771616 – Too big value of QXL-VGA ram_size and vram_size cause VM paused (internal-error)

RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 771616 - Too big value of QXL-VGA ram_size and vram_size cause VM paused (internal-error)

Summary: Too big value of QXL-VGA ram_size and vram_size cause VM paused (internal-error)

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux 6
Classification:	Red Hat
Component:	seabios
Sub Component:
Version:	6.4
Hardware:	x86_64
OS:	Linux
Priority:	medium
Severity:	high
Target Milestone:	rc
Target Release:	6.4
Assignee:	Gerd Hoffmann
QA Contact:	Virtualization Bugs
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	886216
TreeView+	depends on / blocked

Reported:	2012-01-04 10:50 UTC by Sibiao Luo
Modified:	2013-09-29 02:56 UTC (History)
CC List:	24 users (show)
Fixed In Version:	seabios-0.6.1.2-26.el6
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2013-02-21 08:15:52 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)
Fix (1.73 KB, patch) 2012-11-27 17:02 UTC, Gerd Hoffmann	no flags	Details \| Diff
View All

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHBA-2013:0307	0	normal	SHIPPED_LIVE	seabios bug fix and enhancement update	2013-02-20 20:35:30 UTC

Description Sibiao Luo 2012-01-04 10:50:58 UTC

Description of problem:
Too big value(more than 128Mb) of QXL-VGA ram_size and vram_size cause VM paused (internal-error), this is not accepted.

Version-Release number of selected component (if applicable):
# uname -r && rpm -q qemu-kvm
2.6.32-221.el6.x86_64
qemu-kvm-0.12.1.2-2.213.el6.x86_64

How reproducible:
100%

Steps to Reproduce:
1.boot a guest with a value(68555555bit) of command line parameter vram_size(ram_size).
eg: ...-spice disable-ticketing,port=5912 -vga qxl -global qxl-vga.vram_size=68555555
2. take "info qtree" in the QEMU-monitor.
(qemu) info qtree
...
dev: qxl-vga, id ""
 dev-prop: ram_size = 67108864
 dev-prop: vram_size = 134217728
...
3.boot a guest with a value(134217738bit) of command line parameter vram_size(ram_size).
eg: ...-spice disable-ticketing,port=5912 -vga qxl -global qxl-vga.vram_size=134217738
4.take "info status" in the QEMU-monitor.

Actual results:
after the step of 4, the result as following,
(qemu) info status 
VM status: paused (internal-error)

Expected results:
the guest should boot successfully without any error.

Additional info:

Comment 2 Gerd Hoffmann 2012-02-23 15:02:56 UTC

Hmm, tougth one.  seabios seems to be confused due to running out of address space.  68555555 is rounded to the next power of two (134217738 aka 128M), which doesn't fit into the pci i/o window @ 0xf0000000

seabios log:

Start bios (version 0.6.1.2-20120217_061056-x86-004.build.bos.redhat.com)
Ram Size=0x08000000 (0x0000000000000000 high)
CPU Mhz=2795
PCI: pci_bios_init_bus_rec bus = 0x0
PIIX3/PIIX4 init: elcr=00 0c
PCI: bus=0 devfn=0x00: vendor_id=0x8086 device_id=0x1237
PCI: bus=0 devfn=0x08: vendor_id=0x8086 device_id=0x7000
PCI: bus=0 devfn=0x09: vendor_id=0x8086 device_id=0x7010
region 4: 0x0000c000
PCI: bus=0 devfn=0x0b: vendor_id=0x8086 device_id=0x7113
PCI: bus=0 devfn=0x10: vendor_id=0x1b36 device_id=0x0100
region 0: 0xf0000000
region 1: 0xf8000000
region 2: 0x00000000
region 3: 0x0000c020
region 6: 0x00010000
PCI: bus=0 devfn=0x18: vendor_id=0x10ec device_id=0x8139
region 0: 0x0000c100
region 1: 0x00020000
region 6: 0x00030000
[ hangs here ]

Comment 3 Alon Levy 2012-02-23 15:37:44 UTC

But is there any way that seabios can notify qemu and quit with error? do we even want it to, maybe the bar allocation logic should be duplicated in qemu just for sanity check? if you only fix seabios, then launch with qxl using 256 MB ram (whatever for vram) and seabios correctly doesn't allocate it you get a machine with non working vga, but without any complaints - user will see that as a failure.

Comment 8 Gerd Hoffmann 2012-11-27 17:00:51 UTC

Patch posted.

Comment 9 Gerd Hoffmann 2012-11-27 17:02:37 UTC

Created attachment 652926 [details]
Fix

Comment 14 Michal Novotny 2012-12-10 13:03:17 UTC

Fixed in version seabios-0.6.1.2-26.el6

Comment 16 langfang 2012-12-18 07:03:58 UTC

Reproduce this bug as follow version:
Host:
# uname -r
2.6.32-348.el6.x86_64
# rpm -q  qemu-kvm-rhev
qemu-kvm-rhev-0.12.1.2-2.346.el6.x86_64
# rpm -q seabios
seabios-0.6.1.2-25.el6.x86_64


Steps:

1.Boot a guest with a value(68555555bit) of command line parameter vram_size/ram_size.
eg: ...-spice disable-ticketing,port=5912 -vga qxl -global qxl-vga.vram_size=68555555
2. take "info qtree" in the QEMU-monitor.
(qemu) info qtree
...
dev: qxl-vga, id ""
 dev-prop: ram_size = 67108864
 dev-prop: vram_size = 134217728
...
3.Boot guest with
-spice disable-ticketing,port=5912 -vga qxl -global qxl-vga.vram_size=134217738/qxl-vga.ram_size=134217738

Results:
QEMU 0.12.1 monitor - type 'help' for more information
(qemu) KVM internal error. Suberror: 1
rax 000000007fffd86d rbx 0000000000000000 rcx 0000000000000000 rdx 0000000000000000
rsi 0000000000000001 rdi 0000000000000001 rsp 0000000000006ea4 rbp 0000000000000004
r8  0000000000000000 r9  0000000000000000 r10 0000000000000000 r11 0000000000000000
r12 0000000000000000 r13 0000000000000000 r14 0000000000000000 r15 0000000000000000
rip 00000000000ef323 rflags 00000002
cs 0008 (00000000/ffffffff p 1 dpl 0 db 1 s 1 type b l 0 g 1 avl 0)
ds 0010 (00000000/ffffffff p 1 dpl 0 db 1 s 1 type 3 l 0 g 1 avl 0)
es 0010 (00000000/ffffffff p 1 dpl 0 db 1 s 1 type 3 l 0 g 1 avl 0)
ss 0010 (00000000/ffffffff p 1 dpl 0 db 1 s 1 type 3 l 0 g 1 avl 0)
fs 0010 (00000000/ffffffff p 1 dpl 0 db 1 s 1 type 3 l 0 g 1 avl 0)
gs 0010 (00000000/ffffffff p 1 dpl 0 db 1 s 1 type 3 l 0 g 1 avl 0)
tr 0000 (00000000/0000ffff p 1 dpl 0 db 0 s 0 type b l 0 g 0 avl 0)
ldt 0000 (00000000/0000ffff p 1 dpl 0 db 0 s 0 type 2 l 0 g 0 avl 0)
gdt fc558/37
idt fdb50/0
cr0 11 cr2 0 cr3 0 cr4 0 cr8 0 efer 0
emulation failure, check dmesg for details

(qemu) 
(qemu) info status
VM status: paused (internal-error)
(qemu) 


Verify this bug as follow version:
Host:
# uname -r
2.6.32-348.el6.x86_64
# rpm -q  qemu-kvm-rhev
qemu-kvm-rhev-0.12.1.2-2.346.el6.x86_64
# rpm -q seabios
seabios-0.6.1.2-26.el6.x86_64

Steps:
1.Boot guest with 
-spice disable-ticketing,port=5912 -vga qxl -global qxl-vga.vram_size=134217738/qxl-vga.ram_size=134217738

Results:
(qemu) info status
VM status: running


Addinfo:
1)Tried more than 15 times.Guest boot successfully.
2)Tried other value(536870922/2343321122),guest boot successfully and work well.
3)Tests include "qxl-vga.ram_size/qxl-vga.vram_size"


According to above test ,this bug fixed.

Comment 19 errata-xmlrpc 2013-02-21 08:15:52 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2013-0307.html

Note You need to log in before you can comment on or make changes to this bug.

acathrow
alevy
bcao
bsarathy
chayang
ddumas
flang
gleb
juli
juzhang
knoel
kraxel
michen
minovotn
mkenneth
mkrcmari
qzhang
rhod
shu
skrishna
vbenes
virt-maint
wdai
xfu