[PATCH 6.16 105/142] RISC-V: KVM: fix stack overrun when loading vlenb

2 Sep 2025

6.16-stable review patch.  If anyone has any objections, please let me know.
------------------
From: Radim Krčmář rkrcmar@ventanamicro.com
commit 799766208f09f95677a9ab111b93872d414fbad7 upstream.
The userspace load can put up to 2048 bits into an xlen bit stack
buffer.  We want only xlen bits, so check the size beforehand.
Fixes: 2fa290372dfe ("RISC-V: KVM: add 'vlenb' Vector CSR")
Cc: stable@vger.kernel.org
Signed-off-by: Radim Krčmář rkrcmar@ventanamicro.com
Reviewed-by: Nutty Liu liujingqi@lanxincomputing.com
Reviewed-by: Daniel Henrique Barboza dbarboza@ventanamicro.com
Link: https://lore.kernel.org/r/20250805104418.196023-4-rkrcmar@ventanamicro.com
Signed-off-by: Anup Patel anup@brainfault.org
Signed-off-by: Greg Kroah-Hartman gregkh@linuxfoundation.org
---
 arch/riscv/kvm/vcpu_vector.c |    2 ++
 1 file changed, 2 insertions(+)

--- a/arch/riscv/kvm/vcpu_vector.c
+++ b/arch/riscv/kvm/vcpu_vector.c
@@ -182,6 +182,8 @@ int kvm_riscv_vcpu_set_reg_vector(struct
    	struct kvm_cpu_context *cntx = &vcpu->arch.guest_context;
    	unsigned long reg_val;
+		if (reg_size != sizeof(reg_val))
+			return -EINVAL;
    	if (copy_from_user(&reg_val, uaddr, reg_size))
    		return -EFAULT;
    	if (reg_val != cntx->vector.vlenb)

    

2025

2024

2023

2022

2021

2020

2019

2018

2017

[PATCH 6.16 105/142] RISC-V: KVM: fix stack overrun when loading vlenb