OOM in guest Ubuntu with inflated balloon
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
linux-lts-utopic (Ubuntu) |
Fix Released
|
High
|
Joseph Salisbury | ||
Trusty |
Fix Released
|
High
|
Joseph Salisbury |
Bug Description
There is QEMU/KVM and a Linux OS running inside the guest.
Inside the Linux guest a balloon consumes memory in accordance with
commands performed on the host side in QEMU. Rapid increases of memory consumption
inside the guest may end up with guest OOMs
since memory locked by balloon couldn’t be returned to the guest OS/vm in time.
The problem is addressed in mainstream Linux with the following patchset:
commit 5a10b7dbf904bfe
Author: Raushaniya Maksudova <email address hidden>
Date: Mon Nov 10 09:36:29 2014 +1030
virtio_balloon: free some memory from balloon on OOM
Excessive virtio_balloon inflation can cause invocation of OOM-killer,
when Linux is under severe memory pressure. Various mechanisms are
responsible for correct virtio_balloon memory management. Nevertheless
it is often the case that these control tools does not have enough time
to react on fast changing memory load. As a result OS runs out of memory
and invokes OOM-killer. The balancing of memory by use of the virtio
balloon should not cause the termination of processes while there are
pages in the balloon. Now there is no way for virtio balloon driver to
free some memory at the last moment before some process will be get
killed by OOM-killer.
This does not provide a security breach as balloon itself is running
inside guest OS and is working in the cooperation with the host. Thus
some improvements from guest side should be considered as normal.
To solve the problem, introduce a virtio_balloon callback which is
expected to be called from the oom notifier call chain in out_of_memory()
function. If virtio balloon could release some memory, it will make
the system to return and retry the allocation that forced the out of
memory killer to run.
Allocate virtio feature bit for this: it is not set by default,
the the guest will not deflate virtio balloon on OOM without explicit
permission from host.
Signed-off-by: Raushaniya Maksudova <email address hidden>
Signed-off-by: Denis V. Lunev <email address hidden>
Acked-by: Michael S. Tsirkin <email address hidden>
Signed-off-by: Rusty Russell <email address hidden>
commit 1fd9c67203af919
Author: Raushaniya Maksudova <email address hidden>
Date: Mon Nov 10 09:35:29 2014 +1030
virtio_balloon: return the amount of freed memory from leak_balloon()
This value would be useful in the next patch to provide the amount of
the freed memory for OOM killer.
Signed-off-by: Raushaniya Maksudova <email address hidden>
Signed-off-by: Denis V. Lunev <email address hidden>
CC: Rusty Russell <email address hidden>
CC: Michael S. Tsirkin <email address hidden>
Signed-off-by: Rusty Russell <email address hidden>
The problem is present in Ubuntu 14.10
CVE References
Changed in linux-lts-utopic (Ubuntu Trusty): | |
importance: | Undecided → High |
Changed in linux-lts-utopic (Ubuntu): | |
importance: | Undecided → High |
tags: | added: kernel-da-key |
Changed in linux-lts-utopic (Ubuntu Trusty): | |
assignee: | nobody → Joseph Salisbury (jsalisbury) |
Changed in linux-lts-utopic (Ubuntu): | |
status: | Incomplete → In Progress |
assignee: | nobody → Joseph Salisbury (jsalisbury) |
Changed in linux-lts-utopic (Ubuntu Trusty): | |
status: | In Progress → Fix Committed |
Changed in linux-lts-utopic (Ubuntu): | |
status: | In Progress → Fix Released |
This bug is missing log files that will aid in diagnosing the problem. From a terminal window please run:
apport-collect 1587087
and then change the status of the bug to 'Confirmed'.
If, due to the nature of the issue you have encountered, you are unable to run this command, please add a comment stating that fact and change the bug status to 'Confirmed'.
This change has been made by an automated script, maintained by the Ubuntu Kernel Team.