greybus: loopback: Retrun -ENOMEM if operation allocation fails

If operation allocation fails we should return -ENOMEM in the asynchronous
operation send routine. If we don't return here then the
gb_loopback_async_operation_put() later can dereference a NULL pointer if
the previous gb_operation_create() failed.

Reported-by: Johan Hovold <johan@hovoldconsulting.com>
Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Reviewed-by: Johan Hovold <johan@hovoldconsulting.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>

diff --git a/drivers/staging/greybus/loopback.c b/drivers/staging/greybus/loopback.c
index 0828772fc90109577d016ba9c67b600860766441..eb6a0138fb1d6beba22099f3dc1fcbd2df1ce883 100644 (file)
--- a/drivers/staging/greybus/loopback.c
+++ b/drivers/staging/greybus/loopback.c
@@ -580,8 +580,8 @@ static int gb_loopback_async_operation(struct gb_loopback *gb, int type,
        operation = gb_operation_create(gb->connection, type, request_size,
                                        response_size, GFP_KERNEL);
        if (!operation) {
-               ret = -ENOMEM;
-               goto error;
+               kfree(op_async);
+               return -ENOMEM;
        }
 
        if (request_size)