Received: by 2002:a25:31c3:0:0:0:0:0 with SMTP id x186csp3812673ybx;
        Mon, 4 Nov 2019 03:19:22 -0800 (PST)
X-Google-Smtp-Source: APXvYqyJb21Nutk4gm5ApJp2WaB9wf4t94aV/WKk8U2LH1tSJdHmJ1NLpk1KPmMWnkrqsnXUA5l2
X-Received: by 2002:a50:9b43:: with SMTP id a3mr28694468edj.73.1572866362486;
        Mon, 04 Nov 2019 03:19:22 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1572866362; cv=none;
        d=google.com; s=arc-20160816;
        b=UuHlw8kmk00I+pfhHXz4c2kilXVt7GyC2PZ6iThPMx29eKD8XOaTCgry9HeVyg0BG0
         La4capqodHsb/rAfikgjmYKSa9ZeeirldUt/kmQGL/US64ucJYw/HAIB9V49+hyCfnSA
         Wcd8qJQddmGTR+3wVtpz4lkFv4IpdUsn3t+YOfIV1Qok2VnBm10TUExLEq8grQqllZA2
         5NnKjB6xDT+kXgpzqAzEmpSLFtTQwQdk8Zlqc5wHs6rbEpxtFyRglOgV7chJytU1Yk+c
         XuK8C66i41QRPleTwaWRzADxRnkChutegQL7WtfI1RIli+qLkPL8XnCbKN/zQm2ELou0
         /1/g==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:content-transfer-encoding
         :content-language:in-reply-to:mime-version:user-agent:date
         :message-id:openpgp:from:references:cc:to:subject;
        bh=Tjh9olQgahzwzj0M0Iuuf9b2PFhQNU5RKbl2/F2MSnE=;
        b=p23DkM4X6nLV7UJD/C4q/CTlaSwbv+bDZFNLu1MXKIW4nKV4ydKmDPCe9TIRZVlqXU
         NxjvjQnb83pdEvodF2OUWVkUU6LZDlWUcryHfDPU69FLtvX8Fm53k9OpP9xT7CDUBddw
         y3W+wGxRxq67W7J/Xf0oyM489jix+vXMKwBFt7xce6NBzIIxE+nhN/r2E1riMHJ8yVNc
         UBnQJBFZO9ULBK/KqBCMkHNy/W5pRYxcjSFYE3xZkeUiHIA/pBAd+d0zuKuWwHyGSRXY
         NXnP8nDdYuae0cUD0w+M//TGrkR785VvEHK1v1gN4iIHalhxUj5nyoo542DWzuLZDx52
         lzMg==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id n2si4648040ejx.38.2019.11.04.03.18.58;
        Mon, 04 Nov 2019 03:19:22 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1726364AbfKDLSO (ORCPT <rfc822;huangweiredhat@gmail.com>
        + 99 others); Mon, 4 Nov 2019 06:18:14 -0500
Received: from mx1.redhat.com ([209.132.183.28]:51002 "EHLO mx1.redhat.com"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1726526AbfKDLSO (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 4 Nov 2019 06:18:14 -0500
Received: from mail-wr1-f70.google.com (mail-wr1-f70.google.com [209.85.221.70])
        (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
        (No client certificate requested)
        by mx1.redhat.com (Postfix) with ESMTPS id B5112C057EC0
        for <linux-kernel@vger.kernel.org>; Mon,  4 Nov 2019 11:18:13 +0000 (UTC)
Received: by mail-wr1-f70.google.com with SMTP id e25so10296893wra.9
        for <linux-kernel@vger.kernel.org>; Mon, 04 Nov 2019 03:18:13 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:subject:to:cc:references:from:openpgp:message-id
         :date:user-agent:mime-version:in-reply-to:content-language
         :content-transfer-encoding;
        bh=Tjh9olQgahzwzj0M0Iuuf9b2PFhQNU5RKbl2/F2MSnE=;
        b=pqiJYEkFKFd4ksLHNSKJ3oBZOstJ083YSaJCCaydlKXxCtixQ8szE8J8XGL6wg49M2
         D31ZS/2iVFyGwXrW81/01DfbL5mPrdrPshesT+ICR34dnr57RNw1vfDiwVjbddFZyJ5S
         nciBKi2+zH4TRLQpwV+aG60uxBz0RiJMYTQ4eFVOgboWz8QXm/6rzIF+1+4PFRgMxeU2
         BdF6pPhXWwe3nkQC4wXPrM5Fry8yVEfxrwq5Up33+3NrUkN4GJLSGv7JYj3eRJITjUZP
         H8LiSylgbiRP2PftUSDBQWCIEjSixIQ+hDruwWPc+h+V/lRonec1aA5QgoHaxScTzAEO
         5wxw==
X-Gm-Message-State: APjAAAXXuF2/nNk3BZl7S13v+e1pQy6Efm4/J3bp6S145+SPLNZtYKmw
        qFS5UzZIERHHoFNm7sU0E3m5YYpzOH5JHVy9ZKr5HZf8h7gCGffcP0wPDKgx/iIQMbiacZ7Q9H8
        zXB9pG1TQXwnSVqVis6PvjWwC
X-Received: by 2002:a1c:9a81:: with SMTP id c123mr21333532wme.118.1572866292237;
        Mon, 04 Nov 2019 03:18:12 -0800 (PST)
X-Received: by 2002:a1c:9a81:: with SMTP id c123mr21333495wme.118.1572866291895;
        Mon, 04 Nov 2019 03:18:11 -0800 (PST)
Received: from ?IPv6:2001:b07:6468:f312:4051:461:136e:3f74? ([2001:b07:6468:f312:4051:461:136e:3f74])
        by smtp.gmail.com with ESMTPSA id q9sm9962059wru.83.2019.11.04.03.18.10
        (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128);
        Mon, 04 Nov 2019 03:18:11 -0800 (PST)
Subject: Re: [PATCH 2/2] KVM: Fix rcu splat if vm creation fails
To:     Wanpeng Li <kernellwp@gmail.com>, linux-kernel@vger.kernel.org,
        kvm@vger.kernel.org
Cc:     =?UTF-8?B?UmFkaW0gS3LEjW3DocWZ?= <rkrcmar@redhat.com>,
        Sean Christopherson <sean.j.christopherson@intel.com>,
        Vitaly Kuznetsov <vkuznets@redhat.com>,
        Wanpeng Li <wanpengli@tencent.com>,
        Jim Mattson <jmattson@google.com>,
        Joerg Roedel <joro@8bytes.org>
References: <1572848879-21011-1-git-send-email-wanpengli@tencent.com>
 <1572848879-21011-2-git-send-email-wanpengli@tencent.com>
From:   Paolo Bonzini <pbonzini@redhat.com>
Openpgp: preference=signencrypt
Message-ID: <c32d632b-8fb0-f7c6-4937-07c30769b924@redhat.com>
Date:   Mon, 4 Nov 2019 12:18:10 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101
 Thunderbird/60.8.0
MIME-Version: 1.0
In-Reply-To: <1572848879-21011-2-git-send-email-wanpengli@tencent.com>
Content-Type: text/plain; charset=utf-8
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On 04/11/19 07:27, Wanpeng Li wrote:
> From: Wanpeng Li <wanpengli@tencent.com>
> 
> Reported by syzkaller:
> 
>    =============================
>    WARNING: suspicious RCU usage
>    -----------------------------
>    ./include/linux/kvm_host.h:536 suspicious rcu_dereference_check() usage!
>    
>    other info that might help us debug this:
> 
>    rcu_scheduler_active = 2, debug_locks = 1
>    no locks held by repro_11/12688.
>     
>    stack backtrace:
>    Call Trace:
>     dump_stack+0x7d/0xc5
>     lockdep_rcu_suspicious+0x123/0x170
>     kvm_dev_ioctl+0x9a9/0x1260 [kvm]
>     do_vfs_ioctl+0x1a1/0xfb0
>     ksys_ioctl+0x6d/0x80
>     __x64_sys_ioctl+0x73/0xb0
>     do_syscall_64+0x108/0xaa0
>     entry_SYSCALL_64_after_hwframe+0x49/0xbe
> 
> Commit a97b0e773e4 (kvm: call kvm_arch_destroy_vm if vm creation fails)
> sets users_count to 1 before kvm_arch_init_vm(), however, if kvm_arch_init_vm()
> fails, we need to dec this count. Or, we can move the sets refcount after 
> kvm_arch_init_vm().

I don't understand this one, hasn't

        WARN_ON_ONCE(!refcount_dec_and_test(&kvm->users_count));

decreased the conut already?  With your patch the refcount would then
underflow.

Paolo