GET

Patch Detail

get:
Show a patch.

patch:
Update a patch.

put:
Update a patch.

GET /api/1.1/patches/2220915/?format=api
HTTP 200 OK
Allow: GET, PUT, PATCH, HEAD, OPTIONS
Content-Type: application/json
Vary: Accept

{
    "id": 2220915,
    "url": "http://patchwork.ozlabs.org/api/1.1/patches/2220915/?format=api",
    "web_url": "http://patchwork.ozlabs.org/project/linuxppc-dev/patch/0843d293fa00a345f156977534e5cb666f1d8bcd.1775648406.git.ritesh.list@gmail.com/",
    "project": {
        "id": 2,
        "url": "http://patchwork.ozlabs.org/api/1.1/projects/2/?format=api",
        "name": "Linux PPC development",
        "link_name": "linuxppc-dev",
        "list_id": "linuxppc-dev.lists.ozlabs.org",
        "list_email": "linuxppc-dev@lists.ozlabs.org",
        "web_url": "https://github.com/linuxppc/wiki/wiki",
        "scm_url": "https://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux.git",
        "webscm_url": "https://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux.git/"
    },
    "msgid": "<0843d293fa00a345f156977534e5cb666f1d8bcd.1775648406.git.ritesh.list@gmail.com>",
    "date": "2026-04-08T12:01:33",
    "name": "[RFC,v2,03/10] pseries/papr-hvpipe: Fix null ptr deref in papr_hvpipe_dev_create_handle()",
    "commit_ref": null,
    "pull_url": null,
    "state": "new",
    "archived": false,
    "hash": "ff786cb5b8e56380057b2dff5d82e40f3ab8c3af",
    "submitter": {
        "id": 79126,
        "url": "http://patchwork.ozlabs.org/api/1.1/people/79126/?format=api",
        "name": "Ritesh Harjani (IBM)",
        "email": "ritesh.list@gmail.com"
    },
    "delegate": null,
    "mbox": "http://patchwork.ozlabs.org/project/linuxppc-dev/patch/0843d293fa00a345f156977534e5cb666f1d8bcd.1775648406.git.ritesh.list@gmail.com/mbox/",
    "series": [
        {
            "id": 499129,
            "url": "http://patchwork.ozlabs.org/api/1.1/series/499129/?format=api",
            "web_url": "http://patchwork.ozlabs.org/project/linuxppc-dev/list/?series=499129",
            "date": "2026-04-08T12:01:30",
            "name": "pseries/papr-hvpipe: Fix deadlock, races and misc cleanups",
            "version": 2,
            "mbox": "http://patchwork.ozlabs.org/series/499129/mbox/"
        }
    ],
    "comments": "http://patchwork.ozlabs.org/api/patches/2220915/comments/",
    "check": "pending",
    "checks": "http://patchwork.ozlabs.org/api/patches/2220915/checks/",
    "tags": {},
    "headers": {
        "Return-Path": "\n <linuxppc-dev+bounces-19499-incoming=patchwork.ozlabs.org@lists.ozlabs.org>",
        "X-Original-To": [
            "incoming@patchwork.ozlabs.org",
            "linuxppc-dev@lists.ozlabs.org"
        ],
        "Delivered-To": "patchwork-incoming@legolas.ozlabs.org",
        "Authentication-Results": [
            "legolas.ozlabs.org;\n\tdkim=pass (2048-bit key;\n unprotected) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256\n header.s=20251104 header.b=EQozyDCy;\n\tdkim-atps=neutral",
            "legolas.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=lists.ozlabs.org\n (client-ip=2404:9400:21b9:f100::1; helo=lists.ozlabs.org;\n envelope-from=linuxppc-dev+bounces-19499-incoming=patchwork.ozlabs.org@lists.ozlabs.org;\n receiver=patchwork.ozlabs.org)",
            "lists.ozlabs.org;\n arc=none smtp.remote-ip=\"2607:f8b0:4864:20::433\"",
            "lists.ozlabs.org;\n dmarc=pass (p=none dis=none) header.from=gmail.com",
            "lists.ozlabs.org;\n\tdkim=pass (2048-bit key;\n unprotected) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256\n header.s=20251104 header.b=EQozyDCy;\n\tdkim-atps=neutral",
            "lists.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=gmail.com\n (client-ip=2607:f8b0:4864:20::433; helo=mail-pf1-x433.google.com;\n envelope-from=ritesh.list@gmail.com; receiver=lists.ozlabs.org)"
        ],
        "Received": [
            "from lists.ozlabs.org (lists.ozlabs.org\n [IPv6:2404:9400:21b9:f100::1])\n\t(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n\t key-exchange x25519)\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4frMBL5Rlqz1xv0\n\tfor <incoming@patchwork.ozlabs.org>; Wed, 08 Apr 2026 22:02:18 +1000 (AEST)",
            "from boromir.ozlabs.org (localhost [127.0.0.1])\n\tby lists.ozlabs.org (Postfix) with ESMTP id 4frMB95T3nz2yrS;\n\tWed, 08 Apr 2026 22:02:09 +1000 (AEST)",
            "from mail-pf1-x433.google.com (mail-pf1-x433.google.com\n [IPv6:2607:f8b0:4864:20::433])\n\t(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n\t key-exchange x25519 server-signature RSA-PSS (2048 bits) server-digest\n SHA256)\n\t(No client certificate requested)\n\tby lists.ozlabs.org (Postfix) with ESMTPS id 4frMB90KNlz2xc8\n\tfor <linuxppc-dev@lists.ozlabs.org>; Wed, 08 Apr 2026 22:02:08 +1000 (AEST)",
            "by mail-pf1-x433.google.com with SMTP id\n d2e1a72fcca58-8296dabef74so5811432b3a.1\n        for <linuxppc-dev@lists.ozlabs.org>;\n Wed, 08 Apr 2026 05:02:08 -0700 (PDT)",
            "from Mac.localdomain ([49.205.216.49])\n        by smtp.gmail.com with ESMTPSA id\n d2e1a72fcca58-82cf9b3e169sm21209322b3a.18.2026.04.08.05.02.02\n        (version=TLS1_3 cipher=TLS_CHACHA20_POLY1305_SHA256 bits=256/256);\n        Wed, 08 Apr 2026 05:02:05 -0700 (PDT)"
        ],
        "ARC-Seal": "i=1; a=rsa-sha256; d=lists.ozlabs.org; s=201707; t=1775649729;\n\tcv=none;\n b=Vj7ORV8CJe2JpY7vgKL+QCyspSh0JzWmNV1ZvKV5BuYks/UiJRihsxzTJfcOm+cCor1UpssobS5rqs4ZaH08iqxaKNaBvnh5Ih1EPRL//qX6ipgpAnoOMXBwNa421Jdpaq7eViB/ZxeC63IxZU1P+2G37HFBVetJneQj3SSmMaX0yKR6M4J1wxgWy0ddz2/Q4Ty5FqV4lXXJULYBXkheaorEslNLN/CRY14BsHCESObLyqjfj/Mo6ekUyPLWazh762uu1qvKl57eqjvvgu3vPQwPGAy/HKsT8eUWYW6WdrVmesQ2j1yr5vC12YWoPfZY18i6UmKhBFS2jZjP5bsdaA==",
        "ARC-Message-Signature": "i=1; a=rsa-sha256; d=lists.ozlabs.org; s=201707;\n\tt=1775649729; c=relaxed/relaxed;\n\tbh=yT/imSl5xO1+XIbW+YZh2He2MwMtKgkLKK3cHIqMkqk=;\n\th=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References:\n\t MIME-Version;\n b=kkJUva6JcMa2DLdrftOI45SqkLy1xe5XyzpeoA0ykkw1xxXFtqbc7B9D89V/x7CRHSM0F3jkWc2Z/+lirbLeQv9iXBAQRi2mMV1smcgXhYvuf9u4nFVf0Ep5YTqHr8OOMn+dl9X43IO3II3VVbslRnP8ACk3RDP6nayYN7qF+GCyn8IhKRZFvd5wWwzBpqHoWyMjPV9ELxH1MWVQbjMv9aWMcPGdroRQ9x+tY0KHLrBgE+X+99m1hPI8B+Zczd47T71T0/hym5JDQyiasafe2H9fkXuAHktG8bZXZr0Vvl4igB0f2lEpIFscwxx03rDqAMzfGJssdMNoYz48pEouwQ==",
        "ARC-Authentication-Results": "i=1; lists.ozlabs.org;\n dmarc=pass (p=none dis=none) header.from=gmail.com; dkim=pass (2048-bit key;\n unprotected) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256\n header.s=20251104 header.b=EQozyDCy; dkim-atps=neutral;\n spf=pass (client-ip=2607:f8b0:4864:20::433; helo=mail-pf1-x433.google.com;\n envelope-from=ritesh.list@gmail.com;\n receiver=lists.ozlabs.org) smtp.mailfrom=gmail.com",
        "DKIM-Signature": "v=1; a=rsa-sha256; c=relaxed/relaxed;\n        d=gmail.com; s=20251104; t=1775649726; x=1776254526;\n darn=lists.ozlabs.org;\n        h=content-transfer-encoding:mime-version:references:in-reply-to\n         :message-id:date:subject:cc:to:from:from:to:cc:subject:date\n         :message-id:reply-to;\n        bh=yT/imSl5xO1+XIbW+YZh2He2MwMtKgkLKK3cHIqMkqk=;\n        b=EQozyDCyliCiBpSLdbTuOx0H6V1Kn3ERbOGZ6MihToq6j3ce3HW8cdQiwKKz19yRKS\n         syZkfXf/INa1Pvus07tzPb/kK/AF7AeCe2614C4Qa/QtJlKTLOnqoyojASabuAqWF5KC\n         JaD4/TZFx5ezR1qtMLx1iHnxw61vctiYqizf1KM/yEh+u88odyM8ibByRlTs5R3qprU2\n         i/UVRiBCLUjpa80a1/EB2sRia6E3x7PsHiPBmOmPcIufohI5/IgAjD7MCn6CLxAxaYSX\n         wMq5vyK+baOMFbAQcKe9J2DlNLTCtNgrOVYOFS0eC6lNPq+Rc40lg9vmSprO4/1OS8VD\n         gSTw==",
        "X-Google-DKIM-Signature": "v=1; a=rsa-sha256; c=relaxed/relaxed;\n        d=1e100.net; s=20251104; t=1775649726; x=1776254526;\n        h=content-transfer-encoding:mime-version:references:in-reply-to\n         :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from\n         :to:cc:subject:date:message-id:reply-to;\n        bh=yT/imSl5xO1+XIbW+YZh2He2MwMtKgkLKK3cHIqMkqk=;\n        b=j9knSk0t4mrccVsaqHcthSzo5D1ZzNVScP2Qtksz6oh7R411mO7DQBp2gnnUq6afG0\n         +wt66PxBQRMzjIEBEyQbMz1PHhmgo2btGWtWFJ2o9zdh9n3WmNam/SUYwT6I4yH4SWCi\n         rDSgkgrwQLu9aOw+0GqTXawMH12VTLOqr8GGFwJZbb3pHMRUzq3JrFp/aVOLzhEoBuTN\n         D1Ae5u66RYNiLASAqLG7noas8S0A1MoZnaDiy21CHX4uAV50ykjwQrTC2WKCijgA6kEX\n         xDgudcaCZT00WqYW7xkQLnfuPUXf5kXpyINvTawFokXYUoCapcqakugTh4k2NVRPCWS7\n         irKw==",
        "X-Gm-Message-State": "AOJu0Yz7ZtPnbqPu20+6+7m85pBxh7X9rjVypO0p7fC+0wC/OtWVi+so\n\tDvkrnMykzpglBgmmmcWgDOUvehd4I/Bv62mpVQ+5IiMBIAJvidFl+u4e7SyL8A==",
        "X-Gm-Gg": "AeBDieslRGFWblCCCspPT98ZiQNEPYFjggFTUlFjBgbdcoiJq8lDdnWFuNo63ihcy0T\n\tjuecMrLXDbswhwyAujyHh8Ru6EWPCUt9FQKc8Y9rt6fQp8V044u58BmlQAAiM5V7WP8Ju/0H/5E\n\t7hY9dkwIxyiogxyljVQllh6qh110kADHrpvBSTHcOvk5q0a5sJ2pk416lkEkZT3djOb/bEQ4zIO\n\tdx5B8Tog9eED4jGnzMI8aPbzDqv3S2YBXg3wABsNb3sd3zEmR+SfNg80FEXgXz3cMwVdTsco/Q8\n\tvHFo5qU2tu/YEdBUELnk/ab1cngA/rNiEEBz/eMxMubzEA1L0z1fXkAnkjHChBF+uraD7lAjlZG\n\tjW03hyrmx++DrdvaZDgW3g+43L+96Rm0e4dEAGTaeh1sN6boPfxo+P4WV/R8UgllYRfu4YTbDj5\n\tYvJXP37vXziiHS+z695cPW/oIbFICnIO/KGhIsCuSUrbzo",
        "X-Received": "by 2002:a05:6a00:4613:b0:81e:e09d:2687 with SMTP id\n d2e1a72fcca58-82d0da27ab5mr20793609b3a.1.1775649725987;\n        Wed, 08 Apr 2026 05:02:05 -0700 (PDT)",
        "From": "\"Ritesh Harjani (IBM)\" <ritesh.list@gmail.com>",
        "To": "linuxppc-dev@lists.ozlabs.org,\n\tHaren Myneni <haren@linux.ibm.com>",
        "Cc": "Madhavan Srinivasan <maddy@linux.ibm.com>,\n\tChristophe Leroy <chleroy@kernel.org>,\n\tVenkat Rao Bagalkote <venkat88@linux.ibm.com>,\n\tNicholas Piggin <npiggin@gmail.com>,\n\tlinux-kernel@vger.kernel.org,\n\t\"Ritesh Harjani (IBM)\" <ritesh.list@gmail.com>",
        "Subject": "[RFC v2 03/10] pseries/papr-hvpipe: Fix null ptr deref in\n papr_hvpipe_dev_create_handle()",
        "Date": "Wed,  8 Apr 2026 17:31:33 +0530",
        "Message-ID": "\n <0843d293fa00a345f156977534e5cb666f1d8bcd.1775648406.git.ritesh.list@gmail.com>",
        "X-Mailer": "git-send-email 2.50.1",
        "In-Reply-To": "<cover.1775648406.git.ritesh.list@gmail.com>",
        "References": "<cover.1775648406.git.ritesh.list@gmail.com>",
        "X-Mailing-List": "linuxppc-dev@lists.ozlabs.org",
        "List-Id": "<linuxppc-dev.lists.ozlabs.org>",
        "List-Help": "<mailto:linuxppc-dev+help@lists.ozlabs.org>",
        "List-Owner": "<mailto:linuxppc-dev+owner@lists.ozlabs.org>",
        "List-Post": "<mailto:linuxppc-dev@lists.ozlabs.org>",
        "List-Archive": "<https://lore.kernel.org/linuxppc-dev/>,\n  <https://lists.ozlabs.org/pipermail/linuxppc-dev/>",
        "List-Subscribe": "<mailto:linuxppc-dev+subscribe@lists.ozlabs.org>,\n  <mailto:linuxppc-dev+subscribe-digest@lists.ozlabs.org>,\n  <mailto:linuxppc-dev+subscribe-nomail@lists.ozlabs.org>",
        "List-Unsubscribe": "<mailto:linuxppc-dev+unsubscribe@lists.ozlabs.org>",
        "Precedence": "list",
        "MIME-Version": "1.0",
        "Content-Transfer-Encoding": "8bit",
        "X-Spam-Status": "No, score=-0.2 required=3.0 tests=DKIM_SIGNED,DKIM_VALID,\n\tDKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM,RCVD_IN_DNSWL_NONE,\n\tSPF_HELO_NONE,SPF_PASS autolearn=disabled version=4.0.1 OzLabs 8",
        "X-Spam-Checker-Version": "SpamAssassin 4.0.1 (2024-03-25) on lists.ozlabs.org"
    },
    "content": "commit 6d3789d347a7 (\"papr-hvpipe: convert papr_hvpipe_dev_create_handle() to FD_PREPARE()\"),\nchanged the create handle to FD_PREPARE(), but it caused kernel\nnull-ptr-deref because after call to retain_and_null_ptr(src_info),\nsrc_info is re-used for adding it to the global list.\n\nGetting the following kernel panic in papr_hvpipe_dev_create_handle()\nwhen trying to add src_info to the list.\n Kernel attempted to write user page (0) - exploit attempt? (uid: 0)\n BUG: Kernel NULL pointer dereference on write at 0x00000000\n Faulting instruction address: 0xc0000000001b44a0\n Oops: Kernel access of bad area, sig: 11 [#1]\n ...\n Call Trace:\n papr_hvpipe_dev_ioctl+0x1f4/0x48c (unreliable)\n sys_ioctl+0x528/0x1064\n system_call_exception+0x128/0x360\n system_call_vectored_common+0x15c/0x2ec\n\nNow, the error handling with FD_PREPARE's file cleanup and __free(kfree) auto\ncleanup is getting too convoluted. This is mainly because we need to\nensure only 1 user get the srcID handle. To simplify this, we allocate\nprepare the src_info in the beginning and add it to the global list\nunder a spinlock after checking that no duplicates exist.\n\nThis simplify the error handling where if the FD_ADD fails, we can\nsimply remove the src_info from the list and consume any pending msg in\nhvpipe to be cleared, after src_info became visible in the global list.\n\nFixes: 6d3789d347a7 (\"papr-hvpipe: convert papr_hvpipe_dev_create_handle() to FD_PREPARE()\")\nReported-by: Haren Myneni <haren@linux.ibm.com>\nSigned-off-by: Ritesh Harjani (IBM) <ritesh.list@gmail.com>\n---\n arch/powerpc/platforms/pseries/papr-hvpipe.c | 57 ++++++++++----------\n 1 file changed, 30 insertions(+), 27 deletions(-)",
    "diff": "diff --git a/arch/powerpc/platforms/pseries/papr-hvpipe.c b/arch/powerpc/platforms/pseries/papr-hvpipe.c\nindex 3392874ebdf6..402781299497 100644\n--- a/arch/powerpc/platforms/pseries/papr-hvpipe.c\n+++ b/arch/powerpc/platforms/pseries/papr-hvpipe.c\n@@ -480,23 +480,10 @@ static const struct file_operations papr_hvpipe_handle_ops = {\n \n static int papr_hvpipe_dev_create_handle(u32 srcID)\n {\n-\tstruct hvpipe_source_info *src_info __free(kfree) = NULL;\n+\tstruct hvpipe_source_info *src_info;\n+\tint fd;\n \tunsigned long flags;\n \n-\tspin_lock_irqsave(&hvpipe_src_list_lock, flags);\n-\t/*\n-\t * Do not allow more than one process communicates with\n-\t * each source.\n-\t */\n-\tsrc_info = hvpipe_find_source(srcID);\n-\tif (src_info) {\n-\t\tspin_unlock_irqrestore(&hvpipe_src_list_lock, flags);\n-\t\tpr_err(\"pid(%d) is already using the source(%d)\\n\",\n-\t\t\t\tsrc_info->tsk->pid, srcID);\n-\t\treturn -EALREADY;\n-\t}\n-\tspin_unlock_irqrestore(&hvpipe_src_list_lock, flags);\n-\n \tsrc_info = kzalloc_obj(*src_info, GFP_KERNEL_ACCOUNT);\n \tif (!src_info)\n \t\treturn -ENOMEM;\n@@ -505,26 +492,42 @@ static int papr_hvpipe_dev_create_handle(u32 srcID)\n \tsrc_info->tsk = current;\n \tinit_waitqueue_head(&src_info->recv_wqh);\n \n-\tFD_PREPARE(fdf, O_RDONLY | O_CLOEXEC,\n-\t\t   anon_inode_getfile(\"[papr-hvpipe]\", &papr_hvpipe_handle_ops,\n-\t\t\t\t      (void *)src_info, O_RDWR));\n-\tif (fdf.err)\n-\t\treturn fdf.err;\n-\n-\tretain_and_null_ptr(src_info);\n-\tspin_lock_irqsave(&hvpipe_src_list_lock, flags);\n \t/*\n-\t * If two processes are executing ioctl() for the same\n-\t * source ID concurrently, prevent the second process to\n-\t * acquire FD.\n+\t * Do not allow more than one process communicates with\n+\t * each source.\n \t */\n+\tspin_lock_irqsave(&hvpipe_src_list_lock, flags);\n \tif (hvpipe_find_source(srcID)) {\n \t\tspin_unlock_irqrestore(&hvpipe_src_list_lock, flags);\n+\t\tpr_err(\"pid(%d) could not get the source(%d)\\n\",\n+\t\t\t\tsrc_info->tsk->pid, srcID);\n+\t\tkfree(src_info);\n \t\treturn -EALREADY;\n \t}\n \tlist_add(&src_info->list, &hvpipe_src_list);\n \tspin_unlock_irqrestore(&hvpipe_src_list_lock, flags);\n-\treturn fd_publish(fdf);\n+\n+\tfd = FD_ADD(O_RDONLY | O_CLOEXEC,\n+\t\t   anon_inode_getfile(\"[papr-hvpipe]\", &papr_hvpipe_handle_ops,\n+\t\t\t\t      (void *)src_info, O_RDWR));\n+\tif (fd < 0) {\n+\t\tspin_lock_irqsave(&hvpipe_src_list_lock, flags);\n+\t\tlist_del(&src_info->list);\n+\t\tspin_unlock_irqrestore(&hvpipe_src_list_lock, flags);\n+\t\t/*\n+\t\t * if we fail to add FD, that means no userspace program is\n+\t\t * polling. In that case if there is a msg pending because the\n+\t\t * interrupt was fired after the src_info was added to the\n+\t\t * global list, then let's consume it here, to unblock the\n+\t\t * hvpipe\n+\t\t */\n+\t\tif (src_info->hvpipe_status & HVPIPE_MSG_AVAILABLE)\n+\t\t\thvpipe_rtas_recv_msg(NULL, 0);\n+\t\tkfree(src_info);\n+\t\treturn fd;\n+\t}\n+\n+\treturn fd;\n }\n \n /*\n",
    "prefixes": [
        "RFC",
        "v2",
        "03/10"
    ]
}