[PATCH 1/2] KVM: SVM: Remove VM from the GA Log notifier list before VM destruction
From: Sean Christopherson
Date: Thu Jun 25 2026 - 18:09:44 EST
When a VM is being destroyed, delete it from the list used to process GA
Log interrupt before vCPUs are freed, otherwise avic_ga_log_notifier()
could theoretically hit a use-after-free if a GA Log notification arrives
for a vCPU after the last reference to the VM has been put.
Note, in practice, it's likely all but impossible to trigger UAF, as all
all irqfds and thus all IRTEs are cleaned up by:
kvm_irqfd_release()
|
|-> irqfd_deactivate()
|
|-> irqfd_shutdown()
|
|-> irq_bypass_unregister_consumer()
And kvm_irqfd_release() is guaranteed to run before the last reference to
the VM is put. KVM also configures GA Log interrupts only when a vCPU is
blocking (older versions of KVM configre GA Log interrupts at all times,
but AVIC is off by default on those kernels). Hitting UAF would require
tearing down a VM shortly after a vCPU stopped blocking, and with a very,
very delayed IRQ from hardware.
Note, calling avic_vm_pre_destroy() if avic_vm_init() fails is unnecessary,
as the VM hasn't yet been added to the list (the VM structure is zeroed on
allocation, and so hash_del() is a nop). In fact, doing avic_vm_destroy()
at all on init failure is unnecessary now that the physical ID table is
allocated elsewhere; that will soon be remedied.
Opportunistically use guard() to avoid a local "flags" variable.
Fixes: 5881f73757cc ("svm: Introduce AMD IOMMU avic_ga_log_notifier")
Cc: stable@xxxxxxxxxxxxxxx
Cc: Naveen N Rao (AMD) <naveen@xxxxxxxxxx>
Signed-off-by: Sean Christopherson <seanjc@xxxxxxxxxx>
---
arch/x86/kvm/svm/avic.c | 15 ++++++++++-----
arch/x86/kvm/svm/svm.c | 2 ++
arch/x86/kvm/svm/svm.h | 1 +
3 files changed, 13 insertions(+), 5 deletions(-)
diff --git a/arch/x86/kvm/svm/avic.c b/arch/x86/kvm/svm/avic.c
index 58e493a80cb0..6b100fb014a6 100644
--- a/arch/x86/kvm/svm/avic.c
+++ b/arch/x86/kvm/svm/avic.c
@@ -311,9 +311,18 @@ int avic_alloc_physical_id_table(struct kvm *kvm)
return 0;
}
+void avic_vm_pre_destroy(struct kvm *kvm)
+{
+ if (WARN_ON_ONCE(!enable_apicv))
+ return;
+
+ guard(spinlock_irqsave)(&svm_vm_data_hash_lock);
+
+ hash_del(&to_kvm_svm(kvm)->hnode);
+}
+
void avic_vm_destroy(struct kvm *kvm)
{
- unsigned long flags;
struct kvm_svm *kvm_svm = to_kvm_svm(kvm);
if (!enable_apicv)
@@ -322,10 +331,6 @@ void avic_vm_destroy(struct kvm *kvm)
free_page((unsigned long)kvm_svm->avic_logical_id_table);
free_pages((unsigned long)kvm_svm->avic_physical_id_table,
avic_get_physical_id_table_order(kvm));
-
- spin_lock_irqsave(&svm_vm_data_hash_lock, flags);
- hash_del(&kvm_svm->hnode);
- spin_unlock_irqrestore(&svm_vm_data_hash_lock, flags);
}
int avic_vm_init(struct kvm *kvm)
diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c
index ef69a51ab27f..91b1e582d16f 100644
--- a/arch/x86/kvm/svm/svm.c
+++ b/arch/x86/kvm/svm/svm.c
@@ -5340,6 +5340,7 @@ struct kvm_x86_ops svm_x86_ops __initdata = {
.vm_size = sizeof(struct kvm_svm),
.vm_init = svm_vm_init,
+ .vm_pre_destroy = avic_vm_pre_destroy,
.vm_destroy = svm_vm_destroy,
.prepare_switch_to_guest = svm_prepare_switch_to_guest,
@@ -5712,6 +5713,7 @@ static __init int svm_hardware_setup(void)
enable_apicv = avic_hardware_setup();
if (!enable_apicv) {
enable_ipiv = false;
+ svm_x86_ops.vm_pre_destroy = NULL;
svm_x86_ops.vcpu_blocking = NULL;
svm_x86_ops.vcpu_unblocking = NULL;
svm_x86_ops.vcpu_get_apicv_inhibit_reasons = NULL;
diff --git a/arch/x86/kvm/svm/svm.h b/arch/x86/kvm/svm/svm.h
index 716be21fba33..a25f8994b877 100644
--- a/arch/x86/kvm/svm/svm.h
+++ b/arch/x86/kvm/svm/svm.h
@@ -946,6 +946,7 @@ extern struct kvm_x86_nested_ops svm_nested_ops;
bool __init avic_hardware_setup(void);
void avic_hardware_unsetup(void);
int avic_alloc_physical_id_table(struct kvm *kvm);
+void avic_vm_pre_destroy(struct kvm *kvm);
void avic_vm_destroy(struct kvm *kvm);
int avic_vm_init(struct kvm *kvm);
void avic_init_vmcb(struct vcpu_svm *svm, struct vmcb *vmcb);
--
2.55.0.rc0.799.gd6f94ed593-goog