git.ipfire.org Git - thirdparty/kernel/stable.git/commit

author	Chao Gao <chao.gao@intel.com>
	Sat, 8 Nov 2025 01:36:01 +0000 (17:36 -0800)
committer	Sean Christopherson <seanjc@google.com>
	Tue, 18 Nov 2025 23:53:54 +0000 (15:53 -0800)
commit	11d984633f7f3fc97dbbc551fe15429adf10a8d5
tree	d1b539948c580c791cc1ee777fcedc472a17aeb2	tree \| snapshot
parent	e78fb96b41c6ac85c1a02c7e9610d1ebaa9b5d98	commit \| diff

KVM: x86: Allocate/free user_return_msrs at kvm.ko (un)loading time

Move user_return_msrs allocation/free from vendor modules (kvm-intel.ko and
kvm-amd.ko) (un)loading time to kvm.ko's to make it less risky to access
user_return_msrs in kvm.ko. Tying the lifetime of user_return_msrs to
vendor modules makes every access to user_return_msrs prone to
use-after-free issues as vendor modules may be unloaded at any time.

Opportunistically turn the per-CPU variable into full structs, as there's
no practical difference between statically allocating the memory and
allocating it unconditionally during module_init().

Zero out kvm_nr_uret_msrs on vendor module exit to further minimize the
chances of consuming stale data, and WARN on vendor module load if KVM
thinks there are existing user-return MSRs.

Note! The user-return MSRs also need to be "destroyed" if
ops->hardware_setup() fails, as both SVM and VMX expect common KVM to
clean up (because common code, not vendor code, is responsible for
kvm_nr_uret_msrs).

Signed-off-by: Chao Gao <chao.gao@intel.com>
Co-developed-by: Sean Christopherson <seanjc@google.com>
Link: https://patch.msgid.link/20251108013601.902918-1-seanjc@google.com
Signed-off-by: Sean Christopherson <seanjc@google.com>