Merge remote-tracking branch 'remotes/origin/wlan-cld3.driver.lnx.1.1-dev' into wlan-cld3.driver.lnx.2.0-dev

Fast forward CLD3.0-2.0-dev branch to tip of CLD3-1.1-dev from 5.1.0.32O to 5.1.0.34A
Merge upto commit-id: 1bd774c3c0bd9226d07f8328a50bdc089dc7fd69

* remotes/origin/wlan-cld3.driver.lnx.1.1-dev: (119 commits)
  Release 5.1.0.34A
  qcacld-3.0: Enable Rx LDPC when DBS is disabled from INI
  qcacld-3.0: Fix to handle SAP+STA DFS MCC scenario
  Release 5.1.0.34
  qcacld-3.0: Combine channel states only for 80P80
  Release 5.1.0.33Z
  qcacld-3.0: Don't set fixed params for setPktFilter ioctl
  Release 5.1.0.33Y
  qcacld-3.0: Fix improper naming and exporting of dump_frag_desc()
  qcacld-3.0: Enable logging of all DPTRACE logs for protocol packets
  Release 5.1.0.33X
  qcacld-3.0: protect rxhash history buffer for SMP
  Release 5.1.0.33W
  qcacld-3.0: Fix possible buffer overflow in sap_random_channel_sel
  qcacld-3.0: Add validation code in __lim_process_roam_scan_offload_req
  qcacld-3.0: unlock chan_lock before return in wma_dfs_indicate_radar
  qcacld-3.0: Fix null pointer dereference in wma_roam_scan_offload_mode
  qcacld-3.0: Fix input validation in wma_mgmt_tx_bundle_completion_handler
  qcacld-3.0: Fix null pointer dereference in sap_signal_hdd_event
  qcacld-3.0: Fix null pointer dereference in __lim_process_gid_management_action_frame
  ...
  Release 5.1.0.32U
  qcacld-3.0: Add iwpriv pktlog command to alter pktlog buffer size
  Release 5.1.0.32T
  qcacld-3.0: Fix offload enable status checking after interface setup
  Release 5.1.0.32S
  qcacld-3.0: Abort cds_deinit_policy_mgr if context is null
  Release 5.1.0.32R
  qcacld-3.0: Fix to respond to SA query req only in-case of SAP-PMF
  Release 5.1.0.32Q
  qcacld-3.0: Extend cfg80211 configure API
  qcacld-3.0: Fix tcp chksum can't be enabled for sap
  Release 5.1.0.32P
  qcacld-3.0: Fix memory leak issue
  qcacld-3.0: Use system time instead of jiffies for BSS received time
  Release 5.1.0.32O

Change-Id: I468345be9c83ba591aa438447b6bf35c237add6b
CRs-Fixed: 688141 1083379 1083376 1082221 1081982 1083068 1083002 1077047 1082162 1075090 1079596 1076495 1083225 1079299 1081503 1083078 1079951 1079308 1078834 1078754 1078282 1078189 1077221 1082070 1081206 1082515 1074435 1076941 1081116 1081809 1082035 1082446 959645 958544 1000968 956416 1068739 1053809 1022238 1002207 1020665 962237 979687 958906 945408 944741 955241 1081795 1031468 1081851 1081234 1081198 1079970 1078863 1079851 1079196 1049765 1049206 1079684 1079691 908252 1079679 1079659 1072584 1079440 1081073 1081177 1035577 1063245 1075406 1018460

core/cds/inc/cds_api.h

@@ -292,4 +292,5 @@ bool cds_is_5_mhz_enabled(void);
 bool cds_is_10_mhz_enabled(void);
 bool cds_is_sub_20_mhz_enabled(void);
 bool cds_is_self_recovery_enabled(void);
+void cds_pkt_stats_to_logger_thread(void *pl_hdr, void *pkt_dump, void *data);
 #endif /* if !defined __CDS_API_H */

core/cds/inc/cds_crypto.h

@@ -34,28 +34,7 @@
  *
  */
 
-#include <qdf_types.h>
-#include <qdf_status.h>
-#include <qdf_mem.h>
-#include <qdf_list.h>
-#include <qdf_trace.h>
-#include <qdf_event.h>
-#include <qdf_lock.h>
-#include <cds_reg_service.h>
-#include <cds_mq.h>
-#include <cds_packet.h>
-#include <cds_sched.h>
-#include <qdf_threads.h>
-#include <qdf_mc_timer.h>
-#include <cds_pack_align.h>
-#include <crypto/aes.h>
-#include <crypto/hash.h>
-
-static inline struct crypto_ahash *cds_crypto_alloc_ahash(const char *alg_name,
-	u32 type, u32 mask)
-{
-	return crypto_alloc_ahash(alg_name, type, mask);
-}
+#include <linux/crypto.h>
 
 static inline struct crypto_cipher *
 cds_crypto_alloc_cipher(const char *alg_name, u32 type, u32 mask)
@@ -68,36 +47,4 @@ static inline void cds_crypto_free_cipher(struct crypto_cipher *tfm)
 	crypto_free_cipher(tfm);
 }
 
-static inline void cds_crypto_free_ahash(struct crypto_ahash *tfm)
-{
-	crypto_free_ahash(tfm);
-}
-
-static inline int cds_crypto_ahash_setkey(struct crypto_ahash *tfm,
-	const u8 *key, unsigned int keylen)
-{
-	return crypto_ahash_setkey(tfm, key, keylen);
-}
-
-static inline int cds_crypto_ahash_digest(struct ahash_request *req)
-{
-	return crypto_ahash_digest(req);
-}
-
-static inline struct crypto_ablkcipher *
-cds_crypto_alloc_ablkcipher(const char *alg_name, u32 type, u32 mask)
-{
-	return crypto_alloc_ablkcipher(alg_name, type, mask);
-}
-
-static inline void cds_ablkcipher_request_free(struct ablkcipher_request *req)
-{
-	ablkcipher_request_free(req);
-}
-
-static inline void cds_crypto_free_ablkcipher(struct crypto_ablkcipher *tfm)
-{
-	crypto_free_ablkcipher(tfm);
-}
-
 #endif /* if !defined __CDS_CRYPTO_H */

core/cds/inc/cds_sched.h

@@ -551,4 +551,33 @@ void cds_ssr_unprotect(const char *caller_func);
 bool cds_wait_for_external_threads_completion(const char *caller_func);
 int cds_get_gfp_flags(void);
 
+/**
+ * cds_shutdown_notifier_register() - Register for shutdown notification
+ * @cb          : Call back to be called
+ * @priv        : Private pointer to be passed back to call back
+ *
+ * During driver remove or shutdown (recovery), external threads might be stuck
+ * waiting on some event from firmware at lower layers. Remove or shutdown can't
+ * proceed till the thread completes to avoid any race condition. Call backs can
+ * be registered here to get early notification of remove or shutdown so that
+ * waiting thread can be unblocked and hence remove or shutdown can proceed
+ * further as waiting there may not make sense when FW may already have been
+ * down.
+ *
+ * Return: CDS status
+ */
+QDF_STATUS cds_shutdown_notifier_register(void (*cb)(void *priv), void *priv);
+
+/**
+ * cds_shutdown_notifier_purge() - Purge all the notifiers
+ *
+ * Shutdown notifiers are added to provide the early notification of remove or
+ * shutdown being initiated. Adding this API to purge all the registered call
+ * backs as they are not useful any more while all the lower layers are being
+ * shutdown.
+ *
+ * Return: None
+ */
+void cds_shutdown_notifier_purge(void);
+
 #endif /* #if !defined __CDS_SCHED_H */

core/cds/inc/cds_utils.h

@@ -118,72 +118,6 @@ QDF_STATUS cds_crypto_deinit(uint32_t hCryptProv);
 QDF_STATUS cds_rand_get_bytes(uint32_t handle, uint8_t *pbBuf,
 			      uint32_t numBytes);
 
-/**
- * cds_sha1_hmac_str
- *
- * FUNCTION:
- * Generate the HMAC-SHA1 of a string given a key.
- *
- * LOGIC:
- * Standard HMAC processing from RFC 2104. The code is provided in the
- * appendix of the RFC.
- *
- * ASSUMPTIONS:
- * The RFC is correct.
- *
- * @param text text to be hashed
- * @param textLen length of text
- * @param key key to use for HMAC
- * @param keyLen length of key
- * @param digest holds resultant SHA1 HMAC (20B)
- *
- * @return QDF_STATUS_SUCCSS if the operation succeeds
- *
- */
-QDF_STATUS cds_sha1_hmac_str(uint32_t cryptHandle,      /* Handle */
-			     uint8_t *text,    /* pointer to data stream */
-			     uint32_t textLen,  /* length of data stream */
-			     uint8_t *key,     /* pointer to authentication key */
-			     uint32_t keyLen,   /* length of authentication key */
-			     uint8_t digest[CDS_DIGEST_SHA1_SIZE]);     /* caller digest to be filled in */
-
-/**
- * cds_md5_hmac_str
- *
- * FUNCTION:
- * Generate the HMAC-MD5 of a string given a key.
- *
- * LOGIC:
- * Standard HMAC processing from RFC 2104. The code is provided in the
- * appendix of the RFC.
- *
- * ASSUMPTIONS:
- * The RFC is correct.
- *
- * @param text text to be hashed
- * @param textLen length of text
- * @param key key to use for HMAC
- * @param keyLen length of key
- * @param digest holds resultant MD5 HMAC (16B)
- *
- * @return QDF_STATUS_SUCCSS if the operation succeeds
- *
- */
-QDF_STATUS cds_md5_hmac_str(uint32_t cryptHandle,       /* Handle */
-			    uint8_t *text,     /* pointer to data stream */
-			    uint32_t textLen,   /* length of data stream */
-			    uint8_t *key,      /* pointer to authentication key */
-			    uint32_t keyLen,    /* length of authentication key */
-			    uint8_t digest[CDS_DIGEST_MD5_SIZE]);       /* caller digest to be filled in */
-
-QDF_STATUS cds_encrypt_aes(uint32_t cryptHandle,        /* Handle */
-			   uint8_t *pText,      /* pointer to data stream */
-			   uint8_t *Encrypted, uint8_t *pKey);          /* pointer to authentication key */
-
-QDF_STATUS cds_decrypt_aes(uint32_t cryptHandle,        /* Handle */
-			   uint8_t *pText,      /* pointer to data stream */
-			   uint8_t *pDecrypted, uint8_t *pKey);         /* pointer to authentication key */
-
 uint32_t cds_chan_to_freq(uint8_t chan);
 uint8_t cds_freq_to_chan(uint32_t freq);
 enum cds_band_type cds_chan_to_band(uint32_t chan);

core/cds/src/cds_api.c

@@ -824,6 +824,8 @@ QDF_STATUS cds_close(v_CONTEXT_t cds_context)
 		QDF_ASSERT(QDF_IS_STATUS_SUCCESS(qdf_status));
 	}
 
+	cds_shutdown_notifier_purge();
+
 	cds_deinit_log_completion();
 	cds_deinit_ini_config();
 	qdf_timer_module_deinit();
@@ -836,7 +838,11 @@ void cds_flush_cache_rx_queue(void)
 {
 	uint8_t sta_id;
 	struct ol_txrx_peer_t *peer;
-	struct ol_txrx_pdev_t *pdev = cds_get_context(QDF_MODULE_ID_TXRX);
+	struct ol_txrx_pdev_t *pdev;
+
+	pdev = cds_get_context(QDF_MODULE_ID_TXRX);
+	if (!pdev)
+		return;
 
 	for (sta_id = 0; sta_id < WLAN_MAX_STA_COUNT; sta_id++) {
 		peer = ol_txrx_peer_find_by_local_id(pdev, sta_id);
@@ -1130,9 +1136,6 @@ QDF_STATUS cds_alloc_context(void *p_cds_context, QDF_MODULE_ID moduleID,
 		return QDF_STATUS_E_NOMEM;
 	}
 
-	if (moduleID == QDF_MODULE_ID_TLSHIM)
-		qdf_mem_zero(*ppModuleContext, size);
-
 	*pGpModContext = *ppModuleContext;
 
 	return QDF_STATUS_SUCCESS;
@@ -2293,3 +2296,23 @@ void cds_svc_fw_shutdown_ind(struct device *dev)
 {
 	hdd_svc_fw_shutdown_ind(dev);
 }
+
+/*
+ * cds_pkt_stats_to_logger_thread() - send pktstats to user
+ * @pl_hdr: Pointer to pl_hdr
+ * @pkt_dump: Pointer to pkt_dump data structure.
+ * @data: Pointer to data
+ *
+ * This function is used to send the pkt stats to SVC module.
+ *
+ * Return: None
+ */
+inline void cds_pkt_stats_to_logger_thread(void *pl_hdr, void *pkt_dump,
+						void *data)
+{
+	if (cds_get_ring_log_level(RING_ID_PER_PACKET_STATS) !=
+						WLAN_LOG_LEVEL_ACTIVE)
+		return;
+
+	wlan_pkt_stats_to_logger_thread(pl_hdr, pkt_dump, data);
+}

core/cds/src/cds_concurrency.c

@@ -3344,7 +3344,6 @@ void cds_dump_concurrency_info(void)
 		status = hdd_get_next_adapter(hdd_ctx, adapterNode, &pNext);
 		adapterNode = pNext;
 	}
-	cds_dump_current_concurrency();
 	hdd_ctx->mcc_mode = cds_current_concurrency_is_mcc();
 }
 
@@ -3572,6 +3571,52 @@ static void cds_pdev_set_pcl(enum tQDF_ADAPTER_MODE mode)
 		cds_info("Set PCL to FW for mode:%d", mode);
 }
 
+
+/**
+ * cds_set_pcl_for_existing_combo() - Set PCL for existing connection
+ * @mode: Connection mode of type 'cds_con_mode'
+ *
+ * Set the PCL for an existing connection
+ *
+ * Return: None
+ */
+static void cds_set_pcl_for_existing_combo(enum cds_con_mode mode)
+{
+	struct cds_conc_connection_info info;
+	enum tQDF_ADAPTER_MODE pcl_mode;
+
+	switch (mode) {
+	case CDS_STA_MODE:
+		pcl_mode = QDF_STA_MODE;
+		break;
+	case CDS_SAP_MODE:
+		pcl_mode = QDF_SAP_MODE;
+		break;
+	case CDS_P2P_CLIENT_MODE:
+		pcl_mode = QDF_P2P_CLIENT_MODE;
+		break;
+	case CDS_P2P_GO_MODE:
+		pcl_mode = QDF_P2P_GO_MODE;
+		break;
+	case CDS_IBSS_MODE:
+		pcl_mode = QDF_IBSS_MODE;
+		break;
+	default:
+		cds_err("Invalid mode to set PCL");
+		return;
+	};
+
+	if (cds_mode_specific_connection_count(mode, NULL) > 0) {
+		/* Check, store and temp delete the mode's parameter */
+		cds_store_and_del_conn_info(mode, &info);
+		/* Set the PCL to the FW since connection got updated */
+		cds_pdev_set_pcl(pcl_mode);
+		cds_info("Set PCL to FW for mode:%d", mode);
+		/* Restore the connection info */
+		cds_restore_deleted_conn_info(&info);
+	}
+}
+
 /**
  * cds_incr_active_session() - increments the number of active sessions
  * @mode:	Adapter mode
@@ -3633,9 +3678,14 @@ void cds_incr_active_session(enum tQDF_ADAPTER_MODE mode,
 		cds_info("Set PCL of STA to FW");
 	}
 	cds_incr_connection_count(session_id);
+	if ((cds_mode_specific_connection_count(CDS_STA_MODE, NULL) > 0) &&
+		(mode != QDF_STA_MODE)) {
+		cds_set_pcl_for_existing_combo(CDS_STA_MODE);
+	}
 
 	/* set tdls connection tracker state */
 	cds_set_tdls_ct_mode(hdd_ctx);
+	cds_dump_current_concurrency();
 
 	qdf_mutex_release(&cds_ctx->qdf_conc_list_lock);
 }
@@ -3709,52 +3759,6 @@ done:
 	return upgrade;
 }
 
-
-/**
- * cds_set_pcl_for_existing_combo() - Set PCL for existing connection
- * @mode: Connection mode of type 'cds_con_mode'
- *
- * Set the PCL for an existing connection
- *
- * Return: None
- */
-static void cds_set_pcl_for_existing_combo(enum cds_con_mode mode)
-{
-	struct cds_conc_connection_info info;
-	enum tQDF_ADAPTER_MODE pcl_mode;
-
-	switch (mode) {
-	case CDS_STA_MODE:
-		pcl_mode = QDF_STA_MODE;
-		break;
-	case CDS_SAP_MODE:
-		pcl_mode = QDF_SAP_MODE;
-		break;
-	case CDS_P2P_CLIENT_MODE:
-		pcl_mode = QDF_P2P_CLIENT_MODE;
-		break;
-	case CDS_P2P_GO_MODE:
-		pcl_mode = QDF_P2P_GO_MODE;
-		break;
-	case CDS_IBSS_MODE:
-		pcl_mode = QDF_IBSS_MODE;
-		break;
-	default:
-		cds_err("Invalid mode to set PCL");
-		return;
-	};
-
-	if (cds_mode_specific_connection_count(mode, NULL) > 0) {
-		/* Check, store and temp delete the mode's parameter */
-		cds_store_and_del_conn_info(mode, &info);
-		/* Set the PCL to the FW since connection got updated */
-		cds_pdev_set_pcl(pcl_mode);
-		cds_info("Set PCL to FW for mode:%d", mode);
-		/* Restore the connection info */
-		cds_restore_deleted_conn_info(&info);
-	}
-}
-
 /**
  * cds_get_pcl_for_existing_conn() - Get PCL for existing connection
  * @mode: Connection mode of type 'cds_con_mode'
@@ -3908,6 +3912,8 @@ void cds_decr_active_session(enum tQDF_ADAPTER_MODE mode,
 	/* set tdls connection tracker state */
 	cds_set_tdls_ct_mode(hdd_ctx);
 
+	cds_dump_current_concurrency();
+
 	qdf_mutex_release(&cds_ctx->qdf_conc_list_lock);
 }
 
@@ -3963,8 +3969,7 @@ QDF_STATUS cds_deinit_policy_mgr(void)
 	cds_ctx = cds_get_context(QDF_MODULE_ID_QDF);
 	if (!cds_ctx) {
 		cds_err("Invalid CDS Context");
-		status = QDF_STATUS_E_FAILURE;
-		QDF_ASSERT(0);
+		return QDF_STATUS_E_FAILURE;
 	}
 
 	if (!QDF_IS_STATUS_SUCCESS(qdf_event_destroy
@@ -5294,6 +5299,39 @@ static bool cds_vht160_conn_exist(void)
 	return status;
 }
 
+/**
+ * cds_is_5g_channel_allowed() - check if 5g channel is allowed
+ * @channel: channel number which needs to be validated
+ * @list: list of existing connections.
+ * @mode: mode against which channel needs to be validated
+ *
+ * This API takes the channel as input and compares with existing
+ * connection channels. If existing connection's channel is DFS channel
+ * and provided channel is 5G channel then don't allow concurrency to
+ * happen as MCC with DFS channel is not yet supported
+ *
+ * Return: true if 5G channel is allowed, false if not allowed
+ *
+ */
+static bool cds_is_5g_channel_allowed(uint8_t channel, uint32_t *list,
+				      enum cds_con_mode mode)
+{
+	uint32_t index = 0, count = 0;
+
+	count = cds_mode_specific_connection_count(mode, list);
+	while (index < count) {
+		if (CDS_IS_DFS_CH(conc_connection_list[list[index]].chan) &&
+		    CDS_IS_CHANNEL_5GHZ(channel) &&
+		    (channel != conc_connection_list[list[index]].chan)) {
+			cds_err("don't allow MCC if SAP/GO on DFS channel");
+			return false;
+		}
+		index++;
+	}
+	return true;
+
+}
+
 /**
  * cds_allow_concurrency() - Check for allowed concurrency
  * combination
@@ -5357,59 +5395,24 @@ bool cds_allow_concurrency(enum cds_con_mode mode,
 
 	if (channel) {
 		/* don't allow 3rd home channel on same MAC */
-		if (!cds_allow_new_home_channel(channel,
-			num_connections))
-				goto done;
-
-		/*
-		 * If you already have STA connection then don't
-		 * allow any other persona to make connection on DFS channel
-		 * because STA might be on non-DFS right now but later on as
-		 * part of roaming if STA connects to DFS channel which happens
-		 * to be different than requested DFS channel then MCC DFS
-		 * scenario will be encountered
-		 */
-		count = cds_mode_specific_connection_count(CDS_STA_MODE,
-								list);
-		if ((count > 0) && CDS_IS_DFS_CH(channel)) {
-			cds_err("STA active, don't allow DFS channel for 2nd connection");
+		if (!cds_allow_new_home_channel(channel, num_connections))
 			goto done;
-		}
 
 		/*
-		 * don't allow MCC if SAP/GO on DFS channel or about to come up
-		 * on DFS channel
+		 * 1) DFS MCC is not yet supported
+		 * 2) If you already have STA connection on 5G channel then
+		 *    don't allow any other persona to make connection on DFS
+		 *    channel because STA 5G + DFS MCC is not allowed.
+		 * 3) If STA is on 2G channel and SAP is coming up on
+		 *    DFS channel then allow concurrency but make sure it is
+		 *    going to DBS and send PCL to firmware indicating that
+		 *    don't allow STA to roam to 5G channels.
 		 */
-		count = cds_mode_specific_connection_count(
-				CDS_P2P_GO_MODE, list);
-		while (index < count) {
-			if ((CDS_IS_DFS_CH(
-				conc_connection_list[list[index]].chan)) &&
-				(CDS_IS_CHANNEL_5GHZ(channel)) &&
-				(channel !=
-				conc_connection_list[list[index]].chan)) {
-				cds_err("don't allow MCC if SAP/GO on DFS channel");
-				goto done;
-			}
-			index++;
-		}
-
-		index = 0;
-		count = cds_mode_specific_connection_count(
-				CDS_SAP_MODE, list);
-		while (index < count) {
-			if ((CDS_IS_DFS_CH(
-				conc_connection_list[list[index]].chan)) &&
-				(CDS_IS_CHANNEL_5GHZ(channel)) &&
-				(channel !=
-				conc_connection_list[list[index]].chan)) {
-				cds_err("don't allow MCC if SAP/GO on DFS channel");
-				goto done;
-			}
-			index++;
-		}
+		if (!cds_is_5g_channel_allowed(channel, list, CDS_P2P_GO_MODE))
+			goto done;
+		if (!cds_is_5g_channel_allowed(channel, list, CDS_SAP_MODE))
+			goto done;
 
-		index = 0;
 		if ((CDS_P2P_GO_MODE == mode) || (CDS_SAP_MODE == mode)) {
 			if (CDS_IS_DFS_CH(channel))
 				match = cds_disallow_mcc(channel);
@@ -6662,11 +6665,11 @@ static bool cds_sta_p2pgo_concur_handle(hdd_adapter_t *sta_adapter,
 			if (p2pgo_channel_num <= 14) {
 				freq = ieee80211_channel_to_frequency(
 						p2pgo_channel_num,
-						IEEE80211_BAND_2GHZ);
+						NL80211_BAND_2GHZ);
 			} else {
 				freq = ieee80211_channel_to_frequency(
 						p2pgo_channel_num,
-						IEEE80211_BAND_5GHZ);
+						NL80211_BAND_5GHZ);
 			}
 			qdf_mem_zero(&hdd_avoid_freq_list,
 					sizeof(hdd_avoid_freq_list));

core/cds/src/cds_reg_service.c

@@ -469,8 +469,12 @@ static void cds_set_5g_channel_params(uint16_t oper_ch,
 	const struct bonded_chan *bonded_chan_ptr = NULL;
 	const struct bonded_chan *bonded_chan_ptr2 = NULL;
 
-	if (CH_WIDTH_MAX <= ch_params->ch_width)
-		ch_params->ch_width = CH_WIDTH_80P80MHZ;
+	if (CH_WIDTH_MAX <= ch_params->ch_width) {
+		if (0 != ch_params->center_freq_seg1)
+			ch_params->ch_width = CH_WIDTH_80P80MHZ;
+		else
+			ch_params->ch_width = CH_WIDTH_160MHZ;
+	}
 
 	while (ch_params->ch_width != CH_WIDTH_INVALID) {
 		bonded_chan_ptr = NULL;
@@ -482,13 +486,14 @@ static void cds_set_5g_channel_params(uint16_t oper_ch,
 		chan_state = cds_get_5g_bonded_channel_state(oper_ch,
 							  ch_params->ch_width);
 
-		if (CH_WIDTH_80P80MHZ == ch_params->ch_width)
+		if (CH_WIDTH_80P80MHZ == ch_params->ch_width) {
 			chan_state2 = cds_get_5g_bonded_channel_state(
 				ch_params->center_freq_seg1 - 2,
 				CH_WIDTH_80MHZ);
 
-		chan_state = cds_combine_channel_states(chan_state,
-							chan_state2);
+			chan_state = cds_combine_channel_states(chan_state,
+								chan_state2);
+		}
 
 		if ((CHANNEL_STATE_ENABLE == chan_state) ||
 		    (CHANNEL_STATE_DFS == chan_state)) {

core/cds/src/cds_sched.c

@@ -73,6 +73,20 @@ struct ssr_protect {
 static spinlock_t ssr_protect_lock;
 static struct ssr_protect ssr_protect_log[MAX_SSR_PROTECT_LOG];
 
+struct shutdown_notifier {
+	struct list_head list;
+	void (*cb)(void *priv);
+	void *priv;
+};
+
+struct list_head shutdown_notifier_head;
+
+enum notifier_state {
+	NOTIFIER_STATE_NONE,
+	NOTIFIER_STATE_NOTIFYING,
+} notifier_state;
+
+
 static p_cds_sched_context gp_cds_sched_context;
 
 static int cds_mc_thread(void *Arg);
@@ -880,7 +894,6 @@ static QDF_STATUS cds_alloc_ol_rx_pkt_freeq(p_cds_sched_context pSchedContext)
 				  __func__);
 			goto free;
 		}
-		memset(pkt, 0, sizeof(*pkt));
 		spin_lock_bh(&pSchedContext->cds_ol_rx_pkt_freeq_lock);
 		list_add_tail(&pkt->list, &pSchedContext->cds_ol_rx_pkt_freeq);
 		spin_unlock_bh(&pSchedContext->cds_ol_rx_pkt_freeq_lock);
@@ -1374,6 +1387,8 @@ void cds_ssr_protect_init(void)
 		ssr_protect_log[i].pid =  0;
 		i++;
 	}
+
+	INIT_LIST_HEAD(&shutdown_notifier_head);
 }
 
 /**
@@ -1393,8 +1408,9 @@ static void cds_print_external_threads(void)
 	while (i < MAX_SSR_PROTECT_LOG) {
 		if (!ssr_protect_log[i].free) {
 			QDF_TRACE(QDF_MODULE_ID_QDF, QDF_TRACE_LEVEL_ERROR,
-			"PID %d is stuck at %s", ssr_protect_log[i].pid,
-			ssr_protect_log[i].func);
+				  "PID %d is executing %s",
+				  ssr_protect_log[i].pid,
+				  ssr_protect_log[i].func);
 		}
 		i++;
 	}
@@ -1434,10 +1450,22 @@ void cds_ssr_protect(const char *caller_func)
 
 	spin_unlock_irqrestore(&ssr_protect_lock, irq_flags);
 
+	/*
+	 * Dump the protect log at intervals if count is consistently growing.
+	 * Long running functions should tend to dominate the protect log, so
+	 * hopefully, dumping at multiples of log size will prevent spamming the
+	 * logs while telling us which calls are taking a long time to finish.
+	 */
+	if (count >= MAX_SSR_PROTECT_LOG && count % MAX_SSR_PROTECT_LOG == 0) {
+		QDF_TRACE(QDF_MODULE_ID_QDF, QDF_TRACE_LEVEL_ERROR,
+			  "Protect Log overflow; Dumping contents:");
+		cds_print_external_threads();
+	}
+
 	if (!status)
 		QDF_TRACE(QDF_MODULE_ID_QDF, QDF_TRACE_LEVEL_ERROR,
-		"Could not track PID %d call %s: log is full",
-		current->pid, caller_func);
+			  "%s can not be protected; PID:%d, entry_count:%d",
+			  caller_func, current->pid, count);
 }
 
 /**
@@ -1475,7 +1503,115 @@ void cds_ssr_unprotect(const char *caller_func)
 
 	if (!status)
 		QDF_TRACE(QDF_MODULE_ID_QDF, QDF_TRACE_LEVEL_ERROR,
-			"Untracked call %s", caller_func);
+			  "%s was not protected; PID:%d, entry_count:%d",
+			  caller_func, current->pid, count);
+}
+
+/**
+ * cds_shutdown_notifier_register() - Register for shutdown notification
+ * @cb          : Call back to be called
+ * @priv        : Private pointer to be passed back to call back
+ *
+ * During driver remove or shutdown (recovery), external threads might be stuck
+ * waiting on some event from firmware at lower layers. Remove or shutdown can't
+ * proceed till the thread completes to avoid any race condition. Call backs can
+ * be registered here to get early notification of remove or shutdown so that
+ * waiting thread can be unblocked and hence remove or shutdown can proceed
+ * further as waiting there may not make sense when FW may already have been
+ * down.
+ *
+ * This is intended for early notification of remove() or shutdown() only so
+ * that lower layers can take care of stuffs like external waiting thread.
+ *
+ * Return: CDS status
+ */
+QDF_STATUS cds_shutdown_notifier_register(void (*cb)(void *priv), void *priv)
+{
+	struct shutdown_notifier *notifier;
+	unsigned long irq_flags;
+
+	notifier = qdf_mem_malloc(sizeof(*notifier));
+
+	if (notifier == NULL)
+		return QDF_STATUS_E_NOMEM;
+
+	/*
+	 * This logic can be simpilfied if there is separate state maintained
+	 * for shutdown and reinit. Right now there is only recovery in progress
+	 * state and it doesn't help to check against it as during reinit some
+	 * of the modules may need to register the call backs.
+	 * For now this logic added to avoid notifier registration happen while
+	 * this function is trying to call the call back with the notification.
+	 */
+	spin_lock_irqsave(&ssr_protect_lock, irq_flags);
+	if (notifier_state == NOTIFIER_STATE_NOTIFYING) {
+		spin_unlock_irqrestore(&ssr_protect_lock, irq_flags);
+		qdf_mem_free(notifier);
+		return -EINVAL;
+	}
+
+	notifier->cb = cb;
+	notifier->priv = priv;
+
+	list_add_tail(&notifier->list, &shutdown_notifier_head);
+	spin_unlock_irqrestore(&ssr_protect_lock, irq_flags);
+
+	return 0;
+}
+
+/**
+ * cds_shutdown_notifier_purge() - Purge all the notifiers
+ *
+ * Shutdown notifiers are added to provide the early notification of remove or
+ * shutdown being initiated. Adding this API to purge all the registered call
+ * backs as they are not useful any more while all the lower layers are being
+ * shutdown.
+ *
+ * Return: None
+ */
+void cds_shutdown_notifier_purge(void)
+{
+	struct shutdown_notifier *notifier, *temp;
+	unsigned long irq_flags;
+
+	spin_lock_irqsave(&ssr_protect_lock, irq_flags);
+	list_for_each_entry_safe(notifier, temp,
+				 &shutdown_notifier_head, list) {
+		list_del(&notifier->list);
+		spin_unlock_irqrestore(&ssr_protect_lock, irq_flags);
+
+		qdf_mem_free(notifier);
+
+		spin_lock_irqsave(&ssr_protect_lock, irq_flags);
+	}
+
+	spin_unlock_irqrestore(&ssr_protect_lock, irq_flags);
+}
+
+/**
+ * cds_shutdown_notifier_call() - Call shutdown notifier call back
+ *
+ * Call registered shutdown notifier call back to indicate about remove or
+ * shutdown.
+ */
+static void cds_shutdown_notifier_call(void)
+{
+	struct shutdown_notifier *notifier;
+	unsigned long irq_flags;
+
+	spin_lock_irqsave(&ssr_protect_lock, irq_flags);
+	notifier_state = NOTIFIER_STATE_NOTIFYING;
+
+	list_for_each_entry(notifier, &shutdown_notifier_head, list) {
+		spin_unlock_irqrestore(&ssr_protect_lock, irq_flags);
+
+		notifier->cb(notifier->priv);
+
+		spin_lock_irqsave(&ssr_protect_lock, irq_flags);
+	}
+
+	notifier_state = NOTIFIER_STATE_NONE;
+	spin_unlock_irqrestore(&ssr_protect_lock, irq_flags);
 }
 
 /**
@@ -1489,21 +1625,29 @@ void cds_ssr_unprotect(const char *caller_func)
 bool cds_wait_for_external_threads_completion(const char *caller_func)
 {
 	int count = MAX_SSR_WAIT_ITERATIONS;
+	int r;
+
+	cds_shutdown_notifier_call();
 
 	while (count) {
 
-		if (!atomic_read(&ssr_protect_entry_count))
+		r = atomic_read(&ssr_protect_entry_count);
+
+		if (!r)
 			break;
 
 		if (--count) {
 			QDF_TRACE(QDF_MODULE_ID_QDF, QDF_TRACE_LEVEL_ERROR,
-				  "%s: Waiting for active entry points to exit",
-				  __func__);
+				  "%s: Waiting for %d active entry points to exit",
+				  __func__, r);
 			msleep(SSR_WAIT_SLEEP_TIME);
 		}
 	}
+
 	/* at least one external thread is executing */
 	if (!count) {
+		QDF_TRACE(QDF_MODULE_ID_QDF, QDF_TRACE_LEVEL_ERROR,
+			  "Timed-out waiting for active entry points:");
 		cds_print_external_threads();
 		return false;
 	}

core/cds/src/cds_utils.c

@@ -38,9 +38,6 @@
    cds_crypto_init() - Initializes Crypto module
    cds_crypto_deinit() - De-initializes Crypto module
    cds_rand_get_bytes() - Generates random byte
-   cds_sha1_hmac_str() - Generate the HMAC-SHA1 of a string given a key
-   cds_encrypt_aes() - Generate AES Encrypted byte stream
-   cds_decrypt_aes() - Decrypts an AES Encrypted byte stream
 
    DEPENDENCIES:
    ============================================================================*/
@@ -426,7 +423,6 @@ cds_attach_mmie(uint8_t *igtk, uint8_t *ipn, uint16_t key_id,
 	 * Copy the AAD, Management frame body, and
 	 * MMIE with 8 bit MIC zeroed out
 	 */
-	qdf_mem_zero(input, nBytes);
 	qdf_mem_copy(input, aad, AAD_LEN);
 	/* Copy Management Frame Body and MMIE without MIC */
 	qdf_mem_copy(input + AAD_LEN,
@@ -533,7 +529,6 @@ cds_is_mmie_valid(uint8_t *igtk, uint8_t *ipn, uint8_t *frm, uint8_t *efrm)
 	}
 
 	/* Copy the AAD, MMIE with 8 bit MIC zeroed out */
-	qdf_mem_zero(input, nBytes);
 	qdf_mem_copy(input, aad, AAD_LEN);
 	qdf_mem_copy(input + AAD_LEN, (uint8_t *) (wh + 1),
 		     nBytes - AAD_LEN - CMAC_TLEN);
@@ -570,532 +565,6 @@ err_tfm:
 }
 
 #endif /* WLAN_FEATURE_11W */
-/**
- * cds_sha1_hmac_str
- *
- * FUNCTION:
- * Generate the HMAC-SHA1 of a string given a key.
- *
- * LOGIC:
- * Standard HMAC processing from RFC 2104. The code is provided in the
- * appendix of the RFC.
- *
- * ASSUMPTIONS:
- * The RFC is correct.
- *
- * @param text text to be hashed
- * @param textLen length of text
- * @param key key to use for HMAC
- * @param keyLen length of key
- * @param digest holds resultant SHA1 HMAC (20B)
- *
- * @return QDF_STATUS_SUCCSS if the operation succeeds
- *
- */
-
-struct hmac_sha1_result {
-	struct completion completion;
-	int err;
-};
-
-static void hmac_sha1_complete(struct crypto_async_request *req, int err)
-{
-	struct hmac_sha1_result *r = req->data;
-	if (err == -EINPROGRESS)
-		return;
-	r->err = err;
-	complete(&r->completion);
-}
-
-static int
-hmac_sha1(uint8_t *key, uint8_t ksize, char *plaintext, uint8_t psize,
-	  uint8_t *output, uint8_t outlen)
-{
-	int ret = 0;
-	struct crypto_ahash *tfm;
-	struct scatterlist sg;
-	struct ahash_request *req;
-	struct hmac_sha1_result tresult;
-	void *hash_buff = NULL;
-
-	unsigned char hash_result[64];
-	int i;
-
-	memset(output, 0, outlen);
-
-	init_completion(&tresult.completion);
-
-	tfm = cds_crypto_alloc_ahash("hmac(sha1)", CRYPTO_ALG_TYPE_AHASH,
-				 CRYPTO_ALG_TYPE_AHASH_MASK);
-	if (IS_ERR(tfm)) {
-		QDF_TRACE(QDF_MODULE_ID_QDF, QDF_TRACE_LEVEL_ERROR,
-			  "crypto_alloc_ahash failed");
-		ret = PTR_ERR(tfm);
-		goto err_tfm;
-	}
-
-	req = ahash_request_alloc(tfm, GFP_KERNEL);
-	if (!req) {
-		QDF_TRACE(QDF_MODULE_ID_QDF, QDF_TRACE_LEVEL_ERROR,
-			  "failed to allocate request for hmac(sha1)");
-		ret = -ENOMEM;
-		goto err_req;
-	}
-
-	ahash_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG,
-				   hmac_sha1_complete, &tresult);
-
-	hash_buff = kzalloc(psize, GFP_KERNEL);
-	if (!hash_buff) {
-		QDF_TRACE(QDF_MODULE_ID_QDF, QDF_TRACE_LEVEL_ERROR,
-			  "failed to kzalloc hash_buff");
-		ret = -ENOMEM;
-		goto err_hash_buf;
-	}
-
-	memset(hash_result, 0, 64);
-	memcpy(hash_buff, plaintext, psize);
-	sg_init_one(&sg, hash_buff, psize);
-
-	if (ksize) {
-		crypto_ahash_clear_flags(tfm, ~0);
-		ret = cds_crypto_ahash_setkey(tfm, key, ksize);
-		if (ret) {
-			QDF_TRACE(QDF_MODULE_ID_QDF, QDF_TRACE_LEVEL_ERROR,
-				  "crypto_ahash_setkey failed");
-			goto err_setkey;
-		}
-	}
-
-	ahash_request_set_crypt(req, &sg, hash_result, psize);
-	ret = cds_crypto_ahash_digest(req);
-	QDF_TRACE(QDF_MODULE_ID_QDF, QDF_TRACE_LEVEL_ERROR, "ret 0x%x", ret);
-
-	switch (ret) {
-	case 0:
-		for (i = 0; i < outlen; i++)
-			output[i] = hash_result[i];
-		break;
-	case -EINPROGRESS:
-	case -EBUSY:
-		ret = wait_for_completion_interruptible(&tresult.completion);
-		if (!ret && !tresult.err) {
-			for (i = 0; i < outlen; i++)
-				output[i] = hash_result[i];
-			INIT_COMPLETION(tresult.completion);
-			break;
-		} else {
-			QDF_TRACE(QDF_MODULE_ID_QDF, QDF_TRACE_LEVEL_ERROR,
-				  "wait_for_completion_interruptible failed");
-			if (!ret)
-				ret = tresult.err;
-			goto out;
-		}
-	default:
-		goto out;
-	}
-
-out:
-err_setkey:
-	kfree(hash_buff);
-err_hash_buf:
-	ahash_request_free(req);
-err_req:
-	cds_crypto_free_ahash(tfm);
-err_tfm:
-	return ret;
-}
-
-QDF_STATUS cds_sha1_hmac_str(uint32_t cryptHandle,      /* Handle */
-			     uint8_t *pText,    /* pointer to data stream */
-			     uint32_t textLen,  /* length of data stream */
-			     uint8_t *pKey,     /* pointer to authentication key */
-			     uint32_t keyLen,   /* length of authentication key */
-			     uint8_t digest[CDS_DIGEST_SHA1_SIZE])
-{                               /* caller digest to be filled in */
-	int ret = 0;
-
-	ret = hmac_sha1(pKey,   /* uint8_t *key, */
-			(uint8_t) keyLen,       /* uint8_t ksize, */
-			(char *)pText,  /* char *plaintext, */
-			(uint8_t) textLen,      /* uint8_t psize, */
-			digest, /* uint8_t *output, */
-			CDS_DIGEST_SHA1_SIZE    /* uint8_t outlen */
-			);
-
-	if (ret != 0) {
-		QDF_TRACE(QDF_MODULE_ID_QDF, QDF_TRACE_LEVEL_ERROR,
-			  "hmac_sha1() call failed");
-		return QDF_STATUS_E_FAULT;
-	}
-
-	return QDF_STATUS_SUCCESS;
-}
-
-/**
- * cds_md5_hmac_str
- *
- * FUNCTION:
- * Generate the HMAC-MD5 of a string given a key.
- *
- * LOGIC:
- * Standard HMAC processing from RFC 2104. The code is provided in the
- * appendix of the RFC.
- *
- * ASSUMPTIONS:
- * The RFC is correct.
- *
- * @param text text to be hashed
- * @param textLen length of text
- * @param key key to use for HMAC
- * @param keyLen length of key
- * @param digest holds resultant MD5 HMAC (20B)
- *
- * @return QDF_STATUS_SUCCSS if the operation succeeds
- *
- */
-struct hmac_md5_result {
-	struct completion completion;
-	int err;
-};
-
-static void hmac_md5_complete(struct crypto_async_request *req, int err)
-{
-	struct hmac_md5_result *r = req->data;
-	if (err == -EINPROGRESS)
-		return;
-	r->err = err;
-	complete(&r->completion);
-}
-
-static int
-hmac_md5(uint8_t *key, uint8_t ksize, char *plaintext, uint8_t psize,
-	 uint8_t *output, uint8_t outlen)
-{
-	int ret = 0;
-	struct crypto_ahash *tfm;
-	struct scatterlist sg;
-	struct ahash_request *req;
-	struct hmac_md5_result tresult = {.err = 0 };
-	void *hash_buff = NULL;
-
-	unsigned char hash_result[64];
-	int i;
-
-	memset(output, 0, outlen);
-
-	init_completion(&tresult.completion);
-
-	tfm = cds_crypto_alloc_ahash("hmac(md5)", CRYPTO_ALG_TYPE_AHASH,
-				 CRYPTO_ALG_TYPE_AHASH_MASK);
-	if (IS_ERR(tfm)) {
-		QDF_TRACE(QDF_MODULE_ID_QDF, QDF_TRACE_LEVEL_ERROR,
-			  "crypto_alloc_ahash failed");
-		ret = PTR_ERR(tfm);
-		goto err_tfm;
-	}
-
-	req = ahash_request_alloc(tfm, GFP_KERNEL);
-	if (!req) {
-		QDF_TRACE(QDF_MODULE_ID_QDF, QDF_TRACE_LEVEL_ERROR,
-			  "failed to allocate request for hmac(md5)");
-		ret = -ENOMEM;
-		goto err_req;
-	}
-
-	ahash_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG,
-				   hmac_md5_complete, &tresult);
-
-	hash_buff = kzalloc(psize, GFP_KERNEL);
-	if (!hash_buff) {
-		QDF_TRACE(QDF_MODULE_ID_QDF, QDF_TRACE_LEVEL_ERROR,
-			  "failed to kzalloc hash_buff");
-		ret = -ENOMEM;
-		goto err_hash_buf;
-	}
-
-	memset(hash_result, 0, 64);
-	memcpy(hash_buff, plaintext, psize);
-	sg_init_one(&sg, hash_buff, psize);
-
-	if (ksize) {
-		crypto_ahash_clear_flags(tfm, ~0);
-		ret = cds_crypto_ahash_setkey(tfm, key, ksize);
-		if (ret) {
-			QDF_TRACE(QDF_MODULE_ID_QDF, QDF_TRACE_LEVEL_ERROR,
-				  "crypto_ahash_setkey failed");
-			goto err_setkey;
-		}
-	}
-
-	ahash_request_set_crypt(req, &sg, hash_result, psize);
-	ret = cds_crypto_ahash_digest(req);
-
-	QDF_TRACE(QDF_MODULE_ID_QDF, QDF_TRACE_LEVEL_ERROR, "ret 0x%x", ret);
-
-	switch (ret) {
-	case 0:
-		for (i = 0; i < outlen; i++)
-			output[i] = hash_result[i];
-		break;
-	case -EINPROGRESS:
-	case -EBUSY:
-		ret = wait_for_completion_interruptible(&tresult.completion);
-		if (!ret && !tresult.err) {
-			INIT_COMPLETION(tresult.completion);
-			break;
-		} else {
-			QDF_TRACE(QDF_MODULE_ID_QDF, QDF_TRACE_LEVEL_ERROR,
-				  "wait_for_completion_interruptible failed");
-			if (!ret)
-				ret = tresult.err;
-			goto out;
-		}
-	default:
-		goto out;
-	}
-
-out:
-err_setkey:
-	kfree(hash_buff);
-err_hash_buf:
-	ahash_request_free(req);
-err_req:
-	cds_crypto_free_ahash(tfm);
-err_tfm:
-	return ret;
-}
-
-QDF_STATUS cds_md5_hmac_str(uint32_t cryptHandle,       /* Handle */
-			    uint8_t *pText,     /* pointer to data stream */
-			    uint32_t textLen,   /* length of data stream */
-			    uint8_t *pKey,      /* pointer to authentication key */
-			    uint32_t keyLen,    /* length of authentication key */
-			    uint8_t digest[CDS_DIGEST_MD5_SIZE])
-{                               /* caller digest to be filled in */
-	int ret = 0;
-
-	ret = hmac_md5(pKey,    /* uint8_t *key, */
-		       (uint8_t) keyLen,        /* uint8_t ksize, */
-		       (char *)pText,   /* char *plaintext, */
-		       (uint8_t) textLen,       /* uint8_t psize, */
-		       digest,  /* uint8_t *output, */
-		       CDS_DIGEST_MD5_SIZE      /* uint8_t outlen */
-		       );
-
-	if (ret != 0) {
-		QDF_TRACE(QDF_MODULE_ID_QDF, QDF_TRACE_LEVEL_ERROR,
-			  "hmac_md5() call failed");
-		return QDF_STATUS_E_FAULT;
-	}
-
-	return QDF_STATUS_SUCCESS;
-}
-
-struct ecb_aes_result {
-	struct completion completion;
-	int err;
-};
-
-static void ecb_aes_complete(struct crypto_async_request *req, int err)
-{
-	struct ecb_aes_result *r = req->data;
-	if (err == -EINPROGRESS)
-		return;
-	r->err = err;
-	complete(&r->completion);
-}
-
-/*--------------------------------------------------------------------------
-
-   \brief cds_encrypt_aes() - Generate AES Encrypted byte stream
-
-   The cds_encrypt_aes() function generates the encrypted byte stream for given text.
-
-   Buffer should be allocated before calling cds_rand_get_bytes().
-
-   Attempting to initialize an already initialized lock results in
-   a failure.
-
-   \param lock - pointer to the opaque lock object to initialize
-
-   \return QDF_STATUS_SUCCESS - Successfully generated random memory.
-
-   QDF_STATUS_E_FAULT  - pbBuf is an invalid pointer.
-
-   QDF_STATUS_E_FAILURE - default return value if it fails due to
-   unknown reasons
-
-  ***QDF_STATUS_E_RESOURCES - System resources (other than memory)
-  are unavailable
-   \sa
-
-    ( *** return value not considered yet )
-   --------------------------------------------------------------------------*/
-
-QDF_STATUS cds_encrypt_aes(uint32_t cryptHandle,        /* Handle */
-			   uint8_t *pPlainText,         /* pointer to data stream */
-			   uint8_t *pCiphertext, uint8_t *pKey)
-{                               /* pointer to authentication key */
-	struct ecb_aes_result result;
-	struct ablkcipher_request *req;
-	struct crypto_ablkcipher *tfm;
-	int ret = 0;
-	char iv[IV_SIZE_AES_128];
-	struct scatterlist sg_in;
-	struct scatterlist sg_out;
-
-	init_completion(&result.completion);
-
-	tfm = cds_crypto_alloc_ablkcipher("cbc(aes)", 0, 0);
-	if (IS_ERR(tfm)) {
-		QDF_TRACE(QDF_MODULE_ID_QDF, QDF_TRACE_LEVEL_ERROR,
-			  "crypto_alloc_ablkcipher failed");
-		ret = PTR_ERR(tfm);
-		goto err_tfm;
-	}
-
-	req = ablkcipher_request_alloc(tfm, GFP_KERNEL);
-	if (!req) {
-		QDF_TRACE(QDF_MODULE_ID_QDF, QDF_TRACE_LEVEL_ERROR,
-			  "Failed to allocate request for cbc(aes)");
-		ret = -ENOMEM;
-		goto err_req;
-	}
-
-	ablkcipher_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG,
-					ecb_aes_complete, &result);
-
-	crypto_ablkcipher_clear_flags(tfm, ~0);
-
-	ret = crypto_ablkcipher_setkey(tfm, pKey, AES_KEYSIZE_128);
-	if (ret) {
-		QDF_TRACE(QDF_MODULE_ID_QDF, QDF_TRACE_LEVEL_ERROR,
-			  "crypto_cipher_setkey failed");
-		goto err_setkey;
-	}
-
-	memset(iv, 0, IV_SIZE_AES_128);
-
-	sg_init_one(&sg_in, pPlainText, AES_BLOCK_SIZE);
-
-	sg_init_one(&sg_out, pCiphertext, AES_BLOCK_SIZE);
-
-	ablkcipher_request_set_crypt(req, &sg_in, &sg_out, AES_BLOCK_SIZE, iv);
-
-	crypto_ablkcipher_encrypt(req);
-
-/* ------------------------------------- */
-err_setkey:
-	cds_ablkcipher_request_free(req);
-err_req:
-	cds_crypto_free_ablkcipher(tfm);
-err_tfm:
-	/* return ret; */
-	if (ret != 0) {
-		QDF_TRACE(QDF_MODULE_ID_QDF, QDF_TRACE_LEVEL_ERROR,
-			  "%s() call failed", __func__);
-		return QDF_STATUS_E_FAULT;
-	}
-
-	return QDF_STATUS_SUCCESS;
-}
-
-/*--------------------------------------------------------------------------
-
-   \brief cds_decrypt_aes() - Decrypts an AES Encrypted byte stream
-
-   The cds_decrypt_aes() function decrypts the encrypted byte stream.
-
-   Buffer should be allocated before calling cds_rand_get_bytes().
-
-   Attempting to initialize an already initialized lock results in
-   a failure.
-
-   \param lock - pointer to the opaque lock object to initialize
-
-   \return QDF_STATUS_SUCCESS - Successfully generated random memory.
-
-   QDF_STATUS_E_FAULT  - pbBuf is an invalid pointer.
-
-   QDF_STATUS_E_FAILURE - default return value if it fails due to
-   unknown reasons
-
-  ***QDF_STATUS_E_RESOURCES - System resources (other than memory)
-  are unavailable
-   \sa
-
-    ( *** return value not considered yet )
-   --------------------------------------------------------------------------*/
-
-QDF_STATUS cds_decrypt_aes(uint32_t cryptHandle,        /* Handle */
-			   uint8_t *pText,      /* pointer to data stream */
-			   uint8_t *pDecrypted, uint8_t *pKey)
-{                               /* pointer to authentication key */
-/*    QDF_STATUS uResult = QDF_STATUS_E_FAILURE; */
-	struct ecb_aes_result result;
-	struct ablkcipher_request *req;
-	struct crypto_ablkcipher *tfm;
-	int ret = 0;
-	char iv[IV_SIZE_AES_128];
-	struct scatterlist sg_in;
-	struct scatterlist sg_out;
-
-	init_completion(&result.completion);
-
-	tfm = cds_crypto_alloc_ablkcipher("cbc(aes)", 0, 0);
-	if (IS_ERR(tfm)) {
-		QDF_TRACE(QDF_MODULE_ID_QDF, QDF_TRACE_LEVEL_ERROR,
-			  "crypto_alloc_ablkcipher failed");
-		ret = PTR_ERR(tfm);
-		goto err_tfm;
-	}
-
-	req = ablkcipher_request_alloc(tfm, GFP_KERNEL);
-	if (!req) {
-		QDF_TRACE(QDF_MODULE_ID_QDF, QDF_TRACE_LEVEL_ERROR,
-			  "Failed to allocate request for cbc(aes)");
-		ret = -ENOMEM;
-		goto err_req;
-	}
-
-	ablkcipher_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG,
-					ecb_aes_complete, &result);
-
-	crypto_ablkcipher_clear_flags(tfm, ~0);
-
-	ret = crypto_ablkcipher_setkey(tfm, pKey, AES_KEYSIZE_128);
-	if (ret) {
-		QDF_TRACE(QDF_MODULE_ID_QDF, QDF_TRACE_LEVEL_ERROR,
-			  "crypto_cipher_setkey failed");
-		goto err_setkey;
-	}
-
-	memset(iv, 0, IV_SIZE_AES_128);
-
-	sg_init_one(&sg_in, pText, AES_BLOCK_SIZE);
-
-	sg_init_one(&sg_out, pDecrypted, AES_BLOCK_SIZE);
-
-	ablkcipher_request_set_crypt(req, &sg_in, &sg_out, AES_BLOCK_SIZE, iv);
-
-	crypto_ablkcipher_decrypt(req);
-
-/* ------------------------------------- */
-err_setkey:
-	cds_ablkcipher_request_free(req);
-err_req:
-	cds_crypto_free_ablkcipher(tfm);
-err_tfm:
-	/* return ret; */
-	if (ret != 0) {
-		QDF_TRACE(QDF_MODULE_ID_QDF, QDF_TRACE_LEVEL_ERROR,
-			  "%s() call failed", __func__);
-		return QDF_STATUS_E_FAULT;
-	}
-
-	return QDF_STATUS_SUCCESS;
-}
 
 uint32_t cds_chan_to_freq(uint8_t chan)
 {

core/dp/htt/htt.c

@@ -294,7 +294,6 @@ htt_pdev_alloc(ol_txrx_pdev_handle txrx_pdev,
 	pdev->txrx_pdev = txrx_pdev;
 	pdev->htc_pdev = htc_pdev;
 
-	qdf_mem_set(&pdev->stats, sizeof(pdev->stats), 0);
 	pdev->htt_htc_pkt_freelist = NULL;
 #ifdef ATH_11AC_TXCOMPACT
 	pdev->htt_htc_pkt_misclist = NULL;

core/dp/htt/htt_internal.h

@@ -135,8 +135,10 @@ struct htt_host_rx_desc_base {
 struct rx_buf_debug {
 	qdf_dma_addr_t paddr;
 	qdf_nbuf_t     nbuf;
-	void     *nbuf_data;
-	bool     in_use;
+	void     *nbuf_data; /* lsb of this field is used for "in_use" */
+			     /* bool     in_use; */
+	uint64_t  ts;        /* timestamp */
+
 };
 #endif
 
@@ -619,6 +621,8 @@ void htt_rx_dbg_rxbuf_init(struct htt_pdev_t *pdev)
 	if (!pdev->rx_buff_list) {
 		qdf_print("HTT: debug RX buffer allocation failed\n");
 		QDF_ASSERT(0);
+	} else {
+		qdf_spinlock_create(&(pdev->rx_buff_list_lock));
 	}
 }
 
@@ -634,16 +638,24 @@ static inline
 void htt_rx_dbg_rxbuf_set(struct htt_pdev_t *pdev, qdf_dma_addr_t paddr,
 			  qdf_nbuf_t rx_netbuf)
 {
+	void *tmp;
 	if (pdev->rx_buff_list) {
+		qdf_spin_lock_bh(&(pdev->rx_buff_list_lock));
 		pdev->rx_buff_list[pdev->rx_buff_index].paddr = paddr;
-		pdev->rx_buff_list[pdev->rx_buff_index].in_use = true;
 		pdev->rx_buff_list[pdev->rx_buff_index].nbuf_data =
 							rx_netbuf->data;
+		/* pdev->rx_buff_list[pdev->rx_buff_index].in_use = true; */
+		tmp = pdev->rx_buff_list[pdev->rx_buff_index].nbuf_data;
+		tmp = (void *)((uint64_t) tmp | 0x01);
+		pdev->rx_buff_list[pdev->rx_buff_index].nbuf_data = tmp;
 		pdev->rx_buff_list[pdev->rx_buff_index].nbuf = rx_netbuf;
+		pdev->rx_buff_list[pdev->rx_buff_index].ts =
+						qdf_get_log_timestamp();
 		NBUF_MAP_ID(rx_netbuf) = pdev->rx_buff_index;
 		if (++pdev->rx_buff_index ==
 				HTT_RX_RING_BUFF_DBG_LIST)
 			pdev->rx_buff_index = 0;
+		qdf_spin_unlock_bh(&(pdev->rx_buff_list_lock));
 	}
 }
 
@@ -658,12 +670,20 @@ void htt_rx_dbg_rxbuf_reset(struct htt_pdev_t *pdev,
 				qdf_nbuf_t netbuf)
 {
 	uint32_t index;
+	void *tmp;
 
 	if (pdev->rx_buff_list) {
+		qdf_spin_lock_bh(&(pdev->rx_buff_list_lock));
 		index = NBUF_MAP_ID(netbuf);
 		if (index < HTT_RX_RING_BUFF_DBG_LIST) {
-			pdev->rx_buff_list[index].in_use = false;
+			/* in_use = false */
+			tmp = pdev->rx_buff_list[index].nbuf_data;
+			tmp = (void *)((uint64_t)tmp & 0xfffffffffffffffe);
+			pdev->rx_buff_list[index].nbuf_data = tmp;
+			pdev->rx_buff_list[index].ts     =
+				qdf_get_log_timestamp();
 		}
+		qdf_spin_unlock_bh(&(pdev->rx_buff_list_lock));
 	}
 }
 /**

core/dp/htt/htt_rx.c

@@ -60,6 +60,7 @@
 #include <asm/barrier.h>
 #include <wma_api.h>
 #endif
+#include <pktlog_ac_fmt.h>
 
 #ifdef HTT_DEBUG_DATA
 #define HTT_PKT_DUMP(x) x
@@ -1375,9 +1376,39 @@ htt_rx_offload_msdu_pop_hl(htt_pdev_handle pdev,
 			   qdf_nbuf_t *head_buf,
 			   qdf_nbuf_t *tail_buf)
 {
-	return 0;
-}
+	adf_nbuf_t buf;
+	u_int32_t *msdu_hdr, msdu_len;
+	int ret = 0;
+
+	*head_buf = *tail_buf = buf = offload_deliver_msg;
+	msdu_hdr = (u_int32_t *)adf_nbuf_data(buf);
+	/* First dword */
+
+	/* Second dword */
+	msdu_hdr++;
+	msdu_len = HTT_RX_OFFLOAD_DELIVER_IND_MSDU_LEN_GET(*msdu_hdr);
+	*peer_id = HTT_RX_OFFLOAD_DELIVER_IND_MSDU_PEER_ID_GET(*msdu_hdr);
+
+	/* Third dword */
+	msdu_hdr++;
+	*vdev_id = HTT_RX_OFFLOAD_DELIVER_IND_MSDU_VDEV_ID_GET(*msdu_hdr);
+	*tid = HTT_RX_OFFLOAD_DELIVER_IND_MSDU_TID_GET(*msdu_hdr);
+	*fw_desc = HTT_RX_OFFLOAD_DELIVER_IND_MSDU_DESC_GET(*msdu_hdr);
+
+	adf_nbuf_pull_head(buf, HTT_RX_OFFLOAD_DELIVER_IND_MSDU_HDR_BYTES \
+			+ HTT_RX_OFFLOAD_DELIVER_IND_HDR_BYTES);
+
+	if (msdu_len <= adf_nbuf_len(buf)) {
+		adf_nbuf_set_pktlen(buf, msdu_len);
+	} else {
+		adf_os_print("%s: drop frame with invalid msdu len %d %d\n",
+				__FUNCTION__, msdu_len, (int)adf_nbuf_len(buf));
+		adf_nbuf_free(offload_deliver_msg);
+		ret = -1;
+	}
 
+	return ret;
+}
 #endif
 
 int
@@ -1968,6 +1999,7 @@ htt_rx_amsdu_rx_in_order_pop_ll(htt_pdev_handle pdev,
 	uint8_t offload_ind, frag_ind;
 	struct htt_host_rx_desc_base *rx_desc;
 	uint8_t peer_id;
+	enum rx_pkt_fate status = RX_PKT_FATE_SUCCESS;
 
 	HTT_ASSERT1(htt_rx_in_order_ring_elems(pdev) != 0);
 
@@ -2026,6 +2058,7 @@ htt_rx_amsdu_rx_in_order_pop_ll(htt_pdev_handle pdev,
 		 */
 		qdf_nbuf_pull_head(msdu, HTT_RX_STD_DESC_RESERVATION);
 
+		QDF_NBUF_CB_DP_TRACE_PRINT(msdu) = false;
 		qdf_dp_trace_set_track(msdu, QDF_RX);
 		QDF_NBUF_CB_TX_PACKET_TRACK(msdu) = QDF_NBUF_TX_PKT_DATA_TRACK;
 		ol_rx_log_packet(pdev, peer_id, msdu);
@@ -2053,6 +2086,15 @@ htt_rx_amsdu_rx_in_order_pop_ll(htt_pdev_handle pdev,
 
 		msdu_count--;
 
+		/* calling callback function for packet logging */
+		if (pdev->rx_pkt_dump_cb) {
+			if (qdf_unlikely((*((u_int8_t *)
+				   &rx_desc->fw_desc.u.val)) &
+				   FW_RX_DESC_ANY_ERR_M))
+				status = RX_PKT_FATE_FW_DROP_INVALID;
+			pdev->rx_pkt_dump_cb(msdu, peer_id, status);
+		}
+
 		if (qdf_unlikely((*((u_int8_t *) &rx_desc->fw_desc.u.val)) &
 				    FW_RX_DESC_ANY_ERR_M)) {
 			uint8_t tid =
@@ -3506,3 +3548,51 @@ int htt_rx_ipa_uc_detach(struct htt_pdev_t *pdev)
 	return 0;
 }
 #endif /* IPA_OFFLOAD */
+
+/**
+ * htt_register_rx_pkt_dump_callback() - registers callback to
+ *   get rx pkt status and call callback to do rx packet dump
+ *
+ * @pdev: htt pdev handle
+ * @callback: callback to get rx pkt status and
+ *     call callback to do rx packet dump
+ *
+ * This function is used to register the callback to get
+ * rx pkt status and call callback to do rx packet dump
+ *
+ * Return: None
+ *
+ */
+void htt_register_rx_pkt_dump_callback(struct htt_pdev_t *pdev,
+				tp_rx_pkt_dump_cb callback)
+{
+	if (!pdev) {
+		qdf_print("%s: htt pdev is NULL, rx packet status callback register unsuccessful\n",
+						__func__);
+		return;
+	}
+	pdev->rx_pkt_dump_cb = callback;
+}
+
+/**
+ * htt_deregister_rx_pkt_dump_callback() - deregisters callback to
+ *   get rx pkt status and call callback to do rx packet dump
+ *
+ * @pdev: htt pdev handle
+ *
+ * This function is used to deregister the callback to get
+ * rx pkt status and call callback to do rx packet dump
+ *
+ * Return: None
+ *
+ */
+void htt_deregister_rx_pkt_dump_callback(struct htt_pdev_t *pdev)
+{
+	if (!pdev) {
+		qdf_print("%s: htt pdev is NULL, rx packet status callback deregister unsuccessful\n",
+						__func__);
+		return;
+	}
+	pdev->rx_pkt_dump_cb = NULL;
+}
+

core/dp/htt/htt_t2h.c

@@ -213,7 +213,15 @@ void htt_t2h_lp_msg_handler(void *context, qdf_nbuf_t htt_t2h_msg,
 		ol_rx_offload_deliver_ind_handler(pdev->txrx_pdev,
 						  htt_t2h_msg,
 						  msdu_cnt);
-		break;
+		if (pdev->cfg.is_high_latency) {
+			/*
+			 * return here for HL to avoid double free on
+			 * htt_t2h_msg
+			 */
+			return;
+		} else {
+			break;
+		}
 	}
 	case HTT_T2H_MSG_TYPE_RX_FRAG_IND:
 	{

core/dp/htt/htt_tx.c

@@ -1240,9 +1240,6 @@ int htt_tx_ipa_uc_attach(struct htt_pdev_t *pdev,
 		return_code = -ENOBUFS;
 		goto free_tx_comp_base;
 	}
-	qdf_mem_zero(pdev->ipa_uc_tx_rsc.tx_buf_pool_vaddr_strg,
-		     uc_tx_buf_cnt *
-			sizeof(*pdev->ipa_uc_tx_rsc.tx_buf_pool_vaddr_strg));
 
 	pdev->ipa_uc_tx_rsc.paddr_strg =
 		qdf_mem_malloc(uc_tx_buf_cnt *
@@ -1252,9 +1249,6 @@ int htt_tx_ipa_uc_attach(struct htt_pdev_t *pdev,
 		return_code = -ENOBUFS;
 		goto free_tx_comp_base;
 	}
-	qdf_mem_zero(pdev->ipa_uc_tx_rsc.paddr_strg,
-		     uc_tx_buf_cnt *
-			sizeof(*pdev->ipa_uc_tx_rsc.paddr_strg));
 
 	pdev->ipa_uc_tx_rsc.alloc_tx_buf_cnt = htt_tx_ipa_uc_wdi_tx_buf_alloc(
 		pdev, uc_tx_buf_sz, uc_tx_buf_cnt, uc_tx_partition_base);

core/dp/htt/htt_types.h

@@ -35,6 +35,7 @@
 #include <qdf_atomic.h>         /* qdf_atomic_inc */
 #include <qdf_nbuf.h>           /* qdf_nbuf_t */
 #include <htc_api.h>            /* HTC_PACKET */
+#include <ol_htt_api.h>
 
 #define DEBUG_DMA_DONE
 
@@ -410,8 +411,13 @@ struct htt_pdev_t {
 
 #ifdef DEBUG_RX_RING_BUFFER
 	struct rx_buf_debug *rx_buff_list;
+	qdf_spinlock_t       rx_buff_list_lock;
 	int rx_buff_index;
 #endif
+
+	/* callback function for packetdump */
+	tp_rx_pkt_dump_cb rx_pkt_dump_cb;
+
 	struct mon_channel mon_ch_info;
 };
 

core/dp/ol/inc/ol_htt_api.h

@@ -384,5 +384,11 @@ static inline void htt_clear_bundle_stats(struct htt_pdev_t *pdev)
 #endif
 
 void htt_mark_first_wakeup_packet(htt_pdev_handle pdev, uint8_t value);
+typedef void (*tp_rx_pkt_dump_cb)(qdf_nbuf_t msdu, uint8_t peer_id,
+			uint8_t status);
+void htt_register_rx_pkt_dump_callback(struct htt_pdev_t *pdev,
+		tp_rx_pkt_dump_cb ol_rx_pkt_dump_call);
+void htt_deregister_rx_pkt_dump_callback(struct htt_pdev_t *pdev);
+void ol_rx_pkt_dump_call(qdf_nbuf_t msdu, uint8_t peer_id, uint8_t status);
 
 #endif /* _OL_HTT_API__H_ */

core/dp/ol/inc/ol_txrx_api.h

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2011-2014 The Linux Foundation. All rights reserved.
+ * Copyright (c) 2011-2014, 2016 The Linux Foundation. All rights reserved.
  *
  * Previously licensed under the ISC license by Qualcomm Atheros, Inc.
  *
@@ -60,4 +60,10 @@ enum ol_sec_type {
 	ol_sec_type_types
 };
 
+typedef void (*tp_ol_packetdump_cb)(qdf_nbuf_t netbuf,
+		uint8_t status, uint8_t vdev_id, uint8_t type);
+void ol_register_packetdump_callback(tp_ol_packetdump_cb ol_tx_packetdump_cb,
+			tp_ol_packetdump_cb ol_rx_packetdump_cb);
+void ol_deregister_packetdump_callback(void);
+
 #endif /* _OL_TXRX_API__H_ */

core/dp/txrx/ol_rx.c

@@ -58,6 +58,7 @@
 #include <ol_vowext_dbg_defs.h>
 #include <wma.h>
 #include <cds_concurrency.h>
+#include "pktlog_ac_fmt.h"
 
 #include <pld_common.h>
 
@@ -625,7 +626,7 @@ ol_rx_indication_handler(ol_txrx_pdev_handle pdev,
 				if (status != htt_rx_status_ctrl_mgmt_null) {
 					/* Pktlog */
 					ol_rx_send_pktlog_event(pdev,
-						 peer, head_msdu, 1);
+						 peer, msdu, 1);
 				}
 #endif
 				if (status == htt_rx_status_err_inv_peer) {
@@ -851,21 +852,21 @@ ol_rx_offload_deliver_ind_handler(ol_txrx_pdev_handle pdev,
 	htt_pdev_handle htt_pdev = pdev->htt_pdev;
 
 	while (msdu_cnt) {
-		htt_rx_offload_msdu_pop(htt_pdev, msg, &vdev_id, &peer_id,
-					&tid, &fw_desc, &head_buf, &tail_buf);
-
-		peer = ol_txrx_peer_find_by_id(pdev, peer_id);
-		if (peer) {
-			ol_rx_data_process(peer, head_buf);
-		} else {
-			buf = head_buf;
-			while (1) {
-				qdf_nbuf_t next;
-				next = qdf_nbuf_next(buf);
-				htt_rx_desc_frame_free(htt_pdev, buf);
-				if (buf == tail_buf)
-					break;
-				buf = next;
+		if (!htt_rx_offload_msdu_pop(htt_pdev, msg, &vdev_id, &peer_id,
+					&tid, &fw_desc, &head_buf, &tail_buf)) {
+			peer = ol_txrx_peer_find_by_id(pdev, peer_id);
+			if (peer) {
+				ol_rx_data_process(peer, head_buf);
+			} else {
+				buf = head_buf;
+				while (1) {
+					qdf_nbuf_t next;
+					next = qdf_nbuf_next(buf);
+					htt_rx_desc_frame_free(htt_pdev, buf);
+					if (buf == tail_buf)
+						break;
+					buf = next;
+				}
 			}
 		}
 		msdu_cnt--;
@@ -1400,6 +1401,51 @@ ol_rx_in_order_indication_handler(ol_txrx_pdev_handle pdev,
 	peer->rx_opt_proc(vdev, peer, tid, head_msdu);
 }
 
+/**
+ * ol_rx_pkt_dump_call() - updates status and
+ * calls packetdump callback to log rx packet
+ *
+ * @msdu: rx packet
+ * @peer_id: peer id
+ * @status: status of rx packet
+ *
+ * This function is used to update the status of rx packet
+ * and then calls packetdump callback to log that packet.
+ *
+ * Return: None
+ *
+ */
+void ol_rx_pkt_dump_call(
+	qdf_nbuf_t msdu,
+	uint8_t peer_id,
+	uint8_t status)
+{
+	v_CONTEXT_t vos_context;
+	ol_txrx_pdev_handle pdev;
+	struct ol_txrx_peer_t *peer = NULL;
+
+	vos_context = cds_get_global_context();
+	pdev = cds_get_context(QDF_MODULE_ID_TXRX);
+
+	if (!pdev) {
+		TXRX_PRINT(TXRX_PRINT_LEVEL_ERR,
+			"%s: pdev is NULL", __func__);
+		return;
+	}
+
+	if (pdev->ol_rx_packetdump_cb) {
+		peer = ol_txrx_peer_find_by_id(pdev, peer_id);
+		if (!peer) {
+			TXRX_PRINT(TXRX_PRINT_LEVEL_ERR,
+				"%s: peer with peer id %d is NULL", __func__,
+				peer_id);
+			return;
+		}
+		pdev->ol_rx_packetdump_cb(msdu, status, peer->vdev->vdev_id,
+						RX_DATA_PKT);
+	}
+}
+
 /* the msdu_list passed here must be NULL terminated */
 void
 ol_rx_in_order_deliver(struct ol_txrx_vdev_t *vdev,
@@ -1469,7 +1515,10 @@ ol_rx_offload_paddr_deliver_ind_handler(htt_pdev_handle htt_pdev,
 
 		peer = ol_txrx_peer_find_by_id(htt_pdev->txrx_pdev, peer_id);
 		if (peer) {
+			QDF_NBUF_CB_DP_TRACE_PRINT(head_buf) = false;
 			qdf_dp_trace_set_track(head_buf, QDF_RX);
+			QDF_NBUF_CB_TX_PACKET_TRACK(head_buf) =
+						QDF_NBUF_TX_PKT_DATA_TRACK;
 			qdf_dp_trace_log_pkt(peer->vdev->vdev_id,
 				head_buf, QDF_RX);
 			DPTRACE(qdf_dp_trace(head_buf,

core/dp/txrx/ol_rx_reorder.c

@@ -492,7 +492,6 @@ ol_rx_addba_handler(ol_txrx_pdev_handle pdev,
 		round_pwr2_win_sz * sizeof(struct ol_rx_reorder_array_elem_t);
 	rx_reorder->array = qdf_mem_malloc(array_size);
 	TXRX_ASSERT1(rx_reorder->array);
-	qdf_mem_set(rx_reorder->array, array_size, 0x0);
 
 	rx_reorder->win_sz_mask = round_pwr2_win_sz - 1;
 	rx_reorder->num_mpdus = 0;

core/dp/txrx/ol_tx.c

@@ -625,7 +625,8 @@ ol_tx_ll_fast(ol_txrx_vdev_handle vdev, qdf_nbuf_t msdu_list)
 					 * Free the descriptor, return the
 					 * packet to the caller.
 					 */
-					ol_tx_desc_free(pdev, tx_desc);
+					ol_tx_desc_frame_free_nonstd(pdev,
+								tx_desc, 1);
 					return msdu;
 				}
 				if (msdu_info.tso_info.curr_seg) {
@@ -1353,7 +1354,7 @@ ol_txrx_mgmt_tx_desc_alloc(
 	 * address of the initial fragment.
 	 */
 #if defined(HELIUMPLUS_PADDR64)
-	/* dump_frag_desc("ol_txrx_mgmt_send(): after ol_tx_desc_ll",
+	/* ol_txrx_dump_frag_desc("ol_txrx_mgmt_send(): after ol_tx_desc_ll",
 	   tx_desc); */
 #endif /* defined(HELIUMPLUS_PADDR64) */
 	if (tx_desc) {
@@ -1368,7 +1369,7 @@ ol_txrx_mgmt_tx_desc_alloc(
 				qdf_nbuf_get_frag_paddr(tx_mgmt_frm, 1),
 				0, 0);
 #if defined(HELIUMPLUS_PADDR64) && defined(HELIUMPLUS_DEBUG)
-		dump_frag_desc(
+		ol_txrx_dump_frag_desc(
 				"after htt_tx_desc_frags_table_set",
 				tx_desc);
 #endif /* defined(HELIUMPLUS_PADDR64) */
@@ -1700,7 +1701,7 @@ ol_txrx_mgmt_tx_cb_set(ol_txrx_pdev_handle pdev,
 }
 
 #if defined(HELIUMPLUS_PADDR64)
-void dump_frag_desc(char *msg, struct ol_tx_desc_t *tx_desc)
+void ol_txrx_dump_frag_desc(char *msg, struct ol_tx_desc_t *tx_desc)
 {
 	uint32_t                *frag_ptr_i_p;
 	int                     i;

core/dp/txrx/ol_tx.h

@@ -121,4 +121,13 @@ static inline void ol_tso_seg_list_deinit(struct ol_txrx_pdev_t *pdev)
 }
 #endif
 
+#if defined(HELIUMPLUS_PADDR64)
+void ol_txrx_dump_frag_desc(char *msg, struct ol_tx_desc_t *tx_desc);
+#else
+static inline
+void ol_txrx_dump_frag_desc(char *msg, struct ol_tx_desc_t *tx_desc)
+{
+}
+#endif
+
 #endif /* _OL_TX__H_ */

core/dp/txrx/ol_tx_desc.c

@@ -105,8 +105,6 @@ static inline void ol_tx_desc_reset_timestamp(struct ol_tx_desc_t *tx_desc)
 }
 #endif
 
-#ifdef CONFIG_HL_SUPPORT
-
 /**
  * ol_tx_desc_vdev_update() - vedv assign.
  * @tx_desc: tx descriptor pointer
@@ -120,15 +118,6 @@ ol_tx_desc_vdev_update(struct ol_tx_desc_t *tx_desc,
 {
 	tx_desc->vdev = vdev;
 }
-#else
-
-static inline void
-ol_tx_desc_vdev_update(struct ol_tx_desc_t *tx_desc,
-		       struct ol_txrx_vdev_t *vdev)
-{
-	return;
-}
-#endif
 
 #ifdef CONFIG_PER_VDEV_TX_DESC_POOL
 
@@ -182,6 +171,7 @@ struct ol_tx_desc_t *ol_tx_desc_alloc(struct ol_txrx_pdev_t *pdev,
 
 	ol_tx_desc_vdev_update(tx_desc, vdev);
 	ol_tx_desc_count_inc(vdev);
+	qdf_atomic_inc(&tx_desc->ref_cnt);
 
 	return tx_desc;
 }
@@ -235,6 +225,8 @@ struct ol_tx_desc_t *ol_tx_desc_alloc(struct ol_txrx_pdev_t *pdev,
 			}
 			ol_tx_desc_sanity_checks(pdev, tx_desc);
 			ol_tx_desc_compute_delay(tx_desc);
+			ol_tx_desc_vdev_update(tx_desc, vdev);
+			qdf_atomic_inc(&tx_desc->ref_cnt);
 		} else {
 			pool->pkt_drop_no_desc++;
 			qdf_spin_unlock_bh(&pool->flow_pool_lock);
@@ -411,9 +403,6 @@ void ol_tx_desc_free(struct ol_txrx_pdev_t *pdev, struct ol_tx_desc_t *tx_desc)
 }
 #endif
 
-extern void
-dump_frag_desc(char *msg, struct ol_tx_desc_t *tx_desc);
-
 void
 dump_pkt(qdf_nbuf_t nbuf, qdf_dma_addr_t nbuf_paddr, int len)
 {
@@ -591,7 +580,7 @@ struct ol_tx_desc_t *ol_tx_desc_ll(struct ol_txrx_pdev_t *pdev,
 	}
 
 #if defined(HELIUMPLUS_DEBUG)
-	dump_frag_desc("ol_tx_desc_ll()", tx_desc);
+	ol_txrx_dump_frag_desc("ol_tx_desc_ll()", tx_desc);
 #endif
 	return tx_desc;
 }

core/dp/txrx/ol_tx_queue.c

@@ -80,7 +80,27 @@ ol_tx_queue_vdev_flush(struct ol_txrx_pdev_t *pdev, struct ol_txrx_vdev_t *vdev)
 	/* flush VDEV TX queues */
 	for (i = 0; i < OL_TX_VDEV_NUM_QUEUES; i++) {
 		txq = &vdev->txqs[i];
-		ol_tx_queue_free(pdev, txq, (i + OL_TX_NUM_TIDS), false);
+		/*
+		 * currently txqs of MCAST_BCAST/DEFAULT_MGMT packet are using
+		 * tid HTT_TX_EXT_TID_NON_QOS_MCAST_BCAST/HTT_TX_EXT_TID_MGMT
+		 * when inserted into scheduler, so use same tid when we flush
+		 * them
+		 */
+		if (i == OL_TX_VDEV_MCAST_BCAST)
+			ol_tx_queue_free(pdev,
+					txq,
+					HTT_TX_EXT_TID_NON_QOS_MCAST_BCAST,
+					false);
+		else if (i == OL_TX_VDEV_DEFAULT_MGMT)
+			ol_tx_queue_free(pdev,
+					txq,
+					HTT_TX_EXT_TID_MGMT,
+					false);
+		else
+			ol_tx_queue_free(pdev,
+					txq,
+					(i + OL_TX_NUM_TIDS),
+					false);
 	}
 	/* flush PEER TX queues */
 	do {

core/dp/txrx/ol_tx_sched.c

@@ -204,13 +204,13 @@ ol_tx_sched_select_batch_rr(
 	struct ol_tx_sched_rr_t *scheduler = pdev->tx_sched.scheduler;
 	struct ol_tx_active_queues_in_tid_t *txq_queue;
 	struct ol_tx_frms_queue_t *next_tq;
-	u_int16_t frames, used_credits, tx_limit, tx_limit_flag = 0;
+	u_int16_t frames, used_credits = 0, tx_limit, tx_limit_flag = 0;
 	int bytes;
 
 	TX_SCHED_DEBUG_PRINT("Enter %s\n", __func__);
 
 	if (TAILQ_EMPTY(&scheduler->tx_active_tids_list))
-		return;
+		return used_credits;
 
 	txq_queue = TAILQ_FIRST(&scheduler->tx_active_tids_list);
 
@@ -222,12 +222,12 @@ ol_tx_sched_select_batch_rr(
 
 	credit = OL_A_MIN(credit, TX_SCH_MAX_CREDIT_FOR_THIS_TID(next_tq));
 	frames = next_tq->frms; /* download as many frames as credit allows */
-	tx_limit = ol_tx_bad_peer_dequeue_check(txq,
-					category->specs.send_limit,
+	tx_limit = ol_tx_bad_peer_dequeue_check(next_tq,
+					frames,
 					&tx_limit_flag);
 	frames = ol_tx_dequeue(
-			pdev, txq, &sctx->head, tx_limit, &credit, &bytes);
-	ol_tx_bad_peer_update_tx_limit(pdev, txq, frames, tx_limit_flag);
+			pdev, next_tq, &sctx->head, tx_limit, &credit, &bytes);
+	ol_tx_bad_peer_update_tx_limit(pdev, next_tq, frames, tx_limit_flag);
 
 	used_credits = credit;
 	txq_queue->frms -= frames;
@@ -445,6 +445,36 @@ ol_txrx_set_wmm_param(ol_txrx_pdev_handle data_pdev,
 		  "Dummy function when OL_TX_SCHED_RR is enabled\n");
 }
 
+/**
+ * ol_tx_sched_stats_display() - tx sched stats display
+ * @pdev: Pointer to the PDEV structure.
+ *
+ * Return: none.
+ */
+void ol_tx_sched_stats_display(struct ol_txrx_pdev_t *pdev)
+{
+}
+
+/**
+ * ol_tx_sched_cur_state_display() - tx sched cur stat display
+ * @pdev: Pointer to the PDEV structure.
+ *
+ * Return: none.
+ */
+void ol_tx_sched_cur_state_display(struct ol_txrx_pdev_t *pdev)
+{
+}
+
+/**
+ * ol_tx_sched_cur_state_display() - reset tx sched stats
+ * @pdev: Pointer to the PDEV structure.
+ *
+ * Return: none.
+ */
+void ol_tx_sched_stats_clear(struct ol_txrx_pdev_t *pdev)
+{
+}
+
 #endif /* OL_TX_SCHED == OL_TX_SCHED_RR */
 
 /*--- advanced scheduler ----------------------------------------------------*/
@@ -991,8 +1021,6 @@ ol_tx_sched_init_wrr_adv(
 	if (scheduler == NULL)
 		return scheduler;
 
-	qdf_mem_zero(scheduler, sizeof(*scheduler));
-
 	OL_TX_SCHED_WRR_ADV_CAT_CFG_STORE(VO, scheduler);
 	OL_TX_SCHED_WRR_ADV_CAT_CFG_STORE(VI, scheduler);
 	OL_TX_SCHED_WRR_ADV_CAT_CFG_STORE(BE, scheduler);
@@ -1090,6 +1118,39 @@ ol_txrx_set_wmm_param(ol_txrx_pdev_handle data_pdev,
 	}
 }
 
+/**
+ * ol_tx_sched_stats_display() - tx sched stats display
+ * @pdev: Pointer to the PDEV structure.
+ *
+ * Return: none.
+ */
+void ol_tx_sched_stats_display(struct ol_txrx_pdev_t *pdev)
+{
+    OL_TX_SCHED_WRR_ADV_CAT_STAT_DUMP(pdev->tx_sched.scheduler);
+}
+
+/**
+ * ol_tx_sched_cur_state_display() - tx sched cur stat display
+ * @pdev: Pointer to the PDEV structure.
+ *
+ * Return: none.
+ */
+void ol_tx_sched_cur_state_display(struct ol_txrx_pdev_t *pdev)
+{
+    OL_TX_SCHED_WRR_ADV_CAT_CUR_STATE_DUMP(pdev->tx_sched.scheduler);
+}
+
+/**
+ * ol_tx_sched_cur_state_display() - reset tx sched stats
+ * @pdev: Pointer to the PDEV structure.
+ *
+ * Return: none.
+ */
+void ol_tx_sched_stats_clear(struct ol_txrx_pdev_t *pdev)
+{
+    OL_TX_SCHED_WRR_ADV_CAT_STAT_CLEAR(pdev->tx_sched.scheduler);
+}
+
 #endif /* OL_TX_SCHED == OL_TX_SCHED_WRR_ADV */
 
 /*--- congestion control discard --------------------------------------------*/
@@ -1464,19 +1525,4 @@ ol_tx_sched_log(struct ol_txrx_pdev_t *pdev)
 
 #endif /* defined(DEBUG_HL_LOGGING) */
 
-void ol_tx_sched_stats_display(struct ol_txrx_pdev_t *pdev)
-{
-	OL_TX_SCHED_WRR_ADV_CAT_STAT_DUMP(pdev->tx_sched.scheduler);
-}
-
-void ol_tx_sched_cur_state_display(struct ol_txrx_pdev_t *pdev)
-{
-	OL_TX_SCHED_WRR_ADV_CAT_CUR_STATE_DUMP(pdev->tx_sched.scheduler);
-}
-
-void ol_tx_sched_stats_clear(struct ol_txrx_pdev_t *pdev)
-{
-	OL_TX_SCHED_WRR_ADV_CAT_STAT_CLEAR(pdev->tx_sched.scheduler);
-}
-
 #endif /* defined(CONFIG_HL_SUPPORT) */

core/dp/txrx/ol_tx_send.c

@@ -60,7 +60,7 @@
 #endif
 #include <ol_tx_queue.h>
 #include <ol_txrx.h>
-
+#include <pktlog_ac_fmt.h>
 
 #ifdef TX_CREDIT_RECLAIM_SUPPORT
 
@@ -552,6 +552,11 @@ ol_tx_completion_handler(ol_txrx_pdev_handle pdev,
 		tx_desc->status = status;
 		netbuf = tx_desc->netbuf;
 		QDF_NBUF_UPDATE_TX_PKT_COUNT(netbuf, QDF_NBUF_TX_PKT_FREE);
+
+		if (pdev->ol_tx_packetdump_cb)
+			pdev->ol_tx_packetdump_cb(netbuf, status,
+				tx_desc->vdev->vdev_id, TX_DATA_PKT);
+
 		DPTRACE(qdf_dp_trace_ptr(netbuf,
 			QDF_DP_TRACE_FREE_PACKET_PTR_RECORD,
 			qdf_nbuf_data_addr(netbuf),
@@ -766,6 +771,10 @@ ol_tx_single_completion_handler(ol_txrx_pdev_handle pdev,
 	/* Do one shot statistics */
 	TXRX_STATS_UPDATE_TX_STATS(pdev, status, 1, qdf_nbuf_len(netbuf));
 
+	if (pdev->ol_tx_packetdump_cb)
+		pdev->ol_tx_packetdump_cb(netbuf, status,
+			tx_desc->vdev->vdev_id, TX_MGMT_PKT);
+
 	if (OL_TX_DESC_NO_REFS(tx_desc)) {
 		ol_tx_desc_frame_free_nonstd(pdev, tx_desc,
 					     status != htt_tx_status_ok);
@@ -1168,3 +1177,57 @@ ol_tx_delay_compute(struct ol_txrx_pdev_t *pdev,
 }
 
 #endif /* QCA_COMPUTE_TX_DELAY */
+
+/**
+ * ol_register_packetdump_callback() - registers
+ *  tx data packet, tx mgmt. packet and rx data packet
+ *  dump callback handler.
+ *
+ * @ol_tx_packetdump_cb: tx packetdump cb
+ * @ol_rx_packetdump_cb: rx packetdump cb
+ *
+ * This function is used to register tx data pkt, tx mgmt.
+ * pkt and rx data pkt dump callback
+ *
+ * Return: None
+ *
+ */
+void ol_register_packetdump_callback(tp_ol_packetdump_cb ol_tx_packetdump_cb,
+					tp_ol_packetdump_cb ol_rx_packetdump_cb)
+{
+	ol_txrx_pdev_handle pdev = cds_get_context(QDF_MODULE_ID_TXRX);
+
+	if (!pdev) {
+		TXRX_PRINT(TXRX_PRINT_LEVEL_ERR,
+				"%s: pdev is NULL", __func__);
+		return;
+	}
+
+	pdev->ol_tx_packetdump_cb = ol_tx_packetdump_cb;
+	pdev->ol_rx_packetdump_cb = ol_rx_packetdump_cb;
+}
+
+/**
+ * ol_deregister_packetdump_callback() - deregidters
+ *  tx data packet, tx mgmt. packet and rx data packet
+ *  dump callback handler
+ *
+ * This function is used to deregidter tx data pkt.,
+ * tx mgmt. pkt and rx data pkt. dump callback
+ *
+ * Return: None
+ *
+ */
+void ol_deregister_packetdump_callback(void)
+{
+	ol_txrx_pdev_handle pdev = cds_get_context(QDF_MODULE_ID_TXRX);
+
+	if (!pdev) {
+		TXRX_PRINT(TXRX_PRINT_LEVEL_ERR,
+				"%s: pdev is NULL", __func__);
+		return;
+	}
+
+	pdev->ol_tx_packetdump_cb = NULL;
+	pdev->ol_rx_packetdump_cb = NULL;
+}

core/dp/txrx/ol_txrx.c

@@ -975,7 +975,6 @@ ol_txrx_pdev_attach(ol_pdev_handle ctrl_pdev,
 	pdev = qdf_mem_malloc(sizeof(*pdev));
 	if (!pdev)
 		goto fail0;
-	qdf_mem_zero(pdev, sizeof(*pdev));
 
 	/* init LL/HL cfg here */
 	pdev->cfg.is_high_latency = ol_cfg_is_high_latency(ctrl_pdev);
@@ -1014,6 +1013,8 @@ ol_txrx_pdev_attach(ol_pdev_handle ctrl_pdev,
 	if (!pdev->htt_pdev)
 		goto fail3;
 
+	htt_register_rx_pkt_dump_callback(pdev->htt_pdev,
+			ol_rx_pkt_dump_call);
 	return pdev;
 
 fail3:
@@ -1632,9 +1633,8 @@ void ol_txrx_pdev_detach(ol_txrx_pdev_handle pdev, int force)
 		ol_txrx_peer_find_hash_erase(pdev);
 	}
 
-	ol_tx_deregister_flow_control(pdev);
-	/* Stop the communication between HTT and target at first */
-	htt_detach_target(pdev->htt_pdev);
+	/* to get flow pool status before freeing descs */
+	ol_tx_dump_flow_pool_info();
 
 	for (i = 0; i < pdev->tx_desc.pool_size; i++) {
 		void *htt_tx_desc;
@@ -1658,6 +1658,11 @@ void ol_txrx_pdev_detach(ol_txrx_pdev_handle pdev, int force)
 		htt_tx_desc_free(pdev->htt_pdev, htt_tx_desc);
 	}
 
+	htt_deregister_rx_pkt_dump_callback(pdev->htt_pdev);
+	ol_tx_deregister_flow_control(pdev);
+	/* Stop the communication between HTT and target at first */
+	htt_detach_target(pdev->htt_pdev);
+
 	qdf_mem_multi_pages_free(pdev->osdev,
 		&pdev->tx_desc.desc_pages, 0, true);
 	pdev->tx_desc.freelist = NULL;
@@ -2134,7 +2139,6 @@ ol_txrx_peer_attach(ol_txrx_vdev_handle vdev, uint8_t *peer_mac_addr)
 	peer = qdf_mem_malloc(sizeof(*peer));
 	if (!peer)
 		return NULL;    /* failure */
-	qdf_mem_zero(peer, sizeof(*peer));
 
 	/* store provided params */
 	peer->vdev = vdev;

core/dp/txrx/ol_txrx_peer_find.c

@@ -310,15 +310,6 @@ static int ol_txrx_peer_find_map_attach(struct ol_txrx_pdev_t *pdev)
 	if (!pdev->peer_id_to_obj_map)
 		return 1;       /* failure */
 
-	/*
-	 * The peer_id_to_obj_map doesn't really need to be initialized,
-	 * since elements are only used after they have been individually
-	 * initialized.
-	 * However, it is convenient for debugging to have all elements
-	 * that are not in use set to 0.
-	 */
-	qdf_mem_set(pdev->peer_id_to_obj_map, peer_map_size, 0);
-
 	return 0;               /* success */
 }
 

core/dp/txrx/ol_txrx_types.h

@@ -187,9 +187,9 @@ struct ol_tx_desc_t {
 	 * This field is filled in with the ol_tx_frm_type enum.
 	 */
 	uint8_t pkt_type;
-#if defined(CONFIG_HL_SUPPORT)
+
 	struct ol_txrx_vdev_t *vdev;
-#endif
+
 	void *txq;
 
 #ifdef QCA_SUPPORT_SW_TXRX_ENCAP
@@ -663,6 +663,10 @@ struct ol_txrx_pdev_t {
 		} callbacks[OL_TXRX_MGMT_NUM_TYPES];
 	} tx_mgmt;
 
+	/* packetdump callback functions */
+	tp_ol_packetdump_cb ol_tx_packetdump_cb;
+	tp_ol_packetdump_cb ol_rx_packetdump_cb;
+
 	struct {
 		uint16_t pool_size;
 		uint16_t num_free;

core/hdd/inc/wlan_hdd_cfg.h

@@ -582,7 +582,7 @@ typedef enum {
 #define CFG_INFRA_STA_KEEP_ALIVE_PERIOD_NAME          "gStaKeepAlivePeriod"
 #define CFG_INFRA_STA_KEEP_ALIVE_PERIOD_MIN           (0)
 #define CFG_INFRA_STA_KEEP_ALIVE_PERIOD_MAX           (65535)
-#define CFG_INFRA_STA_KEEP_ALIVE_PERIOD_DEFAULT       (0)
+#define CFG_INFRA_STA_KEEP_ALIVE_PERIOD_DEFAULT       (30)
 
 /* WMM configuration */
 #define CFG_QOS_WMM_MODE_NAME                             "WmmIsEnabled"

core/hdd/inc/wlan_hdd_main.h

@@ -1802,14 +1802,19 @@ static inline QDF_STATUS hdd_register_for_sap_restart_with_channel_switch(void)
 #endif
 
 #if !defined(REMOVE_PKT_LOG)
-int hdd_process_pktlog_command(hdd_context_t *hdd_ctx, uint32_t set_value);
-int hdd_pktlog_enable_disable(hdd_context_t *hdd_ctx, bool enable, uint8_t);
+int hdd_process_pktlog_command(hdd_context_t *hdd_ctx, uint32_t set_value,
+			       int set_value2);
+int hdd_pktlog_enable_disable(hdd_context_t *hdd_ctx, bool enable,
+			      uint8_t user_triggered, int size);
+
 #else
-int hdd_pktlog_enable_disable(hdd_context_t *hdd_ctx, bool enable, uint8_t)
+static inline int hdd_pktlog_enable_disable(hdd_context_t *hdd_ctx, bool enable,
+					    uint8_t user_triggered, int size)
 {
 	return 0;
 }
-int hdd_process_pktlog_command(hdd_context_t *hdd_ctx, uint32_t set_value)
+static inline int hdd_process_pktlog_command(hdd_context_t *hdd_ctx,
+					     uint32_t set_value, int set_value2)
 {
 	return 0;
 }
@@ -1936,11 +1941,25 @@ static inline void hdd_enable_fastpath(struct hdd_config *hdd_cfg,
 }
 #endif
 void hdd_wlan_update_target_info(hdd_context_t *hdd_ctx, void *context);
-
 enum  sap_acs_dfs_mode wlan_hdd_get_dfs_mode(enum dfs_mode mode);
-
 void hdd_ch_avoid_cb(void *hdd_context, void *indi_param);
 void hdd_unsafe_channel_restart_sap(hdd_context_t *hdd_ctx);
 int hdd_enable_disable_ca_event(hdd_context_t *hddctx,
 				uint8_t set_value);
+void wlan_hdd_undo_acs(hdd_adapter_t *adapter);
+
+#if (LINUX_VERSION_CODE < KERNEL_VERSION(4, 7, 0))
+static inline int
+hdd_wlan_nla_put_u64(struct sk_buff *skb, int attrtype, u64 value)
+{
+	return nla_put_u64(skb, attrtype, value);
+}
+#else
+static inline int
+hdd_wlan_nla_put_u64(struct sk_buff *skb, int attrtype, u64 value)
+{
+	return nla_put_u64_64bit(skb, attrtype, value, NL80211_ATTR_PAD);
+}
+#endif
+
 #endif /* end #if !defined(WLAN_HDD_MAIN_H) */

core/hdd/inc/wlan_hdd_power.h

@@ -224,26 +224,30 @@ void wlan_hdd_inc_suspend_stats(hdd_context_t *hdd_ctx,
 #ifdef WLAN_SUSPEND_RESUME_TEST
 /**
  * hdd_wlan_fake_apps_resume() - Resume from unit-test triggered suspend
- * @wiphy: wiphy struct from a validated hdd context
+ * @wiphy: the kernel wiphy struct for the device being resumed
+ * @dev: the kernel net_device struct for the device being resumed
  *
  * Return: Zero on success, calls QDF_BUG() on failure
  */
-int hdd_wlan_fake_apps_resume(struct wiphy *wiphy);
+int hdd_wlan_fake_apps_resume(struct wiphy *wiphy, struct net_device *dev);
 
 /**
  * hdd_wlan_fake_apps_suspend() - Initiate a unit-test triggered suspend
- * @wiphy: wiphy struct from a validated hdd context
+ * @wiphy: the kernel wiphy struct for the device being suspended
+ * @dev: the kernel net_device struct for the device being suspended
  *
  * Return: Zero on success, suspend related non-zero error code on failure
  */
-int hdd_wlan_fake_apps_suspend(struct wiphy *wiphy);
+int hdd_wlan_fake_apps_suspend(struct wiphy *wiphy, struct net_device *dev);
 #else
-static inline int hdd_wlan_fake_apps_resume(struct wiphy *wiphy)
+static inline int
+hdd_wlan_fake_apps_resume(struct wiphy *wiphy, struct net_device *dev)
 {
 	return 0;
 }
 
-static inline int hdd_wlan_fake_apps_suspend(struct wiphy *wiphy)
+static inline int
+hdd_wlan_fake_apps_suspend(struct wiphy *wiphy, struct net_device *dev)
 {
 	return 0;
 }

core/hdd/inc/wlan_hdd_tx_rx.h

@@ -130,4 +130,25 @@ void hdd_event_eapol_log(struct sk_buff *skb, enum qdf_proto_dir dir)
 {}
 #endif
 
+/*
+ * As of the 4.7 kernel, net_device->trans_start is removed. Create shims to
+ * support compiling against older versions of the kernel.
+ */
+#if (LINUX_VERSION_CODE < KERNEL_VERSION(4, 7, 0))
+static inline void netif_trans_update(struct net_device *dev)
+{
+	dev->trans_start = jiffies;
+}
+
+#define TX_TIMEOUT_TRACE(dev, module_id) QDF_TRACE( \
+	module_id, QDF_TRACE_LEVEL_ERROR, \
+	"%s: Transmission timeout occurred jiffies %lu trans_start %lu", \
+	__func__, jiffies, dev->trans_start)
+#else
+#define TX_TIMEOUT_TRACE(dev, module_id) QDF_TRACE( \
+	module_id, QDF_TRACE_LEVEL_ERROR, \
+	"%s: Transmission timeout occurred jiffies %lu", \
+	__func__, jiffies)
+#endif
+
 #endif /* end #if !defined(WLAN_HDD_TX_RX_H) */

core/hdd/src/wlan_hdd_assoc.c

@@ -63,6 +63,7 @@
 #include "cdp_txrx_flow_ctrl_legacy.h"
 #include "cdp_txrx_peer_ops.h"
 #include "wlan_hdd_napi.h"
+#include <wlan_logging_sock_svc.h>
 
 /* These are needed to recognize WPA and RSN suite types */
 #define HDD_WPA_OUI_SIZE 4
@@ -1537,6 +1538,8 @@ static QDF_STATUS hdd_dis_connect_handler(hdd_adapter_t *pAdapter,
 
 	hdd_clear_roam_profile_ie(pAdapter);
 	hdd_wmm_init(pAdapter);
+	hdd_info("Invoking packetdump deregistration API");
+	wlan_deregister_txrx_packetdump();
 
 	/* indicate 'disconnect' status to wpa_supplicant... */
 	hdd_send_association_event(dev, pRoamInfo);
@@ -2800,6 +2803,9 @@ static QDF_STATUS hdd_association_completion_handler(hdd_adapter_t *pAdapter,
 				       MAC_ADDR_ARRAY(pWextState->req_bssId.bytes),
 				       roamResult, roamStatus);
 
+			hdd_err("Invoking packetdump deregistration API");
+			wlan_deregister_txrx_packetdump();
+
 			/* inform association failure event to nl80211 */
 			if (eCSR_ROAM_RESULT_ASSOC_FAIL_CON_CHANNEL ==
 			    roamResult) {
@@ -2998,10 +3004,10 @@ static void hdd_roam_ibss_indication_handler(hdd_adapter_t *pAdapter,
 
 			if (chan_no <= 14)
 				freq = ieee80211_channel_to_frequency(chan_no,
-					  IEEE80211_BAND_2GHZ);
+					  NL80211_BAND_2GHZ);
 			else
 				freq = ieee80211_channel_to_frequency(chan_no,
-					  IEEE80211_BAND_5GHZ);
+					  NL80211_BAND_5GHZ);
 
 			chan = ieee80211_get_channel(pAdapter->wdev.wiphy, freq);
 

core/hdd/src/wlan_hdd_cfg.c

@@ -6876,7 +6876,6 @@ QDF_STATUS hdd_set_sme_config(hdd_context_t *pHddCtx)
 			  "%s: unable to allocate smeConfig", __func__);
 		return QDF_STATUS_E_NOMEM;
 	}
-	qdf_mem_zero(smeConfig, sizeof(*smeConfig));
 
 	QDF_TRACE(QDF_MODULE_ID_HDD, QDF_TRACE_LEVEL_INFO_HIGH,
 		  "%s bWmmIsEnabled=%d 802_11e_enabled=%d dot11Mode=%d",

core/hdd/src/wlan_hdd_cfg80211.c

@@ -118,7 +118,7 @@
 #define IBSS_CFG_PROTECTION_ENABLE_MASK 0x8282
 
 #define HDD2GHZCHAN(freq, chan, flag)   {     \
-		.band =  IEEE80211_BAND_2GHZ, \
+		.band =  NL80211_BAND_2GHZ, \
 		.center_freq = (freq), \
 		.hw_value = (chan), \
 		.flags = (flag), \
@@ -127,7 +127,7 @@
 }
 
 #define HDD5GHZCHAN(freq, chan, flag)   {     \
-		.band =  IEEE80211_BAND_5GHZ, \
+		.band =  NL80211_BAND_5GHZ, \
 		.center_freq = (freq), \
 		.hw_value = (chan), \
 		.flags = (flag), \
@@ -265,7 +265,7 @@ static struct ieee80211_rate a_mode_rates[] = {
 static struct ieee80211_supported_band wlan_hdd_band_2_4_ghz = {
 	.channels = NULL,
 	.n_channels = ARRAY_SIZE(hdd_channels_2_4_ghz),
-	.band = IEEE80211_BAND_2GHZ,
+	.band = NL80211_BAND_2GHZ,
 	.bitrates = g_mode_rates,
 	.n_bitrates = g_mode_rates_size,
 	.ht_cap.ht_supported = 1,
@@ -284,7 +284,7 @@ static struct ieee80211_supported_band wlan_hdd_band_2_4_ghz = {
 static struct ieee80211_supported_band wlan_hdd_band_5_ghz = {
 	.channels = NULL,
 	.n_channels = ARRAY_SIZE(hdd_channels_5_ghz),
-	.band = IEEE80211_BAND_5GHZ,
+	.band = NL80211_BAND_5GHZ,
 	.bitrates = a_mode_rates,
 	.n_bitrates = a_mode_rates_size,
 	.ht_cap.ht_supported = 1,
@@ -1621,7 +1621,7 @@ out:
 		if (temp_skbuff != NULL)
 			return cfg80211_vendor_cmd_reply(temp_skbuff);
 	}
-
+	wlan_hdd_undo_acs(adapter);
 	clear_bit(ACS_IN_PROGRESS, &hdd_ctx->g_event_flags);
 
 	return status;
@@ -1653,6 +1653,26 @@ static int wlan_hdd_cfg80211_do_acs(struct wiphy *wiphy,
 	return ret;
 }
 
+/**
+ * wlan_hdd_undo_acs : Do cleanup of DO_ACS
+ * @adapter:  Pointer to adapter struct
+ *
+ * This function handle cleanup of what was done in DO_ACS, including free
+ * memory.
+ *
+ * Return: void
+ */
+
+void wlan_hdd_undo_acs(hdd_adapter_t *adapter)
+{
+	if (adapter == NULL)
+		return;
+	if (adapter->sessionCtx.ap.sapConfig.acs_cfg.ch_list) {
+		qdf_mem_free(adapter->sessionCtx.ap.sapConfig.acs_cfg.ch_list);
+		adapter->sessionCtx.ap.sapConfig.acs_cfg.ch_list = NULL;
+	}
+}
+
 /**
  * wlan_hdd_cfg80211_start_pending_acs : Start pending ACS procedure for SAP
  * @work:  Linux workqueue struct pointer for ACS work
@@ -3889,6 +3909,11 @@ wlan_hdd_wifi_config_policy[QCA_WLAN_VENDOR_ATTR_CONFIG_MAX + 1] = {
 	[QCA_WLAN_VENDOR_ATTR_CONFIG_CHANNEL_AVOIDANCE_IND] = {.type = NLA_U8 },
 	[QCA_WLAN_VENDOR_ATTR_CONFIG_TX_MPDU_AGGREGATION] = {.type = NLA_U8 },
 	[QCA_WLAN_VENDOR_ATTR_CONFIG_RX_MPDU_AGGREGATION] = {.type = NLA_U8 },
+	[QCA_WLAN_VENDOR_ATTR_CONFIG_NON_AGG_RETRY] = {.type = NLA_U8 },
+	[QCA_WLAN_VENDOR_ATTR_CONFIG_AGG_RETRY] = {.type = NLA_U8 },
+	[QCA_WLAN_VENDOR_ATTR_CONFIG_MGMT_RETRY] = {.type = NLA_U8 },
+	[QCA_WLAN_VENDOR_ATTR_CONFIG_CTRL_RETRY] = {.type = NLA_U8 },
+	[QCA_WLAN_VENDOR_ATTR_CONFIG_PROPAGATION_DELAY] = {.type = NLA_U8 },
 };
 
 /**
@@ -3959,6 +3984,8 @@ __wlan_hdd_cfg80211_wifi_configuration_set(struct wiphy *wiphy,
 	uint8_t *scan_ie;
 	struct sir_set_tx_rx_aggregation_size request;
 	QDF_STATUS qdf_status;
+	uint8_t retry, delay;
+	int param_id;
 
 	ENTER_DEV(dev);
 
@@ -4068,6 +4095,57 @@ __wlan_hdd_cfg80211_wifi_configuration_set(struct wiphy *wiphy,
 			access_policy);
 	}
 
+	if (tb[QCA_WLAN_VENDOR_ATTR_CONFIG_NON_AGG_RETRY]) {
+		retry = nla_get_u8(tb[
+				QCA_WLAN_VENDOR_ATTR_CONFIG_NON_AGG_RETRY]);
+		retry = retry > CFG_NON_AGG_RETRY_MAX ?
+				CFG_NON_AGG_RETRY_MAX : retry;
+		param_id = WMI_PDEV_PARAM_NON_AGG_SW_RETRY_TH;
+		ret_val = wma_cli_set_command(adapter->sessionId, param_id,
+					      retry, PDEV_CMD);
+	}
+
+	if (tb[QCA_WLAN_VENDOR_ATTR_CONFIG_AGG_RETRY]) {
+		retry = nla_get_u8(tb[QCA_WLAN_VENDOR_ATTR_CONFIG_AGG_RETRY]);
+		retry = retry > CFG_AGG_RETRY_MAX ?
+			CFG_AGG_RETRY_MAX : retry;
+
+		/* Value less than CFG_AGG_RETRY_MIN has side effect to t-put */
+		retry = ((retry > 0) && (retry < CFG_AGG_RETRY_MIN)) ?
+				CFG_AGG_RETRY_MIN : retry;
+		param_id = WMI_PDEV_PARAM_AGG_SW_RETRY_TH;
+		ret_val = wma_cli_set_command(adapter->sessionId, param_id,
+					      retry, PDEV_CMD);
+	}
+
+	if (tb[QCA_WLAN_VENDOR_ATTR_CONFIG_MGMT_RETRY]) {
+		retry = nla_get_u8(tb[QCA_WLAN_VENDOR_ATTR_CONFIG_MGMT_RETRY]);
+		retry = retry > CFG_MGMT_RETRY_MAX ?
+				CFG_MGMT_RETRY_MAX : retry;
+		param_id = WMI_PDEV_PARAM_MGMT_RETRY_LIMIT;
+		ret_val = wma_cli_set_command(adapter->sessionId, param_id,
+					      retry, PDEV_CMD);
+	}
+
+	if (tb[QCA_WLAN_VENDOR_ATTR_CONFIG_CTRL_RETRY]) {
+		retry = nla_get_u8(tb[QCA_WLAN_VENDOR_ATTR_CONFIG_CTRL_RETRY]);
+		retry = retry > CFG_CTRL_RETRY_MAX ?
+				CFG_CTRL_RETRY_MAX : retry;
+		param_id = WMI_PDEV_PARAM_CTRL_RETRY_LIMIT;
+		ret_val = wma_cli_set_command(adapter->sessionId, param_id,
+					      retry, PDEV_CMD);
+	}
+
+	if (tb[QCA_WLAN_VENDOR_ATTR_CONFIG_PROPAGATION_DELAY]) {
+		delay = nla_get_u8(tb[
+				QCA_WLAN_VENDOR_ATTR_CONFIG_PROPAGATION_DELAY]);
+		delay = delay > CFG_PROPAGATION_DELAY_MAX ?
+				CFG_PROPAGATION_DELAY_MAX : delay;
+		param_id = WMI_PDEV_PARAM_PROPAGATION_DELAY;
+		ret_val = wma_cli_set_command(adapter->sessionId, param_id,
+					      delay, PDEV_CMD);
+	}
+
 	if (vendor_ie_present && access_policy_present) {
 		if (access_policy == QCA_ACCESS_POLICY_DENY_UNLESS_LISTED) {
 			access_policy =
@@ -4287,6 +4365,9 @@ static int __wlan_hdd_cfg80211_wifi_logger_start(struct wiphy *wiphy,
 			tb[QCA_WLAN_VENDOR_ATTR_WIFI_LOGGER_FLAGS]);
 	hdd_info("is_iwpriv_command =%d", start_log.is_iwpriv_command);
 
+	/* size is buff size which can be set using iwpriv command*/
+	start_log.size = 0;
+
 	cds_set_ring_log_level(start_log.ring_id, start_log.verbose_level);
 
 	if (start_log.ring_id == RING_ID_WAKELOCK) {
@@ -5184,11 +5265,11 @@ static int __wlan_hdd_cfg80211_get_preferred_freq_list(struct wiphy *wiphy,
 		if (pcl[i] <= ARRAY_SIZE(hdd_channels_2_4_ghz))
 			freq_list[i] =
 				ieee80211_channel_to_frequency(pcl[i],
-							IEEE80211_BAND_2GHZ);
+							NL80211_BAND_2GHZ);
 		else
 			freq_list[i] =
 				ieee80211_channel_to_frequency(pcl[i],
-							IEEE80211_BAND_5GHZ);
+							NL80211_BAND_5GHZ);
 	}
 
 	/* send the freq_list back to supplicant */
@@ -6404,7 +6485,6 @@ static int hdd_set_reset_bpf_offload(hdd_context_t *hdd_ctx,
 		hdd_err("qdf_mem_malloc failed for bpf_set_offload");
 		return -ENOMEM;
 	}
-	qdf_mem_zero(bpf_set_offload, sizeof(*bpf_set_offload));
 
 	/* Parse and fetch bpf packet size */
 	if (!tb[BPF_PACKET_SIZE]) {
@@ -8545,7 +8625,7 @@ int wlan_hdd_cfg80211_update_band(struct wiphy *wiphy, eCsrBand eBand)
 
 	ENTER();
 
-	for (i = 0; i < IEEE80211_NUM_BANDS; i++) {
+	for (i = 0; i < NUM_NL80211_BANDS; i++) {
 
 		if (NULL == wiphy->bands[i])
 			continue;
@@ -8557,7 +8637,7 @@ int wlan_hdd_cfg80211_update_band(struct wiphy *wiphy, eCsrBand eBand)
 				cds_get_channel_state(band->channels[j].
 								 hw_value);
 
-			if (IEEE80211_BAND_2GHZ == i && eCSR_BAND_5G == eBand) {
+			if (NL80211_BAND_2GHZ == i && eCSR_BAND_5G == eBand) {
 				/* 5G only */
 #ifdef WLAN_ENABLE_SOCIAL_CHANNELS_5G_ONLY
 				/* Enable Social channels for P2P */
@@ -8572,7 +8652,7 @@ int wlan_hdd_cfg80211_update_band(struct wiphy *wiphy, eCsrBand eBand)
 				band->channels[j].flags |=
 					IEEE80211_CHAN_DISABLED;
 				continue;
-			} else if (IEEE80211_BAND_5GHZ == i &&
+			} else if (NL80211_BAND_5GHZ == i &&
 					eCSR_BAND_24 == eBand) {
 				/* 2G only */
 				band->channels[j].flags |=
@@ -8732,14 +8812,14 @@ int wlan_hdd_cfg80211_init(struct device *dev,
 	 * wiphy flags don't get reset because of static memory.
 	 * It's better not to store channel in static memory.
 	 */
-	wiphy->bands[IEEE80211_BAND_2GHZ] = &wlan_hdd_band_2_4_ghz;
-	wiphy->bands[IEEE80211_BAND_2GHZ]->channels =
+	wiphy->bands[NL80211_BAND_2GHZ] = &wlan_hdd_band_2_4_ghz;
+	wiphy->bands[NL80211_BAND_2GHZ]->channels =
 		qdf_mem_malloc(sizeof(hdd_channels_2_4_ghz));
-	if (wiphy->bands[IEEE80211_BAND_2GHZ]->channels == NULL) {
+	if (wiphy->bands[NL80211_BAND_2GHZ]->channels == NULL) {
 		hdd_err("Not enough memory to allocate channels");
 		return -ENOMEM;
 	}
-	qdf_mem_copy(wiphy->bands[IEEE80211_BAND_2GHZ]->channels,
+	qdf_mem_copy(wiphy->bands[NL80211_BAND_2GHZ]->channels,
 			&hdd_channels_2_4_ghz[0],
 			sizeof(hdd_channels_2_4_ghz));
 	if ((hdd_is_5g_supported(pHddCtx)) &&
@@ -8747,22 +8827,22 @@ int wlan_hdd_cfg80211_init(struct device *dev,
 		 (eHDD_DOT11_MODE_11g != pCfg->dot11Mode) &&
 		 (eHDD_DOT11_MODE_11b_ONLY != pCfg->dot11Mode) &&
 		 (eHDD_DOT11_MODE_11g_ONLY != pCfg->dot11Mode))) {
-		wiphy->bands[IEEE80211_BAND_5GHZ] = &wlan_hdd_band_5_ghz;
-		wiphy->bands[IEEE80211_BAND_5GHZ]->channels =
+		wiphy->bands[NL80211_BAND_5GHZ] = &wlan_hdd_band_5_ghz;
+		wiphy->bands[NL80211_BAND_5GHZ]->channels =
 			qdf_mem_malloc(sizeof(hdd_channels_5_ghz));
-		if (wiphy->bands[IEEE80211_BAND_5GHZ]->channels == NULL) {
+		if (wiphy->bands[NL80211_BAND_5GHZ]->channels == NULL) {
 			hdd_err("Not enough memory to allocate channels");
 			qdf_mem_free(wiphy->
-				bands[IEEE80211_BAND_2GHZ]->channels);
-			wiphy->bands[IEEE80211_BAND_2GHZ]->channels = NULL;
+				bands[NL80211_BAND_2GHZ]->channels);
+			wiphy->bands[NL80211_BAND_2GHZ]->channels = NULL;
 			return -ENOMEM;
 		}
-		qdf_mem_copy(wiphy->bands[IEEE80211_BAND_5GHZ]->channels,
+		qdf_mem_copy(wiphy->bands[NL80211_BAND_5GHZ]->channels,
 			&hdd_channels_5_ghz[0],
 			sizeof(hdd_channels_5_ghz));
 	}
 
-	for (i = 0; i < IEEE80211_NUM_BANDS; i++) {
+	for (i = 0; i < NUM_NL80211_BANDS; i++) {
 
 		if (NULL == wiphy->bands[i])
 			continue;
@@ -8770,7 +8850,7 @@ int wlan_hdd_cfg80211_init(struct device *dev,
 		for (j = 0; j < wiphy->bands[i]->n_channels; j++) {
 			struct ieee80211_supported_band *band = wiphy->bands[i];
 
-			if (IEEE80211_BAND_2GHZ == i &&
+			if (NL80211_BAND_2GHZ == i &&
 				eCSR_BAND_5G == pCfg->nBandCapability) {
 				/* 5G only */
 #ifdef WLAN_ENABLE_SOCIAL_CHANNELS_5G_ONLY
@@ -8784,7 +8864,7 @@ int wlan_hdd_cfg80211_init(struct device *dev,
 				band->channels[j].flags |=
 					IEEE80211_CHAN_DISABLED;
 				continue;
-			} else if (IEEE80211_BAND_5GHZ == i &&
+			} else if (NL80211_BAND_5GHZ == i &&
 					eCSR_BAND_24 == pCfg->nBandCapability) {
 				/* 2G only */
 				band->channels[j].flags |=
@@ -8841,7 +8921,7 @@ void wlan_hdd_cfg80211_deinit(struct wiphy *wiphy)
 {
 	int i;
 
-	for (i = 0; i < IEEE80211_NUM_BANDS; i++) {
+	for (i = 0; i < NUM_NL80211_BANDS; i++) {
 		if (NULL != wiphy->bands[i] &&
 		   (NULL != wiphy->bands[i]->channels)) {
 			qdf_mem_free(wiphy->bands[i]->channels);
@@ -9154,7 +9234,6 @@ static void wlan_hdd_set_dhcp_server_offload(hdd_adapter_t *pHostapdAdapter)
 		hdd_err("could not allocate tDhcpSrvOffloadInfo!");
 		return;
 	}
-	qdf_mem_zero(pDhcpSrvInfo, sizeof(*pDhcpSrvInfo));
 	pDhcpSrvInfo->vdev_id = pHostapdAdapter->sessionId;
 	pDhcpSrvInfo->dhcpSrvOffloadEnabled = true;
 	pDhcpSrvInfo->dhcpClientNum = pHddCtx->config->dhcpMaxNumClients;
@@ -10613,15 +10692,15 @@ struct cfg80211_bss *wlan_hdd_cfg80211_inform_bss_frame(hdd_adapter_t *pAdapter,
 	}
 
 	if (chan_no <= ARRAY_SIZE(hdd_channels_2_4_ghz) &&
-	    (wiphy->bands[IEEE80211_BAND_2GHZ] != NULL)) {
+	    (wiphy->bands[NL80211_BAND_2GHZ] != NULL)) {
 		freq =
 			ieee80211_channel_to_frequency(chan_no,
-						       IEEE80211_BAND_2GHZ);
+						       NL80211_BAND_2GHZ);
 	} else if ((chan_no > ARRAY_SIZE(hdd_channels_2_4_ghz))
-		   && (wiphy->bands[IEEE80211_BAND_5GHZ] != NULL)) {
+		   && (wiphy->bands[NL80211_BAND_5GHZ] != NULL)) {
 		freq =
 			ieee80211_channel_to_frequency(chan_no,
-						       IEEE80211_BAND_5GHZ);
+						       NL80211_BAND_5GHZ);
 	} else {
 		hdd_err("Invalid chan_no %d", chan_no);
 		kfree(mgmt);
@@ -11415,7 +11494,6 @@ static int wlan_hdd_cfg80211_connect_start(hdd_adapter_t *pAdapter,
 					eConnectionState_NotConnected);
 			return -ENOMEM;
 		}
-		qdf_mem_zero(sme_config, sizeof(*sme_config));
 		sme_get_config_param(pHddCtx->hHal, sme_config);
 		/* These values are not sessionized. So, any change in these SME
 		 * configs on an older or parallel interface will affect the

core/hdd/src/wlan_hdd_cfg80211.h

@@ -2325,6 +2325,13 @@ enum qca_wlan_vendor_acs_hw_mode {
 	QCA_ACS_MODE_IEEE80211ANY,
 };
 
+#define CFG_NON_AGG_RETRY_MAX                  (31)
+#define CFG_AGG_RETRY_MAX                      (31)
+#define CFG_MGMT_RETRY_MAX                     (31)
+#define CFG_CTRL_RETRY_MAX                     (31)
+#define CFG_PROPAGATION_DELAY_MAX              (63)
+#define CFG_AGG_RETRY_MIN                      (5)
+
 /**
  * enum qca_access_policy - access control policy
  *
@@ -2370,6 +2377,13 @@ enum qca_ignore_assoc_disallowed {
  *      Tx aggregation size (8-bit unsigned value)
  * @QCA_WLAN_VENDOR_ATTR_CONFIG_RX_MPDU_AGGREGATION:
  *       Rx aggregation size (8-bit unsigned value)
+ * @QCA_WLAN_VENDOR_ATTR_CONFIG_NON_AGG_RETRY:
+ *                                   Non aggregrate/11g sw retry threshold
+ * @QCA_WLAN_VENDOR_ATTR_CONFIG_AGG_RETRY: aggregrate sw retry threshold
+ * @QCA_WLAN_VENDOR_ATTR_CONFIG_MGMT_RETRY: management frame sw retry threshold
+ * @QCA_WLAN_VENDOR_ATTR_CONFIG_CTRL_RETRY: control frame sw retry threshold
+ * @QCA_WLAN_VENDOR_ATTR_CONFIG_PROPAGATION_DELAY:
+ *			     propagation delay for 2G/5G band (units in us)
  * @QCA_WLAN_VENDOR_ATTR_CONFIG_SCAN_DEFAULT_IES: Update the default scan IEs
  * @QCA_WLAN_VENDOR_ATTR_CONFIG_GENERIC_COMMAND:
  *                         Unsigned 32-bit value attribute for generic commands
@@ -2406,6 +2420,22 @@ enum qca_wlan_vendor_config {
 	QCA_WLAN_VENDOR_ATTR_CONFIG_TX_MPDU_AGGREGATION,
 	QCA_WLAN_VENDOR_ATTR_CONFIG_RX_MPDU_AGGREGATION,
 
+	/* 8-bit unsigned value to configure the Non aggregrate/11g sw
+	 * retry threshold (0 disable, 31 max). */
+	QCA_WLAN_VENDOR_ATTR_CONFIG_NON_AGG_RETRY,
+	/* 8-bit unsigned value to configure the aggregrate sw
+	 * retry threshold (0 disable, 31 max). */
+	QCA_WLAN_VENDOR_ATTR_CONFIG_AGG_RETRY,
+	/* 8-bit unsigned value to configure the MGMT frame
+	 * retry threshold (0 disable, 31 max). */
+	QCA_WLAN_VENDOR_ATTR_CONFIG_MGMT_RETRY,
+	/* 8-bit unsigned value to configure the CTRL frame
+	 * retry threshold (0 disable, 31 max). */
+	QCA_WLAN_VENDOR_ATTR_CONFIG_CTRL_RETRY,
+	/* 8-bit unsigned value to configure the propagation delay for
+	 * 2G/5G band (0~63, units in us) */
+	QCA_WLAN_VENDOR_ATTR_CONFIG_PROPAGATION_DELAY,
+
 	/* Attribute used to set scan default IEs to the driver.
 	*
 	* These IEs can be used by scan operations that will be initiated by
@@ -3194,4 +3224,13 @@ static inline void wlan_hdd_cfg80211_indicate_disconnect(struct net_device *dev,
 #endif
 struct cfg80211_bss *wlan_hdd_cfg80211_inform_bss_frame(hdd_adapter_t *pAdapter,
 						tSirBssDescription *bss_desc);
+
+/*
+ * As of 4.7, ieee80211_band is removed; add shims so we can reference
+ * nl80211_band instead
+  */
+#if (LINUX_VERSION_CODE < KERNEL_VERSION(4, 7, 0))
+#define NUM_NL80211_BANDS ((enum nl80211_band)IEEE80211_NUM_BANDS)
+#endif
+
 #endif

core/hdd/src/wlan_hdd_driver_ops.c

@@ -650,8 +650,13 @@ static int __wlan_hdd_bus_resume(void)
 {
 	hdd_context_t *hdd_ctx = cds_get_context(QDF_MODULE_ID_HDD);
 	void *hif_ctx;
-	int status = wlan_hdd_validate_context(hdd_ctx);
+	int status;
+	QDF_STATUS qdf_status;
+
+	if (cds_is_driver_recovering())
+		return 0;
 
+	status = wlan_hdd_validate_context(hdd_ctx);
 	if (status)
 		return status;
 
@@ -665,15 +670,28 @@ static int __wlan_hdd_bus_resume(void)
 		return -EINVAL;
 
 	status = hif_bus_resume(hif_ctx);
-	QDF_BUG(!status);
+	if (status)
+		goto out;
 
 	status = wma_bus_resume();
-	QDF_BUG(!status);
+	if (status)
+		goto out;
 
-	status = ol_txrx_bus_resume();
-	QDF_BUG(!status);
+	qdf_status = ol_txrx_bus_resume();
+	status = qdf_status_to_os_return(qdf_status);
+	if (status)
+		goto out;
 
 	hdd_info("resume done");
+
+	return 0;
+
+out:
+	if (cds_is_driver_recovering())
+		return 0;
+
+	QDF_BUG(false);
+
 	return status;
 }
 
@@ -701,8 +719,12 @@ static int __wlan_hdd_bus_resume_noirq(void)
 {
 	hdd_context_t *hdd_ctx = cds_get_context(QDF_MODULE_ID_HDD);
 	void *hif_ctx;
-	int status = wlan_hdd_validate_context(hdd_ctx);
+	int status;
+
+	if (cds_is_driver_recovering())
+		return 0;
 
+	status = wlan_hdd_validate_context(hdd_ctx);
 	if (status) {
 		hdd_err("Invalid HDD context: %d", status);
 		return status;

core/hdd/src/wlan_hdd_ext_scan.c

@@ -230,7 +230,7 @@ static int hdd_extscan_nl_fill_bss(struct sk_buff *skb, tSirWifiScanResult *ap,
 	if (!nla_ap)
 		return -EINVAL;
 
-	if (nla_put_u64(skb, PARAM_TIME_STAMP, ap->ts) ||
+	if (hdd_wlan_nla_put_u64(skb, PARAM_TIME_STAMP, ap->ts) ||
 	    nla_put(skb, PARAM_SSID, sizeof(ap->ssid), ap->ssid) ||
 	    nla_put(skb, PARAM_BSSID, sizeof(ap->bssid), ap->bssid.bytes) ||
 	    nla_put_u32(skb, PARAM_CHANNEL, ap->channel) ||
@@ -591,7 +591,7 @@ wlan_hdd_cfg80211_extscan_hotlist_match_ind(void *ctx,
 			if (!ap)
 				goto fail;
 
-			if (nla_put_u64(skb,
+			if (hdd_wlan_nla_put_u64(skb,
 				QCA_WLAN_VENDOR_ATTR_EXTSCAN_RESULTS_SCAN_RESULT_TIME_STAMP,
 				data->ap[i].ts) ||
 			    nla_put(skb,
@@ -837,7 +837,7 @@ wlan_hdd_cfg80211_extscan_full_scan_result_event(void *ctx,
 	if (nla_put_u32(skb,
 		QCA_WLAN_VENDOR_ATTR_EXTSCAN_RESULTS_REQUEST_ID,
 		pData->requestId) ||
-	    nla_put_u64(skb,
+	    hdd_wlan_nla_put_u64(skb,
 		QCA_WLAN_VENDOR_ATTR_EXTSCAN_RESULTS_SCAN_RESULT_TIME_STAMP,
 		pData->ap.ts) ||
 	    nla_put(skb,
@@ -1383,7 +1383,7 @@ wlan_hdd_cfg80211_extscan_hotlist_ssid_match_ind(void *ctx,
 				goto fail;
 			}
 
-			if (nla_put_u64(skb,
+			if (hdd_wlan_nla_put_u64(skb,
 					QCA_WLAN_VENDOR_ATTR_EXTSCAN_RESULTS_SCAN_RESULT_TIME_STAMP,
 					event->ap[i].ts) ||
 			    nla_put(skb,
@@ -2455,7 +2455,7 @@ static void hdd_remove_indoor_channels(struct wiphy *wiphy, uint32_t *chan_list,
 	int i, j, k;
 
 	for (i = 0; i < *num_channels; i++)
-		for (j = 0; j < IEEE80211_NUM_BANDS; j++) {
+		for (j = 0; j < NUM_NL80211_BANDS; j++) {
 			if (wiphy->bands[j] == NULL)
 				continue;
 			for (k = 0; k < wiphy->bands[j]->n_channels; k++) {
@@ -3894,7 +3894,6 @@ static int __wlan_hdd_cfg80211_set_epno_list(struct wiphy *wiphy,
 		hdd_err("qdf_mem_malloc failed");
 		return -ENOMEM;
 	}
-	qdf_mem_zero(req_msg, len);
 	req_msg->num_networks = num_networks;
 
 	/* Parse and fetch request Id */

core/hdd/src/wlan_hdd_green_ap.c

@@ -315,7 +315,6 @@ static QDF_STATUS hdd_green_ap_attach(struct hdd_context_s *hdd_ctx)
 		goto error;
 	}
 
-	qdf_mem_zero(green_ap, sizeof(*green_ap));
 	green_ap->ps_state = GREEN_AP_PS_OFF_STATE;
 	green_ap->ps_event = 0;
 	green_ap->num_nodes = 0;

core/hdd/src/wlan_hdd_hostapd.c

@@ -1049,11 +1049,15 @@ QDF_STATUS hdd_hostapd_sap_event_cb(tpSap_Event pSapEvent,
 
 		pHostapdState->qdf_status =
 			pSapEvent->sapevt.sapStartBssCompleteEvent.status;
-		qdf_status = qdf_event_set(&pHostapdState->qdf_event);
-
-		if (!QDF_IS_STATUS_SUCCESS(qdf_status)
-		    || pHostapdState->qdf_status) {
+		if (pHostapdState->qdf_status) {
 			hdd_err("ERROR: startbss event failed!!");
+			/*
+			 * Make sure to set the event before proceeding
+			 * for error handling otherwise caller thread will
+			 * wait till 10 secs and no other connection will
+			 * go through before that.
+			 */
+			qdf_event_set(&pHostapdState->qdf_event);
 			goto stopbss;
 		} else {
 			sme_ch_avoid_update_req(pHddCtx->hHal);
@@ -1084,6 +1088,13 @@ QDF_STATUS hdd_hostapd_sap_event_cb(tpSap_Event pSapEvent,
 					pHostapdAdapter->dev->dev_addr);
 			if (status) {
 				hdd_err("WLAN_AP_CONNECT event failed!!");
+				/*
+				 * Make sure to set the event before proceeding
+				 * for error handling otherwise caller thread
+				 * will wait till 10 secs and no other
+				 * connection will go through before that.
+				 */
+				qdf_event_set(&pHostapdState->qdf_event);
 				goto stopbss;
 			}
 		}
@@ -1209,6 +1220,17 @@ QDF_STATUS hdd_hostapd_sap_event_cb(tpSap_Event pSapEvent,
 				hdd_info("set hw mode change not done");
 			cds_set_do_hw_mode_change_flag(false);
 		}
+		/*
+		 * set this event at the very end because once this events
+		 * get set, caller thread is waiting to do further processing.
+		 * so once this event gets set, current worker thread might get
+		 * pre-empted by caller thread.
+		 */
+		qdf_status = qdf_event_set(&pHostapdState->qdf_event);
+		if (!QDF_IS_STATUS_SUCCESS(qdf_status)) {
+			hdd_err("ERROR: startbss event set failed!!");
+			goto stopbss;
+		}
 		break;          /* Event will be sent after Switch-Case stmt */
 
 	case eSAP_STOP_BSS_EVENT:
@@ -1532,7 +1554,6 @@ QDF_STATUS hdd_hostapd_sap_event_cb(tpSap_Event pSapEvent,
 				hdd_err("Failed to allocate station info");
 				return QDF_STATUS_E_FAILURE;
 			}
-			memset(sta_info, 0, sizeof(*sta_info));
 			if (iesLen <= MAX_ASSOC_IND_IE_LEN) {
 				sta_info->assoc_req_ies =
 					(const u8 *)&pSapEvent->sapevt.
@@ -3603,8 +3624,13 @@ static __iw_softap_set_pktlog(struct net_device *dev,
 	if (NULL == value)
 		return -ENOMEM;
 
+	if (wrqu->data.length < 1 || wrqu->data.length > 2) {
+		hdd_err("pktlog: either 1 or 2 parameters are required");
+		return -EINVAL;
+	}
+
 	hdd_ctx = WLAN_HDD_GET_CTX(pHostapdAdapter);
-	return hdd_process_pktlog_command(hdd_ctx, value[0]);
+	return hdd_process_pktlog_command(hdd_ctx, value[0], value[1]);
 }
 
 int
@@ -5488,7 +5514,7 @@ static const struct iw_priv_args hostapd_private_args[] = {
 	,
 	{
 		QCSAP_IOCTL_SET_PKTLOG,
-		IW_PRIV_TYPE_INT | IW_PRIV_SIZE_FIXED | 1,
+		IW_PRIV_TYPE_INT | MAX_VAR_ARGS,
 		0, "pktlog"
 	}
 	,
@@ -5818,6 +5844,11 @@ hdd_adapter_t *hdd_wlan_create_ap_dev(hdd_context_t *pHddCtx,
 		pWlanHostapdDev->mtu = HDD_DEFAULT_MTU;
 		pWlanHostapdDev->tx_queue_len = HDD_NETDEV_TX_QUEUE_LEN;
 
+		if (pHddCtx->config->enable_ip_tcp_udp_checksum_offload)
+			pWlanHostapdDev->features |=
+				NETIF_F_IP_CSUM | NETIF_F_IPV6_CSUM;
+		pWlanHostapdDev->features |= NETIF_F_RXCSUM;
+
 		qdf_mem_copy(pWlanHostapdDev->dev_addr, (void *)macAddr,
 			     sizeof(tSirMacAddr));
 		qdf_mem_copy(pHostapdAdapter->macAddressCurrent.bytes,
@@ -7594,21 +7625,8 @@ static int __wlan_hdd_cfg80211_stop_ap(struct wiphy *wiphy,
 
 	pHddCtx = WLAN_HDD_GET_CTX(pAdapter);
 	ret = wlan_hdd_validate_context(pHddCtx);
-	if (0 != ret) {
-		if (cds_is_driver_unloading()) {
-			/*
-			 * Unloading the driver so free the memory for ch_list,
-			 * otherwise it will result in memory leak
-			 */
-			if (pAdapter->sessionCtx.ap.sapConfig.acs_cfg.ch_list) {
-				qdf_mem_free(pAdapter->sessionCtx.ap.sapConfig.
-					acs_cfg.ch_list);
-				pAdapter->sessionCtx.ap.sapConfig.acs_cfg.
-					ch_list = NULL;
-			}
-		}
+	if (0 != ret)
 		return ret;
-	}
 
 	status = hdd_get_front_adapter(pHddCtx, &pAdapterNode);
 	while (NULL != pAdapterNode && QDF_STATUS_SUCCESS == status) {
@@ -7654,8 +7672,7 @@ static int __wlan_hdd_cfg80211_stop_ap(struct wiphy *wiphy,
 		qdf_spin_unlock(&pHddCtx->sap_update_info_lock);
 	}
 	pAdapter->sessionCtx.ap.sapConfig.acs_cfg.acs_mode = false;
-	if (pAdapter->sessionCtx.ap.sapConfig.acs_cfg.ch_list)
-		qdf_mem_free(pAdapter->sessionCtx.ap.sapConfig.acs_cfg.ch_list);
+	wlan_hdd_undo_acs(pAdapter);
 	qdf_mem_zero(&pAdapter->sessionCtx.ap.sapConfig.acs_cfg,
 						sizeof(struct sap_acs_cfg));
 	hdd_hostapd_stop(dev);
@@ -7827,7 +7844,6 @@ static int __wlan_hdd_cfg80211_start_ap(struct wiphy *wiphy,
 
 	pHddCtx = WLAN_HDD_GET_CTX(pAdapter);
 	status = wlan_hdd_validate_context(pHddCtx);
-
 	if (0 != status)
 		return status;
 
@@ -7835,6 +7851,12 @@ static int __wlan_hdd_cfg80211_start_ap(struct wiphy *wiphy,
 	       hdd_device_mode_to_string(pAdapter->device_mode),
 	       pAdapter->device_mode);
 
+
+	if (cds_is_connection_in_progress()) {
+		hdd_err("Can't start BSS: connection is in progress");
+		return -EBUSY;
+	}
+
 	channel_width = wlan_hdd_get_channel_bw(params->chandef.width);
 	channel = ieee80211_frequency_to_channel(
 				params->chandef.chan->center_freq);
@@ -7901,6 +7923,16 @@ static int __wlan_hdd_cfg80211_start_ap(struct wiphy *wiphy,
 			return -EINVAL;
 		}
 	}
+	if (pAdapter->device_mode == QDF_P2P_GO_MODE) {
+		hdd_adapter_t  *p2p_adapter;
+		p2p_adapter = hdd_get_adapter(pHddCtx, QDF_P2P_DEVICE_MODE);
+		if (p2p_adapter) {
+			hdd_info("cancel active p2p device ROC before GO "
+				"starting");
+			wlan_hdd_cancel_existing_remain_on_channel(
+				p2p_adapter);
+		}
+	}
 
 	if ((pAdapter->device_mode == QDF_SAP_MODE)
 	    || (pAdapter->device_mode == QDF_P2P_GO_MODE)

core/hdd/src/wlan_hdd_ioctl.c

@@ -1162,7 +1162,6 @@ hdd_sendactionframe(hdd_adapter_t *adapter, const uint8_t *bssid,
 		ret = -ENOMEM;
 		goto exit;
 	}
-	qdf_mem_zero(frame, frame_len);
 
 	hdr = (struct ieee80211_hdr_3addr *)frame;
 	hdr->frame_control =
@@ -2819,7 +2818,6 @@ static int hdd_parse_get_cckm_ie(uint8_t *pValue, uint8_t **pCckmIe,
 		hdd_err("qdf_mem_malloc failed");
 		return -ENOMEM;
 	}
-	qdf_mem_zero(*pCckmIe, (*pCckmIeLen + 1) / 2);
 	/*
 	 * the buffer received from the upper layer is character buffer,
 	 * we need to prepare the buffer taking 2 characters in to a U8 hex
@@ -3530,7 +3528,7 @@ static int drv_cmd_get_roam_scan_channels(hdd_adapter_t *adapter,
 	 */
 	len = scnprintf(extra, sizeof(extra), "%s %d", command,
 			numChannels);
-	for (j = 0; (j < numChannels); j++)
+	for (j = 0; (j < numChannels) && len <= sizeof(extra); j++)
 		len += scnprintf(extra + len, sizeof(extra) - len,
 				 " %d", ChannelList[j]);
 
@@ -4445,13 +4443,6 @@ static int drv_cmd_fast_reassoc(hdd_adapter_t *adapter,
 		goto exit;
 	}
 
-	/* Check channel number is a valid channel number */
-	if (QDF_STATUS_SUCCESS !=
-		wlan_hdd_validate_operation_channel(adapter, channel)) {
-		hdd_err("Invalid Channel [%d]", channel);
-		return -EINVAL;
-	}
-
 	/*
 	 * if the target bssid is same as currently associated AP,
 	 * issue reassoc to same AP
@@ -4462,7 +4453,8 @@ static int drv_cmd_fast_reassoc(hdd_adapter_t *adapter,
 		hdd_info("Reassoc BSSID is same as currently associated AP bssid");
 		if (roaming_offload_enabled(hdd_ctx)) {
 			hdd_wma_send_fastreassoc_cmd((int)adapter->sessionId,
-				targetApBssid, (int)channel);
+				targetApBssid,
+				pHddStaCtx->conn_info.operationChannel);
 		} else {
 			sme_get_modify_profile_fields(hdd_ctx->hHal,
 				adapter->sessionId,
@@ -4473,6 +4465,13 @@ static int drv_cmd_fast_reassoc(hdd_adapter_t *adapter,
 		return 0;
 	}
 
+	/* Check channel number is a valid channel number */
+	if (QDF_STATUS_SUCCESS !=
+		wlan_hdd_validate_operation_channel(adapter, channel)) {
+		hdd_err("Invalid Channel [%d]", channel);
+		return -EINVAL;
+	}
+
 	if (roaming_offload_enabled(hdd_ctx)) {
 		hdd_wma_send_fastreassoc_cmd((int)adapter->sessionId,
 					targetApBssid, (int)channel);
@@ -4854,7 +4853,6 @@ static int drv_cmd_set_ibss_beacon_oui_data(hdd_adapter_t *adapter,
 		ret = -ENOMEM;
 		goto exit;
 	}
-	qdf_mem_zero(ibss_ie, command_len);
 
 	ibss_ie_length = hdd_parse_set_ibss_oui_data_command(value, ibss_ie,
 							     &oui_length,

core/hdd/src/wlan_hdd_ipa.c

@@ -987,7 +987,7 @@ void hdd_ipa_uc_stat_request(hdd_adapter_t *adapter, uint8_t reason)
 		return;
 	}
 
-	HDD_IPA_LOG(LOG1, "STAT REQ Reason %d", reason);
+	HDD_IPA_LOG(LOGOFF, "STAT REQ Reason %d", reason);
 	qdf_mutex_acquire(&hdd_ipa->ipa_lock);
 	if ((HDD_IPA_UC_NUM_WDI_PIPE == hdd_ipa->activated_fw_pipe) &&
 		(false == hdd_ipa->resource_loading)) {
@@ -1603,20 +1603,12 @@ static void hdd_ipa_uc_offload_enable_disable(hdd_adapter_t *adapter,
 	if (!iface_context || (enable == iface_context->offload_enabled)) {
 		/* IPA offload status is already set as desired */
 		HDD_IPA_LOG(QDF_TRACE_LEVEL_ERROR,
-			    "offload_type=%d, vdev_id=%d, enable=%d",
+			    "IPA offload status is already set: \
+			    (offload_type=%d, vdev_id=%d, enable=%d)",
 			    offload_type, adapter->sessionId, enable);
-		WARN_ON(1);
 		return;
 	}
 
-	/* Lower layer may send multiple START_BSS_EVENT in DFS mode or during
-	 * channel change indication. Since these indications are sent by lower
-	 * layer as SAP updates and IPA doesn't have to do anything for these
-	 * updates so ignoring!
-	 */
-	if (QDF_SAP_MODE == adapter->device_mode && adapter->ipa_context)
-		return;
-
 	qdf_mem_zero(&ipa_offload_enable_disable,
 		sizeof(ipa_offload_enable_disable));
 	ipa_offload_enable_disable.offload_type = offload_type;
@@ -2290,10 +2282,10 @@ int hdd_ipa_set_perf_level(hdd_context_t *hdd_ctx, uint64_t tx_packets,
 	else
 		next_prod_bw = hdd_ctx->config->IpaLowBandwidthMbps;
 
-	HDD_IPA_LOG(LOG1,
+	HDD_IPA_LOG(LOGOFF,
 		"CONS perf curr: %d, next: %d",
 		hdd_ipa->curr_cons_bw, next_cons_bw);
-	HDD_IPA_LOG(LOG1,
+	HDD_IPA_LOG(LOGOFF,
 		"PROD perf curr: %d, next: %d",
 		hdd_ipa->curr_prod_bw, next_prod_bw);
 
@@ -3793,55 +3785,52 @@ static int __hdd_ipa_wlan_evt(hdd_adapter_t *adapter, uint8_t sta_id,
 	meta.msg_type = type;
 	switch (type) {
 	case WLAN_STA_CONNECT:
+		qdf_mutex_acquire(&hdd_ipa->event_lock);
+
 		/* STA already connected and without disconnect, connect again
 		 * This is Roaming scenario
 		 */
 		if (hdd_ipa->sta_connected)
 			hdd_ipa_cleanup_iface(adapter->ipa_context);
 
-		if (hdd_ipa_uc_sta_is_enabled(hdd_ipa->hdd_ctx) &&
-		    (hdd_ipa->sap_num_connected_sta > 0) &&
-		    !hdd_ipa->sta_connected)
-			hdd_ipa_uc_offload_enable_disable(adapter,
-				SIR_STA_RX_DATA_OFFLOAD, 1);
-
-		qdf_mutex_acquire(&hdd_ipa->event_lock);
-
 		ret = hdd_ipa_setup_iface(hdd_ipa, adapter, sta_id);
 		if (ret) {
 			qdf_mutex_release(&hdd_ipa->event_lock);
-			if (hdd_ipa_uc_sta_is_enabled(hdd_ipa->hdd_ctx) &&
-			    (hdd_ipa->sap_num_connected_sta > 0) &&
-			    !hdd_ipa->sta_connected)
-				hdd_ipa_uc_offload_enable_disable(adapter,
-					SIR_STA_RX_DATA_OFFLOAD, 0);
 			goto end;
 		}
 
+		if (hdd_ipa_uc_sta_is_enabled(hdd_ipa->hdd_ctx) &&
+		    (hdd_ipa->sap_num_connected_sta > 0) &&
+		    !hdd_ipa->sta_connected) {
+			qdf_mutex_release(&hdd_ipa->event_lock);
+			hdd_ipa_uc_offload_enable_disable(adapter,
+				SIR_STA_RX_DATA_OFFLOAD, 1);
+			qdf_mutex_acquire(&hdd_ipa->event_lock);
+		}
+
 		vdev_to_iface[adapter->sessionId] =
 			((struct hdd_ipa_iface_context *)
 			(adapter->ipa_context))->iface_id;
 
-		qdf_mutex_release(&hdd_ipa->event_lock);
-
 		hdd_ipa->sta_connected = 1;
+
+		qdf_mutex_release(&hdd_ipa->event_lock);
 		break;
 
 	case WLAN_AP_CONNECT:
+		qdf_mutex_acquire(&hdd_ipa->event_lock);
+
 		/* For DFS channel we get two start_bss event (before and after
 		 * CAC). Also when ACS range includes both DFS and non DFS
 		 * channels, we could possibly change channel many times due to
 		 * RADAR detection and chosen channel may not be a DFS channels.
 		 * So dont return error here. Just discard the event.
 		 */
-		if (adapter->ipa_context)
+		if (adapter->ipa_context) {
+			qdf_mutex_release(&hdd_ipa->event_lock);
 			return 0;
+		}
 
-		if (hdd_ipa_uc_is_enabled(hdd_ipa->hdd_ctx))
-			hdd_ipa_uc_offload_enable_disable(adapter,
-				SIR_AP_RX_DATA_OFFLOAD, 1);
-
-		qdf_mutex_acquire(&hdd_ipa->event_lock);
 		ret = hdd_ipa_setup_iface(hdd_ipa, adapter, sta_id);
 		if (ret) {
 			HDD_IPA_LOG(QDF_TRACE_LEVEL_INFO,
@@ -3851,6 +3840,13 @@ static int __hdd_ipa_wlan_evt(hdd_adapter_t *adapter, uint8_t sta_id,
 			goto end;
 		}
 
+		if (hdd_ipa_uc_is_enabled(hdd_ipa->hdd_ctx)) {
+			qdf_mutex_release(&hdd_ipa->event_lock);
+			hdd_ipa_uc_offload_enable_disable(adapter,
+				SIR_AP_RX_DATA_OFFLOAD, 1);
+			qdf_mutex_acquire(&hdd_ipa->event_lock);
+		}
+
 		vdev_to_iface[adapter->sessionId] =
 			((struct hdd_ipa_iface_context *)
 			(adapter->ipa_context))->iface_id;
@@ -3860,7 +3856,6 @@ static int __hdd_ipa_wlan_evt(hdd_adapter_t *adapter, uint8_t sta_id,
 
 	case WLAN_STA_DISCONNECT:
 		qdf_mutex_acquire(&hdd_ipa->event_lock);
-		hdd_ipa_cleanup_iface(adapter->ipa_context);
 
 		if (!hdd_ipa->sta_connected) {
 			HDD_IPA_LOG(QDF_TRACE_LEVEL_INFO,
@@ -3886,24 +3881,29 @@ static int __hdd_ipa_wlan_evt(hdd_adapter_t *adapter, uint8_t sta_id,
 
 		if (hdd_ipa_uc_sta_is_enabled(hdd_ipa->hdd_ctx) &&
 		    (hdd_ipa->sap_num_connected_sta > 0)) {
+			qdf_mutex_release(&hdd_ipa->event_lock);
 			hdd_ipa_uc_offload_enable_disable(adapter,
 				SIR_STA_RX_DATA_OFFLOAD, 0);
-			vdev_to_iface[adapter->sessionId] = HDD_IPA_MAX_IFACE;
+			qdf_mutex_acquire(&hdd_ipa->event_lock);
+			vdev_to_iface[adapter->sessionId] = CSR_ROAM_SESSION_MAX;
 		}
 
+		hdd_ipa_cleanup_iface(adapter->ipa_context);
+
 		qdf_mutex_release(&hdd_ipa->event_lock);
 		break;
 
 	case WLAN_AP_DISCONNECT:
+		qdf_mutex_acquire(&hdd_ipa->event_lock);
+
 		if (!adapter->ipa_context) {
 			HDD_IPA_LOG(QDF_TRACE_LEVEL_INFO,
 				"%s: Evt: %d, SAP already disconnected",
 				msg_ex->name, meta.msg_type);
+			qdf_mutex_release(&hdd_ipa->event_lock);
 			return -EINVAL;
 		}
 
-		qdf_mutex_acquire(&hdd_ipa->event_lock);
-		hdd_ipa_cleanup_iface(adapter->ipa_context);
 		if ((!hdd_ipa->num_iface) &&
 			(HDD_IPA_UC_NUM_WDI_PIPE ==
 				hdd_ipa->activated_fw_pipe)) {
@@ -3923,18 +3923,19 @@ static int __hdd_ipa_wlan_evt(hdd_adapter_t *adapter, uint8_t sta_id,
 		}
 
 		if (hdd_ipa_uc_is_enabled(hdd_ipa->hdd_ctx)) {
+			qdf_mutex_release(&hdd_ipa->event_lock);
 			hdd_ipa_uc_offload_enable_disable(adapter,
 				SIR_AP_RX_DATA_OFFLOAD, 0);
-			vdev_to_iface[adapter->sessionId] = HDD_IPA_MAX_IFACE;
+			qdf_mutex_acquire(&hdd_ipa->event_lock);
+			vdev_to_iface[adapter->sessionId] = CSR_ROAM_SESSION_MAX;
 		}
 
+		hdd_ipa_cleanup_iface(adapter->ipa_context);
+
 		qdf_mutex_release(&hdd_ipa->event_lock);
 		break;
 
 	case WLAN_CLIENT_CONNECT_EX:
-		HDD_IPA_LOG(QDF_TRACE_LEVEL_INFO, "%d %d",
-			    adapter->dev->ifindex, sta_id);
-
 		if (!hdd_ipa_uc_is_enabled(hdd_ipa->hdd_ctx)) {
 			HDD_IPA_LOG(QDF_TRACE_LEVEL_INFO,
 				"%s: Evt: %d, IPA UC OFFLOAD NOT ENABLED",
@@ -3945,37 +3946,43 @@ static int __hdd_ipa_wlan_evt(hdd_adapter_t *adapter, uint8_t sta_id,
 		qdf_mutex_acquire(&hdd_ipa->event_lock);
 		if (hdd_ipa_uc_find_add_assoc_sta(hdd_ipa,
 				true, sta_id)) {
+			qdf_mutex_release(&hdd_ipa->event_lock);
 			HDD_IPA_LOG(QDF_TRACE_LEVEL_ERROR,
 				"%s: STA ID %d found, not valid",
 				adapter->dev->name, sta_id);
-			qdf_mutex_release(&hdd_ipa->event_lock);
 			return 0;
 		}
 
 		/* Enable IPA UC Data PIPEs when first STA connected */
 		if (0 == hdd_ipa->sap_num_connected_sta) {
 			if (hdd_ipa_uc_sta_is_enabled(hdd_ipa->hdd_ctx) &&
-			    hdd_ipa->sta_connected)
+			    hdd_ipa->sta_connected) {
+				qdf_mutex_release(&hdd_ipa->event_lock);
 				hdd_ipa_uc_offload_enable_disable(
 					hdd_get_adapter(hdd_ipa->hdd_ctx,
 							QDF_STA_MODE),
 					SIR_STA_RX_DATA_OFFLOAD, 1);
+				qdf_mutex_acquire(&hdd_ipa->event_lock);
+			}
 
 			ret = hdd_ipa_uc_handle_first_con(hdd_ipa);
 			if (ret) {
-				qdf_mutex_release(&hdd_ipa->event_lock);
 				HDD_IPA_LOG(QDF_TRACE_LEVEL_ERROR,
 					    "%s: handle 1st con ret %d",
 					    adapter->dev->name, ret);
 
 				if (hdd_ipa_uc_sta_is_enabled(
 					hdd_ipa->hdd_ctx) &&
-				    hdd_ipa->sta_connected)
+				    hdd_ipa->sta_connected) {
+					qdf_mutex_release(&hdd_ipa->event_lock);
 					hdd_ipa_uc_offload_enable_disable(
 						hdd_get_adapter(
 							hdd_ipa->hdd_ctx,
 							QDF_STA_MODE),
 						SIR_STA_RX_DATA_OFFLOAD, 0);
+				} else {
+					qdf_mutex_release(&hdd_ipa->event_lock);
+				}
 
 				return ret;
 			}
@@ -4045,13 +4052,15 @@ static int __hdd_ipa_wlan_evt(hdd_adapter_t *adapter, uint8_t sta_id,
 			hdd_ipa_uc_handle_last_discon(hdd_ipa);
 
 		if (hdd_ipa_uc_sta_is_enabled(hdd_ipa->hdd_ctx) &&
-		    hdd_ipa->sta_connected)
+		    hdd_ipa->sta_connected) {
+			qdf_mutex_release(&hdd_ipa->event_lock);
 			hdd_ipa_uc_offload_enable_disable(
 				hdd_get_adapter(hdd_ipa->hdd_ctx,
 						QDF_STA_MODE),
 						SIR_STA_RX_DATA_OFFLOAD, 0);
-
-		qdf_mutex_release(&hdd_ipa->event_lock);
+		} else {
+			qdf_mutex_release(&hdd_ipa->event_lock);
+		}
 		break;
 
 	default:
@@ -4222,6 +4231,7 @@ QDF_STATUS hdd_ipa_init(hdd_context_t *hdd_ctx)
 		iface_context->adapter = NULL;
 		iface_context->offload_enabled = 0;
 		qdf_spinlock_create(&iface_context->interface_lock);
+		vdev_to_iface[i] = CSR_ROAM_SESSION_MAX;
 	}
 
 	INIT_WORK(&hdd_ipa->pm_work, hdd_ipa_pm_flush);

core/hdd/src/wlan_hdd_main.c

@@ -998,7 +998,7 @@ static void hdd_update_tgt_vht_cap(hdd_context_t *hdd_ctx,
 	struct hdd_config *pconfig = hdd_ctx->config;
 	struct wiphy *wiphy = hdd_ctx->wiphy;
 	struct ieee80211_supported_band *band_5g =
-		wiphy->bands[IEEE80211_BAND_5GHZ];
+		wiphy->bands[NL80211_BAND_5GHZ];
 	uint32_t temp = 0;
 
 	if (!band_5g) {
@@ -2916,6 +2916,7 @@ static void hdd_ap_adapter_deinit(hdd_context_t *hdd_ctx,
 		hdd_wmm_adapter_close(adapter);
 		clear_bit(WMM_INIT_DONE, &adapter->event_flags);
 	}
+	wlan_hdd_undo_acs(adapter);
 
 	hdd_cleanup_actionframe(hdd_ctx, adapter);
 
@@ -3991,10 +3992,10 @@ void hdd_connect_result(struct net_device *dev, const u8 *bssid,
 
 		if (chan_no <= 14)
 			freq = ieee80211_channel_to_frequency(chan_no,
-			IEEE80211_BAND_2GHZ);
+			NL80211_BAND_2GHZ);
 		else
 			freq = ieee80211_channel_to_frequency(chan_no,
-			IEEE80211_BAND_5GHZ);
+			NL80211_BAND_5GHZ);
 
 		chan = ieee80211_get_channel(padapter->wdev.wiphy, freq);
 		bss = hdd_cfg80211_get_bss(padapter->wdev.wiphy, chan, bssid,
@@ -4873,7 +4874,6 @@ static void hdd_wlan_exit(hdd_context_t *hdd_ctx)
 		hdd_stop_all_adapters(hdd_ctx);
 	}
 
-	hdd_wlan_stop_modules(hdd_ctx);
 	/*
 	 * Close the scheduler before calling cds_close to make sure no thread
 	 * is scheduled after the each module close is called i.e after all the
@@ -4885,6 +4885,8 @@ static void hdd_wlan_exit(hdd_context_t *hdd_ctx)
 		QDF_ASSERT(QDF_IS_STATUS_SUCCESS(qdf_status));
 	}
 
+	hdd_wlan_stop_modules(hdd_ctx);
+
 	qdf_spinlock_destroy(&hdd_ctx->hdd_adapter_lock);
 	qdf_spinlock_destroy(&hdd_ctx->sta_update_info_lock);
 	qdf_spinlock_destroy(&hdd_ctx->connection_status_lock);
@@ -6023,6 +6025,14 @@ void hdd_unsafe_channel_restart_sap(hdd_context_t *hdd_ctxt)
 		if (!restart_chan) {
 			hdd_alert("fail to restart SAP");
 		} else {
+			/* SAP restart due to unsafe channel. While restarting
+			 * the SAP, make sure to clear acs_channel, channel to
+			 * reset to 0. Otherwise these settings will override
+			 * the ACS while restart.
+			*/
+			hdd_ctxt->acs_policy.acs_channel = AUTO_CHANNEL_SELECT;
+			adapter_temp->sessionCtx.ap.sapConfig.channel =
+							AUTO_CHANNEL_SELECT;
 			hdd_info("sending coex indication");
 			wlan_hdd_send_svc_nlink_msg(hdd_ctxt->radio_index,
 					WLAN_SVC_LTE_COEX_IND, NULL, 0);
@@ -6894,8 +6904,6 @@ static int hdd_update_cds_config(hdd_context_t *hdd_ctx)
 		return -ENOMEM;
 	}
 
-	qdf_mem_zero(cds_cfg, sizeof(*cds_cfg));
-
 	/* UMA is supported in hardware for performing the
 	 * frame translation 802.11 <-> 802.3
 	 */
@@ -7062,14 +7070,53 @@ static inline void hdd_release_rtnl_lock(void) { }
 
 #if !defined(REMOVE_PKT_LOG)
 
+/* MAX iwpriv command support */
+#define PKTLOG_SET_BUFF_SIZE	3
+#define MAX_PKTLOG_SIZE		16
+
+/**
+ * hdd_pktlog_set_buff_size() - set pktlog buffer size
+ * @hdd_ctx: hdd context
+ * @set_value2: pktlog buffer size value
+ *
+ *
+ * Return: 0 for success or error.
+ */
+static int hdd_pktlog_set_buff_size(hdd_context_t *hdd_ctx, int set_value2)
+{
+	struct sir_wifi_start_log start_log = { 0 };
+	QDF_STATUS status;
+
+	start_log.ring_id = RING_ID_PER_PACKET_STATS;
+	start_log.verbose_level = WLAN_LOG_LEVEL_OFF;
+	start_log.ini_triggered = cds_is_packet_log_enabled();
+	start_log.user_triggered = 1;
+	start_log.size = set_value2;
+
+	status = sme_wifi_start_logger(hdd_ctx->hHal, start_log);
+	if (!QDF_IS_STATUS_SUCCESS(status)) {
+		hdd_err("sme_wifi_start_logger failed(err=%d)", status);
+		EXIT();
+		return -EINVAL;
+	}
+
+	return 0;
+}
+
 /**
  * hdd_process_pktlog_command() - process pktlog command
  * @hdd_ctx: hdd context
  * @set_value: value set by user
+ * @set_value2: pktlog buffer size value
+ *
+ * This function process pktlog command.
+ * set_value2 only matters when set_value is 3 (set buff size)
+ * otherwise we ignore it.
  *
  * Return: 0 for success or error.
  */
-int hdd_process_pktlog_command(hdd_context_t *hdd_ctx, uint32_t set_value)
+int hdd_process_pktlog_command(hdd_context_t *hdd_ctx, uint32_t set_value,
+			       int set_value2)
 {
 	int ret;
 	bool enable;
@@ -7079,13 +7126,24 @@ int hdd_process_pktlog_command(hdd_context_t *hdd_ctx, uint32_t set_value)
 	if (0 != ret)
 		return ret;
 
-	hdd_info("set pktlog %d", set_value);
+	hdd_info("set pktlog %d, set size %d", set_value, set_value2);
 
-	if (set_value > 2) {
+	if (set_value > PKTLOG_SET_BUFF_SIZE) {
 		hdd_err("invalid pktlog value %d", set_value);
 		return -EINVAL;
 	}
 
+	if (set_value == PKTLOG_SET_BUFF_SIZE) {
+		if (set_value2 <= 0) {
+			hdd_err("invalid pktlog size %d", set_value2);
+			return -EINVAL;
+		} else if (set_value2 > MAX_PKTLOG_SIZE) {
+			hdd_err("Pktlog buff size is too large. max value is 16MB.\n");
+			return -EINVAL;
+		}
+		return hdd_pktlog_set_buff_size(hdd_ctx, set_value2);
+	}
+
 	/*
 	 * set_value = 0 then disable packetlog
 	 * set_value = 1 enable packetlog forcefully
@@ -7100,17 +7158,19 @@ int hdd_process_pktlog_command(hdd_context_t *hdd_ctx, uint32_t set_value)
 		user_triggered = 1;
 	}
 
-	return hdd_pktlog_enable_disable(hdd_ctx, enable, user_triggered);
+	return hdd_pktlog_enable_disable(hdd_ctx, enable, user_triggered, 0);
 }
 /**
  * hdd_pktlog_enable_disable() - Enable/Disable packet logging
  * @hdd_ctx: HDD context
  * @enable: Flag to enable/disable
+ * @user_triggered: triggered through iwpriv
+ * @size: buffer size to be used for packetlog
  *
  * Return: 0 on success; error number otherwise
  */
 int hdd_pktlog_enable_disable(hdd_context_t *hdd_ctx, bool enable,
-				uint8_t user_triggered)
+				uint8_t user_triggered, int size)
 {
 	struct sir_wifi_start_log start_log;
 	QDF_STATUS status;
@@ -7120,6 +7180,7 @@ int hdd_pktlog_enable_disable(hdd_context_t *hdd_ctx, bool enable,
 			enable ? WLAN_LOG_LEVEL_ACTIVE : WLAN_LOG_LEVEL_OFF;
 	start_log.ini_triggered = cds_is_packet_log_enabled();
 	start_log.user_triggered = user_triggered;
+	start_log.size = size;
 	/*
 	 * Use "is_iwpriv_command" flag to distinguish iwpriv command from other
 	 * commands. Host uses this flag to decide whether to send pktlog
@@ -8048,7 +8109,7 @@ int hdd_wlan_startup(struct device *dev)
 
 
 	if (cds_is_packet_log_enabled())
-		hdd_pktlog_enable_disable(hdd_ctx, true, 0);
+		hdd_pktlog_enable_disable(hdd_ctx, true, 0, 0);
 
 	ret = hdd_register_notifiers(hdd_ctx);
 	if (ret)

core/hdd/src/wlan_hdd_ocb.c

@@ -145,7 +145,7 @@ static int dot11p_validate_channel(struct wiphy *wiphy,
 	struct ieee80211_supported_band *current_band;
 	struct ieee80211_channel *current_channel;
 
-	for (band_idx = 0; band_idx < IEEE80211_NUM_BANDS; band_idx++) {
+	for (band_idx = 0; band_idx < NUM_NL80211_BANDS; band_idx++) {
 		current_band = wiphy->bands[band_idx];
 		if (!current_band)
 			continue;
@@ -302,10 +302,11 @@ static int hdd_ocb_register_sta(hdd_adapter_t *adapter)
  *
  * Return: A pointer to the OCB configuration struct, NULL on failure.
  */
-static struct sir_ocb_config *hdd_ocb_config_new(int num_channels,
-						 int num_schedule,
-						 int ndl_chan_list_len,
-						 int ndl_active_state_list_len)
+static
+struct sir_ocb_config *hdd_ocb_config_new(uint32_t num_channels,
+					  uint32_t num_schedule,
+					  uint32_t ndl_chan_list_len,
+					  uint32_t ndl_active_state_list_len)
 {
 	struct sir_ocb_config *ret = 0;
 	uint32_t len;
@@ -325,7 +326,6 @@ static struct sir_ocb_config *hdd_ocb_config_new(int num_channels,
 	if (!cursor)
 		goto fail;
 
-	qdf_mem_zero(cursor, len);
 	ret = cursor;
 	cursor += sizeof(*ret);
 
@@ -792,7 +792,7 @@ static int __wlan_hdd_cfg80211_ocb_set_config(struct wiphy *wiphy,
 	uint32_t ndl_active_state_list_len;
 	uint32_t flags = 0;
 	int i;
-	int channel_count, schedule_size;
+	uint32_t channel_count, schedule_size;
 	struct sir_ocb_config *config;
 	int rc = -EINVAL;
 	uint8_t *mac_addr;
@@ -1121,7 +1121,6 @@ __wlan_hdd_cfg80211_ocb_start_timing_advert(struct wiphy *wiphy,
 		hdd_err("qdf_mem_malloc failed");
 		return -ENOMEM;
 	}
-	qdf_mem_zero(timing_advert, sizeof(*timing_advert));
 	timing_advert->vdev_id = adapter->sessionId;
 
 	/* Parse the netlink message */
@@ -1239,7 +1238,6 @@ __wlan_hdd_cfg80211_ocb_stop_timing_advert(struct wiphy *wiphy,
 		hdd_err("qdf_mem_malloc failed");
 		return -ENOMEM;
 	}
-	qdf_mem_zero(timing_advert, sizeof(sizeof(*timing_advert)));
 	timing_advert->vdev_id = adapter->sessionId;
 
 	/* Parse the netlink message */

core/hdd/src/wlan_hdd_p2p.c

@@ -822,7 +822,6 @@ static int wlan_hdd_request_remain_on_channel(struct wiphy *wiphy,
 		return -ENOMEM;
 	}
 
-	qdf_mem_zero(pRemainChanCtx, sizeof(*pRemainChanCtx));
 	qdf_mem_copy(&pRemainChanCtx->chan, chan,
 		     sizeof(struct ieee80211_channel));
 	pRemainChanCtx->duration = duration;
@@ -2308,10 +2307,10 @@ void __hdd_indicate_mgmt_frame(hdd_adapter_t *pAdapter,
 	/* Indicate an action frame. */
 	if (rxChan <= MAX_NO_OF_2_4_CHANNELS)
 		freq = ieee80211_channel_to_frequency(rxChan,
-						      IEEE80211_BAND_2GHZ);
+						      NL80211_BAND_2GHZ);
 	else
 		freq = ieee80211_channel_to_frequency(rxChan,
-						      IEEE80211_BAND_5GHZ);
+						      NL80211_BAND_5GHZ);
 
 	cfgState = WLAN_HDD_GET_CFG_STATE_PTR(pAdapter);
 

core/hdd/src/wlan_hdd_power.c

@@ -76,6 +76,7 @@
 #include "cdp_txrx_flow_ctrl_v2.h"
 #include "pld_common.h"
 #include "wlan_hdd_driver_ops.h"
+#include <wlan_logging_sock_svc.h>
 
 /* Preprocessor definitions and constants */
 #define HDD_SSR_BRING_UP_TIME 30000
@@ -1057,7 +1058,6 @@ void wlan_hdd_set_mc_addr_list(hdd_adapter_t *pAdapter, uint8_t set)
 		hdd_err("Could not allocate Memory");
 		return;
 	}
-	qdf_mem_zero(pMulticastAddrs, sizeof(tSirRcvFltMcAddrList));
 	pMulticastAddrs->action = set;
 
 	if (set) {
@@ -1456,6 +1456,10 @@ QDF_STATUS hdd_wlan_shutdown(void)
 	}
 
 	cds_clear_concurrent_session_count();
+
+	hdd_info("Invoking packetdump deregistration API");
+	wlan_deregister_txrx_packetdump();
+
 	hdd_cleanup_scan_queue(pHddCtx);
 	hdd_reset_all_adapters(pHddCtx);
 
@@ -1586,7 +1590,7 @@ QDF_STATUS hdd_wlan_re_init(void)
 		goto err_cds_disable;
 
 	if (cds_is_packet_log_enabled())
-		hdd_pktlog_enable_disable(pHddCtx, true, 0);
+		hdd_pktlog_enable_disable(pHddCtx, true, 0, 0);
 
 	hdd_err("WLAN host driver reinitiation completed!");
 	goto success;
@@ -1725,6 +1729,9 @@ static int __wlan_hdd_cfg80211_resume_wlan(struct wiphy *wiphy)
 
 	ENTER();
 
+	if (cds_is_driver_recovering())
+		return 0;
+
 	if (QDF_GLOBAL_FTM_MODE == hdd_get_conparam()) {
 		hdd_err("Command not allowed in FTM mode");
 		return -EINVAL;
@@ -2423,6 +2430,7 @@ int hdd_set_qpower_config(hdd_context_t *hddctx, hdd_adapter_t *adapter,
  */
 #define CE_IRQ_COUNT 12
 #define CE_WAKE_IRQ 2
+static struct net_device *g_dev;
 static struct wiphy *g_wiphy;
 
 #define HDD_FA_SUSPENDED_BIT (0)
@@ -2432,11 +2440,13 @@ static unsigned long fake_apps_state;
  * __hdd_wlan_fake_apps_resume() - The core logic for
  *	hdd_wlan_fake_apps_resume() skipping the call to hif_fake_apps_resume(),
  *	which is only need for non-irq resume
- * @wiphy: wiphy struct from a validated hdd context
+ * @wiphy: the kernel wiphy struct for the device being resumed
+ * @dev: the kernel net_device struct for the device being resumed
  *
- * Return: Zero on success, calls QDF_BUG() on failure
+ * Return: none, calls QDF_BUG() on failure
  */
-static void __hdd_wlan_fake_apps_resume(struct wiphy *wiphy)
+static void __hdd_wlan_fake_apps_resume(struct wiphy *wiphy,
+					struct net_device *dev)
 {
 	qdf_device_t qdf_dev = cds_get_context(QDF_MODULE_ID_QDF_DEVICE);
 	int i, resume_err;
@@ -2462,6 +2472,8 @@ static void __hdd_wlan_fake_apps_resume(struct wiphy *wiphy)
 
 	resume_err = wlan_hdd_cfg80211_resume_wlan(wiphy);
 	QDF_BUG(resume_err == 0);
+
+	dev->watchdog_timeo = HDD_TX_TIMEOUT;
 }
 
 /**
@@ -2478,11 +2490,13 @@ static void hdd_wlan_fake_apps_resume_irq_callback(uint32_t val)
 	hdd_info("Trigger unit-test resume WLAN; val: 0x%x", val);
 
 	QDF_BUG(g_wiphy);
-	__hdd_wlan_fake_apps_resume(g_wiphy);
+	QDF_BUG(g_dev);
+	__hdd_wlan_fake_apps_resume(g_wiphy, g_dev);
 	g_wiphy = NULL;
+	g_dev = NULL;
 }
 
-int hdd_wlan_fake_apps_suspend(struct wiphy *wiphy)
+int hdd_wlan_fake_apps_suspend(struct wiphy *wiphy, struct net_device *dev)
 {
 	qdf_device_t qdf_dev = cds_get_context(QDF_MODULE_ID_QDF_DEVICE);
 	struct hif_opaque_softc *hif_ctx = cds_get_context(QDF_MODULE_ID_HIF);
@@ -2515,10 +2529,17 @@ int hdd_wlan_fake_apps_suspend(struct wiphy *wiphy)
 	/* re-enable wake irq */
 	pld_enable_irq(qdf_dev->dev, CE_WAKE_IRQ);
 
-	/* pass wiphy to callback via global variable */
+	/* pass wiphy/dev to callback via global variables */
 	g_wiphy = wiphy;
+	g_dev = dev;
 	hif_fake_apps_suspend(hif_ctx, hdd_wlan_fake_apps_resume_irq_callback);
 
+	/*
+	 * Tell the kernel not to worry if TX queues aren't moving. This is
+	 * expected since we are suspending the wifi hardware, but not APPS
+	 */
+	dev->watchdog_timeo = INT_MAX;
+
 	return 0;
 
 enable_irqs_and_bus_resume:
@@ -2539,12 +2560,12 @@ resume_done:
 	return suspend_err;
 }
 
-int hdd_wlan_fake_apps_resume(struct wiphy *wiphy)
+int hdd_wlan_fake_apps_resume(struct wiphy *wiphy, struct net_device *dev)
 {
 	struct hif_opaque_softc *hif_ctx = cds_get_context(QDF_MODULE_ID_HIF);
 
 	hif_fake_apps_resume(hif_ctx);
-	__hdd_wlan_fake_apps_resume(wiphy);
+	__hdd_wlan_fake_apps_resume(wiphy, dev);
 
 	return 0;
 }

core/hdd/src/wlan_hdd_regulatory.c

@@ -230,6 +230,8 @@ static void hdd_regulatory_wiphy_init(hdd_context_t *hdd_ctx,
 				     struct wiphy *wiphy)
 {
 	const struct ieee80211_regdomain *reg_rules;
+	int chan_num;
+	struct ieee80211_channel chan;
 
 	if (hdd_is_world_regdomain(reg->reg_domain)) {
 		reg_rules = hdd_get_world_regrules(reg);
@@ -248,6 +250,17 @@ static void hdd_regulatory_wiphy_init(hdd_context_t *hdd_ctx,
 	hdd_ctx->reg.reg_flags = wiphy->regulatory_flags;
 	wiphy_apply_custom_regulatory(wiphy, reg_rules);
 
+	/*
+	 * disable 2.4 Ghz channels that dont have 20 mhz bw
+	 */
+	for (chan_num = 0;
+	     chan_num < wiphy->bands[IEEE80211_BAND_2GHZ]->n_channels;
+	     chan_num++) {
+		chan = wiphy->bands[IEEE80211_BAND_2GHZ]->channels[chan_num];
+		if (chan.flags & IEEE80211_CHAN_NO_20MHZ)
+			chan.flags |= IEEE80211_CHAN_DISABLED;
+	}
+
 	/*
 	 * restore the driver regulatory flags since
 	 * wiphy_apply_custom_regulatory may have
@@ -373,7 +386,7 @@ static void hdd_process_regulatory_data(hdd_context_t *hdd_ctx,
 	band_capability = hdd_ctx->config->nBandCapability;
 	hdd_ctx->isVHT80Allowed = 0;
 
-	for (band_num = 0; band_num < IEEE80211_NUM_BANDS; band_num++) {
+	for (band_num = 0; band_num < NUM_NL80211_BANDS; band_num++) {
 
 		if (wiphy->bands[band_num] == NULL)
 			continue;
@@ -557,7 +570,7 @@ static void hdd_restore_custom_reg_settings(struct wiphy *wiphy,
 					    bool *reset)
 {
 	struct ieee80211_supported_band *sband;
-	enum ieee80211_band band;
+	enum nl80211_band band;
 	struct ieee80211_channel *chan;
 	int i;
 
@@ -565,7 +578,7 @@ static void hdd_restore_custom_reg_settings(struct wiphy *wiphy,
 	    (country_alpha2[1] == '0') &&
 	    (wiphy->flags & WIPHY_FLAG_CUSTOM_REGULATORY)) {
 
-		for (band = 0; band < IEEE80211_NUM_BANDS; band++) {
+		for (band = 0; band < NUM_NL80211_BANDS; band++) {
 			sband = wiphy->bands[band];
 			if (!sband)
 				continue;

core/hdd/src/wlan_hdd_scan.c

@@ -1085,7 +1085,7 @@ static void hdd_vendor_scan_callback(hdd_adapter_t *adapter,
 		nla_put_u32(skb, QCA_WLAN_VENDOR_ATTR_SCAN_FLAGS, req->flags))
 		goto nla_put_failure;
 
-	if (nla_put_u64(skb, QCA_WLAN_VENDOR_ATTR_SCAN_COOKIE, cookie))
+	if (hdd_wlan_nla_put_u64(skb, QCA_WLAN_VENDOR_ATTR_SCAN_COOKIE, cookie))
 		goto nla_put_failure;
 
 	scan_status = (aborted == true) ? VENDOR_SCAN_STATUS_ABORTED :
@@ -1103,7 +1103,29 @@ nla_put_failure:
 	return;
 }
 
-#if (LINUX_VERSION_CODE >= KERNEL_VERSION(3, 14, 0))
+#if (LINUX_VERSION_CODE >= KERNEL_VERSION(4, 7, 0))
+/**
+ * hdd_cfg80211_scan_done() - Scan completed callback to cfg80211
+ * @adapter: Pointer to the adapter
+ * @req : Scan request
+ * @aborted : true scan aborted false scan success
+ *
+ * This function notifies scan done to cfg80211
+ *
+ * Return: none
+ */
+static void hdd_cfg80211_scan_done(hdd_adapter_t *adapter,
+				   struct cfg80211_scan_request *req,
+				   bool aborted)
+{
+	struct cfg80211_scan_info info = {
+		.aborted = aborted
+	};
+
+	if (adapter->dev->flags & IFF_UP)
+		cfg80211_scan_done(req, &info);
+}
+#elif (LINUX_VERSION_CODE >= KERNEL_VERSION(3, 14, 0))
 /**
  * hdd_cfg80211_scan_done() - Scan completed callback to cfg80211
  * @adapter: Pointer to the adapter
@@ -1294,7 +1316,7 @@ static void wlan_hdd_cfg80211_scan_block_cb(struct work_struct *work)
 		request->n_channels = 0;
 
 		hdd_err("##In DFS Master mode. Scan aborted. Null result sent");
-		cfg80211_scan_done(request, true);
+		hdd_cfg80211_scan_done(adapter, request, true);
 		adapter->request = NULL;
 	}
 }
@@ -1798,7 +1820,7 @@ int wlan_hdd_cfg80211_scan(struct wiphy *wiphy,
  * Return: o for failure, rate bitmap for success
  */
 static uint32_t wlan_hdd_get_rates(struct wiphy *wiphy,
-	enum ieee80211_band band,
+	enum nl80211_band band,
 	const u8 *rates, unsigned int rate_count)
 {
 	uint32_t j, count, rate_bitmap = 0;
@@ -1842,7 +1864,8 @@ static int wlan_hdd_send_scan_start_event(struct wiphy *wiphy,
 		return -ENOMEM;
 	}
 
-	if (nla_put_u64(skb, QCA_WLAN_VENDOR_ATTR_SCAN_COOKIE, cookie)) {
+	if (hdd_wlan_nla_put_u64(skb, QCA_WLAN_VENDOR_ATTR_SCAN_COOKIE,
+				 cookie)) {
 		hdd_err("nla put fail");
 		kfree_skb(skb);
 		return -EINVAL;
@@ -1859,7 +1882,8 @@ static int wlan_hdd_send_scan_start_event(struct wiphy *wiphy,
 		return -ENOMEM;
 	}
 
-	if (nla_put_u64(skb, QCA_WLAN_VENDOR_ATTR_SCAN_COOKIE, cookie)) {
+	if (hdd_wlan_nla_put_u64(skb, QCA_WLAN_VENDOR_ATTR_SCAN_COOKIE,
+				 cookie)) {
 		kfree_skb(skb);
 		return -EINVAL;
 	}
@@ -1885,7 +1909,7 @@ static int __wlan_hdd_cfg80211_vendor_scan(struct wiphy *wiphy,
 	struct nlattr *tb[QCA_WLAN_VENDOR_ATTR_SCAN_MAX + 1];
 	struct cfg80211_scan_request *request = NULL;
 	struct nlattr *attr;
-	enum ieee80211_band band;
+	enum nl80211_band band;
 	uint8_t n_channels = 0, n_ssid = 0, ie_len = 0;
 	uint32_t tmp, count, j;
 	unsigned int len;
@@ -1910,7 +1934,7 @@ static int __wlan_hdd_cfg80211_vendor_scan(struct wiphy *wiphy,
 			tb[QCA_WLAN_VENDOR_ATTR_SCAN_FREQUENCIES], tmp)
 			n_channels++;
 	} else {
-		for (band = 0; band < IEEE80211_NUM_BANDS; band++)
+		for (band = 0; band < NUM_NL80211_BANDS; band++)
 			if (wiphy->bands[band])
 				n_channels += wiphy->bands[band]->n_channels;
 	}
@@ -1965,7 +1989,7 @@ static int __wlan_hdd_cfg80211_vendor_scan(struct wiphy *wiphy,
 			count++;
 		}
 	} else {
-		for (band = 0; band < IEEE80211_NUM_BANDS; band++) {
+		for (band = 0; band < NUM_NL80211_BANDS; band++) {
 			if (!wiphy->bands[band])
 				continue;
 			for (j = 0; j < wiphy->bands[band]->n_channels;
@@ -2001,7 +2025,7 @@ static int __wlan_hdd_cfg80211_vendor_scan(struct wiphy *wiphy,
 				request->ie_len);
 	}
 
-	for (count = 0; count < IEEE80211_NUM_BANDS; count++)
+	for (count = 0; count < NUM_NL80211_BANDS; count++)
 		if (wiphy->bands[count])
 			request->rates[count] =
 				(1 << wiphy->bands[count]->n_bitrates) - 1;
@@ -2263,7 +2287,6 @@ static int __wlan_hdd_cfg80211_sched_scan_start(struct wiphy *wiphy,
 		return -ENOMEM;
 	}
 
-	memset(pPnoRequest, 0, sizeof(tSirPNOScanReq));
 	pPnoRequest->enable = 1;        /*Enable PNO */
 	pPnoRequest->ucNetworksCount = request->n_match_sets;
 
@@ -2534,7 +2557,6 @@ static int __wlan_hdd_cfg80211_sched_scan_stop(struct wiphy *wiphy,
 		return -ENOMEM;
 	}
 
-	memset(pPnoRequest, 0, sizeof(tSirPNOScanReq));
 	pPnoRequest->enable = 0;        /* Disable PNO */
 	pPnoRequest->ucNetworksCount = 0;
 
@@ -2669,7 +2691,7 @@ void hdd_cleanup_scan_queue(hdd_context_t *hdd_ctx)
 			hdd_err("HDD adapter magic is invalid");
 		} else {
 			if (NL_SCAN == source)
-				cfg80211_scan_done(req, aborted);
+				hdd_cfg80211_scan_done(adapter, req, aborted);
 			else
 				hdd_vendor_scan_callback(adapter, req, aborted);
 			hdd_info("removed Scan id: %d, req = %p",

core/hdd/src/wlan_hdd_softap_tx_rx.c

@@ -351,7 +351,7 @@ static int __hdd_softap_hard_start_xmit(struct sk_buff *skb,
 		++pAdapter->hdd_stats.hddTxRxStats.txXmitDroppedAC[ac];
 		goto drop_pkt;
 	}
-	dev->trans_start = jiffies;
+	netif_trans_update(dev);
 
 	return NETDEV_TX_OK;
 
@@ -425,9 +425,7 @@ static void __hdd_softap_tx_timeout(struct net_device *dev)
 		return;
 	}
 
-	QDF_TRACE(QDF_MODULE_ID_HDD_SAP_DATA, QDF_TRACE_LEVEL_ERROR,
-		  "%s: Transmission timeout occurred jiffies %lu trans_start %lu"
-			, __func__, jiffies, dev->trans_start);
+	TX_TIMEOUT_TRACE(dev, QDF_MODULE_ID_HDD_SAP_DATA);
 
 	for (i = 0; i < NUM_TX_QUEUES; i++) {
 		txq = netdev_get_tx_queue(dev, i);
@@ -441,7 +439,6 @@ static void __hdd_softap_tx_timeout(struct net_device *dev)
 	ol_tx_dump_flow_pool_info();
 	QDF_TRACE(QDF_MODULE_ID_HDD_DATA, QDF_TRACE_LEVEL_ERROR,
 			"carrier state: %d", netif_carrier_ok(dev));
-
 }
 
 /**

core/hdd/src/wlan_hdd_stats.c

@@ -473,7 +473,7 @@ static bool put_wifi_iface_stats(tpSirWifiIfaceStat pWifiIfaceStat,
 	    nla_put_u32(vendor_event,
 			QCA_WLAN_VENDOR_ATTR_LL_STATS_IFACE_LEAKY_AP_GUARD_TIME,
 			pWifiIfaceStat->rx_leak_window) ||
-	    nla_put_u64(vendor_event,
+	    hdd_wlan_nla_put_u64(vendor_event,
 			QCA_WLAN_VENDOR_ATTR_LL_STATS_IFACE_AVERAGE_TSF_OFFSET,
 			average_tsf_offset)) {
 		hdd_err("QCA_WLAN_VENDOR_ATTR put fail");
@@ -2355,7 +2355,7 @@ static int __wlan_hdd_cfg80211_dump_survey(struct wiphy *wiphy,
 	sme_get_operation_channel(halHandle, &channel, pAdapter->sessionId);
 	hdd_wlan_get_freq(channel, &freq);
 
-	for (i = 0; i < IEEE80211_NUM_BANDS; i++) {
+	for (i = 0; i < NUM_NL80211_BANDS; i++) {
 		if (NULL == wiphy->bands[i])
 			continue;
 

core/hdd/src/wlan_hdd_tdls.c

@@ -741,8 +741,6 @@ int wlan_hdd_tdls_init(hdd_adapter_t *pAdapter)
 			hdd_err("malloc failed!");
 			return -ENOMEM;
 		}
-		/* initialize TDLS pAdater context */
-		qdf_mem_zero(pHddTdlsCtx, sizeof(tdlsCtx_t));
 
 		/* Initialize connection tracker timer */
 		qdf_mc_timer_init(&pHddTdlsCtx->peer_update_timer,
@@ -1023,7 +1021,6 @@ hddTdlsPeer_t *wlan_hdd_tdls_get_peer(hdd_adapter_t *pAdapter, const u8 *mac,
 	key = wlan_hdd_tdls_hash_key(mac);
 	head = &pHddTdlsCtx->peer_list[key];
 
-	qdf_mem_zero(peer, sizeof(hddTdlsPeer_t));
 	qdf_mem_copy(peer->peerMac, mac, sizeof(peer->peerMac));
 	peer->pHddTdlsCtx = pHddTdlsCtx;
 	peer->pref_off_chan_num = pHddCtx->config->fTDLSPrefOffChanNum;

core/hdd/src/wlan_hdd_tsf.c

@@ -342,12 +342,13 @@ static int __wlan_hdd_cfg80211_handle_tsf_cmd(struct wiphy *wiphy,
 			status = -ENOMEM;
 			goto end;
 		}
-		if (nla_put_u64(reply_skb, QCA_WLAN_VENDOR_ATTR_TSF_TIMER_VALUE,
+		if (hdd_wlan_nla_put_u64(reply_skb,
+				QCA_WLAN_VENDOR_ATTR_TSF_TIMER_VALUE,
 				((uint64_t) adapter->tsf_high << 32 |
 				adapter->tsf_low)) ||
-				nla_put_u64(reply_skb,
+		    hdd_wlan_nla_put_u64(reply_skb,
 				QCA_WLAN_VENDOR_ATTR_TSF_SOC_TIMER_VALUE,
-				adapter->tsf_sync_soc_timer)){
+				adapter->tsf_sync_soc_timer)) {
 			hdd_err("nla put fail");
 			kfree_skb(reply_skb);
 			status = -EINVAL;

core/hdd/src/wlan_hdd_tx_rx.c

@@ -595,7 +595,7 @@ static int __hdd_hard_start_xmit(struct sk_buff *skb, struct net_device *dev)
 		++pAdapter->hdd_stats.hddTxRxStats.txXmitDroppedAC[ac];
 		goto drop_pkt;
 	}
-	dev->trans_start = jiffies;
+	netif_trans_update(dev);
 
 	return NETDEV_TX_OK;
 
@@ -685,9 +685,7 @@ static void __hdd_tx_timeout(struct net_device *dev)
 	struct netdev_queue *txq;
 	int i = 0;
 
-	QDF_TRACE(QDF_MODULE_ID_HDD_DATA, QDF_TRACE_LEVEL_ERROR,
-		  "%s: Transmission timeout occurred jiffies %lu trans_start %lu",
-		  __func__, jiffies, dev->trans_start);
+	TX_TIMEOUT_TRACE(dev, QDF_MODULE_ID_HDD_DATA);
 	DPTRACE(qdf_dp_trace(NULL, QDF_DP_TRACE_HDD_TX_TIMEOUT,
 				NULL, 0, QDF_TX));
 

core/hdd/src/wlan_hdd_wext.c

@@ -5086,10 +5086,10 @@ int wlan_hdd_update_phymode(struct net_device *net, tHalHandle hal,
 			return -EIO;
 		}
 		if (phddctx->config->nChannelBondingMode5GHz)
-			phddctx->wiphy->bands[IEEE80211_BAND_5GHZ]->ht_cap.cap
+			phddctx->wiphy->bands[NL80211_BAND_5GHZ]->ht_cap.cap
 				|= IEEE80211_HT_CAP_SUP_WIDTH_20_40;
 		else
-			phddctx->wiphy->bands[IEEE80211_BAND_5GHZ]->ht_cap.cap
+			phddctx->wiphy->bands[NL80211_BAND_5GHZ]->ht_cap.cap
 				&= ~IEEE80211_HT_CAP_SUP_WIDTH_20_40;
 
 		hdd_warn("New_Phymode= %d ch_bonding=%d band=%d VHT_ch_width=%u",
@@ -5382,11 +5382,6 @@ static int __iw_setint_getnone(struct net_device *dev,
 
 		break;
 	}
-	case WE_SET_PKTLOG:
-	{
-		hdd_process_pktlog_command(hdd_ctx, set_value);
-		break;
-	}
 	case WE_SET_HIGHER_DTIM_TRANSITION:
 	{
 		if (!((set_value == false) || (set_value == true))) {
@@ -8236,6 +8231,22 @@ static int __iw_set_var_ints_getnone(struct net_device *dev,
 	}
 	break;
 #endif
+	case WE_SET_PKTLOG:
+	{
+		int ret;
+
+		if (num_args < 1 || num_args > 2) {
+			hdd_err("pktlog: either 1 or 2 parameters are required");
+			return -EINVAL;
+		}
+
+		ret = hdd_process_pktlog_command(hdd_ctx, apps_args[0],
+						   apps_args[1]);
+		if (ret)
+			return ret;
+		break;
+	}
+
 	case WE_MAC_PWR_DEBUG_CMD:
 	{
 		struct sir_mac_pwr_dbg_cmd mac_pwr_dbg_args;
@@ -9872,10 +9883,10 @@ static int __iw_set_two_ints_getnone(struct net_device *dev,
 		ret = wlan_hdd_set_mon_chan(pAdapter, value[1], value[2]);
 		break;
 	case WE_SET_WLAN_SUSPEND:
-		ret = hdd_wlan_fake_apps_suspend(hdd_ctx->wiphy);
+		ret = hdd_wlan_fake_apps_suspend(hdd_ctx->wiphy, dev);
 		break;
 	case WE_SET_WLAN_RESUME:
-		ret = hdd_wlan_fake_apps_resume(hdd_ctx->wiphy);
+		ret = hdd_wlan_fake_apps_resume(hdd_ctx->wiphy, dev);
 		break;
 	default:
 		hdd_err("Invalid IOCTL command %d", sub_cmd);
@@ -10065,7 +10076,7 @@ static const struct iw_priv_args we_private_args[] = {
 	 "setTxMaxPower5G"},
 
 	{WE_SET_PKTLOG,
-	 IW_PRIV_TYPE_INT | IW_PRIV_SIZE_FIXED | 1,
+	 IW_PRIV_TYPE_INT | MAX_VAR_ARGS,
 	 0,
 	 "pktlog"},
 
@@ -11049,8 +11060,8 @@ static const struct iw_priv_args we_private_args[] = {
 #ifdef WLAN_FEATURE_PACKET_FILTERING
 	{
 		WLAN_SET_PACKET_FILTER_PARAMS,
-		IW_PRIV_TYPE_BYTE | IW_PRIV_SIZE_FIXED |
-					sizeof(struct pkt_filter_cfg),
+		IW_PRIV_TYPE_BYTE |
+		sizeof(struct pkt_filter_cfg),
 		0,
 		"setPktFilter"
 	}

core/hdd/src/wlan_hdd_wmm.c

@@ -2157,6 +2157,7 @@ hdd_wlan_wmm_status_e hdd_wmm_addts(hdd_adapter_t *pAdapter,
 	pQosContext->pAdapter = pAdapter;
 	pQosContext->qosFlowId = 0;
 	pQosContext->magic = HDD_WMM_CTX_MAGIC;
+	pQosContext->is_inactivity_timer_running = false;
 
 	hdd_notice("Setting up QoS, context %p", pQosContext);
 

core/mac/inc/qwlan_version.h

@@ -41,9 +41,9 @@
 #define QWLAN_VERSION_MAJOR            5
 #define QWLAN_VERSION_MINOR            1
 #define QWLAN_VERSION_PATCH            0
-#define QWLAN_VERSION_EXTRA            "O"
-#define QWLAN_VERSION_BUILD            32
+#define QWLAN_VERSION_EXTRA            "A"
+#define QWLAN_VERSION_BUILD            34
 
-#define QWLAN_VERSIONSTR               "5.1.0.32O"
+#define QWLAN_VERSIONSTR               "5.1.0.34A"
 
 #endif /* QWLAN_VERSION_H */

core/mac/inc/sir_api.h

@@ -3226,6 +3226,7 @@ typedef struct {
  * @is_iwpriv_command: Set 1 for iwpriv command
  * @ini_triggered: triggered using ini
  * @user_triggered: triggered by user
+ * @size: pktlog buffer size
  */
 struct sir_wifi_start_log {
 	uint32_t ring_id;
@@ -3233,6 +3234,7 @@ struct sir_wifi_start_log {
 	uint32_t is_iwpriv_command;
 	bool ini_triggered;
 	uint8_t user_triggered;
+	int size;
 };
 
 

core/mac/src/pe/lim/lim_admit_control.c

@@ -933,7 +933,6 @@ lim_send_hal_msg_add_ts(tpAniSirGlobal pMac,
 		return eSIR_MEM_ALLOC_FAILED;
 	}
 
-	qdf_mem_set((uint8_t *) pAddTsParam, sizeof(tAddTsParams), 0);
 	pAddTsParam->staIdx = staIdx;
 	pAddTsParam->tspecIdx = tspecIdx;
 	qdf_mem_copy(&pAddTsParam->tspec, &tspecIE, sizeof(tSirMacTspecIE));
@@ -997,7 +996,6 @@ lim_send_hal_msg_del_ts(tpAniSirGlobal pMac,
 	msg.type = WMA_DEL_TS_REQ;
 	msg.bodyptr = pDelTsParam;
 	msg.bodyval = 0;
-	qdf_mem_set((uint8_t *) pDelTsParam, sizeof(tDelTsParams), 0);
 
 	/* filling message parameters. */
 	pDelTsParam->staIdx = staIdx;

core/mac/src/pe/lim/lim_api.c

@@ -779,9 +779,6 @@ tSirRetStatus pe_open(tpAniSirGlobal pMac, struct cds_config_info *cds_cfg)
 		goto pe_open_psession_fail;
 	}
 
-	qdf_mem_set(pMac->lim.gpSession,
-		    sizeof(tPESession) * pMac->lim.maxBssId, 0);
-
 	pMac->lim.mgmtFrameSessionId = 0xff;
 	pMac->lim.tdls_frm_session_id = NO_SESSION;
 	pMac->lim.deferredMsgCnt = 0;
@@ -2045,7 +2042,6 @@ QDF_STATUS pe_roam_synch_callback(tpAniSirGlobal mac_ctx,
 		mac_ctx->roam.pReassocResp = NULL;
 		return QDF_STATUS_E_NOMEM;
 	}
-	qdf_mem_zero(roam_sync_ind_ptr->join_rsp, join_rsp_len);
 
 	lim_log(mac_ctx, LOG1, FL("Session RicLength = %d"),
 			ft_session_ptr->RICDataLen);

core/mac/src/pe/lim/lim_assoc_utils.c

@@ -585,6 +585,7 @@ lim_cleanup_rx_path(tpAniSirGlobal pMac, tpDphHashNode pStaDs,
 			 * Release our assigned AID back to the free pool
 			 */
 			if (LIM_IS_AP_ROLE(psessionEntry)) {
+				lim_del_sta(pMac, pStaDs, false, psessionEntry);
 				lim_release_peer_idx(pMac, pStaDs->assocId,
 						     psessionEntry);
 			}
@@ -2148,7 +2149,6 @@ lim_add_sta(tpAniSirGlobal mac_ctx,
 			FL("Unable to allocate memory during ADD_STA"));
 		return eSIR_MEM_ALLOC_FAILED;
 	}
-	qdf_mem_set((uint8_t *) add_sta_params, sizeof(tAddStaParams), 0);
 
 	if (LIM_IS_AP_ROLE(session_entry) || LIM_IS_IBSS_ROLE(session_entry) ||
 		LIM_IS_NDI_ROLE(session_entry))
@@ -2558,8 +2558,6 @@ lim_del_sta(tpAniSirGlobal pMac,
 		return eSIR_MEM_ALLOC_FAILED;
 	}
 
-	qdf_mem_set((uint8_t *) pDelStaParams, sizeof(tDeleteStaParams), 0);
-
 	/* */
 	/* DPH contains the STA index only for "peer" STA entries. */
 	/* LIM global contains "self" STA index */
@@ -2703,7 +2701,6 @@ lim_add_sta_self(tpAniSirGlobal pMac, uint16_t staIdx, uint8_t updateSta,
 			FL("Unable to allocate memory during ADD_STA"));
 		return eSIR_MEM_ALLOC_FAILED;
 	}
-	qdf_mem_set((uint8_t *) pAddStaParams, sizeof(tAddStaParams), 0);
 
 	/* / Add STA context at MAC HW (BMU, RHP & TFP) */
 	qdf_mem_copy((uint8_t *) pAddStaParams->staMac,
@@ -3361,7 +3358,6 @@ lim_del_bss(tpAniSirGlobal pMac, tpDphHashNode pStaDs, uint16_t bssIdx,
 			FL("Unable to allocate memory during ADD_BSS"));
 		return eSIR_MEM_ALLOC_FAILED;
 	}
-	qdf_mem_set((uint8_t *) pDelBssParams, sizeof(tDeleteBssParams), 0);
 
 	pDelBssParams->sessionId = psessionEntry->peSessionId; /* update PE session Id */
 
@@ -3559,9 +3555,7 @@ tSirRetStatus lim_sta_send_add_bss(tpAniSirGlobal pMac, tpSirAssocRsp pAssocRsp,
 			FL("Unable to allocate memory during ADD_BSS"));
 		retCode = eSIR_MEM_ALLOC_FAILED;
 		goto returnFailure;
-	} else
-		qdf_mem_set((uint8_t *) pAddBssParams, sizeof(tAddBssParams),
-			    0);
+	}
 
 	qdf_mem_copy(pAddBssParams->bssId, bssDescription->bssId,
 		     sizeof(tSirMacAddr));
@@ -4101,8 +4095,6 @@ tSirRetStatus lim_sta_send_add_bss_pre_assoc(tpAniSirGlobal pMac, uint8_t update
 		goto returnFailure;
 	}
 
-	qdf_mem_set((uint8_t *) pAddBssParams, sizeof(tAddBssParams), 0);
-
 	lim_extract_ap_capabilities(pMac, (uint8_t *) bssDescription->ieFields,
 			lim_get_ielen_from_bss_description(bssDescription),
 			pBeaconStruct);
@@ -4804,7 +4796,6 @@ void lim_send_sme_unprotected_mgmt_frame_ind(tpAniSirGlobal pMac, uint8_t frameT
 				("AllocateMemory failed for tSirSmeUnprotectedMgmtFrameInd"));
 		return;
 	}
-	qdf_mem_set((void *)pSirSmeMgmtFrame, length, 0);
 
 	pSirSmeMgmtFrame->sessionId = sessionId;
 	pSirSmeMgmtFrame->frameType = frameType;
@@ -4847,7 +4838,6 @@ void lim_send_sme_tsm_ie_ind(tpAniSirGlobal pMac, tpPESession psessionEntry,
 			FL("AllocateMemory failed for tSirSmeTsmIEInd"));
 		return;
 	}
-	qdf_mem_set((void *)pSirSmeTsmIeInd, sizeof(tSirSmeTsmIEInd), 0);
 
 	pSirSmeTsmIeInd->sessionId = psessionEntry->smeSessionId;
 	pSirSmeTsmIeInd->tsmIe.tsid = tid;

core/mac/src/pe/lim/lim_ft.c

@@ -157,8 +157,6 @@ void lim_ft_prepare_add_bss_req(tpAniSirGlobal pMac,
 		return;
 	}
 
-	qdf_mem_set((uint8_t *) pAddBssParams, sizeof(tAddBssParams), 0);
-
 	lim_extract_ap_capabilities(pMac, (uint8_t *) bssDescription->ieFields,
 			lim_get_ielen_from_bss_description(bssDescription),
 			pBeaconStruct);
@@ -862,7 +860,6 @@ lim_ft_send_aggr_qos_rsp(tpAniSirGlobal pMac, uint8_t rspReqd,
 			FL("AllocateMemory failed for tSirAggrQosRsp"));
 		return;
 	}
-	qdf_mem_set((uint8_t *) rsp, sizeof(*rsp), 0);
 	rsp->messageType = eWNI_SME_FT_AGGR_QOS_RSP;
 	rsp->sessionId = smesessionId;
 	rsp->length = sizeof(*rsp);
@@ -991,7 +988,6 @@ tSirRetStatus lim_process_ft_aggr_qos_req(tpAniSirGlobal pMac, uint32_t *pMsgBuf
 		return eSIR_FAILURE;
 	}
 
-	qdf_mem_set((uint8_t *) pAggrAddTsParam, sizeof(tAggrAddTsParams), 0);
 	pAggrAddTsParam->staIdx = psessionEntry->staId;
 	/* Fill in the sessionId specific to PE */
 	pAggrAddTsParam->sessionId = sessionId;

core/mac/src/pe/lim/lim_ft_preauth.c

@@ -597,7 +597,6 @@ void lim_post_ft_pre_auth_rsp(tpAniSirGlobal mac_ctx,
 		QDF_ASSERT(ft_pre_auth_rsp != NULL);
 		return;
 	}
-	qdf_mem_zero(ft_pre_auth_rsp, rsp_len);
 
 	lim_log(mac_ctx, LOG1, FL("Auth Rsp = %p"), ft_pre_auth_rsp);
 	if (session) {
@@ -679,8 +678,6 @@ QDF_STATUS lim_send_preauth_scan_offload(tpAniSirGlobal mac_ctx,
 		return QDF_STATUS_E_NOMEM;
 	}
 
-	qdf_mem_zero(scan_offload_req, sizeof(tSirScanOffloadReq));
-
 	msg.type = WMA_START_SCAN_OFFLOAD_REQ;
 	msg.bodyptr = scan_offload_req;
 	msg.bodyval = 0;

core/mac/src/pe/lim/lim_ibss_peer_mgmt.c

@@ -1123,6 +1123,8 @@ __lim_ibss_search_and_delete_peer(tpAniSirGlobal mac_ptr,
 						mac_ptr->lim.gLimIbssPeerList;
 				} else
 					prev_node->next = temp_node->next;
+				if (temp_node->beacon)
+					qdf_mem_free(temp_node->beacon);
 
 				qdf_mem_free(temp_node);
 				mac_ptr->lim.gLimNumIbssPeers--;
@@ -1667,6 +1669,8 @@ void lim_ibss_heart_beat_handle(tpAniSirGlobal mac_ctx, tpPESession session)
 				prevnode->next = tempnode->next;
 			}
 
+			if (tempnode->beacon)
+				qdf_mem_free(tempnode->beacon);
 			qdf_mem_free(tempnode);
 			mac_ctx->lim.gLimNumIbssPeers--;
 

core/mac/src/pe/lim/lim_p2p.c

@@ -90,8 +90,6 @@ static QDF_STATUS lim_send_hal_req_remain_on_chan_offload(tpAniSirGlobal pMac,
 		return QDF_STATUS_E_NOMEM;
 	}
 
-	qdf_mem_zero(pScanOffloadReq, sizeof(tSirScanOffloadReq));
-
 	msg.type = WMA_START_SCAN_OFFLOAD_REQ;
 	msg.bodyptr = pScanOffloadReq;
 	msg.bodyval = 0;
@@ -390,7 +388,6 @@ void lim_send_sme_mgmt_frame_ind(tpAniSirGlobal pMac, uint8_t frameType,
 			FL("AllocateMemory failed for eWNI_SME_LISTEN_RSP"));
 		return;
 	}
-	qdf_mem_set((void *)pSirSmeMgmtFrame, length, 0);
 
 	pSirSmeMgmtFrame->frame_len = frameLen;
 	pSirSmeMgmtFrame->sessionId = sessionId;
@@ -410,10 +407,11 @@ void lim_send_sme_mgmt_frame_ind(tpAniSirGlobal pMac, uint8_t frameType,
 	return;
 }
 
-QDF_STATUS lim_p2p_action_cnf(tpAniSirGlobal pMac, uint32_t txCompleteSuccess)
+QDF_STATUS lim_p2p_action_cnf(tpAniSirGlobal pMac, uint32_t tx_status)
 {
 	QDF_STATUS status;
 	uint32_t mgmt_frame_sessionId;
+	bool tx_complete_ack = (tx_status) ? false : true;
 
 	status = pe_acquire_global_lock(&pMac->lim);
 	if (QDF_IS_STATUS_SUCCESS(status)) {
@@ -432,7 +430,7 @@ QDF_STATUS lim_p2p_action_cnf(tpAniSirGlobal pMac, uint32_t txCompleteSuccess)
 					 mgmt_frame_sessionId);
 			if (pMac->p2p_ack_ind_cb)
 				pMac->p2p_ack_ind_cb(mgmt_frame_sessionId,
-							txCompleteSuccess);
+						     tx_complete_ack);
 		}
 	}
 
@@ -754,7 +752,6 @@ tSirRetStatus __lim_process_sme_no_a_update(tpAniSirGlobal pMac, uint32_t *pMsgB
 		return eSIR_MEM_ALLOC_FAILED;
 	}
 
-	qdf_mem_set((uint8_t *) pMsgNoA, sizeof(tP2pPsConfig), 0);
 	pMsgNoA->opp_ps = pNoA->opp_ps;
 	pMsgNoA->ctWindow = pNoA->ctWindow;
 	pMsgNoA->duration = pNoA->duration;

core/mac/src/pe/lim/lim_process_action_frame.c

@@ -422,8 +422,6 @@ lim_process_ext_channel_switch_action_frame(tpAniSirGlobal mac_ctx,
 			return;
 		}
 
-		qdf_mem_zero(ext_cng_chan_ind,
-			sizeof(*ext_cng_chan_ind));
 		ext_cng_chan_ind->session_id =
 					session_entry->smeSessionId;
 
@@ -638,6 +636,11 @@ static void __lim_process_gid_management_action_frame(tpAniSirGlobal mac_ctx,
 	}
 	sta_ptr = dph_lookup_hash_entry(mac_ctx, mac_hdr->sa, &aid,
 			&session->dph.dphHashTable);
+	if (!sta_ptr) {
+		lim_log(mac_ctx, LOGE,
+			FL("Failed to get STA entry from hash table"));
+		goto out;
+	}
 	lim_log(mac_ctx, LOGE,
 		FL("received Gid Management Action Frame , staIdx = %d"),
 		sta_ptr->staIndex);
@@ -1546,10 +1549,9 @@ static void __lim_process_sa_query_request_action_frame(tpAniSirGlobal pMac,
 		return;
 
 	/* 11w offload is enabled then firmware should not fwd this frame */
-	if (pMac->pmf_offload) {
+	if (LIM_IS_STA_ROLE(psessionEntry) && pMac->pmf_offload) {
 		lim_log(pMac, LOGE,
-			FL("11w offload is enabled, SA Query request is not expected ")
-			);
+			FL("11w offload enabled, SA Query req isn't expected"));
 		return;
 	}
 

core/mac/src/pe/lim/lim_process_assoc_req_frame.c

@@ -1775,6 +1775,15 @@ void lim_process_assoc_req_frame(tpAniSirGlobal mac_ctx, uint8_t *rx_pkt_info,
 			     WMA_GET_RX_MPDU_DATA(rx_pkt_info), frame_len);
 		return;
 	}
+	if (session->limMlmState == eLIM_MLM_WT_DEL_BSS_RSP_STATE) {
+		lim_log(mac_ctx, LOGE, FL("drop ASSOC REQ on sessionid: %d "
+			"role=%d from: "MAC_ADDRESS_STR" in limMlmState %d"),
+			session->peSessionId,
+			GET_LIM_SYSTEM_ROLE(session),
+			MAC_ADDR_ARRAY(hdr->sa),
+			eLIM_MLM_WT_DEL_BSS_RSP_STATE);
+		return;
+	}
 
 	/*
 	 * If a STA is already present in DPH and it is initiating a Assoc
@@ -1863,7 +1872,6 @@ void lim_process_assoc_req_frame(tpAniSirGlobal mac_ctx, uint8_t *rx_pkt_info,
 			FL("Allocate Memory failed in assoc_req"));
 		return;
 	}
-	qdf_mem_set((void *)assoc_req, sizeof(*assoc_req), 0);
 
 	/* Parse Assoc Request frame */
 	if (false == lim_chk_assoc_req_parse_error(mac_ctx, hdr, session,
@@ -2198,7 +2206,6 @@ void lim_send_mlm_assoc_ind(tpAniSirGlobal mac_ctx,
 				FL("AllocateMemory failed for assoc_ind"));
 			return;
 		}
-		qdf_mem_set(assoc_ind, temp, 0);
 		qdf_mem_copy((uint8_t *) assoc_ind->peerMacAddr,
 			(uint8_t *) sta_ds->staAddr, sizeof(tSirMacAddr));
 		assoc_ind->aid = sta_ds->assocId;

core/mac/src/pe/lim/lim_process_message_queue.c

@@ -521,7 +521,6 @@ __lim_pno_match_fwd_bcn_probepsp(tpAniSirGlobal pmac, uint8_t *rx_pkt_info,
 	}
 	hdr = WMA_GET_RX_MAC_HEADER(rx_pkt_info);
 	body = WMA_GET_RX_MPDU_DATA(rx_pkt_info);
-	qdf_mem_zero(result, sizeof(*result) + ie_len);
 
 	/* Received frame does not have request id, hence set 0 */
 	result->request_id = 0;
@@ -574,7 +573,6 @@ __lim_ext_scan_forward_bcn_probe_rsp(tpAniSirGlobal pmac, uint8_t *rx_pkt_info,
 	}
 	hdr = WMA_GET_RX_MAC_HEADER(rx_pkt_info);
 	body = WMA_GET_RX_MPDU_DATA(rx_pkt_info);
-	qdf_mem_zero(result, sizeof(*result) + ie_len);
 
 	/* Received frame does not have request id, hence set 0 */
 	result->requestId = 0;

core/mac/src/pe/lim/lim_process_mlm_host_roam.c

@@ -425,9 +425,6 @@ void lim_process_sta_mlm_add_bss_rsp_ft(tpAniSirGlobal pMac,
 			if (NULL ==
 				pMac->lim.pSessionEntry->pLimMlmReassocRetryReq)
 				goto end;
-			qdf_mem_set(pMac->lim.pSessionEntry->
-					pLimMlmReassocRetryReq,
-					sizeof(tLimMlmReassocReq), 0);
 			qdf_mem_copy(pMac->lim.pSessionEntry->
 					pLimMlmReassocRetryReq,
 					psessionEntry->pLimMlmReassocReq,
@@ -472,7 +469,6 @@ void lim_process_sta_mlm_add_bss_rsp_ft(tpAniSirGlobal pMac,
 			FL("Unable to allocate memory during ADD_STA"));
 		goto end;
 	}
-	qdf_mem_set((uint8_t *) pAddStaParams, sizeof(tAddStaParams), 0);
 
 	/* / Add STA context at MAC HW (BMU, RHP & TFP) */
 	qdf_mem_copy((uint8_t *) pAddStaParams->staMac,

core/mac/src/pe/lim/lim_process_mlm_req_messages.c

@@ -491,7 +491,6 @@ lim_mlm_add_bss(tpAniSirGlobal mac_ctx,
 		return eSIR_MEM_ALLOC_FAILED;
 	}
 
-	qdf_mem_set(addbss_param, sizeof(tAddBssParams), 0);
 	/* Fill in tAddBssParams members */
 	qdf_mem_copy(addbss_param->bssId, mlm_start_req->bssId,
 		     sizeof(tSirMacAddr));

core/mac/src/pe/lim/lim_process_mlm_rsp_messages.c

@@ -586,8 +586,6 @@ void lim_process_mlm_auth_cnf(tpAniSirGlobal mac_ctx, uint32_t *msg)
 				FL("mlmAuthReq :Memory alloc failed "));
 			return;
 		}
-		qdf_mem_set((uint8_t *) auth_req,
-			sizeof(tLimMlmAuthReq), 0);
 		if (session_entry->limSmeState ==
 			eLIM_SME_WT_AUTH_STATE) {
 			sir_copy_mac_addr(auth_req->peerMacAddr,
@@ -3197,7 +3195,6 @@ void lim_send_beacon_ind(tpAniSirGlobal pMac, tpPESession psessionEntry)
 		       )
 		return;
 	}
-	qdf_mem_set(pBeaconGenParams, sizeof(*pBeaconGenParams), 0);
 	qdf_mem_copy((void *)pBeaconGenParams->bssId,
 		     (void *)psessionEntry->bssId, QDF_MAC_ADDR_SIZE);
 	limMsg.bodyptr = pBeaconGenParams;

core/mac/src/pe/lim/lim_process_sme_req_messages.c

@@ -157,8 +157,6 @@ static QDF_STATUS lim_process_set_hw_mode(tpAniSirGlobal mac, uint32_t *msg)
 		return QDF_STATUS_E_NOMEM;
 	}
 
-	qdf_mem_zero(req_msg, len);
-
 	req_msg->hw_mode_index = buf->set_hw.hw_mode_index;
 	req_msg->reason = buf->set_hw.reason;
 	/* Other parameters are not needed for WMA */
@@ -230,8 +228,6 @@ static QDF_STATUS lim_process_set_dual_mac_cfg_req(tpAniSirGlobal mac,
 		return QDF_STATUS_E_NOMEM;
 	}
 
-	qdf_mem_zero(req_msg, len);
-
 	req_msg->scan_config = buf->set_dual_mac.scan_config;
 	req_msg->fw_mode_config = buf->set_dual_mac.fw_mode_config;
 	/* Other parameters are not needed for WMA */
@@ -676,7 +672,6 @@ __lim_handle_sme_start_bss_request(tpAniSirGlobal mac_ctx, uint32_t *msg_buf)
 			goto end;
 		}
 
-		qdf_mem_set((void *)sme_start_bss_req, size, 0);
 		qdf_mem_copy(sme_start_bss_req, msg_buf,
 			sizeof(tSirSmeStartBssReq));
 		if (!lim_is_sme_start_bss_req_valid(mac_ctx,
@@ -880,9 +875,6 @@ __lim_handle_sme_start_bss_request(tpAniSirGlobal mac_ctx, uint32_t *msg_buf)
 				ret_code = eSIR_SME_RESOURCES_UNAVAILABLE;
 				goto free;
 			}
-			qdf_mem_set(session->parsedAssocReq,
-					(session->dph.dphHashTable.size *
-					sizeof(tpSirAssocReq)), 0);
 		}
 
 		if (!sme_start_bss_req->channelId &&
@@ -975,8 +967,6 @@ __lim_handle_sme_start_bss_request(tpAniSirGlobal mac_ctx, uint32_t *msg_buf)
 			goto free;
 		}
 
-		qdf_mem_set((void *)mlm_start_req, sizeof(tLimMlmStartReq), 0);
-
 		/* Copy SSID to the MLM start structure */
 		qdf_mem_copy((uint8_t *) &mlm_start_req->ssId,
 			     (uint8_t *) &sme_start_bss_req->ssId,
@@ -1288,8 +1278,6 @@ static QDF_STATUS lim_send_hal_start_scan_offload_req(tpAniSirGlobal pMac,
 		return QDF_STATUS_E_NOMEM;
 	}
 
-	qdf_mem_set((uint8_t *) pScanOffloadReq, len, 0);
-
 	msg.type = WMA_START_SCAN_OFFLOAD_REQ;
 	msg.bodyptr = pScanOffloadReq;
 	msg.bodyval = 0;
@@ -1584,7 +1572,6 @@ __lim_process_sme_join_req(tpAniSirGlobal mac_ctx, uint32_t *msg_buf)
 			ret_code = eSIR_SME_RESOURCES_UNAVAILABLE;
 			goto end;
 		}
-		(void)qdf_mem_set((void *)sme_join_req, n_size, 0);
 		(void)qdf_mem_copy((void *)sme_join_req, (void *)msg_buf,
 			n_size);
 
@@ -1872,7 +1859,6 @@ __lim_process_sme_join_req(tpAniSirGlobal mac_ctx, uint32_t *msg_buf)
 			ret_code = eSIR_SME_RESOURCES_UNAVAILABLE;
 			goto end;
 		}
-		(void)qdf_mem_set((void *)mlm_join_req, val, 0);
 
 		/* PE SessionId is stored as a part of JoinReq */
 		mlm_join_req->sessionId = session->peSessionId;
@@ -2097,7 +2083,6 @@ static void __lim_process_sme_reassoc_req(tpAniSirGlobal mac_ctx,
 		ret_code = eSIR_SME_RESOURCES_UNAVAILABLE;
 		goto end;
 	}
-	(void)qdf_mem_set((void *)reassoc_req, size, 0);
 	(void)qdf_mem_copy((void *)reassoc_req, (void *)msg_buf, size);
 
 	if (!lim_is_sme_join_req_valid(mac_ctx,
@@ -4180,9 +4165,12 @@ static void __lim_process_roam_scan_offload_req(tpAniSirGlobal mac_ctx,
 	if (local_ie_len &&
 		!lim_update_ext_cap_ie(mac_ctx, req_buffer->assoc_ie.addIEdata,
 					local_ie_buf, &local_ie_len)) {
-		req_buffer->assoc_ie.length = local_ie_len;
-		qdf_mem_copy(req_buffer->assoc_ie.addIEdata, local_ie_buf,
-				local_ie_len);
+		if (local_ie_len <=
+		    QDF_ARRAY_SIZE(req_buffer->assoc_ie.addIEdata)) {
+			req_buffer->assoc_ie.length = local_ie_len;
+			qdf_mem_copy(req_buffer->assoc_ie.addIEdata,
+				     local_ie_buf, local_ie_len);
+		}
 	}
 	qdf_mem_free(local_ie_buf);
 
@@ -4648,11 +4636,12 @@ skip_match:
 	}
 	if (match) {
 		qdf_mutex_acquire(&mac_ctx->lim.lim_frame_register_lock);
-		qdf_list_remove_node(
+		if (QDF_STATUS_SUCCESS ==
+				qdf_list_remove_node(
 				&mac_ctx->lim.gLimMgmtFrameRegistratinQueue,
-				(qdf_list_node_t *)lim_mgmt_regn);
+				(qdf_list_node_t *)lim_mgmt_regn))
+			qdf_mem_free(lim_mgmt_regn);
 		qdf_mutex_release(&mac_ctx->lim.lim_frame_register_lock);
-		qdf_mem_free(lim_mgmt_regn);
 	}
 
 	if (sme_req->registerFrame) {
@@ -4660,9 +4649,6 @@ skip_match:
 			qdf_mem_malloc(sizeof(struct mgmt_frm_reg_info) +
 					sme_req->matchLen);
 		if (lim_mgmt_regn != NULL) {
-			qdf_mem_set((void *)lim_mgmt_regn,
-				    sizeof(struct mgmt_frm_reg_info) +
-				    sme_req->matchLen, 0);
 			lim_mgmt_regn->frameType = sme_req->frameType;
 			lim_mgmt_regn->matchLen = sme_req->matchLen;
 			lim_mgmt_regn->sessionId = sme_req->sessionId;

core/mac/src/pe/lim/lim_process_tdls.c

@@ -3316,9 +3316,6 @@ tSirRetStatus lim_process_sme_tdls_link_establish_req(tpAniSirGlobal mac_ctx,
 		return eSIR_MEM_ALLOC_FAILED;
 	}
 
-	qdf_mem_set((uint8_t *) tdls_req_params,
-		    sizeof(tTdlsLinkEstablishParams), 0);
-
 	tdls_req_params->staIdx = stads->staIndex;
 	tdls_req_params->isResponder = tdls_req->isResponder;
 	tdls_req_params->uapsdQueues = tdls_req->uapsdQueues;

core/mac/src/pe/lim/lim_prop_exts_utils.c

@@ -127,7 +127,6 @@ lim_extract_ap_capability(tpAniSirGlobal mac_ctx, uint8_t *p_ie,
 		return;
 	}
 
-	qdf_mem_set((uint8_t *) beacon_struct, sizeof(tSirProbeRespBeacon), 0);
 	*qos_cap = 0;
 	*prop_cap = 0;
 	*uapsd = 0;

core/mac/src/pe/lim/lim_scan_result_utils.c

@@ -389,8 +389,6 @@ lim_check_and_add_bss_description(tpAniSirGlobal mac_ctx,
 		return;
 	}
 
-	qdf_mem_zero(bssdescr, frame_len);
-
 	/* In scan state, store scan result. */
 	lim_collect_bss_description(mac_ctx, bssdescr, bpr, rx_packet_info,
 				    scanning);

core/mac/src/pe/lim/lim_security_utils.c

@@ -842,9 +842,7 @@ void lim_send_set_bss_key_req(tpAniSirGlobal pMac,
 		/* Respond to SME with error code */
 		mlmSetKeysCnf.resultCode = eSIR_SME_RESOURCES_UNAVAILABLE;
 		goto end;
-	} else
-		qdf_mem_set((void *)pSetBssKeyParams,
-			    sizeof(tSetBssKeyParams), 0);
+	}
 
 	/* Update the WMA_SET_BSSKEY_REQ parameters */
 	pSetBssKeyParams->bssIdx = psessionEntry->bssIdx;
@@ -943,9 +941,7 @@ void lim_send_set_sta_key_req(tpAniSirGlobal pMac,
 		lim_log(pMac, LOGP,
 			FL("Unable to allocate memory during SET_BSSKEY"));
 		return;
-	} else
-		qdf_mem_set((void *)pSetStaKeyParams, sizeof(tSetStaKeyParams),
-			    0);
+	}
 
 	/* Update the WMA_SET_STAKEY_REQ parameters */
 	pSetStaKeyParams->staIdx = staIdx;

core/mac/src/pe/lim/lim_send_frames_host_roam.c

@@ -487,7 +487,6 @@ void lim_send_retry_reassoc_req_frame(tpAniSirGlobal pMac,
 		pTmpMlmReassocReq = qdf_mem_malloc(sizeof(tLimMlmReassocReq));
 		if (NULL == pTmpMlmReassocReq)
 			goto end;
-		qdf_mem_set(pTmpMlmReassocReq, sizeof(tLimMlmReassocReq), 0);
 		qdf_mem_copy(pTmpMlmReassocReq, pMlmReassocReq,
 			     sizeof(tLimMlmReassocReq));
 	}

core/mac/src/pe/lim/lim_send_management_frames.c

@@ -579,8 +579,6 @@ lim_send_probe_rsp_mgmt_frame(tpAniSirGlobal mac_ctx,
 		return;
 	}
 
-	qdf_mem_zero(&extracted_ext_cap, sizeof(extracted_ext_cap));
-
 	/*
 	 * Fill out 'frm', after which we'll just hand the struct off to
 	 * 'dot11f_pack_probe_response'.
@@ -1659,8 +1657,6 @@ lim_send_assoc_req_mgmt_frame(tpAniSirGlobal mac_ctx,
 		return;
 	}
 
-	qdf_mem_set((uint8_t *) frm, sizeof(tDot11fAssocRequest), 0);
-
 	if (add_ie_len && pe_session->is_ext_caps_present) {
 		qdf_mem_set((uint8_t *) &extr_ext_cap, sizeof(tDot11fIEExtCap),
 			    0);
@@ -4023,7 +4019,6 @@ lim_send_radio_measure_report_action_frame(tpAniSirGlobal pMac,
 		qdf_mem_free(frm);
 		return eSIR_FAILURE;
 	}
-	qdf_mem_set((uint8_t *) frm, sizeof(*frm), 0);
 
 	frm->Category.category = SIR_MAC_ACTION_RRM;
 	frm->Action.action = SIR_MAC_RRM_RADIO_MEASURE_RPT;

core/mac/src/pe/lim/lim_send_messages.c

@@ -103,7 +103,6 @@ tSirRetStatus lim_send_cf_params(tpAniSirGlobal pMac, uint8_t bssIdx,
 		retCode = eSIR_MEM_ALLOC_FAILED;
 		goto returnFailure;
 	}
-	qdf_mem_set((uint8_t *) pCFParams, sizeof(tUpdateCFParams), 0);
 	pCFParams->cfpCount = cfpCount;
 	pCFParams->cfpPeriod = cfpPeriod;
 	pCFParams->bssIdx = bssIdx;
@@ -227,7 +226,6 @@ tSirRetStatus lim_send_switch_chnl_params(tpAniSirGlobal pMac,
 			"Unable to allocate memory for Switch Ch Params"));
 		return eSIR_MEM_ALLOC_FAILED;
 	}
-	qdf_mem_set((uint8_t *) pChnlParams, sizeof(tSwitchChannelParams), 0);
 	pChnlParams->channelNumber = chnlNumber;
 	pChnlParams->ch_center_freq_seg0 = ch_center_freq_seg0;
 	pChnlParams->ch_center_freq_seg1 = ch_center_freq_seg1;
@@ -491,7 +489,6 @@ tSirRetStatus lim_set_link_state(tpAniSirGlobal pMac, tSirLinkState state,
 		retCode = eSIR_MEM_ALLOC_FAILED;
 		return retCode;
 	}
-	qdf_mem_set((uint8_t *) pLinkStateParams, sizeof(tLinkStateParams), 0);
 	pLinkStateParams->state = state;
 	pLinkStateParams->callback = callback;
 	pLinkStateParams->callbackArg = callbackArg;
@@ -534,7 +531,6 @@ extern tSirRetStatus lim_set_link_state_ft(tpAniSirGlobal pMac, tSirLinkState
 		retCode = eSIR_MEM_ALLOC_FAILED;
 		return retCode;
 	}
-	qdf_mem_set((uint8_t *) pLinkStateParams, sizeof(tLinkStateParams), 0);
 	pLinkStateParams->state = state;
 	/* Copy Mac address */
 	sir_copy_mac_addr(pLinkStateParams->bssid, bssId);
@@ -593,7 +589,6 @@ tSirRetStatus lim_send_beacon_filter_info(tpAniSirGlobal pMac,
 		retCode = eSIR_MEM_ALLOC_FAILED;
 		return retCode;
 	}
-	qdf_mem_set((uint8_t *) pBeaconFilterMsg, msgSize, 0);
 	/* Fill in capability Info and mask */
 	/* Don't send this message if no active Infra session is found. */
 	pBeaconFilterMsg->capabilityInfo = psessionEntry->limCurrentBssCaps;

core/mac/src/pe/lim/lim_send_sme_rsp_messages.c

@@ -462,7 +462,6 @@ lim_send_sme_join_reassoc_rsp(tpAniSirGlobal mac_ctx, uint16_t msg_type,
 			return;
 		}
 
-		qdf_mem_set((uint8_t *) sme_join_rsp, rsp_len, 0);
 		sme_join_rsp->beaconLength = 0;
 		sme_join_rsp->assocReqLength = 0;
 		sme_join_rsp->assocRspLength = 0;
@@ -480,7 +479,6 @@ lim_send_sme_join_reassoc_rsp(tpAniSirGlobal mac_ctx, uint16_t msg_type,
 				FL("MemAlloc fail - JOIN/REASSOC_RSP"));
 			return;
 		}
-		qdf_mem_set((uint8_t *) sme_join_rsp, rsp_len, 0);
 		if (result_code == eSIR_SME_SUCCESS) {
 			sta_ds = dph_get_hash_entry(mac_ctx,
 				DPH_STA_HASH_INDEX_PEER,
@@ -592,8 +590,6 @@ lim_send_sme_start_bss_rsp(tpAniSirGlobal pMac,
 					("call to AllocateMemory failed for eWNI_SME_START_BSS_RSP"));
 			return;
 		}
-		qdf_mem_set((uint8_t *) pSirSmeRsp, size, 0);
-
 	} else {
 		/* subtract size of beaconLength + Mac Hdr + Fixed Fields before SSID */
 		ieOffset = sizeof(tAniBeaconStruct) + SIR_MAC_B_PR_SSID_OFFSET;
@@ -611,7 +607,6 @@ lim_send_sme_start_bss_rsp(tpAniSirGlobal pMac,
 
 			return;
 		}
-		qdf_mem_set((uint8_t *) pSirSmeRsp, size, 0);
 		size = sizeof(tSirSmeStartBssRsp);
 		if (resultCode == eSIR_SME_SUCCESS) {
 
@@ -769,7 +764,6 @@ lim_post_sme_scan_rsp_message(tpAniSirGlobal pMac,
 			FL("AllocateMemory failed for eWNI_SME_SCAN_RSP"));
 		return;
 	}
-	qdf_mem_set((void *)pSirSmeScanRsp, sizeof(tSirSmeScanRsp), 0);
 
 	pSirSmeScanRsp->messageType = eWNI_SME_SCAN_RSP;
 	pSirSmeScanRsp->statusCode = resultCode;
@@ -1697,7 +1691,6 @@ lim_send_sme_addts_rsp(tpAniSirGlobal pMac, uint8_t rspReqd, uint32_t status,
 		return;
 	}
 
-	qdf_mem_set((uint8_t *) rsp, sizeof(*rsp), 0);
 	rsp->messageType = eWNI_SME_ADDTS_RSP;
 	rsp->rc = status;
 	rsp->rsp.status = (enum eSirMacStatusCodes)status;
@@ -1746,7 +1739,6 @@ lim_send_sme_delts_rsp(tpAniSirGlobal pMac, tpSirDeltsReq delts, uint32_t status
 		lim_log(pMac, LOGP, FL("AllocateMemory failed for DELTS_RSP"));
 		return;
 	}
-	qdf_mem_set((uint8_t *) rsp, sizeof(*rsp), 0);
 
 	if (psessionEntry != NULL) {
 
@@ -1797,7 +1789,6 @@ lim_send_sme_delts_ind(tpAniSirGlobal pMac, tpSirDeltsReqInfo delts, uint16_t ai
 		lim_log(pMac, LOGP, FL("AllocateMemory failed for DELTS_IND"));
 		return;
 	}
-	qdf_mem_set((uint8_t *) rsp, sizeof(*rsp), 0);
 
 	rsp->messageType = eWNI_SME_DELTS_IND;
 	rsp->rc = eSIR_SUCCESS;
@@ -1949,9 +1940,6 @@ lim_send_sme_ibss_peer_ind(tpAniSirGlobal pMac,
 		return;
 	}
 
-	qdf_mem_set((void *)pNewPeerInd, (sizeof(tSmeIbssPeerInd) + beaconLen),
-		    0);
-
 	qdf_mem_copy((uint8_t *) pNewPeerInd->peer_addr.bytes,
 		     peerMacAddr, QDF_MAC_ADDR_SIZE);
 	pNewPeerInd->staId = staIndex;
@@ -1974,6 +1962,76 @@ lim_send_sme_ibss_peer_ind(tpAniSirGlobal pMac,
 
 }
 
+/**
+ * lim_process_csa_wbw_ie() - Process CSA Wide BW IE
+ * @mac_ctx:         pointer to global adapter context
+ * @csa_params:      pointer to CSA parameters
+ * @chnl_switch_info:pointer to channel switch parameters
+ * @session_entry:   session pointer
+ *
+ * Return: None
+ */
+static void lim_process_csa_wbw_ie(tpAniSirGlobal mac_ctx,
+		struct csa_offload_params *csa_params,
+		tLimWiderBWChannelSwitchInfo *chnl_switch_info,
+		tpPESession session_entry)
+{
+	struct ch_params_s ch_params = {0};
+	uint8_t ap_new_ch_width;
+	bool new_ch_width_dfn = false;
+	uint8_t center_freq_diff;
+
+	ap_new_ch_width = csa_params->new_ch_width + 1;
+	if ((ap_new_ch_width == CH_WIDTH_80MHZ) &&
+			csa_params->new_ch_freq_seg2) {
+		new_ch_width_dfn = true;
+		if (csa_params->new_ch_freq_seg2 >
+				csa_params->new_ch_freq_seg1)
+			center_freq_diff = csa_params->new_ch_freq_seg2 -
+				csa_params->new_ch_freq_seg1;
+		else
+			center_freq_diff = csa_params->new_ch_freq_seg1 -
+				csa_params->new_ch_freq_seg2;
+		if (center_freq_diff == CENTER_FREQ_DIFF_160MHz)
+			ap_new_ch_width = CH_WIDTH_160MHZ;
+		else if (center_freq_diff > CENTER_FREQ_DIFF_80P80MHz)
+			ap_new_ch_width = CH_WIDTH_80P80MHZ;
+		else
+			ap_new_ch_width = CH_WIDTH_80MHZ;
+	}
+	session_entry->gLimChannelSwitch.state =
+		eLIM_CHANNEL_SWITCH_PRIMARY_AND_SECONDARY;
+	if ((ap_new_ch_width == CH_WIDTH_160MHZ) &&
+			!new_ch_width_dfn) {
+		ch_params.ch_width = CH_WIDTH_160MHZ;
+		cds_set_channel_params(csa_params->channel, 0,
+				&ch_params);
+		ap_new_ch_width = ch_params.ch_width;
+		csa_params->new_ch_freq_seg1 = ch_params.center_freq_seg0;
+		csa_params->new_ch_freq_seg2 = ch_params.center_freq_seg1;
+	}
+	chnl_switch_info->newChanWidth = ap_new_ch_width;
+	chnl_switch_info->newCenterChanFreq0 = csa_params->new_ch_freq_seg1;
+	chnl_switch_info->newCenterChanFreq1 = csa_params->new_ch_freq_seg2;
+
+	if (session_entry->ch_width == ap_new_ch_width)
+		goto prnt_log;
+
+	if (session_entry->ch_width == CH_WIDTH_80MHZ) {
+		chnl_switch_info->newChanWidth = CH_WIDTH_80MHZ;
+		chnl_switch_info->newCenterChanFreq1 = 0;
+	} else {
+		session_entry->ch_width = ap_new_ch_width;
+		chnl_switch_info->newChanWidth = ap_new_ch_width;
+	}
+prnt_log:
+	lim_log(mac_ctx, LOG1,
+			FL("new channel: %d new_ch_width:%d seg0:%d seg1:%d"),
+			csa_params->channel,
+			chnl_switch_info->newChanWidth,
+			chnl_switch_info->newCenterChanFreq0,
+			chnl_switch_info->newCenterChanFreq1);
+}
 /**
  * lim_handle_csa_offload_msg() - Handle CSA offload message
  * @mac_ctx:         pointer to global adapter context
@@ -2023,182 +2081,181 @@ void lim_handle_csa_offload_msg(tpAniSirGlobal mac_ctx, tpSirMsgQ msg)
 		goto err;
 	}
 
-	if (LIM_IS_STA_ROLE(session_entry)) {
-		/*
-		 * on receiving channel switch announcement from AP, delete all
-		 * TDLS peers before leaving BSS and proceed for channel switch
-		 */
-		lim_delete_tdls_peers(mac_ctx, session_entry);
-
-		lim_ch_switch = &session_entry->gLimChannelSwitch;
-		session_entry->gLimChannelSwitch.switchMode =
-			csa_params->switch_mode;
-		/* timer already started by firmware, switch immediately */
-		session_entry->gLimChannelSwitch.switchCount = 0;
-		session_entry->gLimChannelSwitch.primaryChannel =
-			csa_params->channel;
-		session_entry->gLimChannelSwitch.state =
-			eLIM_CHANNEL_SWITCH_PRIMARY_ONLY;
-		session_entry->gLimChannelSwitch.ch_width = CH_WIDTH_20MHZ;
-		lim_ch_switch->sec_ch_offset =
-			session_entry->htSecondaryChannelOffset;
-		session_entry->gLimChannelSwitch.ch_center_freq_seg0 = 0;
-		session_entry->gLimChannelSwitch.ch_center_freq_seg1 = 0;
-		chnl_switch_info =
-			&session_entry->gLimWiderBWChannelSwitch;
+	if (!LIM_IS_STA_ROLE(session_entry)) {
+		lim_log(mac_ctx, LOG1, FL("Invalid role to handle CSA"));
+		goto err;
+	}
 
-		lim_log(mac_ctx, LOG1,
-			FL("vht:%d ht:%d flag:%x chan:%d seg1:%d seg2:%d width:%d country:%s class:%d"),
+	/*
+	 * on receiving channel switch announcement from AP, delete all
+	 * TDLS peers before leaving BSS and proceed for channel switch
+	 */
+	lim_delete_tdls_peers(mac_ctx, session_entry);
+
+	lim_ch_switch = &session_entry->gLimChannelSwitch;
+	session_entry->gLimChannelSwitch.switchMode =
+		csa_params->switch_mode;
+	/* timer already started by firmware, switch immediately */
+	session_entry->gLimChannelSwitch.switchCount = 0;
+	session_entry->gLimChannelSwitch.primaryChannel =
+		csa_params->channel;
+	session_entry->gLimChannelSwitch.state =
+		eLIM_CHANNEL_SWITCH_PRIMARY_ONLY;
+	session_entry->gLimChannelSwitch.ch_width = CH_WIDTH_20MHZ;
+	lim_ch_switch->sec_ch_offset =
+		session_entry->htSecondaryChannelOffset;
+	session_entry->gLimChannelSwitch.ch_center_freq_seg0 = 0;
+	session_entry->gLimChannelSwitch.ch_center_freq_seg1 = 0;
+	chnl_switch_info =
+		&session_entry->gLimWiderBWChannelSwitch;
+
+	lim_log(mac_ctx, LOG1,
+			FL("vht:%d ht:%d flag:%x chan:%d"),
 			session_entry->vhtCapability,
 			session_entry->htSupportedChannelWidthSet,
 			csa_params->ies_present_flag,
-			csa_params->channel, csa_params->new_ch_freq_seg1,
+			csa_params->channel);
+	lim_log(mac_ctx, LOG1,
+			FL("seg1:%d seg2:%d width:%d country:%s class:%d"),
+			csa_params->new_ch_freq_seg1,
 			csa_params->new_ch_freq_seg2,
 			csa_params->new_ch_width,
 			mac_ctx->scan.countryCodeCurrent,
 			csa_params->new_op_class);
 
-		if (session_entry->vhtCapability &&
-				session_entry->htSupportedChannelWidthSet) {
-			if (csa_params->ies_present_flag & lim_wbw_ie_present) {
+	if (session_entry->vhtCapability &&
+			session_entry->htSupportedChannelWidthSet) {
+		if (csa_params->ies_present_flag & lim_wbw_ie_present) {
+			lim_process_csa_wbw_ie(mac_ctx, csa_params,
+					chnl_switch_info, session_entry);
+			lim_ch_switch->sec_ch_offset =
+				csa_params->sec_chan_offset;
+		} else if (csa_params->ies_present_flag
+				& lim_xcsa_ie_present) {
+			chan_space =
+				cds_reg_dmn_get_chanwidth_from_opclass(
+						mac_ctx->scan.countryCodeCurrent,
+						csa_params->channel,
+						csa_params->new_op_class);
+			session_entry->gLimChannelSwitch.state =
+				eLIM_CHANNEL_SWITCH_PRIMARY_AND_SECONDARY;
+
+			if (chan_space == 80) {
+				chnl_switch_info->newChanWidth =
+					CH_WIDTH_80MHZ;
+			} else if (chan_space == 40) {
+				chnl_switch_info->newChanWidth =
+					CH_WIDTH_40MHZ;
+			} else {
 				chnl_switch_info->newChanWidth =
-					csa_params->new_ch_width;
-				chnl_switch_info->newCenterChanFreq0 =
-					csa_params->new_ch_freq_seg1;
-				chnl_switch_info->newCenterChanFreq1 =
-					csa_params->new_ch_freq_seg2;
-				session_entry->gLimChannelSwitch.state =
-				   eLIM_CHANNEL_SWITCH_PRIMARY_AND_SECONDARY;
-				session_entry->gLimChannelSwitch.ch_width =
-					csa_params->new_ch_width + 1;
-			} else if (csa_params->ies_present_flag
-			    & lim_xcsa_ie_present) {
-				chan_space =
-					cds_reg_dmn_get_chanwidth_from_opclass(
-					    mac_ctx->scan.countryCodeCurrent,
-					    csa_params->channel,
-					    csa_params->new_op_class);
-				session_entry->gLimChannelSwitch.state =
-				    eLIM_CHANNEL_SWITCH_PRIMARY_AND_SECONDARY;
-
-				if (chan_space == 80) {
-					chnl_switch_info->newChanWidth =
-								CH_WIDTH_80MHZ;
-				} else if (chan_space == 40) {
-					chnl_switch_info->newChanWidth =
-								CH_WIDTH_40MHZ;
-				} else {
-					chnl_switch_info->newChanWidth =
-								CH_WIDTH_20MHZ;
-					lim_ch_switch->state =
-					    eLIM_CHANNEL_SWITCH_PRIMARY_ONLY;
-				}
+					CH_WIDTH_20MHZ;
+				lim_ch_switch->state =
+					eLIM_CHANNEL_SWITCH_PRIMARY_ONLY;
+			}
 
+			ch_params.ch_width =
+				chnl_switch_info->newChanWidth;
+			cds_set_channel_params(csa_params->channel,
+					0, &ch_params);
+			chnl_switch_info->newCenterChanFreq0 =
+				ch_params.center_freq_seg0;
+			/*
+			 * This is not applicable for 20/40/80 MHz.
+			 * Only used when we support 80+80 MHz operation.
+			 * In case of 80+80 MHz, this parameter indicates
+			 * center channel frequency index of 80 MHz
+			 * channel offrequency segment 1.
+			 */
+			chnl_switch_info->newCenterChanFreq1 =
+				ch_params.center_freq_seg1;
+			lim_ch_switch->sec_ch_offset =
+				ch_params.sec_ch_offset;
+
+		}
+		session_entry->gLimChannelSwitch.ch_center_freq_seg0 =
+			chnl_switch_info->newCenterChanFreq0;
+		session_entry->gLimChannelSwitch.ch_center_freq_seg1 =
+			chnl_switch_info->newCenterChanFreq1;
+		session_entry->gLimChannelSwitch.ch_width =
+			chnl_switch_info->newChanWidth;
+
+	} else if (session_entry->htSupportedChannelWidthSet) {
+		if (csa_params->ies_present_flag
+				& lim_xcsa_ie_present) {
+			chan_space =
+				cds_reg_dmn_get_chanwidth_from_opclass(
+						mac_ctx->scan.countryCodeCurrent,
+						csa_params->channel,
+						csa_params->new_op_class);
+			lim_ch_switch->state =
+				eLIM_CHANNEL_SWITCH_PRIMARY_AND_SECONDARY;
+			if (chan_space == 40) {
+				lim_ch_switch->ch_width =
+					CH_WIDTH_40MHZ;
+				chnl_switch_info->newChanWidth =
+					CH_WIDTH_40MHZ;
 				ch_params.ch_width =
 					chnl_switch_info->newChanWidth;
-				cds_set_channel_params(csa_params->channel,
+				cds_set_channel_params(
+						csa_params->channel,
 						0, &ch_params);
-				chnl_switch_info->newCenterChanFreq0 =
+				lim_ch_switch->ch_center_freq_seg0 =
 					ch_params.center_freq_seg0;
-				/*
-				* This is not applicable for 20/40/80 MHz.
-				* Only used when we support 80+80 MHz operation.
-				* In case of 80+80 MHz, this parameter indicates
-				* center channel frequency index of 80 MHz
-				* channel offrequency segment 1.
-				*/
-				chnl_switch_info->newCenterChanFreq1 =
-					ch_params.center_freq_seg1;
 				lim_ch_switch->sec_ch_offset =
 					ch_params.sec_ch_offset;
-
-			}
-			session_entry->gLimChannelSwitch.ch_center_freq_seg0 =
-				chnl_switch_info->newCenterChanFreq0;
-			session_entry->gLimChannelSwitch.ch_center_freq_seg1 =
-				chnl_switch_info->newCenterChanFreq1;
-			session_entry->gLimChannelSwitch.ch_width =
-				chnl_switch_info->newChanWidth;
-
-		} else if (session_entry->htSupportedChannelWidthSet) {
-			if (csa_params->ies_present_flag
-			    & lim_xcsa_ie_present) {
-				chan_space =
-					cds_reg_dmn_get_chanwidth_from_opclass(
-					mac_ctx->scan.countryCodeCurrent,
-					csa_params->channel,
-					csa_params->new_op_class);
-				lim_ch_switch->state =
-				    eLIM_CHANNEL_SWITCH_PRIMARY_AND_SECONDARY;
-				if (chan_space == 40) {
-					lim_ch_switch->ch_width =
-								CH_WIDTH_40MHZ;
-					chnl_switch_info->newChanWidth =
-								CH_WIDTH_40MHZ;
-					ch_params.ch_width =
-						chnl_switch_info->newChanWidth;
-					cds_set_channel_params(
-							csa_params->channel,
-							0, &ch_params);
-					lim_ch_switch->ch_center_freq_seg0 =
-						ch_params.center_freq_seg0;
-					lim_ch_switch->sec_ch_offset =
-						ch_params.sec_ch_offset;
-				} else {
-					lim_ch_switch->ch_width =
-								CH_WIDTH_20MHZ;
-					chnl_switch_info->newChanWidth =
-								CH_WIDTH_40MHZ;
-					lim_ch_switch->state =
-					    eLIM_CHANNEL_SWITCH_PRIMARY_ONLY;
-					lim_ch_switch->sec_ch_offset =
-						PHY_SINGLE_CHANNEL_CENTERED;
-				}
 			} else {
 				lim_ch_switch->ch_width =
+					CH_WIDTH_20MHZ;
+				chnl_switch_info->newChanWidth =
 					CH_WIDTH_40MHZ;
 				lim_ch_switch->state =
-				     eLIM_CHANNEL_SWITCH_PRIMARY_AND_SECONDARY;
-				ch_params.ch_width = CH_WIDTH_40MHZ;
-				cds_set_channel_params(csa_params->channel,
-						0, &ch_params);
-				lim_ch_switch->ch_center_freq_seg0 =
-					ch_params.center_freq_seg0;
+					eLIM_CHANNEL_SWITCH_PRIMARY_ONLY;
 				lim_ch_switch->sec_ch_offset =
-					ch_params.sec_ch_offset;
+					PHY_SINGLE_CHANNEL_CENTERED;
 			}
-
+		} else {
+			lim_ch_switch->ch_width =
+				CH_WIDTH_40MHZ;
+			lim_ch_switch->state =
+				eLIM_CHANNEL_SWITCH_PRIMARY_AND_SECONDARY;
+			ch_params.ch_width = CH_WIDTH_40MHZ;
+			cds_set_channel_params(csa_params->channel,
+					0, &ch_params);
+			lim_ch_switch->ch_center_freq_seg0 =
+				ch_params.center_freq_seg0;
+			lim_ch_switch->sec_ch_offset =
+				ch_params.sec_ch_offset;
 		}
-		lim_log(mac_ctx, LOG1, FL("new ch width = %d space:%d"),
+
+	}
+	lim_log(mac_ctx, LOG1, FL("new ch width = %d space:%d"),
 			session_entry->gLimChannelSwitch.ch_width, chan_space);
 
-		lim_prepare_for11h_channel_switch(mac_ctx, session_entry);
-		csa_offload_ind = qdf_mem_malloc(sizeof(tSmeCsaOffloadInd));
-		if (NULL == csa_offload_ind) {
-			lim_log(mac_ctx, LOGE,
+	lim_prepare_for11h_channel_switch(mac_ctx, session_entry);
+	csa_offload_ind = qdf_mem_malloc(sizeof(tSmeCsaOffloadInd));
+	if (NULL == csa_offload_ind) {
+		lim_log(mac_ctx, LOGE,
 				FL("memalloc fail eWNI_SME_CSA_OFFLOAD_EVENT"));
-			goto err;
-		}
+		goto err;
+	}
 
-		qdf_mem_set(csa_offload_ind, sizeof(tSmeCsaOffloadInd), 0);
-		csa_offload_ind->mesgType = eWNI_SME_CSA_OFFLOAD_EVENT;
-		csa_offload_ind->mesgLen = sizeof(tSmeCsaOffloadInd);
-		qdf_mem_copy(csa_offload_ind->bssid.bytes, session_entry->bssId,
-				QDF_MAC_ADDR_SIZE);
-		mmh_msg.type = eWNI_SME_CSA_OFFLOAD_EVENT;
-		mmh_msg.bodyptr = csa_offload_ind;
-		mmh_msg.bodyval = 0;
-		lim_log(mac_ctx, LOG1,
+	csa_offload_ind->mesgType = eWNI_SME_CSA_OFFLOAD_EVENT;
+	csa_offload_ind->mesgLen = sizeof(tSmeCsaOffloadInd);
+	qdf_mem_copy(csa_offload_ind->bssid.bytes, session_entry->bssId,
+			QDF_MAC_ADDR_SIZE);
+	mmh_msg.type = eWNI_SME_CSA_OFFLOAD_EVENT;
+	mmh_msg.bodyptr = csa_offload_ind;
+	mmh_msg.bodyval = 0;
+	lim_log(mac_ctx, LOG1,
 			FL("Sending eWNI_SME_CSA_OFFLOAD_EVENT to SME."));
-		MTRACE(mac_trace_msg_tx
+	MTRACE(mac_trace_msg_tx
 			(mac_ctx, session_entry->peSessionId, mmh_msg.type));
 #ifdef FEATURE_WLAN_DIAG_SUPPORT
-		lim_diag_event_report(mac_ctx,
+	lim_diag_event_report(mac_ctx,
 			WLAN_PE_DIAG_SWITCH_CHL_IND_EVENT, session_entry,
 			eSIR_SUCCESS, eSIR_SUCCESS);
 #endif
-		lim_sys_process_mmh_msg_api(mac_ctx, &mmh_msg, ePROT);
-	}
+	lim_sys_process_mmh_msg_api(mac_ctx, &mmh_msg, ePROT);
 
 err:
 	qdf_mem_free(csa_params);
@@ -2275,7 +2332,6 @@ void lim_send_sme_max_assoc_exceeded_ntf(tpAniSirGlobal pMac, tSirMacAddr peerMa
 		PELOGE(lim_log(pMac, LOGE, FL("Failed to allocate memory"));)
 		return;
 	}
-	qdf_mem_set((void *)pSmeMaxAssocInd, sizeof(tSmeMaxAssocInd), 0);
 	qdf_mem_copy((uint8_t *) pSmeMaxAssocInd->peer_mac.bytes,
 		     (uint8_t *) peerMacAddr, QDF_MAC_ADDR_SIZE);
 	pSmeMaxAssocInd->mesgType = eWNI_SME_MAX_ASSOC_EXCEEDED;
@@ -2378,9 +2434,6 @@ lim_send_sme_ap_channel_switch_resp(tpAniSirGlobal pMac,
 		return;
 	}
 
-	qdf_mem_set((void *)pSmeSwithChnlParams,
-		    sizeof(tSwitchChannelParams), 0);
-
 	qdf_mem_copy(pSmeSwithChnlParams, pChnlParams,
 		     sizeof(tSwitchChannelParams));
 
@@ -2501,7 +2554,6 @@ lim_process_beacon_tx_success_ind(tpAniSirGlobal pMac, uint16_t msgType, void *e
 				return;
 			}
 
-			qdf_mem_set((void *)pChanSwTxResponse, length, 0);
 			pChanSwTxResponse->sessionId =
 				psessionEntry->smeSessionId;
 			pChanSwTxResponse->chanSwIeTxStatus =
@@ -2526,8 +2578,6 @@ lim_process_beacon_tx_success_ind(tpAniSirGlobal pMac, uint16_t msgType, void *e
 				("AllocateMemory failed for beacon_tx_comp_rsp_ptr"));
 			return;
 		}
-		qdf_mem_set((void *)beacon_tx_comp_rsp_ptr,
-					sizeof(*beacon_tx_comp_rsp_ptr), 0);
 		beacon_tx_comp_rsp_ptr->session_id =
 			psessionEntry->smeSessionId;
 		beacon_tx_comp_rsp_ptr->tx_status = QDF_STATUS_SUCCESS;

core/mac/src/pe/lim/lim_session.c

@@ -314,9 +314,6 @@ pe_create_session(tpAniSirGlobal pMac, uint8_t *bssid, uint8_t *sessionId,
 		session_ptr->dph.dphHashTable.pDphNodeArray = NULL;
 		return NULL;
 	}
-	qdf_mem_set(session_ptr->gpLimPeerIdxpool,
-		    sizeof(*session_ptr->gpLimPeerIdxpool) * (numSta + 1),
-		    0);
 	session_ptr->freePeerIdxHead = 0;
 	session_ptr->freePeerIdxTail = 0;
 	session_ptr->gLimNumOfCurrentSTAs = 0;

core/mac/src/pe/lim/lim_timer_utils.c

@@ -310,8 +310,6 @@ uint32_t lim_create_timers(tpAniSirGlobal pMac)
 		lim_log(pMac, LOGP, FL("AllocateMemory failed!"));
 		goto err_timer;
 	}
-	qdf_mem_zero(pMac->lim.gLimPreAuthTimerTable.pTable,
-		     cfgValue * sizeof(tLimPreAuthNode *));
 
 	for (i = 0; i < cfgValue; i++) {
 		pMac->lim.gLimPreAuthTimerTable.pTable[i] =

core/mac/src/pe/lim/lim_utils.c

@@ -4961,8 +4961,6 @@ void lim_process_del_ts_ind(tpAniSirGlobal pMac, tpSirMsgQ limMsg)
 		goto error1;
 	}
 
-	qdf_mem_set((uint8_t *) pDelTsReq, sizeof(tSirDeltsReq), 0);
-
 	if (pSta->wmeEnabled)
 		qdf_mem_copy(&(pDelTsReq->req.tspec), &(pTspecInfo->tspec),
 			     sizeof(tSirMacTspecIE));
@@ -4993,7 +4991,6 @@ void lim_process_del_ts_ind(tpAniSirGlobal pMac, tpSirMsgQ limMsg)
 		PELOGE(lim_log(pMac, LOGE, FL("AllocateMemory() failed"));)
 		goto error3;
 	}
-	qdf_mem_set((uint8_t *) pDelTsReqInfo, sizeof(tSirDeltsReqInfo), 0);
 
 	if (pSta->wmeEnabled)
 		qdf_mem_copy(&(pDelTsReqInfo->tspec), &(pTspecInfo->tspec),
@@ -5248,7 +5245,6 @@ void lim_frame_transmission_control(tpAniSirGlobal pMac, tLimQuietTxMode type,
 		return;
 	}
 
-	qdf_mem_set((void *)pTxCtrlMsg, (sizeof(*pTxCtrlMsg) + nBytes), 0);
 	status = __lim_fill_tx_control_params(pMac, pTxCtrlMsg, type, mode);
 	if (status != QDF_STATUS_SUCCESS) {
 		qdf_mem_free(pTxCtrlMsg);

core/mac/src/pe/lim/lim_utils.h

@@ -64,6 +64,9 @@ typedef enum {
 #define VHT_MCS_3x3_MASK    0x30
 #define VHT_MCS_2x2_MASK    0x0C
 
+#define CENTER_FREQ_DIFF_160MHz 8
+#define CENTER_FREQ_DIFF_80P80MHz 16
+
 #define IS_VHT_NSS_1x1(__mcs_map)	((__mcs_map & 0xFFFC) == 0xFFFC)
 
 #ifdef WLAN_FEATURE_11W

core/mac/src/pe/nan/nan_datapath.c

@@ -286,7 +286,6 @@ static void lim_ndp_delete_peers(tpAniSirGlobal mac_ctx,
 		return;
 	}
 
-	qdf_mem_zero(deleted_peers, num_peers * sizeof(*deleted_peers));
 	for (i = 0; i < num_peers; i++) {
 		lim_log(mac_ctx, LOG1,
 			FL("ndp_map[%d]: MAC: " MAC_ADDRESS_STR " num_active %d"),

core/mac/src/pe/rrm/rrm_api.c

@@ -386,7 +386,6 @@ rrm_process_neighbor_report_response(tpAniSirGlobal pMac,
 		return eSIR_MEM_ALLOC_FAILED;
 
 	}
-	qdf_mem_set(pSmeNeighborRpt, length, 0);
 
 	/* Allocated memory for pSmeNeighborRpt...will be freed by other module */
 
@@ -641,8 +640,6 @@ rrm_process_beacon_report_req(tpAniSirGlobal pMac,
 
 	}
 
-	qdf_mem_set(pSmeBcnReportReq, sizeof(tSirBeaconReportReqInd), 0);
-
 	/* Allocated memory for pSmeBcnReportReq....will be freed by other modulea */
 	qdf_mem_copy(pSmeBcnReportReq->bssId, pSessionEntry->bssId,
 		     sizeof(tSirMacAddr));
@@ -838,9 +835,6 @@ rrm_process_beacon_report_xmit(tpAniSirGlobal mac_ctx,
 			return eSIR_MEM_ALLOC_FAILED;
 		}
 
-		qdf_mem_zero(report, beacon_xmit_ind->numBssDesc *
-			sizeof(*report));
-
 		for (bss_desc_count = 0; bss_desc_count <
 		     beacon_xmit_ind->numBssDesc; bss_desc_count++) {
 			beacon_report =
@@ -956,7 +950,6 @@ static void rrm_process_beacon_request_failure(tpAniSirGlobal pMac,
 				("Unable to allocate memory during RRM Req processing"));
 		return;
 	}
-	qdf_mem_set(pReport, sizeof(tSirMacRadioMeasureReport), 0);
 	pReport->token = pCurrentReq->token;
 	pReport->type = SIR_MAC_RRM_BEACON_TYPE;
 
@@ -1023,8 +1016,6 @@ tSirRetStatus rrm_process_beacon_req(tpAniSirGlobal mac_ctx, tSirMacAddr peer,
 					FL("Unable to allocate memory during RRM Req processing"));
 				return eSIR_MEM_ALLOC_FAILED;
 			}
-			qdf_mem_set(report, sizeof(*report) *
-				(rrm_req->num_MeasurementRequest - index), 0);
 			lim_log(mac_ctx, LOG3,
 				FL("rrm beacon type refused of %d report in beacon table"),
 				*num_report);
@@ -1044,7 +1035,6 @@ tSirRetStatus rrm_process_beacon_req(tpAniSirGlobal mac_ctx, tSirMacAddr peer,
 			return eSIR_MEM_ALLOC_FAILED;
 		}
 		lim_log(mac_ctx, LOG3, FL(" Processing Beacon Report request"));
-		qdf_mem_set(curr_req, sizeof(*curr_req), 0);
 		curr_req->dialog_token = rrm_req->DialogToken.token;
 		curr_req->token = rrm_req->
 				  MeasurementRequest[index].measurement_token;
@@ -1090,8 +1080,6 @@ tSirRetStatus update_rrm_report(tpAniSirGlobal mac_ctx,
 			lim_log(mac_ctx, LOGP, FL("Unable to allocate memory during RRM Req processing"));
 			return eSIR_MEM_ALLOC_FAILED;
 		}
-		qdf_mem_set(report, sizeof(*report) *
-			(rrm_req->num_MeasurementRequest - index), 0);
 		lim_log(mac_ctx, LOG3, FL("rrm beacon type incapable of %d report "),
 			*num_report);
 	}
@@ -1134,7 +1122,6 @@ rrm_process_radio_measurement_request(tpAniSirGlobal mac_ctx,
 			lim_log(mac_ctx, LOGP, FL("Unable to allocate memory during RRM Req processing"));
 			return eSIR_MEM_ALLOC_FAILED;
 		}
-		qdf_mem_set(report, sizeof(tSirMacRadioMeasureReport), 0);
 		lim_log(mac_ctx, LOGE, FL("No requestIes in the measurement request, sending incapable report"));
 		report->incapable = 1;
 		num_report = 1;
@@ -1157,7 +1144,6 @@ rrm_process_radio_measurement_request(tpAniSirGlobal mac_ctx,
 			lim_log(mac_ctx, LOGP, FL("Unable to allocate memory during RRM Req processing"));
 			return eSIR_MEM_ALLOC_FAILED;
 		}
-		qdf_mem_set(report, sizeof(tSirMacRadioMeasureReport), 0);
 		lim_log(mac_ctx, LOGE, FL("Allocated memory for report"));
 		report->incapable = 1;
 		report->type = rrm_req->MeasurementRequest[0].measurement_type;

core/mac/src/pe/sch/sch_api.c

@@ -597,7 +597,6 @@ int sch_gen_timing_advert_frame(tpAniSirGlobal mac_ctx, tSirMacAddr self_addr,
 		sch_log(mac_ctx, LOGE, FL("Cannot allocate memory"));
 		return eSIR_FAILURE;
 	}
-	qdf_mem_zero(*buf, buf_size);
 
 	payload_size = 0;
 	status = dot11f_pack_timing_advertisement_frame(mac_ctx, &frame,

core/mac/src/pe/sch/sch_beacon_gen.c

@@ -219,9 +219,6 @@ sch_set_fixed_beacon_fields(tpAniSirGlobal mac_ctx, tpPESession session)
 	mac->fc.fromDS = 0;
 	mac->fc.toDS = 0;
 
-	/* Now set the beacon body */
-	qdf_mem_set((uint8_t *) bcn_1, sizeof(tDot11fBeacon1), 0);
-
 	/* Skip over the timestamp (it'll be updated later). */
 	bcn_1->BeaconInterval.interval =
 		session->beaconParams.beaconInterval;
@@ -279,8 +276,6 @@ sch_set_fixed_beacon_fields(tpAniSirGlobal mac_ctx, tpPESession session)
 			FL("Warnings while packing a tDot11fBeacon1(0x%08x.)."),
 			n_status);
 	}
-	/*changed  to correct beacon corruption */
-	qdf_mem_set((uint8_t *) bcn_2, sizeof(tDot11fBeacon2), 0);
 	session->schBeaconOffsetBegin = offset + (uint16_t) n_bytes;
 	sch_log(mac_ctx, LOG1, FL("Initialized beacon begin, offset %d"),
 		offset);

core/mac/src/sys/legacy/src/system/src/mac_init_api.c

@@ -124,9 +124,6 @@ tSirRetStatus mac_open(tHalHandle *pHalHandle, tHddHandle hHdd,
 	if (NULL == p_mac)
 		return eSIR_MEM_ALLOC_FAILED;
 
-	/* Initialize the p_mac structure */
-	qdf_mem_set(p_mac, sizeof(tAniSirGlobal), 0);
-
 	/*
 	 * Set various global fields of p_mac here
 	 * (Could be platform dependant as some variables in p_mac are platform

core/mac/src/sys/legacy/src/utils/src/parser_api.c

@@ -2327,8 +2327,6 @@ tSirRetStatus sir_convert_probe_frame2_struct(tpAniSirGlobal pMac,
 		return eSIR_MEM_ALLOC_FAILED;
 	}
 
-	qdf_mem_set((uint8_t *) pr, sizeof(tDot11fProbeResponse), 0);
-
 	/* delegate to the framesc-generated code, */
 	status = dot11f_unpack_probe_response(pMac, pFrame, nFrame, pr);
 	if (DOT11F_FAILED(status)) {
@@ -2624,7 +2622,6 @@ sir_convert_assoc_req_frame2_struct(tpAniSirGlobal pMac,
 	}
 	/* Zero-init our [out] parameter, */
 	qdf_mem_set((uint8_t *) pAssocReq, sizeof(tSirAssocReq), 0);
-	qdf_mem_set((uint8_t *) ar, sizeof(tDot11fAssocRequest), 0);
 
 	/* delegate to the framesc-generated code, */
 	status = dot11f_unpack_assoc_request(pMac, pFrame, nFrame, ar);
@@ -3829,8 +3826,6 @@ sir_convert_beacon_frame2_struct(tpAniSirGlobal pMac,
 		return eSIR_MEM_ALLOC_FAILED;
 	}
 
-	qdf_mem_set((uint8_t *) pBeacon, sizeof(tDot11fBeacon), 0);
-
 	/* get the MAC address out of the BD, */
 	qdf_mem_copy(pBeaconStruct->bssid, pHdr->sa, 6);
 

core/sap/dfs/src/dfs_phyerr_tlv.c

@@ -754,13 +754,15 @@ tlv_calc_event_freq_chirp(struct ath_dfs *dfs, struct rx_radar_status *rs,
 
 	DFS_DPRINTK(dfs, ATH_DEBUG_DFS_PHYERR | ATH_DEBUG_DFS_PHYERR_SUM,
 		    "%s: delta_peak=%d, pulse_duration=%d, bin_resolution=%d.%dKHz, "
-		    "radar_fft_long_period=%d, total_bw=%d.%ldKHz",
+		    "radar_fft_long_period=%d, total_bw=%d.%dKHz",
 		    __func__,
 		    delta_peak,
 		    pulse_duration,
 		    bin_resolution / 1000,
 		    bin_resolution % 1000,
-		    radar_fft_long_period, total_bw / 100, abs(total_bw % 100));
+		    radar_fft_long_period,
+		    total_bw / 100,
+		    (int)abs(total_bw % 100));
 
 	total_bw /= 100;        /* back to KHz */
 

core/sap/src/sap_api_link_cntl.c

@@ -1239,13 +1239,18 @@ wlansap_roam_callback(void *ctx, tCsrRoamInfo *csr_roam_info, uint32_t roamId,
 						csr_roam_info, &qdf_ret_status);
 		break;
 	case eCSR_ROAM_RESULT_CHANNEL_CHANGE_FAILURE:
-		/*
-		 * This is much more serious issue, we have to vacate the
+		/* This is much more serious issue, we have to vacate the
 		 * channel due to the presence of radar but our channel change
 		 * failed, stop the BSS operation completely and inform hostapd
 		 */
-		sap_ctx->sapsMachine = eSAP_DISCONNECTED;
-		/* Inform cfg80211 and hostapd that BSS is not alive anymore */
+		sap_event.event = eWNI_SME_CHANNEL_CHANGE_RSP;
+		sap_event.params = 0;
+		sap_event.u1 = eCSR_ROAM_INFRA_IND;
+		sap_event.u2 = eCSR_ROAM_RESULT_CHANNEL_CHANGE_FAILURE;
+
+		qdf_status = sap_fsm(sap_ctx, &sap_event);
+		if (!QDF_IS_STATUS_SUCCESS(qdf_status))
+			qdf_ret_status = QDF_STATUS_E_FAILURE;
 		break;
 	case eCSR_ROAM_EXT_CHG_CHNL_UPDATE_IND:
 		qdf_status = sap_signal_hdd_event(sap_ctx, csr_roam_info,

core/sap/src/sap_ch_select.c

@@ -574,9 +574,6 @@ static bool sap_chan_sel_init(tHalHandle halHandle,
 		return eSAP_FALSE;
 	}
 
-	qdf_mem_zero(pSpectCh,
-		     (pSpectInfoParams->numSpectChans) * sizeof(*pSpectCh));
-
 	/* Initialize the pointers in the DfsParams to the allocated memory */
 	pSpectInfoParams->pSpectCh = pSpectCh;
 
@@ -1882,6 +1879,7 @@ static bool sap_filter_over_lap_ch(ptSapContext pSapCtx, uint16_t chNum)
 	return eSAP_FALSE;
 }
 
+#ifdef FEATURE_WLAN_CH_AVOID
 /**
  * sap_select_channel_no_scan_result() - select SAP channel when no scan results
  * are available.
@@ -1890,26 +1888,17 @@ static bool sap_filter_over_lap_ch(ptSapContext pSapCtx, uint16_t chNum)
  * Returns: channel number if success, 0 otherwise
  */
 static uint8_t sap_select_channel_no_scan_result(tHalHandle hal,
-						ptSapContext sap_ctx)
+						 ptSapContext sap_ctx)
 {
-	uint32_t start_ch_num, end_ch_num;
-#ifdef FEATURE_WLAN_CH_AVOID
 	enum channel_state ch_type;
 	uint8_t i, first_safe_ch_in_range = SAP_CHANNEL_NOT_SELECTED;
-#endif
 	uint32_t dfs_master_cap_enabled;
-	start_ch_num = sap_ctx->acs_cfg->start_ch;
-	end_ch_num = sap_ctx->acs_cfg->end_ch;
+	uint32_t start_ch_num = sap_ctx->acs_cfg->start_ch;
+	uint32_t end_ch_num = sap_ctx->acs_cfg->end_ch;
 
 	QDF_TRACE(QDF_MODULE_ID_SAP, QDF_TRACE_LEVEL_INFO_HIGH,
 		  FL("start - end: %d - %d"), start_ch_num, end_ch_num);
 
-#ifndef FEATURE_WLAN_CH_AVOID
-	sap_ctx->acs_cfg->pri_ch = start_ch_num;
-	sap_ctx->acs_cfg->ht_sec_ch = 0;
-	/* pick the first channel in configured range */
-	return start_ch_num;
-#else
 	sme_cfg_get_int(hal, WNI_CFG_DFS_MASTER_ENABLED,
 				&dfs_master_cap_enabled);
 
@@ -1965,8 +1954,25 @@ static uint8_t sap_select_channel_no_scan_result(tHalHandle hal,
 
 	/* if no channel selected return SAP_CHANNEL_NOT_SELECTED */
 	return first_safe_ch_in_range;
-#endif /* !FEATURE_WLAN_CH_AVOID */
 }
+#else
+static uint8_t sap_select_channel_no_scan_result(tHalHandle hal,
+						 ptSapContext sap_ctx)
+{
+	uint32_t start_ch_num = sap_ctx->acs_cfg->start_ch;
+
+	QDF_TRACE(QDF_MODULE_ID_SAP, QDF_TRACE_LEVEL_INFO_HIGH,
+		  FL("start - end: %d - %d"),
+		  start_ch_num,
+		  sap_ctx->acs_cfg->end_ch);
+
+	sap_ctx->acs_cfg->pri_ch = start_ch_num;
+	sap_ctx->acs_cfg->ht_sec_ch = 0;
+
+	/* pick the first channel in configured range */
+	return start_ch_num;
+}
+#endif /* FEATURE_WLAN_CH_AVOID */
 
 /**
  * sap_select_channel() - select SAP channel

core/sap/src/sap_fsm.c

@@ -298,6 +298,19 @@ tSapChanMatrixInfo ht80_chan[] = {
 	  {132, SAP_TX_LEAKAGE_MIN}, {136, SAP_TX_LEAKAGE_MIN},
 	  {144, SAP_TX_LEAKAGE_MIN}
 	  } },
+
+	{144,
+	 {{36, SAP_TX_LEAKAGE_MAX}, {40, SAP_TX_LEAKAGE_MAX},
+	  {44, SAP_TX_LEAKAGE_MAX}, {48, SAP_TX_LEAKAGE_MAX},
+	  {52, SAP_TX_LEAKAGE_MAX}, {56, SAP_TX_LEAKAGE_MAX},
+	  {60, SAP_TX_LEAKAGE_MIN}, {64, SAP_TX_LEAKAGE_MIN},
+	  {100, SAP_TX_LEAKAGE_MIN}, {104, SAP_TX_LEAKAGE_MIN},
+	  {108, SAP_TX_LEAKAGE_MIN}, {112, SAP_TX_LEAKAGE_MIN},
+	  {116, SAP_TX_LEAKAGE_MIN}, {120, SAP_TX_LEAKAGE_MIN},
+	  {124, SAP_TX_LEAKAGE_MIN}, {128, SAP_TX_LEAKAGE_MIN},
+	  {132, SAP_TX_LEAKAGE_MIN}, {136, SAP_TX_LEAKAGE_MIN},
+	  {144, SAP_TX_LEAKAGE_MIN}
+	  } },
 };
 
 /* channel tx leakage table - ht40 */
@@ -512,6 +525,19 @@ tSapChanMatrixInfo ht40_chan[] = {
 	  {144, SAP_TX_LEAKAGE_MIN}
 	  } },
 
+	{144,
+	 {{36, 695}, {40, 695},
+	  {44, 684}, {48, 684},
+	  {52, 664}, {56, 664},
+	  {60, 658}, {64, 658},
+	  {100, 601}, {104, 601},
+	  {108, 545}, {112, 545},
+	  {116, SAP_TX_LEAKAGE_AUTO_MIN}, {120, SAP_TX_LEAKAGE_AUTO_MIN},
+	  {124, SAP_TX_LEAKAGE_AUTO_MIN}, {128, SAP_TX_LEAKAGE_AUTO_MIN},
+	  {132, 262}, {136, 262},
+	  {140, SAP_TX_LEAKAGE_MIN},
+	  {144, SAP_TX_LEAKAGE_MIN}
+	  } },
 };
 
 /* channel tx leakage table - ht20 */
@@ -725,6 +751,20 @@ tSapChanMatrixInfo ht20_chan[] = {
 	  {140, SAP_TX_LEAKAGE_MIN},
 	  {144, SAP_TX_LEAKAGE_MIN}
 	  } },
+
+	{144,
+	 {{36, 679}, {40, 673},
+	  {44, 667}, {48, 656},
+	  {52, 634}, {56, 663},
+	  {60, 662}, {64, 660},
+	  {100, SAP_TX_LEAKAGE_MAX}, {104, SAP_TX_LEAKAGE_MAX},
+	  {108, SAP_TX_LEAKAGE_MAX}, {112, 590},
+	  {116, 573}, {120, 553},
+	  {124, 533}, {128, 513},
+	  {132, 490}, {136, SAP_TX_LEAKAGE_MIN},
+	  {140, SAP_TX_LEAKAGE_MIN},
+	  {144, SAP_TX_LEAKAGE_MIN}
+	  } },
 };
 #endif /* WLAN_ENABLE_CHNL_MATRIX_RESTRICTION */
 
@@ -1595,7 +1635,7 @@ static uint8_t sap_random_channel_sel(ptSapContext sap_ctx)
 	/* ch list after invalidating channels leaking into NOL */
 	uint8_t *leakage_adjusted_lst;
 	/* final list of channel from which random channel will be selected */
-	uint8_t final_lst[WNI_CFG_VALID_CHANNEL_LIST_LEN] = {0};
+	uint8_t final_lst[QDF_MAX_NUM_CHAN] = {0};
 	tAll5GChannelList *all_ch = &sap_ctx->SapAllChnlList;
 	tHalHandle hal = CDS_GET_HAL_CB(sap_ctx->p_cds_gctx);
 	tpAniSirGlobal mac_ctx;
@@ -2693,6 +2733,11 @@ QDF_STATUS sap_signal_hdd_event(ptSapContext sap_ctx,
 
 	switch (sap_hddevent) {
 	case eSAP_STA_ASSOC_IND:
+		if (!csr_roaminfo) {
+			QDF_TRACE(QDF_MODULE_ID_SAP, QDF_TRACE_LEVEL_ERROR,
+				  FL("Invalid CSR Roam Info"));
+			return QDF_STATUS_E_INVAL;
+		}
 		/*  TODO - Indicate the assoc request indication to OS */
 		sap_ap_event.sapHddEventCode = eSAP_STA_ASSOC_IND;
 		assoc_ind = &sap_ap_event.sapevt.sapAssocIndication;
@@ -2772,6 +2817,12 @@ QDF_STATUS sap_signal_hdd_event(ptSapContext sap_ctx,
 
 	case eSAP_STA_ASSOC_EVENT:
 	case eSAP_STA_REASSOC_EVENT:
+
+		if (!csr_roaminfo) {
+			QDF_TRACE(QDF_MODULE_ID_SAP, QDF_TRACE_LEVEL_ERROR,
+				  FL("Invalid CSR Roam Info"));
+			return QDF_STATUS_E_INVAL;
+		}
 		reassoc_complete =
 		    &sap_ap_event.sapevt.sapStationAssocReassocCompleteEvent;
 
@@ -2828,6 +2879,12 @@ QDF_STATUS sap_signal_hdd_event(ptSapContext sap_ctx,
 		break;
 
 	case eSAP_STA_DISASSOC_EVENT:
+
+		if (!csr_roaminfo) {
+			QDF_TRACE(QDF_MODULE_ID_SAP, QDF_TRACE_LEVEL_ERROR,
+				  FL("Invalid CSR Roam Info"));
+			return QDF_STATUS_E_INVAL;
+		}
 		sap_ap_event.sapHddEventCode = eSAP_STA_DISASSOC_EVENT;
 		disassoc_comp =
 			&sap_ap_event.sapevt.sapStationDisassocCompleteEvent;
@@ -2845,6 +2902,12 @@ QDF_STATUS sap_signal_hdd_event(ptSapContext sap_ctx,
 		break;
 
 	case eSAP_STA_SET_KEY_EVENT:
+
+		if (!csr_roaminfo) {
+			QDF_TRACE(QDF_MODULE_ID_SAP, QDF_TRACE_LEVEL_ERROR,
+				  FL("Invalid CSR Roam Info"));
+			return QDF_STATUS_E_INVAL;
+		}
 		sap_ap_event.sapHddEventCode = eSAP_STA_SET_KEY_EVENT;
 		key_complete =
 			&sap_ap_event.sapevt.sapStationSetKeyCompleteEvent;
@@ -2854,6 +2917,12 @@ QDF_STATUS sap_signal_hdd_event(ptSapContext sap_ctx,
 		break;
 
 	case eSAP_STA_MIC_FAILURE_EVENT:
+
+		if (!csr_roaminfo) {
+			QDF_TRACE(QDF_MODULE_ID_SAP, QDF_TRACE_LEVEL_ERROR,
+				  FL("Invalid CSR Roam Info"));
+			return QDF_STATUS_E_INVAL;
+		}
 		sap_ap_event.sapHddEventCode = eSAP_STA_MIC_FAILURE_EVENT;
 		mic_failure = &sap_ap_event.sapevt.sapStationMICFailureEvent;
 
@@ -2879,6 +2948,12 @@ QDF_STATUS sap_signal_hdd_event(ptSapContext sap_ctx,
 		break;
 
 	case eSAP_WPS_PBC_PROBE_REQ_EVENT:
+
+		if (!csr_roaminfo) {
+			QDF_TRACE(QDF_MODULE_ID_SAP, QDF_TRACE_LEVEL_ERROR,
+				  FL("Invalid CSR Roam Info"));
+			return QDF_STATUS_E_INVAL;
+		}
 		sap_ap_event.sapHddEventCode = eSAP_WPS_PBC_PROBE_REQ_EVENT;
 
 		qdf_mem_copy(&sap_ap_event.sapevt.sapPBCProbeReqEvent.
@@ -2912,6 +2987,12 @@ QDF_STATUS sap_signal_hdd_event(ptSapContext sap_ctx,
 		break;
 
 	case eSAP_MAX_ASSOC_EXCEEDED:
+
+		if (!csr_roaminfo) {
+			QDF_TRACE(QDF_MODULE_ID_SAP, QDF_TRACE_LEVEL_ERROR,
+				  FL("Invalid CSR Roam Info"));
+			return QDF_STATUS_E_INVAL;
+		}
 		sap_ap_event.sapHddEventCode = eSAP_MAX_ASSOC_EXCEEDED;
 		qdf_copy_macaddr(&sap_ap_event.sapevt.
 				 sapMaxAssocExceeded.macaddr,
@@ -2960,6 +3041,12 @@ QDF_STATUS sap_signal_hdd_event(ptSapContext sap_ctx,
 			(&mac_ctx->sap.SapDfsInfo.sapDfsChannelNolList[0]);
 		break;
 	case eSAP_ECSA_CHANGE_CHAN_IND:
+
+		if (!csr_roaminfo) {
+			QDF_TRACE(QDF_MODULE_ID_SAP, QDF_TRACE_LEVEL_ERROR,
+				  FL("Invalid CSR Roam Info"));
+			return QDF_STATUS_E_INVAL;
+		}
 		QDF_TRACE(QDF_MODULE_ID_SAP, QDF_TRACE_LEVEL_INFO_HIGH,
 				"In %s, SAP event callback event = %s",
 				__func__, "eSAP_ECSA_CHANGE_CHAN_IND");
@@ -3970,6 +4057,12 @@ static QDF_STATUS sap_fsm_state_disconnecting(ptSapContext sap_ctx,
 
 		QDF_TRACE(QDF_MODULE_ID_SAP, QDF_TRACE_LEVEL_INFO,
 			  FL("Sending DFS eWNI_SME_CHANNEL_CHANGE_REQ"));
+	} else if (msg == eWNI_SME_CHANNEL_CHANGE_RSP) {
+		QDF_TRACE(QDF_MODULE_ID_SAP, QDF_TRACE_LEVEL_INFO,
+			  FL("in state %s, event msg %d result %d"),
+			  "eSAP_DISCONNECTING ", msg, sap_event->u2);
+		if (sap_event->u2 == eCSR_ROAM_RESULT_CHANNEL_CHANGE_FAILURE)
+			qdf_status = sap_goto_disconnecting(sap_ctx);
 	} else {
 		QDF_TRACE(QDF_MODULE_ID_SAP, QDF_TRACE_LEVEL_ERROR,
 			  FL("in state %s, invalid event msg %d"),
@@ -4460,7 +4553,7 @@ static QDF_STATUS sap_get_channel_list(ptSapContext sap_ctx,
 	uint8_t end_ch_num, band_end_ch;
 	uint32_t en_lte_coex;
 	tHalHandle hal = CDS_GET_HAL_CB(sap_ctx->p_cds_gctx);
-#if defined(FEATURE_WLAN_CH_AVOID) || defined(SOFTAP_CHANNEL_RANGE)
+#ifdef FEATURE_WLAN_CH_AVOID
 	uint8_t i;
 #endif
 	tpAniSirGlobal mac_ctx = PMAC_STRUCT(hal);
@@ -4640,10 +4733,15 @@ static QDF_STATUS sap_get_5ghz_channel_list(ptSapContext sapContext)
 			  " Memory Allocation failed sap_get_channel_list");
 		return QDF_STATUS_E_NOMEM;
 	}
-
-	status = cds_get_pcl_for_existing_conn(CDS_SAP_MODE,
-			pcl.pcl_list, &pcl.pcl_len,
-			pcl.weight_list, QDF_ARRAY_SIZE(pcl.weight_list));
+	if (cds_mode_specific_connection_count(CDS_SAP_MODE, NULL) == 0) {
+		status = cds_get_pcl(CDS_SAP_MODE,
+				pcl.pcl_list, &pcl.pcl_len, pcl.weight_list,
+				QDF_ARRAY_SIZE(pcl.weight_list));
+	} else  {
+		status = cds_get_pcl_for_existing_conn(CDS_SAP_MODE,
+				pcl.pcl_list, &pcl.pcl_len, pcl.weight_list,
+				QDF_ARRAY_SIZE(pcl.weight_list));
+	}
 	if (status != QDF_STATUS_SUCCESS) {
 		cds_err("Get PCL failed");
 		return status;

core/sme/inc/csr_api.h

@@ -1756,5 +1756,6 @@ static inline void csr_roam_fill_tdls_info(tpAniSirGlobal mac_ctx, tCsrRoamInfo
 				tpSirSmeJoinRsp join_rsp)
 {}
 #endif
+void csr_packetdump_timer_stop(void);
 
 #endif

core/sme/inc/csr_internal.h

@@ -1046,6 +1046,7 @@ typedef struct tagCsrRoamStruct {
 	uint32_t deauthRspStatus;
 	uint8_t *pReassocResp;          /* reassociation response from new AP */
 	uint16_t reassocRespLen;        /* length of reassociation response */
+	qdf_mc_timer_t packetdump_timer;
 } tCsrRoamStruct;
 
 #define GET_NEXT_ROAM_ID(pRoamStruct)  (((pRoamStruct)->nextRoamId + 1 == 0) ? \

core/sme/inc/sme_api.h

@@ -1277,6 +1277,7 @@ QDF_STATUS sme_set_default_scan_ie(tHalHandle hal, uint16_t session_id,
 QDF_STATUS sme_update_session_param(tHalHandle hal, uint8_t session_id,
 		uint32_t param_type, uint32_t param_val);
 
+#ifdef WLAN_FEATURE_DISA
 /**
  * sme_encrypt_decrypt_msg_register_callback() - Registers
  * encrypt/decrypt message callback
@@ -1315,6 +1316,7 @@ QDF_STATUS sme_encrypt_decrypt_msg_deregister_callback(tHalHandle h_hal);
  */
 QDF_STATUS sme_encrypt_decrypt_msg(tHalHandle hal,
 	struct encrypt_decrypt_req_params *encrypt_decrypt_params);
+#endif
 
 /**
  * sme_set_cts2self_for_p2p_go() - sme function to set ini parms to FW.

core/sme/src/common/sme_api.c

@@ -352,7 +352,6 @@ static QDF_STATUS init_sme_cmd_list(tpAniSirGlobal pMac)
 	}
 
 	status = QDF_STATUS_SUCCESS;
-	qdf_mem_set(pMac->sme.pSmeCmdBufAddr, sme_cmd_ptr_ary_sz, 0);
 	for (cmd_idx = 0; cmd_idx < pMac->sme.totalSmeCmd; cmd_idx++) {
 		/*
 		 * Since total size of all commands together can be huge chunk
@@ -1018,6 +1017,15 @@ sme_process_cmd:
 			  pCommand->command);
 		csr_ll_unlock(&pMac->sme.smeCmdActiveList);
 		status = csr_tdls_process_cmd(pMac, pCommand);
+		if (!QDF_IS_STATUS_SUCCESS(status)) {
+			if (csr_ll_remove_entry(&pMac->sme.smeCmdActiveList,
+						&pCommand->Link,
+						LL_ACCESS_LOCK)) {
+				qdf_mem_zero(&pCommand->u.tdlsCmd,
+					     sizeof(tTdlsCmd));
+				csr_release_command(pMac, pCommand);
+			}
+		}
 		break;
 #endif
 	case e_sme_command_set_hw_mode:
@@ -2249,7 +2257,6 @@ QDF_STATUS sme_set_ese_beacon_request(tHalHandle hHal, const uint8_t sessionId,
 	pSmeRrmContext->eseBcnReqInProgress = true;
 
 	sms_log(pMac, LOGE, "Sending Beacon Report Req to SME");
-	qdf_mem_zero(pSmeBcnReportReq, sizeof(tSirBeaconReportReqInd));
 
 	pSmeBcnReportReq->messageType = eWNI_SME_BEACON_REPORT_REQ_IND;
 	pSmeBcnReportReq->length = sizeof(tSirBeaconReportReqInd);
@@ -3507,7 +3514,6 @@ QDF_STATUS sme_get_ap_channel_from_scan_cache(tHalHandle hal_handle,
 				FL("scan_filter mem alloc failed"));
 		return QDF_STATUS_E_FAILURE;
 	} else {
-		qdf_mem_set(scan_filter, sizeof(tCsrScanResultFilter), 0);
 		qdf_mem_set(&first_ap_profile, sizeof(tSirBssDescription), 0);
 
 		if (NULL == profile) {
@@ -6662,7 +6668,6 @@ QDF_STATUS sme_register_p2p_ack_ind_callback(tHalHandle hal,
 		sme_release_global_lock(&mac_ctx->sme);
 		return QDF_STATUS_E_NOMEM;
 		}
-		qdf_mem_zero(msg, sizeof(*msg));
 		msg->message_type = eWNI_SME_REGISTER_P2P_ACK_CB;
 		msg->length = sizeof(*msg);
 
@@ -6704,7 +6709,6 @@ QDF_STATUS sme_register_mgmt_frame_ind_callback(tHalHandle hal,
 			sme_release_global_lock(&mac_ctx->sme);
 			return QDF_STATUS_E_NOMEM;
 		}
-		qdf_mem_set(msg, sizeof(*msg), 0);
 		msg->message_type = eWNI_SME_REGISTER_MGMT_FRAME_CB;
 		msg->length          = sizeof(*msg);
 
@@ -6762,7 +6766,6 @@ QDF_STATUS sme_register_mgmt_frame(tHalHandle hHal, uint8_t sessionId,
 		if (NULL == pMsg)
 			status = QDF_STATUS_E_NOMEM;
 		else {
-			qdf_mem_set(pMsg, len, 0);
 			pMsg->messageType = eWNI_SME_REGISTER_MGMT_FRAME_REQ;
 			pMsg->length = len;
 			pMsg->sessionId = sessionId;
@@ -6824,7 +6827,6 @@ QDF_STATUS sme_deregister_mgmt_frame(tHalHandle hHal, uint8_t sessionId,
 		if (NULL == pMsg)
 			status = QDF_STATUS_E_NOMEM;
 		else {
-			qdf_mem_set(pMsg, len, 0);
 			pMsg->messageType = eWNI_SME_REGISTER_MGMT_FRAME_REQ;
 			pMsg->length = len;
 			pMsg->registerFrame = false;
@@ -10407,7 +10409,6 @@ QDF_STATUS sme_update_tdls_peer_state(tHalHandle hHal,
 		return QDF_STATUS_E_NOMEM;
 	}
 
-	qdf_mem_zero(pTdlsPeerStateParams, sizeof(*pTdlsPeerStateParams));
 	qdf_mem_copy(&pTdlsPeerStateParams->peerMacAddr,
 			&peerStateParams->peerMacAddr, sizeof(tSirMacAddr));
 	pTdlsPeerStateParams->vdevId = peerStateParams->vdevId;
@@ -10551,7 +10552,6 @@ QDF_STATUS sme_send_tdls_chan_switch_req(tHalHandle hal,
 		sme_release_global_lock(&mac->sme);
 		return QDF_STATUS_E_FAILURE;
 	}
-	qdf_mem_zero(chan_switch_params, sizeof(*chan_switch_params));
 
 	switch (ch_switch_params->tdls_off_ch_mode) {
 	case ENABLE_CHANSWITCH:
@@ -11623,7 +11623,6 @@ QDF_STATUS sme_dcc_clear_stats(tHalHandle hHal, uint32_t vdev_id,
 		goto end;
 	}
 
-	qdf_mem_zero(request, sizeof(*request));
 	request->vdev_id = vdev_id;
 	request->dcc_stats_bitmap = dcc_stats_bitmap;
 
@@ -12245,7 +12244,6 @@ QDF_STATUS sme_update_access_policy_vendor_ie(tHalHandle hal,
 		return QDF_STATUS_E_FAILURE;
 	}
 
-	qdf_mem_set(msg, msg_len, 0);
 	msg->msg_type = (uint16_t)eWNI_SME_UPDATE_ACCESS_POLICY_VENDOR_IE;
 	msg->length = (uint16_t)msg_len;
 
@@ -12697,8 +12695,6 @@ QDF_STATUS sme_init_thermal_info(tHalHandle hHal, tSmeThermalParams thermalParam
 		return QDF_STATUS_E_NOMEM;
 	}
 
-	qdf_mem_zero((void *)pWmaParam, sizeof(t_thermal_mgmt));
-
 	pWmaParam->thermalMgmtEnabled = thermalParam.smeThermalMgmtEnabled;
 	pWmaParam->throttlePeriod = thermalParam.smeThrottlePeriod;
 
@@ -12881,8 +12877,6 @@ QDF_STATUS sme_ap_disable_intra_bss_fwd(tHalHandle hHal, uint8_t sessionId,
 		return QDF_STATUS_E_NOMEM;
 	}
 
-	qdf_mem_zero(pSapDisableIntraFwd, sizeof(tDisableIntraBssFwd));
-
 	pSapDisableIntraFwd->sessionId = sessionId;
 	pSapDisableIntraFwd->disableintrabssfwd = disablefwd;
 
@@ -12967,8 +12961,6 @@ QDF_STATUS sme_stats_ext_request(uint8_t session_id, tpStatsExtRequestReq input)
 	if (data == NULL) {
 		return QDF_STATUS_E_NOMEM;
 	}
-
-	qdf_mem_zero(data, data_len);
 	data->vdev_id = session_id;
 	data->request_data_len = input->request_data_len;
 	if (input->request_data_len) {
@@ -13705,7 +13697,6 @@ QDF_STATUS sme_set_epno_list(tHalHandle hal,
 		return QDF_STATUS_E_NOMEM;
 	}
 
-	qdf_mem_zero(req_msg, len);
 	req_msg->num_networks = input->num_networks;
 	req_msg->request_id = input->request_id;
 	req_msg->session_id = input->session_id;
@@ -13785,7 +13776,6 @@ QDF_STATUS sme_set_passpoint_list(tHalHandle hal,
 		return QDF_STATUS_E_NOMEM;
 	}
 
-	qdf_mem_zero(req_msg, len);
 	req_msg->num_networks = input->num_networks;
 	req_msg->request_id = input->request_id;
 	req_msg->session_id = input->session_id;
@@ -13849,7 +13839,6 @@ QDF_STATUS sme_reset_passpoint_list(tHalHandle hal,
 		return QDF_STATUS_E_NOMEM;
 	}
 
-	qdf_mem_zero(req_msg, sizeof(*req_msg));
 	req_msg->request_id = input->request_id;
 	req_msg->session_id = input->session_id;
 
@@ -14699,7 +14688,6 @@ QDF_STATUS sme_configure_modulated_dtim(tHalHandle h_hal, uint8_t session_id,
 
 	if (QDF_STATUS_SUCCESS == status) {
 
-		qdf_mem_zero((void *)iwcmd, sizeof(*iwcmd));
 		iwcmd->param_value = modulated_dtim;
 		iwcmd->param_vdev_id = session_id;
 		iwcmd->param_id = GEN_PARAM_MODULATED_DTIM;
@@ -14753,13 +14741,12 @@ QDF_STATUS sme_wifi_start_logger(tHalHandle hal,
 		return QDF_STATUS_E_NOMEM;
 	}
 
-	qdf_mem_zero(req_msg, len);
-
 	req_msg->verbose_level = start_log.verbose_level;
 	req_msg->is_iwpriv_command = start_log.is_iwpriv_command;
 	req_msg->ring_id = start_log.ring_id;
 	req_msg->ini_triggered = start_log.ini_triggered;
 	req_msg->user_triggered = start_log.user_triggered;
+	req_msg->size = start_log.size;
 
 	status = sme_acquire_global_lock(&mac->sme);
 	if (status != QDF_STATUS_SUCCESS) {
@@ -15261,8 +15248,6 @@ QDF_STATUS sme_pdev_set_pcl(tHalHandle hal,
 		return QDF_STATUS_E_NOMEM;
 	}
 
-	qdf_mem_zero(req_msg, len);
-
 	for (i = 0; i < msg.pcl_len; i++) {
 		req_msg->pcl_list[i] =  msg.pcl_list[i];
 		req_msg->weight_list[i] =  msg.weight_list[i];
@@ -16061,7 +16046,6 @@ void sme_send_disassoc_req_frame(tHalHandle hal, uint8_t session_id,
 	if (!QDF_IS_STATUS_SUCCESS(qdf_status))
 		return;
 
-	qdf_mem_set(msg, sizeof(struct sme_send_disassoc_frm_req), 0);
 	msg->msg_type = (uint16_t) eWNI_SME_SEND_DISASSOC_FRAME;
 
 	msg->length = (uint16_t) sizeof(struct sme_send_disassoc_frm_req);
@@ -16669,6 +16653,7 @@ QDF_STATUS sme_set_default_scan_ie(tHalHandle hal, uint16_t session_id,
 	return status;
 }
 
+#ifdef WLAN_FEATURE_DISA
 /**
  * sme_encrypt_decrypt_msg() - handles encrypt/decrypt mesaage
  * @hal: HAL handle
@@ -16799,6 +16784,7 @@ QDF_STATUS sme_encrypt_decrypt_msg_deregister_callback(tHalHandle h_hal)
 	}
 	return status;
 }
+#endif
 
 QDF_STATUS sme_set_cts2self_for_p2p_go(tHalHandle hal_handle)
 {

core/sme/src/common/sme_ft_api.c

@@ -284,7 +284,6 @@ QDF_STATUS sme_ft_send_update_key_ind(tHalHandle hal, uint32_t session_id,
 	if (NULL == msg)
 		return QDF_STATUS_E_NOMEM;
 
-	qdf_mem_set(msg, msglen, 0);
 	msg->messageType = eWNI_SME_FT_UPDATE_KEY;
 	msg->length = msglen;
 

core/sme/src/common/sme_power_save.c

@@ -313,7 +313,6 @@ static QDF_STATUS sme_ps_enter_wowl_req_params(tpAniSirGlobal mac_ctx,
 			FL("Fail to allocate memory for Enter Wowl Request"));
 		return  QDF_STATUS_E_NOMEM;
 	}
-	qdf_mem_set((uint8_t *) hal_wowl_params, sizeof(*hal_wowl_params), 0);
 
 	/* fill in the message field */
 	hal_wowl_params->ucMagicPktEnable = sme_wowl_params->ucMagicPktEnable;
@@ -421,8 +420,6 @@ static QDF_STATUS sme_ps_exit_wowl_req_params(tpAniSirGlobal mac_ctx,
 			FL("Fail to allocate memory for WoWLAN Add Bcast Pattern "));
 		return  QDF_STATUS_E_NOMEM;
 	}
-	qdf_mem_set((uint8_t *) hal_wowl_msg,
-			sizeof(*hal_wowl_msg), 0);
 	hal_wowl_msg->sessionId = session_id;
 
 	if (QDF_STATUS_SUCCESS == sme_post_ps_msg_to_wma(WMA_WOWL_EXIT_REQ,

core/sme/src/csr/csr_api_roam.c

@@ -57,6 +57,7 @@
 #include "cds_concurrency.h"
 #include "sme_nan_datapath.h"
 #include "pld_common.h"
+#include <wlan_logging_sock_svc.h>
 
 #define MAX_PWR_FCC_CHAN_12 8
 #define MAX_PWR_FCC_CHAN_13 2
@@ -85,6 +86,10 @@
 #define MAX_CB_VALUE_IN_INI (2)
 
 #define MAX_SOCIAL_CHANNELS  3
+
+/* packet dump timer duration of 60 secs */
+#define PKT_DUMP_TIMER_DURATION 60
+
 /* Choose the largest possible value that can be accomodates in 8 bit signed */
 /* variable. */
 #define SNR_HACK_BMPS                         (127)
@@ -572,8 +577,6 @@ static void csr_roam_sort_channel_for_early_stop(tpAniSirGlobal mac_ctx,
 			  "Failed to allocate memory for tSirUpdateChanList");
 		return;
 	}
-	qdf_mem_zero(chan_list_greedy, buf_size);
-	qdf_mem_zero(chan_list_non_greedy, buf_size);
 	/*
 	 * fixed_greedy_chan_list is an evaluated channel list based on most of
 	 * the enterprise wifi deployments and the order of the channels
@@ -693,7 +696,6 @@ QDF_STATUS csr_update_channel_list(tpAniSirGlobal pMac)
 			  "Failed to allocate memory for tSirUpdateChanList");
 		return QDF_STATUS_E_NOMEM;
 	}
-	qdf_mem_zero(pChanList, bufLen);
 
 	for (i = 0; i < pScan->base_channels.numChannels; i++) {
 		/* Scan is not performed on DSRC channels*/
@@ -963,6 +965,58 @@ void csr_set_global_cfgs(tpAniSirGlobal pMac)
 	csr_set_default_dot11_mode(pMac);
 }
 
+/**
+ * csr_packetdump_timer_handler() - packet dump timer
+ * handler
+ * @pv: user data
+ *
+ * This function is used to handle packet dump timer
+ *
+ * Return: None
+ *
+ */
+static void csr_packetdump_timer_handler(void *pv)
+{
+	QDF_TRACE(QDF_MODULE_ID_SME, QDF_TRACE_LEVEL_INFO,
+			"%s Invoking packetdump deregistration API", __func__);
+	wlan_deregister_txrx_packetdump();
+}
+
+/**
+ * csr_packetdump_timer_stop() - stops packet dump timer
+ *
+ * This function is used to stop packet dump timer
+ *
+ * Return: None
+ *
+ */
+void csr_packetdump_timer_stop(void)
+{
+	QDF_STATUS status;
+	tHalHandle hal;
+	tpAniSirGlobal mac;
+	v_CONTEXT_t vos_ctx_ptr;
+
+	/* get the global voss context */
+	vos_ctx_ptr = cds_get_global_context();
+	if (vos_ctx_ptr == NULL) {
+		QDF_ASSERT(0);
+		return;
+	}
+
+	hal = cds_get_context(QDF_MODULE_ID_SME);
+	if (hal == NULL) {
+		QDF_ASSERT(0);
+		return;
+	}
+
+	mac = PMAC_STRUCT(hal);
+	status = qdf_mc_timer_stop(&mac->roam.packetdump_timer);
+	if (!QDF_IS_STATUS_SUCCESS(status)) {
+		sms_log(mac, LOGE, FL("cannot stop packetdump timer"));
+	}
+}
+
 QDF_STATUS csr_roam_open(tpAniSirGlobal pMac)
 {
 	QDF_STATUS status = QDF_STATUS_SUCCESS;
@@ -989,6 +1043,14 @@ QDF_STATUS csr_roam_open(tpAniSirGlobal pMac)
 					("cannot allocate memory for WaitForKey time out timer"));
 			break;
 		}
+		status = qdf_mc_timer_init(&pMac->roam.packetdump_timer,
+				QDF_TIMER_TYPE_SW, csr_packetdump_timer_handler,
+				pMac);
+		if (!QDF_IS_STATUS_SUCCESS(status)) {
+			sms_log(pMac, LOGE,
+			   FL("cannot allocate memory for packetdump timer"));
+			break;
+		}
 		status =
 			qdf_mc_timer_init(&pMac->roam.tlStatsReqInfo.hTlStatsTimer,
 					  QDF_TIMER_TYPE_SW,
@@ -1013,6 +1075,8 @@ QDF_STATUS csr_roam_close(tpAniSirGlobal pMac)
 	qdf_mc_timer_destroy(&pMac->roam.hTimerWaitForKey);
 	qdf_mc_timer_stop(&pMac->roam.tlStatsReqInfo.hTlStatsTimer);
 	qdf_mc_timer_destroy(&pMac->roam.tlStatsReqInfo.hTlStatsTimer);
+	qdf_mc_timer_stop(&pMac->roam.packetdump_timer);
+	qdf_mc_timer_destroy(&pMac->roam.packetdump_timer);
 	return QDF_STATUS_SUCCESS;
 }
 
@@ -3048,10 +3112,6 @@ static QDF_STATUS csr_init11d_info(tpAniSirGlobal pMac, tCsr11dinfo *ps11dinfo)
 		qdf_mem_malloc(sizeof(tSirMacChanInfo) *
 			       WNI_CFG_VALID_CHANNEL_LIST_LEN);
 	if (pChanInfo != NULL) {
-		qdf_mem_set(pChanInfo,
-			    sizeof(tSirMacChanInfo) *
-			    WNI_CFG_VALID_CHANNEL_LIST_LEN, 0);
-
 		pChanInfoStart = pChanInfo;
 		for (index = 0; index < ps11dinfo->Channels.numChannels;
 		     index++) {
@@ -3110,9 +3170,6 @@ QDF_STATUS csr_init_channel_power_list(tpAniSirGlobal pMac, tCsr11dinfo *ps11din
 		qdf_mem_malloc(sizeof(tSirMacChanInfo) *
 			       WNI_CFG_VALID_CHANNEL_LIST_LEN);
 	if (pChanInfo != NULL) {
-		qdf_mem_set(pChanInfo,
-			    sizeof(tSirMacChanInfo) *
-			    WNI_CFG_VALID_CHANNEL_LIST_LEN, 0);
 		pChanInfoStart = pChanInfo;
 
 		for (index = 0; index < ps11dinfo->Channels.numChannels;
@@ -3681,7 +3738,6 @@ csr_send_mb_tkip_counter_measures_req_msg(tpAniSirGlobal pMac,
 			status = QDF_STATUS_SUCCESS;
 		if (!QDF_IS_STATUS_SUCCESS(status))
 			break;
-		qdf_mem_set(pMsg, sizeof(tSirSmeTkipCntrMeasReq), 0);
 		pMsg->messageType = eWNI_SME_TKIP_CNTR_MEAS_REQ;
 		pMsg->length = sizeof(tSirSmeTkipCntrMeasReq);
 		pMsg->sessionId = sessionId;
@@ -4805,7 +4861,6 @@ QDF_STATUS csr_roam_stop_network(tpAniSirGlobal pMac, uint32_t sessionId,
 	if (NULL == pBssConfig)
 		return QDF_STATUS_E_NOMEM;
 
-	qdf_mem_set(pBssConfig, sizeof(tBssConfigParam), 0);
 	status = csr_roam_prepare_bss_config(pMac, pProfile, pBssDesc,
 			pBssConfig, pIes);
 	if (QDF_IS_STATUS_SUCCESS(status)) {
@@ -5705,8 +5760,6 @@ QDF_STATUS csr_roam_process_command(tpAniSirGlobal pMac, tSmeCmd *pCommand)
 			pSession->pCurRoamProfile =
 					qdf_mem_malloc(sizeof(tCsrRoamProfile));
 			if (NULL != pSession->pCurRoamProfile) {
-				qdf_mem_set(pSession->pCurRoamProfile,
-					sizeof(tCsrRoamProfile), 0);
 				csr_roam_copy_profile(pMac,
 					pSession->pCurRoamProfile,
 					&pCommand->u.roamCmd.roamProfile);
@@ -5872,8 +5925,6 @@ static QDF_STATUS csr_roam_save_params(tpAniSirGlobal mac_ctx,
 			if (NULL == session_ptr->pWpaRsnRspIE)
 				return QDF_STATUS_E_NOMEM;
 
-			qdf_mem_set(session_ptr->pWpaRsnRspIE,
-					nIeLen + 2, 0);
 			session_ptr->pWpaRsnRspIE[0] = DOT11F_EID_RSN;
 			session_ptr->pWpaRsnRspIE[1] = (uint8_t) nIeLen;
 			/* copy upto akm_suites */
@@ -7653,8 +7704,7 @@ QDF_STATUS csr_roam_connect(tpAniSirGlobal pMac, uint32_t sessionId,
 	pSession->dhcp_done = false;
 	csr_roam_cancel_roaming(pMac, sessionId);
 	csr_scan_remove_fresh_scan_command(pMac, sessionId);
-	/* Only abort the scan if its not used for other roam/connect purpose */
-	csr_scan_abort_mac_scan(pMac, sessionId, eCSR_SCAN_ABORT_DEFAULT);
+	csr_scan_abort_all_scans(pMac, eCSR_SCAN_ABORT_DEFAULT);
 	csr_roam_remove_duplicate_command(pMac, sessionId, NULL, eCsrHddIssued);
 	/* Check whether ssid changes */
 	if (csr_is_conn_state_connected(pMac, sessionId) &&
@@ -7684,8 +7734,6 @@ QDF_STATUS csr_roam_connect(tpAniSirGlobal pMac, uint32_t sessionId,
 		goto end;
 	}
 
-	qdf_mem_set(pScanFilter, sizeof(tCsrScanResultFilter),
-			0);
 	/* Try to connect to any BSS */
 	if (NULL == pProfile) {
 		/* No encryption */
@@ -7921,7 +7969,6 @@ static QDF_STATUS csr_roam_join_last_profile(tpAniSirGlobal pMac,
 			status = QDF_STATUS_E_NOMEM;
 			goto end;
 		}
-		qdf_mem_set(pProfile, sizeof(tCsrRoamProfile), 0);
 		status = csr_roam_copy_profile(pMac, pProfile,
 			pSession->pCurRoamProfile);
 		if (!QDF_IS_STATUS_SUCCESS(status))
@@ -7931,7 +7978,6 @@ static QDF_STATUS csr_roam_join_last_profile(tpAniSirGlobal pMac,
 			status = QDF_STATUS_E_NOMEM;
 			goto end;
 		}
-		qdf_mem_set(pScanFilter, sizeof(tCsrScanResultFilter), 0);
 		status = csr_roam_prepare_filter_from_profile(pMac, pProfile,
 					pScanFilter);
 		if (!QDF_IS_STATUS_SUCCESS(status))
@@ -9051,6 +9097,7 @@ static void csr_roam_roaming_state_stop_bss_rsp_processor(tpAniSirGlobal pMac,
 							  tSirSmeRsp *pSmeRsp)
 {
 	eCsrRoamCompleteResult result_code = eCsrNothingToJoin;
+	tCsrRoamProfile *profile;
 
 #ifdef FEATURE_WLAN_DIAG_SUPPORT_CSR
 	{
@@ -9069,16 +9116,16 @@ static void csr_roam_roaming_state_stop_bss_rsp_processor(tpAniSirGlobal pMac,
 	pMac->roam.roamSession[pSmeRsp->sessionId].connectState =
 		eCSR_ASSOC_STATE_TYPE_NOT_CONNECTED;
 	if (CSR_IS_ROAM_SUBSTATE_STOP_BSS_REQ(pMac, pSmeRsp->sessionId)) {
-		if (CSR_IS_CONN_NDI(pMac->roam.roamSession[pSmeRsp->sessionId].
-							pCurRoamProfile)) {
+		profile =
+		    pMac->roam.roamSession[pSmeRsp->sessionId].pCurRoamProfile;
+		if (profile && CSR_IS_CONN_NDI(profile)) {
 			result_code = eCsrStopBssSuccess;
 			if (pSmeRsp->statusCode != eSIR_SME_SUCCESS)
 				result_code = eCsrStopBssFailure;
 		}
 		csr_roam_complete(pMac, result_code, NULL);
-	} else
-	if (CSR_IS_ROAM_SUBSTATE_DISCONNECT_CONTINUE
-		    (pMac, pSmeRsp->sessionId)) {
+	} else if (CSR_IS_ROAM_SUBSTATE_DISCONNECT_CONTINUE(pMac,
+			pSmeRsp->sessionId)) {
 		csr_roam_reissue_roam_command(pMac);
 	}
 }
@@ -9200,7 +9247,6 @@ csr_check_profile_in_scan_cache(tpAniSirGlobal mac_ctx,
 		sms_log(mac_ctx, LOGE, FL("alloc for ScanFilter failed."));
 		return false;
 	}
-	qdf_mem_set(*scan_filter, sizeof(tCsrScanResultFilter), 0);
 	(*scan_filter)->scan_filter_for_roam = 1;
 	status = csr_roam_prepare_filter_from_profile(mac_ctx,
 			&neighbor_roam_info->csrNeighborRoamProfile,
@@ -9308,8 +9354,6 @@ void csr_roam_roaming_state_disassoc_rsp_processor(tpAniSirGlobal pMac,
 			sme_qos_csr_event_ind(pMac, sessionId,
 					      SME_QOS_CSR_HANDOFF_ASSOC_REQ,
 					      NULL);
-			qdf_mem_set(pCurRoamProfile, sizeof(tCsrRoamProfile),
-				    0);
 			csr_roam_copy_profile(pMac, pCurRoamProfile,
 					      pSession->pCurRoamProfile);
 			/* make sure to put it at the head of the cmd queue */
@@ -10325,7 +10369,6 @@ static QDF_STATUS csr_send_reset_ap_caps_changed(tpAniSirGlobal pMac,
 		status = QDF_STATUS_SUCCESS;
 
 	if (QDF_IS_STATUS_SUCCESS(status)) {
-		qdf_mem_set(pMsg, sizeof(tSirResetAPCapsChange), 0);
 		pMsg->messageType = eWNI_SME_RESET_AP_CAPS_CHANGED;
 		pMsg->length = len;
 		qdf_copy_macaddr(&pMsg->bssId, bssId);
@@ -10453,7 +10496,6 @@ csr_roam_chk_lnk_disassoc_ind(tpAniSirGlobal mac_ctx, tSirSmeRsp *msg_ptr)
 	 * the WmStatusChange requests is pushed and processed
 	 */
 	pDisassocInd = (tSirSmeDisassocInd *) msg_ptr;
-	qdf_mem_set(&roam_info, sizeof(roam_info), 0);
 	status = csr_roam_get_session_id_from_bssid(mac_ctx,
 				&pDisassocInd->bssid, &sessionId);
 	if (!QDF_IS_STATUS_SUCCESS(status)) {
@@ -12372,7 +12414,6 @@ bool csr_is_same_profile(tpAniSirGlobal pMac,
 	if (NULL == pScanFilter)
 		return fCheck;
 
-	qdf_mem_set(pScanFilter, sizeof(tCsrScanResultFilter), 0);
 	status = csr_roam_prepare_filter_from_profile(pMac, pProfile2,
 						      pScanFilter);
 	if (!(QDF_IS_STATUS_SUCCESS(status)))
@@ -13085,7 +13126,6 @@ static QDF_STATUS csr_roam_start_ibss(tpAniSirGlobal pMac, uint32_t sessionId,
 		else
 			status = QDF_STATUS_SUCCESS;
 		if (QDF_IS_STATUS_SUCCESS(status)) {
-			qdf_mem_set(pBssConfig, sizeof(tBssConfigParam), 0);
 			/* there is no Bss description before we start an IBSS so we need to adopt */
 			/* all Bss configuration parameters from the Profile. */
 			status =
@@ -13519,7 +13559,6 @@ csr_roam_remove_connected_bss_from_scan_cache(tpAniSirGlobal pMac,
 	if (NULL == pScanFilter)
 		return QDF_STATUS_E_NOMEM;
 
-	qdf_mem_set(pScanFilter, sizeof(tCsrScanResultFilter), 0);
 	pScanFilter->BSSIDs.bssid = qdf_mem_malloc(sizeof(struct qdf_mac_addr));
 	if (NULL == pScanFilter->BSSIDs.bssid) {
 		qdf_mem_free(pScanFilter);
@@ -13642,8 +13681,6 @@ static QDF_STATUS csr_roam_start_wds(tpAniSirGlobal pMac, uint32_t sessionId,
 			pSession->pCurRoamProfile =
 				qdf_mem_malloc(sizeof(tCsrRoamProfile));
 			if (pSession->pCurRoamProfile != NULL) {
-				qdf_mem_set(pSession->pCurRoamProfile,
-					    sizeof(tCsrRoamProfile), 0);
 				csr_roam_copy_profile(pMac,
 						      pSession->pCurRoamProfile,
 						      pProfile);
@@ -13792,6 +13829,7 @@ QDF_STATUS csr_send_join_req_msg(tpAniSirGlobal pMac, uint32_t sessionId,
 	uint8_t ese_config = 0;
 	tpCsrNeighborRoamControlInfo neigh_roam_info;
 	uint32_t value = 0, value1 = 0;
+	QDF_STATUS packetdump_timer_status;
 
 	if (!pSession) {
 		sms_log(pMac, LOGE, FL("  session %d not found "), sessionId);
@@ -13848,7 +13886,6 @@ QDF_STATUS csr_send_join_req_msg(tpAniSirGlobal pMac, uint32_t sessionId,
 			status = QDF_STATUS_SUCCESS;
 		if (!QDF_IS_STATUS_SUCCESS(status))
 			break;
-		qdf_mem_set(csr_join_req, msgLen, 0);
 		csr_join_req->messageType = messageType;
 		csr_join_req->length = msgLen;
 		csr_join_req->sessionId = (uint8_t) sessionId;
@@ -14264,10 +14301,11 @@ QDF_STATUS csr_send_join_req_msg(tpAniSirGlobal pMac, uint32_t sessionId,
 		}
 		/*
 		 * If RX LDPC has been disabled for 2.4GHz channels and enabled
-		 * for 5Ghz for STA like persona here is how to handle those
-		 * cases here (by now channel has been decided).
+		 * for 5Ghz for STA like persona then here is how to handle
+		 * those cases (by now channel has been decided).
 		 */
-		if (eSIR_INFRASTRUCTURE_MODE == csr_join_req->bsstype)
+		if (eSIR_INFRASTRUCTURE_MODE == csr_join_req->bsstype ||
+		    !wma_is_dbs_enable())
 			csr_set_ldpc_exception(pMac, pSession,
 					pBssDescription->channelId,
 					pMac->roam.configParam.rxLdpcEnable);
@@ -14444,6 +14482,25 @@ QDF_STATUS csr_send_join_req_msg(tpAniSirGlobal pMac, uint32_t sessionId,
 			csr_join_req = NULL;
 			break;
 		} else {
+			if (pProfile->csrPersona == QDF_STA_MODE) {
+				sms_log(pMac, LOG1,
+				    FL(" Invoking packetdump register API"));
+				wlan_register_txrx_packetdump();
+				packetdump_timer_status =
+					qdf_mc_timer_start(
+					&pMac->roam.packetdump_timer,
+					(PKT_DUMP_TIMER_DURATION *
+					QDF_MC_TIMER_TO_SEC_UNIT)/
+					QDF_MC_TIMER_TO_MS_UNIT);
+				if (!QDF_IS_STATUS_SUCCESS(
+						packetdump_timer_status)) {
+					sms_log(pMac, LOGE,
+					   FL("cannot start packetdump timer"));
+					sms_log(pMac, LOGE,
+					   FL("packetdump_timer_status: %d"),
+					   packetdump_timer_status);
+				}
+			}
 #ifndef WLAN_MDM_CODE_REDUCTION_OPT
 			if (eWNI_SME_JOIN_REQ == messageType) {
 				/* Notify QoS module that join happening */
@@ -14485,7 +14542,6 @@ QDF_STATUS csr_send_mb_disassoc_req_msg(tpAniSirGlobal pMac, uint32_t sessionId,
 	if (NULL == pMsg)
 		return QDF_STATUS_E_NOMEM;
 
-	qdf_mem_set(pMsg, sizeof(tSirSmeDisassocReq), 0);
 	pMsg->messageType = eWNI_SME_DISASSOC_REQ;
 	pMsg->length = sizeof(tSirSmeDisassocReq);
 	pMsg->sessionId = sessionId;
@@ -14602,7 +14658,6 @@ QDF_STATUS csr_send_chng_mcc_beacon_interval(tpAniSirGlobal pMac, uint32_t sessi
 	else
 		status = QDF_STATUS_SUCCESS;
 	if (QDF_IS_STATUS_SUCCESS(status)) {
-		qdf_mem_set(pMsg, sizeof(tSirChangeBIParams), 0);
 		pMsg->messageType = eWNI_SME_CHNG_MCC_BEACON_INTERVAL;
 		pMsg->length = len;
 
@@ -14712,7 +14767,6 @@ QDF_STATUS csr_send_mb_disassoc_cnf_msg(tpAniSirGlobal pMac,
 			status = QDF_STATUS_SUCCESS;
 		if (!QDF_IS_STATUS_SUCCESS(status))
 			break;
-		qdf_mem_set(pMsg, sizeof(tSirSmeDisassocCnf), 0);
 		pMsg->messageType = eWNI_SME_DISASSOC_CNF;
 		pMsg->statusCode = eSIR_SME_SUCCESS;
 		pMsg->length = sizeof(tSirSmeDisassocCnf);
@@ -14749,7 +14803,6 @@ QDF_STATUS csr_send_mb_deauth_cnf_msg(tpAniSirGlobal pMac,
 			status = QDF_STATUS_SUCCESS;
 		if (!QDF_IS_STATUS_SUCCESS(status))
 			break;
-		qdf_mem_set(pMsg, sizeof(tSirSmeDeauthCnf), 0);
 		pMsg->messageType = eWNI_SME_DEAUTH_CNF;
 		pMsg->statusCode = eSIR_SME_SUCCESS;
 		pMsg->length = sizeof(tSirSmeDeauthCnf);
@@ -14784,7 +14837,6 @@ QDF_STATUS csr_send_assoc_cnf_msg(tpAniSirGlobal pMac, tpSirSmeAssocInd pAssocIn
 		pMsg = qdf_mem_malloc(sizeof(tSirSmeAssocCnf));
 		if (NULL == pMsg)
 			return QDF_STATUS_E_NOMEM;
-		qdf_mem_set(pMsg, sizeof(tSirSmeAssocCnf), 0);
 		pMsg->messageType = eWNI_SME_ASSOC_CNF;
 		pMsg->length = sizeof(tSirSmeAssocCnf);
 		if (QDF_IS_STATUS_SUCCESS(Halstatus))
@@ -14824,7 +14876,6 @@ QDF_STATUS csr_send_assoc_ind_to_upper_layer_cnf_msg(tpAniSirGlobal pMac,
 		pMsg = qdf_mem_malloc(sizeof(tSirSmeAssocIndToUpperLayerCnf));
 		if (NULL == pMsg)
 			return QDF_STATUS_E_NOMEM;
-		qdf_mem_set(pMsg, sizeof(tSirSmeAssocIndToUpperLayerCnf), 0);
 
 		pMsg->messageType = eWNI_SME_UPPER_LAYER_ASSOC_CNF;
 		pMsg->length = sizeof(tSirSmeAssocIndToUpperLayerCnf);
@@ -14920,7 +14971,6 @@ QDF_STATUS csr_send_mb_set_context_req_msg(tpAniSirGlobal pMac,
 		pMsg = qdf_mem_malloc(msgLen);
 		if (NULL == pMsg)
 			return QDF_STATUS_E_NOMEM;
-		qdf_mem_set(pMsg, msgLen, 0);
 		pMsg->messageType = eWNI_SME_SETCONTEXT_REQ;
 		pMsg->length = msgLen;
 		pMsg->sessionId = (uint8_t) sessionId;
@@ -14986,7 +15036,6 @@ QDF_STATUS csr_send_mb_start_bss_req_msg(tpAniSirGlobal pMac, uint32_t sessionId
 	if (NULL == pMsg)
 		return QDF_STATUS_E_NOMEM;
 
-	qdf_mem_set(pMsg, sizeof(tSirSmeStartBssReq), 0);
 	pMsg->messageType = eWNI_SME_START_BSS_REQ;
 	pMsg->sessionId = sessionId;
 	pMsg->length = sizeof(tSirSmeStartBssReq);
@@ -15071,7 +15120,12 @@ QDF_STATUS csr_send_mb_start_bss_req_msg(tpAniSirGlobal pMac, uint32_t sessionId
 	qdf_mem_copy(&pMsg->extendedRateSet,
 		     &pParam->extendedRateSet,
 		     sizeof(tSirMacRateSet));
-	if (eSIR_IBSS_MODE == pMsg->bssType)
+	/*
+	 * If RX LDPC has been disabled for 2.4GHz channels and enabled
+	 * for 5Ghz for STA like persona then here is how to handle
+	 * those cases (by now channel has been decided).
+	 */
+	if (eSIR_IBSS_MODE == pMsg->bssType || !wma_is_dbs_enable())
 		csr_set_ldpc_exception(pMac, pSession,
 				pMsg->channelId,
 				pMac->roam.configParam.rxLdpcEnable);
@@ -15108,7 +15162,6 @@ QDF_STATUS csr_send_mb_stop_bss_req_msg(tpAniSirGlobal pMac, uint32_t sessionId)
 	pMsg = qdf_mem_malloc(sizeof(tSirSmeStopBssReq));
 	if (NULL == pMsg)
 		return QDF_STATUS_E_NOMEM;
-	qdf_mem_set(pMsg, sizeof(tSirSmeStopBssReq), 0);
 	pMsg->messageType = eWNI_SME_STOP_BSS_REQ;
 	pMsg->sessionId = sessionId;
 	pMsg->length = sizeof(tSirSmeStopBssReq);
@@ -15194,7 +15247,6 @@ QDF_STATUS csr_process_add_sta_session_rsp(tpAniSirGlobal pMac, uint8_t *pMsg)
 			return QDF_STATUS_E_NOMEM;
 		}
 
-		qdf_mem_set(msg, sizeof(*msg), 0);
 		msg->msg_type = eWNI_SME_SET_IE_REQ;
 		msg->session_id = rsp->session_id;
 		msg->length = sizeof(*msg);
@@ -15749,6 +15801,9 @@ QDF_STATUS csr_roam_close_session(tpAniSirGlobal pMac, uint32_t sessionId,
 			purge_sme_session_cmd_list(pMac, sessionId,
 					   &pMac->sme.smeScanCmdPendingList);
 
+			purge_sme_session_cmd_list(pMac, sessionId,
+					   &pMac->sme.smeScanCmdActiveList);
+
 			purge_csr_session_cmd_list(pMac, sessionId);
 			status = csr_issue_del_sta_for_session_req(pMac,
 						 sessionId,
@@ -17215,7 +17270,6 @@ csr_create_roam_scan_offload_request(tpAniSirGlobal mac_ctx,
 			  FL("Mem alloc for roam scan offload req failed."));
 		return NULL;
 	}
-	qdf_mem_zero(req_buf, sizeof(tSirRoamOffloadScanReq));
 	req_buf->Command = command;
 	/*
 	 * If command is STOP, then pass down ScanOffloadEnabled as Zero. This
@@ -17583,14 +17637,14 @@ static void csr_update_driver_assoc_ies(tpAniSirGlobal mac_ctx,
 			= (uint8_t *) &mac_ctx->rrm.rrmPEContext.rrmEnabledCaps;
 	uint8_t power_cap_ie_data[DOT11F_IE_POWERCAPS_MAX_LEN]
 			= {MIN_TX_PWR_CAP, MAX_TX_PWR_CAP};
-	uint8_t max_tx_pwr_cap
-			= csr_get_cfg_max_tx_power(mac_ctx,
-				session->pConnectBssDesc->channelId);
-
+	uint8_t max_tx_pwr_cap = 0;
 	uint8_t supp_chan_ie[DOT11F_IE_SUPPCHANNELS_MAX_LEN], supp_chan_ie_len;
 	uint8_t ese_ie[DOT11F_IE_ESEVERSION_MAX_LEN]
 			= { 0x0, 0x40, 0x96, 0x3, ESE_VERSION_SUPPORTED};
 
+	if (session->pConnectBssDesc)
+		max_tx_pwr_cap = csr_get_cfg_max_tx_power(mac_ctx,
+				session->pConnectBssDesc->channelId);
 	if (max_tx_pwr_cap)
 		power_cap_ie_data[1] = max_tx_pwr_cap;
 
@@ -17703,11 +17757,13 @@ csr_roam_offload_scan(tpAniSirGlobal mac_ctx, uint8_t session_id,
 	/*
 	 * The Dynamic Config Items Update may happen even if the state is in
 	 * INIT. It is important to ensure that the command is passed down to
-	 * the FW only if the Infra Station is in a connected state.A connected
-	 * station could also be in a PREAUTH or REASSOC states.So, consider not
-	 * sending the command down in INIT state. We also have to ensure that
-	 * if there is a STOP command we always have to inform Riva,
-	 * irrespective of whichever state we are in
+	 * the FW only if the Infra Station is in a connected state. A connected
+	 * station could also be in a PREAUTH or REASSOC states.
+	 * 1) Block all CMDs that are not STOP in INIT State. For STOP always
+	 *    inform firmware irrespective of state.
+	 * 2) Block update cfg CMD if its for REASON_ROAM_SET_BLACKLIST_BSSID,
+	 *    because we need to inform firmware of blacklisted AP for PNO in
+	 *    all states.
 	 */
 
 	if ((roam_info->neighborRoamState ==
@@ -18364,7 +18420,6 @@ QDF_STATUS csr_roam_update_wparsni_es(tpAniSirGlobal pMac, uint32_t sessionId,
 		pMsg = qdf_mem_malloc(sizeof(tSirUpdateAPWPARSNIEsReq));
 		if (NULL == pMsg)
 			return QDF_STATUS_E_NOMEM;
-		qdf_mem_set(pMsg, sizeof(tSirUpdateAPWPARSNIEsReq), 0);
 		pMsg->messageType = eWNI_SME_SET_APWPARSNIEs_REQ;
 		pMsg->transactionId = 0;
 		qdf_copy_macaddr(&pMsg->bssid, &pSession->selfMacAddr);
@@ -18494,8 +18549,6 @@ QDF_STATUS csr_roam_channel_change_req(tpAniSirGlobal pMac,
 		return QDF_STATUS_E_NOMEM;
 	}
 
-	qdf_mem_set((void *)pMsg, sizeof(tSirChanChangeRequest), 0);
-
 	pMsg->messageType = eWNI_SME_CHANNEL_CHANGE_REQ;
 	pMsg->messageLen = sizeof(tSirChanChangeRequest);
 	pMsg->targetChannel = profile->ChannelInfo.ChannelList[0];
@@ -18539,7 +18592,6 @@ QDF_STATUS csr_roam_start_beacon_req(tpAniSirGlobal pMac,
 		return QDF_STATUS_E_NOMEM;
 	}
 
-	qdf_mem_set((void *)pMsg, sizeof(tSirStartBeaconIndication), 0);
 	pMsg->messageType = eWNI_SME_START_BEACON_REQ;
 	pMsg->messageLen = sizeof(tSirStartBeaconIndication);
 	pMsg->beaconStartStatus = dfsCacWaitStatus;
@@ -18651,8 +18703,6 @@ csr_roam_update_add_ies(tpAniSirGlobal pMac,
 		return QDF_STATUS_E_NOMEM;
 	}
 
-	qdf_mem_zero(pUpdateAddIEs, sizeof(tSirUpdateIEsInd));
-
 	pUpdateAddIEs->msgType = eWNI_SME_UPDATE_ADDITIONAL_IES;
 	pUpdateAddIEs->msgLen = sizeof(tSirUpdateIEsInd);
 
@@ -18697,7 +18747,6 @@ QDF_STATUS csr_send_ext_change_channel(tpAniSirGlobal mac_ctx, uint32_t channel,
 	if (NULL == msg)
 		return QDF_STATUS_E_NOMEM;
 
-	qdf_mem_zero(msg, sizeof(*msg));
 	msg->message_type = eWNI_SME_EXT_CHANGE_CHANNEL;
 	msg->length = sizeof(*msg);
 	msg->new_channel = channel;
@@ -18733,7 +18782,6 @@ QDF_STATUS csr_roam_send_chan_sw_ie_request(tpAniSirGlobal mac_ctx,
 		return QDF_STATUS_E_NOMEM;
 	}
 
-	qdf_mem_set((void *)msg, sizeof(tSirDfsCsaIeRequest), 0);
 	msg->msgType = eWNI_SME_DFS_BEACON_CHAN_SW_IE_REQ;
 	msg->msgLen = sizeof(tSirDfsCsaIeRequest);
 
@@ -19224,8 +19272,6 @@ void csr_process_set_hw_mode(tpAniSirGlobal mac, tSmeCmd *command)
 		}
 	}
 
-	qdf_mem_set(cmd, len, 0);
-
 	cmd->messageType = eWNI_SME_SET_HW_MODE_REQ;
 	cmd->length = len;
 	cmd->set_hw.hw_mode_index = command->u.set_hw_mode_cmd.hw_mode_index;
@@ -19448,7 +19494,6 @@ void csr_process_nss_update_req(tpAniSirGlobal mac, tSmeCmd *command)
 		goto fail;
 	}
 
-	qdf_mem_set((void *)msg, sizeof(*msg), 0);
 	msg->msgType = eWNI_SME_NSS_UPDATE_REQ;
 	msg->msgLen = sizeof(*msg);
 
@@ -19623,7 +19668,6 @@ void csr_roam_synch_callback(tpAniSirGlobal mac_ctx,
 	}
 	csr_scan_save_roam_offload_ap_to_scan_cache(mac_ctx, roam_synch_data,
 			bss_desc);
-	qdf_mem_zero(roam_info, sizeof(tCsrRoamInfo));
 	roam_info->sessionId = session_id;
 	csr_roam_call_callback(mac_ctx, roam_synch_data->roamedVdevId,
 		roam_info, 0, eCSR_ROAM_TDLS_STATUS_UPDATE,
@@ -19701,8 +19745,6 @@ void csr_roam_synch_callback(tpAniSirGlobal mac_ctx,
 		sme_release_global_lock(&mac_ctx->sme);
 		return;
 	}
-	qdf_mem_zero(roam_info->pbFrames, roam_info->nBeaconLength +
-		roam_info->nAssocReqLength + roam_info->nAssocRspLength);
 	qdf_mem_copy(roam_info->pbFrames,
 			(uint8_t *)roam_synch_data +
 			roam_synch_data->reassoc_req_offset +