On Tue, 2026-04-07 at 20:01 +0530, Ritesh Harjani (IBM) wrote: > Haren reported a UAF / null ptr deref issue here [1]. While reviewing > that and > going over papr-hvpipe code, I found couple of more issues around the > usage of > copy_to_user() and few refactoring which simplifies the code. > > This patch series is an attempt to that. Note that this is only > compile tested > on pseries for now. > > Haren, I will kindly need your help in verifying this please. Let me > know if we > have a selftests or any other test framework for this, which I can > utilize too.
Thanks for fixes and cleanup the code. The testing should be part of HMC/RCST framework. So we do not have selftests. I will work with HMC to verify these patches. > > [1]: > https://lore.kernel.org/linuxppc-dev/[email protected]/ > > > Ritesh Harjani (IBM) (6): > pseries/papr-hvpipe: Fix null ptr deref in > papr_hvpipe_dev_create_handle > pseries/papr-hvpipe: Fix the usage of copy_to_user() > pseries/papr-hvpipe: Simplify spin_unlock() usage in > papr_hvpipe_handle_release > pseries/papr-hvpipe: Kill task_struct pointer from struct > hvpipe_source_info > pseries/papr-hvpipe: Refactor and simplify hvpipe_rtas_recv_msg() > pseries/papr-hvpipe: Simplify error handling in papr_hvpipe_init() > > arch/powerpc/platforms/pseries/papr-hvpipe.c | 135 +++++++++-------- > -- > arch/powerpc/platforms/pseries/papr-hvpipe.h | 1 - > 2 files changed, 66 insertions(+), 70 deletions(-) > > -- > 2.39.5
