814072 – Guest memory sometimes reduces to a small number after balloon mem to a large negative value

RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 814072 - Guest memory sometimes reduces to a small number after balloon mem to a large negative value

Summary: Guest memory sometimes reduces to a small number after balloon mem to a large...

Keywords:
Status:	CLOSED WONTFIX
Alias:	None
Product:	Red Hat Enterprise Linux 6
Classification:	Red Hat
Component:	qemu-kvm
Sub Component:
Version:	6.3
Hardware:	Unspecified
OS:	Unspecified
Priority:	medium
Severity:	medium
Target Milestone:	rc
Target Release:	---
Assignee:	Amit Shah
QA Contact:	Virtualization Bugs
Docs Contact:
URL:
Whiteboard:
Duplicates (1):	843360 (view as bug list)
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2012-04-19 07:33 UTC by Qunfang Zhang
Modified:	2013-01-10 00:53 UTC (History)
CC List:	13 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2012-05-02 16:24:33 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Description Qunfang Zhang 2012-04-19 07:33:26 UTC

Description of problem:
Currently qemu refuses to set balloon value to negative number or 0. But sometimes when set the number to a large negative value, the guest mem will reduce continuously until the guest can not response due to lack of mem. 
This issue happens for both windows and rhel guests. 

Version-Release number of selected component (if applicable):
Host:
kernel-2.6.32-262.el6.x86_64
qemu-kvm-0.12.1.2-2.275.el6.x86_64
seabios-0.6.1.2-18.el6.x86_64

Guest related:
rhel: kernel-2.6.32-262.el6.x86_64
windows: virtio-win-prewhql-26

How reproducible:
Sometimes

Steps to Reproduce:
1. Boot a guest with balloon device:
/usr/libexec/qemu-kvm r -M rhel6.3.0 -cpu Conroe -enable-kvm -m 2G -smp 2,sockets=1,cores=2,threads=1 -name win7-64 -uuid 3ab85f83-0a82-4aa8-9d73-01df056123ec -rtc base=localtime,driftfix=slew -drive file=/mnt/win7-64-virtio.raw,if=none,id=drive-virtio-disk0,format=raw,cache=none,werror=stop,rerror=stop,aio=native -device virtio-blk-pci,bus=pci.0,drive=drive-virtio-disk0,id=virtio-disk0 -netdev tap,id=hostnet0,script=/etc/qemu-ifup -device e1000,netdev=hostnet0,id=net0,mac=00:1a:2a:42:10:69,bus=pci.0 -boot c -drive file=/usr/share/virtio-win/virtio-win-1.4.0.iso,if=none,media=cdrom,id=drive-ide0-1-0,readonly=on,format=raw -device ide-drive,bus=ide.1,unit=0,drive=drive-ide0-1-0,id=ide0-1-0 -spice port=5930,disable-ticketing -vga qxl -global qxl-vga.vram_size=33554432  -qmp tcp:0:4444,server,nowait -bios /usr/share/seabios/bios-pm.bin  -chardev socket,path=/tmp/qzhang-test,server,nowait,id=isa1 -device isa-serial,chardev=isa1,id=isa-serial1 -usb -device usb-tablet,id=input0 -device virtio-balloon-pci,id=balloon0,bus=pci.0 -monitor stdio

2. 

(qemu) info balloon 
balloon: actual=2048
(qemu) 
(qemu) balloon -10000000000000
(qemu) info balloon 
balloon: actual=2048
(qemu) balloon -100000000000001
(qemu) balloon -1000000000000011
(qemu) balloon -10000000000000111
Parameter 'target' expects a size
(qemu) balloon -100000000000001111
Parameter 'target' expects a size
(qemu) balloon -1000000000000011111
Parameter 'target' expects a size
(qemu) balloon -10000000000000111111
Parameter 'target' expects a size
(qemu) balloon -1000000000000011111143w432
balloon: extraneous characters at the end of line
(qemu) balloon -100000000000001111114334234
(qemu) 
(qemu) info balloon 
balloon: actual=1222
(qemu) info balloon 
balloon: actual=938
(qemu) 
(qemu) info balloon 
balloon: actual=482
  
Actual results:
Guest memory reduces after balloon value to a large negative number.

Expected results:
Guest should always prompt "Parameter 'target' expects a size" when balloon a negative value.

Additional info:
Both happens on rhel and windows guest.

Comment 2 Qunfang Zhang 2012-04-19 08:11:17 UTC

For rhel guest, there's a strange behaviours like below, after the memory
continuously reduce to 312M, it comes back to 1974M some seconds later. and
then I do 'balloon 2048', no response.

(qemu)  balloon -10000000000000111
Parameter 'target' expects a size
(qemu)  balloon -100000000000001111114334234
(qemu) info balloon 
balloon: actual=457
(qemu) 
(qemu) info balloon 
balloon: actual=416
(qemu) info balloon 
balloon: actual=402
(qemu) info balloon 
balloon: actual=378
(qemu) info balloon 
balloon: actual=359
(qemu) info balloon
(qemu) info balloon 
balloon: actual=312
(qemu) 
(qemu) info balloon 
balloon: actual=312
(qemu) info balloon 
balloon: actual=1974
(qemu) 
(qemu) info balloon 
balloon: actual=1974
(qemu) balloon 2048
(qemu) info balloon 
balloon: actual=1974
(qemu)

Comment 3 Qunfang Zhang 2012-04-23 07:28:11 UTC

Tested RHEL6.2 release host, the issue exists too.

Comment 4 Amit Shah 2012-04-26 11:30:04 UTC

Luiz, does qmp's int handling need some bounds-checking here?

See hw/balloon.c, function qmp_balloon().  It gets an int64_t.  Look at the values given in comment #2.  Looks strange what is happening in the first 6 lines.

Comment 5 Luiz Capitulino 2012-04-26 17:50:51 UTC

Amit, you're mostly right. There are three points to be considered:

1. Yes, there's a bug. But it's in HMP. HMP is not supported and this kind of issue should _always_ be tested against QMP

2. I tested QMP a bit, it seems to do the right thing. I'd appreciate if QE could confirm this

3. The fact that the guest (or is it the host?) continuously reduces its memory seems to be a different issue. Here, a balloon value of -100000000000001111114334234 will turn into 1048576 when passed to qmp_ballon(). This means that the guest memory is being reduced to 1M. The side effects this will cause are unrelated to HMP's bug, and this is probably what is causing the "continuous memory reduction" effect

I'll fix HMP bug usptream, but as HMP is not supported in RHEL I'd close this as NOTABUG. Unless you want to investigate item 3...

Comment 6 Amit Shah 2012-04-26 18:04:08 UTC

(In reply to comment #5)
> Amit, you're mostly right. There are three points to be considered:
> 
> 1. Yes, there's a bug. But it's in HMP. HMP is not supported and this kind of
> issue should _always_ be tested against QMP

OK, I assumed they would use the same code path.  Apparently not.

> 2. I tested QMP a bit, it seems to do the right thing. I'd appreciate if QE
> could confirm this

Qunfang, please test with the QMP interface.

> 3. The fact that the guest (or is it the host?) continuously reduces its memory
> seems to be a different issue. Here, a balloon value of
> -100000000000001111114334234 will turn into 1048576 when passed to
> qmp_ballon(). This means that the guest memory is being reduced to 1M. The side
> effects this will cause are unrelated to HMP's bug, and this is probably what
> is causing the "continuous memory reduction" effect

I should've been clearer: I wanted your input only on the monitor interaction.  However, thanks for noting this here too.

> I'll fix HMP bug usptream, but as HMP is not supported in RHEL I'd close this
> as NOTABUG. Unless you want to investigate item 3...

It's difficult for the guest to do much if its mem gets reduced below acceptable levels; can't do much in that case.

I'll leave the bug open till QE can confirm QMP works fine in their testing.

Thank you, Luiz.

Comment 7 Qunfang Zhang 2012-05-02 03:20:26 UTC

(In reply to comment #6)
> (In reply to comment #5)
> > Amit, you're mostly right. There are three points to be considered:
> > 
> > 1. Yes, there's a bug. But it's in HMP. HMP is not supported and this kind of
> > issue should _always_ be tested against QMP
> 
> OK, I assumed they would use the same code path.  Apparently not.
> 
> > 2. I tested QMP a bit, it seems to do the right thing. I'd appreciate if QE
> > could confirm this
> 
> Qunfang, please test with the QMP interface.
> 

Sorry for reply late, retest with QMP interface and can not set a negative value with QMP:

Boot with the same command line in bug description:

{"execute":"query-balloon"}
{"return": {"actual": 2147483648}}

{"execute":"balloon","arguments":{"value":"-1048576000"}}
{"error": {"class": "InvalidParameterType", "desc": "Invalid parameter type, expected: int", "data": {"name": "value", "expected": "int"}}}

{"execute":"balloon","arguments":{"value":"-10485760000000000000"}}
{"error": {"class": "InvalidParameterType", "desc": "Invalid parameter type, expected: int", "data": {"name": "value", "expected": "int"}}}



{"execute":"query-balloon"}
{"return": {"actual": 2147483648}}


{"execute":"balloon","arguments":{"value":"-104857600000001165087824133750784"}}
{"error": {"class": "InvalidParameterType", "desc": "Invalid parameter type, expected: int", "data": {"name": "value", "expected": "int"}}}

*(This value is the one that hit the HMP issue, but can not hit it with QMP)*

{"execute":"query-balloon"}
{"return": {"actual": 2147483648}}

Comment 8 Luiz Capitulino 2012-05-02 16:24:33 UTC

As stated in the last comments, this issue only affects HMP which is not supported by RHEL. Closing as WONTFIX.

Comment 9 Mike Cao 2012-07-26 07:31:01 UTC

*** Bug 843360 has been marked as a duplicate of this bug. ***

Note You need to log in before you can comment on or make changes to this bug.