From a9e487b7d0a6f4bfa96e17f0d41f41e75b80685c Mon Sep 17 00:00:00 2001
From: Kamal Negi <kamaln@codeaurora.org>
Date: Tue, 27 Sep 2016 19:50:25 +0530
Subject: [PATCH] fm: synchronize dequeue_fm_tx_cmd function

In dequeue_fm_tx_cmd function, there is race condition happened between
command credits decrement and event received for command sent. After
sending command to SoC, event received immediately and processed before
it decrement the command credits, hence command credits become zero and
it stuck in condition wait for command credits and FM failure happens.

Change-Id: Ibb2cf98ade08bbc9b25946d2368b1b7e428397bc
---
 fm_hci/fm_hci.c | 13 ++++++++-----
 1 file changed, 8 insertions(+), 5 deletions(-)

diff --git a/fm_hci/fm_hci.c b/fm_hci/fm_hci.c
index 8c6173a..2fafe83 100644
--- a/fm_hci/fm_hci.c
+++ b/fm_hci/fm_hci.c
@@ -138,12 +138,11 @@ static void dequeue_fm_tx_cmd(struct fm_hci_t *hci)
         }
         pthread_mutex_unlock(&hci->tx_q_lock);
 
-wait_for_cmd_credits:
         pthread_mutex_lock(&hci->credit_lock);
+wait_for_cmd_credits:
         while (hci->command_credits == 0) {
               pthread_cond_wait(&hci->cmd_credits_cond, &hci->credit_lock);
         }
-        pthread_mutex_unlock(&hci->credit_lock);
 
         /* Check if we really got the command credits */
         if (hci->command_credits) {
@@ -160,14 +159,18 @@ again:
             count = 0;
 
             /* Decrement cmd credits by '1' after sending the cmd*/
-            pthread_mutex_lock(&hci->credit_lock);
             hci->command_credits--;
-            pthread_mutex_unlock(&hci->credit_lock);
+            if (temp->hdr)
+                free(temp->hdr);
+            free(temp);
         } else {
-            if (!lib_running)
+            if (!lib_running) {
+                pthread_mutex_unlock(&hci->credit_lock);
                 break;
+            }
             goto wait_for_cmd_credits;
         }
+        pthread_mutex_unlock(&hci->credit_lock);
     }
 }
 
-- 
GitLab