Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

Merge tag 'for-linus-5.16-3' of git://github.com/cminyard/linux-ipmi

Pull IPMI fixes from Corey Minyard:
"Fix some IPMI crashes

Some crash fixes have come in dealing with various error handling
issues. They have sat in next for 5 days or more without issue, and
they are fairly critical"

* tag 'for-linus-5.16-3' of git://github.com/cminyard/linux-ipmi:
ipmi: Fix UAF when uninstall ipmi_si and ipmi_msghandler module
ipmi: fix initialization when workqueue allocation fails
ipmi: bail out if init_srcu_struct fails
ipmi: ssif: initialize ssif_info->client early

+18 -12
+14 -9
drivers/char/ipmi/ipmi_msghandler.c
··· 3031 3031 * with removing the device attributes while reading a device 3032 3032 * attribute. 3033 3033 */ 3034 - schedule_work(&bmc->remove_work); 3034 + queue_work(remove_work_wq, &bmc->remove_work); 3035 3035 } 3036 3036 3037 3037 /* ··· 5392 5392 if (initialized) 5393 5393 goto out; 5394 5394 5395 - init_srcu_struct(&ipmi_interfaces_srcu); 5395 + rv = init_srcu_struct(&ipmi_interfaces_srcu); 5396 + if (rv) 5397 + goto out; 5398 + 5399 + remove_work_wq = create_singlethread_workqueue("ipmi-msghandler-remove-wq"); 5400 + if (!remove_work_wq) { 5401 + pr_err("unable to create ipmi-msghandler-remove-wq workqueue"); 5402 + rv = -ENOMEM; 5403 + goto out_wq; 5404 + } 5396 5405 5397 5406 timer_setup(&ipmi_timer, ipmi_timeout, 0); 5398 5407 mod_timer(&ipmi_timer, jiffies + IPMI_TIMEOUT_JIFFIES); 5399 5408 5400 5409 atomic_notifier_chain_register(&panic_notifier_list, &panic_block); 5401 5410 5402 - remove_work_wq = create_singlethread_workqueue("ipmi-msghandler-remove-wq"); 5403 - if (!remove_work_wq) { 5404 - pr_err("unable to create ipmi-msghandler-remove-wq workqueue"); 5405 - rv = -ENOMEM; 5406 - goto out; 5407 - } 5408 - 5409 5411 initialized = true; 5410 5412 5413 + out_wq: 5414 + if (rv) 5415 + cleanup_srcu_struct(&ipmi_interfaces_srcu); 5411 5416 out: 5412 5417 mutex_unlock(&ipmi_interfaces_mutex); 5413 5418 return rv;
+4 -3
drivers/char/ipmi/ipmi_ssif.c
··· 1659 1659 } 1660 1660 } 1661 1661 1662 + ssif_info->client = client; 1663 + i2c_set_clientdata(client, ssif_info); 1664 + 1662 1665 rv = ssif_check_and_remove(client, ssif_info); 1663 1666 /* If rv is 0 and addr source is not SI_ACPI, continue probing */ 1664 1667 if (!rv && ssif_info->addr_source == SI_ACPI) { ··· 1681 1678 "Trying %s-specified SSIF interface at i2c address 0x%x, adapter %s, slave address 0x%x\n", 1682 1679 ipmi_addr_src_to_str(ssif_info->addr_source), 1683 1680 client->addr, client->adapter->name, slave_addr); 1684 - 1685 - ssif_info->client = client; 1686 - i2c_set_clientdata(client, ssif_info); 1687 1681 1688 1682 /* Now check for system interface capabilities */ 1689 1683 msg[0] = IPMI_NETFN_APP_REQUEST << 2; ··· 1881 1881 1882 1882 dev_err(&ssif_info->client->dev, 1883 1883 "Unable to start IPMI SSIF: %d\n", rv); 1884 + i2c_set_clientdata(client, NULL); 1884 1885 kfree(ssif_info); 1885 1886 } 1886 1887 kfree(resp);