bcmdhd_hdf/bcmdhd/wl_cfgscan.c

/*
 * Linux cfg80211 driver scan related code
 *
 * Copyright (C) 1999-2019, Broadcom.
 *
 *      Unless you and Broadcom execute a separate written software license
 * agreement governing use of this software, this software is licensed to you
 * under the terms of the GNU General Public License version 2 (the "GPL"),
 * available at http://www.broadcom.com/licenses/GPLv2.php, with the
 * following added to such license:
 *
 *      As a special exception, the copyright holders of this software give you
 * permission to link this software with independent modules, and to copy and
 * distribute the resulting executable under terms of your choice, provided that
 * you also meet, for each linked independent module, the terms and conditions
 * of the license of that module.  An independent module is a module which is
 * not derived from this software.  The special exception does not apply to any
 * modifications of the software.
 *
 *      Notwithstanding the above, under no circumstances may you combine this
 * software in any way with any other Broadcom software provided under a license
 * other than the GPL, without Broadcom's express prior written consent.
 *
 *
 * <<Broadcom-WL-IPTag/Open:>>
 *
 * $Id$
 */
/* */
#include <typedefs.h>
#include <linuxver.h>
#include <osl.h>
#include <linux/kernel.h>

#include <bcmutils.h>
#include <bcmstdlib_s.h>
#include <bcmwifi_channels.h>
#include <bcmendian.h>
#include <ethernet.h>
#include <802.11.h>
#include <bcmiov.h>
#include <linux/if_arp.h>
#include <asm/uaccess.h>

#include <ethernet.h>
#include <linux/kernel.h>
#include <linux/kthread.h>
#include <linux/netdevice.h>
#include <linux/sched.h>
#include <linux/etherdevice.h>
#include <linux/wireless.h>
#include <linux/ieee80211.h>
#include <linux/wait.h>
#include <net/cfg80211.h>
#include <net/rtnetlink.h>

#include <wlioctl.h>
#include <bcmevent.h>
#include <wldev_common.h>
#include <wl_cfg80211.h>
#include <wl_cfgscan.h>
#include <wl_cfgp2p.h>
#include <bcmdevs.h>
#include <wl_android.h>
#include <dngl_stats.h>
#include <dhd.h>
#include <dhd_linux.h>
#include <dhd_debug.h>
#include <dhdioctl.h>
#include <wlioctl.h>
#include <dhd_cfg80211.h>
#include <dhd_bus.h>
#include <wl_cfgvendor.h>
#ifdef BCMPCIE
#include <dhd_flowring.h>
#endif // endif
#ifdef PNO_SUPPORT
#include <dhd_pno.h>
#endif /* PNO_SUPPORT */
#ifdef RTT_SUPPORT
#include "dhd_rtt.h"
#endif /* RTT_SUPPORT */
#include <dhd_config.h>
#ifdef CONFIG_AP6XXX_WIFI6_HDF
#include "hdf_mac80211_sta_event.h"
#endif

#define ACTIVE_SCAN 1
#define PASSIVE_SCAN 0

#define MIN_P2P_IE_LEN                                                          \
    8                      /* p2p_ie->OUI(3) + p2p_ie->oui_type(1) +            \
                            * Attribute ID(1) + Length(2) + 1(Mininum length:1) \
                            */
#define MAX_P2P_IE_LEN 251 /* Up To 251 */

#define WPS_ATTR_REQ_TYPE 0x103a
#define WPS_REQ_TYPE_ENROLLEE 0x01

#if defined(USE_INITIAL_2G_SCAN) || defined(USE_INITIAL_SHORT_DWELL_TIME)
#define FIRST_SCAN_ACTIVE_DWELL_TIME_MS 40
bool g_first_broadcast_scan = TRUE;
#endif /* USE_INITIAL_2G_SCAN || USE_INITIAL_SHORT_DWELL_TIME */
#ifdef P2P_LISTEN_OFFLOADING
void wl_cfg80211_cancel_p2plo(struct bcm_cfg80211 *cfg);
#endif /* P2P_LISTEN_OFFLOADING */
static void _wl_notify_scan_done(struct bcm_cfg80211 *cfg, bool aborted);

extern int passive_channel_skip;

#ifdef WL11U
static bcm_tlv_t *wl_cfg80211_find_interworking_ie(const u8 *parse, u32 len)
{
    bcm_tlv_t *ie;

    /* unfortunately it's too much work to dispose the const cast -
     * bcm_parse_tlvs is used everywhere and changing its prototype to take
     * const qualifier needs a massive change to all its callers...
     */

    if ((ie = bcm_parse_tlvs(parse, len, DOT11_MNG_INTERWORKING_ID))) {
        return ie;
    }
    return NULL;
}

static s32 wl_cfg80211_clear_iw_ie(struct bcm_cfg80211 *cfg,
                                   struct net_device *ndev, s32 bssidx)
{
    ie_setbuf_t ie_setbuf;

    WL_DBG(("clear interworking IE\n"));

    bzero(&ie_setbuf, sizeof(ie_setbuf_t));

    ie_setbuf.ie_buffer.iecount = htod32(1);
    ie_setbuf.ie_buffer.ie_list[0].ie_data.id = DOT11_MNG_INTERWORKING_ID;
    ie_setbuf.ie_buffer.ie_list[0].ie_data.len = 0;

    return wldev_iovar_setbuf_bsscfg(ndev, "ie", &ie_setbuf, sizeof(ie_setbuf),
                                     cfg->ioctl_buf, WLC_IOCTL_MAXLEN, bssidx,
                                     &cfg->ioctl_buf_sync);
}

static s32 wl_cfg80211_add_iw_ie(struct bcm_cfg80211 *cfg,
                                 struct net_device *ndev, s32 bssidx,
                                 s32 pktflag, uint8 ie_id, uint8 *data,
                                 uint8 data_len)
{
    s32 err = BCME_OK;
    s32 buf_len;
    ie_setbuf_t *ie_setbuf;
    ie_getbuf_t ie_getbufp;
    char getbuf[WLC_IOCTL_SMLEN];

    if (ie_id != DOT11_MNG_INTERWORKING_ID) {
        WL_ERR(("unsupported (id=%d)\n", ie_id));
        return BCME_UNSUPPORTED;
    }

    /* access network options (1 octet)  is the mandatory field */
    if (!data || data_len == 0 || data_len > IW_IES_MAX_BUF_LEN) {
        WL_ERR(("wrong interworking IE (len=%d)\n", data_len));
        return BCME_BADARG;
    }

    /* Validate the pktflag parameter */
    if ((pktflag &
         ~(VNDR_IE_BEACON_FLAG | VNDR_IE_PRBRSP_FLAG | VNDR_IE_ASSOCRSP_FLAG |
           VNDR_IE_AUTHRSP_FLAG | VNDR_IE_PRBREQ_FLAG | VNDR_IE_ASSOCREQ_FLAG |
           VNDR_IE_CUSTOM_FLAG))) {
        WL_ERR(("invalid packet flag 0x%x\n", pktflag));
        return BCME_BADARG;
    }

    buf_len = sizeof(ie_setbuf_t) + data_len - 1;

    ie_getbufp.id = DOT11_MNG_INTERWORKING_ID;
    if (wldev_iovar_getbuf_bsscfg(ndev, "ie", (void *)&ie_getbufp,
                                  sizeof(ie_getbufp), getbuf, WLC_IOCTL_SMLEN,
                                  bssidx, &cfg->ioctl_buf_sync) == BCME_OK) {
        if (!memcmp(&getbuf[TLV_HDR_LEN], data, data_len)) {
            WL_DBG(("skip to set interworking IE\n"));
            return BCME_OK;
        }
    }

    /* if already set with previous values, delete it first */
    if (cfg->wl11u) {
        if ((err = wl_cfg80211_clear_iw_ie(cfg, ndev, bssidx)) != BCME_OK) {
            return err;
        }
    }

    ie_setbuf = (ie_setbuf_t *)MALLOCZ(cfg->osh, buf_len);
    if (!ie_setbuf) {
        WL_ERR(("Error allocating buffer for IE\n"));
        return -ENOMEM;
    }
    strlcpy(ie_setbuf->cmd, "add", sizeof(ie_setbuf->cmd));

    /* Buffer contains only 1 IE */
    ie_setbuf->ie_buffer.iecount = htod32(1);
    /* use VNDR_IE_CUSTOM_FLAG flags for none vendor IE . currently fixed value
     */
    ie_setbuf->ie_buffer.ie_list[0].pktflag = htod32(pktflag);

    /* Now, add the IE to the buffer */
    ie_setbuf->ie_buffer.ie_list[0].ie_data.id = DOT11_MNG_INTERWORKING_ID;
    ie_setbuf->ie_buffer.ie_list[0].ie_data.len = data_len;
    /* Returning void here as max data_len can be 8 */
    (void)memcpy_s((uchar *)&ie_setbuf->ie_buffer.ie_list[0].ie_data.data[0],
                   sizeof(uint8), data, data_len);

    if ((err = wldev_iovar_setbuf_bsscfg(
             ndev, "ie", ie_setbuf, buf_len, cfg->ioctl_buf, WLC_IOCTL_MAXLEN,
             bssidx, &cfg->ioctl_buf_sync)) == BCME_OK) {
        WL_DBG(("set interworking IE\n"));
        cfg->wl11u = TRUE;
        err = wldev_iovar_setint_bsscfg(ndev, "grat_arp", 1, bssidx);
    }

    MFREE(cfg->osh, ie_setbuf, buf_len);
    return err;
}
#endif /* WL11U */

#ifdef WL_BCNRECV
/* Beacon recv results handler sending to upper layer */
static s32 wl_bcnrecv_result_handler(struct bcm_cfg80211 *cfg,
                                     bcm_struct_cfgdev *cfgdev,
                                     wl_bss_info_v109_2_t *bi,
                                     uint32 scan_status)
{
    s32 err = BCME_OK;
    struct wiphy *wiphy = NULL;
    wl_bcnrecv_result_t *bcn_recv = NULL;
    struct osl_timespec ts;
    if (!bi) {
        WL_ERR(("%s: bi is NULL\n", __func__));
        err = BCME_NORESOURCE;
        goto exit;
    }
    if ((bi->length - bi->ie_length) < sizeof(wl_bss_info_v109_2_t)) {
        WL_ERR(("bi info version doesn't support bcn_recv attributes\n"));
        goto exit;
    }

    if (scan_status == WLC_E_STATUS_RXBCN) {
        wiphy = cfg->wdev->wiphy;
        if (!wiphy) {
            WL_ERR(("wiphy is NULL\n"));
            err = BCME_NORESOURCE;
            goto exit;
        }
        bcn_recv = (wl_bcnrecv_result_t *)MALLOCZ(cfg->osh, sizeof(*bcn_recv));
        if (unlikely(!bcn_recv)) {
            WL_ERR(("Failed to allocate memory\n"));
            return -ENOMEM;
        }
        /* Returning void here as copy size does not exceed dest size of SSID */
        (void)memcpy_s((char *)bcn_recv->SSID, DOT11_MAX_SSID_LEN,
                       (char *)bi->SSID, DOT11_MAX_SSID_LEN);
        /* Returning void here as copy size does not exceed dest size of ETH_LEN
         */
        (void)memcpy_s(&bcn_recv->BSSID, ETHER_ADDR_LEN, &bi->BSSID, ETH_ALEN);
        bcn_recv->channel =
            wf_chspec_ctlchan(wl_chspec_driver_to_host(bi->chanspec));
        bcn_recv->beacon_interval = bi->beacon_period;

        /* kernal timestamp */
        osl_get_monotonic_boottime(&ts);
        bcn_recv->system_time = ((u64)ts.tv_sec * 0xF4240) + ts.tv_nsec / 0x3E8;
        bcn_recv->timestamp[0] = bi->timestamp[0];
        bcn_recv->timestamp[1] = bi->timestamp[1];
        if ((err = wl_android_bcnrecv_event(
                 cfgdev_to_wlc_ndev(cfgdev, cfg), BCNRECV_ATTR_BCNINFO, 0, 0,
                 (uint8 *)bcn_recv, sizeof(*bcn_recv))) != BCME_OK) {
            WL_ERR(("failed to send bcnrecv event, error:%d\n", err));
        }
    } else {
        WL_DBG(("Ignoring Escan Event:%d \n", scan_status));
    }
exit:
    if (bcn_recv) {
        MFREE(cfg->osh, bcn_recv, sizeof(*bcn_recv));
    }
    return err;
}
#endif /* WL_BCNRECV */

#ifdef ESCAN_BUF_OVERFLOW_MGMT
#ifndef WL_DRV_AVOID_SCANCACHE
static void wl_cfg80211_find_removal_candidate(wl_bss_info_t *bss,
                                               removal_element_t *candidate)
{
    int idx;
    for (idx = 0; idx < BUF_OVERFLOW_MGMT_COUNT; idx++) {
        int len = BUF_OVERFLOW_MGMT_COUNT - idx - 1;
        if (bss->RSSI < candidate[idx].RSSI) {
            if (len) {
                /* In the below memcpy operation the candidate array always has
                 * the buffer space available to max 'len' calculated in the for
                 * loop.
                 */
                (void)memcpy_s(
                    &candidate[idx + 1], (sizeof(removal_element_t) * len),
                    &candidate[idx], sizeof(removal_element_t) * len);
            }
            candidate[idx].RSSI = bss->RSSI;
            candidate[idx].length = bss->length;
            (void)memcpy_s(&candidate[idx].BSSID, ETHER_ADDR_LEN, &bss->BSSID,
                           ETHER_ADDR_LEN);
            return;
        }
    }
}

static void wl_cfg80211_remove_lowRSSI_info(wl_scan_results_t *list,
                                            removal_element_t *candidate,
                                            wl_bss_info_t *bi)
{
    int idx1, idx2;
    int total_delete_len = 0;
    for (idx1 = 0; idx1 < BUF_OVERFLOW_MGMT_COUNT; idx1++) {
        int cur_len = WL_SCAN_RESULTS_FIXED_SIZE;
        wl_bss_info_t *bss = NULL;
        if (candidate[idx1].RSSI >= bi->RSSI) {
            continue;
        }
        for (idx2 = 0; idx2 < list->count; idx2++) {
            bss = bss ? (wl_bss_info_t *)((uintptr)bss + dtoh32(bss->length))
                      : list->bss_info;
            if (!bcmp(&candidate[idx1].BSSID, &bss->BSSID, ETHER_ADDR_LEN) &&
                candidate[idx1].RSSI == bss->RSSI &&
                candidate[idx1].length == dtoh32(bss->length)) {
                u32 delete_len = dtoh32(bss->length);
                WL_DBG(("delete scan info of " MACDBG " to add new AP\n",
                        MAC2STRDBG(bss->BSSID.octet)));
                if (idx2 < list->count - 1) {
                    memmove((u8 *)bss, (u8 *)bss + delete_len,
                            list->buflen - cur_len - delete_len);
                }
                list->buflen -= delete_len;
                list->count--;
                total_delete_len += delete_len;
                /* if delete_len is greater than or equal to result length */
                if (total_delete_len >= bi->length) {
                    return;
                }
                break;
            }
            cur_len += dtoh32(bss->length);
        }
    }
}
#endif /* WL_DRV_AVOID_SCANCACHE */
#endif /* ESCAN_BUF_OVERFLOW_MGMT */

s32 wl_escan_handler(struct bcm_cfg80211 *cfg, bcm_struct_cfgdev *cfgdev,
                     const wl_event_msg_t *e, void *data)
{
    s32 err = BCME_OK;
    s32 status = ntoh32(e->status);
    wl_escan_result_t *escan_result;
    struct net_device *ndev = NULL;
#ifndef WL_DRV_AVOID_SCANCACHE
    wl_bss_info_t *bi;
    u32 bi_length;
    const wifi_p2p_ie_t *p2p_ie;
    const u8 *p2p_dev_addr = NULL;
    wl_scan_results_t *list;
    wl_bss_info_t *bss = NULL;
    u32 i;
#endif /* WL_DRV_AVOID_SCANCACHE */
    u16 channel;
    struct ieee80211_supported_band *band;

    WL_DBG((" enter event type : %d, status : %d \n", ntoh32(e->event_type),
            ntoh32(e->status)));

    ndev = cfgdev_to_wlc_ndev(cfgdev, cfg);

    mutex_lock(&cfg->scan_sync);
    /* P2P SCAN is coming from primary interface */
    if (wl_get_p2p_status(cfg, SCANNING)) {
        if (wl_get_drv_status_all(cfg, SENDING_ACT_FRM)) {
            ndev = cfg->afx_hdl->dev;
        } else {
            ndev = cfg->escan_info.ndev;
        }
    }
    escan_result = (wl_escan_result_t *)data;
#ifdef WL_BCNRECV
    if (cfg->bcnrecv_info.bcnrecv_state == BEACON_RECV_STARTED &&
        status == WLC_E_STATUS_RXBCN) {
        /* handle beacon recv scan results */
        wl_bss_info_v109_2_t *bi_info;
        bi_info = (wl_bss_info_v109_2_t *)escan_result->bss_info;
        err = wl_bcnrecv_result_handler(cfg, cfgdev, bi_info, status);
        goto exit;
    }
#endif /* WL_BCNRECV */
    if (!ndev ||
        (!wl_get_drv_status(cfg, SCANNING, ndev) && !cfg->sched_scan_running)) {
        WL_ERR_RLMT(("escan is not ready. drv_scan_status 0x%x"
                     " e_type %d e_states %d\n",
                     wl_get_drv_status(cfg, SCANNING, ndev),
                     ntoh32(e->event_type), ntoh32(e->status)));
        goto exit;
    }

#ifndef WL_DRV_AVOID_SCANCACHE
    if (status == WLC_E_STATUS_PARTIAL) {
        WL_DBG(("WLC_E_STATUS_PARTIAL \n"));
        DBG_EVENT_LOG((dhd_pub_t *)cfg->pub,
                      WIFI_EVENT_DRIVER_SCAN_RESULT_FOUND);
        if (!escan_result) {
            WL_ERR(("Invalid escan result (NULL pointer)\n"));
            goto exit;
        }
        if ((dtoh32(escan_result->buflen) > (int)ESCAN_BUF_SIZE) ||
            (dtoh32(escan_result->buflen) < sizeof(wl_escan_result_t))) {
            WL_ERR(("Invalid escan buffer len:%d\n",
                    dtoh32(escan_result->buflen)));
            goto exit;
        }
        if (dtoh16(escan_result->bss_count) != 1) {
            WL_ERR(
                ("Invalid bss_count %d: ignoring\n", escan_result->bss_count));
            goto exit;
        }
        bi = escan_result->bss_info;
        if (!bi) {
            WL_ERR(("Invalid escan bss info (NULL pointer)\n"));
            goto exit;
        }
        bi_length = dtoh32(bi->length);
        if (bi_length !=
            (dtoh32(escan_result->buflen) - WL_ESCAN_RESULTS_FIXED_SIZE)) {
            WL_ERR(("Invalid bss_info length %d: ignoring\n", bi_length));
            goto exit;
        }

        /* +++++ terence 20130524: skip invalid bss */
        channel = bi->ctl_ch
                      ? bi->ctl_ch
                      : CHSPEC_CHANNEL(wl_chspec_driver_to_host(bi->chanspec));
        if (channel <= CH_MAX_2G_CHANNEL) {
            band = bcmcfg_to_wiphy(cfg)->bands[IEEE80211_BAND_2GHZ];
        } else {
            band = bcmcfg_to_wiphy(cfg)->bands[IEEE80211_BAND_5GHZ];
        }
        if (!band) {
            WL_ERR(("No valid band\n"));
            goto exit;
        }
        if (!dhd_conf_match_channel(cfg->pub, channel)) {
            goto exit;
        }
        /* ----- terence 20130524: skip invalid bss */

        if (wl_escan_check_sync_id(status, escan_result->sync_id, cfg->escan_info.cur_sync_id) < 0) {
            goto exit;
        }

        if (!(bcmcfg_to_wiphy(cfg)->interface_modes &
              BIT(NL80211_IFTYPE_ADHOC))) {
            if (dtoh16(bi->capability) & DOT11_CAP_IBSS) {
                WL_DBG(("Ignoring IBSS result\n"));
                goto exit;
            }
        }

        if (wl_get_drv_status_all(cfg, FINDING_COMMON_CHANNEL)) {
            p2p_dev_addr = wl_cfgp2p_retreive_p2p_dev_addr(bi, bi_length);
            if (p2p_dev_addr &&
                !memcmp(p2p_dev_addr, cfg->afx_hdl->tx_dst_addr.octet,
                        ETHER_ADDR_LEN)) {
                s32 channel =
                    wf_chspec_ctlchan(wl_chspec_driver_to_host(bi->chanspec));
                if ((channel > MAXCHANNEL) || (channel <= 0)) {
                    channel = WL_INVALID;
                } else {
                    WL_ERR(("ACTION FRAME SCAN : Peer " MACDBG " found,"
                            " channel : %d\n",
                            MAC2STRDBG(cfg->afx_hdl->tx_dst_addr.octet),
                            channel));
                }
                wl_clr_p2p_status(cfg, SCANNING);
                cfg->afx_hdl->peer_chan = channel;
                complete(&cfg->act_frm_scan);
                goto exit;
            }
        } else {
            int cur_len = WL_SCAN_RESULTS_FIXED_SIZE;
#ifdef ESCAN_BUF_OVERFLOW_MGMT
            removal_element_t candidate[BUF_OVERFLOW_MGMT_COUNT];
            int remove_lower_rssi = FALSE;

            bzero(candidate,
                  sizeof(removal_element_t) * BUF_OVERFLOW_MGMT_COUNT);
#endif /* ESCAN_BUF_OVERFLOW_MGMT */

            list = wl_escan_get_buf(cfg, FALSE);
            if (scan_req_match(cfg)) {
#ifdef WL_HOST_BAND_MGMT
                s32 channel_band = 0;
                chanspec_t chspec;
#endif /* WL_HOST_BAND_MGMT */
                /* p2p scan && allow only probe response */
                if ((cfg->p2p->search_state != WL_P2P_DISC_ST_SCAN) &&
                    (bi->flags & WL_BSS_FLAGS_FROM_BEACON)) {
                    goto exit;
                }
                if ((p2p_ie = wl_cfgp2p_find_p2pie(((u8 *)bi) + bi->ie_offset,
                                                   bi->ie_length)) == NULL) {
                    WL_ERR(("Couldn't find P2PIE in probe"
                            " response/beacon\n"));
                    goto exit;
                }
#ifdef WL_HOST_BAND_MGMT
                chspec = wl_chspec_driver_to_host(bi->chanspec);
                channel_band = CHSPEC2WLC_BAND(chspec);
                if ((cfg->curr_band == WLC_BAND_5G) &&
                    (channel_band == WLC_BAND_2G)) {
                    /* Avoid sending the GO results in band conflict */
                    if (wl_cfgp2p_retreive_p2pattrib(p2p_ie, P2P_SEID_GROUP_ID) != NULL) {
                        goto exit;
                    }
                }
#endif /* WL_HOST_BAND_MGMT */
            }
#ifdef ESCAN_BUF_OVERFLOW_MGMT
            if (bi_length > ESCAN_BUF_SIZE - list->buflen) {
                remove_lower_rssi = TRUE;
            }
#endif /* ESCAN_BUF_OVERFLOW_MGMT */

            for (i = 0; i < list->count; i++) {
                bss =
                    bss ? (wl_bss_info_t *)((uintptr)bss + dtoh32(bss->length))
                        : list->bss_info;
                if (!bss) {
                    WL_ERR(("bss is NULL\n"));
                    goto exit;
                }
#ifdef ESCAN_BUF_OVERFLOW_MGMT
                WL_DBG(("%s(" MACDBG "), i=%d bss: RSSI %d list->count %d\n",
                        bss->SSID, MAC2STRDBG(bss->BSSID.octet), i, bss->RSSI,
                        list->count));

                if (remove_lower_rssi) {
                    wl_cfg80211_find_removal_candidate(bss, candidate);
                }
#endif /* ESCAN_BUF_OVERFLOW_MGMT */

                if (!bcmp(&bi->BSSID, &bss->BSSID, ETHER_ADDR_LEN) &&
                    (CHSPEC_BAND(wl_chspec_driver_to_host(bi->chanspec)) ==
                     CHSPEC_BAND(wl_chspec_driver_to_host(bss->chanspec))) &&
                    bi->SSID_len == bss->SSID_len &&
                    !bcmp(bi->SSID, bss->SSID, bi->SSID_len)) {
                    /* do not allow beacon data to update
                     * the data recd from a probe response
                     */
                    if (!(bss->flags & WL_BSS_FLAGS_FROM_BEACON) &&
                        (bi->flags & WL_BSS_FLAGS_FROM_BEACON)) {
                        goto exit;
                    }

                    WL_DBG(("%s(" MACDBG "), i=%d prev: RSSI %d"
                            " flags 0x%x, new: RSSI %d flags 0x%x\n",
                            bss->SSID, MAC2STRDBG(bi->BSSID.octet), i,
                            bss->RSSI, bss->flags, bi->RSSI, bi->flags));

                    if ((bss->flags & WL_BSS_FLAGS_RSSI_ONCHANNEL) ==
                        (bi->flags & WL_BSS_FLAGS_RSSI_ONCHANNEL)) {
                        /* preserve max RSSI if the measurements are
                         * both on-channel or both off-channel
                         */
                        WL_DBG(("%s(" MACDBG "), same onchan"
                                ", RSSI: prev %d new %d\n",
                                bss->SSID, MAC2STRDBG(bi->BSSID.octet),
                                bss->RSSI, bi->RSSI));
                        bi->RSSI = MAX(bss->RSSI, bi->RSSI);
                    } else if ((bss->flags & WL_BSS_FLAGS_RSSI_ONCHANNEL) &&
                               (bi->flags & WL_BSS_FLAGS_RSSI_ONCHANNEL) == 0) {
                        /* preserve the on-channel rssi measurement
                         * if the new measurement is off channel
                         */
                        WL_DBG(("%s(" MACDBG "), prev onchan"
                                ", RSSI: prev %d new %d\n",
                                bss->SSID, MAC2STRDBG(bi->BSSID.octet),
                                bss->RSSI, bi->RSSI));
                        bi->RSSI = bss->RSSI;
                        bi->flags |= WL_BSS_FLAGS_RSSI_ONCHANNEL;
                    }
                    if (dtoh32(bss->length) != bi_length) {
                        u32 prev_len = dtoh32(bss->length);

                        WL_DBG(("bss info replacement"
                                " is occured(bcast:%d->probresp%d)\n",
                                bss->ie_length, bi->ie_length));
                        WL_DBG(("%s(" MACDBG "), replacement!(%d -> %d)\n",
                                bss->SSID, MAC2STRDBG(bi->BSSID.octet),
                                prev_len, bi_length));

                        if ((list->buflen - prev_len) + bi_length >
                            ESCAN_BUF_SIZE) {
                            WL_ERR(("Buffer is too small: keep the"
                                    " previous result of this AP\n"));
                            /* Only update RSSI */
                            bss->RSSI = bi->RSSI;
                            bss->flags |=
                                (bi->flags & WL_BSS_FLAGS_RSSI_ONCHANNEL);
                            goto exit;
                        }

                        if (i < list->count - 1) {
                            /* memory copy required by this case only */
                            memmove((u8 *)bss + bi_length, (u8 *)bss + prev_len,
                                    list->buflen - cur_len - prev_len);
                        }
                        list->buflen -= prev_len;
                        list->buflen += bi_length;
                    }
                    list->version = dtoh32(bi->version);
                    /* In the above code under check
                     *  '(dtoh32(bss->length) != bi_length)'
                     * buffer overflow is avoided. bi_length
                     * is already accounted in list->buflen
                     */
                    if ((err = memcpy_s(
                             (u8 *)bss,
                             (ESCAN_BUF_SIZE - (list->buflen - bi_length)),
                             (u8 *)bi, bi_length)) != BCME_OK) {
                        WL_ERR(("Failed to copy the recent bss_info."
                                "err:%d recv_len:%d bi_len:%d\n",
                                err,
                                ESCAN_BUF_SIZE - (list->buflen - bi_length),
                                bi_length));
                        /* This scenario should never happen. If it happens,
                         * set list->count to zero for recovery
                         */
                        list->count = 0;
                        list->buflen = 0;
                        ASSERT(0);
                    }
                    goto exit;
                }
                cur_len += dtoh32(bss->length);
            }
            if (bi_length > ESCAN_BUF_SIZE - list->buflen) {
#ifdef ESCAN_BUF_OVERFLOW_MGMT
                wl_cfg80211_remove_lowRSSI_info(list, candidate, bi);
                if (bi_length > ESCAN_BUF_SIZE - list->buflen) {
                    WL_DBG(("RSSI(" MACDBG ") is too low(%d) to add Buffer\n",
                            MAC2STRDBG(bi->BSSID.octet), bi->RSSI));
                    goto exit;
                }
#else
                WL_ERR(("Buffer is too small: ignoring\n"));
                goto exit;
#endif /* ESCAN_BUF_OVERFLOW_MGMT */
            }
            /* In the previous step check is added to ensure the bi_legth does
             * not exceed the ESCAN_BUF_SIZE
             */
            (void)memcpy_s(&(((char *)list)[list->buflen]),
                           (ESCAN_BUF_SIZE - list->buflen), bi, bi_length);
            list->version = dtoh32(bi->version);
            list->buflen += bi_length;
            list->count++;

            /*
             * !Broadcast && number of ssid = 1 && number of channels =1
             * means specific scan to association
             */
            if (wl_cfgp2p_is_p2p_specific_scan(cfg->scan_request)) {
                WL_ERR(("P2P assoc scan fast aborted.\n"));
                wl_notify_escan_complete(cfg, cfg->escan_info.ndev, false,
                                         true);
                goto exit;
            }
        }
    } else if (status == WLC_E_STATUS_SUCCESS) {
        cfg->escan_info.escan_state = WL_ESCAN_STATE_IDLE;
        wl_escan_print_sync_id(status, cfg->escan_info.cur_sync_id,
                               escan_result->sync_id);

        if (wl_get_drv_status_all(cfg, FINDING_COMMON_CHANNEL)) {
            WL_DBG(("ACTION FRAME SCAN DONE\n"));
            wl_clr_p2p_status(cfg, SCANNING);
            wl_clr_drv_status(cfg, SCANNING, cfg->afx_hdl->dev);
            if (cfg->afx_hdl->peer_chan == WL_INVALID) {
                complete(&cfg->act_frm_scan);
            }
        } else if ((likely(cfg->scan_request)) || (cfg->sched_scan_running)) {
            WL_INFORM_MEM(("ESCAN COMPLETED\n"));
            DBG_EVENT_LOG((dhd_pub_t *)cfg->pub,
                          WIFI_EVENT_DRIVER_SCAN_COMPLETE);
            cfg->bss_list = wl_escan_get_buf(cfg, FALSE);
            if (!scan_req_match(cfg)) {
                WL_DBG(("SCAN COMPLETED: scanned AP count=%d\n",
                        cfg->bss_list->count));
            }
            wl_inform_bss(cfg);
            wl_notify_escan_complete(cfg, ndev, false, false);
#ifdef CONFIG_AP6XXX_WIFI6_HDF
            printk("scan done success!\n");
            HdfScanEventCallback(ndev, HDF_WIFI_SCAN_SUCCESS);
#endif
        }
        wl_escan_increment_sync_id(cfg, SCAN_BUF_NEXT);
    } else if ((status == WLC_E_STATUS_ABORT) ||
               (status == WLC_E_STATUS_NEWSCAN) ||
               (status == WLC_E_STATUS_11HQUIET) ||
               (status == WLC_E_STATUS_CS_ABORT) ||
               (status == WLC_E_STATUS_NEWASSOC)) {
#ifdef CONFIG_AP6XXX_WIFI6_HDF
        printk("scan abort status=%d\n", status);
#endif
        /* Dump FW preserve buffer content */
        if (status == WLC_E_STATUS_ABORT) {
            wl_flush_fw_log_buffer(ndev, FW_LOGSET_MASK_ALL);
        }
        /* Handle all cases of scan abort */
        cfg->escan_info.escan_state = WL_ESCAN_STATE_IDLE;
        wl_escan_print_sync_id(status, escan_result->sync_id,
                               cfg->escan_info.cur_sync_id);
        WL_DBG(("ESCAN ABORT reason: %d\n", status));
        if (wl_get_drv_status_all(cfg, FINDING_COMMON_CHANNEL)) {
            WL_DBG(("ACTION FRAME SCAN DONE\n"));
            wl_clr_drv_status(cfg, SCANNING, cfg->afx_hdl->dev);
            wl_clr_p2p_status(cfg, SCANNING);
            if (cfg->afx_hdl->peer_chan == WL_INVALID) {
                complete(&cfg->act_frm_scan);
            }
        } else if ((likely(cfg->scan_request)) || (cfg->sched_scan_running)) {
            WL_INFORM_MEM(("ESCAN ABORTED\n"));

#if (LINUX_VERSION_CODE >= KERNEL_VERSION(3, 8, 0))
            if (p2p_scan(cfg) && cfg->scan_request &&
                (cfg->scan_request->flags & NL80211_SCAN_FLAG_FLUSH)) {
                WL_ERR(("scan list is changed"));
                cfg->bss_list = wl_escan_get_buf(cfg, FALSE);
            } else
#endif // endif
                cfg->bss_list = wl_escan_get_buf(cfg, TRUE);

            if (!scan_req_match(cfg)) {
                WL_TRACE_HW4(("SCAN ABORTED: scanned AP count=%d\n",
                              cfg->bss_list->count));
            }
#ifdef DUAL_ESCAN_RESULT_BUFFER
            if (escan_result->sync_id != cfg->escan_info.cur_sync_id) {
                /* If sync_id is not matching, then the abort might have
                 * come for the old scan req or for the in-driver initiated
                 * scan. So do abort for scan_req for which sync_id is
                 * matching.
                 */
                WL_INFORM_MEM(("sync_id mismatch (%d != %d). "
                               "Ignore the scan abort event.\n",
                               escan_result->sync_id,
                               cfg->escan_info.cur_sync_id));
                goto exit;
            } else {
                /* sync id is matching, abort the scan */
                WL_INFORM_MEM(("scan aborted for sync_id: %d \n",
                               cfg->escan_info.cur_sync_id));
                wl_inform_bss(cfg);
                wl_notify_escan_complete(cfg, ndev, true, false);
            }
#else
            wl_inform_bss(cfg);
            wl_notify_escan_complete(cfg, ndev, true, false);
#endif /* DUAL_ESCAN_RESULT_BUFFER */
        } else {
            /* If there is no pending host initiated scan, do nothing */
            WL_DBG(("ESCAN ABORT: No pending scans. Ignoring event.\n"));
        }
        wl_escan_increment_sync_id(cfg, SCAN_BUF_CNT);
    } else if (status == WLC_E_STATUS_TIMEOUT) {
#ifdef CONFIG_AP6XXX_WIFI6_HDF
        HdfScanEventCallback(ndev, HDF_WIFI_SCAN_TIMEOUT);
#endif
        WL_ERR(
            ("WLC_E_STATUS_TIMEOUT : scan_request[%p]\n", cfg->scan_request));
        WL_ERR(("reason[0x%x]\n", e->reason));
        if (e->reason == 0xFFFFFFFF) {
            wl_notify_escan_complete(cfg, cfg->escan_info.ndev, true, true);
        }
    } else {
#ifdef CONFIG_AP6XXX_WIFI6_HDF
        printk("scan failed 3\n");
        HdfScanEventCallback(ndev, HDF_WIFI_SCAN_FAILED);
#endif
        WL_ERR(("unexpected Escan Event %d : abort\n", status));
        cfg->escan_info.escan_state = WL_ESCAN_STATE_IDLE;
        wl_escan_print_sync_id(status, escan_result->sync_id,
                               cfg->escan_info.cur_sync_id);
        if (wl_get_drv_status_all(cfg, FINDING_COMMON_CHANNEL)) {
            WL_DBG(("ACTION FRAME SCAN DONE\n"));
            wl_clr_p2p_status(cfg, SCANNING);
            wl_clr_drv_status(cfg, SCANNING, cfg->afx_hdl->dev);
            if (cfg->afx_hdl->peer_chan == WL_INVALID) {
                complete(&cfg->act_frm_scan);
            }
        } else if ((likely(cfg->scan_request)) || (cfg->sched_scan_running)) {
            cfg->bss_list = wl_escan_get_buf(cfg, TRUE);
            if (!scan_req_match(cfg)) {
                WL_TRACE_HW4(("SCAN ABORTED(UNEXPECTED): "
                              "scanned AP count=%d\n",
                              cfg->bss_list->count));
            }
            wl_inform_bss(cfg);
            wl_notify_escan_complete(cfg, ndev, true, false);
        }
        wl_escan_increment_sync_id(cfg, 0x2);
    }
#else  /* WL_DRV_AVOID_SCANCACHE */
    err = wl_escan_without_scan_cache(cfg, escan_result, ndev, e, status);
#endif /* WL_DRV_AVOID_SCANCACHE */
exit:
    mutex_unlock(&cfg->scan_sync);
    return err;
}

/* Find listen channel */
static s32 wl_find_listen_channel(struct bcm_cfg80211 *cfg, const u8 *ie,
                                  u32 ie_len)
{
    const wifi_p2p_ie_t *p2p_ie;
    const u8 *end, *pos;
    s32 listen_channel;

    pos = (const u8 *)ie;

    p2p_ie = wl_cfgp2p_find_p2pie(pos, ie_len);
    if (p2p_ie == NULL) {
        return 0;
    }
    if (p2p_ie->len < MIN_P2P_IE_LEN || p2p_ie->len > MAX_P2P_IE_LEN) {
        CFGP2P_ERR(("p2p_ie->len out of range - %d\n", p2p_ie->len));
        return 0;
    }
    pos = p2p_ie->subelts;
    end = p2p_ie->subelts + (p2p_ie->len - 0x4);

    CFGP2P_DBG((" found p2p ie ! lenth %d \n", p2p_ie->len));

    while (pos < end) {
        uint16 attr_len;
        if (pos + 0x2 >= end) {
            CFGP2P_DBG((" -- Invalid P2P attribute"));
            return 0;
        }
        attr_len = ((uint16)(((pos + 1)[1] << 0x8) | (pos + 1)[0]));

        if (pos + 0x3 + attr_len > end) {
            CFGP2P_DBG(("P2P: Attribute underflow "
                        "(len=%u left=%d)",
                        attr_len, (int)(end - pos - 0x3)));
            return 0;
        }

        /* if Listen Channel att id is 6 and the vailue is valid,
         * return the listen channel
         */
        if (pos[0] == 0x6) {
            /* listen channel subel length format
             * 1(id) + 2(len) + 3(country) + 1(op. class) + 1(chan num)
             */
            listen_channel = pos[1 + 0x2 + 0x3 + 1];

            if (listen_channel == SOCIAL_CHAN_1 ||
                listen_channel == SOCIAL_CHAN_2 ||
                listen_channel == SOCIAL_CHAN_3) {
                CFGP2P_DBG((" Found my Listen Channel %d \n", listen_channel));
                return listen_channel;
            }
        }
        pos += 0x3 + attr_len;
    }
    return 0;
}

#ifdef WL_SCAN_TYPE
static u32
wl_cfgscan_map_nl80211_scan_type(struct bcm_cfg80211 *cfg,
                                 struct cfg80211_scan_request *request)
{
    u32 scan_flags = 0;

    if (!request) {
        return scan_flags;
    }

    if (request->flags & NL80211_SCAN_FLAG_LOW_SPAN) {
        scan_flags |= WL_SCANFLAGS_LOW_SPAN;
    }
    if (request->flags & NL80211_SCAN_FLAG_HIGH_ACCURACY) {
        scan_flags |= WL_SCANFLAGS_HIGH_ACCURACY;
    }
    if (request->flags & NL80211_SCAN_FLAG_LOW_POWER) {
        scan_flags |= WL_SCANFLAGS_LOW_POWER_SCAN;
    }
    if (request->flags & NL80211_SCAN_FLAG_LOW_PRIORITY) {
        scan_flags |= WL_SCANFLAGS_LOW_PRIO;
    }

    WL_INFORM(("scan flags. wl:%x cfg80211:%x\n", scan_flags, request->flags));
    return scan_flags;
}
#endif /* WL_SCAN_TYPE */

#if (LINUX_VERSION_CODE < KERNEL_VERSION(3, 14, 0))
#define IS_RADAR_CHAN(flags)                                                   \
    (flags & (IEEE80211_CHAN_RADAR | IEEE80211_CHAN_PASSIVE_SCAN))
#else
#define IS_RADAR_CHAN(flags)                                                   \
    (flags & (IEEE80211_CHAN_RADAR | IEEE80211_CHAN_NO_IR))
#endif // endif
static void
wl_cfgscan_populate_scan_channels(struct bcm_cfg80211 *cfg, u16 *channel_list,
                                  struct cfg80211_scan_request *request,
                                  u32 *num_channels)
{
    u32 i = 0, j = 0;
    u32 channel;
    u32 n_channels = 0;
    u32 chanspec = 0;

    if (!request || !request->n_channels) {
        /* Do full channel scan */
        return;
    }

    n_channels = request->n_channels;
    for (i = 0; i < n_channels; i++) {
        channel =
            ieee80211_frequency_to_channel(request->channels[i]->center_freq);
        /* SKIP DFS channels for Secondary interface */
        if ((cfg->escan_info.ndev != bcmcfg_to_prmry_ndev(cfg)) &&
            (IS_RADAR_CHAN(request->channels[i]->flags))) {
            continue;
        }
        if (!dhd_conf_match_channel(cfg->pub, channel)) {
            continue;
        }

        chanspec = WL_CHANSPEC_BW_20;
        if (chanspec == INVCHANSPEC) {
            WL_ERR(("Invalid chanspec! Skipping channel\n"));
            continue;
        }

#if (LINUX_VERSION_CODE >= KERNEL_VERSION(3, 6, 0))
        if (request->channels[i]->band == IEEE80211_BAND_60GHZ) {
            /* Not supported */
            continue;
        }
#endif /* LINUX_VER >= 3.6 */

        if (request->channels[i]->band == IEEE80211_BAND_2GHZ) {
#ifdef WL_HOST_BAND_MGMT
            if (cfg->curr_band == WLC_BAND_5G) {
                WL_DBG(("In 5G only mode, omit 2G channel:%d\n", channel));
                continue;
            }
#endif /* WL_HOST_BAND_MGMT */
            chanspec |= WL_CHANSPEC_BAND_2G;
        } else {
#ifdef WL_HOST_BAND_MGMT
            if (cfg->curr_band == WLC_BAND_2G) {
                WL_DBG(("In 2G only mode, omit 5G channel:%d\n", channel));
                continue;
            }
#endif /* WL_HOST_BAND_MGMT */
            chanspec |= WL_CHANSPEC_BAND_5G;
        }
        channel_list[j] = channel;
        channel_list[j] &= WL_CHANSPEC_CHAN_MASK;
        channel_list[j] |= chanspec;
        WL_SCAN(("Chan : %d, Channel spec: %x \n", channel, channel_list[j]));
        channel_list[j] = wl_chspec_host_to_driver(channel_list[j]);
        j++;
    }
    *num_channels = j;
}

static void wl_cfgscan_populate_scan_ssids(
    struct bcm_cfg80211 *cfg, u8 *buf_ptr, u32 buf_len,
    struct cfg80211_scan_request *request, u32 *ssid_num)
{
    u32 n_ssids;
    wlc_ssid_t ssid;
    int i, j = 0;

    if (!request || !buf_ptr) {
        /* Do full channel scan */
        return;
    }

    n_ssids = request->n_ssids;
    if (n_ssids > 0) {
        if (buf_len < (n_ssids * sizeof(wlc_ssid_t))) {
            WL_ERR(("buf len not sufficient for scan ssids\n"));
            return;
        }
        for (i = 0; i < n_ssids; i++) {
            bzero(&ssid, sizeof(wlc_ssid_t));
            ssid.SSID_len = MIN(request->ssids[i].ssid_len, DOT11_MAX_SSID_LEN);
            /* Returning void here, as per previous line copy length does not
             * exceed DOT11_MAX_SSID_LEN
             */
            (void)memcpy_s(ssid.SSID, DOT11_MAX_SSID_LEN,
                           request->ssids[i].ssid, ssid.SSID_len);
            if (!ssid.SSID_len) {
                WL_SCAN(("%d: Broadcast scan\n", i));
            } else {
                WL_SCAN(("%d: scan  for  %s size =%d\n", i, ssid.SSID,
                         ssid.SSID_len));
            }
            /* For multiple ssid case copy the each SSID info the ptr below
             * corresponds to that so dest is of type wlc_ssid_t
             */
            (void)memcpy_s(buf_ptr, sizeof(wlc_ssid_t), &ssid,
                           sizeof(wlc_ssid_t));
            buf_ptr += sizeof(wlc_ssid_t);
            j++;
        }
    } else {
        WL_SCAN(("Broadcast scan\n"));
    }
    *ssid_num = j;
}

static s32 wl_scan_prep(struct bcm_cfg80211 *cfg, struct net_device *ndev,
                        void *scan_params, u32 len,
                        struct cfg80211_scan_request *request)
{
#ifdef SCAN_SUPPRESS
    u32 channel;
#endif
    wl_scan_params_t *params = NULL;
    wl_scan_params_v2_t *params_v2 = NULL;
    u32 scan_type = 0;
    u32 scan_param_size = 0;
    u32 n_channels = 0;
    u32 n_ssids = 0;
    uint16 *chan_list = NULL;
    u32 channel_offset = 0;
    u32 cur_offset;

    if (!scan_params) {
        return BCME_ERROR;
    }

    if (cfg->active_scan == PASSIVE_SCAN) {
        WL_INFORM_MEM(("Enforcing passive scan\n"));
        scan_type = WL_SCANFLAGS_PASSIVE;
    }

    WL_DBG(("Preparing Scan request\n"));
    if (cfg->scan_params_v2) {
        params_v2 = (wl_scan_params_v2_t *)scan_params;
        scan_param_size = sizeof(wl_scan_params_v2_t);
        channel_offset = offsetof(wl_scan_params_v2_t, channel_list);
    } else {
        params = (wl_scan_params_t *)scan_params;
        scan_param_size = sizeof(wl_scan_params_t);
        channel_offset = offsetof(wl_scan_params_t, channel_list);
    }

    if (params_v2) {
        /* scan params ver2 */
#if defined(WL_SCAN_TYPE)
        scan_type += wl_cfgscan_map_nl80211_scan_type(cfg, request);
#endif /* WL_SCAN_TYPE */

        (void)memcpy_s(&params_v2->bssid, ETHER_ADDR_LEN, &ether_bcast,
                       ETHER_ADDR_LEN);
        params_v2->version = htod16(WL_SCAN_PARAMS_VERSION_V2);
        params_v2->length = htod16(sizeof(wl_scan_params_v2_t));
        params_v2->bss_type = DOT11_BSSTYPE_ANY;
        params_v2->scan_type = htod32(scan_type);
        params_v2->nprobes = htod32(-1);
        params_v2->active_time = htod32(-1);
        params_v2->passive_time = htod32(-1);
        params_v2->home_time = htod32(-1);
        params_v2->channel_num = 0;
        bzero(&params_v2->ssid, sizeof(wlc_ssid_t));
        chan_list = params_v2->channel_list;
    } else {
        /* scan params ver 1 */
        if (!params) {
            ASSERT(0);
            return BCME_ERROR;
        }
        (void)memcpy_s(&params->bssid, ETHER_ADDR_LEN, &ether_bcast,
                       ETHER_ADDR_LEN);
        params->bss_type = DOT11_BSSTYPE_ANY;
        params->scan_type = 0;
        params->nprobes = htod32(-1);
        params->active_time = htod32(-1);
        params->passive_time = htod32(-1);
        params->home_time = htod32(-1);
        params->channel_num = 0;
        bzero(&params->ssid, sizeof(wlc_ssid_t));
        chan_list = params->channel_list;
    }

    if (!request) {
        /* scan_request null, do scan based on base config */
        WL_DBG(("scan_request is null\n"));
        return BCME_OK;
    }

    WL_INFORM(
        ("n_channels:%d n_ssids:%d\n", request->n_channels, request->n_ssids));

    cur_offset = channel_offset;
    /* Copy channel array if applicable */
#ifdef SCAN_SUPPRESS
    channel = wl_ext_scan_suppress(ndev, scan_params, cfg->scan_params_v2);
    if (channel) {
        n_channels = 1;
        if ((n_channels > 0) && chan_list) {
            if (len >= (scan_param_size + (n_channels * sizeof(u16)))) {
                wl_ext_populate_scan_channel(cfg->pub, chan_list, channel,
                                             n_channels);
                cur_offset += (n_channels * (sizeof(u16)));
            }
        }
    } else
#endif
    {
        if ((request->n_channels > 0) && chan_list) {
            if (len >=
                (scan_param_size + (request->n_channels * sizeof(u16)))) {
                wl_cfgscan_populate_scan_channels(cfg, chan_list, request,
                                                  &n_channels);
                cur_offset += (n_channels * (sizeof(u16)));
            }
        }
    }

    /* Copy ssid array if applicable */
    if (request->n_ssids > 0) {
        cur_offset = (u32)roundup(cur_offset, sizeof(u32));
        if (len > (cur_offset + (request->n_ssids * sizeof(wlc_ssid_t)))) {
            u32 rem_len = len - cur_offset;
            wl_cfgscan_populate_scan_ssids(cfg,
                                           ((u8 *)scan_params + cur_offset),
                                           rem_len, request, &n_ssids);
        }
    }

    if (n_ssids || n_channels) {
        u32 channel_num = htod32((n_ssids << WL_SCAN_PARAMS_NSSID_SHIFT) |
                                 (n_channels & WL_SCAN_PARAMS_COUNT_MASK));
        if (params_v2) {
            params_v2->channel_num = channel_num;
            if (n_channels == 1) {
                params_v2->active_time = htod32(WL_SCAN_CONNECT_DWELL_TIME_MS);
                params_v2->nprobes = htod32(params_v2->active_time /
                                            WL_SCAN_JOIN_PROBE_INTERVAL_MS);
            }
        } else {
            params->channel_num = channel_num;
            if (n_channels == 1) {
                params->active_time = htod32(WL_SCAN_CONNECT_DWELL_TIME_MS);
                params->nprobes = htod32(params->active_time /
                                         WL_SCAN_JOIN_PROBE_INTERVAL_MS);
            }
        }
    }

    WL_INFORM(
        ("scan_prep done. n_channels:%d n_ssids:%d\n", n_channels, n_ssids));
    return BCME_OK;
}

static s32 wl_get_valid_channels(struct net_device *ndev, u8 *valid_chan_list,
                                 s32 size)
{
    wl_uint32_list_t *list;
    s32 err = BCME_OK;
    if (valid_chan_list == NULL || size <= 0) {
        return -ENOMEM;
    }

    bzero(valid_chan_list, size);
    list = (wl_uint32_list_t *)(void *)valid_chan_list;
    list->count = htod32(WL_NUMCHANNELS);
    err = wldev_ioctl_get(ndev, WLC_GET_VALID_CHANNELS, valid_chan_list, size);
    if (err != 0) {
        WL_ERR(("get channels failed with %d\n", err));
    }

    return err;
}

static s32 wl_run_escan(struct bcm_cfg80211 *cfg, struct net_device *ndev,
                        struct cfg80211_scan_request *request, uint16 action)
{
    s32 err = BCME_OK;
    u32 n_channels;
    u32 n_ssids;
    s32 params_size;
    wl_escan_params_t *eparams = NULL;
    wl_escan_params_v2_t *eparams_v2 = NULL;
    u8 *scan_params = NULL;
    u8 *params = NULL;
    u8 chan_buf[sizeof(u32) * (WL_NUMCHANNELS + 1)];
    u32 num_chans = 0;
    s32 channel;
    u32 n_valid_chan;
    s32 search_state = WL_P2P_DISC_ST_SCAN;
    u32 i, j, n_nodfs = 0;
    u16 *default_chan_list = NULL;
    wl_uint32_list_t *list;
    s32 bssidx = -1;
    struct net_device *dev = NULL;
#if defined(USE_INITIAL_2G_SCAN) || defined(USE_INITIAL_SHORT_DWELL_TIME)
    bool is_first_init_2g_scan = false;
#endif /* USE_INITIAL_2G_SCAN || USE_INITIAL_SHORT_DWELL_TIME */
    p2p_scan_purpose_t p2p_scan_purpose = P2P_SCAN_PURPOSE_MIN;
    u32 chan_mem = 0;
    u32 sync_id = 0;

    WL_DBG(("Enter \n"));

    /* scan request can come with empty request : perform all default scan */
    if (!cfg) {
        err = -EINVAL;
        goto exit;
    }

    if (cfg->scan_params_v2) {
        params_size = (WL_SCAN_PARAMS_V2_FIXED_SIZE +
                       OFFSETOF(wl_escan_params_v2_t, params));
    } else {
        params_size =
            (WL_SCAN_PARAMS_FIXED_SIZE + OFFSETOF(wl_escan_params_t, params));
    }

    if (!cfg->p2p_supported || !p2p_scan(cfg)) {
        /* LEGACY SCAN TRIGGER */
        WL_SCAN((" LEGACY E-SCAN START\n"));

#if defined(USE_INITIAL_2G_SCAN) || defined(USE_INITIAL_SHORT_DWELL_TIME)
        if (!request) {
            err = -EINVAL;
            goto exit;
        }
        if (ndev == bcmcfg_to_prmry_ndev(cfg) &&
            g_first_broadcast_scan == true) {
#ifdef USE_INITIAL_2G_SCAN
            struct ieee80211_channel tmp_channel_list[CH_MAX_2G_CHANNEL];
            /* allow one 5G channel to add previous connected channel in 5G */
            bool allow_one_5g_channel = TRUE;
            j = 0;
            for (i = 0; i < request->n_channels; i++) {
                int tmp_chan = ieee80211_frequency_to_channel(
                    request->channels[i]->center_freq);
                if (tmp_chan > CH_MAX_2G_CHANNEL) {
                    if (allow_one_5g_channel) {
                        allow_one_5g_channel = FALSE;
                    } else {
                        continue;
                    }
                }
                if (j > CH_MAX_2G_CHANNEL) {
                    WL_ERR(("Index %d exceeds max 2.4GHz channels %d"
                            " and previous 5G connected channel\n",
                            j, CH_MAX_2G_CHANNEL));
                    break;
                }
                bcopy(request->channels[i], &tmp_channel_list[j],
                      sizeof(struct ieee80211_channel));
                WL_SCAN(("channel of request->channels[%d]=%d\n", i, tmp_chan));
                j++;
            }
            if ((j > 0) && (j <= CH_MAX_2G_CHANNEL)) {
                for (i = 0; i < j; i++) {
                    bcopy(&tmp_channel_list[i], request->channels[i],
                          sizeof(struct ieee80211_channel));
                }

                request->n_channels = j;
                is_first_init_2g_scan = true;
            } else {
                WL_ERR(("Invalid number of 2.4GHz channels %d\n", j));
            }

            WL_SCAN(("request->n_channels=%d\n", request->n_channels));
#else  /* USE_INITIAL_SHORT_DWELL_TIME */
            is_first_init_2g_scan = true;
#endif /* USE_INITIAL_2G_SCAN */
            g_first_broadcast_scan = false;
        }
#endif /* USE_INITIAL_2G_SCAN || USE_INITIAL_SHORT_DWELL_TIME */

        /* if scan request is not empty parse scan request paramters */
        if (request != NULL) {
            n_channels = request->n_channels;
            n_ssids = request->n_ssids;
            if (n_channels % 0x2) {
                /* If n_channels is odd, add a padd of u16 */
                params_size += sizeof(u16) * (n_channels + 1);
            } else {
                params_size += sizeof(u16) * n_channels;
            }

            /* Allocate space for populating ssids in wl_escan_params_t struct
             */
            params_size += sizeof(struct wlc_ssid) * n_ssids;
        }
        params = MALLOCZ(cfg->osh, params_size);
        if (params == NULL) {
            err = -ENOMEM;
            goto exit;
        }

        wl_escan_set_sync_id(sync_id, cfg);
        if (cfg->scan_params_v2) {
            eparams_v2 = (wl_escan_params_v2_t *)params;
            scan_params = (u8 *)&eparams_v2->params;
            eparams_v2->version = htod32(ESCAN_REQ_VERSION_V2);
            eparams_v2->action = htod16(action);
            eparams_v2->sync_id = sync_id;
        } else {
            eparams = (wl_escan_params_t *)params;
            scan_params = (u8 *)&eparams->params;
            eparams->version = htod32(ESCAN_REQ_VERSION);
            eparams->action = htod16(action);
            eparams->sync_id = sync_id;
        }

        if (wl_scan_prep(cfg, ndev, scan_params, params_size, request) < 0) {
            WL_ERR(("scan_prep failed\n"));
            err = -EINVAL;
            goto exit;
        }

#if defined(USE_INITIAL_2G_SCAN) || defined(USE_INITIAL_SHORT_DWELL_TIME)
        /* Override active_time to reduce scan time if it's first bradcast scan.
         */
        if (is_first_init_2g_scan) {
            if (eparams_v2) {
                eparams_v2->params.active_time =
                    FIRST_SCAN_ACTIVE_DWELL_TIME_MS;
            } else {
                eparams->params.active_time = FIRST_SCAN_ACTIVE_DWELL_TIME_MS;
            }
        }
#endif /* USE_INITIAL_2G_SCAN || USE_INITIAL_SHORT_DWELL_TIME */

        wl_escan_set_type(cfg, WL_SCANTYPE_LEGACY);
        if (params_size + sizeof("escan") >= WLC_IOCTL_MEDLEN) {
            WL_ERR(("ioctl buffer length not sufficient\n"));
            MFREE(cfg->osh, params, params_size);
            err = -ENOMEM;
            goto exit;
        }

        bssidx = wl_get_bssidx_by_wdev(cfg, ndev->ieee80211_ptr);
        WL_MSG(ndev->name, "LEGACY_SCAN sync ID: %d, bssidx: %d\n", sync_id,
               bssidx);
        err = wldev_iovar_setbuf(ndev, "escan", params, params_size,
                                 cfg->escan_ioctl_buf, WLC_IOCTL_MEDLEN, NULL);
        if (unlikely(err)) {
            if (err == BCME_EPERM) {
                /* Scan Not permitted at this point of time */
                WL_DBG((" Escan not permitted at this time (%d)\n", err));
            } else {
                WL_ERR((" Escan set error (%d)\n", err));
            }
        } else {
            DBG_EVENT_LOG((dhd_pub_t *)cfg->pub,
                          WIFI_EVENT_DRIVER_SCAN_REQUESTED);
        }
        MFREE(cfg->osh, params, params_size);
    } else if (p2p_is_on(cfg) && p2p_scan(cfg)) {
        /* P2P SCAN TRIGGER */
        s32 _freq = 0;
        n_nodfs = 0;

        if (request && request->n_channels) {
            num_chans = request->n_channels;
            WL_SCAN((" chann number : %d\n", num_chans));
            chan_mem = (u32)(num_chans * sizeof(*default_chan_list));
            default_chan_list = MALLOCZ(cfg->osh, chan_mem);
            if (default_chan_list == NULL) {
                WL_ERR(("channel list allocation failed \n"));
                err = -ENOMEM;
                goto exit;
            }
            if (!wl_get_valid_channels(ndev, chan_buf, sizeof(chan_buf))) {
#ifdef P2P_SKIP_DFS
                int is_printed = false;
#endif /* P2P_SKIP_DFS */
                list = (wl_uint32_list_t *)chan_buf;
                n_valid_chan = dtoh32(list->count);
                if (n_valid_chan > WL_NUMCHANNELS) {
                    WL_ERR(("wrong n_valid_chan:%d\n", n_valid_chan));
                    MFREE(cfg->osh, default_chan_list, chan_mem);
                    err = -EINVAL;
                    goto exit;
                }

                for (i = 0; i < num_chans; i++) {
#ifdef WL_HOST_BAND_MGMT
                    int channel_band = 0;
#endif /* WL_HOST_BAND_MGMT */
                    _freq = request->channels[i]->center_freq;
                    channel = ieee80211_frequency_to_channel(_freq);
#ifdef WL_HOST_BAND_MGMT
                    channel_band = (channel > CH_MAX_2G_CHANNEL) ? WLC_BAND_5G
                                                                 : WLC_BAND_2G;
                    if ((cfg->curr_band != WLC_BAND_AUTO) &&
                        (cfg->curr_band != channel_band) &&
                        !IS_P2P_SOCIAL_CHANNEL(channel)) {
                        continue;
                    }
#endif /* WL_HOST_BAND_MGMT */

                    /* ignore DFS channels */
                    if (request->channels[i]->flags &
#if (LINUX_VERSION_CODE >= KERNEL_VERSION(3, 14, 0))
                        (IEEE80211_CHAN_NO_IR | IEEE80211_CHAN_RADAR))
#else
                        (IEEE80211_CHAN_RADAR | IEEE80211_CHAN_PASSIVE_SCAN))
#endif // endif
                        continue;
#ifdef P2P_SKIP_DFS
                    if (channel >= 0x34 && channel <= 0x90) {
                        if (is_printed == false) {
                            WL_ERR(("SKIP DFS CHANs(52~144)\n"));
                            is_printed = true;
                        }
                        continue;
                    }
#endif /* P2P_SKIP_DFS */

                    for (j = 0; j < n_valid_chan; j++) {
                        /* allows only supported channel on
                         *  current reguatory
                         */
                        if (n_nodfs >= num_chans) {
                            break;
                        }
                        if (channel == (dtoh32(list->element[j]))) {
                            default_chan_list[n_nodfs++] = channel;
                        }
                    }
                }
            }
            if (num_chans == SOCIAL_CHAN_CNT &&
                ((default_chan_list[0] == SOCIAL_CHAN_1) &&
                 (default_chan_list[1] == SOCIAL_CHAN_2) &&
                 (default_chan_list[0x2] == SOCIAL_CHAN_3))) {
                /* SOCIAL CHANNELS 1, 6, 11 */
                search_state = WL_P2P_DISC_ST_SEARCH;
                p2p_scan_purpose = P2P_SCAN_SOCIAL_CHANNEL;
                WL_DBG(("P2P SEARCH PHASE START \n"));
            } else if (((dev = wl_to_p2p_bss_ndev(cfg,
                                                  P2PAPI_BSSCFG_CONNECTION1)) &&
                        (wl_get_mode_by_netdev(cfg, dev) == WL_MODE_AP)) ||
                       ((dev = wl_to_p2p_bss_ndev(cfg,
                                                  P2PAPI_BSSCFG_CONNECTION2)) &&
                        (wl_get_mode_by_netdev(cfg, dev) == WL_MODE_AP))) {
                /* If you are already a GO, then do SEARCH only */
                WL_DBG(("Already a GO. Do SEARCH Only"));
                search_state = WL_P2P_DISC_ST_SEARCH;
                num_chans = n_nodfs;
                p2p_scan_purpose = P2P_SCAN_NORMAL;
            } else if (num_chans == 1) {
                p2p_scan_purpose = P2P_SCAN_CONNECT_TRY;
                WL_INFORM_MEM(("Trigger p2p join scan\n"));
            } else if (num_chans == SOCIAL_CHAN_CNT + 1) {
                /* SOCIAL_CHAN_CNT + 1 takes care of the Progressive scan
                 * supported by the supplicant
                 */
                p2p_scan_purpose = P2P_SCAN_SOCIAL_CHANNEL;
            } else {
                WL_DBG(("P2P SCAN STATE START \n"));
                num_chans = n_nodfs;
                p2p_scan_purpose = P2P_SCAN_NORMAL;
            }
        } else {
            err = -EINVAL;
            goto exit;
        }
        err = wl_cfgp2p_escan(cfg, ndev, ACTIVE_SCAN, num_chans,
                              default_chan_list, search_state, action,
                              wl_to_p2p_bss_bssidx(cfg, P2PAPI_BSSCFG_DEVICE),
                              NULL, p2p_scan_purpose);
        if (!err) {
            cfg->p2p->search_state = search_state;
        }

        MFREE(cfg->osh, default_chan_list, chan_mem);
    }
exit:
    if (unlikely(err)) {
        /* Don't print Error incase of Scan suppress */
        if ((err == BCME_EPERM) && cfg->scan_suppressed) {
            WL_DBG(("Escan failed: Scan Suppressed \n"));
        } else {
            WL_ERR(("scan error (%d)\n", err));
        }
    }
    return err;
}

s32 wl_do_escan(struct bcm_cfg80211 *cfg, struct wiphy *wiphy,
                struct net_device *ndev, struct cfg80211_scan_request *request)
{
    s32 err = BCME_OK;
    s32 passive_scan;
    s32 passive_scan_time;
    s32 passive_scan_time_org;
    wl_scan_results_t *results;
    WL_SCAN(("Enter \n"));

    results = wl_escan_get_buf(cfg, FALSE);
    results->version = 0;
    results->count = 0;
    results->buflen = WL_SCAN_RESULTS_FIXED_SIZE;

    cfg->escan_info.ndev = ndev;
    cfg->escan_info.wiphy = wiphy;
    cfg->escan_info.escan_state = WL_ESCAN_STATE_SCANING;
    passive_scan = cfg->active_scan ? 0 : 1;
    err = wldev_ioctl_set(ndev, WLC_SET_PASSIVE_SCAN, &passive_scan,
                          sizeof(passive_scan));
    if (unlikely(err)) {
        WL_ERR(("error (%d)\n", err));
        goto exit;
    }

    if (passive_channel_skip) {
        err = wldev_ioctl_get(ndev, WLC_GET_SCAN_PASSIVE_TIME,
                              &passive_scan_time_org,
                              sizeof(passive_scan_time_org));
        if (unlikely(err)) {
            WL_ERR(("== error (%d)\n", err));
            goto exit;
        }

        WL_SCAN(("PASSIVE SCAN time : %d \n", passive_scan_time_org));

        passive_scan_time = 0;
        err = wldev_ioctl_set(ndev, WLC_SET_SCAN_PASSIVE_TIME,
                              &passive_scan_time, sizeof(passive_scan_time));
        if (unlikely(err)) {
            WL_ERR(("== error (%d)\n", err));
            goto exit;
        }

        WL_SCAN(("PASSIVE SCAN SKIPED!! (passive_channel_skip:%d) \n",
                 passive_channel_skip));
    }

    err = wl_run_escan(cfg, ndev, request, WL_SCAN_ACTION_START);

    if (passive_channel_skip) {
        err = wldev_ioctl_set(ndev, WLC_SET_SCAN_PASSIVE_TIME,
                              &passive_scan_time_org,
                              sizeof(passive_scan_time_org));
        if (unlikely(err)) {
            WL_ERR(("== error (%d)\n", err));
            goto exit;
        }

        WL_SCAN(("PASSIVE SCAN RECOVERED!! (passive_scan_time_org:%d) \n",
                 passive_scan_time_org));
    }

exit:
    return err;
}

static s32 wl_get_scan_timeout_val(struct bcm_cfg80211 *cfg)
{
    u32 scan_timer_interval_ms = WL_SCAN_TIMER_INTERVAL_MS;

    /* If NAN is enabled adding +10 sec to the existing timeout value */
#ifdef WL_NAN
    if (cfg->nan_enable) {
        scan_timer_interval_ms += WL_SCAN_TIMER_INTERVAL_MS_NAN;
    }
#endif /* WL_NAN */
    WL_MEM(("scan_timer_interval_ms %d\n", scan_timer_interval_ms));
    return scan_timer_interval_ms;
}

#define SCAN_EBUSY_RETRY_LIMIT 20
static s32 wl_cfgscan_handle_scanbusy(struct bcm_cfg80211 *cfg,
                                      struct net_device *ndev, s32 err)
{
    s32 scanbusy_err = 0;
    static u32 busy_count = 0;

    if (!err) {
        busy_count = 0;
        return scanbusy_err;
    }
    if (err == BCME_BUSY || err == BCME_NOTREADY) {
        WL_ERR(("Scan err = (%d), busy?%d\n", err, -EBUSY));
        scanbusy_err = -EBUSY;
    } else if ((err == BCME_EPERM) && cfg->scan_suppressed) {
        WL_ERR(("Scan not permitted due to scan suppress\n"));
        scanbusy_err = -EPERM;
    } else {
        /* For all other fw errors, use a generic error code as return
         * value to cfg80211 stack
         */
        scanbusy_err = -EAGAIN;
    }

    if (scanbusy_err == -EBUSY) {
        /* Flush FW preserve buffer logs for checking failure */
        if (busy_count++ > (SCAN_EBUSY_RETRY_LIMIT / 0x5)) {
            wl_flush_fw_log_buffer(ndev, FW_LOGSET_MASK_ALL);
        }
        if (busy_count > SCAN_EBUSY_RETRY_LIMIT) {
            struct ether_addr bssid;
            s32 ret = 0;
            dhd_pub_t *dhdp = (dhd_pub_t *)(cfg->pub);
            if (dhd_query_bus_erros(dhdp)) {
                return BCME_NOTREADY;
            }
            dhdp->scan_busy_occurred = TRUE;
            busy_count = 0;
            WL_ERR(
                ("Unusual continuous EBUSY error, %d %d %d %d %d %d %d %d %d\n",
                 wl_get_drv_status(cfg, SCANNING, ndev),
                 wl_get_drv_status(cfg, SCAN_ABORTING, ndev),
                 wl_get_drv_status(cfg, CONNECTING, ndev),
                 wl_get_drv_status(cfg, CONNECTED, ndev),
                 wl_get_drv_status(cfg, DISCONNECTING, ndev),
                 wl_get_drv_status(cfg, AP_CREATING, ndev),
                 wl_get_drv_status(cfg, AP_CREATED, ndev),
                 wl_get_drv_status(cfg, SENDING_ACT_FRM, ndev),
                 wl_get_drv_status(cfg, SENDING_ACT_FRM, ndev)));

#if defined(DHD_DEBUG) && defined(DHD_FW_COREDUMP)
            if (dhdp->memdump_enabled) {
                dhdp->memdump_type = DUMP_TYPE_SCAN_BUSY;
                dhd_bus_mem_dump(dhdp);
            }
#endif /* DHD_DEBUG && DHD_FW_COREDUMP */
            dhdp->hang_reason = HANG_REASON_SCAN_BUSY;
#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2, 6, 27))
            dhd_os_send_hang_message(dhdp);
#else
            WL_ERR(("%s: HANG event is unsupported\n", __FUNCTION__));
#endif /* LINUX_VERSION_CODE >= KERNEL_VERSION(2, 6, 27) && OEM_ANDROID */

            bzero(&bssid, sizeof(bssid));
            if ((ret = wldev_ioctl_get(ndev, WLC_GET_BSSID, &bssid,
                                       ETHER_ADDR_LEN)) == 0) {
                WL_ERR(("FW is connected with " MACDBG "\n",
                        MAC2STRDBG(bssid.octet)));
            } else {
                WL_ERR(("GET BSSID failed with %d\n", ret));
            }

            wl_cfg80211_scan_abort(cfg);
        } else {
            /* Hold the context for 400msec, so that 10 subsequent scans
             * can give a buffer of 4sec which is enough to
             * cover any on-going scan in the firmware
             */
            WL_DBG(("Enforcing delay for EBUSY case \n"));
            msleep(0x190);
        }
    } else {
        busy_count = 0;
    }

    return scanbusy_err;
}

s32 __wl_cfg80211_scan(struct wiphy *wiphy, struct net_device *ndev,
                       struct cfg80211_scan_request *request,
                       struct cfg80211_ssid *this_ssid)
{
    struct bcm_cfg80211 *cfg = wiphy_priv(wiphy);
    struct cfg80211_ssid *ssids;
    struct ether_addr primary_mac;
    bool p2p_ssid;
#ifdef WL11U
    bcm_tlv_t *interworking_ie;
#endif // endif
    s32 err = 0;
    s32 bssidx = -1;
    s32 i;
    bool escan_req_failed = false;
    s32 scanbusy_err = 0;

    unsigned long flags;
#ifdef WL_CFG80211_VSDB_PRIORITIZE_SCAN_REQUEST
    struct net_device *remain_on_channel_ndev = NULL;
#endif // endif
    /*
     * Hostapd triggers scan before starting automatic channel selection
     * to collect channel characteristics. However firmware scan engine
     * doesn't support any channel characteristics collection along with
     * scan. Hence return scan success.
     */
    if (request && (scan_req_iftype(request) == NL80211_IFTYPE_AP)) {
        WL_DBG(("Scan Command on SoftAP Interface. Ignoring...\n"));
        // terence 20161023: let it scan in SoftAP mode
    }

    ndev = ndev_to_wlc_ndev(ndev, cfg);

    if (WL_DRV_STATUS_SENDING_AF_FRM_EXT(cfg)) {
        WL_ERR(("Sending Action Frames. Try it again.\n"));
        return -EAGAIN;
    }

    WL_DBG(("Enter wiphy (%p)\n", wiphy));
    if (wl_get_drv_status_all(cfg, SCANNING)) {
        if (cfg->scan_request == NULL) {
            wl_clr_drv_status_all(cfg, SCANNING);
            WL_DBG(("<<<<<<<<<<<Force Clear Scanning Status>>>>>>>>>>>\n"));
        } else {
            WL_ERR(("Scanning already\n"));
            return -EAGAIN;
        }
    }
    if (wl_get_drv_status(cfg, SCAN_ABORTING, ndev)) {
        WL_ERR(("Scanning being aborted\n"));
        return -EAGAIN;
    }
    if (request && request->n_ssids > WL_SCAN_PARAMS_SSID_MAX) {
        WL_ERR(("request null or n_ssids > WL_SCAN_PARAMS_SSID_MAX\n"));
        return -EOPNOTSUPP;
    }
#ifdef WL_BCNRECV
    /* check fakeapscan in progress then abort */
    wl_android_bcnrecv_stop(ndev, WL_BCNRECV_SCANBUSY);
#endif /* WL_BCNRECV */

#ifdef WL_CFG80211_VSDB_PRIORITIZE_SCAN_REQUEST
    mutex_lock(&cfg->scan_sync);
    remain_on_channel_ndev = wl_cfg80211_get_remain_on_channel_ndev(cfg);
    if (remain_on_channel_ndev) {
        WL_DBG(
            ("Remain_on_channel bit is set, somehow it didn't get cleared\n"));
        wl_notify_escan_complete(cfg, remain_on_channel_ndev, true, true);
    }
    mutex_unlock(&cfg->scan_sync);
#endif /* WL_CFG80211_VSDB_PRIORITIZE_SCAN_REQUEST */

#ifdef P2P_LISTEN_OFFLOADING
    wl_cfg80211_cancel_p2plo(cfg);
#endif /* P2P_LISTEN_OFFLOADING */

    if (request) { /* scan bss */
        ssids = request->ssids;
        p2p_ssid = false;
        for (i = 0; i < request->n_ssids; i++) {
            if (ssids[i].ssid_len &&
                IS_P2P_SSID(ssids[i].ssid, ssids[i].ssid_len)) {
                /* P2P Scan */
#ifdef WL_BLOCK_P2P_SCAN_ON_STA
                if (!(IS_P2P_IFACE(request->wdev))) {
                    /* P2P scan on non-p2p iface. Fail scan */
                    WL_ERR(("p2p_search on non p2p iface\n"));
                    goto scan_out;
                }
#endif /* WL_BLOCK_P2P_SCAN_ON_STA */
                p2p_ssid = true;
                break;
            }
        }
        if (p2p_ssid) {
            if (cfg->p2p_supported) {
                /* p2p scan trigger */
                if (p2p_on(cfg) == false) {
                    /* p2p on at the first time */
                    p2p_on(cfg) = true;
                    wl_cfgp2p_set_firm_p2p(cfg);
                    get_primary_mac(cfg, &primary_mac);
#ifndef WL_P2P_USE_RANDMAC
                    wl_cfgp2p_generate_bss_mac(cfg, &primary_mac);
#endif /* WL_P2P_USE_RANDMAC */
#if defined(P2P_IE_MISSING_FIX)
                    cfg->p2p_prb_noti = false;
#endif // endif
                }
                wl_clr_p2p_status(cfg, GO_NEG_PHASE);
                WL_DBG(("P2P: GO_NEG_PHASE status cleared \n"));
                p2p_scan(cfg) = true;
            }
        } else {
            /* legacy scan trigger
             * So, we have to disable p2p discovery if p2p discovery is on
             */
            if (cfg->p2p_supported) {
                p2p_scan(cfg) = false;
                /* If Netdevice is not equals to primary and p2p is on
                 *  , we will do p2p scan using P2PAPI_BSSCFG_DEVICE.
                 */

                if (p2p_scan(cfg) == false) {
                    if (wl_get_p2p_status(cfg, DISCOVERY_ON)) {
                        err = wl_cfgp2p_discover_enable_search(cfg, false);
                        if (unlikely(err)) {
                            goto scan_out;
                        }
                    }
                }
            }
            if (!cfg->p2p_supported || !p2p_scan(cfg)) {
                if ((bssidx = wl_get_bssidx_by_wdev(cfg, ndev->ieee80211_ptr)) <
                    0) {
                    WL_ERR(("Find p2p index from ndev(%p) failed\n", ndev));
                    err = BCME_ERROR;
                    goto scan_out;
                }
#ifdef WL11U
                if (request &&
                    (interworking_ie = wl_cfg80211_find_interworking_ie(
                         request->ie, request->ie_len)) != NULL) {
                    if ((err = wl_cfg80211_add_iw_ie(
                             cfg, ndev, bssidx, VNDR_IE_CUSTOM_FLAG,
                             interworking_ie->id, interworking_ie->data,
                             interworking_ie->len)) != BCME_OK) {
                        WL_ERR(("Failed to add interworking IE"));
                    }
                } else if (cfg->wl11u) {
                    /* we have to clear IW IE and disable gratuitous APR */
                    wl_cfg80211_clear_iw_ie(cfg, ndev, bssidx);
                    err =
                        wldev_iovar_setint_bsscfg(ndev, "grat_arp", 0, bssidx);
                    /* we don't care about error here
                     * because the only failure case is unsupported,
                     * which is fine
                     */
                    if (unlikely(err)) {
                        WL_ERR(("Set grat_arp failed:(%d) Ignore!\n", err));
                    }
                    cfg->wl11u = FALSE;
                }
#endif /* WL11U */
                if (request) {
                    err = wl_cfg80211_set_mgmt_vndr_ies(
                        cfg, ndev_to_cfgdev(ndev), bssidx, VNDR_IE_PRBREQ_FLAG,
                        request->ie, request->ie_len);
                }

                if (unlikely(err)) {
                    // terence 20161023: let it scan in SoftAP mode
                }
            }
        }
    } else { /* scan in ibss */
        ssids = this_ssid;
    }

    if (request && cfg->p2p_supported) {
        WL_TRACE_HW4(("START SCAN\n"));
        DHD_OS_SCAN_WAKE_LOCK_TIMEOUT((dhd_pub_t *)(cfg->pub),
                                      SCAN_WAKE_LOCK_TIMEOUT);
        DHD_DISABLE_RUNTIME_PM((dhd_pub_t *)(cfg->pub));
    }

    if (cfg->p2p_supported) {
        if (request && p2p_on(cfg) && p2p_scan(cfg)) {
            /* find my listen channel */
            cfg->afx_hdl->my_listen_chan =
                wl_find_listen_channel(cfg, request->ie, request->ie_len);
            err = wl_cfgp2p_enable_discovery(cfg, ndev, request->ie,
                                             request->ie_len);
            if (unlikely(err)) {
                goto scan_out;
            }
        }
    }

    mutex_lock(&cfg->scan_sync);
#ifdef WL_EXT_IAPSTA
    if (wl_ext_in4way_sync(ndev, STA_FAKE_SCAN_IN_CONNECT,
                           WL_EXT_STATUS_SCANNING, NULL)) {
        goto scan_success;
    } else
#endif
        err = wl_do_escan(cfg, wiphy, ndev, request);
    if (likely(!err)) {
        goto scan_success;
    } else {
        escan_req_failed = true;
        goto scan_out;
    }

scan_success:
    wl_cfgscan_handle_scanbusy(cfg, ndev, BCME_OK);
    cfg->scan_request = request;
    wl_set_drv_status(cfg, SCANNING, ndev);
    /* Arm the timer */
    mod_timer(&cfg->scan_timeout,
              jiffies + msecs_to_jiffies(wl_get_scan_timeout_val(cfg)));
    mutex_unlock(&cfg->scan_sync);
    return 0;

scan_out:
    if (escan_req_failed) {
        WL_CFG_DRV_LOCK(&cfg->cfgdrv_lock, flags);
        cfg->scan_request = NULL;
        WL_CFG_DRV_UNLOCK(&cfg->cfgdrv_lock, flags);
        mutex_unlock(&cfg->scan_sync);
        /* Handling for scan busy errors */
        scanbusy_err = wl_cfgscan_handle_scanbusy(cfg, ndev, err);
        if (scanbusy_err == BCME_NOTREADY) {
            /* In case of bus failures avoid ioctl calls */
            DHD_OS_SCAN_WAKE_UNLOCK((dhd_pub_t *)(cfg->pub));
            return -ENODEV;
        }
        err = scanbusy_err;
    }

    DHD_OS_SCAN_WAKE_UNLOCK((dhd_pub_t *)(cfg->pub));
    return err;
}

s32
#if defined(WL_CFG80211_P2P_DEV_IF)
wl_cfg80211_scan(struct wiphy *wiphy, struct cfg80211_scan_request *request)
#else
wl_cfg80211_scan(struct wiphy *wiphy, struct net_device *ndev,
	struct cfg80211_scan_request *request)
#endif /* WL_CFG80211_P2P_DEV_IF */
{
    s32 err = 0;
    struct bcm_cfg80211 *cfg = wiphy_priv(wiphy);
#if defined(WL_CFG80211_P2P_DEV_IF)
    struct net_device *ndev = wdev_to_wlc_ndev(request->wdev, cfg);
#endif /* WL_CFG80211_P2P_DEV_IF */

    WL_DBG(("Enter\n"));
    RETURN_EIO_IF_NOT_UP(cfg);

#ifdef DHD_IFDEBUG
#ifdef WL_CFG80211_P2P_DEV_IF
    PRINT_WDEV_INFO(request->wdev);
#else
    PRINT_WDEV_INFO(ndev);
#endif /* WL_CFG80211_P2P_DEV_IF */
#endif /* DHD_IFDEBUG */

    if (ndev == bcmcfg_to_prmry_ndev(cfg)) {
        if (wl_cfg_multip2p_operational(cfg)) {
            WL_ERR(("wlan0 scan failed, p2p devices are operational"));
            return -ENODEV;
        }
    }
#ifdef WL_EXT_IAPSTA
    err = wl_ext_in4way_sync(ndev_to_wlc_ndev(ndev, cfg), STA_NO_SCAN_IN4WAY,
                             WL_EXT_STATUS_SCAN, NULL);
    if (err) {
        WL_SCAN(("scan suppressed %d\n", err));
        return err;
    }
#endif

    err = __wl_cfg80211_scan(wiphy, ndev, request, NULL);
    if (unlikely(err)) {
        WL_ERR(("scan error (%d)\n", err));
    }
#ifdef WL_DRV_AVOID_SCANCACHE
    /* Reset roam cache after successful scan request */
#ifdef ROAM_CHANNEL_CACHE
    if (!err) {
        reset_roam_cache(cfg);
    }
#endif /* ROAM_CHANNEL_CACHE */
#endif /* WL_DRV_AVOID_SCANCACHE */
    return err;
}

/* Note: This API should be invoked with scan_sync mutex
 * held so that scan_request data structures doesn't
 * get modified in between.
 */
struct wireless_dev *wl_get_scan_wdev(struct bcm_cfg80211 *cfg)
{
    struct wireless_dev *wdev = NULL;

    if (!cfg) {
        WL_ERR(("cfg ptr null\n"));
        return NULL;
    }

    if (!cfg->scan_request && !cfg->sched_scan_req) {
        /* No scans in progress */
        WL_MEM(("no scan in progress \n"));
        return NULL;
    }

    if (cfg->scan_request) {
        wdev = GET_SCAN_WDEV(cfg->scan_request);
#ifdef WL_SCHED_SCAN
    } else if (cfg->sched_scan_req) {
        wdev = GET_SCHED_SCAN_WDEV(cfg->sched_scan_req);
#endif /* WL_SCHED_SCAN */
    } else {
        WL_MEM(("no scan in progress \n"));
    }

    return wdev;
}

void wl_cfg80211_cancel_scan(struct bcm_cfg80211 *cfg)
{
    struct wireless_dev *wdev = NULL;
    struct net_device *ndev = NULL;

    mutex_lock(&cfg->scan_sync);
    if (!cfg->scan_request && !cfg->sched_scan_req) {
        /* No scans in progress */
        WL_INFORM_MEM(("No scan in progress\n"));
        goto exit;
    }

    wdev = wl_get_scan_wdev(cfg);
    if (!wdev) {
        WL_ERR(("No wdev present\n"));
        goto exit;
    }

    ndev = wdev_to_wlc_ndev(wdev, cfg);
    wl_notify_escan_complete(cfg, ndev, true, true);
    WL_INFORM_MEM(("Scan aborted! \n"));
exit:
    mutex_unlock(&cfg->scan_sync);
}

void wl_cfg80211_scan_abort(struct bcm_cfg80211 *cfg)
{
    void *params = NULL;
    s32 params_size = 0;
    s32 err = BCME_OK;
    struct net_device *dev = bcmcfg_to_prmry_ndev(cfg);
    u32 channel, channel_num;

    if (!in_atomic()) {
        /* Abort scan params only need space for 1 channel and 0 ssids */
        if (cfg->scan_params_v2) {
            params_size = WL_SCAN_PARAMS_V2_FIXED_SIZE + 1 * sizeof(uint16);
        } else {
            params_size = WL_SCAN_PARAMS_FIXED_SIZE + 1 * sizeof(uint16);
        }
        params = MALLOCZ(cfg->osh, params_size);
        if (params == NULL) {
            WL_ERR(("mem alloc failed (%d bytes)\n", params_size));
            return;
        }

        /* Use magic value of channel=-1 to abort scan */
        channel = htodchanspec(-1);
        channel_num = htod32((0 << WL_SCAN_PARAMS_NSSID_SHIFT) |
                             (1 & WL_SCAN_PARAMS_COUNT_MASK));
        if (cfg->scan_params_v2) {
            wl_scan_params_v2_t *params_v2 = (wl_scan_params_v2_t *)params;
            params_v2->channel_list[0] = channel;
            params_v2->channel_num = channel_num;
        } else {
            wl_scan_params_t *params_v1 = (wl_scan_params_t *)params;
            params_v1->channel_list[0] = channel;
            params_v1->channel_num = channel_num;
        }
        /* Do a scan abort to stop the driver's scan engine */
        err = wldev_ioctl_set(dev, WLC_SCAN, params, params_size);
        if (err < 0) {
            /* scan abort can fail if there is no outstanding scan */
            WL_DBG(("scan abort  failed. ret:%d\n", err));
        }
        MFREE(cfg->osh, params, params_size);
    }
#ifdef WLTDLS
    if (cfg->tdls_mgmt_frame) {
        MFREE(cfg->osh, cfg->tdls_mgmt_frame, cfg->tdls_mgmt_frame_len);
        cfg->tdls_mgmt_frame = NULL;
        cfg->tdls_mgmt_frame_len = 0;
    }
#endif /* WLTDLS */
}

s32 wl_notify_escan_complete(struct bcm_cfg80211 *cfg, struct net_device *ndev,
                             bool aborted, bool fw_abort)
{
    s32 err = BCME_OK;
    unsigned long flags;
    struct net_device *dev;
    dhd_pub_t *dhdp = (dhd_pub_t *)(cfg->pub);

    WL_DBG(("Enter \n"));
    BCM_REFERENCE(dhdp);

    if (!ndev) {
        WL_ERR(("ndev is null\n"));
        err = BCME_ERROR;
        goto out;
    }

    if (cfg->escan_info.ndev != ndev) {
        WL_ERR(("Outstanding scan req ndev not matching (%p:%p)\n",
                cfg->escan_info.ndev, ndev));
        err = BCME_ERROR;
        goto out;
    }

    if (cfg->scan_request) {
        dev = bcmcfg_to_prmry_ndev(cfg);
#if defined(WL_ENABLE_P2P_IF)
        if (cfg->scan_request->dev != cfg->p2p_net) {
            dev = cfg->scan_request->dev;
        }
#elif defined(WL_CFG80211_P2P_DEV_IF)
        if (cfg->scan_request->wdev->iftype != NL80211_IFTYPE_P2P_DEVICE) {
            dev = cfg->scan_request->wdev->netdev;
        }
#endif // endif
    } else {
        WL_DBG(("cfg->scan_request is NULL. Internal scan scenario."
                "doing scan_abort for ndev %p primary %p",
                ndev, bcmcfg_to_prmry_ndev(cfg)));
        dev = ndev;
    }
    if (fw_abort && !in_atomic()) {
        wl_cfg80211_scan_abort(cfg);
    }
    if (timer_pending(&cfg->scan_timeout)) {
        del_timer_sync(&cfg->scan_timeout);
    }
    cfg->scan_enq_time = 0;
#if defined(ESCAN_RESULT_PATCH)
    if (likely(cfg->scan_request)) {
#if (LINUX_VERSION_CODE >= KERNEL_VERSION(3, 8, 0))
        if (aborted && cfg->p2p && p2p_scan(cfg) &&
            (cfg->scan_request->flags & NL80211_SCAN_FLAG_FLUSH)) {
            WL_ERR(("scan list is changed"));
            cfg->bss_list = wl_escan_get_buf(cfg, !aborted);
        } else
#endif // endif
            cfg->bss_list = wl_escan_get_buf(cfg, aborted);

        wl_inform_bss(cfg);
    }
#endif /* ESCAN_RESULT_PATCH */
    WL_CFG_DRV_LOCK(&cfg->cfgdrv_lock, flags);
#ifdef WL_SCHED_SCAN
    if (cfg->sched_scan_req && !cfg->scan_request) {
        if (!aborted) {
            WL_INFORM_MEM(("[%s] Report sched scan done.\n", dev->name));
#if (LINUX_VERSION_CODE >= KERNEL_VERSION(4, 12, 0))
            cfg80211_sched_scan_results(cfg->sched_scan_req->wiphy,
                                        cfg->sched_scan_req->reqid);
#else
            cfg80211_sched_scan_results(cfg->sched_scan_req->wiphy);
#endif /* LINUX_VER > 4.11 */
        }

        DBG_EVENT_LOG(dhdp, WIFI_EVENT_DRIVER_PNO_SCAN_COMPLETE);
        cfg->sched_scan_running = FALSE;
        cfg->sched_scan_req = NULL;
    }
#endif /* WL_SCHED_SCAN */
    if (likely(cfg->scan_request)) {
        WL_INFORM_MEM(("[%s] Report scan done.\n", dev->name));
        /* scan_sync mutex is already held */
        _wl_notify_scan_done(cfg, aborted);
        cfg->scan_request = NULL;
    }
    if (p2p_is_on(cfg)) {
        wl_clr_p2p_status(cfg, SCANNING);
    }
    wl_clr_drv_status(cfg, SCANNING, dev);
    wake_up_interruptible(&dhdp->conf->event_complete);

    DHD_OS_SCAN_WAKE_UNLOCK((dhd_pub_t *)(cfg->pub));
    DHD_ENABLE_RUNTIME_PM((dhd_pub_t *)(cfg->pub));
    WL_CFG_DRV_UNLOCK(&cfg->cfgdrv_lock, flags);

out:
    return err;
}

#if (LINUX_VERSION_CODE >= KERNEL_VERSION(4, 5, 0))
void wl_cfg80211_abort_scan(struct wiphy *wiphy, struct wireless_dev *wdev)
{
    struct bcm_cfg80211 *cfg;

    WL_DBG(("Enter wl_cfg80211_abort_scan\n"));
    cfg = wiphy_priv(wdev->wiphy);
    /* Check if any scan in progress only then abort */
    if (wl_get_drv_status_all(cfg, SCANNING)) {
        wl_cfg80211_scan_abort(cfg);
        /* Only scan abort is issued here. As per the expectation of abort_scan
         * the status of abort is needed to be communicated using
         * cfg80211_scan_done call. Here we just issue abort request and let the
         * scan complete path to indicate abort to cfg80211 layer.
         */
        WL_DBG(("wl_cfg80211_abort_scan: Scan abort issued to FW\n"));
    }
}
#else
#ifdef CONFIG_AP6XXX_WIFI6_HDF
void wl_cfg80211_abort_scan(struct wiphy *wiphy, struct wireless_dev *wdev)
{
    struct bcm_cfg80211 *cfg;

    WL_DBG(("Enter wl_cfg80211_abort_scan\n"));
    cfg = wiphy_priv(wdev->wiphy);

    /* cancel scan and notify scan status */
    wl_cfg80211_cancel_scan(cfg);
}
#endif
#endif /* (LINUX_VERSION_CODE >= KERNEL_VERSION(4, 5, 0)) */

int wl_cfg80211_scan_stop(struct bcm_cfg80211 *cfg, bcm_struct_cfgdev *cfgdev)
{
    int ret = 0;

    WL_TRACE(("Enter\n"));

    if (!cfg || !cfgdev) {
        return -EINVAL;
    }

    /* cancel scan and notify scan status */
    wl_cfg80211_cancel_scan(cfg);

    return ret;
}

/* This API is just meant as a wrapper for cfg80211_scan_done
 * API. This doesn't do state mgmt. For cancelling scan,
 * please use wl_cfg80211_cancel_scan API.
 */
static void _wl_notify_scan_done(struct bcm_cfg80211 *cfg, bool aborted)
{
#if (LINUX_VERSION_CODE >= KERNEL_VERSION(4, 8, 0))
    struct cfg80211_scan_info info;
#endif // endif

    if (!cfg->scan_request) {
        return;
    }

#if (LINUX_VERSION_CODE >= KERNEL_VERSION(4, 8, 0))
    memset_s(&info, sizeof(struct cfg80211_scan_info), 0,
             sizeof(struct cfg80211_scan_info));
    info.aborted = aborted;

#ifndef CONFIG_AP6XXX_WIFI6_HDF
    cfg80211_scan_done(cfg->scan_request, &info);
#endif
#else
#ifndef CONFIG_AP6XXX_WIFI6_HDF
    cfg80211_scan_done(cfg->scan_request, aborted);
#endif
#endif // endif

#ifdef CONFIG_AP6XXX_WIFI6_HDF
    WifiScanFree(&cfg->scan_request);
#endif
    cfg->scan_request = NULL;
}

#ifdef WL_DRV_AVOID_SCANCACHE
static u32 wl_p2p_find_peer_channel(struct bcm_cfg80211 *cfg, s32 status,
                                    wl_bss_info_t *bi, u32 bi_length)
{
    u32 ret;
    u8 *p2p_dev_addr = NULL;

    ret = wl_get_drv_status_all(cfg, FINDING_COMMON_CHANNEL);
    if (!ret) {
        return ret;
    }
    if (status == WLC_E_STATUS_PARTIAL) {
        p2p_dev_addr = wl_cfgp2p_retreive_p2p_dev_addr(bi, bi_length);
        if (p2p_dev_addr &&
            !memcmp(p2p_dev_addr, cfg->afx_hdl->tx_dst_addr.octet,
                    ETHER_ADDR_LEN)) {
            s32 channel =
                wf_chspec_ctlchan(wl_chspec_driver_to_host(bi->chanspec));
            if ((channel > MAXCHANNEL) || (channel <= 0)) {
                channel = WL_INVALID;
            } else {
                WL_ERR(("ACTION FRAME SCAN : Peer " MACDBG " found,"
                        " channel : %d\n",
                        MAC2STRDBG(cfg->afx_hdl->tx_dst_addr.octet), channel));
            }
            wl_clr_p2p_status(cfg, SCANNING);
            cfg->afx_hdl->peer_chan = channel;
            complete(&cfg->act_frm_scan);
        }
    } else {
        WL_INFORM_MEM(("ACTION FRAME SCAN DONE\n"));
        wl_clr_p2p_status(cfg, SCANNING);
        wl_clr_drv_status(cfg, SCANNING, cfg->afx_hdl->dev);
        if (cfg->afx_hdl->peer_chan == WL_INVALID) {
            complete(&cfg->act_frm_scan);
        }
    }

    return ret;
}

static s32 wl_escan_without_scan_cache(struct bcm_cfg80211 *cfg,
                                       wl_escan_result_t *escan_result,
                                       struct net_device *ndev,
                                       const wl_event_msg_t *e, s32 status)
{
    s32 err = BCME_OK;
    wl_bss_info_t *bi;
    u32 bi_length;
    bool aborted = false;
    bool fw_abort = false;
    bool notify_escan_complete = false;

    if (wl_escan_check_sync_id(status, escan_result->sync_id,
                               cfg->escan_info.cur_sync_id) < 0) {
        goto exit;
    }

    wl_escan_print_sync_id(status, escan_result->sync_id,
                           cfg->escan_info.cur_sync_id);

    if (!(status == WLC_E_STATUS_TIMEOUT) ||
        !(status == WLC_E_STATUS_PARTIAL)) {
        cfg->escan_info.escan_state = WL_ESCAN_STATE_IDLE;
    }

    if ((likely(cfg->scan_request)) || (cfg->sched_scan_running)) {
        notify_escan_complete = true;
    }

    if (status == WLC_E_STATUS_PARTIAL) {
        WL_DBG(("WLC_E_STATUS_PARTIAL \n"));
        DBG_EVENT_LOG((dhd_pub_t *)cfg->pub,
                      WIFI_EVENT_DRIVER_SCAN_RESULT_FOUND);
        if ((!escan_result) || (dtoh16(escan_result->bss_count) != 1)) {
            WL_ERR(
                ("Invalid escan result (NULL pointer) or invalid bss_count\n"));
            goto exit;
        }

        bi = escan_result->bss_info;
        bi_length = dtoh32(bi->length);
        if ((!bi) || (bi_length != (dtoh32(escan_result->buflen) -
                                    WL_ESCAN_RESULTS_FIXED_SIZE))) {
            WL_ERR(("Invalid escan bss info (NULL pointer)"
                    "or invalid bss_info length\n"));
            goto exit;
        }

        if (!(bcmcfg_to_wiphy(cfg)->interface_modes &
              BIT(NL80211_IFTYPE_ADHOC))) {
            if (dtoh16(bi->capability) & DOT11_CAP_IBSS) {
                WL_DBG(("Ignoring IBSS result\n"));
                goto exit;
            }
        }

        if (wl_p2p_find_peer_channel(cfg, status, bi, bi_length)) {
            goto exit;
        } else {
            if (scan_req_match(cfg)) {
                /* p2p scan && allow only probe response */
                if ((cfg->p2p->search_state != WL_P2P_DISC_ST_SCAN) &&
                    (bi->flags & WL_BSS_FLAGS_FROM_BEACON)) {
                    goto exit;
                }
            }
#ifdef ROAM_CHANNEL_CACHE
            add_roam_cache(cfg, bi);
#endif /* ROAM_CHANNEL_CACHE */
            err = wl_inform_single_bss(cfg, bi, false);
#ifdef ROAM_CHANNEL_CACHE
            update_roam_cache(cfg, ioctl_version);
#endif /* ROAM_CHANNEL_CACHE */

            /*
             * !Broadcast && number of ssid = 1 && number of channels =1
             * means specific scan to association
             */
            if (wl_cfgp2p_is_p2p_specific_scan(cfg->scan_request)) {
                WL_ERR(("P2P assoc scan fast aborted.\n"));
                aborted = false;
                fw_abort = true;
            }
            /* Directly exit from function here and
             * avoid sending notify completion to cfg80211
             */
            goto exit;
        }
    } else if (status == WLC_E_STATUS_SUCCESS) {
        if (wl_p2p_find_peer_channel(cfg, status, NULL, 0)) {
            goto exit;
        }
        WL_INFORM_MEM(("ESCAN COMPLETED\n"));
        DBG_EVENT_LOG((dhd_pub_t *)cfg->pub, WIFI_EVENT_DRIVER_SCAN_COMPLETE);

        /* Update escan complete status */
        aborted = false;
        fw_abort = false;
    } else if ((status == WLC_E_STATUS_ABORT) ||
               (status == WLC_E_STATUS_NEWSCAN) ||
               (status == WLC_E_STATUS_11HQUIET) ||
               (status == WLC_E_STATUS_CS_ABORT) ||
               (status == WLC_E_STATUS_NEWASSOC)) {
        /* Handle all cases of scan abort */
        WL_DBG(("ESCAN ABORT reason: %d\n", status));
        if (wl_p2p_find_peer_channel(cfg, status, NULL, 0)) {
            goto exit;
        }
        WL_INFORM_MEM(("ESCAN ABORTED\n"));

        /* Update escan complete status */
        aborted = true;
        fw_abort = false;
    } else if (status == WLC_E_STATUS_TIMEOUT) {
        WL_ERR(
            ("WLC_E_STATUS_TIMEOUT : scan_request[%p]\n", cfg->scan_request));
        WL_ERR(("reason[0x%x]\n", e->reason));
        if (e->reason == 0xFFFFFFFF) {
            /* Update escan complete status */
            aborted = true;
            fw_abort = true;
        }
    } else {
        WL_ERR(("unexpected Escan Event %d : abort\n", status));

        if (wl_p2p_find_peer_channel(cfg, status, NULL, 0)) {
            goto exit;
        }
        /* Update escan complete status */
        aborted = true;
        fw_abort = false;
    }

    /* Notify escan complete status */
    if (notify_escan_complete) {
        wl_notify_escan_complete(cfg, ndev, aborted, fw_abort);
    }

exit:
    return err;
}
#endif /* WL_DRV_AVOID_SCANCACHE */

s32 wl_notify_scan_status(struct bcm_cfg80211 *cfg, bcm_struct_cfgdev *cfgdev,
                          const wl_event_msg_t *e, void *data)
{
    struct channel_info channel_inform;
    struct wl_scan_results *bss_list;
    struct net_device *ndev = NULL;
    u32 len = WL_SCAN_BUF_MAX;
    s32 err = 0;
    unsigned long flags;

    WL_DBG(("Enter \n"));
    if (!wl_get_drv_status(cfg, SCANNING, ndev)) {
        WL_DBG(("scan is not ready \n"));
        return err;
    }
    ndev = cfgdev_to_wlc_ndev(cfgdev, cfg);

    mutex_lock(&cfg->scan_sync);
    wl_clr_drv_status(cfg, SCANNING, ndev);
    bzero(&channel_inform, sizeof(channel_inform));
    err = wldev_ioctl_get(ndev, WLC_GET_CHANNEL, &channel_inform,
                          sizeof(channel_inform));
    if (unlikely(err)) {
        WL_ERR(("scan busy (%d)\n", err));
        goto scan_done_out;
    }
    channel_inform.scan_channel = dtoh32(channel_inform.scan_channel);
    if (unlikely(channel_inform.scan_channel)) {
        WL_DBG(("channel_inform.scan_channel (%d)\n",
                channel_inform.scan_channel));
    }
    cfg->bss_list = cfg->scan_results;
    bss_list = cfg->bss_list;
    bzero(bss_list, len);
    bss_list->buflen = htod32(len);
    err = wldev_ioctl_get(ndev, WLC_SCAN_RESULTS, bss_list, len);
    if (unlikely(err) && unlikely(!cfg->scan_suppressed)) {
        WL_ERR(("%s Scan_results error (%d)\n", ndev->name, err));
        err = -EINVAL;
        goto scan_done_out;
    }
    bss_list->buflen = dtoh32(bss_list->buflen);
    bss_list->version = dtoh32(bss_list->version);
    bss_list->count = dtoh32(bss_list->count);

    err = wl_inform_bss(cfg);

scan_done_out:
    del_timer_sync(&cfg->scan_timeout);
    WL_CFG_DRV_LOCK(&cfg->cfgdrv_lock, flags);
    if (cfg->scan_request) {
        _wl_notify_scan_done(cfg, false);
        cfg->scan_request = NULL;
    }
    WL_CFG_DRV_UNLOCK(&cfg->cfgdrv_lock, flags);
    WL_DBG(("cfg80211_scan_done\n"));
    mutex_unlock(&cfg->scan_sync);
    return err;
}

void wl_notify_scan_done(struct bcm_cfg80211 *cfg, bool aborted)
{
#if (LINUX_VERSION_CODE >= KERNEL_VERSION(4, 8, 0))
    struct cfg80211_scan_info info;

    bzero(&info, sizeof(struct cfg80211_scan_info));
    info.aborted = aborted;

#ifndef CONFIG_AP6XXX_WIFI6_HDF
    cfg80211_scan_done(cfg->scan_request, &info);
#endif
#else
#ifndef CONFIG_AP6XXX_WIFI6_HDF
    cfg80211_scan_done(cfg->scan_request, aborted);
#endif
#endif // endif

#ifdef CONFIG_AP6XXX_WIFI6_HDF
    WifiScanFree(&cfg->scan_request);
#endif
}

#ifdef WL_SCHED_SCAN
#define PNO_TIME 30
#define PNO_REPEAT 4
#define PNO_FREQ_EXPO_MAX 2
static bool is_ssid_in_list(struct cfg80211_ssid *ssid,
                            struct cfg80211_ssid *ssid_list, int count)
{
    int i;

    if (!ssid || !ssid_list) {
        return FALSE;
    }

    for (i = 0; i < count; i++) {
        if (ssid->ssid_len == ssid_list[i].ssid_len) {
            if (strncmp(ssid->ssid, ssid_list[i].ssid, ssid->ssid_len) == 0) {
                return TRUE;
            }
        }
    }
    return FALSE;
}

int wl_cfg80211_sched_scan_start(struct wiphy *wiphy, struct net_device *dev,
                                 struct cfg80211_sched_scan_request *request)
{
    ushort pno_time = PNO_TIME;
    int pno_repeat = PNO_REPEAT;
    int pno_freq_expo_max = PNO_FREQ_EXPO_MAX;
    wlc_ssid_ext_t ssids_local[MAX_PFN_LIST_COUNT];
    struct bcm_cfg80211 *cfg = wiphy_priv(wiphy);
    dhd_pub_t *dhdp = (dhd_pub_t *)(cfg->pub);
    struct cfg80211_ssid *ssid = NULL;
    struct cfg80211_ssid *hidden_ssid_list = NULL;
    log_conn_event_t *event_data = NULL;
    tlv_log *tlv_data = NULL;
    u32 alloc_len, tlv_len;
    u32 payload_len;
    int ssid_cnt = 0;
    int i;
    int ret = 0;
    unsigned long flags;

    if (!request) {
        WL_ERR(("Sched scan request was NULL\n"));
        return -EINVAL;
    }

    WL_DBG(("Enter \n"));
    WL_PNO((">>> SCHED SCAN START\n"));
    WL_PNO(("Enter n_match_sets:%d   n_ssids:%d \n", request->n_match_sets,
            request->n_ssids));
    WL_PNO(("ssids:%d pno_time:%d pno_repeat:%d pno_freq:%d \n",
            request->n_ssids, pno_time, pno_repeat, pno_freq_expo_max));

    if (!request->n_ssids || !request->n_match_sets) {
        WL_ERR(("Invalid sched scan req!! n_ssids:%d \n", request->n_ssids));
        return -EINVAL;
    }

    bzero(&ssids_local, sizeof(ssids_local));

    if (request->n_ssids > 0) {
        hidden_ssid_list = request->ssids;
    }

    if (DBG_RING_ACTIVE(dhdp, DHD_EVENT_RING_ID)) {
        alloc_len = sizeof(log_conn_event_t) + DOT11_MAX_SSID_LEN;
        event_data = (log_conn_event_t *)MALLOC(cfg->osh, alloc_len);
        if (!event_data) {
            WL_ERR(("%s: failed to allocate log_conn_event_t with "
                    "length(%d)\n",
                    __func__, alloc_len));
            return -ENOMEM;
        }
        bzero(event_data, alloc_len);
        event_data->tlvs = NULL;
        tlv_len = sizeof(tlv_log);
        event_data->tlvs = (tlv_log *)MALLOC(cfg->osh, tlv_len);
        if (!event_data->tlvs) {
            WL_ERR(("%s: failed to allocate log_tlv with "
                    "length(%d)\n",
                    __func__, tlv_len));
            MFREE(cfg->osh, event_data, alloc_len);
            return -ENOMEM;
        }
    }
    for (i = 0; i < request->n_match_sets && ssid_cnt < MAX_PFN_LIST_COUNT;
         i++) {
        ssid = &request->match_sets[i].ssid;
        /* No need to include null ssid */
        if (ssid->ssid_len) {
            ssids_local[ssid_cnt].SSID_len =
                MIN(ssid->ssid_len, (uint32)DOT11_MAX_SSID_LEN);
            /* In previous step max SSID_len is limited to DOT11_MAX_SSID_LEN,
             * returning void
             */
            (void)memcpy_s(ssids_local[ssid_cnt].SSID, DOT11_MAX_SSID_LEN,
                           ssid->ssid, ssids_local[ssid_cnt].SSID_len);
            if (is_ssid_in_list(ssid, hidden_ssid_list, request->n_ssids)) {
                ssids_local[ssid_cnt].hidden = TRUE;
                WL_PNO((">>> PNO hidden SSID (%s) \n", ssid->ssid));
            } else {
                ssids_local[ssid_cnt].hidden = FALSE;
                WL_PNO((">>> PNO non-hidden SSID (%s) \n", ssid->ssid));
            }
#if (LINUX_VERSION_CODE > KERNEL_VERSION(3, 15, 0))
            if (request->match_sets[i].rssi_thold !=
                NL80211_SCAN_RSSI_THOLD_OFF) {
                ssids_local[ssid_cnt].rssi_thresh =
                    (int8)request->match_sets[i].rssi_thold;
            }
#endif /* (LINUX_VERSION_CODE > KERNEL_VERSION(3, 15, 0)) */
            ssid_cnt++;
        }
    }

    if (ssid_cnt) {
        if ((ret = dhd_dev_pno_set_for_ssid(dev, ssids_local, ssid_cnt,
                                            pno_time, pno_repeat,
                                            pno_freq_expo_max, NULL, 0)) < 0) {
            WL_ERR(("PNO setup failed!! ret=%d \n", ret));
            ret = -EINVAL;
            goto exit;
        }

        if (DBG_RING_ACTIVE(dhdp, DHD_EVENT_RING_ID)) {
            for (i = 0; i < ssid_cnt; i++) {
                payload_len = sizeof(log_conn_event_t);
                event_data->event = WIFI_EVENT_DRIVER_PNO_ADD;
                tlv_data = event_data->tlvs;
                /* ssid */
                tlv_data->tag = WIFI_TAG_SSID;
                tlv_data->len = ssids_local[i].SSID_len;
                (void)memcpy_s(tlv_data->value, DOT11_MAX_SSID_LEN,
                               ssids_local[i].SSID, ssids_local[i].SSID_len);
                payload_len += TLV_LOG_SIZE(tlv_data);

                dhd_os_push_push_ring_data(dhdp, DHD_EVENT_RING_ID, event_data,
                                           payload_len);
            }
        }

        WL_CFG_DRV_LOCK(&cfg->cfgdrv_lock, flags);
        cfg->sched_scan_req = request;
        WL_CFG_DRV_UNLOCK(&cfg->cfgdrv_lock, flags);
    } else {
        ret = -EINVAL;
    }
exit:
    if (event_data) {
        MFREE(cfg->osh, event_data->tlvs, tlv_len);
        MFREE(cfg->osh, event_data, alloc_len);
    }
    return ret;
}

int
#if (LINUX_VERSION_CODE > KERNEL_VERSION(4, 11, 0))
wl_cfg80211_sched_scan_stop(struct wiphy *wiphy, struct net_device *dev, u64 reqid)
#else
wl_cfg80211_sched_scan_stop(struct wiphy *wiphy, struct net_device *dev)
#endif /* LINUX_VER > 4.11 */
{
    struct bcm_cfg80211 *cfg = wiphy_priv(wiphy);
    dhd_pub_t *dhdp = (dhd_pub_t *)(cfg->pub);
    unsigned long flags;

    WL_DBG(("Enter \n"));
    WL_PNO((">>> SCHED SCAN STOP\n"));

    if (dhd_dev_pno_stop_for_ssid(dev) < 0) {
        WL_ERR(("PNO Stop for SSID failed"));
    } else {
        DBG_EVENT_LOG(dhdp, WIFI_EVENT_DRIVER_PNO_REMOVE);
    }

    if (cfg->sched_scan_req || cfg->sched_scan_running) {
        WL_PNO((">>> Sched scan running. Aborting it..\n"));
        wl_cfg80211_cancel_scan(cfg);
    }
    WL_CFG_DRV_LOCK(&cfg->cfgdrv_lock, flags);
    cfg->sched_scan_req = NULL;
    cfg->sched_scan_running = FALSE;
    WL_CFG_DRV_UNLOCK(&cfg->cfgdrv_lock, flags);
    return 0;
}
#endif /* WL_SCHED_SCAN */

static void wl_scan_timeout(unsigned long data)
{
    wl_event_msg_t msg;
    struct bcm_cfg80211 *cfg = (struct bcm_cfg80211 *)data;
    struct wireless_dev *wdev = NULL;
    struct net_device *ndev = NULL;
    struct wl_scan_results *bss_list;
    wl_bss_info_t *bi = NULL;
    s32 i;
    u32 channel;
    u64 cur_time = OSL_LOCALTIME_NS();
    dhd_pub_t *dhdp = (dhd_pub_t *)(cfg->pub);
    unsigned long flags;
#ifdef RTT_SUPPORT
    rtt_status_info_t *rtt_status = NULL;
    UNUSED_PARAMETER(rtt_status);
#endif /* RTT_SUPPORT */

    UNUSED_PARAMETER(cur_time);
    WL_CFG_DRV_LOCK(&cfg->cfgdrv_lock, flags);
    if (!(cfg->scan_request)) {
        WL_ERR(("timer expired but no scan request\n"));
        WL_CFG_DRV_UNLOCK(&cfg->cfgdrv_lock, flags);
        return;
    }

    wdev = GET_SCAN_WDEV(cfg->scan_request);
    WL_CFG_DRV_UNLOCK(&cfg->cfgdrv_lock, flags);

    if (!wdev) {
        WL_ERR(("No wireless_dev present\n"));
        return;
    }

    if (dhd_query_bus_erros(dhdp)) {
        return;
    }
#if defined(DHD_KERNEL_SCHED_DEBUG) && defined(DHD_FW_COREDUMP)
    if (dhdp->memdump_enabled == DUMP_MEMFILE_BUGON &&
        ((cfg->scan_deq_time < cfg->scan_enq_time) ||
         dhd_bus_query_dpc_sched_errors(dhdp))) {
        WL_ERR(("****SCAN event timeout due to scheduling problem\n"));
        /* change g_assert_type to trigger Kernel panic */
        g_assert_type = 0x2;
#ifdef RTT_SUPPORT
        rtt_status = GET_RTTSTATE(dhdp);
#endif /* RTT_SUPPORT */
        WL_ERR((
            "***SCAN event timeout. WQ state:0x%x scan_enq_time:" SEC_USEC_FMT
            " evt_hdlr_entry_time:" SEC_USEC_FMT " evt_deq_time:" SEC_USEC_FMT
            "\nscan_deq_time:" SEC_USEC_FMT
            " scan_hdlr_cmplt_time:" SEC_USEC_FMT
            " scan_cmplt_time:" SEC_USEC_FMT " evt_hdlr_exit_time:" SEC_USEC_FMT
            "\ncurrent_time:" SEC_USEC_FMT "\n",
            work_busy(&cfg->event_work), GET_SEC_USEC(cfg->scan_enq_time),
            GET_SEC_USEC(cfg->wl_evt_hdlr_entry_time),
            GET_SEC_USEC(cfg->wl_evt_deq_time),
            GET_SEC_USEC(cfg->scan_deq_time),
            GET_SEC_USEC(cfg->scan_hdlr_cmplt_time),
            GET_SEC_USEC(cfg->scan_cmplt_time),
            GET_SEC_USEC(cfg->wl_evt_hdlr_exit_time), GET_SEC_USEC(cur_time)));
        if (cfg->scan_enq_time) {
            WL_ERR(
                ("Elapsed time(ns): %llu\n", (cur_time - cfg->scan_enq_time)));
        }
        WL_ERR(
            ("lock_states:[%d:%d:%d:%d:%d:%d]\n",
             mutex_is_locked(&cfg->if_sync), mutex_is_locked(&cfg->usr_sync),
             mutex_is_locked(&cfg->pm_sync), mutex_is_locked(&cfg->scan_sync),
             spin_is_locked(&cfg->cfgdrv_lock), spin_is_locked(&cfg->eq_lock)));
#ifdef RTT_SUPPORT
        WL_ERR(
            ("RTT lock_state:[%d]\n", mutex_is_locked(&rtt_status->rtt_mutex)));
#ifdef WL_NAN
        WL_ERR(("RTT and Geofence lock_states:[%d:%d]\n",
                mutex_is_locked(&cfg->nancfg.nan_sync),
                mutex_is_locked(&(rtt_status)->geofence_mutex)));
#endif /* WL_NAN */
#endif /* RTT_SUPPORT */

        /* use ASSERT() to trigger panic */
        ASSERT(0);
    }
#endif /* DHD_KERNEL_SCHED_DEBUG && DHD_FW_COREDUMP */
    dhd_bus_intr_count_dump(dhdp);

#if (LINUX_VERSION_CODE >= KERNEL_VERSION(4, 1, 0)) && !defined(CONFIG_MODULES)
    /* Print WQ states. Enable only for in-built drivers as the symbol is not
     * exported  */
    show_workqueue_state();
#endif /* LINUX_VER >= 4.1 && !CONFIG_MODULES */

    bss_list = wl_escan_get_buf(cfg, FALSE);
    if (!bss_list) {
        WL_ERR(("bss_list is null. Didn't receive any partial scan results\n"));
    } else {
        WL_ERR(("Dump scan buffer:\n"
                "scanned AP count (%d)\n",
                bss_list->count));

        bi = next_bss(bss_list, bi);
        for_each_bss(bss_list, bi, i)
        {
            channel = wf_chspec_ctlchan(wl_chspec_driver_to_host(bi->chanspec));
            WL_ERR(("SSID :%s  Channel :%d\n", bi->SSID, channel));
        }
    }

    ndev = wdev_to_wlc_ndev(wdev, cfg);
    bzero(&msg, sizeof(wl_event_msg_t));
    WL_ERR(("timer expired\n"));
    dhdp->scan_timeout_occurred = TRUE;
#ifdef BCMPCIE
    (void)dhd_pcie_dump_int_regs(dhdp);
    dhd_pcie_dump_rc_conf_space_cap(dhdp);
#endif /* BCMPCIE */
    /*
     * For the memdump sanity, blocking bus transactions for a while
     * Keeping it TRUE causes the sequential private cmd error
     */
    dhdp->scan_timeout_occurred = FALSE;
    msg.event_type = hton32(WLC_E_ESCAN_RESULT);
    msg.status = hton32(WLC_E_STATUS_TIMEOUT);
    msg.reason = 0xFFFFFFFF;
    wl_cfg80211_event(ndev, &msg, NULL);
}

s32 wl_init_scan(struct bcm_cfg80211 *cfg)
{
    int err = 0;

    cfg->evt_handler[WLC_E_ESCAN_RESULT] = wl_escan_handler;
    cfg->escan_info.escan_state = WL_ESCAN_STATE_IDLE;
    wl_escan_init_sync_id(cfg);

    /* Init scan_timeout timer */
    init_timer_compat(&cfg->scan_timeout, wl_scan_timeout, cfg);

    wl_cfg80211_set_bcmcfg(cfg);

    return err;
}

#ifdef WL_SCHED_SCAN
/* If target scan is not reliable, set the below define to "1" to do a
 * full escan
 */
#define FULL_ESCAN_ON_PFN_NET_FOUND 0
static s32 wl_notify_sched_scan_results(struct bcm_cfg80211 *cfg,
                                        struct net_device *ndev,
                                        const wl_event_msg_t *e, void *data)
{
    wl_pfn_net_info_v1_t *netinfo, *pnetinfo;
    wl_pfn_net_info_v2_t *netinfo_v2, *pnetinfo_v2;
    struct wiphy *wiphy = bcmcfg_to_wiphy(cfg);
    dhd_pub_t *dhdp = (dhd_pub_t *)(cfg->pub);
    int err = 0;
    struct cfg80211_scan_request *request = NULL;
    struct cfg80211_ssid ssid[MAX_PFN_LIST_COUNT];
    struct ieee80211_channel *channel = NULL;
    int channel_req = 0;
    int band = 0;
    wl_pfn_scanresults_v1_t *pfn_result_v1 = (wl_pfn_scanresults_v1_t *)data;
    wl_pfn_scanresults_v2_t *pfn_result_v2 = (wl_pfn_scanresults_v2_t *)data;
    int n_pfn_results = 0;
    log_conn_event_t *event_data = NULL;
    tlv_log *tlv_data = NULL;
    u32 alloc_len, tlv_len;
    u32 payload_len;
    u8 tmp_buf[DOT11_MAX_SSID_LEN + 1];

    WL_DBG(("Enter\n"));

    /* These static asserts guarantee v1/v2 net_info and subnet_info are
     * compatible in size and SSID offset, allowing v1 to be used below except
     * for the results fields themselves (status, count, offset to netinfo).
     */
    STATIC_ASSERT(sizeof(wl_pfn_net_info_v1_t) == sizeof(wl_pfn_net_info_v2_t));
    STATIC_ASSERT(sizeof(wl_pfn_lnet_info_v1_t) ==
                  sizeof(wl_pfn_lnet_info_v2_t));
    STATIC_ASSERT(sizeof(wl_pfn_subnet_info_v1_t) ==
                  sizeof(wl_pfn_subnet_info_v2_t));
    STATIC_ASSERT(OFFSETOF(wl_pfn_subnet_info_v1_t, SSID) ==
                  OFFSETOF(wl_pfn_subnet_info_v2_t, u.SSID));

    /* Extract the version-specific items */
    if (pfn_result_v1->version == PFN_SCANRESULT_VERSION_V1) {
        n_pfn_results = pfn_result_v1->count;
        pnetinfo = pfn_result_v1->netinfo;
        WL_INFORM_MEM(("PFN NET FOUND event. count:%d \n", n_pfn_results));

        if (n_pfn_results > 0) {
            int i;

            if (n_pfn_results > MAX_PFN_LIST_COUNT) {
                n_pfn_results = MAX_PFN_LIST_COUNT;
            }

            bzero(&ssid, sizeof(ssid));

            request = (struct cfg80211_scan_request *)MALLOCZ(
                cfg->osh,
                sizeof(*request) + sizeof(*request->channels) * n_pfn_results);
            channel = (struct ieee80211_channel *)MALLOCZ(
                cfg->osh, (sizeof(struct ieee80211_channel) * n_pfn_results));
            if (!request || !channel) {
                WL_ERR(("No memory"));
                err = -ENOMEM;
                goto out_err;
            }

            request->wiphy = wiphy;

            if (DBG_RING_ACTIVE(dhdp, DHD_EVENT_RING_ID)) {
                alloc_len = sizeof(log_conn_event_t) + DOT11_MAX_SSID_LEN +
                            sizeof(uint16) + sizeof(int16);
                event_data = (log_conn_event_t *)MALLOC(cfg->osh, alloc_len);
                if (!event_data) {
                    WL_ERR(("%s: failed to allocate the log_conn_event_t with "
                            "length(%d)\n",
                            __func__, alloc_len));
                    goto out_err;
                }
                tlv_len = 0x3 * sizeof(tlv_log);
                event_data->tlvs = (tlv_log *)MALLOC(cfg->osh, tlv_len);
                if (!event_data->tlvs) {
                    WL_ERR(("%s: failed to allocate the tlv_log with "
                            "length(%d)\n",
                            __func__, tlv_len));
                    goto out_err;
                }
            }

            for (i = 0; i < n_pfn_results; i++) {
                netinfo = &pnetinfo[i];
                if (!netinfo) {
                    WL_ERR(("Invalid netinfo ptr. index:%d", i));
                    err = -EINVAL;
                    goto out_err;
                }
                if (netinfo->pfnsubnet.SSID_len > DOT11_MAX_SSID_LEN) {
                    WL_ERR(("Wrong SSID length:%d\n",
                            netinfo->pfnsubnet.SSID_len));
                    err = -EINVAL;
                    goto out_err;
                }
                /* In previous step max SSID_len limited to DOT11_MAX_SSID_LEN
                 * and tmp_buf size is DOT11_MAX_SSID_LEN+1
                 */
                (void)memcpy_s(tmp_buf, DOT11_MAX_SSID_LEN,
                               netinfo->pfnsubnet.SSID,
                               netinfo->pfnsubnet.SSID_len);
                tmp_buf[netinfo->pfnsubnet.SSID_len] = '\0';
                WL_PNO((">>> SSID:%s Channel:%d \n", tmp_buf,
                        netinfo->pfnsubnet.channel));
                /* PFN result doesn't have all the info which are required by
                 * the supplicant. (For e.g IEs) Do a target Escan so that
                 * sched scan results are reported via wl_inform_single_bss in
                 * the required format. Escan does require the scan request in
                 * the form of cfg80211_scan_request. For timebeing, create
                 * cfg80211_scan_request one out of the received PNO event.
                 */

                ssid[i].ssid_len = netinfo->pfnsubnet.SSID_len;
                /* Returning void as ssid[i].ssid_len is limited to max of
                 * DOT11_MAX_SSID_LEN
                 */
                (void)memcpy_s(ssid[i].ssid, IEEE80211_MAX_SSID_LEN,
                               netinfo->pfnsubnet.SSID, ssid[i].ssid_len);
                request->n_ssids++;

                channel_req = netinfo->pfnsubnet.channel;
                band = (channel_req <= CH_MAX_2G_CHANNEL) ? NL80211_BAND_2GHZ
                                                          : NL80211_BAND_5GHZ;
                channel[i].center_freq =
                    ieee80211_channel_to_frequency(channel_req, band);
                channel[i].band = band;
                channel[i].flags |= IEEE80211_CHAN_NO_HT40;
                request->channels[i] = &channel[i];
                request->n_channels++;

                if (DBG_RING_ACTIVE(dhdp, DHD_EVENT_RING_ID)) {
                    payload_len = sizeof(log_conn_event_t);
                    event_data->event = WIFI_EVENT_DRIVER_PNO_NETWORK_FOUND;
                    tlv_data = event_data->tlvs;

                    /* ssid */
                    tlv_data->tag = WIFI_TAG_SSID;
                    tlv_data->len = ssid[i].ssid_len;
                    (void)memcpy_s(tlv_data->value, DOT11_MAX_SSID_LEN,
                                   ssid[i].ssid, ssid[i].ssid_len);
                    payload_len += TLV_LOG_SIZE(tlv_data);
                    tlv_data = TLV_LOG_NEXT(tlv_data);

                    /* channel */
                    tlv_data->tag = WIFI_TAG_CHANNEL;
                    tlv_data->len = sizeof(uint16);
                    (void)memcpy_s(tlv_data->value, sizeof(uint16),
                                   &channel_req, sizeof(uint16));
                    payload_len += TLV_LOG_SIZE(tlv_data);
                    tlv_data = TLV_LOG_NEXT(tlv_data);

                    /* rssi */
                    tlv_data->tag = WIFI_TAG_RSSI;
                    tlv_data->len = sizeof(int16);
                    (void)memcpy_s(tlv_data->value, sizeof(int16),
                                   &netinfo->RSSI, sizeof(int16));
                    payload_len += TLV_LOG_SIZE(tlv_data);
                    tlv_data = TLV_LOG_NEXT(tlv_data);

                    dhd_os_push_push_ring_data(dhdp, DHD_EVENT_RING_ID,
                                               &event_data->event, payload_len);
                }
            }

            /* assign parsed ssid array */
            if (request->n_ssids) {
                request->ssids = &ssid[0];
            }

            if (wl_get_drv_status_all(cfg, SCANNING)) {
                /* Abort any on-going scan */
                wl_cfg80211_cancel_scan(cfg);
            }

            if (wl_get_p2p_status(cfg, DISCOVERY_ON)) {
                WL_PNO((">>> P2P discovery was ON. Disabling it\n"));
                err = wl_cfgp2p_discover_enable_search(cfg, false);
                if (unlikely(err)) {
                    wl_clr_drv_status(cfg, SCANNING, ndev);
                    goto out_err;
                }
                p2p_scan(cfg) = false;
            }
            wl_set_drv_status(cfg, SCANNING, ndev);
#if FULL_ESCAN_ON_PFN_NET_FOUND
            WL_PNO((">>> Doing Full ESCAN on PNO event\n"));
            err = wl_do_escan(cfg, wiphy, ndev, NULL);
#else
            WL_PNO((">>> Doing targeted ESCAN on PNO event\n"));
            err = wl_do_escan(cfg, wiphy, ndev, request);
#endif // endif
            if (err) {
                wl_clr_drv_status(cfg, SCANNING, ndev);
                goto out_err;
            }
            DBG_EVENT_LOG(dhdp, WIFI_EVENT_DRIVER_PNO_SCAN_REQUESTED);
            cfg->sched_scan_running = TRUE;
        } else {
            WL_ERR(("FALSE PNO Event. (pfn_count == 0) \n"));
        }
    } else if (pfn_result_v2->version == PFN_SCANRESULT_VERSION_V2) {
        n_pfn_results = pfn_result_v2->count;
        pnetinfo_v2 = (wl_pfn_net_info_v2_t *)pfn_result_v2->netinfo;
        if (e->event_type == WLC_E_PFN_NET_LOST) {
            WL_PNO(("Do Nothing %d\n", e->event_type));
            return 0;
        }
        WL_INFORM_MEM(("PFN NET FOUND event. count:%d \n", n_pfn_results));

        if (n_pfn_results > 0) {
            int i;

            if (n_pfn_results > MAX_PFN_LIST_COUNT) {
                n_pfn_results = MAX_PFN_LIST_COUNT;
            }

            bzero(&ssid, sizeof(ssid));

            request = (struct cfg80211_scan_request *)MALLOCZ(
                cfg->osh,
                sizeof(*request) + sizeof(*request->channels) * n_pfn_results);
            channel = (struct ieee80211_channel *)MALLOCZ(
                cfg->osh, (sizeof(struct ieee80211_channel) * n_pfn_results));
            if (!request || !channel) {
                WL_ERR(("No memory"));
                err = -ENOMEM;
                goto out_err;
            }

            request->wiphy = wiphy;

            if (DBG_RING_ACTIVE(dhdp, DHD_EVENT_RING_ID)) {
                alloc_len = sizeof(log_conn_event_t) + DOT11_MAX_SSID_LEN +
                            sizeof(uint16) + sizeof(int16);
                event_data = (log_conn_event_t *)MALLOC(cfg->osh, alloc_len);
                if (!event_data) {
                    WL_ERR(("%s: failed to allocate the log_conn_event_t with "
                            "length(%d)\n",
                            __func__, alloc_len));
                    goto out_err;
                }
                tlv_len = 0x3 * sizeof(tlv_log);
                event_data->tlvs = (tlv_log *)MALLOC(cfg->osh, tlv_len);
                if (!event_data->tlvs) {
                    WL_ERR(("%s: failed to allocate the tlv_log with "
                            "length(%d)\n",
                            __func__, tlv_len));
                    goto out_err;
                }
            }

            for (i = 0; i < n_pfn_results; i++) {
                netinfo_v2 = &pnetinfo_v2[i];
                if (!netinfo_v2) {
                    WL_ERR(("Invalid netinfo ptr. index:%d", i));
                    err = -EINVAL;
                    goto out_err;
                }
                WL_PNO((">>> SSID:%s Channel:%d \n",
                        netinfo_v2->pfnsubnet.u.SSID,
                        netinfo_v2->pfnsubnet.channel));
                /* PFN result doesn't have all the info which are required by
                 * the supplicant. (For e.g IEs) Do a target Escan so that sched
                 * scan results are reported via wl_inform_single_bss in the
                 * required format. Escan does require the scan request in the
                 * form of cfg80211_scan_request. For timebeing, create
                 * cfg80211_scan_request one out of the received PNO event.
                 */
                ssid[i].ssid_len =
                    MIN(DOT11_MAX_SSID_LEN, netinfo_v2->pfnsubnet.SSID_len);
                /* max ssid_len as in previous step DOT11_MAX_SSID_LEN is same
                 * as DOT11_MAX_SSID_LEN = 32
                 */
                (void)memcpy_s(ssid[i].ssid, IEEE80211_MAX_SSID_LEN,
                               netinfo_v2->pfnsubnet.u.SSID, ssid[i].ssid_len);
                request->n_ssids++;

                channel_req = netinfo_v2->pfnsubnet.channel;
                band = (channel_req <= CH_MAX_2G_CHANNEL) ? NL80211_BAND_2GHZ
                                                          : NL80211_BAND_5GHZ;
                channel[i].center_freq =
                    ieee80211_channel_to_frequency(channel_req, band);
                channel[i].band = band;
                channel[i].flags |= IEEE80211_CHAN_NO_HT40;
                request->channels[i] = &channel[i];
                request->n_channels++;

                if (DBG_RING_ACTIVE(dhdp, DHD_EVENT_RING_ID)) {
                    payload_len = sizeof(log_conn_event_t);
                    event_data->event = WIFI_EVENT_DRIVER_PNO_NETWORK_FOUND;
                    tlv_data = event_data->tlvs;

                    /* ssid */
                    tlv_data->tag = WIFI_TAG_SSID;
                    tlv_data->len = netinfo_v2->pfnsubnet.SSID_len;
                    (void)memcpy_s(tlv_data->value, DOT11_MAX_SSID_LEN,
                                   ssid[i].ssid, ssid[i].ssid_len);
                    payload_len += TLV_LOG_SIZE(tlv_data);
                    tlv_data = TLV_LOG_NEXT(tlv_data);

                    /* channel */
                    tlv_data->tag = WIFI_TAG_CHANNEL;
                    tlv_data->len = sizeof(uint16);
                    (void)memcpy_s(tlv_data->value, sizeof(uint16),
                                   &channel_req, sizeof(uint16));
                    payload_len += TLV_LOG_SIZE(tlv_data);
                    tlv_data = TLV_LOG_NEXT(tlv_data);

                    /* rssi */
                    tlv_data->tag = WIFI_TAG_RSSI;
                    tlv_data->len = sizeof(int16);
                    (void)memcpy_s(tlv_data->value, sizeof(uint16),
                                   &netinfo_v2->RSSI, sizeof(int16));
                    payload_len += TLV_LOG_SIZE(tlv_data);
                    tlv_data = TLV_LOG_NEXT(tlv_data);

                    dhd_os_push_push_ring_data(dhdp, DHD_EVENT_RING_ID,
                                               &event_data->event, payload_len);
                }
            }

            /* assign parsed ssid array */
            if (request->n_ssids) {
                request->ssids = &ssid[0];
            }

            if (wl_get_drv_status_all(cfg, SCANNING)) {
                /* Abort any on-going scan */
                wl_cfg80211_cancel_scan(cfg);
            }

            if (wl_get_p2p_status(cfg, DISCOVERY_ON)) {
                WL_PNO((">>> P2P discovery was ON. Disabling it\n"));
                err = wl_cfgp2p_discover_enable_search(cfg, false);
                if (unlikely(err)) {
                    wl_clr_drv_status(cfg, SCANNING, ndev);
                    goto out_err;
                }
                p2p_scan(cfg) = false;
            }

            wl_set_drv_status(cfg, SCANNING, ndev);
#if FULL_ESCAN_ON_PFN_NET_FOUND
            WL_PNO((">>> Doing Full ESCAN on PNO event\n"));
            err = wl_do_escan(cfg, wiphy, ndev, NULL);
#else
            WL_PNO((">>> Doing targeted ESCAN on PNO event\n"));
            err = wl_do_escan(cfg, wiphy, ndev, request);
#endif // endif
            if (err) {
                wl_clr_drv_status(cfg, SCANNING, ndev);
                goto out_err;
            }
            DBG_EVENT_LOG(dhdp, WIFI_EVENT_DRIVER_PNO_SCAN_REQUESTED);
            cfg->sched_scan_running = TRUE;
        } else {
            WL_ERR(("FALSE PNO Event. (pfn_count == 0) \n"));
        }
    } else {
        WL_ERR(("Unsupported version %d, expected %d or %d\n",
                pfn_result_v1->version, PFN_SCANRESULT_VERSION_V1,
                PFN_SCANRESULT_VERSION_V2));
        return 0;
    }
out_err:
    if (request) {
        MFREE(cfg->osh, request,
              sizeof(*request) + sizeof(*request->channels) * n_pfn_results);
    }
    if (channel) {
        MFREE(cfg->osh, channel,
              (sizeof(struct ieee80211_channel) * n_pfn_results));
    }

    if (event_data) {
        if (event_data->tlvs) {
            MFREE(cfg->osh, event_data->tlvs, tlv_len);
        }
        MFREE(cfg->osh, event_data, alloc_len);
    }
    return err;
}
#endif /* WL_SCHED_SCAN */

#ifdef PNO_SUPPORT
s32 wl_notify_pfn_status(struct bcm_cfg80211 *cfg, bcm_struct_cfgdev *cfgdev,
                         const wl_event_msg_t *e, void *data)
{
    struct net_device *ndev = NULL;
#ifdef GSCAN_SUPPORT
    void *ptr;
    int send_evt_bytes = 0;
    u32 event = be32_to_cpu(e->event_type);
    struct wiphy *wiphy = bcmcfg_to_wiphy(cfg);
#endif /* GSCAN_SUPPORT */

    WL_INFORM_MEM((">>> PNO Event\n"));

    if (!data) {
        WL_ERR(("Data received is NULL!\n"));
        return 0;
    }

    ndev = cfgdev_to_wlc_ndev(cfgdev, cfg);
#ifdef GSCAN_SUPPORT
    ptr = dhd_dev_process_epno_result(ndev, data, event, &send_evt_bytes);
    if (ptr) {
        wl_cfgvendor_send_async_event(wiphy, ndev, GOOGLE_SCAN_EPNO_EVENT, ptr,
                                      send_evt_bytes);
        MFREE(cfg->osh, ptr, send_evt_bytes);
    }
    if (!dhd_dev_is_legacy_pno_enabled(ndev)) {
        return 0;
    }
#endif /* GSCAN_SUPPORT */

#ifndef WL_SCHED_SCAN
    mutex_lock(&cfg->usr_sync);
    CFG80211_DISCONNECTED(ndev, 0, NULL, 0, false, GFP_KERNEL);
    mutex_unlock(&cfg->usr_sync);
#else
    /* If cfg80211 scheduled scan is supported, report the pno results via sched
     * scan results
     */
    wl_notify_sched_scan_results(cfg, ndev, e, data);
#endif /* WL_SCHED_SCAN */
    return 0;
}
#endif /* PNO_SUPPORT */

#ifdef GSCAN_SUPPORT
s32 wl_notify_gscan_event(struct bcm_cfg80211 *cfg, bcm_struct_cfgdev *cfgdev,
                          const wl_event_msg_t *e, void *data)
{
    s32 err = 0;
    u32 event = be32_to_cpu(e->event_type);
    void *ptr = NULL;
    int send_evt_bytes = 0;
    int event_type;
    struct net_device *ndev = cfgdev_to_wlc_ndev(cfgdev, cfg);
    struct wiphy *wiphy = bcmcfg_to_wiphy(cfg);
    u32 len = ntoh32(e->datalen);
    u32 buf_len = 0;

    switch (event) {
        case WLC_E_PFN_BEST_BATCHING:
            err = dhd_dev_retrieve_batch_scan(ndev);
            if (err < 0) {
                WL_ERR(("Batch retrieval already in progress %d\n", err));
            } else {
                event_type = WIFI_SCAN_THRESHOLD_NUM_SCANS;
                if (data && len) {
                    event_type = *((int *)data);
                }
                wl_cfgvendor_send_async_event(wiphy, ndev,
                                              GOOGLE_GSCAN_BATCH_SCAN_EVENT,
                                              &event_type, sizeof(int));
            }
            break;
        case WLC_E_PFN_SCAN_COMPLETE:
            event_type = WIFI_SCAN_COMPLETE;
            wl_cfgvendor_send_async_event(wiphy, ndev,
                                          GOOGLE_SCAN_COMPLETE_EVENT,
                                          &event_type, sizeof(int));
            break;
        case WLC_E_PFN_BSSID_NET_FOUND:
            ptr = dhd_dev_hotlist_scan_event(ndev, data, &send_evt_bytes,
                                             HOTLIST_FOUND, &buf_len);
            if (ptr) {
                wl_cfgvendor_send_hotlist_event(
                    wiphy, ndev, ptr, send_evt_bytes,
                    GOOGLE_GSCAN_GEOFENCE_FOUND_EVENT);
                dhd_dev_gscan_hotlist_cache_cleanup(ndev, HOTLIST_FOUND);
            } else {
                err = -ENOMEM;
            }
            break;
        case WLC_E_PFN_BSSID_NET_LOST:
            /* WLC_E_PFN_BSSID_NET_LOST is conflict shared with
             * WLC_E_PFN_SCAN_ALLGONE We currently do not use
             * WLC_E_PFN_SCAN_ALLGONE, so if we get it, ignore
             */
            if (len) {
                ptr = dhd_dev_hotlist_scan_event(ndev, data, &send_evt_bytes,
                                                 HOTLIST_LOST, &buf_len);
                if (ptr) {
                    wl_cfgvendor_send_hotlist_event(
                        wiphy, ndev, ptr, send_evt_bytes,
                        GOOGLE_GSCAN_GEOFENCE_LOST_EVENT);
                    dhd_dev_gscan_hotlist_cache_cleanup(ndev, HOTLIST_LOST);
                    MFREE(cfg->osh, ptr, buf_len);
                } else {
                    err = -ENOMEM;
                }
            } else {
                err = -EINVAL;
            }
            break;
        case WLC_E_PFN_GSCAN_FULL_RESULT:
            ptr = dhd_dev_process_full_gscan_result(ndev, data, len,
                                                    &send_evt_bytes);
            if (ptr) {
                wl_cfgvendor_send_async_event(wiphy, ndev,
                                              GOOGLE_SCAN_FULL_RESULTS_EVENT,
                                              ptr, send_evt_bytes);
                MFREE(cfg->osh, ptr, send_evt_bytes);
            } else {
                err = -ENOMEM;
            }
            break;
        case WLC_E_PFN_SSID_EXT:
            ptr =
                dhd_dev_process_epno_result(ndev, data, event, &send_evt_bytes);
            if (ptr) {
                wl_cfgvendor_send_async_event(
                    wiphy, ndev, GOOGLE_SCAN_EPNO_EVENT, ptr, send_evt_bytes);
                MFREE(cfg->osh, ptr, send_evt_bytes);
            } else {
                err = -ENOMEM;
            }
            break;
        default:
            WL_ERR(("Unknown event %d\n", event));
            break;
    }
    return err;
}
#endif /* GSCAN_SUPPORT */

void wl_cfg80211_set_passive_scan(struct net_device *dev, char *command)
{
    struct bcm_cfg80211 *cfg = wl_get_cfg(dev);

    if (strcmp(command, "SCAN-ACTIVE") == 0) {
        cfg->active_scan = 1;
    } else if (strcmp(command, "SCAN-PASSIVE") == 0) {
        cfg->active_scan = 0;
    } else {
        WL_ERR(("Unknown command \n"));
    }
    return;
}