nfc: nci: Fix uninit-value in nci_rx_work

mainline inclusion
from mainline-v6.10-rc1
commit e4a87abf588536d1cdfb128595e6e680af5cf3ed
category: bugfix
bugzilla: https://gitee.com/src-openeuler/kernel/issues/I9QG8F
CVE: CVE-2024-35915

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=e4a87abf588536d1cdfb128595e6e680af5cf3ed



--------------------------------

syzbot reported the following uninit-value access issue [1]

nci_rx_work() parses received packet from ndev->rx_q. It should be
validated header size, payload size and total packet size before
processing the packet. If an invalid packet is detected, it should be
silently discarded.

Fixes: d24b03535e5e ("nfc: nci: Fix uninit-value in nci_dev_up and nci_ntf_packet")
Reported-and-tested-by:  <syzbot+d7b4dc6cd50410152534@syzkaller.appspotmail.com>
Closes: https://syzkaller.appspot.com/bug?extid=d7b4dc6cd50410152534

 [1]
Signed-off-by: Ryosuke Yasuoka <ryasuoka@redhat.com>
Reviewed-by: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
Signed-off-by: David S. Miller <davem@davemloft.net>

Conflicts:
    net/nfc/nci/core.c
[Some contexts around nci_valid_size different. No functional impact.]
Signed-off-by: Zheng Zucheng <zhengzucheng@huawei.com>