memory corruption during live-migration in TCG mode
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
qemu (Ubuntu) |
Fix Released
|
High
|
Unassigned | ||
Trusty |
Fix Committed
|
High
|
Unassigned |
Bug Description
[Impact]
* Live-migration of QEMU instances in pure-emulation (TCG) mode
[Test Case]
HOW TO REPRODUCE
1. Run a QEMU instance with a simply VM inside it. The VM should have as few running daemons as it is posible.
2. Live migrate machine back and forth a few times. Use monitor command 'migrate "exec:cat>
EXPECTED BEHAVIOUR
- The VM is responding to the commands after each migration.
ACTUAL BEHAVIOUR
- The VM Kernel crashes in most-used part of the memory after 10 to 50 migrations.
[Additional Information]
qemu:
Installed: (none)
Candidate: 2.0.0+dfsg-
Version table:
2.
500 http://
2.
500 http://
500 http://
2.
500 http://
The migrated memory is corrupted because the pages are not appropriately dirtied during the migration state. This is due to the only pages that go through `slow_path` access in TCG are marked as dirty.
Iff the pages are in the TLB cache then the access is done the fast way and pages are not marked dirty.
To fix that the TLB cache must be flushed before the VM enters live migration state.
See the bug descriptions for details: https:/
QEMU versions from 2.0.0 and up to 2.4.0 (excluding it) seems to be vulnerable.
The bug is fixed by the commit http://
no longer affects: | qemu (Ubuntu Vivid) |
Changed in qemu (Ubuntu Trusty): | |
importance: | Undecided → High |
The attachment "backported solution" seems to be a patch. If it isn't, please remove the "patch" flag from the attachment, remove the "patch" tag, and if you are a member of the ~ubuntu-reviewers, unsubscribe the team.
[This is an automated message performed by a Launchpad user owned by ~brian-murray, for any issues please contact him.]