Hide Forgot
Description of problem: Currently qemu refuses to set balloon value to negative number or 0. But sometimes when set the number to a large negative value, the guest mem will reduce continuously until the guest can not response due to lack of mem. This issue happens for both windows and rhel guests. Version-Release number of selected component (if applicable): Host: kernel-2.6.32-262.el6.x86_64 qemu-kvm-0.12.1.2-2.275.el6.x86_64 seabios-0.6.1.2-18.el6.x86_64 Guest related: rhel: kernel-2.6.32-262.el6.x86_64 windows: virtio-win-prewhql-26 How reproducible: Sometimes Steps to Reproduce: 1. Boot a guest with balloon device: /usr/libexec/qemu-kvm r -M rhel6.3.0 -cpu Conroe -enable-kvm -m 2G -smp 2,sockets=1,cores=2,threads=1 -name win7-64 -uuid 3ab85f83-0a82-4aa8-9d73-01df056123ec -rtc base=localtime,driftfix=slew -drive file=/mnt/win7-64-virtio.raw,if=none,id=drive-virtio-disk0,format=raw,cache=none,werror=stop,rerror=stop,aio=native -device virtio-blk-pci,bus=pci.0,drive=drive-virtio-disk0,id=virtio-disk0 -netdev tap,id=hostnet0,script=/etc/qemu-ifup -device e1000,netdev=hostnet0,id=net0,mac=00:1a:2a:42:10:69,bus=pci.0 -boot c -drive file=/usr/share/virtio-win/virtio-win-1.4.0.iso,if=none,media=cdrom,id=drive-ide0-1-0,readonly=on,format=raw -device ide-drive,bus=ide.1,unit=0,drive=drive-ide0-1-0,id=ide0-1-0 -spice port=5930,disable-ticketing -vga qxl -global qxl-vga.vram_size=33554432 -qmp tcp:0:4444,server,nowait -bios /usr/share/seabios/bios-pm.bin -chardev socket,path=/tmp/qzhang-test,server,nowait,id=isa1 -device isa-serial,chardev=isa1,id=isa-serial1 -usb -device usb-tablet,id=input0 -device virtio-balloon-pci,id=balloon0,bus=pci.0 -monitor stdio 2. (qemu) info balloon balloon: actual=2048 (qemu) (qemu) balloon -10000000000000 (qemu) info balloon balloon: actual=2048 (qemu) balloon -100000000000001 (qemu) balloon -1000000000000011 (qemu) balloon -10000000000000111 Parameter 'target' expects a size (qemu) balloon -100000000000001111 Parameter 'target' expects a size (qemu) balloon -1000000000000011111 Parameter 'target' expects a size (qemu) balloon -10000000000000111111 Parameter 'target' expects a size (qemu) balloon -1000000000000011111143w432 balloon: extraneous characters at the end of line (qemu) balloon -100000000000001111114334234 (qemu) (qemu) info balloon balloon: actual=1222 (qemu) info balloon balloon: actual=938 (qemu) (qemu) info balloon balloon: actual=482 Actual results: Guest memory reduces after balloon value to a large negative number. Expected results: Guest should always prompt "Parameter 'target' expects a size" when balloon a negative value. Additional info: Both happens on rhel and windows guest.
For rhel guest, there's a strange behaviours like below, after the memory continuously reduce to 312M, it comes back to 1974M some seconds later. and then I do 'balloon 2048', no response. (qemu) balloon -10000000000000111 Parameter 'target' expects a size (qemu) balloon -100000000000001111114334234 (qemu) info balloon balloon: actual=457 (qemu) (qemu) info balloon balloon: actual=416 (qemu) info balloon balloon: actual=402 (qemu) info balloon balloon: actual=378 (qemu) info balloon balloon: actual=359 (qemu) info balloon (qemu) info balloon balloon: actual=312 (qemu) (qemu) info balloon balloon: actual=312 (qemu) info balloon balloon: actual=1974 (qemu) (qemu) info balloon balloon: actual=1974 (qemu) balloon 2048 (qemu) info balloon balloon: actual=1974 (qemu)
Tested RHEL6.2 release host, the issue exists too.
Luiz, does qmp's int handling need some bounds-checking here? See hw/balloon.c, function qmp_balloon(). It gets an int64_t. Look at the values given in comment #2. Looks strange what is happening in the first 6 lines.
Amit, you're mostly right. There are three points to be considered: 1. Yes, there's a bug. But it's in HMP. HMP is not supported and this kind of issue should _always_ be tested against QMP 2. I tested QMP a bit, it seems to do the right thing. I'd appreciate if QE could confirm this 3. The fact that the guest (or is it the host?) continuously reduces its memory seems to be a different issue. Here, a balloon value of -100000000000001111114334234 will turn into 1048576 when passed to qmp_ballon(). This means that the guest memory is being reduced to 1M. The side effects this will cause are unrelated to HMP's bug, and this is probably what is causing the "continuous memory reduction" effect I'll fix HMP bug usptream, but as HMP is not supported in RHEL I'd close this as NOTABUG. Unless you want to investigate item 3...
(In reply to comment #5) > Amit, you're mostly right. There are three points to be considered: > > 1. Yes, there's a bug. But it's in HMP. HMP is not supported and this kind of > issue should _always_ be tested against QMP OK, I assumed they would use the same code path. Apparently not. > 2. I tested QMP a bit, it seems to do the right thing. I'd appreciate if QE > could confirm this Qunfang, please test with the QMP interface. > 3. The fact that the guest (or is it the host?) continuously reduces its memory > seems to be a different issue. Here, a balloon value of > -100000000000001111114334234 will turn into 1048576 when passed to > qmp_ballon(). This means that the guest memory is being reduced to 1M. The side > effects this will cause are unrelated to HMP's bug, and this is probably what > is causing the "continuous memory reduction" effect I should've been clearer: I wanted your input only on the monitor interaction. However, thanks for noting this here too. > I'll fix HMP bug usptream, but as HMP is not supported in RHEL I'd close this > as NOTABUG. Unless you want to investigate item 3... It's difficult for the guest to do much if its mem gets reduced below acceptable levels; can't do much in that case. I'll leave the bug open till QE can confirm QMP works fine in their testing. Thank you, Luiz.
(In reply to comment #6) > (In reply to comment #5) > > Amit, you're mostly right. There are three points to be considered: > > > > 1. Yes, there's a bug. But it's in HMP. HMP is not supported and this kind of > > issue should _always_ be tested against QMP > > OK, I assumed they would use the same code path. Apparently not. > > > 2. I tested QMP a bit, it seems to do the right thing. I'd appreciate if QE > > could confirm this > > Qunfang, please test with the QMP interface. > Sorry for reply late, retest with QMP interface and can not set a negative value with QMP: Boot with the same command line in bug description: {"execute":"query-balloon"} {"return": {"actual": 2147483648}} {"execute":"balloon","arguments":{"value":"-1048576000"}} {"error": {"class": "InvalidParameterType", "desc": "Invalid parameter type, expected: int", "data": {"name": "value", "expected": "int"}}} {"execute":"balloon","arguments":{"value":"-10485760000000000000"}} {"error": {"class": "InvalidParameterType", "desc": "Invalid parameter type, expected: int", "data": {"name": "value", "expected": "int"}}} {"execute":"query-balloon"} {"return": {"actual": 2147483648}} {"execute":"balloon","arguments":{"value":"-104857600000001165087824133750784"}} {"error": {"class": "InvalidParameterType", "desc": "Invalid parameter type, expected: int", "data": {"name": "value", "expected": "int"}}} *(This value is the one that hit the HMP issue, but can not hit it with QMP)* {"execute":"query-balloon"} {"return": {"actual": 2147483648}}
As stated in the last comments, this issue only affects HMP which is not supported by RHEL. Closing as WONTFIX.
*** Bug 843360 has been marked as a duplicate of this bug. ***