qcacmn: Fix dst_ring_desc memory leak in defrag case

For RX defrag, if incorrect SW peer ID is got from REO exception
ring descriptor, the expectation maybe is AP BSS peer ID but it
is replaced by other peer ID which like SAP self peer that won't
do dp_peer_rx_init, then in dp_rx_defrag_cleanup no chance to
run dp_rx_clear_saved_desc_info to free dst_ring_desc since
rx_tid[].array is NULL, memory leak happened.
  Call dp_rx_clear_saved_desc_info always in dp_rx_defrag_cleanup.

Change-Id: Ib1ebfbd976c817d5238ee48196388a8c88189ebc
CRs-Fixed: 2549913

dp/wifi3.0/dp_rx_defrag.c

@@ -84,6 +84,7 @@ static void dp_rx_clear_saved_desc_info(struct dp_peer *peer, unsigned tid)
 		qdf_mem_free(peer->rx_tid[tid].dst_ring_desc);
 
 	peer->rx_tid[tid].dst_ring_desc = NULL;
+	peer->rx_tid[tid].head_frag_desc = NULL;
 }
 
 static void dp_rx_return_head_frag_desc(struct dp_peer *peer,
@@ -1334,29 +1335,22 @@ void dp_rx_defrag_cleanup(struct dp_peer *peer, unsigned tid)
 	struct dp_rx_reorder_array_elem *rx_reorder_array_elem =
 				peer->rx_tid[tid].array;
 
-	if (!rx_reorder_array_elem) {
-		/*
-		 * if this condition is hit then somebody
-		 * must have reset this pointer to NULL.
-		 * array pointer usually points to base variable
-		 * of TID queue structure: "struct dp_rx_tid"
-		 */
+	if (rx_reorder_array_elem) {
+		/* Free up nbufs */
+		dp_rx_defrag_frames_free(rx_reorder_array_elem->head);
+		rx_reorder_array_elem->head = NULL;
+		rx_reorder_array_elem->tail = NULL;
+	} else {
 		dp_info("Cleanup self peer %pK and TID %u at MAC address %pM",
 			peer, tid, peer->mac_addr.raw);
-		return;
 	}
-	/* Free up nbufs */
-	dp_rx_defrag_frames_free(rx_reorder_array_elem->head);
 
 	/* Free up saved ring descriptors */
 	dp_rx_clear_saved_desc_info(peer, tid);
 
-	rx_reorder_array_elem->head = NULL;
-	rx_reorder_array_elem->tail = NULL;
 	peer->rx_tid[tid].defrag_timeout_ms = 0;
 	peer->rx_tid[tid].curr_frag_num = 0;
 	peer->rx_tid[tid].curr_seq_num = 0;
-	peer->rx_tid[tid].head_frag_desc = NULL;
 }
 
 /*