Merge "rpmsg: glink: Fix use after free in open_ack TIMEOUT case"

	/*

	 * Send a close request to "undo" our open-ack. The close-ack will

	 * release the last reference.

	 * release qcom_glink_send_open_req() reference and the last reference

	 * will be relesed after receiving remote_close or transport unregister

	 * by calling qcom_glink_native_remove().

	 */

	qcom_glink_send_close_req(glink, channel);

	/* Release qcom_glink_send_open_req() reference */

	kref_put(&channel->refcount, qcom_glink_channel_release);

	return ret;

}

	spin_lock_irqsave(&glink->idr_lock, flags);

	/* Release any defunct local channels, waiting for close-ack */

	idr_for_each_entry(&glink->lcids, channel, cid) {

		if (kref_put(&channel->refcount, qcom_glink_channel_release))

		kref_put(&channel->refcount, qcom_glink_channel_release);

		idr_remove(&glink->lcids, cid);

	}

	/* Release any defunct local channels, waiting for close-req */

	idr_for_each_entry(&glink->lcids, channel, cid)

	idr_for_each_entry(&glink->rcids, channel, cid) {

		kref_put(&channel->refcount, qcom_glink_channel_release);

		idr_remove(&glink->rcids, cid);

	}

	idr_destroy(&glink->lcids);

	idr_destroy(&glink->rcids);