greybus: operation: fix incoming-response corruption

Make sure not to update the response message buffer for an operation
that is already scheduled for completion.

Currently if we get two incoming responses with the same id, the second
one would overwrite the response message buffer.

Reviewed-by: Viresh Kumar <viresh.kumar@linaro.org>
Signed-off-by: Johan Hovold <johan@hovoldconsulting.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>

diff --git a/drivers/staging/greybus/operation.c b/drivers/staging/greybus/operation.c
index 85394624395edc23d7382aa1240523207b0909a1..b78c55fac8cc075805d58d96b6ce35b8d66ee67e 100644 (file)
--- a/drivers/staging/greybus/operation.c
+++ b/drivers/staging/greybus/operation.c
@@ -796,11 +796,12 @@ static void gb_connection_recv_response(struct gb_connection *connection,
        /* We must ignore the payload if a bad status is returned */
        if (errno)
                size = sizeof(*message->header);
-       memcpy(message->header, data, size);
 
        /* The rest will be handled in work queue context */
-       if (gb_operation_result_set(operation, errno))
+       if (gb_operation_result_set(operation, errno)) {
+               memcpy(message->header, data, size);
                queue_work(gb_operation_workqueue, &operation->work);
+       }
 
        gb_operation_put(operation);
 }