From a3a9160cf876b9ec522ba12f47603ecdbab09718 Mon Sep 17 00:00:00 2001 From: Tiger Yu Date: Sat, 15 Feb 2020 19:28:08 +0800 Subject: [PATCH] qcacmn: Destroy the queue_kicker work which is triggered by RPM resume There might be a race condition between htc_kick_queues which is sheduled by RPM resume and hdd_wlan_stop_modules. Here are detail info: 1. Run time resume is called, which will schedule a work to do the htc_kick_queues later. 2. hdd_wlan_stop_modules is called at the same time, which will call htc_destroy to free the HTC_TARGET. 3. the htc_kick_queues will access the HTC_TARGET, but it has been freed. Change-Id: I7211a8eef2a2f1924fe91eafec5a4496eea5a507 CRs-Fixed: 2622317 --- htc/htc.c | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/htc/htc.c b/htc/htc.c index 06c1ea4ff3..41ff94c816 100644 --- a/htc/htc.c +++ b/htc/htc.c @@ -253,8 +253,26 @@ int htc_runtime_resume(HTC_HANDLE htc_ctx) qdf_sched_work(0, &target->queue_kicker); return 0; } + +/** + * htc_runtime_pm_deinit(): runtime pm related de-intialization + * + * need to de-initialize the work item. + * + * @target: HTC target pointer + * + */ +static void htc_runtime_pm_deinit(HTC_TARGET *target) +{ + if (!target) + return; + + qdf_destroy_work(0, &target->queue_kicker); +} + #else static inline void htc_runtime_pm_init(HTC_TARGET *target) { } +static inline void htc_runtime_pm_deinit(HTC_TARGET *target) { } #endif #if defined(DEBUG_HL_LOGGING) && defined(CONFIG_HL_SUPPORT) @@ -839,6 +857,8 @@ void htc_stop(HTC_HANDLE HTCHandle) AR_DEBUG_PRINTF(ATH_DEBUG_TRC, ("+htc_stop\n")); + htc_runtime_pm_deinit(target); + HTC_INFO("%s: endpoints cleanup\n", __func__); /* cleanup endpoints */ for (i = 0; i < ENDPOINT_MAX; i++) {