From: Johan Hovold <johan@hovoldconsulting.com>
Date: Fri, 27 Mar 2015 11:41:17 +0000 (+0100)
Subject: greybus: operation: fix null-deref on operation destroy
X-Git-Url: http://git.lede-project.org./?a=commitdiff_plain;h=9489667684fbed2114dcdd10cdee2e4d20d9f308;p=openwrt%2Fstaging%2Fblogic.git

greybus: operation: fix null-deref on operation destroy

Incoming operations are created without a response message. If a
protocol driver fails to send a response, or if the operation were to be
cancelled before it has been fully processed, we get a null-pointer
dereference when the operation is released.

Signed-off-by: Johan Hovold <johan@hovoldconsulting.com>
Reviewed-by: Alex Elder <elder@linaro.org>
Signed-off-by: Greg Kroah-Hartman <greg@kroah.com>
---

diff --git a/drivers/staging/greybus/operation.c b/drivers/staging/greybus/operation.c
index 17f4eab5c076..cb0c87aa4f98 100644
--- a/drivers/staging/greybus/operation.c
+++ b/drivers/staging/greybus/operation.c
@@ -607,7 +607,8 @@ static void _gb_operation_destroy(struct kref *kref)
 	list_del(&operation->links);
 	spin_unlock_irqrestore(&gb_operations_lock, flags);
 
-	gb_operation_message_free(operation->response);
+	if (operation->response)
+		gb_operation_message_free(operation->response);
 	gb_operation_message_free(operation->request);
 
 	kmem_cache_free(gb_operation_cache, operation);