[PATCH] RISC-V: KVM: Fix NULL pointer dereference in AIA IMSIC functions
patchwork-bot+linux-riscv at kernel.org
patchwork-bot+linux-riscv at kernel.org
Fri Jun 26 01:21:37 PDT 2026
Hello:
This patch was applied to riscv/linux.git (fixes)
by Anup Patel <anup at brainfault.org>:
On Tue, 26 May 2026 03:15:17 +0000 you wrote:
> Fuzzer reported a NULL pointer dereference in
> kvm_riscv_vcpu_aia_imsic_put() when a VCPU's imsic_state was NULL while
> kvm_riscv_aia_initialized() returned true.
>
> The global initialized flag is set per-VM in aia_init(), but imsic_state
> is allocated per-VCPU in kvm_riscv_vcpu_aia_imsic_init(). If a VCPU is
> created after aia_init() has already run, its imsic_state remains NULL
> while the global flag is true. When this VCPU is preempted, kvm_sched_out()
> calls kvm_arch_vcpu_put() -> kvm_riscv_vcpu_aia_put() ->
> kvm_riscv_vcpu_aia_imsic_put() which dereferences NULL.
>
> [...]
Here is the summary with links:
- RISC-V: KVM: Fix NULL pointer dereference in AIA IMSIC functions
https://git.kernel.org/riscv/c/76ae7c7ee004
You are awesome, thank you!
--
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html
More information about the kvm-riscv
mailing list