From d343b2e9286800708229ab7e918496a2d48a0a7f Mon Sep 17 00:00:00 2001
From: David Herrmann <dh.herrmann@gmail.com>
Date: Thu, 23 Oct 2014 14:15:14 +0200
Subject: [PATCH] connection: dont leak sync replies

If a timeout occurs before we can queue a reply to a message, we might
queue it _after_ the sync caller already returned and dropped its ref.
Avoid this by using the 'waiting' flag to sync between sender and
receiver.

Signed-off-by: David Herrmann <dh.herrmann@gmail.com>
---
 connection.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/connection.c b/connection.c
index 68b0cad..104234a 100644
--- a/connection.c
+++ b/connection.c
@@ -665,6 +665,7 @@ static int kdbus_conn_wait_reply(struct kdbus_ep *ep,
 	mutex_unlock(&conn_dst->lock);
 
 	mutex_lock(&conn_src->lock);
+	reply_wait->waiting = false;
 	entry = reply_wait->queue_entry;
 	if (entry) {
 		if (ret == 0)
@@ -816,7 +817,7 @@ int kdbus_conn_kmsg_send(struct kdbus_ep *ep,
 		 * The connection's queue will never get to see it.
 		 */
 		mutex_lock(&conn_dst->lock);
-		if (kdbus_conn_active(conn_dst))
+		if (reply_wake->waiting && kdbus_conn_active(conn_dst))
 			ret = kdbus_queue_entry_alloc(conn_dst, kmsg,
 						      &reply_wake->queue_entry);
 		else
-- 
2.34.1