[PW_SID:1060662] KVM: riscv: Fix Spectre-v1 vulnerabilities in register access by linux-riscv-bot · Pull Request #1542 · linux-riscv/linux

linux-riscv-bot · 2026-03-03T14:46:14Z

PR for series 1060662 applied to workflow__riscv__fixes

Name: KVM: riscv: Fix Spectre-v1 vulnerabilities in register access
URL: https://patchwork.kernel.org/project/linux-riscv/list/?series=1060662
Version: 2

User-controlled register indices from the ONE_REG ioctl are used to index into arrays of register values. Sanitize them with array_index_nospec() to prevent speculative out-of-bounds access. Reviewed-by: Radim Krčmář <radim.krcmar@oss.qualcomm.com> Signed-off-by: Lukas Gerlach <lukas.gerlach@cispa.de> Signed-off-by: Linux RISC-V bot <linux.riscv.bot@gmail.com>

User-controlled indices are used to access AIA CSR registers. Sanitize them with array_index_nospec() to prevent speculative out-of-bounds access. Similar to x86 commit 8c86405 ("KVM: x86: Protect ioapic_read_indirect() from Spectre-v1/L1TF attacks") and arm64 commit 41b8759 ("KVM: arm/arm64: vgic: fix possible spectre-v1 in vgic_get_irq()"). Reviewed-by: Radim Krčmář <radim.krcmar@oss.qualcomm.com> Signed-off-by: Lukas Gerlach <lukas.gerlach@cispa.de> Signed-off-by: Linux RISC-V bot <linux.riscv.bot@gmail.com>

User-controlled indices are used to index into floating-point registers. Sanitize them with array_index_nospec() to prevent speculative out-of-bounds access. Reviewed-by: Radim Krčmář <radim.krcmar@oss.qualcomm.com> Signed-off-by: Lukas Gerlach <lukas.gerlach@cispa.de> Signed-off-by: Linux RISC-V bot <linux.riscv.bot@gmail.com>

Guest-controlled counter indices received via SBI ecalls are used to index into the PMC array. Sanitize them with array_index_nospec() to prevent speculative out-of-bounds access. Similar to x86 commit 13c5183 ("KVM: x86: Protect MSR-based index computations in pmu.h from Spectre-v1/L1TF attacks"). Fixes: 8f0153e ("RISC-V: KVM: Add skeleton support for perf") Reviewed-by: Radim Krčmář <radim.krcmar@oss.qualcomm.com> Signed-off-by: Lukas Gerlach <lukas.gerlach@cispa.de> Signed-off-by: Linux RISC-V bot <linux.riscv.bot@gmail.com>

linux-riscv-bot · 2026-03-03T14:52:30Z

Patch 1: "[v2,1/4] KVM: riscv: Fix Spectre-v1 in ONE_REG register access"
build-rv32-defconfig
Desc: Builds riscv32 defconfig
Duration: 137.96 seconds
Result: PASS

linux-riscv-bot · 2026-03-03T15:09:37Z

Patch 1: "[v2,1/4] KVM: riscv: Fix Spectre-v1 in ONE_REG register access"
build-rv64-clang-allmodconfig
Desc: Builds riscv64 allmodconfig with Clang, and checks for errors and added warnings
Duration: 1025.23 seconds
Result: PASS

linux-riscv-bot · 2026-03-03T15:32:47Z

Patch 1: "[v2,1/4] KVM: riscv: Fix Spectre-v1 in ONE_REG register access"
build-rv64-gcc-allmodconfig
Desc: Builds riscv64 allmodconfig with GCC, and checks for errors and added warnings
Duration: 1386.71 seconds
Result: PASS

linux-riscv-bot · 2026-03-03T15:33:15Z

Patch 1: "[v2,1/4] KVM: riscv: Fix Spectre-v1 in ONE_REG register access"
build-rv64-nommu-k210-defconfig
Desc: Builds riscv64 defconfig with NOMMU for K210
Duration: 26.11 seconds
Result: PASS

linux-riscv-bot · 2026-03-03T15:33:44Z

Patch 1: "[v2,1/4] KVM: riscv: Fix Spectre-v1 in ONE_REG register access"
build-rv64-nommu-k210-virt
Desc: Builds riscv64 defconfig with NOMMU for the virt platform
Duration: 27.36 seconds
Result: PASS

linux-riscv-bot · 2026-03-03T15:33:46Z

Patch 1: "[v2,1/4] KVM: riscv: Fix Spectre-v1 in ONE_REG register access"
checkpatch
Desc: Runs checkpatch.pl on the patch
Duration: 0.77 seconds
Result: PASS

linux-riscv-bot · 2026-03-03T15:35:10Z

Patch 1: "[v2,1/4] KVM: riscv: Fix Spectre-v1 in ONE_REG register access"
dtb-warn-rv64
Desc: Checks for Device Tree warnings/errors
Duration: 82.45 seconds
Result: PASS

linux-riscv-bot · 2026-03-03T15:35:13Z

Patch 1: "[v2,1/4] KVM: riscv: Fix Spectre-v1 in ONE_REG register access"
header-inline
Desc: Detects static functions without inline keyword in header files
Duration: 0.23 seconds
Result: PASS

linux-riscv-bot · 2026-03-03T15:35:15Z

Patch 1: "[v2,1/4] KVM: riscv: Fix Spectre-v1 in ONE_REG register access"
kdoc
Desc: Detects for kdoc errors
Duration: 0.87 seconds
Result: PASS

linux-riscv-bot · 2026-03-03T15:35:17Z

Patch 1: "[v2,1/4] KVM: riscv: Fix Spectre-v1 in ONE_REG register access"
module-param
Desc: Detect module_param changes
Duration: 0.25 seconds
Result: PASS

linux-riscv-bot · 2026-03-03T15:35:19Z

Patch 1: "[v2,1/4] KVM: riscv: Fix Spectre-v1 in ONE_REG register access"
verify-fixes
Desc: Verifies that the Fixes: tags exist
Duration: 0.23 seconds
Result: PASS

linux-riscv-bot · 2026-03-03T15:35:21Z

Patch 1: "[v2,1/4] KVM: riscv: Fix Spectre-v1 in ONE_REG register access"
verify-signedoff
Desc: Verifies that Signed-off-by: tags are correct
Duration: 0.30 seconds
Result: PASS

linux-riscv-bot · 2026-03-03T15:37:52Z

Patch 2: "[v2,2/4] KVM: riscv: Fix Spectre-v1 in AIA CSR access"
build-rv32-defconfig
Desc: Builds riscv32 defconfig
Duration: 136.46 seconds
Result: PASS

linux-riscv-bot · 2026-03-03T15:54:56Z

Patch 2: "[v2,2/4] KVM: riscv: Fix Spectre-v1 in AIA CSR access"
build-rv64-clang-allmodconfig
Desc: Builds riscv64 allmodconfig with Clang, and checks for errors and added warnings
Duration: 1022.47 seconds
Result: PASS

linux-riscv-bot · 2026-03-03T16:18:05Z

Patch 2: "[v2,2/4] KVM: riscv: Fix Spectre-v1 in AIA CSR access"
build-rv64-gcc-allmodconfig
Desc: Builds riscv64 allmodconfig with GCC, and checks for errors and added warnings
Duration: 1388.17 seconds
Result: PASS

linux-riscv-bot · 2026-03-03T16:18:34Z

Patch 2: "[v2,2/4] KVM: riscv: Fix Spectre-v1 in AIA CSR access"
build-rv64-nommu-k210-defconfig
Desc: Builds riscv64 defconfig with NOMMU for K210
Duration: 26.55 seconds
Result: PASS

linux-riscv-bot · 2026-03-03T16:19:03Z

Patch 2: "[v2,2/4] KVM: riscv: Fix Spectre-v1 in AIA CSR access"
build-rv64-nommu-k210-virt
Desc: Builds riscv64 defconfig with NOMMU for the virt platform
Duration: 27.92 seconds
Result: PASS

linux-riscv-bot · 2026-03-03T16:19:06Z

Patch 2: "[v2,2/4] KVM: riscv: Fix Spectre-v1 in AIA CSR access"
checkpatch
Desc: Runs checkpatch.pl on the patch
Duration: 1.01 seconds
Result: PASS

linux-riscv-bot · 2026-03-03T16:20:30Z

Patch 2: "[v2,2/4] KVM: riscv: Fix Spectre-v1 in AIA CSR access"
dtb-warn-rv64
Desc: Checks for Device Tree warnings/errors
Duration: 81.98 seconds
Result: PASS

linux-riscv-bot · 2026-03-03T16:20:32Z

Patch 2: "[v2,2/4] KVM: riscv: Fix Spectre-v1 in AIA CSR access"
header-inline
Desc: Detects static functions without inline keyword in header files
Duration: 0.23 seconds
Result: PASS

linux-riscv-bot · 2026-03-03T16:20:35Z

Patch 2: "[v2,2/4] KVM: riscv: Fix Spectre-v1 in AIA CSR access"
kdoc
Desc: Detects for kdoc errors
Duration: 0.88 seconds
Result: PASS

linux-riscv-bot · 2026-03-03T16:20:37Z

Patch 2: "[v2,2/4] KVM: riscv: Fix Spectre-v1 in AIA CSR access"
module-param
Desc: Detect module_param changes
Duration: 0.25 seconds
Result: PASS

linux-riscv-bot · 2026-03-03T16:20:39Z

Patch 2: "[v2,2/4] KVM: riscv: Fix Spectre-v1 in AIA CSR access"
verify-fixes
Desc: Verifies that the Fixes: tags exist
Duration: 0.22 seconds
Result: PASS

linux-riscv-bot · 2026-03-03T16:20:40Z

Patch 2: "[v2,2/4] KVM: riscv: Fix Spectre-v1 in AIA CSR access"
verify-signedoff
Desc: Verifies that Signed-off-by: tags are correct
Duration: 0.30 seconds
Result: PASS

linux-riscv-bot · 2026-03-03T16:23:13Z

Patch 3: "[v2,3/4] KVM: riscv: Fix Spectre-v1 in floating-point register access"
build-rv32-defconfig
Desc: Builds riscv32 defconfig
Duration: 138.04 seconds
Result: PASS

linux-riscv-bot · 2026-03-03T16:40:21Z

Patch 3: "[v2,3/4] KVM: riscv: Fix Spectre-v1 in floating-point register access"
build-rv64-clang-allmodconfig
Desc: Builds riscv64 allmodconfig with Clang, and checks for errors and added warnings
Duration: 1026.00 seconds
Result: PASS

linux-riscv-bot · 2026-03-03T17:03:33Z

Patch 3: "[v2,3/4] KVM: riscv: Fix Spectre-v1 in floating-point register access"
build-rv64-gcc-allmodconfig
Desc: Builds riscv64 allmodconfig with GCC, and checks for errors and added warnings
Duration: 1390.62 seconds
Result: PASS

linux-riscv-bot · 2026-03-03T17:04:02Z

Patch 3: "[v2,3/4] KVM: riscv: Fix Spectre-v1 in floating-point register access"
build-rv64-nommu-k210-defconfig
Desc: Builds riscv64 defconfig with NOMMU for K210
Duration: 27.01 seconds
Result: PASS

linux-riscv-bot · 2026-03-03T17:04:31Z

Patch 3: "[v2,3/4] KVM: riscv: Fix Spectre-v1 in floating-point register access"
build-rv64-nommu-k210-virt
Desc: Builds riscv64 defconfig with NOMMU for the virt platform
Duration: 28.00 seconds
Result: PASS

linux-riscv-bot · 2026-03-03T17:04:35Z

Patch 3: "[v2,3/4] KVM: riscv: Fix Spectre-v1 in floating-point register access"
checkpatch
Desc: Runs checkpatch.pl on the patch
Duration: 1.77 seconds
Result: WARNING
Output:

CHECK: Alignment should match open parenthesis
#39: FILE: arch/riscv/kvm/vcpu_fp.c:99:
+			reg_num = array_index_nospec(reg_num,
+					ARRAY_SIZE(cntx->fp.f.f));

CHECK: Unbalanced braces around else statement
#42: FILE: arch/riscv/kvm/vcpu_fp.c:101:
+		} else

CHECK: Alignment should match open parenthesis
#51: FILE: arch/riscv/kvm/vcpu_fp.c:114:
+			reg_num = array_index_nospec(reg_num,
+					ARRAY_SIZE(cntx->fp.d.f));

CHECK: Alignment should match open parenthesis
#62: FILE: arch/riscv/kvm/vcpu_fp.c:148:
+			reg_num = array_index_nospec(reg_num,
+					ARRAY_SIZE(cntx->fp.f.f));

CHECK: Unbalanced braces around else statement
#65: FILE: arch/riscv/kvm/vcpu_fp.c:150:
+		} else

CHECK: Alignment should match open parenthesis
#74: FILE: arch/riscv/kvm/vcpu_fp.c:163:
+			reg_num = array_index_nospec(reg_num,
+					ARRAY_SIZE(cntx->fp.d.f));

total: 0 errors, 0 warnings, 6 checks, 49 lines checked

NOTE: For some of the reported defects, checkpatch may be able to
      mechanically convert to the typical style using --fix or --fix-inplace.

Commit 05c5fc96acbe ("KVM: riscv: Fix Spectre-v1 in floating-point register access") has style problems, please review.

NOTE: Ignored message types: ALLOC_SIZEOF_STRUCT CAMELCASE COMMIT_LOG_LONG_LINE GIT_COMMIT_ID MACRO_ARG_REUSE NO_AUTHOR_SIGN_OFF

NOTE: If any of the errors are false positives, please report
      them to the maintainer, see CHECKPATCH in MAINTAINERS.
total: 0 errors, 0 warnings, 6 checks, 49 lines checked
CHECK: Alignment should match open parenthesis
CHECK: Unbalanced braces around else statement

linux-riscv-bot · 2026-03-03T17:06:00Z

Patch 3: "[v2,3/4] KVM: riscv: Fix Spectre-v1 in floating-point register access"
dtb-warn-rv64
Desc: Checks for Device Tree warnings/errors
Duration: 83.47 seconds
Result: PASS

linux-riscv-bot · 2026-03-03T17:06:02Z

Patch 3: "[v2,3/4] KVM: riscv: Fix Spectre-v1 in floating-point register access"
header-inline
Desc: Detects static functions without inline keyword in header files
Duration: 0.29 seconds
Result: PASS

linux-riscv-bot · 2026-03-03T17:06:04Z

Patch 3: "[v2,3/4] KVM: riscv: Fix Spectre-v1 in floating-point register access"
kdoc
Desc: Detects for kdoc errors
Duration: 0.85 seconds
Result: PASS

linux-riscv-bot · 2026-03-03T17:06:06Z

Patch 3: "[v2,3/4] KVM: riscv: Fix Spectre-v1 in floating-point register access"
module-param
Desc: Detect module_param changes
Duration: 0.27 seconds
Result: PASS

linux-riscv-bot · 2026-03-03T17:06:08Z

Patch 3: "[v2,3/4] KVM: riscv: Fix Spectre-v1 in floating-point register access"
verify-fixes
Desc: Verifies that the Fixes: tags exist
Duration: 0.24 seconds
Result: PASS

linux-riscv-bot · 2026-03-03T17:06:10Z

Patch 3: "[v2,3/4] KVM: riscv: Fix Spectre-v1 in floating-point register access"
verify-signedoff
Desc: Verifies that Signed-off-by: tags are correct
Duration: 0.32 seconds
Result: PASS

linux-riscv-bot · 2026-03-03T17:08:41Z

Patch 4: "[v2,4/4] KVM: riscv: Fix Spectre-v1 in PMU counter access"
build-rv32-defconfig
Desc: Builds riscv32 defconfig
Duration: 136.83 seconds
Result: PASS

linux-riscv-bot · 2026-03-03T17:25:50Z

Patch 4: "[v2,4/4] KVM: riscv: Fix Spectre-v1 in PMU counter access"
build-rv64-clang-allmodconfig
Desc: Builds riscv64 allmodconfig with Clang, and checks for errors and added warnings
Duration: 1026.97 seconds
Result: PASS

linux-riscv-bot · 2026-03-03T17:48:59Z

Patch 4: "[v2,4/4] KVM: riscv: Fix Spectre-v1 in PMU counter access"
build-rv64-gcc-allmodconfig
Desc: Builds riscv64 allmodconfig with GCC, and checks for errors and added warnings
Duration: 1387.89 seconds
Result: PASS

linux-riscv-bot · 2026-03-03T17:49:28Z

Patch 4: "[v2,4/4] KVM: riscv: Fix Spectre-v1 in PMU counter access"
build-rv64-nommu-k210-defconfig
Desc: Builds riscv64 defconfig with NOMMU for K210
Duration: 26.56 seconds
Result: PASS

linux-riscv-bot · 2026-03-03T17:49:57Z

Patch 4: "[v2,4/4] KVM: riscv: Fix Spectre-v1 in PMU counter access"
build-rv64-nommu-k210-virt
Desc: Builds riscv64 defconfig with NOMMU for the virt platform
Duration: 28.05 seconds
Result: PASS

linux-riscv-bot · 2026-03-03T17:49:59Z

Patch 4: "[v2,4/4] KVM: riscv: Fix Spectre-v1 in PMU counter access"
checkpatch
Desc: Runs checkpatch.pl on the patch
Duration: 0.80 seconds
Result: PASS

linux-riscv-bot · 2026-03-03T17:51:23Z

Patch 4: "[v2,4/4] KVM: riscv: Fix Spectre-v1 in PMU counter access"
dtb-warn-rv64
Desc: Checks for Device Tree warnings/errors
Duration: 81.69 seconds
Result: PASS

linux-riscv-bot · 2026-03-03T17:51:24Z

Patch 4: "[v2,4/4] KVM: riscv: Fix Spectre-v1 in PMU counter access"
header-inline
Desc: Detects static functions without inline keyword in header files
Duration: 0.23 seconds
Result: PASS

linux-riscv-bot · 2026-03-03T17:51:27Z

Patch 4: "[v2,4/4] KVM: riscv: Fix Spectre-v1 in PMU counter access"
kdoc
Desc: Detects for kdoc errors
Duration: 0.87 seconds
Result: PASS

linux-riscv-bot · 2026-03-03T17:51:29Z

Patch 4: "[v2,4/4] KVM: riscv: Fix Spectre-v1 in PMU counter access"
module-param
Desc: Detect module_param changes
Duration: 0.24 seconds
Result: PASS

linux-riscv-bot · 2026-03-03T17:51:30Z

Patch 4: "[v2,4/4] KVM: riscv: Fix Spectre-v1 in PMU counter access"
verify-fixes
Desc: Verifies that the Fixes: tags exist
Duration: 0.27 seconds
Result: PASS

linux-riscv-bot · 2026-03-03T17:51:32Z

Patch 4: "[v2,4/4] KVM: riscv: Fix Spectre-v1 in PMU counter access"
verify-signedoff
Desc: Verifies that Signed-off-by: tags are correct
Duration: 0.30 seconds
Result: PASS

Lukas Gerlach added 4 commits March 3, 2026 14:46

linux-riscv-bot closed this Mar 11, 2026

linux-riscv-bot deleted the pw1060662 branch March 11, 2026 01:19

Conversation

linux-riscv-bot commented Mar 3, 2026

Uh oh!

linux-riscv-bot commented Mar 3, 2026

Uh oh!

linux-riscv-bot commented Mar 3, 2026

Uh oh!

linux-riscv-bot commented Mar 3, 2026

Uh oh!

linux-riscv-bot commented Mar 3, 2026

Uh oh!

linux-riscv-bot commented Mar 3, 2026

Uh oh!

linux-riscv-bot commented Mar 3, 2026

Uh oh!

linux-riscv-bot commented Mar 3, 2026

Uh oh!

linux-riscv-bot commented Mar 3, 2026

Uh oh!

linux-riscv-bot commented Mar 3, 2026

Uh oh!

linux-riscv-bot commented Mar 3, 2026

Uh oh!

linux-riscv-bot commented Mar 3, 2026

Uh oh!

linux-riscv-bot commented Mar 3, 2026

Uh oh!

linux-riscv-bot commented Mar 3, 2026

Uh oh!

linux-riscv-bot commented Mar 3, 2026

Uh oh!

linux-riscv-bot commented Mar 3, 2026

Uh oh!

linux-riscv-bot commented Mar 3, 2026

Uh oh!

linux-riscv-bot commented Mar 3, 2026

Uh oh!

linux-riscv-bot commented Mar 3, 2026

Uh oh!

linux-riscv-bot commented Mar 3, 2026

Uh oh!

linux-riscv-bot commented Mar 3, 2026

Uh oh!

linux-riscv-bot commented Mar 3, 2026

Uh oh!

linux-riscv-bot commented Mar 3, 2026

Uh oh!

linux-riscv-bot commented Mar 3, 2026

Uh oh!

linux-riscv-bot commented Mar 3, 2026

Uh oh!

linux-riscv-bot commented Mar 3, 2026

Uh oh!

linux-riscv-bot commented Mar 3, 2026

Uh oh!

linux-riscv-bot commented Mar 3, 2026

Uh oh!

linux-riscv-bot commented Mar 3, 2026

Uh oh!

linux-riscv-bot commented Mar 3, 2026

Uh oh!

linux-riscv-bot commented Mar 3, 2026

Uh oh!

linux-riscv-bot commented Mar 3, 2026

Uh oh!

linux-riscv-bot commented Mar 3, 2026

Uh oh!

linux-riscv-bot commented Mar 3, 2026

Uh oh!

linux-riscv-bot commented Mar 3, 2026

Uh oh!

linux-riscv-bot commented Mar 3, 2026

Uh oh!

linux-riscv-bot commented Mar 3, 2026

Uh oh!

linux-riscv-bot commented Mar 3, 2026

Uh oh!

linux-riscv-bot commented Mar 3, 2026

Uh oh!

linux-riscv-bot commented Mar 3, 2026