[PATCH 0/5] riscv: Assorted bug fixes

Michael Neuling mikey at neuling.org
Thu Apr 9 02:11:38 PDT 2026 

This series contains five independent bug fixes across the RISC-V
architecture code, found with the help of Claude AI (claude-4.6-opus):

  1. riscv: errata: Fix bitwise vs logical AND in MIPS errata patching
     - Logical AND (&&) was used instead of bitwise AND (&) when checking
       errata flags, causing all errata patches to be applied when any
       single one was detected.

  2. riscv: ptrace: Fix register corruption in compat_riscv_gpr_set on error
     - On copyin failure, uninitialized stack data was written into the
       target task's pt_regs, corrupting registers and potentially
       leaking kernel stack contents.

  3. riscv: mm: Fix NULL pointer dereference in __set_memory
     - find_vm_area() can return NULL but was dereferenced without a check.

  4. riscv: mm: Fix NULL dereferences in napot hugetlb functions
     - huge_pte_offset() can return NULL in the napot path but was used
       without NULL checks in huge_ptep_set_access_flags() and
       huge_ptep_set_wrprotect().

  5. riscv: mm: Fix TOCTOU race in remove_pte_mapping
     - The PTE was read twice (once via ptep_get, once via *ptep),
       creating a race window where another CPU could modify the PTE
       between reads.

All patches are small and self-contained. These bugs were identified
through AI-assisted code review using Claude, which also assisted in
writing the fixes. Each patch has been manually reviewed for correctness.

Michael Neuling (5):
  riscv: errata: Fix bitwise vs logical AND in MIPS errata patching
  riscv: ptrace: Fix register corruption in compat_riscv_gpr_set on
    error
  riscv: mm: Fix NULL pointer dereference in __set_memory
  riscv: mm: Fix NULL dereferences in napot hugetlb functions
  riscv: mm: Fix TOCTOU race in remove_pte_mapping

 arch/riscv/errata/mips/errata.c | 2 +-
 arch/riscv/kernel/ptrace.c      | 4 ++--
 arch/riscv/mm/hugetlbpage.c     | 4 ++++
 arch/riscv/mm/init.c            | 2 +-
 arch/riscv/mm/pageattr.c        | 4 ++++
 5 files changed, 12 insertions(+), 4 deletions(-)

-- 
2.43.0

More information about the linux-riscv mailing list