Haren reported a UAF / null ptr deref issue here [1]. While reviewing that and going over papr-hvpipe code, I found couple of more issues around the usage of copy_to_user() and few refactoring which simplifies the code.
This patch series is an attempt to that. Note that this is only compile tested on pseries for now. Haren, I will kindly need your help in verifying this please. Let me know if we have a selftests or any other test framework for this, which I can utilize too. [1]: https://lore.kernel.org/linuxppc-dev/[email protected]/ Ritesh Harjani (IBM) (6): pseries/papr-hvpipe: Fix null ptr deref in papr_hvpipe_dev_create_handle pseries/papr-hvpipe: Fix the usage of copy_to_user() pseries/papr-hvpipe: Simplify spin_unlock() usage in papr_hvpipe_handle_release pseries/papr-hvpipe: Kill task_struct pointer from struct hvpipe_source_info pseries/papr-hvpipe: Refactor and simplify hvpipe_rtas_recv_msg() pseries/papr-hvpipe: Simplify error handling in papr_hvpipe_init() arch/powerpc/platforms/pseries/papr-hvpipe.c | 135 +++++++++---------- arch/powerpc/platforms/pseries/papr-hvpipe.h | 1 - 2 files changed, 66 insertions(+), 70 deletions(-) -- 2.39.5
