UbiquitousOS
/
OpenCloudOS-Kernel
mirror of https://gitee.com/OpenCloudOS/OpenCloudOS-Kernel.git
11
0
Fork 0
Code Issues Projects Releases Wiki Activity

[PATCH] IPMI: fix timeout list handling 

Fix a dangling pointer bug in ipmi_timeout_handler.  A list of timedout
messages is not re-initialized before reuse, causing the head of the list
to point to freed memory.

Signed-off-by: David Barksdale <amatus@ocgnet.org>
Signed-off-by: Corey Minyard <minyard@acm.org>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
This commit is contained in:
David Barksdale 2007-01-30 14:36:25 -08:00 committed by Linus Torvalds
parent fa8609da99
commit 41c57a8718
1 changed files with 1 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
drivers/char/ipmi/ipmi_msghandler.c
View File

@ -3649,8 +3649,6 @@ static void ipmi_timeout_handler(long timeout_period)
unsigned long flags;
int i;
INIT_LIST_HEAD(&timeouts);
rcu_read_lock();
list_for_each_entry_rcu(intf, &ipmi_interfaces, link) {
/* See if any waiting messages need to be processed. */
@ -3671,6 +3669,7 @@ static void ipmi_timeout_handler(long timeout_period)
/* Go through the seq table and find any messages that
have timed out, putting them in the timeouts
list. */
INIT_LIST_HEAD(&timeouts);
spin_lock_irqsave(&intf->seq_lock, flags);
for (i = 0; i < IPMI_IPMB_NUM_SEQ; i++)
check_msg_timeout(intf, &(intf->seq_table[i]),