echo 0 > /sys/devices/platform/dmi-ipmi-ssif.0/driver_override
causes the kernel to panic
------------[ cut here ]------------
kernel BUG at mm/slub.c:3894!
Internal error: Oops - BUG: 0 [#1] SMP
Modules linked in: nfsv3 nfs_acl nfs lockd grace fscache sunrpc vfat fat
crc32_ce ghash_ce sha2_ce sha256_arm64 sha1_ce cavium_rng_vf sg thunderx_edac
cavium_rng ipmi_ssif ipmi_devintf ipmi_msghandler uio_pdrv_genirq uio ip_tables
xfs libcrc32c ast nicvf i2c_algo_bit drm_kms_helper syscopyarea sysfillrect
sysimgblt fb_sys_fops ttm drm nicpf i2c_thunderx i2c_core thunder_bgx
thunder_xcv mdio_thunder mdio_cavium dm_mirror dm_region_hash dm_log dm_mod
CPU: 93 PID: 2668 Comm: bash Not tainted 4.15.0-rc8+ #2
Hardware name: GIGABYTE R270-T60-00/MT60-SC0-00, BIOS T48 10/02/2017
pstate: 60000005 (nZCv daif -PAN -UAO)
pc : kfree+0x19c/0x1a0
lr : driver_override_store+0x90/0xc8
sp : ffff00007c5afc40
x29: ffff00007c5afc40 x28: ffff8107aaa4ff00
x27: ffff000008831000 x26: 0000000000000040
x25: 0000000000000124 x24: ffff810012208b20
x23: ffff000008aab1b0 x22: ffff810010bfe870
x21: ffff000008545a2c x20: ffff000008aab1b0
x19: 0000000000000002 x18: 0000000000000000
x17: 0000000000000000 x16: ffff8107aaa4ff00
x15: 00004bc06bf5c674 x14: ffffffffffffffff
x13: 0000000000000010 x12: 0101010101010101
x11: ffffff7f7f7fff7f x10: fefe7fff111b92ff
x9 : ffffff7f7f7f7f7f x8 : 0000008000800080
x7 : ffff7fe000022a80 x6 : ffff8100121c9382
x5 : 0000000000000ddd x4 : ffff8107fae10460
x3 : 0000000000000a30 x2 : 0000000000000000
x3 : 0000000000000a30 x2 : 0000000000000000
x1 : 0000000000000000 x0 : ffff7fe000022aa0
Process bash (pid: 2668, stack limit = 0x00000000a5d669ed)
Call trace:
kfree+0x19c/0x1a0
driver_override_store+0x90/0xc8
dev_attr_store+0x40/0x54
sysfs_kf_write+0x5c/0x6c
kernfs_fop_write+0xc8/0x1d0
__vfs_write+0x58/0x180
vfs_write+0xa8/0x1a0
SyS_write+0x60/0xc0
__sys_trace_return+0x0/0x4
Code: b9406ce1 aa0703e0 97fe3f7a 17ffffd4 (d4210000)
---[ end trace faaeb1eb2e390c5b ]---
Kernel panic - not syncing: Fatal exception
SMP: stopping secondary CPUs
Kernel Offset: disabled
CPU features: 0x101108
Memory Limit: none
---[ end Kernel panic - not syncing: Fatal exception
driver_override must be initialized to a non-constant string as it is
free'd in driver_override_store().
Signed-off-by: Prarit Bhargava <pra...@redhat.com>
Cc: Corey Minyard <miny...@acm.org>
Cc: Tony Camuso <tcam...@redhat.com>
---
drivers/char/ipmi/ipmi_dmi.c | 9 +++++++--
1 file changed, 7 insertions(+), 2 deletions(-)
diff --git a/drivers/char/ipmi/ipmi_dmi.c b/drivers/char/ipmi/ipmi_dmi.c
index ab78b3be7e33..e6bc8d287dc4 100644
--- a/drivers/char/ipmi/ipmi_dmi.c
+++ b/drivers/char/ipmi/ipmi_dmi.c
@@ -58,11 +58,15 @@ static void __init dmi_add_platform_ipmi(unsigned long
base_addr,
memset(p, 0, sizeof(p));
name = "dmi-ipmi-si";
- override = "ipmi_si";
+ override = kzalloc(16, GFP_KERNEL);
+ if (!override)
+ return;
+ strcpy(override, "ipmi_si");
+
switch (type) {
case IPMI_DMI_TYPE_SSIF:
name = "dmi-ipmi-ssif";
- override = "ipmi_ssif";
+ strcpy(override, "ipmi_ssif");
offset = 1;
size = 1;
si_type = SI_TYPE_INVALID;
@@ -81,6 +85,7 @@ static void __init dmi_add_platform_ipmi(unsigned long
base_addr,
break;
default:
pr_err("ipmi:dmi: Invalid IPMI type: %d\n", type);
+ kfree(override);
return;
}
--
2.15.0.rc0.39.g2f0e14e64
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Openipmi-developer mailing list
Openipmi-developer@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openipmi-developer
