[RFC v1 0/6] pseries/papr-hvpipe: Fix and simplify papr-hvpipe
Ritesh Harjani (IBM)
ritesh.list at gmail.com
Wed Apr 8 00:31:34 AEST 2026
Haren reported a UAF / null ptr deref issue here [1]. While reviewing that and
going over papr-hvpipe code, I found couple of more issues around the usage of
copy_to_user() and few refactoring which simplifies the code.
This patch series is an attempt to that. Note that this is only compile tested
on pseries for now.
Haren, I will kindly need your help in verifying this please. Let me know if we
have a selftests or any other test framework for this, which I can utilize too.
[1]: https://lore.kernel.org/linuxppc-dev/20260317040444.2785741-1-haren@linux.ibm.com/
Ritesh Harjani (IBM) (6):
pseries/papr-hvpipe: Fix null ptr deref in papr_hvpipe_dev_create_handle
pseries/papr-hvpipe: Fix the usage of copy_to_user()
pseries/papr-hvpipe: Simplify spin_unlock() usage in papr_hvpipe_handle_release
pseries/papr-hvpipe: Kill task_struct pointer from struct hvpipe_source_info
pseries/papr-hvpipe: Refactor and simplify hvpipe_rtas_recv_msg()
pseries/papr-hvpipe: Simplify error handling in papr_hvpipe_init()
arch/powerpc/platforms/pseries/papr-hvpipe.c | 135 +++++++++----------
arch/powerpc/platforms/pseries/papr-hvpipe.h | 1 -
2 files changed, 66 insertions(+), 70 deletions(-)
--
2.39.5
More information about the Linuxppc-dev
mailing list