illumos-gate Sdiff usr/src/uts/intel/io/ipmi/ipmi

Print this page

11839 ipmi_close can panic trying to free invalid dev_t
Reviewed by: Andy Stormont <astormont@racktopsystems.com>
Reviewed by: Garrett D'Amore <garrett@damore.org>

 145 /*
 146  * Each open returns a new pseudo device.
 147  */
 148 /*ARGSUSED*/
 149 static int
 150 ipmi_open(dev_t *devp, int flag, int otyp, cred_t *cred)
 151 {
 152         minor_t minor;
 153         ipmi_device_t *dev;
 154 
 155         if (ipmi_attached == B_FALSE)
 156                 return (ENXIO);
 157 
 158         if (ipmi_found == B_FALSE)
 159                 return (ENODEV);
 160 
 161         /* exclusive opens are not supported */
 162         if (flag & FEXCL)
 163                 return (ENOTSUP);
 164 
 165         if ((minor = (minor_t)id_alloc_nosleep(minor_ids)) == 0)
 166                 return (ENODEV);
 167 
 168         /* Initialize the per file descriptor data. */
 169         dev = kmem_zalloc(sizeof (ipmi_device_t), KM_SLEEP);
 170 
 171         dev->ipmi_pollhead = kmem_zalloc(sizeof (pollhead_t), KM_SLEEP);
 172 
 173         TAILQ_INIT(&dev->ipmi_completed_requests);
 174         dev->ipmi_address = IPMI_BMC_SLAVE_ADDR;
 175         dev->ipmi_lun = IPMI_BMC_SMS_LUN;
 176         *devp = makedevice(getmajor(*devp), minor);
 177         dev->ipmi_dev = *devp;
 178         cv_init(&dev->ipmi_cv, NULL, CV_DEFAULT, NULL);
 179 
 180         mutex_enter(&dev_list_lock);
 181         list_insert_head(&dev_list, dev);
 182         mutex_exit(&dev_list_lock);
 183 
 184         return (0);
 185 }

 145 /*
 146  * Each open returns a new pseudo device.
 147  */
 148 /*ARGSUSED*/
 149 static int
 150 ipmi_open(dev_t *devp, int flag, int otyp, cred_t *cred)
 151 {
 152         minor_t minor;
 153         ipmi_device_t *dev;
 154 
 155         if (ipmi_attached == B_FALSE)
 156                 return (ENXIO);
 157 
 158         if (ipmi_found == B_FALSE)
 159                 return (ENODEV);
 160 
 161         /* exclusive opens are not supported */
 162         if (flag & FEXCL)
 163                 return (ENOTSUP);
 164 
 165         if ((minor = (minor_t)id_alloc_nosleep(minor_ids)) == (minor_t)(-1))
 166                 return (ENODEV);
 167 
 168         /* Initialize the per file descriptor data. */
 169         dev = kmem_zalloc(sizeof (ipmi_device_t), KM_SLEEP);
 170 
 171         dev->ipmi_pollhead = kmem_zalloc(sizeof (pollhead_t), KM_SLEEP);
 172 
 173         TAILQ_INIT(&dev->ipmi_completed_requests);
 174         dev->ipmi_address = IPMI_BMC_SLAVE_ADDR;
 175         dev->ipmi_lun = IPMI_BMC_SMS_LUN;
 176         *devp = makedevice(getmajor(*devp), minor);
 177         dev->ipmi_dev = *devp;
 178         cv_init(&dev->ipmi_cv, NULL, CV_DEFAULT, NULL);
 179 
 180         mutex_enter(&dev_list_lock);
 181         list_insert_head(&dev_list, dev);
 182         mutex_exit(&dev_list_lock);
 183 
 184         return (0);
 185 }