[Skiboot] [PATCH] fsp/ipmi: Fix an illegal memory access

Kamalesh Babulal kamalesh at linux.vnet.ibm.com
Tue Jul 14 16:02:51 AEST 2015

On 07/14/2015 11:06 AM, Mahesh Jagannath Salgaonkar wrote:
> fsp_free(msg) means msg->user_data is also un-allocated. It means
> fsp_ipmi_msg is pointing
> to memory which is freed. From the code, I am guessing you need
> free(msg) before you
> call fsp_ipmi_send_request(). If my assumption is right, how about below
> code ?
>>> 'msg->user_data' is a private data to this driver and the driver has to
>>> take care of it. For instance, 'fsp_ipmi_msg' can only be free'd through
>>> a backend callback i.e., fsp_ipmi_free_msg() in this driver.
>> Sorry let me re-phrase it better what I meant was, does the code tries
>> to achieve:
>> |_ fsp_freemsg(msg)
>>     |_ fsp_impi_send_request()
>> If so, it better to move fsp_freemsg(msg) right before calling
>> fsp_impi_send_request(), as
>> the data deferenced will be still pointing to valid memory.
> As Neelesh mentioned in his previous reply, msg->user_data is a private
> data to fsp-ipmi driver and it keeps track of it through
> fsp_ipmi.msg_queue and fsp_ipmi.cur_msg. Hence even if you free msg
> using fsp_freemsg() the valid memory (pointed by msg->user_data) is
> still accessible through fsp_ipmi.cur_msg.
Thanks for explaining !!


More information about the Skiboot mailing list