Re: [PATCH v2] powerpc/pseries/papr-hvpipe: fix NULL dereference in handle creation

Next message: Maxwell Doose: "[PATCH] i3c: master: replace sprintf() with sysfs_emit() and sysfs_emit_at()"
Previous message: Blake: "Re: [PATCH] Documentation: coding-assistants: add optional Acted-By: trailer"
In reply to: Guangshuo Li: "[PATCH v2] powerpc/pseries/papr-hvpipe: fix NULL dereference in handle creation"
Next in thread: kernel test robot: "Re: [PATCH v2] powerpc/pseries/papr-hvpipe: fix NULL dereference in handle creation"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: IBM

Date: Mon Apr 20 2026 - 21:08:52 EST

Guangshuo Li <lgs201920130244@xxxxxxxxx> writes:

> papr_hvpipe_dev_create_handle() transfers ownership of src_info with
> retain_and_null_ptr(src_info) after anon_inode_getfile() succeeds.
> However, retain_and_null_ptr() clears src_info immediately, and the
> function then still dereferences src_info in the subsequent list_add().
>
> Store the transferred pointer in a separate variable and use that for
> the list insertion.
>
> Manually identified during code review.

Thanks. Although the fix for this and bunch of other fixes & cleanups
were already queued up for review in here [1].

[1]: https://lore.kernel.org/all/cover.1775648406.git.ritesh.list@xxxxxxxxx/

-ritesh