From a24b5dd5eda73b956da27031cefbe4374b6af2bc Mon Sep 17 00:00:00 2001 From: Corey Minyard Date: Mon, 14 Nov 2016 10:11:30 -0600 Subject: [PATCH] ipmi: Fix sequence number handling The IPMI message handler uses a message id that the lower-layer preserved to track the sequence number of the message. The macros that handled these sequence numbers were somewhat broken as they could result in sequence number truncation and they were not doing an "and" of the proper number of bits. I think this actually is not a problem, because the truncation should be harmless and the improper "and" didn't hurt anything because sequence number generation used the same improper "and" and wouldn't generate a sequence number that would get truncated wrong. However, it should be fixed. Reported-by: Dan Carpenter Signed-off-by: Corey Minyard --- drivers/char/ipmi/ipmi_msghandler.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/drivers/char/ipmi/ipmi_msghandler.c b/drivers/char/ipmi/ipmi_msghandler.c index fcdd886819f5..be982d10d305 100644 --- a/drivers/char/ipmi/ipmi_msghandler.c +++ b/drivers/char/ipmi/ipmi_msghandler.c @@ -158,15 +158,16 @@ struct seq_table { * Store the information in a msgid (long) to allow us to find a * sequence table entry from the msgid. */ -#define STORE_SEQ_IN_MSGID(seq, seqid) (((seq&0xff)<<26) | (seqid&0x3ffffff)) +#define STORE_SEQ_IN_MSGID(seq, seqid) \ + ((((seq) & 0x3f) << 26) | ((seqid) & 0x3ffffff)) #define GET_SEQ_FROM_MSGID(msgid, seq, seqid) \ do { \ - seq = ((msgid >> 26) & 0x3f); \ - seqid = (msgid & 0x3fffff); \ + seq = (((msgid) >> 26) & 0x3f); \ + seqid = ((msgid) & 0x3ffffff); \ } while (0) -#define NEXT_SEQID(seqid) (((seqid) + 1) & 0x3fffff) +#define NEXT_SEQID(seqid) (((seqid) + 1) & 0x3ffffff) struct ipmi_channel { unsigned char medium;