qcacmn: Fix check for the pointer to next TLV

The pointer to next TLV in status buffer is considered
as valid, only if atleast the TLV header size is available
within the status buffer.

Change-Id: Ic222bfab4790853ee012de4b0a860ab037972ff5
CRs-Fixed: 3378058

dp/wifi3.0/monitor/1.0/dp_rx_mon_status_1.0.c

@@ -487,8 +487,11 @@ dp_rx_mon_status_process_tlv(struct dp_soc *soc, struct dp_intr *int_ctx,
 				rx_tlv = hal_rx_status_get_next_tlv(rx_tlv,
 						mon_pdev->is_tlv_hdr_64_bit);
 
-				if (qdf_unlikely((rx_tlv - rx_tlv_start)) >=
-					RX_MON_STATUS_BUF_SIZE)
+				if (qdf_unlikely(((rx_tlv - rx_tlv_start) >=
+						RX_MON_STATUS_BUF_SIZE) ||
+						(RX_MON_STATUS_BUF_SIZE -
+						(rx_tlv - rx_tlv_start) <
+						mon_pdev->tlv_hdr_size)))
 					break;
 
 			} while ((tlv_status == HAL_TLV_STATUS_PPDU_NOT_DONE) ||

dp/wifi3.0/monitor/dp_mon.c

@@ -5614,12 +5614,15 @@ static void dp_mon_pdev_per_target_config(struct dp_pdev *pdev)
 	target_type = hal_get_target_type(soc->hal_soc);
 	switch (target_type) {
 	case TARGET_TYPE_KIWI:
+	case TARGET_TYPE_QCN9224:
 	case TARGET_TYPE_MANGO:
 	case TARGET_TYPE_PEACH:
 		mon_pdev->is_tlv_hdr_64_bit = true;
+		mon_pdev->tlv_hdr_size = HAL_RX_TLV64_HDR_SIZE;
 		break;
 	default:
 		mon_pdev->is_tlv_hdr_64_bit = false;
+		mon_pdev->tlv_hdr_size = HAL_RX_TLV32_HDR_SIZE;
 		break;
 	}
 }

dp/wifi3.0/monitor/dp_mon.h

@@ -1172,6 +1172,8 @@ struct  dp_mon_pdev {
 	bool reset_scan_spcl_vap_stats_enable;
 #endif
 	bool is_tlv_hdr_64_bit;
+	/* TLV header size*/
+	uint8_t tlv_hdr_size;
 
 	/* Invalid monitor peer to account for stats in mcopy mode */
 	struct dp_mon_peer *invalid_mon_peer;