summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--drivers/char/ipmi/ipmi_si_intf.c15
-rw-r--r--include/linux/ipmi_smi.h36
2 files changed, 30 insertions, 21 deletions
diff --git a/drivers/char/ipmi/ipmi_si_intf.c b/drivers/char/ipmi/ipmi_si_intf.c
index da09eb0ef788..4f560d0bb808 100644
--- a/drivers/char/ipmi/ipmi_si_intf.c
+++ b/drivers/char/ipmi/ipmi_si_intf.c
@@ -2380,20 +2380,9 @@ static int try_get_dev_id(struct smi_info *smi_info)
/* Otherwise, we got some data. */
resp_len = smi_info->handlers->get_result(smi_info->si_sm,
resp, IPMI_MAX_MSG_LENGTH);
- if (resp_len < 14) {
- /* That's odd, it should be longer. */
- rv = -EINVAL;
- goto out;
- }
-
- if ((resp[1] != IPMI_GET_DEVICE_ID_CMD) || (resp[2] != 0)) {
- /* That's odd, it shouldn't be able to fail. */
- rv = -EINVAL;
- goto out;
- }
- /* Record info from the get device id, in case we need it. */
- ipmi_demangle_device_id(resp+3, resp_len-3, &smi_info->device_id);
+ /* Check and record info from the get device id, in case we need it. */
+ rv = ipmi_demangle_device_id(resp, resp_len, &smi_info->device_id);
out:
kfree(resp);
diff --git a/include/linux/ipmi_smi.h b/include/linux/ipmi_smi.h
index c0633108d05d..efa292a52e7e 100644
--- a/include/linux/ipmi_smi.h
+++ b/include/linux/ipmi_smi.h
@@ -148,26 +148,46 @@ struct ipmi_device_id {
/* Take a pointer to a raw data buffer and a length and extract device
id information from it. The first byte of data must point to the
- byte from the get device id response after the completion code.
- The caller is responsible for making sure the length is at least
- 11 and the command completed without error. */
-static inline void ipmi_demangle_device_id(unsigned char *data,
- unsigned int data_len,
- struct ipmi_device_id *id)
+ netfn << 2, the data should be of the format:
+ netfn << 2, cmd, completion code, data
+ as normally comes from a device interface. */
+static inline int ipmi_demangle_device_id(const unsigned char *data,
+ unsigned int data_len,
+ struct ipmi_device_id *id)
{
+ if (data_len < 9)
+ return -EINVAL;
+ if (data[0] != IPMI_NETFN_APP_RESPONSE << 2 ||
+ data[1] != IPMI_GET_DEVICE_ID_CMD)
+ /* Strange, didn't get the response we expected. */
+ return -EINVAL;
+ if (data[2] != 0)
+ /* That's odd, it shouldn't be able to fail. */
+ return -EINVAL;
+
+ data += 3;
+ data_len -= 3;
id->device_id = data[0];
id->device_revision = data[1];
id->firmware_revision_1 = data[2];
id->firmware_revision_2 = data[3];
id->ipmi_version = data[4];
id->additional_device_support = data[5];
- id->manufacturer_id = data[6] | (data[7] << 8) | (data[8] << 16);
- id->product_id = data[9] | (data[10] << 8);
+ if (data_len >= 6) {
+ id->manufacturer_id = (data[6] | (data[7] << 8) |
+ (data[8] << 16));
+ id->product_id = data[9] | (data[10] << 8);
+ } else {
+ id->manufacturer_id = 0;
+ id->product_id = 0;
+ }
if (data_len >= 15) {
memcpy(id->aux_firmware_revision, data+11, 4);
id->aux_firmware_revision_set = 1;
} else
id->aux_firmware_revision_set = 0;
+
+ return 0;
}
/* Add a low-level interface to the IPMI driver. Note that if the