qcacmn: Fix vdev obj manager reference release in serialization

Vdev object manager reference should be taken before enqueuing
serialization command and it should be released after dequeuing the
command from serialization queue. Currently this reference release is
done before moving the command to active queue from pending queue.
This may lead to vdev object deletion before the command is moved to
active queue and result in use after free access for vdev object.

To resolve this, release vdev object reference after moving the
serialization command to active queue.

Change-Id: Ibef0814a245abb36f526997d848cf15ef6a49a44
CRs-Fixed: 2832676

umac/cmn_services/serialization/src/wlan_serialization_internal.c

@@ -513,15 +513,6 @@ wlan_serialization_dequeue_cmd(struct wlan_serialization_command *cmd,
 
 	wlan_serialization_release_lock(&pdev_queue->pdev_queue_lock);
 
-	/* Call cmd cb for remove request*/
-	if (cmd_bkup.cmd_cb) {
-		/* caller should release the memory */
-		ser_debug("Release memory for type %d id %d",
-			  cmd_bkup.cmd_type, cmd_bkup.cmd_id);
-		cmd_bkup.cmd_cb(&cmd_bkup,
-				     WLAN_SER_CB_RELEASE_MEM_CMD);
-	}
-
 	if (active_cmd) {
 		ser_status = wlan_serialization_move_pending_to_active(
 			cmd_bkup.cmd_type, ser_pdev_obj,
@@ -529,6 +520,14 @@ wlan_serialization_dequeue_cmd(struct wlan_serialization_command *cmd,
 			blocking_cmd_removed);
 	}
 
+	/* Call cmd cb for remove request*/
+	if (cmd_bkup.cmd_cb) {
+		/* caller should release the memory */
+		ser_debug("Release memory for type %d id %d",
+			  cmd_bkup.cmd_type, cmd_bkup.cmd_id);
+		cmd_bkup.cmd_cb(&cmd_bkup, WLAN_SER_CB_RELEASE_MEM_CMD);
+	}
+
 	if (active_cmd)
 		status = WLAN_SER_CMD_IN_ACTIVE_LIST;
 	else