Alex reports that it is possible to trigger a NULL dereference via the vgic-v2 device attribute accessors, stemming from a lack of sanitization of user input... Here's a fix + regression test for the bug. Obviously, I intend to take these as a fix ASAP. Oliver Upton (2): KVM: arm64: vgic-v2: Check for non-NULL vCPU in vgic_v2_parse_attr() KVM: selftests: Add test for uaccesses to non-existent vgic-v2 CPUIF arch/arm64/kvm/vgic/vgic-kvm-device.c | 8 +-- .../testing/selftests/kvm/aarch64/vgic_init.c | 49 +++++++++++++++++++ 2 files changed, 53 insertions(+), 4 deletions(-) base-commit: fec50db7033ea478773b159e0e2efb135270e3b7 -- 2.44.0.769.g3c40516874-goog
