On 17.07.19 13:10, Michael S. Tsirkin wrote: > On Wed, Jul 17, 2019 at 10:42:55AM +0200, David Hildenbrand wrote: >> We are using the wrong functions to set/clear bits, effectively touching >> multiple bits, writing out of range of the bitmap, resulting in memory >> corruptions. We have to use set_bit()/clear_bit() instead. >> >> Can easily be reproduced by starting a qemu guest on hugetlbfs memory, >> inflating the balloon. QEMU crashes. This never could have worked >> properly - especially, also pages would have been discarded when the >> first sub-page would be inflated (the whole bitmap would be set). >> >> While testing I realized, that on hugetlbfs it is pretty much impossible >> to discard a page - the guest just frees the 4k sub-pages in random order >> most of the time. I was only able to discard a hugepage a handful of >> times - so I hope that now works correctly. > > I think this actually only works reasonably well on guests > which have pages larger than 4K. > So guest page size = host page size > balloon page size. >
Yes, otherwise it's pure luck (and therefore the printed warning is appropriate). -- Thanks, David / dhildenb
