** Description changed:

  [Impact]
  Firecracker process crashes with an "out of memory" error when it attempts to
  run the vCPU for the first time, even if the system has enough available
  memory:
  ```
  2025-05-02T16:31:21.850912998 [daf77128-f177-4a01-9b97-a88dd9faa78f:fc_vcpu 
0] Failure during vcpu run: Out of memory (os error 12)
  ```
  
  The issue is triggered by a race condition caused by the VMM thread sending a
- SIGRTMIN to the vCPU thread, while it is starting
- the nx_huge_page_recovery_thread. This makes the thread creation fail, but due
- to a bug in the kernel, it is classified as a ENOMEM, instead of a
- ERESTARTNOINTR, which should be retried.
+ SIGRTMIN to the vCPU thread, while it is starting the
+ nx_huge_page_recovery_thread. This makes the thread creation fail, but due to 
a
+ bug in the kernel, it is classified as a ENOMEM, instead of a ERESTARTNOINTR,
+ which should be retried.
  
+ This only affects 6.8 kernels, since the bug is introduced by the following
+ commits, backported to the noble:linux 6.8.0-58.60 kernel as part of the 
upstream
+ stable updates (LP: #2101915):
+ - 43fb96ae7855 ("KVM: x86/mmu: Ensure NX huge page recovery thread is alive 
before waking")
+ - 931656b9e2ff ("kvm: defer huge page recovery vhost task to later")
+ - d96c77bd4eeb ("KVM: x86: switch hugepage recovery thread to vhost_task")
  
  [Fix]
  Cherry-pick cb380909ae3b ("vhost: return task creation error instead of NULL")
  and 916b7f42b3b3 ("kvm: retry nx_huge_page_recovery_thread creation").
  
- 
  [Test Case]
- 
+ 1) Launch a Noble c5.metal instance on AWS
+ 2) Install and boot into the linux-generic 6.8 kernel
+ 3) Install docker and aws-cli
+ 4) git clone https://github.com/firecracker-microvm/firecracker.git
+ 5) Go to the firecracker directory and run `./tools/devtool test -- -n16 
integration_tests/functional/test_snapshot_basic.py::test_cycled_snapshot_restore`
+ 6) With this patchset, observe that all tests pass. Without it, a couple
+ of tests will fail accusing out of memory.
  
  [Where problems could occur]
- 
+ This patchset touches vhost_task_create(), making it return specific error
+ pointers instead of just NULL. Problems could occur if its callers
+ mishandle the return value.
+ More broadly, it also touches code responsible for MM of KVM VMs, and issues
+ could appear as these VMs failing to initialize.
  
  [Other info]
  SF #00410184

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/2109859

Title:
  KVM bug causes Firecracker crash when it runs the vCPU for the first
  time

Status in linux package in Ubuntu:
  Invalid
Status in linux source package in Noble:
  In Progress

Bug description:
  [Impact]
  Firecracker process crashes with an "out of memory" error when it attempts to
  run the vCPU for the first time, even if the system has enough available
  memory:
  ```
  2025-05-02T16:31:21.850912998 [daf77128-f177-4a01-9b97-a88dd9faa78f:fc_vcpu 
0] Failure during vcpu run: Out of memory (os error 12)
  ```

  The issue is triggered by a race condition caused by the VMM thread sending a
  SIGRTMIN to the vCPU thread, while it is starting the
  nx_huge_page_recovery_thread. This makes the thread creation fail, but due to 
a
  bug in the kernel, it is classified as a ENOMEM, instead of a ERESTARTNOINTR,
  which should be retried.

  This only affects 6.8 kernels, since the bug is introduced by the following
  commits, backported to the noble:linux 6.8.0-58.60 kernel as part of the 
upstream
  stable updates (LP: #2101915):
  - 43fb96ae7855 ("KVM: x86/mmu: Ensure NX huge page recovery thread is alive 
before waking")
  - 931656b9e2ff ("kvm: defer huge page recovery vhost task to later")
  - d96c77bd4eeb ("KVM: x86: switch hugepage recovery thread to vhost_task")

  [Fix]
  Cherry-pick cb380909ae3b ("vhost: return task creation error instead of NULL")
  and 916b7f42b3b3 ("kvm: retry nx_huge_page_recovery_thread creation").

  [Test Case]
  1) Launch a Noble c5.metal instance on AWS
  2) Install and boot into the linux-generic 6.8 kernel
  3) Install docker and aws-cli
  4) git clone https://github.com/firecracker-microvm/firecracker.git
  5) Go to the firecracker directory and run `./tools/devtool test -- -n16 
integration_tests/functional/test_snapshot_basic.py::test_cycled_snapshot_restore`
  6) With this patchset, observe that all tests pass. Without it, a couple
  of tests will fail accusing out of memory.

  [Where problems could occur]
  This patchset touches vhost_task_create(), making it return specific error
  pointers instead of just NULL. Problems could occur if its callers
  mishandle the return value.
  More broadly, it also touches code responsible for MM of KVM VMs, and issues
  could appear as these VMs failing to initialize.

  [Other info]
  SF #00410184

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2109859/+subscriptions


-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to     : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

Reply via email to