Commit 0eb8c115 authored by Johan Hovold's avatar Johan Hovold Committed by Greg Kroah-Hartman

greybus: operation: fix response-cancellation race

Make sure the request handler has submitted the response before
cancelling it during operation cancellation.

This prevents cancelling not-yet-submitted messages. It currently also
avoids us ending up with an active message on a stalled connection (e.g.
due to E2EFC).

Note that the call to gb_operation_result_set() is now redundant but is
kept as a precaution to guarantee that a response has indeed been
allocated as part of response submission.
Signed-off-by: default avatarJohan Hovold <johan@hovoldconsulting.com>
Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@google.com>
parent 3325a4ad
...@@ -928,9 +928,13 @@ void gb_connection_recv(struct gb_connection *connection, ...@@ -928,9 +928,13 @@ void gb_connection_recv(struct gb_connection *connection,
void gb_operation_cancel(struct gb_operation *operation, int errno) void gb_operation_cancel(struct gb_operation *operation, int errno)
{ {
if (gb_operation_is_incoming(operation)) { if (gb_operation_is_incoming(operation)) {
/* Cancel response if it has been allocated */ if (!gb_operation_is_unidirectional(operation)) {
if (!gb_operation_result_set(operation, errno) && /*
!gb_operation_is_unidirectional(operation)) { * Make sure the request handler has submitted the
* response before cancelling it.
*/
flush_work(&operation->work);
if (!gb_operation_result_set(operation, errno))
gb_message_cancel(operation->response); gb_message_cancel(operation->response);
} }
} else { } else {
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment