Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel
os
linux
[PATCH] IPMI: fix timeout list handling
Fix a dangling pointer bug in ipmi_timeout_handler. A list of timedout
messages is not re-initialized before reuse, causing the head of the list
to point to freed memory.
Signed-off-by: David Barksdale <amatus@ocgnet.org>
Signed-off-by: Corey Minyard <minyard@acm.org>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
authored by
David Barksdale
and committed by
Linus Torvalds
41c57a87
fa8609da
+1
-2
+1
-2
drivers/char/ipmi/ipmi_msghandler.c
+1
-2
drivers/char/ipmi/ipmi_msghandler.c
···
3649
3649
unsigned long flags;
3650
3650
int i;
3651
3651
3652
-
INIT_LIST_HEAD(&timeouts);
3653
-
3654
3652
rcu_read_lock();
3655
3653
list_for_each_entry_rcu(intf, &ipmi_interfaces, link) {
3656
3654
/* See if any waiting messages need to be processed. */
···
3669
3671
/* Go through the seq table and find any messages that
3670
3672
have timed out, putting them in the timeouts
3671
3673
list. */
3674
+
INIT_LIST_HEAD(&timeouts);
3672
3675
spin_lock_irqsave(&intf->seq_lock, flags);
3673
3676
for (i = 0; i < IPMI_IPMB_NUM_SEQ; i++)
3674
3677
check_msg_timeout(intf, &(intf->seq_table[i]),