From: Johan Hovold <johan@hovoldconsulting.com>
Date: Fri, 27 Mar 2015 11:41:16 +0000 (+0100)
Subject: greybus: operation: fix null-deref on operation cancel
X-Git-Url: http://git.maquefel.me/?a=commitdiff_plain;h=772f3e90605641592435ec7c0a960e858925a0fe;p=linux.git

greybus: operation: fix null-deref on operation cancel

Incoming operations are created without a response message. If an
operation were to be cancelled before it has been fully processed (e.g.
on connection destroy), we would get a null-pointer dereference in
gb_operation_cancel.

Signed-off-by: Johan Hovold <johan@hovoldconsulting.com>
Reviewed-by: Alex Elder <elder@linaro.org>
Signed-off-by: Greg Kroah-Hartman <greg@kroah.com>
---

diff --git a/drivers/staging/greybus/operation.c b/drivers/staging/greybus/operation.c
index f194b1eeb5399..17f4eab5c0768 100644
--- a/drivers/staging/greybus/operation.c
+++ b/drivers/staging/greybus/operation.c
@@ -911,7 +911,8 @@ void gb_operation_cancel(struct gb_operation *operation, int errno)
 {
 	if (gb_operation_result_set(operation, errno)) {
 		gb_message_cancel(operation->request);
-		gb_message_cancel(operation->response);
+		if (operation->response)
+			gb_message_cancel(operation->response);
 	}
 	gb_operation_put(operation);
 }