| From 78e972fb163176bc185b0fd7ecdd23c7b3f25260 Mon Sep 17 00:00:00 2001 |
| From: Sasha Levin <sashal@kernel.org> |
| Date: Fri, 1 Apr 2022 07:44:53 -0500 |
| Subject: ipmi:ssif: Check for NULL msg when handling events and messages |
| |
| From: Corey Minyard <cminyard@mvista.com> |
| |
| [ Upstream commit 7602b957e2404e5f98d9a40b68f1fd27f0028712 ] |
| |
| Even though it's not possible to get into the SSIF_GETTING_MESSAGES and |
| SSIF_GETTING_EVENTS states without a valid message in the msg field, |
| it's probably best to be defensive here and check and print a log, since |
| that means something else went wrong. |
| |
| Also add a default clause to that switch statement to release the lock |
| and print a log, in case the state variable gets messed up somehow. |
| |
| Reported-by: Haowen Bai <baihaowen@meizu.com> |
| Signed-off-by: Corey Minyard <cminyard@mvista.com> |
| Signed-off-by: Sasha Levin <sashal@kernel.org> |
| --- |
| drivers/char/ipmi/ipmi_ssif.c | 23 +++++++++++++++++++++++ |
| 1 file changed, 23 insertions(+) |
| |
| diff --git a/drivers/char/ipmi/ipmi_ssif.c b/drivers/char/ipmi/ipmi_ssif.c |
| index a4ef9a6bd367..45117728e735 100644 |
| --- a/drivers/char/ipmi/ipmi_ssif.c |
| +++ b/drivers/char/ipmi/ipmi_ssif.c |
| @@ -812,6 +812,14 @@ static void msg_done_handler(struct ssif_info *ssif_info, int result, |
| break; |
| |
| case SSIF_GETTING_EVENTS: |
| + if (!msg) { |
| + /* Should never happen, but just in case. */ |
| + dev_warn(&ssif_info->client->dev, |
| + "No message set while getting events\n"); |
| + ipmi_ssif_unlock_cond(ssif_info, flags); |
| + break; |
| + } |
| + |
| if ((result < 0) || (len < 3) || (msg->rsp[2] != 0)) { |
| /* Error getting event, probably done. */ |
| msg->done(msg); |
| @@ -835,6 +843,14 @@ static void msg_done_handler(struct ssif_info *ssif_info, int result, |
| break; |
| |
| case SSIF_GETTING_MESSAGES: |
| + if (!msg) { |
| + /* Should never happen, but just in case. */ |
| + dev_warn(&ssif_info->client->dev, |
| + "No message set while getting messages\n"); |
| + ipmi_ssif_unlock_cond(ssif_info, flags); |
| + break; |
| + } |
| + |
| if ((result < 0) || (len < 3) || (msg->rsp[2] != 0)) { |
| /* Error getting event, probably done. */ |
| msg->done(msg); |
| @@ -857,6 +873,13 @@ static void msg_done_handler(struct ssif_info *ssif_info, int result, |
| deliver_recv_msg(ssif_info, msg); |
| } |
| break; |
| + |
| + default: |
| + /* Should never happen, but just in case. */ |
| + dev_warn(&ssif_info->client->dev, |
| + "Invalid state in message done handling: %d\n", |
| + ssif_info->ssif_state); |
| + ipmi_ssif_unlock_cond(ssif_info, flags); |
| } |
| |
| flags = ipmi_ssif_lock_cond(ssif_info, &oflags); |
| -- |
| 2.35.1 |
| |