superrob1500
/
mirror-linux
mirror of https://github.com/torvalds/linux
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
mirror-linux/drivers/char/ipmi
History
Guenter Roeck e2c69490dd ipmi: Fix handling of messages with provided receive message pointer 
Prior to commit b52da4054e ("ipmi: Rework user message limit handling"),
i_ipmi_request() used to increase the user reference counter if the receive
message is provided by the caller of IPMI API functions. This is no longer
the case. However, ipmi_free_recv_msg() is still called and decreases the
reference counter. This results in the reference counter reaching zero,
the user data pointer is released, and all kinds of interesting crashes are
seen.

Fix the problem by increasing user reference counter if the receive message
has been provided by the caller.

Fixes: b52da4054e ("ipmi: Rework user message limit handling")
Reported-by: Eric Dumazet <edumazet@google.com>
Cc: Eric Dumazet <edumazet@google.com>
Cc: Greg Thelen <gthelen@google.com>
Signed-off-by: Guenter Roeck <linux@roeck-us.net>
Message-ID: <20251006201857.3433837-1-linux@roeck-us.net>
Signed-off-by: Corey Minyard <corey@minyard.net>
 		2025-10-07 06:50:08 -05:00
..
Kconfig ipmi: Add Loongson-2K BMC support 2025-09-16 10:15:54 -05:00
Makefile ipmi: Add Loongson-2K BMC support 2025-09-16 10:15:54 -05:00
bt-bmc.c treewide, timers: Rename from_timer() to timer_container_of() 2025-06-08 09:07:37 +02:00
ipmb_dev_int.c char:ipmi: Fix a not-used variable on a non-ACPI system 2024-12-22 14:57:47 -06:00
ipmi_bt_sm.c ipmi: Clean up some printks 2020-09-15 09:57:45 -05:00
ipmi_devintf.c ipmi: make ipmi_destroy_user() return void 2025-01-02 21:11:52 -06:00
ipmi_dmi.c ipmi_si: Rework some include files 2019-08-02 07:25:03 -05:00
ipmi_dmi.h ipmi_si: Rework some include files 2019-08-02 07:25:03 -05:00
ipmi_ipmb.c ipmi: Allow an SMI sender to return an error 2025-09-08 10:21:41 -05:00
ipmi_kcs_sm.c Revert "ipmi: fix msg stack when IPMI is disconnected" 2025-09-08 10:08:25 -05:00
ipmi_msghandler.c ipmi: Fix handling of messages with provided receive message pointer 2025-10-07 06:50:08 -05:00
ipmi_plat_data.c ipmi: Handle device properties with software node API 2021-03-10 19:00:02 -06:00
ipmi_plat_data.h ipmi: Add the i2c-addr property for SSIF interfaces 2019-04-24 09:02:53 -05:00
ipmi_powernv.c ipmi: Allow an SMI sender to return an error 2025-09-08 10:21:41 -05:00
ipmi_poweroff.c treewide: const qualify ctl_tables where applicable 2025-01-28 13:48:37 +01:00
ipmi_si.h ipmi: Add Loongson-2K BMC support 2025-09-16 10:15:54 -05:00
ipmi_si_hardcode.c ipmi: Use regspacings passed as a module parameter 2023-12-19 06:32:27 -06:00
ipmi_si_hotmod.c ipmi_si: Join string literals back 2021-04-02 12:53:42 -05:00
ipmi_si_intf.c ipmi: Add Loongson-2K BMC support 2025-09-16 10:15:54 -05:00
ipmi_si_ls2k.c ipmi: Add Loongson-2K BMC support 2025-09-16 10:15:54 -05:00
ipmi_si_mem_io.c ipmi_si: Rework some include files 2019-08-02 07:25:03 -05:00
ipmi_si_parisc.c ipmi:si: Move SI type information into an info structure 2025-05-07 17:25:47 -05:00
ipmi_si_pci.c ipmi:si: Move SI type information into an info structure 2025-05-07 17:25:47 -05:00
ipmi_si_platform.c ipmi:si: Move SI type information into an info structure 2025-05-07 17:25:47 -05:00
ipmi_si_port_io.c ipmi_si: Rework some include files 2019-08-02 07:25:03 -05:00
ipmi_si_sm.h ipmi_si: Rework some include files 2019-08-02 07:25:03 -05:00
ipmi_smic_sm.c ipmi: Clean up some printks 2020-09-15 09:57:45 -05:00
ipmi_ssif.c ipmi: Allow an SMI sender to return an error 2025-09-08 10:21:41 -05:00
ipmi_watchdog.c ipmi: Fix strcpy source and destination the same 2025-06-13 19:06:26 -05:00
kcs_bmc.c ipmi: fix potential deadlock on &kcs_bmc->lock 2023-07-04 09:22:45 -05:00
kcs_bmc.h ipmi: kcs_bmc: Allow clients to control KCS IRQ state 2021-06-21 19:50:28 -05:00
kcs_bmc_aspeed.c treewide: Switch/rename to timer_delete[_sync]() 2025-04-05 10:30:12 +02:00
kcs_bmc_cdev_ipmi.c ipmi: Add __init/__exit annotations to module init/exit funcs 2022-09-22 10:55:46 -05:00
kcs_bmc_client.h ipmi: kcs_bmc: Allow clients to control KCS IRQ state 2021-06-21 19:50:28 -05:00
kcs_bmc_device.h ipmi: kcs_bmc: Allow clients to control KCS IRQ state 2021-06-21 19:50:28 -05:00
kcs_bmc_npcm7xx.c Get rid of 'remove_new' relic from platform driver struct 2024-12-01 15:12:43 -08:00
kcs_bmc_serio.c ipmi: Add __init/__exit annotations to module init/exit funcs 2022-09-22 10:55:46 -05:00
ssif_bmc.c treewide, timers: Rename from_timer() to timer_container_of() 2025-06-08 09:07:37 +02:00