[{"id":3676487,"web_url":"http://patchwork.ozlabs.org/comment/3676487/","msgid":"","list_archive_url":null,"date":"2026-04-13T06:35:03","subject":"Re: [PATCH] riscv: KVM: Fix memory leak in vector context allocation","submitter":{"id":33417,"url":"http://patchwork.ozlabs.org/api/people/33417/","name":"Anup Patel","email":"anup@brainfault.org"},"content":"On Mon, Apr 13, 2026 at 11:14 AM Michael Neuling wrote:\n>\n> When the second kzalloc() for host_context vector data fails,\n> the already-allocated guest_context vector data is not freed,\n> causing a memory leak. This is triggerable from userspace via:\n>\n> ioctl(vm_fd, KVM_CREATE_VCPU)\n> → kvm_vm_ioctl_create_vcpu()\n> → kvm_arch_vcpu_create()\n> → kvm_riscv_vcpu_alloc_vector_context()\n>\n> Note also that kvm_vm_ioctl_create_vcpu() does not call\n> kvm_arch_vcpu_destroy() on kvm_arch_vcpu_create() failure:\n>\n> kvm_arch_vcpu_create() ← fails, returns error\n> goto vcpu_free_run_page; ← line 4209\n>\n> ...\n> arch_vcpu_destroy: ← SKIPPED\n> kvm_arch_vcpu_destroy(vcpu); ← which would call free_vector_context\n> vcpu_free_run_page: ← lands HERE, below arch_vcpu_destroy\n> free_page(vcpu->run);\n> vcpu_free:\n> kmem_cache_free(vcpu);\n>\n> so kvm_riscv_vcpu_free_vector_context() is never called to\n> clean up the partial allocation.\n>\n> Fixes: 0f4b82579716 (\"RISC-V: KVM: Add vector lazy save/restore support\")\n> Assisted-By: Claude Opus 4.6 (1M context)\n> Signed-off-by: Michael Neuling \n\nA similar fix is already merged for Linux-7.1\n(Refer, https://lore.kernel.org/all/20260316151612.13305-1-osama.abdelkader@gmail.com/)\n\nRegards,\nAnup\n\n> ---\n> arch/riscv/kvm/vcpu_vector.c | 4 +++-\n> 1 file changed, 3 insertions(+), 1 deletion(-)\n>\n> diff --git a/arch/riscv/kvm/vcpu_vector.c b/arch/riscv/kvm/vcpu_vector.c\n> index 05f3cc2d8e..46fbf48f25 100644\n> --- a/arch/riscv/kvm/vcpu_vector.c\n> +++ b/arch/riscv/kvm/vcpu_vector.c\n> @@ -80,8 +80,10 @@ int kvm_riscv_vcpu_alloc_vector_context(struct kvm_vcpu *vcpu)\n> return -ENOMEM;\n>\n> vcpu->arch.host_context.vector.datap = kzalloc(riscv_v_vsize, GFP_KERNEL);\n> - if (!vcpu->arch.host_context.vector.datap)\n> + if (!vcpu->arch.host_context.vector.datap) {\n> + kfree(vcpu->arch.guest_context.vector.datap);\n> return -ENOMEM;\n> + }\n>\n> return 0;\n> }\n> --\n> 2.43.0\n>","headers":{"Return-Path":"\n ","X-Original-To":"incoming@patchwork.ozlabs.org","Delivered-To":"patchwork-incoming@legolas.ozlabs.org","Authentication-Results":["legolas.ozlabs.org;\n\tdkim=pass (2048-bit key;\n secure) header.d=lists.infradead.org header.i=@lists.infradead.org\n header.a=rsa-sha256 header.s=bombadil.20210309 header.b=i0a//F8T;\n\tdkim=fail reason=\"signature verification failed\" (2048-bit key;\n unprotected) header.d=brainfault-org.20251104.gappssmtp.com\n header.i=@brainfault-org.20251104.gappssmtp.com header.a=rsa-sha256\n header.s=20251104 header.b=BMaJSD0T;\n\tdkim-atps=neutral","legolas.ozlabs.org;\n spf=none (no SPF record) smtp.mailfrom=lists.infradead.org\n (client-ip=2607:7c80:54:3::133; helo=bombadil.infradead.org;\n envelope-from=kvm-riscv-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org;\n receiver=patchwork.ozlabs.org)"],"Received":["from bombadil.infradead.org (bombadil.infradead.org\n [IPv6:2607:7c80:54:3::133])\n\t(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n\t key-exchange x25519 server-signature ECDSA (secp384r1) server-digest SHA384)\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4fvHhn5z0Nz1xtJ\n\tfor ; Mon, 13 Apr 2026 16:35:21 +1000 (AEST)","from localhost ([::1] helo=bombadil.infradead.org)\n\tby bombadil.infradead.org with esmtp (Exim 4.98.2 #2 (Red Hat Linux))\n\tid 1wCAtE-0000000F580-0PL5;\n\tMon, 13 Apr 2026 06:35:20 +0000","from mail-oo1-xc32.google.com ([2607:f8b0:4864:20::c32])\n\tby bombadil.infradead.org with esmtps (Exim 4.98.2 #2 (Red Hat Linux))\n\tid 1wCAtA-0000000F57E-3Ns5\n\tfor kvm-riscv@lists.infradead.org;\n\tMon, 13 Apr 2026 06:35:18 +0000","by mail-oo1-xc32.google.com with SMTP id\n 006d021491bc7-68c048f9c9aso802279eaf.3\n for ;\n Sun, 12 Apr 2026 23:35:15 -0700 (PDT)"],"DKIM-Signature":["v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;\n\td=lists.infradead.org; s=bombadil.20210309; h=Sender:\n\tContent-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post:\n\tList-Archive:List-Unsubscribe:List-Id:Cc:To:Subject:Message-ID:Date:From:\n\tIn-Reply-To:References:MIME-Version:Reply-To:Content-ID:Content-Description:\n\tResent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:\n\tList-Owner; bh=yYB6E/JxbJ3p8EJSL+f7z42pgxjwQGka2z4knORwigo=; b=i0a//F8TX+0mih\n\t42umIQPNh7pqwkgSX+jx3NBiSgXB4ehplu4FMwoUT87tbH7MJya8h5CDITRcm+Z954KmlzRM1Un/P\n\tRP2aLtQqcvyoP1n8k0R5KJ+vgvS5+guL+3Q49Uhi8Issxs4ABDVL0NDARZ+RIRpr0dtWkWPCEoLzt\n\t0YhOK25B7LSU0vZ9j/dAif+579v8FWgUU9FK903e9805sqdma0hcwpaLJGZjBsR3HtjlPjdYWPy/2\n\tDoKpkBg4P1WvHrG2ef8qQdlLb5jzrtubA5rtw61aZXLMYejYkZ91jJpR8TAvVlnka0/W6R6HCPpJt\n\tUrdhBNJYp85LfUlbsmTQ==;","v=1; a=rsa-sha256; c=relaxed/relaxed;\n d=brainfault-org.20251104.gappssmtp.com; s=20251104; t=1776062115;\n x=1776666915; darn=lists.infradead.org;\n h=content-transfer-encoding:cc:to:subject:message-id:date:from\n :in-reply-to:references:mime-version:from:to:cc:subject:date\n :message-id:reply-to;\n bh=IhmEYjR6/quzdnxRuC7TxxzEx+eEg6dd48C0268iWf4=;\n b=BMaJSD0TrsA8ygTRbWRcM/5QwNme4Qr/sKVWETsZTf6FpAaSxXKlbUK4Z0HlpTlpI1\n gcHhdCECU8YOO6MuuZTHDsupktoXAirbgi5XBW47agyPRqBimcCwp7oXCKasbEE8iNsQ\n OtO04lZpPZFeBEkcul1nte0gstCpGz+jKYhxN2DxpbSYT/0Oh4H+BSt0YvTbO4tAM30w\n 1nc0cRlwJpWI6ikyRdFfrmuLhQCX3BvTQe35E2giLix427uh1aD2CtyvF1IYMYVRAoVI\n 5lKKIofkqOv5OH9hfctsd/zz+A7/ljkHaGYJhHxmyPGvNIFjojzjGVwosTkvzY65MNPs\n v1ug=="],"ARC-Seal":"i=1; a=rsa-sha256; t=1776062115; cv=none;\n d=google.com; s=arc-20240605;\n b=NHJP/7LsRjGNdAtR3dkpM+idi4+zs9O0HsKCtlcGiHxLlnl50WLwzE5iyZ1No+kQFM\n ej8/dZ3t9WnzBKdW92ph3mMxTbWQjmM3brA+ps3CoQ8Mo7XV+nnbVGaIj43DlBBjEDfv\n YeHmpn4J+0QyNrMFDFrxlE2xPoUKjIHkxIkTUxfqYZU3JdWSZwQJFL4jevOSqHp8Saq9\n pLahgLJn8DYiIzT4zqjBtkGjE76w14TxvI03ppguHHd9ffFwHHv4C/ywlv8gAouAQlX3\n tvcPF7tU339fRqfes7BVVX6N9ZR/J77WKdTzT6vYkMsKTRK3M1A14yAx4HiCZ42xoWRQ\n Vz1A==","ARC-Message-Signature":"i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;\n s=arc-20240605;\n h=content-transfer-encoding:cc:to:subject:message-id:date:from\n :in-reply-to:references:mime-version:dkim-signature;\n bh=IhmEYjR6/quzdnxRuC7TxxzEx+eEg6dd48C0268iWf4=;\n fh=5pJPkeZqxy9MQmmbrQ9WqYQkr7NBO+BkH9PnmCYhPFs=;\n b=lPX2ihL8C6H17d5/F3Sv6ShwZ492pX2PkSAYB2FovLVBKAQwvqioZd6PDF1GLn0v49\n UUw2QZmIBXR1wYouI4BJ7QotJYG29/8w+orVG/IXE/QkbuIcZQGAA1bDbVtjvx5rB8vg\n fQAY9LiWx+aiQhsCD1JUSEOhNPZzRe+/8LJpD+z4xKAse94emutdlpeb/tRYO5gkan4v\n 6Zm79+91hPX8I0yGISgEafoswgg+8TrnTZlPukl03rn+RrPPNFmu3gwL/AN0PnSiSPBB\n c5hI/9VYtQVJmeD0em1o1ej/f5inHFI26xBoTu7pg4JUgo2rR5MKQ/MS2eL+gJVI1Daq\n ueNw==;\n darn=lists.infradead.org","ARC-Authentication-Results":"i=1; mx.google.com; arc=none","X-Google-DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed;\n d=1e100.net; s=20251104; t=1776062115; x=1776666915;\n h=content-transfer-encoding:cc:to:subject:message-id:date:from\n :in-reply-to:references:mime-version:x-gm-gg:x-gm-message-state:from\n :to:cc:subject:date:message-id:reply-to;\n bh=IhmEYjR6/quzdnxRuC7TxxzEx+eEg6dd48C0268iWf4=;\n b=SkJEXBs0JDzjTqhXr1veftuWOfO3DH/rpSJyBWqbh2STVCzxuUlDetpD6FoBYN32Li\n 2DogdQ9ag3v6dqyy6/FTN/kT9kBqh/kdUbAqdpaeZlYCitlkeGoIQYTcIeKkharz9rn2\n WNkWJALiVM+S9ng9CXhNx7ObBqsOtcpOINjbEPrkMkthiLiI+rBqTIzGTPNSm4ZcUmAx\n pnKZP6Aif7emOdg/uJKx45u6copm/XmdQCBmtXJy5hS3TxoYzvYPuohwlEon8mnbcvhs\n lqrGjgjDQglvWpybJmb8pj2qGjR+NCEWvuby9Ce5Lt/API5oBaqT8KCu4ct6+wvGn/Ef\n PsDA==","X-Forwarded-Encrypted":"i=1;\n AJvYcCWhRPFdnLDcs/f+LGFhdgt5OqMJNAE2vOUwOrmqaYpzJCj1YNn4wZYkPamp9PPMuRJDx0w8LryeCBE=@lists.infradead.org","X-Gm-Message-State":"AOJu0Yw9YtDvK93j/aa/Oq96FE3q5P04vD9oZMnVpe1PfVSaslCORYq+\n\tPzmiuD0SEReITFC9sShu7XQwNMvznbvA18Thwj7AiI0DeSO7Dd5HxO1tA6KciHKnung+XIT+73+\n\ttUJp1WIlZEex28A5kKYLNHyIjqk08h+huGj7eNpD87w==","X-Gm-Gg":"AeBDiev0Q0aSwfmfwK5BKy4v5237VSqgdl0ZZXReY06BZAevvWKQelMiiVikTe7tLvG\n\tzyFVj6yZjH5ES/qTa9gX3spxbkE4flBc4rLrpIN7UXDzEqVIRnSY2rsmdU14CsfhNMaYBZShjbl\n\t8xVYakwB64JIVfqjmPbR5ybXkhVN6W2cCIhqS/8SAKeZB14INbJ0guQFOPNKkyIqAnG9Z6HBhHi\n\t9VADzUQC0lIFy+jthKX/hODCSWdbiRKyvam/fI7HHloK8BYj9SoqLsBTBPXww8o7woJq/sbZ2MI\n\trlAzVYoKGWo8bW7vsTJCjnk/HvollPYhYU81n79SJ2OZWMzt/Y+mKco0C41LL761T75Cd8Ay+Ib\n\tCgCo5nIGittXCLN57AxcNG7z9F7Sj+W/9dHua","X-Received":"by 2002:a05:6820:1843:b0:67e:aa1:8825 with SMTP id\n 006d021491bc7-68be7ee694fmr5678237eaf.35.1776062114774; Sun, 12 Apr 2026\n 23:35:14 -0700 (PDT)","MIME-Version":"1.0","References":"<20260413054439.1715082-1-mikey@neuling.org>","In-Reply-To":"<20260413054439.1715082-1-mikey@neuling.org>","From":"Anup Patel ","Date":"Mon, 13 Apr 2026 12:05:03 +0530","X-Gm-Features":"AQROBzCcl-LJ0nMVT4pylFo0k7IEEc2v2cILLcr4BVOVjWfJLHs-ruU1CPsIK8A","Message-ID":"\n ","Subject":"Re: [PATCH] riscv: KVM: Fix memory leak in vector context allocation","To":"Michael Neuling ","Cc":"atish.patra@linux.dev, pjw@kernel.org, palmer@dabbelt.com,\n\taou@eecs.berkeley.edu, alex@ghiti.fr, kvm@vger.kernel.org,\n\tvincent.chen@sifive.com, greentime.hu@sifive.com, andy.chiu@sifive.com,\n\tkvm-riscv@lists.infradead.org, linux-riscv@lists.infradead.org,\n\tlinux-kernel@vger.kernel.org","X-CRM114-Version":"20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 ","X-CRM114-CacheID":"sfid-20260412_233517_092578_6403A2CC ","X-CRM114-Status":"GOOD ( 18.86 )","X-Spam-Score":"-1.9 (-)","X-Spam-Report":"Spam detection software,\n running on the system \"bombadil.infradead.org\",\n has NOT identified this incoming email as spam. The original\n message has been attached to this so you can view it or label\n similar future email. If you have any questions, see\n the administrator of that system for details.\n Content preview: On Mon, Apr 13,\n 2026 at 11:14 AM Michael Neuling \n wrote: > > When the second kzalloc() for host_context vector data fails,\n > the already-allocated guest_context vector data is not f [...]\n Content analysis details: (-1.9 points, 5.0 required)\n pts rule name description\n ---- ----------------------\n --------------------------------------------------\n 0.0 SPF_NONE SPF: sender does not publish an SPF Record\n 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record\n 0.1 DKIM_SIGNED Message has a DKIM or DK signature,\n not necessarily valid\n -0.1 DKIM_VALID Message has at least one valid DKIM or DK\n signature\n -1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1%\n [score: 0.0000]\n -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no\n trust\n [2607:f8b0:4864:20:0:0:0:c32 listed in]\n [list.dnswl.org]","X-BeenThere":"kvm-riscv@lists.infradead.org","X-Mailman-Version":"2.1.34","Precedence":"list","List-Id":"","List-Unsubscribe":",\n ","List-Archive":"","List-Post":"","List-Help":"","List-Subscribe":",\n ","Content-Type":"text/plain; charset=\"utf-8\"","Content-Transfer-Encoding":"base64","Sender":"\"kvm-riscv\" ","Errors-To":"kvm-riscv-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org"}}]