git.ipfire.org Git - thirdparty/kernel/linux.git/commit

author	Jiakai Xu <xujiakai2025@iscas.ac.cn>
	Wed, 15 Apr 2026 07:52:16 +0000 (07:52 +0000)
committer	Anup Patel <anup@brainfault.org>
	Mon, 18 May 2026 04:49:18 +0000 (10:19 +0530)
commit	653f17c742601004774e3f8fb79d387d5ae6103e
tree	34507ab58a366e875b9647c145693b013aa8f65a	tree \| snapshot
parent	5200f5f493f79f14bbdc349e402a40dfb32f23c8	commit \| diff

RISC-V: KVM: Fix invalid HVA warning in steal-time recording

kvm_riscv_vcpu_record_steal_time() assumes that the steal-time shared
memory GPA (vcpu->arch.sta.shmem) is always backed by a valid guest
memory slot. However, this assumption is not guaranteed by the KVM
userspace ABI.

A malicious or buggy userspace can set the STA shared memory GPA via
KVM_SET_ONE_REG without establishing a corresponding memory region via
KVM_SET_USER_MEMORY_REGION. In such cases, the GPA cannot be translated
to a valid HVA and kvm_vcpu_gfn_to_hva() returns an error address.

The current implementation incorrectly treats this as a kernel warning
using WARN_ON(), which may escalate to a kernel panic when panic_on_warn
is enabled.

This is not a kernel bug condition but a normal invalid configuration
from userspace, and should be handled gracefully.

Fix it by removing WARN_ON() and treating invalid HVA as a normal
failure case, resetting the STA shared memory state.

Fixes: e9f12b5fff8ad0 ("RISC-V: KVM: Implement SBI STA extension")
Signed-off-by: Jiakai Xu <xujiakai2025@iscas.ac.cn>
Signed-off-by: Jiakai Xu <jiakaiPeanut@gmail.com>
Assisted-by: OpenClaw:DeepSeek-V3.2
Reviewed-by: Nutty Liu <nutty.liu@hotmail.com>
Reviewed-by: Andrew Jones <andrew.jones@oss.qualcomm.com>
Link: https://lore.kernel.org/r/20260415075216.2757427-1-xujiakai2025@iscas.ac.cn
Signed-off-by: Anup Patel <anup@brainfault.org>