On 17.07.19 13:29, Michael S. Tsirkin wrote:
> On Wed, Jul 17, 2019 at 01:06:29PM +0200, David Hildenbrand wrote:
>> On 17.07.19 12:48, Michael S. Tsirkin wrote:
>>> On Wed, Jul 17, 2019 at 12:35:50PM +0200, David Hildenbrand wrote:
>>>> When a guest reboots (ordinary reboots, but also via kexec), it will
>>>> happily reuse any system memory, including previously inflated memory.
>>>>
>>>> We could have tracking data for a pbp (PartiallyBalloonedPage). It could
>>>> happen that a new inflation request from the guest will result in a
>>>> discard of such a pbp, although the guest is (again) reusing some
>>>> memory.
>>>>
>>>> We should reset the pbp on any device resets.
>>>>
>>>> Fixes: ed48c59875b6 ("virtio-balloon: Safely handle BALLOON_PAGE_SIZE <
>>>> host page size")
>>>> Cc: qemu-sta...@nongnu.org #v4.0.0
>>>> Cc: Stefan Hajnoczi <stefa...@redhat.com>
>>>> Cc: David Gibson <da...@gibson.dropbear.id.au>
>>>> Cc: Michael S. Tsirkin <m...@redhat.com>
>>>> Cc: Igor Mammedov <imamm...@redhat.com>
>>>> Signed-off-by: David Hildenbrand <da...@redhat.com>
>>>
>>> Can't something else remove a ramblock besides a reset?
>>
>> Yes, however this patch is not about ramblocks getting removed.
>>
>> Take a close look, "balloon->pbp->rb" is only used as a token, it is
>> never used besides for comparisons.
>
>
> You are right but that's still not safe :)
>
> E.g. the bit we are going to set could be out of range of the bitmap because
> the backing page size changed.
As replied to the other thread, I agree. Will look into fixing this,
too, tomorrow!
--
Thanks,
David / dhildenb
