From: Johan Hovold Date: Tue, 14 Jul 2015 13:43:34 +0000 (+0200) Subject: greybus: operation: fix response-cancellation race X-Git-Tag: android-x86-7.1-r1~621^2~378^2~21^2~1372 X-Git-Url: http://git.osdn.net/view?a=commitdiff_plain;h=0eb8c1159839dcb6c97fba82e5a8698d9c30f815;p=android-x86%2Fkernel.git greybus: operation: fix response-cancellation race Make sure the request handler has submitted the response before cancelling it during operation cancellation. This prevents cancelling not-yet-submitted messages. It currently also avoids us ending up with an active message on a stalled connection (e.g. due to E2EFC). Note that the call to gb_operation_result_set() is now redundant but is kept as a precaution to guarantee that a response has indeed been allocated as part of response submission. Signed-off-by: Johan Hovold Signed-off-by: Greg Kroah-Hartman --- diff --git a/drivers/staging/greybus/operation.c b/drivers/staging/greybus/operation.c index f7b0aa970bbc..0576f197f58e 100644 --- a/drivers/staging/greybus/operation.c +++ b/drivers/staging/greybus/operation.c @@ -928,10 +928,14 @@ void gb_connection_recv(struct gb_connection *connection, void gb_operation_cancel(struct gb_operation *operation, int errno) { if (gb_operation_is_incoming(operation)) { - /* Cancel response if it has been allocated */ - if (!gb_operation_result_set(operation, errno) && - !gb_operation_is_unidirectional(operation)) { - gb_message_cancel(operation->response); + if (!gb_operation_is_unidirectional(operation)) { + /* + * Make sure the request handler has submitted the + * response before cancelling it. + */ + flush_work(&operation->work); + if (!gb_operation_result_set(operation, errno)) + gb_message_cancel(operation->response); } } else { if (gb_operation_result_set(operation, errno)) {