Guangshuo Li <[email protected]> writes: > papr_hvpipe_dev_create_handle() transfers ownership of src_info with > retain_and_null_ptr(src_info) after anon_inode_getfile() succeeds. > However, retain_and_null_ptr() clears src_info immediately, and the > function then still dereferences src_info in the subsequent list_add(). > > Store the transferred pointer in a separate variable and use that for > the list insertion. > > Manually identified during code review.
Thanks. Although the fix for this and bunch of other fixes & cleanups were already queued up for review in here [1]. [1]: https://lore.kernel.org/all/[email protected]/ -ritesh
