KVM: SVM: Unregister KVM's GALog notifier on kvm-amd.ko exit

Unregister the GALog notifier (used to get notified of wake events for blocking vCPUs) on kvm-amd.ko exit so that a KVM or IOMMU driver bug that results in a spurious GALog event "only" results in a spurious IRQ, and doesn't trigger a use-after-free due to executing unloaded module code. Fixes: 5881f73757 ("svm: Introduce AMD IOMMU avic_ga_log_notifier") Reported-by: Hou Wenlong <houwenlong.hwl@antgroup.com> Closes: https://lore.kernel.org/all/20250918130320.GA119526@k08j02272.eu95sqa Link: https://patch.msgid.link/20251016190643.80529-3-seanjc@google.com Signed-off-by: Sean Christopherson <seanjc@google.com>
2026-05-25 07:33:19 +02:00 · 2025-10-16 12:06:42 -07:00 · 2025-10-16 12:06:42 -07:00 · adc6ae9729
commit adc6ae9729
parent 59a217ced3
3 changed files with 9 additions and 0 deletions
--- a/arch/x86/kvm/svm/avic.c
+++ b/arch/x86/kvm/svm/avic.c
@ -1243,3 +1243,9 @@ bool __init avic_hardware_setup(void)

 	return true;
 }
+
+void avic_hardware_unsetup(void)
+{
+	if (avic)
+		amd_iommu_register_ga_log_notifier(NULL);
+}
--- a/arch/x86/kvm/svm/svm.c
+++ b/arch/x86/kvm/svm/svm.c
@ -921,6 +921,8 @@ static void svm_hardware_unsetup(void)
 {
 	int cpu;

+	avic_hardware_unsetup();
+
 	sev_hardware_unsetup();

 	for_each_possible_cpu(cpu)
--- a/arch/x86/kvm/svm/svm.h
+++ b/arch/x86/kvm/svm/svm.h
@ -805,6 +805,7 @@ extern struct kvm_x86_nested_ops svm_nested_ops;
 )

 bool __init avic_hardware_setup(void);
+void avic_hardware_unsetup(void);
 int avic_ga_log_notifier(u32 ga_tag);
 void avic_vm_destroy(struct kvm *kvm);
 int avic_vm_init(struct kvm *kvm);