{"id":2222586,"url":"http://patchwork.ozlabs.org/api/1.2/patches/2222586/?format=json","web_url":"http://patchwork.ozlabs.org/project/kvm-riscv/patch/20260413054439.1715082-1-mikey@neuling.org/","project":{"id":70,"url":"http://patchwork.ozlabs.org/api/1.2/projects/70/?format=json","name":"Linux KVM RISC-V","link_name":"kvm-riscv","list_id":"kvm-riscv.lists.infradead.org","list_email":"kvm-riscv@lists.infradead.org","web_url":"","scm_url":"","webscm_url":"","list_archive_url":"http://lists.infradead.org/pipermail/kvm-riscv/","list_archive_url_format":"","commit_url_format":""},"msgid":"<20260413054439.1715082-1-mikey@neuling.org>","list_archive_url":null,"date":"2026-04-13T05:44:39","name":"riscv: KVM: Fix memory leak in vector context allocation","commit_ref":null,"pull_url":null,"state":"new","archived":false,"hash":"614e196bfb62e27d5a0a21f2c99aed8efafad61f","submitter":{"id":109,"url":"http://patchwork.ozlabs.org/api/1.2/people/109/?format=json","name":"Michael Neuling","email":"mikey@neuling.org"},"delegate":null,"mbox":"http://patchwork.ozlabs.org/project/kvm-riscv/patch/20260413054439.1715082-1-mikey@neuling.org/mbox/","series":[{"id":499646,"url":"http://patchwork.ozlabs.org/api/1.2/series/499646/?format=json","web_url":"http://patchwork.ozlabs.org/project/kvm-riscv/list/?series=499646","date":"2026-04-13T05:44:39","name":"riscv: KVM: Fix memory leak in vector context allocation","version":1,"mbox":"http://patchwork.ozlabs.org/series/499646/mbox/"}],"comments":"http://patchwork.ozlabs.org/api/patches/2222586/comments/","check":"pending","checks":"http://patchwork.ozlabs.org/api/patches/2222586/checks/","tags":{},"related":[],"headers":{"Return-Path":"\n <kvm-riscv-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org>","X-Original-To":"incoming@patchwork.ozlabs.org","Delivered-To":"patchwork-incoming@legolas.ozlabs.org","Authentication-Results":["legolas.ozlabs.org;\n\tdkim=pass (2048-bit key;\n secure) header.d=lists.infradead.org header.i=@lists.infradead.org\n header.a=rsa-sha256 header.s=bombadil.20210309 header.b=NFdn2Wqn;\n\tdkim=fail reason=\"signature verification failed\" (2048-bit key;\n unprotected) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256\n header.s=20251104 header.b=V0dT8J3K;\n\tdkim-atps=neutral","legolas.ozlabs.org;\n spf=none (no SPF record) smtp.mailfrom=lists.infradead.org\n (client-ip=2607:7c80:54:3::133; helo=bombadil.infradead.org;\n envelope-from=kvm-riscv-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org;\n receiver=patchwork.ozlabs.org)"],"Received":["from bombadil.infradead.org (bombadil.infradead.org\n [IPv6:2607:7c80:54:3::133])\n\t(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n\t key-exchange x25519 server-signature ECDSA (secp384r1) server-digest SHA384)\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4fvGZW2sh1z1yDF\n\tfor <incoming@patchwork.ozlabs.org>; Mon, 13 Apr 2026 15:44:51 +1000 (AEST)","from localhost ([::1] helo=bombadil.infradead.org)\n\tby bombadil.infradead.org with esmtp (Exim 4.98.2 #2 (Red Hat Linux))\n\tid 1wCA6L-0000000F1rT-1y67;\n\tMon, 13 Apr 2026 05:44:49 +0000","from mail-oa1-x2e.google.com ([2001:4860:4864:20::2e])\n\tby bombadil.infradead.org with esmtps (Exim 4.98.2 #2 (Red Hat Linux))\n\tid 1wCA6H-0000000F1qj-3mrH\n\tfor kvm-riscv@lists.infradead.org;\n\tMon, 13 Apr 2026 05:44:47 +0000","by mail-oa1-x2e.google.com with SMTP id\n 586e51a60fabf-40ea36b56b7so3089620fac.3\n        for <kvm-riscv@lists.infradead.org>;\n Sun, 12 Apr 2026 22:44:45 -0700 (PDT)","from ird-aus2.tenstorrent.com ([38.104.49.66])\n        by smtp.gmail.com with ESMTPSA id\n 586e51a60fabf-423dcf9726fsm8520703fac.0.2026.04.12.22.44.42\n        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);\n        Sun, 12 Apr 2026 22:44:43 -0700 (PDT)"],"DKIM-Signature":["v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;\n\td=lists.infradead.org; s=bombadil.20210309; h=Sender:\n\tContent-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post:\n\tList-Archive:List-Unsubscribe:List-Id:MIME-Version:Message-ID:Date:Subject:Cc\n\t:To:From:Reply-To:Content-ID:Content-Description:Resent-Date:Resent-From:\n\tResent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:\n\tList-Owner; bh=ZQ3jXzeRPP3DbFV5MBmd0y2VvLpEXl/IZDI6YwTf3j0=; b=NFdn2WqnV6iMqD\n\tT6ooGd3OGVxAyPYF8b8FlP1qCtYpDFip35ignk4EfoEIOqFFHh0/AZe0qpIartpY+hUOQnHi8Xp/7\n\tN9Jxcwwfpie5bxd0lzvV2zT5dt65jBr9CCceJ6M///4JwHTbGF6JOAmQ5bhqM5GyqYLs88nperoEn\n\tg22btZ9ibrBmaqyS+NdrG0TaCgBdnrL9L7I2GBR+b/TDGh01cCZb+DCi5+h+x/yJ1NSkX9X98uZJt\n\tQNDA0mDy6B/K/DgIMuRsH3s95lmfmu6F/JFlR+CLJQP3ww/NebYaGxRxl7wIkrGTn4YYSxWTgF5E8\n\td78NGIXkg7H/ZYXiU9SA==;","v=1; a=rsa-sha256; c=relaxed/relaxed;\n        d=gmail.com; s=20251104; t=1776059084; x=1776663884;\n darn=lists.infradead.org;\n        h=content-transfer-encoding:mime-version:message-id:date:subject:cc\n         :to:from:sender:from:to:cc:subject:date:message-id:reply-to;\n        bh=5VXrjV443bibQOd/tYM5XouxdJe5ZhAegjzCEygNJdw=;\n        b=V0dT8J3KIwk3Q0BY1CVB3fWFLVHADGXyD/cZVnrzmXs/jElQuMLvcWDFru6l5dP4Sj\n         8M8OQQWSI4RLR80RDRNwpRABHubpZgVdr0r7+ljMWLtH57TrwYBbChg37rbDFlwtJaGa\n         iYT5eIak3balpkzblo+2z9/oSOOMA1dO7h1d3b3YwC4AV8UuI8J3/kS33XH2dAlx3/wK\n         rKsaQhRJOmqq00KMLaWKLCFm40S0LTBk6wUOmNZxO1l0+kOGJ6VlVvK5ez951FMQZO8V\n         hmj3xKLBbkLNzWVdSfQcWf1k+HZBVM2TT5V7UgT1t5sFsqAVSloZgpm5WBp7dBBPH/rJ\n         nE6g=="],"X-Google-DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed;\n        d=1e100.net; s=20251104; t=1776059084; x=1776663884;\n        h=content-transfer-encoding:mime-version:message-id:date:subject:cc\n         :to:from:sender:x-gm-gg:x-gm-message-state:from:to:cc:subject:date\n         :message-id:reply-to;\n        bh=5VXrjV443bibQOd/tYM5XouxdJe5ZhAegjzCEygNJdw=;\n        b=rsg8mINr3kR4eG72qas5KYiyTIlpXw4vnqQs+TKO3Nsw1s3lCqLi5KrHvYh7ecG3F8\n         VoDU1aDTaClkysZ4p3yu8xngSVqvPgGu5huBTkDzHdcWcWZ/QgUaavG76Zh0WWwbfOf9\n         JkKXA/yZERvfR+f93Bz+J/tFC88/FjmB6CIefsAzTJnTjKcptee92XBt0UrgRMKLLauF\n         92l/mjEqtScUi67Lh7DZvzieaJPIaD36IBdheXRAxTqs7BMoQkdWVfOIo36o2J1IH6yZ\n         B8PMBx5vwrKQAsjtgnXTLkxkxZISLz4BNwOOIUvPaD9bROZh35P63QzaDTlLsfp59wsZ\n         ugRA==","X-Forwarded-Encrypted":"i=1;\n AFNElJ+qfNiAhF9y/qCIHvyYIGK126s7M/tcIwv/R1UAaNhQRYkmSCZCClKwKlBioHQ69T6g97fpc5rjcDM=@lists.infradead.org","X-Gm-Message-State":"AOJu0Yy23GSL/r/ol0XnRMsEJvtQXB3NQWKa3dWFtcD1MS2YkzQTS514\n\tYfgiiPFK2aVSeVfhd1Di1xpvsy2ZsPAfX/RLJUWw8SSCUvO+uTZjfAy7","X-Gm-Gg":"AeBDieugvU4pzpjhWyXn6FQaM6YWCVGdNCWk9Kz4GUblHkITO+cOk2SyPR+rGjM2+j0\n\t0ZszdOP/qOc4Oq8LI1uyfbO67roTnoxh3oAmmhcm0BXamGZ/CDLaEQ+ef2+zZrfQeSQa4ZFhkwD\n\tqb34B2n/lb04k1YG5Zg24bMy1Dny2ubW/SbcOC/gp5MUeWmGOqlOtvLvWuGGPDJ7STMlT4kx028\n\trJp6Kk7RHwll1AUzEtWxyCKkMfmQbSHofvwuQmVte32q8fd2WNVu4G8ugQlTRa0hcOHAph62/jF\n\tryNW+0hHpJ4LATaKMQeQc72Y5rqhk3BUEdunPSa3VxQmPP4QLDkhnhSm90BtBlHIuW5snRV/Xht\n\tpzrshpiuvL24d6xofSACFcU4PR2LEUZinnL3B0dn0obLxPxfw6xmN5vFtUJa2WKTCkL8U1yqbVp\n\tBeKWIBdFRI57mGhUxwmWt8ext+HLFIPdQG1Af5rAjpyxvv","X-Received":"by 2002:a05:6871:8a5:b0:422:ba93:2150 with SMTP id\n 586e51a60fabf-423e0dcd14cmr6537796fac.4.1776059084209;\n        Sun, 12 Apr 2026 22:44:44 -0700 (PDT)","From":"Michael Neuling <mikey@neuling.org>","To":"anup@brainfault.org","Cc":"atish.patra@linux.dev,\n\tpjw@kernel.org,\n\tpalmer@dabbelt.com,\n\taou@eecs.berkeley.edu,\n\talex@ghiti.fr,\n\tkvm@vger.kernel.org,\n\tvincent.chen@sifive.com,\n\tgreentime.hu@sifive.com,\n\tandy.chiu@sifive.com,\n\tkvm-riscv@lists.infradead.org,\n\tlinux-riscv@lists.infradead.org,\n\tlinux-kernel@vger.kernel.org,\n\tMichael Neuling <mikey@neuling.org>","Subject":"[PATCH] riscv: KVM: Fix memory leak in vector context allocation","Date":"Mon, 13 Apr 2026 05:44:39 +0000","Message-ID":"<20260413054439.1715082-1-mikey@neuling.org>","X-Mailer":"git-send-email 2.43.0","MIME-Version":"1.0","X-CRM114-Version":"20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 ","X-CRM114-CacheID":"sfid-20260412_224445_950228_523C1895 ","X-CRM114-Status":"GOOD (  10.52  )","X-Spam-Score":"-1.8 (-)","X-Spam-Report":"=?unknown-8bit?q?Spam_detection_software=2C_running_on_the_sy?=\n\t=?unknown-8bit?q?stem_=22bombadil=2Einfradead=2Eorg=22=2C?=\n\t=?unknown-8bit?q?_has_NOT_identified_this_incoming_email_as_spam=2E__The_ori?=\n\t=?unknown-8bit?q?ginal?=\n\t=?unknown-8bit?q?_message_has_been_attached_to_this_so_you_can_view_it_or_la?=\n\t=?unknown-8bit?q?bel?=\n\t=?unknown-8bit?q?_similar_future_email=2E__If_you_have_any_questions=2C_see?=\n\t=?unknown-8bit?q?_the_administrator_of_that_system_for_details=2E?=\n\t=?unknown-8bit?q?_?=\n\t=?unknown-8bit?q?_Content_preview=3A__When_the_second_kzalloc=28=29_for_host?=\n\t=?unknown-8bit?q?=5Fcontext_vector_data_fails=2C?=\n\t=?unknown-8bit?q?_the_already-allocated_guest=5Fcontext_vector_data_is_not_f?=\n\t=?unknown-8bit?q?reed=2C_causing_a_memory?=\n\t=?unknown-8bit?q?_leak=2E_This_is_triggerable_from_userspace_via=3A_ioctl=28?=\n\t=?unknown-8bit?q?vm=5Ffd=2C_KVM=5FCREATE=5FVCPU=29?=\n\t=?unknown-8bit?b?IOKGkiBrdm1fdm1faW9jdGxfY3JlYXRlX3ZjcHUoKSDihpIga3ZtX2Fy?=\n\t=?unknown-8bit?b?Y2hfdmNwdV9jcmVhdGUoKSDihpIga3ZtX3Jpc2N2X3ZjcHVfYWxsb2Nf?=\n\t=?unknown-8bit?b?dmVjdG9yX2NvbnRleHQoKQ==?=\n\t=?unknown-8bit?q?_?=\n\t=?unknown-8bit?q?_?=\n\t=?unknown-8bit?q?_Content_analysis_details=3A___=28-1=2E8_points=2C_5=2E0_re?=\n\t=?unknown-8bit?q?quired=29?=\n\t=?unknown-8bit?q?_?=\n\t=?unknown-8bit?q?_pts_rule_name______________description?=\n\t=?unknown-8bit?q?_----_----------------------_------------------------------?=\n\t=?unknown-8bit?q?--------------------?=\n\t=?unknown-8bit?q?_-0=2E0_RCVD=5FIN=5FDNSWL=5FNONE_____RBL=3A_Sender_listed_a?=\n\t=?unknown-8bit?q?t_https=3A//www=2Ednswl=2Eorg/=2C_no?=\n\t=?unknown-8bit?q?_trust?=\n\t=?unknown-8bit?b?IFsyMDAxOjQ4NjA6NDg2NDoyMDowOjA6MDoyZSBsaXN0ZWQgaW5d?=\n\t=?unknown-8bit?b?IFtsaXN0LmRuc3dsLm9yZ10=?=\n\t=?unknown-8bit?q?_-0=2E0_SPF=5FPASS_______________SPF=3A_sender_matches_SPF_?=\n\t=?unknown-8bit?q?record?=\n\t=?unknown-8bit?q?_0=2E0_SPF=5FHELO=5FNONE__________SPF=3A_HELO_does_not_publ?=\n\t=?unknown-8bit?q?ish_an_SPF_Record?=\n\t=?unknown-8bit?q?_-0=2E1_DKIM=5FVALID=5FEF__________Message_has_a_valid_DKIM?=\n\t=?unknown-8bit?q?_or_DK_signature_from?=\n\t=?unknown-8bit?q?_envelope-from_domain?=\n\t=?unknown-8bit?q?_0=2E1_DKIM=5FSIGNED____________Message_has_a_DKIM_or_DK_si?=\n\t=?unknown-8bit?q?gnature=2C_not_necessarily_valid?=\n\t=?unknown-8bit?q?_-0=2E1_DKIM=5FVALID_____________Message_has_at_least_one_v?=\n\t=?unknown-8bit?q?alid_DKIM_or_DK_signature?=\n\t=?unknown-8bit?q?_-1=2E9_BAYES=5F00_______________BODY=3A_Bayes_spam_probabi?=\n\t=?unknown-8bit?q?lity_is_0_to_1=25?=\n\t=?unknown-8bit?q?_=5Bscore=3A_0=2E0000=5D?=\n\t=?unknown-8bit?q?_0=2E0_FREEMAIL=5FFROM__________Sender_email_is_commonly_ab?=\n\t=?unknown-8bit?q?used_enduser_mail_provider?=\n\t=?unknown-8bit?q?_=5Bmichael=2Eneuling=28at=29gmail=2Ecom=5D?=\n\t=?unknown-8bit?q?_0=2E2_HEADER=5FFROM=5FDIFFERENT=5FDOMAINS_From_and_Envelop?=\n\t=?unknown-8bit?q?eFrom_2nd_level_mail?=\n\t=?unknown-8bit?q?_domains_are_different?=\n\t=?unknown-8bit?q?_0=2E0_FREEMAIL=5FFORGED=5FFROMDOMAIN_2nd_level_domains_in_?=\n\t=?unknown-8bit?q?From_and_EnvelopeFrom?=\n\t=?unknown-8bit?q?_freemail_headers_are_different?=","X-BeenThere":"kvm-riscv@lists.infradead.org","X-Mailman-Version":"2.1.34","Precedence":"list","List-Id":"<kvm-riscv.lists.infradead.org>","List-Unsubscribe":"<http://lists.infradead.org/mailman/options/kvm-riscv>,\n <mailto:kvm-riscv-request@lists.infradead.org?subject=unsubscribe>","List-Archive":"<http://lists.infradead.org/pipermail/kvm-riscv/>","List-Post":"<mailto:kvm-riscv@lists.infradead.org>","List-Help":"<mailto:kvm-riscv-request@lists.infradead.org?subject=help>","List-Subscribe":"<http://lists.infradead.org/mailman/listinfo/kvm-riscv>,\n <mailto:kvm-riscv-request@lists.infradead.org?subject=subscribe>","Content-Type":"text/plain; charset=\"utf-8\"","Content-Transfer-Encoding":"base64","Sender":"\"kvm-riscv\" <kvm-riscv-bounces@lists.infradead.org>","Errors-To":"kvm-riscv-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org"},"content":"When the second kzalloc() for host_context vector data fails,\nthe already-allocated guest_context vector data is not freed,\ncausing a memory leak. This is triggerable from userspace via:\n\n  ioctl(vm_fd, KVM_CREATE_VCPU)\n    → kvm_vm_ioctl_create_vcpu()\n      → kvm_arch_vcpu_create()\n        → kvm_riscv_vcpu_alloc_vector_context()\n\nNote also that kvm_vm_ioctl_create_vcpu() does not call\nkvm_arch_vcpu_destroy() on kvm_arch_vcpu_create() failure:\n\n  kvm_arch_vcpu_create()           ← fails, returns error\n      goto vcpu_free_run_page;     ← line 4209\n\n  ...\n  arch_vcpu_destroy:               ← SKIPPED\n      kvm_arch_vcpu_destroy(vcpu); ← which would call free_vector_context\n  vcpu_free_run_page:              ← lands HERE, below arch_vcpu_destroy\n      free_page(vcpu->run);\n  vcpu_free:\n      kmem_cache_free(vcpu);\n\nso kvm_riscv_vcpu_free_vector_context() is never called to\nclean up the partial allocation.\n\nFixes: 0f4b82579716 (\"RISC-V: KVM: Add vector lazy save/restore support\")\nAssisted-By: Claude Opus 4.6 (1M context)\nSigned-off-by: Michael Neuling <mikey@neuling.org>\n---\n arch/riscv/kvm/vcpu_vector.c | 4 +++-\n 1 file changed, 3 insertions(+), 1 deletion(-)","diff":"diff --git a/arch/riscv/kvm/vcpu_vector.c b/arch/riscv/kvm/vcpu_vector.c\nindex 05f3cc2d8e..46fbf48f25 100644\n--- a/arch/riscv/kvm/vcpu_vector.c\n+++ b/arch/riscv/kvm/vcpu_vector.c\n@@ -80,8 +80,10 @@ int kvm_riscv_vcpu_alloc_vector_context(struct kvm_vcpu *vcpu)\n \t\treturn -ENOMEM;\n \n \tvcpu->arch.host_context.vector.datap = kzalloc(riscv_v_vsize, GFP_KERNEL);\n-\tif (!vcpu->arch.host_context.vector.datap)\n+\tif (!vcpu->arch.host_context.vector.datap) {\n+\t\tkfree(vcpu->arch.guest_context.vector.datap);\n \t\treturn -ENOMEM;\n+\t}\n \n \treturn 0;\n }\n","prefixes":[]}