Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1753850AbdC1CWP (ORCPT <rfc822;w@1wt.eu>);
        Mon, 27 Mar 2017 22:22:15 -0400
Received: from wolverine02.qualcomm.com ([199.106.114.251]:37389 "EHLO
        wolverine02.qualcomm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1753673AbdC1CWO (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 27 Mar 2017 22:22:14 -0400
X-IronPort-AV: E=Sophos;i="5.36,234,1486454400"; 
   d="scan'208";a="368755624"
X-IronPort-AV: E=McAfee;i="5800,7501,8480"; a="1335778140"
X-MGA-submission: =?us-ascii?q?MDEJTtTXSm0yeY1d72xdPPcpEcbzNyGRz6h+mr?=
 =?us-ascii?q?K5bH3k2DrAiltkvHrPz9NkPGRSCRul2ehI2QfjYhL5Omn+DHwpHwD/K0?=
 =?us-ascii?q?czXvbfpotKq4iuxxLAA8LVBujD/0QbCxhNbNIyOLxQAgWRLjZfw0/dlJ?=
 =?us-ascii?q?mH?=
From: Joeseph Chang <joechang@codeaurora.org>
To: minyard@acm.org, openipmi-developer@lists.sourceforge.net,
        linux-kernel@vger.kernel.org, joechang@codeaurora.org
Cc: anjiandi@codeaurora.org
Subject: [PATCH] ipmi: Fix kernel panic at ipmi_ssif_thread()
Date: Mon, 27 Mar 2017 20:22:09 -0600
Message-Id: <1490667729-18129-1-git-send-email-joechang@codeaurora.org>
X-Mailer: git-send-email 1.9.1
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
Content-Length: 1607
Lines: 45

Signed-off-by: Joeseph Chang <joechang@codeaurora.org>
---
ipmi: Fix kernel panic at ipmi_ssif_thread()

msg_written_handler() may set ssif_info->multi_data to NULL
when using ipmitool to write fru.

Before setting ssif_info->multi_data to NULL, add new local
pointer "data_to_send" and store correct i2c data pointer to
it to fix NULL pointer kernel panic and incorrect ssif_info->multi_pos.

 drivers/char/ipmi/ipmi_ssif.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/drivers/char/ipmi/ipmi_ssif.c b/drivers/char/ipmi/ipmi_ssif.c
index cca6e5b..51ba67d 100644
--- a/drivers/char/ipmi/ipmi_ssif.c
+++ b/drivers/char/ipmi/ipmi_ssif.c
@@ -891,6 +891,7 @@ static void msg_written_handler(struct ssif_info *ssif_info, int result,
 		 * for details on the intricacies of this.
 		 */
 		int left;
+		unsigned char *data_to_send;
 
 		ssif_inc_stat(ssif_info, sent_messages_parts);
 
@@ -899,6 +900,7 @@ static void msg_written_handler(struct ssif_info *ssif_info, int result,
 			left = 32;
 		/* Length byte. */
 		ssif_info->multi_data[ssif_info->multi_pos] = left;
+		data_to_send = ssif_info->multi_data + ssif_info->multi_pos;
 		ssif_info->multi_pos += left;
 		if (left < 32)
 			/*
@@ -912,7 +914,7 @@ static void msg_written_handler(struct ssif_info *ssif_info, int result,
 		rv = ssif_i2c_send(ssif_info, msg_written_handler,
 				  I2C_SMBUS_WRITE,
 				  SSIF_IPMI_MULTI_PART_REQUEST_MIDDLE,
-				  ssif_info->multi_data + ssif_info->multi_pos,
+				  data_to_send,
 				  I2C_SMBUS_BLOCK_DATA);
 		if (rv < 0) {
 			/* request failed, just return the error. */
-- 
1.9.1