kvm: Fix SIGSEGV when execute "query-balloon" after CPR transfer

Zhenzhong Duan Thu, 25 Sep 2025 19:43:18 -0700

After CPR transfer, source QEMU close kvm fd and free kvm_state,
"query-balloon" will check kvm_state->sync_mmu and trigger NULL
pointer reference.


Signed-off-by: Zhenzhong Duan <[email protected]>
---
 accel/kvm/kvm-all.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/accel/kvm/kvm-all.c b/accel/kvm/kvm-all.c
index 9060599cd7..a3e2d11763 100644
--- a/accel/kvm/kvm-all.c
+++ b/accel/kvm/kvm-all.c
@@ -3479,7 +3479,7 @@ int kvm_device_access(int fd, int group, uint64_t attr,
 
 bool kvm_has_sync_mmu(void)
 {
-    return kvm_state->sync_mmu;
+    return kvm_state && kvm_state->sync_mmu;
 }
 
 int kvm_has_vcpu_events(void)
-- 
2.47.1

[PATCH 5/5] accel/kvm: Fix SIGSEGV when execute "query-balloon" after CPR transfer

Reply via email to