qcacmn: Use correct skb headroom size to update radiotap header

Size of rx_pkt_hdr tlv structure is used to check if there is enough
space in the SKB to add radiotap header.
The issue is seen due to a single SKB can hold the multiple TLVs and
the next subsequent SKB has the data. In this case, there is no headroom
available in the second SKB. Therefore crash seen while adding the
radiotap header in the second SKB.

To fix this issue, check if the SKB has enough headroom space. If not,
drop the frame.

Change-Id: Icd11f946c0aee974dde2ef21f59cfe3d8b87fa5d
CRs-Fixed: 2480719

dp/wifi3.0/dp_rx_mon_dest.c

@@ -963,8 +963,13 @@ QDF_STATUS dp_rx_mon_deliver(struct dp_soc *soc, uint32_t mac_id,
 		if (pdev->ppdu_info.rx_status.chan_num == 0)
 			pdev->ppdu_info.rx_status.chan_num = pdev->mon_chan_num;
 
-		qdf_nbuf_update_radiotap(&(pdev->ppdu_info.rx_status),
-			mon_mpdu, sizeof(struct rx_pkt_tlvs));
+		if (!qdf_nbuf_update_radiotap(&pdev->ppdu_info.rx_status,
+					      mon_mpdu,
+					      qdf_nbuf_headroom(mon_mpdu))) {
+			DP_STATS_INC(pdev, dropped.mon_radiotap_update_err, 1);
+			goto mon_deliver_fail;
+		}
+
 		pdev->monitor_vdev->osif_rx_mon(pdev->monitor_vdev->osif_vdev,
 						mon_mpdu,
 						&pdev->ppdu_info.rx_status);
@@ -1029,8 +1034,12 @@ QDF_STATUS dp_rx_mon_deliver_non_std(struct dp_soc *soc,
 		pdev->ppdu_info.com_info.ppdu_id;
 
 	/* Apply the radio header to this dummy skb */
-	qdf_nbuf_update_radiotap(&pdev->ppdu_info.rx_status,
-				 dummy_msdu, MAX_MONITOR_HEADER);
+	if (!qdf_nbuf_update_radiotap(&pdev->ppdu_info.rx_status, dummy_msdu,
+				      qdf_nbuf_headroom(dummy_msdu))) {
+		DP_STATS_INC(pdev, dropped.mon_radiotap_update_err, 1);
+		qdf_nbuf_free(dummy_msdu);
+		goto mon_deliver_non_std_fail;
+	}
 
 	/* deliver to the user layer application */
 	osif_rx_mon(pdev->monitor_vdev->osif_vdev,