qcacmn: Get next node and then delete current queue

It will delete current node and then get next node by current node, which cause NULL pointer access. Change-Id: Ieb1f1fe924d4c86368e340b2482f2ffdb09f301f CRs-Fixed: 2297087
2018-08-16 13:25:29 +08:00
commit 23ae49236f
--- a/umac/p2p/core/src/wlan_p2p_off_chan_tx.c
+++ b/umac/p2p/core/src/wlan_p2p_off_chan_tx.c
@@ -1721,6 +1721,8 @@ QDF_STATUS p2p_process_cleanup_tx_queue(struct p2p_cleanup_param *param)
 	while (QDF_IS_STATUS_SUCCESS(status)) {
 		curr_tx_ctx = qdf_container_of(p_node,
 					struct tx_action_context, node);
+		status = qdf_list_peek_next(&p2p_soc_obj->tx_q_roc,
+					    p_node, &p_node);
 		if ((vdev_id == P2P_INVALID_VDEV_ID) ||
 		    (vdev_id == curr_tx_ctx->vdev_id)) {
 			ret = qdf_list_remove_node(&p2p_soc_obj->tx_q_roc,
@@ -1733,8 +1735,6 @@ QDF_STATUS p2p_process_cleanup_tx_queue(struct p2p_cleanup_param *param)
 				p2p_err("remove %pK from roc_q fail",
 					curr_tx_ctx);
 		}
-		status = qdf_list_peek_next(&p2p_soc_obj->tx_q_roc,
-					    p_node, &p_node);
 	}

 	p2p_debug("clean up tx queue wait for ack, size:%d",
@@ -1744,6 +1744,8 @@ QDF_STATUS p2p_process_cleanup_tx_queue(struct p2p_cleanup_param *param)
 	while (QDF_IS_STATUS_SUCCESS(status)) {
 		curr_tx_ctx = qdf_container_of(p_node,
 					struct tx_action_context, node);
+		status = qdf_list_peek_next(&p2p_soc_obj->tx_q_ack,
+					    p_node, &p_node);
 		if ((vdev_id == P2P_INVALID_VDEV_ID) ||
 		    (vdev_id == curr_tx_ctx->vdev_id)) {
 			ret = qdf_list_remove_node(&p2p_soc_obj->tx_q_ack,
@@ -1757,8 +1759,6 @@ QDF_STATUS p2p_process_cleanup_tx_queue(struct p2p_cleanup_param *param)
 				p2p_err("remove %pK from roc_q fail",
 					curr_tx_ctx);
 		}
-		status = qdf_list_peek_next(&p2p_soc_obj->tx_q_ack,
-					    p_node, &p_node);
 	}

 	qdf_event_set(&p2p_soc_obj->cleanup_tx_done);