[Bug 1493049] [NEW] memory corruption during live-migration in TCG mode

Mon, 07 Sep 2015 06:31:34 -0700 

Public bug reported:

[Impact]
* Live-migration of QEMU instances in pure-emulation (TCG) mode

[Test Case]
HOW TO REPRODUCE
1. Run a QEMU instance with a simply VM inside it. The VM should have as few 
running daemons as it is posible.
2. Live migrate machine back and forth a few times. Use monitor command 
'migrate "exec:cat>filename"' to migrate out a VM and QEMU command line option 
'-incoming "exec:cat filename"' to load a migrated state.

EXPECTED BEHAVIOUR
- The VM is responding to the commands after each migration.

ACTUAL BEHAVIOUR
- The VM Kernel crashes in most-used part of the memory after 10 to 50 
migrations.

[Additional Information]
qemu:
  Installed: (none)
  Candidate: 2.0.0+dfsg-2ubuntu1.18
  Version table:
     2.0.0+dfsg-2ubuntu1.18 0
        500 http://archive.ubuntu.com/ubuntu/ trusty-proposed/universe amd64 
Packages
     2.0.0+dfsg-2ubuntu1.17 0
        500 http://ru.archive.ubuntu.com/ubuntu/ trusty-updates/universe amd64 
Packages
        500 http://security.ubuntu.com/ubuntu/ trusty-security/universe amd64 
Packages
     2.0.0~rc1+dfsg-0ubuntu3 0
        500 http://ru.archive.ubuntu.com/ubuntu/ trusty/universe amd64 Packages

The migrated memory is corrupted because the pages are not appropriately
dirtied during the migration state. This is due to the only pages that
go through `slow_path` access in TCG are marked as dirty.

Iff the pages are in the TLB cache then the access is done the fast way
and pages are not marked dirty.

To fix that the TLB cache must be flushed before the VM enters live
migration state.

See the bug descriptions for details:
https://bugs.launchpad.net/mos/7.0.x/+bug/1371130

QEMU versions from 2.0.0 and up to 2.4.0 (excluding it) seems to be
vulnerable.

The bug is fixed by the commit
http://git.qemu.org/?p=qemu.git;a=commit;h=6f6a5ef3e429f92f987678ea8c396aab4dc6aa19

** Affects: qemu (Ubuntu)
     Importance: Undecided
         Status: New

** Patch added: "backported solution"
   
https://bugs.launchpad.net/bugs/1493049/+attachment/4458743/+files/flush-tlb.patch

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1493049

Title:
  memory corruption during live-migration in TCG mode

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/qemu/+bug/1493049/+subscriptions

-- 
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to