qcedev: ensure sequential req_done on error

req_done is usually scheduled on success scenarios as
it needs to wakeup the sleep thread. However, in the
scenario where sleep has timed out, there is nothing to
wake up, and req_done can be called sequentially instead
of scheduling it (which might cause use after free).

Test: OEMCrypto tests.

Change-Id: I296076fcb43d91d16b00f08819dca45bd9049198
Signed-off-by: Gaurav Kashyap <[email protected]>

crypto-qti/qcedev.c

@@ -315,8 +315,9 @@ static void req_done(unsigned long data)
 	areq = podev->active_command;
 	podev->active_command = NULL;
 
-	if (areq && !areq->timed_out) {
-		complete(&areq->complete);
+	if (areq) {
+		if (!areq->timed_out)
+			complete(&areq->complete);
 		areq->state = QCEDEV_REQ_DONE;
 	}
 
@@ -812,7 +813,7 @@ static int submit_req(struct qcedev_async_req *qcedev_areq,
 			pr_err("%s: error during manage timeout", __func__);
 
 		spin_unlock_irqrestore(&podev->lock, flags);
-		tasklet_schedule(&podev->done_tasklet);
+		req_done((unsigned long) podev);
 		if (qcedev_areq->offload_cipher_op_req.err !=
 						QCEDEV_OFFLOAD_NO_ERROR)
 			return 0;