greybus: connection: fix oops after failed init

Make sure not to call connection_exit for connections that have never
been initialised (e.g. due to failure to init).

This fixes oopses due to null-dereferences and use-after-free in
connection_exit callbacks (e.g. trying to remove a gpio-chip that has
never been added) when the bundle and interface are ultimately
destroyed.

Signed-off-by: Johan Hovold <johan@hovoldconsulting.com>
Reviewed-by: Viresh Kumar <viresh.kumar@linaro.org>
Signed-off-by: Greg Kroah-Hartman <greg@kroah.com>

diff --git a/drivers/staging/greybus/connection.c b/drivers/staging/greybus/connection.c
index 3ec984c8d7e5d2d9fd7137dca5770c350ae03363..46e259f05a55994d0613bb8de63459591bca193b 100644 (file)
--- a/drivers/staging/greybus/connection.c
+++ b/drivers/staging/greybus/connection.c
@@ -298,6 +298,10 @@ void gb_connection_exit(struct gb_connection *connection)
                dev_warn(&connection->dev, "exit without protocol.\n");
                return;
        }
+
+       if (connection->state != GB_CONNECTION_STATE_ENABLED)
+               return;
+
        connection->state = GB_CONNECTION_STATE_DESTROYING;
        connection->protocol->connection_exit(connection);
 }