greybus: operation: fix null-deref on operation destroy Incoming operations are created without a response message. If a protocol driver fails to send a response, or if the operation were to be cancelled before it has been fully processed, we get a null-pointer dereference when the operation is released. Signed-off-by: Johan Hovold <johan@hovoldconsulting.com> Reviewed-by: Alex Elder <elder@linaro.org> Signed-off-by: Greg Kroah-Hartman <greg@kroah.com>

commit: 9489667684fbed2114dcdd10cdee2e4d20d9f308 [log] [tgz]
author: Johan Hovold <johan@hovoldconsulting.com> Fri Mar 27 12:41:17 2015 +0100
committer: Greg Kroah-Hartman <greg@kroah.com> Mon Mar 30 15:13:01 2015 +0200
tree: ae4b83ad6f44d03fcccae522e3b80d3f5f278b36
parent: 772f3e90605641592435ec7c0a960e858925a0fe [diff]
diff --git a/drivers/staging/greybus/operation.c b/drivers/staging/greybus/operation.c
index 17f4eab..cb0c87a 100644
--- a/drivers/staging/greybus/operation.c
+++ b/drivers/staging/greybus/operation.c

@@ -607,7 +607,8 @@
 	list_del(&operation->links);
 	spin_unlock_irqrestore(&gb_operations_lock, flags);
 
-	gb_operation_message_free(operation->response);
+	if (operation->response)
+		gb_operation_message_free(operation->response);
 	gb_operation_message_free(operation->request);
 
 	kmem_cache_free(gb_operation_cache, operation);
commit	9489667684fbed2114dcdd10cdee2e4d20d9f308	[log] [tgz]
author	Johan Hovold <johan@hovoldconsulting.com>	Fri Mar 27 12:41:17 2015 +0100
committer	Greg Kroah-Hartman <greg@kroah.com>	Mon Mar 30 15:13:01 2015 +0200
tree	ae4b83ad6f44d03fcccae522e3b80d3f5f278b36
parent	772f3e90605641592435ec7c0a960e858925a0fe [diff]