[GIT,PULL] KVM/riscv fixes for 7.0 take #1

Message ID	CAAhSdy2EuZu_KeZ1RaUEg3shtfSnSVo7eJWOA6-g4j9Hn2oY5A@mail.gmail.com
State	Accepted
Headers	show Return-Path: <kvm-riscv-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org> MIME-Version: 1.0 From: Anup Patel <anup@brainfault.org> Date: Fri, 6 Mar 2026 21:36:16 +0530 Message-ID: <CAAhSdy2EuZu_KeZ1RaUEg3shtfSnSVo7eJWOA6-g4j9Hn2oY5A@mail.gmail.com> Subject: [GIT PULL] KVM/riscv fixes for 7.0 take #1 To: Paolo Bonzini <pbonzini@redhat.com> Cc: Palmer Dabbelt <palmer@dabbelt.com>, Paul Walmsley <pjw@kernel.org>, Andrew Jones <andrew.jones@oss.qualcomm.com>, Atish Patra <atish.patra@linux.dev>, "open list:KERNEL VIRTUAL MACHINE FOR RISC-V (KVM/riscv)" <kvm-riscv@lists.infradead.org>, KVM General <kvm@vger.kernel.org>, linux-riscv <linux-riscv@lists.infradead.org> preview: Hi Paolo, We have quite a few fixes this time for the 7.0 kernel. These fixes address potential use-after-free issues, null pointer dereferences, speculative out-of-bound accesses, and others. Please pull. Content analysis details: (-1.9 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [2607:f8b0:4864:20:0:0:0:32b listed in] [list.dnswl.org] 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record 0.0 SPF_NONE SPF: sender does not publish an SPF Record 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid 0.0 ARC_VALID Message has a valid ARC signature -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature 0.0 ARC_SIGNED Message has a ARC signature -1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1% [score: 0.0000] Precedence: list Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 Sender: "kvm-riscv" <kvm-riscv-bounces@lists.infradead.org> Errors-To: kvm-riscv-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org
Series	[GIT,PULL] KVM/riscv fixes for 7.0 take #1 \| expand [GIT,PULL] KVM/riscv fixes for 7.0 take #1

Message ID

CAAhSdy2EuZu_KeZ1RaUEg3shtfSnSVo7eJWOA6-g4j9Hn2oY5A@mail.gmail.com

State

Accepted

Headers

MIME-Version: 1.0
From: Anup Patel <anup@brainfault.org>
Date: Fri, 6 Mar 2026 21:36:16 +0530
Message-ID: 
 <CAAhSdy2EuZu_KeZ1RaUEg3shtfSnSVo7eJWOA6-g4j9Hn2oY5A@mail.gmail.com>
Subject: [GIT PULL] KVM/riscv fixes for 7.0 take #1
To: Paolo Bonzini <pbonzini@redhat.com>
Cc: Palmer Dabbelt <palmer@dabbelt.com>, Paul Walmsley <pjw@kernel.org>,
	Andrew Jones <andrew.jones@oss.qualcomm.com>,
 Atish Patra <atish.patra@linux.dev>,
	"open list:KERNEL VIRTUAL MACHINE FOR RISC-V (KVM/riscv)"
 <kvm-riscv@lists.infradead.org>, KVM General <kvm@vger.kernel.org>,
	linux-riscv <linux-riscv@lists.infradead.org>
Precedence: list
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
Sender: "kvm-riscv" <kvm-riscv-bounces@lists.infradead.org>
Errors-To: kvm-riscv-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org

Series

[GIT,PULL] KVM/riscv fixes for 7.0 take #1 | expand

Message

Anup Patel March 6, 2026, 4:06 p.m. UTC

Hi Paolo,

We have quite a few fixes this time for the 7.0 kernel.
These fixes address potential use-after-free issues, null
pointer dereferences, speculative out-of-bound accesses,
and others.

Please pull.

Regards,
Anup

The following changes since commit 11439c4635edd669ae435eec308f4ab8a0804808:

  Linux 7.0-rc2 (2026-03-01 15:39:31 -0800)

are available in the Git repository at:

  https://github.com/kvm-riscv/linux.git tags/kvm-riscv-fixes-7.0-1

for you to fetch changes up to c61ec3e8cc5d46fa269434a9ec16ca36d362e0dd:

  RISC-V: KVM: Check host Ssaia extension when creating AIA irqchip
(2026-03-06 11:20:30 +0530)

----------------------------------------------------------------
KVM/riscv fixes for 7.0, take #1

- Prevent speculative out-of-bounds access using array_index_nospec()
  in APLIC interrupt handling, ONE_REG regiser access, AIA CSR access,
  float register access, and PMU counter access
- Fix potential use-after-free issues in kvm_riscv_gstage_get_leaf(),
  kvm_riscv_aia_aplic_has_attr(), and kvm_riscv_aia_imsic_has_attr()
- Fix potential null pointer dereference in kvm_riscv_vcpu_aia_rmw_topei()
- Fix off-by-one array access in SBI PMU
- Skip THP support check during dirty logging
- Fix error code returned for Smstateen and Ssaia ONE_REG interface
- Check host Ssaia extension when creating AIA irqchip

----------------------------------------------------------------
Anup Patel (3):
      RISC-V: KVM: Fix error code returned for Smstateen ONE_REG
      RISC-V: KVM: Fix error code returned for Ssaia ONE_REG
      RISC-V: KVM: Check host Ssaia extension when creating AIA irqchip

Jiakai Xu (4):
      RISC-V: KVM: Fix use-after-free in kvm_riscv_gstage_get_leaf()
      RISC-V: KVM: Fix null pointer dereference in
kvm_riscv_vcpu_aia_rmw_topei()
      RISC-V: KVM: Fix use-after-free in kvm_riscv_aia_aplic_has_attr()
      RISC-V: KVM: Fix potential UAF in kvm_riscv_aia_imsic_has_attr()

Lukas Gerlach (5):
      KVM: riscv: Fix Spectre-v1 in APLIC interrupt handling
      KVM: riscv: Fix Spectre-v1 in ONE_REG register access
      KVM: riscv: Fix Spectre-v1 in AIA CSR access
      KVM: riscv: Fix Spectre-v1 in floating-point register access
      KVM: riscv: Fix Spectre-v1 in PMU counter access

Radim Krčmář (1):
      RISC-V: KVM: fix off-by-one array access in SBI PMU

Wang Yechao (1):
      RISC-V: KVM: Skip THP support check during dirty logging

 arch/riscv/kvm/aia.c         | 15 ++++++++++--
 arch/riscv/kvm/aia_aplic.c   | 23 ++++++++++---------
 arch/riscv/kvm/aia_device.c  | 18 +++++++++++----
 arch/riscv/kvm/aia_imsic.c   |  4 ++++
 arch/riscv/kvm/mmu.c         |  6 ++++-
 arch/riscv/kvm/vcpu_fp.c     | 17 ++++++++++----
 arch/riscv/kvm/vcpu_onereg.c | 54 +++++++++++++++++++++++++++++---------------
 arch/riscv/kvm/vcpu_pmu.c    | 16 +++++++++----
 8 files changed, 109 insertions(+), 44 deletions(-)

[GIT,PULL] KVM/riscv fixes for 7.0 take #1

Pull-request

Message