From 0d61022ac603a44a5dcfb4d5de21c7657e786082 Mon Sep 17 00:00:00 2001
From: Aravind Kishore Sukla <quic_asukla@quicinc.com>
Date: Fri, 1 Sep 2023 21:22:04 +0530
Subject: [PATCH] qcacld-3.0: Add comments for the change fixed

Add comments for the fix added to validate security
for 11be connection and Reject partner link based on
security check.

Change-Id: I1b8d5e91e0e07c6c311b8c6ca6427c3fabd6b219
CRs-Fixed: 3605255
---
 .../mlme/connection_mgr/core/src/wlan_cm_vdev_connect.c   | 7 +++++++
 core/mac/src/pe/lim/lim_process_sme_req_messages.c        | 8 +++++++-
 2 files changed, 14 insertions(+), 1 deletion(-)

diff --git a/components/umac/mlme/connection_mgr/core/src/wlan_cm_vdev_connect.c b/components/umac/mlme/connection_mgr/core/src/wlan_cm_vdev_connect.c
index f110137144..8412f4a318 100644
--- a/components/umac/mlme/connection_mgr/core/src/wlan_cm_vdev_connect.c
+++ b/components/umac/mlme/connection_mgr/core/src/wlan_cm_vdev_connect.c
@@ -1183,6 +1183,13 @@ cm_get_ml_partner_info(struct wlan_objmgr_pdev *pdev,
 				continue;
 			}
 
+			/*
+			 * Reject the partner link that doesn’t pass the
+			 * security check and validate the next available
+			 * partner link. If none of the partner link passes
+			 * the security check, proceed connection with
+			 * single link.
+			 */
 			is_security_allowed =
 				wlan_cm_is_eht_allowed_for_current_security(
 							part_scan_entry);
diff --git a/core/mac/src/pe/lim/lim_process_sme_req_messages.c b/core/mac/src/pe/lim/lim_process_sme_req_messages.c
index 48e1593ed6..2b40650b2d 100644
--- a/core/mac/src/pe/lim/lim_process_sme_req_messages.c
+++ b/core/mac/src/pe/lim/lim_process_sme_req_messages.c
@@ -2111,12 +2111,18 @@ lim_get_bss_11be_mode_allowed(struct mac_context *mac_ctx,
 						  (struct qdf_mac_addr *)
 						  bss_desc->bssId);
 
+	/*
+	 * If AP advertises multiple AKMs(WPA2 PSK + WPA3), allow connection
+	 * in 11BE mode as our connection is going to be WPA3
+	 */
 	if (scan_entry) {
 		is_eht_allowed =
 			wlan_cm_is_eht_allowed_for_current_security(scan_entry);
 		util_scan_free_cache_entry(scan_entry);
-		if (!is_eht_allowed)
+		if (!is_eht_allowed) {
+			pe_debug("Downgrade to 11ax mode due to AP security validation failure");
 			return false;
+		}
 	}
 	return mlme_get_bss_11be_allowed(
 			mac_ctx->psoc,