Bug 740547 – qxl: migrating in vga mode causes a "panic: virtual address out of range"

Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.

Bug 740547 - qxl: migrating in vga mode causes a "panic: virtual address out of range"

Summary:	qxl: migrating in vga mode causes a "panic: virtual address out of range"

Status:	CLOSED ERRATA

Aliases:	None

Product:	Red Hat Enterprise Linux 6
Classification:	Red Hat
Component:	qemu-kvm (Show other bugs)
Sub Component:
Version:	6.1
Hardware:	Unspecified All

Priority	unspecified Severity high
Target Milestone:	rc
Target Release:	---
Assigned To:	Alon Levy
QA Contact:	Virtualization Bugs
Docs Contact:

URL:
Whiteboard:
Keywords:

Depends On:
Blocks:
	Show dependency tree / graph

Reported:	2011-09-22 08:30 EDT by Alon Levy
Modified:	2011-12-06 11:04 EST (History)
CC List:	9 users (show)

See Also:
Fixed In Version:	qemu-kvm-0.12.1.2-2.206.el6
Doc Type:	Bug Fix
Doc Text:	Cause qxl memory slots are not created after migration if the migration started in vga mode and the guest is actually a native guest temporarily in vga mode. Consequence after migration, when switching from vga mode back to native mode, qemu-kvm will abort. Fix recreate all active memory slots on migration if in vga mode. Result after migration switching back to native mode works fine. For instance this applies to a cmd window in a windows vm in full screen mode (alt-enter).
Story Points:	---
Clone Of:
Environment:
Last Closed:	2011-12-06 11:04:05 EST
Type:	---
Regression:	---
Mount Type:	---
Documentation:	---
CRM:
Verified Versions:
Category:	---
oVirt Team:	---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

External Trackers
Tracker	ID	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2011:1531	normal	SHIPPED_LIVE	Moderate: qemu-kvm security, bug fix, and enhancement update	2011-12-05 20:23:30 EST

Groups: None (edit)

Description Alon Levy 2011-09-22 08:30:03 EDT

Description of problem:
When migrating a vm not in native mode the slots are not recreated on the destination and as a result a "panic: virtual address out of range" occurs at the first usage of slot referenced memory.

Version-Release number of selected component (if applicable):


How reproducible:
100%

Steps to Reproduce:
1. run a windows vm (will happen in any vm, but this is how we tested)
2. create cmd window
3. alt-enter to change to vga mode
4. migrate
5. alt-enter to exit vga mode
  
Actual results:

qxl-0: QXL_IO_CREATE_PRIMARY async=1
qxl-0: qxl_exit_vga_mode
qxl-0: qxl_destroy_primary
qxl-0: qxl_create_guest_primary: 1280x960
id 0, group 0, virt start 0, virt end ffffffffffffffff, generation 0, delta 0
validate_virt: panic: virtual address out of range
    virt=0x0+0x4b0000 slot_id=1 group_id=1
    slot=0x0-0x0 delta=0x0

Expected results:
normal operation - exit vga mode, return to windows ui.

Additional info:
The following snippet fixes the problem: (will send upstream first, this affects upstream as well)

diff --git a/hw/qxl.c b/hw/qxl.c
index d669a6b..ccc34a9 100644
--- a/hw/qxl.c
+++ b/hw/qxl.c
@@ -1725,6 +1725,12 @@ static int qxl_post_load(void *opaque, int version)
         qxl_mode_to_string(d->mode));
     newmode = d->mode;
     d->mode = QXL_MODE_UNDEFINED;
+    for (i = 0; i < NUM_MEMSLOTS; i++) {
+        if (!d->guest_slots[i].active) {
+            continue;
+        }
+        qxl_add_memslot(d, i, 0, QXL_SYNC);
+    }
     switch (newmode) {
     case QXL_MODE_UNDEFINED:
         break;
@@ -1732,12 +1738,6 @@ static int qxl_post_load(void *opaque, int version)
         qxl_enter_vga_mode(d);
         break;
     case QXL_MODE_NATIVE:
-        for (i = 0; i < NUM_MEMSLOTS; i++) {
-            if (!d->guest_slots[i].active) {
-                continue;
-            }
-            qxl_add_memslot(d, i, 0, QXL_SYNC);
-        }
         qxl_create_guest_primary(d, 1, QXL_SYNC);
 
         /* replay surface-create and cursor-set commands */

Comment 2 RHEL Product and Program Management 2011-10-07 12:03:36 EDT

Since RHEL 6.2 External Beta has begun, and this bug remains
unresolved, it has been rejected as it is not proposed as
exception or blocker.

Red Hat invites you to ask your support representative to
propose this request, if appropriate and relevant, in the
next release of Red Hat Enterprise Linux.

Comment 3 Alon Levy 2011-10-25 09:10:13 EDT

Better patch posted as a result of Gerd's comments on COMPT mode not requiring any change to behavior:
 
 http://patchwork.ozlabs.org/patch/121670/

Alon

Comment 4 juzhang 2011-10-26 01:34:28 EDT

Reproduced with qemu-kvm-200,marked qa ack+

bt
-
id 0, group 0, virt start 0, virt end ffffffffffffffff, generation 0, delta 0
validate_virt: panic: virtual address out of range
virt=0x0+0x96000 slot_id=1 group_id=1
slot=0x0-0x0 delta=0x0
Aborted (core dumped)

Comment 5 Alon Levy 2011-10-26 17:57:38 EDT

(In reply to comment #4)
> Reproduced with qemu-kvm-200,marked qa ack+
> 
> bt
> -
> id 0, group 0, virt start 0, virt end ffffffffffffffff, generation 0, delta 0
> validate_virt: panic: virtual address out of range
> virt=0x0+0x96000 slot_id=1 group_id=1
> slot=0x0-0x0 delta=0x0
> Aborted (core dumped)

Can you verify http://brewweb.devel.redhat.com/brew/taskinfo?taskID=3747158 fixes the issue?

Comment 6 FuXiangChun 2011-10-27 03:50:41 EDT

> Can you verify http://brewweb.devel.redhat.com/brew/taskinfo?taskID=3747158
> fixes the issue?
Tested with qemu-kvm-0.12.1.2-2.204.el6.alon.bz740547.v1.x86_64.guest black screen instead of core dump.the following is the detailed infos:

steps:
1. boot a windows-xp vm 
/usr/libexec/qemu-kvm  -m 2G -smp 2 -netdev tap,id=hostnet0,vhost=on,script=/etc/qemu-ifup -device virtio-net-pci,netdev=hostnet0,id=net0,mac=1C:C1:DE:32:A3:F8 -uuid 7c73a852-c316-4d61-b913-9dde17367a30  -drive file=/home/winxp.qcow2,if=none,id=drive-virtio-disk0,format=qcow2,werror=ignore,rerror=ignore -device virtio-blk-pci,drive=drive-virtio-disk0,id=virtio-blk-pci0  -monitor stdio -spice disable-ticketing,port=5911 -balloon none -vga qxl

2. create cmd window
3. alt-enter to change to vga mode
4. migrate
5. alt-enter to exit vga mode

actual result:
windows UI show black screen after entering alt-enter to exit vga mode, guest cann't normal return to windows ui

Comment 7 Alon Levy 2011-10-27 04:04:45 EDT

ok, so a few question:
 1. after migration, can you see the cursor blinking, can you send key presses via the spice client and see the letters appear?
 2. after alt-enter to exit vga mode, can you post the qemu log output, the qemu backtrace.

Thanks,
Alon

Comment 8 Michal Novotny 2011-10-27 08:11:59 EDT

Patches acked:
* Patch: qxl: create slots on post_load in vga state
  (Message-Id: <1319666296-3180-1-git-send-email-alevy@redhat.com>)
  - Acked-by: Gerd Hoffmann <kraxel@redhat.com>
  - Acked-by: Yonit Halperin <yhalperi@redhat.com>
  - Acked-by: Hans de Goede <hdegoede@redhat.com>

Comment 9 Michal Novotny 2011-10-27 08:31:14 EDT

Patch(es) included on qemu-kvm-0.12.1.2-2.205.el6

Comment 10 FuXiangChun 2011-10-28 01:03:39 EDT

verify on qemu-kvm-0.12.1.2-2.205.el6

steps to verify:
steps:
1. boot a windows-xp vm 
/usr/libexec/qemu-kvm  -m 2G -smp 2 -netdev
tap,id=hostnet0,vhost=on,script=/etc/qemu-ifup -device
virtio-net-pci,netdev=hostnet0,id=net0,mac=1C:C1:DE:32:A3:F8 -uuid
7c73a852-c316-4d61-b913-9dde17367a30  -drive
file=/home/winxp.qcow2,if=none,id=drive-virtio-disk0,format=qcow2,werror=ignore,rerror=ignore
-device virtio-blk-pci,drive=drive-virtio-disk0,id=virtio-blk-pci0  -monitor
stdio -spice disable-ticketing,port=5911 -balloon none -vga qxl

2. create cmd window
3. alt-enter to change to vga mode
4. migrate
5. alt-enter to exit vga mode

actual result:
  after alt-enter to exit vga mode in destination, return to windows ui.

base on above testing result, this bug has been fixed.   


(In reply to comment #7)
> ok, so a few question:
>  1. after migration, can you see the cursor blinking, can you send key presses
> via the spice client and see the letters appear?
>  2. after alt-enter to exit vga mode, can you post the qemu log output, the
> qemu backtrace.
> 
> Thanks,
> Alon

Alon, Maybe my testing host have some questions, just i use another host to reproduce it for qemu-kvm-0.12.1.2-2.204.el6.alon.bz740547.v1.x86_64.guest,  after alt-enter to exit vga mode it can return to windows UI.

Comment 13 Eduardo Habkost 2011-10-28 13:58:25 EDT

Moving to ON_QA because Errata Tool did not do it

Comment 15 Alon Levy 2011-11-17 13:16:43 EST

Adding technical note and updating the bug title to what was actually the problem (COMPAT_MODE turned out to be ok not requiring any update).

Comment 16 Alon Levy 2011-11-17 13:16:43 EST

    Technical note added. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    New Contents:
Cause
    qxl memory slots are not created after migration if the migration started in vga mode and the guest is actually a native guest temporarily in vga mode.
Consequence
    after migration, when switching from vga mode back to native mode, qemu-kvm will abort.
Fix
    recreate all active memory slots on migration if in vga mode.
Result
    after migration switching back to native mode works fine. For instance this applies to a cmd window in a windows vm in full screen mode (alt-enter).

Comment 17 errata-xmlrpc 2011-12-06 11:04:05 EST

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHSA-2011-1531.html

Note You need to log in before you can comment on or make changes to this bug.