qcacmn: Fix stale rx buffer allocation from refill thread

When NBUFs are allocated from the refill thread buffer
queue, there is a very rare possibility of attaching same
NBUF to two different SW RX descriptors. When this happens,
it may result in a scenario where the driver submits the
NBUF to network stack but still operates on the same buffer
in the driver. Both network stack and driver will operate
on the buffer simultaneously resulting in stability issues.

Allocating same NBUF can happen when the buffer queue head
pointer is incremented before the NBUFF is updated in the
buffer queue head. In the replenish path, this can result
in old/stale NBUF allocation.

To fix this, introduce a write memory barrier before updating
the buffer queue head pointer.

CRs-Fixed: 4142932
Change-Id: Ifc7a0a9ac0489d4ffe3f74a7ea064d68a993c731

dp/wifi3.0/dp_rx_buffer_pool.c

@@ -174,6 +174,13 @@ void dp_rx_refill_buff_pool_enqueue(struct dp_soc *soc)
 			count++;
 		}
 
+		/* All operations above have to be completed before
+		 * assigning the head pointer to buff_pool->head.
+		 * Otherwise, we will end up using a stale NBUF in
+		 * the RX replenish path.
+		 */
+		qdf_wmb();
+
 		if (count) {
 			buff_pool->head = head;
 			total_num_refill -= count;