diff options
| author |   Jiakai Xu <xujiakai2025@iscas.ac.cn> | 2026-04-15 07:52:16 +0000 |
|---|---|---|
| committer |   Anup Patel <anup@brainfault.org> | 2026-05-18 10:19:18 +0530 |
| commit | 653f17c742601004774e3f8fb79d387d5ae6103e (patch) | |
| tree | 34507ab58a366e875b9647c145693b013aa8f65a /include/linux/amba/ssh:/git@git.zx2c4.com | |
| parent | Linux 7.1-rc4 (diff) | |
RISC-V: KVM: Fix invalid HVA warning in steal-time recording
kvm_riscv_vcpu_record_steal_time() assumes that the steal-time shared
memory GPA (vcpu->arch.sta.shmem) is always backed by a valid guest
memory slot. However, this assumption is not guaranteed by the KVM
userspace ABI.
A malicious or buggy userspace can set the STA shared memory GPA via
KVM_SET_ONE_REG without establishing a corresponding memory region via
KVM_SET_USER_MEMORY_REGION. In such cases, the GPA cannot be translated
to a valid HVA and kvm_vcpu_gfn_to_hva() returns an error address.
The current implementation incorrectly treats this as a kernel warning
using WARN_ON(), which may escalate to a kernel panic when panic_on_warn
is enabled.
This is not a kernel bug condition but a normal invalid configuration
from userspace, and should be handled gracefully.
Fix it by removing WARN_ON() and treating invalid HVA as a normal
failure case, resetting the STA shared memory state.
Fixes: e9f12b5fff8ad0 ("RISC-V: KVM: Implement SBI STA extension")
Signed-off-by: Jiakai Xu <xujiakai2025@iscas.ac.cn>
Signed-off-by: Jiakai Xu <jiakaiPeanut@gmail.com>
Assisted-by: OpenClaw:DeepSeek-V3.2
Reviewed-by: Nutty Liu <nutty.liu@hotmail.com>
Reviewed-by: Andrew Jones <andrew.jones@oss.qualcomm.com>
Link: https://lore.kernel.org/r/20260415075216.2757427-1-xujiakai2025@iscas.ac.cn
Signed-off-by: Anup Patel <anup@brainfault.org>
Diffstat (limited to 'include/linux/amba/ssh:/git@git.zx2c4.com')
0 files changed, 0 insertions, 0 deletions