I was looking into random driver code and found a suspicious looking
memcpy() in drivers/char/ipmi/ipmi_bt_sm.c on 2.6.17-rc1:
if ((size < 2) || (size > IPMI_MAX_MSG_LENGTH))
return -1;
...
memcpy(bt->write_data + 3, data + 1, size - 1);
where sizeof bt->write_data is IPMI_MAX_MSG_LENGTH. It looks like the
memcpy would overflow by 2 bytes if size == IPMI_MAX_MSG_LENGTH. A patch
attached to limit size to (IPMI_MAX_LENGTH - 2).
Cc: Corey Minyard <minyard@acm.org>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
The current BT retry/reset mechanism fails to succeed on a PowerEdge 1650,
when the controller is wedged with B2H_ATN asserted at XACTION_START. If this
occurs, no further commands will ever succeed unless the state of the
controller is first cleared out.
Furthermore, the soft reset would only occur if the first command after insmod
was the one that timed out, not if a later command timed out.
This patch changes the retry/reset mechanism to be as follows:
Before retrying a command, clear the state of the BT controller such that the
flags represent ready for a new transaction. This increases the chance of
success of the restarted transaction.
After 2 retries, issue a soft reset and retry one more time before giving up
and reporting back a failure.
Signed-off-by: Matt Domsch <Matt_Domsch@dell.com>
Acked-by: Rocky Craig <rocky.craig@hp.com>
Signed-off-by: Corey Minyard <minyard@acm.org>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
A number of small changes for the various system interface drivers,
consolidated from a number of patches from Matt Domsch.
Clear B2H_ATN and drain the BMC message buffer on command timeout. This
prevents further commands from failing after a timeout.
Add bt_debug and smic_debug module parameters, expose them in sysfs. This
lets you enable and disable debugging messages at runtime.
Unsigned jiffies math in ipmi_si_intf.c causes a too-large value to be passed
to ->event() after jiffies wrap-around. The BT driver had caught this, but
didn't know how to fix it. Now all calls to ->event() use a sane value for
time.
Increase timeout for commands handed to the BT driver from 2 seconds to 5
seconds. This is necessary particularly when the previous command was a
"Clear SEL", as that command completes, yet the BMC isn't really ready to
handle another command yet.
Silence BT debugging messages which were being printed on the console.
Increase SMIC timeout form 1/10s to 2s. This is needed on Dell PowerEdge 2650
and PowerEdge 750 with ERA/O cards to allow commands to complete without
timing out.
Adds kcs_debug module param, to match behavior of BT and SMIC. This also
prevents messages from being sent to the console unless explicitly requested.
Signed-off-by: Matt Domsch <Matt_Domsch@dell.com>
Signed-off-by: Corey Minyard <minyard@acm.org>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Clean up various style issues in the IPMI driver. Should be no functional
changes.
Signed-off-by: Corey Minyard <minyard@acm.org>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
This adds MODULE_VERSION, MODULE_DESCRIPTION, and MODULE_AUTHOR tags to the
IPMI driver modules. Also changes the MODULE_VERSION to remove the
prepended 'v' on each value, consistent with the module versioning policy.
This patch also removes all the version information from everything except
the ipmi_msghandler module.
Signed-off-by: Matt Domsch <Matt_Domsch@dell.com>
Signed-off-by: Corey Minyard <minyard@acm.org>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Enable interrupts for a BT interface. There is a specific register that
needs to be set up to enable interrupts that also must be modified to clear
the irq.
Also, don't reset the BMC on a BT interface. That's probably not a good
idea as the BMC may be performing other important functions and a reset
should only be a last resort. Also, that register is also used to
enable/disable interrupts to the BT; modifying it may screw up the
interrupts.
Signed-off-by: Corey Minyard <minyard@acm.org>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Initial git repository build. I'm not bothering with the full history,
even though we have it. We can create a separate "historical" git
archive of that later if we want to, and in the meantime it's about
3.2GB when imported into git - space that would just make the early
git days unnecessarily complicated, when we don't have a lot of good
infrastructure for it.
Let it rip!