From 772f3e90605641592435ec7c0a960e858925a0fe Mon Sep 17 00:00:00 2001
From: Johan Hovold <johan@hovoldconsulting.com>
Date: Fri, 27 Mar 2015 12:41:16 +0100
Subject: [PATCH] greybus: operation: fix null-deref on operation cancel

Incoming operations are created without a response message. If an
operation were to be cancelled before it has been fully processed (e.g.
on connection destroy), we would get a null-pointer dereference in
gb_operation_cancel.

Signed-off-by: Johan Hovold <johan@hovoldconsulting.com>
Reviewed-by: Alex Elder <elder@linaro.org>
Signed-off-by: Greg Kroah-Hartman <greg@kroah.com>
---
 drivers/staging/greybus/operation.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/drivers/staging/greybus/operation.c b/drivers/staging/greybus/operation.c
index f194b1e..17f4eab 100644
--- a/drivers/staging/greybus/operation.c
+++ b/drivers/staging/greybus/operation.c
@@ -911,7 +911,8 @@ void gb_operation_cancel(struct gb_operation *operation, int errno)
 {
 	if (gb_operation_result_set(operation, errno)) {
 		gb_message_cancel(operation->request);
-		gb_message_cancel(operation->response);
+		if (operation->response)
+			gb_message_cancel(operation->response);
 	}
 	gb_operation_put(operation);
 }
-- 
2.7.4