ipmi: fix unsigned long underflow
authorCorey Minyard <cminyard@mvista.com>
Sun, 30 Jul 2017 02:14:55 +0000 (21:14 -0500)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Fri, 24 Nov 2017 07:37:04 +0000 (08:37 +0100)
commit 392a17b10ec4320d3c0e96e2a23ebaad1123b989 upstream.

When I set the timeout to a specific value such as 500ms, the timeout
event will not happen in time due to the overflow in function
check_msg_timeout:
...
ent->timeout -= timeout_period;
if (ent->timeout > 0)
return;
...

The type of timeout_period is long, but ent->timeout is unsigned long.
This patch makes the type consistent.

Reported-by: Weilong Chen <chenweilong@huawei.com>
Signed-off-by: Corey Minyard <cminyard@mvista.com>
Tested-by: Weilong Chen <chenweilong@huawei.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
drivers/char/ipmi/ipmi_msghandler.c

index 810b138f5897b85374b0cc19e7b175b86757d232..c82d9fd2f05af6c787ab640a88dd4a7b47717381 100644 (file)
@@ -4030,7 +4030,8 @@ smi_from_recv_msg(ipmi_smi_t intf, struct ipmi_recv_msg *recv_msg,
 }
 
 static void check_msg_timeout(ipmi_smi_t intf, struct seq_table *ent,
-                             struct list_head *timeouts, long timeout_period,
+                             struct list_head *timeouts,
+                             unsigned long timeout_period,
                              int slot, unsigned long *flags,
                              unsigned int *waiting_msgs)
 {
@@ -4043,8 +4044,8 @@ static void check_msg_timeout(ipmi_smi_t intf, struct seq_table *ent,
        if (!ent->inuse)
                return;
 
-       ent->timeout -= timeout_period;
-       if (ent->timeout > 0) {
+       if (timeout_period < ent->timeout) {
+               ent->timeout -= timeout_period;
                (*waiting_msgs)++;
                return;
        }
@@ -4110,7 +4111,8 @@ static void check_msg_timeout(ipmi_smi_t intf, struct seq_table *ent,
        }
 }
 
-static unsigned int ipmi_timeout_handler(ipmi_smi_t intf, long timeout_period)
+static unsigned int ipmi_timeout_handler(ipmi_smi_t intf,
+                                        unsigned long timeout_period)
 {
        struct list_head     timeouts;
        struct ipmi_recv_msg *msg, *msg2;