The patch titled
IPMI: fix timeout list handling
has been added to the -mm tree. Its filename is
ipmi-fix-timeout-list-handling.patch
*** Remember to use Documentation/SubmitChecklist when testing your code ***
See http://www.zip.com.au/~akpm/linux/patches/stuff/added-to-mm.txt to find
out what to do about this
------------------------------------------------------
Subject: IPMI: fix timeout list handling
From: David Barksdale <amatus@xxxxxxxxxx>
Fix a dangling pointer bug in ipmi_timeout_handler. A list of timedout
messages is not re-initialized before reuse, causing the head of the list
to point to freed memory.
Signed-off-by: David Barksdale <amatus@xxxxxxxxxx>
Signed-off-by: Corey Minyard <minyard@xxxxxxx>
Signed-off-by: Andrew Morton <akpm@xxxxxxxx>
---
drivers/char/ipmi/ipmi_msghandler.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff -puN drivers/char/ipmi/ipmi_msghandler.c~ipmi-fix-timeout-list-handling drivers/char/ipmi/ipmi_msghandler.c
--- a/drivers/char/ipmi/ipmi_msghandler.c~ipmi-fix-timeout-list-handling
+++ a/drivers/char/ipmi/ipmi_msghandler.c
@@ -3654,8 +3654,6 @@ static void ipmi_timeout_handler(long ti
unsigned long flags;
int i;
- INIT_LIST_HEAD(&timeouts);
-
rcu_read_lock();
list_for_each_entry_rcu(intf, &ipmi_interfaces, link) {
/* See if any waiting messages need to be processed. */
@@ -3676,6 +3674,7 @@ static void ipmi_timeout_handler(long ti
/* Go through the seq table and find any messages that
have timed out, putting them in the timeouts
list. */
+ INIT_LIST_HEAD(&timeouts);
spin_lock_irqsave(&intf->seq_lock, flags);
for (i = 0; i < IPMI_IPMB_NUM_SEQ; i++)
check_msg_timeout(intf, &(intf->seq_table[i]),
_
Patches currently in -mm which might be from amatus@xxxxxxxxxx are
ipmi-fix-timeout-list-handling.patch
-
To unsubscribe from this list: send the line "unsubscribe mm-commits" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
