ipmi:ssif: Check for NULL msg when handling events and messages
[ Upstream commit 7602b957e2404e5f98d9a40b68f1fd27f0028712 ] Even though it's not possible to get into the SSIF_GETTING_MESSAGES and SSIF_GETTING_EVENTS states without a valid message in the msg field, it's probably best to be defensive here and check and print a log, since that means something else went wrong. Also add a default clause to that switch statement to release the lock and print a log, in case the state variable gets messed up somehow. Reported-by: Haowen Bai <baihaowen@meizu.com> Signed-off-by: Corey Minyard <cminyard@mvista.com> Signed-off-by: Sasha Levin <sashal@kernel.org>
This commit is contained in:
Corey Minyard
committed by
Greg Kroah-Hartman
Greg Kroah-Hartman
parent
0b7c1dc7ee
commit
fa390c8b62
@@ -840,6 +840,14 @@ static void msg_done_handler(struct ssif_info *ssif_info, int result,
|
|||||||
break;
|
break;
|
||||||
|
|
||||||
case SSIF_GETTING_EVENTS:
|
case SSIF_GETTING_EVENTS:
|
||||||
|
if (!msg) {
|
||||||
|
/* Should never happen, but just in case. */
|
||||||
|
dev_warn(&ssif_info->client->dev,
|
||||||
|
"No message set while getting events\n");
|
||||||
|
ipmi_ssif_unlock_cond(ssif_info, flags);
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
|
||||||
if ((result < 0) || (len < 3) || (msg->rsp[2] != 0)) {
|
if ((result < 0) || (len < 3) || (msg->rsp[2] != 0)) {
|
||||||
/* Error getting event, probably done. */
|
/* Error getting event, probably done. */
|
||||||
msg->done(msg);
|
msg->done(msg);
|
||||||
@@ -864,6 +872,14 @@ static void msg_done_handler(struct ssif_info *ssif_info, int result,
|
|||||||
break;
|
break;
|
||||||
|
|
||||||
case SSIF_GETTING_MESSAGES:
|
case SSIF_GETTING_MESSAGES:
|
||||||
|
if (!msg) {
|
||||||
|
/* Should never happen, but just in case. */
|
||||||
|
dev_warn(&ssif_info->client->dev,
|
||||||
|
"No message set while getting messages\n");
|
||||||
|
ipmi_ssif_unlock_cond(ssif_info, flags);
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
|
||||||
if ((result < 0) || (len < 3) || (msg->rsp[2] != 0)) {
|
if ((result < 0) || (len < 3) || (msg->rsp[2] != 0)) {
|
||||||
/* Error getting event, probably done. */
|
/* Error getting event, probably done. */
|
||||||
msg->done(msg);
|
msg->done(msg);
|
||||||
@@ -887,6 +903,13 @@ static void msg_done_handler(struct ssif_info *ssif_info, int result,
|
|||||||
deliver_recv_msg(ssif_info, msg);
|
deliver_recv_msg(ssif_info, msg);
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
|
|
||||||
|
default:
|
||||||
|
/* Should never happen, but just in case. */
|
||||||
|
dev_warn(&ssif_info->client->dev,
|
||||||
|
"Invalid state in message done handling: %d\n",
|
||||||
|
ssif_info->ssif_state);
|
||||||
|
ipmi_ssif_unlock_cond(ssif_info, flags);
|
||||||
}
|
}
|
||||||
|
|
||||||
flags = ipmi_ssif_lock_cond(ssif_info, &oflags);
|
flags = ipmi_ssif_lock_cond(ssif_info, &oflags);
|
||||||
|
|||||||
Reference in New Issue
Block a user