From patchwork Tue Aug 16 05:39:35 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sean Christopherson X-Patchwork-Id: 12944484 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 6BF5EC2BB41 for ; Tue, 16 Aug 2022 08:29:02 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233071AbiHPI27 (ORCPT ); Tue, 16 Aug 2022 04:28:59 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:46186 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232948AbiHPI2Y (ORCPT ); Tue, 16 Aug 2022 04:28:24 -0400 Received: from mail-pj1-x1049.google.com (mail-pj1-x1049.google.com [IPv6:2607:f8b0:4864:20::1049]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 49074B5A47 for ; Mon, 15 Aug 2022 22:39:43 -0700 (PDT) Received: by mail-pj1-x1049.google.com with SMTP id li17-20020a17090b48d100b001f516833f62so3685862pjb.9 for ; Mon, 15 Aug 2022 22:39:43 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=cc:to:from:subject:references:mime-version:message-id:in-reply-to :date:reply-to:from:to:cc; bh=P0QIT2XK77Oto7YfWYKIYTTpEvk6YfjHVC+uFLOR+IA=; b=NzY/qYDCAX1OabbgRWx0wtYEA2CUeMf6owA3/r4PfaVjeUKIL4hZExtdsfzmywIg9n Cw5b9ckoW4An4P6wAJmV25rn0F3XONKUZZR/xYB5qSFE9hMMsGpmZAXFlnNsveQq2TLZ zlgma0LVwLU7GAG0uov2lR3M2iJ+ua45SuAjfBT1Xnn/2RMSIfMPfyafgJNmXX2F1kLp HE/JFHdOofKBsIiTrrfaK+wffTLBDWBEJFgBGspl6+cdZ6xhDrstzQmHTg57fJke+zV3 6W6Ef2kzuFMAp/Py8Nj6SKzJOLxYVwfFh/8B6mYojTj6tTjwKaKHitQSSFkAJovYn6t4 MGBg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:from:subject:references:mime-version:message-id:in-reply-to :date:reply-to:x-gm-message-state:from:to:cc; bh=P0QIT2XK77Oto7YfWYKIYTTpEvk6YfjHVC+uFLOR+IA=; b=O/OH3PfMQIlPwMVy52UZq6Nyz4YQnqSw5dRYR+5x6hDDaKTEI+FcaKnkh2ZUTR4dFO gEW2Pv6k6/ahTuzyvq2HOVEz0zFhwkETypz63gWxeVio+zYga2MSM18gbumBKnlw0vuw jOy46+tjDH6sx2Vz3XFTdvTJATAMVKqiuIKOoCcu6tc5sdC/9exrQTpmSdH3kGPcrlZd jAXCwfLpCVrtP+vznbwzGkB8lInsNOx+kWEvnQ6Q3afFp9h7SD3eAINZwUrtSL8NVF3y B3xfiafpOSRySbD1v0B/H6OKLep0+XeSE4z+0z/GhwbUYabvulKvLWc4FXy8rqtFWUjU kLJg== X-Gm-Message-State: ACgBeo3hGbUJqVae6RNUPBIOe0KymIwsiZCSvRtWkKqxRJftR+lT32Jm JkedkgXM9UVo3pnOvWQNOn1P3MlL//Y= X-Google-Smtp-Source: AA6agR7m2l1CO8dy3dV9yhEXh1qMXWAWmdxxK8NBRv7niQaxroUaXjWUgUW5OKoKHJrpvfiU9kteOBnCPb0= X-Received: from zagreus.c.googlers.com ([fda3:e722:ac3:cc00:7f:e700:c0a8:5c37]) (user=seanjc job=sendgmr) by 2002:a17:90b:1bc7:b0:1f5:37a6:e473 with SMTP id oa7-20020a17090b1bc700b001f537a6e473mr21624786pjb.87.1660628382882; Mon, 15 Aug 2022 22:39:42 -0700 (PDT) Reply-To: Sean Christopherson Date: Tue, 16 Aug 2022 05:39:35 +0000 In-Reply-To: <20220816053937.2477106-1-seanjc@google.com> Message-Id: <20220816053937.2477106-2-seanjc@google.com> Mime-Version: 1.0 References: <20220816053937.2477106-1-seanjc@google.com> X-Mailer: git-send-email 2.37.1.595.g718a3a8f04-goog Subject: [PATCH 1/3] KVM: Properly unwind VM creation if creating debugfs fails From: Sean Christopherson To: Paolo Bonzini Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, syzbot+744e173caec2e1627ee0@syzkaller.appspotmail.com, Oliver Upton , Sean Christopherson , David Matlack Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org Properly unwind VM creation if kvm_create_vm_debugfs() fails. A recent change to invoke kvm_create_vm_debug() in kvm_create_vm() was led astray by buggy try_get_module() handling adding by commit 5f6de5cbebee ("KVM: Prevent module exit until all VMs are freed"). The debugfs error path effectively inherits the bad error path of try_module_get(), e.g. KVM leaves the to-be-free VM on vm_list even though KVM appears to do the right thing by calling module_put() and falling through. Opportunistically hoist kvm_create_vm_debugfs() above the call to kvm_arch_post_init_vm() so that the "post-init" arch hook is actually invoked after the VM is initialized (ignoring kvm_coalesced_mmio_init() for the moment). x86 is the only non-nop implementation of the post-init hook, and it doesn't allocate/initialize any objects that are reachable via debugfs code (spawns a kthread worker for the NX huge page mitigation). Leave the buggy try_get_module() alone for now, it will be fixed in a separate commit. Fixes: b74ed7a68ec1 ("KVM: Actually create debugfs in kvm_create_vm()") Reported-by: syzbot+744e173caec2e1627ee0@syzkaller.appspotmail.com Cc: Oliver Upton Signed-off-by: Sean Christopherson Reviewed-by: Oliver Upton --- virt/kvm/kvm_main.c | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c index 515dfe9d3bcf..ee5f48cc100b 100644 --- a/virt/kvm/kvm_main.c +++ b/virt/kvm/kvm_main.c @@ -1211,9 +1211,13 @@ static struct kvm *kvm_create_vm(unsigned long type, const char *fdname) if (r) goto out_err_no_mmu_notifier; + r = kvm_create_vm_debugfs(kvm, fdname); + if (r) + goto out_err_no_debugfs; + r = kvm_arch_post_init_vm(kvm); if (r) - goto out_err_mmu_notifier; + goto out_err; mutex_lock(&kvm_lock); list_add(&kvm->vm_list, &vm_list); @@ -1229,18 +1233,14 @@ static struct kvm *kvm_create_vm(unsigned long type, const char *fdname) */ if (!try_module_get(kvm_chardev_ops.owner)) { r = -ENODEV; - goto out_err_mmu_notifier; - } - - r = kvm_create_vm_debugfs(kvm, fdname); - if (r) goto out_err; + } return kvm; out_err: - module_put(kvm_chardev_ops.owner); -out_err_mmu_notifier: + kvm_destroy_vm_debugfs(kvm); +out_err_no_debugfs: #if defined(CONFIG_MMU_NOTIFIER) && defined(KVM_ARCH_WANT_MMU_NOTIFIER) if (kvm->mmu_notifier.ops) mmu_notifier_unregister(&kvm->mmu_notifier, current->mm); From patchwork Tue Aug 16 05:39:36 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sean Christopherson X-Patchwork-Id: 12944485 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 4809AC32772 for ; Tue, 16 Aug 2022 08:29:07 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233093AbiHPI3E (ORCPT ); Tue, 16 Aug 2022 04:29:04 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:40204 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233019AbiHPI21 (ORCPT ); Tue, 16 Aug 2022 04:28:27 -0400 Received: from mail-pl1-x649.google.com (mail-pl1-x649.google.com [IPv6:2607:f8b0:4864:20::649]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 18E9B6BD70 for ; Mon, 15 Aug 2022 22:39:45 -0700 (PDT) Received: by mail-pl1-x649.google.com with SMTP id q11-20020a170902dacb00b0016efd6984c3so6122919plx.17 for ; Mon, 15 Aug 2022 22:39:45 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=cc:to:from:subject:references:mime-version:message-id:in-reply-to :date:reply-to:from:to:cc; bh=/mb/4kA68DuEk+etiSxItbDhS1o312Y9/FSzPon3SwU=; b=E/qmMTDg2mnLIRqmZ/h0BV2xJPkV0YxMHFVoLTvK/m0l5eKcjvYe7Zs4cjq3foQ8DG XcXMqto2Rrn733cK+JUdoPaHanFJx4f8VMzwOJpE/N9fgyhTZK+y5sIbR6ieG9QOOL37 RW6GJwft95tp/9Bs9OQrOQ0z95G6TVpIyueG0TfruZQabzNGWUa6bqAEET4qItWN3XsO ingzWu6BKh2Ndo7UBJshY/BIRkdfcw0/C0mLSdqDlYhbJZX+VGJIkxs245ImtKPCkNHs kIddymjEooD8ywYCmBhhdT/cwcNipE9ZDjxD1O+xSnKLKwBMf2HEUfiaPgsyRkoOXDnP E6hA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:from:subject:references:mime-version:message-id:in-reply-to :date:reply-to:x-gm-message-state:from:to:cc; bh=/mb/4kA68DuEk+etiSxItbDhS1o312Y9/FSzPon3SwU=; b=srPxnYhYBJxGL9W3+2fjW845NSzaXU6v4THm9UPhfiol0dSrG7c57+BXD+9zTZRk+4 FZScgF6QZsdh0R6J+BhPoBuzIJ25RDC5p30Y887mHjiwdELMJbRxB21bp205tyyIyPcM OAgCRkQhXMx6KftNoaSpo14Nogpxt+UaPQdh0MMb55aMWD88sFBxgHpjXsGz4FyBrSxC c1C3eLVfbdaW2hLF5L8qcFZXMv/Jd+1G3xTiUCL7hJWgGyQOlnKYuXNlf1n0RfzuUhkm +6imEoRs7y92nIjAq+C5JSYmbNTcgGBKRhDoFykNgD/P81kbNhJwfa1u76qQv6fztnNR d3tA== X-Gm-Message-State: ACgBeo2fyhaaGYVJsZ1rU73yUyDFi9j11JxTU7QNOVOzbVVimgP3xAvO 1qx1lIVqsiha6Trv76X2fB9+tQ2EdtQ= X-Google-Smtp-Source: AA6agR70sGsTjN7dC8+jZ09qVGsPAvplulRvw7CVOG4hsyKlS270660wcNWG8ynhv46MwbzLr4dE907QsxU= X-Received: from zagreus.c.googlers.com ([fda3:e722:ac3:cc00:7f:e700:c0a8:5c37]) (user=seanjc job=sendgmr) by 2002:a05:6a00:4147:b0:52e:2d56:17c8 with SMTP id bv7-20020a056a00414700b0052e2d5617c8mr19678854pfb.51.1660628384621; Mon, 15 Aug 2022 22:39:44 -0700 (PDT) Reply-To: Sean Christopherson Date: Tue, 16 Aug 2022 05:39:36 +0000 In-Reply-To: <20220816053937.2477106-1-seanjc@google.com> Message-Id: <20220816053937.2477106-3-seanjc@google.com> Mime-Version: 1.0 References: <20220816053937.2477106-1-seanjc@google.com> X-Mailer: git-send-email 2.37.1.595.g718a3a8f04-goog Subject: [PATCH 2/3] KVM: Unconditionally get a ref to /dev/kvm module when creating a VM From: Sean Christopherson To: Paolo Bonzini Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, syzbot+744e173caec2e1627ee0@syzkaller.appspotmail.com, Oliver Upton , Sean Christopherson , David Matlack Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org Unconditionally get a reference to the /dev/kvm module when creating a VM instead of using try_get_module(), which will fail if the module is in the process of being forcefully unloaded. The error handling when try_get_module() fails doesn't properly unwind all that has been done, e.g. doesn't call kvm_arch_pre_destroy_vm() and doesn't remove the VM from the global list. Not removing VMs from the global list tends to be fatal, e.g. leads to use-after-free explosions. The obvious alternative would be to add proper unwinding, but the justification for using try_get_module(), "rmmod --wait", is completely bogus as support for "rmmod --wait", i.e. delete_module() without O_NONBLOCK, was removed by commit 3f2b9c9cdf38 ("module: remove rmmod --wait option.") nearly a decade ago. It's still possible for try_get_module() to fail due to the module dying (more like being killed), as the module will be tagged MODULE_STATE_GOING by "rmmod --force", i.e. delete_module(..., O_TRUNC), but playing nice with forced unloading is an exercise in futility and gives a falsea sense of security. Using try_get_module() only prevents acquiring _new_ references, it doesn't magically put the references held by other VMs, and forced unloading doesn't wait, i.e. "rmmod --force" on KVM is all but guaranteed to cause spectacular fireworks; the window where KVM will fail try_get_module() is tiny compared to the window where KVM is building and running the VM with an elevated module refcount. Addressing KVM's inability to play nice with "rmmod --force" is firmly out-of-scope. Forcefully unloading any module taints kernel (for obvious reasons) _and_ requires the kernel to be built with CONFIG_MODULE_FORCE_UNLOAD=y, which is off by default and comes with the amusing disclaimer that it's "mainly for kernel developers and desperate users". In other words, KVM is free to scoff at bug reports due to using "rmmod --force" while VMs may be running. Fixes: 5f6de5cbebee ("KVM: Prevent module exit until all VMs are freed") Cc: stable@vger.kernel.org Cc: David Matlack Signed-off-by: Sean Christopherson --- virt/kvm/kvm_main.c | 14 ++++---------- 1 file changed, 4 insertions(+), 10 deletions(-) diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c index ee5f48cc100b..15e304e059d4 100644 --- a/virt/kvm/kvm_main.c +++ b/virt/kvm/kvm_main.c @@ -1134,6 +1134,9 @@ static struct kvm *kvm_create_vm(unsigned long type, const char *fdname) if (!kvm) return ERR_PTR(-ENOMEM); + /* KVM is pinned via open("/dev/kvm"), the fd passed to this ioctl(). */ + __module_get(kvm_chardev_ops.owner); + KVM_MMU_LOCK_INIT(kvm); mmgrab(current->mm); kvm->mm = current->mm; @@ -1226,16 +1229,6 @@ static struct kvm *kvm_create_vm(unsigned long type, const char *fdname) preempt_notifier_inc(); kvm_init_pm_notifier(kvm); - /* - * When the fd passed to this ioctl() is opened it pins the module, - * but try_module_get() also prevents getting a reference if the module - * is in MODULE_STATE_GOING (e.g. if someone ran "rmmod --wait"). - */ - if (!try_module_get(kvm_chardev_ops.owner)) { - r = -ENODEV; - goto out_err; - } - return kvm; out_err: @@ -1259,6 +1252,7 @@ static struct kvm *kvm_create_vm(unsigned long type, const char *fdname) out_err_no_srcu: kvm_arch_free_vm(kvm); mmdrop(current->mm); + module_put(kvm_chardev_ops.owner); return ERR_PTR(r); } From patchwork Tue Aug 16 05:39:37 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sean Christopherson X-Patchwork-Id: 12944486 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id C9CB8C32773 for ; Tue, 16 Aug 2022 08:29:10 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233097AbiHPI3I (ORCPT ); Tue, 16 Aug 2022 04:29:08 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:40284 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231910AbiHPI22 (ORCPT ); Tue, 16 Aug 2022 04:28:28 -0400 Received: from mail-pg1-x549.google.com (mail-pg1-x549.google.com [IPv6:2607:f8b0:4864:20::549]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 4115A262D for ; Mon, 15 Aug 2022 22:39:47 -0700 (PDT) Received: by mail-pg1-x549.google.com with SMTP id h7-20020a636c07000000b0042971e3dc0cso1591824pgc.0 for ; Mon, 15 Aug 2022 22:39:47 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=cc:to:from:subject:references:mime-version:message-id:in-reply-to :date:reply-to:from:to:cc; bh=skGptlYSAIkNioboOWdTtVjKMphwIbs6TtQs5aeYl+s=; b=pwDyzALfifJ8QU9VWJqYVhqejiqFqRO/pH2ZsDVM0/CkmGlIe/N96B8xAufRL3xN2Q eLJdjHM89WUPzLZq+EC+iDGoXzTy5k86cFQ6hU5Kxi3TS6SLMkInHj70W/G1yDZTl4f9 wFTyffSAdEYI83JujVIIlKRblYBnMbO1C0qWQEltC0vHsQrRHZICN6gc+uXZSUK6Lrts ucs+qy1P8iwfTYnFRGCL0kwxI9PSpsm2zKRAtXOIHnWo1DLXtqIvR6Bv6AxA9gF2S6gu Bif5++IorVmC1Ix+isaNgz8TBtqYIHu0WCauI1yT7ONALrnKXlYScXR3yIRYAuuKTjUK UW+w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:from:subject:references:mime-version:message-id:in-reply-to :date:reply-to:x-gm-message-state:from:to:cc; bh=skGptlYSAIkNioboOWdTtVjKMphwIbs6TtQs5aeYl+s=; b=o3MsBOnF3DQsZThYoHctki7JBkAMP91JPsh4QXnLpBnNmRlIWDKda9OfQCjQIL09G8 71lDQpQJoyB98GbqBtppstLwjCTaLvCg0loZpdNg/RgvW+CxL6x3CnMKQZgmFmyZTF/c InKo/VFpnWSRpib1Vmj8I0qjG9KEmbAZG/1ArkFMr2Gxlrvr+Ncm7YMHUHz/60u7h53j ou0IGlC87uwVbClfF3OumEpZhVV6/y7sB+C3537wAr1NXrBSRRAfRmUrb4hCWD4C8LYd 5dAypCBnhLPl4Iu+8pc66Y5BLIbnyrYNpFW7iyr9WurreoqBFOfmWSszYX80+ZHelxpF h/dQ== X-Gm-Message-State: ACgBeo0hzyiu4UnMLi++Fnvgg6yf1zSWokzTAxMfgBQX6y2aSHgI5WM2 EFU7IsuHhxV7MsZj6mR4TmE4lE/kS7o= X-Google-Smtp-Source: AA6agR5Rpgp8wfskZI0juUnm1LesEj7cjcUSq/OZRJIUcd4NimonmLJczgvBixLWjZ2nChW8uv4Yot2OcVg= X-Received: from zagreus.c.googlers.com ([fda3:e722:ac3:cc00:7f:e700:c0a8:5c37]) (user=seanjc job=sendgmr) by 2002:a17:90a:249:b0:1e0:a8a3:3c6c with SMTP id t9-20020a17090a024900b001e0a8a33c6cmr138439pje.0.1660628386353; Mon, 15 Aug 2022 22:39:46 -0700 (PDT) Reply-To: Sean Christopherson Date: Tue, 16 Aug 2022 05:39:37 +0000 In-Reply-To: <20220816053937.2477106-1-seanjc@google.com> Message-Id: <20220816053937.2477106-4-seanjc@google.com> Mime-Version: 1.0 References: <20220816053937.2477106-1-seanjc@google.com> X-Mailer: git-send-email 2.37.1.595.g718a3a8f04-goog Subject: [PATCH 3/3] KVM: Move coalesced MMIO initialization (back) into kvm_create_vm() From: Sean Christopherson To: Paolo Bonzini Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, syzbot+744e173caec2e1627ee0@syzkaller.appspotmail.com, Oliver Upton , Sean Christopherson , David Matlack Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org Invoke kvm_coalesced_mmio_init() from kvm_create_vm() now that allocating and initializing coalesced MMIO objects is separate from registering any associated devices. Moving coalesced MMIO cleans up the last oddity where KVM does VM creation/initialization after kvm_create_vm(), and more importantly after kvm_arch_post_init_vm() is called and the VM is added to the global vm_list, i.e. after the VM is fully created as far as KVM is concerned. Originally, kvm_coalesced_mmio_init() was called by kvm_create_vm(), but the original implementation was completely devoid of error handling. Commit 6ce5a090a9a0 ("KVM: coalesced_mmio: fix kvm_coalesced_mmio_init()'s error handling" fixed the various bugs, and in doing so rightly moved the call to after kvm_create_vm() because kvm_coalesced_mmio_init() also registered the coalesced MMIO device. Commit 2b3c246a682c ("KVM: Make coalesced mmio use a device per zone") cleaned up that mess by having each zone register a separate device, i.e. moved device registration to its logical home in kvm_vm_ioctl_register_coalesced_mmio(). As a result, kvm_coalesced_mmio_init() is now a "pure" initialization helper and can be safely called from kvm_create_vm(). Opportunstically drop the #ifdef, KVM provides stubs for kvm_coalesced_mmio_{init,free}() when CONFIG_KVM_MMIO=n (arm). Signed-off-by: Sean Christopherson --- virt/kvm/kvm_main.c | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c index 15e304e059d4..44b92d773156 100644 --- a/virt/kvm/kvm_main.c +++ b/virt/kvm/kvm_main.c @@ -1214,6 +1214,10 @@ static struct kvm *kvm_create_vm(unsigned long type, const char *fdname) if (r) goto out_err_no_mmu_notifier; + r = kvm_coalesced_mmio_init(kvm); + if (r < 0) + goto out_no_coalesced_mmio; + r = kvm_create_vm_debugfs(kvm, fdname); if (r) goto out_err_no_debugfs; @@ -1234,6 +1238,8 @@ static struct kvm *kvm_create_vm(unsigned long type, const char *fdname) out_err: kvm_destroy_vm_debugfs(kvm); out_err_no_debugfs: + kvm_coalesced_mmio_free(kvm); +out_no_coalesced_mmio: #if defined(CONFIG_MMU_NOTIFIER) && defined(KVM_ARCH_WANT_MMU_NOTIFIER) if (kvm->mmu_notifier.ops) mmu_notifier_unregister(&kvm->mmu_notifier, current->mm); @@ -4907,11 +4913,6 @@ static int kvm_dev_ioctl_create_vm(unsigned long type) goto put_fd; } -#ifdef CONFIG_KVM_MMIO - r = kvm_coalesced_mmio_init(kvm); - if (r < 0) - goto put_kvm; -#endif file = anon_inode_getfile("kvm-vm", &kvm_vm_fops, kvm, O_RDWR); if (IS_ERR(file)) { r = PTR_ERR(file);