Public bug reported: [Impact] * Live-migration of QEMU instances in pure-emulation (TCG) mode
[Test Case] HOW TO REPRODUCE 1. Run a QEMU instance with a simply VM inside it. The VM should have as few running daemons as it is posible. 2. Live migrate machine back and forth a few times. Use monitor command 'migrate "exec:cat>filename"' to migrate out a VM and QEMU command line option '-incoming "exec:cat filename"' to load a migrated state. EXPECTED BEHAVIOUR - The VM is responding to the commands after each migration. ACTUAL BEHAVIOUR - The VM Kernel crashes in most-used part of the memory after 10 to 50 migrations. [Additional Information] qemu: Installed: (none) Candidate: 2.0.0+dfsg-2ubuntu1.18 Version table: 2.0.0+dfsg-2ubuntu1.18 0 500 http://archive.ubuntu.com/ubuntu/ trusty-proposed/universe amd64 Packages 2.0.0+dfsg-2ubuntu1.17 0 500 http://ru.archive.ubuntu.com/ubuntu/ trusty-updates/universe amd64 Packages 500 http://security.ubuntu.com/ubuntu/ trusty-security/universe amd64 Packages 2.0.0~rc1+dfsg-0ubuntu3 0 500 http://ru.archive.ubuntu.com/ubuntu/ trusty/universe amd64 Packages The migrated memory is corrupted because the pages are not appropriately dirtied during the migration state. This is due to the only pages that go through `slow_path` access in TCG are marked as dirty. Iff the pages are in the TLB cache then the access is done the fast way and pages are not marked dirty. To fix that the TLB cache must be flushed before the VM enters live migration state. See the bug descriptions for details: https://bugs.launchpad.net/mos/7.0.x/+bug/1371130 QEMU versions from 2.0.0 and up to 2.4.0 (excluding it) seems to be vulnerable. The bug is fixed by the commit http://git.qemu.org/?p=qemu.git;a=commit;h=6f6a5ef3e429f92f987678ea8c396aab4dc6aa19 ** Affects: qemu (Ubuntu) Importance: Undecided Status: New ** Patch added: "backported solution" https://bugs.launchpad.net/bugs/1493049/+attachment/4458743/+files/flush-tlb.patch -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to qemu in Ubuntu. https://bugs.launchpad.net/bugs/1493049 Title: memory corruption during live-migration in TCG mode To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/qemu/+bug/1493049/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs