Commit a3ca3bfd authored Mar 27, 2026 by Will Deacon Committed by Marc Zyngier Apr 01, 2026

KVM: arm64: Destroy stage-2 page-table in kvm_arch_destroy_vm()

kvm_arch_destroy_vm() can be called on the kvm_create_vm() error path
after we have failed to register the MMU notifiers for the new VM. In
this case, we cannot rely on the MMU ->release() notifier to call
kvm_arch_flush_shadow_all() and so the stage-2 page-table allocated in
kvm_arch_init_vm() will be leaked.

Explicitly destroy the stage-2 page-table in kvm_arch_destroy_vm(), so
that we clean up after kvm_arch_destroy_vm() without relying on the MMU
notifiers.

Link: https://sashiko.dev/#/patchset/20260327140039.21228-1-will%40kernel.org?patch=12265


Signed-off-by: Will Deacon <will@kernel.org>
Link: https://patch.msgid.link/20260327192758.21739-3-will@kernel.org


Signed-off-by: Marc Zyngier <maz@kernel.org>

parent 2fc0f3e2

arch/arm64/kvm/arm.c

+1 −0

Original line number	Diff line number	Diff line
		@@ -301,6 +301,7 @@ void kvm_arch_destroy_vm(struct kvm *kvm)
		if (is_protected_kvm_enabled())
		pkvm_destroy_hyp_vm(kvm);

		kvm_uninit_stage2_mmu(kvm);
		kvm_destroy_mpidr_data(kvm);

		kfree(kvm->arch.sysreg_masks);