From: Johan Hovold Date: Fri, 27 Mar 2015 11:41:16 +0000 (+0100) Subject: greybus: operation: fix null-deref on operation cancel X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=772f3e90605641592435ec7c0a960e858925a0fe;p=GitHub%2FLineageOS%2Fandroid_kernel_motorola_exynos9610.git greybus: operation: fix null-deref on operation cancel Incoming operations are created without a response message. If an operation were to be cancelled before it has been fully processed (e.g. on connection destroy), we would get a null-pointer dereference in gb_operation_cancel. Signed-off-by: Johan Hovold Reviewed-by: Alex Elder Signed-off-by: Greg Kroah-Hartman --- diff --git a/drivers/staging/greybus/operation.c b/drivers/staging/greybus/operation.c index f194b1eeb539..17f4eab5c076 100644 --- a/drivers/staging/greybus/operation.c +++ b/drivers/staging/greybus/operation.c @@ -911,7 +911,8 @@ void gb_operation_cancel(struct gb_operation *operation, int errno) { if (gb_operation_result_set(operation, errno)) { gb_message_cancel(operation->request); - gb_message_cancel(operation->response); + if (operation->response) + gb_message_cancel(operation->response); } gb_operation_put(operation); }