4.11-stable patches

author Greg Kroah-Hartman <gregkh@linuxfoundation.org>

Thu, 18 May 2017 09:13:55 +0000 (11:13 +0200)

committer Greg Kroah-Hartman <gregkh@linuxfoundation.org>

Thu, 18 May 2017 09:13:55 +0000 (11:13 +0200)
author Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Thu, 18 May 2017 09:13:55 +0000 (11:13 +0200)
committer Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Thu, 18 May 2017 09:13:55 +0000 (11:13 +0200)
diff --git a/queue-4.11/ipmi-fix-kernel-panic-at-ipmi_ssif_thread.patch b/queue-4.11/ipmi-fix-kernel-panic-at-ipmi_ssif_thread.patch

new file mode 100644 (file)

index 0000000..7109bf3
--- /dev/null
+++ b/queue-4.11/ipmi-fix-kernel-panic-at-ipmi_ssif_thread.patch
@@ -0,0 +1,51 @@
+From 6de65fcfdb51835789b245203d1bfc8d14cb1e06 Mon Sep 17 00:00:00 2001
+From: Joeseph Chang <joechang@codeaurora.org>
+Date: Mon, 27 Mar 2017 20:22:09 -0600
+Subject: ipmi: Fix kernel panic at ipmi_ssif_thread()
+
+From: Joeseph Chang <joechang@codeaurora.org>
+
+commit 6de65fcfdb51835789b245203d1bfc8d14cb1e06 upstream.
+
+msg_written_handler() may set ssif_info->multi_data to NULL
+when using ipmitool to write fru.
+
+Before setting ssif_info->multi_data to NULL, add new local
+pointer "data_to_send" and store correct i2c data pointer to
+it to fix NULL pointer kernel panic and incorrect ssif_info->multi_pos.
+
+Signed-off-by: Joeseph Chang <joechang@codeaurora.org>
+Signed-off-by: Corey Minyard <cminyard@mvista.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/char/ipmi/ipmi_ssif.c |    4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+--- a/drivers/char/ipmi/ipmi_ssif.c
++++ b/drivers/char/ipmi/ipmi_ssif.c
+@@ -891,6 +891,7 @@ static void msg_written_handler(struct s
+                * for details on the intricacies of this.
+                */
+               int left;
++              unsigned char *data_to_send;
+ 
+               ssif_inc_stat(ssif_info, sent_messages_parts);
+ 
+@@ -899,6 +900,7 @@ static void msg_written_handler(struct s
+                       left = 32;
+               /* Length byte. */
+               ssif_info->multi_data[ssif_info->multi_pos] = left;
++              data_to_send = ssif_info->multi_data + ssif_info->multi_pos;
+               ssif_info->multi_pos += left;
+               if (left < 32)
+                       /*
+@@ -912,7 +914,7 @@ static void msg_written_handler(struct s
+               rv = ssif_i2c_send(ssif_info, msg_written_handler,
+                                 I2C_SMBUS_WRITE,
+                                 SSIF_IPMI_MULTI_PART_REQUEST_MIDDLE,
+-                                ssif_info->multi_data + ssif_info->multi_pos,
++                                data_to_send,
+                                 I2C_SMBUS_BLOCK_DATA);
+               if (rv < 0) {
+                       /* request failed, just return the error. */
diff --git a/queue-4.11/series b/queue-4.11/series

index 6e91451fb3ba318fe53f099c24e3752490577aab..efa329657316f7cff2514db21a32f3a047918a89 100644 (file)
--- a/queue-4.11/series
+++ b/queue-4.11/series
@@ -104,3 +104,4 @@ bluetooth-hci_bcm-add-missing-tty-device-sanity-check.patch
  bluetooth-hci_intel-add-missing-tty-device-sanity-check.patch
  cgroup-fix-spurious-warnings-on-cgroup_is_dead-from-cgroup_sk_alloc.patch
  libata-reject-passthrough-write-same-requests.patch
+ipmi-fix-kernel-panic-at-ipmi_ssif_thread.patch
author	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Thu, 18 May 2017 09:13:55 +0000 (11:13 +0200)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Thu, 18 May 2017 09:13:55 +0000 (11:13 +0200)
queue-4.11/ipmi-fix-kernel-panic-at-ipmi_ssif_thread.patch	[new file with mode: 0644]	patch \| blob
queue-4.11/series		patch \| blob \| blame \| history