msm: vidc: do not set video state to DEINIT very early

If video state set to DEINIT before processing all frame done
packets in the list may create video failures as explained below,
the client communication to video hardware will fail because of
DEINIT state and client will close the session upon failure which
will happen in parallel to response thread processing the response
packets in the list. It may happen that client already free'd the
buffer references and response thread might access the same buffer
reference and results in use-after-free memory fault. So In case
of sys error from video hardware, set video state to DEINIT after
processing all packets in the list to avoid use-after-free failure

Change-Id: I688c3ec3feb2b5621d75c4da93ee9870aa0e6dfe
Signed-off-by: Darshan Kumsi Srinivasa <darssr@codeaurora.org>
Signed-off-by: Sanjay Singh <sisanj@codeaurora.org>

drivers/media/platform/msm/vidc/venus_hfi.c

@@ -1682,7 +1682,7 @@ static int __iface_cmdq_write_relaxed(struct venus_hfi_device *device,
 	__strict_check(device);
 
 	if (!__core_in_valid_state(device)) {
-		dprintk(VIDC_DBG, "%s - fw not in init state\n", __func__);
+		dprintk(VIDC_ERR, "%s - fw not in init state\n", __func__);
 		result = -EINVAL;
 		goto err_q_null;
 	}
@@ -3408,8 +3408,6 @@ static void __process_sys_error(struct venus_hfi_device *device)
 {
 	struct hfi_sfr_struct *vsfr = NULL;
 
-	__set_state(device, VENUS_STATE_DEINIT);
-
 	/* Once SYS_ERROR received from HW, it is safe to halt the AXI.
 	 * With SYS_ERROR, Venus FW may have crashed and HW might be
 	 * active and causing unnecessary transactions. Hence it is
@@ -3656,6 +3654,10 @@ static int __response_handler(struct venus_hfi_device *device)
 					"Too many packets in message queue to handle at once, deferring read\n");
 			break;
 		}
+
+		/* do not read packets after sys error packet */
+		if (info->response_type == HAL_SYS_ERROR)
+			break;
 	}
 
 	if (requeue_pm_work && device->res->sw_power_collapsible) {