* [Qemu-devel] [Bug 1497479] [NEW] memory corruption with migrate/savevm in TCG mode
@ 2015-09-18 23:58 Pavel Boldin
2015-09-19 1:03 ` [Qemu-devel] [Bug 1497479] " Pavel Boldin
` (4 more replies)
0 siblings, 5 replies; 7+ messages in thread
From: Pavel Boldin @ 2015-09-18 23:58 UTC (permalink / raw)
To: qemu-devel
Public bug reported:
[ISSUE]
QEMU releases 2.3.1 and lower are forgetting to flush TLBs before
enabling the global dirty pages log and entering the final stage of
saving the VM.
[DESCRIPTION]
The situation is the following:
1. TLB misses is the only way for page dirtying in the TCG mode.
2. If TLB is hit by a running VM during the execution of the `ram_save_iterate' by migration thread (e.g. if VM is mostly idling) then some pages are missing in the dirty log.
3. These pages are then not migrated during `ram_save_complete'.
4. This makes memory content in a saved VM state differ from the actual VM memory.
5. If the affected area includes some Kernel data structures such as trees or lists this can cause Kernel to Oops after loading the saved state.
[SOLUTION]
A proposed solution is to flush TLB when `log_global_start' is called.
Here is the patch: https://bugs.launchpad.net/ubuntu/+source/qemu/+bug/1493049/+attachment/4459905/+files/tcg-commit-on-log-global-start.patch
[LINKS]
Ubuntu bug: https://bugs.launchpad.net/ubuntu/+source/qemu/+bug/1493049
** Affects: qemu
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1497479
Title:
memory corruption with migrate/savevm in TCG mode
Status in QEMU:
New
Bug description:
[ISSUE]
QEMU releases 2.3.1 and lower are forgetting to flush TLBs before
enabling the global dirty pages log and entering the final stage of
saving the VM.
[DESCRIPTION]
The situation is the following:
1. TLB misses is the only way for page dirtying in the TCG mode.
2. If TLB is hit by a running VM during the execution of the `ram_save_iterate' by migration thread (e.g. if VM is mostly idling) then some pages are missing in the dirty log.
3. These pages are then not migrated during `ram_save_complete'.
4. This makes memory content in a saved VM state differ from the actual VM memory.
5. If the affected area includes some Kernel data structures such as trees or lists this can cause Kernel to Oops after loading the saved state.
[SOLUTION]
A proposed solution is to flush TLB when `log_global_start' is called.
Here is the patch: https://bugs.launchpad.net/ubuntu/+source/qemu/+bug/1493049/+attachment/4459905/+files/tcg-commit-on-log-global-start.patch
[LINKS]
Ubuntu bug:
https://bugs.launchpad.net/ubuntu/+source/qemu/+bug/1493049
To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1497479/+subscriptions
^ permalink raw reply [flat|nested] 7+ messages in thread
* [Qemu-devel] [Bug 1497479] Re: memory corruption with migrate/savevm in TCG mode
2015-09-18 23:58 [Qemu-devel] [Bug 1497479] [NEW] memory corruption with migrate/savevm in TCG mode Pavel Boldin
@ 2015-09-19 1:03 ` Pavel Boldin
2015-09-21 15:38 ` Serge Hallyn
` (3 subsequent siblings)
4 siblings, 0 replies; 7+ messages in thread
From: Pavel Boldin @ 2015-09-19 1:03 UTC (permalink / raw)
To: qemu-devel
** Description changed:
[ISSUE]
QEMU releases 2.3.1 and lower are forgetting to flush TLBs before
enabling the global dirty pages log and entering the final stage of
saving the VM.
[DESCRIPTION]
The situation is the following:
1. TLB misses is the only way for page dirtying in the TCG mode.
- 2. If TLB is hit by a running VM during the execution of the `ram_save_iterate' by migration thread (e.g. if VM is mostly idling) then some pages are missing in the dirty log.
- 3. These pages are then not migrated during `ram_save_complete'.
+ 2. If TLB is always hit by a running VM code during the execution of the `ram_save_iterate' by migration thread then these pages are missing in the dirty log. The TLB is always hit for instance when the VM is mostly idling and the Kernel only handles APIC timer interrupts.
+ 3. These pages are then missed during `ram_save_complete' stage.
4. This makes memory content in a saved VM state differ from the actual VM memory.
- 5. If the affected area includes some Kernel data structures such as trees or lists this can cause Kernel to Oops after loading the saved state.
+ 5. If the affected memory pages contain some Kernel data structures these can be corrupted by this memory inconsistency, causing Kernel to Oops after loading the saved state.
[SOLUTION]
A proposed solution is to flush TLB when `log_global_start' is called.
Here is the patch: https://bugs.launchpad.net/ubuntu/+source/qemu/+bug/1493049/+attachment/4459905/+files/tcg-commit-on-log-global-start.patch
[LINKS]
Ubuntu bug: https://bugs.launchpad.net/ubuntu/+source/qemu/+bug/1493049
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1497479
Title:
memory corruption with migrate/savevm in TCG mode
Status in QEMU:
New
Bug description:
[ISSUE]
QEMU releases 2.3.1 and lower are forgetting to flush TLBs before
enabling the global dirty pages log and entering the final stage of
saving the VM.
[DESCRIPTION]
The situation is the following:
1. TLB misses is the only way for page dirtying in the TCG mode.
2. If TLB is always hit by a running VM code during the execution of the `ram_save_iterate' by migration thread then these pages are missing in the dirty log. The TLB is always hit for instance when the VM is mostly idling and the Kernel only handles APIC timer interrupts.
3. These pages are then missed during `ram_save_complete' stage.
4. This makes memory content in a saved VM state differ from the actual VM memory.
5. If the affected memory pages contain some Kernel data structures these can be corrupted by this memory inconsistency, causing Kernel to Oops after loading the saved state.
[SOLUTION]
A proposed solution is to flush TLB when `log_global_start' is called.
Here is the patch: https://bugs.launchpad.net/ubuntu/+source/qemu/+bug/1493049/+attachment/4459905/+files/tcg-commit-on-log-global-start.patch
[LINKS]
Ubuntu bug:
https://bugs.launchpad.net/ubuntu/+source/qemu/+bug/1493049
To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1497479/+subscriptions
^ permalink raw reply [flat|nested] 7+ messages in thread
* [Qemu-devel] [Bug 1497479] Re: memory corruption with migrate/savevm in TCG mode
2015-09-18 23:58 [Qemu-devel] [Bug 1497479] [NEW] memory corruption with migrate/savevm in TCG mode Pavel Boldin
2015-09-19 1:03 ` [Qemu-devel] [Bug 1497479] " Pavel Boldin
@ 2015-09-21 15:38 ` Serge Hallyn
2015-09-21 16:20 ` Pavel Boldin
` (2 subsequent siblings)
4 siblings, 0 replies; 7+ messages in thread
From: Serge Hallyn @ 2015-09-21 15:38 UTC (permalink / raw)
To: qemu-devel
Hi,
is this a duplicate of 1493049? (Should they be merged?)
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1497479
Title:
memory corruption with migrate/savevm in TCG mode
Status in QEMU:
New
Bug description:
[ISSUE]
QEMU releases 2.3.1 and lower are forgetting to flush TLBs before
enabling the global dirty pages log and entering the final stage of
saving the VM.
[DESCRIPTION]
The situation is the following:
1. TLB misses is the only way for page dirtying in the TCG mode.
2. If TLB is always hit by a running VM code during the execution of the `ram_save_iterate' by migration thread then these pages are missing in the dirty log. The TLB is always hit for instance when the VM is mostly idling and the Kernel only handles APIC timer interrupts.
3. These pages are then missed during `ram_save_complete' stage.
4. This makes memory content in a saved VM state differ from the actual VM memory.
5. If the affected memory pages contain some Kernel data structures these can be corrupted by this memory inconsistency, causing Kernel to Oops after loading the saved state.
[SOLUTION]
A proposed solution is to flush TLB when `log_global_start' is called.
Here is the patch: https://bugs.launchpad.net/ubuntu/+source/qemu/+bug/1493049/+attachment/4459905/+files/tcg-commit-on-log-global-start.patch
[LINKS]
Ubuntu bug:
https://bugs.launchpad.net/ubuntu/+source/qemu/+bug/1493049
To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1497479/+subscriptions
^ permalink raw reply [flat|nested] 7+ messages in thread
* [Qemu-devel] [Bug 1497479] Re: memory corruption with migrate/savevm in TCG mode
2015-09-18 23:58 [Qemu-devel] [Bug 1497479] [NEW] memory corruption with migrate/savevm in TCG mode Pavel Boldin
2015-09-19 1:03 ` [Qemu-devel] [Bug 1497479] " Pavel Boldin
2015-09-21 15:38 ` Serge Hallyn
@ 2015-09-21 16:20 ` Pavel Boldin
2015-09-21 17:12 ` Serge Hallyn
2018-09-05 8:48 ` Thomas Huth
2018-11-05 4:17 ` Launchpad Bug Tracker
4 siblings, 1 reply; 7+ messages in thread
From: Pavel Boldin @ 2015-09-21 16:20 UTC (permalink / raw)
To: qemu-devel
Hi,
This one is for QEMU master, 1493049 is for Ubuntu packages.
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1497479
Title:
memory corruption with migrate/savevm in TCG mode
Status in QEMU:
New
Bug description:
[ISSUE]
QEMU releases 2.3.1 and lower are forgetting to flush TLBs before
enabling the global dirty pages log and entering the final stage of
saving the VM.
[DESCRIPTION]
The situation is the following:
1. TLB misses is the only way for page dirtying in the TCG mode.
2. If TLB is always hit by a running VM code during the execution of the `ram_save_iterate' by migration thread then these pages are missing in the dirty log. The TLB is always hit for instance when the VM is mostly idling and the Kernel only handles APIC timer interrupts.
3. These pages are then missed during `ram_save_complete' stage.
4. This makes memory content in a saved VM state differ from the actual VM memory.
5. If the affected memory pages contain some Kernel data structures these can be corrupted by this memory inconsistency, causing Kernel to Oops after loading the saved state.
[SOLUTION]
A proposed solution is to flush TLB when `log_global_start' is called.
Here is the patch: https://bugs.launchpad.net/ubuntu/+source/qemu/+bug/1493049/+attachment/4459905/+files/tcg-commit-on-log-global-start.patch
[LINKS]
Ubuntu bug:
https://bugs.launchpad.net/ubuntu/+source/qemu/+bug/1493049
To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1497479/+subscriptions
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [Qemu-devel] [Bug 1497479] Re: memory corruption with migrate/savevm in TCG mode
2015-09-21 16:20 ` Pavel Boldin
@ 2015-09-21 17:12 ` Serge Hallyn
0 siblings, 0 replies; 7+ messages in thread
From: Serge Hallyn @ 2015-09-21 17:12 UTC (permalink / raw)
To: qemu-devel
Generally combining them is still better - but if it helps you to
keep things straight then no problem, sorry for the noise - thanks.
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1497479
Title:
memory corruption with migrate/savevm in TCG mode
Status in QEMU:
New
Bug description:
[ISSUE]
QEMU releases 2.3.1 and lower are forgetting to flush TLBs before
enabling the global dirty pages log and entering the final stage of
saving the VM.
[DESCRIPTION]
The situation is the following:
1. TLB misses is the only way for page dirtying in the TCG mode.
2. If TLB is always hit by a running VM code during the execution of the `ram_save_iterate' by migration thread then these pages are missing in the dirty log. The TLB is always hit for instance when the VM is mostly idling and the Kernel only handles APIC timer interrupts.
3. These pages are then missed during `ram_save_complete' stage.
4. This makes memory content in a saved VM state differ from the actual VM memory.
5. If the affected memory pages contain some Kernel data structures these can be corrupted by this memory inconsistency, causing Kernel to Oops after loading the saved state.
[SOLUTION]
A proposed solution is to flush TLB when `log_global_start' is called.
Here is the patch: https://bugs.launchpad.net/ubuntu/+source/qemu/+bug/1493049/+attachment/4459905/+files/tcg-commit-on-log-global-start.patch
[LINKS]
Ubuntu bug:
https://bugs.launchpad.net/ubuntu/+source/qemu/+bug/1493049
To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1497479/+subscriptions
^ permalink raw reply [flat|nested] 7+ messages in thread
* [Qemu-devel] [Bug 1497479] Re: memory corruption with migrate/savevm in TCG mode
2015-09-18 23:58 [Qemu-devel] [Bug 1497479] [NEW] memory corruption with migrate/savevm in TCG mode Pavel Boldin
` (2 preceding siblings ...)
2015-09-21 16:20 ` Pavel Boldin
@ 2018-09-05 8:48 ` Thomas Huth
2018-11-05 4:17 ` Launchpad Bug Tracker
4 siblings, 0 replies; 7+ messages in thread
From: Thomas Huth @ 2018-09-05 8:48 UTC (permalink / raw)
To: qemu-devel
Looking through old bug tickets... can you still reproduce this issue
with the latest version of QEMU? Or could we close this ticket nowadays?
If you still can reproduce the issue, please send your patch to the
qemu-devel mailing list for discussion (we generally do not take patches
from the bugtracker). See https://wiki.qemu.org/Contribute/SubmitAPatch
for details.
** Changed in: qemu
Status: New => Incomplete
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1497479
Title:
memory corruption with migrate/savevm in TCG mode
Status in QEMU:
Incomplete
Bug description:
[ISSUE]
QEMU releases 2.3.1 and lower are forgetting to flush TLBs before
enabling the global dirty pages log and entering the final stage of
saving the VM.
[DESCRIPTION]
The situation is the following:
1. TLB misses is the only way for page dirtying in the TCG mode.
2. If TLB is always hit by a running VM code during the execution of the `ram_save_iterate' by migration thread then these pages are missing in the dirty log. The TLB is always hit for instance when the VM is mostly idling and the Kernel only handles APIC timer interrupts.
3. These pages are then missed during `ram_save_complete' stage.
4. This makes memory content in a saved VM state differ from the actual VM memory.
5. If the affected memory pages contain some Kernel data structures these can be corrupted by this memory inconsistency, causing Kernel to Oops after loading the saved state.
[SOLUTION]
A proposed solution is to flush TLB when `log_global_start' is called.
Here is the patch: https://bugs.launchpad.net/ubuntu/+source/qemu/+bug/1493049/+attachment/4459905/+files/tcg-commit-on-log-global-start.patch
[LINKS]
Ubuntu bug:
https://bugs.launchpad.net/ubuntu/+source/qemu/+bug/1493049
To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1497479/+subscriptions
^ permalink raw reply [flat|nested] 7+ messages in thread
* [Qemu-devel] [Bug 1497479] Re: memory corruption with migrate/savevm in TCG mode
2015-09-18 23:58 [Qemu-devel] [Bug 1497479] [NEW] memory corruption with migrate/savevm in TCG mode Pavel Boldin
` (3 preceding siblings ...)
2018-09-05 8:48 ` Thomas Huth
@ 2018-11-05 4:17 ` Launchpad Bug Tracker
4 siblings, 0 replies; 7+ messages in thread
From: Launchpad Bug Tracker @ 2018-11-05 4:17 UTC (permalink / raw)
To: qemu-devel
[Expired for QEMU because there has been no activity for 60 days.]
** Changed in: qemu
Status: Incomplete => Expired
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1497479
Title:
memory corruption with migrate/savevm in TCG mode
Status in QEMU:
Expired
Bug description:
[ISSUE]
QEMU releases 2.3.1 and lower are forgetting to flush TLBs before
enabling the global dirty pages log and entering the final stage of
saving the VM.
[DESCRIPTION]
The situation is the following:
1. TLB misses is the only way for page dirtying in the TCG mode.
2. If TLB is always hit by a running VM code during the execution of the `ram_save_iterate' by migration thread then these pages are missing in the dirty log. The TLB is always hit for instance when the VM is mostly idling and the Kernel only handles APIC timer interrupts.
3. These pages are then missed during `ram_save_complete' stage.
4. This makes memory content in a saved VM state differ from the actual VM memory.
5. If the affected memory pages contain some Kernel data structures these can be corrupted by this memory inconsistency, causing Kernel to Oops after loading the saved state.
[SOLUTION]
A proposed solution is to flush TLB when `log_global_start' is called.
Here is the patch: https://bugs.launchpad.net/ubuntu/+source/qemu/+bug/1493049/+attachment/4459905/+files/tcg-commit-on-log-global-start.patch
[LINKS]
Ubuntu bug:
https://bugs.launchpad.net/ubuntu/+source/qemu/+bug/1493049
To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1497479/+subscriptions
^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2018-11-05 4:31 UTC | newest]
Thread overview: 7+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2015-09-18 23:58 [Qemu-devel] [Bug 1497479] [NEW] memory corruption with migrate/savevm in TCG mode Pavel Boldin
2015-09-19 1:03 ` [Qemu-devel] [Bug 1497479] " Pavel Boldin
2015-09-21 15:38 ` Serge Hallyn
2015-09-21 16:20 ` Pavel Boldin
2015-09-21 17:12 ` Serge Hallyn
2018-09-05 8:48 ` Thomas Huth
2018-11-05 4:17 ` Launchpad Bug Tracker
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.