Fix race condition between usb_host_destroy and fd_removed_cb #2

Add missing code when cherry-picking from 5.0.

0  g_io_channel_unix_get_fd (channel=channel@entry=0x0) at giounix.c:654
1  0xb6fa5f52 in fd_removed_cb (fd=6, user_data=0x2a011f20) at /usr/src/debug/capi-system-usbhost-0.0.1/src/usb_host.c:431
2  0xb6e29baa in usbi_io_exit (ctx=ctx@entry=0x2a014808) at io.c:1185
3  0xb6e26a8c in libusb_exit (ctx=0x2a014808) at core.c:2232
4  0xb6fa6b04 in usb_host_destroy (context=0x2a011f20) at /usr/src/debug/capi-system-usbhost-0.0.1/src/usb_host.c:547
5  0x2a00079a in main () at /usr/src/debug/session-utils-0.1/src/usb-host-test/usb-host-test.c:43

Change-Id: I9639c52e512834422fb2ede785363a28d2a4525e

diff --git a/src/usb_host.c b/src/usb_host.c
index f2655d491c7bd0c7aff7ad2205860c352435c6fc..66dd407c36163c45a3259a423668b3b06bf0c6af 100755 (executable)
--- a/src/usb_host.c
+++ b/src/usb_host.c
@@ -539,9 +539,18 @@ int usb_host_destroy(usb_host_context_h context)
                ch = l->data;
                next = l->next;
                g_io_channel_unref(ch);
+               context->gio_channels = g_list_delete_link(context->gio_channels, l);
                l = next;
        }
 
+       /*
+        * libusb_exit() inernally calls fd_removed_cb() througth the callback of the
+        * "libusb_exit() -> usbi_io_exit() -> usbi_remove_poolfd() -> fd_removed_cb()" call path.
+        *
+        * The gloabl variable context is referenced in fd_removed_cb().
+        * So, libusb_exit() should be called before context is cleaned up.
+        *
+       */
        libusb_exit(context->lusb_ctx);
        g_list_free(context->gio_channels);
        pthread_mutex_destroy(&context->channel_list_lock);