Merge remote-tracking branch 'remotes/origin/wlan-cld3.driver.lnx.1.1-dev' into wlan-cld3.driver.lnx.2.0-dev

Fast forward CLD3.0-2.0-dev branch to tip of CLD3-1.1-dev from 5.1.0.30P to 5.1.0.32O
Merge upto commit-id: c1b06710ed7a98cfe8b2ecf573c9adcf8093c9f2

* remotes/origin/wlan-cld3.driver.lnx.1.1-dev: (179 commits)
  Release 5.1.0.32O
  qcacld-3.0: Protect con mode change with possible race condition
  Release 5.1.0.32N
  qcacld-3.0: Trigger BUG ON only if recovery is disabled
  Release 5.1.0.32M
  qcacld-3.0: Set csr_prune_channel_list_for_mode prototype in header file
  qcacld-3.0: Fix double free memory in sme_power_save.c
  Release 5.1.0.32L
  qcacld-3.0: do cds_sched_deinit_mqs if cds_alloc_ol_rx_pkt_freeq fails
  qcacld-3.0: Remove duplicate cds_deinit_policy_mgr in error handling
  qcacld-3.0: Cleanup error handling in hdd_configure_cds
  qcacld-3.0: use hdd_context_deinit in hdd_context_destroy
  qcacld-3.0: Continue hdd_deconfigure_cds despite failures
  qcacld-3.0: Continue cds_deinit_policy_mgr despite failures
  Release 5.1.0.32K
  qcacld-3.0: Fix -Wmissing-prototypes in PLD
  qcacld-3.0: Fix -Wmissing-prototypes in sme_qos
  qcacld-3.0: Properly export SME P2P APIs
  qcacld-3.0: Make hdd_ipa_forward() static
  Release 5.1.0.32J
  ...
  Release 5.1.0.30S
  qcacld-3.0: Fix NDI teardown issue on "ifconfig down" request
  Release 5.1.0.30R
  qcacld-3.0: Stop bus BW timer during recovery
  qcacld-3.0: Stop MC thread during recovery
  Release 5.1.0.30Q
  qcacld-3.0: Fix -Wmissing-prototypes in csr_tdls_process
  qcacld-3.0: Fix -Wmissing-prototypes in csr_link_list
  qcacld-3.0: Fix -Wmissing-prototypes in lim_utils
  qcacld-3.0: Fix -Wmissing-prototypes in lim_sme_req_utils
  qcacld-3.0: Fix -Wmissing-prototypes in lim_session
  qcacld-3.0: Fix -Wmissing-prototypes in lim_send_sme_rsp_messages
  qcacld-3.0: Fix -Wmissing-prototypes in lim_send_management_frames
  qcacld-3.0: Fix -Wmissing-prototypes in lim_process_probe_rsp_frame
  qcacld-3.0: Fix -Wmissing-prototypes in lim_process_probe_req_frame
  qcacld-3.0: Fix -Wmissing-prototypes in lim_process_mlm_rsp_messages
  qcacld-3.0: Fix -Wmissing-prototypes in lim_process_mlm_req_messages
  qcacld-3.0: Fix -Wmissing-prototypes in lim_ft*
  Release 5.1.0.30P

Change-Id: I97bf1cc3e0f22f36ab2f12590b3122c3b5db73bd
CRs-Fixed: 688141 1078405 1077315 1076076 1076087 1079503 1078826 1075575 1080027 1057751 1074998 1077793 1078877 1009861 972657 979671 1048598 1078976 1017011 1003261 1048897 1040737 1019018 1079163 1079143 1078825 1078289 1077078 1072812 1076635 1077246 1073325 1077115 1042116 1077488 1075288 992500 1050323 1046965 1061540 1005141 1076844 1036544 1073567 1077498 1075555 1078012 1075098 1077346 865207 1076244 1077588 1076326 1077518 1066273 1071087 1075981 885035 1074503 629288 1073033 1027457 1054846 1075723 1075151 1063837 1072520 1075546 1075090 1074336 1077094 956649 1076574 908656 1077025 1077214 1067826 1075442 1023849 1001449 1001450 1047807 1015244 1013359 962367 1075655 1075224

Kbuild

@@ -246,6 +246,7 @@ endif
 #Enable USB specific APIS
 ifeq ($(CONFIG_ROME_IF),usb)
 	CONFIG_HIF_USB := 1
+	CONFIG_PLD_USB_CNSS := y
 endif
 
 #Enable pci read/write config functions
@@ -970,7 +971,7 @@ endif
 ifeq ($(CONFIG_CNSS_SDIO),y)
 PLD_OBJS +=	$(PLD_SRC_DIR)/pld_sdio.o
 endif
-ifeq ($(CONFIG_USB), y)
+ifeq ($(CONFIG_PLD_USB_CNSS), y)
 PLD_OBJS +=	$(PLD_SRC_DIR)/pld_usb.o
 endif
 
@@ -1167,8 +1168,7 @@ CDEFINES +=	-DWLAN_DEBUG \
 		-DSME_TRACE_RECORD \
 		-DHDD_TRACE_RECORD \
 		-DPE_DEBUG_LOGW \
-		-DPE_DEBUG_LOGE \
-		-DDEBUG
+		-DPE_DEBUG_LOGE
 endif
 
 ifeq ($(CONFIG_SLUB_DEBUG_ON),y)
@@ -1315,7 +1315,8 @@ endif
 #Enable USB specific APIS
 ifeq ($(CONFIG_HIF_USB), 1)
 CDEFINES += -DHIF_USB \
-	    -DCONFIG_HL_SUPPORT
+            -DCONFIG_PLD_USB_CNSS \
+            -DCONFIG_HL_SUPPORT
 endif
 
 #Enable FW logs through ini

core/bmi/src/ol_fw.c

@@ -527,7 +527,7 @@ void ramdump_work_handler(void *data)
 	}
 	tgt_info = hif_get_target_info_handle(ramdump_scn);
 	target_type = tgt_info->target_type;
-#ifdef DEBUG
+#ifdef WLAN_DEBUG
 	ret = hif_check_soc_status(ramdump_scn);
 	if (ret)
 		goto out_fail;

core/cds/inc/cds_api.h

@@ -215,8 +215,6 @@ void cds_flush_cache_rx_queue(void);
 
 QDF_STATUS cds_close(v_CONTEXT_t cds_context);
 
-QDF_STATUS cds_shutdown(v_CONTEXT_t cds_context);
-
 void cds_core_return_msg(void *pVContext, p_cds_msg_wrapper pMsgWrapper);
 
 void *cds_get_context(QDF_MODULE_ID moduleId);
@@ -293,4 +291,5 @@ struct cds_config_info *cds_get_ini_config(void);
 bool cds_is_5_mhz_enabled(void);
 bool cds_is_10_mhz_enabled(void);
 bool cds_is_sub_20_mhz_enabled(void);
+bool cds_is_self_recovery_enabled(void);
 #endif /* if !defined __CDS_API_H */

core/cds/inc/cds_concurrency.h

@@ -852,6 +852,7 @@ QDF_STATUS cds_get_valid_chan_weights(struct sir_pcl_chan_weights *weight);
 QDF_STATUS cds_set_hw_mode_on_channel_switch(uint8_t session_id);
 void cds_set_do_hw_mode_change_flag(bool flag);
 bool cds_is_hw_mode_change_after_vdev_up(void);
+void cds_checkn_update_hw_mode_single_mac_mode(uint8_t channel);
 void cds_dump_connection_status_info(void);
 uint32_t cds_mode_specific_connection_count(enum cds_con_mode mode,
 						uint32_t *list);

core/cds/inc/cds_config.h

@@ -147,5 +147,6 @@ struct cds_config_info {
 	uint16_t self_gen_frm_pwr;
 	enum cfg_sub_20_channel_width sub_20_channel_width;
 	bool flow_steering_enabled;
+	bool self_recovery_enabled;
 };
 #endif /* !defined( __CDS_CONFIG_H ) */

core/cds/src/cds_api.c

@@ -247,7 +247,8 @@ QDF_STATUS cds_open(void)
 	}
 	/* Now Open the CDS Scheduler */
 
-	if (pHddCtx->driver_status == DRIVER_MODULES_UNINITIALIZED) {
+	if (pHddCtx->driver_status == DRIVER_MODULES_UNINITIALIZED ||
+	    cds_is_driver_recovering()) {
 		qdf_status = cds_sched_open(gp_cds_context,
 					    &gp_cds_context->qdf_sched,
 					    sizeof(cds_sched_context));
@@ -519,7 +520,14 @@ QDF_STATUS cds_pre_enable(v_CONTEXT_t cds_context)
 	if (!QDF_IS_STATUS_SUCCESS(qdf_status)) {
 		QDF_TRACE(QDF_MODULE_ID_QDF, QDF_TRACE_LEVEL_FATAL,
 			  "Failed to get ready event from target firmware");
-		QDF_BUG(0);
+		/*
+		 * Panic only if recovery is disabled, else return failure so
+		 * that driver load can fail gracefully. We cannot trigger self
+		 * recovery here because driver is not fully loaded yet.
+		 */
+		if (!cds_is_self_recovery_enabled())
+			QDF_BUG(0);
+
 		htc_stop(gp_cds_context->htc_ctx);
 		return QDF_STATUS_E_FAILURE;
 	}
@@ -1439,98 +1447,6 @@ void cds_core_return_msg(void *pVContext, p_cds_msg_wrapper pMsgWrapper)
 	cds_mq_put(&p_cds_context->freeVosMq, pMsgWrapper);
 } /* cds_core_return_msg() */
 
-
-/**
- * cds_shutdown() - shutdown CDS
- * @cds_context: global cds context
- *
- * Return: QDF status
- */
-QDF_STATUS cds_shutdown(v_CONTEXT_t cds_context)
-{
-	QDF_STATUS qdf_status;
-	tpAniSirGlobal pmac = (((p_cds_contextType)cds_context)->pMACContext);
-
-	ol_txrx_pdev_detach(gp_cds_context->pdev_txrx_ctx, 1);
-	cds_free_context(cds_context, QDF_MODULE_ID_TXRX,
-			 gp_cds_context->pdev_txrx_ctx);
-
-	qdf_status = sme_close(((p_cds_contextType) cds_context)->pMACContext);
-	if (!QDF_IS_STATUS_SUCCESS(qdf_status)) {
-		QDF_TRACE(QDF_MODULE_ID_QDF, QDF_TRACE_LEVEL_ERROR,
-			  "%s: Failed to close SME", __func__);
-		QDF_ASSERT(QDF_IS_STATUS_SUCCESS(qdf_status));
-	}
-	/*
-	 * CAC timer will be initiated and started only when SAP starts on
-	 * DFS channel and it will be stopped and destroyed immediately once the
-	 * radar detected or timedout. So as per design CAC timer should be
-	 * destroyed after stop
-	 */
-	if (pmac->sap.SapDfsInfo.is_dfs_cac_timer_running) {
-		qdf_mc_timer_stop(&pmac->sap.SapDfsInfo.sap_dfs_cac_timer);
-		pmac->sap.SapDfsInfo.is_dfs_cac_timer_running = 0;
-		qdf_mc_timer_destroy(&pmac->sap.SapDfsInfo.sap_dfs_cac_timer);
-	}
-
-	qdf_status = mac_close(((p_cds_contextType) cds_context)->pMACContext);
-	if (!QDF_IS_STATUS_SUCCESS(qdf_status)) {
-		QDF_TRACE(QDF_MODULE_ID_QDF, QDF_TRACE_LEVEL_ERROR,
-			  "%s: Failed to close MAC", __func__);
-		QDF_ASSERT(QDF_IS_STATUS_SUCCESS(qdf_status));
-	}
-
-	((p_cds_contextType) cds_context)->pMACContext = NULL;
-
-	if (false == wma_needshutdown(cds_context)) {
-
-		qdf_status = wma_close(cds_context);
-		if (!QDF_IS_STATUS_SUCCESS(qdf_status)) {
-			QDF_TRACE(QDF_MODULE_ID_QDF, QDF_TRACE_LEVEL_ERROR,
-				  "%s: Failed to close wma!", __func__);
-			QDF_ASSERT(QDF_IS_STATUS_SUCCESS(qdf_status));
-		}
-	}
-
-	qdf_status = wma_wmi_work_close(cds_context);
-	if (!QDF_IS_STATUS_SUCCESS(qdf_status)) {
-		QDF_TRACE(QDF_MODULE_ID_QDF, QDF_TRACE_LEVEL_ERROR,
-		"%s: Failed to close wma_wmi_work!", __func__);
-		QDF_ASSERT(0);
-	}
-
-	if (gp_cds_context->htc_ctx) {
-		htc_stop(gp_cds_context->htc_ctx);
-		htc_destroy(gp_cds_context->htc_ctx);
-		gp_cds_context->htc_ctx = NULL;
-	}
-
-	qdf_status = wma_wmi_service_close(cds_context);
-	if (!QDF_IS_STATUS_SUCCESS(qdf_status)) {
-		QDF_TRACE(QDF_MODULE_ID_QDF, QDF_TRACE_LEVEL_ERROR,
-			  "%s: Failed to close wma_wmi_service!", __func__);
-		QDF_ASSERT(QDF_IS_STATUS_SUCCESS(qdf_status));
-	}
-
-	cds_mq_deinit(&((p_cds_contextType) cds_context)->freeVosMq);
-
-	qdf_status = qdf_event_destroy(&gp_cds_context->wmaCompleteEvent);
-	if (!QDF_IS_STATUS_SUCCESS(qdf_status)) {
-		QDF_TRACE(QDF_MODULE_ID_QDF, QDF_TRACE_LEVEL_ERROR,
-			  "%s: failed to destroy wmaCompleteEvent", __func__);
-		QDF_ASSERT(QDF_IS_STATUS_SUCCESS(qdf_status));
-	}
-
-	qdf_status = qdf_event_destroy(&gp_cds_context->ProbeEvent);
-	if (!QDF_IS_STATUS_SUCCESS(qdf_status)) {
-		QDF_TRACE(QDF_MODULE_ID_QDF, QDF_TRACE_LEVEL_ERROR,
-			  "%s: failed to destroy ProbeEvent", __func__);
-		QDF_ASSERT(QDF_IS_STATUS_SUCCESS(qdf_status));
-	}
-
-	return QDF_STATUS_SUCCESS;
-}
-
 /**
  * cds_get_vdev_types() - get vdev type
  * @mode: mode
@@ -2345,6 +2261,27 @@ bool cds_is_sub_20_mhz_enabled(void)
 	return false;
 }
 
+/**
+ * cds_is_self_recovery_enabled() - API to get self recovery enabled
+ *
+ * Return: true if self recovery enabled, false otherwise
+ */
+bool cds_is_self_recovery_enabled(void)
+{
+	p_cds_contextType p_cds_context;
+
+	p_cds_context = cds_get_context(QDF_MODULE_ID_QDF);
+	if (!p_cds_context) {
+		cds_err("%s: cds context is invalid", __func__);
+		return false;
+	}
+
+	if (p_cds_context->cds_cfg)
+		return p_cds_context->cds_cfg->self_recovery_enabled;
+
+	return false;
+}
+
 /**
  * cds_svc_fw_shutdown_ind() - API to send userspace about FW crash
  *

core/cds/src/cds_concurrency.c

@@ -3018,36 +3018,39 @@ static void cds_dump_current_concurrency(void)
 }
 
 /**
- * cds_current_concurrency_is_scc() - To check the current
- * concurrency combination if it is doing SCC
+ * cds_current_concurrency_is_mcc() - To check the current
+ * concurrency combination if it is doing MCC
  *
- * This routine is called to check if it is doing SCC
+ * This routine is called to check if it is doing MCC
  *
- * Return: True - SCC, False - Otherwise
+ * Return: True - MCC, False - Otherwise
  */
-static bool cds_current_concurrency_is_scc(void)
+static bool cds_current_concurrency_is_mcc(void)
 {
 	uint32_t num_connections = 0;
-	bool is_scc = false;
+	bool is_mcc = false;
 
 	num_connections = cds_get_connection_count();
 
 	switch (num_connections) {
 	case 1:
-		is_scc = true;
 		break;
 	case 2:
-		if (conc_connection_list[0].chan ==
-			conc_connection_list[1].chan) {
-			is_scc = true;
+		if ((conc_connection_list[0].chan !=
+			conc_connection_list[1].chan) &&
+		    (conc_connection_list[0].mac ==
+			conc_connection_list[1].mac)) {
+			is_mcc = true;
 		}
 		break;
 	case 3:
-		if ((conc_connection_list[0].chan ==
-			conc_connection_list[1].chan) &&
-			(conc_connection_list[0].chan ==
-				conc_connection_list[2].chan)){
-				is_scc = true;
+		if ((conc_connection_list[0].chan !=
+			conc_connection_list[1].chan) ||
+		    (conc_connection_list[0].chan !=
+			conc_connection_list[2].chan) ||
+		    (conc_connection_list[1].chan !=
+			conc_connection_list[2].chan)){
+				is_mcc = true;
 		}
 		break;
 	default:
@@ -3056,7 +3059,7 @@ static bool cds_current_concurrency_is_scc(void)
 		break;
 	}
 
-	return is_scc;
+	return is_mcc;
 }
 
 /**
@@ -3342,7 +3345,7 @@ void cds_dump_concurrency_info(void)
 		adapterNode = pNext;
 	}
 	cds_dump_current_concurrency();
-	hdd_ctx->mcc_mode = !cds_current_concurrency_is_scc();
+	hdd_ctx->mcc_mode = cds_current_concurrency_is_mcc();
 }
 
 #ifdef FEATURE_WLAN_TDLS
@@ -3651,10 +3654,22 @@ enum cds_conc_next_action cds_need_opportunistic_upgrade(void)
 	uint32_t conn_index;
 	enum cds_conc_next_action upgrade = CDS_NOP;
 	uint8_t mac = 0;
+	struct sir_hw_mode_params hw_mode;
+	QDF_STATUS status = QDF_STATUS_E_FAILURE;
 
 	if (wma_is_hw_dbs_capable() == false) {
 		cds_err("driver isn't dbs capable, no further action needed");
-		return upgrade;
+		goto done;
+	}
+
+	status = wma_get_current_hw_mode(&hw_mode);
+	if (!QDF_IS_STATUS_SUCCESS(status)) {
+		cds_err("wma_get_current_hw_mode failed");
+		goto done;
+	}
+	if (!hw_mode.dbs_cap) {
+		cds_info("current HW mode is non-DBS capable");
+		goto done;
 	}
 
 	/* Are both mac's still in use */
@@ -3943,23 +3958,27 @@ static void cds_dbs_opportunistic_timer_handler(void *data)
 QDF_STATUS cds_deinit_policy_mgr(void)
 {
 	cds_context_type *cds_ctx;
+	QDF_STATUS status = QDF_STATUS_SUCCESS;
 
 	cds_ctx = cds_get_context(QDF_MODULE_ID_QDF);
 	if (!cds_ctx) {
 		cds_err("Invalid CDS Context");
-		return QDF_STATUS_E_FAILURE;
+		status = QDF_STATUS_E_FAILURE;
+		QDF_ASSERT(0);
 	}
 
 	if (!QDF_IS_STATUS_SUCCESS(qdf_event_destroy
 				  (&cds_ctx->connection_update_done_evt))) {
 		cds_err("Failed to destroy connection_update_done_evt");
-		return QDF_STATUS_E_FAILURE;
+		status = QDF_STATUS_E_FAILURE;
+		QDF_ASSERT(0);
 	}
 
 	if (!QDF_IS_STATUS_SUCCESS(qdf_mutex_destroy(
 					&cds_ctx->qdf_conc_list_lock))) {
 		cds_err("Failed to destroy qdf_conc_list_lock");
-		return QDF_STATUS_E_FAILURE;
+		status = QDF_STATUS_E_FAILURE;
+		QDF_ASSERT(0);
 	}
 
 	if (QDF_TIMER_STATE_RUNNING ==
@@ -3971,7 +3990,8 @@ QDF_STATUS cds_deinit_policy_mgr(void)
 	if (!QDF_IS_STATUS_SUCCESS(qdf_mc_timer_destroy(
 				      &cds_ctx->dbs_opportunistic_timer))) {
 		cds_err("Cannot deallocate dbs opportunistic timer");
-		return QDF_STATUS_E_FAILURE;
+		status = QDF_STATUS_E_FAILURE;
+		QDF_ASSERT(0);
 	}
 
 	cds_ctx->sme_get_valid_channels = NULL;
@@ -3979,10 +3999,11 @@ QDF_STATUS cds_deinit_policy_mgr(void)
 
 	if (QDF_IS_STATUS_ERROR(cds_reset_sap_mandatory_channels())) {
 		cds_err("failed to reset sap mandatory channels");
-		return QDF_STATUS_E_FAILURE;
+		status = QDF_STATUS_E_FAILURE;
+		QDF_ASSERT(0);
 	}
 
-	return QDF_STATUS_SUCCESS;
+	return status;
 }
 
 /**
@@ -4570,6 +4591,9 @@ void cds_update_with_safe_channel_list(uint8_t *pcl_channels, uint32_t *len,
 				     &unsafe_channel_count,
 				     sizeof(unsafe_channel_list));
 
+	if (unsafe_channel_count == 0)
+		cds_notice("There are no unsafe channels");
+
 	if (unsafe_channel_count) {
 		qdf_mem_copy(current_channel_list, pcl_channels,
 			current_channel_count);
@@ -4592,11 +4616,12 @@ void cds_update_with_safe_channel_list(uint8_t *pcl_channels, uint32_t *len,
 				}
 			}
 			if (!is_unsafe) {
-				pcl_channels[safe_channel_count++] =
+				pcl_channels[safe_channel_count] =
 					current_channel_list[i];
 				if (safe_channel_count < weight_len)
-					weight_list[safe_channel_count++] =
+					weight_list[safe_channel_count] =
 						org_weight_list[i];
+				safe_channel_count++;
 			}
 		}
 		*len = safe_channel_count;
@@ -9100,6 +9125,45 @@ uint8_t cds_get_mcc_operating_channel(uint8_t session_id)
 	return chan;
 }
 
+/**
+ * cds_checkn_update_hw_mode_single_mac_mode() - Set hw_mode to SMM
+ * if required
+ * @channel: channel number for the new STA connection
+ *
+ * After the STA disconnection, if the hw_mode is in DBS and the new STA
+ * connection is coming in the band in which existing connections are
+ * present, then this function stops the dbs opportunistic timer and sets
+ * the hw_mode to Single MAC mode (SMM).
+ *
+ * Return: None
+ */
+void cds_checkn_update_hw_mode_single_mac_mode(uint8_t channel)
+{
+	uint8_t i;
+	cds_context_type *cds_ctx;
+
+	cds_ctx = cds_get_context(QDF_MODULE_ID_QDF);
+	if (!cds_ctx) {
+		cds_err("Invalid CDS Context");
+		return;
+	}
+
+	for (i = 0; i < MAX_NUMBER_OF_CONC_CONNECTIONS; i++) {
+		if (conc_connection_list[i].in_use)
+			if (!CDS_IS_SAME_BAND_CHANNELS(channel,
+				conc_connection_list[i].chan)) {
+				cds_info("DBS required");
+				return;
+			}
+	}
+
+	if (QDF_TIMER_STATE_RUNNING ==
+		cds_ctx->dbs_opportunistic_timer.state)
+		qdf_mc_timer_stop(&cds_ctx->dbs_opportunistic_timer);
+
+	cds_dbs_opportunistic_timer_handler((void *)cds_ctx);
+}
+
 /**
  * cds_set_do_hw_mode_change_flag() - Set flag to indicate hw mode change
  * @flag: Indicate if hw mode change is required or not

core/cds/src/cds_reg_service.c

@@ -436,6 +436,23 @@ enum channel_state cds_get_5g_bonded_channel_state(
 		return CHANNEL_STATE_DISABLE;
 }
 
+/**
+ * cds_combine_channel_states() - combine channel states
+ * @chan_state1: channel state1
+ * @chan_state2: channel state2
+ *
+ * Return: enum channel_state
+ */
+ static enum channel_state cds_combine_channel_states(
+		 enum channel_state chan_state1,
+		 enum channel_state chan_state2)
+{
+	if ((CHANNEL_STATE_INVALID == chan_state1) ||
+	    (CHANNEL_STATE_INVALID == chan_state2))
+		return CHANNEL_STATE_INVALID;
+	else
+		return min(chan_state1, chan_state2);
+}
 
 /**
  * cds_set_5g_channel_params() - set the 5G bonded channel parameters
@@ -456,6 +473,8 @@ static void cds_set_5g_channel_params(uint16_t oper_ch,
 		ch_params->ch_width = CH_WIDTH_80P80MHZ;
 
 	while (ch_params->ch_width != CH_WIDTH_INVALID) {
+		bonded_chan_ptr = NULL;
+		bonded_chan_ptr2 = NULL;
 		chan_state = cds_search_5g_bonded_channel(oper_ch,
 							  ch_params->ch_width,
 							  &bonded_chan_ptr);
@@ -468,14 +487,16 @@ static void cds_set_5g_channel_params(uint16_t oper_ch,
 				ch_params->center_freq_seg1 - 2,
 				CH_WIDTH_80MHZ);
 
-		if (chan_state2 < chan_state)
-			chan_state = chan_state2;
+		chan_state = cds_combine_channel_states(chan_state,
+							chan_state2);
+
 		if ((CHANNEL_STATE_ENABLE == chan_state) ||
 		    (CHANNEL_STATE_DFS == chan_state)) {
 			if (CH_WIDTH_20MHZ >= ch_params->ch_width) {
 				ch_params->sec_ch_offset
 					= PHY_SINGLE_CHANNEL_CENTERED;
 				ch_params->center_freq_seg0 = oper_ch;
+				break;
 			} else if (CH_WIDTH_40MHZ <= ch_params->ch_width) {
 				cds_search_5g_bonded_chan_array(oper_ch,
 							bonded_chan_40mhz_array,
@@ -493,9 +514,9 @@ static void cds_set_5g_channel_params(uint16_t oper_ch,
 					ch_params->center_freq_seg0 =
 						(bonded_chan_ptr->start_ch +
 						 bonded_chan_ptr->end_ch)/2;
+					break;
 				}
 			}
-			break;
 		}
 		ch_params->ch_width = next_lower_bw[ch_params->ch_width];
 	}

core/cds/src/cds_sched.c

@@ -505,9 +505,8 @@ QDF_STATUS cds_sched_open(void *p_cds_context,
 	spin_lock_bh(&pSchedContext->cds_ol_rx_pkt_freeq_lock);
 	INIT_LIST_HEAD(&pSchedContext->cds_ol_rx_pkt_freeq);
 	spin_unlock_bh(&pSchedContext->cds_ol_rx_pkt_freeq_lock);
-	if (cds_alloc_ol_rx_pkt_freeq(pSchedContext) != QDF_STATUS_SUCCESS) {
-		return QDF_STATUS_E_FAILURE;
-	}
+	if (cds_alloc_ol_rx_pkt_freeq(pSchedContext) != QDF_STATUS_SUCCESS)
+		goto pkt_freeqalloc_failure;
 	register_hotcpu_notifier(&cds_cpu_hotplug_notifier);
 	pSchedContext->cpu_hot_plug_notifier = &cds_cpu_hotplug_notifier;
 	mutex_init(&pSchedContext->affinity_lock);
@@ -572,13 +571,14 @@ OL_RX_THREAD_START_FAILURE:
 #endif
 
 MC_THREAD_START_FAILURE:
-	/* De-initialize all the message queues */
-	cds_sched_deinit_mqs(pSchedContext);
 
 #ifdef QCA_CONFIG_SMP
 	unregister_hotcpu_notifier(&cds_cpu_hotplug_notifier);
 	cds_free_ol_rx_pkt_freeq(gp_cds_sched_context);
+pkt_freeqalloc_failure:
 #endif
+	/* De-initialize all the message queues */
+	cds_sched_deinit_mqs(pSchedContext);
 
 	return QDF_STATUS_E_RESOURCES;
 

core/dp/htt/htt_h2t.c

@@ -748,6 +748,7 @@ htt_h2t_dbg_stats_get(struct htt_pdev_t *pdev,
 		/* FIX THIS - add more details? */
 		qdf_print("%#x %#x stats not supported\n",
 			  stats_type_upload_mask, stats_type_reset_mask);
+		htt_htc_pkt_free(pdev, pkt);
 		return -EINVAL;      /* failure */
 	}
 

core/dp/ol/inc/ol_cfg.h

@@ -516,6 +516,7 @@ unsigned int ol_cfg_ipa_uc_rx_ind_ring_size(ol_pdev_handle pdev);
  * @param pdev - handle to the physical device
  */
 unsigned int ol_cfg_ipa_uc_tx_partition_base(ol_pdev_handle pdev);
+void ol_cfg_set_ipa_uc_tx_partition_base(ol_pdev_handle pdev, uint32_t value);
 #else
 static inline unsigned int ol_cfg_ipa_uc_offload_enabled(
 	ol_pdev_handle pdev)
@@ -546,6 +547,12 @@ static inline unsigned int ol_cfg_ipa_uc_tx_partition_base(
 {
 	return 0;
 }
+
+static inline void ol_cfg_set_ipa_uc_tx_partition_base(
+	ol_pdev_handle pdev, uint32_t value)
+{
+	return;
+}
 #endif /* IPA_OFFLOAD */
 
 /**

core/dp/ol/inc/ol_txrx_ctrl_api.h

@@ -69,6 +69,7 @@
 #define WLAN_DUMP_TX_FLOW_POOL_INFO 5
 #define WLAN_TXRX_DESC_STATS  6
 #define WLAN_HIF_STATS  7
+#define WLAN_LRO_STATS  8
 #define WLAN_SCHEDULER_STATS        21
 #define WLAN_TX_QUEUE_STATS         22
 #define WLAN_BUNDLE_STATS           23

core/dp/txrx/ol_cfg.c

@@ -403,6 +403,12 @@ unsigned int ol_cfg_ipa_uc_tx_partition_base(ol_pdev_handle pdev)
 	struct txrx_pdev_cfg_t *cfg = (struct txrx_pdev_cfg_t *)pdev;
 	return cfg->ipa_uc_rsc.tx_partition_base;
 }
+
+void ol_cfg_set_ipa_uc_tx_partition_base(ol_pdev_handle pdev, uint32_t val)
+{
+	struct txrx_pdev_cfg_t *cfg = (struct txrx_pdev_cfg_t *)pdev;
+	cfg->ipa_uc_rsc.tx_partition_base = val;
+}
 #endif /* IPA_OFFLOAD */
 
 /**

core/dp/txrx/ol_txrx.c

@@ -3256,7 +3256,7 @@ ol_txrx_fw_stats_cfg(ol_txrx_vdev_handle vdev,
 
 A_STATUS
 ol_txrx_fw_stats_get(ol_txrx_vdev_handle vdev, struct ol_txrx_stats_req *req,
-			bool response_expected)
+			bool per_vdev, bool response_expected)
 {
 	struct ol_txrx_pdev_t *pdev = vdev->pdev;
 	uint64_t cookie;
@@ -4144,7 +4144,6 @@ void ol_txrx_ipa_uc_fw_op_event_handler(void *context,
 	}
 }
 
-#ifdef QCA_CONFIG_SMP
 /**
  * ol_txrx_ipa_uc_op_response() - Handle OP command response from firmware
  * @pdev: handle to the HTT instance
@@ -4152,28 +4151,6 @@ void ol_txrx_ipa_uc_fw_op_event_handler(void *context,
  *
  * Return: none
  */
-void ol_txrx_ipa_uc_op_response(ol_txrx_pdev_handle pdev, uint8_t *op_msg)
-{
-	p_cds_sched_context sched_ctx = get_cds_sched_ctxt();
-	struct cds_ol_rx_pkt *pkt;
-
-	if (qdf_unlikely(!sched_ctx))
-		return;
-
-	pkt = cds_alloc_ol_rx_pkt(sched_ctx);
-	if (qdf_unlikely(!pkt)) {
-		QDF_TRACE(QDF_MODULE_ID_TXRX, QDF_TRACE_LEVEL_ERROR,
-			  "%s: Not able to allocate context", __func__);
-		return;
-	}
-
-	pkt->callback = (cds_ol_rx_thread_cb) ol_txrx_ipa_uc_fw_op_event_handler;
-	pkt->context = pdev;
-	pkt->Rxpkt = (void *)op_msg;
-	pkt->staId = 0;
-	cds_indicate_rxpkt(sched_ctx, pkt);
-}
-#else
 void ol_txrx_ipa_uc_op_response(ol_txrx_pdev_handle pdev,
 				uint8_t *op_msg)
 {
@@ -4186,7 +4163,6 @@ void ol_txrx_ipa_uc_op_response(ol_txrx_pdev_handle pdev,
 		return;
 	}
 }
-#endif
 
 /**
  * ol_txrx_ipa_uc_register_op_cb() - Register OP handler function

core/hdd/inc/qc_sap_ioctl.h

@@ -169,7 +169,7 @@ typedef struct {
 #define QCSAP_IOCTL_GET_INI_CFG         (SIOCIWFIRSTPRIV + 25)
 #define QCSAP_IOCTL_SET_INI_CFG         (SIOCIWFIRSTPRIV + 26)
 #define QCSAP_IOCTL_SET_TWO_INT_GET_NONE (SIOCIWFIRSTPRIV + 28)
-#ifdef DEBUG
+#ifdef WLAN_DEBUG
 #define QCSAP_IOCTL_SET_FW_CRASH_INJECT 1
 #endif
 #define QCSAP_IOCTL_DUMP_DP_TRACE_LEVEL 2
@@ -246,6 +246,7 @@ enum {
 	QCASAP_PARAM_LDPC,
 	QCASAP_PARAM_TX_STBC,
 	QCASAP_PARAM_RX_STBC,
+	QCSAP_PARAM_CHAN_WIDTH,
 };
 
 int iw_get_channel_list(struct net_device *dev,

core/hdd/inc/wlan_hdd_assoc.h

@@ -346,6 +346,11 @@ QDF_STATUS hdd_roam_deregister_sta(hdd_adapter_t *adapter, uint8_t sta_id);
 #ifdef WLAN_FEATURE_ROAM_OFFLOAD
 void hdd_wma_send_fastreassoc_cmd(int session_id, const tSirMacAddr bssid,
 				  int channel);
+#else
+static inline void hdd_wma_send_fastreassoc_cmd(int sessionId,
+		const tSirMacAddr bssid, int channel)
+{
+}
 #endif
 
 #endif

core/hdd/inc/wlan_hdd_cfg.h

@@ -1399,7 +1399,7 @@ typedef enum {
  *          switch DTIM1 when host resumes */
 #define CFG_ENABLE_DYNAMIC_DTIM_NAME            "gEnableDynamicDTIM"
 #define CFG_ENABLE_DYNAMIC_DTIM_MIN        (0)
-#define CFG_ENABLE_DYNAMIC_DTIM_MAX        (5)
+#define CFG_ENABLE_DYNAMIC_DTIM_MAX        (9)
 #define CFG_ENABLE_DYNAMIC_DTIM_DEFAULT    (0)
 
 /*
@@ -1844,7 +1844,7 @@ typedef enum {
 #define CFG_TDLS_EXTERNAL_CONTROL                   "gTDLSExternalControl"
 #define CFG_TDLS_EXTERNAL_CONTROL_MIN               (0)
 #define CFG_TDLS_EXTERNAL_CONTROL_MAX               (1)
-#define CFG_TDLS_EXTERNAL_CONTROL_DEFAULT           (0)
+#define CFG_TDLS_EXTERNAL_CONTROL_DEFAULT           (1)
 
 #define CFG_TDLS_OFF_CHANNEL_SUPPORT_ENABLE          "gEnableTDLSOffChannel"
 #define CFG_TDLS_OFF_CHANNEL_SUPPORT_ENABLE_MIN      (0)
@@ -3540,6 +3540,15 @@ enum dot11p_mode {
 #define CFG_INDOOR_CHANNEL_SUPPORT_MAX      (1)
 #define CFG_INDOOR_CHANNEL_SUPPORT_DEFAULT  (0)
 
+/*
+ * Force softap to 11n, when gSapForce11NFor11AC is set to 1 from ini
+ * despite of hostapd.conf request for 11ac
+ */
+#define CFG_SAP_FORCE_11N_FOR_11AC_NAME    "gSapForce11NFor11AC"
+#define CFG_SAP_FORCE_11N_FOR_11AC_MIN     (0)
+#define CFG_SAP_FORCE_11N_FOR_11AC_MAX     (1)
+#define CFG_SAP_FORCE_11N_FOR_11AC_DEFAULT (0)
+
 /*
  * Enable filtering of replayed multicast packets
  * In a typical infrastructure setup, it is quite normal to receive
@@ -4226,6 +4235,8 @@ struct hdd_config {
 	uint32_t tgt_gtx_usr_cfg;
 	enum cfg_sub_20_channel_width enable_sub_20_channel_width;
 	bool indoor_channel_support;
+	/* parameter to force sap into 11n */
+	bool sap_force_11n_for_11ac;
 	bool multicast_replay_filter;
 	/* parameter for indicating sifs burst duration to fw */
 	uint8_t sifs_burst_duration;

core/hdd/inc/wlan_hdd_ipa.h

@@ -88,12 +88,21 @@ void hdd_ipa_uc_rt_debug_host_dump(hdd_context_t *hdd_ctx);
 void hdd_ipa_uc_stat_request(hdd_adapter_t *adapter, uint8_t reason);
 bool hdd_ipa_is_enabled(hdd_context_t *pHddCtx);
 bool hdd_ipa_uc_is_enabled(hdd_context_t *pHddCtx);
-int hdd_ipa_send_mcc_scc_msg(hdd_context_t *pHddCtx, bool mcc_mode);
+#ifndef QCA_LL_TX_FLOW_CONTROL_V2
+int hdd_ipa_send_mcc_scc_msg(hdd_context_t *hdd_ctx, bool mcc_mode);
+#else
+static inline int hdd_ipa_send_mcc_scc_msg(hdd_context_t *hdd_ctx,
+					   bool mcc_mode)
+{
+	return 0;
+}
+#endif
 int hdd_ipa_uc_ssr_reinit(void);
 int hdd_ipa_uc_ssr_deinit(void);
 void hdd_ipa_uc_force_pipe_shutdown(hdd_context_t *hdd_ctx);
 struct sk_buff *hdd_ipa_tx_packet_ipa(hdd_context_t *hdd_ctx,
 	struct sk_buff *skb, uint8_t session_id);
+bool hdd_ipa_is_present(hdd_context_t *hdd_ctx);
 #else
 static inline QDF_STATUS hdd_ipa_init(hdd_context_t *hdd_ctx)
 {
@@ -200,5 +209,21 @@ static inline struct sk_buff *hdd_ipa_tx_packet_ipa(hdd_context_t *hdd_ctx,
 {
 	return skb;
 }
+
+/**
+ * hdd_ipa_is_present() - get IPA hw status
+ * @hdd_ctx: pointer to hdd context
+ *
+ * ipa_uc_reg_rdyCB is not directly designed to check
+ * ipa hw status. This is an undocumented function which
+ * has confirmed with IPA team.
+ *
+ * Return: true - ipa hw present
+ *         false - ipa hw not present
+ */
+bool hdd_ipa_is_present(hdd_context_t *hdd_ctx)
+{
+	return false;
+}
 #endif /* IPA_OFFLOAD */
 #endif /* #ifndef HDD_IPA_H__ */

core/hdd/inc/wlan_hdd_lro.h

@@ -97,16 +97,62 @@ struct hdd_lro_desc_info {
 	struct hdd_lro_desc_pool lro_desc_pool;
 };
 
+/**
+ * enum hdd_lro_pkt_aggr_bucket - idenitifies the bucket holding
+ * the count of the aggregated packets
+ * @HDD_LRO_BUCKET_0_7: identifies the packet count when the
+ * aggregate size is between 0 to 7 packets
+ * @HDD_LRO_BUCKET_8_15: identifies the packet count when the
+ * aggregate size is between 8 to 15 packets
+ * @HDD_LRO_BUCKET_16_23: identifies the packet count when the
+ * aggregate size is between 16 to 23 packets
+ * @HDD_LRO_BUCKET_24_31: identifies the packet count when the
+ * aggregate size is between 24 to 31 packets
+ * @HDD_LRO_BUCKET_32_39: identifies the packet count when the
+ * aggregate size is between 32 to 39 packets
+ * @HDD_LRO_BUCKET_40_47: identifies the packet count when the
+ * aggregate size is between 40 to 47 packets
+ * @HDD_LRO_BUCKET_48_OR_MORE: identifies the packet count when
+ * the aggregate size is 48 or more packets
+ * @HDD_LRO_BUCKET_MAX: identifies the packet count when the
+ * aggregate size is 48 or more packets
+ */
+enum hdd_lro_pkt_aggr_bucket {
+	HDD_LRO_BUCKET_0_7 = 0,
+	HDD_LRO_BUCKET_8_15 = 1,
+	HDD_LRO_BUCKET_16_23 = 2,
+	HDD_LRO_BUCKET_24_31 = 3,
+	HDD_LRO_BUCKET_32_39 = 4,
+	HDD_LRO_BUCKET_40_47 = 5,
+	HDD_LRO_BUCKET_48_OR_MORE = 6,
+	HDD_LRO_BUCKET_MAX = HDD_LRO_BUCKET_48_OR_MORE,
+};
+
+/**
+ * hdd_lro_stats - structure containing the LRO statistics
+ * information
+ * @pkt_aggr_hist: histogram of the number of aggregated packets
+ * @lro_eligible_tcp: number of LRO elgible TCP packets
+ * @lro_ineligible_tcp: number of LRO inelgible TCP packets
+ */
+struct hdd_lro_stats {
+	uint16_t pkt_aggr_hist[HDD_LRO_BUCKET_MAX + 1];
+	uint32_t lro_eligible_tcp;
+	uint32_t lro_ineligible_tcp;
+};
+
 /**
  * hdd_lro_s - LRO information per HDD adapter
  * @lro_mgr: LRO manager
  * @lro_desc_info: LRO descriptor information
  * @lro_mgr_arr_access_lock: Lock to access LRO manager array.
+ * @lro_stats: LRO statistics
  */
 struct hdd_lro_s {
 	struct net_lro_mgr *lro_mgr;
 	struct hdd_lro_desc_info lro_desc_info;
 	qdf_spinlock_t lro_mgr_arr_access_lock;
+	struct hdd_lro_stats lro_stats;
 };
 
 int hdd_lro_init(hdd_context_t *hdd_ctx);
@@ -121,6 +167,8 @@ enum hdd_lro_rx_status hdd_lro_rx(hdd_context_t *hdd_ctx,
 
 void hdd_lro_flush_all(hdd_context_t *hdd_ctx,
 	 hdd_adapter_t *adapter);
+
+void hdd_lro_display_stats(hdd_context_t *hdd_ctx);
 #else
 struct hdd_lro_s {};
 
@@ -142,6 +190,14 @@ static inline int hdd_lro_init(hdd_context_t *hdd_ctx)
 }
 
 static inline void hdd_lro_disable(hdd_context_t *hdd_ctx,
-	 hdd_adapter_t *adapter){}
+	 hdd_adapter_t *adapter)
+{
+	return;
+}
+
+static inline void hdd_lro_display_stats(hdd_context_t *hdd_ctx)
+{
+	return;
+}
 #endif /* FEATURE_LRO */
 #endif /* __WLAN_HDD_LRO_H__ */

core/hdd/inc/wlan_hdd_main.h

@@ -854,8 +854,29 @@ struct hdd_chan_change_params {
 	struct ch_params_s chan_params;
 };
 
-#define WLAN_HDD_ADAPTER_MAGIC 0x574c414e       /* ASCII "WLAN" */
+/**
+ * struct hdd_runtime_pm_context - context to prevent/allow runtime pm
+ * @scan: scan context to prvent/allow runtime pm
+ *
+ * Prevent Runtime PM for scan
+ */
+struct hdd_runtime_pm_context {
+	qdf_runtime_lock_t scan;
+	qdf_runtime_lock_t roc;
+	qdf_runtime_lock_t dfs;
+};
 
+/**
+ * struct hdd_connect_pm_context - Runtime PM connect context per adapter
+ * @connect: Runtime Connect Context
+ *
+ * Structure to hold runtime pm connect context for each adapter.
+ */
+struct hdd_connect_pm_context {
+	qdf_runtime_lock_t connect;
+};
+
+#define WLAN_HDD_ADAPTER_MAGIC 0x574c414e       /* ASCII "WLAN" */
 
 struct hdd_adapter_s {
 	/* Magic cookie for adapter sanity verification.  Note that this
@@ -1086,6 +1107,7 @@ struct hdd_adapter_s {
 	 * channel needs to be moved from the existing 2.4GHz channel.
 	 */
 	uint8_t pre_cac_chan;
+	struct hdd_connect_pm_context connect_rpm_ctx;
 };
 
 #define WLAN_HDD_GET_STATION_CTX_PTR(pAdapter) (&(pAdapter)->sessionCtx.station)
@@ -1395,6 +1417,7 @@ struct hdd_context_s {
 
 	/* defining the firmware version */
 	uint32_t target_fw_version;
+	uint32_t target_fw_vers_ext;
 	qdf_atomic_t dfs_radar_found;
 
 	/* defining the chip/rom version */
@@ -1527,9 +1550,9 @@ struct hdd_context_s {
 	bool update_mac_addr_to_fw;
 	struct acs_dfs_policy acs_policy;
 	uint16_t wmi_max_len;
-
 	/* counters for failed suspend reasons */
 	uint32_t suspend_fail_stats[SUSPEND_FAIL_MAX_COUNT];
+	struct hdd_runtime_pm_context runtime_context;
 };
 
 /*---------------------------------------------------------------------------
@@ -1619,6 +1642,26 @@ void hdd_checkandupdate_phymode(hdd_context_t *pHddCtx);
 #ifdef MSM_PLATFORM
 void hdd_start_bus_bw_compute_timer(hdd_adapter_t *pAdapter);
 void hdd_stop_bus_bw_compute_timer(hdd_adapter_t *pAdapter);
+
+/**
+ * hdd_bus_bandwidth_init() - Initialize bus bandwidth data structures.
+ * hdd_ctx: HDD context
+ *
+ * Initialize bus bandwidth related data structures like spinlock and timer.
+ *
+ * Return: None.
+ */
+int hdd_bus_bandwidth_init(hdd_context_t *hdd_ctx);
+
+/**
+ * hdd_bus_bandwidth_destroy() - Destroy bus bandwidth data structures.
+ * hdd_ctx: HDD context
+ *
+ * Destroy bus bandwidth related data structures like timer.
+ *
+ * Return: None.
+ */
+void hdd_bus_bandwidth_destroy(hdd_context_t *hdd_ctx);
 #else
 static inline void hdd_start_bus_bw_compute_timer(hdd_adapter_t *pAdapter)
 {
@@ -1629,6 +1672,16 @@ static inline void hdd_stop_bus_bw_computer_timer(hdd_adapter_t *pAdapter)
 {
 	return;
 }
+
+int hdd_bus_bandwidth_init(hdd_context_t *hdd_ctx)
+{
+	return 0;
+}
+
+void hdd_bus_bandwidth_destroy(hdd_context_t *hdd_ctx)
+{
+	return;
+}
 #endif
 
 int hdd_init(void);
@@ -1865,7 +1918,7 @@ int hdd_start_ftm_adapter(hdd_adapter_t *adapter);
 int hdd_set_fw_params(hdd_adapter_t *adapter);
 int hdd_wlan_start_modules(hdd_context_t *hdd_ctx, hdd_adapter_t *adapter,
 			   bool reinit);
-int hdd_wlan_stop_modules(hdd_context_t *hdd_ctx, bool shutdown);
+int hdd_wlan_stop_modules(hdd_context_t *hdd_ctx);
 int hdd_start_adapter(hdd_adapter_t *adapter);
 void hdd_connect_result(struct net_device *dev, const u8 *bssid,
 			tCsrRoamInfo *roam_info, const u8 *req_ie,

core/hdd/inc/wlan_hdd_napi.h

@@ -65,6 +65,7 @@ struct qca_napi_data *hdd_napi_get_all(void);
 int hdd_napi_apply_throughput_policy(struct hdd_context_s *hddctx,
 				     uint64_t              tx_packets,
 				     uint64_t              rx_packets);
+int hdd_napi_serialize(int is_on);
 #else /* FEATURE_NAPI and NOT HELIUM */
 static inline int hdd_napi_apply_throughput_policy(struct hdd_context_s *hddctx,
 						   uint64_t tx_packets,
@@ -72,6 +73,10 @@ static inline int hdd_napi_apply_throughput_policy(struct hdd_context_s *hddctx,
 {
 	return 0;
 }
+static inline int hdd_napi_serialize(int is_on)
+{
+	return -EINVAL;
+};
 #endif /* HELIUMPLUS */
 
 #else /* ! defined(FEATURE_NAPI) */

core/hdd/inc/wlan_hdd_wmm.h

@@ -89,10 +89,7 @@ typedef enum hdd_wmm_classification {
  *	with QAP and acts accordingly
  * @HDD_WMM_USER_MODE_QBSS_ONLY - SME will add the extra logic to make sure
  *	STA associates with a QAP only
- * @HDD_WMM_USER_MODE_NO_QOS - SME will not join a QoS AP, unless the phy
- *	mode setting says "Auto". In that case, STA is free to join 11n AP.
- *	Although from HDD point of view, it will not be doing any packet
- *	classifications.
+ * @HDD_WMM_USER_MODE_NO_QOS - Join any AP, but uapsd is disabled
  */
 typedef enum hdd_wmm_user_mode {
 	HDD_WMM_USER_MODE_AUTO = 0,

core/hdd/src/wlan_hdd_assoc.c

@@ -62,6 +62,7 @@
 #include "ol_rx_fwd.h"
 #include "cdp_txrx_flow_ctrl_legacy.h"
 #include "cdp_txrx_peer_ops.h"
+#include "wlan_hdd_napi.h"
 
 /* These are needed to recognize WPA and RSN suite types */
 #define HDD_WPA_OUI_SIZE 4
@@ -3292,7 +3293,7 @@ roam_roam_connect_status_update_handler(hdd_adapter_t *pAdapter,
 	{
 		hdd_station_ctx_t *pHddStaCtx =
 			WLAN_HDD_GET_STATION_CTX_PTR(pAdapter);
-		struct station_info staInfo;
+		struct station_info *stainfo;
 
 		hdd_err("IBSS New Peer indication from SME "
 			 "with peerMac " MAC_ADDRESS_STR " BSSID: "
@@ -3322,13 +3323,18 @@ roam_roam_connect_status_update_handler(hdd_adapter_t *pAdapter,
 				qdf_status, qdf_status);
 		}
 		pHddStaCtx->ibss_sta_generation++;
-		memset(&staInfo, 0, sizeof(staInfo));
-		staInfo.filled = 0;
-		staInfo.generation = pHddStaCtx->ibss_sta_generation;
+		stainfo = qdf_mem_malloc(sizeof(*stainfo));
+		if (stainfo == NULL) {
+			hdd_err("memory allocation for station_info failed");
+			return QDF_STATUS_E_NOMEM;
+		}
+		stainfo->filled = 0;
+		stainfo->generation = pHddStaCtx->ibss_sta_generation;
 
 		cfg80211_new_sta(pAdapter->dev,
 				 (const u8 *)pRoamInfo->peerMac.bytes,
-				 &staInfo, GFP_KERNEL);
+				 stainfo, GFP_KERNEL);
+		qdf_mem_free(stainfo);
 
 		if (eCSR_ENCRYPT_TYPE_WEP40_STATICKEY ==
 		    pHddStaCtx->ibss_enc_key.encType
@@ -4596,6 +4602,8 @@ hdd_sme_roam_callback(void *pContext, tCsrRoamInfo *pRoamInfo, uint32_t roamId,
 		 * after reassoc.
 		 */
 		hdd_info("Disabling queues");
+		hdd_info("Roam Synch Ind: NAPI Serialize ON");
+		hdd_napi_serialize(1);
 		wlan_hdd_netif_queue_control(pAdapter,
 				WLAN_NETIF_TX_DISABLE,
 				WLAN_CONTROL_PATH);
@@ -4608,6 +4616,10 @@ hdd_sme_roam_callback(void *pContext, tCsrRoamInfo *pRoamInfo, uint32_t roamId,
 		hdd_info("hdd_ReassocScenario set to: %d, due to eCSR_ROAM_FT_START, session: %d",
 			 pHddStaCtx->hdd_ReassocScenario, pAdapter->sessionId);
 		break;
+	case eCSR_ROAM_NAPI_OFF:
+		hdd_info("After Roam Synch Comp: NAPI Serialize OFF");
+		hdd_napi_serialize(0);
+		break;
 	case eCSR_ROAM_SHOULD_ROAM:
 		/* notify apps that we can't pass traffic anymore */
 		hdd_info("Disabling queues");
@@ -4892,11 +4904,13 @@ hdd_sme_roam_callback(void *pContext, tCsrRoamInfo *pRoamInfo, uint32_t roamId,
 		wlan_hdd_netif_queue_control(pAdapter,
 				WLAN_NETIF_TX_DISABLE,
 				WLAN_CONTROL_PATH);
+		hdd_napi_serialize(1);
 		cds_set_connection_in_progress(true);
 		cds_restart_opportunistic_timer(true);
 		break;
 	case eCSR_ROAM_ABORT:
 		hdd_info("Firmware aborted roaming operation, previous connection is still valid");
+		hdd_napi_serialize(0);
 		wlan_hdd_netif_queue_control(pAdapter,
 				WLAN_WAKE_ALL_NETIF_QUEUE,
 				WLAN_CONTROL_PATH);

core/hdd/src/wlan_hdd_cfg.c

@@ -3987,6 +3987,13 @@ REG_TABLE_ENTRY g_registry_table[] = {
 		     CFG_BUG_ON_REINIT_FAILURE_MIN,
 		     CFG_BUG_ON_REINIT_FAILURE_MAX),
 
+	REG_VARIABLE(CFG_SAP_FORCE_11N_FOR_11AC_NAME, WLAN_PARAM_Integer,
+		     struct hdd_config, sap_force_11n_for_11ac,
+		     VAR_FLAGS_OPTIONAL | VAR_FLAGS_RANGE_CHECK_ASSUME_DEFAULT,
+		     CFG_SAP_FORCE_11N_FOR_11AC_DEFAULT,
+		     CFG_SAP_FORCE_11N_FOR_11AC_MIN,
+		     CFG_SAP_FORCE_11N_FOR_11AC_MAX),
+
 	REG_VARIABLE(CFG_INTERFACE_CHANGE_WAIT_NAME, WLAN_PARAM_Integer,
 			struct hdd_config, iface_change_wait_time,
 			VAR_FLAGS_OPTIONAL | VAR_FLAGS_RANGE_CHECK,
@@ -5698,6 +5705,9 @@ void hdd_cfg_print(hdd_context_t *pHddCtx)
 	hdd_info("Name = [%s] Value = [%s]",
 		CFG_RM_CAPABILITY_NAME,
 		pHddCtx->config->rm_capability);
+	hdd_info("Name = [%s] Value = [%d]",
+		CFG_SAP_FORCE_11N_FOR_11AC_NAME,
+		pHddCtx->config->sap_force_11n_for_11ac);
 	hdd_info("Name = [%s] Value = [%d]",
 		CFG_BPF_PACKET_FILTER_OFFLOAD,
 		pHddCtx->config->bpf_packet_filter_enable);

core/hdd/src/wlan_hdd_cfg80211.c

@@ -1486,6 +1486,11 @@ static int __wlan_hdd_cfg80211_do_acs(struct wiphy *wiphy,
 	else
 		vht_enabled = 0;
 
+	if (hdd_ctx->config->sap_force_11n_for_11ac) {
+		vht_enabled = 0;
+		hdd_log(LOG1, FL("VHT is Disabled in ACS"));
+	}
+
 	if (tb[QCA_WLAN_VENDOR_ATTR_ACS_CHWIDTH]) {
 		ch_width = nla_get_u16(tb[QCA_WLAN_VENDOR_ATTR_ACS_CHWIDTH]);
 	} else {
@@ -1494,6 +1499,15 @@ static int __wlan_hdd_cfg80211_do_acs(struct wiphy *wiphy,
 		else
 			ch_width = 20;
 	}
+
+	/* this may be possible, when sap_force_11n_for_11ac is set */
+	if ((ch_width == 80 || ch_width == 160) && !vht_enabled) {
+		if (ht_enabled && ht40_enabled)
+			ch_width = 40;
+		else
+			ch_width = 20;
+	}
+
 	if (ch_width == 80)
 		sap_config->acs_cfg.ch_width = CH_WIDTH_80MHZ;
 	else if (ch_width == 40)
@@ -1557,7 +1571,8 @@ static int __wlan_hdd_cfg80211_do_acs(struct wiphy *wiphy,
 		hdd_err("Get PCL failed");
 
 	/* ACS override for android */
-	if (hdd_ctx->config->sap_p2p_11ac_override && ht_enabled) {
+	if (hdd_ctx->config->sap_p2p_11ac_override && ht_enabled &&
+	    !hdd_ctx->config->sap_force_11n_for_11ac) {
 		hdd_notice("ACS Config override for 11AC");
 		vht_enabled = 1;
 		sap_config->acs_cfg.hw_mode = eCSR_DOT11_MODE_11ac;
@@ -1800,7 +1815,7 @@ __wlan_hdd_cfg80211_get_supported_features(struct wiphy *wiphy,
 	uint32_t fset = 0;
 	int ret;
 
-	ENTER_DEV(wdev->netdev);
+	/* ENTER_DEV() intentionally not used in a frequently invoked API */
 
 	if (QDF_GLOBAL_FTM_MODE == hdd_get_conparam()) {
 		hdd_err("Command not allowed in FTM mode");
@@ -1888,7 +1903,6 @@ __wlan_hdd_cfg80211_get_supported_features(struct wiphy *wiphy,
 		goto nla_put_failure;
 	}
 	ret = cfg80211_vendor_cmd_reply(skb);
-	EXIT();
 	return ret;
 nla_put_failure:
 	kfree_skb(skb);
@@ -3600,7 +3614,7 @@ __wlan_hdd_cfg80211_get_wifi_info(struct wiphy *wiphy,
 			goto error_nla_fail;
 	}
 
-	if (tb_vendor[QCA_WLAN_VENDOR_ATTR_WIFI_INFO_DRIVER_VERSION]) {
+	if (tb_vendor[QCA_WLAN_VENDOR_ATTR_WIFI_INFO_FIRMWARE_VERSION]) {
 		if (nla_put_string(reply_skb,
 			    QCA_WLAN_VENDOR_ATTR_WIFI_INFO_FIRMWARE_VERSION,
 			    firmware_version))
@@ -4058,16 +4072,16 @@ __wlan_hdd_cfg80211_wifi_configuration_set(struct wiphy *wiphy,
 		if (access_policy == QCA_ACCESS_POLICY_DENY_UNLESS_LISTED) {
 			access_policy =
 				WLAN_HDD_VENDOR_IE_ACCESS_ALLOW_IF_LISTED;
-	} else {
+		} else {
 			access_policy = WLAN_HDD_VENDOR_IE_ACCESS_NONE;
-	}
+		}
 
-	hdd_info("calling sme_update_access_policy_vendor_ie");
-	status = sme_update_access_policy_vendor_ie(hdd_ctx->hHal,
-			adapter->sessionId, &vendor_ie[0],
-			access_policy);
-	if (QDF_STATUS_SUCCESS != status) {
-		hdd_info("Failed to set vendor ie and access policy.");
+		hdd_info("calling sme_update_access_policy_vendor_ie");
+		status = sme_update_access_policy_vendor_ie(hdd_ctx->hHal,
+				adapter->sessionId, &vendor_ie[0],
+				access_policy);
+		if (QDF_STATUS_SUCCESS != status) {
+			hdd_info("Failed to set vendor ie and access policy.");
 			return -EINVAL;
 		}
 	}
@@ -4141,6 +4155,26 @@ __wlan_hdd_cfg80211_wifi_configuration_set(struct wiphy *wiphy,
 		}
 	}
 
+	if (tb[QCA_WLAN_VENDOR_ATTR_CONFIG_IGNORE_ASSOC_DISALLOWED]) {
+		uint8_t ignore_assoc_disallowed;
+
+		ignore_assoc_disallowed
+			= nla_get_u8(tb[
+			QCA_WLAN_VENDOR_ATTR_CONFIG_IGNORE_ASSOC_DISALLOWED]);
+		hdd_info("Set ignore_assoc_disallowed value - %d",
+					ignore_assoc_disallowed);
+		if ((ignore_assoc_disallowed <
+			QCA_IGNORE_ASSOC_DISALLOWED_DISABLE) ||
+			(ignore_assoc_disallowed >
+				QCA_IGNORE_ASSOC_DISALLOWED_ENABLE))
+			return -EPERM;
+
+		sme_update_session_param(hdd_ctx->hHal,
+					adapter->sessionId,
+					SIR_PARAM_IGNORE_ASSOC_DISALLOWED,
+					ignore_assoc_disallowed);
+	}
+
 	return ret_val;
 }
 
@@ -7617,7 +7651,7 @@ static int wlan_hdd_cfg80211_get_wakelock_stats(struct wiphy *wiphy,
 	cds_ssr_protect(__func__);
 	ret = __wlan_hdd_cfg80211_get_wakelock_stats(wiphy, wdev, data,
 								data_len);
-	cds_ssr_protect(__func__);
+	cds_ssr_unprotect(__func__);
 
 	return ret;
 }
@@ -11147,6 +11181,8 @@ static int wlan_hdd_cfg80211_connect_start(hdd_adapter_t *pAdapter,
 	tCsrRoamProfile *pRoamProfile;
 	eCsrAuthType RSNAuthType;
 	tSmeConfigParams *sme_config;
+	uint8_t channel = 0;
+	struct sir_hw_mode_params hw_mode;
 
 	ENTER();
 
@@ -11417,6 +11453,8 @@ static int wlan_hdd_cfg80211_connect_start(hdd_adapter_t *pAdapter,
 			hdd_conn_set_connection_state(pAdapter,
 			eConnectionState_Connecting);
 
+		qdf_runtime_pm_prevent_suspend(pAdapter->connect_rpm_ctx.
+					       connect);
 		status = sme_roam_connect(WLAN_HDD_GET_HAL_CTX(pAdapter),
 					  pAdapter->sessionId, pRoamProfile,
 					  &roamId);
@@ -11430,11 +11468,28 @@ static int wlan_hdd_cfg80211_connect_start(hdd_adapter_t *pAdapter,
 			/* change back to NotAssociated */
 			hdd_conn_set_connection_state(pAdapter,
 						      eConnectionState_NotConnected);
+			qdf_runtime_pm_allow_suspend(pAdapter->connect_rpm_ctx.
+						     connect);
 		}
 
 		pRoamProfile->ChannelInfo.ChannelList = NULL;
 		pRoamProfile->ChannelInfo.numOfChannels = 0;
 
+		if (!QDF_IS_STATUS_SUCCESS(
+				wma_get_current_hw_mode(&hw_mode))) {
+			hdd_err("wma_get_current_hw_mode failed");
+			return status;
+		}
+
+		if ((QDF_STA_MODE == pAdapter->device_mode)
+		    && hw_mode.dbs_cap) {
+			cds_get_channel_from_scan_result(pAdapter,
+					pRoamProfile, &channel);
+			if (channel)
+				cds_checkn_update_hw_mode_single_mac_mode
+					(channel);
+		}
+
 	} else {
 		hdd_err("No valid Roam profile");
 		return -EINVAL;
@@ -14438,7 +14493,7 @@ __wlan_hdd_cfg80211_set_ap_channel_width(struct wiphy *wiphy,
 	hdd_context_t *pHddCtx;
 	QDF_STATUS status;
 	tSmeConfigParams sme_config;
-	bool cbModeChange;
+	bool cbModeChange = false;
 
 	if (QDF_GLOBAL_FTM_MODE == hdd_get_conparam()) {
 		hdd_err("Command not allowed in FTM mode");

core/hdd/src/wlan_hdd_cfg80211.h

@@ -1901,6 +1901,30 @@ enum qca_wlan_epno_type {
  *	Unsigned 8-bit value; auth bit field for matching WPA IE
  * @QCA_WLAN_VENDOR_ATTR_PNO_SET_LIST_PARAM_EPNO_TYPE
  *	Unsigned 8-bit to indicate ePNO type; values from qca_wlan_epno_type
+ *@QCA_WLAN_VENDOR_ATTR_PNO_SET_LIST_PARAM_EPNO_CHANNEL_LIST
+ *	Nested attribute to send the channel list
+ *@QCA_WLAN_VENDOR_ATTR_PNO_SET_LIST_PARAM_EPNO_SCAN_INTERVAL
+ *	Unsigned 32-bit value; indicates the Interval between PNO scan
+ *	cycles in msec
+ *@QCA_WLAN_VENDOR_ATTR_EPNO_MIN5GHZ_RSSI
+ *	Signed 32-bit value; minimum 5GHz RSSI for a BSSID to be considered
+ *@QCA_WLAN_VENDOR_ATTR_EPNO_MIN24GHZ_RSSI
+ *	Signed 32-bit value; minimum 2.4GHz RSSI for a BSSID to be considered
+ *	This attribute is obsolete now.
+ *@QCA_WLAN_VENDOR_ATTR_EPNO_INITIAL_SCORE_MAX
+ *	Signed 32-bit value; the maximum score that a network
+ *	can have before bonuses
+ *@QCA_WLAN_VENDOR_ATTR_EPNO_CURRENT_CONNECTION_BONUS
+ *	Signed 32-bit value; only report when there is a network's
+ *	score this much higher han the current connection
+ *@QCA_WLAN_VENDOR_ATTR_EPNO_SAME_NETWORK_BONUS
+ *	Signed 32-bit value; score bonus for all networks with
+ *	the same network flag
+ *@QCA_WLAN_VENDOR_ATTR_EPNO_SECURE_BONUS
+ *	Signed 32-bit value; score bonus for networks that are not open
+ *@QCA_WLAN_VENDOR_ATTR_EPNO_BAND5GHZ_BONUS
+ *	Signed 32-bit value; 5GHz RSSI score bonus applied to all
+ *	5GHz networks
  * @QCA_WLAN_VENDOR_ATTR_PNO_AFTER_LAST: After last
  * @QCA_WLAN_VENDOR_ATTR_PNO_MAX: max
  */
@@ -1921,6 +1945,15 @@ enum qca_wlan_vendor_attr_pno_config_params {
 	QCA_WLAN_VENDOR_ATTR_PNO_SET_LIST_PARAM_EPNO_NETWORK_FLAGS = 11,
 	QCA_WLAN_VENDOR_ATTR_PNO_SET_LIST_PARAM_EPNO_NETWORK_AUTH_BIT = 12,
 	QCA_WLAN_VENDOR_ATTR_PNO_SET_LIST_PARAM_EPNO_TYPE = 13,
+	QCA_WLAN_VENDOR_ATTR_PNO_SET_LIST_PARAM_EPNO_CHANNEL_LIST = 14,
+	QCA_WLAN_VENDOR_ATTR_PNO_SET_LIST_PARAM_EPNO_SCAN_INTERVAL = 15,
+	QCA_WLAN_VENDOR_ATTR_EPNO_MIN5GHZ_RSSI = 16,
+	QCA_WLAN_VENDOR_ATTR_EPNO_MIN24GHZ_RSSI = 17,
+	QCA_WLAN_VENDOR_ATTR_EPNO_INITIAL_SCORE_MAX = 18,
+	QCA_WLAN_VENDOR_ATTR_EPNO_CURRENT_CONNECTION_BONUS = 19,
+	QCA_WLAN_VENDOR_ATTR_EPNO_SAME_NETWORK_BONUS = 20,
+	QCA_WLAN_VENDOR_ATTR_EPNO_SECURE_BONUS = 21,
+	QCA_WLAN_VENDOR_ATTR_EPNO_BAND5GHZ_BONUS = 22,
 
 	/* keep last */
 	QCA_WLAN_VENDOR_ATTR_PNO_AFTER_LAST,
@@ -2311,6 +2344,20 @@ enum qca_access_policy {
 	QCA_ACCESS_POLICY_DENY_UNLESS_LISTED,
 };
 
+/**
+ * enum qca_ignore_assoc_disallowed - Ignore assoc disallowed values
+ *
+ * The valid values for the ignore assoc disallowed
+ *
+ * @QCA_IGNORE_ASSOC_DISALLOWED_DISABLE: Disable ignore assoc disallowed
+ * @QCA_IGNORE_ASSOC_DISALLOWED_ENABLE: Enable ignore assoc disallowed
+ *
+ */
+enum qca_ignore_assoc_disallowed {
+	QCA_IGNORE_ASSOC_DISALLOWED_DISABLE,
+	QCA_IGNORE_ASSOC_DISALLOWED_ENABLE
+};
+
 /**
  * enum qca_wlan_vendor_config: wifi config attr
  *
@@ -2342,6 +2389,8 @@ enum qca_access_policy {
  *                                       parameters
  * @QCA_WLAN_VENDOR_ATTR_CONFIG_QPOWER: Unsigned 8bit length attribute to update
  *                                      power save config to turn off/on qpower
+ * @QCA_WLAN_VENDOR_ATTR_CONFIG_IGNORE_ASSOC_DISALLOWED: Ignore Assoc Disallowed
+ *                                                       [MBO]
  * @QCA_WLAN_VENDOR_ATTR_CONFIG_LAST: last config
  * @QCA_WLAN_VENDOR_ATTR_CONFIG_MAX: max config
  */
@@ -2396,6 +2445,7 @@ enum qca_wlan_vendor_config {
 	QCA_WLAN_VENDOR_ATTR_CONFIG_IFINDEX,
 	/* Unsigned 8-bit, for setting qpower dynamically */
 	QCA_WLAN_VENDOR_ATTR_CONFIG_QPOWER = 25,
+	QCA_WLAN_VENDOR_ATTR_CONFIG_IGNORE_ASSOC_DISALLOWED = 26,
 	/* keep last */
 	QCA_WLAN_VENDOR_ATTR_CONFIG_LAST,
 	QCA_WLAN_VENDOR_ATTR_CONFIG_MAX =

core/hdd/src/wlan_hdd_driver_ops.c

@@ -351,15 +351,10 @@ static int wlan_hdd_probe(struct device *dev, void *bdev, const hif_bus_id *bid,
 	*/
 	hdd_request_pm_qos(dev, DISABLE_KRAIT_IDLE_PS_VAL);
 
-	if (reinit) {
+	if (reinit)
 		cds_set_recovery_in_progress(true);
-	} else {
-		ret = hdd_init();
-
-		if (ret)
-			goto out;
+	else
 		cds_set_load_in_progress(true);
-	}
 
 	hdd_init_qdf_ctx(dev, bdev, bus_type, (const struct hif_bus_id *)bid);
 
@@ -390,8 +385,6 @@ err_hdd_deinit:
 		cds_set_recovery_in_progress(false);
 	else
 		cds_set_load_in_progress(false);
-	hdd_deinit();
-out:
 	hdd_allow_suspend(WIFI_POWER_EVENT_WAKELOCK_DRIVER_INIT);
 	hdd_remove_pm_qos(dev);
 	return ret;
@@ -431,8 +424,6 @@ static void wlan_hdd_remove(struct device *dev)
 		__hdd_wlan_exit();
 	}
 
-	hdd_deinit();
-
 	pr_info("%s: Driver De-initialized\n", WLAN_MODULE_NAME);
 }
 

core/hdd/src/wlan_hdd_ext_scan.c

@@ -116,8 +116,6 @@ static const struct nla_policy wlan_hdd_extscan_config_policy
 	[QCA_WLAN_VENDOR_ATTR_PNO_SET_LIST_PARAM_EPNO_NETWORK_SSID] = {
 				.type = NLA_BINARY,
 				.len = IEEE80211_MAX_SSID_LEN },
-	[QCA_WLAN_VENDOR_ATTR_PNO_SET_LIST_PARAM_EPNO_NETWORK_RSSI_THRESHOLD] = {
-				.type = NLA_S8 },
 	[QCA_WLAN_VENDOR_ATTR_PNO_SET_LIST_PARAM_EPNO_NETWORK_FLAGS] = {
 				.type = NLA_U8 },
 	[QCA_WLAN_VENDOR_ATTR_PNO_SET_LIST_PARAM_EPNO_NETWORK_AUTH_BIT] = {
@@ -293,7 +291,7 @@ wlan_hdd_cfg80211_extscan_cached_results_ind(void *ctx,
 	uint32_t i, j, nl_buf_len;
 	bool ignore_cached_results = false;
 
-	ENTER();
+	/* ENTER() intentionally not used in a frequently invoked API */
 
 	if (wlan_hdd_validate_context(pHddCtx))
 		return;
@@ -361,7 +359,6 @@ wlan_hdd_cfg80211_extscan_cached_results_ind(void *ctx,
 		}
 	}
 
-	hdd_notice("nl_buf_len = %u", nl_buf_len);
 	skb = cfg80211_vendor_cmd_alloc_reply_skb(pHddCtx->wiphy, nl_buf_len);
 
 	if (!skb) {
@@ -490,7 +487,6 @@ wlan_hdd_cfg80211_extscan_cached_results_ind(void *ctx,
 		complete(&context->response_event);
 		spin_unlock(&context->context_lock);
 	}
-	EXIT();
 	return;
 
 fail:
@@ -785,7 +781,7 @@ wlan_hdd_cfg80211_extscan_full_scan_result_event(void *ctx,
 
 	int flags = cds_get_gfp_flags();
 
-	ENTER();
+	/* ENTER() intentionally not used in a frequently invoked API */
 
 	if (wlan_hdd_validate_context(pHddCtx))
 		return;
@@ -898,7 +894,6 @@ wlan_hdd_cfg80211_extscan_full_scan_result_event(void *ctx,
 	spin_unlock(&context->context_lock);
 
 	cfg80211_vendor_event(skb, flags);
-	EXIT();
 	return;
 
 nla_put_failure:
@@ -987,13 +982,12 @@ wlan_hdd_cfg80211_extscan_scan_progress_event(void *ctx,
 	int flags = cds_get_gfp_flags();
 	struct hdd_ext_scan_context *context;
 
-	ENTER();
+	/* ENTER() intentionally not used in a frequently invoked API */
 
 	if (wlan_hdd_validate_context(pHddCtx))
 		return;
 	if (!pData) {
 		hdd_err("pData is null");
-		EXIT();
 		return;
 	}
 
@@ -1006,11 +1000,10 @@ wlan_hdd_cfg80211_extscan_scan_progress_event(void *ctx,
 
 	if (!skb) {
 		hdd_err("cfg80211_vendor_event_alloc failed");
-		EXIT();
 		return;
 	}
 
-	hdd_notice("Request Id %u Scan event type %u Scan event status %u buckets scanned %u",
+	hdd_notice("Request Id: %u Scan event type: %u Scan event status: %u buckets scanned: %u",
 		pData->requestId, pData->scanEventType, pData->status,
 		pData->buckets_scanned);
 
@@ -1039,12 +1032,10 @@ wlan_hdd_cfg80211_extscan_scan_progress_event(void *ctx,
 	}
 
 	cfg80211_vendor_event(skb, flags);
-	EXIT();
 	return;
 
 nla_put_failure:
 	kfree_skb(skb);
-	EXIT();
 	return;
 }
 
@@ -1493,7 +1484,7 @@ void wlan_hdd_cfg80211_extscan_callback(void *ctx, const uint16_t evType,
 {
 	hdd_context_t *pHddCtx = (hdd_context_t *) ctx;
 
-	ENTER();
+	/* ENTER() intentionally not used in a frequently invoked API */
 
 	if (wlan_hdd_validate_context(pHddCtx))
 		return;
@@ -1570,7 +1561,6 @@ void wlan_hdd_cfg80211_extscan_callback(void *ctx, const uint16_t evType,
 		hdd_err("Unknown event type %u", evType);
 		break;
 	}
-	EXIT();
 }
 
 /*
@@ -1888,7 +1878,7 @@ static int __wlan_hdd_cfg80211_extscan_get_cached_results(struct wiphy *wiphy,
 	int retval = 0;
 	unsigned long rc;
 
-	ENTER_DEV(dev);
+	/* ENTER_DEV() intentionally not used in a frequently invoked API */
 
 	if (QDF_GLOBAL_FTM_MODE == hdd_get_conparam()) {
 		hdd_err("Command not allowed in FTM mode");
@@ -1923,8 +1913,6 @@ static int __wlan_hdd_cfg80211_extscan_get_cached_results(struct wiphy *wiphy,
 
 	pReqMsg->requestId = nla_get_u32(tb[PARAM_REQUEST_ID]);
 	pReqMsg->sessionId = pAdapter->sessionId;
-	hdd_notice("Req Id %d Session Id %d",
-		pReqMsg->requestId, pReqMsg->sessionId);
 
 	/* Parse and fetch flush parameter */
 	if (!tb[PARAM_FLUSH]) {
@@ -1932,7 +1920,8 @@ static int __wlan_hdd_cfg80211_extscan_get_cached_results(struct wiphy *wiphy,
 		goto fail;
 	}
 	pReqMsg->flush = nla_get_u8(tb[PARAM_FLUSH]);
-	hdd_notice("Flush %d", pReqMsg->flush);
+	hdd_notice("Req Id: %u Session Id: %d Flush: %d",
+		pReqMsg->requestId, pReqMsg->sessionId, pReqMsg->flush);
 
 	context = &ext_scan_context;
 	spin_lock(&context->context_lock);
@@ -1960,7 +1949,6 @@ static int __wlan_hdd_cfg80211_extscan_get_cached_results(struct wiphy *wiphy,
 		retval = context->response_status;
 		spin_unlock(&context->context_lock);
 	}
-	EXIT();
 	return retval;
 
 fail:
@@ -2511,17 +2499,16 @@ __wlan_hdd_cfg80211_extscan_get_valid_channels(struct wiphy *wiphy,
 	struct net_device *dev = wdev->netdev;
 	hdd_adapter_t *pAdapter = WLAN_HDD_GET_PRIV_PTR(dev);
 	uint32_t chan_list[WNI_CFG_VALID_CHANNEL_LIST_LEN] = {0};
-	uint8_t num_channels  = 0;
+	uint8_t num_channels  = 0, i, buf[256] = {0};
 	struct nlattr *tb[QCA_WLAN_VENDOR_ATTR_EXTSCAN_SUBCMD_CONFIG_PARAM_MAX +
 			  1];
 	uint32_t requestId, maxChannels;
 	tWifiBand wifiBand;
 	QDF_STATUS status;
 	struct sk_buff *reply_skb;
-	uint8_t i;
-	int ret;
+	int ret, len = 0;
 
-	ENTER_DEV(dev);
+	/* ENTER_DEV() intentionally not used in a frequently invoked API */
 
 	if (QDF_GLOBAL_FTM_MODE == hdd_get_conparam()) {
 		hdd_err("Command not allowed in FTM mode");
@@ -2550,7 +2537,6 @@ __wlan_hdd_cfg80211_extscan_get_valid_channels(struct wiphy *wiphy,
 	requestId =
 		nla_get_u32(tb
 		 [QCA_WLAN_VENDOR_ATTR_EXTSCAN_SUBCMD_CONFIG_PARAM_REQUEST_ID]);
-	hdd_notice("Req Id %d", requestId);
 
 	/* Parse and fetch wifi band */
 	if (!tb
@@ -2561,7 +2547,6 @@ __wlan_hdd_cfg80211_extscan_get_valid_channels(struct wiphy *wiphy,
 	wifiBand =
 		nla_get_u32(tb
 		    [QCA_WLAN_VENDOR_ATTR_EXTSCAN_GET_VALID_CHANNELS_CONFIG_PARAM_WIFI_BAND]);
-	hdd_notice("Wifi band %d", wifiBand);
 
 	if (!tb
 	    [QCA_WLAN_VENDOR_ATTR_EXTSCAN_GET_VALID_CHANNELS_CONFIG_PARAM_MAX_CHANNELS]) {
@@ -2571,7 +2556,8 @@ __wlan_hdd_cfg80211_extscan_get_valid_channels(struct wiphy *wiphy,
 	maxChannels =
 		nla_get_u32(tb
 		    [QCA_WLAN_VENDOR_ATTR_EXTSCAN_GET_VALID_CHANNELS_CONFIG_PARAM_MAX_CHANNELS]);
-	hdd_notice("Max channels %d", maxChannels);
+	hdd_notice("Req Id: %u Wifi band: %d Max channels: %d", requestId,
+		    wifiBand, maxChannels);
 	status = sme_get_valid_channels_by_band((tHalHandle) (pHddCtx->hHal),
 						wifiBand, chan_list,
 						&num_channels);
@@ -2589,9 +2575,12 @@ __wlan_hdd_cfg80211_extscan_get_valid_channels(struct wiphy *wiphy,
 	    !strncmp(hdd_get_fwpath(), "ap", 2))
 		hdd_remove_indoor_channels(wiphy, chan_list, &num_channels);
 
-	hdd_notice("Number of channels %d", num_channels);
+	hdd_notice("Number of channels: %d", num_channels);
 	for (i = 0; i < num_channels; i++)
-		hdd_notice("Channel: %u ", chan_list[i]);
+		len += scnprintf(buf + len, sizeof(buf) - len,
+				 "%u ", chan_list[i]);
+
+	hdd_notice("Channels: %s", buf);
 
 	reply_skb = cfg80211_vendor_cmd_alloc_reply_skb(wiphy, sizeof(u32) +
 							sizeof(u32) *
@@ -2610,7 +2599,6 @@ __wlan_hdd_cfg80211_extscan_get_valid_channels(struct wiphy *wiphy,
 			return -EINVAL;
 		}
 		ret = cfg80211_vendor_cmd_reply(reply_skb);
-		EXIT();
 		return ret;
 	}
 
@@ -2779,8 +2767,6 @@ static int hdd_extscan_start_fill_bucket_channel_spec(
 		}
 		req_msg->buckets[bkt_index].bucket = nla_get_u8(
 			bucket[QCA_WLAN_VENDOR_ATTR_EXTSCAN_BUCKET_SPEC_INDEX]);
-		hdd_notice("Bucket spec Index %d",
-				req_msg->buckets[bkt_index].bucket);
 
 		/* Parse and fetch wifi band */
 		if (!bucket[QCA_WLAN_VENDOR_ATTR_EXTSCAN_BUCKET_SPEC_BAND]) {
@@ -2789,8 +2775,6 @@ static int hdd_extscan_start_fill_bucket_channel_spec(
 		}
 		req_msg->buckets[bkt_index].band = nla_get_u8(
 			bucket[QCA_WLAN_VENDOR_ATTR_EXTSCAN_BUCKET_SPEC_BAND]);
-		hdd_notice("Wifi band %d",
-			req_msg->buckets[bkt_index].band);
 
 		/* Parse and fetch period */
 		if (!bucket[QCA_WLAN_VENDOR_ATTR_EXTSCAN_BUCKET_SPEC_PERIOD]) {
@@ -2799,8 +2783,6 @@ static int hdd_extscan_start_fill_bucket_channel_spec(
 		}
 		req_msg->buckets[bkt_index].period = nla_get_u32(
 		bucket[QCA_WLAN_VENDOR_ATTR_EXTSCAN_BUCKET_SPEC_PERIOD]);
-		hdd_notice("period %d",
-			req_msg->buckets[bkt_index].period);
 
 		/* Parse and fetch report events */
 		if (!bucket[
@@ -2811,8 +2793,6 @@ static int hdd_extscan_start_fill_bucket_channel_spec(
 		req_msg->buckets[bkt_index].reportEvents = nla_get_u8(
 			bucket[
 			QCA_WLAN_VENDOR_ATTR_EXTSCAN_BUCKET_SPEC_REPORT_EVENTS]);
-		hdd_notice("report events %d",
-				req_msg->buckets[bkt_index].reportEvents);
 
 		/* Parse and fetch max period */
 		if (!bucket[QCA_WLAN_VENDOR_ATTR_EXTSCAN_BUCKET_SPEC_MAX_PERIOD]) {
@@ -2821,8 +2801,6 @@ static int hdd_extscan_start_fill_bucket_channel_spec(
 		}
 		req_msg->buckets[bkt_index].max_period = nla_get_u32(
 			bucket[QCA_WLAN_VENDOR_ATTR_EXTSCAN_BUCKET_SPEC_MAX_PERIOD]);
-		hdd_notice("max period %u",
-			req_msg->buckets[bkt_index].max_period);
 
 		/* Parse and fetch base */
 		if (!bucket[QCA_WLAN_VENDOR_ATTR_EXTSCAN_BUCKET_SPEC_BASE]) {
@@ -2831,8 +2809,6 @@ static int hdd_extscan_start_fill_bucket_channel_spec(
 		}
 		req_msg->buckets[bkt_index].exponent = nla_get_u32(
 			bucket[QCA_WLAN_VENDOR_ATTR_EXTSCAN_BUCKET_SPEC_BASE]);
-		hdd_notice("base %u",
-			req_msg->buckets[bkt_index].exponent);
 
 		/* Parse and fetch step count */
 		if (!bucket[QCA_WLAN_VENDOR_ATTR_EXTSCAN_BUCKET_SPEC_STEP_COUNT]) {
@@ -2841,8 +2817,14 @@ static int hdd_extscan_start_fill_bucket_channel_spec(
 		}
 		req_msg->buckets[bkt_index].step_count = nla_get_u32(
 			bucket[QCA_WLAN_VENDOR_ATTR_EXTSCAN_BUCKET_SPEC_STEP_COUNT]);
-		hdd_notice("Step count %u",
-			req_msg->buckets[bkt_index].step_count);
+		hdd_notice("Bucket spec Index: %d Wifi band: %d period: %d report events: %d max period: %u base: %u Step count: %u",
+				req_msg->buckets[bkt_index].bucket,
+				req_msg->buckets[bkt_index].band,
+				req_msg->buckets[bkt_index].period,
+				req_msg->buckets[bkt_index].reportEvents,
+				req_msg->buckets[bkt_index].max_period,
+				req_msg->buckets[bkt_index].exponent,
+				req_msg->buckets[bkt_index].step_count);
 
 		/* start with known good values for bucket dwell times */
 		req_msg->buckets[bkt_index].min_dwell_time_active =
@@ -3221,9 +3203,6 @@ __wlan_hdd_cfg80211_extscan_start(struct wiphy *wiphy,
 
 	pReqMsg->requestId = nla_get_u32(tb[PARAM_REQUEST_ID]);
 	pReqMsg->sessionId = pAdapter->sessionId;
-	hdd_notice("Req Id %d Session Id %d",
-			pReqMsg->requestId,
-			pReqMsg->sessionId);
 
 	/* Parse and fetch base period */
 	if (!tb[PARAM_BASE_PERIOD]) {
@@ -3231,8 +3210,6 @@ __wlan_hdd_cfg80211_extscan_start(struct wiphy *wiphy,
 		goto fail;
 	}
 	pReqMsg->basePeriod = nla_get_u32(tb[PARAM_BASE_PERIOD]);
-	hdd_notice("Base Period %d",
-				pReqMsg->basePeriod);
 
 	/* Parse and fetch max AP per scan */
 	if (!tb[PARAM_MAX_AP_PER_SCAN]) {
@@ -3240,7 +3217,6 @@ __wlan_hdd_cfg80211_extscan_start(struct wiphy *wiphy,
 		goto fail;
 	}
 	pReqMsg->maxAPperScan = nla_get_u32(tb[PARAM_MAX_AP_PER_SCAN]);
-	hdd_notice("Max AP per Scan %d", pReqMsg->maxAPperScan);
 
 	/* Parse and fetch report threshold percent */
 	if (!tb[PARAM_RPT_THRHLD_PERCENT]) {
@@ -3248,8 +3224,6 @@ __wlan_hdd_cfg80211_extscan_start(struct wiphy *wiphy,
 		goto fail;
 	}
 	pReqMsg->report_threshold_percent = nla_get_u8(tb[PARAM_RPT_THRHLD_PERCENT]);
-	hdd_notice("Report Threshold percent %d",
-			pReqMsg->report_threshold_percent);
 
 	/* Parse and fetch report threshold num scans */
 	if (!tb[PARAM_RPT_THRHLD_NUM_SCANS]) {
@@ -3257,7 +3231,10 @@ __wlan_hdd_cfg80211_extscan_start(struct wiphy *wiphy,
 		goto fail;
 	}
 	pReqMsg->report_threshold_num_scans = nla_get_u8(tb[PARAM_RPT_THRHLD_NUM_SCANS]);
-	hdd_notice("Report Threshold num scans %d",
+	hdd_notice("Req Id: %d Session Id: %d Base Period: %d Max AP per Scan: %d Report Threshold percent: %d Report Threshold num scans: %d",
+		pReqMsg->requestId, pReqMsg->sessionId,
+		pReqMsg->basePeriod, pReqMsg->maxAPperScan,
+		pReqMsg->report_threshold_percent,
 		pReqMsg->report_threshold_num_scans);
 
 	/* Parse and fetch number of buckets */
@@ -3816,16 +3793,6 @@ static int hdd_extscan_epno_fill_network_list(
 			req_msg->networks[index].ssid.length,
 			req_msg->networks[index].ssid.ssId);
 
-		/* Parse and fetch rssi threshold */
-		if (!network[QCA_WLAN_VENDOR_ATTR_PNO_SET_LIST_PARAM_EPNO_NETWORK_RSSI_THRESHOLD]) {
-			hdd_err("attr rssi threshold failed");
-			return -EINVAL;
-		}
-		req_msg->networks[index].rssi_threshold = nla_get_s8(
-			network[QCA_WLAN_VENDOR_ATTR_PNO_SET_LIST_PARAM_EPNO_NETWORK_RSSI_THRESHOLD]);
-		hdd_notice("rssi threshold %d",
-			req_msg->networks[index].rssi_threshold);
-
 		/* Parse and fetch epno flags */
 		if (!network[QCA_WLAN_VENDOR_ATTR_PNO_SET_LIST_PARAM_EPNO_NETWORK_FLAGS]) {
 			hdd_err("attr epno flags failed");
@@ -3904,12 +3871,24 @@ static int __wlan_hdd_cfg80211_set_epno_list(struct wiphy *wiphy,
 		hdd_err("attr num networks failed");
 		return -EINVAL;
 	}
+
+	/*
+	 * num_networks is also used as EPNO SET/RESET request.
+	 * if num_networks is zero then it is treated as RESET.
+	 */
 	num_networks = nla_get_u32(
 		tb[QCA_WLAN_VENDOR_ATTR_PNO_SET_LIST_PARAM_NUM_NETWORKS]);
-	hdd_notice("num networks %u", num_networks);
 
+	if (num_networks > MAX_EPNO_NETWORKS) {
+		hdd_notice("num of nw: %d exceeded max: %d, resetting to: %d",
+			num_networks, MAX_EPNO_NETWORKS, MAX_EPNO_NETWORKS);
+		num_networks = MAX_EPNO_NETWORKS;
+	}
+
+	hdd_notice("num networks %u", num_networks);
 	len = sizeof(*req_msg) +
-		(num_networks * sizeof(struct wifi_epno_network));
+			(num_networks * sizeof(struct wifi_epno_network));
+
 	req_msg = qdf_mem_malloc(len);
 	if (!req_msg) {
 		hdd_err("qdf_mem_malloc failed");
@@ -3930,8 +3909,80 @@ static int __wlan_hdd_cfg80211_set_epno_list(struct wiphy *wiphy,
 	req_msg->session_id = adapter->sessionId;
 	hdd_notice("Session Id %d", req_msg->session_id);
 
-	if (hdd_extscan_epno_fill_network_list(hdd_ctx, req_msg, tb))
-		goto fail;
+	if (num_networks) {
+
+		/* Parse and fetch min_5ghz_rssi */
+		if (!tb[QCA_WLAN_VENDOR_ATTR_EPNO_MIN5GHZ_RSSI]) {
+			hdd_err("min_5ghz_rssi id failed");
+			goto fail;
+		}
+		req_msg->min_5ghz_rssi = nla_get_u32(
+			tb[QCA_WLAN_VENDOR_ATTR_EPNO_MIN5GHZ_RSSI]);
+
+		/* Parse and fetch min_24ghz_rssi */
+		if (!tb[QCA_WLAN_VENDOR_ATTR_EPNO_MIN24GHZ_RSSI]) {
+			hdd_err("min_24ghz_rssi id failed");
+			goto fail;
+		}
+		req_msg->min_24ghz_rssi = nla_get_u32(
+			tb[QCA_WLAN_VENDOR_ATTR_EPNO_MIN24GHZ_RSSI]);
+
+		/* Parse and fetch initial_score_max */
+		if (!tb[QCA_WLAN_VENDOR_ATTR_EPNO_INITIAL_SCORE_MAX]) {
+			hdd_err("initial_score_max id failed");
+			goto fail;
+		}
+		req_msg->initial_score_max = nla_get_u32(
+			tb[QCA_WLAN_VENDOR_ATTR_EPNO_INITIAL_SCORE_MAX]);
+
+		/* Parse and fetch current_connection_bonus */
+		if (!tb[QCA_WLAN_VENDOR_ATTR_EPNO_CURRENT_CONNECTION_BONUS]) {
+			hdd_err("current_connection_bonus id failed");
+			goto fail;
+		}
+		req_msg->current_connection_bonus = nla_get_u32(
+			tb[QCA_WLAN_VENDOR_ATTR_EPNO_CURRENT_CONNECTION_BONUS]
+			);
+
+		/* Parse and fetch same_network_bonus */
+		if (!tb[QCA_WLAN_VENDOR_ATTR_EPNO_SAME_NETWORK_BONUS]) {
+			hdd_err("same_network_bonus id failed");
+			goto fail;
+		}
+		req_msg->same_network_bonus = nla_get_u32(
+			tb[QCA_WLAN_VENDOR_ATTR_EPNO_SAME_NETWORK_BONUS]);
+
+		/* Parse and fetch secure_bonus */
+		if (!tb[QCA_WLAN_VENDOR_ATTR_EPNO_SECURE_BONUS]) {
+			hdd_err("secure_bonus id failed");
+			goto fail;
+		}
+		req_msg->secure_bonus = nla_get_u32(
+			tb[QCA_WLAN_VENDOR_ATTR_EPNO_SECURE_BONUS]);
+
+		/* Parse and fetch band_5ghz_bonus */
+		if (!tb[QCA_WLAN_VENDOR_ATTR_EPNO_BAND5GHZ_BONUS]) {
+			hdd_err("band_5ghz_bonus id failed");
+			goto fail;
+		}
+		req_msg->band_5ghz_bonus = nla_get_u32(
+			tb[QCA_WLAN_VENDOR_ATTR_EPNO_BAND5GHZ_BONUS]);
+
+		hdd_notice("min_5ghz_rssi: %d min_24ghz_rssi: %d",
+			req_msg->min_5ghz_rssi,
+			req_msg->min_24ghz_rssi);
+		hdd_notice("initial_score_max: %d current_connection_bonus:%d",
+			req_msg->initial_score_max,
+			req_msg->current_connection_bonus);
+		hdd_notice("Bonuses same_network: %d secure: %d band_5ghz: %d",
+			req_msg->same_network_bonus,
+			req_msg->secure_bonus,
+			req_msg->band_5ghz_bonus);
+
+		if (hdd_extscan_epno_fill_network_list(hdd_ctx, req_msg, tb))
+			goto fail;
+
+	}
 
 	status = sme_set_epno_list(hdd_ctx->hHal, req_msg);
 	if (!QDF_IS_STATUS_SUCCESS(status)) {

core/hdd/src/wlan_hdd_hostapd.c

@@ -68,7 +68,7 @@
 #include "pld_common.h"
 
 #include "wma.h"
-#ifdef DEBUG
+#ifdef WLAN_DEBUG
 #include "wma_api.h"
 #endif
 #include "wlan_hdd_trace.h"
@@ -149,14 +149,16 @@ static void hdd_hostapd_channel_allow_suspend(hdd_adapter_t *pAdapter,
 	if (pHostapdState->bssState == BSS_STOP)
 		return;
 
+	if (CHANNEL_STATE_DFS != cds_get_channel_state(channel))
+		return;
+
 	/* Release wakelock when no more DFS channels are used */
-	if (CHANNEL_STATE_DFS == cds_get_channel_state(channel)) {
-		if (atomic_dec_and_test(&pHddCtx->sap_dfs_ref_cnt)) {
-			hdd_err("DFS: allowing suspend (chan %d)",
-			       channel);
-			qdf_wake_lock_release(&pHddCtx->sap_dfs_wakelock,
-					      WIFI_POWER_EVENT_WAKELOCK_DFS);
-		}
+	if (atomic_dec_and_test(&pHddCtx->sap_dfs_ref_cnt)) {
+		hdd_err("DFS: allowing suspend (chan %d)", channel);
+		qdf_wake_lock_release(&pHddCtx->sap_dfs_wakelock,
+				      WIFI_POWER_EVENT_WAKELOCK_DFS);
+		qdf_runtime_pm_allow_suspend(pHddCtx->runtime_context.dfs);
+
 	}
 }
 
@@ -185,14 +187,15 @@ static void hdd_hostapd_channel_prevent_suspend(hdd_adapter_t *pAdapter,
 		(atomic_read(&pHddCtx->sap_dfs_ref_cnt) >= 1))
 		return;
 
+	if (CHANNEL_STATE_DFS != cds_get_channel_state(channel))
+		return;
+
 	/* Acquire wakelock if we have at least one DFS channel in use */
-	if (CHANNEL_STATE_DFS == cds_get_channel_state(channel)) {
-		if (atomic_inc_return(&pHddCtx->sap_dfs_ref_cnt) == 1) {
-			hdd_err("DFS: preventing suspend (chan %d)",
-			       channel);
-			qdf_wake_lock_acquire(&pHddCtx->sap_dfs_wakelock,
-					      WIFI_POWER_EVENT_WAKELOCK_DFS);
-		}
+	if (atomic_inc_return(&pHddCtx->sap_dfs_ref_cnt) == 1) {
+		hdd_err("DFS: preventing suspend (chan %d)", channel);
+		qdf_runtime_pm_prevent_suspend(pHddCtx->runtime_context.dfs);
+		qdf_wake_lock_acquire(&pHddCtx->sap_dfs_wakelock,
+				      WIFI_POWER_EVENT_WAKELOCK_DFS);
 	}
 }
 
@@ -1250,6 +1253,9 @@ QDF_STATUS hdd_hostapd_sap_event_cb(tpSap_Event pSapEvent,
 			hdd_info("P2PGO is going down now");
 			hdd_issue_stored_joinreq(sta_adapter, pHddCtx);
 		}
+		pHddApCtx->groupKey.keyLength = 0;
+		for (i = 0; i < CSR_MAX_NUM_KEY; i++)
+			pHddApCtx->wepKey[i].keyLength = 0;
 		goto stopbss;
 
 	case eSAP_DFS_CAC_START:
@@ -1804,12 +1810,14 @@ QDF_STATUS hdd_hostapd_sap_event_cb(tpSap_Event pSapEvent,
 
 	case eSAP_CHANNEL_CHANGE_EVENT:
 		hdd_notice("Received eSAP_CHANNEL_CHANGE_EVENT event");
-		/* Prevent suspend for new channel */
-		hdd_hostapd_channel_prevent_suspend(pHostapdAdapter,
-					pSapEvent->sapevt.sap_ch_selected.pri_ch);
-		/* Allow suspend for old channel */
-		hdd_hostapd_channel_allow_suspend(pHostapdAdapter,
-					pHddApCtx->operatingChannel);
+		if (pHostapdState->bssState != BSS_STOP) {
+			/* Prevent suspend for new channel */
+			hdd_hostapd_channel_prevent_suspend(pHostapdAdapter,
+				pSapEvent->sapevt.sap_ch_selected.pri_ch);
+			/* Allow suspend for old channel */
+			hdd_hostapd_channel_allow_suspend(pHostapdAdapter,
+				pHddApCtx->operatingChannel);
+		}
 		/* SME/PE is already updated for new operation channel. So update
 		* HDD layer also here. This resolves issue in AP-AP mode where
 		* AP1 channel is changed due to RADAR then CAC is going on and
@@ -2269,6 +2277,27 @@ static iw_softap_set_ini_cfg(struct net_device *dev,
 	return ret;
 }
 
+static int hdd_sap_get_chan_width(hdd_adapter_t *adapter, int *value)
+{
+	void *cds_ctx;
+	hdd_hostapd_state_t *hostapdstate;
+
+	ENTER();
+	hostapdstate = WLAN_HDD_GET_HOSTAP_STATE_PTR(adapter);
+
+	if (hostapdstate->bssState != BSS_START) {
+		*value = -EINVAL;
+		return -EINVAL;
+	}
+
+	cds_ctx = WLAN_HDD_GET_SAP_CTX_PTR(adapter);
+
+	*value = wlansap_get_chan_width(cds_ctx);
+	hdd_notice("chan_width = %d", *value);
+
+	return 0;
+}
+
 int
 static __iw_softap_get_ini_cfg(struct net_device *dev,
 			       struct iw_request_info *info,
@@ -2333,7 +2362,7 @@ static int __iw_softap_set_two_ints_getnone(struct net_device *dev,
 		goto out;
 
 	switch (sub_cmd) {
-#ifdef DEBUG
+#ifdef WLAN_DEBUG
 	case QCSAP_IOCTL_SET_FW_CRASH_INJECT:
 		hdd_err("WE_SET_FW_CRASH_INJECT: %d %d",
 		       value[1], value[2]);
@@ -3365,6 +3394,11 @@ static __iw_softap_getparam(struct net_device *dev,
 		ret = hdd_get_rx_stbc(pHostapdAdapter, value);
 		break;
 	}
+	case QCSAP_PARAM_CHAN_WIDTH:
+	{
+		ret = hdd_sap_get_chan_width(pHostapdAdapter, value);
+		break;
+	}
 	default:
 		hdd_err("Invalid getparam command %d", sub_cmd);
 		ret = -EINVAL;
@@ -5315,6 +5349,10 @@ static const struct iw_priv_args hostapd_private_args[] = {
 		QCASAP_PARAM_RX_STBC, 0,
 		IW_PRIV_TYPE_INT | IW_PRIV_SIZE_FIXED | 1,
 		"get_rx_stbc"
+	}, {
+		QCSAP_PARAM_CHAN_WIDTH, 0,
+		IW_PRIV_TYPE_INT | IW_PRIV_SIZE_FIXED | 1,
+		"get_chwidth"
 	}, {
 		QCASAP_TX_CHAINMASK_CMD, 0,
 		IW_PRIV_TYPE_INT | IW_PRIV_SIZE_FIXED | 1,
@@ -5474,7 +5512,7 @@ static const struct iw_priv_args hostapd_private_args[] = {
 	}
 	,
 	/* handlers for sub-ioctl */
-#ifdef DEBUG
+#ifdef WLAN_DEBUG
 	{
 		QCSAP_IOCTL_SET_FW_CRASH_INJECT,
 		IW_PRIV_TYPE_INT | IW_PRIV_SIZE_FIXED | 2,
@@ -6793,7 +6831,8 @@ static int wlan_hdd_setup_driver_overrides(hdd_adapter_t *ap_adapter)
 	if (hdd_ctx->config->sap_p2p_11ac_override &&
 			(sap_cfg->SapHw_mode == eCSR_DOT11_MODE_11n ||
 			sap_cfg->SapHw_mode == eCSR_DOT11_MODE_11ac ||
-			sap_cfg->SapHw_mode == eCSR_DOT11_MODE_11ac_ONLY)) {
+			sap_cfg->SapHw_mode == eCSR_DOT11_MODE_11ac_ONLY) &&
+			!hdd_ctx->config->sap_force_11n_for_11ac) {
 		hdd_notice("** Driver force 11AC override for SAP/Go **");
 
 		/* 11n only shall not be overridden since it may be on purpose*/
@@ -6835,6 +6874,12 @@ setup_acs_overrides:
 	if (sap_cfg->SapHw_mode == eCSR_DOT11_MODE_AUTO)
 		sap_cfg->SapHw_mode = eCSR_DOT11_MODE_11ac;
 
+	if (hdd_ctx->config->sap_force_11n_for_11ac) {
+		if (sap_cfg->SapHw_mode == eCSR_DOT11_MODE_11ac ||
+		    sap_cfg->SapHw_mode == eCSR_DOT11_MODE_11ac_ONLY)
+			sap_cfg->SapHw_mode = eCSR_DOT11_MODE_11n;
+	}
+
 	if ((sap_cfg->SapHw_mode == eCSR_DOT11_MODE_11b ||
 			sap_cfg->SapHw_mode == eCSR_DOT11_MODE_11g ||
 			sap_cfg->SapHw_mode == eCSR_DOT11_MODE_11g_ONLY) &&
@@ -7309,6 +7354,12 @@ int wlan_hdd_cfg80211_start_bss(hdd_adapter_t *pHostapdAdapter,
 	}
 
 	wlan_hdd_set_sap_hwmode(pHostapdAdapter);
+	if (pHddCtx->config->sap_force_11n_for_11ac) {
+		if (pConfig->SapHw_mode == eCSR_DOT11_MODE_11ac ||
+		    pConfig->SapHw_mode == eCSR_DOT11_MODE_11ac_ONLY)
+			pConfig->SapHw_mode = eCSR_DOT11_MODE_11n;
+	}
+
 	qdf_mem_zero(&sme_config, sizeof(tSmeConfigParams));
 	sme_get_config_param(pHddCtx->hHal, &sme_config);
 	/* Override hostapd.conf wmm_enabled only for 11n and 11AC configs (IOT)
@@ -7325,25 +7376,32 @@ int wlan_hdd_cfg80211_start_bss(hdd_adapter_t *pHostapdAdapter,
 		sme_config.csrConfig.WMMSupportMode = eCsrRoamWmmNoQos;
 	sme_update_config(pHddCtx->hHal, &sme_config);
 
-	if (pConfig->ch_width_orig == NL80211_CHAN_WIDTH_80P80) {
-		if (pHddCtx->isVHT80Allowed == false)
-			pConfig->ch_width_orig = CH_WIDTH_40MHZ;
-		else
-			pConfig->ch_width_orig = CH_WIDTH_80P80MHZ;
-	} else if (pConfig->ch_width_orig == NL80211_CHAN_WIDTH_160) {
-		if (pHddCtx->isVHT80Allowed == false)
+	if (!pHddCtx->config->sap_force_11n_for_11ac) {
+		if (pConfig->ch_width_orig == NL80211_CHAN_WIDTH_80P80) {
+			if (pHddCtx->isVHT80Allowed == false)
+				pConfig->ch_width_orig = CH_WIDTH_40MHZ;
+			else
+				pConfig->ch_width_orig = CH_WIDTH_80P80MHZ;
+		} else if (pConfig->ch_width_orig == NL80211_CHAN_WIDTH_160) {
+			if (pHddCtx->isVHT80Allowed == false)
+				pConfig->ch_width_orig = CH_WIDTH_40MHZ;
+			else
+				pConfig->ch_width_orig = CH_WIDTH_160MHZ;
+		} else if (pConfig->ch_width_orig == NL80211_CHAN_WIDTH_80) {
+			if (pHddCtx->isVHT80Allowed == false)
+				pConfig->ch_width_orig = CH_WIDTH_40MHZ;
+			else
+				pConfig->ch_width_orig = CH_WIDTH_80MHZ;
+		} else if (pConfig->ch_width_orig == NL80211_CHAN_WIDTH_40) {
 			pConfig->ch_width_orig = CH_WIDTH_40MHZ;
-		else
-			pConfig->ch_width_orig = CH_WIDTH_160MHZ;
-	} else if (pConfig->ch_width_orig == NL80211_CHAN_WIDTH_80) {
-		if (pHddCtx->isVHT80Allowed == false)
+		} else {
+			pConfig->ch_width_orig = CH_WIDTH_20MHZ;
+		}
+	} else {
+		if (pConfig->ch_width_orig >= NL80211_CHAN_WIDTH_40)
 			pConfig->ch_width_orig = CH_WIDTH_40MHZ;
 		else
-			pConfig->ch_width_orig = CH_WIDTH_80MHZ;
-	} else if (pConfig->ch_width_orig == NL80211_CHAN_WIDTH_40) {
-		pConfig->ch_width_orig = CH_WIDTH_40MHZ;
-	} else {
-		pConfig->ch_width_orig = CH_WIDTH_20MHZ;
+			pConfig->ch_width_orig = CH_WIDTH_20MHZ;
 	}
 
 	if (wlan_hdd_setup_driver_overrides(pHostapdAdapter)) {

core/hdd/src/wlan_hdd_ioctl.c

@@ -549,7 +549,7 @@ hdd_cfg80211_get_ibss_peer_info(hdd_adapter_t *adapter, uint8_t staIdx)
 }
 
 /* Function header is left blank intentionally */
-QDF_STATUS
+static QDF_STATUS
 hdd_parse_get_ibss_peer_info(uint8_t *pValue, struct qdf_mac_addr *pPeerMacAddr)
 {
 	uint8_t *inPtr = pValue;
@@ -870,12 +870,6 @@ void hdd_wma_send_fastreassoc_cmd(int sessionId, const tSirMacAddr bssid,
 		hdd_err("Not able to post ROAM_INVOKE_CMD message to WMA");
 	}
 }
-#else
-void hdd_wma_send_fastreassoc_cmd(int sessionId, const tSirMacAddr bssid,
-				  int channel)
-{
-}
-
 #endif
 
 /**
@@ -1071,16 +1065,15 @@ static int hdd_parse_reassoc(hdd_adapter_t *adapter, const char *command)
 static int
 hdd_sendactionframe(hdd_adapter_t *adapter, const uint8_t *bssid,
 		    const uint8_t channel, const uint8_t dwell_time,
-		    const uint8_t payload_len, const uint8_t *payload)
+		    const int payload_len, const uint8_t *payload)
 {
 	struct ieee80211_channel chan;
-	uint8_t frame_len;
+	int frame_len, ret = 0;
 	uint8_t *frame;
 	struct ieee80211_hdr_3addr *hdr;
 	u64 cookie;
 	hdd_station_ctx_t *pHddStaCtx;
 	hdd_context_t *hdd_ctx;
-	int ret = 0;
 	tpSirMacVendorSpecificFrameHdr pVendorSpecific =
 		(tpSirMacVendorSpecificFrameHdr) payload;
 #if (LINUX_VERSION_CODE >= KERNEL_VERSION(3, 14, 0))
@@ -1259,29 +1252,42 @@ hdd_parse_sendactionframe_v1(hdd_adapter_t *adapter, const char *command)
  * Return: 0 for success non-zero for failure
  */
 static int
-hdd_parse_sendactionframe_v2(hdd_adapter_t *adapter, const char *command)
+hdd_parse_sendactionframe_v2(hdd_adapter_t *adapter,
+			     const char *command, int total_len)
 {
 	struct android_wifi_af_params *params;
 	tSirMacAddr bssid;
 	int ret;
 
-	/* params are large so keep off the stack */
-	params = kmalloc(sizeof(*params), GFP_KERNEL);
-	if (!params)
-		return -ENOMEM;
-
 	/* The params are located after "SENDACTIONFRAME " */
-	memcpy(params, command + 16, sizeof(*params));
+	total_len -= 16;
+	params = (struct android_wifi_af_params *)(command + 16);
+
+	if (params->len <= 0 || params->len > ANDROID_WIFI_ACTION_FRAME_SIZE ||
+		(params->len > total_len)) {
+		hdd_err("Invalid payload length: %d", params->len);
+		return -EINVAL;
+	}
 
-	if (!mac_pton(params->bssid, (u8 *) &bssid)) {
+	if (!mac_pton(params->bssid, (u8 *)&bssid)) {
 		hdd_err("MAC address parsing failed");
-		ret = -EINVAL;
-	} else {
-		ret = hdd_sendactionframe(adapter, bssid, params->channel,
-					  params->dwell_time, params->len,
-					  params->data);
+		return -EINVAL;
 	}
-	kfree(params);
+
+	if (params->channel < 0 ||
+	    params->channel > WNI_CFG_CURRENT_CHANNEL_STAMAX) {
+		hdd_err("Invalid channel: %d", params->channel);
+		return -EINVAL;
+	}
+
+	if (params->dwell_time < 0) {
+		hdd_err("Invalid dwell_time: %d", params->dwell_time);
+		return -EINVAL;
+	}
+
+	ret = hdd_sendactionframe(adapter, bssid, params->channel,
+				params->dwell_time, params->len, params->data);
+
 	return ret;
 }
 
@@ -1300,7 +1306,8 @@ hdd_parse_sendactionframe_v2(hdd_adapter_t *adapter, const char *command)
  * Return: 0 for success non-zero for failure
  */
 static int
-hdd_parse_sendactionframe(hdd_adapter_t *adapter, const char *command)
+hdd_parse_sendactionframe(hdd_adapter_t *adapter, const char *command,
+			  int total_len)
 {
 	int ret;
 
@@ -1317,11 +1324,18 @@ hdd_parse_sendactionframe(hdd_adapter_t *adapter, const char *command)
 	 * SENDACTIONFRAME xx:xx:xx:xx:xx:xx*
 	 *           111111111122222222223333
 	 * 0123456789012345678901234567890123
+	 * For both the commands, a valid command must have atleast
+	 * first 34 length of data.
 	 */
+	if (total_len < 34) {
+		hdd_err("Invalid command (total_len=%d)", total_len);
+		return -EINVAL;
+	}
+
 	if (command[33]) {
 		ret = hdd_parse_sendactionframe_v1(adapter, command);
 	} else {
-		ret = hdd_parse_sendactionframe_v2(adapter, command);
+		ret = hdd_parse_sendactionframe_v2(adapter, command, total_len);
 	}
 
 	return ret;
@@ -1627,7 +1641,7 @@ hdd_parse_set_roam_scan_channels(hdd_adapter_t *adapter, const char *command)
  *
  * Return: 0 for success non-zero for failure
  */
-QDF_STATUS hdd_parse_plm_cmd(uint8_t *pValue, tSirPlmReq *pPlmRequest)
+static QDF_STATUS hdd_parse_plm_cmd(uint8_t *pValue, tSirPlmReq *pPlmRequest)
 {
 	uint8_t *cmdPtr = NULL;
 	int count, content = 0, ret = 0;
@@ -1863,8 +1877,9 @@ QDF_STATUS hdd_parse_plm_cmd(uint8_t *pValue, tSirPlmReq *pPlmRequest)
 		if (content < 0)
 			return QDF_STATUS_E_FAILURE;
 
+		content = QDF_MIN(content, WNI_CFG_VALID_CHANNEL_LIST_LEN);
 		pPlmRequest->plmNumCh = content;
-		hdd_debug("numch %d", pPlmRequest->plmNumCh);
+		hdd_debug("numch: %d", pPlmRequest->plmNumCh);
 
 		/* Channel numbers */
 		for (count = 0; count < pPlmRequest->plmNumCh; count++) {
@@ -1883,10 +1898,8 @@ QDF_STATUS hdd_parse_plm_cmd(uint8_t *pValue, tSirPlmReq *pPlmRequest)
 				return QDF_STATUS_E_FAILURE;
 
 			ret = kstrtos32(buf, 10, &content);
-			if (ret < 0)
-				return QDF_STATUS_E_FAILURE;
-
-			if (content <= 0)
+			if (ret < 0 || content <= 0 ||
+			    content > WNI_CFG_CURRENT_CHANNEL_STAMAX)
 				return QDF_STATUS_E_FAILURE;
 
 			pPlmRequest->plmChList[count] = content;
@@ -3709,7 +3722,8 @@ static int drv_cmd_send_action_frame(hdd_adapter_t *adapter,
 				     uint8_t command_len,
 				     hdd_priv_data_t *priv_data)
 {
-	return hdd_parse_sendactionframe(adapter, command);
+	return hdd_parse_sendactionframe(adapter, command,
+					 priv_data->total_len);
 }
 
 static int drv_cmd_get_roam_scan_channel_min_time(hdd_adapter_t *adapter,
@@ -6435,7 +6449,7 @@ static int hdd_set_rx_filter(hdd_adapter_t *adapter, bool action,
 			uint8_t pattern)
 {
 	int ret;
-	uint8_t i;
+	uint8_t i, j;
 	tHalHandle handle;
 	tSirRcvFltMcAddrList *filter;
 	hdd_context_t *hdd_ctx = WLAN_HDD_GET_CTX(adapter);
@@ -6473,19 +6487,21 @@ static int hdd_set_rx_filter(hdd_adapter_t *adapter, bool action,
 			return -ENOMEM;
 		}
 		filter->action = action;
-		for (i = 0; i < adapter->mc_addr_list.mc_cnt; i++) {
+		for (i = 0, j = 0; i < adapter->mc_addr_list.mc_cnt; i++) {
 			if (!memcmp(adapter->mc_addr_list.addr[i],
 				&pattern, 1)) {
-				memcpy(filter->multicastAddr[i].bytes,
+				memcpy(filter->multicastAddr[j].bytes,
 					adapter->mc_addr_list.addr[i],
 					sizeof(adapter->mc_addr_list.addr[i]));
-				filter->ulMulticastAddrCnt++;
+
 				hdd_info("%s RX filter : addr ="
 				    MAC_ADDRESS_STR,
 				    action ? "setting" : "clearing",
-				    MAC_ADDR_ARRAY(filter->multicastAddr[i].bytes));
+				    MAC_ADDR_ARRAY(filter->multicastAddr[j].bytes));
+				j++;
 			}
 		}
+		filter->ulMulticastAddrCnt = j;
 		/* Set rx filter */
 		sme_8023_multicast_list(handle, adapter->sessionId, filter);
 		qdf_mem_free(filter);

core/hdd/src/wlan_hdd_ipa.c

@@ -202,6 +202,8 @@ struct hdd_ipa_rx_hdr {
 } __packed;
 
 struct hdd_ipa_pm_tx_cb {
+	bool exception;
+	hdd_adapter_t *adapter;
 	struct hdd_ipa_iface_context *iface_context;
 	struct ipa_rx_data *ipa_tx_desc;
 };
@@ -244,6 +246,7 @@ struct hdd_ipa_iface_context {
 	qdf_spinlock_t interface_lock;
 	uint32_t ifa_address;
 	struct hdd_ipa_iface_stats stats;
+	uint32_t offload_enabled;
 };
 
 struct hdd_ipa_stats {
@@ -530,9 +533,12 @@ do { \
 	pipe_in.u.ul.rdy_comp_ring_wp_va = \
 		ipa_ctxt->ipa_resource.rx2_proc_done_idx_vaddr; \
 } while (0)
+
+#define HDD_IPA_CHECK_HW() ipa_uc_reg_rdyCB(NULL)
 #else
 /* Do nothing */
 #define HDD_IPA_WDI2_SET(pipe_in, ipa_ctxt)
+#define HDD_IPA_CHECK_HW() 0
 #endif /* IPA3 */
 
 static struct hdd_ipa_adapter_2_client {
@@ -951,7 +957,7 @@ void hdd_ipa_uc_stat_query(hdd_context_t *pHddCtx,
 		(false == hdd_ipa->resource_loading)) {
 		*ipa_tx_diff = hdd_ipa->ipa_tx_packets_diff;
 		*ipa_rx_diff = hdd_ipa->ipa_rx_packets_diff;
-		HDD_IPA_LOG(LOG1, "STAT Query TX DIFF %d, RX DIFF %d",
+		HDD_IPA_LOG(LOGOFF, "STAT Query TX DIFF %d, RX DIFF %d",
 			    *ipa_tx_diff, *ipa_rx_diff);
 	}
 	qdf_mutex_release(&hdd_ipa->ipa_lock);
@@ -1353,9 +1359,7 @@ static void hdd_ipa_uc_op_cb(struct op_msg_type *op_msg, void *usr_ctxt)
 			hdd_ipa->pending_cons_req = false;
 		}
 		qdf_mutex_release(&hdd_ipa->ipa_lock);
-	}
-
-	if ((HDD_IPA_UC_OPCODE_TX_SUSPEND == msg->op_code) ||
+	} else if ((HDD_IPA_UC_OPCODE_TX_SUSPEND == msg->op_code) ||
 	    (HDD_IPA_UC_OPCODE_RX_SUSPEND == msg->op_code)) {
 		qdf_mutex_acquire(&hdd_ipa->ipa_lock);
 		hdd_ipa->activated_fw_pipe--;
@@ -1371,9 +1375,7 @@ static void hdd_ipa_uc_op_cb(struct op_msg_type *op_msg, void *usr_ctxt)
 			hdd_ipa->pending_cons_req = false;
 		}
 		qdf_mutex_release(&hdd_ipa->ipa_lock);
-	}
-
-	if ((HDD_IPA_UC_OPCODE_STATS == msg->op_code) &&
+	} else if ((HDD_IPA_UC_OPCODE_STATS == msg->op_code) &&
 		(HDD_IPA_UC_STAT_REASON_DEBUG == hdd_ipa->stat_req_reason)) {
 		struct ol_txrx_ipa_resources *res = &hdd_ipa->ipa_resource;
 		/* STATs from host */
@@ -1572,8 +1574,8 @@ static void hdd_ipa_uc_op_cb(struct op_msg_type *op_msg, void *usr_ctxt)
 			uc_fw_stat->rx_num_pkts_indicated);
 		qdf_mutex_release(&hdd_ipa->ipa_lock);
 	} else {
-		HDD_IPA_LOG(LOGE, "INVALID REASON %d",
-			    hdd_ipa->stat_req_reason);
+		HDD_IPA_LOG(LOGE, "Invalid message: op_code=%d, reason=%d",
+			    msg->op_code, hdd_ipa->stat_req_reason);
 	}
 	qdf_mem_free(op_msg);
 }
@@ -1591,10 +1593,22 @@ static void hdd_ipa_uc_offload_enable_disable(hdd_adapter_t *adapter,
 			uint32_t offload_type, uint32_t enable)
 {
 	struct sir_ipa_offload_enable_disable ipa_offload_enable_disable;
+	struct hdd_ipa_iface_context *iface_context = NULL;
 
 	if (!adapter)
 		return;
 
+	iface_context = adapter->ipa_context;
+
+	if (!iface_context || (enable == iface_context->offload_enabled)) {
+		/* IPA offload status is already set as desired */
+		HDD_IPA_LOG(QDF_TRACE_LEVEL_ERROR,
+			    "offload_type=%d, vdev_id=%d, enable=%d",
+			    offload_type, adapter->sessionId, enable);
+		WARN_ON(1);
+		return;
+	}
+
 	/* Lower layer may send multiple START_BSS_EVENT in DFS mode or during
 	 * channel change indication. Since these indications are sent by lower
 	 * layer as SAP updates and IPA doesn't have to do anything for these
@@ -1610,7 +1624,7 @@ static void hdd_ipa_uc_offload_enable_disable(hdd_adapter_t *adapter,
 	ipa_offload_enable_disable.enable = enable;
 
 	HDD_IPA_LOG(QDF_TRACE_LEVEL_INFO,
-		"%s: offload_type=%d, vdev_id=%d, enable=%d", __func__,
+		"offload_type=%d, vdev_id=%d, enable=%d",
 		ipa_offload_enable_disable.offload_type,
 		ipa_offload_enable_disable.vdev_id,
 		ipa_offload_enable_disable.enable);
@@ -1624,6 +1638,10 @@ static void hdd_ipa_uc_offload_enable_disable(hdd_adapter_t *adapter,
 			ipa_offload_enable_disable.offload_type,
 			ipa_offload_enable_disable.vdev_id,
 			ipa_offload_enable_disable.enable);
+	} else {
+		/* Update the IPA offload status */
+		iface_context->offload_enabled =
+			ipa_offload_enable_disable.enable;
 	}
 }
 
@@ -2469,13 +2487,13 @@ static void hdd_ipa_send_skb_to_network(qdf_nbuf_t skb,
 		HDD_IPA_LOG(QDF_TRACE_LEVEL_INFO_LOW, "Invalid adapter: 0x%p",
 			    adapter);
 		HDD_IPA_INCREASE_INTERNAL_DROP_COUNT(hdd_ipa);
-		qdf_nbuf_free(skb);
+		kfree_skb(skb);
 		return;
 	}
 
 	if (cds_is_driver_unloading()) {
 		HDD_IPA_INCREASE_INTERNAL_DROP_COUNT(hdd_ipa);
-		qdf_nbuf_free(skb);
+		kfree_skb(skb);
 		return;
 	}
 
@@ -2496,6 +2514,57 @@ static void hdd_ipa_send_skb_to_network(qdf_nbuf_t skb,
 	adapter->dev->last_rx = jiffies;
 }
 
+/**
+ * hdd_ipa_forward() - handle packet forwarding to wlan tx
+ * @hdd_ipa: pointer to hdd ipa context
+ * @adapter: network adapter
+ * @skb: data pointer
+ *
+ * if exception packet has set forward bit, copied new packet should be
+ * forwarded to wlan tx. if wlan subsystem is in suspend state, packet should
+ * put into pm queue and tx procedure will be differed
+ *
+ * Return: None
+ */
+static void hdd_ipa_forward(struct hdd_ipa_priv *hdd_ipa,
+			    hdd_adapter_t *adapter, qdf_nbuf_t skb)
+{
+	qdf_nbuf_t copy;
+	struct hdd_ipa_pm_tx_cb *pm_tx_cb;
+
+	copy = qdf_nbuf_copy(skb);
+	if (!copy) {
+		HDD_IPA_LOG(QDF_TRACE_LEVEL_ERROR, "copy packet alloc fail");
+		return;
+	}
+
+	qdf_spin_lock_bh(&hdd_ipa->pm_lock);
+	/* WLAN subsystem is in suspend, put int queue */
+	if (hdd_ipa->suspended) {
+		qdf_spin_unlock_bh(&hdd_ipa->pm_lock);
+		HDD_IPA_LOG(QDF_TRACE_LEVEL_ERROR,
+			"TX in SUSPEND PUT QUEUE");
+		qdf_mem_set(copy->cb, sizeof(copy->cb), 0);
+		pm_tx_cb = (struct hdd_ipa_pm_tx_cb *)copy->cb;
+		pm_tx_cb->exception = true;
+		pm_tx_cb->adapter = adapter;
+		qdf_spin_lock_bh(&hdd_ipa->pm_lock);
+		qdf_nbuf_queue_add(&hdd_ipa->pm_queue_head, copy);
+		qdf_spin_unlock_bh(&hdd_ipa->pm_lock);
+		hdd_ipa->stats.num_tx_queued++;
+	} else {
+		/* Resume, put packet into WLAN TX */
+		qdf_spin_unlock_bh(&hdd_ipa->pm_lock);
+		if (hdd_softap_hard_start_xmit(copy, adapter->dev)) {
+			HDD_IPA_LOG(QDF_TRACE_LEVEL_ERROR,
+			    "packet tx fail");
+		} else {
+			hdd_ipa->stats.num_tx_bcmc++;
+			hdd_ipa->ipa_tx_forward++;
+		}
+	}
+}
+
 /**
  * hdd_ipa_w2i_cb() - WLAN to IPA callback handler
  * @priv: pointer to private data registered with IPA (we register a
@@ -2505,7 +2574,7 @@ static void hdd_ipa_send_skb_to_network(qdf_nbuf_t skb,
  *
  * Return: None
  */
-static void hdd_ipa_w2i_cb(void *priv, enum ipa_dp_evt_type evt,
+static void __hdd_ipa_w2i_cb(void *priv, enum ipa_dp_evt_type evt,
 			   unsigned long data)
 {
 	struct hdd_ipa_priv *hdd_ipa = NULL;
@@ -2514,15 +2583,28 @@ static void hdd_ipa_w2i_cb(void *priv, enum ipa_dp_evt_type evt,
 	uint8_t iface_id;
 	uint8_t session_id;
 	struct hdd_ipa_iface_context *iface_context;
-	qdf_nbuf_t copy;
 	uint8_t fw_desc;
-	int ret;
+	QDF_STATUS status = QDF_STATUS_SUCCESS;
 
 	hdd_ipa = (struct hdd_ipa_priv *)priv;
 
 	switch (evt) {
 	case IPA_RECEIVE:
 		skb = (qdf_nbuf_t) data;
+
+		/*
+		 * When SSR is going on or driver is unloading,
+		 * just drop the packets.
+		 */
+		status = wlan_hdd_validate_context(hdd_ipa->hdd_ctx);
+		if (0 != status) {
+			HDD_IPA_LOG(QDF_TRACE_LEVEL_ERROR,
+					"Invalid context: drop packet");
+			HDD_IPA_INCREASE_INTERNAL_DROP_COUNT(hdd_ipa);
+			kfree_skb(skb);
+			return;
+		}
+
 		if (hdd_ipa_uc_is_enabled(hdd_ipa->hdd_ctx)) {
 			session_id = (uint8_t)skb->cb[0];
 			iface_id = vdev_to_iface[session_id];
@@ -2540,7 +2622,7 @@ static void hdd_ipa_w2i_cb(void *priv, enum ipa_dp_evt_type evt,
 			HDD_IPA_DBG_DUMP(QDF_TRACE_LEVEL_INFO_HIGH,
 				"w2i -- skb", skb->data, 8);
 			HDD_IPA_INCREASE_INTERNAL_DROP_COUNT(hdd_ipa);
-			qdf_nbuf_free(skb);
+			kfree_skb(skb);
 			return;
 		}
 
@@ -2573,37 +2655,19 @@ static void hdd_ipa_w2i_cb(void *priv, enum ipa_dp_evt_type evt,
 			 * only when DISCARD bit is not set.
 			 */
 			fw_desc = (uint8_t)skb->cb[1];
-
 			if (fw_desc & HDD_IPA_FW_RX_DESC_FORWARD_M) {
 				HDD_IPA_DP_LOG(
 					QDF_TRACE_LEVEL_DEBUG,
 					"Forward packet to Tx (fw_desc=%d)",
 					fw_desc);
-				copy = qdf_nbuf_copy(skb);
-				if (copy) {
-					hdd_ipa->ipa_tx_forward++;
-					ret = hdd_softap_hard_start_xmit(
-						(struct sk_buff *)copy,
-						adapter->dev);
-					if (ret) {
-						HDD_IPA_LOG(
-							QDF_TRACE_LEVEL_DEBUG,
-							"Forward packet tx fail");
-						hdd_ipa->stats.
-							num_tx_bcmc_err++;
-					} else {
-						hdd_ipa->stats.num_tx_bcmc++;
-					}
-				}
+				hdd_ipa_forward(hdd_ipa, adapter, skb);
 			}
-
 			if (fw_desc & HDD_IPA_FW_RX_DESC_DISCARD_M) {
 				HDD_IPA_INCREASE_INTERNAL_DROP_COUNT(hdd_ipa);
 				hdd_ipa->ipa_rx_discard++;
-				qdf_nbuf_free(skb);
+				kfree_skb(skb);
 				break;
 			}
-
 		} else {
 			HDD_IPA_LOG(QDF_TRACE_LEVEL_INFO_HIGH,
 				"Intra-BSS FWD is disabled-skip forward to Tx");
@@ -2619,6 +2683,23 @@ static void hdd_ipa_w2i_cb(void *priv, enum ipa_dp_evt_type evt,
 	}
 }
 
+/**
+ * hdd_ipa_w2i_cb() - SSR wrapper for __hdd_ipa_w2i_cb
+ * @priv: pointer to private data registered with IPA (we register a
+ *	pointer to the global IPA context)
+ * @evt: the IPA event which triggered the callback
+ * @data: data associated with the event
+ *
+ * Return: None
+ */
+static void hdd_ipa_w2i_cb(void *priv, enum ipa_dp_evt_type evt,
+			   unsigned long data)
+{
+	cds_ssr_protect(__func__);
+	__hdd_ipa_w2i_cb(priv, evt, data);
+	cds_ssr_unprotect(__func__);
+}
+
 /**
  * hdd_ipa_nbuf_cb() - IPA TX complete callback
  * @skb: packet buffer which was transmitted
@@ -2724,7 +2805,27 @@ static void hdd_ipa_send_pkt_to_tl(
 }
 
 /**
- * hdd_ipa_pm_send_pkt_to_tl() - Send queued packets to TL
+ * hdd_ipa_is_present() - get IPA hw status
+ * @hdd_ctx: pointer to hdd context
+ *
+ * ipa_uc_reg_rdyCB is not directly designed to check
+ * ipa hw status. This is an undocumented function which
+ * has confirmed with IPA team.
+ *
+ * Return: true - ipa hw present
+ *         false - ipa hw not present
+ */
+bool hdd_ipa_is_present(hdd_context_t *hdd_ctx)
+{
+	/* Check if ipa hw is enabled */
+	if (HDD_IPA_CHECK_HW() != -EPERM)
+		return true;
+	else
+		return false;
+}
+
+/**
+ * hdd_ipa_pm_flush() - flush queued packets
  * @work: pointer to the scheduled work
  *
  * Called during PM resume to send packets to TL which were queued
@@ -2732,7 +2833,7 @@ static void hdd_ipa_send_pkt_to_tl(
  *
  * Return: None
  */
-static void hdd_ipa_pm_send_pkt_to_tl(struct work_struct *work)
+static void hdd_ipa_pm_flush(struct work_struct *work)
 {
 	struct hdd_ipa_priv *hdd_ipa = container_of(work,
 						    struct hdd_ipa_priv,
@@ -2741,23 +2842,28 @@ static void hdd_ipa_pm_send_pkt_to_tl(struct work_struct *work)
 	qdf_nbuf_t skb;
 	uint32_t dequeued = 0;
 
+	qdf_wake_lock_acquire(&hdd_ipa->wake_lock,
+			      WIFI_POWER_EVENT_WAKELOCK_IPA);
 	qdf_spin_lock_bh(&hdd_ipa->pm_lock);
-
 	while (((skb = qdf_nbuf_queue_remove(&hdd_ipa->pm_queue_head))
 								!= NULL)) {
 		qdf_spin_unlock_bh(&hdd_ipa->pm_lock);
 
 		pm_tx_cb = (struct hdd_ipa_pm_tx_cb *)skb->cb;
-
 		dequeued++;
-
-		hdd_ipa_send_pkt_to_tl(pm_tx_cb->iface_context,
+		if (pm_tx_cb->exception) {
+			HDD_IPA_LOG(QDF_TRACE_LEVEL_ERROR,
+				"FLUSH EXCEPTION");
+			hdd_softap_hard_start_xmit(skb, pm_tx_cb->adapter->dev);
+		} else {
+			hdd_ipa_send_pkt_to_tl(pm_tx_cb->iface_context,
 				       pm_tx_cb->ipa_tx_desc);
-
+		}
 		qdf_spin_lock_bh(&hdd_ipa->pm_lock);
 	}
-
 	qdf_spin_unlock_bh(&hdd_ipa->pm_lock);
+	qdf_wake_lock_release(&hdd_ipa->wake_lock,
+			      WIFI_POWER_EVENT_WAKELOCK_IPA);
 
 	hdd_ipa->stats.num_tx_dequeued += dequeued;
 	if (dequeued > hdd_ipa->stats.num_max_pm_queue)
@@ -3455,6 +3561,7 @@ static void hdd_ipa_msg_free_fn(void *buff, uint32_t len, uint32_t type)
 	qdf_mem_free(buff);
 }
 
+#ifndef QCA_LL_TX_FLOW_CONTROL_V2
 /**
  * hdd_ipa_send_mcc_scc_msg() - send IPA WLAN_SWITCH_TO_MCC/SCC message
  * @mcc_mode: 0=MCC/1=SCC
@@ -3513,6 +3620,7 @@ int hdd_ipa_send_mcc_scc_msg(hdd_context_t *pHddCtx, bool mcc_mode)
 
 	return ret;
 }
+#endif
 
 /**
  * hdd_ipa_wlan_event_to_str() - convert IPA WLAN event to string
@@ -3995,7 +4103,12 @@ int hdd_ipa_wlan_evt(hdd_adapter_t *adapter, uint8_t sta_id,
 {
 	enum ipa_wlan_event type = hdd_to_ipa_wlan_event(hdd_event_type);
 
-	return __hdd_ipa_wlan_evt(adapter, sta_id, type, mac_addr);
+	/* Data path offload only support for STA and SAP mode */
+	if ((QDF_STA_MODE == adapter->device_mode) ||
+	    (QDF_SAP_MODE == adapter->device_mode))
+		return __hdd_ipa_wlan_evt(adapter, sta_id, type, mac_addr);
+
+	return 0;
 }
 
 /**
@@ -4107,10 +4220,11 @@ QDF_STATUS hdd_ipa_init(hdd_context_t *hdd_ctx)
 			hdd_ipa_adapter_2_client[i].prod_client;
 		iface_context->iface_id = i;
 		iface_context->adapter = NULL;
+		iface_context->offload_enabled = 0;
 		qdf_spinlock_create(&iface_context->interface_lock);
 	}
 
-	INIT_WORK(&hdd_ipa->pm_work, hdd_ipa_pm_send_pkt_to_tl);
+	INIT_WORK(&hdd_ipa->pm_work, hdd_ipa_pm_flush);
 	qdf_spinlock_create(&hdd_ipa->pm_lock);
 	qdf_nbuf_queue_init(&hdd_ipa->pm_queue_head);
 

core/hdd/src/wlan_hdd_lro.c

@@ -53,6 +53,14 @@
 	(LRO_DESC | LRO_ELIGIBILITY_CHECKED | LRO_TCP_ACK_NUM | \
 	 LRO_TCP_DATA_CSUM | LRO_TCP_SEQ_NUM | LRO_TCP_WIN)
 
+#define LRO_HIST_UPDATE(lro_desc, adapter) \
+	 do { \
+		uint8_t bucket = lro_desc->pkt_aggr_cnt >> 3; \
+		if (unlikely(bucket > HDD_LRO_BUCKET_MAX)) \
+			bucket = HDD_LRO_BUCKET_MAX; \
+		adapter->lro_info.lro_stats.pkt_aggr_hist[bucket]++; \
+	 } while (0);
+
 /**
  * hdd_lro_get_skb_header() - LRO callback function
  * @skb: network buffer
@@ -260,7 +268,7 @@ static int hdd_lro_desc_find(hdd_adapter_t *adapter,
 	qdf_spin_unlock_bh(&free_pool->lro_pool_lock);
 
 	if (NULL == entry->lro_desc) {
-		hdd_err("entry->lro_desc is NULL!\n");
+		hdd_err("entry->lro_desc is NULL!");
 		return -EINVAL;
 	}
 
@@ -421,6 +429,9 @@ static void hdd_lro_flush_pkt(struct net_lro_mgr *lro_mgr,
 	lro_desc = hdd_lro_get_desc(lro_mgr, lro_mgr->lro_arr, iph, tcph);
 
 	if (lro_desc) {
+		/* statistics */
+		LRO_HIST_UPDATE(lro_desc, adapter);
+
 		hdd_lro_desc_free(lro_desc, adapter);
 		lro_flush_desc(lro_mgr, lro_desc);
 	}
@@ -474,6 +485,8 @@ static void hdd_lro_flush(void *data)
 					lro_flush_desc(
 						hdd_lro->lro_mgr,
 						&hdd_lro->lro_mgr->lro_arr[i]);
+					LRO_HIST_UPDATE((&hdd_lro->lro_mgr->lro_arr[i]),
+						 adapter);
 				}
 			}
 			qdf_spin_unlock_bh(&hdd_lro->lro_mgr_arr_access_lock);
@@ -556,6 +569,7 @@ int hdd_lro_enable(hdd_context_t *hdd_ctx,
 
 	hdd_lro = &adapter->lro_info;
 	qdf_mem_zero((void *)hdd_lro, sizeof(struct hdd_lro_s));
+
 	/*
 	* Allocate all the LRO data structures at once and then carve
 	* them up as needed
@@ -693,12 +707,107 @@ enum hdd_lro_rx_status hdd_lro_rx(hdd_context_t *hdd_ctx,
 			}
 
 			status = HDD_LRO_RX;
+			adapter->lro_info.lro_stats.lro_eligible_tcp++;
 		} else {
 			hdd_lro_flush_pkt(adapter->lro_info.lro_mgr,
 				 iph, tcph, adapter);
+			adapter->lro_info.lro_stats.lro_ineligible_tcp++;
 		}
 		qdf_spin_unlock_bh(
 			&hdd_lro->lro_mgr_arr_access_lock);
 	}
 	return status;
 }
+
+/**
+ * hdd_lro_bucket_to_string() - return string conversion of
+ * bucket
+ * @bucket: bucket
+ *
+ * This utility function helps log string conversion of bucket
+ * enum
+ *
+ * Return: string conversion of the LRO bucket, if match found;
+ *        "Invalid" otherwise.
+ */
+static const char *hdd_lro_bucket_to_string(enum hdd_lro_pkt_aggr_bucket bucket)
+{
+	switch (bucket) {
+	CASE_RETURN_STRING(HDD_LRO_BUCKET_0_7);
+	CASE_RETURN_STRING(HDD_LRO_BUCKET_8_15);
+	CASE_RETURN_STRING(HDD_LRO_BUCKET_16_23);
+	CASE_RETURN_STRING(HDD_LRO_BUCKET_24_31);
+	CASE_RETURN_STRING(HDD_LRO_BUCKET_32_39);
+	CASE_RETURN_STRING(HDD_LRO_BUCKET_40_47);
+	CASE_RETURN_STRING(HDD_LRO_BUCKET_48_OR_MORE);
+	default:
+		return "Invalid";
+	}
+}
+
+/**
+ * wlan_hdd_display_lro_stats() - display LRO statistics
+ * @hdd_ctx: hdd context
+ *
+ * Return: none
+ */
+void hdd_lro_display_stats(hdd_context_t *hdd_ctx)
+{
+
+	hdd_adapter_t *adapter = NULL;
+	hdd_adapter_list_node_t *adapter_node = NULL, *next = NULL;
+	QDF_STATUS status;
+	int i;
+
+	if (!hdd_ctx->config->lro_enable) {
+		hdd_err("LRO Disabled");
+		return;
+	}
+
+	status = hdd_get_front_adapter(hdd_ctx, &adapter_node);
+	while (NULL != adapter_node && QDF_STATUS_SUCCESS == status) {
+		struct hdd_lro_stats *stats;
+		hdd_err("\nLRO statistics:");
+
+		adapter = adapter_node->pAdapter;
+		if (!adapter) {
+			status = hdd_get_next_adapter(hdd_ctx,
+				 adapter_node, &next);
+			adapter_node = next;
+			continue;
+		}
+
+		stats = &adapter->lro_info.lro_stats;
+		hdd_err("Session_id %d device mode %d",
+			adapter->sessionId, adapter->device_mode);
+
+		if (NL80211_IFTYPE_STATION != adapter->wdev.iftype) {
+			hdd_err("No LRO on interface type %d",
+				 adapter->wdev.iftype);
+			status = hdd_get_next_adapter(hdd_ctx,
+				 adapter_node, &next);
+			adapter_node = next;
+			continue;
+		}
+
+		for (i = 0; i <= HDD_LRO_BUCKET_MAX; i++) {
+			if (stats && stats->pkt_aggr_hist)
+				hdd_err("bucket %s: %d packets",
+					 hdd_lro_bucket_to_string(i),
+					 stats->pkt_aggr_hist[i]);
+		}
+
+		hdd_err("LRO eligible TCP packets %d\n"
+			 "LRO ineligible TCP packets %d",
+			 stats->lro_eligible_tcp, stats->lro_ineligible_tcp);
+
+		if (adapter->lro_info.lro_mgr)
+			hdd_err("LRO manager aggr %lu flushed %lu no desc %lu",
+				 adapter->lro_info.lro_mgr->stats.aggregated,
+				 adapter->lro_info.lro_mgr->stats.flushed,
+				 adapter->lro_info.lro_mgr->stats.no_desc);
+
+		status = hdd_get_next_adapter(hdd_ctx, adapter_node, &next);
+		adapter_node = next;
+	}
+}

core/hdd/src/wlan_hdd_main.c

@@ -1448,6 +1448,7 @@ void hdd_update_tgt_cfg(void *context, void *param)
 	}
 
 	hdd_ctx->target_fw_version = cfg->target_fw_version;
+	hdd_ctx->target_fw_vers_ext = cfg->target_fw_vers_ext;
 
 	hdd_ctx->max_intf_count = cfg->max_intf_count;
 
@@ -1961,6 +1962,14 @@ static int __hdd_open(struct net_device *dev)
 					     WLAN_CONTROL_PATH);
 	}
 
+	/* Enable carrier and transmit queues for NDI */
+	if (WLAN_HDD_IS_NDI(adapter)) {
+		hdd_notice("Enabling Tx Queues");
+		wlan_hdd_netif_queue_control(adapter,
+			WLAN_START_ALL_NETIF_QUEUE_N_CARRIER,
+			WLAN_CONTROL_PATH);
+	}
+
 	return ret;
 }
 
@@ -2028,6 +2037,18 @@ static int __hdd_stop(struct net_device *dev)
 	wlan_hdd_netif_queue_control(adapter, WLAN_NETIF_TX_DISABLE_N_CARRIER,
 				   WLAN_CONTROL_PATH);
 
+	/*
+	 * NAN data interface is different in some sense. The traffic on NDI is
+	 * bursty in nature and depends on the need to transfer. The service
+	 * layer may down the interface after the usage and up again when
+	 * required. In some sense, the NDI is expected to be available
+	 * (like SAP) iface until NDI delete request is issued by the service
+	 * layer. Skip BSS termination and adapter deletion for NAN Data
+	 * interface (NDI).
+	 */
+	if (WLAN_HDD_IS_NDI(adapter))
+		return 0;
+
 	/*
 	 * The interface is marked as down for outside world (aka kernel)
 	 * But the driver is pretty much alive inside. The driver needs to
@@ -2431,6 +2452,60 @@ void hdd_set_station_ops(struct net_device *pWlanDev)
 		pWlanDev->netdev_ops = &wlan_drv_ops;
 }
 
+#ifdef FEATURE_RUNTIME_PM
+/**
+ * hdd_runtime_suspend_context_init() - API to initialize HDD Runtime Contexts
+ * @hdd_ctx: HDD context
+ *
+ * Return: None
+ */
+static void hdd_runtime_suspend_context_init(hdd_context_t *hdd_ctx)
+{
+	struct hdd_runtime_pm_context *ctx = &hdd_ctx->runtime_context;
+
+	ctx->scan = qdf_runtime_lock_init("scan");
+	ctx->roc = qdf_runtime_lock_init("roc");
+	ctx->dfs = qdf_runtime_lock_init("dfs");
+}
+
+/**
+ * hdd_runtime_suspend_context_deinit() - API to deinit HDD runtime context
+ * @hdd_ctx: HDD Context
+ *
+ * Return: None
+ */
+static void hdd_runtime_suspend_context_deinit(hdd_context_t *hdd_ctx)
+{
+	struct hdd_runtime_pm_context *ctx = &hdd_ctx->runtime_context;
+
+	qdf_runtime_lock_deinit(ctx->scan);
+	ctx->scan = NULL;
+	qdf_runtime_lock_deinit(ctx->roc);
+	ctx->roc = NULL;
+	qdf_runtime_lock_deinit(ctx->dfs);
+	ctx->dfs = NULL;
+}
+
+static void hdd_adapter_runtime_suspend_init(hdd_adapter_t *adapter)
+{
+	struct hdd_connect_pm_context *ctx = &adapter->connect_rpm_ctx;
+
+	ctx->connect = qdf_runtime_lock_init("connect");
+}
+
+static void hdd_adapter_runtime_suspend_denit(hdd_adapter_t *adapter)
+{
+	struct hdd_connect_pm_context *ctx = &adapter->connect_rpm_ctx;
+
+	qdf_runtime_lock_deinit(ctx->connect);
+	ctx->connect = NULL;
+}
+#else /* FEATURE_RUNTIME_PM */
+static void hdd_runtime_suspend_context_init(hdd_context_t *hdd_ctx) {}
+static void hdd_runtime_suspend_context_deinit(hdd_context_t *hdd_ctx) {}
+static inline void hdd_adapter_runtime_suspend_init(hdd_adapter_t *adapter) {}
+static inline void hdd_adapter_runtime_suspend_denit(hdd_adapter_t *adapter) {}
+#endif /* FEATURE_RUNTIME_PM */
 /**
  * hdd_alloc_station_adapter() - allocate the station hdd adapter
  * @hdd_ctx: global hdd context
@@ -2522,6 +2597,7 @@ static hdd_adapter_t *hdd_alloc_station_adapter(hdd_context_t *hdd_ctx,
 		/* set pWlanDev's parent to underlying device */
 		SET_NETDEV_DEV(pWlanDev, hdd_ctx->parent_dev);
 		hdd_wmm_init(adapter);
+		hdd_adapter_runtime_suspend_init(adapter);
 		spin_lock_init(&adapter->pause_map_lock);
 		adapter->start_time = adapter->last_time = qdf_system_ticks();
 	}
@@ -2896,6 +2972,8 @@ static void hdd_cleanup_adapter(hdd_context_t *hdd_ctx, hdd_adapter_t *adapter,
 		adapter->scan_info.default_scan_ies = NULL;
 	}
 
+	hdd_adapter_runtime_suspend_denit(adapter);
+
 	/*
 	 * The adapter is marked as closed. When hdd_wlan_exit() call returns,
 	 * the driver is almost closed and cannot handle either control
@@ -3110,19 +3188,19 @@ int hdd_set_fw_params(hdd_adapter_t *adapter)
 				ret);
 			goto error;
 		}
+
+		ret = wma_cli_set_command(adapter->sessionId,
+					  WMI_VDEV_PARAM_ENABLE_RTSCTS,
+					  hdd_ctx->config->rts_profile,
+					  VDEV_CMD);
+		if (ret) {
+			hdd_err("FAILED TO SET RTSCTS Profile ret:%d", ret);
+			goto error;
+		}
 	}
 
 	hdd_set_fw_log_params(hdd_ctx, adapter);
 
-	ret = wma_cli_set_command(adapter->sessionId,
-				  WMI_VDEV_PARAM_ENABLE_RTSCTS,
-				  hdd_ctx->config->rts_profile,
-				  VDEV_CMD);
-	if (ret) {
-		hdd_err("FAILED TO SET RTSCTS Profile ret:%d", ret);
-		goto error;
-	}
-
 	EXIT();
 	return 0;
 
@@ -3189,6 +3267,7 @@ hdd_adapter_t *hdd_open_adapter(hdd_context_t *hdd_ctx, uint8_t session_type,
 	case QDF_P2P_DEVICE_MODE:
 	case QDF_OCB_MODE:
 	case QDF_NDI_MODE:
+	case QDF_MONITOR_MODE:
 		adapter = hdd_alloc_station_adapter(hdd_ctx, macAddr,
 						    name_assign_type,
 						    iface_name);
@@ -3203,6 +3282,8 @@ hdd_adapter_t *hdd_open_adapter(hdd_context_t *hdd_ctx, uint8_t session_type,
 			adapter->wdev.iftype = NL80211_IFTYPE_P2P_CLIENT;
 		else if (QDF_P2P_DEVICE_MODE == session_type)
 			adapter->wdev.iftype = NL80211_IFTYPE_P2P_DEVICE;
+		else if (QDF_MONITOR_MODE == session_type)
+			adapter->wdev.iftype = NL80211_IFTYPE_MONITOR;
 		else
 			adapter->wdev.iftype = NL80211_IFTYPE_STATION;
 
@@ -3270,6 +3351,27 @@ hdd_adapter_t *hdd_open_adapter(hdd_context_t *hdd_ctx, uint8_t session_type,
 					     WLAN_NETIF_TX_DISABLE_N_CARRIER,
 					     WLAN_CONTROL_PATH);
 		break;
+	case QDF_FTM_MODE:
+		adapter = hdd_alloc_station_adapter(hdd_ctx, macAddr,
+						    name_assign_type,
+						    "wlan0");
+		if (NULL == adapter) {
+			hdd_err("Failed to allocate adapter for FTM mode");
+			return NULL;
+		}
+		adapter->wdev.iftype = NL80211_IFTYPE_STATION;
+		adapter->device_mode = session_type;
+		status = hdd_register_interface(adapter, rtnl_held);
+		if (QDF_STATUS_SUCCESS != status) {
+			hdd_deinit_adapter(hdd_ctx, adapter, rtnl_held);
+			goto err_free_netdev;
+		}
+		/* Stop the Interface TX queue. */
+		hdd_info("Disabling queues");
+		wlan_hdd_netif_queue_control(adapter,
+					     WLAN_NETIF_TX_DISABLE_N_CARRIER,
+					     WLAN_CONTROL_PATH);
+		break;
 	default:
 		hdd_alert("Invalid session type %d", session_type);
 		QDF_ASSERT(0);
@@ -3370,6 +3472,7 @@ QDF_STATUS hdd_close_adapter(hdd_context_t *hdd_ctx, hdd_adapter_t *adapter,
 		/* Fw will take care incase of concurrency */
 		return QDF_STATUS_SUCCESS;
 	}
+
 	return QDF_STATUS_E_FAILURE;
 }
 
@@ -3392,9 +3495,14 @@ QDF_STATUS hdd_close_all_adapters(hdd_context_t *hdd_ctx, bool rtnl_held)
 	do {
 		status = hdd_remove_front_adapter(hdd_ctx, &pHddAdapterNode);
 		if (pHddAdapterNode && QDF_STATUS_SUCCESS == status) {
+			wlan_hdd_release_intf_addr(hdd_ctx,
+			pHddAdapterNode->pAdapter->macAddressCurrent.bytes);
 			hdd_cleanup_adapter(hdd_ctx, pHddAdapterNode->pAdapter,
 					    rtnl_held);
 			qdf_mem_free(pHddAdapterNode);
+			/* Adapter removed. Decrement vdev count */
+			if (hdd_ctx->current_intf_count != 0)
+				hdd_ctx->current_intf_count--;
 		}
 	} while (NULL != pHddAdapterNode && QDF_STATUS_E_EMPTY != status);
 
@@ -3893,9 +4001,12 @@ void hdd_connect_result(struct net_device *dev, const u8 *bssid,
 			roam_info->u.pConnectedProfile->SSID.ssId,
 			roam_info->u.pConnectedProfile->SSID.length);
 	}
+
 	hdd_connect_bss(dev, bssid, bss, req_ie,
 		req_ie_len, resp_ie, resp_ie_len,
 		status, gfp, connect_timeout);
+
+	qdf_runtime_pm_allow_suspend(padapter->connect_rpm_ctx.connect);
 }
 #else
 void hdd_connect_result(struct net_device *dev, const u8 *bssid,
@@ -3904,8 +4015,11 @@ void hdd_connect_result(struct net_device *dev, const u8 *bssid,
 			size_t resp_ie_len, u16 status, gfp_t gfp,
 			bool connect_timeout)
 {
+	hdd_adapter_t *padapter = (hdd_adapter_t *) netdev_priv(dev);
+
 	cfg80211_connect_result(dev, bssid, req_ie, req_ie_len,
 				resp_ie, resp_ie_len, status, gfp);
+	qdf_runtime_pm_allow_suspend(padapter->connect_rpm_ctx.connect);
 }
 #endif
 
@@ -4633,17 +4747,18 @@ static void hdd_roc_context_destroy(hdd_context_t *hdd_ctx)
 }
 
 /**
- * hdd_context_destroy() - Destroy HDD context
- * @hdd_ctx:	HDD context to be destroyed.
+ * hdd_context_deinit() - Deinitialize HDD context
+ * @hdd_ctx:    HDD context.
  *
- * Free config and HDD context as well as destroy all the resources.
+ * Deinitialize HDD context along with all the feature specific contexts but
+ * do not free hdd context itself. Caller of this API is supposed to free
+ * HDD context.
  *
- * Return: None
+ * return: 0 on success and errno on failure.
  */
-static void hdd_context_destroy(hdd_context_t *hdd_ctx)
+static int hdd_context_deinit(hdd_context_t *hdd_ctx)
 {
-	if (QDF_GLOBAL_FTM_MODE != hdd_get_conparam())
-		hdd_logging_sock_deactivate_svc(hdd_ctx);
+	wlan_hdd_cfg80211_deinit(hdd_ctx->wiphy);
 
 	hdd_roc_context_destroy(hdd_ctx);
 
@@ -4657,6 +4772,24 @@ static void hdd_context_destroy(hdd_context_t *hdd_ctx)
 
 	qdf_list_destroy(&hdd_ctx->hddAdapters);
 
+	return 0;
+}
+
+/**
+ * hdd_context_destroy() - Destroy HDD context
+ * @hdd_ctx:	HDD context to be destroyed.
+ *
+ * Free config and HDD context as well as destroy all the resources.
+ *
+ * Return: None
+ */
+static void hdd_context_destroy(hdd_context_t *hdd_ctx)
+{
+	if (QDF_GLOBAL_FTM_MODE != hdd_get_conparam())
+		hdd_logging_sock_deactivate_svc(hdd_ctx);
+
+	hdd_context_deinit(hdd_ctx);
+
 	qdf_mem_free(hdd_ctx->config);
 	hdd_ctx->config = NULL;
 
@@ -4693,18 +4826,7 @@ static void hdd_wlan_exit(hdd_context_t *hdd_ctx)
 
 	hdd_unregister_notifiers(hdd_ctx);
 
-#ifdef MSM_PLATFORM
-	if (QDF_TIMER_STATE_RUNNING ==
-	    qdf_mc_timer_get_current_state(&hdd_ctx->bus_bw_timer)) {
-		qdf_mc_timer_stop(&hdd_ctx->bus_bw_timer);
-		hdd_reset_tcp_delack(hdd_ctx);
-	}
-
-	if (!QDF_IS_STATUS_SUCCESS
-		    (qdf_mc_timer_destroy(&hdd_ctx->bus_bw_timer))) {
-		hdd_err("Cannot deallocate Bus bandwidth timer");
-	}
-#endif
+	hdd_bus_bandwidth_destroy(hdd_ctx);
 
 #ifdef FEATURE_WLAN_AP_AP_ACS_OPTIMIZE
 	if (QDF_TIMER_STATE_RUNNING ==
@@ -4751,7 +4873,7 @@ static void hdd_wlan_exit(hdd_context_t *hdd_ctx)
 		hdd_stop_all_adapters(hdd_ctx);
 	}
 
-	hdd_wlan_stop_modules(hdd_ctx, false);
+	hdd_wlan_stop_modules(hdd_ctx);
 	/*
 	 * Close the scheduler before calling cds_close to make sure no thread
 	 * is scheduled after the each module close is called i.e after all the
@@ -4775,6 +4897,7 @@ static void hdd_wlan_exit(hdd_context_t *hdd_ctx)
 
 	hdd_green_ap_deinit(hdd_ctx);
 
+	hdd_runtime_suspend_context_deinit(hdd_ctx);
 	hdd_close_all_adapters(hdd_ctx, false);
 
 	hdd_ipa_cleanup(hdd_ctx);
@@ -4782,7 +4905,6 @@ static void hdd_wlan_exit(hdd_context_t *hdd_ctx)
 	/* Free up RoC request queue and flush workqueue */
 	cds_flush_work(&hdd_ctx->roc_req_work);
 
-	hdd_encrypt_decrypt_deinit(hdd_ctx);
 	wlansap_global_deinit();
 	wlan_hdd_deinit_tx_rx_histogram(hdd_ctx);
 	wiphy_unregister(wiphy);
@@ -5203,10 +5325,11 @@ static void hdd_pld_request_bus_bandwidth(hdd_context_t *hdd_ctx,
 	temp_rx = (rx_packets + hdd_ctx->prev_rx) / 2;
 
 	hdd_ctx->prev_rx = rx_packets;
-	if (temp_rx > hdd_ctx->config->tcpDelackThresholdHigh &&
-	    (hdd_ctx->cur_rx_level != WLAN_SVC_TP_HIGH &&
-	    ++hdd_ctx->rx_high_ind_cnt == delack_timer_cnt)) {
-		next_rx_level = WLAN_SVC_TP_HIGH;
+	if (temp_rx > hdd_ctx->config->tcpDelackThresholdHigh) {
+		if ((hdd_ctx->cur_rx_level != WLAN_SVC_TP_HIGH) &&
+		   (++hdd_ctx->rx_high_ind_cnt == delack_timer_cnt)) {
+			next_rx_level = WLAN_SVC_TP_HIGH;
+		}
 	} else {
 		next_rx_level = WLAN_SVC_TP_LOW;
 		hdd_ctx->rx_high_ind_cnt = 0;
@@ -5270,6 +5393,9 @@ static void hdd_bus_bw_compute_cbk(void *priv)
 	bool connected = false;
 	uint32_t ipa_tx_packets = 0, ipa_rx_packets = 0;
 
+	if (wlan_hdd_validate_context(hdd_ctx))
+		return;
+
 	for (status = hdd_get_front_adapter(hdd_ctx, &adapterNode);
 	     NULL != adapterNode && QDF_STATUS_SUCCESS == status;
 	     status =
@@ -5362,6 +5488,26 @@ static void hdd_bus_bw_compute_cbk(void *priv)
 	qdf_mc_timer_start(&hdd_ctx->bus_bw_timer,
 			   hdd_ctx->config->busBandwidthComputeInterval);
 }
+
+int hdd_bus_bandwidth_init(hdd_context_t *hdd_ctx)
+{
+	spin_lock_init(&hdd_ctx->bus_bw_lock);
+
+	qdf_mc_timer_init(&hdd_ctx->bus_bw_timer,
+			  QDF_TIMER_TYPE_SW,
+			  hdd_bus_bw_compute_cbk, (void *)hdd_ctx);
+
+	return 0;
+}
+
+void hdd_bus_bandwidth_destroy(hdd_context_t *hdd_ctx)
+{
+	if (qdf_mc_timer_get_current_state(&hdd_ctx->bus_bw_timer) ==
+	    QDF_TIMER_STATE_RUNNING)
+		hdd_reset_tcp_delack(hdd_ctx);
+
+	qdf_mc_timer_destroy(&hdd_ctx->bus_bw_timer);
+}
 #endif
 
 /**
@@ -5753,8 +5899,8 @@ static uint8_t hdd_get_safe_channel_from_pcl_and_acs_range(
 		hdd_info("chan[%d]:%d", i, pcl.pcl_list[i]);
 		found = false;
 		for (j = 0; j < hdd_ctx->unsafe_channel_count; j++) {
-			if (cds_chan_to_freq(pcl.pcl_list[i]) ==
-			   hdd_ctx->unsafe_channel_list[j]) {
+			if (pcl.pcl_list[i] ==
+					hdd_ctx->unsafe_channel_list[j]) {
 				hdd_info("unsafe chan:%d", pcl.pcl_list[i]);
 				found = true;
 				break;
@@ -5856,8 +6002,7 @@ void hdd_unsafe_channel_restart_sap(hdd_context_t *hdd_ctxt)
 
 		found = false;
 		for (i = 0; i < hdd_ctxt->unsafe_channel_count; i++) {
-			if (cds_chan_to_freq(
-				adapter_temp->sessionCtx.ap.operatingChannel) ==
+			if (adapter_temp->sessionCtx.ap.operatingChannel ==
 				hdd_ctxt->unsafe_channel_list[i]) {
 				found = true;
 				hdd_info("operating ch:%d is unsafe",
@@ -5997,7 +6142,7 @@ void hdd_ch_avoid_cb(void *hdd_context, void *indi_param)
 					end_channel_idx; channel_loop++) {
 			hdd_ctxt->unsafe_channel_list[
 				hdd_ctxt->unsafe_channel_count++] =
-				CDS_CHANNEL_FREQ(channel_loop);
+				CDS_CHANNEL_NUM(channel_loop);
 			if (hdd_ctxt->unsafe_channel_count >=
 							NUM_CHANNELS) {
 				hdd_warn("LTECoex unsafe ch list full");
@@ -6193,6 +6338,9 @@ static void hdd_override_ini_config(hdd_context_t *hdd_ctx)
 		hdd_ctx->config->Is11dSupportEnabled = enable_11d;
 		hdd_notice("Module enable_11d set to %d", enable_11d);
 	}
+
+	if (!hdd_ipa_is_present(hdd_ctx))
+		hdd_ctx->config->IpaConfig = 0;
 }
 
 /**
@@ -6245,36 +6393,6 @@ static void hdd_set_trace_level_for_each(hdd_context_t *hdd_ctx)
 	hdd_cfg_print(hdd_ctx);
 }
 
-/**
- * hdd_context_deinit() - Deinitialize HDD context
- * @hdd_ctx:    HDD context.
- *
- * Deinitialize HDD context along with all the feature specific contexts but
- * do not free hdd context itself. Caller of this API is supposed to free
- * HDD context.
- *
- * return: 0 on success and errno on failure.
- */
-static int hdd_context_deinit(hdd_context_t *hdd_ctx)
-{
-	wlan_hdd_cfg80211_deinit(hdd_ctx->wiphy);
-
-	hdd_roc_context_destroy(hdd_ctx);
-
-	hdd_sap_context_destroy(hdd_ctx);
-
-	hdd_rx_wake_lock_destroy(hdd_ctx);
-
-	hdd_tdls_context_destroy(hdd_ctx);
-
-	hdd_scan_context_destroy(hdd_ctx);
-
-	qdf_list_destroy(&hdd_ctx->hddAdapters);
-
-	return 0;
-}
-
-
 /**
  * hdd_context_init() - Initialize HDD context
  * @hdd_ctx:	HDD context.
@@ -6846,6 +6964,7 @@ static int hdd_update_cds_config(hdd_context_t *hdd_ctx)
 	cds_cfg->max_station = hdd_ctx->config->maxNumberOfPeers;
 	cds_cfg->sub_20_channel_width = WLAN_SUB_20_CH_WIDTH_NONE;
 	cds_cfg->flow_steering_enabled = hdd_ctx->config->flow_steering_enable;
+	cds_cfg->self_recovery_enabled = hdd_ctx->config->enableSelfRecovery;
 
 	hdd_ra_populate_cds_config(cds_cfg, hdd_ctx);
 	hdd_txrx_populate_cds_config(cds_cfg, hdd_ctx);
@@ -7045,7 +7164,6 @@ QDF_STATUS hdd_register_for_sap_restart_with_channel_switch(void)
 }
 #endif
 
-#ifdef CONFIG_CNSS
 /**
  * hdd_get_cnss_wlan_mac_buff() - API to query platform driver for MAC address
  * @dev: Device Pointer
@@ -7055,15 +7173,8 @@ QDF_STATUS hdd_register_for_sap_restart_with_channel_switch(void)
  */
 static uint8_t *hdd_get_cnss_wlan_mac_buff(struct device *dev, uint32_t *num)
 {
-	return cnss_common_get_wlan_mac_address(dev, num);
-}
-#else
-static uint8_t *hdd_get_cnss_wlan_mac_buff(struct device *dev, uint32_t *num)
-{
-	*num = 0;
-	return NULL;
+	return pld_common_get_wlan_mac_address(dev, num);
 }
-#endif
 
 /**
  * hdd_populate_random_mac_addr() - API to populate random mac addresses
@@ -7296,8 +7407,6 @@ static int hdd_pre_enable_configure(hdd_context_t *hdd_ctx)
 		goto out;
 	}
 
-	hdd_initialize_mac_address(hdd_ctx);
-
 	/*
 	 * Set the MAC Address Currently this is used by HAL to add self sta.
 	 * Remove this once self sta is added as part of session open.
@@ -7486,6 +7595,7 @@ static int hdd_features_init(hdd_context_t *hdd_ctx, hdd_adapter_t *adapter)
 		hdd_err("Error setting txlimit in sme: %d", status);
 
 	hdd_tsf_init(hdd_ctx);
+	hdd_encrypt_decrypt_init(hdd_ctx);
 
 	ret = hdd_register_cb(hdd_ctx);
 	if (ret) {
@@ -7560,22 +7670,29 @@ int hdd_configure_cds(hdd_context_t *hdd_ctx, hdd_adapter_t *adapter)
 	status = hdd_post_cds_enable_config(hdd_ctx);
 	if (!QDF_IS_STATUS_SUCCESS(status)) {
 		hdd_alert("hdd_post_cds_enable_config failed");
-		goto out;
+		goto cds_disable;
 	}
 
 	ret = hdd_features_init(hdd_ctx, adapter);
 	if (ret)
-		goto out;
+		goto cds_disable;
 
 	sme_cbacks.sme_get_valid_channels = sme_get_cfg_valid_channels;
 	sme_cbacks.sme_get_nss_for_vdev = sme_get_vdev_type_nss;
 	status = cds_init_policy_mgr(&sme_cbacks);
 	if (!QDF_IS_STATUS_SUCCESS(status)) {
 		hdd_err("Policy manager initialization failed");
-		goto out;
+		goto hdd_features_deinit;
 	}
 
 	return 0;
+
+hdd_features_deinit:
+	hdd_deregister_cb(hdd_ctx);
+	wlan_hdd_cfg80211_deregister_frames(adapter);
+cds_disable:
+	cds_disable(hdd_ctx->pcds_context);
+
 out:
 	return -EINVAL;
 }
@@ -7591,34 +7708,35 @@ out:
 static int hdd_deconfigure_cds(hdd_context_t *hdd_ctx)
 {
 	QDF_STATUS qdf_status;
+	int ret = 0;
 
 	ENTER();
 	/* De-register the SME callbacks */
 	hdd_deregister_cb(hdd_ctx);
+	hdd_encrypt_decrypt_deinit(hdd_ctx);
 
 	/* De-init Policy Manager */
 	if (!QDF_IS_STATUS_SUCCESS(cds_deinit_policy_mgr())) {
 		hdd_err("Failed to deinit policy manager");
 		/* Proceed and complete the clean up */
-		return -EINVAL;
+		ret = -EINVAL;
 	}
 
 	qdf_status = cds_disable(hdd_ctx->pcds_context);
 	if (!QDF_IS_STATUS_SUCCESS(qdf_status)) {
 		hdd_err("Failed to Disable the CDS Modules! :%d",
 			qdf_status);
-		return -EINVAL;
+		ret = -EINVAL;
 	}
 
 	EXIT();
-	return 0;
+	return ret;
 }
 
 
 /**
  * hdd_wlan_stop_modules - Single driver state machine for stoping modules
  * @hdd_ctx: HDD context
- * @shutdown: flag to indicate from SSR or normal path
  *
  * This function maintains the driver state machine it will be invoked from
  * exit, shutdown and con_mode change handler. Depending on the driver state
@@ -7626,7 +7744,7 @@ static int hdd_deconfigure_cds(hdd_context_t *hdd_ctx)
  *
  * Return: 0 for success; non-zero for failure
  */
-int hdd_wlan_stop_modules(hdd_context_t *hdd_ctx, bool shutdown)
+int hdd_wlan_stop_modules(hdd_context_t *hdd_ctx)
 {
 	void *hif_ctx;
 	qdf_device_t qdf_ctx;
@@ -7666,7 +7784,6 @@ int hdd_wlan_stop_modules(hdd_context_t *hdd_ctx, bool shutdown)
 			hdd_alert("Failed to de-configure CDS");
 			QDF_ASSERT(0);
 			ret = -EINVAL;
-			goto done;
 		}
 		hdd_info("successfully Disabled the CDS modules!");
 		hdd_ctx->driver_status = DRIVER_MODULES_OPENED;
@@ -7688,20 +7805,20 @@ int hdd_wlan_stop_modules(hdd_context_t *hdd_ctx, bool shutdown)
 		QDF_ASSERT(0);
 	}
 	/* Clean up message queues of TX, RX and MC thread */
-	cds_sched_flush_mc_mqs(cds_sched_context);
+	if (!cds_is_driver_recovering())
+		cds_sched_flush_mc_mqs(cds_sched_context);
 
 	hif_ctx = cds_get_context(QDF_MODULE_ID_HIF);
 	if (!hif_ctx) {
 		hdd_err("Hif context is Null");
 		ret = -EINVAL;
-		goto done;
 	}
 
 	hdd_hif_close(hif_ctx);
 
 	ol_cds_free();
 
-	if (!shutdown) {
+	if (!cds_is_driver_recovering()) {
 		ret = pld_power_off(qdf_ctx->dev);
 		if (ret)
 			hdd_err("CNSS power down failed put device into Low power mode:%d",
@@ -7738,7 +7855,7 @@ static void hdd_iface_change_callback(void *priv)
 
 	ENTER();
 	hdd_info("Interface change timer expired close the modules!");
-	ret = hdd_wlan_stop_modules(hdd_ctx, false);
+	ret = hdd_wlan_stop_modules(hdd_ctx);
 	if (ret)
 		hdd_alert("Failed to stop modules");
 	EXIT();
@@ -7880,10 +7997,10 @@ int hdd_wlan_startup(struct device *dev)
 	if (hdd_ipa_init(hdd_ctx) == QDF_STATUS_E_FAILURE)
 		goto err_wiphy_unregister;
 
+	hdd_initialize_mac_address(hdd_ctx);
 
 	rtnl_held = hdd_hold_rtnl_lock();
 
-
 	adapter = hdd_open_interfaces(hdd_ctx, rtnl_held);
 
 	if (IS_ERR(adapter)) {
@@ -7922,12 +8039,7 @@ int hdd_wlan_startup(struct device *dev)
 		hdd_err("Failed to init ACS Skip timer");
 #endif
 
-#ifdef MSM_PLATFORM
-	spin_lock_init(&hdd_ctx->bus_bw_lock);
-	qdf_mc_timer_init(&hdd_ctx->bus_bw_timer,
-			  QDF_TIMER_TYPE_SW,
-			  hdd_bus_bw_compute_cbk, (void *)hdd_ctx);
-#endif
+	hdd_bus_bandwidth_init(hdd_ctx);
 
 	hdd_lpass_notify_start(hdd_ctx);
 
@@ -7946,8 +8058,8 @@ int hdd_wlan_startup(struct device *dev)
 	if (QDF_IS_STATUS_ERROR(status))
 		goto err_debugfs_exit;
 
+	hdd_runtime_suspend_context_init(hdd_ctx);
 	memdump_init();
-	hdd_encrypt_decrypt_init(hdd_ctx);
 	hdd_driver_memdump_init();
 
 	if (hdd_ctx->config->fIsImpsEnabled)
@@ -7987,10 +8099,9 @@ err_ipa_cleanup:
 
 err_wiphy_unregister:
 	wiphy_unregister(hdd_ctx->wiphy);
-	wlan_hdd_cfg80211_deinit(hdd_ctx->wiphy);
 
 err_stop_modules:
-	hdd_wlan_stop_modules(hdd_ctx, false);
+	hdd_wlan_stop_modules(hdd_ctx);
 
 
 	status = cds_sched_close(hdd_ctx->pcds_context);
@@ -8002,10 +8113,6 @@ err_stop_modules:
 err_exit_nl_srv:
 	hdd_exit_netlink_services(hdd_ctx);
 
-	if (!QDF_IS_STATUS_SUCCESS(cds_deinit_policy_mgr())) {
-		hdd_err("Failed to deinit policy manager");
-		/* Proceed and complete the clean up */
-	}
 	cds_deinit_ini_config();
 err_hdd_free_context:
 	qdf_mc_timer_destroy(&hdd_ctx->iface_change_timer);
@@ -8576,7 +8683,7 @@ void hdd_stop_bus_bw_compute_timer(hdd_adapter_t *adapter)
 	if (QDF_TIMER_STATE_RUNNING !=
 	    qdf_mc_timer_get_current_state(&hdd_ctx->bus_bw_timer)) {
 		/* trying to stop timer, when not running is not good */
-		hdd_err("bus band width compute timer is not running");
+		hdd_info("bus band width compute timer is not running");
 		return;
 	}
 
@@ -8943,6 +9050,12 @@ static int __hdd_module_init(void)
 
 	pld_init();
 
+	ret = hdd_init();
+	if (ret) {
+		pr_err("hdd_init failed %x\n", ret);
+		goto err_hdd_init;
+	}
+
 	qdf_wake_lock_create(&wlan_wake_lock, "wlan");
 
 	hdd_set_conparam((uint32_t) con_mode);
@@ -8959,6 +9072,8 @@ static int __hdd_module_init(void)
 	return 0;
 out:
 	qdf_wake_lock_destroy(&wlan_wake_lock);
+	hdd_deinit();
+err_hdd_init:
 	pld_deinit();
 	return ret;
 }
@@ -9001,6 +9116,7 @@ static void __hdd_module_exit(void)
 
 	qdf_wake_lock_destroy(&wlan_wake_lock);
 
+	hdd_deinit();
 	pld_deinit();
 
 	return;
@@ -9203,6 +9319,7 @@ static bool is_con_mode_valid(enum tQDF_GLOBAL_CON_MODE mode)
 	case QDF_GLOBAL_MONITOR_MODE:
 	case QDF_GLOBAL_FTM_MODE:
 	case QDF_GLOBAL_EPPING_MODE:
+	case QDF_GLOBAL_MISSION_MODE:
 		return true;
 	default:
 		return false;
@@ -9224,10 +9341,10 @@ static enum tQDF_ADAPTER_MODE hdd_get_adpter_mode(
 		return QDF_STA_MODE;
 	case QDF_GLOBAL_MONITOR_MODE:
 		return QDF_MONITOR_MODE;
-	case QDF_GLOBAL_FTM_MODE:
-		return QDF_FTM_MODE;
 	case QDF_GLOBAL_EPPING_MODE:
 		return QDF_EPPING_MODE;
+	case QDF_GLOBAL_FTM_MODE:
+		return QDF_FTM_MODE;
 	case QDF_GLOBAL_QVIT_MODE:
 		return QDF_QVIT_MODE;
 	default:
@@ -9235,111 +9352,200 @@ static enum tQDF_ADAPTER_MODE hdd_get_adpter_mode(
 	}
 }
 
+static void hdd_cleanup_present_mode(hdd_context_t *hdd_ctx,
+				    enum tQDF_GLOBAL_CON_MODE curr_mode)
+{
+	switch (curr_mode) {
+	case QDF_GLOBAL_MISSION_MODE:
+	case QDF_GLOBAL_MONITOR_MODE:
+	case QDF_GLOBAL_FTM_MODE:
+		hdd_abort_mac_scan_all_adapters(hdd_ctx);
+		hdd_stop_all_adapters(hdd_ctx);
+		hdd_deinit_all_adapters(hdd_ctx, false);
+		hdd_close_all_adapters(hdd_ctx, false);
+		break;
+	case QDF_GLOBAL_EPPING_MODE:
+		epping_disable();
+		epping_close();
+		break;
+	default:
+		return;
+	}
+}
+
+static int hdd_register_req_mode(hdd_context_t *hdd_ctx,
+				 enum tQDF_GLOBAL_CON_MODE mode)
+{
+	hdd_adapter_t *adapter;
+	int ret = 0;
+	bool rtnl_held;
+	qdf_device_t qdf_dev = cds_get_context(QDF_MODULE_ID_QDF_DEVICE);
+	QDF_STATUS status;
+
+	if (!qdf_dev) {
+		hdd_err("qdf device context is Null return!");
+		return -EINVAL;
+	}
+
+	rtnl_held = hdd_hold_rtnl_lock();
+	switch (mode) {
+	case QDF_GLOBAL_MISSION_MODE:
+		adapter = hdd_open_interfaces(hdd_ctx, rtnl_held);
+		if (IS_ERR(adapter)) {
+			hdd_alert("Failed to open interface, adapter is NULL");
+			ret = -EINVAL;
+		}
+		break;
+	case QDF_GLOBAL_FTM_MODE:
+		adapter = hdd_open_adapter(hdd_ctx, QDF_FTM_MODE, "wlan%d",
+					   wlan_hdd_get_intf_addr(hdd_ctx),
+					   NET_NAME_UNKNOWN, rtnl_held);
+		if (adapter == NULL)
+			ret = -EINVAL;
+		break;
+	case QDF_GLOBAL_MONITOR_MODE:
+		adapter = hdd_open_adapter(hdd_ctx, QDF_MONITOR_MODE, "wlan%d",
+					   wlan_hdd_get_intf_addr(hdd_ctx),
+					   NET_NAME_UNKNOWN, rtnl_held);
+		if (adapter == NULL)
+			ret = -EINVAL;
+		break;
+	case QDF_GLOBAL_EPPING_MODE:
+		status = epping_open();
+		 if (status != QDF_STATUS_SUCCESS) {
+			hdd_err("Failed to open in eeping mode: %d", status);
+			ret = -EINVAL;
+			break;
+		}
+		ret = epping_enable(qdf_dev->dev);
+		if (ret) {
+			hdd_err("Failed to enable in epping mode : %d", ret);
+			epping_close();
+		}
+		break;
+	default:
+		hdd_info("Mode not supported");
+		ret = -ENOTSUPP;
+		break;
+	}
+	hdd_release_rtnl_lock();
+	rtnl_held = false;
+	return ret;
+}
+
 /**
- * con_mode_handler() - Handles module param con_mode change
+ * __con_mode_handler() - Handles module param con_mode change
  * @kmessage: con mode name on which driver to be bring up
  * @kp: The associated kernel parameter
+ * @hdd_ctx: Pointer to the global HDD context
  *
  * This function is invoked when user updates con mode using sys entry,
  * to initialize and bring-up driver in that specific mode.
  *
  * Return - 0 on success and failure code on failure
  */
-static int con_mode_handler(const char *kmessage, struct kernel_param *kp)
+static int __con_mode_handler(const char *kmessage, struct kernel_param *kp,
+			      hdd_context_t *hdd_ctx)
 {
 	int ret;
-	hdd_context_t *hdd_ctx;
 	hdd_adapter_t *adapter;
-	qdf_device_t qdf_dev = cds_get_context(QDF_MODULE_ID_QDF_DEVICE);
 	enum tQDF_GLOBAL_CON_MODE curr_mode;
 	enum tQDF_ADAPTER_MODE adapter_mode;
-	QDF_STATUS status;
+
+	ret = wlan_hdd_validate_context(hdd_ctx);
+	if (ret)
+		return ret;
+
+	cds_set_load_in_progress(true);
 
 	hdd_info("con_mode handler: %s", kmessage);
 	ret = param_set_int(kmessage, kp);
 
-	if (!qdf_dev) {
-		hdd_err("qdf device context is Null return!");
-		return -EINVAL;
-	}
 
-	hdd_ctx = cds_get_context(QDF_MODULE_ID_HDD);
-	if (!hdd_ctx) {
-		hdd_err("Hdd context Null return!");
-		return -EINVAL;
-	}
 
 	if (!(is_con_mode_valid(con_mode))) {
 		hdd_err("invlaid con_mode %d", con_mode);
-		return -EINVAL;
+		ret = -EINVAL;
+		goto reset_flags;
 	}
+
 	curr_mode = hdd_get_conparam();
 	if (curr_mode == con_mode) {
 		hdd_err("curr mode: %d is same as user triggered mode %d",
 		       curr_mode, con_mode);
-		return 0;
+		ret = 0;
+		goto reset_flags;
 	}
 
-	adapter_mode = hdd_get_adpter_mode(curr_mode);
-	if (adapter_mode == QDF_MAX_NO_OF_MODE) {
-		hdd_err("invalid adapter");
-		return -EINVAL;
+	/* Cleanup present mode before switching to new mode */
+	hdd_cleanup_present_mode(hdd_ctx, curr_mode);
+
+	ret = hdd_wlan_stop_modules(hdd_ctx);
+	if (ret) {
+		hdd_err("Stop wlan modules failed");
+		goto reset_flags;
 	}
 
-	hdd_stop_all_adapters(hdd_ctx);
-	hdd_deinit_all_adapters(hdd_ctx, false);
+	hdd_set_conparam(con_mode);
 
-	ret = hdd_wlan_stop_modules(hdd_ctx, false);
+	/* Register for new con_mode & then kick_start modules again */
+	ret = hdd_register_req_mode(hdd_ctx, con_mode);
 	if (ret) {
-		hdd_err("Stop wlan modules failed");
-		return -EINVAL;
+		hdd_err("Failed to register for new mode");
+		goto reset_flags;
 	}
 
-	adapter = hdd_get_adapter(hdd_ctx, adapter_mode);
-	if (!adapter) {
-		hdd_err("Failed to get adapter, mode: %d", curr_mode);
-		return -EINVAL;
+	adapter_mode = hdd_get_adpter_mode(con_mode);
+	if (adapter_mode == QDF_MAX_NO_OF_MODE) {
+		hdd_err("invalid adapter");
+		ret = -EINVAL;
+		goto reset_flags;
 	}
 
-	if (con_mode == QDF_GLOBAL_FTM_MODE) {
-		adapter->device_mode = QDF_FTM_MODE;
-		hdd_set_conparam(QDF_GLOBAL_FTM_MODE);
-	} else if (con_mode == QDF_GLOBAL_MONITOR_MODE) {
-		adapter->wdev.iftype = NL80211_IFTYPE_MONITOR;
-		adapter->device_mode = QDF_MONITOR_MODE;
-		hdd_set_conparam(QDF_GLOBAL_MONITOR_MODE);
-		hdd_set_station_ops(adapter->dev);
-	} else if (con_mode == QDF_GLOBAL_EPPING_MODE) {
-		hdd_set_conparam(QDF_GLOBAL_EPPING_MODE);
-		status = epping_open();
-		if (status != QDF_STATUS_SUCCESS) {
-			hdd_err("Failed to open in eeping mode: %d", status);
-			return -EINVAL;
-		}
-		ret = epping_enable(qdf_dev->dev);
-		if (ret) {
-			hdd_err("Failed to enable in epping mode : %d", ret);
-			epping_close();
-			return -EINVAL;
-		}
-		hdd_info("epping mode successfully enabled");
-		return 0;
+	adapter = hdd_get_adapter(hdd_ctx, adapter_mode);
+	if (!adapter) {
+		hdd_err("Failed to get adapter:%d", adapter_mode);
+		goto reset_flags;
 	}
 
 	ret = hdd_wlan_start_modules(hdd_ctx, adapter, false);
 	if (ret) {
 		hdd_err("Start wlan modules failed: %d", ret);
-		return -EINVAL;
+		goto reset_flags;
 	}
 
-	if (hdd_start_adapter(adapter)) {
-		hdd_err("Failed to start %s adapter", kmessage);
-		return -EINVAL;
-	} else {
-		hdd_info("Mode successfully changed to %s", kmessage);
-		ret = 0;
+	if (con_mode == QDF_GLOBAL_MONITOR_MODE ||
+		con_mode == QDF_GLOBAL_FTM_MODE) {
+		if (hdd_start_adapter(adapter)) {
+			hdd_err("Failed to start %s adapter", kmessage);
+			ret = -EINVAL;
+			goto reset_flags;
+		}
 	}
 
+	hdd_info("Mode successfully changed to %s", kmessage);
+	ret = 0;
+
+reset_flags:
+	cds_set_load_in_progress(false);
+	return ret;
+}
+
+
+static int con_mode_handler(const char *kmessage, struct kernel_param *kp)
+{
+	int ret;
+	hdd_context_t *hdd_ctx;
+
+	hdd_ctx = cds_get_context(QDF_MODULE_ID_HDD);
+	ret = wlan_hdd_validate_context(hdd_ctx);
+	if (ret)
+		return ret;
+
+	cds_ssr_protect(__func__);
+	ret = __con_mode_handler(kmessage, kp, hdd_ctx);
+	cds_ssr_unprotect(__func__);
+
 	return ret;
 }
 

core/hdd/src/wlan_hdd_napi.c

@@ -267,6 +267,7 @@ int hdd_napi_event(enum qca_napi_event event, void *data)
  * Return: 0 : no action taken, or action return code
  *         !0: error, or action error code
  */
+static int napi_tput_policy_delay;
 int hdd_napi_apply_throughput_policy(struct hdd_context_s *hddctx,
 				     uint64_t              tx_packets,
 				     uint64_t              rx_packets)
@@ -275,10 +276,23 @@ int hdd_napi_apply_throughput_policy(struct hdd_context_s *hddctx,
 	uint64_t packets = tx_packets + rx_packets;
 	enum qca_napi_tput_state req_state;
 	struct qca_napi_data *napid = hdd_napi_get_all();
-	int    enabled;
+	int enabled = 0;
 
 	NAPI_DEBUG("-->%s(tx=%lld, rx=%lld)", __func__, tx_packets, rx_packets);
 
+	if (unlikely(napi_tput_policy_delay < 0))
+		napi_tput_policy_delay = 0;
+	if (napi_tput_policy_delay > 0) {
+		NAPI_DEBUG("%s: delaying policy; delay-count=%d",
+			  __func__, napi_tput_policy_delay);
+		napi_tput_policy_delay--;
+
+		/* make sure the next timer call calls us */
+		hddctx->cur_vote_level = -1;
+
+		return rc;
+	}
+
 	if ((napid != NULL) &&
 	    (enabled = hdd_napi_enabled(HDD_NAPI_ANY))) {
 		if (packets > hddctx->config->busBandwidthHighThreshold)
@@ -295,7 +309,47 @@ int hdd_napi_apply_throughput_policy(struct hdd_context_s *hddctx,
 	}
 	return rc;
 }
-#endif
+
+/**
+ * hdd_napi_serialize() - serialize all NAPI activities
+ * @is_on: 1="serialize" or 0="de-serialize"
+ *
+ * Start/stop "serial-NAPI-mode".
+ * NAPI serial mode describes a state where all NAPI operations are forced to be
+ * run serially. This is achieved by ensuring all NAPI instances are run on the
+ * same CPU, so forced to be serial.
+ * NAPI life-cycle:
+ * - Interrupt is received for a given CE.
+ * - In the ISR, the interrupt is masked and corresponding NAPI instance
+ *   is scheduled, to be run as a bottom-half.
+ * - Bottom-half starts with a poll call (by the net_rx softirq). There may be
+ *   one of more subsequent calls until the work is complete.
+ * - Once the work is complete, the poll handler enables the interrupt and
+ *   the cycle re-starts.
+ *
+ * Return: <0: error-code (operation failed)
+ *         =0: success
+ *         >0: status (not used)
+ */
+int hdd_napi_serialize(int is_on)
+{
+	int rc;
+	hdd_context_t *hdd_ctx;
+#define POLICY_DELAY_FACTOR (1)
+	rc = hif_napi_serialize(cds_get_context(QDF_MODULE_ID_HIF), is_on);
+	if ((rc == 0) && (is_on == 0)) {
+		/* apply throughput policy after one timeout */
+		napi_tput_policy_delay = POLICY_DELAY_FACTOR;
+
+		/* make sure that bus_bandwidth trigger is executed */
+		hdd_ctx = cds_get_context(QDF_MODULE_ID_HDD);
+		if (hdd_ctx != NULL)
+			hdd_ctx->cur_vote_level = -1;
+
+	}
+	return rc;
+}
+#endif /* HELIUMPLUS */
 
 /**
  * hdd_napi_poll() - NAPI poll function

core/hdd/src/wlan_hdd_p2p.c

@@ -193,6 +193,7 @@ QDF_STATUS wlan_hdd_remain_on_channel_callback(tHalHandle hHal, void *pCtx,
 	 * roc requests are immediately processed without being queued
 	 */
 	pAdapter->is_roc_inprogress = false;
+	qdf_runtime_pm_allow_suspend(hdd_ctx->runtime_context.roc);
 	/*
 	 * If the allow suspend is done later, the scheduled roc wil prevent
 	 * the system from going into suspend and immediately this logic
@@ -266,6 +267,7 @@ void wlan_hdd_cancel_existing_remain_on_channel(hdd_adapter_t *pAdapter)
 {
 	hdd_cfg80211_state_t *cfgState = WLAN_HDD_GET_CFG_STATE_PTR(pAdapter);
 	hdd_remain_on_chan_ctx_t *pRemainChanCtx;
+	hdd_context_t *hdd_ctx = WLAN_HDD_GET_CTX(pAdapter);
 	unsigned long rc;
 
 	mutex_lock(&cfgState->remain_on_chan_ctx_lock);
@@ -340,6 +342,7 @@ void wlan_hdd_cancel_existing_remain_on_channel(hdd_adapter_t *pAdapter)
 		if (!rc) {
 			hdd_err("timeout waiting for cancel remain on channel ready indication");
 		}
+		qdf_runtime_pm_allow_suspend(hdd_ctx->runtime_context.roc);
 		hdd_allow_suspend(WIFI_POWER_EVENT_WAKELOCK_ROC);
 	} else
 		mutex_unlock(&cfgState->remain_on_chan_ctx_lock);
@@ -468,6 +471,7 @@ static void wlan_hdd_remain_on_chan_timeout(void *data)
 	hdd_adapter_t *pAdapter = (hdd_adapter_t *) data;
 	hdd_remain_on_chan_ctx_t *pRemainChanCtx;
 	hdd_cfg80211_state_t *cfgState;
+	hdd_context_t *hdd_ctx;
 
 	if ((NULL == pAdapter) ||
 	    (WLAN_HDD_ADAPTER_MAGIC != pAdapter->magic)) {
@@ -475,6 +479,7 @@ static void wlan_hdd_remain_on_chan_timeout(void *data)
 		return;
 	}
 
+	hdd_ctx = WLAN_HDD_GET_CTX(pAdapter);
 	cfgState = WLAN_HDD_GET_CFG_STATE_PTR(pAdapter);
 	mutex_lock(&cfgState->remain_on_chan_ctx_lock);
 	pRemainChanCtx = cfgState->remain_on_chan_ctx;
@@ -510,8 +515,8 @@ static void wlan_hdd_remain_on_chan_timeout(void *data)
 			pRemainChanCtx->scan_id);
 	}
 
+	qdf_runtime_pm_allow_suspend(hdd_ctx->runtime_context.roc);
 	hdd_allow_suspend(WIFI_POWER_EVENT_WAKELOCK_ROC);
-
 }
 
 static int wlan_hdd_execute_remain_on_channel(hdd_adapter_t *pAdapter,
@@ -571,6 +576,7 @@ static int wlan_hdd_execute_remain_on_channel(hdd_adapter_t *pAdapter,
 		duration = P2P_ROC_DURATION_MULTIPLIER_GO_ABSENT * duration;
 
 	hdd_prevent_suspend(WIFI_POWER_EVENT_WAKELOCK_ROC);
+	qdf_runtime_pm_prevent_suspend(pHddCtx->runtime_context.roc);
 	INIT_COMPLETION(pAdapter->rem_on_chan_ready_event);
 
 	/* call sme API to start remain on channel. */
@@ -598,6 +604,8 @@ static int wlan_hdd_execute_remain_on_channel(hdd_adapter_t *pAdapter,
 			qdf_mc_timer_destroy(
 				&pRemainChanCtx->hdd_remain_on_chan_timer);
 			qdf_mem_free(pRemainChanCtx);
+			qdf_runtime_pm_allow_suspend(pHddCtx->runtime_context.
+						     roc);
 			hdd_allow_suspend(WIFI_POWER_EVENT_WAKELOCK_ROC);
 			return -EINVAL;
 		}
@@ -629,6 +637,8 @@ static int wlan_hdd_execute_remain_on_channel(hdd_adapter_t *pAdapter,
 			qdf_mc_timer_destroy(
 				&pRemainChanCtx->hdd_remain_on_chan_timer);
 			qdf_mem_free(pRemainChanCtx);
+			qdf_runtime_pm_allow_suspend(pHddCtx->runtime_context.
+						     roc);
 			hdd_allow_suspend(WIFI_POWER_EVENT_WAKELOCK_ROC);
 			return -EINVAL;
 		}
@@ -641,6 +651,8 @@ static int wlan_hdd_execute_remain_on_channel(hdd_adapter_t *pAdapter,
 			wlansap_cancel_remain_on_channel(
 				WLAN_HDD_GET_SAP_CTX_PTR(pAdapter),
 				pRemainChanCtx->scan_id);
+			qdf_runtime_pm_allow_suspend(pHddCtx->runtime_context.
+						     roc);
 			hdd_allow_suspend(WIFI_POWER_EVENT_WAKELOCK_ROC);
 			return -EINVAL;
 		}
@@ -790,13 +802,12 @@ static int wlan_hdd_request_remain_on_channel(struct wiphy *wiphy,
 	int ret;
 	int status = 0;
 
-	ENTER();
-
 	hdd_notice("Device_mode %s(%d)",
 		   hdd_device_mode_to_string(pAdapter->device_mode),
 		   pAdapter->device_mode);
 	hdd_info("chan(hw_val)0x%x chan(centerfreq) %d, duration %d",
 		 chan->hw_value, chan->center_freq, duration);
+
 	pHddCtx = WLAN_HDD_GET_CTX(pAdapter);
 	ret = wlan_hdd_validate_context(pHddCtx);
 	if (0 != ret)
@@ -882,7 +893,6 @@ static int wlan_hdd_request_remain_on_channel(struct wiphy *wiphy,
 		hdd_debug("scheduling delayed work: no connection/roc active");
 		schedule_delayed_work(&pHddCtx->roc_req_work, 0);
 	}
-	EXIT();
 	return 0;
 }
 
@@ -1437,14 +1447,17 @@ static int __wlan_hdd_mgmt_tx(struct wiphy *wiphy, struct wireless_dev *wdev,
 		} else
 			mutex_unlock(&cfgState->remain_on_chan_ctx_lock);
 
+		mutex_lock(&cfgState->remain_on_chan_ctx_lock);
 		if ((cfgState->remain_on_chan_ctx != NULL) &&
 		    (cfgState->current_freq == chan->center_freq)
 		    ) {
+			mutex_unlock(&cfgState->remain_on_chan_ctx_lock);
 			hdd_notice("action frame: extending the wait time");
 			extendedWait = (uint16_t) wait;
 			goto send_frame;
 		}
 
+		mutex_unlock(&cfgState->remain_on_chan_ctx_lock);
 		INIT_COMPLETION(pAdapter->offchannel_tx_event);
 
 		status = wlan_hdd_request_remain_on_channel(wiphy, dev, chan,

core/hdd/src/wlan_hdd_power.c

@@ -304,9 +304,12 @@ static int hdd_fill_ipv6_uc_addr(struct inet6_dev *idev,
 	struct list_head *p;
 	uint32_t scope;
 
+	read_lock_bh(&idev->lock);
 	list_for_each(p, &idev->addr_list) {
-		if (*count >= SIR_MAC_NUM_TARGET_IPV6_NS_OFFLOAD_NA)
+		if (*count >= SIR_MAC_NUM_TARGET_IPV6_NS_OFFLOAD_NA) {
+			read_unlock_bh(&idev->lock);
 			return -EINVAL;
+		}
 		ifa = list_entry(p, struct inet6_ifaddr, if_list);
 		if (ifa->flags & IFA_F_DADFAILED)
 			continue;
@@ -326,6 +329,8 @@ static int hdd_fill_ipv6_uc_addr(struct inet6_dev *idev,
 			hdd_err("The Scope %d is not supported", scope);
 		}
 	}
+
+	read_unlock_bh(&idev->lock);
 	return 0;
 }
 
@@ -347,9 +352,12 @@ static int hdd_fill_ipv6_ac_addr(struct inet6_dev *idev,
 	struct ifacaddr6 *ifaca;
 	uint32_t scope;
 
+	read_lock_bh(&idev->lock);
 	for (ifaca = idev->ac_list; ifaca; ifaca = ifaca->aca_next) {
-		if (*count >= SIR_MAC_NUM_TARGET_IPV6_NS_OFFLOAD_NA)
+		if (*count >= SIR_MAC_NUM_TARGET_IPV6_NS_OFFLOAD_NA) {
+			read_unlock_bh(&idev->lock);
 			return -EINVAL;
+		}
 		/* For anycast addr no DAD */
 		scope = ipv6_addr_src_scope(&ifaca->aca_addr);
 		switch (scope) {
@@ -367,6 +375,8 @@ static int hdd_fill_ipv6_ac_addr(struct inet6_dev *idev,
 			hdd_err("The Scope %d is not supported", scope);
 		}
 	}
+
+	read_unlock_bh(&idev->lock);
 	return 0;
 }
 
@@ -1423,6 +1433,7 @@ QDF_STATUS hdd_wlan_shutdown(void)
 	v_CONTEXT_t p_cds_context = NULL;
 	hdd_context_t *pHddCtx;
 	p_cds_sched_context cds_sched_context = NULL;
+	QDF_STATUS qdf_status;
 
 	hdd_alert("WLAN driver shutting down!");
 
@@ -1444,8 +1455,6 @@ QDF_STATUS hdd_wlan_shutdown(void)
 		return QDF_STATUS_E_FAILURE;
 	}
 
-	cds_set_recovery_in_progress(true);
-
 	cds_clear_concurrent_session_count();
 	hdd_cleanup_scan_queue(pHddCtx);
 	hdd_reset_all_adapters(pHddCtx);
@@ -1471,8 +1480,16 @@ QDF_STATUS hdd_wlan_shutdown(void)
 	}
 #endif
 
+	qdf_status = cds_sched_close(p_cds_context);
+	if (!QDF_IS_STATUS_SUCCESS(qdf_status)) {
+		hdd_err("Failed to close CDS Scheduler");
+		QDF_ASSERT(false);
+	}
+
+	hdd_bus_bandwidth_destroy(pHddCtx);
+
 	wlansap_global_deinit();
-	hdd_wlan_stop_modules(pHddCtx, true);
+	hdd_wlan_stop_modules(pHddCtx);
 
 	hdd_lpass_notify_stop(pHddCtx);
 
@@ -1532,6 +1549,8 @@ QDF_STATUS hdd_wlan_re_init(void)
 	if (pHddCtx->config->enable_dp_trace)
 		qdf_dp_trace_init();
 
+	hdd_bus_bandwidth_init(pHddCtx);
+
 	ret = hdd_wlan_start_modules(pHddCtx, pAdapter, true);
 	if (ret) {
 		hdd_err("Failed to start wlan after error");
@@ -1548,7 +1567,6 @@ QDF_STATUS hdd_wlan_re_init(void)
 
 	pHddCtx->hdd_mcastbcast_filter_set = false;
 	pHddCtx->btCoexModeSet = false;
-	hdd_ssr_timer_del();
 
 	wlan_hdd_send_svc_nlink_msg(pHddCtx->radio_index,
 				WLAN_SVC_FW_CRASHED_IND, NULL, 0);
@@ -1574,7 +1592,7 @@ QDF_STATUS hdd_wlan_re_init(void)
 	goto success;
 
 err_cds_disable:
-	hdd_wlan_stop_modules(pHddCtx, true);
+	hdd_wlan_stop_modules(pHddCtx);
 
 err_wiphy_unregister:
 	if (pHddCtx) {
@@ -1599,6 +1617,7 @@ err_re_init:
 	return -EPERM;
 
 success:
+	hdd_ssr_timer_del();
 	return QDF_STATUS_SUCCESS;
 }
 
@@ -2042,6 +2061,48 @@ int wlan_hdd_cfg80211_suspend_wlan(struct wiphy *wiphy,
 	return ret;
 }
 
+/**
+ * hdd_stop_dhcp_ind() - API to stop DHCP sequence
+ * @adapter: Adapter on which DHCP needs to be stopped
+ *
+ * Release the wakelock held for DHCP process and allow
+ * the runtime pm to continue
+ *
+ * Return: None
+ */
+static void hdd_stop_dhcp_ind(hdd_adapter_t *adapter)
+{
+	hdd_context_t *hdd_ctx = WLAN_HDD_GET_CTX(adapter);
+
+	hdd_warn("DHCP stop indicated through power save");
+	sme_dhcp_stop_ind(hdd_ctx->hHal, adapter->device_mode,
+			  adapter->macAddressCurrent.bytes,
+			  adapter->sessionId);
+	hdd_allow_suspend(WIFI_POWER_EVENT_WAKELOCK_DHCP);
+	qdf_runtime_pm_allow_suspend(adapter->connect_rpm_ctx.connect);
+}
+
+/**
+ * hdd_start_dhcp_ind() - API to start DHCP sequence
+ * @adapter: Adapter on which DHCP needs to be stopped
+ *
+ * Prevent APPS suspend and the runtime suspend during
+ * DHCP sequence
+ *
+ * Return: None
+ */
+static void hdd_start_dhcp_ind(hdd_adapter_t *adapter)
+{
+	hdd_context_t *hdd_ctx = WLAN_HDD_GET_CTX(adapter);
+
+	hdd_err("DHCP start indicated through power save");
+	qdf_runtime_pm_prevent_suspend(adapter->connect_rpm_ctx.connect);
+	hdd_prevent_suspend_timeout(1000, WIFI_POWER_EVENT_WAKELOCK_DHCP);
+	sme_dhcp_start_ind(hdd_ctx->hHal, adapter->device_mode,
+			   adapter->macAddressCurrent.bytes,
+			   adapter->sessionId);
+}
+
 /**
  * __wlan_hdd_cfg80211_set_power_mgmt() - set cfg80211 power management config
  * @wiphy: Pointer to wiphy
@@ -2108,20 +2169,8 @@ static int __wlan_hdd_cfg80211_set_power_mgmt(struct wiphy *wiphy,
 
 	status = wlan_hdd_set_powersave(pAdapter, allow_power_save, timeout);
 
-	if (allow_power_save) {
-		hdd_warn("DHCP stop indicated through power save");
-		sme_dhcp_stop_ind(pHddCtx->hHal, pAdapter->device_mode,
-				  pAdapter->macAddressCurrent.bytes,
-				  pAdapter->sessionId);
-		hdd_allow_suspend(WIFI_POWER_EVENT_WAKELOCK_DHCP);
-	} else {
-		hdd_err("DHCP start indicated through power save");
-		hdd_prevent_suspend_timeout(1000,
-					    WIFI_POWER_EVENT_WAKELOCK_DHCP);
-		sme_dhcp_start_ind(pHddCtx->hHal, pAdapter->device_mode,
-				   pAdapter->macAddressCurrent.bytes,
-				   pAdapter->sessionId);
-	}
+	allow_power_save ? hdd_stop_dhcp_ind(pAdapter) :
+		hdd_start_dhcp_ind(pAdapter);
 
 	EXIT();
 	return status;

core/hdd/src/wlan_hdd_scan.c

@@ -1103,6 +1103,43 @@ nla_put_failure:
 	return;
 }
 
+#if (LINUX_VERSION_CODE >= KERNEL_VERSION(3, 14, 0))
+/**
+ * hdd_cfg80211_scan_done() - Scan completed callback to cfg80211
+ * @adapter: Pointer to the adapter
+ * @req : Scan request
+ * @aborted : true scan aborted false scan success
+ *
+ * This function notifies scan done to cfg80211
+ *
+ * Return: none
+ */
+static void hdd_cfg80211_scan_done(hdd_adapter_t *adapter,
+				   struct cfg80211_scan_request *req,
+				   bool aborted)
+{
+	if (adapter->dev->flags & IFF_UP)
+		cfg80211_scan_done(req, aborted);
+}
+#else
+/**
+ * hdd_cfg80211_scan_done() - Scan completed callback to cfg80211
+ * @adapter: Pointer to the adapter
+ * @req : Scan request
+ * @aborted : true scan aborted false scan success
+ *
+ * This function notifies scan done to cfg80211
+ *
+ * Return: none
+ */
+static void hdd_cfg80211_scan_done(hdd_adapter_t *adapter,
+				   struct cfg80211_scan_request *req,
+				   bool aborted)
+{
+	cfg80211_scan_done(req, aborted);
+}
+#endif
+
 /**
  * hdd_cfg80211_scan_done_callback() - scan done callback function called after
  *				       scan is finished
@@ -1200,11 +1237,12 @@ static QDF_STATUS hdd_cfg80211_scan_done_callback(tHalHandle halHandle,
 	 * scan done event will be posted
 	 */
 	if (NL_SCAN == source)
-		cfg80211_scan_done(req, aborted);
+		hdd_cfg80211_scan_done(pAdapter, req, aborted);
 	else
 		hdd_vendor_scan_callback(pAdapter, req, aborted);
 
 allow_suspend:
+	qdf_runtime_pm_allow_suspend(hddctx->runtime_context.scan);
 	qdf_spin_lock(&hddctx->hdd_scan_req_q_lock);
 	size = qdf_list_size(&hddctx->hdd_scan_req_q);
 	if (!size) {
@@ -1695,6 +1733,7 @@ static int __wlan_hdd_cfg80211_scan(struct wiphy *wiphy,
 	if (request->flags & NL80211_SCAN_FLAG_FLUSH)
 		sme_scan_flush_result(WLAN_HDD_GET_HAL_CTX(pAdapter));
 #endif
+	qdf_runtime_pm_prevent_suspend(pHddCtx->runtime_context.scan);
 	status = sme_scan_request(WLAN_HDD_GET_HAL_CTX(pAdapter),
 				pAdapter->sessionId, &scan_req,
 				&hdd_cfg80211_scan_done_callback, dev);
@@ -1708,6 +1747,7 @@ static int __wlan_hdd_cfg80211_scan(struct wiphy *wiphy,
 			status = -EIO;
 		}
 
+		qdf_runtime_pm_allow_suspend(pHddCtx->runtime_context.scan);
 		hdd_allow_suspend(WIFI_POWER_EVENT_WAKELOCK_SCAN);
 		goto free_mem;
 	}

core/hdd/src/wlan_hdd_stats.c

@@ -1225,7 +1225,7 @@ __wlan_hdd_cfg80211_ll_stats_get(struct wiphy *wiphy,
 	hdd_station_ctx_t *hddstactx = WLAN_HDD_GET_STATION_CTX_PTR(pAdapter);
 	int status;
 
-	ENTER_DEV(dev);
+	/* ENTER() intentionally not used in a frequently invoked API */
 
 	if (QDF_GLOBAL_FTM_MODE == hdd_get_conparam()) {
 		hdd_err("Command not allowed in FTM mode");
@@ -1273,11 +1273,6 @@ __wlan_hdd_cfg80211_ll_stats_get(struct wiphy *wiphy,
 
 	LinkLayerStatsGetReq.staId = pAdapter->sessionId;
 
-	hdd_notice("LL_STATS_GET reqId = %d, staId = %d, paramIdMask = %d",
-		LinkLayerStatsGetReq.reqId,
-		LinkLayerStatsGetReq.staId,
-		LinkLayerStatsGetReq.paramIdMask);
-
 	context = &ll_stats_context;
 	spin_lock(&context->context_lock);
 	context->request_id = LinkLayerStatsGetReq.reqId;
@@ -1688,8 +1683,12 @@ static int __wlan_hdd_cfg80211_get_station(struct wiphy *wiphy,
 	if (0 != status)
 		return status;
 
-	wlan_hdd_get_rssi(pAdapter, &sinfo->signal);
-	wlan_hdd_get_snr(pAdapter, &snr);
+	wlan_hdd_get_station_stats(pAdapter);
+	sinfo->signal = pAdapter->hdd_stats.summary_stat.rssi;
+	snr = pAdapter->hdd_stats.summary_stat.snr;
+	hdd_info("snr: %d, rssi: %d",
+		pAdapter->hdd_stats.summary_stat.snr,
+		pAdapter->hdd_stats.summary_stat.rssi);
 	pHddStaCtx->conn_info.signal = sinfo->signal;
 	pHddStaCtx->conn_info.noise =
 		pHddStaCtx->conn_info.signal - snr;
@@ -1708,7 +1707,6 @@ static int __wlan_hdd_cfg80211_get_station(struct wiphy *wiphy,
 	 */
 	hdd_lpass_notify_connect(pAdapter);
 
-	wlan_hdd_get_station_stats(pAdapter);
 	rate_flags = pAdapter->hdd_stats.ClassA_stat.tx_rate_flags;
 
 	/* convert to the UI units of 100kbps */
@@ -1869,8 +1867,15 @@ static int __wlan_hdd_cfg80211_get_station(struct wiphy *wiphy,
 					maxMCSIdx = 8;
 				else if (DATA_RATE_11AC_MAX_MCS_9 ==
 					   vhtMaxMcs) {
-					/* VHT20 is supporting 0~8 */
-					if (rate_flags & eHAL_TX_RATE_VHT20)
+					/*
+					 * IEEE_P802.11ac_2013.pdf page 325, 326
+					 * - MCS9 is valid for VHT20 when
+					 *   Nss = 3 or Nss = 6
+					 * - MCS9 is not valid for VHT20 when
+					 *   Nss = 1,2,4,5,7,8
+					 */
+					if ((rate_flags & eHAL_TX_RATE_VHT20) &&
+					     (nss != 3 && nss != 6))
 						maxMCSIdx = 8;
 					else
 						maxMCSIdx = 9;
@@ -1978,6 +1983,18 @@ static int __wlan_hdd_cfg80211_get_station(struct wiphy *wiphy,
 				maxSpeedMCS = 1;
 				maxMCSIdx =
 				  pAdapter->hdd_stats.ClassA_stat.mcs_index;
+				/*
+				 * IEEE_P802.11ac_2013.pdf page 325, 326
+				 * - MCS9 is valid for VHT20 when
+				 *   Nss = 3 or Nss = 6
+				 * - MCS9 is not valid for VHT20 when
+				 *   Nss = 1,2,4,5,7,8
+				 */
+				if ((rate_flags & eHAL_TX_RATE_VHT20) &&
+				    (maxMCSIdx > 8) &&
+				    (nss != 3 && nss != 6)) {
+					maxMCSIdx = 8;
+				}
 			}
 		}
 
@@ -2098,10 +2115,10 @@ static int __wlan_hdd_cfg80211_get_station(struct wiphy *wiphy,
 		pAdapter->hdd_stats.summary_stat.tx_frm_cnt[3];
 
 	sinfo->tx_retries =
-		pAdapter->hdd_stats.summary_stat.retry_cnt[0] +
-		pAdapter->hdd_stats.summary_stat.retry_cnt[1] +
-		pAdapter->hdd_stats.summary_stat.retry_cnt[2] +
-		pAdapter->hdd_stats.summary_stat.retry_cnt[3];
+		pAdapter->hdd_stats.summary_stat.multiple_retry_cnt[0] +
+		pAdapter->hdd_stats.summary_stat.multiple_retry_cnt[1] +
+		pAdapter->hdd_stats.summary_stat.multiple_retry_cnt[2] +
+		pAdapter->hdd_stats.summary_stat.multiple_retry_cnt[3];
 
 	sinfo->tx_failed =
 		pAdapter->hdd_stats.summary_stat.fail_cnt[0] +

core/hdd/src/wlan_hdd_wext.c

@@ -94,6 +94,7 @@
 #include "hif.h"
 #include "pld_common.h"
 #endif
+#include "wlan_hdd_lro.h"
 
 #define HDD_FINISH_ULA_TIME_OUT         800
 #define HDD_SET_MCBC_FILTERS_TO_FW      1
@@ -432,7 +433,7 @@ static const hdd_freq_chan_map_t freq_chan_map[] = {
 /* Private ioctls and their sub-ioctls */
 #define WLAN_PRIV_SET_TWO_INT_GET_NONE   (SIOCIWFIRSTPRIV + 28)
 #define WE_SET_SMPS_PARAM    1
-#ifdef DEBUG
+#ifdef WLAN_DEBUG
 #define WE_SET_FW_CRASH_INJECT    2
 #endif
 #define WE_DUMP_DP_TRACE_LEVEL    3
@@ -720,6 +721,9 @@ void hdd_wlan_dump_stats(hdd_adapter_t *adapter, int value)
 	case WLAN_HIF_STATS:
 		hdd_display_hif_stats();
 		break;
+	case WLAN_LRO_STATS:
+		hdd_lro_display_stats(hdd_ctx);
+		break;
 	default:
 		ol_txrx_display_stats(value);
 		break;
@@ -745,7 +749,7 @@ void hdd_wlan_get_version(hdd_context_t *hdd_ctx, union iwreq_data *wrqu,
 	tSirVersionString wcnss_sw_version;
 	const char *swversion;
 	const char *hwversion;
-	uint32_t msp_id = 0, mspid = 0, siid = 0, crmid = 0;
+	uint32_t msp_id = 0, mspid = 0, siid = 0, crmid = 0, sub_id = 0;
 
 	if (!hdd_ctx) {
 		hdd_err("Invalid context, HDD context is null");
@@ -760,19 +764,21 @@ void hdd_wlan_get_version(hdd_context_t *hdd_ctx, union iwreq_data *wrqu,
 	mspid = (hdd_ctx->target_fw_version & 0xf000000) >> 24;
 	siid = (hdd_ctx->target_fw_version & 0xf00000) >> 20;
 	crmid = hdd_ctx->target_fw_version & 0x7fff;
+	sub_id = (hdd_ctx->target_fw_vers_ext & 0xf0000000) >> 28;
 
 	hwversion = hdd_ctx->target_hw_name;
 
 	if (wrqu && extra) {
 		wrqu->data.length =
 			scnprintf(extra, WE_MAX_STR_LEN,
-				  "Host SW:%s, FW:%d.%d.%d.%d, HW:%s",
+				  "Host SW:%s, FW:%d.%d.%d.%d.%d, HW:%s",
 				  QWLAN_VERSIONSTR,
-				  msp_id, mspid, siid, crmid, hwversion);
+				  msp_id, mspid, siid, crmid,
+				  sub_id, hwversion);
 	} else {
-		pr_info("Host SW:%s, FW:%d.%d.%d.%d, HW:%s\n",
+		pr_info("Host SW:%s, FW:%d.%d.%d.%d.%d, HW:%s\n",
 			QWLAN_VERSIONSTR,
-			msp_id, mspid, siid, crmid, hwversion);
+			msp_id, mspid, siid, crmid, sub_id, hwversion);
 	}
 error:
 	return;
@@ -4576,7 +4582,7 @@ static int __iw_set_retry(struct net_device *dev, struct iw_request_info *info,
 			if (sme_cfg_set_int (hHal, WNI_CFG_SHORT_RETRY_LIMIT,
 						wrqu->retry.value) !=
 					QDF_STATUS_SUCCESS) {
-				hdd_err("failed to set ini parameter, WNI_CFG_LONG_RETRY_LIMIT");
+				hdd_err("failed to set ini parameter, WNI_CFG_SHORT_RETRY_LIMIT");
 				return -EIO;
 			}
 		}
@@ -4653,7 +4659,7 @@ static int __iw_get_retry(struct net_device *dev, struct iw_request_info *info,
 
 		if (sme_cfg_get_int(hHal, WNI_CFG_SHORT_RETRY_LIMIT, &retry) !=
 		    QDF_STATUS_SUCCESS) {
-			hdd_warn("failed to get ini parameter, WNI_CFG_LONG_RETRY_LIMIT");
+			hdd_warn("failed to get ini parameter, WNI_CFG_SHORT_RETRY_LIMIT");
 			return -EIO;
 		}
 
@@ -9818,7 +9824,7 @@ static int __iw_set_two_ints_getnone(struct net_device *dev,
 					      | value[2],
 					  VDEV_CMD);
 		break;
-#ifdef DEBUG
+#ifdef WLAN_DEBUG
 	case WE_SET_FW_CRASH_INJECT:
 		hdd_err("WE_SET_FW_CRASH_INJECT: %d %d",
 		       value[1], value[2]);
@@ -11087,7 +11093,7 @@ static const struct iw_priv_args we_private_args[] = {
 	 IW_PRIV_TYPE_BYTE | sizeof(struct dot11p_channel_sched),
 	 0, "set_dot11p" }
 	,
-#ifdef DEBUG
+#ifdef WLAN_DEBUG
 	{WE_SET_FW_CRASH_INJECT,
 	 IW_PRIV_TYPE_INT | IW_PRIV_SIZE_FIXED | 2,
 	 0, "crash_inject"}

core/mac/inc/ani_global.h

@@ -979,6 +979,7 @@ typedef struct sAniSirGlobal {
 	enum auth_tx_ack_status auth_ack_status;
 	uint8_t user_configured_nss;
 	bool sta_prefer_80MHz_over_160MHz;
+	bool is_11d_hint;
 } tAniSirGlobal;
 
 typedef enum {

core/mac/inc/qwlan_version.h

@@ -41,9 +41,9 @@
 #define QWLAN_VERSION_MAJOR            5
 #define QWLAN_VERSION_MINOR            1
 #define QWLAN_VERSION_PATCH            0
-#define QWLAN_VERSION_EXTRA            "P"
-#define QWLAN_VERSION_BUILD            30
+#define QWLAN_VERSION_EXTRA            "O"
+#define QWLAN_VERSION_BUILD            32
 
-#define QWLAN_VERSIONSTR               "5.1.0.30P"
+#define QWLAN_VERSIONSTR               "5.1.0.32O"
 
 #endif /* QWLAN_VERSION_H */

core/mac/inc/sir_api.h

@@ -203,6 +203,7 @@ enum sir_roam_op_code {
 	SIR_ROAMING_START,
 	SIR_ROAMING_ABORT,
 	SIR_ROAM_SYNCH_COMPLETE,
+	SIR_ROAM_SYNCH_NAPI_OFF,
 };
 /**
  * Module ID definitions.
@@ -2506,9 +2507,11 @@ typedef struct sSirUpdateAPWPSIEsReq {
 /*
  * enum sir_update_session_param_type - session param type
  * @SIR_PARAM_SSID_HIDDEN: ssidHidden parameter
+ * @SIR_PARAM_IGNORE_ASSOC_DISALLOWED: ignore_assoc_disallowed parameter
  */
 enum sir_update_session_param_type {
 	SIR_PARAM_SSID_HIDDEN,
+	SIR_PARAM_IGNORE_ASSOC_DISALLOWED,
 };
 
 /*
@@ -4699,29 +4702,45 @@ typedef struct {
 	uint32_t   buckets_scanned;
 } tSirExtScanOnScanEventIndParams, *tpSirExtScanOnScanEventIndParams;
 
+#define MAX_EPNO_NETWORKS 64
+
 /**
  * struct wifi_epno_network - enhanced pno network block
  * @ssid: ssid
- * @rssi_threshold: threshold for considering this SSID as found, required
- *		    granularity for this threshold is 4dBm to 8dBm
  * @flags: WIFI_PNO_FLAG_XXX
  * @auth_bit_field: auth bit field for matching WPA IE
  */
 struct wifi_epno_network {
 	tSirMacSSid  ssid;
-	int8_t       rssi_threshold;
 	uint8_t      flags;
 	uint8_t      auth_bit_field;
 };
 
 /**
  * struct wifi_epno_params - enhanced pno network params
+ * @request_id: request id number
+ * @session_id: session_id number
+ * @min_5ghz_rssi: minimum 5GHz RSSI for a BSSID to be considered
+ * @min_24ghz_rssi: minimum 2.4GHz RSSI for a BSSID to be considered
+ * @initial_score_max: maximum score that a network can have before bonuses
+ * @current_connection_bonus: only report when there is a network's score this
+ *    much higher than the current connection
+ * @same_network_bonus: score bonus for all n/w with the same network flag
+ * @secure_bonus: score bonus for networks that are not open
+ * @band_5ghz_bonus: 5GHz RSSI score bonus (applied to all 5GHz networks)
  * @num_networks: number of ssids
- * @networks: PNO networks
+ * @networks: EPNO networks
  */
 struct wifi_epno_params {
 	uint32_t    request_id;
 	uint32_t    session_id;
+	uint32_t    min_5ghz_rssi;
+	uint32_t    min_24ghz_rssi;
+	uint32_t    initial_score_max;
+	uint32_t    current_connection_bonus;
+	uint32_t    same_network_bonus;
+	uint32_t    secure_bonus;
+	uint32_t    band_5ghz_bonus;
 	uint32_t    num_networks;
 	struct wifi_epno_network networks[];
 };

core/mac/src/include/dot11f.h

@@ -35,7 +35,7 @@
  *
  *
  * This file was automatically generated by 'framesc'
- * Mon Oct  3 12:40:25 2016 from the following file(s):
+ * Thu Oct  6 17:32:00 2016 from the following file(s):
  *
  * dot11f.frms
  *
@@ -3780,8 +3780,8 @@ uint32_t dot11f_get_packed_ie_ChanSwitchAnn(
 
 /* EID 196 (0xc4) */
 typedef struct sDot11fIEChannelSwitchWrapper {
-	uint8_t                              present;
-	tDot11fIEWiderBWChanSwitchAnn        WiderBWChanSwitchAnn;
+	uint8_t                                present;
+	tDot11fIEWiderBWChanSwitchAnn          WiderBWChanSwitchAnn;
 	tDot11fIEvht_transmit_power_env        vht_transmit_power_env;
 } tDot11fIEChannelSwitchWrapper;
 
@@ -5983,7 +5983,7 @@ typedef struct sDot11fIERSN {
 /* N.B. These #defines do *not* include the EID & length */
 #define DOT11F_IE_RSN_MIN_LEN (6)
 
-#define DOT11F_IE_RSN_MAX_LEN (255)
+#define DOT11F_IE_RSN_MAX_LEN (114)
 
 #ifdef __cplusplus
 extern "C" {
@@ -9281,7 +9281,7 @@ uint32_t dot11f_get_packed_wmm_del_ts_size(tpAniSirGlobal pCtx,
 } /* End extern "C". */
 #endif /* C++ */
 
-typedef struct sDot11fext_channel_switch_action_frame {
+typedef struct sDot11fext_channel_switch_action_frame{
 	tDot11fFfCategory                          Category;
 	tDot11fFfAction                            Action;
 	tDot11fFfext_chan_switch_ann_action        ext_chan_switch_ann_action;

core/mac/src/include/sir_params.h

@@ -635,7 +635,6 @@ typedef struct sSirMbMsgP2p {
 #define SIR_HAL_POWER_DBG_CMD               (SIR_HAL_ITC_MSG_TYPES_BEGIN + 362)
 #define SIR_HAL_SET_DTIM_PERIOD             (SIR_HAL_ITC_MSG_TYPES_BEGIN + 363)
 #define SIR_HAL_ENCRYPT_DECRYPT_MSG         (SIR_HAL_ITC_MSG_TYPES_BEGIN + 364)
-#define SIR_HAL_SET_CTS2SELF_FOR_STA        (SIR_HAL_ITC_MSG_TYPES_BEGIN + 368)
 
 #define SIR_HAL_MSG_TYPES_END                (SIR_HAL_MSG_TYPES_BEGIN + 0x1FF)
 

core/mac/src/pe/include/lim_api.h

@@ -122,6 +122,18 @@ tSirRetStatus pe_start(tpAniSirGlobal pMac);
 void pe_stop(tpAniSirGlobal pMac);
 tSirRetStatus pe_post_msg_api(tpAniSirGlobal pMac, tSirMsgQ *pMsg);
 tSirRetStatus peProcessMsg(tpAniSirGlobal pMac, tSirMsgQ *limMsg);
+
+/**
+ * pe_register_callbacks_with_wma() - register SME and PE callback functions to
+ * WMA.
+ * @pMac: mac global ctx
+ * @ready_req: Ready request parameters, containing callback pointers
+ *
+ * Return: None
+ */
+void pe_register_callbacks_with_wma(tpAniSirGlobal pMac,
+				    tSirSmeReadyReq *ready_req);
+
 /**
  * Function to cleanup LIM state.
  * This called upon reset/persona change etc

core/mac/src/pe/include/lim_session.h

@@ -484,6 +484,7 @@ typedef struct sPESession       /* Added to Support BT-AMP */
 	uint8_t beacon_tx_rate;
 	uint8_t *access_policy_vendor_ie;
 	uint8_t access_policy;
+	bool ignore_assoc_disallowed;
 } tPESession, *tpPESession;
 
 /*-------------------------------------------------------------------------

core/mac/src/pe/lim/lim_api.c

@@ -1014,7 +1014,7 @@ tSirRetStatus pe_process_messages(tpAniSirGlobal pMac, tSirMsgQ *pMsg)
  * @return None
  */
 
-QDF_STATUS pe_handle_mgmt_frame(void *p_cds_gctx, void *cds_buff)
+static QDF_STATUS pe_handle_mgmt_frame(void *p_cds_gctx, void *cds_buff)
 {
 	tpAniSirGlobal pMac;
 	tpSirMacMgmtHdr mHdr;
@@ -1091,10 +1091,7 @@ QDF_STATUS pe_handle_mgmt_frame(void *p_cds_gctx, void *cds_buff)
 /**
  * pe_register_callbacks_with_wma() - register SME and PE callback functions to
  * WMA.
- * @pMac: mac global ctx
- * @ready_req: Ready request parameters, containing callback pointers
- *
- * Return: None
+ * (function documentation in lim_api.h)
  */
 void pe_register_callbacks_with_wma(tpAniSirGlobal pMac,
 				    tSirSmeReadyReq *ready_req)
@@ -1748,9 +1745,10 @@ void lim_fill_join_rsp_ht_caps(tpPESession session, tpSirSmeJoinRsp join_rsp)
 #endif
 
 #ifdef WLAN_FEATURE_ROAM_OFFLOAD
-QDF_STATUS lim_roam_fill_bss_descr(tpAniSirGlobal pMac,
-		roam_offload_synch_ind *roam_offload_synch_ind_ptr,
-		tpSirBssDescription  bss_desc_ptr)
+static QDF_STATUS
+lim_roam_fill_bss_descr(tpAniSirGlobal pMac,
+			roam_offload_synch_ind *roam_offload_synch_ind_ptr,
+			tpSirBssDescription  bss_desc_ptr)
 {
 	uint32_t ie_len = 0;
 	tpSirProbeRespBeacon parsed_frm_ptr;
@@ -2083,7 +2081,8 @@ QDF_STATUS pe_roam_synch_callback(tpAniSirGlobal mac_ctx,
 }
 #endif
 
-uint8_t lim_is_beacon_miss_scenario(tpAniSirGlobal pMac, uint8_t *pRxPacketInfo)
+static bool lim_is_beacon_miss_scenario(tpAniSirGlobal pMac,
+					uint8_t *pRxPacketInfo)
 {
 	tpSirMacMgmtHdr pHdr = WMA_GET_RX_MAC_HEADER(pRxPacketInfo);
 	uint8_t sessionId;

core/mac/src/pe/lim/lim_assoc_utils.c

@@ -3191,6 +3191,31 @@ lim_check_and_announce_join_success(tpAniSirGlobal mac_ctx,
 		session_entry->defaultAuthFailureTimeout = 0;
 	}
 
+
+	/*
+	 * Check if MBO Association disallowed subattr is present and post
+	 * failure status to LIM if present
+	 */
+	if (!session_entry->ignore_assoc_disallowed &&
+			beacon_probe_rsp->assoc_disallowed) {
+		lim_log(mac_ctx, LOGW,
+				FL("Connection fails due to assoc disallowed reason(%d):%pM PESessionID %d"),
+				beacon_probe_rsp->assoc_disallowed_reason,
+				session_entry->bssId,
+				session_entry->peSessionId);
+		mlm_join_cnf.resultCode = eSIR_SME_ASSOC_REFUSED;
+		mlm_join_cnf.protStatusCode = eSIR_MAC_UNSPEC_FAILURE_STATUS;
+		session_entry->limMlmState = eLIM_MLM_IDLE_STATE;
+		mlm_join_cnf.sessionId = session_entry->peSessionId;
+		if (session_entry->pLimMlmJoinReq) {
+			qdf_mem_free(session_entry->pLimMlmJoinReq);
+			session_entry->pLimMlmJoinReq = NULL;
+		}
+		lim_post_sme_message(mac_ctx, LIM_MLM_JOIN_CNF,
+				(uint32_t *) &mlm_join_cnf);
+		return;
+	}
+
 	/* Update Beacon Interval at CFG database */
 
 	if (beacon_probe_rsp->HTCaps.present)

core/mac/src/pe/lim/lim_ft.c

@@ -493,7 +493,6 @@ void lim_fill_ft_session(tpAniSirGlobal pMac,
 	tSchBeaconStruct *pBeaconStruct;
 	uint32_t selfDot11Mode;
 	ePhyChanBondState cbEnabledMode;
-	QDF_STATUS status;
 
 	pBeaconStruct = qdf_mem_malloc(sizeof(tSchBeaconStruct));
 	if (NULL == pBeaconStruct) {
@@ -679,19 +678,6 @@ void lim_fill_ft_session(tpAniSirGlobal pMac,
 	pftSessionEntry->encryptType = psessionEntry->encryptType;
 #ifdef WLAN_FEATURE_11W
 	pftSessionEntry->limRmfEnabled = psessionEntry->limRmfEnabled;
-
-	if (pftSessionEntry->limRmfEnabled) {
-		pftSessionEntry->pmfComebackTimerInfo.pMac = pMac;
-		pftSessionEntry->pmfComebackTimerInfo.sessionID =
-				psessionEntry->smeSessionId;
-		status = qdf_mc_timer_init(&pftSessionEntry->pmfComebackTimer,
-			QDF_TIMER_TYPE_SW, lim_pmf_comeback_timer_callback,
-			(void *)&pftSessionEntry->pmfComebackTimerInfo);
-		if (!QDF_IS_STATUS_SUCCESS(status))
-			lim_log(pMac, LOGE,
-				FL("cannot init pmf comeback timer."));
-	}
-
 #endif
 	if ((pftSessionEntry->limRFBand == SIR_BAND_2_4_GHZ) &&
 		(pftSessionEntry->htSupportedChannelWidthSet ==
@@ -861,7 +847,7 @@ bool lim_process_ft_update_key(tpAniSirGlobal pMac, uint32_t *pMsgBuf)
 	return true;
 }
 
-void
+static void
 lim_ft_send_aggr_qos_rsp(tpAniSirGlobal pMac, uint8_t rspReqd,
 			 tpAggrAddTsParams aggrQosRsp, uint8_t smesessionId)
 {

core/mac/src/pe/lim/lim_ft_preauth.c

@@ -350,12 +350,13 @@ tSirRetStatus lim_ft_setup_auth_session(tpAniSirGlobal pMac,
  * lim_ft_process_pre_auth_result() - Process the Auth frame
  * @pMac: Global MAC context
  * @status: Status code
- * psessionEntry: PE Session
+ * @psessionEntry: PE Session
  *
  * Return: None
  */
-void lim_ft_process_pre_auth_result(tpAniSirGlobal pMac, QDF_STATUS status,
-				    tpPESession psessionEntry)
+static void lim_ft_process_pre_auth_result(tpAniSirGlobal pMac,
+					   QDF_STATUS status,
+					   tpPESession psessionEntry)
 {
 	if (NULL == psessionEntry ||
 	    NULL == psessionEntry->ftPEContext.pFTPreAuthReq)

core/mac/src/pe/lim/lim_process_beacon_frame.c

@@ -106,15 +106,6 @@ lim_process_beacon_frame(tpAniSirGlobal mac_ctx, uint8_t *rx_pkt_info,
 		return;
 	}
 
-	if (bcn_ptr->assoc_disallowed) {
-		lim_log(mac_ctx, LOG1,
-				FL("Association disallowed in AP "MAC_ADDRESS_STR " Reason code %d"),
-				MAC_ADDR_ARRAY(mac_hdr->sa),
-				bcn_ptr->assoc_disallowed_reason);
-		qdf_mem_free(bcn_ptr);
-		return;
-	}
-
 	/*
 	 * during scanning, when any session is active, and
 	 * beacon/Pr belongs to one of the session, fill up the

core/mac/src/pe/lim/lim_process_disassoc_frame.c

@@ -266,20 +266,6 @@ lim_process_disassoc_frame(tpAniSirGlobal pMac, uint8_t *pRxPacketInfo,
 		   (psessionEntry->limSmeState != eLIM_SME_WT_ASSOC_STATE) &&
 		   (psessionEntry->limSmeState != eLIM_SME_WT_REASSOC_STATE))) {
 		switch (reasonCode) {
-		case eSIR_MAC_UNSPEC_FAILURE_REASON:
-		case eSIR_MAC_DISASSOC_DUE_TO_INACTIVITY_REASON:
-		case eSIR_MAC_DISASSOC_DUE_TO_DISABILITY_REASON:
-		case eSIR_MAC_CLASS2_FRAME_FROM_NON_AUTH_STA_REASON:
-		case eSIR_MAC_CLASS3_FRAME_FROM_NON_ASSOC_STA_REASON:
-		case eSIR_MAC_MIC_FAILURE_REASON:
-		case eSIR_MAC_4WAY_HANDSHAKE_TIMEOUT_REASON:
-		case eSIR_MAC_GR_KEY_UPDATE_TIMEOUT_REASON:
-		case eSIR_MAC_RSN_IE_MISMATCH_REASON:
-		case eSIR_MAC_1X_AUTH_FAILURE_REASON:
-		case eSIR_MAC_PREV_AUTH_NOT_VALID_REASON:
-			/* Valid reasonCode in received Disassociation frame */
-			break;
-
 		case eSIR_MAC_DEAUTH_LEAVING_BSS_REASON:
 		case eSIR_MAC_DISASSOC_LEAVING_BSS_REASON:
 			/* Valid reasonCode in received Disassociation frame */
@@ -297,15 +283,7 @@ lim_process_disassoc_frame(tpAniSirGlobal pMac, uint8_t *pRxPacketInfo,
 			break;
 
 		default:
-			/* Invalid reasonCode in received Disassociation frame */
-			/* Log error and ignore the frame */
-			PELOGE(lim_log(pMac, LOGE,
-				       FL
-					       ("received Disassoc frame with invalid reasonCode "
-					       "%d from " MAC_ADDRESS_STR), reasonCode,
-				       MAC_ADDR_ARRAY(pHdr->sa));
-			       )
-			return;
+			break;
 		}
 	} else {
 		/* Received Disassociation frame in either IBSS */

core/mac/src/pe/lim/lim_process_mlm_req_messages.c

@@ -714,7 +714,7 @@ end:
  *
  * Return: none
  */
-void lim_post_join_set_link_state_callback(tpAniSirGlobal mac,
+static void lim_post_join_set_link_state_callback(tpAniSirGlobal mac,
 		void *callback_arg, bool status)
 {
 	uint8_t chan_num, sec_chan_offset;

core/mac/src/pe/lim/lim_process_mlm_rsp_messages.c

@@ -339,7 +339,7 @@ void lim_process_mlm_join_cnf(tpAniSirGlobal mac_ctx,
  * Return: None
  */
 
-void lim_send_mlm_assoc_req(tpAniSirGlobal mac_ctx,
+static void lim_send_mlm_assoc_req(tpAniSirGlobal mac_ctx,
 	tpPESession session_entry)
 {
 	tLimMlmAssocReq *assoc_req;
@@ -740,7 +740,7 @@ void lim_process_mlm_assoc_cnf(tpAniSirGlobal mac_ctx,
  * Return: None
  */
 
-void
+static void
 lim_fill_assoc_ind_params(tpAniSirGlobal mac_ctx,
 	tpLimMlmAssocInd assoc_ind, tSirSmeAssocInd *sme_assoc_ind,
 	tpPESession session_entry)
@@ -3224,7 +3224,7 @@ void lim_send_beacon_ind(tpAniSirGlobal pMac, tpPESession psessionEntry)
  *
  * @return None
  */
-void lim_send_sme_scan_cache_updated_ind(uint8_t sessionId)
+static void lim_send_sme_scan_cache_updated_ind(uint8_t sessionId)
 {
 	cds_msg_t msg;
 
@@ -3241,8 +3241,8 @@ void lim_send_sme_scan_cache_updated_ind(uint8_t sessionId)
 }
 #endif
 
-void lim_send_scan_offload_complete(tpAniSirGlobal pMac,
-				    tSirScanOffloadEvent *pScanEvent)
+static void lim_send_scan_offload_complete(tpAniSirGlobal pMac,
+					   tSirScanOffloadEvent *pScanEvent)
 {
 
 	pMac->lim.gLimRspReqd = false;

core/mac/src/pe/lim/lim_process_probe_req_frame.c

@@ -312,7 +312,7 @@ void lim_wpspbc_close(tpAniSirGlobal pMac, tpPESession psessionEntry)
  * @return BOOLEAN
  */
 
-bool lim_check11b_rates(uint8_t rate)
+static bool lim_check11b_rates(uint8_t rate)
 {
 	if ((0x02 == (rate))
 	    || (0x04 == (rate))

core/mac/src/pe/lim/lim_process_probe_rsp_frame.c

@@ -60,7 +60,7 @@
  *
  * Return: 0 on success, one on failure
  */
-tSirRetStatus
+static tSirRetStatus
 lim_validate_ie_information_in_probe_rsp_frame(tpAniSirGlobal mac_ctx,
 				uint8_t *pRxPacketInfo)
 {
@@ -171,15 +171,6 @@ lim_process_probe_rsp_frame(tpAniSirGlobal mac_ctx, uint8_t *rx_Packet_info,
 		return;
 	}
 
-	if (probe_rsp->assoc_disallowed) {
-		lim_log(mac_ctx, LOG1,
-			FL("Association disallowed by AP "MAC_ADDRESS_STR " Reason code %d"),
-				MAC_ADDR_ARRAY(header->bssId),
-				probe_rsp->assoc_disallowed_reason);
-		qdf_mem_free(probe_rsp);
-		return;
-	}
-
 	lim_check_and_add_bss_description(mac_ctx, probe_rsp,
 			  rx_Packet_info, false, true);
 	/* To Support BT-AMP */
@@ -404,15 +395,6 @@ lim_process_probe_rsp_frame_no_session(tpAniSirGlobal mac_ctx,
 		return;
 	}
 
-	if (probe_rsp->assoc_disallowed) {
-		lim_log(mac_ctx, LOG1,
-			FL("Association disallowed by AP "MAC_ADDRESS_STR " Reason code %d"),
-				MAC_ADDR_ARRAY(header->bssId),
-				probe_rsp->assoc_disallowed_reason);
-		qdf_mem_free(probe_rsp);
-		return;
-	}
-
 	lim_log(mac_ctx, LOG2, FL("Save this probe rsp in LFR cache"));
 	lim_check_and_add_bss_description(mac_ctx, probe_rsp,
 		  rx_packet_info, false, true);

core/mac/src/pe/lim/lim_process_sme_req_messages.c

@@ -117,8 +117,6 @@ static void lim_process_modify_add_ies(tpAniSirGlobal pMac, uint32_t *pMsg);
 
 static void lim_process_update_add_ies(tpAniSirGlobal pMac, uint32_t *pMsg);
 
-extern void pe_register_callbacks_with_wma(tpAniSirGlobal pMac,
-		tSirSmeReadyReq *ready_req);
 static void lim_process_ext_change_channel(tpAniSirGlobal mac_ctx,
 						uint32_t *msg);
 
@@ -1278,7 +1276,6 @@ static QDF_STATUS lim_send_hal_start_scan_offload_req(tpAniSirGlobal pMac,
 	len = sizeof(tSirScanOffloadReq) +
 		(pScanReq->channelList.numChannels - 1) +
 		pScanReq->uIEFieldLen;
-
 	if (lim_11h_enable) {
 		addn_ie_len += DOT11F_IE_WFATPC_MAX_LEN + 2;
 		len += DOT11F_IE_WFATPC_MAX_LEN + 2;
@@ -1372,6 +1369,13 @@ static QDF_STATUS lim_send_hal_start_scan_offload_req(tpAniSirGlobal pMac,
 			((uint8_t *)&wfa_tpc) + 1,
 			DOT11F_IE_WFATPC_MAX_LEN - SIR_MAC_WFA_TPC_OUI_SIZE);
 		pScanOffloadReq->uIEFieldLen += DOT11F_IE_WFATPC_MAX_LEN + 2;
+		if (pScanReq->uIEFieldLen)
+			lim_strip_ie(pMac,
+				(uint8_t *) pScanReq + pScanReq->uIEFieldOffset,
+				&pScanReq->uIEFieldLen,
+				DOT11F_EID_WFATPC, ONE_BYTE,
+				SIR_MAC_WFA_TPC_OUI, SIR_MAC_WFA_TPC_OUI_SIZE,
+				NULL);
 	}
 
 	rc = wma_post_ctrl_msg(pMac, &msg);
@@ -3099,8 +3103,8 @@ end:
  * Return: None
  */
 
-void lim_process_sme_get_assoc_sta_info(tpAniSirGlobal mac_ctx,
-					uint32_t *msg_buf)
+static void lim_process_sme_get_assoc_sta_info(tpAniSirGlobal mac_ctx,
+					       uint32_t *msg_buf)
 {
 	tSirSmeGetAssocSTAsReq get_assoc_stas_req;
 	tpDphHashNode sta_ds = NULL;
@@ -3206,8 +3210,8 @@ lim_assoc_sta_end:
  *
  * Return: None
  */
-void lim_process_sme_get_wpspbc_sessions(tpAniSirGlobal mac_ctx,
-		uint32_t *msg_buf)
+static void lim_process_sme_get_wpspbc_sessions(tpAniSirGlobal mac_ctx,
+						uint32_t *msg_buf)
 {
 	tSirSmeGetWPSPBCSessionsReq get_wps_pbc_sessions_req;
 	tpPESession session_entry = NULL;
@@ -3306,7 +3310,8 @@ static void __lim_counter_measures(tpAniSirGlobal pMac, tpPESession psessionEntr
 					     mac, psessionEntry, false);
 };
 
-void lim_process_tkip_counter_measures(tpAniSirGlobal pMac, uint32_t *pMsgBuf)
+static void lim_process_tkip_counter_measures(tpAniSirGlobal pMac,
+					      uint32_t *pMsgBuf)
 {
 	tSirSmeTkipCntrMeasReq tkipCntrMeasReq;
 	tpPESession psessionEntry;
@@ -3948,7 +3953,8 @@ end:
 			       smesessionId, smetransactionId);
 }
 
-void lim_process_sme_addts_rsp_timeout(tpAniSirGlobal pMac, uint32_t param)
+static void lim_process_sme_addts_rsp_timeout(tpAniSirGlobal pMac,
+					      uint32_t param)
 {
 	/* fetch the sessionEntry based on the sessionId */
 	tpPESession psessionEntry;
@@ -4256,6 +4262,9 @@ static void __lim_process_sme_session_update(tpAniSirGlobal mac_ctx,
 	case SIR_PARAM_SSID_HIDDEN:
 		lim_handle_update_ssid_hidden(mac_ctx, session, msg->param_val);
 		break;
+	case SIR_PARAM_IGNORE_ASSOC_DISALLOWED:
+		session->ignore_assoc_disallowed = msg->param_val;
+		break;
 	default:
 		lim_log(mac_ctx, LOGE, FL("Unknown session param"));
 		break;
@@ -4510,7 +4519,7 @@ static void __lim_process_sme_set_ht2040_mode(tpAniSirGlobal pMac,
  * @return None
  */
 
-void __lim_process_report_message(tpAniSirGlobal pMac, tpSirMsgQ pMsg)
+static void __lim_process_report_message(tpAniSirGlobal pMac, tpSirMsgQ pMsg)
 {
 	switch (pMsg->type) {
 	case eWNI_SME_NEIGHBOR_REPORT_REQ_IND:

core/mac/src/pe/lim/lim_process_tdls.c

@@ -252,6 +252,9 @@ static uint32_t lim_prepare_tdls_frame_header(tpAniSirGlobal pMac, uint8_t *pFra
 			   ? link_iden->RespStaAddr : link_iden->InitStaAddr;
 	uint8_t *staMac = (reqType == TDLS_INITIATOR)
 			  ? link_iden->InitStaAddr : link_iden->RespStaAddr;
+	tpDphHashNode sta_ds;
+	uint16_t aid = 0;
+	uint8_t qos_mode = 0;
 
 	pMacHdr = (tpSirMacDataHdr3a) (pFrame);
 
@@ -268,9 +271,17 @@ static uint32_t lim_prepare_tdls_frame_header(tpAniSirGlobal pMac, uint8_t *pFra
 	 */
 	pMacHdr->fc.protVer = SIR_MAC_PROTOCOL_VERSION;
 	pMacHdr->fc.type = SIR_MAC_DATA_FRAME;
+
+	sta_ds = dph_lookup_hash_entry(pMac, peerMac, &aid,
+					&psessionEntry->dph.dphHashTable);
+	if (sta_ds)
+		qos_mode = sta_ds->qosMode;
+
 	pMacHdr->fc.subType =
-		IS_QOS_ENABLED(psessionEntry) ? SIR_MAC_DATA_QOS_DATA :
-		SIR_MAC_DATA_DATA;
+		((IS_QOS_ENABLED(psessionEntry) &&
+		(tdlsLinkType == TDLS_LINK_AP)) ||
+		((tdlsLinkType == TDLS_LINK_DIRECT) && qos_mode))
+		? SIR_MAC_DATA_QOS_DATA : SIR_MAC_DATA_DATA;
 
 	/*
 	 * TL is not setting up below fields, so we are doing it here
@@ -298,7 +309,7 @@ static uint32_t lim_prepare_tdls_frame_header(tpAniSirGlobal pMac, uint8_t *pFra
 		MAC_ADDR_ARRAY(pMacHdr->addr2),
 		MAC_ADDR_ARRAY(pMacHdr->addr3));
 
-	if (IS_QOS_ENABLED(psessionEntry)) {
+	if (pMacHdr->fc.subType == SIR_MAC_DATA_QOS_DATA) {
 		pMacHdr->qosControl.tid = tid;
 		header_offset += sizeof(tSirMacDataHdr3a);
 	} else
@@ -1274,6 +1285,10 @@ tSirRetStatus lim_send_tdls_teardown_frame(tpAniSirGlobal pMac,
 	uint32_t padLen = 0;
 #endif
 	uint8_t smeSessionId = 0;
+	tpDphHashNode sta_ds;
+	uint16_t aid = 0;
+	uint8_t qos_mode = 0;
+	uint8_t tdls_link_type;
 
 	if (NULL == psessionEntry) {
 		lim_log(pMac, LOGE, FL("psessionEntry is NULL"));
@@ -1320,8 +1335,15 @@ tSirRetStatus lim_send_tdls_teardown_frame(tpAniSirGlobal pMac,
 	 * 89-0d.
 	 * 8 bytes of RFC 1042 header
 	 */
-
-	nBytes = nPayload + ((IS_QOS_ENABLED(psessionEntry))
+	sta_ds = dph_lookup_hash_entry(pMac, psessionEntry->bssId, &aid,
+					&psessionEntry->dph.dphHashTable);
+	if (sta_ds)
+		qos_mode = sta_ds->qosMode;
+	tdls_link_type = (reason == eSIR_MAC_TDLS_TEARDOWN_PEER_UNREACHABLE)
+				? TDLS_LINK_AP : TDLS_LINK_DIRECT;
+	nBytes = nPayload + (((IS_QOS_ENABLED(psessionEntry) &&
+			     (tdls_link_type == TDLS_LINK_AP)) ||
+			     ((tdls_link_type == TDLS_LINK_DIRECT) && qos_mode))
 			     ? sizeof(tSirMacDataHdr3a) :
 			     sizeof(tSirMacMgmtHdr))
 		 + sizeof(eth_890d_header)
@@ -2461,7 +2483,8 @@ static void lim_tdls_update_hash_node_info(tpAniSirGlobal pMac,
 	pSessStaDs = dph_lookup_hash_entry(pMac, psessionEntry->bssId, &aid,
 					   &psessionEntry->dph.dphHashTable);
 	/* Lets enable QOS parameter */
-	pStaDs->qosMode = 1;
+	pStaDs->qosMode = (pTdlsAddStaReq->capability & CAPABILITIES_QOS_OFFSET)
+				|| pTdlsAddStaReq->htcap_present;
 	pStaDs->wmeEnabled = 1;
 	pStaDs->lleEnabled = 0;
 	/*  TDLS Dummy AddSTA does not have qosInfo , is it OK ??

core/mac/src/pe/lim/lim_send_management_frames.c

@@ -79,7 +79,7 @@
  * number will roll over.
  *
  */
-void lim_add_mgmt_seq_num(tpAniSirGlobal pMac, tpSirMacMgmtHdr pMacHdr)
+static void lim_add_mgmt_seq_num(tpAniSirGlobal pMac, tpSirMacMgmtHdr pMacHdr)
 {
 	if (pMac->mgmtSeqNum >= WLAN_HOST_SEQ_NUM_MAX) {
 		pMac->mgmtSeqNum = WLAN_HOST_SEQ_NUM_MIN - 1;
@@ -449,7 +449,7 @@ lim_send_probe_req_mgmt_frame(tpAniSirGlobal mac_ctx,
 	return eSIR_SUCCESS;
 } /* End lim_send_probe_req_mgmt_frame. */
 
-tSirRetStatus lim_get_addn_ie_for_probe_resp(tpAniSirGlobal pMac,
+static tSirRetStatus lim_get_addn_ie_for_probe_resp(tpAniSirGlobal pMac,
 					     uint8_t *addIE, uint16_t *addnIELen,
 					     uint8_t probeReqP2pIe)
 {
@@ -2017,8 +2017,8 @@ lim_send_assoc_req_mgmt_frame(tpAniSirGlobal mac_ctx,
  * Return: This returns QDF_STATUS
  */
 
-QDF_STATUS lim_auth_tx_complete_cnf(tpAniSirGlobal mac_ctx,
-					uint32_t tx_complete)
+static QDF_STATUS lim_auth_tx_complete_cnf(tpAniSirGlobal mac_ctx,
+					   uint32_t tx_complete)
 {
 	lim_log(mac_ctx, LOG1,
 		 FL("tx_complete= %d"), tx_complete);

core/mac/src/pe/lim/lim_send_sme_rsp_messages.c

@@ -398,7 +398,7 @@ static void lim_handle_join_rsp_status(tpAniSirGlobal mac_ctx,
  *
  * Return: None
  */
-void lim_add_bss_info(tpDphHashNode sta_ds, tpSirSmeJoinRsp sme_join_rsp)
+static void lim_add_bss_info(tpDphHashNode sta_ds, tpSirSmeJoinRsp sme_join_rsp)
 {
 	struct parsed_ies *parsed_ies = &sta_ds->parsed_ies;
 

core/mac/src/pe/lim/lim_session.c

@@ -58,7 +58,8 @@
 
    --------------------------------------------------------------------------*/
 
-void pe_init_beacon_params(tpAniSirGlobal pMac, tpPESession psessionEntry)
+static void pe_init_beacon_params(tpAniSirGlobal pMac,
+				  tpPESession psessionEntry)
 {
 	psessionEntry->beaconParams.beaconInterval = 0;
 	psessionEntry->beaconParams.fShortPreamble = 0;
@@ -100,7 +101,7 @@ void pe_init_beacon_params(tpAniSirGlobal pMac, tpPESession psessionEntry)
  *
  * Return: void
  */
-void pe_reset_protection_callback(void *ptr)
+static void pe_reset_protection_callback(void *ptr)
 {
 	tpPESession pe_session_entry = (tpPESession)ptr;
 	tpAniSirGlobal mac_ctx = (tpAniSirGlobal)pe_session_entry->mac_ctx;
@@ -352,7 +353,7 @@ pe_create_session(tpAniSirGlobal pMac, uint8_t *bssid, uint8_t *sessionId,
 
 	QDF_TRACE(QDF_MODULE_ID_PE, QDF_TRACE_LEVEL_DEBUG,
 		FL("Create a new PE session(%d), BSSID: "MAC_ADDRESS_STR" Max No. of STA %d"),
-		session_ptr->peSessionId, MAC_ADDR_ARRAY(bssid), numSta);
+		*sessionId, MAC_ADDR_ARRAY(bssid), numSta);
 
 	if (eSIR_INFRA_AP_MODE == bssType || eSIR_IBSS_MODE == bssType) {
 		session_ptr->pSchProbeRspTemplate =

core/mac/src/pe/lim/lim_sme_req_utils.c

@@ -49,6 +49,7 @@
 #include "lim_assoc_utils.h"
 #include "lim_security_utils.h"
 #include "lim_ser_des_utils.h"
+#include "lim_sme_req_utils.h"
 
 /**
  * lim_is_rs_nie_valid_in_sme_req_message()

core/mac/src/pe/lim/lim_utils.c

@@ -1167,7 +1167,7 @@ uint8_t lim_is_null_ssid(tSirMacSSid *ssid)
    \param      tHalBitVal lsigTxopSupported
    \return      None
    -------------------------------------------------------------*/
-void
+static void
 lim_update_prot_sta_params(tpAniSirGlobal pMac,
 			   tSirMacAddr peerMacAddr,
 			   tLimProtStaCacheType protStaCacheType,
@@ -6472,9 +6472,9 @@ void lim_set_stads_rtt_cap(tpDphHashNode sta_ds, struct s_ext_cap *ext_cap,
  *
  * Return: status of operation
  */
-QDF_STATUS lim_send_ie(tpAniSirGlobal mac_ctx, uint32_t sme_session_id,
-			uint8_t eid, enum cds_band_type band, uint8_t *buf,
-			uint32_t len)
+static QDF_STATUS lim_send_ie(tpAniSirGlobal mac_ctx, uint32_t sme_session_id,
+			      uint8_t eid, enum cds_band_type band,
+			      uint8_t *buf, uint32_t len)
 {
 	struct vdev_ie_info *ie_msg;
 	cds_msg_t msg = {0};
@@ -6543,9 +6543,9 @@ QDF_STATUS lim_send_ies_per_band(tpAniSirGlobal mac_ctx,
 {
 	uint8_t ht_caps[DOT11F_IE_HTCAPS_MIN_LEN + 2] = {0};
 	uint8_t vht_caps[DOT11F_IE_VHTCAPS_MAX_LEN + 2] = {0};
-	tHtCaps *p_ht_cap = (tHtCaps *)ht_caps;
+	tHtCaps *p_ht_cap = (tHtCaps *)(&ht_caps[2]);
 	tSirMacVHTCapabilityInfo *p_vht_cap =
-			(tSirMacVHTCapabilityInfo *)vht_caps;
+			(tSirMacVHTCapabilityInfo *)(&vht_caps[2]);
 
 	/*
 	 * Note: Do not use Dot11f VHT structure, since 1 byte present flag in
@@ -6558,6 +6558,14 @@ QDF_STATUS lim_send_ies_per_band(tpAniSirGlobal mac_ctx,
 			DOT11F_IE_HTCAPS_MIN_LEN + 2);
 	/* Get LDPC and over write for 2G */
 	p_ht_cap->advCodingCap = lim_get_rx_ldpc(mac_ctx, CHAN_ENUM_6);
+	/* Get self cap for HT40 support in 2G */
+	if (mac_ctx->roam.configParam.channelBondingMode24GHz) {
+		p_ht_cap->supportedChannelWidthSet = 1;
+		p_ht_cap->shortGI40MHz = 1;
+	} else {
+		p_ht_cap->supportedChannelWidthSet = 0;
+		p_ht_cap->shortGI40MHz = 0;
+	}
 	lim_send_ie(mac_ctx, vdev_id, DOT11F_EID_HTCAPS,
 		CDS_BAND_2GHZ, &ht_caps[2], DOT11F_IE_HTCAPS_MIN_LEN);
 	/*
@@ -6565,6 +6573,14 @@ QDF_STATUS lim_send_ies_per_band(tpAniSirGlobal mac_ctx,
 	 * is available in all reg domains.
 	 */
 	p_ht_cap->advCodingCap = lim_get_rx_ldpc(mac_ctx, CHAN_ENUM_64);
+	/* Get self cap for HT40 support in 5G */
+	if (mac_ctx->roam.configParam.channelBondingMode5GHz) {
+		p_ht_cap->supportedChannelWidthSet = 1;
+		p_ht_cap->shortGI40MHz = 1;
+	} else {
+		p_ht_cap->supportedChannelWidthSet = 0;
+		p_ht_cap->shortGI40MHz = 0;
+	}
 	lim_send_ie(mac_ctx, vdev_id, DOT11F_EID_HTCAPS,
 		CDS_BAND_5GHZ, &ht_caps[2], DOT11F_IE_HTCAPS_MIN_LEN);
 
@@ -6574,6 +6590,10 @@ QDF_STATUS lim_send_ies_per_band(tpAniSirGlobal mac_ctx,
 	lim_set_vht_caps(mac_ctx, session, vht_caps,
 			 DOT11F_IE_VHTCAPS_MIN_LEN + 2);
 	p_vht_cap->ldpcCodingCap = lim_get_rx_ldpc(mac_ctx, CHAN_ENUM_6);
+	/* Self VHT 80/160/80+80 channel width for 2G is 0 */
+	p_vht_cap->supportedChannelWidthSet = 0;
+	p_vht_cap->shortGI80MHz = 0;
+	p_vht_cap->shortGI160and80plus80MHz = 0;
 	lim_send_ie(mac_ctx, vdev_id, DOT11F_EID_VHTCAPS,
 			CDS_BAND_2GHZ, &vht_caps[2], DOT11F_IE_VHTCAPS_MIN_LEN);
 
@@ -6582,6 +6602,7 @@ QDF_STATUS lim_send_ies_per_band(tpAniSirGlobal mac_ctx,
 	 * is available in all reg domains.
 	 */
 	p_vht_cap->ldpcCodingCap = lim_get_rx_ldpc(mac_ctx, CHAN_ENUM_64);
+	/* Self VHT channel width for 5G is already negotiated with FW */
 	lim_send_ie(mac_ctx, vdev_id, DOT11F_EID_VHTCAPS,
 			CDS_BAND_5GHZ, &vht_caps[2], DOT11F_IE_VHTCAPS_MIN_LEN);
 
@@ -6670,25 +6691,32 @@ QDF_STATUS lim_send_ext_cap_ie(tpAniSirGlobal mac_ctx,
 }
 
 /**
- * lim_strip_extcap_ie() - strip extended capability IE from IE buffer
+ * lim_strip_ie() - strip requested IE from IE buffer
  * @mac_ctx: global MAC context
  * @addn_ie: Additional IE buffer
  * @addn_ielen: Length of additional IE
+ * @eid: EID of IE to strip
+ * @size_of_len_field: lenght of IE length field
+ * @oui: if present matches OUI also
+ * @oui_length: if previous present, this is length of oui
  * @extracted_ie: if not NULL, copy the stripped IE to this buffer
  *
- * This utility function is used to strip of the extended capability IE present
- * in additional IE buffer.
+ * This utility function is used to strip of the requested IE if present
+ * in IE buffer.
  *
  * Return: tSirRetStatus
  */
-tSirRetStatus lim_strip_extcap_ie(tpAniSirGlobal mac_ctx,
-		uint8_t *addn_ie, uint16_t *addn_ielen, uint8_t *extracted_ie)
+tSirRetStatus lim_strip_ie(tpAniSirGlobal mac_ctx,
+		uint8_t *addn_ie, uint16_t *addn_ielen,
+		uint8_t eid, eSizeOfLenField size_of_len_field,
+		uint8_t *oui, uint8_t oui_length, uint8_t *extracted_ie)
 {
 	uint8_t *tempbuf = NULL;
 	uint16_t templen = 0;
 	int left = *addn_ielen;
 	uint8_t *ptr = addn_ie;
-	uint8_t elem_id, elem_len;
+	uint8_t elem_id;
+	uint16_t elem_len;
 
 	if (NULL == addn_ie) {
 		lim_log(mac_ctx, LOG1, FL("NULL addn_ie pointer"));
@@ -6703,8 +6731,14 @@ tSirRetStatus lim_strip_extcap_ie(tpAniSirGlobal mac_ctx,
 
 	while (left >= 2) {
 		elem_id  = ptr[0];
-		elem_len = ptr[1];
-		left -= 2;
+		left -= 1;
+		if (size_of_len_field == TWO_BYTE) {
+			elem_len = *((uint16_t *)&ptr[1]);
+			left -= 2;
+		} else {
+			elem_len = ptr[1];
+			left -= 1;
+		}
 		if (elem_len > left) {
 			lim_log(mac_ctx, LOGE,
 				FL("Invalid IEs eid = %d elem_len=%d left=%d"),
@@ -6712,20 +6746,31 @@ tSirRetStatus lim_strip_extcap_ie(tpAniSirGlobal mac_ctx,
 			qdf_mem_free(tempbuf);
 			return eSIR_FAILURE;
 		}
-		if (!(DOT11F_EID_EXTCAP == elem_id)) {
-			qdf_mem_copy(tempbuf + templen, &ptr[0], elem_len + 2);
-			templen += (elem_len + 2);
+
+		if (eid != elem_id ||
+				(oui && qdf_mem_cmp(oui,
+						&ptr[size_of_len_field + 1],
+						oui_length))) {
+			qdf_mem_copy(tempbuf + templen, &ptr[0],
+				     elem_len + size_of_len_field + 1);
+			templen += (elem_len + size_of_len_field + 1);
 		} else {
+			/*
+			 * eid matched and if provided OUI also matched
+			 * take oui IE and store in provided buffer.
+			 */
 			if (NULL != extracted_ie) {
 				qdf_mem_set(extracted_ie,
-					DOT11F_IE_EXTCAP_MAX_LEN + 2, 0);
+					DOT11F_IE_EXTCAP_MAX_LEN +
+						size_of_len_field + 1, 0);
 				if (elem_len <= DOT11F_IE_EXTCAP_MAX_LEN)
 					qdf_mem_copy(extracted_ie, &ptr[0],
-						     elem_len + 2);
+						elem_len +
+						size_of_len_field + 1);
 			}
 		}
 		left -= elem_len;
-		ptr += (elem_len + 2);
+		ptr += (elem_len + size_of_len_field + 1);
 	}
 	qdf_mem_copy(addn_ie, tempbuf, templen);
 
@@ -6796,8 +6841,9 @@ tSirRetStatus lim_strip_extcap_update_struct(tpAniSirGlobal mac_ctx,
 
 	qdf_mem_set((uint8_t *)&extracted_buff[0], DOT11F_IE_EXTCAP_MAX_LEN + 2,
 		     0);
-	status = lim_strip_extcap_ie(mac_ctx, addn_ie, addn_ielen,
-				     extracted_buff);
+	status = lim_strip_ie(mac_ctx, addn_ie, addn_ielen,
+			      DOT11F_EID_EXTCAP, ONE_BYTE,
+			      NULL, 0, extracted_buff);
 	if (eSIR_SUCCESS != status) {
 		lim_log(mac_ctx, LOG1,
 		       FL("Failed to strip extcap IE status = (%d)."), status);

core/mac/src/pe/lim/lim_utils.h

@@ -614,4 +614,9 @@ void lim_update_caps_info_for_bss(tpAniSirGlobal mac_ctx,
 			uint16_t *caps, uint16_t bss_caps);
 void lim_send_set_dtim_period(tpAniSirGlobal mac_ctx, uint8_t dtim_period,
 			      tpPESession session);
+
+tSirRetStatus lim_strip_ie(tpAniSirGlobal mac_ctx,
+		uint8_t *addn_ie, uint16_t *addn_ielen,
+		uint8_t eid, eSizeOfLenField size_of_len_field,
+		uint8_t *oui, uint8_t out_len, uint8_t *extracted_ie);
 #endif /* __LIM_UTILS_H */

core/mac/src/pe/rrm/rrm_api.c

@@ -941,9 +941,10 @@ rrm_process_beacon_report_xmit(tpAniSirGlobal mac_ctx,
 	return status;
 }
 
-void rrm_process_beacon_request_failure(tpAniSirGlobal pMac,
-					tpPESession pSessionEntry, tSirMacAddr peer,
-					tRrmRetStatus status)
+static void rrm_process_beacon_request_failure(tpAniSirGlobal pMac,
+					       tpPESession pSessionEntry,
+					       tSirMacAddr peer,
+					       tRrmRetStatus status)
 {
 	tpSirMacRadioMeasureReport pReport = NULL;
 	tpRRMReq pCurrentReq = pMac->rrm.rrmPEContext.pCurrentReq;
@@ -1000,6 +1001,7 @@ void rrm_process_beacon_request_failure(tpAniSirGlobal pMac,
  *
  * Return: tSirRetStatus
  */
+static
 tSirRetStatus rrm_process_beacon_req(tpAniSirGlobal mac_ctx, tSirMacAddr peer,
 			     tpPESession session_entry, tpRRMReq curr_req,
 			     tpSirMacRadioMeasureReport report,
@@ -1071,7 +1073,7 @@ tSirRetStatus rrm_process_beacon_req(tpAniSirGlobal mac_ctx, tSirMacAddr peer,
  *
  * Return: tSirRetStatus
  */
-
+static
 tSirRetStatus update_rrm_report(tpAniSirGlobal mac_ctx,
 				tpSirMacRadioMeasureReport report,
 				tDot11fRadioMeasurementRequest *rrm_req,

core/mac/src/pe/sch/sch_beacon_gen.c

@@ -53,15 +53,11 @@
 
 #include "sch_debug.h"
 
-/* */
-/* March 15, 2006 */
-/* Temporarily (maybe for all of Alpha-1), assuming TIM = 0 */
-/* */
-
 const uint8_t p2p_oui[] = { 0x50, 0x6F, 0x9A, 0x9 };
 
-tSirRetStatus sch_get_p2p_ie_offset(uint8_t *pExtraIe, uint32_t extraIeLen,
-				    uint16_t *pP2pIeOffset)
+static tSirRetStatus sch_get_p2p_ie_offset(uint8_t *pExtraIe,
+					   uint32_t extraIeLen,
+					   uint16_t *pP2pIeOffset)
 {
 	tSirRetStatus status = eSIR_FAILURE;
 	*pP2pIeOffset = 0;
@@ -99,7 +95,7 @@ tSirRetStatus sch_get_p2p_ie_offset(uint8_t *pExtraIe, uint32_t extraIeLen,
  *
  * Return: status of operation
  */
-tSirRetStatus
+static tSirRetStatus
 sch_append_addn_ie(tpAniSirGlobal mac_ctx, tpPESession session,
 		   uint8_t *frm, uint32_t max_bcn_size, uint32_t *num_bytes,
 		   uint8_t *addn_ie, uint16_t addn_ielen)
@@ -799,8 +795,8 @@ void set_probe_rsp_ie_bitmap(uint32_t *IeBitmap, uint32_t pos)
  * @return None
  */
 
-void write_beacon_to_memory(tpAniSirGlobal pMac, uint16_t size, uint16_t length,
-			    tpPESession psessionEntry)
+static void write_beacon_to_memory(tpAniSirGlobal pMac, uint16_t size,
+				   uint16_t length, tpPESession psessionEntry)
 {
 	uint16_t i;
 	tpAniBeaconStruct pBeacon;

core/mac/src/pe/sch/sch_beacon_process.c

@@ -300,9 +300,12 @@ static void __sch_beacon_process_no_session(tpAniSirGlobal pMac,
 		lim_handle_ibss_coalescing(pMac, pBeacon, pRxPacketInfo,
 					   psessionEntry);
 	}
-	/* If station(STA/BT-STA/BT-AP/IBSS) mode, Always save the beacon in the scan results, if atleast one session is active */
-	/* sch_beacon_processNoSession will be called only when there is atleast one session active, so not checking */
-	/* it again here. */
+	/* If station(STA/BT-STA/BT-AP/IBSS) mode, Always save the
+	 * beacon in the scan results, if atleast one session is
+	 * active.  sch_beacon_process_no_session will be called only
+	 * when there is atleast one session active, so not checking
+	 * it again here.
+	 */
 	lim_check_and_add_bss_description(pMac, pBeacon, pRxPacketInfo, false,
 					  false);
 	return;
@@ -310,14 +313,14 @@ static void __sch_beacon_process_no_session(tpAniSirGlobal pMac,
 
 /**
  * get_operating_channel_width() - Get operating channel width
- * @pStaDs - station entry.
+ * @stads - station entry.
  *
- * This function returns the oeprating channgl width based on
+ * This function returns the operating channel width based on
  * the supported channel width entry.
  *
  * Return: tSirMacHTChannelWidth on success
  */
-tSirMacHTChannelWidth get_operating_channel_width(tpDphHashNode stads)
+static tSirMacHTChannelWidth get_operating_channel_width(tpDphHashNode stads)
 {
 	tSirMacHTChannelWidth ch_width = eHT_CHANNEL_WIDTH_20MHZ;
 
@@ -489,9 +492,9 @@ sch_bcn_process_sta(tpAniSirGlobal mac_ctx,
  *
  * Return: none
  */
-void update_nss(tpAniSirGlobal mac_ctx, tpDphHashNode sta_ds,
-		tpSchBeaconStruct beacon, tpPESession session_entry,
-		tpSirMacMgmtHdr mgmt_hdr)
+static void update_nss(tpAniSirGlobal mac_ctx, tpDphHashNode sta_ds,
+		       tpSchBeaconStruct beacon, tpPESession session_entry,
+		       tpSirMacMgmtHdr mgmt_hdr)
 {
 	if (sta_ds->vhtSupportedRxNss != (beacon->OperatingMode.rxNSS + 1)) {
 		sta_ds->vhtSupportedRxNss = beacon->OperatingMode.rxNSS;

core/mac/src/pe/sch/sch_message.c

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2012-2015 The Linux Foundation. All rights reserved.
+ * Copyright (c) 2012-2016 The Linux Foundation. All rights reserved.
  *
  * Previously licensed under the ISC license by Qualcomm Atheros, Inc.
  *
@@ -210,9 +210,10 @@ void sch_process_message(tpAniSirGlobal pMac, tpSirMsgQ pSchMsg)
 
 /* get the local or broadcast parameters based on the profile sepcified in the config */
 /* params are delivered in this order: BK, BE, VI, VO */
-tSirRetStatus
+static tSirRetStatus
 sch_get_params(tpAniSirGlobal pMac,
-	       uint32_t params[][WNI_CFG_EDCA_ANI_ACBK_LOCAL_LEN], uint8_t local)
+	       uint32_t params[][WNI_CFG_EDCA_ANI_ACBK_LOCAL_LEN],
+	       uint8_t local)
 {
 	uint32_t val;
 	uint32_t i, idx;

core/mac/src/sys/common/src/wlan_qct_sys.c

@@ -74,7 +74,7 @@ QDF_STATUS sys_build_message_header(SYS_MSG_ID sysMsgId, cds_msg_t *pMsg)
  * Return: none
  */
 #ifdef QDF_ENABLE_TRACING
-void sys_stop_complete_cb(void *pUserData)
+static void sys_stop_complete_cb(void *pUserData)
 {
 	qdf_event_t *pStopEvt = (qdf_event_t *) pUserData;
 	QDF_STATUS qdf_status = qdf_event_set(pStopEvt);
@@ -83,7 +83,7 @@ void sys_stop_complete_cb(void *pUserData)
 
 }
 #else
-void sys_stop_complete_cb(void *pUserData)
+static void sys_stop_complete_cb(void *pUserData)
 {
 	return;
 }

core/mac/src/sys/legacy/src/utils/src/dot11f.c

@@ -33,7 +33,7 @@
  *
  *
  * This file was automatically generated by 'framesc'
- * Mon Oct  3 12:40:25 2016 from the following file(s):
+ * Thu Oct  6 17:32:00 2016 from the following file(s):
  *
  * dot11f.frms
  *
@@ -367,9 +367,9 @@ static uint32_t get_packed_size_core(tpAniSirGlobal pCtx,
 				     uint32_t *pnNeeded,
 				     const tIEDefn  IEs[]);
 
-uint32_t dot11f_unpack_tlv_common_func(tpAniSirGlobal pCtx, uint8_t *pBuf,
-				       uint16_t tlvlen, uint8_t *pDstPresent,
-				       uint8_t *pDstField)
+static uint32_t dot11f_unpack_tlv_common_func(tpAniSirGlobal pCtx,
+			 uint8_t *pBuf, uint16_t tlvlen,
+			 uint8_t *pDstPresent, uint8_t *pDstField)
 {
 	uint32_t status = DOT11F_PARSE_SUCCESS;
 	(void)tlvlen; /* Shutup the compiler */
@@ -380,9 +380,9 @@ uint32_t dot11f_unpack_tlv_common_func(tpAniSirGlobal pCtx, uint8_t *pBuf,
 	return status;
 } /* End dot11f_unpack_tlv_common_func. */
 
-uint32_t dot11f_unpack_tlv_common_func2(tpAniSirGlobal  pCtx, uint8_t *pBuf,
-					uint16_t tlvlen, uint8_t *pDstPresent,
-					uint16_t *pDstState)
+static uint32_t dot11f_unpack_tlv_common_func2(tpAniSirGlobal  pCtx,
+			 uint8_t *pBuf, uint16_t tlvlen,
+			 uint8_t *pDstPresent, uint16_t *pDstState)
 {
 	uint32_t status = DOT11F_PARSE_SUCCESS;
 	(void)tlvlen; /* Shutup the compiler */
@@ -394,14 +394,14 @@ uint32_t dot11f_unpack_tlv_common_func2(tpAniSirGlobal  pCtx, uint8_t *pBuf,
 
 } /* End dot11f_unpack_tlv_common_func2. */
 
-void dot11f_unpack_ff_common_func(tpAniSirGlobal pCtx,
+static void dot11f_unpack_ff_common_func(tpAniSirGlobal pCtx,
 				  uint8_t *pBuf, uint16_t *pDstField)
 {
 	framesntohs(pCtx, pDstField, pBuf, 0);
 	(void)pCtx;
 } /* End dot11f_unpack_ff_common_func. */
 
-uint32_t dot11f_unpack_ie_common_func(tpAniSirGlobal pCtx, uint8_t *pBuf,
+static uint32_t dot11f_unpack_ie_common_func(tpAniSirGlobal pCtx, uint8_t *pBuf,
 				      uint8_t ielen, uint8_t *pDstPresent ,
 				      uint8_t *pDstField)
 {

core/mac/src/sys/legacy/src/utils/src/parser_api.c

@@ -2789,9 +2789,8 @@ sir_convert_assoc_req_frame2_struct(tpAniSirGlobal pMac,
 	}
 	if (ar->ExtCap.present) {
 		struct s_ext_cap *ext_cap;
-		qdf_mem_copy(&pAssocReq->ExtCap.bytes, &ar->ExtCap.bytes,
-			     ar->ExtCap.num_bytes);
-
+		qdf_mem_copy(&pAssocReq->ExtCap, &ar->ExtCap,
+			    sizeof(tDot11fIEExtCap));
 		ext_cap = (struct s_ext_cap *)&pAssocReq->ExtCap.bytes;
 		lim_log(pMac, LOG1,
 			FL("timingMeas: %d, finetimingMeas Init: %d, Resp: %d"),
@@ -2995,9 +2994,8 @@ sir_convert_assoc_resp_frame2_struct(tpAniSirGlobal pMac,
 
 	if (ar.ExtCap.present) {
 		struct s_ext_cap *ext_cap;
-		qdf_mem_copy(&pAssocRsp->ExtCap.bytes, &ar.ExtCap.bytes,
-			     ar.ExtCap.num_bytes);
-
+		qdf_mem_copy(&pAssocRsp->ExtCap, &ar.ExtCap,
+			     sizeof(tDot11fIEExtCap));
 		ext_cap = (struct s_ext_cap *)&pAssocRsp->ExtCap.bytes;
 		lim_log(pMac, LOG1,
 			FL("timingMeas: %d, finetimingMeas Init: %d, Resp: %d"),
@@ -3207,9 +3205,8 @@ sir_convert_reassoc_req_frame2_struct(tpAniSirGlobal pMac,
 	}
 	if (ar.ExtCap.present) {
 		struct s_ext_cap *ext_cap;
-		qdf_mem_copy(&pAssocReq->ExtCap.bytes, &ar.ExtCap.bytes,
-			     ar.ExtCap.num_bytes);
-
+		qdf_mem_copy(&pAssocReq->ExtCap, &ar.ExtCap,
+			     sizeof(tDot11fIEExtCap));
 		ext_cap = (struct s_ext_cap *)&pAssocReq->ExtCap.bytes;
 		lim_log(pMac, LOG1,
 			FL("timingMeas: %d, finetimingMeas Init: %d, Resp: %d"),
@@ -3769,7 +3766,6 @@ sir_parse_beacon_ie(tpAniSirGlobal pMac,
 				sizeof(tDot11fIEVHTOperation));
 	}
 	if (pBies->ExtCap.present) {
-		pBeaconStruct->ext_cap.present = 1;
 		qdf_mem_copy(&pBeaconStruct->ext_cap, &pBies->ExtCap,
 				sizeof(tDot11fIEExtCap));
 	}

core/pld/inc/pld_common.h

@@ -379,4 +379,5 @@ void *pld_smmu_get_mapping(struct device *dev);
 int pld_smmu_map(struct device *dev, phys_addr_t paddr,
 		 uint32_t *iova_addr, size_t size);
 unsigned int pld_socinfo_get_serial_number(struct device *dev);
+uint8_t *pld_common_get_wlan_mac_address(struct device *dev, uint32_t *num);
 #endif

core/pld/src/pld_common.c

@@ -176,7 +176,7 @@ void pld_del_dev(struct pld_context *pld_context,
  *
  * Return: PLD bus type
  */
-enum pld_bus_type pld_get_bus_type(struct device *dev)
+static enum pld_bus_type pld_get_bus_type(struct device *dev)
 {
 	struct pld_context *pld_context;
 	struct dev_node *dev_node;
@@ -1544,3 +1544,33 @@ unsigned int pld_socinfo_get_serial_number(struct device *dev)
 
 	return ret;
 }
+
+/*
+ * pld_common_get_wlan_mac_address() - API to query MAC address from Platform
+ * Driver
+ * @dev: Device Structure
+ * @num: Pointer to number of MAC address supported
+ *
+ * Platform Driver can have MAC address stored. This API needs to be used
+ * to get those MAC address
+ *
+ * Return: Pointer to the list of MAC address
+ */
+uint8_t *pld_common_get_wlan_mac_address(struct device *dev, uint32_t *num)
+{
+	switch (pld_get_bus_type(dev)) {
+	case PLD_BUS_TYPE_PCIE:
+		return pld_pcie_get_wlan_mac_address(dev, num);
+	case PLD_BUS_TYPE_SDIO:
+		return pld_sdio_get_wlan_mac_address(dev, num);
+	case PLD_BUS_TYPE_USB:
+	case PLD_BUS_TYPE_SNOC:
+		break;
+	default:
+		pr_err("Invalid device type\n");
+		break;
+	}
+
+	*num = 0;
+	return NULL;
+}

core/pld/src/pld_pcie.c

@@ -36,6 +36,7 @@
 #endif
 
 #include "pld_internal.h"
+#include "pld_pcie.h"
 
 #ifdef CONFIG_PCI
 
@@ -530,5 +531,4 @@ void pld_pcie_set_driver_status(enum pld_driver_status status)
 	cnss_set_driver_status(cnss_status);
 }
 #endif
-
 #endif

core/pld/src/pld_pcie.h

@@ -160,7 +160,7 @@ static inline int pld_pcie_wlan_get_dfs_nol(void *info, u16 info_len)
 {
 	return 0;
 }
-static void pld_pcie_schedule_recovery_work(void)
+static inline void pld_pcie_schedule_recovery_work(void)
 {
 	return;
 }
@@ -204,11 +204,11 @@ static inline int pld_pcie_auto_resume(void)
 {
 	return 0;
 }
-static void pld_pcie_lock_pm_sem(void)
+static inline void pld_pcie_lock_pm_sem(void)
 {
 	return;
 }
-static void pld_pcie_release_pm_sem(void)
+static inline void pld_pcie_release_pm_sem(void)
 {
 	return;
 }
@@ -220,12 +220,20 @@ static inline int pld_pcie_power_off(struct device *dev)
 {
 	return 0;
 }
+
+static inline uint8_t *pld_pcie_get_wlan_mac_address(struct device *dev,
+						     uint32_t *num)
+{
+	*num = 0;
+	return NULL;
+}
 #else
 int pld_pcie_get_fw_files_for_target(struct pld_fw_files *pfw_files,
 				     u32 target_type, u32 target_version);
 int pld_pcie_get_codeswap_struct(struct pld_codeswap_codeseg_info *swap_seg);
 int pld_pcie_get_platform_cap(struct pld_platform_cap *cap);
 void pld_pcie_set_driver_status(enum pld_driver_status status);
+
 static inline void pld_pcie_link_down(void)
 {
 	cnss_wlan_pci_link_down();
@@ -304,6 +312,11 @@ static inline int pld_pcie_power_off(struct device *dev)
 {
 	return cnss_power_down(dev);
 }
-#endif
 
+static inline uint8_t *pld_pcie_get_wlan_mac_address(struct device *dev,
+						     uint32_t *num)
+{
+	return cnss_common_get_wlan_mac_address(dev, num);
+}
+#endif
 #endif

core/pld/src/pld_sdio.c

@@ -380,6 +380,5 @@ int pld_sdio_get_fw_files_for_target(struct pld_fw_files *pfw_files,
 
 	return 0;
 }
-
 #endif
 #endif

core/pld/src/pld_sdio.h

@@ -60,16 +60,28 @@ static inline void pld_sdio_unregister_driver(void)
 {
 }
 
+static inline
 int pld_sdio_get_fw_files_for_target(struct pld_fw_files *pfw_files,
 				     u32 target_type, u32 target_version)
 {
 	return 0;
 }
+static inline uint8_t *pld_sdio_get_wlan_mac_address(struct device *dev,
+						     uint32_t *num)
+{
+	*num = 0;
+	return NULL;
+}
 #else
 int pld_sdio_register_driver(void);
 void pld_sdio_unregister_driver(void);
 int pld_sdio_get_fw_files_for_target(struct pld_fw_files *pfw_files,
 				     u32 target_type, u32 target_version);
+static inline uint8_t *pld_sdio_get_wlan_mac_address(struct device *dev,
+						     uint32_t *num)
+{
+	return cnss_common_get_wlan_mac_address(dev, num);
+}
 #endif
 
 #endif

core/pld/src/pld_snoc.c

@@ -35,6 +35,7 @@
 #endif
 
 #include "pld_internal.h"
+#include "pld_snoc.h"
 
 #ifdef CONFIG_PLD_SNOC_ICNSS
 /**

core/pld/src/pld_usb.c

@@ -16,7 +16,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-#include "pld_common.h"
+#include "pld_usb.h"
 #include "pld_internal.h"
 
 #include <linux/atomic.h>
@@ -30,6 +30,7 @@
 #define VENDOR_ATHR             0x0CF3
 static struct usb_device_id pld_usb_id_table[] = {
 	{USB_DEVICE_AND_INTERFACE_INFO(VENDOR_ATHR, 0x9378, 0xFF, 0xFF, 0xFF)},
+	{USB_DEVICE_AND_INTERFACE_INFO(VENDOR_ATHR, 0x9379, 0xFF, 0xFF, 0xFF)},
 	{}			/* Terminating entry */
 };
 
@@ -208,4 +209,3 @@ void pld_usb_unregister_driver(void)
 	usb_deregister(&pld_usb_ops);
 	pr_info("%s usb_deregister done!\n", __func__);
 }
-

core/sap/dfs/inc/dfs_interface.h

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2011-2015 The Linux Foundation. All rights reserved.
+ * Copyright (c) 2011-2016 The Linux Foundation. All rights reserved.
  *
  * Previously licensed under the ISC license by Qualcomm Atheros, Inc.
  *
@@ -68,7 +68,7 @@
  * EXPORT_SYMBOL(dfs_init_radar_filters);
  * EXPORT_SYMBOL(dfs_getchanstate);
  */
-
+uint16_t dfs_usenol(struct ieee80211com *ic);
 uint16_t dfs_isdfsregdomain(struct ieee80211com *ic);
 int dfs_attach(struct ieee80211com *ic);
 void dfs_detach(struct ieee80211com *ic);

core/sap/dfs/src/dfs_process_phyerr.c

@@ -143,7 +143,7 @@ dfs_get_event_freqcentre(struct ath_dfs *dfs, int is_pri, int is_ext, int is_dc)
  *
  * Return 1 on success or 0 on failure.
  */
-int
+static int
 dfs_process_phyerr_owl(struct ath_dfs *dfs, void *buf, uint16_t datalen,
 		       uint8_t rssi, uint8_t ext_rssi, uint32_t rs_tstamp,
 		       uint64_t fulltsf, struct dfs_phy_err *e)
@@ -205,7 +205,7 @@ dfs_process_phyerr_owl(struct ath_dfs *dfs, void *buf, uint16_t datalen,
 /*
  * Process a Sowl/Howl style phy error.
  */
-int
+static int
 dfs_process_phyerr_sowl(struct ath_dfs *dfs, void *buf, uint16_t datalen,
 			uint8_t rssi, uint8_t ext_rssi, uint32_t rs_tstamp,
 			uint64_t fulltsf, struct dfs_phy_err *e)
@@ -357,7 +357,7 @@ dfs_process_phyerr_sowl(struct ath_dfs *dfs, void *buf, uint16_t datalen,
 /*
  * Process a Merlin/Osprey style phy error.
  */
-int
+static int
 dfs_process_phyerr_merlin(struct ath_dfs *dfs, void *buf,
 			  uint16_t datalen, uint8_t rssi, uint8_t ext_rssi,
 			  uint32_t rs_tstamp, uint64_t fulltsf,

core/sap/inc/sap_api.h

@@ -953,6 +953,8 @@ QDF_STATUS wlansap_acs_chselect(void *pvos_gctx,
 		tpWLAN_SAPEventCB pacs_event_callback,
 		tsap_Config_t *pconfig,
 		void *pusr_context);
+uint32_t wlansap_get_chan_width(void *cds_ctx);
+
 #ifdef __cplusplus
 }
 #endif

core/sap/src/sap_ch_select.c

@@ -487,6 +487,7 @@ void sap_cleanup_channel_list(void *p_cds_gctx)
  *
  * Return: uint8_t best channel
  */
+static
 uint8_t sap_select_preferred_channel_from_channel_list(uint8_t best_chnl,
 				ptSapContext sap_ctx,
 				tSapChSelSpectInfo *spectinfo_param)
@@ -541,8 +542,9 @@ uint8_t sap_select_preferred_channel_from_channel_list(uint8_t best_chnl,
 
    SIDE EFFECTS
    ============================================================================*/
-bool sap_chan_sel_init(tHalHandle halHandle,
-		       tSapChSelSpectInfo *pSpectInfoParams, ptSapContext pSapCtx)
+static bool sap_chan_sel_init(tHalHandle halHandle,
+			      tSapChSelSpectInfo *pSpectInfoParams,
+			      ptSapContext pSapCtx)
 {
 	tSapSpectChInfo *pSpectCh = NULL;
 	uint8_t *pChans = NULL;
@@ -672,7 +674,7 @@ bool sap_chan_sel_init(tHalHandle halHandle,
 
    SIDE EFFECTS
    ============================================================================*/
-uint32_t sapweight_rssi_count(int8_t rssi, uint16_t count)
+static uint32_t sapweight_rssi_count(int8_t rssi, uint16_t count)
 {
 	int32_t rssiWeight = 0;
 	int32_t countWeight = 0;
@@ -716,8 +718,8 @@ uint32_t sapweight_rssi_count(int8_t rssi, uint16_t count)
  * Return: None.
  */
 
-void sap_update_rssi_bsscount(tSapSpectChInfo *pSpectCh, int32_t offset,
-			      bool sap_24g)
+static void sap_update_rssi_bsscount(tSapSpectChInfo *pSpectCh, int32_t offset,
+				     bool sap_24g)
 {
 	tSapSpectChInfo *pExtSpectCh = NULL;
 	int32_t rssi, rsssi_effect;
@@ -790,12 +792,12 @@ void sap_update_rssi_bsscount(tSapSpectChInfo *pSpectCh, int32_t offset,
  * Return: NA.
  */
 
-void sap_upd_chan_spec_params(tSirProbeRespBeacon *pBeaconStruct,
-			      uint16_t *channelWidth,
-			      uint16_t *secondaryChannelOffset,
-			      uint16_t *vhtSupport,
-			      uint16_t *centerFreq,
-			      uint16_t *centerFreq_2)
+static void sap_upd_chan_spec_params(tSirProbeRespBeacon *pBeaconStruct,
+				     uint16_t *channelWidth,
+				     uint16_t *secondaryChannelOffset,
+				     uint16_t *vhtSupport,
+				     uint16_t *centerFreq,
+				     uint16_t *centerFreq_2)
 {
 	if (NULL == pBeaconStruct) {
 		QDF_TRACE(QDF_MODULE_ID_SAP, QDF_TRACE_LEVEL_ERROR,
@@ -830,7 +832,7 @@ void sap_upd_chan_spec_params(tSirProbeRespBeacon *pBeaconStruct,
 /**
  * sap_update_rssi_bsscount_vht_5G() - updates bss count and rssi effect.
  *
- * @pSpectCh:     Channel Information
+ * @spect_ch:     Channel Information
  * @offset:       Channel Offset
  * @num_ch:       no.of channels
  *
@@ -840,8 +842,9 @@ void sap_upd_chan_spec_params(tSirProbeRespBeacon *pBeaconStruct,
  * Return: None.
  */
 
-void sap_update_rssi_bsscount_vht_5G(tSapSpectChInfo *spect_ch, int32_t offset,
-			      uint16_t num_ch)
+static void sap_update_rssi_bsscount_vht_5G(tSapSpectChInfo *spect_ch,
+					    int32_t offset,
+					    uint16_t num_ch)
 {
 	int32_t ch_offset;
 	uint16_t i, cnt;
@@ -875,12 +878,12 @@ void sap_update_rssi_bsscount_vht_5G(tSapSpectChInfo *spect_ch, int32_t offset,
  * Return: NA.
  */
 
-void sap_interference_rssi_count_5G(tSapSpectChInfo *spect_ch,
-				 uint16_t chan_width,
-				 uint16_t sec_chan_offset,
-				 uint16_t center_freq,
-				 uint16_t center_freq_2,
-				 uint8_t channel_id)
+static void sap_interference_rssi_count_5G(tSapSpectChInfo *spect_ch,
+					   uint16_t chan_width,
+					   uint16_t sec_chan_offset,
+					   uint16_t center_freq,
+					   uint16_t center_freq_2,
+					   uint8_t channel_id)
 {
 	uint16_t num_ch;
 	int32_t offset = 0;
@@ -964,7 +967,7 @@ void sap_interference_rssi_count_5G(tSapSpectChInfo *spect_ch,
  * Return: None.
  */
 
-void sap_interference_rssi_count(tSapSpectChInfo *spect_ch)
+static void sap_interference_rssi_count(tSapSpectChInfo *spect_ch)
 {
 	if (NULL == spect_ch) {
 		QDF_TRACE(QDF_MODULE_ID_SAP, QDF_TRACE_LEVEL_ERROR,
@@ -1060,21 +1063,18 @@ void sap_interference_rssi_count(tSapSpectChInfo *spect_ch)
 	}
 }
 
-/*==========================================================================
-  Function    ch_in_pcl
-
-  Description
-   Check if a channel is in the preferred channel list
-
-  Parameters
-   sap_ctx   SAP context pointer
-   channel   input channel number
-
-  Return Value
-   true:    channel is in PCL
-   false:   channel is not in PCL
- ==========================================================================*/
-bool ch_in_pcl(ptSapContext sap_ctx, uint8_t channel)
+/**
+ * ch_in_pcl() - Is channel in the Preferred Channel List (PCL)
+ * @sap_ctx: SAP context which contains the current PCL
+ * @channel: Input channel number to be checked
+ *
+ * Check if a channel is in the preferred channel list
+ *
+ * Return:
+ *   true:    channel is in PCL,
+ *   false:   channel is not in PCL
+ */
+static bool ch_in_pcl(ptSapContext sap_ctx, uint8_t channel)
 {
 	uint32_t i;
 
@@ -1086,32 +1086,21 @@ bool ch_in_pcl(ptSapContext sap_ctx, uint8_t channel)
 	return false;
 }
 
-/*==========================================================================
-   FUNCTION    sap_compute_spect_weight
-
-   DESCRIPTION
-    Main function for computing the weight of each channel in the
-    spectrum based on the RSSI value of the BSSes on the channel
-    and number of BSS
-
-   DEPENDENCIES
-    NA.
-
-   PARAMETERS
-
-    IN
-    pSpectInfoParams       : Pointer to the tSpectInfoParams structure
-    halHandle              : Pointer to HAL handle
-    pResult                : Pointer to tScanResultHandle
-
-   RETURN VALUE
-    void     : NULL
-
-   SIDE EFFECTS
-   ============================================================================*/
-void sap_compute_spect_weight(tSapChSelSpectInfo *pSpectInfoParams,
-			      tHalHandle halHandle, tScanResultHandle pResult,
-				ptSapContext sap_ctx)
+/**
+ * sap_compute_spect_weight() - Compute spectrum weight
+ * @pSpectInfoParams: Pointer to the tSpectInfoParams structure
+ * @halHandle: Pointer to HAL handle
+ * @pResult: Pointer to tScanResultHandle
+ * @sap_ctx: Context of the SAP
+ *
+ * Main function for computing the weight of each channel in the
+ * spectrum based on the RSSI value of the BSSes on the channel
+ * and number of BSS
+ */
+static void sap_compute_spect_weight(tSapChSelSpectInfo *pSpectInfoParams,
+				     tHalHandle halHandle,
+				     tScanResultHandle pResult,
+				     ptSapContext sap_ctx)
 {
 	int8_t rssi = 0;
 	uint8_t chn_num = 0;
@@ -1299,7 +1288,7 @@ void sap_compute_spect_weight(tSapChSelSpectInfo *pSpectInfoParams,
 
    SIDE EFFECTS
    ============================================================================*/
-void sap_chan_sel_exit(tSapChSelSpectInfo *pSpectInfoParams)
+static void sap_chan_sel_exit(tSapChSelSpectInfo *pSpectInfoParams)
 {
 	/* Free all the allocated memory */
 	qdf_mem_free(pSpectInfoParams->pSpectCh);
@@ -1324,7 +1313,7 @@ void sap_chan_sel_exit(tSapChSelSpectInfo *pSpectInfoParams)
 
    SIDE EFFECTS
    ============================================================================*/
-void sap_sort_chl_weight(tSapChSelSpectInfo *pSpectInfoParams)
+static void sap_sort_chl_weight(tSapChSelSpectInfo *pSpectInfoParams)
 {
 	tSapSpectChInfo temp;
 
@@ -1358,7 +1347,7 @@ void sap_sort_chl_weight(tSapChSelSpectInfo *pSpectInfoParams)
  *
  * Return: none
  */
-void sap_sort_chl_weight_ht80(tSapChSelSpectInfo *pSpectInfoParams)
+static void sap_sort_chl_weight_ht80(tSapChSelSpectInfo *pSpectInfoParams)
 {
 	uint8_t i, j, n;
 	tSapSpectChInfo *pSpectInfo;
@@ -1459,7 +1448,7 @@ void sap_sort_chl_weight_ht80(tSapChSelSpectInfo *pSpectInfoParams)
  *
  * Return: none
  */
-void sap_sort_chl_weight_vht160(tSapChSelSpectInfo *pSpectInfoParams)
+static void sap_sort_chl_weight_vht160(tSapChSelSpectInfo *pSpectInfoParams)
 {
 	uint8_t i, j, n, idx;
 	tSapSpectChInfo *pSpectInfo;
@@ -1598,7 +1587,7 @@ void sap_sort_chl_weight_vht160(tSapChSelSpectInfo *pSpectInfoParams)
  *
  * Return: none
  */
-void sap_sort_chl_weight_ht40_24_g(tSapChSelSpectInfo *pSpectInfoParams)
+static void sap_sort_chl_weight_ht40_24_g(tSapChSelSpectInfo *pSpectInfoParams)
 {
 	uint8_t i, j;
 	tSapSpectChInfo *pSpectInfo;
@@ -1708,7 +1697,7 @@ void sap_sort_chl_weight_ht40_24_g(tSapChSelSpectInfo *pSpectInfoParams)
 
    SIDE EFFECTS
    ============================================================================*/
-void sap_sort_chl_weight_ht40_5_g(tSapChSelSpectInfo *pSpectInfoParams)
+static void sap_sort_chl_weight_ht40_5_g(tSapChSelSpectInfo *pSpectInfoParams)
 {
 	uint8_t i, j;
 	tSapSpectChInfo *pSpectInfo;
@@ -1790,9 +1779,9 @@ void sap_sort_chl_weight_ht40_5_g(tSapChSelSpectInfo *pSpectInfoParams)
 
    SIDE EFFECTS
    ============================================================================*/
-void sap_sort_chl_weight_all(ptSapContext pSapCtx,
-			     tSapChSelSpectInfo *pSpectInfoParams,
-			     uint32_t operatingBand)
+static void sap_sort_chl_weight_all(ptSapContext pSapCtx,
+				    tSapChSelSpectInfo *pSpectInfoParams,
+				    uint32_t operatingBand)
 {
 	tSapSpectChInfo *pSpectCh = NULL;
 	uint32_t j = 0;
@@ -1882,7 +1871,7 @@ void sap_sort_chl_weight_all(ptSapContext pSapCtx,
 
    SIDE EFFECTS
    ============================================================================*/
-bool sap_filter_over_lap_ch(ptSapContext pSapCtx, uint16_t chNum)
+static bool sap_filter_over_lap_ch(ptSapContext pSapCtx, uint16_t chNum)
 {
 	if (pSapCtx->enableOverLapCh)
 		return eSAP_TRUE;

core/sap/src/sap_fsm.c

@@ -889,7 +889,7 @@ static inline void sap_event_init(ptWLAN_SAPEvent sapEvent)
  *
  * Return: TRUE or FALSE
  */
-bool
+static bool
 sap_find_target_channel_in_channel_matrix(ptSapContext sapContext,
 					  enum phy_ch_width ch_width,
 					  uint8_t NOL_channel,
@@ -954,7 +954,7 @@ sap_find_target_channel_in_channel_matrix(ptSapContext sapContext,
  * Return: QDF_STATUS
  */
 
-QDF_STATUS
+static QDF_STATUS
 sap_mark_leaking_ch(ptSapContext sap_ctx,
 		enum phy_ch_width ch_width,
 		tSapDfsNolInfo *nol,
@@ -1772,7 +1772,7 @@ bool sap_acs_channel_check(ptSapContext sapContext, uint8_t channelNumber)
  *
  * Return: none
  */
-void sap_mark_dfs_channels(ptSapContext sapContext, uint8_t *channels,
+static void sap_mark_dfs_channels(ptSapContext sapContext, uint8_t *channels,
 			   uint8_t numChannels, uint64_t time)
 {
 	int i, j;
@@ -1843,9 +1843,10 @@ void sap_mark_dfs_channels(ptSapContext sapContext, uint8_t *channels,
  * This Function is to get bonding channels from primary channel.
  *
  */
-uint8_t sap_get_bonding_channels(ptSapContext sapContext, uint8_t channel,
-				 uint8_t *channels, uint8_t size,
-				 ePhyChanBondState chanBondState)
+static uint8_t sap_get_bonding_channels(ptSapContext sapContext,
+					uint8_t channel,
+					uint8_t *channels, uint8_t size,
+					ePhyChanBondState chanBondState)
 {
 	tHalHandle hHal = CDS_GET_HAL_CB(sapContext->p_cds_gctx);
 	tpAniSirGlobal pMac;
@@ -2507,8 +2508,9 @@ QDF_STATUS sap_open_session(tHalHandle hHal, ptSapContext sapContext,
 
    SIDE EFFECTS
    ============================================================================*/
-QDF_STATUS sap_goto_starting(ptSapContext sapContext, ptWLAN_SAPEvent sapEvent,
-			     eCsrRoamBssType bssType)
+static QDF_STATUS sap_goto_starting(ptSapContext sapContext,
+				    ptWLAN_SAPEvent sapEvent,
+				    eCsrRoamBssType bssType)
 {
 	/* tHalHandle */
 	tHalHandle hHal = CDS_GET_HAL_CB(sapContext->p_cds_gctx);
@@ -2568,7 +2570,7 @@ QDF_STATUS sap_goto_starting(ptSapContext sapContext, ptWLAN_SAPEvent sapEvent,
 
    SIDE EFFECTS
    ============================================================================*/
-QDF_STATUS sap_goto_disconnecting(ptSapContext sapContext)
+static QDF_STATUS sap_goto_disconnecting(ptSapContext sapContext)
 {
 	QDF_STATUS qdf_ret_status;
 	tHalHandle hHal;
@@ -2624,7 +2626,7 @@ static QDF_STATUS sap_roam_session_close_callback(void *pContext)
 
    SIDE EFFECTS
    ============================================================================*/
-QDF_STATUS sap_goto_disconnected(ptSapContext sapContext)
+static QDF_STATUS sap_goto_disconnected(ptSapContext sapContext)
 {
 	QDF_STATUS qdf_status = QDF_STATUS_E_FAILURE;
 	tWLAN_SAPEvent sapEvent;
@@ -2995,7 +2997,7 @@ QDF_STATUS sap_signal_hdd_event(ptSapContext sap_ctx,
    SIDE EFFECTS
     NA
    ============================================================================*/
-ptSapContext sap_find_valid_concurrent_session(tHalHandle hHal)
+static ptSapContext sap_find_valid_concurrent_session(tHalHandle hHal)
 {
 	tpAniSirGlobal pMac = PMAC_STRUCT(hHal);
 	uint8_t intf = 0;
@@ -3020,7 +3022,7 @@ ptSapContext sap_find_valid_concurrent_session(tHalHandle hHal)
  *
  * Return: Valid SAP context on success, else NULL
  */
-ptSapContext sap_find_cac_wait_session(tHalHandle handle)
+static ptSapContext sap_find_cac_wait_session(tHalHandle handle)
 {
 	tpAniSirGlobal mac = PMAC_STRUCT(handle);
 	uint8_t i = 0;
@@ -3167,7 +3169,7 @@ void sap_cac_reset_notify(tHalHandle hHal)
 
    SIDE EFFECTS
    ============================================================================*/
-QDF_STATUS sap_cac_start_notify(tHalHandle hHal)
+static QDF_STATUS sap_cac_start_notify(tHalHandle hHal)
 {
 	uint8_t intf = 0;
 	tpAniSirGlobal pMac = PMAC_STRUCT(hHal);
@@ -3253,7 +3255,7 @@ static QDF_STATUS wlansap_update_pre_cac_end(ptSapContext sap_context,
 
    SIDE EFFECTS
    ============================================================================*/
-QDF_STATUS sap_cac_end_notify(tHalHandle hHal, tCsrRoamInfo *roamInfo)
+static QDF_STATUS sap_cac_end_notify(tHalHandle hHal, tCsrRoamInfo *roamInfo)
 {
 	uint8_t intf;
 	tpAniSirGlobal pMac = PMAC_STRUCT(hHal);

core/sap/src/sap_module.c

@@ -626,7 +626,7 @@ uint16_t wlansap_check_cc_intf(void *Ctx)
   * Return:                                 The result code associated with
   *                                         performing the operation
   */
-QDF_STATUS
+static QDF_STATUS
 wlansap_set_scan_acs_channel_params(tsap_Config_t *pconfig,
 				ptSapContext psap_ctx,
 				void *pusr_context)
@@ -3619,3 +3619,20 @@ void wlan_sap_enable_phy_error_logs(tHalHandle hal, bool enable_log)
 	tpAniSirGlobal mac_ctx = PMAC_STRUCT(hal);
 	mac_ctx->sap.enable_dfs_phy_error_logs = enable_log;
 }
+
+
+/**
+ * wlansap_get_chan_width() - get sap channel width.
+ * @cds_ctx: pointer of global cds context
+ *
+ * This function get channel width of sap.
+ *
+ * Return: sap channel width
+ */
+uint32_t wlansap_get_chan_width(void *cds_ctx)
+{
+	ptSapContext sapcontext;
+
+	sapcontext = CDS_GET_SAP_CB(cds_ctx);
+	return wlan_sap_get_vht_ch_width(sapcontext);
+}

core/sme/inc/csr_api.h

@@ -512,6 +512,7 @@ typedef enum {
 	eCSR_ROAM_UPDATE_SCAN_RESULT,
 	eCSR_ROAM_START,
 	eCSR_ROAM_ABORT,
+	eCSR_ROAM_NAPI_OFF,
 } eRoamCmdStatus;
 
 /* comment inside indicates what roaming callback gets */
@@ -1467,6 +1468,8 @@ typedef struct sSirSmeAssocIndToUpperLayerCnf {
 } tSirSmeAssocIndToUpperLayerCnf, *tpSirSmeAssocIndToUpperLayerCnf;
 
 typedef struct tagCsrSummaryStatsInfo {
+	uint32_t snr;
+	uint32_t rssi;
 	uint32_t retry_cnt[4];
 	uint32_t multiple_retry_cnt[4];
 	uint32_t tx_frm_cnt[4];

core/sme/inc/p2p_api.h

@@ -80,6 +80,8 @@ typedef struct sp2pContext {
 	uint32_t probeRspIeLength;
 } tp2pContext, *tPp2pContext;
 
+QDF_STATUS sme_remain_on_chn_rsp(tpAniSirGlobal pMac, uint8_t *pMsg);
+QDF_STATUS sme_remain_on_chn_ready(tHalHandle hHal, uint8_t *pMsg);
 QDF_STATUS sme_remain_on_channel(tHalHandle hHal, uint8_t sessionId,
 		uint8_t channel, uint32_t duration,
 		remainOnChanCallback callback,

core/sme/inc/sme_inside.h

@@ -271,6 +271,8 @@ QDF_STATUS csr_create_roam_scan_channel_list(tpAniSirGlobal pMac,
 		const eCsrBand eBand);
 #endif
 
+QDF_STATUS p2p_process_remain_on_channel_cmd(tpAniSirGlobal pMac,
+					     tSmeCmd *p2pRemainonChn);
 ePhyChanBondState csr_convert_cb_ini_value_to_phy_cb_state(uint32_t cbIniValue);
 void active_list_cmd_timeout_handle(void *userData);
 void csr_process_set_dual_mac_config(tpAniSirGlobal mac, tSmeCmd *command);

core/sme/src/common/sme_api.c

@@ -73,10 +73,6 @@ extern QDF_STATUS pmc_prepare_command(tpAniSirGlobal pMac, uint32_t sessionId,
 				      uint32_t size, tSmeCmd **ppCmd);
 extern void pmc_release_command(tpAniSirGlobal pMac, tSmeCmd *pCommand);
 extern void qos_release_command(tpAniSirGlobal pMac, tSmeCmd *pCommand);
-extern QDF_STATUS p2p_process_remain_on_channel_cmd(tpAniSirGlobal pMac,
-						    tSmeCmd *p2pRemainonChn);
-extern QDF_STATUS sme_remain_on_chn_rsp(tpAniSirGlobal pMac, uint8_t *pMsg);
-extern QDF_STATUS sme_remain_on_chn_ready(tHalHandle hHal, uint8_t *pMsg);
 
 static QDF_STATUS init_sme_cmd_list(tpAniSirGlobal pMac);
 static void sme_abort_command(tpAniSirGlobal pMac, tSmeCmd *pCommand,
@@ -508,7 +504,7 @@ done:
 	return status;
 }
 
-void dump_csr_command_info(tpAniSirGlobal pMac, tSmeCmd *pCmd)
+static void dump_csr_command_info(tpAniSirGlobal pMac, tSmeCmd *pCmd)
 {
 	switch (pCmd->command) {
 	case eSmeCommandScan:
@@ -702,6 +698,7 @@ static void sme_abort_command(tpAniSirGlobal pMac, tSmeCmd *pCommand,
 
 }
 
+static
 tListElem *csr_get_cmd_to_process(tpAniSirGlobal pMac, tDblLinkList *pList,
 				  uint8_t sessionId, bool fInterlocked)
 {
@@ -726,7 +723,7 @@ tListElem *csr_get_cmd_to_process(tpAniSirGlobal pMac, tDblLinkList *pList,
 	return NULL;
 }
 
-bool sme_process_scan_queue(tpAniSirGlobal pMac)
+static bool sme_process_scan_queue(tpAniSirGlobal pMac)
 {
 	tListElem *pEntry;
 	tSmeCmd *pCommand;
@@ -823,7 +820,7 @@ end:
  * Return: true indicates that caller function can proceed to next cmd
  *         false otherwise.
  */
-bool sme_process_command(tpAniSirGlobal pMac)
+static bool sme_process_command(tpAniSirGlobal pMac)
 {
 	bool fContinue = false;
 	QDF_STATUS status = QDF_STATUS_SUCCESS;
@@ -1082,7 +1079,7 @@ bool sme_command_pending(tpAniSirGlobal pMac)
  *
  * Return: returns session id
  */
-uint32_t sme_get_sessionid_from_activelist(tpAniSirGlobal mac)
+static uint32_t sme_get_sessionid_from_activelist(tpAniSirGlobal mac)
 {
 	tListElem *entry;
 	tSmeCmd *command;
@@ -1547,7 +1544,7 @@ QDF_STATUS sme_update_roam_params(tHalHandle hal,
 }
 
 #ifdef WLAN_FEATURE_GTK_OFFLOAD
-void sme_process_get_gtk_info_rsp(tHalHandle hHal,
+static void sme_process_get_gtk_info_rsp(tHalHandle hHal,
 				  tpSirGtkOffloadGetInfoRspParams
 				  pGtkOffloadGetInfoRsp)
 {
@@ -1585,8 +1582,8 @@ void sme_process_get_gtk_info_rsp(tHalHandle hHal,
    \sa
 
    --------------------------------------------------------------------------*/
-void sme_process_ready_to_suspend(tHalHandle hHal,
-				  tpSirReadyToSuspendInd pReadyToSuspend)
+static void sme_process_ready_to_suspend(tHalHandle hHal,
+					 tpSirReadyToSuspendInd pReadyToSuspend)
 {
 	tpAniSirGlobal pMac = PMAC_STRUCT(hHal);
 
@@ -1616,8 +1613,8 @@ void sme_process_ready_to_suspend(tHalHandle hHal,
  *
  * Return: None
  */
-void sme_process_ready_to_ext_wow(tHalHandle hHal,
-				   tpSirReadyToExtWoWInd pReadyToExtWoW)
+static void sme_process_ready_to_ext_wow(tHalHandle hHal,
+					 tpSirReadyToExtWoWInd pReadyToExtWoW)
 {
 	tpAniSirGlobal pMac = PMAC_STRUCT(hHal);
 
@@ -2385,9 +2382,10 @@ QDF_STATUS sme_set_ese_roam_scan_channel_list(tHalHandle hHal,
 
 #endif /* FEATURE_WLAN_ESE */
 
-QDF_STATUS sme_ibss_peer_info_response_handleer(tHalHandle hHal,
-						tpSirIbssGetPeerInfoRspParams
-						pIbssPeerInfoParams)
+static
+QDF_STATUS sme_ibss_peer_info_response_handler(tHalHandle hHal,
+					       tpSirIbssGetPeerInfoRspParams
+					       pIbssPeerInfoParams)
 {
 	tpAniSirGlobal pMac = PMAC_STRUCT(hHal);
 
@@ -2794,9 +2792,8 @@ QDF_STATUS sme_process_msg(tHalHandle hHal, cds_msg_t *pMsg)
 #endif /* FEATURE_WLAN_LPHB */
 	case eWNI_SME_IBSS_PEER_INFO_RSP:
 		if (pMsg->bodyptr) {
-			sme_ibss_peer_info_response_handleer(pMac,
-							     pMsg->
-							     bodyptr);
+			sme_ibss_peer_info_response_handler(pMac,
+							    pMsg->bodyptr);
 			qdf_mem_free(pMsg->bodyptr);
 		} else {
 			sms_log(pMac, LOGE, FL("Empty message for %d"),
@@ -7838,24 +7835,19 @@ sme_handle_generic_change_country_code(tpAniSirGlobal mac_ctx,
 {
 	QDF_STATUS status = QDF_STATUS_SUCCESS;
 	v_REGDOMAIN_t reg_domain_id = 0;
-	bool is_11d_country = false;
 	bool supplicant_priority =
 		mac_ctx->roam.configParam.fSupplicantCountryCodeHasPriority;
 	tAniGenericChangeCountryCodeReq *msg = pMsgBuf;
 
 	sms_log(mac_ctx, LOG1, FL(" called"));
 
-	if (memcmp(msg->countryCode, mac_ctx->scan.countryCode11d,
-		   CDS_COUNTRY_CODE_LEN) == 0) {
-		is_11d_country = true;
-	}
 	/* Set the country code given by userspace when 11dOriginal is false
 	 * when 11doriginal is True,is_11d_country =0 and
 	 * fSupplicantCountryCodeHasPriority = 0, then revert the country code,
 	 * and return failure
 	 */
 	if (mac_ctx->roam.configParam.Is11dSupportEnabledOriginal == true
-	    && !is_11d_country && !supplicant_priority) {
+	    && !mac_ctx->is_11d_hint && !supplicant_priority) {
 		sms_log(mac_ctx, LOGW,
 			FL("Incorrect country req, nullify this"));
 
@@ -7879,37 +7871,14 @@ sme_handle_generic_change_country_code(tpAniSirGlobal mac_ctx,
 	}
 
 	/* if Supplicant country code has priority, disable 11d */
-	if (!is_11d_country && supplicant_priority)
+	if (supplicant_priority && !mac_ctx->is_11d_hint)
 		mac_ctx->roam.configParam.Is11dSupportEnabled = false;
+
+	qdf_mem_copy(mac_ctx->scan.countryCode11d, msg->countryCode,
+		     WNI_CFG_COUNTRY_CODE_LEN);
 	qdf_mem_copy(mac_ctx->scan.countryCodeCurrent, msg->countryCode,
 		     WNI_CFG_COUNTRY_CODE_LEN);
-	status = wma_set_reg_domain(mac_ctx, reg_domain_id);
-	if (false == is_11d_country) {
-		/* overwrite the defualt country code */
-		qdf_mem_copy(mac_ctx->scan.countryCodeDefault,
-			     mac_ctx->scan.countryCodeCurrent,
-			     WNI_CFG_COUNTRY_CODE_LEN);
-		/* set to default domain ID */
-		mac_ctx->scan.domainIdDefault = mac_ctx->scan.domainIdCurrent;
-	}
-	if (status != QDF_STATUS_SUCCESS) {
-		sms_log(mac_ctx, LOGE, FL("fail to set regId %d"),
-			reg_domain_id);
-		return status;
-	} else {
-		/* if 11d has priority, clear currentCountryBssid &
-		 * countryCode11d to get set again if we find AP with 11d info
-		 * during scan
-		 */
-		if (!supplicant_priority && (false == is_11d_country)) {
-			sms_log(mac_ctx, LOGW,
-				FL("Clearing currentCountryBssid, countryCode11d"));
-			qdf_mem_zero(&mac_ctx->scan.currentCountryBssid,
-				     sizeof(struct qdf_mac_addr));
-			qdf_mem_zero(mac_ctx->scan.countryCode11d,
-				     sizeof(mac_ctx->scan.countryCode11d));
-		}
-	}
+
 	/* get the channels based on new cc */
 	status = csr_get_channel_and_power_list(mac_ctx);
 
@@ -7929,6 +7898,8 @@ sme_handle_generic_change_country_code(tpAniSirGlobal mac_ctx,
 	 * Country IE
 	 */
 	mac_ctx->scan.curScanType = eSIR_ACTIVE_SCAN;
+	mac_ctx->is_11d_hint = false;
+
 	sme_disconnect_connected_sessions(mac_ctx);
 	sms_log(mac_ctx, LOG1, FL(" returned"));
 	return QDF_STATUS_SUCCESS;
@@ -11828,7 +11799,7 @@ void sme_get_recovery_stats(tHalHandle hHal)
  *
  * Return: None
  */
-void sme_save_active_cmd_stats(tHalHandle hHal)
+static void sme_save_active_cmd_stats(tHalHandle hHal)
 {
 	tSmeCmd *pTempCmd = NULL;
 	tListElem *pEntry;
@@ -13236,7 +13207,6 @@ QDF_STATUS sme_update_dsc_pto_up_mapping(tHalHandle hHal,
 			if ((pSession->QosMapSet.dscp_range[i][0] == 255)
 				&& (pSession->QosMapSet.dscp_range[i][1] ==
 							255)) {
-				dscpmapping[j] = 0;
 				QDF_TRACE(QDF_MODULE_ID_SME,
 					QDF_TRACE_LEVEL_ERROR,
 					FL("User Priority %d isn't used"), i);
@@ -13728,6 +13698,7 @@ QDF_STATUS sme_set_epno_list(tHalHandle hal,
 	sms_log(mac, LOG1, FL("enter"));
 	len = sizeof(*req_msg) +
 		(input->num_networks * sizeof(struct wifi_epno_network));
+
 	req_msg = qdf_mem_malloc(len);
 	if (!req_msg) {
 		sms_log(mac, LOGE, FL("qdf_mem_malloc failed"));
@@ -13738,17 +13709,28 @@ QDF_STATUS sme_set_epno_list(tHalHandle hal,
 	req_msg->num_networks = input->num_networks;
 	req_msg->request_id = input->request_id;
 	req_msg->session_id = input->session_id;
-	for (i = 0; i < req_msg->num_networks; i++) {
-		req_msg->networks[i].rssi_threshold =
-				input->networks[i].rssi_threshold;
-		req_msg->networks[i].flags = input->networks[i].flags;
-		req_msg->networks[i].auth_bit_field =
-				input->networks[i].auth_bit_field;
-		req_msg->networks[i].ssid.length =
-				input->networks[i].ssid.length;
-		qdf_mem_copy(req_msg->networks[i].ssid.ssId,
-				input->networks[i].ssid.ssId,
-				req_msg->networks[i].ssid.length);
+
+	/* Fill only when num_networks are non zero */
+	if (req_msg->num_networks) {
+		req_msg->min_5ghz_rssi = input->min_5ghz_rssi;
+		req_msg->min_24ghz_rssi = input->min_24ghz_rssi;
+		req_msg->initial_score_max = input->initial_score_max;
+		req_msg->same_network_bonus = input->same_network_bonus;
+		req_msg->secure_bonus = input->secure_bonus;
+		req_msg->band_5ghz_bonus = input->band_5ghz_bonus;
+		req_msg->current_connection_bonus =
+			input->current_connection_bonus;
+
+		for (i = 0; i < req_msg->num_networks; i++) {
+			req_msg->networks[i].flags = input->networks[i].flags;
+			req_msg->networks[i].auth_bit_field =
+					input->networks[i].auth_bit_field;
+			req_msg->networks[i].ssid.length =
+					input->networks[i].ssid.length;
+			qdf_mem_copy(req_msg->networks[i].ssid.ssId,
+					input->networks[i].ssid.ssId,
+					req_msg->networks[i].ssid.length);
+		}
 	}
 
 	status = sme_acquire_global_lock(&mac->sme);
@@ -14091,13 +14073,6 @@ QDF_STATUS sme_ll_stats_get_req(tHalHandle hHal, tSirLLStatsGetReq *pgetStatsReq
 	cds_msg_t cds_message;
 	tSirLLStatsGetReq *get_stats_req;
 
-	QDF_TRACE(QDF_MODULE_ID_SME, QDF_TRACE_LEVEL_INFO,
-		  "reqId = %u", pgetStatsReq->reqId);
-	QDF_TRACE(QDF_MODULE_ID_SME, QDF_TRACE_LEVEL_INFO,
-		  "staId = %u", pgetStatsReq->staId);
-	QDF_TRACE(QDF_MODULE_ID_SME, QDF_TRACE_LEVEL_INFO,
-		  "Stats Type = %u", pgetStatsReq->paramIdMask);
-
 	get_stats_req = qdf_mem_malloc(sizeof(*get_stats_req));
 
 	if (!get_stats_req) {
@@ -16827,7 +16802,6 @@ QDF_STATUS sme_encrypt_decrypt_msg_deregister_callback(tHalHandle h_hal)
 
 QDF_STATUS sme_set_cts2self_for_p2p_go(tHalHandle hal_handle)
 {
-	cds_msg_t message;
 	void *wma_handle;
 
 	wma_handle = cds_get_context(QDF_MODULE_ID_WMA);
@@ -16836,10 +16810,6 @@ QDF_STATUS sme_set_cts2self_for_p2p_go(tHalHandle hal_handle)
 				"wma_handle is NULL");
 		return QDF_STATUS_E_FAILURE;
 	}
-
-	message.bodyptr = NULL;
-	message.type = WMA_SET_CTS2SELF_FOR_STA;
-
 	if (QDF_STATUS_SUCCESS !=
 		wma_set_cts2self_for_p2p_go(wma_handle, true)) {
 		QDF_TRACE(QDF_MODULE_ID_SME, QDF_TRACE_LEVEL_ERROR,

core/sme/src/common/sme_power_save.c

@@ -43,7 +43,7 @@
  *
  * Return: QDF_STATUS
  */
-QDF_STATUS sme_post_ps_msg_to_wma(uint16_t type, void *body)
+static QDF_STATUS sme_post_ps_msg_to_wma(uint16_t type, void *body)
 {
 	cds_msg_t msg;
 
@@ -142,7 +142,7 @@ static void sme_get_ps_state(tpAniSirGlobal mac_ctx,
  *
  * Return: QDF_STATUS
  */
-QDF_STATUS sme_ps_enable_ps_req_params(tpAniSirGlobal mac_ctx,
+static QDF_STATUS sme_ps_enable_ps_req_params(tpAniSirGlobal mac_ctx,
 		uint32_t session_id)
 {
 	struct sEnablePsParams *enable_ps_req_params;
@@ -186,7 +186,7 @@ QDF_STATUS sme_ps_enable_ps_req_params(tpAniSirGlobal mac_ctx,
  *
  * Return: QDF_STATUS
  */
-QDF_STATUS sme_ps_disable_ps_req_params(tpAniSirGlobal mac_ctx,
+static QDF_STATUS sme_ps_disable_ps_req_params(tpAniSirGlobal mac_ctx,
 		uint32_t session_id)
 {
 	struct  sDisablePsParams *disable_ps_req_params;
@@ -218,7 +218,7 @@ QDF_STATUS sme_ps_disable_ps_req_params(tpAniSirGlobal mac_ctx,
  *
  * Return: QDF_STATUS
  */
-QDF_STATUS sme_ps_enable_uapsd_req_params(tpAniSirGlobal mac_ctx,
+static QDF_STATUS sme_ps_enable_uapsd_req_params(tpAniSirGlobal mac_ctx,
 		uint32_t session_id)
 {
 
@@ -257,7 +257,7 @@ QDF_STATUS sme_ps_enable_uapsd_req_params(tpAniSirGlobal mac_ctx,
  *
  * Return: QDF_STATUS
  */
-QDF_STATUS sme_ps_disable_uapsd_req_params(tpAniSirGlobal mac_ctx,
+static QDF_STATUS sme_ps_disable_uapsd_req_params(tpAniSirGlobal mac_ctx,
 		uint32_t session_id)
 {
 	struct sDisableUapsdParams *disable_uapsd_req_params;
@@ -296,7 +296,7 @@ QDF_STATUS sme_ps_disable_uapsd_req_params(tpAniSirGlobal mac_ctx,
  *
  * Return: QDF_STATUS
  */
-QDF_STATUS sme_ps_enter_wowl_req_params(tpAniSirGlobal mac_ctx,
+static QDF_STATUS sme_ps_enter_wowl_req_params(tpAniSirGlobal mac_ctx,
 		uint32_t session_id)
 {
 	struct sSirHalWowlEnterParams *hal_wowl_params;
@@ -394,8 +394,9 @@ QDF_STATUS sme_ps_enter_wowl_req_params(tpAniSirGlobal mac_ctx,
 		QDF_TRACE(QDF_MODULE_ID_SME, QDF_TRACE_LEVEL_INFO,
 			FL("Msg WMA_WOWL_ENTER_REQ Successfully sent to WMA"));
 		return QDF_STATUS_SUCCESS;
-	} else
-		goto end;
+	} else {
+		return QDF_STATUS_E_FAILURE;
+	}
 
 end:
 	if (hal_wowl_params != NULL)
@@ -410,7 +411,7 @@ end:
  *
  * Return: QDF_STATUS
  */
-QDF_STATUS sme_ps_exit_wowl_req_params(tpAniSirGlobal mac_ctx,
+static QDF_STATUS sme_ps_exit_wowl_req_params(tpAniSirGlobal mac_ctx,
 		uint32_t session_id)
 {
 	struct sSirHalWowlExitParams *hal_wowl_msg;
@@ -429,10 +430,9 @@ QDF_STATUS sme_ps_exit_wowl_req_params(tpAniSirGlobal mac_ctx,
 		QDF_TRACE(QDF_MODULE_ID_SME, QDF_TRACE_LEVEL_INFO,
 			FL("Msg WMA_WOWL_EXIT_REQ Successfully sent to WMA"));
 		return QDF_STATUS_SUCCESS;
+	} else {
+		return QDF_STATUS_E_FAILURE;
 	}
-	if (hal_wowl_msg != NULL)
-		qdf_mem_free(hal_wowl_msg);
-	return QDF_STATUS_E_FAILURE;
 }
 
 /**

core/sme/src/csr/csr_api_roam.c

@@ -469,7 +469,7 @@ static int8_t csr_find_channel_pwr(struct channel_power *
  *
  * Return: None
  */
-void csr_roam_arrange_ch_list(tpAniSirGlobal mac_ctx,
+static void csr_roam_arrange_ch_list(tpAniSirGlobal mac_ctx,
 			tSirUpdateChanParam *chan_list, uint8_t num_channel)
 {
 	bool prefer_5g = CSR_IS_ROAM_PREFER_5GHZ(mac_ctx);
@@ -549,7 +549,7 @@ void csr_roam_arrange_ch_list(tpAniSirGlobal mac_ctx,
  *
  * Return: None
  */
-void csr_roam_sort_channel_for_early_stop(tpAniSirGlobal mac_ctx,
+static void csr_roam_sort_channel_for_early_stop(tpAniSirGlobal mac_ctx,
 			tSirUpdateChanList *chan_list, uint8_t num_channel)
 {
 	tSirUpdateChanList *chan_list_greedy, *chan_list_non_greedy;
@@ -1655,7 +1655,7 @@ bool csr_roam_is_ese_ini_feature_enabled(tpAniSirGlobal pMac)
  *
  * Return: None
  */
-void csr_tsm_stats_rsp_processor(tpAniSirGlobal pMac, void *pMsg)
+static void csr_tsm_stats_rsp_processor(tpAniSirGlobal pMac, void *pMsg)
 {
 	tAniGetTsmStatsRsp *pTsmStatsRsp = (tAniGetTsmStatsRsp *) pMsg;
 
@@ -1701,7 +1701,7 @@ void csr_tsm_stats_rsp_processor(tpAniSirGlobal pMac, void *pMsg)
  *
  * Return: None
  */
-void csr_send_ese_adjacent_ap_rep_ind(tpAniSirGlobal pMac,
+static void csr_send_ese_adjacent_ap_rep_ind(tpAniSirGlobal pMac,
 					tCsrRoamSession *pSession)
 {
 	uint32_t roamTS2 = 0;
@@ -2028,6 +2028,7 @@ ePhyChanBondState csr_convert_cb_ini_value_to_phy_cb_state(uint32_t cbIniValue)
 	return phyCbState;
 }
 
+static
 uint32_t csr_convert_phy_cb_state_to_ini_value(ePhyChanBondState phyCbState)
 {
 
@@ -2844,7 +2845,7 @@ end:
  *
  * Return: void
  */
-void csr_prune_ch_list(tCsrChannel *ch_lst, bool is_24_GHz)
+static void csr_prune_ch_list(tCsrChannel *ch_lst, bool is_24_GHz)
 {
 	uint8_t idx = 0, num_channels = 0;
 	for ( ; idx < ch_lst->numChannels; idx++) {
@@ -3503,11 +3504,13 @@ QDF_STATUS csr_roam_call_callback(tpAniSirGlobal pMac, uint32_t sessionId,
 }
 
 /* Returns whether handoff is currently in progress or not */
+static
 bool csr_roam_is_handoff_in_progress(tpAniSirGlobal pMac, uint8_t sessionId)
 {
 	return csr_neighbor_roam_is_handoff_in_progress(pMac, sessionId);
 }
 
+static
 QDF_STATUS csr_roam_issue_disassociate(tpAniSirGlobal pMac, uint32_t sessionId,
 				       eCsrRoamSubState NewSubstate,
 				       bool fMICFailure)
@@ -3784,6 +3787,7 @@ csr_roam_get_wps_session_overlap(tpAniSirGlobal pMac, uint32_t sessionId,
 	return status;
 }
 
+static
 QDF_STATUS csr_roam_issue_deauth(tpAniSirGlobal pMac, uint32_t sessionId,
 				 eCsrRoamSubState NewSubstate)
 {
@@ -3856,6 +3860,7 @@ QDF_STATUS csr_roam_save_connected_bss_desc(tpAniSirGlobal pMac, uint32_t sessio
 	return status;
 }
 
+static
 QDF_STATUS csr_roam_prepare_bss_config(tpAniSirGlobal pMac,
 				       tCsrRoamProfile *pProfile,
 				       tSirBssDescription *pBssDesc,
@@ -4294,8 +4299,8 @@ static void csr_set_cfg_ssid(tpAniSirGlobal pMac, tSirMacSSid *pSSID)
 	cfg_set_str(pMac, WNI_CFG_SSID, (uint8_t *) pSSID->ssId, len);
 }
 
-QDF_STATUS csr_set_qos_to_cfg(tpAniSirGlobal pMac, uint32_t sessionId,
-			      eCsrMediaAccessType qosType)
+static QDF_STATUS csr_set_qos_to_cfg(tpAniSirGlobal pMac, uint32_t sessionId,
+				     eCsrMediaAccessType qosType)
 {
 	QDF_STATUS status = QDF_STATUS_SUCCESS;
 	uint32_t QoSEnabled;
@@ -4781,6 +4786,7 @@ QDF_STATUS csr_roam_set_bss_config_cfg(tpAniSirGlobal pMac, uint32_t sessionId,
 	return QDF_STATUS_SUCCESS;
 }
 
+static
 QDF_STATUS csr_roam_stop_network(tpAniSirGlobal pMac, uint32_t sessionId,
 				 tCsrRoamProfile *pProfile,
 				 tSirBssDescription *pBssDesc,
@@ -4907,9 +4913,9 @@ static eCsrJoinState csr_roam_state_for_same_profile(tpAniSirGlobal mac_ctx,
 
 }
 
-eCsrJoinState csr_roam_join(tpAniSirGlobal pMac, uint32_t sessionId,
-			    tCsrScanResultInfo *pScanResult,
-			    tCsrRoamProfile *pProfile)
+static eCsrJoinState csr_roam_join(tpAniSirGlobal pMac, uint32_t sessionId,
+				   tCsrScanResultInfo *pScanResult,
+				   tCsrRoamProfile *pProfile)
 {
 	eCsrJoinState eRoamState = eCsrContinueRoaming;
 	tSirBssDescription *pBssDesc = &pScanResult->BssDescriptor;
@@ -4986,6 +4992,7 @@ eCsrJoinState csr_roam_join(tpAniSirGlobal pMac, uint32_t sessionId,
 	return eRoamState;
 }
 
+static
 QDF_STATUS csr_roam_should_roam(tpAniSirGlobal pMac, uint32_t sessionId,
 				tSirBssDescription *pBssDesc, uint32_t roamId)
 {
@@ -5492,6 +5499,7 @@ static QDF_STATUS csr_roam(tpAniSirGlobal pMac, tSmeCmd *pCommand)
 	return status;
 }
 
+static
 QDF_STATUS csr_process_ft_reassoc_roam_command(tpAniSirGlobal pMac,
 					       tSmeCmd *pCommand)
 {
@@ -6074,7 +6082,7 @@ bool csr_roam_is_fast_roam_enabled(tpAniSirGlobal pMac, uint32_t sessionId)
 }
 
 #ifdef FEATURE_WLAN_MCC_TO_SCC_SWITCH
-eCsrPhyMode csr_roamdot11mode_to_phymode(uint8_t dot11mode)
+static eCsrPhyMode csr_roamdot11mode_to_phymode(uint8_t dot11mode)
 {
 	eCsrPhyMode phymode = eCSR_DOT11_MODE_abg;
 
@@ -6115,7 +6123,7 @@ eCsrPhyMode csr_roamdot11mode_to_phymode(uint8_t dot11mode)
 #endif
 
 #ifdef WLAN_FEATURE_ROAM_OFFLOAD
-void csr_roam_synch_clean_up (tpAniSirGlobal mac, uint8_t session_id)
+static void csr_roam_synch_clean_up (tpAniSirGlobal mac, uint8_t session_id)
 {
 	cds_msg_t msg;
 	struct roam_offload_synch_fail *roam_offload_failed = NULL;
@@ -7889,7 +7897,8 @@ csr_roam_reassoc(tpAniSirGlobal mac_ctx, uint32_t session_id,
 	return status;
 }
 
-QDF_STATUS csr_roam_join_last_profile(tpAniSirGlobal pMac, uint32_t sessionId)
+static QDF_STATUS csr_roam_join_last_profile(tpAniSirGlobal pMac,
+					     uint32_t sessionId)
 {
 	QDF_STATUS status = QDF_STATUS_E_FAILURE;
 	tScanResultHandle hBSSList = NULL;
@@ -8567,10 +8576,11 @@ static void csr_roam_join_rsp_processor(tpAniSirGlobal pMac,
 	} /*else: ( eSIR_SME_SUCCESS == pSmeJoinRsp->statusCode ) */
 }
 
-QDF_STATUS csr_roam_issue_join(tpAniSirGlobal pMac, uint32_t sessionId,
-			       tSirBssDescription *pSirBssDesc,
-			       tDot11fBeaconIEs *pIes, tCsrRoamProfile *pProfile,
-			       uint32_t roamId)
+static QDF_STATUS csr_roam_issue_join(tpAniSirGlobal pMac, uint32_t sessionId,
+				      tSirBssDescription *pSirBssDesc,
+				      tDot11fBeaconIEs *pIes,
+				      tCsrRoamProfile *pProfile,
+				      uint32_t roamId)
 {
 	QDF_STATUS status;
 	sms_log(pMac, LOG1, "Attempting to Join Bssid= " MAC_ADDRESS_STR,
@@ -9211,6 +9221,7 @@ csr_check_profile_in_scan_cache(tpAniSirGlobal mac_ctx,
 	return true;
 }
 
+static
 void csr_roam_roaming_state_disassoc_rsp_processor(tpAniSirGlobal pMac,
 						   tSirSmeDisassocRsp *pSmeRsp)
 {
@@ -10173,6 +10184,7 @@ free_filter:
 	return status;
 }
 
+static
 bool csr_roam_issue_wm_status_change(tpAniSirGlobal pMac, uint32_t sessionId,
 				     eCsrRoamWmStatusChangeTypes Type,
 				     tSirSmeRsp *pSmeRsp)
@@ -10452,15 +10464,12 @@ csr_roam_chk_lnk_disassoc_ind(tpAniSirGlobal mac_ctx, tSirSmeRsp *msg_ptr)
 		return;
 	}
 
-	sms_log(mac_ctx, LOGE,
-		FL("DISASSOCIATION Indication from MAC for session %d "),
-		sessionId);
 	sms_log(mac_ctx, LOGE,
 		FL("DISASSOCIATION from peer =" MAC_ADDRESS_STR
-		   " " " reason = %d status = %d "),
+		   " " " reason: %d status: %d session: %d"),
 		MAC_ADDR_ARRAY(pDisassocInd->peer_macaddr.bytes),
 		pDisassocInd->reasonCode,
-		pDisassocInd->statusCode);
+		pDisassocInd->statusCode, sessionId);
 	/*
 	 * If we are in neighbor preauth done state then on receiving
 	 * disassoc or deauth we dont roam instead we just disassoc
@@ -11697,6 +11706,7 @@ void csr_roam_completion(tpAniSirGlobal pMac, uint32_t sessionId,
 	}
 }
 
+static
 QDF_STATUS csr_roam_lost_link(tpAniSirGlobal pMac, uint32_t sessionId,
 			      uint32_t type, tSirSmeRsp *pSirMsg)
 {
@@ -11812,7 +11822,7 @@ QDF_STATUS csr_roam_lost_link(tpAniSirGlobal pMac, uint32_t sessionId,
 }
 
 
-void csr_roam_wm_status_change_complete(tpAniSirGlobal pMac)
+static void csr_roam_wm_status_change_complete(tpAniSirGlobal pMac)
 {
 	tListElem *pEntry;
 	tSmeCmd *pCommand;
@@ -12318,9 +12328,9 @@ static ePhyChanBondState csr_get_cb_mode_from_ies(tpAniSirGlobal pMac,
 	return eRet;
 }
 
-bool csr_is_encryption_in_list(tpAniSirGlobal pMac,
-			       tCsrEncryptionList *pCipherList,
-			       eCsrEncryptionType encryptionType)
+static bool csr_is_encryption_in_list(tpAniSirGlobal pMac,
+				      tCsrEncryptionList *pCipherList,
+				      eCsrEncryptionType encryptionType)
 {
 	bool fFound = false;
 	uint32_t idx;
@@ -12333,8 +12343,8 @@ bool csr_is_encryption_in_list(tpAniSirGlobal pMac,
 	return fFound;
 }
 
-bool csr_is_auth_in_list(tpAniSirGlobal pMac, tCsrAuthList *pAuthList,
-			 eCsrAuthType authType)
+static bool csr_is_auth_in_list(tpAniSirGlobal pMac, tCsrAuthList *pAuthList,
+				eCsrAuthType authType)
 {
 	bool fFound = false;
 	uint32_t idx;
@@ -12447,7 +12457,7 @@ bool csr_roam_is_same_profile_keys(tpAniSirGlobal pMac,
 
 /* IBSS */
 
-uint8_t csr_roam_get_ibss_start_channel_number50(tpAniSirGlobal pMac)
+static uint8_t csr_roam_get_ibss_start_channel_number50(tpAniSirGlobal pMac)
 {
 	uint8_t channel = 0;
 	uint32_t idx;
@@ -12506,7 +12516,7 @@ uint8_t csr_roam_get_ibss_start_channel_number50(tpAniSirGlobal pMac)
 	return channel;
 }
 
-uint8_t csr_roam_get_ibss_start_channel_number24(tpAniSirGlobal pMac)
+static uint8_t csr_roam_get_ibss_start_channel_number24(tpAniSirGlobal pMac)
 {
 	uint8_t channel = 1;
 	uint32_t idx;
@@ -15258,7 +15268,10 @@ void csr_get_vdev_type_nss(tpAniSirGlobal mac_ctx,
 	sms_log(mac_ctx, LOG1, FL("mode - %d: nss_2g - %d, 5g - %d"),
 			dev_mode, *nss_2g, *nss_5g);
 }
-QDF_STATUS csr_issue_add_sta_for_session_req(tpAniSirGlobal pMac, uint32_t sessionId,
+
+static
+QDF_STATUS csr_issue_add_sta_for_session_req(tpAniSirGlobal pMac,
+					     uint32_t sessionId,
 					     tSirMacAddr sessionMacAddr,
 					     uint32_t type, uint32_t subType)
 {
@@ -15598,10 +15611,11 @@ QDF_STATUS csr_process_del_sta_session_rsp(tpAniSirGlobal pMac, uint8_t *pMsg)
 }
 
 
-QDF_STATUS csr_issue_del_sta_for_session_req(tpAniSirGlobal pMac, uint32_t sessionId,
-					     tSirMacAddr sessionMacAddr,
-					     csr_roamSessionCloseCallback callback,
-					     void *pContext)
+static QDF_STATUS
+csr_issue_del_sta_for_session_req(tpAniSirGlobal pMac, uint32_t sessionId,
+				  tSirMacAddr sessionMacAddr,
+				  csr_roamSessionCloseCallback callback,
+				  void *pContext)
 {
 	QDF_STATUS status = QDF_STATUS_SUCCESS;
 	tSmeCmd *pCommand;
@@ -16245,6 +16259,7 @@ tListElem *csr_roam_find_in_pe_stats_req_list(tpAniSirGlobal pMac, uint32_t stat
 	return pEntry;
 }
 
+static
 tListElem *csr_roam_checkn_update_client_req_list(tpAniSirGlobal pMac,
 						  tCsrStatsClientReqInfo *pStaEntry,
 						  bool update)
@@ -16389,6 +16404,7 @@ tCsrStatsClientReqInfo *csr_roam_insert_entry_into_list(tpAniSirGlobal pMac,
 	return pNewStaEntry;
 }
 
+static
 tCsrPeStatsReqInfo *csr_roam_insert_entry_into_pe_stats_req_list(tpAniSirGlobal pMac,
 								 tDblLinkList *
 								 pStaList,
@@ -17464,8 +17480,8 @@ static void check_allowed_ssid_list(tSirRoamOffloadScanReq *req_buffer,
 #define RSO_ABORT_SCAN_ALLOW_MASK (RSO_START_BIT | RSO_RESTART_BIT | \
 		RSO_UPDATE_CFG_BIT | RSO_ABORT_SCAN_BIT)
 
-bool csr_is_RSO_cmd_allowed(tpAniSirGlobal mac_ctx, uint8_t command,
-		uint8_t session_id)
+static bool csr_is_RSO_cmd_allowed(tpAniSirGlobal mac_ctx, uint8_t command,
+				   uint8_t session_id)
 {
 	tpCsrNeighborRoamControlInfo neigh_roam_info =
 		&mac_ctx->roam.neighborRoamInfo[session_id];
@@ -17505,7 +17521,8 @@ bool csr_is_RSO_cmd_allowed(tpAniSirGlobal mac_ctx, uint8_t command,
  *
  * Return: QDF_STATUS
  */
-QDF_STATUS csr_roam_send_rso_cmd(tpAniSirGlobal mac_ctx, uint8_t session_id,
+static QDF_STATUS csr_roam_send_rso_cmd(tpAniSirGlobal mac_ctx,
+					uint8_t session_id,
 					tSirRoamOffloadScanReq *request_buf)
 {
 	QDF_STATUS status;
@@ -18805,6 +18822,8 @@ void csr_process_ho_fail_ind(tpAniSirGlobal pMac, void *pMsgBuf)
 		return;
 	}
 	cds_set_connection_in_progress(false);
+	csr_roam_call_callback(pMac, sessionId, NULL, 0,
+			eCSR_ROAM_NAPI_OFF, eSIR_SME_SUCCESS);
 	csr_roam_synch_clean_up(pMac, sessionId);
 	csr_roaming_report_diag_event(pMac, NULL,
 			eCSR_REASON_ROAM_HO_FAIL);
@@ -19543,6 +19562,11 @@ void csr_roam_synch_callback(tpAniSirGlobal mac_ctx,
 				eCSR_ROAM_ABORT, eSIR_SME_SUCCESS);
 		sme_release_global_lock(&mac_ctx->sme);
 		return;
+	case SIR_ROAM_SYNCH_NAPI_OFF:
+		csr_roam_call_callback(mac_ctx, session_id, NULL, 0,
+				eCSR_ROAM_NAPI_OFF, eSIR_SME_SUCCESS);
+		sme_release_global_lock(&mac_ctx->sme);
+		return;
 	case SIR_ROAM_SYNCH_PROPAGATION:
 		break;
 	case SIR_ROAM_SYNCH_COMPLETE:

core/sme/src/csr/csr_api_scan.c

@@ -104,8 +104,6 @@ static bool csr_scan_validate_scan_result(tpAniSirGlobal pMac, uint8_t *pChannel
 					  tSirBssDescription *pBssDesc,
 					  tDot11fBeaconIEs **ppIes);
 bool csr_roam_is_valid_channel(tpAniSirGlobal pMac, uint8_t channel);
-void csr_prune_channel_list_for_mode(tpAniSirGlobal pMac,
-				     tCsrChannel *pChannelList);
 static void csr_purge_scan_result_by_age(void *pv);
 
 #define CSR_IS_SOCIAL_CHANNEL(channel) \
@@ -645,9 +643,9 @@ release_cmd:
 	return status;
 }
 
-QDF_STATUS csr_issue_roam_after_lostlink_scan(tpAniSirGlobal pMac,
-					      uint32_t sessionId,
-					      eCsrRoamReason reason)
+static QDF_STATUS csr_issue_roam_after_lostlink_scan(tpAniSirGlobal pMac,
+						     uint32_t sessionId,
+						     eCsrRoamReason reason)
 {
 	QDF_STATUS status = QDF_STATUS_E_FAILURE;
 	tScanResultHandle hBSSList = NULL;
@@ -2157,7 +2155,7 @@ QDF_STATUS csr_scan_get_result(tpAniSirGlobal pMac,
  * csr_scan_get_result returns with a failure because
  * of not being able to find the roaming BSS.
  */
-bool csr_scan_flush_denied(tpAniSirGlobal pMac)
+static bool csr_scan_flush_denied(tpAniSirGlobal pMac)
 {
 	uint8_t sessionId;
 
@@ -2265,7 +2263,7 @@ void csr_scan_flush_bss_entry(tpAniSirGlobal pMac,
  * @return Status
  */
 
-QDF_STATUS csr_check11d_channel(uint8_t channelId, uint8_t *pChannelList,
+static QDF_STATUS csr_check11d_channel(uint8_t channelId, uint8_t *pChannelList,
 				uint32_t numChannels)
 {
 	QDF_STATUS status = QDF_STATUS_E_FAILURE;
@@ -2526,8 +2524,9 @@ QDF_STATUS csr_scanning_state_msg_processor(tpAniSirGlobal pMac,
 	return status;
 }
 
-void csr_check_n_save_wsc_ie(tpAniSirGlobal pMac, tSirBssDescription *pNewBssDescr,
-			     tSirBssDescription *pOldBssDescr)
+static void csr_check_n_save_wsc_ie(tpAniSirGlobal pMac,
+				    tSirBssDescription *pNewBssDescr,
+				    tSirBssDescription *pOldBssDescr)
 {
 	int idx, len;
 	uint8_t *pbIe;
@@ -2563,10 +2562,11 @@ void csr_check_n_save_wsc_ie(tpAniSirGlobal pMac, tSirBssDescription *pNewBssDes
 }
 
 /* pIes may be NULL */
-bool csr_remove_dup_bss_description(tpAniSirGlobal pMac,
-				    tSirBssDescription *bss_dscp,
-				    tDot11fBeaconIEs *pIes, tAniSSID *pSsid,
-				    unsigned long *timer, bool fForced)
+static bool csr_remove_dup_bss_description(tpAniSirGlobal pMac,
+					   tSirBssDescription *bss_dscp,
+					   tDot11fBeaconIEs *pIes,
+					   tAniSSID *pSsid,
+					   unsigned long *timer, bool fForced)
 {
 	tListElem *pEntry;
 	tCsrScanResult *scan_entry;
@@ -2648,9 +2648,10 @@ bool csr_remove_dup_bss_description(tpAniSirGlobal pMac,
 	return fRC;
 }
 
-QDF_STATUS csr_add_pmkid_candidate_list(tpAniSirGlobal pMac, uint32_t sessionId,
-					tSirBssDescription *pBssDesc,
-					tDot11fBeaconIEs *pIes)
+static QDF_STATUS csr_add_pmkid_candidate_list(tpAniSirGlobal pMac,
+					       uint32_t sessionId,
+					       tSirBssDescription *pBssDesc,
+					       tDot11fBeaconIEs *pIes)
 {
 	QDF_STATUS status = QDF_STATUS_E_FAILURE;
 	tCsrRoamSession *pSession = CSR_GET_SESSION(pMac, sessionId);
@@ -2709,10 +2710,10 @@ QDF_STATUS csr_add_pmkid_candidate_list(tpAniSirGlobal pMac, uint32_t sessionId,
  * profile. If it is found, it return the sessionId, else it return invalid
  * sessionID
  */
-QDF_STATUS csr_process_bss_desc_for_pmkid_list(tpAniSirGlobal pMac,
-					       tSirBssDescription *pBssDesc,
-					       tDot11fBeaconIEs *pIes,
-					       uint8_t sessionId)
+static QDF_STATUS csr_process_bss_desc_for_pmkid_list(tpAniSirGlobal pMac,
+						tSirBssDescription *pBssDesc,
+						tDot11fBeaconIEs *pIes,
+						uint8_t sessionId)
 {
 	tCsrRoamSession *pSession;
 	tDot11fBeaconIEs *pIesLocal = pIes;
@@ -2753,9 +2754,10 @@ QDF_STATUS csr_process_bss_desc_for_pmkid_list(tpAniSirGlobal pMac,
 }
 
 #ifdef FEATURE_WLAN_WAPI
-QDF_STATUS csr_add_bkid_candidate_list(tpAniSirGlobal pMac, uint32_t sessionId,
-				       tSirBssDescription *pBssDesc,
-				       tDot11fBeaconIEs *pIes)
+static QDF_STATUS csr_add_bkid_candidate_list(tpAniSirGlobal pMac,
+					      uint32_t sessionId,
+					      tSirBssDescription *pBssDesc,
+					      tDot11fBeaconIEs *pIes)
 {
 	QDF_STATUS status = QDF_STATUS_E_FAILURE;
 	tCsrRoamSession *pSession = CSR_GET_SESSION(pMac, sessionId);
@@ -2803,9 +2805,9 @@ QDF_STATUS csr_add_bkid_candidate_list(tpAniSirGlobal pMac, uint32_t sessionId,
  * This function checks whether new AP is found for the current connected
  * profile, if so add to BKIDCandidateList
  */
-bool csr_process_bss_desc_for_bkid_list(tpAniSirGlobal pMac,
-					tSirBssDescription *pBssDesc,
-					tDot11fBeaconIEs *pIes)
+static bool csr_process_bss_desc_for_bkid_list(tpAniSirGlobal pMac,
+					       tSirBssDescription *pBssDesc,
+					       tDot11fBeaconIEs *pIes)
 {
 	bool fRC = false;
 	tDot11fBeaconIEs *pIesLocal = pIes;
@@ -3485,9 +3487,9 @@ QDF_STATUS csr_set_country_code(tpAniSirGlobal pMac, uint8_t *pCountry)
 /* caller allocated memory for pNumChn and pChnPowerInfo */
 /* As input, *pNumChn has the size of the array of pChnPowerInfo */
 /* Upon return, *pNumChn has the number of channels assigned. */
-void csr_get_channel_power_info(tpAniSirGlobal pMac, tDblLinkList *list,
-				uint32_t *num_ch,
-				struct channel_power *chn_pwr_info)
+static void csr_get_channel_power_info(tpAniSirGlobal pMac, tDblLinkList *list,
+				       uint32_t *num_ch,
+				       struct channel_power *chn_pwr_info)
 {
 	tListElem *entry;
 	uint32_t chn_idx = 0, idx;
@@ -3512,7 +3514,7 @@ void csr_get_channel_power_info(tpAniSirGlobal pMac, tDblLinkList *list,
 }
 
 #ifdef FEATURE_WLAN_DIAG_SUPPORT_CSR
-void csr_diag_apply_country_info(tpAniSirGlobal mac_ctx)
+static void csr_diag_apply_country_info(tpAniSirGlobal mac_ctx)
 {
 	host_log_802_11d_pkt_type *p11dLog;
 	struct channel_power chnPwrInfo[WNI_CFG_VALID_CHANNEL_LIST_LEN];
@@ -3712,6 +3714,11 @@ bool csr_learn_11dcountry_information(tpAniSirGlobal pMac,
 	else
 		pCountryCodeSelected = pMac->scan.countryCodeElected;
 
+	if (qdf_mem_cmp(pCountryCodeSelected, pMac->scan.countryCode11d,
+		   CDS_COUNTRY_CODE_LEN) == 0)
+		goto free_ie;
+
+	pMac->is_11d_hint = true;
 	status = csr_get_regulatory_domain_for_country(pMac,
 				pCountryCodeSelected, &domainId, SOURCE_11D);
 	if (status != QDF_STATUS_SUCCESS) {
@@ -3765,10 +3772,11 @@ void csr_reinit_scan_cmd(tpAniSirGlobal pMac, tSmeCmd *pCommand)
 	qdf_mem_set(&pCommand->u.scanCmd, sizeof(tScanCmd), 0);
 }
 
-eCsrScanCompleteNextCommand csr_scan_get_next_command_state(tpAniSirGlobal pMac,
-							    tSmeCmd *pCommand,
-							    bool fSuccess,
-							    uint8_t *chan)
+static eCsrScanCompleteNextCommand csr_scan_get_next_command_state(
+							tpAniSirGlobal pMac,
+							tSmeCmd *pCommand,
+							bool fSuccess,
+							uint8_t *chan)
 {
 	eCsrScanCompleteNextCommand NextCommand = eCsrNextScanNothing;
 	int8_t channel;
@@ -3831,7 +3839,7 @@ eCsrScanCompleteNextCommand csr_scan_get_next_command_state(tpAniSirGlobal pMac,
 }
 
 /* Return whether the pCommand is finished. */
-bool csr_handle_scan11d1_failure(tpAniSirGlobal pMac, tSmeCmd *pCommand)
+static bool csr_handle_scan11d1_failure(tpAniSirGlobal pMac, tSmeCmd *pCommand)
 {
 	bool fRet = true;
 
@@ -3930,8 +3938,8 @@ csr_diag_scan_complete(tpAniSirGlobal pMac,
  *
  * Return: QDF_STATUS
  */
-QDF_STATUS csr_save_profile(tpAniSirGlobal mac_ctx,
-			    tSmeCmd *save_cmd, tSmeCmd *command)
+static QDF_STATUS csr_save_profile(tpAniSirGlobal mac_ctx,
+				   tSmeCmd *save_cmd, tSmeCmd *command)
 {
 	tCsrScanResult *scan_result;
 	tCsrScanResult *temp;
@@ -4333,10 +4341,10 @@ csr_scan_remove_dup_bss_description_from_interim_list(tpAniSirGlobal mac_ctx,
 
 /* Caller allocated memory pfNewBssForConn to return whether new candidate for */
 /* current connection is found. Cannot be NULL */
-tCsrScanResult *csr_scan_save_bss_description_to_interim_list(tpAniSirGlobal pMac,
-							      tSirBssDescription *
-							      pBSSDescription,
-							      tDot11fBeaconIEs *pIes)
+static tCsrScanResult *csr_scan_save_bss_description_to_interim_list(
+					tpAniSirGlobal pMac,
+					tSirBssDescription *pBSSDescription,
+					tDot11fBeaconIEs *pIes)
 {
 	tCsrScanResult *pCsrBssDescription = NULL;
 	uint32_t cbBSSDesc;
@@ -4674,7 +4682,7 @@ QDF_STATUS csr_scan_process_single_bssdescr(tpAniSirGlobal mac_ctx,
 }
 
 
-bool csr_scan_is_wild_card_scan(tpAniSirGlobal pMac, tSmeCmd *pCommand)
+static bool csr_scan_is_wild_card_scan(tpAniSirGlobal pMac, tSmeCmd *pCommand)
 {
 	uint8_t bssid[QDF_MAC_ADDR_SIZE] = {0};
 	/*
@@ -4847,7 +4855,7 @@ QDF_STATUS csr_move_bss_to_head_from_bssid(tpAniSirGlobal pMac,
 /* Remove the BSS if possible. */
 /* Return -- true == the BSS is remove. False == Fail to remove it */
 /* This function is called when list lock is held. Be caution what functions it can call. */
-bool csr_scan_age_out_bss(tpAniSirGlobal pMac, tCsrScanResult *pResult)
+static bool csr_scan_age_out_bss(tpAniSirGlobal pMac, tCsrScanResult *pResult)
 {
 	bool fRet = false;
 	uint32_t i;
@@ -4883,10 +4891,6 @@ bool csr_scan_age_out_bss(tpAniSirGlobal pMac, tCsrScanResult *pResult)
 			(uint32_t) qdf_mc_timer_get_system_ticks();
 		return fRet;
 	}
-	sms_log(pMac, LOGW,
-		"Aging out BSS " MAC_ADDRESS_STR " Channel %d",
-		MAC_ADDR_ARRAY(pResult->Result.BssDescriptor.bssId),
-		pResult->Result.BssDescriptor.channelId);
 	/*
 	 * No need to hold the spin lock because caller should hold the lock for
 	 * pMac->scan.scanResultList
@@ -4953,9 +4957,9 @@ QDF_STATUS csr_scan_age_results(tpAniSirGlobal pMac,
 	return status;
 }
 
-QDF_STATUS csr_send_mb_scan_req(tpAniSirGlobal pMac, uint16_t sessionId,
-				tCsrScanRequest *pScanReq,
-				tScanReqParam *pScanReqParam)
+static QDF_STATUS csr_send_mb_scan_req(tpAniSirGlobal pMac, uint16_t sessionId,
+				       tCsrScanRequest *pScanReq,
+				       tScanReqParam *pScanReqParam)
 {
 	QDF_STATUS status = QDF_STATUS_SUCCESS;
 	tSirSmeScanReq *pMsg;
@@ -5957,8 +5961,9 @@ static void csr_purge_scan_result_by_age(void *pv)
 			    ageout_time) {
 			bssId = result->Result.BssDescriptor.bssId;
 			sms_log(mac_ctx, LOGW,
-				FL("age out due to time out"MAC_ADDRESS_STR),
-				MAC_ADDR_ARRAY(bssId));
+				FL("age out for BSSID" MAC_ADDRESS_STR" Channel %d"),
+				MAC_ADDR_ARRAY(bssId),
+				result->Result.BssDescriptor.channelId);
 			csr_scan_age_out_bss(mac_ctx, result);
 		}
 		entry = tmp_entry;
@@ -7005,9 +7010,20 @@ QDF_STATUS csr_scan_save_preferred_network_found(tpAniSirGlobal pMac,
 		pBssDescr->channelId = parsed_frm->channelNumber;
 	else if (parsed_frm->HTInfo.present)
 		pBssDescr->channelId = parsed_frm->HTInfo.primaryChannel;
-	else
-		pBssDescr->channelId = parsed_frm->channelNumber;
-
+	else {
+		/*
+		 * If Probe Responce received in PNO indication does not
+		 * contain DSParam IE or HT Info IE then add dummy channel
+		 * to the received BSS info so that Scan result received as
+		 * a part of PNO is updated to the supplicant. Specially
+		 * applicable in case of AP configured in 11A only mode.
+		 */
+		if ((pMac->roam.configParam.bandCapability == eCSR_BAND_ALL) ||
+			(pMac->roam.configParam.bandCapability == eCSR_BAND_24))
+			pBssDescr->channelId = 1;
+		 else if (pMac->roam.configParam.bandCapability == eCSR_BAND_5G)
+			pBssDescr->channelId = 36;
+	}
 	if ((pBssDescr->channelId > 0) && (pBssDescr->channelId < 15)) {
 		int i;
 		/* 11b or 11g packet */

core/sme/src/csr/csr_inside_api.h

@@ -1077,4 +1077,5 @@ QDF_STATUS csr_roam_set_bss_config_cfg(tpAniSirGlobal mac_ctx,
 		tCsrRoamProfile *profile, tSirBssDescription *bss_desc,
 		tBssConfigParam *bss_cfg, tDot11fBeaconIEs *ies,
 		bool reset_country);
-
+void csr_prune_channel_list_for_mode(tpAniSirGlobal pMac,
+				     tCsrChannel *pChannelList);

core/sme/src/csr/csr_link_list.c

@@ -103,7 +103,7 @@ static inline void csr_list_insert_head(tListElem *pHead, tListElem *pEntry)
 }
 
 /* Insert pNewEntry before pEntry */
-void csr_list_insert_entry(tListElem *pEntry, tListElem *pNewEntry)
+static void csr_list_insert_entry(tListElem *pEntry, tListElem *pNewEntry)
 {
 	tListElem *pLast;
 	if (!pEntry) {

core/sme/src/csr/csr_neighbor_roam.c

@@ -270,8 +270,9 @@ static void csr_neighbor_roam_reset_channel_info(tpCsrNeighborRoamChannelInfo
  *
  * Return: None
  */
-void csr_neighbor_roam_reset_connected_state_control_info(tpAniSirGlobal pMac,
-							  uint8_t sessionId)
+static void csr_neighbor_roam_reset_connected_state_control_info(
+							tpAniSirGlobal pMac,
+							uint8_t sessionId)
 {
 	tpCsrNeighborRoamControlInfo pNeighborRoamInfo =
 		&pMac->roam.neighborRoamInfo[sessionId];
@@ -294,8 +295,9 @@ void csr_neighbor_roam_reset_connected_state_control_info(tpAniSirGlobal pMac,
 		     sizeof(tCsrHandoffRequest));
 }
 
-void csr_neighbor_roam_reset_report_scan_state_control_info(tpAniSirGlobal pMac,
-							    uint8_t sessionId)
+static void csr_neighbor_roam_reset_report_scan_state_control_info(
+							tpAniSirGlobal pMac,
+							uint8_t sessionId)
 {
 	tpCsrNeighborRoamControlInfo pNeighborRoamInfo =
 		&pMac->roam.neighborRoamInfo[sessionId];
@@ -325,8 +327,8 @@ void csr_neighbor_roam_reset_report_scan_state_control_info(tpAniSirGlobal pMac,
  *
  * Return: None
  */
-void csr_neighbor_roam_reset_init_state_control_info(tpAniSirGlobal pMac,
-						     uint8_t sessionId)
+static void csr_neighbor_roam_reset_init_state_control_info(tpAniSirGlobal pMac,
+							    uint8_t sessionId)
 {
 	csr_neighbor_roam_reset_connected_state_control_info(pMac, sessionId);
 
@@ -655,7 +657,7 @@ QDF_STATUS csr_neighbor_roam_merge_channel_lists(tpAniSirGlobal pMac,
  *
  * Return: bool
  */
-bool csr_neighbor_roam_is_ssid_and_security_match(tpAniSirGlobal pMac,
+static bool csr_neighbor_roam_is_ssid_and_security_match(tpAniSirGlobal pMac,
 		tCsrRoamConnectedProfile *pCurProfile,
 		tSirBssDescription *pBssDesc, tDot11fBeaconIEs *pIes)
 {
@@ -1194,7 +1196,7 @@ QDF_STATUS csr_neighbor_roam_indicate_connect(
     \return QDF_STATUS_SUCCESS on success, corresponding error code otherwise
 
    ---------------------------------------------------------------------------*/
-QDF_STATUS csr_neighbor_roam_init11r_assoc_info(tpAniSirGlobal pMac)
+static QDF_STATUS csr_neighbor_roam_init11r_assoc_info(tpAniSirGlobal pMac)
 {
 	QDF_STATUS status;
 	uint8_t i;
@@ -1487,7 +1489,7 @@ bool csr_neighbor_middle_of_roaming(tpAniSirGlobal pMac, uint8_t sessionId)
  *
  * Return: status
  */
-QDF_STATUS csr_neighbor_roam_process_handoff_req(
+static QDF_STATUS csr_neighbor_roam_process_handoff_req(
 			tpAniSirGlobal mac_ctx,
 			uint8_t session_id)
 {

core/sme/src/csr/csr_tdls_process.c

@@ -51,7 +51,8 @@
  * common routine to remove TDLS cmd from SME command list..
  * commands are removed after getting reponse from PE.
  */
-QDF_STATUS csr_tdls_remove_sme_cmd(tpAniSirGlobal pMac, eSmeCommandType cmdType)
+static QDF_STATUS csr_tdls_remove_sme_cmd(tpAniSirGlobal pMac,
+					  eSmeCommandType cmdType)
 {
 	QDF_STATUS status = QDF_STATUS_E_FAILURE;
 	tListElem *pEntry;
@@ -363,8 +364,8 @@ QDF_STATUS csr_tdls_del_peer_sta(tHalHandle hHal, uint8_t sessionId,
 /*
  * TDLS messages sent to PE .
  */
-QDF_STATUS tdls_send_message(tpAniSirGlobal pMac, uint16_t msg_type,
-			     void *msg_data, uint32_t msg_size)
+static QDF_STATUS tdls_send_message(tpAniSirGlobal pMac, uint16_t msg_type,
+				    void *msg_data, uint32_t msg_size)
 {
 
 	tSirMbMsg *pMsg = (tSirMbMsg *) msg_data;
@@ -382,7 +383,7 @@ QDF_STATUS tdls_send_message(tpAniSirGlobal pMac, uint16_t msg_type,
 	return QDF_STATUS_SUCCESS;
 }
 
-QDF_STATUS csr_tdls_process_send_mgmt(tpAniSirGlobal pMac, tSmeCmd *cmd)
+static QDF_STATUS csr_tdls_process_send_mgmt(tpAniSirGlobal pMac, tSmeCmd *cmd)
 {
 	tTdlsSendMgmtCmdInfo *tdlsSendMgmtCmdInfo =
 		&cmd->u.tdlsCmd.u.tdlsSendMgmtCmdInfo;
@@ -451,7 +452,7 @@ QDF_STATUS csr_tdls_process_send_mgmt(tpAniSirGlobal pMac, tSmeCmd *cmd)
 	return status;
 }
 
-QDF_STATUS csr_tdls_process_add_sta(tpAniSirGlobal pMac, tSmeCmd *cmd)
+static QDF_STATUS csr_tdls_process_add_sta(tpAniSirGlobal pMac, tSmeCmd *cmd)
 {
 	tTdlsAddStaCmdInfo *tdlsAddStaCmdInfo =
 		&cmd->u.tdlsCmd.u.tdlsAddStaCmdInfo;
@@ -522,7 +523,7 @@ QDF_STATUS csr_tdls_process_add_sta(tpAniSirGlobal pMac, tSmeCmd *cmd)
 	return status;
 }
 
-QDF_STATUS csr_tdls_process_del_sta(tpAniSirGlobal pMac, tSmeCmd *cmd)
+static QDF_STATUS csr_tdls_process_del_sta(tpAniSirGlobal pMac, tSmeCmd *cmd)
 {
 	tTdlsDelStaCmdInfo *tdlsDelStaCmdInfo =
 		&cmd->u.tdlsCmd.u.tdlsDelStaCmdInfo;

core/sme/src/csr/csr_util.c

@@ -354,7 +354,7 @@ bool csr_is_conn_state_wds(tpAniSirGlobal pMac, uint32_t sessionId)
 	       csr_is_conn_state_disconnected_wds(pMac, sessionId);
 }
 
-bool csr_is_conn_state_ap(tpAniSirGlobal pMac, uint32_t sessionId)
+static bool csr_is_conn_state_ap(tpAniSirGlobal pMac, uint32_t sessionId)
 {
 	tCsrRoamSession *pSession;
 	pSession = CSR_GET_SESSION(pMac, sessionId);
@@ -494,8 +494,10 @@ uint8_t csr_get_concurrent_operation_channel(tpAniSirGlobal mac_ctx)
  *
  * Return: none
  */
-void csr_get_ch_from_ht_profile(tpAniSirGlobal pMac, tCsrRoamHTProfile *htp,
-				uint16_t och, uint16_t *cfreq, uint16_t *hbw)
+static void csr_get_ch_from_ht_profile(tpAniSirGlobal pMac,
+				       tCsrRoamHTProfile *htp,
+				       uint16_t och, uint16_t *cfreq,
+				       uint16_t *hbw)
 {
 	uint16_t cch, ch_bond;
 
@@ -1089,7 +1091,7 @@ bool csr_is_ibss_bss_desc(tSirBssDescription *pSirBssDesc)
 	return (bool) dot11Caps.ibss;
 }
 
-bool csr_is_qo_s_bss_desc(tSirBssDescription *pSirBssDesc)
+static bool csr_is_qos_bss_desc(tSirBssDescription *pSirBssDesc)
 {
 	tSirMacCapabilityInfo dot11Caps = csr_get_bss_capabilities(pSirBssDesc);
 
@@ -1180,8 +1182,9 @@ bool csr_is_ssid_equal(tHalHandle hHal, tSirBssDescription *pSirBssDesc1,
 }
 
 /* pIes can be passed in as NULL if the caller doesn't have one prepared */
-bool csr_is_bss_description_wme(tHalHandle hHal, tSirBssDescription *pSirBssDesc,
-				tDot11fBeaconIEs *pIes)
+static bool csr_is_bss_description_wme(tHalHandle hHal,
+				       tSirBssDescription *pSirBssDesc,
+				       tDot11fBeaconIEs *pIes)
 {
 	tpAniSirGlobal pMac = PMAC_STRUCT(hHal);
 	/* Assume that WME is found... */
@@ -1234,7 +1237,7 @@ eCsrMediaAccessType csr_get_qo_s_from_bss_desc(tHalHandle hHal,
 			qosType = eCSR_MEDIUM_ACCESS_WMM_eDCF_DSCP;
 		} else {
 			/* if the QoS bit is on, then the AP is advertising 11E QoS... */
-			if (csr_is_qo_s_bss_desc(pSirBssDesc)) {
+			if (csr_is_qos_bss_desc(pSirBssDesc)) {
 				qosType = eCSR_MEDIUM_ACCESS_11e_eDCF;
 			} else {
 				qosType = eCSR_MEDIUM_ACCESS_DCF;
@@ -1357,7 +1360,8 @@ uint32_t csr_get_rts_thresh(tHalHandle hHal)
 	return pMac->roam.configParam.RTSThreshold;
 }
 
-eCsrPhyMode csr_translate_to_phy_mode_from_bss_desc(tSirBssDescription *pSirBssDesc)
+static eCsrPhyMode csr_translate_to_phy_mode_from_bss_desc(
+						tSirBssDescription *pSirBssDesc)
 {
 	eCsrPhyMode phyMode;
 
@@ -1489,8 +1493,10 @@ QDF_STATUS csr_get_phy_mode_from_bss(tpAniSirGlobal pMac,
  *
  * Return: true or false
  */
-bool csr_get_phy_mode_in_use(eCsrPhyMode phyModeIn, eCsrPhyMode bssPhyMode,
-			     bool f5GhzBand, eCsrCfgDot11Mode *pCfgDot11ModeToUse)
+static bool csr_get_phy_mode_in_use(eCsrPhyMode phyModeIn,
+				    eCsrPhyMode bssPhyMode,
+				    bool f5GhzBand,
+				    eCsrCfgDot11Mode *pCfgDot11ModeToUse)
 {
 	bool fMatch = false;
 	eCsrCfgDot11Mode cfgDot11Mode;
@@ -1882,7 +1888,7 @@ bool csr_is_profile_rsn(tCsrRoamProfile *pProfile)
  *
  * Return: QDF_STATUS
  */
-QDF_STATUS csr_update_mcc_p2p_beacon_interval(tpAniSirGlobal mac_ctx)
+static QDF_STATUS csr_update_mcc_p2p_beacon_interval(tpAniSirGlobal mac_ctx)
 {
 	uint32_t session_id = 0;
 	tCsrRoamSession *roam_session;
@@ -1926,8 +1932,9 @@ QDF_STATUS csr_update_mcc_p2p_beacon_interval(tpAniSirGlobal mac_ctx)
 	return QDF_STATUS_E_FAILURE;
 }
 
-uint16_t csr_calculate_mcc_beacon_interval(tpAniSirGlobal pMac, uint16_t sta_bi,
-					   uint16_t go_gbi)
+static uint16_t csr_calculate_mcc_beacon_interval(tpAniSirGlobal pMac,
+						  uint16_t sta_bi,
+						  uint16_t go_gbi)
 {
 	uint8_t num_beacons = 0;
 	uint8_t is_multiple = 0;
@@ -2560,7 +2567,7 @@ static bool csr_is_auth_wpa_psk(tpAniSirGlobal pMac,
 		(pMac, AllSuites, cAllSuites, csr_wpa_oui[02], Oui);
 }
 
-uint8_t csr_get_oui_index_from_cipher(eCsrEncryptionType enType)
+static uint8_t csr_get_oui_index_from_cipher(eCsrEncryptionType enType)
 {
 	uint8_t OUIIndex;
 
@@ -2612,14 +2619,14 @@ uint8_t csr_get_oui_index_from_cipher(eCsrEncryptionType enType)
  *
  * Return: bool
  */
-bool csr_get_rsn_information(tHalHandle hal, tCsrAuthList *auth_type,
-			     eCsrEncryptionType encr_type,
-			     tCsrEncryptionList *mc_encryption,
-			     tDot11fIERSN *rsn_ie, uint8_t *ucast_cipher,
-			     uint8_t *mcast_cipher, uint8_t *auth_suite,
-			     tCsrRSNCapabilities *capabilities,
-			     eCsrAuthType *negotiated_authtype,
-			     eCsrEncryptionType *negotiated_mccipher)
+static bool csr_get_rsn_information(tHalHandle hal, tCsrAuthList *auth_type,
+				    eCsrEncryptionType encr_type,
+				    tCsrEncryptionList *mc_encryption,
+				    tDot11fIERSN *rsn_ie, uint8_t *ucast_cipher,
+				    uint8_t *mcast_cipher, uint8_t *auth_suite,
+				    tCsrRSNCapabilities *capabilities,
+				    eCsrAuthType *negotiated_authtype,
+				    eCsrEncryptionType *negotiated_mccipher)
 {
 	tpAniSirGlobal mac_ctx = PMAC_STRUCT(hal);
 	bool acceptable_cipher = false;
@@ -2860,14 +2867,14 @@ csr_is_pmf_capabilities_in_rsn_match(tHalHandle hHal,
 }
 #endif
 
-bool csr_is_rsn_match(tHalHandle hHal, tCsrAuthList *pAuthType,
-		      eCsrEncryptionType enType,
-		      tCsrEncryptionList *pEnMcType,
-		      bool *pMFPEnabled, uint8_t *pMFPRequired,
-		      uint8_t *pMFPCapable,
-		      tDot11fBeaconIEs *pIes,
-		      eCsrAuthType *pNegotiatedAuthType,
-		      eCsrEncryptionType *pNegotiatedMCCipher)
+static bool csr_is_rsn_match(tHalHandle hHal, tCsrAuthList *pAuthType,
+			     eCsrEncryptionType enType,
+			     tCsrEncryptionList *pEnMcType,
+			     bool *pMFPEnabled, uint8_t *pMFPRequired,
+			     uint8_t *pMFPCapable,
+			     tDot11fBeaconIEs *pIes,
+			     eCsrAuthType *pNegotiatedAuthType,
+			     eCsrEncryptionType *pNegotiatedMCCipher)
 {
 	bool fRSNMatch = false;
 
@@ -2888,8 +2895,8 @@ bool csr_is_rsn_match(tHalHandle hHal, tCsrAuthList *pAuthType,
 	return fRSNMatch;
 }
 
-bool csr_lookup_pmkid(tpAniSirGlobal pMac, uint32_t sessionId, uint8_t *pBSSId,
-		      uint8_t *pPMKId)
+static bool csr_lookup_pmkid(tpAniSirGlobal pMac, uint32_t sessionId,
+			     uint8_t *pBSSId, uint8_t *pPMKId)
 {
 	bool fRC = false, fMatchFound = false;
 	uint32_t Index;
@@ -3099,13 +3106,14 @@ uint8_t csr_construct_rsn_ie(tHalHandle hHal, uint32_t sessionId,
  *
  * Return: bool
  */
-bool csr_get_wapi_information(tHalHandle hal, tCsrAuthList *auth_type,
-			      eCsrEncryptionType encr_type,
-			      tCsrEncryptionList *mc_encryption,
-			      tDot11fIEWAPI *wapi_ie, uint8_t *ucast_cipher,
-			      uint8_t *mcast_cipher, uint8_t *auth_suite,
-			      eCsrAuthType *negotiated_authtype,
-			      eCsrEncryptionType *negotiated_mccipher)
+static bool csr_get_wapi_information(tHalHandle hal, tCsrAuthList *auth_type,
+				     eCsrEncryptionType encr_type,
+				     tCsrEncryptionList *mc_encryption,
+				     tDot11fIEWAPI *wapi_ie,
+				     uint8_t *ucast_cipher,
+				     uint8_t *mcast_cipher, uint8_t *auth_suite,
+				     eCsrAuthType *negotiated_authtype,
+				     eCsrEncryptionType *negotiated_mccipher)
 {
 	tpAniSirGlobal mac_ctx = PMAC_STRUCT(hal);
 	bool acceptable_cipher = false;
@@ -3215,10 +3223,12 @@ end:
 	return acceptable_cipher;
 }
 
-bool csr_is_wapi_match(tHalHandle hHal, tCsrAuthList *pAuthType,
-		       eCsrEncryptionType enType, tCsrEncryptionList *pEnMcType,
-		       tDot11fBeaconIEs *pIes, eCsrAuthType *pNegotiatedAuthType,
-		       eCsrEncryptionType *pNegotiatedMCCipher)
+static bool csr_is_wapi_match(tHalHandle hHal, tCsrAuthList *pAuthType,
+			      eCsrEncryptionType enType,
+			      tCsrEncryptionList *pEnMcType,
+			      tDot11fBeaconIEs *pIes,
+			      eCsrAuthType *pNegotiatedAuthType,
+			      eCsrEncryptionType *pNegotiatedMCCipher)
 {
 	bool fWapiMatch = false;
 
@@ -3226,13 +3236,14 @@ bool csr_is_wapi_match(tHalHandle hHal, tCsrAuthList *pAuthType,
 	fWapiMatch =
 		csr_get_wapi_information(hHal, pAuthType, enType, pEnMcType,
 					 &pIes->WAPI, NULL, NULL, NULL,
-					 pNegotiatedAuthType, pNegotiatedMCCipher);
+					 pNegotiatedAuthType,
+					 pNegotiatedMCCipher);
 
 	return fWapiMatch;
 }
 
-bool csr_lookup_bkid(tpAniSirGlobal pMac, uint32_t sessionId, uint8_t *pBSSId,
-		     uint8_t *pBKId)
+static bool csr_lookup_bkid(tpAniSirGlobal pMac, uint32_t sessionId,
+			    uint8_t *pBSSId, uint8_t *pBKId)
 {
 	bool fRC = false, fMatchFound = false;
 	uint32_t Index;
@@ -3391,12 +3402,13 @@ uint8_t csr_construct_wapi_ie(tpAniSirGlobal pMac, uint32_t sessionId,
  *
  * Return: bool
  */
-bool csr_get_wpa_cyphers(tpAniSirGlobal mac_ctx, tCsrAuthList *auth_type,
-		eCsrEncryptionType encr_type, tCsrEncryptionList *mc_encryption,
-		tDot11fIEWPA *wpa_ie, uint8_t *ucast_cipher,
-		uint8_t *mcast_cipher, uint8_t *auth_suite,
-		eCsrAuthType *negotiated_authtype,
-		eCsrEncryptionType *negotiated_mccipher)
+static bool csr_get_wpa_cyphers(tpAniSirGlobal mac_ctx, tCsrAuthList *auth_type,
+				eCsrEncryptionType encr_type,
+				tCsrEncryptionList *mc_encryption,
+				tDot11fIEWPA *wpa_ie, uint8_t *ucast_cipher,
+				uint8_t *mcast_cipher, uint8_t *auth_suite,
+				eCsrAuthType *negotiated_authtype,
+				eCsrEncryptionType *negotiated_mccipher)
 {
 	bool acceptable_cipher = false;
 	uint8_t c_ucast_cipher = 0;
@@ -3501,12 +3513,13 @@ end:
 	return acceptable_cipher;
 }
 
-bool csr_is_wpa_encryption_match(tpAniSirGlobal pMac, tCsrAuthList *pAuthType,
-				 eCsrEncryptionType enType,
-				 tCsrEncryptionList *pEnMcType,
-				 tDot11fBeaconIEs *pIes,
-				 eCsrAuthType *pNegotiatedAuthtype,
-				 eCsrEncryptionType *pNegotiatedMCCipher)
+static bool csr_is_wpa_encryption_match(tpAniSirGlobal pMac,
+					tCsrAuthList *pAuthType,
+					eCsrEncryptionType enType,
+					tCsrEncryptionList *pEnMcType,
+					tDot11fBeaconIEs *pIes,
+					eCsrAuthType *pNegotiatedAuthtype,
+					eCsrEncryptionType *pNegotiatedMCCipher)
 {
 	bool fWpaMatch = false;
 
@@ -3814,12 +3827,14 @@ tAniEdType csr_translate_encrypt_type_to_ed_type(eCsrEncryptionType EncryptType)
  *
  * Return: bool
  */
-bool csr_validate_wep(tpAniSirGlobal mac_ctx, eCsrEncryptionType uc_encry_type,
-		      tCsrAuthList *auth_list,
-		      tCsrEncryptionList *mc_encryption_list,
-		      eCsrAuthType *negotiated_authtype,
-		      eCsrEncryptionType *negotiated_mc_encry,
-		      tSirBssDescription *bss_descr, tDot11fBeaconIEs *ie_ptr)
+static bool csr_validate_wep(tpAniSirGlobal mac_ctx,
+			     eCsrEncryptionType uc_encry_type,
+			     tCsrAuthList *auth_list,
+			     tCsrEncryptionList *mc_encryption_list,
+			     eCsrAuthType *negotiated_authtype,
+			     eCsrEncryptionType *negotiated_mc_encry,
+			     tSirBssDescription *bss_descr,
+			     tDot11fBeaconIEs *ie_ptr)
 {
 	uint32_t idx;
 	bool match = false;
@@ -4302,8 +4317,8 @@ bool csr_is_bss_type_ibss(eCsrRoamBssType bssType)
 }
 
 
-bool csr_is_bss_type_caps_match(eCsrRoamBssType bssType,
-				tSirBssDescription *pSirBssDesc)
+static bool csr_is_bss_type_caps_match(eCsrRoamBssType bssType,
+				       tSirBssDescription *pSirBssDesc)
 {
 	bool fMatch = true;
 
@@ -4359,7 +4374,7 @@ static bool csr_is_specific_channel_match(tpAniSirGlobal pMac,
 	return fMatch;
 }
 
-bool csr_is_channel_band_match(tpAniSirGlobal pMac, uint8_t channelId,
+static bool csr_is_channel_band_match(tpAniSirGlobal pMac, uint8_t channelId,
 			       tSirBssDescription *pSirBssDesc)
 {
 	bool fMatch = true;
@@ -4772,10 +4787,10 @@ end:
 	return rc;
 }
 
-bool csr_match_connected_bss_security(tpAniSirGlobal pMac,
-				      tCsrRoamConnectedProfile *pProfile,
-				      tSirBssDescription *pBssDesc,
-				      tDot11fBeaconIEs *pIes)
+static bool csr_match_connected_bss_security(tpAniSirGlobal pMac,
+					     tCsrRoamConnectedProfile *pProfile,
+					     tSirBssDescription *pBssDesc,
+					     tDot11fBeaconIEs *pIes)
 {
 	tCsrEncryptionList ucEncryptionList, mcEncryptionList;
 	tCsrAuthList authList;
@@ -4961,7 +4976,7 @@ bool csr_rates_is_dot11_rate_supported(tHalHandle hHal, uint8_t rate)
 	return csr_is_aggregate_rate_supported(pMac, n);
 }
 
-uint16_t csr_rates_mac_prop_to_dot11(uint16_t Rate)
+static uint16_t csr_rates_mac_prop_to_dot11(uint16_t Rate)
 {
 	uint16_t ConvertedRate = Rate;
 

core/sme/src/qos/sme_qos.c

@@ -2072,6 +2072,14 @@ sme_QosStatusType sme_qos_internal_release_req(tpAniSirGlobal pMac,
 	flow_info = GET_BASE_ADDR(pEntry, sme_QosFlowInfoEntry, link);
 	ac = flow_info->ac_type;
 	sessionId = flow_info->sessionId;
+
+	if (!CSR_IS_SESSION_VALID(pMac, sessionId)) {
+		QDF_TRACE(QDF_MODULE_ID_SME, QDF_TRACE_LEVEL_ERROR,
+			"%s: %d: Session Id: %d is invalid",
+			__func__, __LINE__, sessionId);
+		return status;
+	}
+
 	pSession = &sme_qos_cb.sessionInfo[sessionId];
 	pACInfo = &pSession->ac_info[ac];
 	/* need to vote off powersave for the duration of this request */
@@ -2925,9 +2933,10 @@ QDF_STATUS sme_qos_process_set_key_success_ind(tpAniSirGlobal pMac,
  *
  * Return: QDF_STATUS_SUCCESS - Release is successful.
  */
-QDF_STATUS sme_qos_ese_save_tspec_response(tpAniSirGlobal pMac, uint8_t sessionId,
-					   tDot11fIEWMMTSPEC *pTspec, uint8_t ac,
-					   uint8_t tspecIndex)
+static QDF_STATUS
+sme_qos_ese_save_tspec_response(tpAniSirGlobal pMac, uint8_t sessionId,
+				tDot11fIEWMMTSPEC *pTspec, uint8_t ac,
+				uint8_t tspecIndex)
 {
 	tpSirAddtsRsp pAddtsRsp =
 		&sme_qos_cb.sessionInfo[sessionId].ac_info[ac].addTsRsp[tspecIndex];
@@ -2969,6 +2978,7 @@ QDF_STATUS sme_qos_ese_save_tspec_response(tpAniSirGlobal pMac, uint8_t sessionI
  *
  * Return: QDF_STATUS_SUCCESS - Release is successful.
  */
+static
 QDF_STATUS sme_qos_ese_process_reassoc_tspec_rsp(tpAniSirGlobal pMac,
 						 uint8_t sessionId,
 						 void *pEvent_info)
@@ -3184,7 +3194,7 @@ uint8_t sme_qos_ese_retrieve_tspec_info(tpAniSirGlobal mac_ctx,
 
 #endif
 
-
+static
 QDF_STATUS sme_qos_create_tspec_ricie(tpAniSirGlobal pMac,
 				      sme_QosWmmTspecInfo *pTspec_Info,
 				      uint8_t *pRICBuffer, uint32_t *pRICLength,
@@ -3532,7 +3542,9 @@ QDF_STATUS sme_qos_ft_aggr_qos_req(tpAniSirGlobal mac_ctx, uint8_t session_id)
 	return status;
 }
 
-QDF_STATUS sme_qos_process_ftric_response(tpAniSirGlobal pMac, uint8_t sessionId,
+static
+QDF_STATUS sme_qos_process_ftric_response(tpAniSirGlobal pMac,
+					  uint8_t sessionId,
 					  tDot11fIERICDataDesc *pRicDataDesc,
 					  uint8_t ac, uint8_t tspecIndex)
 {
@@ -3805,6 +3817,7 @@ sme_qos_next_ric:
 }
 #endif /* WLAN_FEATURE_ROAM_OFFLOAD */
 
+static
 QDF_STATUS sme_qos_process_ft_reassoc_rsp_ev(tpAniSirGlobal mac_ctx,
 				uint8_t sessionid, void *event_info)
 {
@@ -4502,6 +4515,7 @@ QDF_STATUS sme_qos_process_reassoc_req_ev(tpAniSirGlobal pMac, uint8_t sessionId
  *
  * Return: QDF_STATUS
  */
+static
 QDF_STATUS sme_qos_handle_handoff_state(tpAniSirGlobal mac_ctx,
 		sme_QosSessionInfo *qos_session, sme_QosACInfo *ac_info,
 		sme_QosEdcaAcType ac, uint8_t sessionid)

core/sme/src/rrm/sme_rrm.c

@@ -113,7 +113,8 @@ static void rrm_ll_purge_neighbor_cache(tpAniSirGlobal pMac,
  *
  * Return: void
  */
-void rrm_indicate_neighbor_report_result(tpAniSirGlobal pMac, QDF_STATUS qdf_status)
+static void rrm_indicate_neighbor_report_result(tpAniSirGlobal pMac,
+						QDF_STATUS qdf_status)
 {
 	NeighborReportRspCallback callback;
 	void *callbackContext;
@@ -646,7 +647,7 @@ static QDF_STATUS sme_rrm_scan_request_callback(tHalHandle halHandle,
  *
  * Return: QDF_STATUS
  */
-QDF_STATUS sme_rrm_issue_scan_req(tpAniSirGlobal mac_ctx)
+static QDF_STATUS sme_rrm_issue_scan_req(tpAniSirGlobal mac_ctx)
 {
 	/* Issue scan request. */
 	tCsrScanRequest scan_req;
@@ -1078,8 +1079,8 @@ check_11r_assoc:
  *
  * Return: void.
  */
-void rrm_store_neighbor_rpt_by_roam_score(tpAniSirGlobal pMac,
-					  tpRrmNeighborReportDesc pNeighborReportDesc)
+static void rrm_store_neighbor_rpt_by_roam_score(tpAniSirGlobal pMac,
+				tpRrmNeighborReportDesc pNeighborReportDesc)
 {
 	tpRrmSMEContext pSmeRrmContext = &pMac->rrm.rrmSmeContext;
 	tListElem *pEntry;
@@ -1145,7 +1146,8 @@ void rrm_store_neighbor_rpt_by_roam_score(tpAniSirGlobal pMac,
  *
  * Return: QDF_STATUS_SUCCESS - Validation is successful
  */
-QDF_STATUS sme_rrm_process_neighbor_report(tpAniSirGlobal pMac, void *pMsgBuf)
+static QDF_STATUS sme_rrm_process_neighbor_report(tpAniSirGlobal pMac,
+						  void *pMsgBuf)
 {
 	QDF_STATUS status = QDF_STATUS_SUCCESS;
 	tpSirNeighborReportInd pNeighborRpt = (tpSirNeighborReportInd) pMsgBuf;
@@ -1281,7 +1283,7 @@ QDF_STATUS sme_rrm_msg_processor(tpAniSirGlobal pMac, uint16_t msg_type,
  *
  * Return: NULL
  */
-void rrm_iter_meas_timer_handle(void *userData)
+static void rrm_iter_meas_timer_handle(void *userData)
 {
 	tpAniSirGlobal pMac = (tpAniSirGlobal) userData;
 	sms_log(pMac, LOGE,
@@ -1298,7 +1300,7 @@ void rrm_iter_meas_timer_handle(void *userData)
  *
  * Return: NULL
  */
-void rrm_neighbor_rsp_timeout_handler(void *userData)
+static void rrm_neighbor_rsp_timeout_handler(void *userData)
 {
 	tpAniSirGlobal pMac = (tpAniSirGlobal) userData;
 	sms_log(pMac, LOGE, "Neighbor Response timed out ");

core/utils/epping/src/epping_helper.c

@@ -62,7 +62,7 @@ int epping_cookie_init(epping_context_t *pEpping_ctx)
 		pEpping_ctx->s_cookie_mem[i] =
 			qdf_mem_malloc(sizeof(struct epping_cookie) *
 				       MAX_COOKIE_SLOT_SIZE);
-		if (pEpping_ctx->s_cookie_mem == NULL) {
+		if (pEpping_ctx->s_cookie_mem[i] == NULL) {
 			EPPING_LOG(QDF_TRACE_LEVEL_FATAL,
 				   "%s: no mem for cookie (idx = %d)", __func__,
 				   i);