From 89339b7e3aee0c4508b628b6f93f6b716168c64c Mon Sep 17 00:00:00 2001
From: Jeevan Kukkalli <quic_jeevank@quicinc.com>
Date: Tue, 22 Aug 2023 00:57:49 +0530
Subject: [PATCH] qcacmn: Add check for invalid frame ctrl version

Add check for invalid frame control version while
handling raw frames with FCS errors

Change-Id: I443bb20c5516604ff3ba797570118b3b2123dbd5
CRs-Fixed: 3589137
---
 dp/inc/cdp_txrx_stats_struct.h              | 1 +
 dp/wifi3.0/dp_stats.c                       | 2 ++
 dp/wifi3.0/monitor/1.0/dp_rx_mon_dest_1.0.c | 9 +++++++++
 3 files changed, 12 insertions(+)

diff --git a/dp/inc/cdp_txrx_stats_struct.h b/dp/inc/cdp_txrx_stats_struct.h
index 86dc62d81f..4385e197d7 100644
--- a/dp/inc/cdp_txrx_stats_struct.h
+++ b/dp/inc/cdp_txrx_stats_struct.h
@@ -3202,6 +3202,7 @@ struct cdp_pdev_stats {
 		/* Monitor mode related */
 		uint32_t mon_rx_drop;
 		uint32_t mon_radiotap_update_err;
+		uint32_t mon_ver_err;
 	} dropped;
 
 	struct {
diff --git a/dp/wifi3.0/dp_stats.c b/dp/wifi3.0/dp_stats.c
index e77f84161f..58d18e2529 100644
--- a/dp/wifi3.0/dp_stats.c
+++ b/dp/wifi3.0/dp_stats.c
@@ -8247,6 +8247,8 @@ dp_print_pdev_rx_stats(struct dp_pdev *pdev)
 		       pdev->stats.dropped.mon_rx_drop);
 	DP_PRINT_STATS("        mon_radiotap_update_err = %u",
 		       pdev->stats.dropped.mon_radiotap_update_err);
+	DP_PRINT_STATS("        mon_ver_err = %u",
+		       pdev->stats.dropped.mon_ver_err);
 	DP_PRINT_STATS("        mec_drop = %llu",
 		       pdev->stats.rx.mec_drop.num);
 	DP_PRINT_STATS("	Bytes = %llu",
diff --git a/dp/wifi3.0/monitor/1.0/dp_rx_mon_dest_1.0.c b/dp/wifi3.0/monitor/1.0/dp_rx_mon_dest_1.0.c
index e20913cc42..eadcda30e7 100644
--- a/dp/wifi3.0/monitor/1.0/dp_rx_mon_dest_1.0.c
+++ b/dp/wifi3.0/monitor/1.0/dp_rx_mon_dest_1.0.c
@@ -1960,6 +1960,15 @@ dp_rx_mon_frag_restitch_mpdu_from_msdus(struct dp_soc *soc,
 	 * packet in RAW mode.
 	 */
 	if (buf_info.is_decap_raw == 1) {
+		if (qdf_unlikely(mon_pdev->ppdu_info.rx_status.rs_fcs_err)) {
+			hdr_desc = hal_rx_desc_get_80211_hdr(soc->hal_soc, rx_desc);
+			wh = (struct ieee80211_frame *)hdr_desc;
+			if ((wh->i_fc[0] & QDF_IEEE80211_FC0_VERSION_MASK) !=
+			    QDF_IEEE80211_FC0_VERSION_0) {
+				DP_STATS_INC(dp_pdev, dropped.mon_ver_err, 1);
+				return NULL;
+			}
+		}
 		dp_rx_mon_fraglist_prepare(head_msdu, tail_msdu);
 		goto mpdu_stitch_done;
 	}