[PATCH v2] powerpc/pseries/papr-hvpipe: fix NULL dereference in handle creation
Ritesh Harjani (IBM)
ritesh.list at gmail.com
Tue Apr 21 11:04:37 AEST 2026
Guangshuo Li <lgs201920130244 at gmail.com> writes:
> papr_hvpipe_dev_create_handle() transfers ownership of src_info with
> retain_and_null_ptr(src_info) after anon_inode_getfile() succeeds.
> However, retain_and_null_ptr() clears src_info immediately, and the
> function then still dereferences src_info in the subsequent list_add().
>
> Store the transferred pointer in a separate variable and use that for
> the list insertion.
>
> Manually identified during code review.
Thanks. Although the fix for this and bunch of other fixes & cleanups
were already queued up for review in here [1].
[1]: https://lore.kernel.org/all/cover.1775648406.git.ritesh.list@gmail.com/
-ritesh
More information about the Linuxppc-dev
mailing list