qcacld-3.0: Resolve double free during cleanup of vdev request

On vdev response timer expire, memory allocated for vdev request
will be freed in the timer handler(wma_vdev_resp_timer). But there
can be a race condition where wlan shutdown is invoked at the same
time, where host tried to cleanup unhandled vdev requests by calling
same timer handler.

To mitigate this issue don't free the memory if vdev request is not
found(as other thread freed memory by this time)

Change-Id: Iea214f0ed3acb9600b5a3b84b5740c1b496719d9
CRs-Fixed: 2049673

core/wma/src/wma_dev_if.c

@@ -2950,15 +2950,6 @@ void wma_vdev_resp_timer(void *data)
 		goto free_tgt_req;
 	}
 
-	pdev = cds_get_context(QDF_MODULE_ID_TXRX);
-
-	if (NULL == pdev) {
-		WMA_LOGE("%s: Failed to get pdev", __func__);
-		wma_cleanup_target_req_param(tgt_req);
-		qdf_mc_timer_stop(&tgt_req->event_timeout);
-		goto free_tgt_req;
-	}
-
 	WMA_LOGA("%s: request %d is timed out for vdev_id - %d", __func__,
 		 tgt_req->msg_type, tgt_req->vdev_id);
 	msg = wma_find_vdev_req(wma, tgt_req->vdev_id, tgt_req->type, true);
@@ -2966,7 +2957,15 @@ void wma_vdev_resp_timer(void *data)
 	if (!msg) {
 		WMA_LOGE("%s: Failed to lookup request message - %d",
 			 __func__, tgt_req->msg_type);
+		return;
+	}
+
+	pdev = cds_get_context(QDF_MODULE_ID_TXRX);
+
+	if (NULL == pdev) {
+		WMA_LOGE("%s: Failed to get pdev", __func__);
 		wma_cleanup_target_req_param(tgt_req);
+		qdf_mc_timer_stop(&tgt_req->event_timeout);
 		goto free_tgt_req;
 	}