Commit adc6ae97 authored Oct 16, 2025 by Sean Christopherson

KVM: SVM: Unregister KVM's GALog notifier on kvm-amd.ko exit

Unregister the GALog notifier (used to get notified of wake events for
blocking vCPUs) on kvm-amd.ko exit so that a KVM or IOMMU driver bug that
results in a spurious GALog event "only" results in a spurious IRQ, and
doesn't trigger a use-after-free due to executing unloaded module code.

Fixes: 5881f737 ("svm: Introduce AMD IOMMU avic_ga_log_notifier")
Reported-by: Hou Wenlong <houwenlong.hwl@antgroup.com>
Closes: https://lore.kernel.org/all/20250918130320.GA119526@k08j02272.eu95sqa
Link: https://patch.msgid.link/20251016190643.80529-3-seanjc@google.com

Signed-off-by: Sean Christopherson <seanjc@google.com>

parent 59a217ce

arch/x86/kvm/svm/avic.c

+6 −0

Original line number	Diff line number	Diff line
		@@ -1243,3 +1243,9 @@ bool __init avic_hardware_setup(void)

		return true;
		}

		void avic_hardware_unsetup(void)
		{
		if (avic)
		amd_iommu_register_ga_log_notifier(NULL);
		}

arch/x86/kvm/svm/svm.c

+2 −0

Original line number	Diff line number	Diff line
		@@ -921,6 +921,8 @@ static void svm_hardware_unsetup(void)
		{
		int cpu;

		avic_hardware_unsetup();

		sev_hardware_unsetup();

		for_each_possible_cpu(cpu)

arch/x86/kvm/svm/svm.h

+1 −0

Original line number	Diff line number	Diff line
		@@ -805,6 +805,7 @@ extern struct kvm_x86_nested_ops svm_nested_ops;
		)

		bool __init avic_hardware_setup(void);
		void avic_hardware_unsetup(void);
		int avic_ga_log_notifier(u32 ga_tag);
		void avic_vm_destroy(struct kvm *kvm);
		int avic_vm_init(struct kvm *kvm);