[SRU][J][PATCH v2 1/2] KVM: arm64: vgic: Add a non-locking primitive for kvm_vgic_vcpu_destroy()

Massimiliano Pellizzer massimiliano.pellizzer at canonical.com
Tue Feb 10 14:02:44 UTC 2026 

From: Marc Zyngier <maz at kernel.org>

As we are going to need to call into kvm_vgic_vcpu_destroy() without
prior holding of the slots_lock, introduce __kvm_vgic_vcpu_destroy()
as a non-locking primitive of kvm_vgic_vcpu_destroy().

Cc: stable at vger.kernel.org
Signed-off-by: Marc Zyngier <maz at kernel.org>
Link: https://lore.kernel.org/r/20231207151201.3028710-3-maz@kernel.org
Signed-off-by: Oliver Upton <oliver.upton at linux.dev>
(backported from commit d26b9cb33c2d1ba68d1f26bb06c40300f16a3799)
[mpellizzer: backported considering
 * The change in locking mechanism introduced by f00327731131d
   (“KVM: arm64: Use config_lock to protect vgic state”)
 * The refactoring introduced by 01ad29d224ff
   (“KVM: arm64: vgic: Simplify kvm_vgic_destroy()”)]
CVE-2025-37849
Signed-off-by: Massimiliano Pellizzer <massimiliano.pellizzer at canonical.com>
---
 arch/arm64/kvm/vgic/vgic-init.c | 13 +++++++++++--
 1 file changed, 11 insertions(+), 2 deletions(-)

diff --git a/arch/arm64/kvm/vgic/vgic-init.c b/arch/arm64/kvm/vgic/vgic-init.c
index 1ccbb19fad77a..bb00bf31636a5 100644
--- a/arch/arm64/kvm/vgic/vgic-init.c
+++ b/arch/arm64/kvm/vgic/vgic-init.c
@@ -352,7 +352,7 @@ static void kvm_vgic_dist_destroy(struct kvm *kvm)
 		vgic_v4_teardown(kvm);
 }
 
-void kvm_vgic_vcpu_destroy(struct kvm_vcpu *vcpu)
+static void __kvm_vgic_vcpu_destroy(struct kvm_vcpu *vcpu)
 {
 	struct vgic_cpu *vgic_cpu = &vcpu->arch.vgic_cpu;
 
@@ -369,6 +369,15 @@ void kvm_vgic_vcpu_destroy(struct kvm_vcpu *vcpu)
 	}
 }
 
+void kvm_vgic_vcpu_destroy(struct kvm_vcpu *vcpu)
+{
+	struct kvm *kvm = vcpu->kvm;
+
+	mutex_lock(&kvm->lock);
+	__kvm_vgic_vcpu_destroy(vcpu);
+	mutex_unlock(&kvm->lock);
+}
+
 /* To be called with kvm->lock held */
 static void __kvm_vgic_destroy(struct kvm *kvm)
 {
@@ -378,7 +387,7 @@ static void __kvm_vgic_destroy(struct kvm *kvm)
 	vgic_debug_destroy(kvm);
 
 	kvm_for_each_vcpu(i, vcpu, kvm)
-		kvm_vgic_vcpu_destroy(vcpu);
+		__kvm_vgic_vcpu_destroy(vcpu);
 
 	kvm_vgic_dist_destroy(kvm);
 }
-- 
2.51.0

More information about the kernel-team mailing list