qcacmn: fix nbuf free reuse during invalid peer data processing

For MCL function dp_rx_process_invalid_peer, there is corner case the
nbuf is not data and freed, but invalid_peer_head_msdu pointe to the
same nbuf in pdev is not reset to NULL, then invalid_peer_head_msdu is
reused again.
Reset invalid peer msdu list to NULL when nbuf is freed.

Change-Id: I73058afe9656c34971ea083faa19ef9d90b7f747
CRs-Fixed: 2356531

dp/wifi3.0/dp_rx.c

@@ -812,8 +812,8 @@ uint8_t dp_rx_process_invalid_peer(struct dp_soc *soc, qdf_nbuf_t mpdu)
 	wh = (struct ieee80211_frame *)rx_pkt_hdr;
 
 	if (!DP_FRAME_IS_DATA(wh)) {
-		QDF_TRACE(QDF_MODULE_ID_DP, QDF_TRACE_LEVEL_DEBUG,
-			  "only for data frames");
+		QDF_TRACE_ERROR_RL(QDF_MODULE_ID_DP,
+				   "only for data frames");
 		goto free;
 	}
 
@@ -822,7 +822,7 @@ uint8_t dp_rx_process_invalid_peer(struct dp_soc *soc, qdf_nbuf_t mpdu)
 			  "Invalid nbuf length");
 		goto free;
 	}
-	/* reset the head and tail pointers */
+
 	for (i = 0; i < MAX_PDEV_CNT; i++) {
 		pdev = soc->pdev_list[i];
 		if (!pdev) {
@@ -832,9 +832,6 @@ uint8_t dp_rx_process_invalid_peer(struct dp_soc *soc, qdf_nbuf_t mpdu)
 			continue;
 		}
 
-		pdev->invalid_peer_head_msdu = NULL;
-		pdev->invalid_peer_tail_msdu = NULL;
-
 		qdf_spin_lock_bh(&pdev->vdev_list_lock);
 		DP_PDEV_ITERATE_VDEV_LIST(pdev, vdev) {
 			if (qdf_mem_cmp(wh->i_addr1, vdev->mac_addr.raw,
@@ -856,6 +853,20 @@ out:
 	if (soc->cdp_soc.ol_ops->rx_invalid_peer)
 		soc->cdp_soc.ol_ops->rx_invalid_peer(vdev->vdev_id, wh);
 free:
+	/* reset the head and tail pointers */
+	for (i = 0; i < MAX_PDEV_CNT; i++) {
+		pdev = soc->pdev_list[i];
+		if (!pdev) {
+			QDF_TRACE(QDF_MODULE_ID_DP,
+				  QDF_TRACE_LEVEL_ERROR,
+				  "PDEV not found");
+			continue;
+		}
+
+		pdev->invalid_peer_head_msdu = NULL;
+		pdev->invalid_peer_tail_msdu = NULL;
+	}
+
 	/* Drop and free packet */
 	curr_nbuf = mpdu;
 	while (curr_nbuf) {

dp/wifi3.0/dp_rx_err.c

@@ -407,6 +407,16 @@ dp_rx_2k_jump_handle(struct dp_soc *soc, void *ring_desc,
 				mac_id, quota);
 }
 
+#ifdef CONFIG_MCL
+#define DP_PDEV_INVALID_PEER_MSDU_CHECK(head, tail) \
+		do {                                \
+			qdf_assert_always(!(head)); \
+			qdf_assert_always(!(tail)); \
+		} while (0)
+#else
+#define DP_PDEV_INVALID_PEER_MSDU_CHECK(head, tail) /* no op */
+#endif
+
 /**
  * dp_rx_chain_msdus() - Function to chain all msdus of a mpdu
  *                       to pdev invalid peer list
@@ -466,6 +476,13 @@ dp_rx_chain_msdus(struct dp_soc *soc, qdf_nbuf_t nbuf, uint8_t *rx_tlv_hdr,
 		mpdu_done = true;
 	}
 
+	/*
+	 * For MCL, invalid_peer_head_msdu and invalid_peer_tail_msdu
+	 * should be NULL here, add the checking for debugging purpose
+	 * in case some corner case.
+	 */
+	DP_PDEV_INVALID_PEER_MSDU_CHECK(dp_pdev->invalid_peer_head_msdu,
+					dp_pdev->invalid_peer_tail_msdu);
 	DP_RX_LIST_APPEND(dp_pdev->invalid_peer_head_msdu,
 				dp_pdev->invalid_peer_tail_msdu,
 				nbuf);