Re: [Qemu-devel] [Bug 1497479] Re: memory corruption with migrate/savevm in TCG mode

[Serge Hallyn <1497479@bugs.launchpad.net>]

Generally combining them is still better - but if it helps you to
keep things straight then no problem, sorry for the noise - thanks.

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1497479

Title:
  memory corruption with migrate/savevm in TCG mode

Status in QEMU:
  New

Bug description:
  [ISSUE]

  QEMU releases 2.3.1 and lower are forgetting to flush TLBs before
  enabling the global dirty pages log and entering the final stage of
  saving the VM.

  [DESCRIPTION]

  The situation is the following:
  1. TLB misses is the only way for page dirtying in the TCG mode.
  2. If TLB is always hit by a running VM code during the execution of the `ram_save_iterate' by migration thread then these pages are missing in the dirty log. The TLB is always hit for instance when the VM is mostly idling and the Kernel only handles APIC timer interrupts.
  3. These pages are then missed during `ram_save_complete' stage.
  4. This makes memory content in a saved VM state differ from the actual VM memory.
  5. If the affected memory pages contain some Kernel data structures these can be corrupted by this memory inconsistency, causing Kernel to Oops after loading the saved state.

  [SOLUTION]

  A proposed solution is to flush TLB when `log_global_start' is called.
  Here is the patch: https://bugs.launchpad.net/ubuntu/+source/qemu/+bug/1493049/+attachment/4459905/+files/tcg-commit-on-log-global-start.patch

  [LINKS]

  Ubuntu bug:
  https://bugs.launchpad.net/ubuntu/+source/qemu/+bug/1493049

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1497479/+subscriptions