Re: [PATCH] ipmi: Fix rcu_read_unlock to srcu_read_unlock in handle_read_event_rsp

Next message: Herbert Xu: "Re: Need some clarification about CRYPTO_AHASH_ALG_BLOCK_ONLY"
Previous message: patchwork-bot+netdevbpf: "Re: [PATCH net v1] net: qrtr: replace qrtr_tx_flow radix_tree with xarray to fix memory leak"
In reply to: Rui Qi: "[PATCH] ipmi: Fix rcu_read_unlock to srcu_read_unlock in handle_read_event_rsp"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Rui Qi

Date: Thu Mar 26 2026 - 23:41:30 EST

On 3/25/26 8:11 PM, Rui Qi wrote:
> Fix a bug where rcu_read_unlock() was used instead of srcu_read_unlock()
> in handle_read_event_rsp() when ipmi_alloc_recv_msg() fails.
>
> This mismatch can lead to SRCU read-side critical section imbalance.
>
> Fixes: e86ee2d44b44 ("ipmi: Rework locking and shutdown for hot remove")
> Cc: stable@xxxxxxxxxxxxxxx # 6.12
>
> Signed-off-by: Rui Qi <qirui.001@xxxxxxxxxxxxx>
> ---
> drivers/char/ipmi/ipmi_msghandler.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/drivers/char/ipmi/ipmi_msghandler.c b/drivers/char/ipmi/ipmi_msghandler.c
> index 71c6ec8a87927..d2bbf8ffd9d76 100644
> --- a/drivers/char/ipmi/ipmi_msghandler.c
> +++ b/drivers/char/ipmi/ipmi_msghandler.c
> @@ -4388,7 +4388,7 @@ static int handle_read_event_rsp(struct ipmi_smi *intf,
>
> recv_msg = ipmi_alloc_recv_msg(user);
> if (IS_ERR(recv_msg)) {
> - rcu_read_unlock();
> + srcu_read_unlock(&intf->users_srcu, index);
> list_for_each_entry_safe(recv_msg, recv_msg2, &msgs,
> link) {
> list_del(&recv_msg->link);

This patch applies to the LTS v6.12 branch, base commit
48591125594050ab91c9156bccb3ddd9a869d9f1