From 44538397e79987080adc619c6fd4edda92093d46 Mon Sep 17 00:00:00 2001
From: Johan Hovold <johan@hovoldconsulting.com>
Date: Tue, 17 Mar 2015 10:55:52 +0100
Subject: [PATCH] greybus: connection: fix oops after failed init

Make sure not to call connection_exit for connections that have never
been initialised (e.g. due to failure to init).

This fixes oopses due to null-dereferences and use-after-free in
connection_exit callbacks (e.g. trying to remove a gpio-chip that has
never been added) when the bundle and interface are ultimately
destroyed.

Signed-off-by: Johan Hovold <johan@hovoldconsulting.com>
Reviewed-by: Viresh Kumar <viresh.kumar@linaro.org>
Signed-off-by: Greg Kroah-Hartman <greg@kroah.com>
---
 drivers/staging/greybus/connection.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/drivers/staging/greybus/connection.c b/drivers/staging/greybus/connection.c
index 3ec984c..46e259f 100644
--- a/drivers/staging/greybus/connection.c
+++ b/drivers/staging/greybus/connection.c
@@ -298,6 +298,10 @@ void gb_connection_exit(struct gb_connection *connection)
 		dev_warn(&connection->dev, "exit without protocol.\n");
 		return;
 	}
+
+	if (connection->state != GB_CONNECTION_STATE_ENABLED)
+		return;
+
 	connection->state = GB_CONNECTION_STATE_DESTROYING;
 	connection->protocol->connection_exit(connection);
 }
-- 
2.7.4