Bug 814072 - Guest memory sometimes reduces to a small number after balloon mem to a large negative value
Guest memory sometimes reduces to a small number after balloon mem to a large...
Status: CLOSED WONTFIX
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: qemu-kvm (Show other bugs)
6.3
Unspecified Unspecified
medium Severity medium
: rc
: ---
Assigned To: Amit Shah
Virtualization Bugs
:
: 843360 (view as bug list)
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2012-04-19 03:33 EDT by Qunfang Zhang
Modified: 2013-01-09 19:53 EST (History)
13 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2012-05-02 12:24:33 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Qunfang Zhang 2012-04-19 03:33:26 EDT
Description of problem:
Currently qemu refuses to set balloon value to negative number or 0. But sometimes when set the number to a large negative value, the guest mem will reduce continuously until the guest can not response due to lack of mem. 
This issue happens for both windows and rhel guests. 

Version-Release number of selected component (if applicable):
Host:
kernel-2.6.32-262.el6.x86_64
qemu-kvm-0.12.1.2-2.275.el6.x86_64
seabios-0.6.1.2-18.el6.x86_64

Guest related:
rhel: kernel-2.6.32-262.el6.x86_64
windows: virtio-win-prewhql-26

How reproducible:
Sometimes

Steps to Reproduce:
1. Boot a guest with balloon device:
/usr/libexec/qemu-kvm r -M rhel6.3.0 -cpu Conroe -enable-kvm -m 2G -smp 2,sockets=1,cores=2,threads=1 -name win7-64 -uuid 3ab85f83-0a82-4aa8-9d73-01df056123ec -rtc base=localtime,driftfix=slew -drive file=/mnt/win7-64-virtio.raw,if=none,id=drive-virtio-disk0,format=raw,cache=none,werror=stop,rerror=stop,aio=native -device virtio-blk-pci,bus=pci.0,drive=drive-virtio-disk0,id=virtio-disk0 -netdev tap,id=hostnet0,script=/etc/qemu-ifup -device e1000,netdev=hostnet0,id=net0,mac=00:1a:2a:42:10:69,bus=pci.0 -boot c -drive file=/usr/share/virtio-win/virtio-win-1.4.0.iso,if=none,media=cdrom,id=drive-ide0-1-0,readonly=on,format=raw -device ide-drive,bus=ide.1,unit=0,drive=drive-ide0-1-0,id=ide0-1-0 -spice port=5930,disable-ticketing -vga qxl -global qxl-vga.vram_size=33554432  -qmp tcp:0:4444,server,nowait -bios /usr/share/seabios/bios-pm.bin  -chardev socket,path=/tmp/qzhang-test,server,nowait,id=isa1 -device isa-serial,chardev=isa1,id=isa-serial1 -usb -device usb-tablet,id=input0 -device virtio-balloon-pci,id=balloon0,bus=pci.0 -monitor stdio

2. 

(qemu) info balloon 
balloon: actual=2048
(qemu) 
(qemu) balloon -10000000000000
(qemu) info balloon 
balloon: actual=2048
(qemu) balloon -100000000000001
(qemu) balloon -1000000000000011
(qemu) balloon -10000000000000111
Parameter 'target' expects a size
(qemu) balloon -100000000000001111
Parameter 'target' expects a size
(qemu) balloon -1000000000000011111
Parameter 'target' expects a size
(qemu) balloon -10000000000000111111
Parameter 'target' expects a size
(qemu) balloon -1000000000000011111143w432
balloon: extraneous characters at the end of line
(qemu) balloon -100000000000001111114334234
(qemu) 
(qemu) info balloon 
balloon: actual=1222
(qemu) info balloon 
balloon: actual=938
(qemu) 
(qemu) info balloon 
balloon: actual=482
  
Actual results:
Guest memory reduces after balloon value to a large negative number.

Expected results:
Guest should always prompt "Parameter 'target' expects a size" when balloon a negative value.

Additional info:
Both happens on rhel and windows guest.
Comment 2 Qunfang Zhang 2012-04-19 04:11:17 EDT
For rhel guest, there's a strange behaviours like below, after the memory
continuously reduce to 312M, it comes back to 1974M some seconds later. and
then I do 'balloon 2048', no response.

(qemu)  balloon -10000000000000111
Parameter 'target' expects a size
(qemu)  balloon -100000000000001111114334234
(qemu) info balloon 
balloon: actual=457
(qemu) 
(qemu) info balloon 
balloon: actual=416
(qemu) info balloon 
balloon: actual=402
(qemu) info balloon 
balloon: actual=378
(qemu) info balloon 
balloon: actual=359
(qemu) info balloon
(qemu) info balloon 
balloon: actual=312
(qemu) 
(qemu) info balloon 
balloon: actual=312
(qemu) info balloon 
balloon: actual=1974
(qemu) 
(qemu) info balloon 
balloon: actual=1974
(qemu) balloon 2048
(qemu) info balloon 
balloon: actual=1974
(qemu)
Comment 3 Qunfang Zhang 2012-04-23 03:28:11 EDT
Tested RHEL6.2 release host, the issue exists too.
Comment 4 Amit Shah 2012-04-26 07:30:04 EDT
Luiz, does qmp's int handling need some bounds-checking here?

See hw/balloon.c, function qmp_balloon().  It gets an int64_t.  Look at the values given in comment #2.  Looks strange what is happening in the first 6 lines.
Comment 5 Luiz Capitulino 2012-04-26 13:50:51 EDT
Amit, you're mostly right. There are three points to be considered:

1. Yes, there's a bug. But it's in HMP. HMP is not supported and this kind of issue should _always_ be tested against QMP

2. I tested QMP a bit, it seems to do the right thing. I'd appreciate if QE could confirm this

3. The fact that the guest (or is it the host?) continuously reduces its memory seems to be a different issue. Here, a balloon value of -100000000000001111114334234 will turn into 1048576 when passed to qmp_ballon(). This means that the guest memory is being reduced to 1M. The side effects this will cause are unrelated to HMP's bug, and this is probably what is causing the "continuous memory reduction" effect

I'll fix HMP bug usptream, but as HMP is not supported in RHEL I'd close this as NOTABUG. Unless you want to investigate item 3...
Comment 6 Amit Shah 2012-04-26 14:04:08 EDT
(In reply to comment #5)
> Amit, you're mostly right. There are three points to be considered:
> 
> 1. Yes, there's a bug. But it's in HMP. HMP is not supported and this kind of
> issue should _always_ be tested against QMP

OK, I assumed they would use the same code path.  Apparently not.

> 2. I tested QMP a bit, it seems to do the right thing. I'd appreciate if QE
> could confirm this

Qunfang, please test with the QMP interface.

> 3. The fact that the guest (or is it the host?) continuously reduces its memory
> seems to be a different issue. Here, a balloon value of
> -100000000000001111114334234 will turn into 1048576 when passed to
> qmp_ballon(). This means that the guest memory is being reduced to 1M. The side
> effects this will cause are unrelated to HMP's bug, and this is probably what
> is causing the "continuous memory reduction" effect

I should've been clearer: I wanted your input only on the monitor interaction.  However, thanks for noting this here too.

> I'll fix HMP bug usptream, but as HMP is not supported in RHEL I'd close this
> as NOTABUG. Unless you want to investigate item 3...

It's difficult for the guest to do much if its mem gets reduced below acceptable levels; can't do much in that case.

I'll leave the bug open till QE can confirm QMP works fine in their testing.

Thank you, Luiz.
Comment 7 Qunfang Zhang 2012-05-01 23:20:26 EDT
(In reply to comment #6)
> (In reply to comment #5)
> > Amit, you're mostly right. There are three points to be considered:
> > 
> > 1. Yes, there's a bug. But it's in HMP. HMP is not supported and this kind of
> > issue should _always_ be tested against QMP
> 
> OK, I assumed they would use the same code path.  Apparently not.
> 
> > 2. I tested QMP a bit, it seems to do the right thing. I'd appreciate if QE
> > could confirm this
> 
> Qunfang, please test with the QMP interface.
> 

Sorry for reply late, retest with QMP interface and can not set a negative value with QMP:

Boot with the same command line in bug description:

{"execute":"query-balloon"}
{"return": {"actual": 2147483648}}

{"execute":"balloon","arguments":{"value":"-1048576000"}}
{"error": {"class": "InvalidParameterType", "desc": "Invalid parameter type, expected: int", "data": {"name": "value", "expected": "int"}}}

{"execute":"balloon","arguments":{"value":"-10485760000000000000"}}
{"error": {"class": "InvalidParameterType", "desc": "Invalid parameter type, expected: int", "data": {"name": "value", "expected": "int"}}}



{"execute":"query-balloon"}
{"return": {"actual": 2147483648}}


{"execute":"balloon","arguments":{"value":"-104857600000001165087824133750784"}}
{"error": {"class": "InvalidParameterType", "desc": "Invalid parameter type, expected: int", "data": {"name": "value", "expected": "int"}}}

*(This value is the one that hit the HMP issue, but can not hit it with QMP)*

{"execute":"query-balloon"}
{"return": {"actual": 2147483648}}
Comment 8 Luiz Capitulino 2012-05-02 12:24:33 EDT
As stated in the last comments, this issue only affects HMP which is not supported by RHEL. Closing as WONTFIX.
Comment 9 Mike Cao 2012-07-26 03:31:01 EDT
*** Bug 843360 has been marked as a duplicate of this bug. ***

Note You need to log in before you can comment on or make changes to this bug.