qcacld-3.0: Fix use-after-free for peer->access_list

In ol_txrx_peer_release_ref, it is possible that this function is
scheduled out when just unlock peer_ref_mutex, unmap event will
come to decrease ref_cnt and free peer object, when
ol_txrx_peer_release_ref is scheduled back and access peer info,
it will cause use-after-free.

Get peer info in the protection of peer_ref_mutex.

Change-Id: Ic442f53e0993a931c4411d9dbc85f04d6a85dc46
CRs-Fixed: 2180584

core/dp/txrx/ol_txrx.c

@@ -3415,6 +3415,7 @@ int ol_txrx_peer_release_ref(ol_txrx_peer_handle peer,
 	struct ol_txrx_vdev_t *vdev;
 	struct ol_txrx_pdev_t *pdev;
 	bool ref_silent = false;
+	int access_list = 0;
 
 	/* preconditions */
 	TXRX_ASSERT2(peer);
@@ -3598,12 +3599,13 @@ int ol_txrx_peer_release_ref(ol_txrx_peer_handle peer,
 
 		qdf_mem_free(peer);
 	} else {
+		access_list = qdf_atomic_read(
+						&peer->access_list[debug_id]);
 		qdf_spin_unlock_bh(&pdev->peer_ref_mutex);
 		if (!ref_silent)
 			ol_txrx_info_high("[%d][%d]: ref delete peer %p ref_cnt -> %d",
 					debug_id,
-					qdf_atomic_read(
-						&peer->access_list[debug_id]),
+					access_list,
 					peer, rc);
 	}
 	return rc;