blob: f153f7a4dbc69f21762cee0b949446b57bae03a7 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
|
TCG: 0.919
kernel: 0.779
graphic: 0.748
semantic: 0.737
device: 0.719
files: 0.697
mistranslation: 0.692
architecture: 0.650
VMM: 0.647
performance: 0.638
register: 0.635
ppc: 0.628
hypervisor: 0.623
network: 0.587
socket: 0.577
user-level: 0.544
vnc: 0.542
virtual: 0.540
risc-v: 0.531
permissions: 0.487
assembly: 0.485
peripherals: 0.466
i386: 0.457
boot: 0.452
KVM: 0.425
debug: 0.424
PID: 0.410
arm: 0.404
x86: 0.367
--------------------
TCG: 0.924
hypervisor: 0.332
virtual: 0.277
x86: 0.204
debug: 0.192
kernel: 0.048
network: 0.039
files: 0.028
PID: 0.013
ppc: 0.012
arm: 0.011
i386: 0.011
performance: 0.007
semantic: 0.005
user-level: 0.004
risc-v: 0.004
socket: 0.004
architecture: 0.004
VMM: 0.003
device: 0.003
register: 0.003
vnc: 0.003
assembly: 0.003
boot: 0.001
permissions: 0.001
graphic: 0.001
KVM: 0.001
mistranslation: 0.000
peripherals: 0.000
memory corruption with migrate/savevm in TCG mode
[ISSUE]
QEMU releases 2.3.1 and lower are forgetting to flush TLBs before enabling the global dirty pages log and entering the final stage of saving the VM.
[DESCRIPTION]
The situation is the following:
1. TLB misses is the only way for page dirtying in the TCG mode.
2. If TLB is hit by a running VM during the execution of the `ram_save_iterate' by migration thread (e.g. if VM is mostly idling) then some pages are missing in the dirty log.
3. These pages are then not migrated during `ram_save_complete'.
4. This makes memory content in a saved VM state differ from the actual VM memory.
5. If the affected area includes some Kernel data structures such as trees or lists this can cause Kernel to Oops after loading the saved state.
[SOLUTION]
A proposed solution is to flush TLB when `log_global_start' is called.
Here is the patch: https://bugs.launchpad.net/ubuntu/+source/qemu/+bug/1493049/+attachment/4459905/+files/tcg-commit-on-log-global-start.patch
[LINKS]
Ubuntu bug: https://bugs.launchpad.net/ubuntu/+source/qemu/+bug/1493049
Hi,
is this a duplicate of 1493049? (Should they be merged?)
Hi,
This one is for QEMU master, 1493049 is for Ubuntu packages.
Generally combining them is still better - but if it helps you to
keep things straight then no problem, sorry for the noise - thanks.
Looking through old bug tickets... can you still reproduce this issue with the latest version of QEMU? Or could we close this ticket nowadays? If you still can reproduce the issue, please send your patch to the qemu-devel mailing list for discussion (we generally do not take patches from the bugtracker). See https://wiki.qemu.org/Contribute/SubmitAPatch for details.
[Expired for QEMU because there has been no activity for 60 days.]
|