[PW_SID:1092007] riscv: KVM: Fix missing TLB flush on HENVCFG.PMM updates by linux-riscv-bot · Pull Request #1895 · linux-riscv/linux

linux-riscv-bot · 2026-05-09T12:15:27Z

PR for series 1092007 applied to workflow__riscv__fixes

Name: riscv: KVM: Fix missing TLB flush on HENVCFG.PMM updates
URL: https://patchwork.kernel.org/project/linux-riscv/list/?series=1092007
Version: 1

According to the RISC-V Privileged ISA specification, if henvcfg.PMM is changed from or to a value where (XLEN-PMLEN) is less than the GPA width supported by the hgatp translation mode of that guest, hypervisors must execute an HFENCE.GVMA with rs1=x0. Currently, when a guest dynamically changes pointer masking mode via the SBI FWFT extension, kvm_sbi_fwft_set_pointer_masking_pmlen() directly modifies the hardware CSR_HENVCFG from the non-one-reg-access path without issuing the required TLB invalidation Fix this by adding an unconditional HFENCE.GVMA after the CSR write. This vulnerability was discovered and reported by my SpecHunter, an AI-driven architecture specification analysis tool. Link: https://github.com/yizishun/rv-isa-sec/blob/master/output/riscv-isa-manual/pr-2494/linux.txt Fixes: 48d6710 ("RISC-V: KVM: Implement ONE_REG interface for SBI FWFT state") Assisted-by: DeepSeek:DeepSeek-V4-Pro Signed-off-by: Zishun Yi <vulab@iscas.ac.cn> Signed-off-by: Linux RISC-V bot <linux.riscv.bot@gmail.com>

linux-riscv-bot · 2026-05-09T12:20:46Z

Patch 1: "riscv: KVM: Fix missing TLB flush on HENVCFG.PMM updates"
build-rv32-defconfig
Desc: Builds riscv32 defconfig
Duration: 113.95 seconds
Result: PASS

linux-riscv-bot · 2026-05-09T12:37:54Z

Patch 1: "riscv: KVM: Fix missing TLB flush on HENVCFG.PMM updates"
build-rv64-clang-allmodconfig
Desc: Builds riscv64 allmodconfig with Clang, and checks for errors and added warnings
Duration: 1026.65 seconds
Result: PASS

linux-riscv-bot · 2026-05-09T13:01:02Z

Patch 1: "riscv: KVM: Fix missing TLB flush on HENVCFG.PMM updates"
build-rv64-gcc-allmodconfig
Desc: Builds riscv64 allmodconfig with GCC, and checks for errors and added warnings
Duration: 1386.93 seconds
Result: PASS

linux-riscv-bot · 2026-05-09T13:01:23Z

Patch 1: "riscv: KVM: Fix missing TLB flush on HENVCFG.PMM updates"
build-rv64-nommu-k210-defconfig
Desc: Builds riscv64 defconfig with NOMMU for K210
Duration: 19.23 seconds
Result: PASS

linux-riscv-bot · 2026-05-09T13:01:45Z

Patch 1: "riscv: KVM: Fix missing TLB flush on HENVCFG.PMM updates"
build-rv64-nommu-k210-virt
Desc: Builds riscv64 defconfig with NOMMU for the virt platform
Duration: 20.66 seconds
Result: PASS

linux-riscv-bot · 2026-05-09T13:01:47Z

Patch 1: "riscv: KVM: Fix missing TLB flush on HENVCFG.PMM updates"
checkpatch
Desc: Runs checkpatch.pl on the patch
Duration: 0.68 seconds
Result: PASS

linux-riscv-bot · 2026-05-09T13:03:04Z

Patch 1: "riscv: KVM: Fix missing TLB flush on HENVCFG.PMM updates"
dtb-warn-rv64
Desc: Checks for Device Tree warnings/errors
Duration: 75.48 seconds
Result: PASS

linux-riscv-bot · 2026-05-09T13:03:06Z

Patch 1: "riscv: KVM: Fix missing TLB flush on HENVCFG.PMM updates"
header-inline
Desc: Detects static functions without inline keyword in header files
Duration: 0.24 seconds
Result: PASS

linux-riscv-bot · 2026-05-09T13:03:08Z

Patch 1: "riscv: KVM: Fix missing TLB flush on HENVCFG.PMM updates"
kdoc
Desc: Detects for kdoc errors
Duration: 0.72 seconds
Result: PASS

linux-riscv-bot · 2026-05-09T13:03:10Z

Patch 1: "riscv: KVM: Fix missing TLB flush on HENVCFG.PMM updates"
module-param
Desc: Detect module_param changes
Duration: 0.24 seconds
Result: PASS

linux-riscv-bot · 2026-05-09T13:03:11Z

Patch 1: "riscv: KVM: Fix missing TLB flush on HENVCFG.PMM updates"
verify-fixes
Desc: Verifies that the Fixes: tags exist
Duration: 0.26 seconds
Result: PASS

linux-riscv-bot · 2026-05-09T13:03:13Z

Patch 1: "riscv: KVM: Fix missing TLB flush on HENVCFG.PMM updates"
verify-signedoff
Desc: Verifies that Signed-off-by: tags are correct
Duration: 0.27 seconds
Result: PASS

Linux RISC-V bot and others added 2 commits May 2, 2026 08:13

Adding CI files

2c3b264

linux-riscv-bot force-pushed the workflow__riscv__fixes branch 2 times, most recently from 2d4fcdd to cd9d421 Compare May 14, 2026 08:49

linux-riscv-bot closed this May 17, 2026

linux-riscv-bot deleted the pw1092007 branch May 17, 2026 02:15

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[PW_SID:1092007] riscv: KVM: Fix missing TLB flush on HENVCFG.PMM updates#1895

[PW_SID:1092007] riscv: KVM: Fix missing TLB flush on HENVCFG.PMM updates#1895
linux-riscv-bot wants to merge 2 commits into
workflowriscvfixesfrom
pw1092007

linux-riscv-bot commented May 9, 2026

Uh oh!

linux-riscv-bot commented May 9, 2026

Uh oh!

linux-riscv-bot commented May 9, 2026

Uh oh!

linux-riscv-bot commented May 9, 2026

Uh oh!

linux-riscv-bot commented May 9, 2026

Uh oh!

linux-riscv-bot commented May 9, 2026

Uh oh!

linux-riscv-bot commented May 9, 2026

Uh oh!

linux-riscv-bot commented May 9, 2026

Uh oh!

linux-riscv-bot commented May 9, 2026

Uh oh!

linux-riscv-bot commented May 9, 2026

Uh oh!

linux-riscv-bot commented May 9, 2026

Uh oh!

linux-riscv-bot commented May 9, 2026

Uh oh!

linux-riscv-bot commented May 9, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

Conversation

linux-riscv-bot commented May 9, 2026

Uh oh!

linux-riscv-bot commented May 9, 2026

Uh oh!

linux-riscv-bot commented May 9, 2026

Uh oh!

linux-riscv-bot commented May 9, 2026

Uh oh!

linux-riscv-bot commented May 9, 2026

Uh oh!

linux-riscv-bot commented May 9, 2026

Uh oh!

linux-riscv-bot commented May 9, 2026

Uh oh!

linux-riscv-bot commented May 9, 2026

Uh oh!

linux-riscv-bot commented May 9, 2026

Uh oh!

linux-riscv-bot commented May 9, 2026

Uh oh!

linux-riscv-bot commented May 9, 2026

Uh oh!

linux-riscv-bot commented May 9, 2026

Uh oh!

linux-riscv-bot commented May 9, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants