[GIT PULL] KVM/riscv fixes for 7.0 take #1

Anup Patel anup at brainfault.org
Fri Mar 6 08:06:16 PST 2026 

Hi Paolo,

We have quite a few fixes this time for the 7.0 kernel.
These fixes address potential use-after-free issues, null
pointer dereferences, speculative out-of-bound accesses,
and others.

Please pull.

Regards,
Anup

The following changes since commit 11439c4635edd669ae435eec308f4ab8a0804808:

  Linux 7.0-rc2 (2026-03-01 15:39:31 -0800)

are available in the Git repository at:

  https://github.com/kvm-riscv/linux.git tags/kvm-riscv-fixes-7.0-1

for you to fetch changes up to c61ec3e8cc5d46fa269434a9ec16ca36d362e0dd:

  RISC-V: KVM: Check host Ssaia extension when creating AIA irqchip
(2026-03-06 11:20:30 +0530)

----------------------------------------------------------------
KVM/riscv fixes for 7.0, take #1

- Prevent speculative out-of-bounds access using array_index_nospec()
  in APLIC interrupt handling, ONE_REG regiser access, AIA CSR access,
  float register access, and PMU counter access
- Fix potential use-after-free issues in kvm_riscv_gstage_get_leaf(),
  kvm_riscv_aia_aplic_has_attr(), and kvm_riscv_aia_imsic_has_attr()
- Fix potential null pointer dereference in kvm_riscv_vcpu_aia_rmw_topei()
- Fix off-by-one array access in SBI PMU
- Skip THP support check during dirty logging
- Fix error code returned for Smstateen and Ssaia ONE_REG interface
- Check host Ssaia extension when creating AIA irqchip

----------------------------------------------------------------
Anup Patel (3):
      RISC-V: KVM: Fix error code returned for Smstateen ONE_REG
      RISC-V: KVM: Fix error code returned for Ssaia ONE_REG
      RISC-V: KVM: Check host Ssaia extension when creating AIA irqchip

Jiakai Xu (4):
      RISC-V: KVM: Fix use-after-free in kvm_riscv_gstage_get_leaf()
      RISC-V: KVM: Fix null pointer dereference in
kvm_riscv_vcpu_aia_rmw_topei()
      RISC-V: KVM: Fix use-after-free in kvm_riscv_aia_aplic_has_attr()
      RISC-V: KVM: Fix potential UAF in kvm_riscv_aia_imsic_has_attr()

Lukas Gerlach (5):
      KVM: riscv: Fix Spectre-v1 in APLIC interrupt handling
      KVM: riscv: Fix Spectre-v1 in ONE_REG register access
      KVM: riscv: Fix Spectre-v1 in AIA CSR access
      KVM: riscv: Fix Spectre-v1 in floating-point register access
      KVM: riscv: Fix Spectre-v1 in PMU counter access

Radim Krčmář (1):
      RISC-V: KVM: fix off-by-one array access in SBI PMU

Wang Yechao (1):
      RISC-V: KVM: Skip THP support check during dirty logging

 arch/riscv/kvm/aia.c         | 15 ++++++++++--
 arch/riscv/kvm/aia_aplic.c   | 23 ++++++++++---------
 arch/riscv/kvm/aia_device.c  | 18 +++++++++++----
 arch/riscv/kvm/aia_imsic.c   |  4 ++++
 arch/riscv/kvm/mmu.c         |  6 ++++-
 arch/riscv/kvm/vcpu_fp.c     | 17 ++++++++++----
 arch/riscv/kvm/vcpu_onereg.c | 54 +++++++++++++++++++++++++++++---------------
 arch/riscv/kvm/vcpu_pmu.c    | 16 +++++++++----
 8 files changed, 109 insertions(+), 44 deletions(-)

More information about the linux-riscv mailing list