Merge "msm: camera: icp: Avoid accessing released memory in abort/destroy" into dev/msm-4.9-camx

	unsigned long rem_jiffies;

	size_t packet_size;

	int timeout = 100;

	struct hfi_cmd_work_data *task_data;

	struct hfi_cmd_ipebps_async *abort_cmd;

	struct crm_workq_task *task;

	task = cam_req_mgr_workq_get_task(icp_hw_mgr.cmd_work);

	if (!task)

		return -ENOMEM;

	packet_size =

		sizeof(struct hfi_cmd_ipebps_async) +

	abort_cmd->user_data1 = (uint64_t)ctx_data;

	abort_cmd->user_data2 = (uint64_t)0x0;

	task_data = (struct hfi_cmd_work_data *)task->payload;

	task_data->data = (void *)abort_cmd;

	task_data->request_id = 0;

	task_data->type = ICP_WORKQ_TASK_CMD_TYPE;

	task->process_cb = cam_icp_mgr_process_cmd;

	rc = cam_req_mgr_workq_enqueue_task(task, &icp_hw_mgr,

		CRM_TASK_PRIORITY_0);

	rc = hfi_write_cmd(abort_cmd);

	if (rc) {

		kfree(abort_cmd);

		return rc;

		CAM_ERR(CAM_ICP, "FW timeout/err in abort handle command");

	}

	kfree(abort_cmd);

	return rc;

}

	int timeout = 100;

	unsigned long rem_jiffies;

	size_t packet_size;

	struct hfi_cmd_work_data *task_data;

	struct hfi_cmd_ipebps_async *destroy_cmd;

	struct crm_workq_task *task;

	task = cam_req_mgr_workq_get_task(icp_hw_mgr.cmd_work);

	if (!task)

		return -ENOMEM;

	packet_size =

		sizeof(struct hfi_cmd_ipebps_async) +

	memcpy(destroy_cmd->payload.direct, &ctx_data->temp_payload,

		sizeof(uint64_t));

	task_data = (struct hfi_cmd_work_data *)task->payload;

	task_data->data = (void *)destroy_cmd;

	task_data->request_id = 0;

	task_data->type = ICP_WORKQ_TASK_CMD_TYPE;

	task->process_cb = cam_icp_mgr_process_cmd;

	rc = cam_req_mgr_workq_enqueue_task(task, &icp_hw_mgr,

		CRM_TASK_PRIORITY_0);

	rc = hfi_write_cmd(destroy_cmd);

	if (rc) {

		kfree(destroy_cmd);

		return rc;

			HFI_DEBUG_MODE_QUEUE)

			cam_icp_mgr_process_dbg_buf();

	}

	kfree(destroy_cmd);

	return rc;

}