From e4340b13fd2cf9bcf1f0a40ae15de454ffdb74f8 Mon Sep 17 00:00:00 2001
From: Johan Hovold <johan@hovoldconsulting.com>
Date: Thu, 9 Jul 2015 15:18:01 +0200
Subject: [PATCH] greybus: operation: fix incoming-response corruption

Make sure not to update the response message buffer for an operation
that is already scheduled for completion.

Currently if we get two incoming responses with the same id, the second
one would overwrite the response message buffer.

Reviewed-by: Viresh Kumar <viresh.kumar@linaro.org>
Signed-off-by: Johan Hovold <johan@hovoldconsulting.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
---
 drivers/staging/greybus/operation.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/drivers/staging/greybus/operation.c b/drivers/staging/greybus/operation.c
index 85394624395e..b78c55fac8cc 100644
--- a/drivers/staging/greybus/operation.c
+++ b/drivers/staging/greybus/operation.c
@@ -796,11 +796,12 @@ static void gb_connection_recv_response(struct gb_connection *connection,
 	/* We must ignore the payload if a bad status is returned */
 	if (errno)
 		size = sizeof(*message->header);
-	memcpy(message->header, data, size);
 
 	/* The rest will be handled in work queue context */
-	if (gb_operation_result_set(operation, errno))
+	if (gb_operation_result_set(operation, errno)) {
+		memcpy(message->header, data, size);
 		queue_work(gb_operation_workqueue, &operation->work);
+	}
 
 	gb_operation_put(operation);
 }
-- 
2.11.0