From: Will Deacon <will@kernel.org>
Date: Fri, 27 Mar 2026 19:27:57 +0000 (+0000)
Subject: KVM: arm64: Destroy stage-2 page-table in kvm_arch_destroy_vm()
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=a3ca3bfd01b7ee9f54ed85718a6d553cdd87050e;p=thirdparty%2Fkernel%2Flinux.git

KVM: arm64: Destroy stage-2 page-table in kvm_arch_destroy_vm()

kvm_arch_destroy_vm() can be called on the kvm_create_vm() error path
after we have failed to register the MMU notifiers for the new VM. In
this case, we cannot rely on the MMU ->release() notifier to call
kvm_arch_flush_shadow_all() and so the stage-2 page-table allocated in
kvm_arch_init_vm() will be leaked.

Explicitly destroy the stage-2 page-table in kvm_arch_destroy_vm(), so
that we clean up after kvm_arch_destroy_vm() without relying on the MMU
notifiers.

Link: https://sashiko.dev/#/patchset/20260327140039.21228-1-will%40kernel.org?patch=12265
Signed-off-by: Will Deacon <will@kernel.org>
Link: https://patch.msgid.link/20260327192758.21739-3-will@kernel.org
Signed-off-by: Marc Zyngier <maz@kernel.org>
---

diff --git a/arch/arm64/kvm/arm.c b/arch/arm64/kvm/arm.c
index 410ffd41fd73a..29bfa79555b2e 100644
--- a/arch/arm64/kvm/arm.c
+++ b/arch/arm64/kvm/arm.c
@@ -301,6 +301,7 @@ void kvm_arch_destroy_vm(struct kvm *kvm)
 	if (is_protected_kvm_enabled())
 		pkvm_destroy_hyp_vm(kvm);
 
+	kvm_uninit_stage2_mmu(kvm);
 	kvm_destroy_mpidr_data(kvm);
 
 	kfree(kvm->arch.sysreg_masks);