From a5a3a1e49dd4fa2e13c60d6648e0cd9f1aa455b9 Mon Sep 17 00:00:00 2001
From: Manjunathappa Prakash <prakashpm@codeaurora.org>
Date: Tue, 5 Feb 2019 19:58:05 -0800
Subject: [PATCH] qcacmn: Ignore fragmented packet before peer TID setup

peer->rx_tid[tid].array is initiailized when peer TID is setup.
It seems like we are processing the fragmented Rx packet before peer
TID is setup. Drop the fragmented packet in this case.

Change-Id: Ic076e59a9074efff9fed9f9154aa973c41f67341
CRs-Fixed: 2388684
---
 dp/wifi3.0/dp_peer.c      |  5 -----
 dp/wifi3.0/dp_rx_defrag.c | 12 ++++++++++--
 2 files changed, 10 insertions(+), 7 deletions(-)

diff --git a/dp/wifi3.0/dp_peer.c b/dp/wifi3.0/dp_peer.c
index d88c07efed..be5ea35cc2 100644
--- a/dp/wifi3.0/dp_peer.c
+++ b/dp/wifi3.0/dp_peer.c
@@ -2027,11 +2027,6 @@ void dp_peer_rx_init(struct dp_pdev *pdev, struct dp_peer *peer)
 
 		rx_tid->defrag_waitlist_elem.tqe_next = NULL;
 		rx_tid->defrag_waitlist_elem.tqe_prev = NULL;
-
-#ifdef notyet /* TODO: See if this is required for exception handling */
-		/* invalid sequence number */
-		peer->tids_last_seq[tid] = 0xffff;
-#endif
 	}
 
 	peer->active_ba_session_cnt = 0;
diff --git a/dp/wifi3.0/dp_rx_defrag.c b/dp/wifi3.0/dp_rx_defrag.c
index aebaf49808..92cfc6abf1 100644
--- a/dp/wifi3.0/dp_rx_defrag.c
+++ b/dp/wifi3.0/dp_rx_defrag.c
@@ -1393,8 +1393,6 @@ static QDF_STATUS dp_rx_defrag_store_fragment(struct dp_soc *soc,
 	pdev = peer->vdev->pdev;
 	rx_tid = &peer->rx_tid[tid];
 
-	rx_reorder_array_elem = peer->rx_tid[tid].array;
-
 	mpdu_sequence_control_valid =
 		hal_rx_get_mpdu_sequence_control_valid(rx_desc->rx_buf_start);
 
@@ -1433,6 +1431,16 @@ static QDF_STATUS dp_rx_defrag_store_fragment(struct dp_soc *soc,
 	 */
 	fragno = dp_rx_frag_get_mpdu_frag_number(rx_desc->rx_buf_start);
 
+	rx_reorder_array_elem = peer->rx_tid[tid].array;
+	if (!rx_reorder_array_elem) {
+		QDF_TRACE(QDF_MODULE_ID_TXRX, QDF_TRACE_LEVEL_ERROR,
+			  "Rcvd Fragmented pkt before peer_tid is setup");
+		qdf_nbuf_free(frag);
+		dp_rx_add_to_free_desc_list(head, tail, rx_desc);
+		*rx_bfs = 1;
+		goto end;
+	}
+
 	/*
 	 * !more_frag: no more fragments to be delivered
 	 * !frag_no: packet is not fragmented