qcacmn: Update first_msdu_payload once per status nbuf

first_msdu_payload is updated for every WIFIRX_HEADER_E
TLV received in the status nbuf and this could result
in incorrect offset into the nbuf for the first MSDU
if the PPDU has multiple MPDUs. Also, the size variable
used is 8 bit for the calculation of offset into the nbuf
for the frame which could result in possible overflow.

Fix is to update first_msdu_payload only for the first
WIFIRX_HEADER_E TLV entry for a PPDU and increase the
width of size variable to avoid possible integer overflow.

Change-Id: Ic12cb11328fc1414bd7a68fa941fa0ef764c8b1f
CRs-Fixed: 3788496

dp/wifi3.0/monitor/dp_rx_mon.c

@@ -1,6 +1,6 @@
 /*
  * Copyright (c) 2021 The Linux Foundation. All rights reserved.
- * Copyright (c) 2021-2023 Qualcomm Innovation Center, Inc. All rights reserved.
+ * Copyright (c) 2021-2024 Qualcomm Innovation Center, Inc. All rights reserved.
  *
  * Permission to use, copy, modify, and/or distribute this software for
  * any purpose with or without fee is hereby granted, provided that the
@@ -1671,7 +1671,7 @@ int dp_rx_handle_local_pkt_capture(struct dp_pdev *pdev,
 				   struct hal_rx_ppdu_info *ppdu_info,
 				   qdf_nbuf_t nbuf)
 {
-	uint8_t size;
+	uint16_t size;
 	struct dp_mon_vdev *mon_vdev;
 	struct dp_mon_pdev *mon_pdev = pdev->monitor_pdev;
 

hal/wifi3.0/be/hal_be_api_mon.h

@@ -3635,7 +3635,8 @@ hal_rx_status_get_tlv_info_generic_be(void *rx_tlv_hdr, void *ppduinfo,
 		ppdu_info->ppdu_msdu_info[ppdu_info->fcs_ok_cnt].first_msdu_payload =
 			rx_tlv;
 		ppdu_info->ppdu_msdu_info[ppdu_info->fcs_ok_cnt].payload_len = tlv_len;
-		ppdu_info->msdu_info.first_msdu_payload = rx_tlv;
+		if (!ppdu_info->msdu_info.first_msdu_payload)
+			ppdu_info->msdu_info.first_msdu_payload = rx_tlv;
 		ppdu_info->msdu_info.payload_len = tlv_len;
 		ppdu_info->user_id = user_id;
 		ppdu_info->hdr_len = tlv_len;