Merge 1889259fc47976d3cb887a178829f515cca55143 on remote branch

Change-Id: I3159113e78e98b22b613b410d78b5cd7e3f039df

Android.mk

@@ -30,6 +30,11 @@ LOCAL_MODULE_DDK_BUILD := true
 LOCAL_MODULE_DDK_ALLOW_UNSAFE_HEADERS := true
 endif
 
+ifeq ($(TARGET_BOARD_PLATFORM), volcano)
+LOCAL_MODULE_DDK_BUILD := true
+LOCAL_MODULE_DDK_ALLOW_UNSAFE_HEADERS := true
+endif
+
 LOCAL_PATH := $(call my-dir)
 $(call wlog,LOCAL_PATH=$(LOCAL_PATH))
 BOARD_OPENSOURCE_DIR ?= vendor/qcom/opensource

components/dp/core/inc/wlan_dp_main.h

@@ -1017,4 +1017,14 @@ bool wlan_dp_cfg_is_rx_fisa_lru_del_enabled(struct wlan_dp_psoc_cfg *dp_cfg)
 
 
 /* DP CFG APIs - END */
+/**
+ * __wlan_dp_update_def_link() - update DP interface default link
+ * @psoc: psoc handle
+ * @intf_mac: interface MAC address
+ * @vdev: objmgr vdev handle to set the def_link in dp_intf
+ *
+ */
+void __wlan_dp_update_def_link(struct wlan_objmgr_psoc *psoc,
+			       struct qdf_mac_addr *intf_mac,
+			       struct wlan_objmgr_vdev *vdev);
 #endif

components/dp/core/src/wlan_dp_main.c

@@ -2770,3 +2770,50 @@ void wlan_dp_pdev_cfg_sync_profile(struct cdp_soc_t *cdp_soc, uint8_t pdev_id)
 	dp_err("pdev based config item not found in profile table");
 }
 #endif
+
+void __wlan_dp_update_def_link(struct wlan_objmgr_psoc *psoc,
+			       struct qdf_mac_addr *intf_mac,
+			       struct wlan_objmgr_vdev *vdev)
+{
+	struct wlan_dp_intf *dp_intf;
+	struct wlan_dp_link *dp_link;
+	struct wlan_dp_psoc_context *dp_ctx;
+	struct qdf_mac_addr zero_addr = QDF_MAC_ADDR_ZERO_INIT;
+
+	dp_ctx =  dp_psoc_get_priv(psoc);
+
+	dp_intf = dp_get_intf_by_macaddr(dp_ctx, intf_mac);
+	if (!dp_intf) {
+		dp_err("DP interface not found addr:" QDF_MAC_ADDR_FMT,
+		       QDF_MAC_ADDR_REF(intf_mac->bytes));
+		QDF_BUG(0);
+		return;
+	}
+
+	dp_link = dp_get_vdev_priv_obj(vdev);
+	if (dp_link && dp_link->dp_intf == dp_intf) {
+		dp_info("change dp_intf %pK(" QDF_MAC_ADDR_FMT
+			") def_link %d(" QDF_MAC_ADDR_FMT ") -> %d("
+			 QDF_MAC_ADDR_FMT ")",
+			dp_intf, QDF_MAC_ADDR_REF(dp_intf->mac_addr.bytes),
+			dp_intf->def_link->link_id,
+			QDF_MAC_ADDR_REF(dp_intf->def_link->mac_addr.bytes),
+			dp_link->link_id,
+			QDF_MAC_ADDR_REF(dp_link->mac_addr.bytes));
+		dp_intf->def_link = dp_link;
+		return;
+	}
+
+	dp_info("Update failed dp_intf %pK(" QDF_MAC_ADDR_FMT ") from %pK("
+		QDF_MAC_ADDR_FMT ") to %pK(" QDF_MAC_ADDR_FMT ") (intf %pK("
+		QDF_MAC_ADDR_FMT ") id %d) ",
+		dp_intf, QDF_MAC_ADDR_REF(dp_intf->mac_addr.bytes),
+		dp_intf->def_link,
+		QDF_MAC_ADDR_REF(dp_intf->def_link->mac_addr.bytes),
+		dp_link, dp_link ? QDF_MAC_ADDR_REF(dp_link->mac_addr.bytes) :
+					QDF_MAC_ADDR_REF(zero_addr.bytes),
+		dp_link ? dp_link->dp_intf : NULL,
+		dp_link ? QDF_MAC_ADDR_REF(dp_link->dp_intf->mac_addr.bytes) :
+				QDF_MAC_ADDR_REF(zero_addr.bytes),
+		dp_link ? dp_link->link_id : WLAN_INVALID_LINK_ID);
+}

components/dp/dispatcher/inc/wlan_dp_api.h

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2023, Qualcomm Innovation Center, Inc. All rights reserved.
+ * Copyright (c) 2023-2024, Qualcomm Innovation Center, Inc. All rights reserved.
  *
  * Permission to use, copy, modify, and/or distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
@@ -91,4 +91,15 @@ wlan_dp_is_local_pkt_capture_enabled(struct wlan_objmgr_psoc *psoc)
 	return false;
 }
 #endif /* WLAN_FEATURE_LOCAL_PKT_CAPTURE */
+
+/**
+ * wlan_dp_update_def_link() - update DP interface default link
+ * @psoc: psoc handle
+ * @intf_mac: interface MAC address
+ * @vdev: objmgr vdev handle to set the def_link in dp_intf
+ *
+ */
+void wlan_dp_update_def_link(struct wlan_objmgr_psoc *psoc,
+			     struct qdf_mac_addr *intf_mac,
+			     struct wlan_objmgr_vdev *vdev);
 #endif

components/dp/dispatcher/inc/wlan_dp_ucfg_api.h

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2022-2023 Qualcomm Innovation Center, Inc. All rights reserved.
+ * Copyright (c) 2022-2024 Qualcomm Innovation Center, Inc. All rights reserved.
  *
  * Permission to use, copy, modify, and/or distribute this software for
  * any purpose with or without fee is hereby granted, provided that the
@@ -75,6 +75,17 @@ QDF_STATUS ucfg_dp_update_link_mac_addr(struct wlan_objmgr_vdev *vdev,
 					struct qdf_mac_addr *new_mac_addr,
 					bool is_link_switch);
 
+/**
+ * ucfg_dp_update_def_link() - update DP interface default link
+ * @psoc: psoc handle
+ * @intf_mac: interface MAC address
+ * @vdev: objmgr vdev handle to set the def_link in dp_intf
+ *
+ */
+void ucfg_dp_update_def_link(struct wlan_objmgr_psoc *psoc,
+			     struct qdf_mac_addr *intf_mac,
+			     struct wlan_objmgr_vdev *vdev);
+
 /**
  * ucfg_dp_update_intf_mac() - update DP interface MAC address
  * @psoc: psoc handle
@@ -1633,4 +1644,12 @@ ucfg_dp_is_local_pkt_capture_enabled(struct wlan_objmgr_psoc *psoc)
 QDF_STATUS ucfg_dp_get_vdev_stats(ol_txrx_soc_handle soc, uint8_t vdev_id,
 				  struct cdp_vdev_stats *buf);
 
+/*
+ * ucfg_dp_set_mon_conf_flags(): Set monitor configuration flags
+ * @psoc: psoc handle
+ * @flags: monitor configuration flags
+ *
+ * Return: None
+ */
+void ucfg_dp_set_mon_conf_flags(struct wlan_objmgr_psoc *psoc, uint32_t flags);
 #endif /* _WLAN_DP_UCFG_API_H_ */

components/dp/dispatcher/src/wlan_dp_api.c

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2023, Qualcomm Innovation Center, Inc. All rights reserved.
+ * Copyright (c) 2023-2024, Qualcomm Innovation Center, Inc. All rights reserved.
  *
  * Permission to use, copy, modify, and/or distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
@@ -60,3 +60,10 @@ bool wlan_dp_is_local_pkt_capture_enabled(struct wlan_objmgr_psoc *psoc)
 	return cdp_cfg_get(soc, cfg_dp_local_pkt_capture);
 }
 #endif
+
+void wlan_dp_update_def_link(struct wlan_objmgr_psoc *psoc,
+			     struct qdf_mac_addr *intf_mac,
+			     struct wlan_objmgr_vdev *vdev)
+{
+	__wlan_dp_update_def_link(psoc, intf_mac, vdev);
+}

components/dp/dispatcher/src/wlan_dp_ucfg_api.c

@@ -43,6 +43,7 @@
 #ifdef WLAN_FEATURE_11BE_MLO
 #include "wlan_mlo_mgr_public_api.h"
 #endif
+#include "cdp_txrx_ctrl.h"
 
 #ifdef FEATURE_DIRECT_LINK
 /**
@@ -159,6 +160,14 @@ QDF_STATUS ucfg_dp_update_link_mac_addr(struct wlan_objmgr_vdev *vdev,
 	return status;
 }
 
+void ucfg_dp_update_def_link(struct wlan_objmgr_psoc *psoc,
+			     struct qdf_mac_addr *intf_mac,
+			     struct wlan_objmgr_vdev *vdev)
+
+{
+	__wlan_dp_update_def_link(psoc, intf_mac, vdev);
+}
+
 void ucfg_dp_update_intf_mac(struct wlan_objmgr_psoc *psoc,
 			     struct qdf_mac_addr *cur_mac,
 			     struct qdf_mac_addr *new_mac,
@@ -2811,3 +2820,21 @@ QDF_STATUS ucfg_dp_get_vdev_stats(ol_txrx_soc_handle soc, uint8_t vdev_id,
 {
 	return cdp_host_get_vdev_stats(soc, vdev_id, buf, true);
 }
+
+void ucfg_dp_set_mon_conf_flags(struct wlan_objmgr_psoc *psoc, uint32_t flags)
+{
+	cdp_config_param_type val;
+	QDF_STATUS status;
+	struct wlan_dp_psoc_context *dp_ctx = dp_get_context();
+
+	if (!dp_ctx) {
+		dp_err("Failed to set flag %d, dp_ctx NULL", flags);
+		return;
+	}
+
+	val.cdp_monitor_flag = flags;
+	status = cdp_txrx_set_psoc_param(dp_ctx->cdp_soc,
+					 CDP_MONITOR_FLAG, val);
+	if (QDF_IS_STATUS_ERROR(status))
+		dp_err("Failed to set flag %d status %d", flags, status);
+}

components/mlme/core/inc/wlan_mlme_main.h

@@ -1,6 +1,6 @@
 /*
  * Copyright (c) 2018-2021 The Linux Foundation. All rights reserved.
- * Copyright (c) 2021-2023 Qualcomm Innovation Center, Inc. All rights reserved.
+ * Copyright (c) 2021-2024 Qualcomm Innovation Center, Inc. All rights reserved.
  *
  * Permission to use, copy, modify, and/or distribute this software for
  * any purpose with or without fee is hereby granted, provided that the
@@ -252,7 +252,9 @@ struct wlan_mlme_roam_state_info {
  * @roam_trigger_bitmap: Master bitmap of roaming triggers. If the bitmap is
  *  zero, roaming module will be deinitialized at firmware for this vdev.
  * @supplicant_disabled_roaming: Enable/disable roam scan in firmware; will be
- *  used by supplicant to do roam invoke after disabling roam scan in firmware
+ *  used by supplicant to do roam invoke after disabling roam scan in firmware,
+ *  it is only effective for current connection, it will be cleared during new
+ *  connection.
  */
 struct wlan_mlme_roaming_config {
 	uint32_t roam_trigger_bitmap;
@@ -399,11 +401,13 @@ struct ft_context {
 /**
  * struct assoc_channel_info - store channel info at the time of association
  * @assoc_ch_width: channel width at the time of initial connection
+ * @omn_ie_ch_width: ch width present in operating mode notification IE of bcn
  * @sec_2g_freq: secondary 2 GHz freq
  * @cen320_freq: 320 MHz center freq
  */
 struct assoc_channel_info {
 	enum phy_ch_width assoc_ch_width;
+	enum phy_ch_width omn_ie_ch_width;
 	qdf_freq_t sec_2g_freq;
 	qdf_freq_t cen320_freq;
 };
@@ -476,6 +480,7 @@ struct wait_for_key_timer {
  * concurrent STA
  * @ap_policy: Concurrent ap policy config
  * @oper_ch_width: SAP current operating ch_width
+ * @psd_20mhz: PSD power(dBm/MHz) of SAP operating in 20 MHz
  */
 struct mlme_ap_config {
 	qdf_freq_t user_config_sap_ch_freq;
@@ -484,6 +489,7 @@ struct mlme_ap_config {
 #endif
 	enum host_concurrent_ap_policy ap_policy;
 	enum phy_ch_width oper_ch_width;
+	uint8_t psd_20mhz;
 };
 
 /**
@@ -1981,4 +1987,23 @@ QDF_STATUS
 wlan_mlme_send_csa_event_status_ind_cmd(struct wlan_objmgr_vdev *vdev,
 					uint8_t csa_status);
 
+/**
+ * wlan_mlme_get_sap_psd_for_20mhz() - Get the PSD power for 20 MHz
+ * frequency
+ * @vdev: pointer to vdev object
+ *
+ * Return: psd power
+ */
+uint8_t wlan_mlme_get_sap_psd_for_20mhz(struct wlan_objmgr_vdev *vdev);
+
+/**
+ * wlan_mlme_set_sap_psd_for_20mhz() - Set the PSD power for 20 MHz
+ * frequency
+ * @vdev: pointer to vdev object
+ * @psd_power : psd power
+ *
+ * Return: None
+ */
+QDF_STATUS wlan_mlme_set_sap_psd_for_20mhz(struct wlan_objmgr_vdev *vdev,
+					   uint8_t psd_power);
 #endif

components/mlme/core/src/wlan_mlme_main.c

@@ -864,6 +864,8 @@ QDF_STATUS mlme_init_connect_chan_info_config(struct vdev_mlme_obj *vdev_mlme)
 
 	mlme_priv->connect_info.assoc_chan_info.assoc_ch_width =
 							CH_WIDTH_INVALID;
+	mlme_priv->connect_info.assoc_chan_info.omn_ie_ch_width =
+							CH_WIDTH_INVALID;
 	mlme_priv->connect_info.assoc_chan_info.sec_2g_freq = 0;
 	mlme_priv->connect_info.assoc_chan_info.cen320_freq = 0;
 
@@ -2575,7 +2577,7 @@ static void mlme_init_sta_mlo_cfg(struct wlan_objmgr_psoc *psoc,
 	sta->mlo_support_link_num =
 		cfg_get(psoc, CFG_MLO_SUPPORT_LINK_NUM);
 	sta->mlo_support_link_band =
-		cfg_default(CFG_MLO_SUPPORT_LINK_BAND);
+		cfg_get(psoc, CFG_MLO_SUPPORT_LINK_BAND);
 	sta->mlo_max_simultaneous_links =
 		cfg_default(CFG_MLO_MAX_SIMULTANEOUS_LINKS);
 	sta->mlo_prefer_percentage =
@@ -5709,3 +5711,46 @@ wlan_mlme_send_csa_event_status_ind_cmd(struct wlan_objmgr_vdev *vdev,
 	return tx_ops->send_csa_event_status_ind(vdev, csa_status);
 }
 
+uint8_t
+wlan_mlme_get_sap_psd_for_20mhz(struct wlan_objmgr_vdev *vdev)
+{
+	struct mlme_legacy_priv *mlme_priv;
+	enum QDF_OPMODE opmode = QDF_MAX_NO_OF_MODE;
+
+	mlme_priv = wlan_vdev_mlme_get_ext_hdl(vdev);
+	if (!mlme_priv) {
+		mlme_legacy_err("vdev legacy private object is NULL");
+		return 0;
+	}
+
+	opmode = wlan_vdev_mlme_get_opmode(vdev);
+	if (opmode != QDF_SAP_MODE) {
+		mlme_debug("Invalid opmode %d", opmode);
+		return 0;
+	}
+
+	return mlme_priv->mlme_ap.psd_20mhz;
+}
+
+QDF_STATUS
+wlan_mlme_set_sap_psd_for_20mhz(struct wlan_objmgr_vdev *vdev,
+				uint8_t psd_power)
+{
+	struct mlme_legacy_priv *mlme_priv;
+	enum QDF_OPMODE opmode = QDF_MAX_NO_OF_MODE;
+
+	mlme_priv = wlan_vdev_mlme_get_ext_hdl(vdev);
+	if (!mlme_priv) {
+		mlme_legacy_err("vdev legacy private object is NULL");
+		return QDF_STATUS_E_INVAL;
+	}
+
+	opmode = wlan_vdev_mlme_get_opmode(vdev);
+	if (opmode != QDF_SAP_MODE) {
+		mlme_debug("Invalid opmode %d", opmode);
+		return QDF_STATUS_E_INVAL;
+	}
+
+	mlme_priv->mlme_ap.psd_20mhz = psd_power;
+	return QDF_STATUS_SUCCESS;
+}

components/mlme/dispatcher/inc/cfg_mlme_sta.h

@@ -648,7 +648,7 @@
  *
  * </cfg>
  */
-#define CFG_MLO_SUPPORT_LINK_BAND CFG_UINT( \
+#define CFG_MLO_SUPPORT_LINK_BAND CFG_INI_UINT( \
 			"mlo_support_link_band", \
 			0x1, \
 			0x77, \

components/mlme/dispatcher/inc/wlan_mlme_public_struct.h

@@ -1818,7 +1818,7 @@ enum station_prefer_bw {
  * @single_tid:                     Set replay counter for all TID
  * @allow_tpc_from_ap:              Support for AP power constraint
  * @sta_keepalive_method:           STA keepalive method
- * @usr_disabled_roaming:           User config for roaming disable
+ * @usr_disabled_roaming:           User disable roaming for current connection
  * @usr_scan_probe_unicast_ra:      User config unicast probe req in scan
  * @event_payload:                  Diagnostic event payload
  * @max_li_modulated_dtim_time_ms:  Max modulated DTIM time in ms.

components/mlme/dispatcher/src/wlan_mlme_api.c

@@ -1112,7 +1112,15 @@ QDF_STATUS mlme_update_tgt_he_caps_in_cfg(struct wlan_objmgr_psoc *psoc,
 		mlme_obj->cfg.he_caps.dot11_he_cap.bfee_sts_lt_80 = 0;
 		mlme_obj->cfg.he_caps.dot11_he_cap.bfee_sts_gt_80 = 0;
 	}
-	mlme_obj->cfg.he_caps.dot11_he_cap.ul_mu = he_cap->ul_mu;
+
+	if (!mlme_obj->cfg.he_caps.enable_ul_mimo) {
+		mlme_debug("UL MIMO feature is disabled via ini, fw caps :%d",
+			   he_cap->ul_mu);
+		mlme_obj->cfg.he_caps.dot11_he_cap.ul_mu = 0;
+	} else {
+		mlme_obj->cfg.he_caps.dot11_he_cap.ul_mu = he_cap->ul_mu;
+	}
+
 	mlme_obj->cfg.he_caps.dot11_he_cap.su_feedback_tone16 =
 					he_cap->su_feedback_tone16;
 	mlme_obj->cfg.he_caps.dot11_he_cap.mu_feedback_tone16 =
@@ -7852,7 +7860,7 @@ wlan_mlme_send_ch_width_update_with_notify(struct wlan_objmgr_psoc *psoc,
 {
 	QDF_STATUS status;
 	wmi_host_channel_width wmi_chan_width;
-	enum phy_ch_width associated_ch_width;
+	enum phy_ch_width associated_ch_width, omn_ie_ch_width;
 	struct wlan_channel *des_chan;
 	struct mlme_legacy_priv *mlme_priv;
 	qdf_freq_t sec_2g_freq = 0;
@@ -7865,6 +7873,14 @@ wlan_mlme_send_ch_width_update_with_notify(struct wlan_objmgr_psoc *psoc,
 	if (!des_chan)
 		return QDF_STATUS_E_INVAL;
 
+	omn_ie_ch_width =
+		mlme_priv->connect_info.assoc_chan_info.omn_ie_ch_width;
+	if (omn_ie_ch_width != CH_WIDTH_INVALID && ch_width > omn_ie_ch_width) {
+		mlme_debug("vdev %d: Invalid new chwidth:%d, omn_ie_cw:%d",
+			   vdev_id, ch_width, omn_ie_ch_width);
+		return QDF_STATUS_E_INVAL;
+	}
+
 	associated_ch_width =
 		mlme_priv->connect_info.assoc_chan_info.assoc_ch_width;
 	if (associated_ch_width == CH_WIDTH_INVALID ||

components/p2p/dispatcher/inc/wlan_p2p_public_struct.h

@@ -1,6 +1,6 @@
 /*
  * Copyright (c) 2017-2019, 2021 The Linux Foundation. All rights reserved.
- * Copyright (c) 2022-2023 Qualcomm Innovation Center, Inc. All rights reserved.
+ * Copyright (c) 2022-2024 Qualcomm Innovation Center, Inc. All rights reserved.
  *
  * Permission to use, copy, modify, and/or distribute this software for
  * any purpose with or without fee is hereby granted, provided that the
@@ -118,7 +118,7 @@ struct p2p_rx_mgmt_frame {
 	uint32_t vdev_id;
 	uint32_t frm_type;
 	uint32_t rx_rssi;
-	uint8_t buf[1];
+	QDF_FLEX_ARRAY(uint8_t, buf);
 };
 
 /**

components/pmo/core/src/wlan_pmo_suspend_resume.c

@@ -1047,11 +1047,12 @@ QDF_STATUS pmo_core_txrx_suspend(struct wlan_objmgr_psoc *psoc)
 
 	status = cdp_drain_txrx(dp_soc, 0);
 	if (QDF_IS_STATUS_ERROR(status)) {
-		pmo_err("Prevent suspend unable to drain txrx");
+		pmo_err("Prevent suspend unable to drain txrx status:%u",
+			status);
 		ret = hif_enable_grp_irqs(hif_ctx);
 		if (ret && ret != -EOPNOTSUPP) {
 			pmo_err("Failed to enable grp irqs: %d", ret);
-			QDF_BUG(0);
+			qdf_trigger_self_recovery(psoc, QDF_ENABLE_IRQ_FAILURE);
 		}
 		goto out;
 	}
@@ -1663,12 +1664,19 @@ void pmo_core_psoc_handle_initial_wake_up(void *cb_ctx)
 {
 	struct pmo_psoc_priv_obj *psoc_ctx;
 	struct wlan_objmgr_psoc *psoc = (struct wlan_objmgr_psoc *)cb_ctx;
+	void *hif_ctx;
 
 	if (!psoc) {
 		pmo_err("cb ctx/psoc is null");
 		return;
 	}
 
+	hif_ctx = pmo_core_psoc_get_hif_handle(psoc);
+	if (!hif_ctx)
+		pmo_err("hif ctx is null, request resume not called");
+	else if(hif_pm_get_wake_irq_type(hif_ctx) == HIF_PM_CE_WAKE)
+		hif_rtpm_check_and_request_resume(true);
+
 	psoc_ctx = pmo_psoc_get_priv(psoc);
 	pmo_core_update_wow_initial_wake_up(psoc_ctx, 1);
 }

components/tdls/core/src/wlan_tdls_ct.c

@@ -1,6 +1,6 @@
 /*
  * Copyright (c) 2017-2021 The Linux Foundation. All rights reserved.
- * Copyright (c) 2022-2023 Qualcomm Innovation Center, Inc. All rights reserved.
+ * Copyright (c) 2022-2024 Qualcomm Innovation Center, Inc. All rights reserved.
  *
  * Permission to use, copy, modify, and/or distribute this software for
  * any purpose with or without fee is hereby granted, provided that the
@@ -665,10 +665,11 @@ void tdls_indicate_teardown(struct tdls_vdev_priv_obj *tdls_vdev,
 		return;
 	}
 
-	tdls_set_peer_link_status(curr_peer,
-				  TDLS_LINK_TEARING,
+	tdls_set_peer_link_status(curr_peer, TDLS_LINK_TEARING,
 				  TDLS_LINK_UNSPECIFIED);
-	tdls_notice("Teardown reason %d", reason);
+	tdls_notice("vdev:%d Teardown reason %d peer:" QDF_MAC_ADDR_FMT,
+		    wlan_vdev_get_id(tdls_vdev->vdev), reason,
+		    QDF_MAC_ADDR_REF(curr_peer->peer_mac.bytes));
 
 	if (tdls_soc->tdls_dp_vdev_update)
 		tdls_soc->tdls_dp_vdev_update(
@@ -1561,13 +1562,14 @@ void tdls_disable_offchan_and_teardown_links(
 		tdls_indicate_teardown(tdls_vdev, curr_peer,
 				       TDLS_TEARDOWN_PEER_UNSPEC_REASON);
 
+		tdls_decrement_peer_count(vdev, tdls_soc);
+
 		/*
 		 * Del Sta happened already as part of tdls_delete_all_tdls_peers
 		 * Hence clear tdls vdev data structure.
 		 */
 		tdls_reset_peer(tdls_vdev, curr_peer->peer_mac.bytes);
 
-		tdls_decrement_peer_count(vdev, tdls_soc);
 		tdls_soc->tdls_conn_info[staidx].valid_entry = false;
 		tdls_soc->tdls_conn_info[staidx].session_id = 255;
 		tdls_soc->tdls_conn_info[staidx].index =

components/tdls/core/src/wlan_tdls_peer.c

@@ -1,6 +1,6 @@
 /*
  * Copyright (c) 2017-2021 The Linux Foundation. All rights reserved.
- * Copyright (c) 2022-2023 Qualcomm Innovation Center, Inc. All rights reserved.
+ * Copyright (c) 2022-2024 Qualcomm Innovation Center, Inc. All rights reserved.
  *
  * Permission to use, copy, modify, and/or distribute this software for
  * any purpose with or without fee is hereby granted, provided that the
@@ -759,6 +759,7 @@ static void tdls_prevent_suspend(struct tdls_soc_priv_obj *tdls_soc)
 			      WIFI_POWER_EVENT_WAKELOCK_TDLS);
 	qdf_runtime_pm_prevent_suspend(&tdls_soc->runtime_lock);
 	tdls_soc->is_prevent_suspend = true;
+	tdls_debug("Acquire WIFI_POWER_EVENT_WAKELOCK_TDLS");
 }
 
 /**
@@ -778,6 +779,7 @@ static void tdls_allow_suspend(struct tdls_soc_priv_obj *tdls_soc)
 			      WIFI_POWER_EVENT_WAKELOCK_TDLS);
 	qdf_runtime_pm_allow_suspend(&tdls_soc->runtime_lock);
 	tdls_soc->is_prevent_suspend = false;
+	tdls_debug("Release WIFI_POWER_EVENT_WAKELOCK_TDLS");
 }
 
 /**
@@ -865,6 +867,21 @@ void tdls_set_link_status(struct tdls_vdev_priv_obj *vdev_obj,
 	}
 }
 
+static inline char *
+tdls_link_status_str(enum tdls_link_state link_status)
+{
+	switch (link_status) {
+	CASE_RETURN_STRING(TDLS_LINK_IDLE);
+	CASE_RETURN_STRING(TDLS_LINK_DISCOVERING);
+	CASE_RETURN_STRING(TDLS_LINK_DISCOVERED);
+	CASE_RETURN_STRING(TDLS_LINK_CONNECTING);
+	CASE_RETURN_STRING(TDLS_LINK_CONNECTED);
+	CASE_RETURN_STRING(TDLS_LINK_TEARING);
+	default:
+		return "UNKNOWN";
+	}
+}
+
 void tdls_set_peer_link_status(struct tdls_peer *peer,
 			       enum tdls_link_state link_status,
 			       enum tdls_link_state_reason link_reason)
@@ -878,12 +895,14 @@ void tdls_set_peer_link_status(struct tdls_peer *peer,
 	enum tdls_link_state old_status;
 
 	vdev_obj = peer->vdev_priv;
-	tdls_debug("vdev %d state %d reason %d peer:" QDF_MAC_ADDR_FMT,
-		   wlan_vdev_get_id(vdev_obj->vdev), link_status, link_reason,
-		   QDF_MAC_ADDR_REF(peer->peer_mac.bytes));
 
 	old_status = peer->link_status;
 	peer->link_status = link_status;
+	tdls_debug("vdev:%d new state: %s old state:%s reason %d peer:" QDF_MAC_ADDR_FMT,
+		   wlan_vdev_get_id(vdev_obj->vdev),
+		   tdls_link_status_str(link_status),
+		   tdls_link_status_str(old_status), link_reason,
+		   QDF_MAC_ADDR_REF(peer->peer_mac.bytes));
 	tdls_update_pmo_status(vdev_obj, old_status, link_status);
 
 	if (link_status >= TDLS_LINK_DISCOVERED)

components/tdls/dispatcher/inc/wlan_tdls_public_structs.h

@@ -1,6 +1,6 @@
 /*
  * Copyright (c) 2017-2021 The Linux Foundation. All rights reserved.
- * Copyright (c) 2022-2023 Qualcomm Innovation Center, Inc. All rights reserved.
+ * Copyright (c) 2022-2024 Qualcomm Innovation Center, Inc. All rights reserved.
  *
  * Permission to use, copy, modify, and/or distribute this software for
  * any purpose with or without fee is hereby granted, provided that the
@@ -599,7 +599,7 @@ struct tdls_rx_mgmt_frame {
 	uint32_t vdev_id;
 	uint32_t frm_type;
 	uint32_t rx_rssi;
-	uint8_t buf[1];
+	QDF_FLEX_ARRAY(uint8_t, buf);
 };
 
 /**
@@ -1407,7 +1407,7 @@ struct tdls_send_mgmt_request {
 	struct qdf_mac_addr peer_mac;
 	enum wifi_traffic_ac ac;
 	/* Variable length. Dont add any field after this. */
-	uint8_t add_ie[1];
+	QDF_FLEX_ARRAY(uint8_t, add_ie);
 };
 
 /**

components/umac/mlme/connection_mgr/core/src/wlan_cm_roam_offload.c

@@ -1508,11 +1508,15 @@ static void cm_update_score_params(struct wlan_objmgr_psoc *psoc,
 		weight_config->beamforming_cap_weightage;
 
 	/*
-	 * Don’t consider pcl weightage for STA connection,
-	 * if primary interface is configured.
+	 * Don’t consider pcl weightage if:
+	 * a) primary interface is configured (or)
+	 * b) HW is non-DBS
 	 */
-	if (policy_mgr_is_pcl_weightage_required(psoc))
+	if (policy_mgr_is_pcl_weightage_required(psoc) &&
+	    policy_mgr_is_hw_dbs_capable(psoc))
 		req_score_params->pcl_weightage = weight_config->pcl_weightage;
+	else
+		req_score_params->pcl_weightage = 0;
 
 	req_score_params->oce_wan_weightage = weight_config->oce_wan_weightage;
 	req_score_params->oce_ap_tx_pwr_weightage =
@@ -2983,8 +2987,8 @@ cm_update_btm_offload_config(struct wlan_objmgr_psoc *psoc,
 	struct wlan_mlme_btm *btm_cfg;
 	bool is_hs_20_ap, is_hs_20_btm_offload_disabled;
 	struct cm_roam_values_copy temp;
-	uint8_t vdev_id;
-	bool abridge_flag;
+	uint8_t vdev_id = wlan_vdev_get_id(vdev);
+	bool abridge_flag, is_disable_btm, assoc_btm_cap;
 
 	mlme_obj = mlme_get_psoc_ext_obj(psoc);
 	if (!mlme_obj)
@@ -2992,18 +2996,20 @@ cm_update_btm_offload_config(struct wlan_objmgr_psoc *psoc,
 
 	btm_cfg = &mlme_obj->cfg.btm;
 	*btm_offload_config = btm_cfg->btm_offload_config;
-
 	/* Return if INI is disabled */
 	if (!(*btm_offload_config))
 		return;
 
-	if (!wlan_cm_get_assoc_btm_cap(vdev)) {
-		mlme_debug("BTM not supported, disable BTM offload");
+	wlan_cm_roam_cfg_get_value(psoc, vdev_id, IS_DISABLE_BTM, &temp);
+	is_disable_btm = temp.bool_value;
+	assoc_btm_cap = wlan_cm_get_assoc_btm_cap(psoc, vdev_id);
+	if (!assoc_btm_cap || is_disable_btm) {
+		mlme_debug("disable btm offload vdev:%d btm_cap: %d is_btm: %d",
+			   vdev_id, assoc_btm_cap, is_disable_btm);
 		*btm_offload_config = 0;
 		return;
 	}
 
-	vdev_id = wlan_vdev_get_id(vdev);
 	wlan_cm_roam_cfg_get_value(psoc, vdev_id, HS_20_AP, &temp);
 	is_hs_20_ap = temp.bool_value;
 	wlan_mlme_is_hs_20_btm_offload_disabled(psoc,
@@ -5510,6 +5516,41 @@ bool cm_lookup_pmkid_using_bssid(struct wlan_objmgr_psoc *psoc,
 	return true;
 }
 
+/**
+ * cm_roam_clear_is_disable_btm_flag - API to clear is_disable_btm flag
+ * @pdev: pdev pointer
+ * @vdev_id: dvev ID
+ *
+ * Return: None
+ */
+static void cm_roam_clear_is_disable_btm_flag(struct wlan_objmgr_pdev *pdev,
+					      uint8_t vdev_id)
+{
+	struct rso_config *rso_cfg;
+	struct wlan_objmgr_vdev *vdev;
+
+	vdev = wlan_objmgr_get_vdev_by_id_from_pdev(pdev, vdev_id,
+						    WLAN_MLME_CM_ID);
+	if (!vdev) {
+		mlme_err("vdev object is NULL for vdev %d", vdev_id);
+		return;
+	}
+
+	rso_cfg = wlan_cm_get_rso_config(vdev);
+	if (!rso_cfg) {
+		mlme_debug("vdev: %d rso_cfg is NULL", vdev_id);
+		goto release_ref;
+	}
+
+	if (rso_cfg->is_disable_btm) {
+		mlme_debug("vdev: %d clear is_disable_btm flag", vdev_id);
+		rso_cfg->is_disable_btm = false;
+	}
+
+release_ref:
+	wlan_objmgr_vdev_release_ref(vdev, WLAN_MLME_CM_ID);
+}
+
 void cm_roam_restore_default_config(struct wlan_objmgr_pdev *pdev,
 				    uint8_t vdev_id)
 {
@@ -5526,6 +5567,8 @@ void cm_roam_restore_default_config(struct wlan_objmgr_pdev *pdev,
 	if (!mlme_obj)
 		return;
 
+	cm_roam_clear_is_disable_btm_flag(pdev, vdev_id);
+
 	if (mlme_obj->cfg.lfr.roam_scan_offload_enabled) {
 		/*
 		 * When vendor handoff is enabled and disconnection is received,

components/umac/mlme/connection_mgr/dispatcher/inc/wlan_cm_roam_api.h

@@ -888,6 +888,17 @@ QDF_STATUS wlan_cm_set_roam_band_bitmask(struct wlan_objmgr_psoc *psoc,
 					 uint8_t vdev_id,
 					 uint32_t roam_band_bitmask);
 
+/**
+ * wlan_cm_set_btm_config() - Set btm roaming disable flag for vdev
+ * @psoc: psoc pointer
+ * @vdev_id: vdev id
+ * @is_disable_btm: to check whether btm roaming is disabled or not
+ *
+ * Return: QDF_STATUS
+ */
+QDF_STATUS wlan_cm_set_btm_config(struct wlan_objmgr_psoc *psoc,
+				  uint8_t vdev_id, bool is_disable_btm);
+
 #ifdef FEATURE_RX_LINKSPEED_ROAM_TRIGGER
 /**
  * struct roam_link_speed_cfg - link speed state config
@@ -1506,6 +1517,13 @@ wlan_cm_set_roam_band_bitmask(struct wlan_objmgr_psoc *psoc, uint8_t vdev_id,
 	return QDF_STATUS_E_NOSUPPORT;
 }
 
+static inline QDF_STATUS wlan_cm_set_btm_config(struct wlan_objmgr_psoc *psoc,
+						uint8_t vdev_id,
+						bool is_disable_btm)
+{
+	return QDF_STATUS_SUCCESS;
+}
+
 static inline
 uint32_t wlan_cm_get_roam_scan_scheme_bitmap(struct wlan_objmgr_psoc *psoc,
 					     uint8_t vdev_id)
@@ -2104,12 +2122,12 @@ wlan_cm_set_assoc_btm_cap(struct wlan_objmgr_vdev *vdev, bool val);
 
 /**
  * wlan_cm_get_assoc_btm_cap() - Get the assoc BTM capability
- * @vdev: pointer to vdev
+ * @psoc: pointer to psoc
+ * @vdev_id: vdev id
  *
  * Return: BTM cap
  */
-bool
-wlan_cm_get_assoc_btm_cap(struct wlan_objmgr_vdev *vdev);
+bool wlan_cm_get_assoc_btm_cap(struct wlan_objmgr_psoc *psoc, uint8_t vdev_id);
 
 /**
  * wlan_cm_is_self_mld_roam_supported() - Is self mld roam supported

components/umac/mlme/connection_mgr/dispatcher/inc/wlan_cm_roam_public_struct.h

@@ -600,6 +600,7 @@ struct sae_roam_auth_map {
  * @tried_candidate_freq_list: freq list on which connection tried
  * @rso_rsn_caps: rsn caps with global user MFP which can be used for
  *                cross-AKM roaming
+ * @is_disable_btm: btm roaming disabled or not from userspace
  */
 struct rso_config {
 #ifdef WLAN_FEATURE_HOST_ROAM
@@ -654,6 +655,7 @@ struct rso_config {
 	bool is_forced_roaming;
 	struct wlan_chan_list tried_candidate_freq_list;
 	uint16_t rso_rsn_caps;
+	bool is_disable_btm;
 };
 
 /**
@@ -768,6 +770,7 @@ struct rso_config_params {
  * @ROAM_BAND: Allowed band for roaming in FW
  * @HI_RSSI_SCAN_RSSI_DELTA:
  * @ROAM_RSSI_DIFF_6GHZ: roam rssi diff for 6 GHz AP
+ * @IS_DISABLE_BTM: disable btm roaming
  */
 enum roam_cfg_param {
 	RSSI_CHANGE_THRESHOLD,
@@ -799,6 +802,7 @@ enum roam_cfg_param {
 	ROAM_BAND,
 	HI_RSSI_SCAN_RSSI_DELTA,
 	ROAM_RSSI_DIFF_6GHZ,
+	IS_DISABLE_BTM,
 };
 
 /**

components/umac/mlme/connection_mgr/dispatcher/inc/wlan_cm_roam_ucfg_api.h

@@ -1,6 +1,6 @@
 /*
  * Copyright (c) 2020-2021, The Linux Foundation. All rights reserved.
- * Copyright (c) 2021-2023 Qualcomm Innovation Center, Inc. All rights reserved.
+ * Copyright (c) 2021-2024 Qualcomm Innovation Center, Inc. All rights reserved.
  *
  * Permission to use, copy, modify, and/or distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
@@ -42,6 +42,18 @@ ucfg_user_space_enable_disable_rso(struct wlan_objmgr_pdev *pdev,
 				   uint8_t vdev_id,
 				   const bool is_fast_roam_enabled);
 
+/**
+ * ucfg_clear_user_disabled_roaming() - clear user/wpa_supplicant
+ * disabled_roaming flag in driver
+ * @psoc: Pointer to pdev
+ * @vdev_id: vdev id
+ *
+ * Return: void
+ */
+void
+ucfg_clear_user_disabled_roaming(struct wlan_objmgr_psoc *psoc,
+				 uint8_t vdev_id);
+
 /**
  * ucfg_is_rso_enabled() - Check if rso is enabled
  * @pdev: Pointer to pdev
@@ -181,6 +193,21 @@ ucfg_cm_set_roam_band_mask(struct wlan_objmgr_psoc *psoc, uint8_t vdev_id,
 	return wlan_cm_set_roam_band_bitmask(psoc, vdev_id, roam_band_mask);
 }
 
+/**
+ * ucfg_cm_set_btm_config() - Inline ucfg api to set btm roaming disable flag
+ * @psoc: pointer to psoc object
+ * @vdev_id: vdev id
+ * @is_disable_btm: btm config flag that needs to be set from the caller
+ *
+ * Return: QDF Status
+ */
+static inline QDF_STATUS ucfg_cm_set_btm_config(struct wlan_objmgr_psoc *psoc,
+						uint8_t vdev_id,
+						bool is_disable_btm)
+{
+	return wlan_cm_set_btm_config(psoc, vdev_id, is_disable_btm);
+}
+
 static inline QDF_STATUS
 ucfg_cm_set_roam_band_update(struct wlan_objmgr_psoc *psoc, uint8_t vdev_id)
 {
@@ -223,6 +250,13 @@ ucfg_cm_set_roam_band_mask(struct wlan_objmgr_psoc *psoc, uint8_t vdev_id,
 	return QDF_STATUS_SUCCESS;
 }
 
+static inline QDF_STATUS ucfg_cm_set_btm_config(struct wlan_objmgr_psoc *psoc,
+						uint8_t vdev_id,
+						bool is_disable_btm)
+{
+	return QDF_STATUS_SUCCESS;
+}
+
 static inline QDF_STATUS
 ucfg_cm_set_roam_band_update(struct wlan_objmgr_psoc *psoc, uint8_t vdev_id)
 {

components/umac/mlme/connection_mgr/dispatcher/src/wlan_cm_roam_api.c

@@ -787,6 +787,9 @@ QDF_STATUS wlan_cm_roam_cfg_get_value(struct wlan_objmgr_psoc *psoc,
 	case RSSI_CHANGE_THRESHOLD:
 		dst_config->int_value = rso_cfg->rescan_rssi_delta;
 		break;
+	case IS_DISABLE_BTM:
+		dst_config->bool_value = rso_cfg->is_disable_btm;
+		break;
 	case BEACON_RSSI_WEIGHT:
 		dst_config->uint_value = rso_cfg->beacon_rssi_weight;
 		break;
@@ -1298,6 +1301,9 @@ wlan_cm_roam_cfg_set_value(struct wlan_objmgr_psoc *psoc, uint8_t vdev_id,
 	case RSSI_CHANGE_THRESHOLD:
 		rso_cfg->rescan_rssi_delta  = src_config->uint_value;
 		break;
+	case IS_DISABLE_BTM:
+		rso_cfg->is_disable_btm  = src_config->bool_value;
+		break;
 	case BEACON_RSSI_WEIGHT:
 		rso_cfg->beacon_rssi_weight = src_config->uint_value;
 		break;
@@ -1623,6 +1629,7 @@ QDF_STATUS wlan_cm_rso_config_init(struct wlan_objmgr_vdev *vdev,
 
 	ucfg_reg_get_band(wlan_vdev_get_pdev(vdev), &current_band);
 	rso_cfg->roam_band_bitmask = current_band;
+	rso_cfg->is_disable_btm = false;
 
 	return status;
 }
@@ -1652,6 +1659,7 @@ void wlan_cm_rso_config_deinit(struct wlan_objmgr_vdev *vdev,
 	cm_flush_roam_channel_list(&cfg_params->pref_chan_info);
 
 	qdf_mutex_destroy(&rso_cfg->cm_rso_lock);
+	rso_cfg->is_disable_btm = false;
 
 	cm_deinit_reassoc_timer(rso_cfg);
 }
@@ -2336,6 +2344,16 @@ QDF_STATUS wlan_cm_set_roam_band_bitmask(struct wlan_objmgr_psoc *psoc,
 					  &src_config);
 }
 
+QDF_STATUS wlan_cm_set_btm_config(struct wlan_objmgr_psoc *psoc,
+				  uint8_t vdev_id, bool is_disable_btm)
+{
+	struct cm_roam_values_copy src_config = {};
+
+	src_config.bool_value = is_disable_btm;
+	return wlan_cm_roam_cfg_set_value(psoc, vdev_id, IS_DISABLE_BTM,
+					  &src_config);
+}
+
 QDF_STATUS wlan_cm_set_roam_band_update(struct wlan_objmgr_psoc *psoc,
 					uint8_t vdev_id)
 {
@@ -4917,19 +4935,30 @@ wlan_cm_set_assoc_btm_cap(struct wlan_objmgr_vdev *vdev, bool val)
 	mlme_priv->connect_info.assoc_btm_cap = val;
 }
 
-bool
-wlan_cm_get_assoc_btm_cap(struct wlan_objmgr_vdev *vdev)
+bool wlan_cm_get_assoc_btm_cap(struct wlan_objmgr_psoc *psoc, uint8_t vdev_id)
 {
 	struct mlme_legacy_priv *mlme_priv;
+	struct wlan_objmgr_vdev *vdev;
+	bool assoc_btm_cap = true;
 
-	if (!vdev)
+	vdev = wlan_objmgr_get_vdev_by_id_from_psoc(psoc, vdev_id,
+						    WLAN_LEGACY_MAC_ID);
+	if (!vdev) {
+		mlme_err("vdev is NULL");
 		return true;
+	}
 
 	mlme_priv = wlan_vdev_mlme_get_ext_hdl(vdev);
-	if (!mlme_priv)
-		return true;
+	if (!mlme_priv) {
+		mlme_err("mlme_priv is NULL");
+		goto release_ref;
+	}
+
+	assoc_btm_cap = mlme_priv->connect_info.assoc_btm_cap;
 
-	return mlme_priv->connect_info.assoc_btm_cap;
+release_ref:
+	wlan_objmgr_vdev_release_ref(vdev, WLAN_LEGACY_MAC_ID);
+	return assoc_btm_cap;
 }
 
 bool wlan_cm_is_self_mld_roam_supported(struct wlan_objmgr_psoc *psoc)

components/umac/mlme/connection_mgr/dispatcher/src/wlan_cm_roam_ucfg_api.c

@@ -1,6 +1,6 @@
 /*
  * Copyright (c) 2020-2021, The Linux Foundation. All rights reserved.
- * Copyright (c) 2021-2023 Qualcomm Innovation Center, Inc. All rights reserved.
+ * Copyright (c) 2021-2024 Qualcomm Innovation Center, Inc. All rights reserved.
  *
  * Permission to use, copy, modify, and/or distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
@@ -73,9 +73,8 @@ ucfg_user_space_enable_disable_rso(struct wlan_objmgr_pdev *pdev,
 	wlan_mlme_set_usr_disabled_roaming(psoc, !is_fast_roam_enabled);
 
 	/*
-	 * Supplicant_disabled_roaming flag is the global flag to control
-	 * roam offload from supplicant. Driver cannot enable roaming if
-	 * supplicant disabled roaming is set.
+	 * Supplicant_disabled_roaming flag is only effective for current
+	 * connection, it will be cleared during new connection.
 	 * is_fast_roam_enabled: true - enable RSO if not disabled by driver
 	 *                       false - Disable RSO. Send RSO stop if false
 	 *                       is set.
@@ -109,6 +108,14 @@ ucfg_user_space_enable_disable_rso(struct wlan_objmgr_pdev *pdev,
 	return status;
 }
 
+void
+ucfg_clear_user_disabled_roaming(struct wlan_objmgr_psoc *psoc,
+				 uint8_t vdev_id)
+{
+	wlan_mlme_set_usr_disabled_roaming(psoc, false);
+	mlme_set_supplicant_disabled_roaming(psoc, vdev_id, false);
+}
+
 QDF_STATUS ucfg_cm_abort_roam_scan(struct wlan_objmgr_pdev *pdev,
 				   uint8_t vdev_id)
 {

components/umac/mlme/mlo_mgr/src/wlan_mlo_mgr_roam.c

@@ -885,7 +885,8 @@ mlo_check_if_all_vdev_up(struct wlan_objmgr_vdev *vdev)
 		if (!mlo_dev_ctx->wlan_vdev_list[i])
 			continue;
 
-		if (qdf_test_bit(i, sta_ctx->wlan_connected_links) &&
+		if ((qdf_test_bit(i, sta_ctx->wlan_connected_links) ||
+		     qdf_test_bit(i, sta_ctx->wlan_connect_req_links)) &&
 		    !QDF_IS_STATUS_SUCCESS(wlan_vdev_is_up(mlo_dev_ctx->wlan_vdev_list[i]))) {
 			mlo_debug("Vdev id %d is not in up state",
 				  wlan_vdev_get_id(mlo_dev_ctx->wlan_vdev_list[i]));
@@ -1056,7 +1057,6 @@ mlo_roam_copy_reassoc_rsp(struct wlan_objmgr_vdev *vdev,
 		sta_ctx->copied_reassoc_rsp->roaming_info = NULL;
 		qdf_mem_free(sta_ctx->copied_reassoc_rsp);
 		sta_ctx->copied_reassoc_rsp = NULL;
-		connect_ies->assoc_rsp.len = 0;
 		return QDF_STATUS_E_NOMEM;
 	}
 
@@ -1452,7 +1452,6 @@ mlo_roam_link_connect_notify(struct wlan_objmgr_psoc *psoc, uint8_t vdev_id)
 		}
 
 		if (mlo_check_connect_req_bmap(link_vdev)) {
-			mlo_update_connect_req_links(link_vdev, false);
 			status = mlo_roam_prepare_and_send_link_connect_req(assoc_vdev,
 							link_vdev,
 							rsp,
@@ -1460,8 +1459,10 @@ mlo_roam_link_connect_notify(struct wlan_objmgr_psoc *psoc, uint8_t vdev_id)
 							partner_info.partner_link_info[i].chan_freq);
 			if (QDF_IS_STATUS_ERROR(status))
 				goto err;
-			else
+			else {
+				mlo_update_connect_req_links(link_vdev, false);
 				goto end;
+			}
 		}
 	}
 err:

components/wmi/src/wmi_unified_roam_tlv.c

@@ -2070,9 +2070,18 @@ extract_roam_frame_info_tlv(wmi_unified_t wmi_handle, void *evt_buf,
 					     WLAN_FRAME_INFO_AUTH_ALG_OFFSET,
 					     4);
 
-		if (!dst_buf->is_rsp)
+		if (!dst_buf->is_rsp) {
 			dst_buf->tx_status = wmi_get_converted_tx_status(
 							src_data->status_code);
+			/* wmi_roam_frame_info->status_code sent from the fw
+			 * denotes the tx_status of the transmitted frames.
+			 * To Do: Need a separate field for status code or
+			 * use existing field of wmi_roam_frame_info tlv
+			 * to send the tx status of transmitted frame from the
+			 * FW.
+			 */
+			dst_buf->status_code = 0;
+		}
 
 		dst_buf->retry_count = src_data->retry_count;
 		dst_buf->rssi = (-1) * src_data->rssi_dbm_abs;

configs/volcano_consolidate_qca6750_defconfig

@@ -0,0 +1,28 @@
+CONFIG_ALLOW_PKT_DROPPING=y
+CONFIG_ATH_DIAG_EXT_DIRECT=y
+CONFIG_DESC_TIMESTAMP_DEBUG_INFO=y
+CONFIG_DP_RX_REFILL_CPU_PERF_AFFINE_MASK=y
+CONFIG_DP_TX_HW_DESC_HISTORY=y
+CONFIG_DSC_DEBUG=y
+CONFIG_DSC_TEST=y
+CONFIG_ENABLE_QDF_PTR_HASH_DEBUG=y
+CONFIG_FEATURE_HIF_LATENCY_PROFILE_ENABLE=y
+CONFIG_FEATURE_UNIT_TEST_SUSPEND=y
+CONFIG_HAL_DEBUG=y
+CONFIG_HIF_CE_DEBUG_DATA_BUF=y
+CONFIG_HIF_CPU_PERF_AFFINE_MASK=y
+CONFIG_LEAK_DETECTION=y
+CONFIG_MAX_LOGS_PER_SEC=500
+CONFIG_ENABLE_MAX_LOGS_PER_SEC=y
+CONFIG_QDF_NBUF_HISTORY_SIZE=16384
+CONFIG_SCHED_HISTORY_SIZE=256
+CONFIG_REGISTER_OP_DEBUG=y
+CONFIG_REO_QDESC_HISTORY=y
+CONFIG_RX_DESC_DEBUG_CHECK=y
+CONFIG_TALLOC_DEBUG=y
+CONFIG_UNIT_TEST=y
+CONFIG_WLAN_FEATURE_DP_RX_RING_HISTORY=y
+CONFIG_WLAN_FEATURE_DP_TX_DESC_HISTORY=y
+CONFIG_WLAN_RECORD_RX_PADDR=y
+CONFIG_QDF_TEST=y
+CONFIG_FEATURE_WLM_STATS=y

configs/volcano_gki_qca6750_defconfig

@@ -0,0 +1,329 @@
+CONFIG_QCA_CLD_WLAN=y
+CONFIG_160MHZ_SUPPORT=y
+CONFIG_6G_SCAN_CHAN_SORT_ALGO=y
+CONFIG_ADAPTIVE_11R=y
+CONFIG_ANI_LEVEL_REQUEST=y
+CONFIG_AR900B=y
+CONFIG_ATH_11AC_TXCOMPACT=y
+CONFIG_ATH_BUS_PM=y
+CONFIG_ATH_PERF_PWR_OFFLOAD=y
+CONFIG_BAND_6GHZ=y
+CONFIG_BCN_RATECODE_ENABLE=y
+CONFIG_BUS_AUTO_SUSPEND=y
+CONFIG_CHECKSUM_OFFLOAD=y
+CONFIG_CNSS2_MODULE=y
+CONFIG_CNSS_GENL_MODULE=y
+CONFIG_CNSS_UTILS_MODULE=y
+CONFIG_CONNECTIVITY_PKTLOG=y
+CONFIG_CONVERGED_P2P_ENABLE=y
+CONFIG_CP_STATS=y
+CONFIG_DDP_MON_RSSI_IN_DBM=y
+CONFIG_DEBUG_RX_RING_BUFFER=y
+CONFIG_DELIVERY_TO_STACK_STATUS_CHECK=y
+CONFIG_DESC_DUP_DETECT_DEBUG=y
+CONFIG_DIRECT_BUF_RX_ENABLE=y
+CONFIG_DISABLE_CHANNEL_LIST=y
+CONFIG_WLAN_BCN_RECV_FEATURE=y
+CONFIG_DISABLE_EAPOL_INTRABSS_FWD=y
+CONFIG_DP_HW_TX_DELAY_STATS_ENABLE=y
+CONFIG_DP_INTR_POLL_BASED=y
+CONFIG_DP_LEGACY_MODE_CSM_DEFAULT_DISABLE=1
+CONFIG_DP_LFR=y
+CONFIG_DP_MEM_PRE_ALLOC=y
+CONFIG_DP_PKT_ADD_TIMESTAMP=y
+CONFIG_DP_RX_BUFFER_POOL_ALLOC_THRES=5
+CONFIG_DP_RX_BUFFER_POOL_SIZE=128
+CONFIG_DP_RX_DROP_RAW_FRM=y
+CONFIG_DP_RX_PKT_NO_PEER_DELIVER=y
+CONFIG_DP_RX_REFILL_BUFF_POOL_SIZE=2048
+CONFIG_DP_RX_REFILL_THRD_THRESHOLD=512
+CONFIG_DP_RX_SPECIAL_FRAME_NEED=y
+CONFIG_DP_SWLM=y
+CONFIG_DP_TRACE=y
+CONFIG_DP_TRAFFIC_END_INDICATION=y
+CONFIG_DP_TXRX_SOC_ATTACH=y
+CONFIG_DP_TX_TRACKING=y
+CONFIG_DP_WAR_VALIDATE_RX_ERR_MSDU_COOKIE=y
+CONFIG_DUP_RX_DESC_WAR=y
+CONFIG_DYNAMIC_RX_AGGREGATION=y
+CONFIG_ENABLE_CE4_COMP_DISABLE_HTT_HTC_MISC_LIST=y
+CONFIG_ENABLE_HAL_REG_WR_HISTORY=y
+CONFIG_ENABLE_HAL_SOC_STATS=y
+CONFIG_ENABLE_MTRACE_LOG=y
+CONFIG_FEATURE_ACTIVE_TOS=y
+CONFIG_FEATURE_ALIGN_STATS_FROM_DP=y
+CONFIG_FEATURE_AST=y
+CONFIG_FEATURE_BECN_STATS=y
+CONFIG_FEATURE_BSS_TRANSITION=y
+CONFIG_FEATURE_CLUB_LL_STATS_AND_GET_STATION=y
+CONFIG_FEATURE_CONCURRENCY_MATRIX=y
+CONFIG_FEATURE_DELAYED_PEER_OBJ_DESTROY=y
+CONFIG_FEATURE_DENYLIST_MGR=y
+CONFIG_FEATURE_EPPING=y
+CONFIG_FEATURE_FORCE_WAKE=y
+CONFIG_FEATURE_FW_LOG_PARSING=y
+CONFIG_FEATURE_GPIO_CFG=y
+CONFIG_FEATURE_HAL_DELAYED_REG_WRITE=y
+CONFIG_FEATURE_HTC_CREDIT_HISTORY=y
+CONFIG_FEATURE_INTEROP_ISSUES_AP=y
+CONFIG_FEATURE_MEMDUMP_ENABLE=y
+CONFIG_FEATURE_MONITOR_MODE_SUPPORT=y
+CONFIG_FEATURE_MSCS=y
+CONFIG_FEATURE_NO_DBS_INTRABAND_MCC_SUPPORT=y
+CONFIG_FEATURE_OEM_DATA=y
+CONFIG_FEATURE_OTA_TEST=y
+CONFIG_FEATURE_P2P_LISTEN_OFFLOAD=y
+CONFIG_FEATURE_PKTLOG=y
+CONFIG_FEATURE_RADAR_HISTORY=y
+CONFIG_FEATURE_ROAM_DEBUG=y
+CONFIG_FEATURE_RSSI_MONITOR=y
+CONFIG_FEATURE_RX_LINKSPEED_ROAM_TRIGGER=y
+CONFIG_FEATURE_SAP_COND_CHAN_SWITCH=y
+CONFIG_FEATURE_SAR_LIMITS=y
+CONFIG_FEATURE_SET=y
+CONFIG_FEATURE_STATION_INFO=y
+CONFIG_FEATURE_STATS_EXT=y
+CONFIG_FEATURE_STATS_EXT_V2=y
+CONFIG_FEATURE_TSO=y
+CONFIG_FEATURE_TSO_STATS=y
+CONFIG_FEATURE_TX_POWER=y
+CONFIG_FEATURE_VDEV_OPS_WAKELOCK=y
+CONFIG_FEATURE_WLAN_LPHB=y
+CONFIG_FEATURE_WLAN_PRE_CAC=y
+CONFIG_FEATURE_WLAN_RA_FILTERING=y
+CONFIG_FEATURE_WLAN_SCAN_PNO=y
+CONFIG_FEATURE_WLAN_WAPI=y
+CONFIG_FIX_TXDMA_LIMITATION=y
+CONFIG_FOURTH_CONNECTION=y
+CONFIG_FW_THERMAL_THROTTLE=y
+CONFIG_GTK_OFFLOAD=y
+CONFIG_HAL_DISABLE_NON_BA_2K_JUMP_ERROR=y
+CONFIG_HANDLE_BC_EAP_TX_FRM=y
+CONFIG_HANDLE_RX_REROUTE_ERR=y
+CONFIG_HASTINGS_BT_WAR=y
+CONFIG_HDD_INIT_WITH_RTNL_LOCK=y
+CONFIG_HIF_DEBUG=y
+CONFIG_HIF_IPCI=y
+CONFIG_HOST_OPCLASS=y
+CONFIG_HOST_WAKEUP_OVER_QMI=y
+CONFIG_HTT_PADDR64=y
+CONFIG_IPA_SET_RESET_TX_DB_PA=y
+CONFIG_LFR_SUBNET_DETECTION=y
+CONFIG_LINUX_QCMBR=y
+CONFIG_LITHIUM=y
+CONFIG_LITTLE_ENDIAN=y
+CONFIG_LL_DP_SUPPORT=y
+CONFIG_LTE_COEX=y
+CONFIG_MARK_ICMP_REQ_TO_FW=y
+CONFIG_MAX_ALLOC_PAGE_SIZE=y
+CONFIG_MCC_TO_SCC_SWITCH=y
+CONFIG_MON_ENABLE_DROP_FOR_MAC=y
+CONFIG_MORE_TX_DESC=y
+CONFIG_MULTI_CLIENT_LL_SUPPORT=y
+CONFIG_PANIC_ON_BUG=y
+CONFIG_PCI_LINK_STATUS_SANITY=y
+CONFIG_PEER_PROTECTED_ACCESS=y
+CONFIG_PKTLOG_HAS_SPECIFIC_DATA=y
+CONFIG_POWER_MANAGEMENT_OFFLOAD=y
+CONFIG_PTT_SOCK_SVC_ENABLE=y
+CONFIG_QCA6750_HEADERS_DEF=y
+CONFIG_QCACLD_FEATURE_APF=y
+CONFIG_QCACLD_FEATURE_FW_STATE=y
+CONFIG_QCACLD_FEATURE_GREEN_AP=y
+CONFIG_QCACLD_FEATURE_NAN=y
+CONFIG_QCACLD_RX_DESC_MULTI_PAGE_ALLOC=y
+CONFIG_QCACLD_WLAN_CONNECTIVITY_DIAG_EVENT=y
+CONFIG_QCACLD_WLAN_LFR3=y
+CONFIG_QCA_MONITOR_PKT_SUPPORT=y
+CONFIG_QCA_SUPPORT_TX_THROTTLE=y
+CONFIG_QCA_TARGET_IF_MLME=y
+CONFIG_QCA_WIFI_FTM=y
+CONFIG_QCA_WIFI_FTM_NL80211=y
+CONFIG_QCA_WIFI_QCA6750=y
+CONFIG_QCA_WIFI_QCA8074=y
+CONFIG_QCA_WIFI_QCA8074_VP=y
+CONFIG_QCOM_ESE=y
+CONFIG_QCOM_LTE_COEX=y
+CONFIG_QCOM_TDLS=y
+CONFIG_QCOM_VOWIFI_11R=y
+CONFIG_QMI_SUPPORT=y
+CONFIG_REG_CLIENT=y
+CONFIG_REMOVE_PKT_LOG=y
+CONFIG_REO_DESC_DEFER_FREE=y
+CONFIG_ROME_IF="ipci"
+CONFIG_PLD_IPCI_ICNSS_FLAG=y
+CONFIG_RXDMA_ERR_PKT_DROP=y
+CONFIG_RX_DEFRAG_DO_NOT_REINJECT=y
+CONFIG_RX_DESC_SANITY_WAR=y
+CONFIG_RX_FISA=y
+CONFIG_RX_HASH_DEBUG=y
+CONFIG_RX_OL=y
+CONFIG_SAE_SINGLE_PMK=y
+CONFIG_SAP_AVOID_ACS_FREQ_LIST=y
+CONFIG_SAP_DHCP_FW_IND=y
+CONFIG_SAR_SAFETY_FEATURE=y
+CONFIG_SCALE_INCLUDES=y
+CONFIG_SERIALIZE_QUEUE_SETUP=y
+CONFIG_SHADOW_V2=y
+CONFIG_SOFTAP_CHANNEL_RANGE=y
+CONFIG_SUPPORT_11AX=y
+CONFIG_SYSTEM_PM_CHECK=y
+CONFIG_TARGET_11D_SCAN=y
+CONFIG_TARGET_RAMDUMP_AFTER_KERNEL_PANIC=y
+CONFIG_THERMAL_STATS_SUPPORT=y
+CONFIG_TRACE_RECORD_FEATURE=y
+CONFIG_TSO_DEBUG_LOG_ENABLE=y
+CONFIG_TX_MULTIQ_PER_AC=y
+CONFIG_TX_MULTI_TCL=y
+CONFIG_TX_PER_PDEV_DESC_POOL=y
+CONFIG_TX_TID_OVERRIDE=y
+CONFIG_VERBOSE_DEBUG=y
+CONFIG_WAPI_BIG_ENDIAN=y
+CONFIG_WCNSS_MEM_PRE_ALLOC_MODULE=y
+CONFIG_WDI3_IPA_OVER_GSI=y
+CONFIG_WDI_EVENT_ENABLE=y
+CONFIG_WIFI_MONITOR_SUPPORT=y
+CONFIG_WIFI_POS_CONVERGED=y
+CONFIG_WLAN_BMISS=y
+CONFIG_WLAN_CE_INTERRUPT_THRESHOLD_CONFIG=y
+CONFIG_WLAN_CFR_ENABLE=y
+CONFIG_WLAN_CLD_DEV_PM_QOS=y
+CONFIG_WLAN_CLD_PM_QOS=y
+CONFIG_WLAN_CONV_SPECTRAL_ENABLE=y
+CONFIG_WLAN_CUSTOM_DSCP_UP_MAP=y
+CONFIG_WLAN_DEBUGFS=y
+CONFIG_WLAN_DEBUG_CRASH_INJECT=y
+CONFIG_WLAN_DEBUG_LINK_VOTE=y
+CONFIG_WLAN_DEBUG_VERSION=y
+CONFIG_WLAN_DFS_MASTER_ENABLE=y
+CONFIG_WLAN_DFS_STATIC_MEM_ALLOC=y
+CONFIG_WLAN_DIAG_VERSION=y
+CONFIG_WLAN_DL_MODES=y
+CONFIG_WLAN_DP_FEATURE_DEFERRED_REO_QDESC_DESTROY=y
+CONFIG_WLAN_DP_PENDING_MEM_FLUSH=y
+CONFIG_WLAN_DP_PER_RING_TYPE_CONFIG=y
+CONFIG_WLAN_DP_PROFILE_SUPPORT=y
+CONFIG_WLAN_DYNAMIC_CVM=y
+CONFIG_WLAN_ENABLE_SOCIAL_CHANNELS_5G_ONLY=y
+CONFIG_WLAN_ENH_CFR_ENABLE=y
+CONFIG_WLAN_FEATURE_11AX=y
+CONFIG_WLAN_FEATURE_ACTION_OUI=y
+CONFIG_WLAN_FEATURE_BIG_DATA_STATS=y
+CONFIG_WLAN_FEATURE_CAL_FAILURE_TRIGGER=y
+CONFIG_WLAN_FEATURE_CE_RX_BUFFER_REUSE=y
+CONFIG_WLAN_FEATURE_DFS_OFFLOAD=y
+CONFIG_WLAN_FEATURE_DISA=y
+CONFIG_WLAN_FEATURE_DP_BUS_BANDWIDTH=y
+CONFIG_WLAN_FEATURE_DP_EVENT_HISTORY=y
+CONFIG_WLAN_FEATURE_DP_RX_THREADS=y
+CONFIG_WLAN_FEATURE_DYNAMIC_MAC_ADDR_UPDATE=y
+CONFIG_WLAN_FEATURE_ELNA=y
+CONFIG_WLAN_FEATURE_FILS=y
+CONFIG_WLAN_FEATURE_FIPS=y
+CONFIG_WLAN_FEATURE_GET_USABLE_CHAN_LIST=y
+CONFIG_WLAN_FEATURE_ICMP_OFFLOAD=y
+CONFIG_WLAN_FEATURE_IGMP_OFFLOAD=y
+CONFIG_WLAN_FEATURE_LINK_LAYER_STATS=y
+CONFIG_WLAN_FEATURE_LPSS=y
+CONFIG_WLAN_FEATURE_LRO_CTX_IN_CB=y
+CONFIG_WLAN_FEATURE_MBSSID=y
+CONFIG_WLAN_FEATURE_MDNS_OFFLOAD=y
+CONFIG_WLAN_FEATURE_MEDIUM_ASSESS=y
+CONFIG_WLAN_FEATURE_MIB_STATS=y
+CONFIG_WLAN_FEATURE_P2P_DEBUG=y
+CONFIG_WLAN_FEATURE_P2P_P2P_STA=y
+CONFIG_WLAN_FEATURE_PACKET_FILTERING=y
+CONFIG_WLAN_FEATURE_PEER_TXQ_FLUSH_CONF=y
+CONFIG_WLAN_FEATURE_RX_BUFFER_POOL=y
+CONFIG_WLAN_FEATURE_RX_SOFTIRQ_TIME_LIMIT=y
+CONFIG_WLAN_FEATURE_SAE=y
+CONFIG_WLAN_FEATURE_SAP_ACS_OPTIMIZE=y
+CONFIG_WLAN_FEATURE_SARV1_TO_SARV2=y
+CONFIG_WLAN_FEATURE_SR=y
+CONFIG_WLAN_FEATURE_TWT=y
+CONFIG_WLAN_FEATURE_WMI_DIAG_OVER_CE7=y
+CONFIG_WLAN_FREQ_LIST=y
+CONFIG_WLAN_FW_OFFLOAD=y
+CONFIG_WLAN_GTX_BW_MASK=y
+CONFIG_WLAN_HANG_EVENT=y
+CONFIG_WLAN_LOGGING_SOCK_SVC=y
+CONFIG_WLAN_LOG_DEBUG=y
+CONFIG_WLAN_LOG_ENTER=y
+CONFIG_WLAN_LOG_ERROR=y
+CONFIG_WLAN_LOG_EXIT=y
+CONFIG_WLAN_LOG_FATAL=y
+CONFIG_WLAN_LOG_INFO=y
+CONFIG_WLAN_LOG_WARN=y
+CONFIG_WLAN_MWS_INFO_DEBUGFS=y
+CONFIG_WLAN_NAPI=y
+CONFIG_WLAN_NS_OFFLOAD=y
+CONFIG_WLAN_NUD_TRACKING=y
+CONFIG_WLAN_OBJMGR_DEBUG=y
+CONFIG_WLAN_OBJMGR_REF_ID_TRACE=y
+CONFIG_WLAN_OFFLOAD_PACKETS=y
+CONFIG_WLAN_OPEN_P2P_INTERFACE=y
+CONFIG_WLAN_OPEN_SOURCE=y
+CONFIG_WLAN_PDEV_VDEV_SEND_MULTI_PARAM=y
+CONFIG_WLAN_PMO_ENABLE=y
+CONFIG_WLAN_POLICY_MGR_ENABLE=y
+CONFIG_WLAN_POWER_DEBUG=y
+CONFIG_WLAN_REASSOC=y
+CONFIG_WLAN_SCAN_DISABLE=y
+CONFIG_WLAN_SKIP_BAR_UPDATE=y
+CONFIG_WLAN_SPECTRAL_ENABLE=y
+CONFIG_WLAN_SUPPORT_DATA_STALL=y
+CONFIG_WLAN_SYNC_TSF=y
+CONFIG_WLAN_SYSFS=y
+CONFIG_WLAN_SYSFS_CHANNEL=y
+CONFIG_WLAN_SYSFS_CONNECT_INFO=y
+CONFIG_WLAN_SYSFS_DCM=y
+CONFIG_WLAN_SYSFS_DFSNOL=y
+CONFIG_WLAN_SYSFS_DP_TRACE=y
+CONFIG_WLAN_SYSFS_FW_MODE_CFG=y
+CONFIG_WLAN_SYSFS_HE_BSS_COLOR=y
+CONFIG_WLAN_SYSFS_LOG_BUFFER=y
+CONFIG_WLAN_SYSFS_MEM_STATS=y
+CONFIG_WLAN_SYSFS_MONITOR_MODE_CHANNEL=y
+CONFIG_WLAN_SYSFS_RADAR=y
+CONFIG_WLAN_SYSFS_RANGE_EXT=y
+CONFIG_WLAN_SYSFS_RF_TEST_MODE=y
+CONFIG_WLAN_SYSFS_ROAM_TRIGGER_BITMAP=y
+CONFIG_WLAN_SYSFS_RTS_CTS=y
+CONFIG_WLAN_SYSFS_SCAN_CFG=y
+CONFIG_WLAN_SYSFS_STATS=y
+CONFIG_WLAN_SYSFS_STA_INFO=y
+CONFIG_WLAN_SYSFS_TDLS_PEERS=y
+CONFIG_WLAN_SYSFS_TEMPERATURE=y
+CONFIG_WLAN_SYSFS_TX_STBC=y
+CONFIG_WLAN_SYSFS_WDS_MODE=y
+CONFIG_WLAN_SYSFS_WLAN_DBG=y
+CONFIG_WLAN_THERMAL_CFG=y
+CONFIG_WLAN_THERMAL_MULTI_CLIENT_SUPPORT=y
+CONFIG_WLAN_TRACEPOINTS=y
+CONFIG_WLAN_TRACE_HIDE_MAC_ADDRESS=y
+CONFIG_WLAN_TWT_CONVERGED=y
+CONFIG_WLAN_TXRX_FW_STATS=y
+CONFIG_WLAN_TXRX_FW_ST_RST=y
+CONFIG_WLAN_TXRX_STATS=y
+CONFIG_WLAN_TX_FLOW_CONTROL_V2=y
+CONFIG_WLAN_VENDOR_HANDOFF_CONTROL=y
+CONFIG_WLAN_WARN_ON_ASSERT=y
+CONFIG_WLAN_WBUFF=y
+CONFIG_WLAN_WOWL_ADD_PTRN=y
+CONFIG_WLAN_WOWL_DEL_PTRN=y
+CONFIG_WLAN_WOW_ITO=y
+CONFIG_WMI_BCN_OFFLOAD=y
+CONFIG_WMI_CMD_STRINGS=y
+CONFIG_WMI_CONCURRENCY_SUPPORT=y
+CONFIG_WMI_DBR_SUPPORT=y
+CONFIG_WMI_INTERFACE_EVENT_LOGGING=y
+CONFIG_WMI_ROAM_SUPPORT=y
+CONFIG_WMI_SEND_RECV_QMI=y
+CONFIG_WMI_STA_SUPPORT=y
+CONFIG_WLAN_CTRL_NAME="wlan"
+CONFIG_NUM_SOC_PERF_CLUSTER=2
+CONFIG_MULTI_IF_NAME="qca6750"
+CONFIG_CNSS_QCA6750=y
+CONFIG_BUILD_TAG=y
+CONFIG_DP_RX_DESC_COOKIE_INVALIDATE=y
+CONFIG_CFG80211_MLD_AP_STA_CONNECT_UPSTREAM_SUPPORT=y

core/hdd/src/wlan_hdd_cfg80211.c

@@ -8645,6 +8645,7 @@ const struct nla_policy wlan_hdd_wifi_config_policy[
 		.type = NLA_U8},
 	[QCA_WLAN_VENDOR_ATTR_CONFIG_COEX_TRAFFIC_SHAPING_MODE] = {
 		.type = NLA_U8},
+	[QCA_WLAN_VENDOR_ATTR_CONFIG_BTM_SUPPORT] = {.type = NLA_U8},
 };
 
 #define WLAN_MAX_LINK_ID 15
@@ -11851,6 +11852,53 @@ hdd_test_config_emlsr_action_mode(struct hdd_adapter *adapter,
 }
 #endif
 
+/**
+ * hdd_set_btm_support_config() - Update BTM support policy
+ * @link_info: Link info pointer in HDD adapter
+ * @attr: pointer to nla attr
+ *
+ * Return: 0 on success, negative on failure
+ */
+static int hdd_set_btm_support_config(struct wlan_hdd_link_info *link_info,
+				      const struct nlattr *attr)
+{
+	uint8_t cfg_val;
+	struct hdd_adapter *adapter = link_info->adapter;
+	struct hdd_context *hdd_ctx = WLAN_HDD_GET_CTX(adapter);
+	enum QDF_OPMODE op_mode = adapter->device_mode;
+	bool is_vdev_in_conn_state, is_disable_btm;
+
+	is_vdev_in_conn_state = hdd_is_vdev_in_conn_state(link_info);
+	cfg_val = nla_get_u8(attr);
+
+	hdd_debug("vdev: %d, cfg_val: %d for op_mode: %d, conn_state:%d",
+		  link_info->vdev_id, cfg_val, op_mode,
+		  is_vdev_in_conn_state);
+
+	/*
+	 * Change in BTM support configuration is applicable only for STA
+	 * interface and not allowed in connected state.
+	 */
+	if (op_mode != QDF_STA_MODE || is_vdev_in_conn_state)
+		return -EINVAL;
+
+	switch (cfg_val) {
+	case QCA_WLAN_BTM_SUPPORT_DISABLE:
+		is_disable_btm = true;
+		break;
+	case QCA_WLAN_BTM_SUPPORT_DEFAULT:
+		is_disable_btm = false;
+		break;
+	default:
+		return -EINVAL;
+	}
+
+	ucfg_cm_set_btm_config(hdd_ctx->psoc, link_info->vdev_id,
+			       is_disable_btm);
+
+	return 0;
+}
+
 #ifdef WLAN_FEATURE_11BE
 /**
  * hdd_set_eht_emlsr_capability() - Set EMLSR capability for EHT STA
@@ -12366,6 +12414,8 @@ static const struct independent_setters independent_setters[] = {
 	 hdd_set_t2lm_negotiation_support},
 	{QCA_WLAN_VENDOR_ATTR_CONFIG_COEX_TRAFFIC_SHAPING_MODE,
 	 hdd_set_coex_traffic_shaping_mode},
+	{QCA_WLAN_VENDOR_ATTR_CONFIG_BTM_SUPPORT,
+	 hdd_set_btm_support_config},
 };
 
 #ifdef WLAN_FEATURE_ELNA
@@ -28752,6 +28802,7 @@ wlan_hdd_cfg80211_get_channel_sta(struct wiphy *wiphy,
 	bool is_legacy_phymode = false;
 	struct wlan_channel chan_info;
 	int ret = 0;
+	struct ch_params ch_params = {0};
 
 	if (!hdd_cm_is_vdev_associated(adapter->deflink)) {
 		hdd_debug("vdev not associated");
@@ -28772,6 +28823,15 @@ wlan_hdd_cfg80211_get_channel_sta(struct wiphy *wiphy,
 		ret = mlo_mgr_get_per_link_chan_info(vdev, link_id, &chan_info);
 		if (ret != 0)
 			goto release;
+
+		ch_params.ch_width = chan_info.ch_width;
+		ch_params.center_freq_seg1 = chan_info.ch_cfreq2;
+		wlan_reg_set_channel_params_for_pwrmode(hdd_ctx->pdev,
+							chan_info.ch_freq, 0,
+							&ch_params,
+							REG_CURRENT_PWR_MODE);
+		chan_info.ch_cfreq1 = ch_params.mhz_freq_seg0;
+		chan_info.ch_cfreq2 = ch_params.mhz_freq_seg1;
 	} else {
 		ret = wlan_hdd_cfg80211_get_vdev_chan_info(hdd_ctx, vdev,
 							   link_id,

core/hdd/src/wlan_hdd_cm_connect.c

@@ -1,6 +1,6 @@
 /*
  * Copyright (c) 2012-2021, The Linux Foundation. All rights reserved.
- * Copyright (c) 2021-2023, Qualcomm Innovation Center, Inc. All rights reserved.
+ * Copyright (c) 2021-2024, Qualcomm Innovation Center, Inc. All rights reserved.
  *
  * Permission to use, copy, modify, and/or distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
@@ -897,6 +897,14 @@ int wlan_hdd_cm_connect(struct wiphy *wiphy,
 	hdd_update_scan_ie_for_connect(adapter, &params);
 	hdd_update_action_oui_for_connect(hdd_ctx, req);
 
+	if (!hdd_cm_is_vdev_associated(adapter->deflink)) {
+		/*
+		 * Clear user/wpa_supplicant disabled_roaming flag for new
+		 * connection
+		 */
+		ucfg_clear_user_disabled_roaming(hdd_ctx->psoc,
+						 adapter->deflink->vdev_id);
+	}
 	status = osif_cm_connect(ndev, vdev, req, &params);
 
 	if (status || ucfg_cm_is_vdev_roaming(vdev)) {

core/hdd/src/wlan_hdd_mlo.c

@@ -33,7 +33,7 @@
 #include <wlan_osif_priv.h>
 
 /*max time in ms, caller may wait for link state request get serviced */
-#define WLAN_WAIT_TIME_LINK_STATE 800
+#define WLAN_WAIT_TIME_LINK_STATE 3000
 
 #if defined(CFG80211_11BE_BASIC)
 #ifndef WLAN_HDD_MULTI_VDEV_SINGLE_NDEV

core/hdd/src/wlan_hdd_p2p.c

@@ -682,7 +682,7 @@ static bool hdd_allow_new_intf(struct hdd_context *hdd_ctx,
  * @name: User-visible name of the interface
  * @name_assign_type: the name of assign type of the netdev
  * @type: (virtual) interface types
- * @flags: monitor configuration flags (not used)
+ * @flags: monitor configuration flags
  * @params: virtual interface parameters (not used)
  *
  * Return: the pointer of wireless dev, otherwise ERR_PTR.
@@ -726,6 +726,7 @@ struct wireless_dev *__wlan_hdd_add_virtual_intf(struct wiphy *wiphy,
 		return ERR_PTR(qdf_status_to_os_return(status));
 
 	if (mode == QDF_MONITOR_MODE &&
+	    !(QDF_MONITOR_FLAG_OTHER_BSS & *flags) &&
 	    !os_if_lpc_mon_intf_creation_allowed(hdd_ctx->psoc))
 		return ERR_PTR(-EOPNOTSUPP);
 
@@ -778,8 +779,17 @@ struct wireless_dev *__wlan_hdd_add_virtual_intf(struct wiphy *wiphy,
 
 	adapter = NULL;
 	if (type == NL80211_IFTYPE_MONITOR) {
-		if (ucfg_dp_is_local_pkt_capture_enabled(hdd_ctx->psoc) ||
-		    ucfg_mlme_is_sta_mon_conc_supported(hdd_ctx->psoc) ||
+		/*
+		 * if QDF_MONITOR_FLAG_OTHER_BSS bit is set in monitor flags
+		 * driver will assume current mode as STA + Monitor Mode.
+		 * So if QDF_MONITOR_FLAG_OTHER_BSS bit is set in monitor
+		 * interface flag STA+MON concurrency is not supported
+		 * reject the request.
+		 **/
+		if ((ucfg_dp_is_local_pkt_capture_enabled(hdd_ctx->psoc) &&
+		     !(QDF_MONITOR_FLAG_OTHER_BSS & *flags)) ||
+		    (ucfg_mlme_is_sta_mon_conc_supported(hdd_ctx->psoc) &&
+		     (QDF_MONITOR_FLAG_OTHER_BSS & *flags)) ||
 		    ucfg_pkt_capture_get_mode(hdd_ctx->psoc) !=
 						PACKET_CAPTURE_MODE_DISABLE) {
 			ret = wlan_hdd_add_monitor_check(hdd_ctx,
@@ -788,6 +798,8 @@ struct wireless_dev *__wlan_hdd_add_virtual_intf(struct wiphy *wiphy,
 			if (ret)
 				return ERR_PTR(-EINVAL);
 
+			ucfg_dp_set_mon_conf_flags(hdd_ctx->psoc, *flags);
+
 			if (adapter) {
 				hdd_exit();
 				return adapter->dev->ieee80211_ptr;
@@ -1015,6 +1027,9 @@ int __wlan_hdd_del_virtual_intf(struct wiphy *wiphy, struct wireless_dev *wdev)
 	if (errno)
 		return errno;
 
+	if (wlan_hdd_is_session_type_monitor(adapter->device_mode))
+		ucfg_dp_set_mon_conf_flags(hdd_ctx->psoc, 0);
+
 	if (adapter->device_mode == QDF_SAP_MODE &&
 	    ucfg_pre_cac_is_active(hdd_ctx->psoc)) {
 		ucfg_pre_cac_clean_up(hdd_ctx->psoc);

core/mac/inc/ani_global.h

@@ -1,6 +1,6 @@
 /*
  * Copyright (c) 2012-2021 The Linux Foundation. All rights reserved.
- * Copyright (c) 2021-2023 Qualcomm Innovation Center, Inc. All rights reserved.
+ * Copyright (c) 2021-2024 Qualcomm Innovation Center, Inc. All rights reserved.
  *
  * Permission to use, copy, modify, and/or distribute this software for
  * any purpose with or without fee is hereby granted, provided that the
@@ -588,7 +588,7 @@ struct mgmt_frm_reg_info {
 	uint16_t frameType;
 	uint16_t matchLen;
 	uint16_t sessionId;
-	uint8_t matchData[1];
+	QDF_FLEX_ARRAY(uint8_t, matchData);
 };
 
 typedef struct sRrmContext {

core/mac/inc/qwlan_version.h

@@ -32,9 +32,9 @@
 #define QWLAN_VERSION_MAJOR            5
 #define QWLAN_VERSION_MINOR            2
 #define QWLAN_VERSION_PATCH            1
-#define QWLAN_VERSION_EXTRA            "N"
-#define QWLAN_VERSION_BUILD            87
+#define QWLAN_VERSION_EXTRA            "K"
+#define QWLAN_VERSION_BUILD            88
 
-#define QWLAN_VERSIONSTR               "5.2.1.87N"
+#define QWLAN_VERSIONSTR               "5.2.1.88K"
 
 #endif /* QWLAN_VERSION_H */

core/mac/inc/sir_api.h

@@ -1,6 +1,6 @@
 /*
  * Copyright (c) 2012-2021 The Linux Foundation. All rights reserved.
- * Copyright (c) 2021-2023 Qualcomm Innovation Center, Inc. All rights reserved.
+ * Copyright (c) 2021-2024 Qualcomm Innovation Center, Inc. All rights reserved.
  *
  * Permission to use, copy, modify, and/or distribute this software for
  * any purpose with or without fee is hereby granted, provided that the
@@ -585,7 +585,7 @@ struct register_mgmt_frame {
 	bool registerFrame;
 	uint16_t frameType;
 	uint16_t matchLen;
-	uint8_t matchData[1];
+	QDF_FLEX_ARRAY(uint8_t, matchData);
 };
 
 /* / Generic type for sending a response message */
@@ -840,7 +840,7 @@ struct bss_description {
 	uint32_t is_single_pmk;
 #endif
 	/* Please keep the structure 4 bytes aligned above the ieFields */
-	uint32_t ieFields[1];
+	QDF_FLEX_ARRAY(uint32_t, ieFields);
 };
 
 /* / Definition for response message to previously */
@@ -1804,7 +1804,7 @@ typedef struct sSirSmeMgmtFrameInd {
 	uint8_t frameType;
 	int8_t rxRssi;
 	enum rxmgmt_flags rx_flags;
-	uint8_t frameBuf[1];    /* variable */
+	QDF_FLEX_ARRAY(uint8_t, frameBuf);
 } tSirSmeMgmtFrameInd, *tpSirSmeMgmtFrameInd;
 
 typedef void (*sir_mgmt_frame_ind_callback)(tSirSmeMgmtFrameInd *frame_ind);
@@ -1826,7 +1826,7 @@ typedef struct sSirSmeUnprotMgmtFrameInd {
 	uint8_t sessionId;
 	uint8_t frameType;
 	uint8_t frameLen;
-	uint8_t frameBuf[1];    /* variable */
+	QDF_FLEX_ARRAY(uint8_t, frameBuf);
 } tSirSmeUnprotMgmtFrameInd, *tpSirSmeUnprotMgmtFrameInd;
 
 #ifdef WLAN_FEATURE_EXTWOW_SUPPORT
@@ -2146,7 +2146,7 @@ typedef struct sSirUpdateChan {
 	uint8_t vht_24_en;
 	bool he_en;
 	bool eht_en;
-	tSirUpdateChanParam chanParam[1];
+	QDF_FLEX_ARRAY(tSirUpdateChanParam, chanParam);
 } tSirUpdateChanList, *tpSirUpdateChanList;
 
 typedef enum eSirAddonPsReq {

core/mac/src/include/parser_api.h

@@ -1,6 +1,6 @@
 /*
  * Copyright (c) 2012-2021 The Linux Foundation. All rights reserved.
- * Copyright (c) 2021-2023 Qualcomm Innovation Center, Inc. All rights reserved.
+ * Copyright (c) 2021-2024 Qualcomm Innovation Center, Inc. All rights reserved.
  *
  * Permission to use, copy, modify, and/or distribute this software for
  * any purpose with or without fee is hereby granted, provided that the
@@ -90,6 +90,12 @@ struct sAvoidChannelIE {
 };
 #endif /* FEATURE_AP_MCC_CH_AVOIDANCE */
 
+/*
+ * Host driver uses TBTT info of length 13
+ * in the RNR IE for legacy SAPs.
+ */
+#define CURRENT_RNR_TBTT_INFO_LEN 13
+
 typedef struct sSirCountryInformation {
 	uint8_t countryString[COUNTRY_STRING_LENGTH];
 	uint8_t numIntervals;   /* number of channel intervals */
@@ -1881,18 +1887,21 @@ void populate_dot11f_6g_rnr(struct mac_context *mac_ctx,
 			    tDot11fIEreduced_neighbor_report *dot11f);
 
 /**
- * populate_dot11f_rnr_tbtt_info_7() - populate rnr with tbtt_info length 7
+ * populate_dot11f_rnr_tbtt_info() - populate rnr for the tbtt_len specified
  * @mac_ctx: pointer to mac_context
  * @pe_session: pe session
  * @rnr_session: session to populate in rnr ie
  * @dot11f: tDot11fIEreduced_neighbor_report to be filled
+ * @tbtt_len: length of the TBTT params
  *
- * Return: none
+ * Return: QDF STATUS
  */
-void populate_dot11f_rnr_tbtt_info_7(struct mac_context *mac_ctx,
-				     struct pe_session *pe_session,
-				     struct pe_session *rnr_session,
-				     tDot11fIEreduced_neighbor_report *dot11f);
+QDF_STATUS
+populate_dot11f_rnr_tbtt_info(struct mac_context *mac_ctx,
+			      struct pe_session *pe_session,
+			      struct pe_session *rnr_session,
+			      tDot11fIEreduced_neighbor_report *dot11f,
+			      uint8_t tbtt_len);
 
 /**
  * populate_dot11f_edca_pifs_param_set() - populate edca/pifs param ie

core/mac/src/include/sir_params.h

@@ -1,6 +1,6 @@
 /*
  * Copyright (c) 2012-2021 The Linux Foundation. All rights reserved.
- * Copyright (c) 2022-2023 Qualcomm Innovation Center, Inc. All rights reserved.
+ * Copyright (c) 2022-2024 Qualcomm Innovation Center, Inc. All rights reserved.
  *
  * Permission to use, copy, modify, and/or distribute this software for
  * any purpose with or without fee is hereby granted, provided that the
@@ -150,7 +150,7 @@ typedef struct sSirMbMsg {
 	 * NOTE: data[1] is not a place holder to store data
 	 * instead to dereference the message body.
 	 */
-	uint32_t data[1];
+	QDF_FLEX_ARRAY(uint32_t, data);
 } tSirMbMsg, *tpSirMbMsg;
 
 /**

core/mac/src/pe/include/lim_api.h

@@ -648,6 +648,17 @@ lim_fill_pe_session(struct mac_context *mac_ctx,
 		    struct pe_session *session,
 		    struct bss_description *bss_desc);
 
+/**
+ * lim_update_omn_ie_ch_width() - update omn_ie_ch_width in struct
+ * assoc_channel_info while processing bcn/probe resp/assoc resp/re-assoc resp
+ * @vdev: VDEV object manager
+ * @ch_width: ch_width present in OMN IE
+ *
+ * Return: none
+ */
+void lim_update_omn_ie_ch_width(struct wlan_objmgr_vdev *vdev,
+				enum phy_ch_width ch_width);
+
 #ifdef WLAN_FEATURE_11BE_MLO
 /*
  * lim_add_bcn_probe() - Add the generated probe resp to scan DB

core/mac/src/pe/include/rrm_global.h

@@ -1,6 +1,6 @@
 /*
  * Copyright (c) 2011-2012, 2014-2020 The Linux Foundation. All rights reserved.
- * Copyright (c) 2022-2023 Qualcomm Innovation Center, Inc. All rights reserved.
+ * Copyright (c) 2022-2024 Qualcomm Innovation Center, Inc. All rights reserved.
  *
  * Permission to use, copy, modify, and/or distribute this software for
  * any purpose with or without fee is hereby granted, provided that the
@@ -249,7 +249,7 @@ typedef struct sSirNeighborReportInd {
 	uint8_t measurement_idx;
 	uint16_t numNeighborReports;
 	tSirMacAddr bssId;      /* For the session. */
-	tSirNeighborBssDescription sNeighborBssDescription[1];
+	QDF_FLEX_ARRAY(tSirNeighborBssDescription, sNeighborBssDescription);
 } tSirNeighborReportInd, *tpSirNeighborReportInd;
 
 typedef struct eid_ext_info {

core/mac/src/pe/lim/lim_api.c

@@ -3801,6 +3801,20 @@ lim_mlo_roam_delete_link_peer(struct pe_session *pe_session,
 }
 #endif
 
+void lim_update_omn_ie_ch_width(struct wlan_objmgr_vdev *vdev,
+				enum phy_ch_width ch_width)
+{
+	struct mlme_legacy_priv *mlme_priv;
+
+	mlme_priv = wlan_vdev_mlme_get_ext_hdl(vdev);
+	if (!mlme_priv) {
+		mlme_legacy_err("vdev legacy private object is NULL");
+		return;
+	}
+
+	mlme_priv->connect_info.assoc_chan_info.omn_ie_ch_width = ch_width;
+}
+
 #ifdef WLAN_FEATURE_11BE_MLO
 static bool
 lim_match_link_info(uint8_t req_link_id,

core/mac/src/pe/lim/lim_assoc_utils.c

@@ -2216,11 +2216,6 @@ static void lim_add_tdls_sta_6ghz_he_cap(struct mac_context *mac_ctx,
 #endif /* FEATURE_WLAN_TDLS */
 
 #ifdef WLAN_FEATURE_11BE
-static bool lim_is_add_sta_params_eht_capable(tpAddStaParams add_sta_params)
-{
-	return add_sta_params->eht_capable;
-}
-
 static bool lim_is_eht_connection_op_info_present(struct pe_session *pe_session,
 						  tpSirAssocRsp assoc_rsp)
 {
@@ -2232,11 +2227,6 @@ static bool lim_is_eht_connection_op_info_present(struct pe_session *pe_session,
 	return false;
 }
 #else
-static bool lim_is_add_sta_params_eht_capable(tpAddStaParams add_sta_params)
-{
-	return false;
-}
-
 static bool lim_is_eht_connection_op_info_present(struct pe_session *pe_session,
 						  tpSirAssocRsp assoc_rsp)
 {

core/mac/src/pe/lim/lim_assoc_utils.h

@@ -1,6 +1,6 @@
 /*
  * Copyright (c) 2011-2021 The Linux Foundation. All rights reserved.
- * Copyright (c) 2021-2023 Qualcomm Innovation Center, Inc. All rights reserved.
+ * Copyright (c) 2021-2024 Qualcomm Innovation Center, Inc. All rights reserved.
  *
  * Permission to use, copy, modify, and/or distribute this software for
  * any purpose with or without fee is hereby granted, provided that the
@@ -40,7 +40,6 @@
 #define SIZE_OF_NOA_DESCRIPTOR 13
 #define MAX_NOA_PERIOD_IN_MICROSECS 3000000
 
-uint32_t lim_cmp_ssid(tSirMacSSid *, struct pe_session *);
 uint8_t lim_compare_capabilities(struct mac_context *,
 				 tSirAssocReq *,
 				 tSirMacCapabilityInfo *, struct pe_session *);
@@ -198,6 +197,20 @@ static inline QDF_STATUS lim_add_ft_sta_self(struct mac_context *mac,
 }
 #endif
 
+#ifdef WLAN_FEATURE_11BE
+static inline bool
+lim_is_add_sta_params_eht_capable(tpAddStaParams add_sta_params)
+{
+	return add_sta_params->eht_capable;
+}
+#else
+static inline bool
+lim_is_add_sta_params_eht_capable(tpAddStaParams add_sta_params)
+{
+	return false;
+}
+#endif
+
 #ifdef WLAN_FEATURE_ROAM_OFFLOAD
 static inline bool lim_is_roam_synch_in_progress(struct wlan_objmgr_psoc *psoc,
 						 struct pe_session *pe_session)

core/mac/src/pe/lim/lim_process_assoc_req_frame.c

@@ -256,6 +256,7 @@ static bool lim_chk_assoc_req_parse_error(struct mac_context *mac_ctx,
 {
 	QDF_STATUS qdf_status;
 	enum wlan_status_code wlan_status;
+	struct qdf_mac_addr *mld_mac;
 
 	if (sub_type == LIM_ASSOC)
 		wlan_status = sir_convert_assoc_req_frame2_struct(mac_ctx, frm_body,
@@ -277,6 +278,18 @@ static bool lim_chk_assoc_req_parse_error(struct mac_context *mac_ctx,
 			return false;
 		}
 
+		/*
+		 * If EHT capability is not present but MLO is parsed
+		 * suceesssfully, remove the ML info from assoc request.
+		 */
+		mld_mac = (struct qdf_mac_addr *)assoc_req->mld_mac;
+		if (!assoc_req->eht_cap.present &&
+		    !qdf_is_macaddr_zero(mld_mac)) {
+			qdf_zero_macaddr(mld_mac);
+			qdf_mem_zero(&assoc_req->mlo_info,
+				     sizeof(assoc_req->mlo_info));
+		}
+
 		return true;
 	}
 

core/mac/src/pe/lim/lim_process_assoc_rsp_frame.c

@@ -148,6 +148,7 @@ void lim_update_assoc_sta_datas(struct mac_context *mac_ctx,
 	tDot11fIEeht_cap *eht_cap = NULL;
 	struct bss_description *bss_desc = NULL;
 	tDot11fIEVHTOperation *vht_oper = NULL;
+	enum phy_ch_width omn_ie_ch_width;
 
 	lim_get_phy_mode(mac_ctx, &phy_mode, session_entry);
 	sta_ds->staType = STA_ENTRY_SELF;
@@ -314,8 +315,13 @@ void lim_update_assoc_sta_datas(struct mac_context *mac_ctx,
 		 * OMN IE is present in the Assoc response, but the channel
 		 * width/Rx NSS update will happen through the peer_assoc cmd.
 		 */
-		pe_debug("OMN IE is present in the assoc rsp, update NSS/Ch width");
+		omn_ie_ch_width = assoc_rsp->oper_mode_ntf.chanWidth;
+		pe_debug("OMN IE present in re/assoc rsp, omn_ie_ch_width: %d",
+			 omn_ie_ch_width);
+		lim_update_omn_ie_ch_width(session_entry->vdev,
+					   omn_ie_ch_width);
 	}
+
 	if (lim_process_srp_ie(assoc_rsp, sta_ds) == QDF_STATUS_SUCCESS)
 		lim_update_vdev_sr_elements(session_entry, sta_ds);
 }

core/mac/src/pe/lim/lim_process_auth_frame.c

@@ -1,6 +1,6 @@
 /*
  * Copyright (c) 2011-2021 The Linux Foundation. All rights reserved.
- * Copyright (c) 2022-2023 Qualcomm Innovation Center, Inc. All rights reserved.
+ * Copyright (c) 2022-2024 Qualcomm Innovation Center, Inc. All rights reserved.
  *
  * Permission to use, copy, modify, and/or distribute this software for
  * any purpose with or without fee is hereby granted, provided that the
@@ -2197,30 +2197,24 @@ bool lim_process_sae_preauth_frame(struct mac_context *mac, uint8_t *rx_pkt)
 		 ((dot11_hdr->seqControl.seqNumHi << 8) |
 		  (dot11_hdr->seqControl.seqNumLo << 4) |
 		  (dot11_hdr->seqControl.fragNum)), *(uint16_t *)(frm_body + 2));
-	pdev_id = wlan_objmgr_pdev_get_pdev_id(mac->pdev);
-	vdev = wlan_objmgr_get_vdev_by_macaddr_from_psoc(
-			mac->psoc, pdev_id, dot11_hdr->da, WLAN_LEGACY_MAC_ID);
-
-	if (vdev) {
-		vdev_id = wlan_vdev_get_id(vdev);
-		lim_sae_auth_cleanup_retry(mac, vdev_id);
-		status = lim_update_link_to_mld_address(mac, vdev, dot11_hdr);
 
-		wlan_objmgr_vdev_release_ref(vdev, WLAN_LEGACY_MAC_ID);
-	} else {
+	pdev_id = wlan_objmgr_pdev_get_pdev_id(mac->pdev);
+	vdev = wlan_objmgr_get_vdev_by_macaddr_from_psoc(mac->psoc, pdev_id,
+							 dot11_hdr->da,
+							 WLAN_LEGACY_MAC_ID);
+	if (!vdev) {
 		vdev = wlan_objmgr_pdev_get_roam_vdev(mac->pdev,
 						      WLAN_LEGACY_MAC_ID);
 		if (!vdev) {
 			pe_err("not able to find roaming vdev");
 			return false;
 		}
-
-		vdev_id = wlan_vdev_get_id(vdev);
-		status = lim_update_link_to_mld_address(mac, vdev, dot11_hdr);
-
-		wlan_objmgr_vdev_release_ref(vdev, WLAN_LEGACY_MAC_ID);
 	}
 
+	vdev_id = wlan_vdev_get_id(vdev);
+	lim_sae_auth_cleanup_retry(mac, vdev_id);
+	status = lim_update_link_to_mld_address(mac, vdev, dot11_hdr);
+	wlan_objmgr_vdev_release_ref(vdev, WLAN_LEGACY_MAC_ID);
 	if (QDF_IS_STATUS_ERROR(status)) {
 		pe_err("vdev:%d dropping auth frame BSSID: " QDF_MAC_ADDR_FMT ", SAE address conversion failure",
 		       vdev_id, QDF_MAC_ADDR_REF(dot11_hdr->bssId));

core/mac/src/pe/lim/lim_process_beacon_frame.c

@@ -1,6 +1,6 @@
 /*
  * Copyright (c) 2011-2021 The Linux Foundation. All rights reserved.
- * Copyright (c) 2022-2023 Qualcomm Innovation Center, Inc. All rights reserved.
+ * Copyright (c) 2022-2024 Qualcomm Innovation Center, Inc. All rights reserved.
  *
  * Permission to use, copy, modify, and/or distribute this software for
  * any purpose with or without fee is hereby granted, provided that the
@@ -428,7 +428,7 @@ update_bw:
 		csa_param->new_ch_freq_seg2 = ccfs1;
 		qdf_copy_macaddr(&csa_param->bssid,
 				 (struct qdf_mac_addr *)session->bssId);
-		lim_handle_sta_csa_param(session->mac_ctx, csa_param);
+		lim_handle_sta_csa_param(session->mac_ctx, csa_param, false);
 	}
 }
 

core/mac/src/pe/lim/lim_process_message_queue.c

@@ -1047,10 +1047,34 @@ static bool
 lim_is_ignore_btm_frame(struct wlan_objmgr_psoc *psoc, uint8_t vdev_id,
 			tSirMacFrameCtl fc, uint8_t *body, uint16_t frm_len)
 {
-	bool is_sta_roam_disabled_by_p2p, is_mbo_wo_pmf;
+	bool is_sta_roam_disabled_by_p2p, is_mbo_wo_pmf, is_disable_btm;
 	uint8_t action_id, category, token = 0;
 	tpSirMacActionFrameHdr action_hdr;
 	enum wlan_diag_btm_block_reason reason;
+	struct cm_roam_values_copy temp;
+
+	/*
+	 * Drop BTM frame, if BTM roam disabled by userspace via vendor
+	 * command QCA_WLAN_VENDOR_ATTR_CONFIG_BTM_SUPPORT
+	 */
+	wlan_cm_roam_cfg_get_value(psoc, vdev_id, IS_DISABLE_BTM, &temp);
+	is_disable_btm = temp.bool_value;
+	if (is_disable_btm) {
+		pe_debug("Drop BTM frame. vdev:%d BTM roam disabled by user",
+			 vdev_id);
+		return true;
+	}
+
+	/*
+	 * When DUT associated to BTM disabled AP and receives BTM req frame
+	 * from connected AP then instead of forwarding the BTM req frame to
+	 * supplicant, host should drop it
+	 */
+	if (!wlan_cm_get_assoc_btm_cap(psoc, vdev_id)) {
+		pe_debug("Drop BTM frame. vdev:%d BTM not supported by AP",
+			 vdev_id);
+		return true;
+	}
 
 	/*
 	 * Drop BTM frame received on STA interface if concurrent
@@ -1391,10 +1415,8 @@ lim_handle80211_frames(struct mac_context *mac, struct scheduler_msg *limMsg,
 	}
 
 	/* Check if frame is registered by HDD */
-	if (lim_check_mgmt_registered_frames(mac, pRxPacketInfo, pe_session)) {
-		pe_debug("Received frame is passed to SME");
+	if (lim_check_mgmt_registered_frames(mac, pRxPacketInfo, pe_session))
 		goto end;
-	}
 
 	if (fc.protVer != SIR_MAC_PROTOCOL_VERSION) {   /* Received Frame with non-zero Protocol Version */
 		pe_err("Unexpected frame with protVersion %d received",

core/mac/src/pe/lim/lim_process_sme_req_messages.c

@@ -78,14 +78,6 @@
 #include <wlan_mlo_mgr_peer.h>
 #endif
 
-/*
- * As per spec valid range is range –64 dBm to 63 dBm.
- * Powers in range of 64 - 191 will be invalid.
- */
-#define INVALID_TPE_POWER 100
-#define MAX_TX_PWR_COUNT_FOR_160MHZ 3
-#define MAX_NUM_TX_POWER_FOR_320MHZ 5
-
 /* SME REQ processing function templates */
 static bool __lim_process_sme_sys_ready_ind(struct mac_context *, uint32_t *);
 static bool __lim_process_sme_start_bss_req(struct mac_context *,
@@ -4798,8 +4790,7 @@ static void lim_prepare_and_send_deauth(struct mac_context *mac_ctx,
 	deauth_req.vdev_id = req->req.vdev_id;
 	qdf_mem_copy(deauth_req.bssid.bytes, pe_session->bssId,
 		     QDF_MAC_ADDR_SIZE);
-	deauth_req.bssid = deauth_req.bssid;
-	deauth_req.peer_macaddr = req->req.bssid;
+	deauth_req.peer_macaddr = deauth_req.bssid;
 	deauth_req.reasonCode = req->req.reason_code;
 
 	msg.bodyptr = &deauth_req;
@@ -5782,6 +5773,7 @@ void lim_parse_tpe_ie(struct mac_context *mac, struct pe_session *session,
 	uint8_t reg_eirp_idx = 0, reg_psd_idx = 0;
 	uint8_t min_count = 0;
 	uint8_t ext_power_updated = 0, eirp_power = 0;
+	uint8_t expect_num;
 
 	vdev_mlme = wlan_vdev_mlme_get_cmpt_obj(session->vdev);
 	if (!vdev_mlme)
@@ -5853,6 +5845,17 @@ void lim_parse_tpe_ie(struct mac_context *mac, struct pe_session *session,
 
 	if (non_psd_set && !psd_set) {
 		single_tpe = tpe_ies[non_psd_index];
+		if (single_tpe.max_tx_pwr_count >
+		    MAX_TX_PWR_COUNT_FOR_160MHZ) {
+			pe_debug("Invalid max tx pwr count: %d",
+				 single_tpe.max_tx_pwr_count);
+			single_tpe.max_tx_pwr_count =
+				MAX_TX_PWR_COUNT_FOR_160MHZ;
+		}
+		expect_num = lim_get_num_pwr_levels(false, session->ch_width);
+		single_tpe.max_tx_pwr_count =
+			QDF_MIN(single_tpe.max_tx_pwr_count, expect_num - 1);
+
 		vdev_mlme->reg_tpc_obj.is_psd_power = false;
 		vdev_mlme->reg_tpc_obj.eirp_power = 0;
 		bw_num = sizeof(get_next_higher_bw) /
@@ -5903,9 +5906,20 @@ void lim_parse_tpe_ie(struct mac_context *mac, struct pe_session *session,
 
 	if (psd_set) {
 		single_tpe = tpe_ies[psd_index];
+		if (single_tpe.max_tx_pwr_count >
+		    MAX_TX_PWR_COUNT_FOR_160MHZ_PSD) {
+			pe_debug("Invalid max tx pwr count psd: %d",
+				 single_tpe.max_tx_pwr_count);
+			single_tpe.max_tx_pwr_count =
+				MAX_TX_PWR_COUNT_FOR_160MHZ_PSD;
+		}
+		expect_num = lim_get_num_pwr_levels(true, session->ch_width);
+
 		vdev_mlme->reg_tpc_obj.is_psd_power = true;
 		num_octets =
 			lim_get_num_tpe_octets(single_tpe.max_tx_pwr_count);
+		num_octets = QDF_MIN(num_octets, expect_num);
+
 		vdev_mlme->reg_tpc_obj.num_pwr_levels = num_octets;
 
 		ch_params.ch_width = session->ch_width;
@@ -6135,7 +6149,7 @@ void lim_calculate_tpc(struct mac_context *mac,
 	bool is_tpe_present = false, is_6ghz_freq = false;
 	uint8_t i = 0;
 	int8_t max_tx_power;
-	uint16_t reg_max = 0, psd_power = 0;
+	uint16_t reg_max = 0, reg_psd_pwr_max = 0;
 	uint16_t tx_power_within_bw = 0, psd_power_within_bw = 0;
 	uint16_t local_constraint, bw_val = 0;
 	uint32_t num_pwr_levels, ap_power_type_6g = 0;
@@ -6225,11 +6239,13 @@ void lim_calculate_tpc(struct mac_context *mac,
 					wlan_reg_get_client_power_for_connecting_ap(
 					mac->pdev, ap_power_type_6g,
 					mlme_obj->reg_tpc_obj.frequency[i],
-					is_psd_power, &reg_max, &psd_power);
+					is_psd_power, &reg_max,
+					&reg_psd_pwr_max);
 				} else {
 					wlan_reg_get_client_power_for_connecting_ap(
 					mac->pdev, ap_power_type_6g, oper_freq,
-					is_psd_power, &reg_max, &psd_power);
+					is_psd_power, &reg_max,
+					&reg_psd_pwr_max);
 				}
 			}
 		} else {
@@ -6246,7 +6262,8 @@ void lim_calculate_tpc(struct mac_context *mac,
 					wlan_reg_get_client_power_for_connecting_ap
 					(mac->pdev, ap_power_type_6g,
 					 mlme_obj->reg_tpc_obj.frequency[i],
-					 is_psd_power, &reg_max, &psd_power);
+					 is_psd_power, &reg_max,
+					 &reg_psd_pwr_max);
 				} else {
 					if (wlan_reg_decide_6ghz_power_within_bw_for_freq(
 							mac->pdev, oper_freq,
@@ -6260,7 +6277,8 @@ void lim_calculate_tpc(struct mac_context *mac,
 							QDF_STATUS_SUCCESS) {
 						pe_debug("get pwr attr from secondary list");
 						reg_max = tx_power_within_bw;
-						psd_power = psd_power_within_bw;
+						reg_psd_pwr_max =
+							psd_power_within_bw;
 					} else {
 						wlan_reg_get_cur_6g_ap_pwr_type(
 							mac->pdev,
@@ -6271,7 +6289,7 @@ void lim_calculate_tpc(struct mac_context *mac,
 							frequency[i],
 							&is_psd_power,
 							&reg_max,
-							&psd_power);
+							&reg_psd_pwr_max);
 					}
 				}
 			}
@@ -6299,16 +6317,21 @@ void lim_calculate_tpc(struct mac_context *mac,
 		pe_debug("local constraint: %d power constraint absolute %d",
 			 local_constraint,
 			 mlme_obj->reg_tpc_obj.is_power_constraint_abs);
-		if (mlme_obj->reg_tpc_obj.is_power_constraint_abs) {
+
+		if (is_psd_power) {
+			max_tx_power = reg_psd_pwr_max;
+		} else if (mlme_obj->reg_tpc_obj.is_power_constraint_abs) {
 			if (!local_constraint) {
 				pe_debug("ignore abs ap constraint power 0!");
 				max_tx_power = reg_max;
 			} else {
 				max_tx_power = QDF_MIN(reg_max,
 						       local_constraint);
+				if (!max_tx_power)
+					max_tx_power = reg_max;
 			}
 		} else {
-			max_tx_power = reg_max - local_constraint;
+			max_tx_power = QDF_MIN(reg_max, local_constraint);
 			if (!max_tx_power)
 				max_tx_power = reg_max;
 		}
@@ -6330,11 +6353,7 @@ void lim_calculate_tpc(struct mac_context *mac,
 			pe_debug("TPE: %d", tpe_power);
 		}
 
-		if (is_psd_power)
-			mlme_obj->reg_tpc_obj.chan_power_info[i].tx_power =
-						(uint8_t)psd_power;
-		else
-			mlme_obj->reg_tpc_obj.chan_power_info[i].tx_power =
+		mlme_obj->reg_tpc_obj.chan_power_info[i].tx_power =
 						(uint8_t)max_tx_power;
 
 		pe_debug("freq: %d reg power: %d, max_tx_power(eirp/psd): %d",
@@ -6347,6 +6366,10 @@ void lim_calculate_tpc(struct mac_context *mac,
 	mlme_obj->reg_tpc_obj.power_type_6g = ap_power_type_6g;
 	mlme_obj->reg_tpc_obj.is_psd_power = is_psd_power;
 
+	if (LIM_IS_AP_ROLE(session) && is_psd_power)
+		wlan_mlme_set_sap_psd_for_20mhz(session->vdev,
+						(uint8_t)reg_psd_pwr_max);
+
 	pe_debug("num_pwr_levels: %d, is_psd_power: %d, total eirp_power: %d, ap_pwr_type: %d",
 		 num_pwr_levels, is_psd_power, reg_max, ap_power_type_6g);
 }

core/mac/src/pe/lim/lim_send_management_frames.c

@@ -201,7 +201,6 @@ lim_send_probe_req_mgmt_frame(struct mac_context *mac_ctx,
 	uint8_t channel;
 	uint8_t *eht_cap_ie = NULL, eht_cap_ie_len = 0;
 	bool is_band_2g;
-	uint16_t ie_buf_size;
 	uint16_t mlo_ie_len = 0;
 
 	if (additional_ielen)
@@ -395,6 +394,23 @@ lim_send_probe_req_mgmt_frame(struct mac_context *mac_ctx,
 	if (extracted_ext_cap_flag)
 		lim_merge_extcap_struct(&pr->ExtCap, &extracted_ext_cap, true);
 
+	if (pesession)
+		populate_dot11f_btm_extended_caps(mac_ctx, pesession,
+						  &pr->ExtCap);
+
+	if (lim_is_session_eht_capable(pesession)) {
+		eht_cap_ie = qdf_mem_malloc(WLAN_MAX_IE_LEN + MIN_IE_LEN);
+		if (!eht_cap_ie) {
+			pe_err("malloc failed for eht_cap_ie");
+			qdf_status = QDF_STATUS_E_NOMEM;
+			goto mem_free;
+		}
+		is_band_2g = WLAN_REG_IS_24GHZ_CH_FREQ(pesession->curr_op_freq);
+		lim_ieee80211_pack_ehtcap(eht_cap_ie, pr->eht_cap, pr->he_cap,
+					  is_band_2g);
+		eht_cap_ie_len = eht_cap_ie[TAG_LEN_POS] + MIN_IE_LEN;
+		pr->eht_cap.present = false;
+	}
 
 	/* That's it-- now we pack it.  First, how much space are we going to */
 	status = dot11f_get_packed_probe_request_size(mac_ctx, pr, &payload);
@@ -408,15 +424,16 @@ lim_send_probe_req_mgmt_frame(struct mac_context *mac_ctx,
 			status);
 	}
 
-	bytes = payload + sizeof(tSirMacMgmtHdr) + addn_ielen + mlo_ie_len;
+	bytes = payload + sizeof(tSirMacMgmtHdr) + addn_ielen + mlo_ie_len +
+		eht_cap_ie_len;
 
 	/* Ok-- try to allocate some memory: */
 	qdf_status = cds_packet_alloc((uint16_t) bytes, (void **)&frame,
 				      (void **)&packet);
 	if (!QDF_IS_STATUS_SUCCESS(qdf_status)) {
 		pe_err("Failed to allocate %d bytes for a Probe Request", bytes);
-		qdf_mem_free(pr);
-		return QDF_STATUS_E_NOMEM;
+		qdf_status = QDF_STATUS_E_NOMEM;
+		goto mem_free;
 	}
 	/* Paranoia: */
 	qdf_mem_zero(frame, bytes);
@@ -432,46 +449,17 @@ lim_send_probe_req_mgmt_frame(struct mac_context *mac_ctx,
 	if (DOT11F_FAILED(status)) {
 		pe_err("Failed to pack a Probe Request (0x%08x)", status);
 		cds_packet_free((void *)packet);
-		return QDF_STATUS_E_FAILURE;    /* allocated! */
+		qdf_status = QDF_STATUS_E_FAILURE;
+		goto mem_free;
 	} else if (DOT11F_WARNED(status)) {
 		pe_warn("There were warnings while packing a Probe Request (0x%08x)", status);
 	}
 
-	/* Strip EHT capabilities IE */
-	if (lim_is_session_eht_capable(pesession)) {
-		ie_buf_size = payload;
-
-		eht_cap_ie = qdf_mem_malloc(WLAN_MAX_IE_LEN + 2);
-		if (!eht_cap_ie) {
-			pe_err("malloc failed for eht_cap_ie");
-			goto skip_eht_ie_update;
-		}
-
-		qdf_status = lim_strip_eht_cap_ie(mac_ctx, frame +
-						  sizeof(tSirMacMgmtHdr),
-						  &ie_buf_size, eht_cap_ie);
-		if (QDF_IS_STATUS_ERROR(qdf_status)) {
-			pe_err("Failed to strip EHT cap IE");
-			qdf_mem_free(eht_cap_ie);
-			goto skip_eht_ie_update;
-		}
-
-		is_band_2g =
-			WLAN_REG_IS_24GHZ_CH_FREQ(pesession->curr_op_freq);
-
-		lim_ieee80211_pack_ehtcap(eht_cap_ie, pr->eht_cap, pr->he_cap,
-					  is_band_2g);
-		eht_cap_ie_len = eht_cap_ie[1] + 2;
-
-		/* Copy the EHT IE to the end of the frame */
-		qdf_mem_copy(frame + sizeof(tSirMacMgmtHdr) +
-			     ie_buf_size,
+	if (eht_cap_ie_len) {
+		qdf_mem_copy(frame + sizeof(tSirMacMgmtHdr) + payload,
 			     eht_cap_ie, eht_cap_ie_len);
-		qdf_mem_free(eht_cap_ie);
-		payload = ie_buf_size +  eht_cap_ie_len;
+		payload += eht_cap_ie_len;
 	}
-skip_eht_ie_update:
-	qdf_mem_free(pr);
 
 	/* Append any AddIE if present. */
 	if (addn_ielen) {
@@ -519,10 +507,17 @@ skip_eht_ie_update:
 	if (!QDF_IS_STATUS_SUCCESS(qdf_status)) {
 		pe_err("could not send Probe Request frame!");
 		/* Pkt will be freed up by the callback */
-		return QDF_STATUS_E_FAILURE;
+		qdf_status = QDF_STATUS_E_FAILURE;
+		goto mem_free;
 	}
 
-	return QDF_STATUS_SUCCESS;
+	qdf_status = QDF_STATUS_SUCCESS;
+
+mem_free:
+	qdf_mem_free(eht_cap_ie);
+	qdf_mem_free(pr);
+
+	return qdf_status;
 } /* End lim_send_probe_req_mgmt_frame. */
 
 static QDF_STATUS lim_get_addn_ie_for_probe_resp(struct mac_context *mac,
@@ -1523,7 +1518,6 @@ lim_send_assoc_rsp_mgmt_frame(struct mac_context *mac_ctx,
 	uint8_t *eht_op_ie = NULL, eht_op_ie_len = 0;
 	uint8_t *eht_cap_ie = NULL, eht_cap_ie_len = 0;
 	bool is_band_2g;
-	uint16_t ie_buf_size;
 	uint16_t mlo_ie_len = 0;
 	struct element_info ie;
 
@@ -1788,6 +1782,44 @@ lim_send_assoc_rsp_mgmt_frame(struct mac_context *mac_ctx,
 							       sta, &frm);
 	}
 
+	if (sta && lim_is_sta_eht_capable(sta) &&
+	    lim_is_session_eht_capable(pe_session)) {
+		eht_op_ie = qdf_mem_malloc(WLAN_MAX_IE_LEN + MIN_IE_LEN);
+		if (!eht_op_ie) {
+			pe_err("malloc failed for eht_op_ie");
+			goto error;
+		}
+
+		lim_ieee80211_pack_ehtop(eht_op_ie, frm.eht_op,
+					 frm.VHTOperation,
+					 frm.he_op,
+					 frm.HTInfo);
+		eht_op_ie_len = eht_op_ie[TAG_LEN_POS] + MIN_IE_LEN;
+
+		/* Set eht op to false as frame contents are present in
+		 * eht_op_ie buffer
+		 */
+		frm.eht_op.present = false;
+
+		eht_cap_ie = qdf_mem_malloc(WLAN_MAX_IE_LEN + MIN_IE_LEN);
+		if (!eht_cap_ie) {
+			pe_err("malloc failed for eht_cap_ie");
+			goto error;
+		}
+
+		is_band_2g =
+			WLAN_REG_IS_24GHZ_CH_FREQ(pe_session->curr_op_freq);
+		lim_ieee80211_pack_ehtcap(eht_cap_ie, frm.eht_cap, frm.he_cap,
+					  is_band_2g);
+
+		eht_cap_ie_len = eht_cap_ie[TAG_LEN_POS] + MIN_IE_LEN;
+
+		/* Set eht cap to false as frame contents are present in
+		 * eht_cap_ie buffer
+		 */
+		frm.eht_cap.present = false;
+	}
+
 	/* Allocate a buffer for this frame: */
 	status = dot11f_get_packed_assoc_response_size(mac_ctx, &frm, &payload);
 	if (DOT11F_FAILED(status)) {
@@ -1799,12 +1831,14 @@ lim_send_assoc_rsp_mgmt_frame(struct mac_context *mac_ctx,
 			status);
 	}
 
-	bytes += sizeof(tSirMacMgmtHdr) + payload + mlo_ie_len;
+	bytes += sizeof(tSirMacMgmtHdr) + payload + mlo_ie_len + eht_op_ie_len +
+		eht_cap_ie_len;
 
 	if (sta) {
 		bytes += sta->mlmStaContext.owe_ie_len;
 		bytes += sta->mlmStaContext.ft_ie_len;
 	}
+
 	qdf_status = cds_packet_alloc((uint16_t) bytes, (void **)&frame,
 				      (void **)&packet);
 	if (!QDF_IS_STATUS_SUCCESS(qdf_status)) {
@@ -1837,78 +1871,16 @@ lim_send_assoc_rsp_mgmt_frame(struct mac_context *mac_ctx,
 			status);
 	}
 
-	/* Strip EHT operation and EHT capabilities IEs */
-	if (lim_is_session_eht_capable(pe_session)) {
-		ie_buf_size = payload - WLAN_ASSOC_RSP_IES_OFFSET;
-		eht_op_ie = qdf_mem_malloc(WLAN_MAX_IE_LEN + 2);
-		if (!eht_op_ie) {
-			pe_err("malloc failed for eht_op_ie");
-			cds_packet_free((void *)packet);
-			goto error;
-		}
-
-		qdf_status = lim_strip_eht_op_ie(mac_ctx, frame +
-						 sizeof(tSirMacMgmtHdr) +
-						 WLAN_ASSOC_RSP_IES_OFFSET,
-						 &ie_buf_size, eht_op_ie);
-		if (QDF_IS_STATUS_ERROR(qdf_status)) {
-			pe_err("Failed to strip EHT op IE");
-			qdf_mem_free(eht_cap_ie);
-			cds_packet_free((void *)packet);
-			cds_packet_free((void *)packet);
-		}
-
-		lim_ieee80211_pack_ehtop(eht_op_ie, frm.eht_op,
-					 frm.VHTOperation,
-					 frm.he_op,
-					 frm.HTInfo);
-		eht_op_ie_len = eht_op_ie[1] + 2;
-
-		/* Copy the EHT operation IE to the end of the frame */
-		qdf_mem_copy(frame + sizeof(tSirMacMgmtHdr) +
-			     WLAN_ASSOC_RSP_IES_OFFSET + ie_buf_size,
+	if (eht_op_ie_len) {
+		qdf_mem_copy(frame + sizeof(tSirMacMgmtHdr) + payload,
 			     eht_op_ie, eht_op_ie_len);
-		qdf_mem_free(eht_op_ie);
-		bytes = bytes - payload;
-		payload = ie_buf_size + WLAN_ASSOC_RSP_IES_OFFSET +
-			  eht_op_ie_len;
-		bytes = bytes + payload;
-
-		ie_buf_size = payload - WLAN_ASSOC_RSP_IES_OFFSET;
-		eht_cap_ie = qdf_mem_malloc(WLAN_MAX_IE_LEN + 2);
-		if (!eht_cap_ie) {
-			pe_err("malloc failed for eht_cap_ie");
-			cds_packet_free((void *)packet);
-			goto error;
-		}
-
-		qdf_status = lim_strip_eht_cap_ie(mac_ctx, frame +
-						  sizeof(tSirMacMgmtHdr) +
-						  WLAN_ASSOC_RSP_IES_OFFSET,
-						  &ie_buf_size, eht_cap_ie);
-		if (QDF_IS_STATUS_ERROR(qdf_status)) {
-			pe_err("Failed to strip EHT cap IE");
-			qdf_mem_free(eht_cap_ie);
-			cds_packet_free((void *)packet);
-			goto error;
-		}
-
-		is_band_2g =
-			WLAN_REG_IS_24GHZ_CH_FREQ(pe_session->curr_op_freq);
-		lim_ieee80211_pack_ehtcap(eht_cap_ie, frm.eht_cap, frm.he_cap,
-					  is_band_2g);
-
-		eht_cap_ie_len = eht_cap_ie[1] + 2;
+		payload += eht_op_ie_len;
+	}
 
-		/* Copy the EHT capability IE to the end of the frame */
-		qdf_mem_copy(frame + sizeof(tSirMacMgmtHdr) +
-			     WLAN_ASSOC_RSP_IES_OFFSET + ie_buf_size,
+	if (eht_cap_ie_len) {
+		qdf_mem_copy(frame + sizeof(tSirMacMgmtHdr) + payload,
 			     eht_cap_ie, eht_cap_ie_len);
-		qdf_mem_free(eht_cap_ie);
-		bytes = bytes - payload;
-		payload = ie_buf_size + WLAN_ASSOC_RSP_IES_OFFSET +
-			  eht_cap_ie_len;
-		bytes = bytes + payload;
+		payload += eht_cap_ie_len;
 	}
 
 	if (addn_ie_len && addn_ie_len <= WNI_CFG_ASSOC_RSP_ADDNIE_DATA_LEN) {
@@ -1995,6 +1967,8 @@ lim_send_assoc_rsp_mgmt_frame(struct mac_context *mac_ctx,
 	lim_util_count_sta_add(mac_ctx, sta, pe_session);
 
 error:
+	qdf_mem_free(eht_cap_ie);
+	qdf_mem_free(eht_op_ie);
 	qdf_mem_free(add_ie);
 }
 
@@ -2392,7 +2366,6 @@ lim_send_assoc_req_mgmt_frame(struct mac_context *mac_ctx,
 	bool bss_mfp_capable, frag_ie_present = false;
 	int8_t peer_rssi = 0;
 	bool is_band_2g;
-	uint16_t ie_buf_size;
 	uint16_t mlo_ie_len, fils_hlp_ie_len = 0;
 	uint8_t *fils_hlp_ie = NULL;
 	struct cm_roam_values_copy mdie_cfg = {0};
@@ -2911,6 +2884,27 @@ lim_send_assoc_req_mgmt_frame(struct mac_context *mac_ctx,
 		}
 	}
 
+	/* Strip EHT capabilities IE */
+	if (lim_is_session_eht_capable(pe_session)) {
+		eht_cap_ie = qdf_mem_malloc(WLAN_MAX_IE_LEN + MIN_IE_LEN);
+		if (!eht_cap_ie) {
+			pe_err("malloc failed for eht_cap_ie");
+			goto end;
+		}
+
+		is_band_2g =
+			WLAN_REG_IS_24GHZ_CH_FREQ(pe_session->curr_op_freq);
+
+		lim_ieee80211_pack_ehtcap(eht_cap_ie, frm->eht_cap, frm->he_cap,
+					  is_band_2g);
+		eht_cap_ie_len = eht_cap_ie[TAG_LEN_POS] + MIN_IE_LEN;
+
+		/* Mark EHT capability as false as this the data is already
+		 * present in eht_cap_ie buffer pointer
+		 */
+		frm->eht_cap.present = false;
+	}
+
 	status = dot11f_get_packed_assoc_request_size(mac_ctx, frm, &payload);
 	if (DOT11F_FAILED(status)) {
 		pe_err("Association Request packet size failure(0x%08x)",
@@ -2924,7 +2918,8 @@ lim_send_assoc_req_mgmt_frame(struct mac_context *mac_ctx,
 
 	bytes = payload + sizeof(tSirMacMgmtHdr) + aes_block_size_len +
 		rsnx_ie_len + mbo_ie_len + adaptive_11r_ie_len +
-		mscs_ext_ie_len + vendor_ie_len + mlo_ie_len + fils_hlp_ie_len;
+		mscs_ext_ie_len + vendor_ie_len + mlo_ie_len + fils_hlp_ie_len +
+		eht_cap_ie_len;
 
 
 	qdf_status = cds_packet_alloc((uint16_t) bytes, (void **)&frame,
@@ -2971,42 +2966,10 @@ lim_send_assoc_req_mgmt_frame(struct mac_context *mac_ctx,
 		payload = payload + fils_hlp_ie_len;
 	}
 
-	/* Strip EHT capabilities IE */
-	if (lim_is_session_eht_capable(pe_session)) {
-		ie_buf_size = payload - WLAN_ASSOC_REQ_IES_OFFSET;
-
-		eht_cap_ie = qdf_mem_malloc(WLAN_MAX_IE_LEN + 2);
-		if (!eht_cap_ie) {
-			pe_err("malloc failed for eht_cap_ie");
-			cds_packet_free((void *)packet);
-			goto end;
-		}
-
-		qdf_status = lim_strip_eht_cap_ie(mac_ctx, frame +
-						  sizeof(tSirMacMgmtHdr) +
-						  WLAN_ASSOC_REQ_IES_OFFSET,
-						  &ie_buf_size, eht_cap_ie);
-		if (QDF_IS_STATUS_ERROR(qdf_status)) {
-			pe_err("Failed to strip EHT cap IE");
-			qdf_mem_free(eht_cap_ie);
-			cds_packet_free((void *)packet);
-			goto end;
-		}
-
-		is_band_2g =
-			WLAN_REG_IS_24GHZ_CH_FREQ(pe_session->curr_op_freq);
-
-		lim_ieee80211_pack_ehtcap(eht_cap_ie, frm->eht_cap, frm->he_cap,
-					  is_band_2g);
-		eht_cap_ie_len = eht_cap_ie[1] + 2;
-
-		/* Copy the EHT IE to the end of the frame */
-		qdf_mem_copy(frame + sizeof(tSirMacMgmtHdr) +
-			     WLAN_ASSOC_REQ_IES_OFFSET + ie_buf_size,
+	if (eht_cap_ie_len) {
+		qdf_mem_copy(frame + sizeof(tSirMacMgmtHdr) + payload,
 			     eht_cap_ie, eht_cap_ie_len);
-		qdf_mem_free(eht_cap_ie);
-		payload = ie_buf_size + WLAN_ASSOC_REQ_IES_OFFSET +
-			  eht_cap_ie_len;
+		payload += eht_cap_ie_len;
 	}
 
 	if (rsnx_ie && rsnx_ie_len) {
@@ -3126,6 +3089,7 @@ lim_send_assoc_req_mgmt_frame(struct mac_context *mac_ctx,
 	}
 
 end:
+	qdf_mem_free(eht_cap_ie);
 	qdf_mem_free(fils_hlp_ie);
 	qdf_mem_free(rsnx_ie);
 	qdf_mem_free(vendor_ies);

core/mac/src/pe/lim/lim_send_sme_rsp_messages.c

@@ -1998,7 +1998,8 @@ static bool lim_sta_follow_csa(struct pe_session *session_entry,
 }
 
 void lim_handle_sta_csa_param(struct mac_context *mac_ctx,
-			      struct csa_offload_params *csa_params)
+			      struct csa_offload_params *csa_params,
+			      bool send_status)
 {
 	struct pe_session *session_entry;
 	struct mlme_legacy_priv *mlme_priv;
@@ -2024,19 +2025,19 @@ void lim_handle_sta_csa_param(struct mac_context *mac_ctx,
 	if (!session_entry) {
 		pe_err("Session does not exists for "QDF_MAC_ADDR_FMT,
 		       QDF_MAC_ADDR_REF(csa_params->bssid.bytes));
-		goto err;
+		goto free;
 	}
 	sta_ds = dph_lookup_hash_entry(mac_ctx, session_entry->bssId, &aid,
 		&session_entry->dph.dphHashTable);
 
 	if (!sta_ds) {
 		pe_err("sta_ds does not exist");
-		goto err;
+		goto send_event;
 	}
 
 	if (!LIM_IS_STA_ROLE(session_entry)) {
 		pe_debug("Invalid role to handle CSA");
-		goto err;
+		goto send_event;
 	}
 
 	lim_ch_switch = &session_entry->gLimChannelSwitch;
@@ -2055,7 +2056,7 @@ void lim_handle_sta_csa_param(struct mac_context *mac_ctx,
 
 	if (!lim_sta_follow_csa(session_entry, csa_params,
 				lim_ch_switch, ch_params))
-		goto err;
+		goto send_event;
 	else
 		qdf_mem_zero(&ch_params, sizeof(struct ch_params));
 
@@ -2063,13 +2064,13 @@ void lim_handle_sta_csa_param(struct mac_context *mac_ctx,
 					session_entry->curr_op_freq,
 					csa_params)) {
 		pe_debug("Channel switch is not allowed");
-		goto err;
+		goto send_event;
 	}
 
 	if (!lim_mlo_is_csa_allow(session_entry->vdev,
 				  csa_params->csa_chan_freq)) {
 		pe_debug("Channel switch for MLO vdev is not allowed");
-		goto err;
+		goto send_event;
 	}
 	/*
 	 * on receiving channel switch announcement from AP, delete all
@@ -2319,7 +2320,7 @@ void lim_handle_sta_csa_param(struct mac_context *mac_ctx,
 
 	if (!lim_sta_follow_csa(session_entry, csa_params,
 				lim_ch_switch, ch_params))
-		goto err;
+		goto send_event;
 
 	if (wlan_vdev_mlme_is_mlo_vdev(session_entry->vdev)) {
 		link_id = wlan_vdev_get_link_id(session_entry->vdev);
@@ -2349,7 +2350,7 @@ void lim_handle_sta_csa_param(struct mac_context *mac_ctx,
 
 	if (mlo_is_any_link_disconnecting(session_entry->vdev)) {
 		pe_info_rl("Ignore CSA, vdev is in not in conncted state");
-		goto err;
+		goto send_event;
 	}
 
 	lim_prepare_for11h_channel_switch(mac_ctx, session_entry);
@@ -2361,8 +2362,12 @@ void lim_handle_sta_csa_param(struct mac_context *mac_ctx,
 			WLAN_PE_DIAG_SWITCH_CHL_IND_EVENT, session_entry,
 			QDF_STATUS_SUCCESS, QDF_STATUS_SUCCESS);
 #endif
-
-err:
+free:
+	qdf_mem_free(csa_params);
+	return;
+send_event:
+	if (send_status)
+		wlan_mlme_send_csa_event_status_ind(session_entry->vdev, 0);
 	qdf_mem_free(csa_params);
 }
 
@@ -2394,7 +2399,7 @@ void lim_handle_csa_offload_msg(struct mac_context *mac_ctx,
 		qdf_mem_free(csa_params);
 		return;
 	}
-	lim_handle_sta_csa_param(mac_ctx, csa_params);
+	lim_handle_sta_csa_param(mac_ctx, csa_params, true);
 }
 
 #ifdef WLAN_FEATURE_11BE_MLO
@@ -2418,7 +2423,7 @@ void lim_handle_mlo_sta_csa_param(struct wlan_objmgr_vdev *vdev,
 
 	qdf_mem_copy(tmp_csa_params, csa_params, sizeof(*tmp_csa_params));
 
-	lim_handle_sta_csa_param(mac, tmp_csa_params);
+	lim_handle_sta_csa_param(mac, tmp_csa_params, false);
 }
 #endif
 

core/mac/src/pe/lim/lim_send_sme_rsp_messages.h

@@ -1,6 +1,6 @@
 /*
  * Copyright (c) 2012-2021 The Linux Foundation. All rights reserved.
- * Copyright (c) 2022-2023 Qualcomm Innovation Center, Inc. All rights reserved.
+ * Copyright (c) 2022-2024 Qualcomm Innovation Center, Inc. All rights reserved.
  *
  * Permission to use, copy, modify, and/or distribute this software for
  * any purpose with or without fee is hereby granted, provided that the
@@ -272,11 +272,13 @@ lim_process_beacon_tx_success_ind(struct mac_context *mac, uint16_t msgType,
  * lim_handle_sta_csa_param() - Handle CSA offload param
  * @mac_ctx: pointer to global adapter context
  * @csa_params: csa parameters.
+ * @send_status: Flag to send CSA status to fw in case of failure
  *
  * Return: None
  */
 void lim_handle_sta_csa_param(struct mac_context *mac_ctx,
-			      struct csa_offload_params *csa_params);
+			      struct csa_offload_params *csa_params,
+			      bool send_status);
 
 #ifdef WLAN_FEATURE_11BE_MLO
 /**

core/mac/src/pe/lim/lim_utils.c

@@ -39,6 +39,8 @@
 #include "dot11fdefs.h"
 #include "wmm_apsd.h"
 #include "lim_trace.h"
+#include "wlan_vdev_mlme_api.h"
+#include "../../core/src/vdev_mgr_ops.h"
 
 #ifdef FEATURE_WLAN_DIAG_SUPPORT
 #include "host_diag_core_event.h"
@@ -4977,7 +4979,7 @@ bool lim_check_vht_op_mode_change(struct mac_context *mac,
 	csa_param->new_ch_freq_seg2 = ch_params.center_freq_seg1;
 	qdf_copy_macaddr(&csa_param->bssid,
 			 (struct qdf_mac_addr *)pe_session->bssId);
-	lim_handle_sta_csa_param(mac, csa_param);
+	lim_handle_sta_csa_param(mac, csa_param, false);
 
 	return true;
 }
@@ -6186,6 +6188,7 @@ QDF_STATUS lim_send_ext_cap_ie(struct mac_context *mac_ctx,
 	struct vdev_ie_info *vdev_ie;
 	struct scheduler_msg msg = {0};
 	QDF_STATUS status;
+	struct pe_session *session_entry;
 
 	dot11mode = mac_ctx->mlme_cfg->dot11_mode.dot11_mode;
 	if (IS_DOT11_MODE_VHT(dot11mode))
@@ -6207,6 +6210,12 @@ QDF_STATUS lim_send_ext_cap_ie(struct mac_context *mac_ctx,
 		lim_merge_extcap_struct(&ext_cap_data, extra_extcap, true);
 	}
 
+	/* After merging extcap, check whether disable btm bit require or not */
+	session_entry = pe_find_session_by_vdev_id(mac_ctx, vdev_id);
+	if (session_entry)
+		populate_dot11f_btm_extended_caps(mac_ctx, session_entry,
+						  &ext_cap_data);
+
 	/* Allocate memory for the WMI request, and copy the parameter */
 	vdev_ie = qdf_mem_malloc(sizeof(*vdev_ie) + num_bytes);
 	if (!vdev_ie)
@@ -7760,9 +7769,12 @@ void lim_update_session_he_capable(struct mac_context *mac, struct pe_session *s
 		session->vhtCapability = 0;
 		session->he_6ghz_band = 1;
 	}
-	if (wlan_reg_is_24ghz_ch_freq(session->curr_op_freq) &&
-	    !mac->mlme_cfg->vht_caps.vht_cap_info.b24ghz_band)
-		session->vhtCapability = 0;
+
+	if (wlan_reg_is_24ghz_ch_freq(session->curr_op_freq)) {
+		session->he_config.ul_mu = mac->he_cap_2g.ul_mu;
+		if (!mac->mlme_cfg->vht_caps.vht_cap_info.b24ghz_band)
+			session->vhtCapability = 0;
+	}
 
 	if (!wlan_reg_is_24ghz_ch_freq(session->curr_op_freq)) {
 		session->he_config.ul_mu = mac->he_cap_5g.ul_mu;
@@ -8299,14 +8311,17 @@ void lim_update_sta_mlo_info(struct pe_session *session,
 			     tpAddStaParams add_sta_params,
 			     tpDphHashNode sta_ds)
 {
-	if (lim_is_mlo_conn(session, sta_ds)) {
+	if (lim_is_add_sta_params_eht_capable(add_sta_params) &&
+	    lim_is_mlo_conn(session, sta_ds)) {
 		WLAN_ADDR_COPY(add_sta_params->mld_mac_addr, sta_ds->mld_addr);
 		add_sta_params->is_assoc_peer = lim_is_mlo_recv_assoc(sta_ds);
+		pe_debug("mld mac " QDF_MAC_ADDR_FMT " assoc peer %d",
+			 QDF_MAC_ADDR_REF(add_sta_params->mld_mac_addr),
+			 add_sta_params->is_assoc_peer);
+		return;
 	}
-	pe_debug("is mlo connection: %d mld mac " QDF_MAC_ADDR_FMT " assoc peer %d",
-		 lim_is_mlo_conn(session, sta_ds),
-		 QDF_MAC_ADDR_REF(add_sta_params->mld_mac_addr),
-		 add_sta_params->is_assoc_peer);
+
+	pe_debug("is not mlo capable");
 }
 
 void lim_set_mlo_caps(struct mac_context *mac, struct pe_session *session,
@@ -10462,6 +10477,8 @@ QDF_STATUS lim_ap_mlme_vdev_up_send(struct vdev_mlme_obj *vdev_mlme,
 	if (LIM_IS_NDI_ROLE(session))
 		return QDF_STATUS_SUCCESS;
 
+	if (!wlan_vdev_mlme_is_mlo_ap(vdev_mlme->vdev))
+		lim_configure_fd_for_existing_6ghz_sap(session, true);
 
 	msg.type = SIR_HAL_SEND_AP_VDEV_UP;
 	msg.bodyval = session->smeSessionId;
@@ -10626,7 +10643,9 @@ QDF_STATUS lim_ap_mlme_vdev_stop_send(struct vdev_mlme_obj *vdev_mlme,
 	if (!wlan_vdev_mlme_is_mlo_ap(vdev_mlme->vdev)) {
 		mlme_set_notify_co_located_ap_update_rnr(vdev_mlme->vdev, true);
 		lim_ap_mlme_vdev_rnr_notify(session);
+		lim_configure_fd_for_existing_6ghz_sap(session, false);
 	}
+
 	status =  lim_send_vdev_stop(session);
 
 	return status;
@@ -11724,3 +11743,109 @@ lim_convert_vht_chwidth_to_phy_chwidth(uint8_t ch_width, bool is_40)
 	}
 	return CH_WIDTH_20MHZ;
 }
+
+void
+lim_configure_fd_for_existing_6ghz_sap(struct pe_session *session,
+				       bool is_sap_starting)
+{
+	uint8_t vdev_id_list[MAX_NUMBER_OF_CONC_CONNECTIONS];
+	qdf_freq_t freq_list[MAX_NUMBER_OF_CONC_CONNECTIONS];
+	struct wlan_objmgr_vdev *vdev;
+	struct vdev_mlme_obj *mlme_obj;
+	uint8_t vdev_num, i;
+	bool is_legacy_sap_present = false;
+
+	if (session->opmode != QDF_SAP_MODE)
+		return;
+
+	vdev_num = policy_mgr_get_sap_mode_info(session->mac_ctx->psoc,
+						freq_list, vdev_id_list);
+
+	for (i = 0; i < vdev_num; i++) {
+		if (vdev_id_list[i] ==  session->vdev_id)
+			continue;
+
+		if (!wlan_reg_is_6ghz_chan_freq(freq_list[i])) {
+			is_legacy_sap_present = true;
+			break;
+		}
+	}
+
+	if (is_sap_starting) {
+		/*
+		 * The SAP which is coming up is also in 6 GHz, therefore do not
+		 * modify the FD config for other 6 GHz SAPs.
+		 * vdev start will enable/disable the FD config for this SAP.
+		 */
+		if (wlan_reg_is_6ghz_chan_freq(session->curr_op_freq)) {
+			wlan_mlme_disable_fd_in_6ghz_band(session->vdev,
+							  is_legacy_sap_present);
+			return;
+		}
+
+		/*
+		 * Atleast one legacy SAP is present, disable FD for all the
+		 * existing 6 GHz SAPs.
+		 */
+		for (i = 0; i < vdev_num; i++) {
+			if (!wlan_reg_is_6ghz_chan_freq(freq_list[i]))
+				continue;
+			vdev = wlan_objmgr_get_vdev_by_id_from_psoc(
+							session->mac_ctx->psoc,
+							vdev_id_list[i],
+							WLAN_LEGACY_MAC_ID);
+			if (!vdev)
+				continue;
+
+			mlme_obj = wlan_vdev_mlme_get_cmpt_obj(vdev);
+			if (!mlme_obj) {
+				pe_err("Unable to get mlme obj for vdev %d",
+				       vdev_id_list[i]);
+				goto rel;
+			}
+
+			if (!wlan_mlme_is_fd_disabled_in_6ghz_band(vdev))  {
+				wlan_mlme_disable_fd_in_6ghz_band(vdev, true);
+				vdev_mgr_configure_fd_for_sap(mlme_obj);
+			}
+rel:
+			wlan_objmgr_vdev_release_ref(vdev, WLAN_LEGACY_MAC_ID);
+		}
+	} else {
+		if (wlan_reg_is_6ghz_chan_freq(session->curr_op_freq)) {
+			wlan_mlme_disable_fd_in_6ghz_band(session->vdev, false);
+			return;
+		}
+
+		if (is_legacy_sap_present)
+			return;
+		/*
+		 * If no other legacy SAP is present, and the last legacy SAP
+		 * is going down, re-enable FD for all the 6 GHz SAP.
+		 */
+		for (i = 0; i < vdev_num; i++) {
+			if (!wlan_reg_is_6ghz_chan_freq(freq_list[i]))
+				continue;
+			vdev = wlan_objmgr_get_vdev_by_id_from_psoc(
+							session->mac_ctx->psoc,
+							vdev_id_list[i],
+							WLAN_LEGACY_MAC_ID);
+			if (!vdev)
+				continue;
+
+			mlme_obj = wlan_vdev_mlme_get_cmpt_obj(vdev);
+			if (!mlme_obj) {
+				pe_err("Unable to get mlme obj for vdev %d",
+				       vdev_id_list[i]);
+				goto rel_vdev;
+			}
+
+			if (wlan_mlme_is_fd_disabled_in_6ghz_band(vdev)) {
+				wlan_mlme_disable_fd_in_6ghz_band(vdev, false);
+				vdev_mgr_configure_fd_for_sap(mlme_obj);
+			}
+rel_vdev:
+			wlan_objmgr_vdev_release_ref(vdev, WLAN_LEGACY_MAC_ID);
+		}
+	}
+}

core/mac/src/pe/lim/lim_utils.h

@@ -1,6 +1,6 @@
 /*
  * Copyright (c) 2012-2021 The Linux Foundation. All rights reserved.
- * Copyright (c) 2021-2023 Qualcomm Innovation Center, Inc. All rights reserved.
+ * Copyright (c) 2021-2024 Qualcomm Innovation Center, Inc. All rights reserved.
  *
  * Permission to use, copy, modify, and/or distribute this software for
  * any purpose with or without fee is hereby granted, provided that the
@@ -3204,7 +3204,7 @@ void lim_update_nss(struct mac_context *mac_ctx, tpDphHashNode sta_ds,
  * @ch_width: Channel width in operating mode notification
  * @new_ch_width: Final channel bandwifdth
  *
- * function to update channel width
+ * function to send WMI_PEER_SET_PARAM_CMDID to FW to update ch_width
  *
  * Return: Success or Failure
  */
@@ -3380,4 +3380,25 @@ lim_get_connected_chan_for_mode(struct wlan_objmgr_psoc *psoc,
  */
 enum phy_ch_width
 lim_convert_vht_chwidth_to_phy_chwidth(uint8_t ch_width, bool is_40);
+
+/*
+ * lim_cmp_ssid() - Compare two SSIDs.
+ * @ssid: first ssid
+ * @pe_session: pointer to session
+ *
+ * Return: qdf_mem_cmp of ssids
+ */
+uint32_t lim_cmp_ssid(tSirMacSSid *ssid, struct pe_session *pe_session);
+
+/*
+ * lim_configure_fd_for_existing_6ghz_sap() - Based on the concurrent
+ * legacy SAP interface UP/DOWN, configure the FD for the 6 GHz SAPs.
+ * @session: pointer to pe_session
+ * @is_sap_starting: true if SAP is starting, false if SAP is stopping
+ *
+ * Return: None
+ */
+void
+lim_configure_fd_for_existing_6ghz_sap(struct pe_session *session,
+				       bool is_sap_starting);
 #endif /* __LIM_UTILS_H */

core/mac/src/pe/sch/sch_beacon_process.c

@@ -1,6 +1,6 @@
 /*
  * Copyright (c) 2012-2021 The Linux Foundation. All rights reserved.
- * Copyright (c) 2021-2023 Qualcomm Innovation Center, Inc. All rights reserved.
+ * Copyright (c) 2021-2024 Qualcomm Innovation Center, Inc. All rights reserved.
  *
  * Permission to use, copy, modify, and/or distribute this software for
  * any purpose with or without fee is hereby granted, provided that the
@@ -474,10 +474,13 @@ sch_bcn_update_opmode_change(struct mac_context *mac_ctx, tpDphHashNode sta_ds,
 			bcn->HTInfo.recommendedTxWidthSet : false;
 
 	if (bcn->OperatingMode.present) {
-		pe_debug("OMN IE is present in the beacon, update NSS/Ch width");
 		lim_update_nss(mac_ctx, sta_ds, bcn->OperatingMode.rxNSS,
 			       session);
 		ch_width = bcn->OperatingMode.chanWidth;
+		pe_debug("OMN IE present in bcn/probe rsp, omn_ie_ch_width: %d",
+			 ch_width);
+		lim_update_omn_ie_ch_width(session->vdev, ch_width);
+
 	} else {
 		bcn_vht_chwidth = lim_get_vht_ch_width(vht_caps, vht_op,
 						       &bcn->HTInfo);
@@ -485,6 +488,7 @@ sch_bcn_update_opmode_change(struct mac_context *mac_ctx, tpDphHashNode sta_ds,
 			lim_convert_vht_chwidth_to_phy_chwidth(bcn_vht_chwidth,
 							       is_40);
 	}
+
 	lim_update_channel_width(mac_ctx, sta_ds, session, ch_width, &ch_bw);
 }
 

core/mac/src/sys/legacy/src/utils/src/dot11f.c

@@ -1,6 +1,6 @@
 /*
  * Copyright (c) 2012-2021 The Linux Foundation. All rights reserved.
- * Copyright (c) 2021-2023 Qualcomm Innovation Center, Inc. All rights reserved.
+ * Copyright (c) 2021-2024 Qualcomm Innovation Center, Inc. All rights reserved.
  *
  * Permission to use, copy, modify, and/or distribute this software for
  * any purpose with or without fee is hereby granted, provided that the
@@ -134,7 +134,7 @@ typedef struct sIEDefn {
 #define DOT11F_PARAMETER_CHECK2(pSrc, pBuf, nBuf, pnConsumed) \
 	do { \
 		if (!pSrc || IsBadReadPtr(pSrc, 4))\
-			eturn DOT11F_BAD_INPUT_BUFFER; \
+			return DOT11F_BAD_INPUT_BUFFER; \
 		if (!pBuf || IsBadWritePtr(pBuf, nBuf))\
 			return DOT11F_BAD_OUTPUT_BUFFER; \
 		if (!nBuf)\

core/mac/src/sys/legacy/src/utils/src/parser_api.c

@@ -2936,6 +2936,11 @@ sir_convert_probe_frame2_t2lm_struct(tDot11fProbeResponse *pr,
 		qdf_trace_hex_dump(QDF_MODULE_ID_PE, QDF_TRACE_LEVEL_DEBUG,
 				   &ie[0], pr->t2lm_ie[i].num_data + 3);
 
+		if (ie[TAG_LEN_POS] + 2 > DOT11F_IE_T2LM_IE_MAX_LEN + 3) {
+			pe_debug("Invalid T2LM IE length");
+			return QDF_STATUS_E_PROTO;
+		}
+
 		status = wlan_mlo_parse_t2lm_info(&ie[0], &t2lm);
 		if (QDF_IS_STATUS_ERROR(status)) {
 			pe_debug("Parse T2LM IE fail");
@@ -3922,6 +3927,12 @@ sir_convert_assoc_resp_frame2_t2lm_struct(struct mac_context *mac,
 			     ar->t2lm_ie[i].num_data);
 		qdf_trace_hex_dump(QDF_MODULE_ID_PE, QDF_TRACE_LEVEL_DEBUG,
 				   &ie[0], ar->t2lm_ie[i].num_data + 3);
+
+		if (ie[TAG_LEN_POS] + 2 > DOT11F_IE_T2LM_IE_MAX_LEN + 3) {
+			pe_debug("Invalid T2LM IE length");
+			return QDF_STATUS_E_PROTO;
+		}
+
 		status = wlan_mlo_parse_t2lm_info(&ie[0], &t2lm);
 		if (QDF_IS_STATUS_ERROR(status)) {
 			pe_debug("Parse T2LM IE fail");
@@ -4542,6 +4553,11 @@ sir_convert_reassoc_req_frame2_struct(struct mac_context *mac,
 	sir_convert_reassoc_req_frame2_eht_struct(ar, pAssocReq);
 	sir_convert_reassoc_req_frame2_mlo_struct(pFrame, nFrame,
 						  ar, pAssocReq);
+	pe_debug("ht %d vht %d opmode %d vendor vht %d he %d he 6ghband %d eht %d",
+		 ar->HTCaps.present, ar->VHTCaps.present,
+		 ar->OperatingMode.present, ar->vendor_vht_ie.VHTCaps.present,
+		 ar->he_cap.present, ar->he_6ghz_band_cap.present,
+		 ar->eht_cap.present);
 	qdf_mem_free(ar);
 
 	return STATUS_SUCCESS;
@@ -5246,6 +5262,12 @@ sir_convert_beacon_frame2_t2lm_struct(tDot11fBeacon *bcn_frm,
 			     bcn_frm->t2lm_ie[i].num_data);
 		qdf_trace_hex_dump(QDF_MODULE_ID_PE, QDF_TRACE_LEVEL_DEBUG,
 				   &ie[0], bcn_frm->t2lm_ie[i].num_data + 3);
+
+		if (ie[TAG_LEN_POS] + 2 > DOT11F_IE_T2LM_IE_MAX_LEN + 3) {
+			pe_debug("Invalid T2LM IE length");
+			return QDF_STATUS_E_PROTO;
+		}
+
 		status = wlan_mlo_parse_t2lm_info(&ie[0], &t2lm);
 		if (QDF_IS_STATUS_ERROR(status)) {
 			pe_debug("Parse T2LM IE fail");
@@ -12168,6 +12190,8 @@ QDF_STATUS populate_dot11f_btm_extended_caps(struct mac_context *mac_ctx,
 {
 	struct s_ext_cap *p_ext_cap;
 	QDF_STATUS  status;
+	bool is_disable_btm;
+	struct cm_roam_values_copy temp;
 
 	dot11f->num_bytes = DOT11F_IE_EXTCAP_MAX_LEN;
 	p_ext_cap = (struct s_ext_cap *)dot11f->bytes;
@@ -12176,7 +12200,17 @@ QDF_STATUS populate_dot11f_btm_extended_caps(struct mac_context *mac_ctx,
 	status = cm_akm_roam_allowed(mac_ctx->psoc, pe_session->vdev);
 	if (QDF_IS_STATUS_ERROR(status)) {
 		p_ext_cap->bss_transition = 0;
-		pe_debug("Disable btm for roaming not suppprted");
+		pe_debug("vdev:%d, Disable btm for roaming not suppprted",
+			 pe_session->vdev_id);
+	}
+
+	wlan_cm_roam_cfg_get_value(mac_ctx->psoc, pe_session->vdev_id,
+				   IS_DISABLE_BTM, &temp);
+	is_disable_btm = temp.bool_value;
+	if (is_disable_btm) {
+		pe_debug("vdev:%d, Disable BTM as BTM roam disabled by user",
+			 pe_session->vdev_id);
+		p_ext_cap->bss_transition = 0;
 	}
 
 	if (!pe_session->lim_join_req)
@@ -12185,7 +12219,8 @@ QDF_STATUS populate_dot11f_btm_extended_caps(struct mac_context *mac_ctx,
 	if (p_ext_cap->bss_transition && !cm_is_open_mode(pe_session->vdev) &&
 	    pe_session->lim_join_req->bssDescription.mbo_oce_enabled_ap &&
 	    !pe_session->limRmfEnabled) {
-		pe_debug("Disable BTM as the MBO AP doesn't support PMF");
+		pe_debug("vdev:%d, Disable BTM as MBO AP doesn't support PMF",
+			 pe_session->vdev_id);
 		p_ext_cap->bss_transition = 0;
 	}
 
@@ -13014,13 +13049,16 @@ QDF_STATUS populate_dot11f_mlo_ie(struct mac_context *mac_ctx,
 }
 #endif
 
-void populate_dot11f_rnr_tbtt_info_7(struct mac_context *mac_ctx,
-				     struct pe_session *pe_session,
-				     struct pe_session *rnr_session,
-				     tDot11fIEreduced_neighbor_report *dot11f)
+QDF_STATUS
+populate_dot11f_rnr_tbtt_info(struct mac_context *mac_ctx,
+			      struct pe_session *pe_session,
+			      struct pe_session *rnr_session,
+			      tDot11fIEreduced_neighbor_report *dot11f,
+			      uint8_t tbtt_len)
 {
 	uint8_t reg_class;
 	uint8_t ch_offset;
+	uint8_t psd_power;
 
 	dot11f->present = 1;
 	dot11f->tbtt_type = 0;
@@ -13045,15 +13083,63 @@ void populate_dot11f_rnr_tbtt_info_7(struct mac_context *mac_ctx,
 						rnr_session->ch_width,
 						ch_offset);
 
+	psd_power = wlan_mlme_get_sap_psd_for_20mhz(rnr_session->vdev);
+
 	dot11f->op_class = reg_class;
 	dot11f->channel_num = wlan_reg_freq_to_chan(mac_ctx->pdev,
 						    rnr_session->curr_op_freq);
 	dot11f->tbtt_info_count = 0;
-	dot11f->tbtt_info_len = 7;
-	dot11f->tbtt_info.tbtt_info_7.tbtt_offset =
-			WLAN_RNR_TBTT_OFFSET_INVALID;
-	qdf_mem_copy(dot11f->tbtt_info.tbtt_info_7.bssid,
-		     rnr_session->self_mac_addr, sizeof(tSirMacAddr));
+	dot11f->tbtt_info_len = tbtt_len;
+
+	switch (tbtt_len) {
+	case 7:
+		dot11f->tbtt_info.tbtt_info_7.tbtt_offset =
+						WLAN_RNR_TBTT_OFFSET_INVALID;
+		qdf_mem_copy(dot11f->tbtt_info.tbtt_info_7.bssid,
+			     rnr_session->self_mac_addr, sizeof(tSirMacAddr));
+		break;
+	case 9:
+		dot11f->tbtt_info.tbtt_info_9.tbtt_offset =
+						WLAN_RNR_TBTT_OFFSET_INVALID;
+		qdf_mem_copy(dot11f->tbtt_info.tbtt_info_9.bssid,
+			     rnr_session->self_mac_addr, sizeof(tSirMacAddr));
+		dot11f->tbtt_info.tbtt_info_9.bss_params =
+							WLAN_RNR_BSS_PARAM_COLOCATED_AP;
+		if (!lim_cmp_ssid(&rnr_session->ssId, pe_session))
+			dot11f->tbtt_info.tbtt_info_9.bss_params |=
+							WLAN_RNR_BSS_PARAM_SAME_SSID;
+		if (psd_power)
+			dot11f->tbtt_info.tbtt_info_9.psd_20mhz = psd_power;
+		else
+			dot11f->tbtt_info.tbtt_info_9.psd_20mhz = 127;
+		break;
+	case 13:
+		dot11f->tbtt_info.tbtt_info_13.tbtt_offset =
+						WLAN_RNR_TBTT_OFFSET_INVALID;
+		qdf_mem_copy(dot11f->tbtt_info.tbtt_info_13.bssid,
+			     rnr_session->self_mac_addr, sizeof(tSirMacAddr));
+
+		dot11f->tbtt_info.tbtt_info_13.short_ssid =
+			wlan_construct_shortssid(rnr_session->ssId.ssId,
+						 rnr_session->ssId.length);
+
+		dot11f->tbtt_info.tbtt_info_13.bss_params =
+						WLAN_RNR_BSS_PARAM_COLOCATED_AP;
+		if (!lim_cmp_ssid(&rnr_session->ssId, pe_session))
+			dot11f->tbtt_info.tbtt_info_13.bss_params |=
+							WLAN_RNR_BSS_PARAM_SAME_SSID;
+
+		if (psd_power)
+			dot11f->tbtt_info.tbtt_info_13.psd_20mhz = psd_power;
+		else
+			dot11f->tbtt_info.tbtt_info_13.psd_20mhz = 127;
+		break;
+	default:
+		dot11f->tbtt_info_len = 0;
+		return QDF_STATUS_E_FAILURE;
+	}
+
+	return QDF_STATUS_SUCCESS;
 }
 
 /**
@@ -13122,7 +13208,8 @@ void populate_dot11f_6g_rnr(struct mac_context *mac_ctx,
 		pe_err("Invalid co located session");
 		return;
 	}
-	populate_dot11f_rnr_tbtt_info_7(mac_ctx, session, co_session, dot11f);
+	populate_dot11f_rnr_tbtt_info(mac_ctx, session, co_session, dot11f,
+				      CURRENT_RNR_TBTT_INFO_LEN);
 	pe_debug("vdev id %d populate RNR IE with 6G vdev id %d op class %d chan num %d",
 		 wlan_vdev_get_id(session->vdev),
 		 wlan_vdev_get_id(co_session->vdev),

core/wma/inc/wma.h

@@ -478,7 +478,7 @@ struct beacon_tim_ie {
 	uint8_t dtim_count;
 	uint8_t dtim_period;
 	uint8_t tim_bitctl;
-	uint8_t tim_bitmap[1];
+	QDF_FLEX_ARRAY(uint8_t, tim_bitmap);
 } __ATTRIB_PACK;
 
 /**

core/wma/src/wma_mgmt.c

@@ -2980,18 +2980,23 @@ void wma_process_update_opmode(tp_wma_handle wma_handle,
 
 	ch_width = wmi_get_ch_width_from_phy_mode(wma_handle->wmi_handle,
 						  fw_phymode);
-	wma_debug("ch_width: %d, fw phymode: %d peer_phymode %d",
-		  ch_width, fw_phymode, peer_phymode);
+	wma_debug("ch_width: %d, fw phymode: %d peer_phymode: %d, op_mode: %d",
+		  ch_width, fw_phymode, peer_phymode,
+		  update_vht_opmode->opMode);
+
 	if (ch_width < update_vht_opmode->opMode) {
 		wma_err("Invalid peer bw update %d, self bw %d",
 			update_vht_opmode->opMode, ch_width);
 		return;
 	}
 
-	wma_debug("opMode = %d", update_vht_opmode->opMode);
 	wma_set_peer_param(wma_handle, update_vht_opmode->peer_mac,
 			   WMI_HOST_PEER_CHWIDTH, update_vht_opmode->opMode,
 			   update_vht_opmode->smesessionId);
+
+	wma_set_peer_param(wma_handle, update_vht_opmode->peer_mac,
+			   WMI_HOST_PEER_PHYMODE,
+			   fw_phymode, update_vht_opmode->smesessionId);
 }
 
 /**

wlan_qcacld3_modules.bzl

@@ -15,6 +15,9 @@ _target_chipset_map = {
         "peach",
         "kiwi-v2",
     ],
+    "volcano": [
+        "qca6750",
+    ],
 }
 
 _chipset_hw_map = {