[PW_SID:1100684] RISC-V: KVM: Fix NULL pointer dereference in AIA IMSIC functions by linux-riscv-bot · Pull Request #2014 · linux-riscv/linux

linux-riscv-bot · 2026-05-26T06:46:42Z

PR for series 1100684 applied to workflow__riscv__fixes

Name: RISC-V: KVM: Fix NULL pointer dereference in AIA IMSIC functions
URL: https://patchwork.kernel.org/project/linux-riscv/list/?series=1100684
Version: 1

Fuzzer reported a NULL pointer dereference in kvm_riscv_vcpu_aia_imsic_put() when a VCPU's imsic_state was NULL while kvm_riscv_aia_initialized() returned true. The global initialized flag is set per-VM in aia_init(), but imsic_state is allocated per-VCPU in kvm_riscv_vcpu_aia_imsic_init(). If a VCPU is created after aia_init() has already run, its imsic_state remains NULL while the global flag is true. When this VCPU is preempted, kvm_sched_out() calls kvm_arch_vcpu_put() -> kvm_riscv_vcpu_aia_put() -> kvm_riscv_vcpu_aia_imsic_put() which dereferences NULL. Add NULL pointer guards to kvm_riscv_vcpu_aia_imsic_put(), consistent with the NULL checks already present in all other functions in the same file. Also add a NULL guard to kvm_riscv_vcpu_aia_imsic_release() and kvm_riscv_vcpu_aia_imsic_has_interrupt() for the same reason. Fixes: 4cec89d ("RISC-V: KVM: Move HGEI[E|P] CSR access to IMSIC virtualization") Signed-off-by: Jiakai Xu <jiakaiPeanut@gmail.com> Signed-off-by: Jiakai Xu <xujiakai2025@iscas.ac.cn> Assisted-by: YuanSheng:DeepSeek-V3.2 Signed-off-by: Linux RISC-V bot <linux.riscv.bot@gmail.com>

linux-riscv-bot · 2026-05-26T06:52:33Z

Patch 1: "RISC-V: KVM: Fix NULL pointer dereference in AIA IMSIC functions"
build-rv32-defconfig
Desc: Builds riscv32 defconfig
Duration: 139.06 seconds
Result: PASS

linux-riscv-bot · 2026-05-26T07:09:59Z

Patch 1: "RISC-V: KVM: Fix NULL pointer dereference in AIA IMSIC functions"
build-rv64-clang-allmodconfig
Desc: Builds riscv64 allmodconfig with Clang, and checks for errors and added warnings
Duration: 1043.85 seconds
Result: PASS

linux-riscv-bot · 2026-05-26T07:34:00Z

Patch 1: "RISC-V: KVM: Fix NULL pointer dereference in AIA IMSIC functions"
build-rv64-gcc-allmodconfig
Desc: Builds riscv64 allmodconfig with GCC, and checks for errors and added warnings
Duration: 1439.72 seconds
Result: PASS

linux-riscv-bot · 2026-05-26T07:34:28Z

Patch 1: "RISC-V: KVM: Fix NULL pointer dereference in AIA IMSIC functions"
build-rv64-nommu-k210-defconfig
Desc: Builds riscv64 defconfig with NOMMU for K210
Duration: 25.90 seconds
Result: PASS

linux-riscv-bot · 2026-05-26T07:34:57Z

Patch 1: "RISC-V: KVM: Fix NULL pointer dereference in AIA IMSIC functions"
build-rv64-nommu-k210-virt
Desc: Builds riscv64 defconfig with NOMMU for the virt platform
Duration: 27.06 seconds
Result: PASS

linux-riscv-bot · 2026-05-26T07:34:59Z

Patch 1: "RISC-V: KVM: Fix NULL pointer dereference in AIA IMSIC functions"
checkpatch
Desc: Runs checkpatch.pl on the patch
Duration: 0.81 seconds
Result: PASS

linux-riscv-bot · 2026-05-26T07:36:27Z

Patch 1: "RISC-V: KVM: Fix NULL pointer dereference in AIA IMSIC functions"
dtb-warn-rv64
Desc: Checks for Device Tree warnings/errors
Duration: 86.21 seconds
Result: PASS

linux-riscv-bot · 2026-05-26T07:36:29Z

Patch 1: "RISC-V: KVM: Fix NULL pointer dereference in AIA IMSIC functions"
header-inline
Desc: Detects static functions without inline keyword in header files
Duration: 0.25 seconds
Result: PASS

linux-riscv-bot · 2026-05-26T07:36:32Z

Patch 1: "RISC-V: KVM: Fix NULL pointer dereference in AIA IMSIC functions"
kdoc
Desc: Detects for kdoc errors
Duration: 0.90 seconds
Result: PASS

linux-riscv-bot · 2026-05-26T07:36:34Z

Patch 1: "RISC-V: KVM: Fix NULL pointer dereference in AIA IMSIC functions"
module-param
Desc: Detect module_param changes
Duration: 0.26 seconds
Result: PASS

linux-riscv-bot · 2026-05-26T07:36:36Z

Patch 1: "RISC-V: KVM: Fix NULL pointer dereference in AIA IMSIC functions"
verify-fixes
Desc: Verifies that the Fixes: tags exist
Duration: 0.28 seconds
Result: PASS

linux-riscv-bot · 2026-05-26T07:36:38Z

Patch 1: "RISC-V: KVM: Fix NULL pointer dereference in AIA IMSIC functions"
verify-signedoff
Desc: Verifies that Signed-off-by: tags are correct
Duration: 0.31 seconds
Result: PASS

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[PW_SID:1100684] RISC-V: KVM: Fix NULL pointer dereference in AIA IMSIC functions#2014

[PW_SID:1100684] RISC-V: KVM: Fix NULL pointer dereference in AIA IMSIC functions#2014
linux-riscv-bot wants to merge 1 commit into
workflowriscvfixesfrom
pw1100684

linux-riscv-bot commented May 26, 2026

Uh oh!

linux-riscv-bot commented May 26, 2026

Uh oh!

linux-riscv-bot commented May 26, 2026

Uh oh!

linux-riscv-bot commented May 26, 2026

Uh oh!

linux-riscv-bot commented May 26, 2026

Uh oh!

linux-riscv-bot commented May 26, 2026

Uh oh!

linux-riscv-bot commented May 26, 2026

Uh oh!

linux-riscv-bot commented May 26, 2026

Uh oh!

linux-riscv-bot commented May 26, 2026

Uh oh!

linux-riscv-bot commented May 26, 2026

Uh oh!

linux-riscv-bot commented May 26, 2026

Uh oh!

linux-riscv-bot commented May 26, 2026

Uh oh!

linux-riscv-bot commented May 26, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

Conversation

linux-riscv-bot commented May 26, 2026

Uh oh!

linux-riscv-bot commented May 26, 2026

Uh oh!

linux-riscv-bot commented May 26, 2026

Uh oh!

linux-riscv-bot commented May 26, 2026

Uh oh!

linux-riscv-bot commented May 26, 2026

Uh oh!

linux-riscv-bot commented May 26, 2026

Uh oh!

linux-riscv-bot commented May 26, 2026

Uh oh!

linux-riscv-bot commented May 26, 2026

Uh oh!

linux-riscv-bot commented May 26, 2026

Uh oh!

linux-riscv-bot commented May 26, 2026

Uh oh!

linux-riscv-bot commented May 26, 2026

Uh oh!

linux-riscv-bot commented May 26, 2026

Uh oh!

linux-riscv-bot commented May 26, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants