[PATCH v4] RISC-V: KVM: Fix null pointer dereference in kvm_riscv_aia_imsic_has_attr()
patchwork-bot+linux-riscv at kernel.org
patchwork-bot+linux-riscv at kernel.org
Thu Feb 19 20:10:59 PST 2026
Hello:
This patch was applied to riscv/linux.git (fixes)
by Anup Patel <anup at brainfault.org>:
On Sun, 25 Jan 2026 14:33:44 +0000 you wrote:
> Add a null pointer check for imsic_state before dereferencing it in
> kvm_riscv_aia_imsic_has_attr(). While the function checks that the
> vcpu exists, it doesn't verify that the vcpu's imsic_state has been
> initialized, leading to a null pointer dereference when accessed.
>
> This issue was discovered during fuzzing of RISC-V KVM code. The
> crash occurs when userspace calls KVM_HAS_DEVICE_ATTR ioctl on an
> AIA IMSIC device before the IMSIC state has been fully initialized
> for a vcpu.
>
> [...]
Here is the summary with links:
- [v4] RISC-V: KVM: Fix null pointer dereference in kvm_riscv_aia_imsic_has_attr()
https://git.kernel.org/riscv/c/11366ead4f14
You are awesome, thank you!
--
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html
More information about the linux-riscv
mailing list