Bug 2108531

Summary:	Windows guest reboot after migration with wsl2 installed inside
Product:	Red Hat Enterprise Linux 9	Reporter:	Li Xiaohui <xiaohli>
Component:	qemu-kvm	Assignee:	Vitaly Kuznetsov <vkuznets>
qemu-kvm sub component:	Live Migration	QA Contact:	Li Xiaohui <xiaohli>
Status:	CLOSED ERRATA	Docs Contact:
Severity:	high
Priority:	high	CC:	chayang, coli, jinzhao, juzhang, leobras, mdean, mrezanin, peterx, quintela, virt-maint, vkuznets, ymankad
Version:	9.1	Keywords:	Regression, Triaged, ZStream
Target Milestone:	rc
Target Release:	---
Hardware:	Unspecified
OS:	Unspecified
Whiteboard:
Fixed In Version:	qemu-kvm-7.1.0-3.el9	Doc Type:	If docs needed, set a value
Doc Text:		Story Points:	---
Clone Of:
Clones:	2134896 (view as bug list)		Environment:
Last Closed:	2023-05-09 07:19:33 UTC	Type:	---
Regression:	---	Mount Type:	---
Documentation:	---	CRM:
Verified Versions:		Category:	---
oVirt Team:	---	RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---	Target Upstream Version:
Embargoed:
Bug Depends On:
Bug Blocks:	2134896

Description Li Xiaohui 2022-07-19 08:40:40 UTC

Description of problem:
Win2022 (ovmf) guest reboot after migration with wsl2 installed inside
1.Easy to reproduce bug: 
Installed wsl2 in win2022 guest. Boot win2022 guest with vtpm devides, then start postcopy migration, after postcopy migration completed, win2022 guest would reboot automatically.
2.When reproduce bug following 1 scenario, then retest, boot win2022 without vtpm device, do plain migration, after migration, win2022 guest would reboot too. But it's hard to reproduce this bug when try with 2 scenario.


Version-Release number of selected component (if applicable):
hosts info: kernel-5.14.0-121.el9.x86_64 & qemu-kvm-7.0.0-8.el9.x86_64
cpu model: Intel(R) Xeon(R) Gold 5218 CPU @ 2.30GHz
guest info: win2022 ovmf guest


How reproducible:
1. Easy to reproduce with wsl2 installed and vtpm device in Win2022 guest, postcopy migration
2. Hard to reproduce with wsl2 installed but without vtpm device in Win2022 guest, plain migration


Steps to Reproduce:
1.Setup tpm on source and destination hosts;
# rm -rf /tmp/mytpm && mkdir /tmp/mytpm
# /usr/bin/swtpm_setup --tpm2 --tpmstate /tmp/mytpm --create-ek-cert --create-platform-cert --overwrite
# /usr/bin/swtpm socket --daemon --ctrl type=unixio,path=/tmp/guest-swtpm.sock,mode=0600 --tpmstate dir=/tmp/mytpm,mode=0600 --tpm2
2.Boot a guest on source host with qemu command [1];
3.Boot a guest on destination host with same qemu command as source host but appending with "-incoming defer"
4.Enable postcopy capability on source and destination host;
5.Start migration, during migration is active, switch to postcopy mode;


Actual results:
After postcopy migration completed, win2022 guest would reboot automatically


Expected results:
win2022 guest works well after postcopy migration, won't reboot


Additional info:
1. without wsl2 installed, didn't reproduce this bug with testing several times
2. For wsl2 install in win2022 guest, refer to https://docs.microsoft.com/en-us/windows/wsl/install-on-server

Qemu command [1]:
/usr/libexec/qemu-kvm  \
-name "mouse-vm" \
-sandbox on \
-machine q35,memory-backend=pc.ram,pflash0=drive_ovmf_code,pflash1=drive_ovmf_vars \
-cpu Cascadelake-Server-v5,ss=on,vmx=on,pdcm=on,hypervisor=on,tsc-adjust=on,umip=on,pku=on,md-clear=on,stibp=on,arch-capabilities=on,xsaves=on,ibpb=on,ibrs=on,amd-stibp=on,amd-ssbd=on,rdctl-no=on,ibrs-all=on,skip-l1dfl-vmentry=on,mds-no=on,pschange-mc-no=on,tsx-ctrl=on,hle=off,rtm=off,hv_stimer,hv_synic,hv_vpindex,hv_relaxed,hv_spinlocks=0xfff,hv_crash,hv_vapic,hv_time,hv_frequencies,hv_runtime,hv_tlbflush,hv_reenlightenment,hv_stimer_direct,hv_ipi,hv_evmcs \
-nodefaults  \
-chardev socket,id=qmp_id_qmpmonitor1,path=/var/tmp/monitor-qmpmonitor1,server=on,wait=off \
-chardev socket,id=qmp_id_catch_monitor,path=/var/tmp/monitor-catch_monitor,server=on,wait=off \
-chardev socket,id=chrtpm,path=/tmp/guest-swtpm.sock \
-mon chardev=qmp_id_qmpmonitor1,mode=control \
-mon chardev=qmp_id_catch_monitor,mode=control \
-device pcie-root-port,port=0x10,chassis=1,id=root0,bus=pcie.0,multifunction=on,addr=0x2 \
-device pcie-root-port,port=0x11,chassis=2,id=root1,bus=pcie.0,addr=0x2.0x1 \
-device pcie-root-port,port=0x12,chassis=3,id=root2,bus=pcie.0,addr=0x2.0x2 \
-device pcie-root-port,port=0x13,chassis=4,id=root3,bus=pcie.0,addr=0x2.0x3 \
-device pcie-root-port,port=0x14,chassis=5,id=root4,bus=pcie.0,addr=0x2.0x4 \
-device pcie-root-port,port=0x15,chassis=6,id=root5,bus=pcie.0,addr=0x2.0x5 \
-device pcie-root-port,port=0x16,chassis=7,id=root6,bus=pcie.0,addr=0x2.0x6 \
-device pcie-root-port,port=0x17,chassis=8,id=root7,bus=pcie.0,addr=0x2.0x7 \
-device pcie-root-port,port=0x20,chassis=21,id=extra_root0,bus=pcie.0,multifunction=on,addr=0x3 \
-device pcie-root-port,port=0x21,chassis=22,id=extra_root1,bus=pcie.0,addr=0x3.0x1 \
-device pcie-root-port,port=0x22,chassis=23,id=extra_root2,bus=pcie.0,addr=0x3.0x2 \
-device nec-usb-xhci,id=usb1,bus=root0,addr=0x0 \
-device virtio-scsi-pci,id=virtio_scsi_pci0,bus=root1,addr=0x0 \
-device scsi-hd,id=image1,drive=drive_image1,bus=virtio_scsi_pci0.0,channel=0,scsi-id=0,lun=0,bootindex=0,write-cache=on \
-device virtio-net-pci,mac=9a:8a:8b:8c:8d:8e,id=net0,netdev=tap0,bus=root2,addr=0x0 \
-device usb-tablet,id=usb-tablet1,bus=usb1.0,port=1 \
-device virtio-balloon-pci,id=balloon0,bus=root3,addr=0x0 \
-device VGA,id=video0,vgamem_mb=16,bus=pcie.0,addr=0x1 \
-device tpm-crb,tpmdev=tpm-tpm0,id=tpm0 \
-blockdev driver=file,auto-read-only=on,discard=unmap,aio=threads,cache.direct=on,cache.no-flush=off,filename=/mnt/xiaohli/win2022.qcow2,node-name=drive_sys1 \
-blockdev driver=qcow2,node-name=drive_image1,read-only=off,cache.direct=on,cache.no-flush=off,file=drive_sys1 \
-blockdev node-name=file_ovmf_code,driver=file,filename=/usr/share/OVMF/OVMF_CODE.secboot.fd,auto-read-only=on,discard=unmap \
-blockdev node-name=drive_ovmf_code,driver=raw,read-only=on,file=file_ovmf_code \
-blockdev node-name=file_ovmf_vars,driver=file,filename=/mnt/xiaohli/win2022-64-virtio-scsi.qcow2_VARS.fd,auto-read-only=on,discard=unmap \
-blockdev node-name=drive_ovmf_vars,driver=raw,read-only=off,file=file_ovmf_vars \
-netdev tap,id=tap0,vhost=on \
-m 4096 \
-object memory-backend-ram,id=pc.ram,size=4096M \
-smp 4,maxcpus=4,cores=2,threads=1,sockets=2 \
-vnc :10 \
-rtc base=utc,clock=host \
-boot menu=off,strict=off,order=cdn,once=c \
-enable-kvm  \
-qmp tcp:0:3333,server=on,wait=off \
-qmp tcp:0:9999,server=on,wait=off \
-qmp tcp:0:9888,server=on,wait=off \
-serial tcp:0:4444,server=on,wait=off \
-monitor stdio \
-msg timestamp=on \
-tpmdev emulator,id=tpm-tpm0,chardev=chrtpm \

Comment 1 Vitaly Kuznetsov 2022-08-02 11:35:16 UTC

Note, 'hv_reenlightenment' feature *requires* 'tsc-frequency=' setting to make migration work. I don't see
it on the QEMU command line above. Sadly, there was a bug discovered recently, see

commit 99482726452bdf8be9325199022b17fa6d7d58fe
Author: Vitaly Kuznetsov <vkuznets>
Date:   Tue Jul 12 15:50:09 2022 +0200

    KVM: nVMX: Always enable TSC scaling for L2 when it was enabled for L1

I'm not exactly sure this fix is a must here (I've discovered the issue with Win11, not
Win2022) but it might be.

Comment 2 Li Xiaohui 2022-08-18 03:53:20 UTC

Hi Vitaly, 
I have tried on two different hosts to do postcopy migration with wsl2 installed according to your Comment 1, but win2022 guest still reboot after migration.

src host:
Intel(R) Xeon(R) Silver 4210 CPU @ 2.20GHz
# virsh capabilities |grep counter
      <counter name='tsc' frequency='2194843000' scaling='yes'/>

dst host：
Intel(R) Xeon(R) CPU E5-2609 v3 @ 1.90GHz
# virsh capabilities |grep counter
      <counter name='tsc' frequency='1899997000' scaling='no'/>


Qemu command same as Description except cpu command:
-cpu Haswell-noTSX-IBRS,vme=on,ss=on,vmx=on,pdcm=on,f16c=on,rdrand=on,hypervisor=on,arat=on,tsc-adjust=on,umip=on,md-clear=on,stibp=on,arch-capabilities=on,ssbd=on,xsaveopt=on,pdpe1gb=on,abm=on,ibpb=on,ibrs=on,amd-stibp=on,amd-ssbd=on,skip-l1dfl-vmentry=on,pschange-mc-no=on,hv_stimer,hv_synic,hv_vpindex,hv_relaxed,hv_spinlocks=0xfff,hv_crash,hv_vapic,hv_time,hv_frequencies,hv_runtime,hv_tlbflush,hv_reenlightenment,hv_stimer_direct,hv_ipi,hv_evmcs,tsc-frequency=1899997000 \

Comment 3 Vitaly Kuznetsov 2022-08-18 11:40:35 UTC

The fix I've mentioned in https://bugzilla.redhat.com/show_bug.cgi?id=2108531#c1
was backported in kernel-5.14.0-145.el9 -- did you try this or a later version?

I'm taking this BZ to my stash to look at.

Comment 4 Li Xiaohui 2022-08-18 12:22:43 UTC

(In reply to Vitaly Kuznetsov from comment #3)
> The fix I've mentioned in
> https://bugzilla.redhat.com/show_bug.cgi?id=2108531#c1
> was backported in kernel-5.14.0-145.el9 -- did you try this or a later
> version?

Yes, the kernel version is 5.14.0-145.el9.x86_64

> 
> I'm taking this BZ to my stash to look at.

Comment 8 Li Xiaohui 2022-09-24 13:26:45 UTC

I could reproduce this bug on qemu-kvm-7.1.0-1.el9, and retest on qemu-kvm-7.1.0-1.el9.vitty202209201648, the bug disappear.

So the scratch build fixes this bug: https://brewweb.engineering.redhat.com/brew/taskinfo?taskID=47844255

Comment 9 Vitaly Kuznetsov 2022-09-26 07:54:34 UTC

(In reply to Li Xiaohui from comment #8)
> I could reproduce this bug on qemu-kvm-7.1.0-1.el9, and retest on
> qemu-kvm-7.1.0-1.el9.vitty202209201648, the bug disappear.
> 
> So the scratch build fixes this bug:
> https://brewweb.engineering.redhat.com/brew/taskinfo?taskID=47844255

Thank you, now we're sure it's the same bug.

Comment 12 Yanan Fu 2022-10-14 02:42:25 UTC

QE bot(pre verify): Set 'Verified:Tested,SanityOnly' as gating/tier1 test pass.

Comment 17 Li Xiaohui 2022-10-20 13:44:18 UTC

Verified this bug according to Description, and it passed. 

So mark this bug as verified

Comment 21 errata-xmlrpc 2023-05-09 07:19:33 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: qemu-kvm security, bug fix, and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2023:2162