greybus: operation: fix incoming-response corruption

Make sure not to update the response message buffer for an operation
that is already scheduled for completion.

Currently if we get two incoming responses with the same id, the second
one would overwrite the response message buffer.

Reviewed-by: Viresh Kumar <viresh.kumar@linaro.org>
Signed-off-by: Johan Hovold <johan@hovoldconsulting.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>

diff --git a/drivers/staging/greybus/operation.c b/drivers/staging/greybus/operation.c
index 8539462..b78c55f 100644 (file)
--- a/drivers/staging/greybus/operation.c
+++ b/drivers/staging/greybus/operation.c
@@ -796,11 +796,12 @@ static void gb_connection_recv_response(struct gb_connection *connection,
        /* We must ignore the payload if a bad status is returned */
        if (errno)
                size = sizeof(*message->header);
-       memcpy(message->header, data, size);
 
        /* The rest will be handled in work queue context */
-       if (gb_operation_result_set(operation, errno))
+       if (gb_operation_result_set(operation, errno)) {
+               memcpy(message->header, data, size);
                queue_work(gb_operation_workqueue, &operation->work);
+       }
 
        gb_operation_put(operation);
 }