From: Johan Hovold <johan@hovoldconsulting.com>
Date: Tue, 17 Mar 2015 09:55:52 +0000 (+0100)
Subject: greybus: connection: fix oops after failed init
X-Git-Tag: v4.14-rc1~2366^2~378^2~21^2~1685
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=44538397e79987080adc619c6fd4edda92093d46;p=platform%2Fkernel%2Flinux-rpi.git

greybus: connection: fix oops after failed init

Make sure not to call connection_exit for connections that have never
been initialised (e.g. due to failure to init).

This fixes oopses due to null-dereferences and use-after-free in
connection_exit callbacks (e.g. trying to remove a gpio-chip that has
never been added) when the bundle and interface are ultimately
destroyed.

Signed-off-by: Johan Hovold <johan@hovoldconsulting.com>
Reviewed-by: Viresh Kumar <viresh.kumar@linaro.org>
Signed-off-by: Greg Kroah-Hartman <greg@kroah.com>
---

diff --git a/drivers/staging/greybus/connection.c b/drivers/staging/greybus/connection.c
index 3ec984c..46e259f 100644
--- a/drivers/staging/greybus/connection.c
+++ b/drivers/staging/greybus/connection.c
@@ -298,6 +298,10 @@ void gb_connection_exit(struct gb_connection *connection)
 		dev_warn(&connection->dev, "exit without protocol.\n");
 		return;
 	}
+
+	if (connection->state != GB_CONNECTION_STATE_ENABLED)
+		return;
+
 	connection->state = GB_CONNECTION_STATE_DESTROYING;
 	connection->protocol->connection_exit(connection);
 }