On Wed, Dec 12, 2012 at 03:01:55PM +0100, Paolo Bonzini wrote: > Il 12/12/2012 14:50, Stefan Hajnoczi ha scritto: > > VirtIOBlock->rq can trigger the assertion. > > > > IIUC hw/virtio-blk.c may handle I/O errors by keeping the request > > pending and on a list (->rq). This allows the user to restart them > > after, for example, adding more space to the host file system containing > > the disk image file. > > > > We keep a list of failed requests and we migrate this list. So I think > > inuse != 0 when migrating with pending failed I/O requests. > > Same for virtio-scsi. Each request in that case is sent as part of the > SCSIDevice that it refers to, via callbacks in SCSIBusInfo. > > Paolo
Looks like this will leak ring entries. All I see is: virtio_scsi_load calling virtio_load. When the loading side will get last avail index it will assume all requests up to that value have completed, so it will never put the missing heads in the used ring. And it is at this point too late for the source to change the used ring as guest memory has migrated. -- MST
