arch/powerpc/platforms/pseries/papr-hvpipe.c | 181 ++++++++++--------- arch/powerpc/platforms/pseries/papr-hvpipe.h | 1 - 2 files changed, 97 insertions(+), 85 deletions(-)
While going over papr-hvpipe code, there were a few fixes which were identified. This patch series is an attempt to fix those along with some misc cleanups. Me and Haren are trying to get these patches verified on a real HW. The tests are not straight forward and we are waiting for the results. Will update on the test results once we hear back from the internal test team. v2->v3: ====== 1. Rearranged the patches in such a way that it is easier to backport the fixes if required. 2. Clubbed patch-8 and patch-10 (of v2) since they both were changing the same function. 3. Handled ret>=0 case in copy_to_user patch, when the user itself may request for 0 effective bytes (after the HDR_LEN). [v2]: https://lore.kernel.org/linuxppc-dev/cover.1775648406.git.ritesh.list@gmail.com/ v1->v2: ======== 1. Fix a possible deadlock due to use of spin_lock instead of spin_lock_irqsave. 2. Prevent kernel stack uninit memory leak to userspace 3. Fix the race condition in null-ptr-deref case where there may be an msg pending to be consumed from the hvpipe. 4. Fixed error handling in init routine in patch-10 [v1]: https://lore.kernel.org/linuxppc-dev/cover.1775569027.git.ritesh.list@gmail.com/#t Ritesh Harjani (IBM) (9): pseries/papr-hvpipe: Fix race with interrupt handler pseries/papr-hvpipe: Prevent kernel stack memory leak to userspace pseries/papr-hvpipe: Fix null ptr deref in papr_hvpipe_dev_create_handle() pseries/papr-hvpipe: Fix & simplify error handling in papr_hvpipe_init() pseries/papr-hvpipe: Fix the usage of copy_to_user() pseries/papr-hvpipe: Simplify spin unlock usage in papr_hvpipe_handle_release() pseries/papr-hvpipe: Kill task_struct pointer from struct hvpipe_source_info pseries/papr-hvpipe: Refactor and simplify hvpipe_rtas_recv_msg() pseries/papr-hvpipe: Fix style and checkpatch issues in enable_hvpipe_IRQ() arch/powerpc/platforms/pseries/papr-hvpipe.c | 181 ++++++++++--------- arch/powerpc/platforms/pseries/papr-hvpipe.h | 1 - 2 files changed, 97 insertions(+), 85 deletions(-) -- 2.39.5
On Fri, 2026-05-01 at 09:41 +0530, Ritesh Harjani (IBM) wrote: > While going over papr-hvpipe code, there were a few fixes which were identified. > This patch series is an attempt to fix those along with some misc cleanups. > Me and Haren are trying to get these patches verified on a real HW. The tests > are not straight forward and we are waiting for the results. > Will update on the test results once we hear back from the internal test team. > > v2->v3: > ====== > 1. Rearranged the patches in such a way that it is easier to backport the fixes > if required. > 2. Clubbed patch-8 and patch-10 (of v2) since they both were changing the same function. > 3. Handled ret>=0 case in copy_to_user patch, when the user itself may request > for 0 effective bytes (after the HDR_LEN). Since this is CCed to stable, it is currently being evaluated by RSCT. We can merge it once we receive an Acked-by from RSCT. Thanks, Aboorva > > [v2]: https://lore.kernel.org/linuxppc-dev/cover.1775648406.git.ritesh.list@gmail.com/ > > v1->v2: > ======== > 1. Fix a possible deadlock due to use of spin_lock instead of spin_lock_irqsave. > 2. Prevent kernel stack uninit memory leak to userspace > 3. Fix the race condition in null-ptr-deref case where there may be an > msg pending to be consumed from the hvpipe. > 4. Fixed error handling in init routine in patch-10 > > [v1]: https://lore.kernel.org/linuxppc-dev/cover.1775569027.git.ritesh.list@gmail.com/#t > > Ritesh Harjani (IBM) (9): > pseries/papr-hvpipe: Fix race with interrupt handler > pseries/papr-hvpipe: Prevent kernel stack memory leak to userspace > pseries/papr-hvpipe: Fix null ptr deref in papr_hvpipe_dev_create_handle() > pseries/papr-hvpipe: Fix & simplify error handling in papr_hvpipe_init() > pseries/papr-hvpipe: Fix the usage of copy_to_user() > pseries/papr-hvpipe: Simplify spin unlock usage in papr_hvpipe_handle_release() > pseries/papr-hvpipe: Kill task_struct pointer from struct hvpipe_source_info > pseries/papr-hvpipe: Refactor and simplify hvpipe_rtas_recv_msg() > pseries/papr-hvpipe: Fix style and checkpatch issues in enable_hvpipe_IRQ() > > arch/powerpc/platforms/pseries/papr-hvpipe.c | 181 ++++++++++--------- > arch/powerpc/platforms/pseries/papr-hvpipe.h | 1 - > 2 files changed, 97 insertions(+), 85 deletions(-) > > -- > 2.39.5
On Fri, 2026-05-08 at 13:16 +0530, Aboorva Devarajan wrote: > On Fri, 2026-05-01 at 09:41 +0530, Ritesh Harjani (IBM) wrote: > > While going over papr-hvpipe code, there were a few fixes which were identified. > > This patch series is an attempt to fix those along with some misc cleanups. > > Me and Haren are trying to get these patches verified on a real HW. The tests > > are not straight forward and we are waiting for the results. > > Will update on the test results once we hear back from the internal test team. > > > > v2->v3: > > ====== > > 1. Rearranged the patches in such a way that it is easier to backport the fixes > > if required. > > 2. Clubbed patch-8 and patch-10 (of v2) since they both were changing the same function. > > 3. Handled ret>=0 case in copy_to_user patch, when the user itself may request > > for 0 effective bytes (after the HDR_LEN). > > > Since this is CCed to stable, it is currently being evaluated by RSCT. > We can merge it once we receive an Acked-by from RSCT. > > An update from RSCT: with the patch, the earlier issues observed are now resolved, and the inband RMC connection is successfully established with the patched kernel. Thanks, Aboorva > > > > > [v2]: https://lore.kernel.org/linuxppc-dev/cover.1775648406.git.ritesh.list@gmail.com/ > > > > v1->v2: > > ======== > > 1. Fix a possible deadlock due to use of spin_lock instead of spin_lock_irqsave. > > 2. Prevent kernel stack uninit memory leak to userspace > > 3. Fix the race condition in null-ptr-deref case where there may be an > > msg pending to be consumed from the hvpipe. > > 4. Fixed error handling in init routine in patch-10 > > > > [v1]: https://lore.kernel.org/linuxppc-dev/cover.1775569027.git.ritesh.list@gmail.com/#t > > > > Ritesh Harjani (IBM) (9): > > pseries/papr-hvpipe: Fix race with interrupt handler > > pseries/papr-hvpipe: Prevent kernel stack memory leak to userspace > > pseries/papr-hvpipe: Fix null ptr deref in papr_hvpipe_dev_create_handle() > > pseries/papr-hvpipe: Fix & simplify error handling in papr_hvpipe_init() > > pseries/papr-hvpipe: Fix the usage of copy_to_user() > > pseries/papr-hvpipe: Simplify spin unlock usage in papr_hvpipe_handle_release() > > pseries/papr-hvpipe: Kill task_struct pointer from struct hvpipe_source_info > > pseries/papr-hvpipe: Refactor and simplify hvpipe_rtas_recv_msg() > > pseries/papr-hvpipe: Fix style and checkpatch issues in enable_hvpipe_IRQ() > > > > arch/powerpc/platforms/pseries/papr-hvpipe.c | 181 ++++++++++--------- > > arch/powerpc/platforms/pseries/papr-hvpipe.h | 1 - > > 2 files changed, 97 insertions(+), 85 deletions(-) > > > > -- > > 2.39.5
On Fri, 01 May 2026 09:41:39 +0530, Ritesh Harjani (IBM) wrote:
> While going over papr-hvpipe code, there were a few fixes which were identified.
> This patch series is an attempt to fix those along with some misc cleanups.
> Me and Haren are trying to get these patches verified on a real HW. The tests
> are not straight forward and we are waiting for the results.
> Will update on the test results once we hear back from the internal test team.
>
> v2->v3:
> ======
> 1. Rearranged the patches in such a way that it is easier to backport the fixes
> if required.
> 2. Clubbed patch-8 and patch-10 (of v2) since they both were changing the same function.
> 3. Handled ret>=0 case in copy_to_user patch, when the user itself may request
> for 0 effective bytes (after the HDR_LEN).
>
> [...]
Applied to powerpc/fixes.
[1/9] pseries/papr-hvpipe: Fix race with interrupt handler
https://git.kernel.org/powerpc/c/7a4f0846ee6cc8cf44ae0046ed42e3259d1dd45b
[2/9] pseries/papr-hvpipe: Prevent kernel stack memory leak to userspace
https://git.kernel.org/powerpc/c/cefeed44296261173a806bef988b26bc565da4be
[3/9] pseries/papr-hvpipe: Fix null ptr deref in papr_hvpipe_dev_create_handle()
https://git.kernel.org/powerpc/c/1b9f7aafa44f5ce852c00509104d10fd9eb0f402
[4/9] pseries/papr-hvpipe: Fix & simplify error handling in papr_hvpipe_init()
https://git.kernel.org/powerpc/c/713e468cdbc2277db6ce949c32c1acbd83501733
[5/9] pseries/papr-hvpipe: Fix the usage of copy_to_user()
https://git.kernel.org/powerpc/c/d48654bd8b1a75f662e224d257db54de475120dc
[6/9] pseries/papr-hvpipe: Simplify spin unlock usage in papr_hvpipe_handle_release()
https://git.kernel.org/powerpc/c/2eeac577480848801b35885b3a8201aa35f46236
[7/9] pseries/papr-hvpipe: Kill task_struct pointer from struct hvpipe_source_info
https://git.kernel.org/powerpc/c/4e2d83c80495a9327141e8636f25dde13155f14f
[8/9] pseries/papr-hvpipe: Refactor and simplify hvpipe_rtas_recv_msg()
https://git.kernel.org/powerpc/c/fe53d2ae82c06aa2d6402624af01e8f8ddfcd5b3
[9/9] pseries/papr-hvpipe: Fix style and checkpatch issues in enable_hvpipe_IRQ()
https://git.kernel.org/powerpc/c/629d1a901de57490d29a495273df11e64993ec04
cheers
© 2016 - 2026 Red Hat, Inc.