mac80211: Update to version 4.19.57

This updates to backports-4.19.57-1 which contains the wireless
subsystem and driver from kernel 4.19.57.
The removed patches are applied upstream.

Tested-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>

package/kernel/mac80211/Makefile

@@ -10,10 +10,10 @@ include $(INCLUDE_DIR)/kernel.mk
 
 PKG_NAME:=mac80211
 
-PKG_VERSION:=4.19.32-1
-PKG_RELEASE:=2
-PKG_SOURCE_URL:=@KERNEL/linux/kernel/projects/backports/stable/v4.19.32/
-PKG_HASH:=838db1565b54fe4bd1e769c54f30c65c9ea2fb5e99a0cddb7910561794ae317a
+PKG_VERSION:=4.19.57-1
+PKG_RELEASE:=1
+PKG_SOURCE_URL:=@KERNEL/linux/kernel/projects/backports/stable/v4.19.57/
+PKG_HASH:=f9c2d888cd49bd85e3f625f440468a803eeabb36662b56426c6cb2d15a7e049d
 
 PKG_SOURCE:=backports-$(PKG_VERSION).tar.xz
 PKG_BUILD_DIR:=$(KERNEL_BUILD_DIR)/backports-$(PKG_VERSION)

package/kernel/mac80211/patches/ath/404-regd_no_assoc_hints.patch

@@ -1,6 +1,6 @@
 --- a/net/wireless/reg.c
 +++ b/net/wireless/reg.c
-@@ -2982,6 +2982,8 @@ void regulatory_hint_country_ie(struct w
+@@ -3021,6 +3021,8 @@ void regulatory_hint_country_ie(struct w
  	enum environment_cap env = ENVIRON_ANY;
  	struct regulatory_request *request = NULL, *lr;
  
@@ -9,7 +9,7 @@
  	/* IE len must be evenly divisible by 2 */
  	if (country_ie_len & 0x01)
  		return;
-@@ -3188,6 +3190,7 @@ static void restore_regulatory_settings(
+@@ -3227,6 +3229,7 @@ static void restore_regulatory_settings(
  
  void regulatory_hint_disconnect(void)
  {

package/kernel/mac80211/patches/ath/979-ath10k-fix-incorrect-multicast-broadcast-rate-settin.patch

@@ -30,7 +30,7 @@ Origin: other, https://patchwork.kernel.org/patch/10723033/
  
 @@ -5658,7 +5658,11 @@ static void ath10k_bss_info_changed(stru
  	if (changed & BSS_CHANGED_MCAST_RATE &&
- 	    !WARN_ON(ath10k_mac_vif_chan(arvif->vif, &def))) {
+ 	    !ath10k_mac_vif_chan(arvif->vif, &def)) {
  		band = def.chan->band;
 -		rateidx = vif->bss_conf.mcast_rate[band] - 1;
 +		mcast_rate = vif->bss_conf.mcast_rate[band];

package/kernel/mac80211/patches/brcm/305-v4.20-0001-brcmfmac-remove-set-but-not-used-variables-sfdoff-an.patch

@@ -22,7 +22,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
 
 --- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/sdio.c
 +++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/sdio.c
-@@ -1463,7 +1463,7 @@ static u8 brcmf_sdio_rxglom(struct brcmf
+@@ -1474,7 +1474,7 @@ static u8 brcmf_sdio_rxglom(struct brcmf
  	struct sk_buff *pfirst, *pnext;
  
  	int errcode;
@@ -31,7 +31,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
  
  	struct brcmf_sdio_hdrinfo rd_new;
  
-@@ -1597,7 +1597,6 @@ static u8 brcmf_sdio_rxglom(struct brcmf
+@@ -1608,7 +1608,6 @@ static u8 brcmf_sdio_rxglom(struct brcmf
  
  		/* Remove superframe header, remember offset */
  		skb_pull(pfirst, rd_new.dat_offset);
@@ -39,7 +39,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
  		num = 0;
  
  		/* Validate all the subframe headers */
-@@ -3405,7 +3404,6 @@ static int brcmf_sdio_bus_preinit(struct
+@@ -3416,7 +3415,6 @@ static int brcmf_sdio_bus_preinit(struct
  	struct brcmf_sdio_dev *sdiodev = bus_if->bus_priv.sdio;
  	struct brcmf_sdio *bus = sdiodev->bus;
  	struct brcmf_core *core = bus->sdio_core;
@@ -47,7 +47,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
  	u32 value;
  	int err;
  
-@@ -3448,7 +3446,6 @@ static int brcmf_sdio_bus_preinit(struct
+@@ -3459,7 +3457,6 @@ static int brcmf_sdio_bus_preinit(struct
  	if (sdiodev->sg_support) {
  		bus->txglom = false;
  		value = 1;

package/kernel/mac80211/patches/brcm/320-v5.0-0004-brcmfmac-Set-board_type-used-for-nvram-file-selectio.patch

@@ -67,7 +67,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
  	fwreq->bus_nr = devinfo->pdev->bus->number;
 --- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/sdio.c
 +++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/sdio.c
-@@ -4174,6 +4174,7 @@ brcmf_sdio_prepare_fw_request(struct brc
+@@ -4185,6 +4185,7 @@ brcmf_sdio_prepare_fw_request(struct brc
  
  	fwreq->items[BRCMF_SDIO_FW_CODE].type = BRCMF_FW_TYPE_BINARY;
  	fwreq->items[BRCMF_SDIO_FW_NVRAM].type = BRCMF_FW_TYPE_NVRAM;

package/kernel/mac80211/patches/brcm/328-v5.0-0001-brcmfmac-add-credit-numbers-updating-support.patch

@@ -27,7 +27,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
  	int credits_borrowed[BRCMF_FWS_FIFO_AC_VO + 1];
  	int deq_node_pos[BRCMF_FWS_FIFO_COUNT];
  	u32 fifo_credit_map;
-@@ -1237,6 +1238,9 @@ static void brcmf_fws_return_credits(str
+@@ -1241,6 +1242,9 @@ static void brcmf_fws_return_credits(str
  	}
  
  	fws->fifo_credit[fifo] += credits;
@@ -37,7 +37,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
  }
  
  static void brcmf_fws_schedule_deq(struct brcmf_fws_info *fws)
-@@ -1595,19 +1599,21 @@ static int brcmf_fws_notify_credit_map(s
+@@ -1599,19 +1603,21 @@ static int brcmf_fws_notify_credit_map(s
  		brcmf_err("event payload too small (%d)\n", e->datalen);
  		return -EINVAL;
  	}
@@ -63,7 +63,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
  	}
  	brcmf_fws_schedule_deq(fws);
  	brcmf_fws_unlock(fws);
-@@ -2013,7 +2019,7 @@ static int brcmf_fws_borrow_credit(struc
+@@ -2017,7 +2023,7 @@ static int brcmf_fws_borrow_credit(struc
  	}
  
  	for (lender_ac = 0; lender_ac <= BRCMF_FWS_FIFO_AC_VO; lender_ac++) {
@@ -72,7 +72,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
  			fws->credits_borrowed[lender_ac]++;
  			fws->fifo_credit[lender_ac]--;
  			if (fws->fifo_credit[lender_ac] == 0)
-@@ -2210,8 +2216,9 @@ static void brcmf_fws_dequeue_worker(str
+@@ -2216,8 +2222,9 @@ static void brcmf_fws_dequeue_worker(str
  			}
  			continue;
  		}
@@ -84,7 +84,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
  			skb = brcmf_fws_deq(fws, fifo);
  			if (!skb)
  				break;
-@@ -2222,7 +2229,7 @@ static void brcmf_fws_dequeue_worker(str
+@@ -2228,7 +2235,7 @@ static void brcmf_fws_dequeue_worker(str
  				break;
  		}
  		if ((fifo == BRCMF_FWS_FIFO_AC_BE) &&

package/kernel/mac80211/patches/brcm/328-v5.0-0002-brcmfmac-enable-frameburst-mode-in-default-firmware-.patch

@@ -17,7 +17,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
 
 --- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c
 +++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c
-@@ -6638,6 +6638,12 @@ static s32 brcmf_config_dongle(struct br
+@@ -6644,6 +6644,12 @@ static s32 brcmf_config_dongle(struct br
  
  	brcmf_configure_arp_nd_offload(ifp, true);
  

package/kernel/mac80211/patches/brcm/328-v5.0-0003-brcmfmac-handle-compressed-tx-status-signal.patch

@@ -18,7 +18,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
 
 --- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/fwsignal.c
 +++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/fwsignal.c
-@@ -1455,9 +1455,10 @@ static int brcmf_fws_txstatus_suppressed
+@@ -1459,9 +1459,10 @@ static int brcmf_fws_txstatus_suppressed
  
  static int
  brcmf_fws_txs_process(struct brcmf_fws_info *fws, u8 flags, u32 hslot,
@@ -30,7 +30,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
  	int ret;
  	bool remove_from_hanger = true;
  	struct sk_buff *skb;
-@@ -1468,60 +1469,71 @@ brcmf_fws_txs_process(struct brcmf_fws_i
+@@ -1472,60 +1473,71 @@ brcmf_fws_txs_process(struct brcmf_fws_i
  	brcmf_dbg(DATA, "flags %d\n", flags);
  
  	if (flags == BRCMF_FWS_TXSTATUS_DISCARD)
@@ -144,7 +144,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
  
  	return 0;
  }
-@@ -1547,7 +1559,8 @@ static int brcmf_fws_fifocreditback_indi
+@@ -1551,7 +1563,8 @@ static int brcmf_fws_fifocreditback_indi
  	return BRCMF_FWS_RET_OK_SCHEDULE;
  }
  
@@ -154,7 +154,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
  {
  	__le32 status_le;
  	__le16 seq_le;
-@@ -1556,23 +1569,31 @@ static int brcmf_fws_txstatus_indicate(s
+@@ -1560,23 +1573,31 @@ static int brcmf_fws_txstatus_indicate(s
  	u32 genbit;
  	u8 flags;
  	u16 seq;
@@ -189,7 +189,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
  	brcmf_fws_unlock(fws);
  	return BRCMF_FWS_RET_OK_NOSCHEDULE;
  }
-@@ -1888,8 +1909,6 @@ void brcmf_fws_hdrpull(struct brcmf_if *
+@@ -1892,8 +1913,6 @@ void brcmf_fws_hdrpull(struct brcmf_if *
  
  		err = BRCMF_FWS_RET_OK_NOSCHEDULE;
  		switch (type) {
@@ -198,7 +198,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
  		case BRCMF_FWS_TYPE_HOST_REORDER_RXPKTS:
  			rd = (struct brcmf_skb_reorder_data *)skb->cb;
  			rd->reorder = data;
-@@ -1912,7 +1931,8 @@ void brcmf_fws_hdrpull(struct brcmf_if *
+@@ -1916,7 +1935,8 @@ void brcmf_fws_hdrpull(struct brcmf_if *
  			err = brcmf_fws_request_indicate(fws, type, data);
  			break;
  		case BRCMF_FWS_TYPE_TXSTATUS:
@@ -208,7 +208,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
  			break;
  		case BRCMF_FWS_TYPE_FIFO_CREDITBACK:
  			err = brcmf_fws_fifocreditback_indicate(fws, data);
-@@ -2001,7 +2021,7 @@ static void brcmf_fws_rollback_toq(struc
+@@ -2005,7 +2025,7 @@ static void brcmf_fws_rollback_toq(struc
  		fws->stats.rollback_failed++;
  		hslot = brcmf_skb_htod_tag_get_field(skb, HSLOT);
  		brcmf_fws_txs_process(fws, BRCMF_FWS_TXSTATUS_HOST_TOSSED,
@@ -217,7 +217,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
  	} else {
  		fws->stats.rollback_success++;
  		brcmf_fws_return_credits(fws, fifo, 1);
-@@ -2462,7 +2482,8 @@ void brcmf_fws_bustxfail(struct brcmf_fw
+@@ -2476,7 +2496,8 @@ void brcmf_fws_bustxfail(struct brcmf_fw
  	}
  	brcmf_fws_lock(fws);
  	hslot = brcmf_skb_htod_tag_get_field(skb, HSLOT);

package/kernel/mac80211/patches/brcm/329-v5.0-0002-brcmfmac-set-F2-watermark-to-256-for-4373.patch

@@ -37,7 +37,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
  /* Force SD->SB reset mapping (rev 11) */
  #define SBSDIO_DEVCTL_SB_RST_CTL	0x30
  /*   Determined by CoreControl bit */
-@@ -4046,6 +4052,7 @@ static void brcmf_sdio_firmware_callback
+@@ -4057,6 +4063,7 @@ static void brcmf_sdio_firmware_callback
  	void *nvram;
  	u32 nvram_len;
  	u8 saveclk;
@@ -45,7 +45,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
  
  	brcmf_dbg(TRACE, "Enter: dev=%s, err=%d\n", dev_name(dev), err);
  
-@@ -4101,8 +4108,23 @@ static void brcmf_sdio_firmware_callback
+@@ -4112,8 +4119,23 @@ static void brcmf_sdio_firmware_callback
  		brcmf_sdiod_writel(sdiod, core->base + SD_REG(hostintmask),
  				   bus->hostintmask, NULL);
  

package/kernel/mac80211/patches/brcm/329-v5.0-0003-brcmfmac-set-SDIO-F1-MesBusyCtrl-for-CYW4373.patch

@@ -18,7 +18,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
 
 --- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/sdio.c
 +++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/sdio.c
-@@ -4119,6 +4119,9 @@ static void brcmf_sdio_firmware_callback
+@@ -4130,6 +4130,9 @@ static void brcmf_sdio_firmware_callback
  			devctl |= SBSDIO_DEVCTL_F2WM_ENAB;
  			brcmf_sdiod_writeb(sdiod, SBSDIO_DEVICE_CTL, devctl,
  					   &err);

package/kernel/mac80211/patches/brcm/329-v5.0-0004-brcmfmac-add-support-for-CYW43012-SDIO-chipset.patch

@@ -85,7 +85,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
  };
  
  static void pkt_align(struct sk_buff *p, int len, int align)
-@@ -677,6 +679,14 @@ brcmf_sdio_kso_control(struct brcmf_sdio
+@@ -683,6 +685,14 @@ brcmf_sdio_kso_control(struct brcmf_sdio
  	/* 1st KSO write goes to AOS wake up core if device is asleep  */
  	brcmf_sdiod_writeb(bus->sdiodev, SBSDIO_FUNC1_SLEEPCSR, wr_val, &err);
  
@@ -100,7 +100,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
  	if (on) {
  		/* device WAKEUP through KSO:
  		 * write bit 0 & read back until
-@@ -2402,6 +2412,14 @@ static int brcmf_sdio_tx_ctrlframe(struc
+@@ -2413,6 +2423,14 @@ static int brcmf_sdio_tx_ctrlframe(struc
  	return ret;
  }
  
@@ -115,7 +115,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
  static void brcmf_sdio_bus_stop(struct device *dev)
  {
  	struct brcmf_bus *bus_if = dev_get_drvdata(dev);
-@@ -2409,7 +2427,7 @@ static void brcmf_sdio_bus_stop(struct d
+@@ -2420,7 +2438,7 @@ static void brcmf_sdio_bus_stop(struct d
  	struct brcmf_sdio *bus = sdiodev->bus;
  	struct brcmf_core *core = bus->sdio_core;
  	u32 local_hostintmask;
@@ -124,7 +124,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
  	int err;
  
  	brcmf_dbg(TRACE, "Enter\n");
-@@ -2436,9 +2454,14 @@ static void brcmf_sdio_bus_stop(struct d
+@@ -2447,9 +2465,14 @@ static void brcmf_sdio_bus_stop(struct d
  		/* Force backplane clocks to assure F2 interrupt propagates */
  		saveclk = brcmf_sdiod_readb(sdiodev, SBSDIO_FUNC1_CHIPCLKCSR,
  					    &err);
@@ -142,7 +142,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
  		if (err)
  			brcmf_err("Failed to force clock for F2: err %d\n",
  				  err);
-@@ -3328,20 +3351,45 @@ err:
+@@ -3339,20 +3362,45 @@ err:
  	return bcmerror;
  }
  
@@ -190,7 +190,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
  	brcmf_sdiod_writeb(bus->sdiodev, SBSDIO_FUNC1_WAKEUPCTRL, val, &err);
  	if (err) {
  		brcmf_err("error writing SBSDIO_FUNC1_WAKEUPCTRL\n");
-@@ -3350,8 +3398,7 @@ static void brcmf_sdio_sr_init(struct br
+@@ -3361,8 +3409,7 @@ static void brcmf_sdio_sr_init(struct br
  
  	/* Add CMD14 Support */
  	brcmf_sdiod_func0_wb(bus->sdiodev, SDIO_CCCR_BRCM_CARDCAP,
@@ -200,7 +200,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
  			     &err);
  	if (err) {
  		brcmf_err("error writing SDIO_CCCR_BRCM_CARDCAP\n");
-@@ -3359,7 +3406,7 @@ static void brcmf_sdio_sr_init(struct br
+@@ -3370,7 +3417,7 @@ static void brcmf_sdio_sr_init(struct br
  	}
  
  	brcmf_sdiod_writeb(bus->sdiodev, SBSDIO_FUNC1_CHIPCLKCSR,
@@ -209,7 +209,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
  	if (err) {
  		brcmf_err("error writing SBSDIO_FUNC1_CHIPCLKCSR\n");
  		return;
-@@ -4051,7 +4098,7 @@ static void brcmf_sdio_firmware_callback
+@@ -4062,7 +4109,7 @@ static void brcmf_sdio_firmware_callback
  	const struct firmware *code;
  	void *nvram;
  	u32 nvram_len;
@@ -218,7 +218,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
  	u8 devctl;
  
  	brcmf_dbg(TRACE, "Enter: dev=%s, err=%d\n", dev_name(dev), err);
-@@ -4085,8 +4132,11 @@ static void brcmf_sdio_firmware_callback
+@@ -4096,8 +4143,11 @@ static void brcmf_sdio_firmware_callback
  	/* Force clocks on backplane to be sure F2 interrupt propagates */
  	saveclk = brcmf_sdiod_readb(sdiod, SBSDIO_FUNC1_CHIPCLKCSR, &err);
  	if (!err) {

package/kernel/mac80211/patches/brcm/329-v5.0-0006-brcmfmac-update-43012-F2-watermark-setting-to-fix-DM.patch

@@ -29,7 +29,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
  
  #ifdef DEBUG
  
-@@ -4173,6 +4174,17 @@ static void brcmf_sdio_firmware_callback
+@@ -4184,6 +4185,17 @@ static void brcmf_sdio_firmware_callback
  					   CY_4373_F2_WATERMARK |
  					   SBSDIO_MESBUSYCTRL_ENAB, &err);
  			break;

package/kernel/mac80211/patches/brcm/329-v5.0-0008-brcmfmac-disable-command-decode-in-sdio_aos.patch

@@ -30,7 +30,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
 
 --- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/sdio.c
 +++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/sdio.c
-@@ -3354,7 +3354,11 @@ err:
+@@ -3365,7 +3365,11 @@ err:
  
  static bool brcmf_sdio_aos_no_decode(struct brcmf_sdio *bus)
  {

package/kernel/mac80211/patches/brcm/332-v5.0-0001-brcmfmac-Fix-access-point-mode.patch

@@ -22,7 +22,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
 
 --- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c
 +++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c
-@@ -6308,6 +6308,16 @@ brcmf_txrx_stypes[NUM_NL80211_IFTYPES] =
+@@ -6314,6 +6314,16 @@ brcmf_txrx_stypes[NUM_NL80211_IFTYPES] =
  		.tx = 0xffff,
  		.rx = BIT(IEEE80211_STYPE_ACTION >> 4) |
  		      BIT(IEEE80211_STYPE_PROBE_REQ >> 4)

package/kernel/mac80211/patches/brcm/341-v5.1-brcmfmac-add-a-check-for-the-status-of-usb_register.patch

@@ -14,7 +14,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
 
 --- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/usb.c
 +++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/usb.c
-@@ -1552,6 +1552,10 @@ void brcmf_usb_exit(void)
+@@ -1557,6 +1557,10 @@ void brcmf_usb_exit(void)
  
  void brcmf_usb_register(void)
  {

package/kernel/mac80211/patches/brcm/346-v5.1-brcmfmac-add-bphy_err-and-use-it-in-the-cfg80211.c.patch

@@ -1078,7 +1078,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
  		return -EINVAL;
  	}
  
-@@ -3498,7 +3531,7 @@ static void brcmf_report_wowl_wakeind(st
+@@ -3500,7 +3533,7 @@ static void brcmf_report_wowl_wakeind(st
  	err = brcmf_fil_iovar_data_get(ifp, "wowl_wakeind", &wake_ind_le,
  				       sizeof(wake_ind_le));
  	if (err) {
@@ -1087,7 +1087,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
  		return;
  	}
  
-@@ -3539,7 +3572,7 @@ static void brcmf_report_wowl_wakeind(st
+@@ -3541,7 +3574,7 @@ static void brcmf_report_wowl_wakeind(st
  				cfg->wowl.nd_data_completed,
  				BRCMF_ND_INFO_TIMEOUT);
  			if (!timeout)
@@ -1096,7 +1096,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
  			else
  				wakeup_data.net_detect = cfg->wowl.nd_info;
  		}
-@@ -3747,7 +3780,7 @@ brcmf_cfg80211_set_pmksa(struct wiphy *w
+@@ -3749,7 +3782,7 @@ brcmf_cfg80211_set_pmksa(struct wiphy *w
  			cfg->pmk_list.npmk = cpu_to_le32(npmk);
  		}
  	} else {
@@ -1105,7 +1105,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
  		return -EINVAL;
  	}
  
-@@ -3793,7 +3826,7 @@ brcmf_cfg80211_del_pmksa(struct wiphy *w
+@@ -3795,7 +3828,7 @@ brcmf_cfg80211_del_pmksa(struct wiphy *w
  		memset(&pmk[i], 0, sizeof(*pmk));
  		cfg->pmk_list.npmk = cpu_to_le32(npmk - 1);
  	} else {
@@ -1114,7 +1114,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
  		return -EINVAL;
  	}
  
-@@ -3825,19 +3858,20 @@ brcmf_cfg80211_flush_pmksa(struct wiphy
+@@ -3827,19 +3860,20 @@ brcmf_cfg80211_flush_pmksa(struct wiphy
  
  static s32 brcmf_configure_opensecurity(struct brcmf_if *ifp)
  {
@@ -1137,7 +1137,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
  		return err;
  	}
  	/* set upper-layer auth */
-@@ -3847,7 +3881,7 @@ static s32 brcmf_configure_opensecurity(
+@@ -3849,7 +3883,7 @@ static s32 brcmf_configure_opensecurity(
  		wpa_val = WPA_AUTH_DISABLED;
  	err = brcmf_fil_bsscfg_int_set(ifp, "wpa_auth", wpa_val);
  	if (err < 0) {
@@ -1146,7 +1146,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
  		return err;
  	}
  
-@@ -3867,6 +3901,7 @@ brcmf_configure_wpaie(struct brcmf_if *i
+@@ -3869,6 +3903,7 @@ brcmf_configure_wpaie(struct brcmf_if *i
  		      const struct brcmf_vs_tlv *wpa_ie,
  		      bool is_rsn_ie)
  {
@@ -1154,7 +1154,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
  	u32 auth = 0; /* d11 open authentication */
  	u16 count;
  	s32 err = 0;
-@@ -3897,13 +3932,13 @@ brcmf_configure_wpaie(struct brcmf_if *i
+@@ -3899,13 +3934,13 @@ brcmf_configure_wpaie(struct brcmf_if *i
  	/* check for multicast cipher suite */
  	if (offset + WPA_IE_MIN_OUI_LEN > len) {
  		err = -EINVAL;
@@ -1170,7 +1170,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
  		goto exit;
  	}
  	offset += TLV_OUI_LEN;
-@@ -3925,7 +3960,7 @@ brcmf_configure_wpaie(struct brcmf_if *i
+@@ -3927,7 +3962,7 @@ brcmf_configure_wpaie(struct brcmf_if *i
  		break;
  	default:
  		err = -EINVAL;
@@ -1179,7 +1179,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
  		goto exit;
  	}
  
-@@ -3936,13 +3971,13 @@ brcmf_configure_wpaie(struct brcmf_if *i
+@@ -3938,13 +3973,13 @@ brcmf_configure_wpaie(struct brcmf_if *i
  	/* Check for unicast suite(s) */
  	if (offset + (WPA_IE_MIN_OUI_LEN * count) > len) {
  		err = -EINVAL;
@@ -1195,7 +1195,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
  			goto exit;
  		}
  		offset += TLV_OUI_LEN;
-@@ -3960,7 +3995,7 @@ brcmf_configure_wpaie(struct brcmf_if *i
+@@ -3962,7 +3997,7 @@ brcmf_configure_wpaie(struct brcmf_if *i
  			pval |= AES_ENABLED;
  			break;
  		default:
@@ -1204,7 +1204,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
  		}
  		offset++;
  	}
-@@ -3970,13 +4005,13 @@ brcmf_configure_wpaie(struct brcmf_if *i
+@@ -3972,13 +4007,13 @@ brcmf_configure_wpaie(struct brcmf_if *i
  	/* Check for auth key management suite(s) */
  	if (offset + (WPA_IE_MIN_OUI_LEN * count) > len) {
  		err = -EINVAL;
@@ -1220,7 +1220,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
  			goto exit;
  		}
  		offset += TLV_OUI_LEN;
-@@ -4004,7 +4039,7 @@ brcmf_configure_wpaie(struct brcmf_if *i
+@@ -4006,7 +4041,7 @@ brcmf_configure_wpaie(struct brcmf_if *i
  			wpa_auth |= WPA2_AUTH_1X_SHA256;
  			break;
  		default:
@@ -1229,7 +1229,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
  		}
  		offset++;
  	}
-@@ -4046,7 +4081,7 @@ brcmf_configure_wpaie(struct brcmf_if *i
+@@ -4048,7 +4083,7 @@ brcmf_configure_wpaie(struct brcmf_if *i
  		err = brcmf_fil_bsscfg_int_set(ifp, "wme_bss_disable",
  					       wme_bss_disable);
  		if (err < 0) {
@@ -1238,7 +1238,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
  			goto exit;
  		}
  
-@@ -4060,7 +4095,7 @@ brcmf_configure_wpaie(struct brcmf_if *i
+@@ -4062,7 +4097,7 @@ brcmf_configure_wpaie(struct brcmf_if *i
  							&data[offset],
  							WPA_IE_MIN_OUI_LEN);
  			if (err < 0) {
@@ -1247,7 +1247,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
  				goto exit;
  			}
  		}
-@@ -4071,13 +4106,13 @@ brcmf_configure_wpaie(struct brcmf_if *i
+@@ -4073,13 +4108,13 @@ brcmf_configure_wpaie(struct brcmf_if *i
  	/* set auth */
  	err = brcmf_fil_bsscfg_int_set(ifp, "auth", auth);
  	if (err < 0) {
@@ -1263,7 +1263,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
  		goto exit;
  	}
  	/* Configure MFP, this needs to go after wsec otherwise the wsec command
-@@ -4086,14 +4121,14 @@ brcmf_configure_wpaie(struct brcmf_if *i
+@@ -4088,14 +4123,14 @@ brcmf_configure_wpaie(struct brcmf_if *i
  	if (brcmf_feat_is_enabled(ifp, BRCMF_FEAT_MFP)) {
  		err = brcmf_fil_bsscfg_int_set(ifp, "mfp", mfp);
  		if (err < 0) {
@@ -1280,7 +1280,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
  		goto exit;
  	}
  
-@@ -4180,6 +4215,7 @@ s32 brcmf_vif_set_mgmt_ie(struct brcmf_c
+@@ -4182,6 +4217,7 @@ s32 brcmf_vif_set_mgmt_ie(struct brcmf_c
  			  const u8 *vndr_ie_buf, u32 vndr_ie_len)
  {
  	struct brcmf_if *ifp;
@@ -1288,7 +1288,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
  	struct vif_saved_ie *saved_ie;
  	s32 err = 0;
  	u8  *iovar_ie_buf;
-@@ -4200,6 +4236,7 @@ s32 brcmf_vif_set_mgmt_ie(struct brcmf_c
+@@ -4202,6 +4238,7 @@ s32 brcmf_vif_set_mgmt_ie(struct brcmf_c
  	if (!vif)
  		return -ENODEV;
  	ifp = vif->ifp;
@@ -1296,7 +1296,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
  	saved_ie = &vif->saved_ie;
  
  	brcmf_dbg(TRACE, "bsscfgidx %d, pktflag : 0x%02X\n", ifp->bsscfgidx,
-@@ -4231,13 +4268,13 @@ s32 brcmf_vif_set_mgmt_ie(struct brcmf_c
+@@ -4233,13 +4270,13 @@ s32 brcmf_vif_set_mgmt_ie(struct brcmf_c
  		break;
  	default:
  		err = -EPERM;
@@ -1312,7 +1312,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
  		goto exit;
  	}
  
-@@ -4298,8 +4335,8 @@ s32 brcmf_vif_set_mgmt_ie(struct brcmf_c
+@@ -4300,8 +4337,8 @@ s32 brcmf_vif_set_mgmt_ie(struct brcmf_c
  			/* verify remained buf size before copy data */
  			if (remained_buf_len < (vndrie_info->vndrie.len +
  							VNDR_IE_VSIE_OFFSET)) {
@@ -1323,7 +1323,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
  				break;
  			}
  			remained_buf_len -= (vndrie_info->ie_len +
-@@ -4330,7 +4367,7 @@ s32 brcmf_vif_set_mgmt_ie(struct brcmf_c
+@@ -4332,7 +4369,7 @@ s32 brcmf_vif_set_mgmt_ie(struct brcmf_c
  		err  = brcmf_fil_bsscfg_data_set(ifp, "vndr_ie", iovar_ie_buf,
  						 total_ie_buf_len);
  		if (err)
@@ -1332,7 +1332,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
  	}
  
  exit:
-@@ -4358,13 +4395,14 @@ static s32
+@@ -4360,13 +4397,14 @@ static s32
  brcmf_config_ap_mgmt_ie(struct brcmf_cfg80211_vif *vif,
  			struct cfg80211_beacon_data *beacon)
  {
@@ -1348,7 +1348,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
  		return err;
  	}
  	brcmf_dbg(TRACE, "Applied Vndr IEs for Beacon\n");
-@@ -4374,7 +4412,7 @@ brcmf_config_ap_mgmt_ie(struct brcmf_cfg
+@@ -4376,7 +4414,7 @@ brcmf_config_ap_mgmt_ie(struct brcmf_cfg
  				    beacon->proberesp_ies,
  				    beacon->proberesp_ies_len);
  	if (err)
@@ -1357,7 +1357,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
  	else
  		brcmf_dbg(TRACE, "Applied Vndr IEs for Probe Resp\n");
  
-@@ -4483,7 +4521,8 @@ brcmf_cfg80211_start_ap(struct wiphy *wi
+@@ -4485,7 +4523,8 @@ brcmf_cfg80211_start_ap(struct wiphy *wi
  			err = brcmf_fil_cmd_int_set(ifp, BRCMF_C_SET_REGULATORY,
  						    is_11d);
  			if (err < 0) {
@@ -1367,7 +1367,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
  				goto exit;
  			}
  		}
-@@ -4491,8 +4530,8 @@ brcmf_cfg80211_start_ap(struct wiphy *wi
+@@ -4493,8 +4532,8 @@ brcmf_cfg80211_start_ap(struct wiphy *wi
  			err = brcmf_fil_cmd_int_set(ifp, BRCMF_C_SET_BCNPRD,
  						    settings->beacon_interval);
  			if (err < 0) {
@@ -1378,7 +1378,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
  				goto exit;
  			}
  		}
-@@ -4500,7 +4539,8 @@ brcmf_cfg80211_start_ap(struct wiphy *wi
+@@ -4502,7 +4541,8 @@ brcmf_cfg80211_start_ap(struct wiphy *wi
  			err = brcmf_fil_cmd_int_set(ifp, BRCMF_C_SET_DTIMPRD,
  						    settings->dtim_period);
  			if (err < 0) {
@@ -1388,7 +1388,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
  				goto exit;
  			}
  		}
-@@ -4510,7 +4550,8 @@ brcmf_cfg80211_start_ap(struct wiphy *wi
+@@ -4512,7 +4552,8 @@ brcmf_cfg80211_start_ap(struct wiphy *wi
  		     !brcmf_feat_is_enabled(ifp, BRCMF_FEAT_RSDB))) {
  			err = brcmf_fil_cmd_int_set(ifp, BRCMF_C_DOWN, 1);
  			if (err < 0) {
@@ -1398,7 +1398,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
  				goto exit;
  			}
  			brcmf_fil_iovar_int_set(ifp, "apsta", 0);
-@@ -4518,7 +4559,7 @@ brcmf_cfg80211_start_ap(struct wiphy *wi
+@@ -4520,7 +4561,7 @@ brcmf_cfg80211_start_ap(struct wiphy *wi
  
  		err = brcmf_fil_cmd_int_set(ifp, BRCMF_C_SET_INFRA, 1);
  		if (err < 0) {
@@ -1407,7 +1407,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
  			goto exit;
  		}
  	} else if (WARN_ON(supports_11d && (is_11d != ifp->vif->is_11d))) {
-@@ -4534,7 +4575,8 @@ brcmf_cfg80211_start_ap(struct wiphy *wi
+@@ -4536,7 +4577,8 @@ brcmf_cfg80211_start_ap(struct wiphy *wi
  
  		err = brcmf_fil_cmd_int_set(ifp, BRCMF_C_SET_AP, 1);
  		if (err < 0) {
@@ -1417,7 +1417,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
  			goto exit;
  		}
  		if (!mbss) {
-@@ -4543,14 +4585,14 @@ brcmf_cfg80211_start_ap(struct wiphy *wi
+@@ -4545,14 +4587,14 @@ brcmf_cfg80211_start_ap(struct wiphy *wi
  			 */
  			err = brcmf_fil_iovar_int_set(ifp, "chanspec", chanspec);
  			if (err < 0) {
@@ -1435,7 +1435,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
  			goto exit;
  		}
  		/* On DOWN the firmware removes the WEP keys, reconfigure
-@@ -4565,14 +4607,14 @@ brcmf_cfg80211_start_ap(struct wiphy *wi
+@@ -4567,14 +4609,14 @@ brcmf_cfg80211_start_ap(struct wiphy *wi
  		err = brcmf_fil_cmd_data_set(ifp, BRCMF_C_SET_SSID,
  					     &join_params, sizeof(join_params));
  		if (err < 0) {
@@ -1452,7 +1452,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
  				goto exit;
  			}
  		}
-@@ -4581,14 +4623,14 @@ brcmf_cfg80211_start_ap(struct wiphy *wi
+@@ -4583,14 +4625,14 @@ brcmf_cfg80211_start_ap(struct wiphy *wi
  	} else if (dev_role == NL80211_IFTYPE_P2P_GO) {
  		err = brcmf_fil_iovar_int_set(ifp, "chanspec", chanspec);
  		if (err < 0) {
@@ -1470,7 +1470,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
  			goto exit;
  		}
  		bss_enable.bsscfgidx = cpu_to_le32(ifp->bsscfgidx);
-@@ -4596,7 +4638,7 @@ brcmf_cfg80211_start_ap(struct wiphy *wi
+@@ -4598,7 +4640,7 @@ brcmf_cfg80211_start_ap(struct wiphy *wi
  		err = brcmf_fil_iovar_data_set(ifp, "bss", &bss_enable,
  					       sizeof(bss_enable));
  		if (err < 0) {
@@ -1479,7 +1479,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
  			goto exit;
  		}
  
-@@ -4644,13 +4686,13 @@ static int brcmf_cfg80211_stop_ap(struct
+@@ -4646,13 +4688,13 @@ static int brcmf_cfg80211_stop_ap(struct
  		err = brcmf_fil_cmd_data_set(ifp, BRCMF_C_SET_SSID,
  					     &join_params, sizeof(join_params));
  		if (err < 0)
@@ -1496,7 +1496,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
  		if (brcmf_feat_is_enabled(ifp, BRCMF_FEAT_MBSS))
  			brcmf_fil_iovar_int_set(ifp, "mbss", 0);
  		brcmf_fil_cmd_int_set(ifp, BRCMF_C_SET_REGULATORY,
-@@ -4658,7 +4700,7 @@ static int brcmf_cfg80211_stop_ap(struct
+@@ -4660,7 +4702,7 @@ static int brcmf_cfg80211_stop_ap(struct
  		/* Bring device back up so it can be used again */
  		err = brcmf_fil_cmd_int_set(ifp, BRCMF_C_UP, 1);
  		if (err < 0)
@@ -1505,7 +1505,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
  
  		brcmf_vif_clear_mgmt_ies(ifp->vif);
  	} else {
-@@ -4667,7 +4709,7 @@ static int brcmf_cfg80211_stop_ap(struct
+@@ -4669,7 +4711,7 @@ static int brcmf_cfg80211_stop_ap(struct
  		err = brcmf_fil_iovar_data_set(ifp, "bss", &bss_enable,
  					       sizeof(bss_enable));
  		if (err < 0)
@@ -1514,7 +1514,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
  	}
  	brcmf_set_mpc(ifp, 1);
  	brcmf_configure_arp_nd_offload(ifp, true);
-@@ -4715,7 +4757,8 @@ brcmf_cfg80211_del_station(struct wiphy
+@@ -4717,7 +4759,8 @@ brcmf_cfg80211_del_station(struct wiphy
  	err = brcmf_fil_cmd_data_set(ifp, BRCMF_C_SCB_DEAUTHENTICATE_FOR_REASON,
  				     &scbval, sizeof(scbval));
  	if (err)
@@ -1524,7 +1524,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
  
  	brcmf_dbg(TRACE, "Exit\n");
  	return err;
-@@ -4745,7 +4788,7 @@ brcmf_cfg80211_change_station(struct wip
+@@ -4747,7 +4790,7 @@ brcmf_cfg80211_change_station(struct wip
  		err = brcmf_fil_cmd_data_set(ifp, BRCMF_C_SET_SCB_DEAUTHORIZE,
  					     (void *)mac, ETH_ALEN);
  	if (err < 0)
@@ -1533,7 +1533,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
  
  	return err;
  }
-@@ -4795,7 +4838,7 @@ brcmf_cfg80211_mgmt_tx(struct wiphy *wip
+@@ -4797,7 +4840,7 @@ brcmf_cfg80211_mgmt_tx(struct wiphy *wip
  	mgmt = (const struct ieee80211_mgmt *)buf;
  
  	if (!ieee80211_is_mgmt(mgmt->frame_control)) {
@@ -1542,7 +1542,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
  		return -EPERM;
  	}
  
-@@ -4826,13 +4869,13 @@ brcmf_cfg80211_mgmt_tx(struct wiphy *wip
+@@ -4828,13 +4871,13 @@ brcmf_cfg80211_mgmt_tx(struct wiphy *wip
  					GFP_KERNEL);
  	} else if (ieee80211_is_action(mgmt->frame_control)) {
  		if (len > BRCMF_FIL_ACTION_FRAME_SIZE + DOT11_MGMT_HDR_LEN) {
@@ -1558,7 +1558,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
  			err = -ENOMEM;
  			goto exit;
  		}
-@@ -4890,7 +4933,7 @@ brcmf_cfg80211_cancel_remain_on_channel(
+@@ -4892,7 +4935,7 @@ brcmf_cfg80211_cancel_remain_on_channel(
  
  	vif = cfg->p2p.bss_idx[P2PAPI_BSSCFG_DEVICE].vif;
  	if (vif == NULL) {
@@ -1567,7 +1567,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
  		err = -ENODEV;
  		goto exit;
  	}
-@@ -4918,7 +4961,7 @@ static int brcmf_cfg80211_get_channel(st
+@@ -4920,7 +4963,7 @@ static int brcmf_cfg80211_get_channel(st
  
  	err = brcmf_fil_iovar_int_get(ifp, "chanspec", &chanspec);
  	if (err) {
@@ -1576,7 +1576,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
  		return err;
  	}
  
-@@ -5057,7 +5100,7 @@ static int brcmf_cfg80211_tdls_oper(stru
+@@ -5059,7 +5102,7 @@ static int brcmf_cfg80211_tdls_oper(stru
  	ret = brcmf_fil_iovar_data_set(ifp, "tdls_endpoint",
  				       &info, sizeof(info));
  	if (ret < 0)
@@ -1585,7 +1585,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
  
  	return ret;
  }
-@@ -5078,7 +5121,7 @@ brcmf_cfg80211_update_conn_params(struct
+@@ -5080,7 +5123,7 @@ brcmf_cfg80211_update_conn_params(struct
  	err = brcmf_vif_set_mgmt_ie(ifp->vif, BRCMF_VNDR_IE_ASSOCREQ_FLAG,
  				    sme->ie, sme->ie_len);
  	if (err)
@@ -1594,7 +1594,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
  	else
  		brcmf_dbg(TRACE, "Applied Vndr IEs for Assoc request\n");
  
-@@ -5104,7 +5147,7 @@ brcmf_cfg80211_set_rekey_data(struct wip
+@@ -5106,7 +5149,7 @@ brcmf_cfg80211_set_rekey_data(struct wip
  	ret = brcmf_fil_iovar_data_set(ifp, "gtk_key_info", &gtk_le,
  				       sizeof(gtk_le));
  	if (ret < 0)
@@ -1603,7 +1603,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
  
  	return ret;
  }
-@@ -5336,6 +5379,7 @@ static void brcmf_clear_assoc_ies(struct
+@@ -5338,6 +5381,7 @@ static void brcmf_clear_assoc_ies(struct
  static s32 brcmf_get_assoc_ies(struct brcmf_cfg80211_info *cfg,
  			       struct brcmf_if *ifp)
  {
@@ -1611,7 +1611,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
  	struct brcmf_cfg80211_assoc_ielen_le *assoc_info;
  	struct brcmf_cfg80211_connect_info *conn_info = cfg_to_conn(cfg);
  	u32 req_len;
-@@ -5347,7 +5391,7 @@ static s32 brcmf_get_assoc_ies(struct br
+@@ -5349,7 +5393,7 @@ static s32 brcmf_get_assoc_ies(struct br
  	err = brcmf_fil_iovar_data_get(ifp, "assoc_info",
  				       cfg->extra_buf, WL_ASSOC_INFO_MAX);
  	if (err) {
@@ -1620,7 +1620,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
  		return err;
  	}
  	assoc_info =
-@@ -5359,7 +5403,7 @@ static s32 brcmf_get_assoc_ies(struct br
+@@ -5361,7 +5405,7 @@ static s32 brcmf_get_assoc_ies(struct br
  					       cfg->extra_buf,
  					       WL_ASSOC_INFO_MAX);
  		if (err) {
@@ -1629,7 +1629,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
  			return err;
  		}
  		conn_info->req_ie_len = req_len;
-@@ -5375,7 +5419,7 @@ static s32 brcmf_get_assoc_ies(struct br
+@@ -5379,7 +5423,7 @@ static s32 brcmf_get_assoc_ies(struct br
  					       cfg->extra_buf,
  					       WL_ASSOC_INFO_MAX);
  		if (err) {
@@ -1638,7 +1638,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
  			return err;
  		}
  		conn_info->resp_ie_len = resp_len;
-@@ -5502,6 +5546,7 @@ brcmf_notify_connect_status_ap(struct br
+@@ -5508,6 +5552,7 @@ brcmf_notify_connect_status_ap(struct br
  			       struct net_device *ndev,
  			       const struct brcmf_event_msg *e, void *data)
  {
@@ -1646,7 +1646,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
  	static int generation;
  	u32 event = e->event_code;
  	u32 reason = e->reason;
-@@ -5519,7 +5564,7 @@ brcmf_notify_connect_status_ap(struct br
+@@ -5525,7 +5570,7 @@ brcmf_notify_connect_status_ap(struct br
  	if (((event == BRCMF_E_ASSOC_IND) || (event == BRCMF_E_REASSOC_IND)) &&
  	    (reason == BRCMF_E_STATUS_SUCCESS)) {
  		if (!data) {
@@ -1655,7 +1655,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
  			return -EINVAL;
  		}
  
-@@ -5811,6 +5856,7 @@ static void init_vif_event(struct brcmf_
+@@ -5817,6 +5862,7 @@ static void init_vif_event(struct brcmf_
  
  static s32 brcmf_dongle_roam(struct brcmf_if *ifp)
  {
@@ -1663,7 +1663,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
  	s32 err;
  	u32 bcn_timeout;
  	__le32 roamtrigger[2];
-@@ -5823,7 +5869,7 @@ static s32 brcmf_dongle_roam(struct brcm
+@@ -5829,7 +5875,7 @@ static s32 brcmf_dongle_roam(struct brcm
  		bcn_timeout = BRCMF_DEFAULT_BCN_TIMEOUT_ROAM_ON;
  	err = brcmf_fil_iovar_int_set(ifp, "bcn_timeout", bcn_timeout);
  	if (err) {
@@ -1672,7 +1672,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
  		goto roam_setup_done;
  	}
  
-@@ -5835,7 +5881,7 @@ static s32 brcmf_dongle_roam(struct brcm
+@@ -5841,7 +5887,7 @@ static s32 brcmf_dongle_roam(struct brcm
  	err = brcmf_fil_iovar_int_set(ifp, "roam_off",
  				      ifp->drvr->settings->roamoff);
  	if (err) {
@@ -1681,7 +1681,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
  		goto roam_setup_done;
  	}
  
-@@ -5844,7 +5890,7 @@ static s32 brcmf_dongle_roam(struct brcm
+@@ -5850,7 +5896,7 @@ static s32 brcmf_dongle_roam(struct brcm
  	err = brcmf_fil_cmd_data_set(ifp, BRCMF_C_SET_ROAM_TRIGGER,
  				     (void *)roamtrigger, sizeof(roamtrigger));
  	if (err) {
@@ -1690,7 +1690,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
  		goto roam_setup_done;
  	}
  
-@@ -5853,7 +5899,7 @@ static s32 brcmf_dongle_roam(struct brcm
+@@ -5859,7 +5905,7 @@ static s32 brcmf_dongle_roam(struct brcm
  	err = brcmf_fil_cmd_data_set(ifp, BRCMF_C_SET_ROAM_DELTA,
  				     (void *)roam_delta, sizeof(roam_delta));
  	if (err) {
@@ -1699,7 +1699,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
  		goto roam_setup_done;
  	}
  
-@@ -5864,25 +5910,26 @@ roam_setup_done:
+@@ -5870,25 +5916,26 @@ roam_setup_done:
  static s32
  brcmf_dongle_scantime(struct brcmf_if *ifp)
  {
@@ -1729,7 +1729,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
  		goto dongle_scantime_out;
  	}
  
-@@ -5914,10 +5961,10 @@ static void brcmf_update_bw40_channel_fl
+@@ -5920,10 +5967,10 @@ static void brcmf_update_bw40_channel_fl
  static int brcmf_construct_chaninfo(struct brcmf_cfg80211_info *cfg,
  				    u32 bw_cap[])
  {
@@ -1741,7 +1741,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
  	struct brcmf_chanspec_list *list;
  	struct brcmu_chan ch;
  	int err;
-@@ -5936,11 +5983,10 @@ static int brcmf_construct_chaninfo(stru
+@@ -5942,11 +5989,10 @@ static int brcmf_construct_chaninfo(stru
  	err = brcmf_fil_iovar_data_get(ifp, "chanspecs", pbuf,
  				       BRCMF_DCMD_MEDLEN);
  	if (err) {
@@ -1754,7 +1754,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
  	band = wiphy->bands[NL80211_BAND_2GHZ];
  	if (band)
  		for (i = 0; i < band->n_channels; i++)
-@@ -5960,7 +6006,8 @@ static int brcmf_construct_chaninfo(stru
+@@ -5966,7 +6012,8 @@ static int brcmf_construct_chaninfo(stru
  		} else if (ch.band == BRCMU_CHAN_BAND_5G) {
  			band = wiphy->bands[NL80211_BAND_5GHZ];
  		} else {
@@ -1764,7 +1764,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
  			continue;
  		}
  		if (!band)
-@@ -5983,8 +6030,8 @@ static int brcmf_construct_chaninfo(stru
+@@ -5989,8 +6036,8 @@ static int brcmf_construct_chaninfo(stru
  			/* It seems firmware supports some channel we never
  			 * considered. Something new in IEEE standard?
  			 */
@@ -1775,7 +1775,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
  			continue;
  		}
  
-@@ -6030,6 +6077,7 @@ fail_pbuf:
+@@ -6036,6 +6083,7 @@ fail_pbuf:
  
  static int brcmf_enable_bw40_2g(struct brcmf_cfg80211_info *cfg)
  {
@@ -1783,7 +1783,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
  	struct brcmf_if *ifp = brcmf_get_ifp(cfg->pub, 0);
  	struct ieee80211_supported_band *band;
  	struct brcmf_fil_bwcap_le band_bwcap;
-@@ -6076,7 +6124,7 @@ static int brcmf_enable_bw40_2g(struct b
+@@ -6082,7 +6130,7 @@ static int brcmf_enable_bw40_2g(struct b
  		err = brcmf_fil_iovar_data_get(ifp, "chanspecs", pbuf,
  					       BRCMF_DCMD_MEDLEN);
  		if (err) {
@@ -1792,7 +1792,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
  			kfree(pbuf);
  			return err;
  		}
-@@ -6107,6 +6155,7 @@ static int brcmf_enable_bw40_2g(struct b
+@@ -6113,6 +6161,7 @@ static int brcmf_enable_bw40_2g(struct b
  
  static void brcmf_get_bwcap(struct brcmf_if *ifp, u32 bw_cap[])
  {
@@ -1800,7 +1800,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
  	u32 band, mimo_bwcap;
  	int err;
  
-@@ -6142,7 +6191,7 @@ static void brcmf_get_bwcap(struct brcmf
+@@ -6148,7 +6197,7 @@ static void brcmf_get_bwcap(struct brcmf
  		bw_cap[NL80211_BAND_5GHZ] |= WLC_BW_20MHZ_BIT;
  		break;
  	default:
@@ -1809,7 +1809,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
  	}
  }
  
-@@ -6218,7 +6267,7 @@ static void brcmf_update_vht_cap(struct
+@@ -6224,7 +6273,7 @@ static void brcmf_update_vht_cap(struct
  static int brcmf_setup_wiphybands(struct brcmf_cfg80211_info *cfg)
  {
  	struct brcmf_if *ifp = brcmf_get_ifp(cfg->pub, 0);
@@ -1818,7 +1818,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
  	u32 nmode = 0;
  	u32 vhtmode = 0;
  	u32 bw_cap[2] = { WLC_BW_20MHZ_BIT, WLC_BW_20MHZ_BIT };
-@@ -6234,7 +6283,7 @@ static int brcmf_setup_wiphybands(struct
+@@ -6240,7 +6289,7 @@ static int brcmf_setup_wiphybands(struct
  	(void)brcmf_fil_iovar_int_get(ifp, "vhtmode", &vhtmode);
  	err = brcmf_fil_iovar_int_get(ifp, "nmode", &nmode);
  	if (err) {
@@ -1827,7 +1827,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
  	} else {
  		brcmf_get_bwcap(ifp, bw_cap);
  	}
-@@ -6244,7 +6293,7 @@ static int brcmf_setup_wiphybands(struct
+@@ -6250,7 +6299,7 @@ static int brcmf_setup_wiphybands(struct
  
  	err = brcmf_fil_iovar_int_get(ifp, "rxchain", &rxchain);
  	if (err) {
@@ -1836,7 +1836,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
  		nchain = 1;
  	} else {
  		for (nchain = 0; rxchain; nchain++)
-@@ -6254,7 +6303,7 @@ static int brcmf_setup_wiphybands(struct
+@@ -6260,7 +6309,7 @@ static int brcmf_setup_wiphybands(struct
  
  	err = brcmf_construct_chaninfo(cfg, bw_cap);
  	if (err) {
@@ -1845,7 +1845,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
  		return err;
  	}
  
-@@ -6266,7 +6315,6 @@ static int brcmf_setup_wiphybands(struct
+@@ -6272,7 +6321,6 @@ static int brcmf_setup_wiphybands(struct
  					      &txbf_bfr_cap);
  	}
  
@@ -1853,7 +1853,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
  	for (i = 0; i < ARRAY_SIZE(wiphy->bands); i++) {
  		band = wiphy->bands[i];
  		if (band == NULL)
-@@ -6467,7 +6515,7 @@ static void brcmf_wiphy_wowl_params(stru
+@@ -6473,7 +6521,7 @@ static void brcmf_wiphy_wowl_params(stru
  	wowl = kmemdup(&brcmf_wowlan_support, sizeof(brcmf_wowlan_support),
  		       GFP_KERNEL);
  	if (!wowl) {
@@ -1862,7 +1862,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
  		wiphy->wowlan = &brcmf_wowlan_support;
  		return;
  	}
-@@ -6564,7 +6612,7 @@ static int brcmf_setup_wiphy(struct wiph
+@@ -6570,7 +6618,7 @@ static int brcmf_setup_wiphy(struct wiph
  	err = brcmf_fil_cmd_data_get(ifp, BRCMF_C_GET_BANDLIST, &bandlist,
  				     sizeof(bandlist));
  	if (err) {
@@ -1871,7 +1871,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
  		return err;
  	}
  	/* first entry in bandlist is number of bands */
-@@ -6613,6 +6661,7 @@ static int brcmf_setup_wiphy(struct wiph
+@@ -6619,6 +6667,7 @@ static int brcmf_setup_wiphy(struct wiph
  
  static s32 brcmf_config_dongle(struct brcmf_cfg80211_info *cfg)
  {
@@ -1879,7 +1879,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
  	struct net_device *ndev;
  	struct wireless_dev *wdev;
  	struct brcmf_if *ifp;
-@@ -6650,7 +6699,7 @@ static s32 brcmf_config_dongle(struct br
+@@ -6656,7 +6705,7 @@ static s32 brcmf_config_dongle(struct br
  
  	err = brcmf_fil_cmd_int_set(ifp, BRCMF_C_SET_FAKEFRAG, 1);
  	if (err) {
@@ -1888,7 +1888,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
  		goto default_conf_out;
  	}
  
-@@ -6842,8 +6891,8 @@ static void brcmf_cfg80211_reg_notifier(
+@@ -6848,8 +6897,8 @@ static void brcmf_cfg80211_reg_notifier(
  	/* ignore non-ISO3166 country codes */
  	for (i = 0; i < 2; i++)
  		if (req->alpha2[i] < 'A' || req->alpha2[i] > 'Z') {
@@ -1899,7 +1899,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
  			return;
  		}
  
-@@ -6852,7 +6901,7 @@ static void brcmf_cfg80211_reg_notifier(
+@@ -6858,7 +6907,7 @@ static void brcmf_cfg80211_reg_notifier(
  
  	err = brcmf_fil_iovar_data_get(ifp, "country", &ccreq, sizeof(ccreq));
  	if (err) {
@@ -1908,7 +1908,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
  		return;
  	}
  
-@@ -6862,7 +6911,7 @@ static void brcmf_cfg80211_reg_notifier(
+@@ -6868,7 +6917,7 @@ static void brcmf_cfg80211_reg_notifier(
  
  	err = brcmf_fil_iovar_data_set(ifp, "country", &ccreq, sizeof(ccreq));
  	if (err) {
@@ -1917,7 +1917,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
  		return;
  	}
  	brcmf_setup_wiphybands(cfg);
-@@ -6908,13 +6957,13 @@ struct brcmf_cfg80211_info *brcmf_cfg802
+@@ -6914,13 +6963,13 @@ struct brcmf_cfg80211_info *brcmf_cfg802
  	u16 *cap = NULL;
  
  	if (!ndev) {
@@ -1933,7 +1933,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
  		return NULL;
  	}
  
-@@ -6935,7 +6984,7 @@ struct brcmf_cfg80211_info *brcmf_cfg802
+@@ -6941,7 +6990,7 @@ struct brcmf_cfg80211_info *brcmf_cfg802
  
  	err = wl_init_priv(cfg);
  	if (err) {
@@ -1942,7 +1942,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
  		brcmf_free_vif(vif);
  		goto wiphy_out;
  	}
-@@ -6944,7 +6993,7 @@ struct brcmf_cfg80211_info *brcmf_cfg802
+@@ -6950,7 +6999,7 @@ struct brcmf_cfg80211_info *brcmf_cfg802
  	/* determine d11 io type before wiphy setup */
  	err = brcmf_fil_cmd_int_get(ifp, BRCMF_C_GET_VERSION, &io_type);
  	if (err) {
@@ -1951,7 +1951,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
  		goto priv_out;
  	}
  	cfg->d11inf.io_type = (u8)io_type;
-@@ -6978,13 +7027,13 @@ struct brcmf_cfg80211_info *brcmf_cfg802
+@@ -6984,13 +7033,13 @@ struct brcmf_cfg80211_info *brcmf_cfg802
  #endif
  	err = wiphy_register(wiphy);
  	if (err < 0) {
@@ -1967,7 +1967,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
  		goto wiphy_unreg_out;
  	}
  
-@@ -7002,24 +7051,24 @@ struct brcmf_cfg80211_info *brcmf_cfg802
+@@ -7008,24 +7057,24 @@ struct brcmf_cfg80211_info *brcmf_cfg802
  
  	err = brcmf_fweh_activate_events(ifp);
  	if (err) {
@@ -1996,7 +1996,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
  		brcmf_btcoex_detach(cfg);
  		brcmf_p2p_detach(&cfg->p2p);
  		goto wiphy_unreg_out;
-@@ -7039,7 +7088,7 @@ struct brcmf_cfg80211_info *brcmf_cfg802
+@@ -7045,7 +7094,7 @@ struct brcmf_cfg80211_info *brcmf_cfg802
  	/* (re-) activate FWEH event handling */
  	err = brcmf_fweh_activate_events(ifp);
  	if (err) {

package/kernel/mac80211/patches/brcm/349-v5.1-0001-brcmfmac-assure-SSID-length-from-firmware-is-limited.patch

@@ -1,28 +0,0 @@
-From 1b5e2423164b3670e8bc9174e4762d297990deff Mon Sep 17 00:00:00 2001
-From: Arend van Spriel <arend.vanspriel@broadcom.com>
-Date: Thu, 14 Feb 2019 13:43:47 +0100
-Subject: [PATCH] brcmfmac: assure SSID length from firmware is limited
-
-The SSID length as received from firmware should not exceed
-IEEE80211_MAX_SSID_LEN as that would result in heap overflow.
-
-Reviewed-by: Hante Meuleman <hante.meuleman@broadcom.com>
-Reviewed-by: Pieter-Paul Giesberts <pieter-paul.giesberts@broadcom.com>
-Reviewed-by: Franky Lin <franky.lin@broadcom.com>
-Signed-off-by: Arend van Spriel <arend.vanspriel@broadcom.com>
-Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
----
- drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c | 2 ++
- 1 file changed, 2 insertions(+)
-
---- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c
-+++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c
-@@ -3499,6 +3499,8 @@ brcmf_wowl_nd_results(struct brcmf_if *i
- 	}
- 
- 	netinfo = brcmf_get_netinfo_array(pfn_result);
-+	if (netinfo->SSID_len > IEEE80211_MAX_SSID_LEN)
-+		netinfo->SSID_len = IEEE80211_MAX_SSID_LEN;
- 	memcpy(cfg->wowl.nd->ssid.ssid, netinfo->SSID, netinfo->SSID_len);
- 	cfg->wowl.nd->ssid.ssid_len = netinfo->SSID_len;
- 	cfg->wowl.nd->n_channels = 1;

package/kernel/mac80211/patches/brcm/349-v5.1-0002-brcmfmac-add-subtype-check-for-event-handling-in-dat.patch

@@ -1,96 +0,0 @@
-From a4176ec356c73a46c07c181c6d04039fafa34a9f Mon Sep 17 00:00:00 2001
-From: Arend van Spriel <arend.vanspriel@broadcom.com>
-Date: Thu, 14 Feb 2019 13:43:48 +0100
-Subject: [PATCH] brcmfmac: add subtype check for event handling in data path
-
-For USB there is no separate channel being used to pass events
-from firmware to the host driver and as such are passed over the
-data path. In order to detect mock event messages an additional
-check is needed on event subtype. This check is added conditionally
-using unlikely() keyword.
-
-Reviewed-by: Hante Meuleman <hante.meuleman@broadcom.com>
-Reviewed-by: Pieter-Paul Giesberts <pieter-paul.giesberts@broadcom.com>
-Reviewed-by: Franky Lin <franky.lin@broadcom.com>
-Signed-off-by: Arend van Spriel <arend.vanspriel@broadcom.com>
-Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
----
- .../wireless/broadcom/brcm80211/brcmfmac/core.c  |  5 +++--
- .../wireless/broadcom/brcm80211/brcmfmac/fweh.h  | 16 ++++++++++++----
- .../broadcom/brcm80211/brcmfmac/msgbuf.c         |  2 +-
- 3 files changed, 16 insertions(+), 7 deletions(-)
-
---- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/core.c
-+++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/core.c
-@@ -519,7 +519,8 @@ void brcmf_rx_frame(struct device *dev,
- 	} else {
- 		/* Process special event packets */
- 		if (handle_event)
--			brcmf_fweh_process_skb(ifp->drvr, skb);
-+			brcmf_fweh_process_skb(ifp->drvr, skb,
-+					       BCMILCP_SUBTYPE_VENDOR_LONG);
- 
- 		brcmf_netif_rx(ifp, skb);
- 	}
-@@ -536,7 +537,7 @@ void brcmf_rx_event(struct device *dev,
- 	if (brcmf_rx_hdrpull(drvr, skb, &ifp))
- 		return;
- 
--	brcmf_fweh_process_skb(ifp->drvr, skb);
-+	brcmf_fweh_process_skb(ifp->drvr, skb, 0);
- 	brcmu_pkt_buf_free_skb(skb);
- }
- 
---- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/fweh.h
-+++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/fweh.h
-@@ -211,7 +211,7 @@ enum brcmf_fweh_event_code {
-  */
- #define BRCM_OUI				"\x00\x10\x18"
- #define BCMILCP_BCM_SUBTYPE_EVENT		1
--
-+#define BCMILCP_SUBTYPE_VENDOR_LONG		32769
- 
- /**
-  * struct brcm_ethhdr - broadcom specific ether header.
-@@ -334,10 +334,10 @@ void brcmf_fweh_process_event(struct brc
- void brcmf_fweh_p2pdev_setup(struct brcmf_if *ifp, bool ongoing);
- 
- static inline void brcmf_fweh_process_skb(struct brcmf_pub *drvr,
--					  struct sk_buff *skb)
-+					  struct sk_buff *skb, u16 stype)
- {
- 	struct brcmf_event *event_packet;
--	u16 usr_stype;
-+	u16 subtype, usr_stype;
- 
- 	/* only process events when protocol matches */
- 	if (skb->protocol != cpu_to_be16(ETH_P_LINK_CTL))
-@@ -346,8 +346,16 @@ static inline void brcmf_fweh_process_sk
- 	if ((skb->len + ETH_HLEN) < sizeof(*event_packet))
- 		return;
- 
--	/* check for BRCM oui match */
- 	event_packet = (struct brcmf_event *)skb_mac_header(skb);
-+
-+	/* check subtype if needed */
-+	if (unlikely(stype)) {
-+		subtype = get_unaligned_be16(&event_packet->hdr.subtype);
-+		if (subtype != stype)
-+			return;
-+	}
-+
-+	/* check for BRCM oui match */
- 	if (memcmp(BRCM_OUI, &event_packet->hdr.oui[0],
- 		   sizeof(event_packet->hdr.oui)))
- 		return;
---- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/msgbuf.c
-+++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/msgbuf.c
-@@ -1116,7 +1116,7 @@ static void brcmf_msgbuf_process_event(s
- 
- 	skb->protocol = eth_type_trans(skb, ifp->ndev);
- 
--	brcmf_fweh_process_skb(ifp->drvr, skb);
-+	brcmf_fweh_process_skb(ifp->drvr, skb, 0);
- 
- exit:
- 	brcmu_pkt_buf_free_skb(skb);

package/kernel/mac80211/patches/brcm/349-v5.1-0003-brcmfmac-create-debugfs-files-for-bus-specific-layer.patch

@@ -48,7 +48,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
   */
 --- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/core.c
 +++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/core.c
-@@ -1177,6 +1177,7 @@ static int brcmf_bus_started(struct brcm
+@@ -1181,6 +1181,7 @@ static int brcmf_bus_started(struct brcm
  	brcmf_debugfs_add_entry(drvr, "revinfo", brcmf_revinfo_read);
  	brcmf_feat_debugfs_create(drvr);
  	brcmf_proto_debugfs_create(drvr);
@@ -58,7 +58,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
  
 --- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/sdio.c
 +++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/sdio.c
-@@ -3143,9 +3143,12 @@ static int brcmf_debugfs_sdio_count_read
+@@ -3154,9 +3154,12 @@ static int brcmf_debugfs_sdio_count_read
  	return 0;
  }
  
@@ -73,7 +73,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
  	struct dentry *dentry = brcmf_debugfs_get_devdir(drvr);
  
  	if (IS_ERR_OR_NULL(dentry))
-@@ -3165,7 +3168,7 @@ static int brcmf_sdio_checkdied(struct b
+@@ -3176,7 +3179,7 @@ static int brcmf_sdio_checkdied(struct b
  	return 0;
  }
  
@@ -82,7 +82,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
  {
  }
  #endif /* DEBUG */
-@@ -3477,8 +3480,6 @@ static int brcmf_sdio_bus_preinit(struct
+@@ -3488,8 +3491,6 @@ static int brcmf_sdio_bus_preinit(struct
  	if (bus->rxbuf)
  		bus->rxblen = value;
  
@@ -91,7 +91,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
  	/* the commands below use the terms tx and rx from
  	 * a device perspective, ie. bus:txglom affects the
  	 * bus transfers from device to host.
-@@ -4088,6 +4089,7 @@ static const struct brcmf_bus_ops brcmf_
+@@ -4099,6 +4100,7 @@ static const struct brcmf_bus_ops brcmf_
  	.get_ramsize = brcmf_sdio_bus_get_ramsize,
  	.get_memdump = brcmf_sdio_bus_get_memdump,
  	.get_fwname = brcmf_sdio_get_fwname,

package/kernel/mac80211/patches/brcm/349-v5.1-0005-brcmfmac-check-and-dump-trap-info-during-sdio-probe.patch

@@ -18,7 +18,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
 
 --- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/sdio.c
 +++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/sdio.c
-@@ -2999,21 +2999,35 @@ static int brcmf_sdio_trap_info(struct s
+@@ -3010,21 +3010,35 @@ static int brcmf_sdio_trap_info(struct s
  	if (error < 0)
  		return error;
  
@@ -69,7 +69,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
  	return 0;
  }
  
-@@ -3067,8 +3081,10 @@ static int brcmf_sdio_checkdied(struct b
+@@ -3078,8 +3092,10 @@ static int brcmf_sdio_checkdied(struct b
  	else if (sh.flags & SDPCM_SHARED_ASSERT)
  		brcmf_err("assertion in dongle\n");
  
@@ -81,7 +81,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
  
  	return 0;
  }
-@@ -4199,7 +4215,7 @@ static void brcmf_sdio_firmware_callback
+@@ -4210,7 +4226,7 @@ static void brcmf_sdio_firmware_callback
  	} else {
  		/* Disable F2 again */
  		sdio_disable_func(sdiod->func2);
@@ -90,7 +90,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
  	}
  
  	if (brcmf_chip_sr_capable(bus->ci)) {
-@@ -4220,8 +4236,10 @@ static void brcmf_sdio_firmware_callback
+@@ -4231,8 +4247,10 @@ static void brcmf_sdio_firmware_callback
  	}
  
  	/* If we didn't come up, turn off backplane clock */
@@ -102,7 +102,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
  
  	sdio_release_host(sdiod->func1);
  
-@@ -4235,12 +4253,15 @@ static void brcmf_sdio_firmware_callback
+@@ -4246,12 +4264,15 @@ static void brcmf_sdio_firmware_callback
  	err = brcmf_attach(sdiod->dev, sdiod->settings);
  	if (err != 0) {
  		brcmf_err("brcmf_attach failed\n");

package/kernel/mac80211/patches/brcm/351-v5.1-0001-brcmfmac-improve-code-handling-bandwidth-of-firmware.patch

@@ -18,7 +18,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
 
 --- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c
 +++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c
-@@ -6043,11 +6043,18 @@ static int brcmf_construct_chaninfo(stru
+@@ -6047,11 +6047,18 @@ static int brcmf_construct_chaninfo(stru
  		/* assuming the chanspecs order is HT20,
  		 * HT40 upper, HT40 lower, and VHT80.
  		 */

package/kernel/mac80211/patches/brcm/351-v5.1-0002-brcmfmac-support-firmware-reporting-160-MHz-channels.patch

@@ -18,7 +18,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
 
 --- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c
 +++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c
-@@ -6044,6 +6044,9 @@ static int brcmf_construct_chaninfo(stru
+@@ -6048,6 +6048,9 @@ static int brcmf_construct_chaninfo(stru
  		 * HT40 upper, HT40 lower, and VHT80.
  		 */
  		switch (ch.bw) {

package/kernel/mac80211/patches/brcm/352-v5.1-brcmfmac-rework-bphy_err-to-take-struct-brcmf_pub-ar.patch

@@ -1891,7 +1891,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
  			return err;
  		}
  		conn_info->req_ie_len = req_len;
-@@ -5421,7 +5465,7 @@ static s32 brcmf_get_assoc_ies(struct br
+@@ -5423,7 +5467,7 @@ static s32 brcmf_get_assoc_ies(struct br
  					       cfg->extra_buf,
  					       WL_ASSOC_INFO_MAX);
  		if (err) {
@@ -1900,7 +1900,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
  			return err;
  		}
  		conn_info->resp_ie_len = resp_len;
-@@ -5548,7 +5592,7 @@ brcmf_notify_connect_status_ap(struct br
+@@ -5552,7 +5596,7 @@ brcmf_notify_connect_status_ap(struct br
  			       struct net_device *ndev,
  			       const struct brcmf_event_msg *e, void *data)
  {
@@ -1909,7 +1909,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
  	static int generation;
  	u32 event = e->event_code;
  	u32 reason = e->reason;
-@@ -5566,7 +5610,7 @@ brcmf_notify_connect_status_ap(struct br
+@@ -5570,7 +5614,7 @@ brcmf_notify_connect_status_ap(struct br
  	if (((event == BRCMF_E_ASSOC_IND) || (event == BRCMF_E_REASSOC_IND)) &&
  	    (reason == BRCMF_E_STATUS_SUCCESS)) {
  		if (!data) {
@@ -1918,7 +1918,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
  			return -EINVAL;
  		}
  
-@@ -5858,7 +5902,7 @@ static void init_vif_event(struct brcmf_
+@@ -5862,7 +5906,7 @@ static void init_vif_event(struct brcmf_
  
  static s32 brcmf_dongle_roam(struct brcmf_if *ifp)
  {
@@ -1927,7 +1927,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
  	s32 err;
  	u32 bcn_timeout;
  	__le32 roamtrigger[2];
-@@ -5871,7 +5915,7 @@ static s32 brcmf_dongle_roam(struct brcm
+@@ -5875,7 +5919,7 @@ static s32 brcmf_dongle_roam(struct brcm
  		bcn_timeout = BRCMF_DEFAULT_BCN_TIMEOUT_ROAM_ON;
  	err = brcmf_fil_iovar_int_set(ifp, "bcn_timeout", bcn_timeout);
  	if (err) {
@@ -1936,7 +1936,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
  		goto roam_setup_done;
  	}
  
-@@ -5883,7 +5927,7 @@ static s32 brcmf_dongle_roam(struct brcm
+@@ -5887,7 +5931,7 @@ static s32 brcmf_dongle_roam(struct brcm
  	err = brcmf_fil_iovar_int_set(ifp, "roam_off",
  				      ifp->drvr->settings->roamoff);
  	if (err) {
@@ -1945,7 +1945,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
  		goto roam_setup_done;
  	}
  
-@@ -5892,7 +5936,7 @@ static s32 brcmf_dongle_roam(struct brcm
+@@ -5896,7 +5940,7 @@ static s32 brcmf_dongle_roam(struct brcm
  	err = brcmf_fil_cmd_data_set(ifp, BRCMF_C_SET_ROAM_TRIGGER,
  				     (void *)roamtrigger, sizeof(roamtrigger));
  	if (err) {
@@ -1954,7 +1954,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
  		goto roam_setup_done;
  	}
  
-@@ -5901,7 +5945,7 @@ static s32 brcmf_dongle_roam(struct brcm
+@@ -5905,7 +5949,7 @@ static s32 brcmf_dongle_roam(struct brcm
  	err = brcmf_fil_cmd_data_set(ifp, BRCMF_C_SET_ROAM_DELTA,
  				     (void *)roam_delta, sizeof(roam_delta));
  	if (err) {
@@ -1963,7 +1963,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
  		goto roam_setup_done;
  	}
  
-@@ -5912,26 +5956,26 @@ roam_setup_done:
+@@ -5916,26 +5960,26 @@ roam_setup_done:
  static s32
  brcmf_dongle_scantime(struct brcmf_if *ifp)
  {
@@ -1994,7 +1994,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
  		goto dongle_scantime_out;
  	}
  
-@@ -5964,7 +6008,8 @@ static int brcmf_construct_chaninfo(stru
+@@ -5968,7 +6012,8 @@ static int brcmf_construct_chaninfo(stru
  				    u32 bw_cap[])
  {
  	struct wiphy *wiphy = cfg_to_wiphy(cfg);
@@ -2004,7 +2004,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
  	struct ieee80211_supported_band *band;
  	struct ieee80211_channel *channel;
  	struct brcmf_chanspec_list *list;
-@@ -5985,7 +6030,7 @@ static int brcmf_construct_chaninfo(stru
+@@ -5989,7 +6034,7 @@ static int brcmf_construct_chaninfo(stru
  	err = brcmf_fil_iovar_data_get(ifp, "chanspecs", pbuf,
  				       BRCMF_DCMD_MEDLEN);
  	if (err) {
@@ -2013,7 +2013,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
  		goto fail_pbuf;
  	}
  
-@@ -6008,7 +6053,7 @@ static int brcmf_construct_chaninfo(stru
+@@ -6012,7 +6057,7 @@ static int brcmf_construct_chaninfo(stru
  		} else if (ch.band == BRCMU_CHAN_BAND_5G) {
  			band = wiphy->bands[NL80211_BAND_5GHZ];
  		} else {
@@ -2022,7 +2022,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
  				 ch.chspec);
  			continue;
  		}
-@@ -6032,7 +6077,7 @@ static int brcmf_construct_chaninfo(stru
+@@ -6036,7 +6081,7 @@ static int brcmf_construct_chaninfo(stru
  			/* It seems firmware supports some channel we never
  			 * considered. Something new in IEEE standard?
  			 */
@@ -2031,7 +2031,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
  				 ch.control_ch_num);
  			continue;
  		}
-@@ -6089,8 +6134,8 @@ fail_pbuf:
+@@ -6093,8 +6138,8 @@ fail_pbuf:
  
  static int brcmf_enable_bw40_2g(struct brcmf_cfg80211_info *cfg)
  {
@@ -2042,7 +2042,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
  	struct ieee80211_supported_band *band;
  	struct brcmf_fil_bwcap_le band_bwcap;
  	struct brcmf_chanspec_list *list;
-@@ -6136,7 +6181,7 @@ static int brcmf_enable_bw40_2g(struct b
+@@ -6140,7 +6185,7 @@ static int brcmf_enable_bw40_2g(struct b
  		err = brcmf_fil_iovar_data_get(ifp, "chanspecs", pbuf,
  					       BRCMF_DCMD_MEDLEN);
  		if (err) {
@@ -2051,7 +2051,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
  			kfree(pbuf);
  			return err;
  		}
-@@ -6167,7 +6212,7 @@ static int brcmf_enable_bw40_2g(struct b
+@@ -6171,7 +6216,7 @@ static int brcmf_enable_bw40_2g(struct b
  
  static void brcmf_get_bwcap(struct brcmf_if *ifp, u32 bw_cap[])
  {
@@ -2060,7 +2060,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
  	u32 band, mimo_bwcap;
  	int err;
  
-@@ -6203,7 +6248,7 @@ static void brcmf_get_bwcap(struct brcmf
+@@ -6207,7 +6252,7 @@ static void brcmf_get_bwcap(struct brcmf
  		bw_cap[NL80211_BAND_5GHZ] |= WLC_BW_20MHZ_BIT;
  		break;
  	default:
@@ -2069,7 +2069,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
  	}
  }
  
-@@ -6278,7 +6323,8 @@ static void brcmf_update_vht_cap(struct
+@@ -6282,7 +6327,8 @@ static void brcmf_update_vht_cap(struct
  
  static int brcmf_setup_wiphybands(struct brcmf_cfg80211_info *cfg)
  {
@@ -2079,7 +2079,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
  	struct wiphy *wiphy = cfg_to_wiphy(cfg);
  	u32 nmode = 0;
  	u32 vhtmode = 0;
-@@ -6295,7 +6341,7 @@ static int brcmf_setup_wiphybands(struct
+@@ -6299,7 +6345,7 @@ static int brcmf_setup_wiphybands(struct
  	(void)brcmf_fil_iovar_int_get(ifp, "vhtmode", &vhtmode);
  	err = brcmf_fil_iovar_int_get(ifp, "nmode", &nmode);
  	if (err) {
@@ -2088,7 +2088,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
  	} else {
  		brcmf_get_bwcap(ifp, bw_cap);
  	}
-@@ -6305,7 +6351,7 @@ static int brcmf_setup_wiphybands(struct
+@@ -6309,7 +6355,7 @@ static int brcmf_setup_wiphybands(struct
  
  	err = brcmf_fil_iovar_int_get(ifp, "rxchain", &rxchain);
  	if (err) {
@@ -2097,7 +2097,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
  		nchain = 1;
  	} else {
  		for (nchain = 0; rxchain; nchain++)
-@@ -6315,7 +6361,7 @@ static int brcmf_setup_wiphybands(struct
+@@ -6319,7 +6365,7 @@ static int brcmf_setup_wiphybands(struct
  
  	err = brcmf_construct_chaninfo(cfg, bw_cap);
  	if (err) {
@@ -2106,7 +2106,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
  		return err;
  	}
  
-@@ -6522,12 +6568,13 @@ static void brcmf_wiphy_wowl_params(stru
+@@ -6526,12 +6572,13 @@ static void brcmf_wiphy_wowl_params(stru
  {
  #ifdef CONFIG_PM
  	struct brcmf_cfg80211_info *cfg = wiphy_to_cfg(wiphy);
@@ -2121,7 +2121,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
  		wiphy->wowlan = &brcmf_wowlan_support;
  		return;
  	}
-@@ -6624,7 +6671,7 @@ static int brcmf_setup_wiphy(struct wiph
+@@ -6628,7 +6675,7 @@ static int brcmf_setup_wiphy(struct wiph
  	err = brcmf_fil_cmd_data_get(ifp, BRCMF_C_GET_BANDLIST, &bandlist,
  				     sizeof(bandlist));
  	if (err) {
@@ -2130,7 +2130,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
  		return err;
  	}
  	/* first entry in bandlist is number of bands */
-@@ -6673,7 +6720,7 @@ static int brcmf_setup_wiphy(struct wiph
+@@ -6677,7 +6724,7 @@ static int brcmf_setup_wiphy(struct wiph
  
  static s32 brcmf_config_dongle(struct brcmf_cfg80211_info *cfg)
  {
@@ -2139,7 +2139,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
  	struct net_device *ndev;
  	struct wireless_dev *wdev;
  	struct brcmf_if *ifp;
-@@ -6711,7 +6758,7 @@ static s32 brcmf_config_dongle(struct br
+@@ -6715,7 +6762,7 @@ static s32 brcmf_config_dongle(struct br
  
  	err = brcmf_fil_cmd_int_set(ifp, BRCMF_C_SET_FAKEFRAG, 1);
  	if (err) {
@@ -2148,7 +2148,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
  		goto default_conf_out;
  	}
  
-@@ -6892,6 +6939,7 @@ static void brcmf_cfg80211_reg_notifier(
+@@ -6896,6 +6943,7 @@ static void brcmf_cfg80211_reg_notifier(
  {
  	struct brcmf_cfg80211_info *cfg = wiphy_to_cfg(wiphy);
  	struct brcmf_if *ifp = brcmf_get_ifp(cfg->pub, 0);
@@ -2156,7 +2156,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
  	struct brcmf_fil_country_le ccreq;
  	s32 err;
  	int i;
-@@ -6903,7 +6951,7 @@ static void brcmf_cfg80211_reg_notifier(
+@@ -6907,7 +6955,7 @@ static void brcmf_cfg80211_reg_notifier(
  	/* ignore non-ISO3166 country codes */
  	for (i = 0; i < 2; i++)
  		if (req->alpha2[i] < 'A' || req->alpha2[i] > 'Z') {
@@ -2165,7 +2165,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
  				 req->alpha2[0], req->alpha2[1]);
  			return;
  		}
-@@ -6913,7 +6961,7 @@ static void brcmf_cfg80211_reg_notifier(
+@@ -6917,7 +6965,7 @@ static void brcmf_cfg80211_reg_notifier(
  
  	err = brcmf_fil_iovar_data_get(ifp, "country", &ccreq, sizeof(ccreq));
  	if (err) {
@@ -2174,7 +2174,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
  		return;
  	}
  
-@@ -6923,7 +6971,7 @@ static void brcmf_cfg80211_reg_notifier(
+@@ -6927,7 +6975,7 @@ static void brcmf_cfg80211_reg_notifier(
  
  	err = brcmf_fil_iovar_data_set(ifp, "country", &ccreq, sizeof(ccreq));
  	if (err) {
@@ -2183,7 +2183,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
  		return;
  	}
  	brcmf_setup_wiphybands(cfg);
-@@ -6969,13 +7017,13 @@ struct brcmf_cfg80211_info *brcmf_cfg802
+@@ -6973,13 +7021,13 @@ struct brcmf_cfg80211_info *brcmf_cfg802
  	u16 *cap = NULL;
  
  	if (!ndev) {
@@ -2199,7 +2199,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
  		return NULL;
  	}
  
-@@ -6996,7 +7044,7 @@ struct brcmf_cfg80211_info *brcmf_cfg802
+@@ -7000,7 +7048,7 @@ struct brcmf_cfg80211_info *brcmf_cfg802
  
  	err = wl_init_priv(cfg);
  	if (err) {
@@ -2208,7 +2208,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
  		brcmf_free_vif(vif);
  		goto wiphy_out;
  	}
-@@ -7005,7 +7053,7 @@ struct brcmf_cfg80211_info *brcmf_cfg802
+@@ -7009,7 +7057,7 @@ struct brcmf_cfg80211_info *brcmf_cfg802
  	/* determine d11 io type before wiphy setup */
  	err = brcmf_fil_cmd_int_get(ifp, BRCMF_C_GET_VERSION, &io_type);
  	if (err) {
@@ -2217,7 +2217,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
  		goto priv_out;
  	}
  	cfg->d11inf.io_type = (u8)io_type;
-@@ -7039,13 +7087,13 @@ struct brcmf_cfg80211_info *brcmf_cfg802
+@@ -7043,13 +7091,13 @@ struct brcmf_cfg80211_info *brcmf_cfg802
  #endif
  	err = wiphy_register(wiphy);
  	if (err < 0) {
@@ -2233,7 +2233,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
  		goto wiphy_unreg_out;
  	}
  
-@@ -7063,24 +7111,24 @@ struct brcmf_cfg80211_info *brcmf_cfg802
+@@ -7067,24 +7115,24 @@ struct brcmf_cfg80211_info *brcmf_cfg802
  
  	err = brcmf_fweh_activate_events(ifp);
  	if (err) {
@@ -2262,7 +2262,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
  		brcmf_btcoex_detach(cfg);
  		brcmf_p2p_detach(&cfg->p2p);
  		goto wiphy_unreg_out;
-@@ -7100,7 +7148,7 @@ struct brcmf_cfg80211_info *brcmf_cfg802
+@@ -7104,7 +7152,7 @@ struct brcmf_cfg80211_info *brcmf_cfg802
  	/* (re-) activate FWEH event handling */
  	err = brcmf_fweh_activate_events(ifp);
  	if (err) {

package/kernel/mac80211/patches/brcm/354-v5.1-brcmfmac-use-bphy_err-in-all-wiphy-related-code.patch

@@ -408,15 +408,15 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
  			brcmf_net_detach(ifp->ndev, false);
  			drvr->iflist[bsscfgidx] = NULL;
 @@ -864,7 +866,7 @@ static void brcmf_del_if(struct brcmf_pu
+ 
  	ifp = drvr->iflist[bsscfgidx];
- 	drvr->iflist[bsscfgidx] = NULL;
  	if (!ifp) {
 -		brcmf_err("Null interface, bsscfgidx=%d\n", bsscfgidx);
 +		bphy_err(drvr, "Null interface, bsscfgidx=%d\n", bsscfgidx);
  		return;
  	}
  	brcmf_dbg(TRACE, "Enter, bsscfgidx=%d, ifidx=%d\n", bsscfgidx,
-@@ -914,16 +916,17 @@ static int brcmf_psm_watchdog_notify(str
+@@ -918,16 +920,17 @@ static int brcmf_psm_watchdog_notify(str
  				     const struct brcmf_event_msg *evtmsg,
  				     void *data)
  {
@@ -436,7 +436,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
  
  	return err;
  }
-@@ -967,7 +970,7 @@ static int brcmf_inetaddr_changed(struct
+@@ -971,7 +974,7 @@ static int brcmf_inetaddr_changed(struct
  	ret = brcmf_fil_iovar_data_get(ifp, "arp_hostip", addr_table,
  				       sizeof(addr_table));
  	if (ret) {
@@ -445,7 +445,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
  		return NOTIFY_OK;
  	}
  
-@@ -984,7 +987,7 @@ static int brcmf_inetaddr_changed(struct
+@@ -988,7 +991,7 @@ static int brcmf_inetaddr_changed(struct
  			ret = brcmf_fil_iovar_data_set(ifp, "arp_hostip",
  				&ifa->ifa_address, sizeof(ifa->ifa_address));
  			if (ret)
@@ -454,7 +454,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
  		}
  		break;
  	case NETDEV_DOWN:
-@@ -996,8 +999,8 @@ static int brcmf_inetaddr_changed(struct
+@@ -1000,8 +1003,8 @@ static int brcmf_inetaddr_changed(struct
  			ret = brcmf_fil_iovar_data_set(ifp, "arp_hostip_clear",
  						       NULL, 0);
  			if (ret) {
@@ -465,7 +465,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
  				return NOTIFY_OK;
  			}
  			for (i = 0; i < ARPOL_MAX_ENTRIES; i++) {
-@@ -1007,8 +1010,8 @@ static int brcmf_inetaddr_changed(struct
+@@ -1011,8 +1014,8 @@ static int brcmf_inetaddr_changed(struct
  							       &addr_table[i],
  							       sizeof(addr_table[i]));
  				if (ret)
@@ -476,7 +476,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
  			}
  		}
  		break;
-@@ -1182,7 +1185,7 @@ static int brcmf_bus_started(struct brcm
+@@ -1186,7 +1189,7 @@ static int brcmf_bus_started(struct brcm
  	return 0;
  
  fail:
@@ -485,7 +485,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
  	if (drvr->config) {
  		brcmf_cfg80211_detach(drvr->config);
  		drvr->config = NULL;
-@@ -1234,7 +1237,7 @@ int brcmf_attach(struct device *dev, str
+@@ -1238,7 +1241,7 @@ int brcmf_attach(struct device *dev, str
  	/* Attach and link in the protocol */
  	ret = brcmf_proto_attach(drvr);
  	if (ret != 0) {
@@ -494,7 +494,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
  		goto fail;
  	}
  
-@@ -1247,7 +1250,7 @@ int brcmf_attach(struct device *dev, str
+@@ -1251,7 +1254,7 @@ int brcmf_attach(struct device *dev, str
  
  	ret = brcmf_bus_started(drvr, ops);
  	if (ret != 0) {
@@ -503,7 +503,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
  		goto fail;
  	}
  
-@@ -1347,6 +1350,7 @@ static int brcmf_get_pend_8021x_cnt(stru
+@@ -1353,6 +1356,7 @@ static int brcmf_get_pend_8021x_cnt(stru
  
  int brcmf_netdev_wait_pend8021x(struct brcmf_if *ifp)
  {
@@ -511,7 +511,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
  	int err;
  
  	err = wait_event_timeout(ifp->pend_8021x_wait,
-@@ -1354,7 +1358,7 @@ int brcmf_netdev_wait_pend8021x(struct b
+@@ -1360,7 +1364,7 @@ int brcmf_netdev_wait_pend8021x(struct b
  				 MAX_WAIT_FOR_8021X_TX);
  
  	if (!err)
@@ -690,7 +690,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
  		  ifp->bsscfgidx, name, len);
 --- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/fwsignal.c
 +++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/fwsignal.c
-@@ -1255,6 +1255,7 @@ static int brcmf_fws_enq(struct brcmf_fw
+@@ -1259,6 +1259,7 @@ static int brcmf_fws_enq(struct brcmf_fw
  			 enum brcmf_fws_skb_state state, int fifo,
  			 struct sk_buff *p)
  {
@@ -698,7 +698,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
  	int prec = 2 * fifo;
  	u32 *qfull_stat = &fws->stats.delayq_full_error;
  	struct brcmf_fws_mac_descriptor *entry;
-@@ -1267,7 +1268,7 @@ static int brcmf_fws_enq(struct brcmf_fw
+@@ -1271,7 +1272,7 @@ static int brcmf_fws_enq(struct brcmf_fw
  
  	entry = brcmf_skbcb(p)->mac;
  	if (entry == NULL) {
@@ -707,7 +707,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
  		return -ENOENT;
  	}
  
-@@ -1457,6 +1458,7 @@ static int
+@@ -1461,6 +1462,7 @@ static int
  brcmf_fws_txs_process(struct brcmf_fws_info *fws, u8 flags, u32 hslot,
  		      u32 genbit, u16 seq, u8 compcnt)
  {
@@ -715,7 +715,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
  	u32 fifo;
  	u8 cnt = 0;
  	int ret;
-@@ -1481,14 +1483,14 @@ brcmf_fws_txs_process(struct brcmf_fws_i
+@@ -1485,14 +1487,14 @@ brcmf_fws_txs_process(struct brcmf_fws_i
  	else if (flags == BRCMF_FWS_TXSTATUS_HOST_TOSSED)
  		fws->stats.txs_host_tossed += compcnt;
  	else
@@ -733,7 +733,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
  			goto cont;
  		}
  
-@@ -1612,12 +1614,13 @@ static int brcmf_fws_notify_credit_map(s
+@@ -1616,12 +1618,13 @@ static int brcmf_fws_notify_credit_map(s
  				       const struct brcmf_event_msg *e,
  				       void *data)
  {
@@ -749,7 +749,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
  		return -EINVAL;
  	}
  
-@@ -1681,6 +1684,7 @@ static void brcmf_rxreorder_get_skb_list
+@@ -1685,6 +1688,7 @@ static void brcmf_rxreorder_get_skb_list
  
  void brcmf_fws_rxreorder(struct brcmf_if *ifp, struct sk_buff *pkt)
  {
@@ -757,7 +757,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
  	u8 *reorder_data;
  	u8 flow_id, max_idx, cur_idx, exp_idx, end_idx;
  	struct brcmf_ampdu_rx_reorder *rfi;
-@@ -1695,7 +1699,7 @@ void brcmf_fws_rxreorder(struct brcmf_if
+@@ -1699,7 +1703,7 @@ void brcmf_fws_rxreorder(struct brcmf_if
  
  	/* validate flags and flow id */
  	if (flags == 0xFF) {
@@ -766,7 +766,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
  		brcmf_netif_rx(ifp, pkt);
  		return;
  	}
-@@ -1732,7 +1736,7 @@ void brcmf_fws_rxreorder(struct brcmf_if
+@@ -1736,7 +1740,7 @@ void brcmf_fws_rxreorder(struct brcmf_if
  			  flow_id, max_idx);
  		rfi = kzalloc(buf_size, GFP_ATOMIC);
  		if (rfi == NULL) {
@@ -775,7 +775,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
  			brcmf_netif_rx(ifp, pkt);
  			return;
  		}
-@@ -1996,6 +2000,7 @@ static u8 brcmf_fws_precommit_skb(struct
+@@ -2000,6 +2004,7 @@ static u8 brcmf_fws_precommit_skb(struct
  static void brcmf_fws_rollback_toq(struct brcmf_fws_info *fws,
  				   struct sk_buff *skb, int fifo)
  {
@@ -783,7 +783,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
  	struct brcmf_fws_mac_descriptor *entry;
  	struct sk_buff *pktout;
  	int qidx, hslot;
-@@ -2009,11 +2014,11 @@ static void brcmf_fws_rollback_toq(struc
+@@ -2013,11 +2018,11 @@ static void brcmf_fws_rollback_toq(struc
  
  		pktout = brcmu_pktq_penq_head(&entry->psq, qidx, skb);
  		if (pktout == NULL) {
@@ -797,7 +797,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
  		rc = -ENOENT;
  	}
  
-@@ -2118,7 +2123,8 @@ static int brcmf_fws_assign_htod(struct
+@@ -2122,7 +2127,8 @@ static int brcmf_fws_assign_htod(struct
  
  int brcmf_fws_process_skb(struct brcmf_if *ifp, struct sk_buff *skb)
  {
@@ -807,7 +807,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
  	struct brcmf_skbuff_cb *skcb = brcmf_skbcb(skb);
  	struct ethhdr *eh = (struct ethhdr *)(skb->data);
  	int fifo = BRCMF_FWS_FIFO_BCMC;
-@@ -2146,7 +2152,7 @@ int brcmf_fws_process_skb(struct brcmf_i
+@@ -2150,7 +2156,7 @@ int brcmf_fws_process_skb(struct brcmf_i
  		brcmf_fws_enq(fws, BRCMF_FWS_SKBSTATE_DELAYED, fifo, skb);
  		brcmf_fws_schedule_deq(fws);
  	} else {
@@ -816,7 +816,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
  		brcmf_txfinalize(ifp, skb, false);
  		rc = -ENOMEM;
  	}
-@@ -2365,7 +2371,7 @@ struct brcmf_fws_info *brcmf_fws_attach(
+@@ -2371,7 +2377,7 @@ struct brcmf_fws_info *brcmf_fws_attach(
  
  	fws->fws_wq = create_singlethread_workqueue("brcmf_fws_wq");
  	if (fws->fws_wq == NULL) {
@@ -825,7 +825,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
  		rc = -EBADF;
  		goto fail;
  	}
-@@ -2381,13 +2387,13 @@ struct brcmf_fws_info *brcmf_fws_attach(
+@@ -2387,13 +2393,13 @@ struct brcmf_fws_info *brcmf_fws_attach(
  	rc = brcmf_fweh_register(drvr, BRCMF_E_FIFO_CREDIT_MAP,
  				 brcmf_fws_notify_credit_map);
  	if (rc < 0) {
@@ -841,7 +841,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
  		brcmf_fweh_unregister(drvr, BRCMF_E_FIFO_CREDIT_MAP);
  		goto fail;
  	}
-@@ -2399,7 +2405,7 @@ struct brcmf_fws_info *brcmf_fws_attach(
+@@ -2405,7 +2411,7 @@ struct brcmf_fws_info *brcmf_fws_attach(
  	fws->fw_signals = true;
  	ifp = brcmf_get_ifp(drvr, 0);
  	if (brcmf_fil_iovar_int_set(ifp, "tlv", tlv)) {

package/kernel/mac80211/patches/brcm/360-v5.2-0002-brcmfmac-add-a-function-designated-for-handling-firm.patch

@@ -36,7 +36,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
  void brcmf_bus_change_state(struct brcmf_bus *bus, enum brcmf_bus_state state);
 --- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/core.c
 +++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/core.c
-@@ -1294,6 +1294,16 @@ void brcmf_dev_coredump(struct device *d
+@@ -1298,6 +1298,16 @@ void brcmf_dev_coredump(struct device *d
  		brcmf_dbg(TRACE, "failed to create coredump\n");
  }
  
@@ -66,7 +66,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
  
 --- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/sdio.c
 +++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/sdio.c
-@@ -1090,8 +1090,8 @@ static u32 brcmf_sdio_hostmail(struct br
+@@ -1101,8 +1101,8 @@ static u32 brcmf_sdio_hostmail(struct br
  
  	/* dongle indicates the firmware has halted/crashed */
  	if (hmb_data & HMB_DATA_FWHALT) {

package/kernel/mac80211/patches/brcm/360-v5.2-0003-brcmfmac-reset-PCIe-bus-on-a-firmware-crash.patch

@@ -49,7 +49,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
   */
 --- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/core.c
 +++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/core.c
-@@ -1105,6 +1105,14 @@ static int brcmf_revinfo_read(struct seq
+@@ -1109,6 +1109,14 @@ static int brcmf_revinfo_read(struct seq
  	return 0;
  }
  
@@ -64,7 +64,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
  static int brcmf_bus_started(struct brcmf_pub *drvr, struct cfg80211_ops *ops)
  {
  	int ret = -1;
-@@ -1176,6 +1184,8 @@ static int brcmf_bus_started(struct brcm
+@@ -1180,6 +1188,8 @@ static int brcmf_bus_started(struct brcm
  #endif
  #endif /* CONFIG_INET */
  
@@ -73,7 +73,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
  	/* populate debugfs */
  	brcmf_debugfs_add_entry(drvr, "revinfo", brcmf_revinfo_read);
  	brcmf_feat_debugfs_create(drvr);
-@@ -1302,6 +1312,8 @@ void brcmf_fw_crashed(struct device *dev
+@@ -1306,6 +1316,8 @@ void brcmf_fw_crashed(struct device *dev
  	bphy_err(drvr, "Firmware has halted or crashed\n");
  
  	brcmf_dev_coredump(dev);

package/kernel/mac80211/patches/brcm/361-v5.2-0001-brcmfmac-fix-WARNING-during-USB-disconnect-in-case-o.patch

@@ -1,124 +0,0 @@
-From c80d26e81ef1802f30364b4ad1955c1443a592b9 Mon Sep 17 00:00:00 2001
-From: Piotr Figiel <p.figiel@camlintechnologies.com>
-Date: Mon, 4 Mar 2019 15:42:49 +0000
-Subject: [PATCH] brcmfmac: fix WARNING during USB disconnect in case of
- unempty psq
-
-brcmu_pkt_buf_free_skb emits WARNING when attempting to free a sk_buff
-which is part of any queue. After USB disconnect this may have happened
-when brcmf_fws_hanger_cleanup() is called as per-interface psq was never
-cleaned when removing the interface.
-Change brcmf_fws_macdesc_cleanup() in a way that it removes the
-corresponding packets from hanger table (to avoid double-free when
-brcmf_fws_hanger_cleanup() is called) and add a call to clean-up the
-interface specific packet queue.
-
-Below is a WARNING during USB disconnect with Raspberry Pi WiFi dongle
-running in AP mode. This was reproducible when the interface was
-transmitting during the disconnect and is fixed with this commit.
-
-------------[ cut here ]------------
-WARNING: CPU: 0 PID: 1171 at drivers/net/wireless/broadcom/brcm80211/brcmutil/utils.c:49 brcmu_pkt_buf_free_skb+0x3c/0x40
-Modules linked in: nf_log_ipv4 nf_log_common xt_LOG xt_limit iptable_mangle xt_connmark xt_tcpudp xt_conntrack nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 iptable_filter ip_tables x_tables usb_f_mass_storage usb_f_rndis u_ether cdc_acm smsc95xx usbnet ci_hdrc_imx ci_hdrc ulpi usbmisc_imx 8250_exar 8250_pci 8250 8250_base libcomposite configfs udc_core
-CPU: 0 PID: 1171 Comm: kworker/0:0 Not tainted 4.19.23-00075-gde33ed8 #99
-Hardware name: Freescale i.MX6 Quad/DualLite (Device Tree)
-Workqueue: usb_hub_wq hub_event
-[<8010ff84>] (unwind_backtrace) from [<8010bb64>] (show_stack+0x10/0x14)
-[<8010bb64>] (show_stack) from [<80840278>] (dump_stack+0x88/0x9c)
-[<80840278>] (dump_stack) from [<8011f5ec>] (__warn+0xfc/0x114)
-[<8011f5ec>] (__warn) from [<8011f71c>] (warn_slowpath_null+0x40/0x48)
-[<8011f71c>] (warn_slowpath_null) from [<805a476c>] (brcmu_pkt_buf_free_skb+0x3c/0x40)
-[<805a476c>] (brcmu_pkt_buf_free_skb) from [<805bb6c4>] (brcmf_fws_cleanup+0x1e4/0x22c)
-[<805bb6c4>] (brcmf_fws_cleanup) from [<805bc854>] (brcmf_fws_del_interface+0x58/0x68)
-[<805bc854>] (brcmf_fws_del_interface) from [<805b66ac>] (brcmf_remove_interface+0x40/0x150)
-[<805b66ac>] (brcmf_remove_interface) from [<805b6870>] (brcmf_detach+0x6c/0xb0)
-[<805b6870>] (brcmf_detach) from [<805bdbb8>] (brcmf_usb_disconnect+0x30/0x4c)
-[<805bdbb8>] (brcmf_usb_disconnect) from [<805e5d64>] (usb_unbind_interface+0x5c/0x1e0)
-[<805e5d64>] (usb_unbind_interface) from [<804aab10>] (device_release_driver_internal+0x154/0x1ec)
-[<804aab10>] (device_release_driver_internal) from [<804a97f4>] (bus_remove_device+0xcc/0xf8)
-[<804a97f4>] (bus_remove_device) from [<804a6fc0>] (device_del+0x118/0x308)
-[<804a6fc0>] (device_del) from [<805e488c>] (usb_disable_device+0xa0/0x1c8)
-[<805e488c>] (usb_disable_device) from [<805dcf98>] (usb_disconnect+0x70/0x1d8)
-[<805dcf98>] (usb_disconnect) from [<805ddd84>] (hub_event+0x464/0xf50)
-[<805ddd84>] (hub_event) from [<80135a70>] (process_one_work+0x138/0x3f8)
-[<80135a70>] (process_one_work) from [<80135d5c>] (worker_thread+0x2c/0x554)
-[<80135d5c>] (worker_thread) from [<8013b1a0>] (kthread+0x124/0x154)
-[<8013b1a0>] (kthread) from [<801010e8>] (ret_from_fork+0x14/0x2c)
-Exception stack(0xecf8dfb0 to 0xecf8dff8)
-dfa0:                                     00000000 00000000 00000000 00000000
-dfc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
-dfe0: 00000000 00000000 00000000 00000000 00000013 00000000
----[ end trace 38d234018e9e2a90 ]---
-------------[ cut here ]------------
-
-Signed-off-by: Piotr Figiel <p.figiel@camlintechnologies.com>
-Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
----
- .../broadcom/brcm80211/brcmfmac/fwsignal.c    | 42 +++++++++++--------
- 1 file changed, 24 insertions(+), 18 deletions(-)
-
---- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/fwsignal.c
-+++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/fwsignal.c
-@@ -580,24 +580,6 @@ static bool brcmf_fws_ifidx_match(struct
- 	return ifidx == *(int *)arg;
- }
- 
--static void brcmf_fws_psq_flush(struct brcmf_fws_info *fws, struct pktq *q,
--				int ifidx)
--{
--	bool (*matchfn)(struct sk_buff *, void *) = NULL;
--	struct sk_buff *skb;
--	int prec;
--
--	if (ifidx != -1)
--		matchfn = brcmf_fws_ifidx_match;
--	for (prec = 0; prec < q->num_prec; prec++) {
--		skb = brcmu_pktq_pdeq_match(q, prec, matchfn, &ifidx);
--		while (skb) {
--			brcmu_pkt_buf_free_skb(skb);
--			skb = brcmu_pktq_pdeq_match(q, prec, matchfn, &ifidx);
--		}
--	}
--}
--
- static void brcmf_fws_hanger_init(struct brcmf_fws_hanger *hanger)
- {
- 	int i;
-@@ -669,6 +651,28 @@ static inline int brcmf_fws_hanger_poppk
- 	return 0;
- }
- 
-+static void brcmf_fws_psq_flush(struct brcmf_fws_info *fws, struct pktq *q,
-+				int ifidx)
-+{
-+	bool (*matchfn)(struct sk_buff *, void *) = NULL;
-+	struct sk_buff *skb;
-+	int prec;
-+	u32 hslot;
-+
-+	if (ifidx != -1)
-+		matchfn = brcmf_fws_ifidx_match;
-+	for (prec = 0; prec < q->num_prec; prec++) {
-+		skb = brcmu_pktq_pdeq_match(q, prec, matchfn, &ifidx);
-+		while (skb) {
-+			hslot = brcmf_skb_htod_tag_get_field(skb, HSLOT);
-+			brcmf_fws_hanger_poppkt(&fws->hanger, hslot, &skb,
-+						true);
-+			brcmu_pkt_buf_free_skb(skb);
-+			skb = brcmu_pktq_pdeq_match(q, prec, matchfn, &ifidx);
-+		}
-+	}
-+}
-+
- static int brcmf_fws_hanger_mark_suppressed(struct brcmf_fws_hanger *h,
- 					    u32 slot_id)
- {
-@@ -2200,6 +2204,8 @@ void brcmf_fws_del_interface(struct brcm
- 	brcmf_fws_lock(fws);
- 	ifp->fws_desc = NULL;
- 	brcmf_dbg(TRACE, "deleting %s\n", entry->name);
-+	brcmf_fws_macdesc_cleanup(fws, &fws->desc.iface[ifp->ifidx],
-+				  ifp->ifidx);
- 	brcmf_fws_macdesc_deinit(entry);
- 	brcmf_fws_cleanup(fws, ifp->ifidx);
- 	brcmf_fws_unlock(fws);

package/kernel/mac80211/patches/brcm/361-v5.2-0002-brcmfmac-fix-NULL-pointer-derefence-during-USB-disco.patch

@@ -1,217 +0,0 @@
-From 5cdb0ef6144f47440850553579aa923c20a63f23 Mon Sep 17 00:00:00 2001
-From: Piotr Figiel <p.figiel@camlintechnologies.com>
-Date: Mon, 4 Mar 2019 15:42:52 +0000
-Subject: [PATCH] brcmfmac: fix NULL pointer derefence during USB disconnect
-
-In case USB disconnect happens at the moment transmitting workqueue is in
-progress the underlying interface may be gone causing a NULL pointer
-dereference. Add synchronization of the workqueue destruction with the
-detach implementation in core so that the transmitting workqueue is stopped
-during detach before the interfaces are removed.
-
-Fix following Oops:
-
-Unable to handle kernel NULL pointer dereference at virtual address 00000008
-pgd = 9e6a802d
-[00000008] *pgd=00000000
-Internal error: Oops: 5 [#1] PREEMPT SMP ARM
-Modules linked in: nf_log_ipv4 nf_log_common xt_LOG xt_limit iptable_mangle
-xt_connmark xt_tcpudp xt_conntrack nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4
-iptable_filter ip_tables x_tables usb_f_mass_storage usb_f_rndis u_ether
-usb_serial_simple usbserial cdc_acm brcmfmac brcmutil smsc95xx usbnet
-ci_hdrc_imx ci_hdrc ulpi usbmisc_imx 8250_exar 8250_pci 8250 8250_base
-libcomposite configfs udc_core
-CPU: 0 PID: 7 Comm: kworker/u8:0 Not tainted 4.19.23-00076-g03740aa-dirty #102
-Hardware name: Freescale i.MX6 Quad/DualLite (Device Tree)
-Workqueue: brcmf_fws_wq brcmf_fws_dequeue_worker [brcmfmac]
-PC is at brcmf_txfinalize+0x34/0x90 [brcmfmac]
-LR is at brcmf_fws_dequeue_worker+0x218/0x33c [brcmfmac]
-pc : [<7f0dee64>]    lr : [<7f0e4140>]    psr: 60010093
-sp : ee8abef0  ip : 00000000  fp : edf38000
-r10: ffffffed  r9 : edf38970  r8 : edf38004
-r7 : edf3e970  r6 : 00000000  r5 : ede69000  r4 : 00000000
-r3 : 00000a97  r2 : 00000000  r1 : 0000888e  r0 : ede69000
-Flags: nZCv  IRQs off  FIQs on  Mode SVC_32  ISA ARM  Segment none
-Control: 10c5387d  Table: 7d03c04a  DAC: 00000051
-Process kworker/u8:0 (pid: 7, stack limit = 0x24ec3e04)
-Stack: (0xee8abef0 to 0xee8ac000)
-bee0:                                     ede69000 00000000 ed56c3e0 7f0e4140
-bf00: 00000001 00000000 edf38004 edf3e99c ed56c3e0 80d03d00 edfea43a edf3e970
-bf20: ee809880 ee804200 ee971100 00000000 edf3e974 00000000 ee804200 80135a70
-bf40: 80d03d00 ee804218 ee809880 ee809894 ee804200 80d03d00 ee804218 ee8aa000
-bf60: 00000088 80135d5c 00000000 ee829f00 ee829dc0 00000000 ee809880 80135d30
-bf80: ee829f1c ee873eac 00000000 8013b1a0 ee829dc0 8013b07c 00000000 00000000
-bfa0: 00000000 00000000 00000000 801010e8 00000000 00000000 00000000 00000000
-bfc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
-bfe0: 00000000 00000000 00000000 00000000 00000013 00000000 00000000 00000000
-[<7f0dee64>] (brcmf_txfinalize [brcmfmac]) from [<7f0e4140>] (brcmf_fws_dequeue_worker+0x218/0x33c [brcmfmac])
-[<7f0e4140>] (brcmf_fws_dequeue_worker [brcmfmac]) from [<80135a70>] (process_one_work+0x138/0x3f8)
-[<80135a70>] (process_one_work) from [<80135d5c>] (worker_thread+0x2c/0x554)
-[<80135d5c>] (worker_thread) from [<8013b1a0>] (kthread+0x124/0x154)
-[<8013b1a0>] (kthread) from [<801010e8>] (ret_from_fork+0x14/0x2c)
-Exception stack(0xee8abfb0 to 0xee8abff8)
-bfa0:                                     00000000 00000000 00000000 00000000
-bfc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
-bfe0: 00000000 00000000 00000000 00000000 00000013 00000000
-Code: e1530001 0a000007 e3560000 e1a00005 (05942008)
----[ end trace 079239dd31c86e90 ]---
-
-Signed-off-by: Piotr Figiel <p.figiel@camlintechnologies.com>
-Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
----
- .../wireless/broadcom/brcm80211/brcmfmac/bcdc.c  | 11 +++++++++--
- .../wireless/broadcom/brcm80211/brcmfmac/bcdc.h  |  6 ++++--
- .../wireless/broadcom/brcm80211/brcmfmac/core.c  |  4 +++-
- .../broadcom/brcm80211/brcmfmac/fwsignal.c       | 16 ++++++++++++----
- .../broadcom/brcm80211/brcmfmac/fwsignal.h       |  3 ++-
- .../wireless/broadcom/brcm80211/brcmfmac/proto.c | 10 ++++++++--
- .../wireless/broadcom/brcm80211/brcmfmac/proto.h |  3 ++-
- 7 files changed, 40 insertions(+), 13 deletions(-)
-
---- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/bcdc.c
-+++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/bcdc.c
-@@ -490,11 +490,18 @@ fail:
- 	return -ENOMEM;
- }
- 
--void brcmf_proto_bcdc_detach(struct brcmf_pub *drvr)
-+void brcmf_proto_bcdc_detach_pre_delif(struct brcmf_pub *drvr)
-+{
-+	struct brcmf_bcdc *bcdc = drvr->proto->pd;
-+
-+	brcmf_fws_detach_pre_delif(bcdc->fws);
-+}
-+
-+void brcmf_proto_bcdc_detach_post_delif(struct brcmf_pub *drvr)
- {
- 	struct brcmf_bcdc *bcdc = drvr->proto->pd;
- 
- 	drvr->proto->pd = NULL;
--	brcmf_fws_detach(bcdc->fws);
-+	brcmf_fws_detach_post_delif(bcdc->fws);
- 	kfree(bcdc);
- }
---- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/bcdc.h
-+++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/bcdc.h
-@@ -18,14 +18,16 @@
- 
- #ifdef CPTCFG_BRCMFMAC_PROTO_BCDC
- int brcmf_proto_bcdc_attach(struct brcmf_pub *drvr);
--void brcmf_proto_bcdc_detach(struct brcmf_pub *drvr);
-+void brcmf_proto_bcdc_detach_pre_delif(struct brcmf_pub *drvr);
-+void brcmf_proto_bcdc_detach_post_delif(struct brcmf_pub *drvr);
- void brcmf_proto_bcdc_txflowblock(struct device *dev, bool state);
- void brcmf_proto_bcdc_txcomplete(struct device *dev, struct sk_buff *txp,
- 				 bool success);
- struct brcmf_fws_info *drvr_to_fws(struct brcmf_pub *drvr);
- #else
- static inline int brcmf_proto_bcdc_attach(struct brcmf_pub *drvr) { return 0; }
--static inline void brcmf_proto_bcdc_detach(struct brcmf_pub *drvr) {}
-+static void brcmf_proto_bcdc_detach_pre_delif(struct brcmf_pub *drvr) {};
-+static inline void brcmf_proto_bcdc_detach_post_delif(struct brcmf_pub *drvr) {}
- #endif
- 
- #endif /* BRCMFMAC_BCDC_H */
---- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/core.c
-+++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/core.c
-@@ -1342,6 +1342,8 @@ void brcmf_detach(struct device *dev)
- 
- 	brcmf_bus_change_state(bus_if, BRCMF_BUS_DOWN);
- 
-+	brcmf_proto_detach_pre_delif(drvr);
-+
- 	/* make sure primary interface removed last */
- 	for (i = BRCMF_MAX_IFS-1; i > -1; i--)
- 		brcmf_remove_interface(drvr->iflist[i], false);
-@@ -1351,7 +1353,7 @@ void brcmf_detach(struct device *dev)
- 
- 	brcmf_bus_stop(drvr->bus_if);
- 
--	brcmf_proto_detach(drvr);
-+	brcmf_proto_detach_post_delif(drvr);
- 
- 	bus_if->drvr = NULL;
- 	wiphy_free(drvr->wiphy);
---- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/fwsignal.c
-+++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/fwsignal.c
-@@ -2443,17 +2443,25 @@ struct brcmf_fws_info *brcmf_fws_attach(
- 	return fws;
- 
- fail:
--	brcmf_fws_detach(fws);
-+	brcmf_fws_detach_pre_delif(fws);
-+	brcmf_fws_detach_post_delif(fws);
- 	return ERR_PTR(rc);
- }
- 
--void brcmf_fws_detach(struct brcmf_fws_info *fws)
-+void brcmf_fws_detach_pre_delif(struct brcmf_fws_info *fws)
- {
- 	if (!fws)
- 		return;
--
--	if (fws->fws_wq)
-+	if (fws->fws_wq) {
- 		destroy_workqueue(fws->fws_wq);
-+		fws->fws_wq = NULL;
-+	}
-+}
-+
-+void brcmf_fws_detach_post_delif(struct brcmf_fws_info *fws)
-+{
-+	if (!fws)
-+		return;
- 
- 	/* cleanup */
- 	brcmf_fws_lock(fws);
---- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/fwsignal.h
-+++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/fwsignal.h
-@@ -19,7 +19,8 @@
- #define FWSIGNAL_H_
- 
- struct brcmf_fws_info *brcmf_fws_attach(struct brcmf_pub *drvr);
--void brcmf_fws_detach(struct brcmf_fws_info *fws);
-+void brcmf_fws_detach_pre_delif(struct brcmf_fws_info *fws);
-+void brcmf_fws_detach_post_delif(struct brcmf_fws_info *fws);
- void brcmf_fws_debugfs_create(struct brcmf_pub *drvr);
- bool brcmf_fws_queue_skbs(struct brcmf_fws_info *fws);
- bool brcmf_fws_fc_active(struct brcmf_fws_info *fws);
---- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/proto.c
-+++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/proto.c
-@@ -67,16 +67,22 @@ fail:
- 	return -ENOMEM;
- }
- 
--void brcmf_proto_detach(struct brcmf_pub *drvr)
-+void brcmf_proto_detach_post_delif(struct brcmf_pub *drvr)
- {
- 	brcmf_dbg(TRACE, "Enter\n");
- 
- 	if (drvr->proto) {
- 		if (drvr->bus_if->proto_type == BRCMF_PROTO_BCDC)
--			brcmf_proto_bcdc_detach(drvr);
-+			brcmf_proto_bcdc_detach_post_delif(drvr);
- 		else if (drvr->bus_if->proto_type == BRCMF_PROTO_MSGBUF)
- 			brcmf_proto_msgbuf_detach(drvr);
- 		kfree(drvr->proto);
- 		drvr->proto = NULL;
- 	}
- }
-+
-+void brcmf_proto_detach_pre_delif(struct brcmf_pub *drvr)
-+{
-+	if (drvr->proto && drvr->bus_if->proto_type == BRCMF_PROTO_BCDC)
-+		brcmf_proto_bcdc_detach_pre_delif(drvr);
-+}
---- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/proto.h
-+++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/proto.h
-@@ -54,7 +54,8 @@ struct brcmf_proto {
- 
- 
- int brcmf_proto_attach(struct brcmf_pub *drvr);
--void brcmf_proto_detach(struct brcmf_pub *drvr);
-+void brcmf_proto_detach_pre_delif(struct brcmf_pub *drvr);
-+void brcmf_proto_detach_post_delif(struct brcmf_pub *drvr);
- 
- static inline int brcmf_proto_hdrpull(struct brcmf_pub *drvr, bool do_fws,
- 				      struct sk_buff *skb,

package/kernel/mac80211/patches/brcm/362-v5.2-0001-brcmfmac-fix-race-during-disconnect-when-USB-complet.patch

@@ -1,84 +0,0 @@
-From db3b9e2e1d58080d0754bdf9293dabf8c6491b67 Mon Sep 17 00:00:00 2001
-From: Piotr Figiel <p.figiel@camlintechnologies.com>
-Date: Fri, 8 Mar 2019 15:25:04 +0000
-Subject: [PATCH] brcmfmac: fix race during disconnect when USB completion is
- in progress
-
-It was observed that rarely during USB disconnect happening shortly after
-connect (before full initialization completes) usb_hub_wq would wait
-forever for the dev_init_lock to be unlocked. dev_init_lock would remain
-locked though because of infinite wait during usb_kill_urb:
-
-[ 2730.656472] kworker/0:2     D    0   260      2 0x00000000
-[ 2730.660700] Workqueue: events request_firmware_work_func
-[ 2730.664807] [<809dca20>] (__schedule) from [<809dd164>] (schedule+0x4c/0xac)
-[ 2730.670587] [<809dd164>] (schedule) from [<8069af44>] (usb_kill_urb+0xdc/0x114)
-[ 2730.676815] [<8069af44>] (usb_kill_urb) from [<7f258b50>] (brcmf_usb_free_q+0x34/0xa8 [brcmfmac])
-[ 2730.684833] [<7f258b50>] (brcmf_usb_free_q [brcmfmac]) from [<7f2517d4>] (brcmf_detach+0xa0/0xb8 [brcmfmac])
-[ 2730.693557] [<7f2517d4>] (brcmf_detach [brcmfmac]) from [<7f251a34>] (brcmf_attach+0xac/0x3d8 [brcmfmac])
-[ 2730.702094] [<7f251a34>] (brcmf_attach [brcmfmac]) from [<7f2587ac>] (brcmf_usb_probe_phase2+0x468/0x4a0 [brcmfmac])
-[ 2730.711601] [<7f2587ac>] (brcmf_usb_probe_phase2 [brcmfmac]) from [<7f252888>] (brcmf_fw_request_done+0x194/0x220 [brcmfmac])
-[ 2730.721795] [<7f252888>] (brcmf_fw_request_done [brcmfmac]) from [<805748e4>] (request_firmware_work_func+0x4c/0x88)
-[ 2730.731125] [<805748e4>] (request_firmware_work_func) from [<80141474>] (process_one_work+0x228/0x808)
-[ 2730.739223] [<80141474>] (process_one_work) from [<80141a80>] (worker_thread+0x2c/0x564)
-[ 2730.746105] [<80141a80>] (worker_thread) from [<80147bcc>] (kthread+0x13c/0x16c)
-[ 2730.752227] [<80147bcc>] (kthread) from [<801010b4>] (ret_from_fork+0x14/0x20)
-
-[ 2733.099695] kworker/0:3     D    0  1065      2 0x00000000
-[ 2733.103926] Workqueue: usb_hub_wq hub_event
-[ 2733.106914] [<809dca20>] (__schedule) from [<809dd164>] (schedule+0x4c/0xac)
-[ 2733.112693] [<809dd164>] (schedule) from [<809e2a8c>] (schedule_timeout+0x214/0x3e4)
-[ 2733.119621] [<809e2a8c>] (schedule_timeout) from [<809dde2c>] (wait_for_common+0xc4/0x1c0)
-[ 2733.126810] [<809dde2c>] (wait_for_common) from [<7f258d00>] (brcmf_usb_disconnect+0x1c/0x4c [brcmfmac])
-[ 2733.135206] [<7f258d00>] (brcmf_usb_disconnect [brcmfmac]) from [<8069e0c8>] (usb_unbind_interface+0x5c/0x1e4)
-[ 2733.143943] [<8069e0c8>] (usb_unbind_interface) from [<8056d3e8>] (device_release_driver_internal+0x164/0x1fc)
-[ 2733.152769] [<8056d3e8>] (device_release_driver_internal) from [<8056c078>] (bus_remove_device+0xd0/0xfc)
-[ 2733.161138] [<8056c078>] (bus_remove_device) from [<8056977c>] (device_del+0x11c/0x310)
-[ 2733.167939] [<8056977c>] (device_del) from [<8069cba8>] (usb_disable_device+0xa0/0x1cc)
-[ 2733.174743] [<8069cba8>] (usb_disable_device) from [<8069507c>] (usb_disconnect+0x74/0x1dc)
-[ 2733.181823] [<8069507c>] (usb_disconnect) from [<80695e88>] (hub_event+0x478/0xf88)
-[ 2733.188278] [<80695e88>] (hub_event) from [<80141474>] (process_one_work+0x228/0x808)
-[ 2733.194905] [<80141474>] (process_one_work) from [<80141a80>] (worker_thread+0x2c/0x564)
-[ 2733.201724] [<80141a80>] (worker_thread) from [<80147bcc>] (kthread+0x13c/0x16c)
-[ 2733.207913] [<80147bcc>] (kthread) from [<801010b4>] (ret_from_fork+0x14/0x20)
-
-It was traced down to a case where usb_kill_urb would be called on an URB
-structure containing more or less random data, including large number in
-its use_count. During the debugging it appeared that in brcmf_usb_free_q()
-the traversal over URBs' lists is not synchronized with operations on those
-lists in brcmf_usb_rx_complete() leading to handling
-brcmf_usbdev_info structure (holding lists' head) as lists' element and in
-result causing above problem.
-
-Fix it by walking through all URBs during brcmf_cancel_all_urbs using the
-arrays of requests instead of linked lists.
-
-Signed-off-by: Piotr Figiel <p.figiel@camlintechnologies.com>
-Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
----
- drivers/net/wireless/broadcom/brcm80211/brcmfmac/usb.c | 10 ++++++++--
- 1 file changed, 8 insertions(+), 2 deletions(-)
-
---- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/usb.c
-+++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/usb.c
-@@ -682,12 +682,18 @@ static int brcmf_usb_up(struct device *d
- 
- static void brcmf_cancel_all_urbs(struct brcmf_usbdev_info *devinfo)
- {
-+	int i;
-+
- 	if (devinfo->ctl_urb)
- 		usb_kill_urb(devinfo->ctl_urb);
- 	if (devinfo->bulk_urb)
- 		usb_kill_urb(devinfo->bulk_urb);
--	brcmf_usb_free_q(&devinfo->tx_postq, true);
--	brcmf_usb_free_q(&devinfo->rx_postq, true);
-+	if (devinfo->tx_reqs)
-+		for (i = 0; i < devinfo->bus_pub.ntxq; i++)
-+			usb_kill_urb(devinfo->tx_reqs[i].urb);
-+	if (devinfo->rx_reqs)
-+		for (i = 0; i < devinfo->bus_pub.nrxq; i++)
-+			usb_kill_urb(devinfo->rx_reqs[i].urb);
- }
- 
- static void brcmf_usb_down(struct device *dev)

package/kernel/mac80211/patches/brcm/363-v5.2-brcmfmac-fix-Oops-when-bringing-up-interface-during-.patch

@@ -1,123 +0,0 @@
-From 24d413a31afaee9bbbf79226052c386b01780ce2 Mon Sep 17 00:00:00 2001
-From: Piotr Figiel <p.figiel@camlintechnologies.com>
-Date: Wed, 13 Mar 2019 09:52:01 +0000
-Subject: [PATCH] brcmfmac: fix Oops when bringing up interface during USB
- disconnect
-
-Fix a race which leads to an Oops with NULL pointer dereference.  The
-dereference is in brcmf_config_dongle() when cfg_to_ndev() attempts to get
-net_device structure of interface with index 0 via if2bss mapping. This
-shouldn't fail because of check for bus being ready in brcmf_netdev_open(),
-but it's not synchronised with USB disconnect and there is a race: after
-the check the bus can be marked down and the mapping for interface 0 may be
-gone.
-
-Solve this by modifying disconnect handling so that the removal of mapping
-of ifidx to brcmf_if structure happens after netdev removal (which is
-synchronous with brcmf_netdev_open() thanks to rtln being locked in
-devinet_ioctl()). This assures brcmf_netdev_open() returns before the
-mapping is removed during disconnect.
-
-Unable to handle kernel NULL pointer dereference at virtual address 00000008
-pgd = bcae2612
-[00000008] *pgd=8be73831
-Internal error: Oops: 17 [#1] PREEMPT SMP ARM
-Modules linked in: brcmfmac brcmutil nf_log_ipv4 nf_log_common xt_LOG xt_limit
-iptable_mangle xt_connmark xt_tcpudp xt_conntrack nf_conntrack nf_defrag_ipv6
-nf_defrag_ipv4 iptable_filter ip_tables x_tables usb_f_mass_storage usb_f_rndis
-u_ether usb_serial_simple usbserial cdc_acm smsc95xx usbnet ci_hdrc_imx ci_hdrc
-usbmisc_imx ulpi 8250_exar 8250_pci 8250 8250_base libcomposite configfs
-udc_core [last unloaded: brcmutil]
-CPU: 2 PID: 24478 Comm: ifconfig Not tainted 4.19.23-00078-ga62866d-dirty #115
-Hardware name: Freescale i.MX6 Quad/DualLite (Device Tree)
-PC is at brcmf_cfg80211_up+0x94/0x29c [brcmfmac]
-LR is at brcmf_cfg80211_up+0x8c/0x29c [brcmfmac]
-pc : [<7f26a91c>]    lr : [<7f26a914>]    psr: a0070013
-sp : eca99d28  ip : 00000000  fp : ee9c6c00
-r10: 00000036  r9 : 00000000  r8 : ece4002c
-r7 : edb5b800  r6 : 00000000  r5 : 80f08448  r4 : edb5b968
-r3 : ffffffff  r2 : 00000000  r1 : 00000002  r0 : 00000000
-Flags: NzCv  IRQs on  FIQs on  Mode SVC_32  ISA ARM  Segment none
-Control: 10c5387d  Table: 7ca0c04a  DAC: 00000051
-Process ifconfig (pid: 24478, stack limit = 0xd9e85a0e)
-Stack: (0xeca99d28 to 0xeca9a000)
-9d20:                   00000000 80f873b0 0000000d 80f08448 eca99d68 50d45f32
-9d40: 7f27de94 ece40000 80f08448 80f08448 7f27de94 ece4002c 00000000 00000036
-9d60: ee9c6c00 7f27262c 00001002 50d45f32 ece40000 00000000 80f08448 80772008
-9d80: 00000001 00001043 00001002 ece40000 00000000 50d45f32 ece40000 00000001
-9da0: 80f08448 00001043 00001002 807723d0 00000000 50d45f32 80f08448 eca99e58
-9dc0: 80f87113 50d45f32 80f08448 ece40000 ece40138 00001002 80f08448 00000000
-9de0: 00000000 80772434 edbd5380 eca99e58 edbd5380 80f08448 ee9c6c0c 80805f70
-9e00: 00000000 ede08e00 00008914 ece40000 00000014 ee9c6c0c 600c0013 00001043
-9e20: 0208a8c0 ffffffff 00000000 50d45f32 eca98000 80f08448 7ee9fc38 00008914
-9e40: 80f68e40 00000051 eca98000 00000036 00000003 80808b9c 6e616c77 00000030
-9e60: 00000000 00000000 00001043 0208a8c0 ffffffff 00000000 80f08448 00000000
-9e80: 00000000 816d8b20 600c0013 00000001 ede09320 801763d4 00000000 50d45f32
-9ea0: eca98000 80f08448 7ee9fc38 50d45f32 00008914 80f08448 7ee9fc38 80f68e40
-9ec0: ed531540 8074721c 00000800 00000001 00000000 6e616c77 00000030 00000000
-9ee0: 00000000 00001002 0208a8c0 ffffffff 00000000 50d45f32 80f08448 7ee9fc38
-9f00: ed531560 ec8fc900 80285a6c 80285138 edb910c0 00000000 ecd91008 ede08e00
-9f20: 80f08448 00000000 00000000 816d8b20 600c0013 00000001 ede09320 801763d4
-9f40: 00000000 50d45f32 00021000 edb91118 edb910c0 80f08448 01b29000 edb91118
-9f60: eca99f7c 50d45f32 00021000 ec8fc900 00000003 ec8fc900 00008914 7ee9fc38
-9f80: eca98000 00000036 00000003 80285a6c 00086364 7ee9fe1c 000000c3 00000036
-9fa0: 801011c4 80101000 00086364 7ee9fe1c 00000003 00008914 7ee9fc38 00086364
-9fc0: 00086364 7ee9fe1c 000000c3 00000036 0008630c 7ee9fe1c 7ee9fc38 00000003
-9fe0: 000a42b8 7ee9fbd4 00019914 76e09acc 600c0010 00000003 00000000 00000000
-[<7f26a91c>] (brcmf_cfg80211_up [brcmfmac]) from [<7f27262c>] (brcmf_netdev_open+0x74/0xe8 [brcmfmac])
-[<7f27262c>] (brcmf_netdev_open [brcmfmac]) from [<80772008>] (__dev_open+0xcc/0x150)
-[<80772008>] (__dev_open) from [<807723d0>] (__dev_change_flags+0x168/0x1b4)
-[<807723d0>] (__dev_change_flags) from [<80772434>] (dev_change_flags+0x18/0x48)
-[<80772434>] (dev_change_flags) from [<80805f70>] (devinet_ioctl+0x67c/0x79c)
-[<80805f70>] (devinet_ioctl) from [<80808b9c>] (inet_ioctl+0x210/0x3d4)
-[<80808b9c>] (inet_ioctl) from [<8074721c>] (sock_ioctl+0x350/0x524)
-[<8074721c>] (sock_ioctl) from [<80285138>] (do_vfs_ioctl+0xb0/0x9b0)
-[<80285138>] (do_vfs_ioctl) from [<80285a6c>] (ksys_ioctl+0x34/0x5c)
-[<80285a6c>] (ksys_ioctl) from [<80101000>] (ret_fast_syscall+0x0/0x28)
-Exception stack(0xeca99fa8 to 0xeca99ff0)
-9fa0:                   00086364 7ee9fe1c 00000003 00008914 7ee9fc38 00086364
-9fc0: 00086364 7ee9fe1c 000000c3 00000036 0008630c 7ee9fe1c 7ee9fc38 00000003
-9fe0: 000a42b8 7ee9fbd4 00019914 76e09acc
-Code: e5970328 eb002021 e1a02006 e3a01002 (e5909008)
----[ end trace 5cbac2333f3ac5df ]---
-
-Signed-off-by: Piotr Figiel <p.figiel@camlintechnologies.com>
-Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
----
- .../net/wireless/broadcom/brcm80211/brcmfmac/core.c    | 10 +++++++---
- 1 file changed, 7 insertions(+), 3 deletions(-)
-
---- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/core.c
-+++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/core.c
-@@ -862,17 +862,17 @@ static void brcmf_del_if(struct brcmf_pu
- 			 bool rtnl_locked)
- {
- 	struct brcmf_if *ifp;
-+	int ifidx;
- 
- 	ifp = drvr->iflist[bsscfgidx];
--	drvr->iflist[bsscfgidx] = NULL;
- 	if (!ifp) {
- 		bphy_err(drvr, "Null interface, bsscfgidx=%d\n", bsscfgidx);
- 		return;
- 	}
- 	brcmf_dbg(TRACE, "Enter, bsscfgidx=%d, ifidx=%d\n", bsscfgidx,
- 		  ifp->ifidx);
--	if (drvr->if2bss[ifp->ifidx] == bsscfgidx)
--		drvr->if2bss[ifp->ifidx] = BRCMF_BSSIDX_INVALID;
-+	ifidx = ifp->ifidx;
-+
- 	if (ifp->ndev) {
- 		if (bsscfgidx == 0) {
- 			if (ifp->ndev->netdev_ops == &brcmf_netdev_ops_pri) {
-@@ -900,6 +900,10 @@ static void brcmf_del_if(struct brcmf_pu
- 		brcmf_p2p_ifp_removed(ifp, rtnl_locked);
- 		kfree(ifp);
- 	}
-+
-+	drvr->iflist[bsscfgidx] = NULL;
-+	if (drvr->if2bss[ifidx] == bsscfgidx)
-+		drvr->if2bss[ifidx] = BRCMF_BSSIDX_INVALID;
- }
- 
- void brcmf_remove_interface(struct brcmf_if *ifp, bool rtnl_locked)

package/kernel/mac80211/patches/brcm/364-v5.2-brcmfmac-convert-dev_init_lock-mutex-to-completion.patch

@@ -1,182 +0,0 @@
-From a9fd0953fa4a62887306be28641b4b0809f3b2fd Mon Sep 17 00:00:00 2001
-From: Piotr Figiel <p.figiel@camlintechnologies.com>
-Date: Wed, 13 Mar 2019 09:52:42 +0000
-Subject: [PATCH] brcmfmac: convert dev_init_lock mutex to completion
-
-Leaving dev_init_lock mutex locked in probe causes BUG and a WARNING when
-kernel is compiled with CONFIG_PROVE_LOCKING. Convert mutex to completion
-which silences those warnings and improves code readability.
-
-Fix below errors when connecting the USB WiFi dongle:
-
-brcmfmac: brcmf_fw_alloc_request: using brcm/brcmfmac43143 for chip BCM43143/2
-BUG: workqueue leaked lock or atomic: kworker/0:2/0x00000000/434
-     last function: hub_event
-1 lock held by kworker/0:2/434:
- #0: 18d5dcdf (&devinfo->dev_init_lock){+.+.}, at: brcmf_usb_probe+0x78/0x550 [brcmfmac]
-CPU: 0 PID: 434 Comm: kworker/0:2 Not tainted 4.19.23-00084-g454a789-dirty #123
-Hardware name: Freescale i.MX6 Quad/DualLite (Device Tree)
-Workqueue: usb_hub_wq hub_event
-[<8011237c>] (unwind_backtrace) from [<8010d74c>] (show_stack+0x10/0x14)
-[<8010d74c>] (show_stack) from [<809c4324>] (dump_stack+0xa8/0xd4)
-[<809c4324>] (dump_stack) from [<8014195c>] (process_one_work+0x710/0x808)
-[<8014195c>] (process_one_work) from [<80141a80>] (worker_thread+0x2c/0x564)
-[<80141a80>] (worker_thread) from [<80147bcc>] (kthread+0x13c/0x16c)
-[<80147bcc>] (kthread) from [<801010b4>] (ret_from_fork+0x14/0x20)
-Exception stack(0xed1d9fb0 to 0xed1d9ff8)
-9fa0:                                     00000000 00000000 00000000 00000000
-9fc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
-9fe0: 00000000 00000000 00000000 00000000 00000013 00000000
-
-======================================================
-WARNING: possible circular locking dependency detected
-4.19.23-00084-g454a789-dirty #123 Not tainted
-------------------------------------------------------
-kworker/0:2/434 is trying to acquire lock:
-e29cf799 ((wq_completion)"events"){+.+.}, at: process_one_work+0x174/0x808
-
-but task is already holding lock:
-18d5dcdf (&devinfo->dev_init_lock){+.+.}, at: brcmf_usb_probe+0x78/0x550 [brcmfmac]
-
-which lock already depends on the new lock.
-
-the existing dependency chain (in reverse order) is:
-
--> #2 (&devinfo->dev_init_lock){+.+.}:
-       mutex_lock_nested+0x1c/0x24
-       brcmf_usb_probe+0x78/0x550 [brcmfmac]
-       usb_probe_interface+0xc0/0x1bc
-       really_probe+0x228/0x2c0
-       __driver_attach+0xe4/0xe8
-       bus_for_each_dev+0x68/0xb4
-       bus_add_driver+0x19c/0x214
-       driver_register+0x78/0x110
-       usb_register_driver+0x84/0x148
-       process_one_work+0x228/0x808
-       worker_thread+0x2c/0x564
-       kthread+0x13c/0x16c
-       ret_from_fork+0x14/0x20
-         (null)
-
--> #1 (brcmf_driver_work){+.+.}:
-       worker_thread+0x2c/0x564
-       kthread+0x13c/0x16c
-       ret_from_fork+0x14/0x20
-         (null)
-
--> #0 ((wq_completion)"events"){+.+.}:
-       process_one_work+0x1b8/0x808
-       worker_thread+0x2c/0x564
-       kthread+0x13c/0x16c
-       ret_from_fork+0x14/0x20
-         (null)
-
-other info that might help us debug this:
-
-Chain exists of:
-  (wq_completion)"events" --> brcmf_driver_work --> &devinfo->dev_init_lock
-
- Possible unsafe locking scenario:
-
-       CPU0                    CPU1
-       ----                    ----
-  lock(&devinfo->dev_init_lock);
-                               lock(brcmf_driver_work);
-                               lock(&devinfo->dev_init_lock);
-  lock((wq_completion)"events");
-
- *** DEADLOCK ***
-
-1 lock held by kworker/0:2/434:
- #0: 18d5dcdf (&devinfo->dev_init_lock){+.+.}, at: brcmf_usb_probe+0x78/0x550 [brcmfmac]
-
-stack backtrace:
-CPU: 0 PID: 434 Comm: kworker/0:2 Not tainted 4.19.23-00084-g454a789-dirty #123
-Hardware name: Freescale i.MX6 Quad/DualLite (Device Tree)
-Workqueue: events request_firmware_work_func
-[<8011237c>] (unwind_backtrace) from [<8010d74c>] (show_stack+0x10/0x14)
-[<8010d74c>] (show_stack) from [<809c4324>] (dump_stack+0xa8/0xd4)
-[<809c4324>] (dump_stack) from [<80172838>] (print_circular_bug+0x210/0x330)
-[<80172838>] (print_circular_bug) from [<80175940>] (__lock_acquire+0x160c/0x1a30)
-[<80175940>] (__lock_acquire) from [<8017671c>] (lock_acquire+0xe0/0x268)
-[<8017671c>] (lock_acquire) from [<80141404>] (process_one_work+0x1b8/0x808)
-[<80141404>] (process_one_work) from [<80141a80>] (worker_thread+0x2c/0x564)
-[<80141a80>] (worker_thread) from [<80147bcc>] (kthread+0x13c/0x16c)
-[<80147bcc>] (kthread) from [<801010b4>] (ret_from_fork+0x14/0x20)
-Exception stack(0xed1d9fb0 to 0xed1d9ff8)
-9fa0:                                     00000000 00000000 00000000 00000000
-9fc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
-9fe0: 00000000 00000000 00000000 00000000 00000013 00000000
-
-Signed-off-by: Piotr Figiel <p.figiel@camlintechnologies.com>
-Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
----
- .../wireless/broadcom/brcm80211/brcmfmac/usb.c  | 17 ++++++++---------
- 1 file changed, 8 insertions(+), 9 deletions(-)
-
---- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/usb.c
-+++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/usb.c
-@@ -160,7 +160,7 @@ struct brcmf_usbdev_info {
- 
- 	struct usb_device *usbdev;
- 	struct device *dev;
--	struct mutex dev_init_lock;
-+	struct completion dev_init_done;
- 
- 	int ctl_in_pipe, ctl_out_pipe;
- 	struct urb *ctl_urb; /* URB for control endpoint */
-@@ -1194,11 +1194,11 @@ static void brcmf_usb_probe_phase2(struc
- 	if (ret)
- 		goto error;
- 
--	mutex_unlock(&devinfo->dev_init_lock);
-+	complete(&devinfo->dev_init_done);
- 	return;
- error:
- 	brcmf_dbg(TRACE, "failed: dev=%s, err=%d\n", dev_name(dev), ret);
--	mutex_unlock(&devinfo->dev_init_lock);
-+	complete(&devinfo->dev_init_done);
- 	device_release_driver(dev);
- }
- 
-@@ -1266,7 +1266,7 @@ static int brcmf_usb_probe_cb(struct brc
- 		if (ret)
- 			goto fail;
- 		/* we are done */
--		mutex_unlock(&devinfo->dev_init_lock);
-+		complete(&devinfo->dev_init_done);
- 		return 0;
- 	}
- 	bus->chip = bus_pub->devid;
-@@ -1326,11 +1326,10 @@ brcmf_usb_probe(struct usb_interface *in
- 
- 	devinfo->usbdev = usb;
- 	devinfo->dev = &usb->dev;
--	/* Take an init lock, to protect for disconnect while still loading.
-+	/* Init completion, to protect for disconnect while still loading.
- 	 * Necessary because of the asynchronous firmware load construction
- 	 */
--	mutex_init(&devinfo->dev_init_lock);
--	mutex_lock(&devinfo->dev_init_lock);
-+	init_completion(&devinfo->dev_init_done);
- 
- 	usb_set_intfdata(intf, devinfo);
- 
-@@ -1408,7 +1407,7 @@ brcmf_usb_probe(struct usb_interface *in
- 	return 0;
- 
- fail:
--	mutex_unlock(&devinfo->dev_init_lock);
-+	complete(&devinfo->dev_init_done);
- 	kfree(devinfo);
- 	usb_set_intfdata(intf, NULL);
- 	return ret;
-@@ -1423,7 +1422,7 @@ brcmf_usb_disconnect(struct usb_interfac
- 	devinfo = (struct brcmf_usbdev_info *)usb_get_intfdata(intf);
- 
- 	if (devinfo) {
--		mutex_lock(&devinfo->dev_init_lock);
-+		wait_for_completion(&devinfo->dev_init_done);
- 		/* Make sure that devinfo still exists. Firmware probe routines
- 		 * may have released the device and cleared the intfdata.
- 		 */

package/kernel/mac80211/patches/brcm/365-v5.2-brcmfmac-fix-missing-checks-for-kmemdup.patch

@@ -1,35 +0,0 @@
-From 46953f97224d56a12ccbe9c6acaa84ca0dab2780 Mon Sep 17 00:00:00 2001
-From: Kangjie Lu <kjlu@umn.edu>
-Date: Fri, 15 Mar 2019 12:04:32 -0500
-Subject: [PATCH] brcmfmac: fix missing checks for kmemdup
-
-In case kmemdup fails, the fix sets conn_info->req_ie_len and
-conn_info->resp_ie_len to zero to avoid buffer overflows.
-
-Signed-off-by: Kangjie Lu <kjlu@umn.edu>
-Acked-by: Arend van Spriel <arend.vanspriel@broadcom.com>
-Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
----
- drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c | 4 ++++
- 1 file changed, 4 insertions(+)
-
---- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c
-+++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c
-@@ -5456,6 +5456,8 @@ static s32 brcmf_get_assoc_ies(struct br
- 		conn_info->req_ie =
- 		    kmemdup(cfg->extra_buf, conn_info->req_ie_len,
- 			    GFP_KERNEL);
-+		if (!conn_info->req_ie)
-+			conn_info->req_ie_len = 0;
- 	} else {
- 		conn_info->req_ie_len = 0;
- 		conn_info->req_ie = NULL;
-@@ -5472,6 +5474,8 @@ static s32 brcmf_get_assoc_ies(struct br
- 		conn_info->resp_ie =
- 		    kmemdup(cfg->extra_buf, conn_info->resp_ie_len,
- 			    GFP_KERNEL);
-+		if (!conn_info->resp_ie)
-+			conn_info->resp_ie_len = 0;
- 	} else {
- 		conn_info->resp_ie_len = 0;
- 		conn_info->resp_ie = NULL;

package/kernel/mac80211/patches/brcm/373-v5.2-brcm80211-potential-NULL-dereference-in-brcmf_cfg802.patch

@@ -1,50 +0,0 @@
-From e025da3d7aa4770bb1d1b3b0aa7cc4da1744852d Mon Sep 17 00:00:00 2001
-From: Dan Carpenter <dan.carpenter@oracle.com>
-Date: Wed, 24 Apr 2019 12:52:18 +0300
-Subject: [PATCH] brcm80211: potential NULL dereference in
- brcmf_cfg80211_vndr_cmds_dcmd_handler()
-
-If "ret_len" is negative then it could lead to a NULL dereference.
-
-The "ret_len" value comes from nl80211_vendor_cmd(), if it's negative
-then we don't allocate the "dcmd_buf" buffer.  Then we pass "ret_len" to
-brcmf_fil_cmd_data_set() where it is cast to a very high u32 value.
-Most of the functions in that call tree check whether the buffer we pass
-is NULL but there are at least a couple places which don't such as
-brcmf_dbg_hex_dump() and brcmf_msgbuf_query_dcmd().  We memcpy() to and
-from the buffer so it would result in a NULL dereference.
-
-The fix is to change the types so that "ret_len" can't be negative.  (If
-we memcpy() zero bytes to NULL, that's a no-op and doesn't cause an
-issue).
-
-Fixes: 1bacb0487d0e ("brcmfmac: replace cfg80211 testmode with vendor command")
-Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
-Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
----
- drivers/net/wireless/broadcom/brcm80211/brcmfmac/vendor.c | 5 +++--
- 1 file changed, 3 insertions(+), 2 deletions(-)
-
---- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/vendor.c
-+++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/vendor.c
-@@ -35,9 +35,10 @@ static int brcmf_cfg80211_vndr_cmds_dcmd
- 	struct brcmf_if *ifp;
- 	const struct brcmf_vndr_dcmd_hdr *cmdhdr = data;
- 	struct sk_buff *reply;
--	int ret, payload, ret_len;
-+	unsigned int payload, ret_len;
- 	void *dcmd_buf = NULL, *wr_pointer;
- 	u16 msglen, maxmsglen = PAGE_SIZE - 0x100;
-+	int ret;
- 
- 	if (len < sizeof(*cmdhdr)) {
- 		brcmf_err("vendor command too short: %d\n", len);
-@@ -65,7 +66,7 @@ static int brcmf_cfg80211_vndr_cmds_dcmd
- 			brcmf_err("oversize return buffer %d\n", ret_len);
- 			ret_len = BRCMF_DCMD_MAXLEN;
- 		}
--		payload = max(ret_len, len) + 1;
-+		payload = max_t(unsigned int, ret_len, len) + 1;
- 		dcmd_buf = vzalloc(payload);
- 		if (NULL == dcmd_buf)
- 			return -ENOMEM;

package/kernel/mac80211/patches/mwl/700-mwl8k-missing-pci-id-for-WNR854T.patch

@@ -1,6 +1,6 @@
 --- a/drivers/net/wireless/marvell/mwl8k.c
 +++ b/drivers/net/wireless/marvell/mwl8k.c
-@@ -5686,6 +5686,7 @@ MODULE_FIRMWARE("mwl8k/fmimage_8366.fw")
+@@ -5691,6 +5691,7 @@ MODULE_FIRMWARE("mwl8k/fmimage_8366.fw")
  MODULE_FIRMWARE(MWL8K_8366_AP_FW(MWL8K_8366_AP_FW_API));
  
  static const struct pci_device_id mwl8k_pci_id_table[] = {

package/kernel/mac80211/patches/mwl/940-mwl8k_init_devices_synchronously.patch

@@ -1,6 +1,6 @@
 --- a/drivers/net/wireless/marvell/mwl8k.c
 +++ b/drivers/net/wireless/marvell/mwl8k.c
-@@ -6271,6 +6271,8 @@ static int mwl8k_probe(struct pci_dev *p
+@@ -6276,6 +6276,8 @@ static int mwl8k_probe(struct pci_dev *p
  
  	priv->running_bsses = 0;
  
@@ -9,7 +9,7 @@
  	return rc;
  
  err_stop_firmware:
-@@ -6304,8 +6306,6 @@ static void mwl8k_remove(struct pci_dev
+@@ -6309,8 +6311,6 @@ static void mwl8k_remove(struct pci_dev
  		return;
  	priv = hw->priv;
  

package/kernel/mac80211/patches/mwl/941-mwl8k-Fix-rate_idx-underflow.patch

@@ -1,75 +0,0 @@
-From b897577af85bb5e5638efa780bc3716fae5212d3 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Petr=20=C5=A0tetiar?= <ynezz@true.cz>
-Date: Mon, 8 Apr 2019 09:45:56 +0200
-Subject: [PATCH] mwl8k: Fix rate_idx underflow
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-It was reported on OpenWrt bug tracking system[1], that several users
-are affected by the endless reboot of their routers if they configure
-5GHz interface with channel 44 or 48.
-
-The reboot loop is caused by the following excessive number of WARN_ON
-messages:
-
- WARNING: CPU: 0 PID: 0 at backports-4.19.23-1/net/mac80211/rx.c:4516
-                             ieee80211_rx_napi+0x1fc/0xa54 [mac80211]
-
-as the messages are being correctly emitted by the following guard:
-
- case RX_ENC_LEGACY:
-      if (WARN_ON(status->rate_idx >= sband->n_bitrates))
-
-as the rate_idx is in this case erroneously set to 251 (0xfb). This fix
-simply converts previously used magic number to proper constant and
-guards against substraction which is leading to the currently observed
-underflow.
-
-1. https://bugs.openwrt.org/index.php?do=details&task_id=2218
-
-Fixes: 854783444bab ("mwl8k: properly set receive status rate index on 5 GHz receive")
-Cc: <stable@vger.kernel.org>
-Tested-by: Eubert Bao <bunnier@gmail.com>
-Reported-by: Eubert Bao <bunnier@gmail.com>
-Signed-off-by: Petr Štetiar <ynezz@true.cz>
----
- drivers/net/wireless/marvell/mwl8k.c | 13 +++++++++----
- 1 file changed, 9 insertions(+), 4 deletions(-)
-
---- a/drivers/net/wireless/marvell/mwl8k.c
-+++ b/drivers/net/wireless/marvell/mwl8k.c
-@@ -441,6 +441,9 @@ static const struct ieee80211_rate mwl8k
- #define MWL8K_CMD_UPDATE_STADB		0x1123
- #define MWL8K_CMD_BASTREAM		0x1125
- 
-+#define MWL8K_LEGACY_5G_RATE_OFFSET \
-+	(ARRAY_SIZE(mwl8k_rates_24) - ARRAY_SIZE(mwl8k_rates_50))
-+
- static const char *mwl8k_cmd_name(__le16 cmd, char *buf, int bufsize)
- {
- 	u16 command = le16_to_cpu(cmd);
-@@ -1016,8 +1019,9 @@ mwl8k_rxd_ap_process(void *_rxd, struct
- 
- 	if (rxd->channel > 14) {
- 		status->band = NL80211_BAND_5GHZ;
--		if (!(status->encoding == RX_ENC_HT))
--			status->rate_idx -= 5;
-+		if (!(status->encoding == RX_ENC_HT) &&
-+		    status->rate_idx >= MWL8K_LEGACY_5G_RATE_OFFSET)
-+			status->rate_idx -= MWL8K_LEGACY_5G_RATE_OFFSET;
- 	} else {
- 		status->band = NL80211_BAND_2GHZ;
- 	}
-@@ -1124,8 +1128,9 @@ mwl8k_rxd_sta_process(void *_rxd, struct
- 
- 	if (rxd->channel > 14) {
- 		status->band = NL80211_BAND_5GHZ;
--		if (!(status->encoding == RX_ENC_HT))
--			status->rate_idx -= 5;
-+		if (!(status->encoding == RX_ENC_HT) &&
-+		    status->rate_idx >= MWL8K_LEGACY_5G_RATE_OFFSET)
-+			status->rate_idx -= MWL8K_LEGACY_5G_RATE_OFFSET;
- 	} else {
- 		status->band = NL80211_BAND_2GHZ;
- 	}

package/kernel/mac80211/patches/rt2x00/004-rt2x00-do-not-check-for-txstatus-timeout-every-time-.patch

@@ -51,7 +51,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
  		rt2800mmio_enable_interrupt(rt2x00dev,
 --- a/drivers/net/wireless/ralink/rt2x00/rt2x00.h
 +++ b/drivers/net/wireless/ralink/rt2x00/rt2x00.h
-@@ -980,6 +980,8 @@ struct rt2x00_dev {
+@@ -979,6 +979,8 @@ struct rt2x00_dev {
  	 */
  	DECLARE_KFIFO_PTR(txstatus_fifo, u32);
  
@@ -62,7 +62,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
  	 */
 --- a/drivers/net/wireless/ralink/rt2x00/rt2x00queue.c
 +++ b/drivers/net/wireless/ralink/rt2x00/rt2x00queue.c
-@@ -1039,6 +1039,7 @@ void rt2x00queue_start_queues(struct rt2
+@@ -1042,6 +1042,7 @@ void rt2x00queue_start_queues(struct rt2
  	 */
  	tx_queue_for_each(rt2x00dev, queue)
  		rt2x00queue_start_queue(queue);

package/kernel/mac80211/patches/rt2x00/005-rt2x00-use-different-txstatus-timeouts-when-flushing.patch

@@ -97,7 +97,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
  	 * Driver configuration
 --- a/drivers/net/wireless/ralink/rt2x00/rt2x00mac.c
 +++ b/drivers/net/wireless/ralink/rt2x00/rt2x00mac.c
-@@ -720,8 +720,12 @@ void rt2x00mac_flush(struct ieee80211_hw
+@@ -710,8 +710,12 @@ void rt2x00mac_flush(struct ieee80211_hw
  	if (!test_bit(DEVICE_STATE_PRESENT, &rt2x00dev->flags))
  		return;
  

package/kernel/mac80211/patches/rt2x00/022-rt2x00-check-number-of-EPROTO-errors.patch

@@ -34,7 +34,7 @@ Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com>
 
 --- a/drivers/net/wireless/ralink/rt2x00/rt2x00.h
 +++ b/drivers/net/wireless/ralink/rt2x00/rt2x00.h
-@@ -1017,6 +1017,7 @@ struct rt2x00_dev {
+@@ -1016,6 +1016,7 @@ struct rt2x00_dev {
  	unsigned int extra_tx_headroom;
  
  	struct usb_anchor *anchor;

package/kernel/mac80211/patches/rt2x00/023-rt2x00-do-not-print-error-when-queue-is-full.patch

@@ -32,7 +32,7 @@ Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com>
 
 --- a/drivers/net/wireless/ralink/rt2x00/rt2x00queue.c
 +++ b/drivers/net/wireless/ralink/rt2x00/rt2x00queue.c
-@@ -671,7 +671,7 @@ int rt2x00queue_write_tx_frame(struct da
+@@ -674,7 +674,7 @@ int rt2x00queue_write_tx_frame(struct da
  	spin_lock(&queue->tx_lock);
  
  	if (unlikely(rt2x00queue_full(queue))) {

package/kernel/mac80211/patches/rt2x00/029-rt2x00-remove-last_nostatus_check.patch

@@ -36,7 +36,7 @@ Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com>
  		if (rt2800_entry_txstatus_timeout(rt2x00dev, entry))
 --- a/drivers/net/wireless/ralink/rt2x00/rt2x00.h
 +++ b/drivers/net/wireless/ralink/rt2x00/rt2x00.h
-@@ -981,8 +981,6 @@ struct rt2x00_dev {
+@@ -980,8 +980,6 @@ struct rt2x00_dev {
  	 */
  	DECLARE_KFIFO_PTR(txstatus_fifo, u32);
  
@@ -47,7 +47,7 @@ Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com>
  	 */
 --- a/drivers/net/wireless/ralink/rt2x00/rt2x00queue.c
 +++ b/drivers/net/wireless/ralink/rt2x00/rt2x00queue.c
-@@ -1039,7 +1039,6 @@ void rt2x00queue_start_queues(struct rt2
+@@ -1042,7 +1042,6 @@ void rt2x00queue_start_queues(struct rt2
  	 */
  	tx_queue_for_each(rt2x00dev, queue)
  		rt2x00queue_start_queue(queue);

package/kernel/mac80211/patches/rt2x00/032-rt2x00-do-not-increment-sequence-number-while-re-tra.patch

@@ -1,94 +0,0 @@
-From 746ba11f170603bf1eaade817553a6c2e9135bbe Mon Sep 17 00:00:00 2001
-From: Vijayakumar Durai <vijayakumar.durai1@vivint.com>
-Date: Wed, 27 Mar 2019 11:03:17 +0100
-Subject: [PATCH] rt2x00: do not increment sequence number while
- re-transmitting
-
-Currently rt2x00 devices retransmit the management frames with
-incremented sequence number if hardware is assigning the sequence.
-
-This is HW bug fixed already for non-QOS data frames, but it should
-be fixed for management frames except beacon.
-
-Without fix retransmitted frames have wrong SN:
-
- AlphaNet_e8:fb:36 Vivotek_52:31:51 Authentication, SN=1648, FN=0, Flags=........C Frame is not being retransmitted 1648 1
- AlphaNet_e8:fb:36 Vivotek_52:31:51 Authentication, SN=1649, FN=0, Flags=....R...C Frame is being retransmitted 1649 1
- AlphaNet_e8:fb:36 Vivotek_52:31:51 Authentication, SN=1650, FN=0, Flags=....R...C Frame is being retransmitted 1650 1
-
-With the fix SN stays correctly the same:
-
- 88:6a:e3:e8:f9:a2 8c:f5:a3:88:76:87 Authentication, SN=1450, FN=0, Flags=........C
- 88:6a:e3:e8:f9:a2 8c:f5:a3:88:76:87 Authentication, SN=1450, FN=0, Flags=....R...C
- 88:6a:e3:e8:f9:a2 8c:f5:a3:88:76:87 Authentication, SN=1450, FN=0, Flags=....R...C
-
-Cc: stable@vger.kernel.org
-Signed-off-by: Vijayakumar Durai <vijayakumar.durai1@vivint.com>
-[sgruszka: simplify code, change comments and changelog]
-Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com>
-Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
----
- drivers/net/wireless/ralink/rt2x00/rt2x00.h      |  1 -
- drivers/net/wireless/ralink/rt2x00/rt2x00mac.c   | 10 ----------
- drivers/net/wireless/ralink/rt2x00/rt2x00queue.c | 15 +++++++++------
- 3 files changed, 9 insertions(+), 17 deletions(-)
-
---- a/drivers/net/wireless/ralink/rt2x00/rt2x00.h
-+++ b/drivers/net/wireless/ralink/rt2x00/rt2x00.h
-@@ -673,7 +673,6 @@ enum rt2x00_state_flags {
- 	CONFIG_CHANNEL_HT40,
- 	CONFIG_POWERSAVING,
- 	CONFIG_HT_DISABLED,
--	CONFIG_QOS_DISABLED,
- 	CONFIG_MONITORING,
- 
- 	/*
---- a/drivers/net/wireless/ralink/rt2x00/rt2x00mac.c
-+++ b/drivers/net/wireless/ralink/rt2x00/rt2x00mac.c
-@@ -642,19 +642,9 @@ void rt2x00mac_bss_info_changed(struct i
- 			rt2x00dev->intf_associated--;
- 
- 		rt2x00leds_led_assoc(rt2x00dev, !!rt2x00dev->intf_associated);
--
--		clear_bit(CONFIG_QOS_DISABLED, &rt2x00dev->flags);
- 	}
- 
- 	/*
--	 * Check for access point which do not support 802.11e . We have to
--	 * generate data frames sequence number in S/W for such AP, because
--	 * of H/W bug.
--	 */
--	if (changes & BSS_CHANGED_QOS && !bss_conf->qos)
--		set_bit(CONFIG_QOS_DISABLED, &rt2x00dev->flags);
--
--	/*
- 	 * When the erp information has changed, we should perform
- 	 * additional configuration steps. For all other changes we are done.
- 	 */
---- a/drivers/net/wireless/ralink/rt2x00/rt2x00queue.c
-+++ b/drivers/net/wireless/ralink/rt2x00/rt2x00queue.c
-@@ -201,15 +201,18 @@ static void rt2x00queue_create_tx_descri
- 	if (!rt2x00_has_cap_flag(rt2x00dev, REQUIRE_SW_SEQNO)) {
- 		/*
- 		 * rt2800 has a H/W (or F/W) bug, device incorrectly increase
--		 * seqno on retransmited data (non-QOS) frames. To workaround
--		 * the problem let's generate seqno in software if QOS is
--		 * disabled.
-+		 * seqno on retransmitted data (non-QOS) and management frames.
-+		 * To workaround the problem let's generate seqno in software.
-+		 * Except for beacons which are transmitted periodically by H/W
-+		 * hence hardware has to assign seqno for them.
- 		 */
--		if (test_bit(CONFIG_QOS_DISABLED, &rt2x00dev->flags))
--			__clear_bit(ENTRY_TXD_GENERATE_SEQ, &txdesc->flags);
--		else
-+	    	if (ieee80211_is_beacon(hdr->frame_control)) {
-+			__set_bit(ENTRY_TXD_GENERATE_SEQ, &txdesc->flags);
- 			/* H/W will generate sequence number */
- 			return;
-+		}
-+
-+		__clear_bit(ENTRY_TXD_GENERATE_SEQ, &txdesc->flags);
- 	}
- 
- 	/*

package/kernel/mac80211/patches/subsys/100-remove-cryptoapi-dependencies.patch

@@ -499,8 +499,8 @@
  	struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(skb);
  	struct ieee80211_key *key = rx->key;
  	struct ieee80211_mmie_16 *mmie;
--	u8 aad[GMAC_AAD_LEN], mic[GMAC_MIC_LEN], ipn[6], nonce[GMAC_NONCE_LEN];
-+	u8 aad[20], mic[16], ipn[6], nonce[12];
+-	u8 aad[GMAC_AAD_LEN], *mic, ipn[6], nonce[GMAC_NONCE_LEN];
++	u8 aad[20], *mic, ipn[6], nonce[12];
  	struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)skb->data;
  
  	if (!ieee80211_is_mgmt(hdr->frame_control))

package/kernel/mac80211/patches/subsys/140-tweak-TSQ-setting.patch

@@ -1,6 +1,6 @@
 --- a/net/mac80211/tx.c
 +++ b/net/mac80211/tx.c
-@@ -3797,6 +3797,12 @@ out:
+@@ -3800,6 +3800,12 @@ out:
  netdev_tx_t ieee80211_subif_start_xmit(struct sk_buff *skb,
  				       struct net_device *dev)
  {

package/kernel/mac80211/patches/subsys/300-mac80211-add-stop-start-logic-for-software-TXQs.patch

@@ -100,7 +100,7 @@ Signed-off-by: Johannes Berg <johannes.berg@intel.com>
  		     (unsigned long) local);
 --- a/net/mac80211/tx.c
 +++ b/net/mac80211/tx.c
-@@ -3482,13 +3482,19 @@ struct sk_buff *ieee80211_tx_dequeue(str
+@@ -3485,13 +3485,19 @@ struct sk_buff *ieee80211_tx_dequeue(str
  	struct ieee80211_tx_info *info;
  	struct ieee80211_tx_data tx;
  	ieee80211_tx_result r;
@@ -122,7 +122,7 @@ Signed-off-by: Johannes Berg <johannes.berg@intel.com>
  	/* Make sure fragments stay together. */
  	skb = __skb_dequeue(&txqi->frags);
  	if (skb)
-@@ -3583,6 +3589,7 @@ begin:
+@@ -3586,6 +3592,7 @@ begin:
  	}
  
  	IEEE80211_SKB_CB(skb)->control.vif = vif;

package/kernel/mac80211/patches/subsys/301-mac80211-do-not-call-driver-wake_tx_queue-op-during-.patch

@@ -1,33 +0,0 @@
-From: Felix Fietkau <nbd@nbd.name>
-Date: Fri, 1 Mar 2019 14:42:56 +0100
-Subject: [PATCH] mac80211: do not call driver wake_tx_queue op during reconfig
-
-There are several scenarios in which mac80211 can call drv_wake_tx_queue
-after ieee80211_restart_hw has been called and has not yet completed.
-Driver private structs are considered uninitialized until mac80211 has
-uploaded the vifs, stations and keys again, so using private tx queue
-data during that time is not safe.
-
-The driver can also not rely on drv_reconfig_complete to figure out when
-it is safe to accept drv_wake_tx_queue calls again, because it is only
-called after all tx queues are woken again.
-
-To fix this, bail out early in drv_wake_tx_queue if local->in_reconfig
-is set.
-
-Cc: stable@vger.kernel.org
-Signed-off-by: Felix Fietkau <nbd@nbd.name>
----
-
---- a/net/mac80211/driver-ops.h
-+++ b/net/mac80211/driver-ops.h
-@@ -1166,6 +1166,9 @@ static inline void drv_wake_tx_queue(str
- {
- 	struct ieee80211_sub_if_data *sdata = vif_to_sdata(txq->txq.vif);
- 
-+	if (local->in_reconfig)
-+		return;
-+
- 	if (!check_sdata_in_driver(sdata))
- 		return;
- 

package/kernel/mac80211/patches/subsys/311-mac80211-fix-memory-accounting-with-A-MSDU-aggregati.patch

@@ -1,58 +0,0 @@
-From: Felix Fietkau <nbd@nbd.name>
-Date: Thu, 8 Mar 2018 21:00:56 +0100
-Subject: [PATCH] mac80211: fix memory accounting with A-MSDU aggregation
-
-fq uses skb->truesize for memory usage tracking. Increments/decrements
-are done on enqueue/dequeue.
-When A-MSDU aggregation is performed on tx side, the packet is
-aggregated with the last packet in the queue belonging to the same flow.
-There are multiple bugs here:
-- The truesize field of the aggregated packet isn't updated, so memory
-usage is underestimated
-- fq->memory_usage isn't adjusted.
-
-Because of the combination of both bugs, this only causes tx issues in
-rare cases, mainly when the A-MSDU head needs to be reallocated.
-
-Fix this by adjusting both truesize of the A-MSDU head and adding the
-truesize delta to fq->memory_usage.
-
-Signed-off-by: Felix Fietkau <nbd@nbd.name>
----
-
---- a/net/mac80211/tx.c
-+++ b/net/mac80211/tx.c
-@@ -3185,6 +3185,7 @@ static bool ieee80211_amsdu_aggregate(st
- 	u8 max_subframes = sta->sta.max_amsdu_subframes;
- 	int max_frags = local->hw.max_tx_fragments;
- 	int max_amsdu_len = sta->sta.max_amsdu_len;
-+	int orig_truesize;
- 	__be16 len;
- 	void *data;
- 	bool ret = false;
-@@ -3216,12 +3217,13 @@ static bool ieee80211_amsdu_aggregate(st
- 	flow = fq_flow_classify(fq, tin, skb, fq_flow_get_default_func);
- 	head = skb_peek_tail(&flow->queue);
- 	if (!head)
--		goto out;
-+		goto unlock;
- 
-+	orig_truesize = head->truesize;
- 	orig_len = head->len;
- 
- 	if (skb->len + head->len > max_amsdu_len)
--		goto out;
-+		goto unlock;
- 
- 	nfrags = 1 + skb_shinfo(skb)->nr_frags;
- 	nfrags += 1 + skb_shinfo(head)->nr_frags;
-@@ -3279,6 +3281,9 @@ out_recalc:
- 		fq_recalc_backlog(fq, tin, flow);
- 	}
- out:
-+	fq->memory_usage += head->truesize - orig_truesize;
-+
-+unlock:
- 	spin_unlock_bh(&fq->lock);
- 
- 	return ret;

package/kernel/mac80211/patches/subsys/313-mac80211-fix-unaligned-access-in-mesh-table-hash-fun.patch

@@ -1,21 +0,0 @@
-From: Felix Fietkau <nbd@nbd.name>
-Date: Wed, 13 Mar 2019 18:52:56 +0100
-Subject: [PATCH] mac80211: fix unaligned access in mesh table hash function
-
-The pointer to the last four bytes of the address is not guaranteed to be
-aligned, so we need to use __get_unaligned_cpu32 here
-
-Signed-off-by: Felix Fietkau <nbd@nbd.name>
----
-
---- a/net/mac80211/mesh_pathtbl.c
-+++ b/net/mac80211/mesh_pathtbl.c
-@@ -23,7 +23,7 @@ static void mesh_path_free_rcu(struct me
- static u32 mesh_table_hash(const void *addr, u32 len, u32 seed)
- {
- 	/* Use last four bytes of hw addr as hash index */
--	return jhash_1word(*(u32 *)(addr+2), seed);
-+	return jhash_1word(__get_unaligned_cpu32(addr+2), seed);
- }
- 
- static const struct rhashtable_params mesh_rht_params = {

package/kernel/mac80211/patches/subsys/320-mac80211-Add-TXQ-scheduling-API.patch

@@ -229,7 +229,7 @@ Signed-off-by: Johannes Berg <johannes.berg@intel.com>
  
  	return true;
  }
-@@ -3602,6 +3606,60 @@ out:
+@@ -3600,6 +3604,60 @@ out:
  }
  EXPORT_SYMBOL(ieee80211_tx_dequeue);
  

package/kernel/mac80211/patches/subsys/321-cfg80211-Add-airtime-statistics-and-settings.patch

@@ -156,7 +156,7 @@ Signed-off-by: Johannes Berg <johannes.berg@intel.com>
  };
  
  /* policy for the key attributes */
-@@ -4658,6 +4659,11 @@ static int nl80211_send_station(struct s
+@@ -4664,6 +4665,11 @@ static int nl80211_send_station(struct s
  	PUT_SINFO(PLID, plid, u16);
  	PUT_SINFO(PLINK_STATE, plink_state, u8);
  	PUT_SINFO_U64(RX_DURATION, rx_duration);
@@ -168,7 +168,7 @@ Signed-off-by: Johannes Berg <johannes.berg@intel.com>
  
  	switch (rdev->wiphy.signal_type) {
  	case CFG80211_SIGNAL_TYPE_MBM:
-@@ -5294,6 +5300,15 @@ static int nl80211_set_station(struct sk
+@@ -5300,6 +5306,15 @@ static int nl80211_set_station(struct sk
  			nla_get_u8(info->attrs[NL80211_ATTR_OPMODE_NOTIF]);
  	}
  
@@ -184,7 +184,7 @@ Signed-off-by: Johannes Berg <johannes.berg@intel.com>
  	/* Include parameters for TDLS peer (will check later) */
  	err = nl80211_set_station_tdls(info, &params);
  	if (err)
-@@ -5432,6 +5447,15 @@ static int nl80211_new_station(struct sk
+@@ -5438,6 +5453,15 @@ static int nl80211_new_station(struct sk
  			return -EINVAL;
  	}
  

package/kernel/mac80211/patches/subsys/322-mac80211-Add-airtime-accounting-and-scheduling-to-TX.patch

@@ -412,7 +412,7 @@ Signed-off-by: Johannes Berg <johannes.berg@intel.com>
  	spin_lock_bh(&local->active_txq_lock[txqi->txq.ac]);
  	list_del_init(&txqi->schedule_order);
  	spin_unlock_bh(&local->active_txq_lock[txqi->txq.ac]);
-@@ -3613,11 +3616,28 @@ struct ieee80211_txq *ieee80211_next_txq
+@@ -3611,11 +3614,28 @@ struct ieee80211_txq *ieee80211_next_txq
  
  	lockdep_assert_held(&local->active_txq_lock[ac]);
  
@@ -442,7 +442,7 @@ Signed-off-by: Johannes Berg <johannes.berg@intel.com>
  		return NULL;
  
  	list_del_init(&txqi->schedule_order);
-@@ -3635,12 +3655,74 @@ void ieee80211_return_txq(struct ieee802
+@@ -3633,12 +3653,74 @@ void ieee80211_return_txq(struct ieee802
  	lockdep_assert_held(&local->active_txq_lock[txq->ac]);
  
  	if (list_empty(&txqi->schedule_order) &&

package/kernel/mac80211/patches/subsys/323-mac80211-Expose-ieee80211_schedule_txq-function.patch

@@ -51,7 +51,7 @@ Signed-off-by: Johannes Berg <johannes.berg@intel.com>
  
 --- a/net/mac80211/tx.c
 +++ b/net/mac80211/tx.c
-@@ -3675,6 +3675,19 @@ void ieee80211_return_txq(struct ieee802
+@@ -3673,6 +3673,19 @@ void ieee80211_return_txq(struct ieee802
  }
  EXPORT_SYMBOL(ieee80211_return_txq);
  

package/kernel/mac80211/patches/subsys/350-mac80211-add-hdrlen-to-ieee80211_tx_data.patch

@@ -48,7 +48,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
  	if (likely(sta)) {
  		if (!IS_ERR(sta))
  			tx->sta = sta;
-@@ -3525,6 +3525,7 @@ begin:
+@@ -3523,6 +3523,7 @@ begin:
  	tx.local = local;
  	tx.skb = skb;
  	tx.sdata = vif_to_sdata(info->control.vif);
@@ -56,7 +56,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
  
  	if (txq->sta)
  		tx.sta = container_of(txq->sta, struct sta_info, sta);
-@@ -3551,7 +3552,7 @@ begin:
+@@ -3549,7 +3550,7 @@ begin:
  
  		if (tx.key &&
  		    (tx.key->conf.flags & IEEE80211_KEY_FLAG_GENERATE_IV))
@@ -65,7 +65,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
  
  		ieee80211_xmit_fast_finish(sta->sdata, sta, pn_offs,
  					   tx.key, skb);
-@@ -4008,6 +4009,7 @@ ieee80211_build_data_template(struct iee
+@@ -4006,6 +4007,7 @@ ieee80211_build_data_template(struct iee
  	hdr = (void *)skb->data;
  	tx.sta = sta_info_get(sdata, hdr->addr1);
  	tx.skb = skb;

package/kernel/mac80211/patches/subsys/351-mac80211-add-TX_NEEDS_ALIGNED4_SKBS-hw-flag.patch

@@ -274,7 +274,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
  	/* We store the key here so there's no point in using rcu_dereference()
  	 * but that's fine because the code that changes the pointers will call
  	 * this function after doing so. For a single CPU that would be enough,
-@@ -3525,7 +3531,7 @@ begin:
+@@ -3523,7 +3529,7 @@ begin:
  	tx.local = local;
  	tx.skb = skb;
  	tx.sdata = vif_to_sdata(info->control.vif);
@@ -283,7 +283,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
  
  	if (txq->sta)
  		tx.sta = container_of(txq->sta, struct sta_info, sta);
-@@ -4009,7 +4015,7 @@ ieee80211_build_data_template(struct iee
+@@ -4007,7 +4013,7 @@ ieee80211_build_data_template(struct iee
  	hdr = (void *)skb->data;
  	tx.sta = sta_info_get(sdata, hdr->addr1);
  	tx.skb = skb;

package/kernel/mac80211/patches/subsys/352-mac80211-rework-locking-for-txq-scheduling-airtime-f.patch

@@ -95,7 +95,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
   * ieee80211_txq_may_transmit - check whether TXQ is allowed to transmit
 --- a/net/mac80211/tx.c
 +++ b/net/mac80211/tx.c
-@@ -3619,16 +3619,17 @@ EXPORT_SYMBOL(ieee80211_tx_dequeue);
+@@ -3617,16 +3617,17 @@ EXPORT_SYMBOL(ieee80211_tx_dequeue);
  struct ieee80211_txq *ieee80211_next_txq(struct ieee80211_hw *hw, u8 ac)
  {
  	struct ieee80211_local *local = hw_to_local(hw);
@@ -115,7 +115,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
  
  	if (txqi->txq.sta) {
  		struct sta_info *sta = container_of(txqi->txq.sta,
-@@ -3645,21 +3646,25 @@ struct ieee80211_txq *ieee80211_next_txq
+@@ -3643,21 +3644,25 @@ struct ieee80211_txq *ieee80211_next_txq
  
  
  	if (txqi->schedule_round == local->schedule_round[ac])
@@ -146,7 +146,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
  
  	if (list_empty(&txqi->schedule_order) &&
  	    (!skb_queue_empty(&txqi->frags) || txqi->tin.backlog_packets)) {
-@@ -3679,18 +3684,7 @@ void ieee80211_return_txq(struct ieee802
+@@ -3677,18 +3682,7 @@ void ieee80211_return_txq(struct ieee802
  			list_add_tail(&txqi->schedule_order,
  				      &local->active_txqs[txq->ac]);
  	}
@@ -165,7 +165,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
  	spin_unlock_bh(&local->active_txq_lock[txq->ac]);
  }
  EXPORT_SYMBOL(ieee80211_schedule_txq);
-@@ -3703,7 +3697,7 @@ bool ieee80211_txq_may_transmit(struct i
+@@ -3701,7 +3695,7 @@ bool ieee80211_txq_may_transmit(struct i
  	struct sta_info *sta;
  	u8 ac = txq->ac;
  
@@ -174,7 +174,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
  
  	if (!txqi->txq.sta)
  		goto out;
-@@ -3733,34 +3727,27 @@ bool ieee80211_txq_may_transmit(struct i
+@@ -3731,34 +3725,27 @@ bool ieee80211_txq_may_transmit(struct i
  
  	sta->airtime[ac].deficit += sta->airtime_weight;
  	list_move_tail(&txqi->schedule_order, &local->active_txqs[ac]);

package/kernel/mac80211/patches/subsys/354-mac80211-calculate-hash-for-fq-without-holding-fq-lo.patch

@@ -121,4 +121,4 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
 +				fq_flow_get_default_func);
  	head = skb_peek_tail(&flow->queue);
  	if (!head)
- 		goto unlock;
+ 		goto out;

package/kernel/mac80211/patches/subsys/355-mac80211-run-late-dequeue-late-tx-handlers-without-h.patch

@@ -10,7 +10,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
 
 --- a/net/mac80211/tx.c
 +++ b/net/mac80211/tx.c
-@@ -3507,6 +3507,7 @@ struct sk_buff *ieee80211_tx_dequeue(str
+@@ -3505,6 +3505,7 @@ struct sk_buff *ieee80211_tx_dequeue(str
  	ieee80211_tx_result r;
  	struct ieee80211_vif *vif = txq->vif;
  
@@ -18,7 +18,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
  	spin_lock_bh(&fq->lock);
  
  	if (test_bit(IEEE80211_TXQ_STOP, &txqi->flags) ||
-@@ -3523,11 +3524,12 @@ struct sk_buff *ieee80211_tx_dequeue(str
+@@ -3521,11 +3522,12 @@ struct sk_buff *ieee80211_tx_dequeue(str
  	if (skb)
  		goto out;
  
@@ -32,7 +32,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
  	hdr = (struct ieee80211_hdr *)skb->data;
  	info = IEEE80211_SKB_CB(skb);
  
-@@ -3573,8 +3575,11 @@ begin:
+@@ -3571,8 +3573,11 @@ begin:
  
  		skb = __skb_dequeue(&tx.skbs);
  
@@ -45,7 +45,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
  	}
  
  	if (skb && skb_has_frag_list(skb) &&
-@@ -3613,6 +3618,7 @@ begin:
+@@ -3611,6 +3616,7 @@ begin:
  	}
  
  	IEEE80211_SKB_CB(skb)->control.vif = vif;

package/kernel/mac80211/patches/subsys/357-mac80211-optimize-skb-resizing.patch

@@ -180,7 +180,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
  	}
  
  	if (encaps_data)
-@@ -3377,7 +3367,6 @@ static bool ieee80211_xmit_fast(struct i
+@@ -3375,7 +3365,6 @@ static bool ieee80211_xmit_fast(struct i
  	struct ieee80211_local *local = sdata->local;
  	u16 ethertype = (skb->data[12] << 8) | skb->data[13];
  	int extra_head = fast_tx->hdr_len - (ETH_HLEN - 2);
@@ -188,7 +188,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
  	struct ethhdr eth;
  	struct ieee80211_tx_info *info;
  	struct ieee80211_hdr *hdr = (void *)fast_tx->hdr;
-@@ -3429,10 +3418,7 @@ static bool ieee80211_xmit_fast(struct i
+@@ -3427,10 +3416,7 @@ static bool ieee80211_xmit_fast(struct i
  	 * as the may-encrypt argument for the resize to not account for
  	 * more room than we already have in 'extra_head'
  	 */

package/kernel/mac80211/patches/subsys/358-mac80211-make-ieee80211_schedule_txq-schedule-empty-.patch

@@ -72,7 +72,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
  /**
 --- a/net/mac80211/tx.c
 +++ b/net/mac80211/tx.c
-@@ -3655,8 +3655,9 @@ out:
+@@ -3653,8 +3653,9 @@ out:
  }
  EXPORT_SYMBOL(ieee80211_next_txq);
  
@@ -84,7 +84,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
  {
  	struct ieee80211_local *local = hw_to_local(hw);
  	struct txq_info *txqi = to_txq_info(txq);
-@@ -3664,7 +3665,8 @@ void ieee80211_schedule_txq(struct ieee8
+@@ -3662,7 +3663,8 @@ void ieee80211_schedule_txq(struct ieee8
  	spin_lock_bh(&local->active_txq_lock[txq->ac]);
  
  	if (list_empty(&txqi->schedule_order) &&
@@ -94,7 +94,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
  		/* If airtime accounting is active, always enqueue STAs at the
  		 * head of the list to ensure that they only get moved to the
  		 * back by the airtime DRR scheduler once they have a negative
-@@ -3684,7 +3686,7 @@ void ieee80211_schedule_txq(struct ieee8
+@@ -3682,7 +3684,7 @@ void ieee80211_schedule_txq(struct ieee8
  
  	spin_unlock_bh(&local->active_txq_lock[txq->ac]);
  }

package/kernel/mac80211/patches/subsys/360-mac80211-when-using-iTXQ-select-the-queue-in-ieee802.patch

@@ -13,7 +13,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
 
 --- a/net/mac80211/tx.c
 +++ b/net/mac80211/tx.c
-@@ -3753,6 +3753,7 @@ void __ieee80211_subif_start_xmit(struct
+@@ -3751,6 +3751,7 @@ void __ieee80211_subif_start_xmit(struct
  				  u32 info_flags)
  {
  	struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
@@ -21,7 +21,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
  	struct sta_info *sta;
  	struct sk_buff *next;
  
-@@ -3766,7 +3767,15 @@ void __ieee80211_subif_start_xmit(struct
+@@ -3764,7 +3765,15 @@ void __ieee80211_subif_start_xmit(struct
  	if (ieee80211_lookup_ra_sta(sdata, skb, &sta))
  		goto out_free;
  

package/kernel/mac80211/patches/subsys/390-nl-mac-80211-allow-4addr-AP-operation-on-crypto-cont.patch

@@ -1,103 +0,0 @@
-From 33d915d9e8ce811d8958915ccd18d71a66c7c495 Mon Sep 17 00:00:00 2001
-From: Manikanta Pubbisetty <mpubbise@codeaurora.org>
-Date: Wed, 8 May 2019 14:55:33 +0530
-Subject: [PATCH] {nl,mac}80211: allow 4addr AP operation on crypto controlled
- devices
-
-As per the current design, in the case of sw crypto controlled devices,
-it is the device which advertises the support for AP/VLAN iftype based
-on it's ability to tranmsit packets encrypted in software
-(In VLAN functionality, group traffic generated for a specific
-VLAN group is always encrypted in software). Commit db3bdcb9c3ff
-("mac80211: allow AP_VLAN operation on crypto controlled devices")
-has introduced this change.
-
-Since 4addr AP operation also uses AP/VLAN iftype, this conditional
-way of advertising AP/VLAN support has broken 4addr AP mode operation on
-crypto controlled devices which do not support VLAN functionality.
-
-In the case of ath10k driver, not all firmwares have support for VLAN
-functionality but all can support 4addr AP operation. Because AP/VLAN
-support is not advertised for these devices, 4addr AP operations are
-also blocked.
-
-Fix this by allowing 4addr operation on devices which do not support
-AP/VLAN iftype but can support 4addr AP operation (decision is based on
-the wiphy flag WIPHY_FLAG_4ADDR_AP).
-
-Cc: stable@vger.kernel.org
-Fixes: db3bdcb9c3ff ("mac80211: allow AP_VLAN operation on crypto controlled devices")
-Signed-off-by: Manikanta Pubbisetty <mpubbise@codeaurora.org>
-Signed-off-by: Johannes Berg <johannes.berg@intel.com>
----
- include/net/cfg80211.h | 3 ++-
- net/mac80211/util.c    | 4 +++-
- net/wireless/core.c    | 6 +++++-
- net/wireless/nl80211.c | 8 ++++++--
- 4 files changed, 16 insertions(+), 5 deletions(-)
-
---- a/include/net/cfg80211.h
-+++ b/include/net/cfg80211.h
-@@ -3457,7 +3457,8 @@ struct cfg80211_ops {
-  *	on wiphy_new(), but can be changed by the driver if it has a good
-  *	reason to override the default
-  * @WIPHY_FLAG_4ADDR_AP: supports 4addr mode even on AP (with a single station
-- *	on a VLAN interface)
-+ *	on a VLAN interface). This flag also serves an extra purpose of
-+ *	supporting 4ADDR AP mode on devices which do not support AP/VLAN iftype.
-  * @WIPHY_FLAG_4ADDR_STATION: supports 4addr mode even as a station
-  * @WIPHY_FLAG_CONTROL_PORT_PROTOCOL: This device supports setting the
-  *	control port protocol ethertype. The device also honours the
---- a/net/mac80211/util.c
-+++ b/net/mac80211/util.c
-@@ -3626,7 +3626,9 @@ int ieee80211_check_combinations(struct
- 	}
- 
- 	/* Always allow software iftypes */
--	if (local->hw.wiphy->software_iftypes & BIT(iftype)) {
-+	if (local->hw.wiphy->software_iftypes & BIT(iftype) ||
-+	    (iftype == NL80211_IFTYPE_AP_VLAN &&
-+	     local->hw.wiphy->flags & WIPHY_FLAG_4ADDR_AP)) {
- 		if (radar_detect)
- 			return -EINVAL;
- 		return 0;
---- a/net/wireless/core.c
-+++ b/net/wireless/core.c
-@@ -1351,8 +1351,12 @@ static int cfg80211_netdev_notifier_call
- 		}
- 		break;
- 	case NETDEV_PRE_UP:
--		if (!(wdev->wiphy->interface_modes & BIT(wdev->iftype)))
-+		if (!(wdev->wiphy->interface_modes & BIT(wdev->iftype)) &&
-+		    !(wdev->iftype == NL80211_IFTYPE_AP_VLAN &&
-+		      rdev->wiphy.flags & WIPHY_FLAG_4ADDR_AP &&
-+		      wdev->use_4addr))
- 			return notifier_from_errno(-EOPNOTSUPP);
-+
- 		if (rfkill_blocked(rdev->rfkill))
- 			return notifier_from_errno(-ERFKILL);
- 		break;
---- a/net/wireless/nl80211.c
-+++ b/net/wireless/nl80211.c
-@@ -3194,8 +3194,7 @@ static int nl80211_new_interface(struct
- 			return -EINVAL;
- 	}
- 
--	if (!rdev->ops->add_virtual_intf ||
--	    !(rdev->wiphy.interface_modes & (1 << type)))
-+	if (!rdev->ops->add_virtual_intf)
- 		return -EOPNOTSUPP;
- 
- 	if ((type == NL80211_IFTYPE_P2P_DEVICE || type == NL80211_IFTYPE_NAN ||
-@@ -3214,6 +3213,11 @@ static int nl80211_new_interface(struct
- 			return err;
- 	}
- 
-+	if (!(rdev->wiphy.interface_modes & (1 << type)) &&
-+	    !(type == NL80211_IFTYPE_AP_VLAN && params.use_4addr &&
-+	      rdev->wiphy.flags & WIPHY_FLAG_4ADDR_AP))
-+		return -EOPNOTSUPP;
-+
- 	err = nl80211_parse_mon_options(rdev, type, info, &params);
- 	if (err < 0)
- 		return err;