KVM: SVM: Unregister KVM's GALog notifier on kvm-amd.ko exit

Unregister the GALog notifier (used to get notified of wake events for
blocking vCPUs) on kvm-amd.ko exit so that a KVM or IOMMU driver bug that
results in a spurious GALog event "only" results in a spurious IRQ, and
doesn't trigger a use-after-free due to executing unloaded module code.

Fixes: 5881f73757cc ("svm: Introduce AMD IOMMU avic_ga_log_notifier")
Reported-by: Hou Wenlong <houwenlong.hwl@antgroup.com>
Closes: https://lore.kernel.org/all/20250918130320.GA119526@k08j02272.eu95sqa
Link: https://patch.msgid.link/20251016190643.80529-3-seanjc@google.com
Signed-off-by: Sean Christopherson <seanjc@google.com>

diff --git a/arch/x86/kvm/svm/avic.c b/arch/x86/kvm/svm/avic.c
index f286b5706d7c14291b55fab1f8af1086a8f047ad..3ab74f2bd5846c81f61762c1b4e8e498f1a6e516 100644 (file)
--- a/arch/x86/kvm/svm/avic.c
+++ b/arch/x86/kvm/svm/avic.c
@@ -1243,3 +1243,9 @@ bool __init avic_hardware_setup(void)
 
        return true;
 }
+
+void avic_hardware_unsetup(void)
+{
+       if (avic)
+               amd_iommu_register_ga_log_notifier(NULL);
+}

diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c
index efc3a7adebefa8406ab1b6a409f2a32dabd3b176..76055c0ba177e49ae14d1fa0ef2a23b56e473276 100644 (file)
--- a/arch/x86/kvm/svm/svm.c
+++ b/arch/x86/kvm/svm/svm.c
@@ -921,6 +921,8 @@ static void svm_hardware_unsetup(void)
 {
        int cpu;
 
+       avic_hardware_unsetup();
+
        sev_hardware_unsetup();
 
        for_each_possible_cpu(cpu)

diff --git a/arch/x86/kvm/svm/svm.h b/arch/x86/kvm/svm/svm.h
index e4b04f435b3d03bb107ccd5aa9ea7aa2ece2ad3e..b0fe40c217280f63d4b345177e2d7055a58b6062 100644 (file)
--- a/arch/x86/kvm/svm/svm.h
+++ b/arch/x86/kvm/svm/svm.h
@@ -805,6 +805,7 @@ extern struct kvm_x86_nested_ops svm_nested_ops;
 )
 
 bool __init avic_hardware_setup(void);
+void avic_hardware_unsetup(void);
 int avic_ga_log_notifier(u32 ga_tag);
 void avic_vm_destroy(struct kvm *kvm);
 int avic_vm_init(struct kvm *kvm);