Hide Forgot
Description of problem: In QEMU reserved-memory-end tells firmware address from which it could start treating memory as PCI address space and map PCI BARs after it to avoid collisions with RAM. Currently it is incorrectly pointing to address where hotplugged memory range starts which could redirect hotplugged RAM accesses to PCI BARs when firmware maps them over RAM or vice verse. Fix this by pointing reserved-memory-end to the end of memory hotplug area. Version-Release number of selected component (if applicable): qemu-kvm-1.5.3-102
Easy way to verify bug, 1: /usr/libexec/qemu-kvm -m 4G,slots=1,maxmem=12G \ -object memory-backend-ram,id=dimm1,size=1G \ -device ivshmem,size=1G,shm=ssss \ -device pc-dimm,id=d1,memdev=dimm1 \ -monitor stdio -M pc-i440fx-rhel7.2.0 2: execute in monitor prompt command 'info mtree' Actual results: 0000000140000000-000000017fffffff (prio 0, RW): ivshmem.bar2 ... 0000000140000000-000000037fffffff (prio 0, RW): hotplug-memory 0000000140000000-000000017fffffff (prio 0, RW): dimm1 Expected results: ivshmem.bar2 shouldn't intersect with hotplugged memory and should start beyond hotplug-memory region range, i.e. after 000000037fffffff with -M pc-i440fx-rhel7.1.0 Expected result should stay broken like in Actual result.
http://post-office.corp.redhat.com/archives/rhvirt-patches/2015-September/msg00211.html
Fix included in qemu-kvm-rhev-2.3.0-23.el7
Summary: The results of verification can prove that this bug has been fixed. Reproduced: Host: kernel:3.10.0-316.el7.x86_64 qemu-img-rhev-2.3.0-22.el7.x86_64 Steps: 1.# /usr/libexec/qemu-kvm -m 4G,slots=1,maxmem=12G \ -object memory-backend-ram,id=dimm1,size=1G \ -device ivshmem,size=1G,shm=ssss \ -device pc-dimm,id=d1,memdev=dimm1 \ -monitor stdio -M pc-i440fx-rhel7.2.0 (qemu)info mtree ... 0000000140000000-000000017fffffff (prio 0, RW): ivshmem.bar2 ... 0000000140000000-000000037fffffff (prio 0, RW): hotplug-memory 0000000140000000-000000017fffffff (prio 0, RW): dimm1 ivshmem.bar2 intersect with hotplug-memory. So this bug is reproduced. Verified: Host: kernel:3.10.0-316.el7.x86_64 qemu-img-rhev-2.3.0-23.el7.x86_64 Scenario 1: -M pc-i440fx-rhel7.2.0 #/usr/libexec/qemu-kvm -m 4G,slots=1,maxmem=12G \ -object memory-backend-ram,id=dimm1,size=1G \ -device ivshmem,size=1G,shm=ssss \ -device pc-dimm,id=d1,memdev=dimm1 \ -monitor stdio -M pc-i440fx-rhel7.2.0 (qemu)info mtree ... 0000000380000000-00000003bfffffff (prio 0, RW): ivshmem.bar2 ... 0000000140000000-000000037fffffff (prio 0, RW): hotplug-memory 0000000140000000-000000017fffffff (prio 0, RW): dimm1 ivshmem.bar2 doesn't intersect with hotplug-memory and start beyong hotplug-memory. Scenario 2: -M pc-i440fx-rhel7.1.0 #/usr/libexec/qemu-kvm -m 4G,slots=1,maxmem=12G \ -object memory-backend-ram,id=dimm1,size=1G \ -device ivshmem,size=1G,shm=ssss \ -device pc-dimm,id=d1,memdev=dimm1 \ -monitor stdio -M pc-i440fx-rhel7.1.0 (qemu)info mtree ... 0000000140000000-000000017fffffff (prio 0, RW): ivshmem.bar2 ... 0000000140000000-000000033fffffff (prio 0, RW): hotplug-memory 0000000140000000-000000017fffffff (prio 0, RW): dimm1 ivshmem.bar2 intersect with hotplug-memory, it is broken. According to Comment 4, results of Scenario 1 and Scenario 2 is expected. So this bug has been fixed.
According to comment4 and comment5, set this issue as verified.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHBA-2015-2546.html