> -----Original Message-----
> From: Corey Minyard [mailto:tcminy...@gmail.com]
> Sent: Wednesday, August 22, 2018 11:28 AM
> To: Ernst, Justin <justin.er...@hpe.com>; Corey Minyard
> <miny...@acm.org>
> Cc: Arnd Bergmann <a...@arndb.de>; Greg Kroah-Hartman
> <gre...@linuxfoundation.org>; Jeremy Kerr <j...@ozlabs.org>; openipmi-
> develo...@lists.sourceforge.net; linux-ker...@vger.kernel.org; Anderson,
> Russ <russ.ander...@hpe.com>
> Subject: Re: [PATCH] Remove redundant cleanup in ipmi_register_smi
>
> On 08/21/2018 10:25 AM, Justin Ernst wrote:
> > When ipmi_register_smi fails, it performs a small cleanup routine
> > before returning its error value. In try_smi_init, on the condition
> > that ipmi_register_smi fails, ipmi_unregister_smi is called.
> > ipmi_unregister_smi performs the same cleanup routine as
> > ipmi_register_smi. This results in a kernel NULL pointer dereference.
> > Removing the cleanup routine in ipmi_register_smi results in proper
> cleanup of a ipmi_register_smi failure.
>
> This is almost certainly wrong. If ipmi_register_smi() fails, the calling
> code
> shouldn't call ipmi_unregister_smi().
>
> However, I think I know what is going wrong. ipmi_register_smi() can fail
> after the interface is initialized, if so the registering code will think it
> is
> registered and call ipmi_unregister_smi() on a failure. I'll send a patch for
> this.
>
> -corey
Thanks for the reply Corey. I agree with what you have stated. I'll be watching
for the patch.
-Justin
>
> >
> > Cc: Corey Minyard <miny...@acm.org>
> > Cc: Arnd Bergmann <a...@arndb.de>
> > Cc: Greg Kroah-Hartman <gre...@linuxfoundation.org>
> > Cc: Jeremy Kerr <j...@ozlabs.org>
> > Cc: openipmi-developer@lists.sourceforge.net
> > Cc: linux-ker...@vger.kernel.org
> > Cc: Russ Anderson <russ.ander...@hpe.com>
> > Acked-by: Andrew Banman <aban...@hpe.com>
> > Signed-off-by: Justin Ernst <justin.er...@hpe.com>
> > ---
> > drivers/char/ipmi/ipmi_msghandler.c | 10 +++++-----
> > 1 file changed, 5 insertions(+), 5 deletions(-)
> >
> > diff --git a/drivers/char/ipmi/ipmi_msghandler.c
> > b/drivers/char/ipmi/ipmi_msghandler.c
> > index 51832b8a2c62..3b0b50c4f064 100644
> > --- a/drivers/char/ipmi/ipmi_msghandler.c
> > +++ b/drivers/char/ipmi/ipmi_msghandler.c
> > @@ -3395,12 +3395,12 @@ int ipmi_register_smi(const struct
> > ipmi_smi_handlers *handlers,
> >
> > out:
> > if (rv) {
> > - ipmi_bmc_unregister(intf);
> > - list_del_rcu(&intf->link);
> > + /*
> > + * ipmi_unregister_smi must be called to clean up after
> > + * failure. We unlock the mutex to allow ipmi_unregister_smi
> > + * to lock it and perform cleanup.
> > + */
> > mutex_unlock(&ipmi_interfaces_mutex);
> > - synchronize_srcu(&ipmi_interfaces_srcu);
> > - cleanup_srcu_struct(&intf->users_srcu);
> > - kref_put(&intf->refcount, intf_free);
> > } else {
> > /*
> > * Keep memory order straight for RCU readers. Make
>
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Openipmi-developer mailing list
Openipmi-developer@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openipmi-developer
