On Thu, 2019-11-14 at 15:43 -0300, Leonardo Bras wrote:

quoted

If the kvm_put_kvm() you've moved actually caused the last
reference
to
be dropped that would mean that our caller had passed us a kvm
struct
without holding a reference to it, and that would be a bug in our
caller.

So, there is no chance that between this function's kvm_get_kvm()
and 
kvm_put_kvm(), another thread can decrease this reference counter?

I am probably missing something here, could you please help me
understand that?

quoted

Or put another way, it would mean the mutex_lock() above could
already
be operating on a freed kvm struct.

The kvm_get_kvm() prior to the anon_inode_getfd() is to account for
the
reference that's held by the `stt` struct, and dropped in
kvm_spapr_tce_release().

So although this patch isn't wrong, the explanation is not
accurate.

cheers

Kind regards

Best regards,