From: "Robert T. Johnson" <rtjohnso@eecs.berkeley.edu>

Judging from context, I think there's a misplaced "&" in this code that can
cause stack overflows and other nasty problems.  Perhaps it's left over
from when msgdata was an array instead of a pointer?

Signed-off-by: Andrew Morton <akpm@osdl.org>
---

 25-akpm/drivers/char/ipmi/ipmi_devintf.c |    2 +-
 1 files changed, 1 insertion(+), 1 deletion(-)

diff -puN drivers/char/ipmi/ipmi_devintf.c~267-rc3-drivers-char-ipmi-ipmi_devintfc-user-kernel drivers/char/ipmi/ipmi_devintf.c
--- 25/drivers/char/ipmi/ipmi_devintf.c~267-rc3-drivers-char-ipmi-ipmi_devintfc-user-kernel	Thu Jun 10 13:18:31 2004
+++ 25-akpm/drivers/char/ipmi/ipmi_devintf.c	Thu Jun 10 13:18:31 2004
@@ -199,7 +199,7 @@ static int handle_send_req(ipmi_user_t  
 			goto out;
 		}
 
-		if (copy_from_user(&msgdata,
+		if (copy_from_user(msgdata,
 				   req->msg.data,
 				   req->msg.data_len))
 		{
_