qcacmn: Flush TxLookupQueue for WMI_CONTROL_SVC during htc_stop

TX comletion for WMI_FORCE_FW_HANG_CMDID would come after
TARGET_STATUS_RESET is set. In such a senario, there would
be memory leak.

Flush TxLookupQueue for WMI_CONTROL_SVC during htc_stop.
Since netbuf is freed in ISR, just free HTC frame here.

Change-Id: I5fab3effda1db70fa9b1208c854231a88b48309b
CRs-Fixed: 2242862

htc/htc.c

@@ -187,7 +187,7 @@ static void htc_cleanup(HTC_TARGET *target)
 	}
 #endif
 
-	htc_flush_endpoint_txlookupQ(target, ENDPOINT_0);
+	htc_flush_endpoint_txlookupQ(target, ENDPOINT_0, true);
 
 	qdf_spinlock_destroy(&target->HTCLock);
 	qdf_spinlock_destroy(&target->HTCRxLock);
@@ -831,6 +831,17 @@ void htc_stop(HTC_HANDLE HTCHandle)
 	UNLOCK_HTC_RX(target);
 #endif
 
+	/**
+	 * In SSR case, HTC tx completion callback for wmi will be blocked
+	 * by TARGET_STATUS_RESET and HTC packets will be left unfreed on
+	 * lookup queue.
+	 */
+	for (i = 0; i < ENDPOINT_MAX; i++) {
+		pEndpoint = &target->endpoint[i];
+		if (pEndpoint->service_id == WMI_CONTROL_SVC)
+			htc_flush_endpoint_txlookupQ(target, i, false);
+	}
+
 	reset_endpoint_states(target);
 
 	AR_DEBUG_PRINTF(ATH_DEBUG_TRC, ("-htc_stop\n"));

htc/htc_internal.h

@@ -296,8 +296,18 @@ void free_htc_packet_container(HTC_TARGET *target, HTC_PACKET *pPacket);
 void htc_flush_rx_hold_queue(HTC_TARGET *target, HTC_ENDPOINT *pEndpoint);
 void htc_flush_endpoint_tx(HTC_TARGET *target, HTC_ENDPOINT *pEndpoint,
 			   HTC_TX_TAG Tag);
+
+/**
+ * htc_flush_endpoint_txlookupQ() - Flush EP's lookup queue
+ * @target: HTC target
+ * @endpoint_id: EP ID
+ * @call_ep_callback: whether to call EP tx completion callback
+ *
+ * Return: void
+ */
 void htc_flush_endpoint_txlookupQ(HTC_TARGET *target,
-				  HTC_ENDPOINT_ID endpoint_id);
+				  HTC_ENDPOINT_ID endpoint_id,
+				  bool call_ep_callback);
 
 void htc_recv_init(HTC_TARGET *target);
 QDF_STATUS htc_wait_recv_ctrl_message(HTC_TARGET *target);

htc/htc_send.c

@@ -2064,7 +2064,8 @@ void htc_flush_endpoint_tx(HTC_TARGET *target, HTC_ENDPOINT *pEndpoint,
 
 /* flush pending entries in endpoint TX Lookup queue */
 void htc_flush_endpoint_txlookupQ(HTC_TARGET *target,
-				  HTC_ENDPOINT_ID endpoint_id)
+				  HTC_ENDPOINT_ID endpoint_id,
+				  bool call_ep_callback)
 {
 	HTC_PACKET *packet;
 	HTC_ENDPOINT *endpoint;
@@ -2078,8 +2079,12 @@ void htc_flush_endpoint_txlookupQ(HTC_TARGET *target,
 		packet = htc_packet_dequeue(&endpoint->TxLookupQueue);
 
 		if (packet) {
-			packet->Status = QDF_STATUS_E_CANCELED;
-			send_packet_completion(target, packet);
+			if (call_ep_callback == true) {
+				packet->Status = QDF_STATUS_E_CANCELED;
+				send_packet_completion(target, packet);
+			} else {
+				qdf_mem_free(packet);
+			}
 		}
 	}
 }