[Skiboot] [PATCH] ipmi/sel: Fix use after free
Alistair Popple
alistair at popple.id.au
Thu Jun 18 11:00:34 AEST 2015
The message was sometimes re-queued and always freed. Hilarity ensues.
Signed-off-by: Alistair Popple <alistair at popple.id.au>
---
hw/ipmi/ipmi-sel.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/hw/ipmi/ipmi-sel.c b/hw/ipmi/ipmi-sel.c
index 8851dc3..7007f83 100644
--- a/hw/ipmi/ipmi-sel.c
+++ b/hw/ipmi/ipmi-sel.c
@@ -69,10 +69,10 @@ static void ipmi_elog_error(struct ipmi_msg *msg)
if (msg->cc == IPMI_LOST_ARBITRATION_ERR)
/* Retry due to SEL erase */
ipmi_queue_msg(msg);
- else
+ else {
opal_elog_complete(msg->user_data, false);
-
- ipmi_free_msg(msg);
+ ipmi_free_msg(msg);
+ }
}
/* Goes through the required steps to add a complete eSEL:
--
1.8.3.2
More information about the Skiboot
mailing list