ipmi/sel: Fix use after free The message was sometimes re-queued and always freed. Hilarity ensues. Signed-off-by: Alistair Popple <alistair@popple.id.au> Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>

commit: 092d2a8e58cad4c9cac3dc573f5af6409d2d1ce6 [log] [tgz]
author: Alistair Popple <alistair@popple.id.au> Thu Jun 18 11:00:34 2015 +1000
committer: Stewart Smith <stewart@linux.vnet.ibm.com> Thu Jun 18 14:51:55 2015 +1000
tree: 491e518cd7d23ff2009366794a3f165e1b7eeb4f
parent: 89b588267fe9233d6bdb26fa8671f41f79fc690b [diff]
diff --git a/hw/ipmi/ipmi-sel.c b/hw/ipmi/ipmi-sel.c
index 8851dc3..7007f83 100644
--- a/hw/ipmi/ipmi-sel.c
+++ b/hw/ipmi/ipmi-sel.c

@@ -69,10 +69,10 @@
 	if (msg->cc == IPMI_LOST_ARBITRATION_ERR)
 		/* Retry due to SEL erase */
 		ipmi_queue_msg(msg);
-	else
+	else {
 		opal_elog_complete(msg->user_data, false);
-
-	ipmi_free_msg(msg);
+		ipmi_free_msg(msg);
+	}
 }
 
 /* Goes through the required steps to add a complete eSEL:
commit	092d2a8e58cad4c9cac3dc573f5af6409d2d1ce6	[log] [tgz]
author	Alistair Popple <alistair@popple.id.au>	Thu Jun 18 11:00:34 2015 +1000
committer	Stewart Smith <stewart@linux.vnet.ibm.com>	Thu Jun 18 14:51:55 2015 +1000
tree	491e518cd7d23ff2009366794a3f165e1b7eeb4f
parent	89b588267fe9233d6bdb26fa8671f41f79fc690b [diff]