
+static void
+ieee80211_s1g_rx_twt_teardown(struct ieee80211_sub_if_data *sdata,
+			      struct sta_info *sta, struct sk_buff *skb)
+{
+	struct ieee80211_mgmt *mgmt = (struct ieee80211_mgmt *)skb->data;
+
+	drv_twt_teardown_request(sdata->local, sdata, &sta->sta,
+				 mgmt->u.action.u.s1g.variable[0]);
+}
+
+static void
+ieee80211_s1g_tx_twt_setup_fail(struct ieee80211_sub_if_data *sdata,
+				struct sta_info *sta, struct sk_buff *skb)
+{
+	struct ieee80211_mgmt *mgmt = (struct ieee80211_mgmt *)skb->data;
+	struct ieee80211_twt_setup *twt = (void *)mgmt->u.action.u.s1g.variable;
+	struct ieee80211_twt_params *twt_agrt = (void *)twt->params;
+	u8 flowid = le16_get_bits(twt_agrt->req_type,
+				  IEEE80211_TWT_REQTYPE_FLOWID);
+
+	drv_twt_teardown_request(sdata->local, sdata, &sta->sta, flowid);
+
+	ieee80211_s1g_send_twt_teardown(sdata, mgmt->sa, sdata->vif.addr,
+					flowid);
+}
+
+void ieee80211_s1g_rx_twt_action(struct ieee80211_sub_if_data *sdata,
+				 struct sk_buff *skb)
+{
+	struct ieee80211_mgmt *mgmt = (struct ieee80211_mgmt *)skb->data;
+	struct ieee80211_local *local = sdata->local;
+	struct sta_info *sta;
+
+	mutex_lock(&local->sta_mtx);
+
+	sta = sta_info_get_bss(sdata, mgmt->sa);
+	if (!sta)
+		goto out;
+
+	switch (mgmt->u.action.u.s1g.action_code) {
+	case WLAN_S1G_TWT_SETUP:
+		ieee80211_s1g_rx_twt_setup(sdata, sta, skb);
+		break;
+	case WLAN_S1G_TWT_TEARDOWN:
+		ieee80211_s1g_rx_twt_teardown(sdata, sta, skb);
+		break;
+	default:
+		break;
+	}
+
+out:
+	mutex_unlock(&local->sta_mtx);
+}
+
+void ieee80211_s1g_status_twt_action(struct ieee80211_sub_if_data *sdata,
+				     struct sk_buff *skb)
+{
+	struct ieee80211_mgmt *mgmt = (struct ieee80211_mgmt *)skb->data;
+	struct ieee80211_local *local = sdata->local;
+	struct sta_info *sta;
+
+	mutex_lock(&local->sta_mtx);
+
+	sta = sta_info_get_bss(sdata, mgmt->da);
+	if (!sta)
+		goto out;
+
+	switch (mgmt->u.action.u.s1g.action_code) {
+	case WLAN_S1G_TWT_SETUP:
+		/* process failed twt setup frames */
+		ieee80211_s1g_tx_twt_setup_fail(sdata, sta, skb);
+		break;
+	default:
+		break;
+	}
+
+out:
+	mutex_unlock(&local->sta_mtx);
+}
+--- a/net/mac80211/status.c
+++ b/net/mac80211/status.c
+@@ -705,13 +705,26 @@ static void ieee80211_report_used_skb(st
+ 			/* Check to see if packet is a TDLS teardown packet */
+ 			if (ieee80211_is_data(hdr->frame_control) &&
+ 			    (ieee80211_get_tdls_action(skb, hdr_size) ==
+-			     WLAN_TDLS_TEARDOWN))
+			     WLAN_TDLS_TEARDOWN)) {
+ 				ieee80211_tdls_td_tx_handle(local, sdata, skb,
+ 							    info->flags);
+-			else
+			} else if (ieee80211_s1g_is_twt_setup(skb)) {
+				if (!acked) {
+					struct sk_buff *qskb;
+
+					qskb = skb_clone(skb, GFP_ATOMIC);
+					if (qskb) {
+						skb_queue_tail(&sdata->status_queue,
+							       qskb);
+						ieee80211_queue_work(&local->hw,
+								     &sdata->work);
+					}
+				}
+			} else {
+ 				ieee80211_mgd_conn_tx_status(sdata,
+ 							     hdr->frame_control,
+ 							     acked);
+			}
+ 		}
+ 
+ 		rcu_read_unlock();
+--- a/net/mac80211/trace.h
+++ b/net/mac80211/trace.h
+@@ -2804,6 +2804,73 @@ DEFINE_EVENT(sta_flag_evt, drv_sta_set_d
+ 	TP_ARGS(local, sdata, sta, enabled)
+ );
+ 
+TRACE_EVENT(drv_add_twt_setup,
+	TP_PROTO(struct ieee80211_local *local,
+		 struct ieee80211_sta *sta,
+		 struct ieee80211_twt_setup *twt,
+		 struct ieee80211_twt_params *twt_agrt),
+
+	TP_ARGS(local, sta, twt, twt_agrt),
+
+	TP_STRUCT__entry(
+		LOCAL_ENTRY
+		STA_ENTRY
+		__field(u8, dialog_token)
+		__field(u8, control)
+		__field(__le16, req_type)
+		__field(__le64, twt)
+		__field(u8, duration)
+		__field(__le16, mantissa)
+		__field(u8, channel)
+	),
+
+	TP_fast_assign(
+		LOCAL_ASSIGN;
+		STA_ASSIGN;
+		__entry->dialog_token = twt->dialog_token;
+		__entry->control = twt->control;
+		__entry->req_type = twt_agrt->req_type;
+		__entry->twt = twt_agrt->twt;
+		__entry->duration = twt_agrt->min_twt_dur;
+		__entry->mantissa = twt_agrt->mantissa;
+		__entry->channel = twt_agrt->channel;
+	),
+
+	TP_printk(
+		LOCAL_PR_FMT STA_PR_FMT
+		" token:%d control:0x%02x req_type:0x%04x"
+		" twt:%llu duration:%d mantissa:%d channel:%d",
+		LOCAL_PR_ARG, STA_PR_ARG, __entry->dialog_token,
+		__entry->control, le16_to_cpu(__entry->req_type),
+		le64_to_cpu(__entry->twt), __entry->duration,
+		le16_to_cpu(__entry->mantissa), __entry->channel
+	)
+);
+
+TRACE_EVENT(drv_twt_teardown_request,
+	TP_PROTO(struct ieee80211_local *local,
+		 struct ieee80211_sta *sta, u8 flowid),
+
+	TP_ARGS(local, sta, flowid),
+
+	TP_STRUCT__entry(
+		LOCAL_ENTRY
+		STA_ENTRY
+		__field(u8, flowid)
+	),
+
+	TP_fast_assign(
+		LOCAL_ASSIGN;
+		STA_ASSIGN;
+		__entry->flowid = flowid;
+	),
+
+	TP_printk(
+		LOCAL_PR_FMT STA_PR_FMT " flowid:%d",
+		LOCAL_PR_ARG, STA_PR_ARG, __entry->flowid
+	)
+);
+
+ #endif /* !__MAC80211_DRIVER_TRACE || TRACE_HEADER_MULTI_READ */
+ 
+ #undef TRACE_INCLUDE_PATH
--- a/package/kernel/mac80211/patches/subsys/391-wireless-align-some-HE-capabilities-with-the-spec.patch
+++ b/package/kernel/mac80211/patches/subsys/391-wireless-align-some-HE-capabilities-with-the-spec.patch
@@ -0,0 +1,196 @@
+From: Johannes Berg <johannes.berg@intel.com>
+Date: Fri, 9 Apr 2021 12:40:17 +0300
+Subject: [PATCH] wireless: align some HE capabilities with the spec
+
+Some names were changed, align that with the spec as of
+802.11ax-D6.1.
+
+Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
+Link: https://lore.kernel.org/r/iwlwifi.20210409123755.b1e5fbab0d8c.I3eb6076cb0714ec6aec6b8f9dee613ce4a05d825@changeid
+Signed-off-by: Johannes Berg <johannes.berg@intel.com>
+---
+
+--- a/drivers/net/wireless/ath/ath11k/mac.c
+++ b/drivers/net/wireless/ath/ath11k/mac.c
+@@ -3633,7 +3633,7 @@ ath11k_mac_filter_he_cap_mesh(struct iee
+ 	    IEEE80211_HE_MAC_CAP4_BQR;
+ 	he_cap_elem->mac_cap_info[4] &= ~m;
+ 
+-	m = IEEE80211_HE_MAC_CAP5_SUBCHAN_SELECVITE_TRANSMISSION |
+	m = IEEE80211_HE_MAC_CAP5_SUBCHAN_SELECTIVE_TRANSMISSION |
+ 	    IEEE80211_HE_MAC_CAP5_UL_2x996_TONE_RU |
+ 	    IEEE80211_HE_MAC_CAP5_PUNCTURED_SOUNDING |
+ 	    IEEE80211_HE_MAC_CAP5_HT_VHT_TRIG_FRAME_RX;
+@@ -3643,7 +3643,7 @@ ath11k_mac_filter_he_cap_mesh(struct iee
+ 	    IEEE80211_HE_PHY_CAP2_UL_MU_PARTIAL_MU_MIMO;
+ 	he_cap_elem->phy_cap_info[2] &= ~m;
+ 
+-	m = IEEE80211_HE_PHY_CAP3_RX_HE_MU_PPDU_FROM_NON_AP_STA |
+	m = IEEE80211_HE_PHY_CAP3_RX_PARTIAL_BW_SU_IN_20MHZ_MU |
+ 	    IEEE80211_HE_PHY_CAP3_DCM_MAX_CONST_TX_MASK |
+ 	    IEEE80211_HE_PHY_CAP3_DCM_MAX_CONST_RX_MASK;
+ 	he_cap_elem->phy_cap_info[3] &= ~m;
+@@ -3655,13 +3655,13 @@ ath11k_mac_filter_he_cap_mesh(struct iee
+ 	he_cap_elem->phy_cap_info[5] &= ~m;
+ 
+ 	m = IEEE80211_HE_PHY_CAP6_CODEBOOK_SIZE_75_MU |
+-	    IEEE80211_HE_PHY_CAP6_TRIG_MU_BEAMFORMER_FB |
+	    IEEE80211_HE_PHY_CAP6_TRIG_MU_BEAMFORMING_PARTIAL_BW_FB |
+ 	    IEEE80211_HE_PHY_CAP6_TRIG_CQI_FB |
+ 	    IEEE80211_HE_PHY_CAP6_PARTIAL_BANDWIDTH_DL_MUMIMO;
+ 	he_cap_elem->phy_cap_info[6] &= ~m;
+ 
+-	m = IEEE80211_HE_PHY_CAP7_SRP_BASED_SR |
+-	    IEEE80211_HE_PHY_CAP7_POWER_BOOST_FACTOR_AR |
+	m = IEEE80211_HE_PHY_CAP7_PSR_BASED_SR |
+	    IEEE80211_HE_PHY_CAP7_POWER_BOOST_FACTOR_SUPP |
+ 	    IEEE80211_HE_PHY_CAP7_STBC_TX_ABOVE_80MHZ |
+ 	    IEEE80211_HE_PHY_CAP7_STBC_RX_ABOVE_80MHZ;
+ 	he_cap_elem->phy_cap_info[7] &= ~m;
+--- a/drivers/net/wireless/mediatek/mt76/mt7915/init.c
+++ b/drivers/net/wireless/mediatek/mt76/mt7915/init.c
+@@ -307,8 +307,8 @@ mt7915_set_stream_he_txbf_caps(struct ie
+ 	    IEEE80211_HE_PHY_CAP5_BEAMFORMEE_NUM_SND_DIM_ABOVE_80MHZ_MASK;
+ 	elem->phy_cap_info[5] &= ~c;
+ 
+-	c = IEEE80211_HE_PHY_CAP6_TRIG_SU_BEAMFORMER_FB |
+-	    IEEE80211_HE_PHY_CAP6_TRIG_MU_BEAMFORMER_FB;
+	c = IEEE80211_HE_PHY_CAP6_TRIG_SU_BEAMFORMING_FB |
+	    IEEE80211_HE_PHY_CAP6_TRIG_MU_BEAMFORMING_PARTIAL_BW_FB;
+ 	elem->phy_cap_info[6] &= ~c;
+ 
+ 	elem->phy_cap_info[7] &= ~IEEE80211_HE_PHY_CAP7_MAX_NC_MASK;
+@@ -348,8 +348,8 @@ mt7915_set_stream_he_txbf_caps(struct ie
+ 	c = (nss - 1) | (max_t(int, mcs->tx_mcs_160, 1) << 3);
+ 	elem->phy_cap_info[5] |= c;
+ 
+-	c = IEEE80211_HE_PHY_CAP6_TRIG_SU_BEAMFORMER_FB |
+-	    IEEE80211_HE_PHY_CAP6_TRIG_MU_BEAMFORMER_FB;
+	c = IEEE80211_HE_PHY_CAP6_TRIG_SU_BEAMFORMING_FB |
+	    IEEE80211_HE_PHY_CAP6_TRIG_MU_BEAMFORMING_PARTIAL_BW_FB;
+ 	elem->phy_cap_info[6] |= c;
+ }
+ 
+@@ -484,7 +484,7 @@ mt7915_init_he_caps(struct mt7915_phy *p
+ 				IEEE80211_HE_PHY_CAP6_PARTIAL_BW_EXT_RANGE |
+ 				IEEE80211_HE_PHY_CAP6_PPE_THRESHOLD_PRESENT;
+ 			he_cap_elem->phy_cap_info[7] |=
+-				IEEE80211_HE_PHY_CAP7_POWER_BOOST_FACTOR_AR |
+				IEEE80211_HE_PHY_CAP7_POWER_BOOST_FACTOR_SUPP |
+ 				IEEE80211_HE_PHY_CAP7_HE_SU_MU_PPDU_4XLTF_AND_08_US_GI;
+ 			he_cap_elem->phy_cap_info[8] |=
+ 				IEEE80211_HE_PHY_CAP8_20MHZ_IN_40MHZ_HE_PPDU_IN_2G |
+--- a/include/linux/ieee80211.h
+++ b/include/linux/ieee80211.h
+@@ -2065,7 +2065,7 @@ int ieee80211_get_vht_max_nss(struct iee
+ #define IEEE80211_HE_MAC_CAP4_BSRP_BQRP_A_MPDU_AGG		0x01
+ #define IEEE80211_HE_MAC_CAP4_QTP				0x02
+ #define IEEE80211_HE_MAC_CAP4_BQR				0x04
+-#define IEEE80211_HE_MAC_CAP4_SRP_RESP				0x08
+#define IEEE80211_HE_MAC_CAP4_PSR_RESP				0x08
+ #define IEEE80211_HE_MAC_CAP4_NDP_FB_REP			0x10
+ #define IEEE80211_HE_MAC_CAP4_OPS				0x20
+ #define IEEE80211_HE_MAC_CAP4_AMDSU_IN_AMPDU			0x40
+@@ -2076,7 +2076,7 @@ int ieee80211_get_vht_max_nss(struct iee
+ 
+ #define IEEE80211_HE_MAC_CAP5_MULTI_TID_AGG_TX_QOS_B40		0x01
+ #define IEEE80211_HE_MAC_CAP5_MULTI_TID_AGG_TX_QOS_B41		0x02
+-#define IEEE80211_HE_MAC_CAP5_SUBCHAN_SELECVITE_TRANSMISSION	0x04
+#define IEEE80211_HE_MAC_CAP5_SUBCHAN_SELECTIVE_TRANSMISSION	0x04
+ #define IEEE80211_HE_MAC_CAP5_UL_2x996_TONE_RU			0x08
+ #define IEEE80211_HE_MAC_CAP5_OM_CTRL_UL_MU_DATA_DIS_RX		0x10
+ #define IEEE80211_HE_MAC_CAP5_HE_DYNAMIC_SM_PS			0x20
+@@ -2134,7 +2134,7 @@ int ieee80211_get_vht_max_nss(struct iee
+ #define IEEE80211_HE_PHY_CAP3_DCM_MAX_CONST_RX_MASK			0x18
+ #define IEEE80211_HE_PHY_CAP3_DCM_MAX_RX_NSS_1				0x00
+ #define IEEE80211_HE_PHY_CAP3_DCM_MAX_RX_NSS_2				0x20
+-#define IEEE80211_HE_PHY_CAP3_RX_HE_MU_PPDU_FROM_NON_AP_STA		0x40
+#define IEEE80211_HE_PHY_CAP3_RX_PARTIAL_BW_SU_IN_20MHZ_MU		0x40
+ #define IEEE80211_HE_PHY_CAP3_SU_BEAMFORMER				0x80
+ 
+ #define IEEE80211_HE_PHY_CAP4_SU_BEAMFORMEE				0x01
+@@ -2181,15 +2181,15 @@ int ieee80211_get_vht_max_nss(struct iee
+ 
+ #define IEEE80211_HE_PHY_CAP6_CODEBOOK_SIZE_42_SU			0x01
+ #define IEEE80211_HE_PHY_CAP6_CODEBOOK_SIZE_75_MU			0x02
+-#define IEEE80211_HE_PHY_CAP6_TRIG_SU_BEAMFORMER_FB			0x04
+-#define IEEE80211_HE_PHY_CAP6_TRIG_MU_BEAMFORMER_FB			0x08
+#define IEEE80211_HE_PHY_CAP6_TRIG_SU_BEAMFORMING_FB			0x04
+#define IEEE80211_HE_PHY_CAP6_TRIG_MU_BEAMFORMING_PARTIAL_BW_FB		0x08
+ #define IEEE80211_HE_PHY_CAP6_TRIG_CQI_FB				0x10
+ #define IEEE80211_HE_PHY_CAP6_PARTIAL_BW_EXT_RANGE			0x20
+ #define IEEE80211_HE_PHY_CAP6_PARTIAL_BANDWIDTH_DL_MUMIMO		0x40
+ #define IEEE80211_HE_PHY_CAP6_PPE_THRESHOLD_PRESENT			0x80
+ 
+-#define IEEE80211_HE_PHY_CAP7_SRP_BASED_SR				0x01
+-#define IEEE80211_HE_PHY_CAP7_POWER_BOOST_FACTOR_AR			0x02
+#define IEEE80211_HE_PHY_CAP7_PSR_BASED_SR				0x01
+#define IEEE80211_HE_PHY_CAP7_POWER_BOOST_FACTOR_SUPP			0x02
+ #define IEEE80211_HE_PHY_CAP7_HE_SU_MU_PPDU_4XLTF_AND_08_US_GI		0x04
+ #define IEEE80211_HE_PHY_CAP7_MAX_NC_1					0x08
+ #define IEEE80211_HE_PHY_CAP7_MAX_NC_2					0x10
+--- a/net/mac80211/debugfs_sta.c
+++ b/net/mac80211/debugfs_sta.c
+@@ -732,15 +732,15 @@ static ssize_t sta_he_capa_read(struct f
+ 	PFLAG(MAC, 4, BSRP_BQRP_A_MPDU_AGG, "BSRP-BQRP-A-MPDU-AGG");
+ 	PFLAG(MAC, 4, QTP, "QTP");
+ 	PFLAG(MAC, 4, BQR, "BQR");
+-	PFLAG(MAC, 4, SRP_RESP, "SRP-RESP");
+	PFLAG(MAC, 4, PSR_RESP, "PSR-RESP");
+ 	PFLAG(MAC, 4, NDP_FB_REP, "NDP-FB-REP");
+ 	PFLAG(MAC, 4, OPS, "OPS");
+ 	PFLAG(MAC, 4, AMDSU_IN_AMPDU, "AMSDU-IN-AMPDU");
+ 
+ 	PRINT("MULTI-TID-AGG-TX-QOS-%d", ((cap[5] << 1) | (cap[4] >> 7)) & 0x7);
+ 
+-	PFLAG(MAC, 5, SUBCHAN_SELECVITE_TRANSMISSION,
+-	      "SUBCHAN-SELECVITE-TRANSMISSION");
+	PFLAG(MAC, 5, SUBCHAN_SELECTIVE_TRANSMISSION,
+	      "SUBCHAN-SELECTIVE-TRANSMISSION");
+ 	PFLAG(MAC, 5, UL_2x996_TONE_RU, "UL-2x996-TONE-RU");
+ 	PFLAG(MAC, 5, OM_CTRL_UL_MU_DATA_DIS_RX, "OM-CTRL-UL-MU-DATA-DIS-RX");
+ 	PFLAG(MAC, 5, HE_DYNAMIC_SM_PS, "HE-DYNAMIC-SM-PS");
+@@ -832,8 +832,8 @@ static ssize_t sta_he_capa_read(struct f
+ 
+ 	PFLAG(PHY, 3, DCM_MAX_RX_NSS_1, "DCM-MAX-RX-NSS-1");
+ 	PFLAG(PHY, 3, DCM_MAX_RX_NSS_2, "DCM-MAX-RX-NSS-2");
+-	PFLAG(PHY, 3, RX_HE_MU_PPDU_FROM_NON_AP_STA,
+-	      "RX-HE-MU-PPDU-FROM-NON-AP-STA");
+	PFLAG(PHY, 3, RX_PARTIAL_BW_SU_IN_20MHZ_MU,
+	      "RX-PARTIAL-BW-SU-IN-20MHZ-MU");
+ 	PFLAG(PHY, 3, SU_BEAMFORMER, "SU-BEAMFORMER");
+ 
+ 	PFLAG(PHY, 4, SU_BEAMFORMEE, "SU-BEAMFORMEE");
+@@ -853,16 +853,17 @@ static ssize_t sta_he_capa_read(struct f
+ 
+ 	PFLAG(PHY, 6, CODEBOOK_SIZE_42_SU, "CODEBOOK-SIZE-42-SU");
+ 	PFLAG(PHY, 6, CODEBOOK_SIZE_75_MU, "CODEBOOK-SIZE-75-MU");
+-	PFLAG(PHY, 6, TRIG_SU_BEAMFORMER_FB, "TRIG-SU-BEAMFORMER-FB");
+-	PFLAG(PHY, 6, TRIG_MU_BEAMFORMER_FB, "TRIG-MU-BEAMFORMER-FB");
+	PFLAG(PHY, 6, TRIG_SU_BEAMFORMING_FB, "TRIG-SU-BEAMFORMING-FB");
+	PFLAG(PHY, 6, TRIG_MU_BEAMFORMING_PARTIAL_BW_FB,
+	      "MU-BEAMFORMING-PARTIAL-BW-FB");
+ 	PFLAG(PHY, 6, TRIG_CQI_FB, "TRIG-CQI-FB");
+ 	PFLAG(PHY, 6, PARTIAL_BW_EXT_RANGE, "PARTIAL-BW-EXT-RANGE");
+ 	PFLAG(PHY, 6, PARTIAL_BANDWIDTH_DL_MUMIMO,
+ 	      "PARTIAL-BANDWIDTH-DL-MUMIMO");
+ 	PFLAG(PHY, 6, PPE_THRESHOLD_PRESENT, "PPE-THRESHOLD-PRESENT");
+ 
+-	PFLAG(PHY, 7, SRP_BASED_SR, "SRP-BASED-SR");
+-	PFLAG(PHY, 7, POWER_BOOST_FACTOR_AR, "POWER-BOOST-FACTOR-AR");
+	PFLAG(PHY, 7, PSR_BASED_SR, "PSR-BASED-SR");
+	PFLAG(PHY, 7, POWER_BOOST_FACTOR_SUPP, "POWER-BOOST-FACTOR-SUPP");
+ 	PFLAG(PHY, 7, HE_SU_MU_PPDU_4XLTF_AND_08_US_GI,
+ 	      "HE-SU-MU-PPDU-4XLTF-AND-08-US-GI");
+ 	PFLAG_RANGE(PHY, 7, MAX_NC, 0, 1, 1, "MAX-NC-%d");
+--- a/drivers/net/wireless/intel/iwlwifi/iwl-nvm-parse.c
+++ b/drivers/net/wireless/intel/iwlwifi/iwl-nvm-parse.c
+@@ -630,7 +630,7 @@ static struct ieee80211_sband_iftype_dat
+ 				.phy_cap_info[6] =
+ 					IEEE80211_HE_PHY_CAP6_PPE_THRESHOLD_PRESENT,
+ 				.phy_cap_info[7] =
+-					IEEE80211_HE_PHY_CAP7_POWER_BOOST_FACTOR_AR |
+					IEEE80211_HE_PHY_CAP7_POWER_BOOST_FACTOR_SUPP |
+ 					IEEE80211_HE_PHY_CAP7_HE_SU_MU_PPDU_4XLTF_AND_08_US_GI |
+ 					IEEE80211_HE_PHY_CAP7_MAX_NC_1,
+ 				.phy_cap_info[8] =
--- a/package/kernel/mac80211/patches/subsys/392-wireless-fix-spelling-of-A-MSDU-in-HE-capabilities.patch
+++ b/package/kernel/mac80211/patches/subsys/392-wireless-fix-spelling-of-A-MSDU-in-HE-capabilities.patch
@@ -0,0 +1,113 @@
+From: Johannes Berg <johannes.berg@intel.com>
+Date: Fri, 9 Apr 2021 12:40:24 +0300
+Subject: [PATCH] wireless: fix spelling of A-MSDU in HE capabilities
+
+In the HE capabilities, spell A-MSDU correctly, not "A-MDSU".
+
+Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
+Link: https://lore.kernel.org/r/iwlwifi.20210409123755.9e6ff1af1181.If6868bc6902ccd9a95c74c78f716c4b41473ef14@changeid
+Signed-off-by: Johannes Berg <johannes.berg@intel.com>
+---
+
+--- a/drivers/net/wireless/intel/iwlwifi/iwl-nvm-parse.c
+++ b/drivers/net/wireless/intel/iwlwifi/iwl-nvm-parse.c
+@@ -597,7 +597,7 @@ static struct ieee80211_sband_iftype_dat
+ 					IEEE80211_HE_MAC_CAP3_OMI_CONTROL |
+ 					IEEE80211_HE_MAC_CAP3_MAX_AMPDU_LEN_EXP_VHT_2,
+ 				.mac_cap_info[4] =
+-					IEEE80211_HE_MAC_CAP4_AMDSU_IN_AMPDU |
+					IEEE80211_HE_MAC_CAP4_AMSDU_IN_AMPDU |
+ 					IEEE80211_HE_MAC_CAP4_MULTI_TID_AGG_TX_QOS_B39,
+ 				.mac_cap_info[5] =
+ 					IEEE80211_HE_MAC_CAP5_MULTI_TID_AGG_TX_QOS_B40 |
+@@ -681,7 +681,7 @@ static struct ieee80211_sband_iftype_dat
+ 					IEEE80211_HE_MAC_CAP3_OMI_CONTROL |
+ 					IEEE80211_HE_MAC_CAP3_MAX_AMPDU_LEN_EXP_VHT_2,
+ 				.mac_cap_info[4] =
+-					IEEE80211_HE_MAC_CAP4_AMDSU_IN_AMPDU,
+					IEEE80211_HE_MAC_CAP4_AMSDU_IN_AMPDU,
+ 				.mac_cap_info[5] =
+ 					IEEE80211_HE_MAC_CAP5_UL_2x996_TONE_RU,
+ 				.phy_cap_info[0] =
+--- a/drivers/net/wireless/mediatek/mt76/mt7915/init.c
+++ b/drivers/net/wireless/mediatek/mt76/mt7915/init.c
+@@ -427,7 +427,7 @@ mt7915_init_he_caps(struct mt7915_phy *p
+ 			IEEE80211_HE_MAC_CAP3_OMI_CONTROL |
+ 			IEEE80211_HE_MAC_CAP3_MAX_AMPDU_LEN_EXP_RESERVED;
+ 		he_cap_elem->mac_cap_info[4] =
+-			IEEE80211_HE_MAC_CAP4_AMDSU_IN_AMPDU;
+			IEEE80211_HE_MAC_CAP4_AMSDU_IN_AMPDU;
+ 
+ 		if (band == NL80211_BAND_2GHZ)
+ 			he_cap_elem->phy_cap_info[0] =
+--- a/drivers/net/wireless/mediatek/mt76/mt7915/mcu.c
+++ b/drivers/net/wireless/mediatek/mt76/mt7915/mcu.c
+@@ -1358,7 +1358,7 @@ mt7915_mcu_sta_he_tlv(struct sk_buff *sk
+ 	if (elem->mac_cap_info[3] & IEEE80211_HE_MAC_CAP3_OMI_CONTROL)
+ 		cap |= STA_REC_HE_CAP_OM;
+ 
+-	if (elem->mac_cap_info[4] & IEEE80211_HE_MAC_CAP4_AMDSU_IN_AMPDU)
+	if (elem->mac_cap_info[4] & IEEE80211_HE_MAC_CAP4_AMSDU_IN_AMPDU)
+ 		cap |= STA_REC_HE_CAP_AMSDU_IN_AMPDU;
+ 
+ 	if (elem->mac_cap_info[4] & IEEE80211_HE_MAC_CAP4_BQR)
+--- a/include/linux/ieee80211.h
+++ b/include/linux/ieee80211.h
+@@ -2068,7 +2068,7 @@ int ieee80211_get_vht_max_nss(struct iee
+ #define IEEE80211_HE_MAC_CAP4_PSR_RESP				0x08
+ #define IEEE80211_HE_MAC_CAP4_NDP_FB_REP			0x10
+ #define IEEE80211_HE_MAC_CAP4_OPS				0x20
+-#define IEEE80211_HE_MAC_CAP4_AMDSU_IN_AMPDU			0x40
+#define IEEE80211_HE_MAC_CAP4_AMSDU_IN_AMPDU			0x40
+ /* Multi TID agg TX is split between byte #4 and #5
+  * The value is a combination of B39,B40,B41
+  */
+--- a/net/mac80211/debugfs_sta.c
+++ b/net/mac80211/debugfs_sta.c
+@@ -735,7 +735,7 @@ static ssize_t sta_he_capa_read(struct f
+ 	PFLAG(MAC, 4, PSR_RESP, "PSR-RESP");
+ 	PFLAG(MAC, 4, NDP_FB_REP, "NDP-FB-REP");
+ 	PFLAG(MAC, 4, OPS, "OPS");
+-	PFLAG(MAC, 4, AMDSU_IN_AMPDU, "AMSDU-IN-AMPDU");
+	PFLAG(MAC, 4, AMSDU_IN_AMPDU, "AMSDU-IN-AMPDU");
+ 
+ 	PRINT("MULTI-TID-AGG-TX-QOS-%d", ((cap[5] << 1) | (cap[4] >> 7)) & 0x7);
+ 
+--- a/drivers/net/wireless/mac80211_hwsim.c
+++ b/drivers/net/wireless/mac80211_hwsim.c
+@@ -2757,7 +2757,7 @@ static const struct ieee80211_sband_ifty
+ 				.mac_cap_info[3] =
+ 					IEEE80211_HE_MAC_CAP3_OMI_CONTROL |
+ 					IEEE80211_HE_MAC_CAP3_MAX_AMPDU_LEN_EXP_VHT_2,
+-				.mac_cap_info[4] = IEEE80211_HE_MAC_CAP4_AMDSU_IN_AMPDU,
+				.mac_cap_info[4] = IEEE80211_HE_MAC_CAP4_AMSDU_IN_AMPDU,
+ 				.phy_cap_info[1] =
+ 					IEEE80211_HE_PHY_CAP1_PREAMBLE_PUNC_RX_MASK |
+ 					IEEE80211_HE_PHY_CAP1_DEVICE_CLASS_A |
+@@ -2801,7 +2801,7 @@ static const struct ieee80211_sband_ifty
+ 				.mac_cap_info[3] =
+ 					IEEE80211_HE_MAC_CAP3_OMI_CONTROL |
+ 					IEEE80211_HE_MAC_CAP3_MAX_AMPDU_LEN_EXP_VHT_2,
+-				.mac_cap_info[4] = IEEE80211_HE_MAC_CAP4_AMDSU_IN_AMPDU,
+				.mac_cap_info[4] = IEEE80211_HE_MAC_CAP4_AMSDU_IN_AMPDU,
+ 				.phy_cap_info[1] =
+ 					IEEE80211_HE_PHY_CAP1_PREAMBLE_PUNC_RX_MASK |
+ 					IEEE80211_HE_PHY_CAP1_DEVICE_CLASS_A |
+@@ -2847,7 +2847,7 @@ static const struct ieee80211_sband_ifty
+ 				.mac_cap_info[3] =
+ 					IEEE80211_HE_MAC_CAP3_OMI_CONTROL |
+ 					IEEE80211_HE_MAC_CAP3_MAX_AMPDU_LEN_EXP_VHT_2,
+-				.mac_cap_info[4] = IEEE80211_HE_MAC_CAP4_AMDSU_IN_AMPDU,
+				.mac_cap_info[4] = IEEE80211_HE_MAC_CAP4_AMSDU_IN_AMPDU,
+ 				.phy_cap_info[0] =
+ 					IEEE80211_HE_PHY_CAP0_CHANNEL_WIDTH_SET_40MHZ_80MHZ_IN_5G |
+ 					IEEE80211_HE_PHY_CAP0_CHANNEL_WIDTH_SET_160MHZ_IN_5G |
+@@ -2895,7 +2895,7 @@ static const struct ieee80211_sband_ifty
+ 				.mac_cap_info[3] =
+ 					IEEE80211_HE_MAC_CAP3_OMI_CONTROL |
+ 					IEEE80211_HE_MAC_CAP3_MAX_AMPDU_LEN_EXP_VHT_2,
+-				.mac_cap_info[4] = IEEE80211_HE_MAC_CAP4_AMDSU_IN_AMPDU,
+				.mac_cap_info[4] = IEEE80211_HE_MAC_CAP4_AMSDU_IN_AMPDU,
+ 				.phy_cap_info[0] =
+ 					IEEE80211_HE_PHY_CAP0_CHANNEL_WIDTH_SET_40MHZ_80MHZ_IN_5G |
+ 					IEEE80211_HE_PHY_CAP0_CHANNEL_WIDTH_SET_160MHZ_IN_5G |
--- a/package/kernel/mac80211/patches/subsys/393-wireless-align-HE-capabilities-A-MPDU-Length-Exponen.patch
+++ b/package/kernel/mac80211/patches/subsys/393-wireless-align-HE-capabilities-A-MPDU-Length-Exponen.patch
@@ -0,0 +1,148 @@
+From: Johannes Berg <johannes.berg@intel.com>
+Date: Fri, 9 Apr 2021 12:40:20 +0300
+Subject: [PATCH] wireless: align HE capabilities A-MPDU Length Exponent
+ Extension
+
+The A-MPDU length exponent extension is defined differently in
+802.11ax D6.1, align with that.
+
+Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
+Link: https://lore.kernel.org/r/iwlwifi.20210409123755.c2a257d3e2df.I3455245d388c52c61dace7e7958dbed7e807cfb6@changeid
+Signed-off-by: Johannes Berg <johannes.berg@intel.com>
+---
+
+--- a/drivers/net/wireless/ath/ath11k/mac.c
+++ b/drivers/net/wireless/ath/ath11k/mac.c
+@@ -1295,9 +1295,8 @@ static void ath11k_peer_assoc_h_he(struc
+ 	 * request, then use MAX_AMPDU_LEN_FACTOR as 16 to calculate max_ampdu
+ 	 * length.
+ 	 */
+-	ampdu_factor = (he_cap->he_cap_elem.mac_cap_info[3] &
+-			IEEE80211_HE_MAC_CAP3_MAX_AMPDU_LEN_EXP_MASK) >>
+-			IEEE80211_HE_MAC_CAP3_MAX_AMPDU_LEN_EXP_SHIFT;
+	ampdu_factor = u8_get_bits(he_cap->he_cap_elem.mac_cap_info[3],
+				   IEEE80211_HE_MAC_CAP3_MAX_AMPDU_LEN_EXP_MASK);
+ 
+ 	if (ampdu_factor) {
+ 		if (sta->vht_cap.vht_supported)
+--- a/drivers/net/wireless/intel/iwlwifi/iwl-nvm-parse.c
+++ b/drivers/net/wireless/intel/iwlwifi/iwl-nvm-parse.c
+@@ -595,7 +595,7 @@ static struct ieee80211_sband_iftype_dat
+ 					IEEE80211_HE_MAC_CAP2_32BIT_BA_BITMAP,
+ 				.mac_cap_info[3] =
+ 					IEEE80211_HE_MAC_CAP3_OMI_CONTROL |
+-					IEEE80211_HE_MAC_CAP3_MAX_AMPDU_LEN_EXP_VHT_2,
+					IEEE80211_HE_MAC_CAP3_MAX_AMPDU_LEN_EXP_EXT_2,
+ 				.mac_cap_info[4] =
+ 					IEEE80211_HE_MAC_CAP4_AMSDU_IN_AMPDU |
+ 					IEEE80211_HE_MAC_CAP4_MULTI_TID_AGG_TX_QOS_B39,
+@@ -679,7 +679,7 @@ static struct ieee80211_sband_iftype_dat
+ 					IEEE80211_HE_MAC_CAP2_BSR,
+ 				.mac_cap_info[3] =
+ 					IEEE80211_HE_MAC_CAP3_OMI_CONTROL |
+-					IEEE80211_HE_MAC_CAP3_MAX_AMPDU_LEN_EXP_VHT_2,
+					IEEE80211_HE_MAC_CAP3_MAX_AMPDU_LEN_EXP_EXT_2,
+ 				.mac_cap_info[4] =
+ 					IEEE80211_HE_MAC_CAP4_AMSDU_IN_AMPDU,
+ 				.mac_cap_info[5] =
+--- a/drivers/net/wireless/mac80211_hwsim.c
+++ b/drivers/net/wireless/mac80211_hwsim.c
+@@ -2756,7 +2756,7 @@ static const struct ieee80211_sband_ifty
+ 					IEEE80211_HE_MAC_CAP2_ACK_EN,
+ 				.mac_cap_info[3] =
+ 					IEEE80211_HE_MAC_CAP3_OMI_CONTROL |
+-					IEEE80211_HE_MAC_CAP3_MAX_AMPDU_LEN_EXP_VHT_2,
+					IEEE80211_HE_MAC_CAP3_MAX_AMPDU_LEN_EXP_EXT_3,
+ 				.mac_cap_info[4] = IEEE80211_HE_MAC_CAP4_AMSDU_IN_AMPDU,
+ 				.phy_cap_info[1] =
+ 					IEEE80211_HE_PHY_CAP1_PREAMBLE_PUNC_RX_MASK |
+@@ -2800,7 +2800,7 @@ static const struct ieee80211_sband_ifty
+ 					IEEE80211_HE_MAC_CAP2_ACK_EN,
+ 				.mac_cap_info[3] =
+ 					IEEE80211_HE_MAC_CAP3_OMI_CONTROL |
+-					IEEE80211_HE_MAC_CAP3_MAX_AMPDU_LEN_EXP_VHT_2,
+					IEEE80211_HE_MAC_CAP3_MAX_AMPDU_LEN_EXP_EXT_3,
+ 				.mac_cap_info[4] = IEEE80211_HE_MAC_CAP4_AMSDU_IN_AMPDU,
+ 				.phy_cap_info[1] =
+ 					IEEE80211_HE_PHY_CAP1_PREAMBLE_PUNC_RX_MASK |
+@@ -2846,7 +2846,7 @@ static const struct ieee80211_sband_ifty
+ 					IEEE80211_HE_MAC_CAP2_ACK_EN,
+ 				.mac_cap_info[3] =
+ 					IEEE80211_HE_MAC_CAP3_OMI_CONTROL |
+-					IEEE80211_HE_MAC_CAP3_MAX_AMPDU_LEN_EXP_VHT_2,
+					IEEE80211_HE_MAC_CAP3_MAX_AMPDU_LEN_EXP_EXT_3,
+ 				.mac_cap_info[4] = IEEE80211_HE_MAC_CAP4_AMSDU_IN_AMPDU,
+ 				.phy_cap_info[0] =
+ 					IEEE80211_HE_PHY_CAP0_CHANNEL_WIDTH_SET_40MHZ_80MHZ_IN_5G |
+@@ -2894,7 +2894,7 @@ static const struct ieee80211_sband_ifty
+ 					IEEE80211_HE_MAC_CAP2_ACK_EN,
+ 				.mac_cap_info[3] =
+ 					IEEE80211_HE_MAC_CAP3_OMI_CONTROL |
+-					IEEE80211_HE_MAC_CAP3_MAX_AMPDU_LEN_EXP_VHT_2,
+					IEEE80211_HE_MAC_CAP3_MAX_AMPDU_LEN_EXP_EXT_3,
+ 				.mac_cap_info[4] = IEEE80211_HE_MAC_CAP4_AMSDU_IN_AMPDU,
+ 				.phy_cap_info[0] =
+ 					IEEE80211_HE_PHY_CAP0_CHANNEL_WIDTH_SET_40MHZ_80MHZ_IN_5G |
+--- a/drivers/net/wireless/mediatek/mt76/mt7915/init.c
+++ b/drivers/net/wireless/mediatek/mt76/mt7915/init.c
+@@ -425,7 +425,7 @@ mt7915_init_he_caps(struct mt7915_phy *p
+ 			IEEE80211_HE_MAC_CAP0_HTC_HE;
+ 		he_cap_elem->mac_cap_info[3] =
+ 			IEEE80211_HE_MAC_CAP3_OMI_CONTROL |
+-			IEEE80211_HE_MAC_CAP3_MAX_AMPDU_LEN_EXP_RESERVED;
+			IEEE80211_HE_MAC_CAP3_MAX_AMPDU_LEN_EXP_EXT_3;
+ 		he_cap_elem->mac_cap_info[4] =
+ 			IEEE80211_HE_MAC_CAP4_AMSDU_IN_AMPDU;
+ 
+--- a/include/linux/ieee80211.h
+++ b/include/linux/ieee80211.h
+@@ -2051,17 +2051,15 @@ int ieee80211_get_vht_max_nss(struct iee
+  * A-MDPU Length Exponent field in the HT capabilities, VHT capabilities and the
+  * same field in the HE capabilities.
+  */
+-#define IEEE80211_HE_MAC_CAP3_MAX_AMPDU_LEN_EXP_USE_VHT	0x00
+-#define IEEE80211_HE_MAC_CAP3_MAX_AMPDU_LEN_EXP_VHT_1		0x08
+-#define IEEE80211_HE_MAC_CAP3_MAX_AMPDU_LEN_EXP_VHT_2		0x10
+-#define IEEE80211_HE_MAC_CAP3_MAX_AMPDU_LEN_EXP_RESERVED	0x18
+#define IEEE80211_HE_MAC_CAP3_MAX_AMPDU_LEN_EXP_EXT_0		0x00
+#define IEEE80211_HE_MAC_CAP3_MAX_AMPDU_LEN_EXP_EXT_1		0x08
+#define IEEE80211_HE_MAC_CAP3_MAX_AMPDU_LEN_EXP_EXT_2		0x10
+#define IEEE80211_HE_MAC_CAP3_MAX_AMPDU_LEN_EXP_EXT_3		0x18
+ #define IEEE80211_HE_MAC_CAP3_MAX_AMPDU_LEN_EXP_MASK		0x18
+ #define IEEE80211_HE_MAC_CAP3_AMSDU_FRAG			0x20
+ #define IEEE80211_HE_MAC_CAP3_FLEX_TWT_SCHED			0x40
+ #define IEEE80211_HE_MAC_CAP3_RX_CTRL_FRAME_TO_MULTIBSS		0x80
+ 
+-#define IEEE80211_HE_MAC_CAP3_MAX_AMPDU_LEN_EXP_SHIFT		3
+-
+ #define IEEE80211_HE_MAC_CAP4_BSRP_BQRP_A_MPDU_AGG		0x01
+ #define IEEE80211_HE_MAC_CAP4_QTP				0x02
+ #define IEEE80211_HE_MAC_CAP4_BQR				0x04
+--- a/net/mac80211/debugfs_sta.c
+++ b/net/mac80211/debugfs_sta.c
+@@ -711,17 +711,17 @@ static ssize_t sta_he_capa_read(struct f
+ 	PFLAG(MAC, 3, OFDMA_RA, "OFDMA-RA");
+ 
+ 	switch (cap[3] & IEEE80211_HE_MAC_CAP3_MAX_AMPDU_LEN_EXP_MASK) {
+-	case IEEE80211_HE_MAC_CAP3_MAX_AMPDU_LEN_EXP_USE_VHT:
+-		PRINT("MAX-AMPDU-LEN-EXP-USE-VHT");
+	case IEEE80211_HE_MAC_CAP3_MAX_AMPDU_LEN_EXP_EXT_0:
+		PRINT("MAX-AMPDU-LEN-EXP-USE-EXT-0");
+ 		break;
+-	case IEEE80211_HE_MAC_CAP3_MAX_AMPDU_LEN_EXP_VHT_1:
+-		PRINT("MAX-AMPDU-LEN-EXP-VHT-1");
+	case IEEE80211_HE_MAC_CAP3_MAX_AMPDU_LEN_EXP_EXT_1:
+		PRINT("MAX-AMPDU-LEN-EXP-VHT-EXT-1");
+ 		break;
+-	case IEEE80211_HE_MAC_CAP3_MAX_AMPDU_LEN_EXP_VHT_2:
+-		PRINT("MAX-AMPDU-LEN-EXP-VHT-2");
+	case IEEE80211_HE_MAC_CAP3_MAX_AMPDU_LEN_EXP_EXT_2:
+		PRINT("MAX-AMPDU-LEN-EXP-VHT-EXT-2");
+ 		break;
+-	case IEEE80211_HE_MAC_CAP3_MAX_AMPDU_LEN_EXP_RESERVED:
+-		PRINT("MAX-AMPDU-LEN-EXP-RESERVED");
+	case IEEE80211_HE_MAC_CAP3_MAX_AMPDU_LEN_EXP_EXT_3:
+		PRINT("MAX-AMPDU-LEN-EXP-VHT-EXT-3");
+ 		break;
+ 	}
+ 
--- a/package/kernel/mac80211/patches/subsys/394-mac80211-fix-rate-control-for-retransmitted-frames.patch
+++ b/package/kernel/mac80211/patches/subsys/394-mac80211-fix-rate-control-for-retransmitted-frames.patch
@@ -0,0 +1,35 @@
+From: Felix Fietkau <nbd@nbd.name>
+Date: Mon, 22 Nov 2021 21:39:38 +0100
+Subject: [PATCH] mac80211: fix rate control for retransmitted frames
+
+Since retransmission clears info->control, rate control needs to be called
+again, otherwise the driver might crash due to invalid rates.
+
+Cc: stable@vger.kernel.org # 5.14+
+Reported-by: Aaro Koskinen <aaro.koskinen@iki.fi>
+Reported-by: Robert W <rwbugreport@lost-in-the-void.net>
+Fixes: 03c3911d2d67 ("mac80211: call ieee80211_tx_h_rate_ctrl() when dequeue")
+Signed-off-by: Felix Fietkau <nbd@nbd.name>
+---
+
+--- a/net/mac80211/tx.c
+++ b/net/mac80211/tx.c
+@@ -1835,15 +1835,15 @@ static int invoke_tx_handlers_late(struc
+ 	struct ieee80211_tx_info *info = IEEE80211_SKB_CB(tx->skb);
+ 	ieee80211_tx_result res = TX_CONTINUE;
+ 
+	if (!ieee80211_hw_check(&tx->local->hw, HAS_RATE_CONTROL))
+		CALL_TXH(ieee80211_tx_h_rate_ctrl);
+
+ 	if (unlikely(info->flags & IEEE80211_TX_INTFL_RETRANSMISSION)) {
+ 		__skb_queue_tail(&tx->skbs, tx->skb);
+ 		tx->skb = NULL;
+ 		goto txh_done;
+ 	}
+ 
+-	if (!ieee80211_hw_check(&tx->local->hw, HAS_RATE_CONTROL))
+-		CALL_TXH(ieee80211_tx_h_rate_ctrl);
+-
+ 	CALL_TXH(ieee80211_tx_h_michael_mic_add);
+ 	CALL_TXH(ieee80211_tx_h_sequence);
+ 	CALL_TXH(ieee80211_tx_h_fragment);
--- a/package/kernel/mac80211/patches/subsys/395-mac80211-use-coarse-boottime-for-airtime-fairness-co.patch
+++ b/package/kernel/mac80211/patches/subsys/395-mac80211-use-coarse-boottime-for-airtime-fairness-co.patch
@@ -0,0 +1,60 @@
+From: Felix Fietkau <nbd@nbd.name>
+Date: Tue, 14 Dec 2021 17:53:12 +0100
+Subject: [PATCH] mac80211: use coarse boottime for airtime fairness code
+
+The time values used by the airtime fairness code only need to be accurate
+enough to cover station activity detection.
+Using ktime_get_coarse_boottime_ns instead of ktime_get_boottime_ns will
+drop the accuracy down to jiffies intervals, but at the same time saves
+a lot of CPU cycles in a hot path
+
+Signed-off-by: Felix Fietkau <nbd@nbd.name>
+---
+
+--- a/net/mac80211/tx.c
+++ b/net/mac80211/tx.c
+@@ -3834,7 +3834,7 @@ struct ieee80211_txq *ieee80211_next_txq
+ {
+ 	struct ieee80211_local *local = hw_to_local(hw);
+ 	struct airtime_sched_info *air_sched;
+-	u64 now = ktime_get_boottime_ns();
+	u64 now = ktime_get_coarse_boottime_ns();
+ 	struct ieee80211_txq *ret = NULL;
+ 	struct airtime_info *air_info;
+ 	struct txq_info *txqi = NULL;
+@@ -3961,7 +3961,7 @@ void ieee80211_update_airtime_weight(str
+ 	u64 weight_sum = 0;
+ 
+ 	if (unlikely(!now))
+-		now = ktime_get_boottime_ns();
+		now = ktime_get_coarse_boottime_ns();
+ 
+ 	lockdep_assert_held(&air_sched->lock);
+ 
+@@ -3987,7 +3987,7 @@ void ieee80211_schedule_txq(struct ieee8
+ 	struct ieee80211_local *local = hw_to_local(hw);
+ 	struct txq_info *txqi = to_txq_info(txq);
+ 	struct airtime_sched_info *air_sched;
+-	u64 now = ktime_get_boottime_ns();
+	u64 now = ktime_get_coarse_boottime_ns();
+ 	struct airtime_info *air_info;
+ 	u8 ac = txq->ac;
+ 	bool was_active;
+@@ -4045,7 +4045,7 @@ static void __ieee80211_unschedule_txq(s
+ 
+ 	if (!purge)
+ 		airtime_set_active(air_sched, air_info,
+-				   ktime_get_boottime_ns());
+				   ktime_get_coarse_boottime_ns());
+ 
+ 	rb_erase_cached(&txqi->schedule_order,
+ 			&air_sched->active_txqs);
+@@ -4133,7 +4133,7 @@ bool ieee80211_txq_may_transmit(struct i
+ 	if (RB_EMPTY_NODE(&txqi->schedule_order))
+ 		goto out;
+ 
+-	now = ktime_get_boottime_ns();
+	now = ktime_get_coarse_boottime_ns();
+ 
+ 	/* Like in ieee80211_next_txq(), make sure the first station in the
+ 	 * scheduling order is eligible for transmission to avoid starvation.
--- a/package/kernel/mac80211/patches/subsys/400-allow-ibss-mixed.patch
+++ b/package/kernel/mac80211/patches/subsys/400-allow-ibss-mixed.patch
@@ -5,7 +5,7 @@ and we should ignore this.

 --- a/net/wireless/core.c
 +++ b/net/wireless/core.c
-@@ -614,21 +614,6 @@ static int wiphy_verify_combinations(str
+@@ -615,21 +615,6 @@ static int wiphy_verify_combinations(str
 				    c->limits[j].max > 1))
 				return -EINVAL;
 
--- a/package/kernel/mac80211/patches/subsys/500-mac80211_configure_antenna_gain.patch
+++ b/package/kernel/mac80211/patches/subsys/500-mac80211_configure_antenna_gain.patch
@@ -1,6 +1,6 @@
 --- a/include/net/cfg80211.h
 +++ b/include/net/cfg80211.h
-@@ -3745,6 +3745,7 @@ struct mgmt_frame_regs {
+@@ -3814,6 +3814,7 @@ struct mgmt_frame_regs {
  *	(as advertised by the nl80211 feature flag.)
  * @get_tx_power: store the current TX power into the dbm variable;
  *	return 0 if successful
@@ -8,7 +8,7 @@
  *
  * @set_wds_peer: set the WDS peer for a WDS interface
  *
-@@ -4067,6 +4068,7 @@ struct cfg80211_ops {
+@@ -4138,6 +4139,7 @@ struct cfg80211_ops {
 				enum nl80211_tx_power_setting type, int mbm);
 	int	(*get_tx_power)(struct wiphy *wiphy, struct wireless_dev *wdev,
 				int *dbm);
@@ -36,9 +36,9 @@
 	u8 ps_dtim_period;
 --- a/include/uapi/linux/nl80211.h
 +++ b/include/uapi/linux/nl80211.h
-@@ -2560,6 +2560,9 @@ enum nl80211_commands {
-  *	disassoc events to indicate that an immediate reconnect to the AP
-  *	is desired.
+@@ -2593,6 +2593,9 @@ enum nl80211_commands {
+  * @NL80211_ATTR_COLOR_CHANGE_ELEMS: Nested set of attributes containing the IE
+  *	information for the time while performing a color switch.
  *
 + * @NL80211_ATTR_WIPHY_ANTENNA_GAIN: Configured antenna gain. Used to reduce
 + *	transmit power to stay within regulatory limits. u32, dBi.
@@ -46,9 +46,9 @@
  * @NUM_NL80211_ATTR: total number of nl80211_attrs available
  * @NL80211_ATTR_MAX: highest attribute number currently defined
  * @__NL80211_ATTR_AFTER_LAST: internal use
-@@ -3057,6 +3060,8 @@ enum nl80211_attrs {
- 
- 	NL80211_ATTR_DISABLE_HE,
+@@ -3096,6 +3099,8 @@ enum nl80211_attrs {
+ 	NL80211_ATTR_COLOR_CHANGE_COLOR,
+ 	NL80211_ATTR_COLOR_CHANGE_ELEMS,
 
 +	NL80211_ATTR_WIPHY_ANTENNA_GAIN,
 +
@@ -57,7 +57,7 @@
 	__NL80211_ATTR_AFTER_LAST,
 --- a/net/mac80211/cfg.c
 +++ b/net/mac80211/cfg.c
-@@ -2728,6 +2728,19 @@ static int ieee80211_get_tx_power(struct
+@@ -2769,6 +2769,19 @@ static int ieee80211_get_tx_power(struct
 	return 0;
 }
 
@@ -77,7 +77,7 @@
 static int ieee80211_set_wds_peer(struct wiphy *wiphy, struct net_device *dev,
 				  const u8 *addr)
 {
-@@ -4158,6 +4171,7 @@ const struct cfg80211_ops mac80211_confi
+@@ -4413,6 +4426,7 @@ const struct cfg80211_ops mac80211_confi
 	.set_wiphy_params = ieee80211_set_wiphy_params,
 	.set_tx_power = ieee80211_set_tx_power,
 	.get_tx_power = ieee80211_get_tx_power,
@@ -87,7 +87,7 @@
 	CFG80211_TESTMODE_CMD(ieee80211_testmode_cmd)
 --- a/net/mac80211/ieee80211_i.h
 +++ b/net/mac80211/ieee80211_i.h
-@@ -1390,6 +1390,7 @@ struct ieee80211_local {
+@@ -1435,6 +1435,7 @@ struct ieee80211_local {
 	int dynamic_ps_forced_timeout;
 
 	int user_power_level; /* in dBm, for all interfaces */
@@ -129,15 +129,15 @@
 	local->hw.max_mtu = IEEE80211_MAX_DATA_LEN;
 --- a/net/wireless/nl80211.c
 +++ b/net/wireless/nl80211.c
-@@ -740,6 +740,7 @@ static const struct nla_policy nl80211_p
- 		NLA_POLICY_RANGE(NLA_U8, NL80211_SAE_PWE_HUNT_AND_PECK,
- 				 NL80211_SAE_PWE_BOTH),
- 	[NL80211_ATTR_RECONNECT_REQUESTED] = { .type = NLA_REJECT },
+@@ -757,6 +757,7 @@ static const struct nla_policy nl80211_p
+ 	[NL80211_ATTR_COLOR_CHANGE_COUNT] = { .type = NLA_U8 },
+ 	[NL80211_ATTR_COLOR_CHANGE_COLOR] = { .type = NLA_U8 },
+ 	[NL80211_ATTR_COLOR_CHANGE_ELEMS] = NLA_POLICY_NESTED(nl80211_policy),
 +	[NL80211_ATTR_WIPHY_ANTENNA_GAIN] = { .type = NLA_U32 },
 };
 
 /* policy for the key attributes */
-@@ -3248,6 +3249,20 @@ static int nl80211_set_wiphy(struct sk_b
+@@ -3322,6 +3323,20 @@ static int nl80211_set_wiphy(struct sk_b
 		if (result)
 			return result;
 	}
--- a/package/kernel/mt76/Makefile
+++ b/package/kernel/mt76/Makefile
@@ -8,11 +8,12 @@ PKG_LICENSE_FILES:=

 PKG_SOURCE_URL:=https://github.com/openwrt/mt76
 PKG_SOURCE_PROTO:=git
-PKG_SOURCE_DATE:=2021-06-06
-PKG_SOURCE_VERSION:=22b690334c0f49b11534cc2e331c9d5e17c4a0bc
-PKG_MIRROR_HASH:=ff5e563935919d2e40c1e7254ef3bc06f7ecc5e69f8ddd12903e8f5de942d630
+PKG_SOURCE_DATE:=2021-12-03
+PKG_SOURCE_VERSION:=678071ef70297b7264661c356ddb3c8cf7f3c87b
+PKG_MIRROR_HASH:=b1f8613f7c65ca6a893f83ed9efc3f7ce72b9b4904fd11b89264f57f4f2a3b5e

 PKG_MAINTAINER:=Felix Fietkau <nbd@nbd.name>
+PKG_USE_NINJA:=0
 PKG_BUILD_PARALLEL:=1

 PKG_CONFIG_DEPENDS += \
@@ -151,6 +152,14 @@ define KernelPackage/mt76-connac
  FILES:= $(PKG_BUILD_DIR)/mt76-connac-lib.ko
 endef

+define KernelPackage/mt76-sdio
+  $(KernelPackage/mt76-default)
+  TITLE:=MediaTek MT7615/MT79xx SDIO driver common code
+  HIDDEN:=1
+  DEPENDS+=+kmod-mt76-core +kmod-mmc
+  FILES:= $(PKG_BUILD_DIR)/mt76-sdio.ko
+endef
+
 define KernelPackage/mt7615-common
  $(KernelPackage/mt76-default)
  TITLE:=MediaTek MT7615 wireless driver common code
@@ -195,9 +204,8 @@ endef
 define KernelPackage/mt7663s
  $(KernelPackage/mt76-default)
  TITLE:=MediaTek MT7663s wireless driver
-  DEPENDS+=+kmod-mmc +kmod-mt7615-common +kmod-mt7663-usb-sdio
+  DEPENDS+=+kmod-mt76-sdio +kmod-mt7615-common +kmod-mt7663-usb-sdio
  FILES:= \
-	$(PKG_BUILD_DIR)/mt76-sdio.ko \
 	$(PKG_BUILD_DIR)/mt7615/mt7663s.ko
  AUTOLOAD:=$(call AutoProbe,mt7663s)
 endef
@@ -218,10 +226,25 @@ define KernelPackage/mt7915e
  AUTOLOAD:=$(call AutoProbe,mt7915e)
 endef

+define KernelPackage/mt7921-common
+  TITLE:=MediaTek MT7615 wireless driver common code
+  HIDDEN:=1
+  DEPENDS+=@PCI_SUPPORT +kmod-mt76-core +kmod-mt76-connac
+  FILES:= $(PKG_BUILD_DIR)/mt7921/mt7921-common.ko
+endef
+
+define KernelPackage/mt7921s
+  $(KernelPackage/mt76-default)
+  TITLE:=MediaTek MT7921s wireless driver
+  DEPENDS+=@PCI_SUPPORT +kmod-mt76-connac +kmod-mt76-sdio +kmod-mt7921-common
+  FILES:= $(PKG_BUILD_DIR)/mt7921/mt7921s.ko
+  AUTOLOAD:=$(call AutoProbe,mt7921s)
+endef
+
 define KernelPackage/mt7921e
  $(KernelPackage/mt76-default)
  TITLE:=MediaTek MT7921e wireless driver
-  DEPENDS+=@PCI_SUPPORT +kmod-mt76-connac
+  DEPENDS+=@PCI_SUPPORT +kmod-mt76-connac +kmod-mt7921-common
  FILES:= $(PKG_BUILD_DIR)/mt7921/mt7921e.ko
  AUTOLOAD:=$(call AutoProbe,mt7921e)
 endef
@@ -287,6 +310,9 @@ endif
 ifdef CONFIG_PACKAGE_kmod-mt76-connac
  PKG_MAKE_FLAGS += CONFIG_MT76_CONNAC_LIB=m
 endif
+ifdef CONFIG_PACKAGE_kmod-mt76-sdio
+  PKG_MAKE_FLAGS += CONFIG_MT76_SDIO=m
+endif
 ifdef CONFIG_PACKAGE_kmod-mt7615-common
  PKG_MAKE_FLAGS += CONFIG_MT7615_COMMON=m
 endif
@@ -301,7 +327,6 @@ ifdef CONFIG_PACKAGE_kmod-mt7663-usb-sdio
  PKG_MAKE_FLAGS += CONFIG_MT7663_USB_SDIO_COMMON=m
 endif
 ifdef CONFIG_PACKAGE_kmod-mt7663s
-  PKG_MAKE_FLAGS += CONFIG_MT76_SDIO=m
  PKG_MAKE_FLAGS += CONFIG_MT7663S=m
 endif
 ifdef CONFIG_PACKAGE_kmod-mt7663u
@@ -310,6 +335,12 @@ endif
 ifdef CONFIG_PACKAGE_kmod-mt7915e
  PKG_MAKE_FLAGS += CONFIG_MT7915E=m
 endif
+ifdef CONFIG_PACKAGE_kmod-mt7921-common
+  PKG_MAKE_FLAGS += CONFIG_MT7921_COMMON=m
+endif
+ifdef CONFIG_PACKAGE_kmod-mt7921s
+  PKG_MAKE_FLAGS += CONFIG_MT7921S=m
+endif
 ifdef CONFIG_PACKAGE_kmod-mt7921e
  PKG_MAKE_FLAGS += CONFIG_MT7921E=m
 endif
@@ -432,6 +463,7 @@ $(eval $(call KernelPackage,mt76x2u))
 $(eval $(call KernelPackage,mt76x2))
 $(eval $(call KernelPackage,mt7603))
 $(eval $(call KernelPackage,mt76-connac))
+$(eval $(call KernelPackage,mt76-sdio))
 $(eval $(call KernelPackage,mt7615-common))
 $(eval $(call KernelPackage,mt7615-firmware))
 $(eval $(call KernelPackage,mt7615e))
@@ -441,6 +473,8 @@ $(eval $(call KernelPackage,mt7663-usb-sdio))
 $(eval $(call KernelPackage,mt7663u))
 $(eval $(call KernelPackage,mt7663s))
 $(eval $(call KernelPackage,mt7915e))
+$(eval $(call KernelPackage,mt7921-common))
+$(eval $(call KernelPackage,mt7921s))
 $(eval $(call KernelPackage,mt7921e))
 $(eval $(call KernelPackage,mt76))
 $(eval $(call BuildPackage,mt76-test))
--- a/package/kernel/mt76/patches/100-Revert-of-net-pass-the-dst-buffer-to-of_get_mac_addr.patch
+++ b/package/kernel/mt76/patches/100-Revert-of-net-pass-the-dst-buffer-to-of_get_mac_addr.patch
@@ -0,0 +1,26 @@
+From: Felix Fietkau <nbd@nbd.name>
+Date: Tue, 23 Nov 2021 17:01:45 +0100
+Subject: [PATCH] Revert "of: net: pass the dst buffer to of_get_mac_address()"
+
+This reverts commit 4932c5d80153c336c77dbe8d7af9f8fdd879d01f.
+---
+
+--- a/eeprom.c
+++ b/eeprom.c
+@@ -105,9 +105,15 @@ mt76_eeprom_override(struct mt76_phy *ph
+ {
+ 	struct mt76_dev *dev = phy->dev;
+ 
+#ifdef CONFIG_OF
+ 	struct device_node *np = dev->dev->of_node;
+	const u8 *mac = NULL;
+ 
+-	of_get_mac_address(np, phy->macaddr);
+	if (np)
+		mac = of_get_mac_address(np);
+	if (!IS_ERR_OR_NULL(mac))
+		ether_addr_copy(phy->macaddr, mac);
+#endif
+ 
+ 	if (!is_valid_ether_addr(phy->macaddr)) {
+ 		eth_random_addr(phy->macaddr);
--- a/package/kernel/mt76/patches/101-fix-encap-offload-ethernet-type-check.patch
+++ b/package/kernel/mt76/patches/101-fix-encap-offload-ethernet-type-check.patch
@@ -0,0 +1,63 @@
+From: Felix Fietkau <nbd@nbd.name>
+To: linux-wireless@vger.kernel.org
+Cc: =?utf-8?q?Thibaut_VAR=C3=88NE?= <hacks+kernel@slashdirt.org>
+Subject: [PATCH] mt76: fix encap offload ethernet type check
+Date: Wed, 20 Apr 2022 14:33:08 +0200
+Message-Id: <20220420123308.70104-1-nbd@nbd.name>
+
+The driver needs to check if the format is 802.2 vs 802.3 in order to set
+a tx descriptor flag. skb->protocol can't be used, since it may not be properly
+initialized for packets coming in from a packet socket.
+Fix misdetection by checking the ethertype from the skb data instead
+
+Reported-by: Thibaut VARÈNE <hacks+kernel@slashdirt.org>
+Signed-off-by: Felix Fietkau <nbd@nbd.name>
+---
+ drivers/net/wireless/mediatek/mt76/mt7915/mac.c | 4 +++-
+ drivers/net/wireless/mediatek/mt76/mt7921/mac.c | 4 +++-
+ 2 files changed, 6 insertions(+), 2 deletions(-)
+
+diff --git a/drivers/net/wireless/mediatek/mt76/mt7915/mac.c b/drivers/net/wireless/mediatek/mt76/mt7915/mac.c
+index 5f4a0e811137..e353e8c44d6c 100644
+--- a/mt7915/mac.c
+++ b/mt7915/mac.c
+@@ -1016,6 +1016,7 @@ mt7915_mac_write_txwi_8023(struct mt7915_dev *dev, __le32 *txwi,
+ 
+ 	u8 tid = skb->priority & IEEE80211_QOS_CTL_TID_MASK;
+ 	u8 fc_type, fc_stype;
+	u16 ethertype;
+ 	bool wmm = false;
+ 	u32 val;
+ 
+@@ -1029,7 +1030,8 @@ mt7915_mac_write_txwi_8023(struct mt7915_dev *dev, __le32 *txwi,
+ 	val = FIELD_PREP(MT_TXD1_HDR_FORMAT, MT_HDR_FORMAT_802_3) |
+ 	      FIELD_PREP(MT_TXD1_TID, tid);
+ 
+-	if (be16_to_cpu(skb->protocol) >= ETH_P_802_3_MIN)
+	ethertype = get_unaligned_be16(&skb->data[12]);
+	if (ethertype >= ETH_P_802_3_MIN)
+ 		val |= MT_TXD1_ETH_802_3;
+ 
+ 	txwi[1] |= cpu_to_le32(val);
+diff --git a/drivers/net/wireless/mediatek/mt76/mt7921/mac.c b/drivers/net/wireless/mediatek/mt76/mt7921/mac.c
+index 368e54c53ddd..ac11e8b28f13 100644
+--- a/mt7921/mac.c
+++ b/mt7921/mac.c
+@@ -814,6 +814,7 @@ mt7921_mac_write_txwi_8023(struct mt7921_dev *dev, __le32 *txwi,
+ {
+ 	u8 tid = skb->priority & IEEE80211_QOS_CTL_TID_MASK;
+ 	u8 fc_type, fc_stype;
+	u16 ethertype;
+ 	bool wmm = false;
+ 	u32 val;
+ 
+@@ -827,7 +828,8 @@ mt7921_mac_write_txwi_8023(struct mt7921_dev *dev, __le32 *txwi,
+ 	val = FIELD_PREP(MT_TXD1_HDR_FORMAT, MT_HDR_FORMAT_802_3) |
+ 	      FIELD_PREP(MT_TXD1_TID, tid);
+ 
+-	if (be16_to_cpu(skb->protocol) >= ETH_P_802_3_MIN)
+	ethertype = get_unaligned_be16(&skb->data[12]);
+	if (ethertype >= ETH_P_802_3_MIN)
+ 		val |= MT_TXD1_ETH_802_3;
+ 
+ 	txwi[1] |= cpu_to_le32(val);
--- a/package/libs/libpcap/Makefile
+++ b/package/libs/libpcap/Makefile
@@ -9,11 +9,10 @@ include $(TOPDIR)/rules.mk

 PKG_NAME:=libpcap
 PKG_VERSION:=1.9.1
-PKG_RELEASE:=3
+PKG_RELEASE:=3.1

 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
-PKG_SOURCE_URL:=http://www.us.tcpdump.org/release/ \
-        http://www.tcpdump.org/release/
+PKG_SOURCE_URL:=http://www.tcpdump.org/release/
 PKG_HASH:=635237637c5b619bcceba91900666b64d56ecb7be63f298f601ec786ce087094

 PKG_MAINTAINER:=Felix Fietkau <nbd@nbd.name>
@@ -45,6 +44,19 @@ define Package/libpcap/config
 	source "$(SOURCE)/Config.in"
 endef

+define Package/rpcapd
+  SECTION:=net
+  CATEGORY:=Network
+  TITLE:=Capture daemon to be controlled by a remote libpcap application
+  URL:=http://www.tcpdump.org/
+  DEPENDS+= +libpcap
+endef
+
+ifdef CONFIG_PACKAGE_rpcapd
+	CMAKE_OPTIONS += \
+		-DENABLE_REMOTE=ON
+endif
+
 CMAKE_OPTIONS += \
 	-DBUILD_SHARED_LIBS=ON \
 	-DBUILD_WITH_LIBNL=OFF \
@@ -84,4 +96,10 @@ define Package/libpcap/install
 	$(CP) $(PKG_INSTALL_DIR)/usr/lib/libpcap.so.* $(1)/usr/lib/
 endef

+define Package/rpcapd/install
+	$(INSTALL_DIR) $(1)/usr/bin
+	$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/rpcapd $(1)/usr/bin/
+endef
+
 $(eval $(call BuildPackage,libpcap))
+$(eval $(call BuildPackage,rpcapd))
--- a/package/libs/mbedtls/Makefile
+++ b/package/libs/mbedtls/Makefile
@@ -8,13 +8,13 @@
 include $(TOPDIR)/rules.mk

 PKG_NAME:=mbedtls
-PKG_VERSION:=2.16.11
+PKG_VERSION:=2.16.12
 PKG_RELEASE:=$(AUTORELEASE)
 PKG_USE_MIPS16:=0

 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=https://codeload.github.com/ARMmbed/mbedtls/tar.gz/v$(PKG_VERSION)?
-PKG_HASH:=c18e7e9abf95e69e425260493720470021384a1728417042060a35d0b7b18b41
+PKG_HASH:=294871ab1864a65d0b74325e9219d5bcd6e91c34a3c59270c357bb9ae4d5c393

 PKG_BUILD_PARALLEL:=1
 PKG_LICENSE:=GPL-2.0-or-later
--- a/Show More
+++ b/Show More