[Skiboot-stable] [PATCH] platform/mihawk: Fix IPMI double-free
Vasant Hegde
hegdevasant at linux.vnet.ibm.com
Fri Jun 12 21:13:50 AEST 2020
On 6/12/20 2:00 PM, nichole wrote:
> The commit 6826095 ("platform/mihawk: support dynamic PCIe slot table")
> added the IPMI OEM command to communicate with BMC. We do the
> ipmi_free_msg(msg) twice that caused the Fast-reboot fail.
>
> This patch fixes it by removing the IPMI double-free bug to restore
> Fast-reboot.
>
> Signed-off-by: nichole <Nichole_Wang at wistron.com>
> Cc: skiboot-stable at lists.ozlabs.org # skiboot-6.6.x
> Cc: skiboot-stable at lists.ozlabs.org # skiboot-op940.x
> Fixes: commit 6826095 ("platform/mihawk: support dynamic PCIe slot table")
> ---
> platforms/astbmc/mihawk.c | 2 --
> 1 file changed, 2 deletions(-)
>
> diff --git a/platforms/astbmc/mihawk.c b/platforms/astbmc/mihawk.c
> index f3669ff..0d5279f 100644
> --- a/platforms/astbmc/mihawk.c
> +++ b/platforms/astbmc/mihawk.c
> @@ -484,7 +484,6 @@ static void mihawk_riser_query_complete(struct ipmi_msg *msg)
> prlog(PR_ERR, "Mihawk: IPMI riser query returned error. cmd=0x%02x,"
> " netfn=0x%02x, rc=0x%x\n", msg->cmd, msg->netfn, msg->cc);
> bmc_query_waiting = false;
> - ipmi_free_msg(msg);
What if we get response after timeout? We will hit use-after-free right?
I think you should remove `ipmi_free_msg(msg);` from `mihawk_init()` function
instead of removing it here.
-Vasant
More information about the Skiboot-stable
mailing list