[Devel] [PATCH VZ10 2/2] vhost/vsock: re-scan TX virtqueue on device start

Andrey Drobyshev andrey.drobyshev at virtuozzo.com
Thu Jun 25 15:43:49 MSK 2026


On 6/25/26 3:22 PM, Pavel Tikhomirov wrote:
> 
> 
> On 6/4/26 17:46, Andrey Drobyshev wrote:
>> During QEMU CPR live-update (and VHOST_RESET_OWNER in general) the guest
>> keeps running while the host drops and later re-attaches vhost backends.
>> If the guest adds a buffer to the TX virtqueue (guest->host) and kicks
>> while the backend is temporarily NULL (between vhost_vsock_drop_backends()
>> and the next vhost_vsock_start()), then the kick is delivered to the
>> vhost worker, handle_tx_kick() sees a NULL backend and returns, and the
>> kick signal is consumed.  The buffer is then left in the ring.
>>
>> Then upon device start vhost_vsock_start() only re-kicks the RX send
>> worker, never the TX VQ, so the buffer is processed only if the guest
>> happens to kick again.  But if the guest itself is now waiting for data
>> from the host, it will never kick TX VQ again, and we end up in a
>> deadlock.
>>
>> The deadlock is reproduced during active host->guest socat data transfer
>> under multiple consecutive qemu-update's.
>>
>> To fix this, in vhost_vsock_start(), after kicking the RX send worker, also
>> queue the TX vq poll so any buffers the guest enqueued while we were paused
>> get scanned.
>>
>> https://virtuozzo.atlassian.net/browse/VSTOR-131956
>> https://virtuozzo.atlassian.net/browse/VSTOR-101116
> 
> Fixes: e541d8e1cf515 ("vhost/vsock: add VHOST_RESET_OWNER ioctl")
> 
> right?
> 

Well kinda, but I deliberately added it as a standalone patch as it
fixes a pre-existing issue, just this issue is only manifesting on
RESET_OWNER.  I also sent it upstream like that.

>>
>> Signed-off-by: Andrey Drobyshev <andrey.drobyshev at virtuozzo.com>
>>
>> Feature: vhost-vsock: VHOST_RESET_OWNER ioctl
>> ---
>>  drivers/vhost/vsock.c | 6 ++++++
>>  1 file changed, 6 insertions(+)
>>
>> diff --git a/drivers/vhost/vsock.c b/drivers/vhost/vsock.c
>> index 35f65b58108d..9aee012ababe 100644
>> --- a/drivers/vhost/vsock.c
>> +++ b/drivers/vhost/vsock.c
>> @@ -623,6 +623,12 @@ static int vhost_vsock_start(struct vhost_vsock *vsock)
>>  	 */
>>  	vhost_vq_work_queue(&vsock->vqs[VSOCK_VQ_RX], &vsock->send_pkt_work);
>>  
>> +	/*
>> +	 * Some packets might've also been queued in TX VQ.  Re-scan it here,
>> +	 * mirroring the RX send-worker kick above.
>> +	 */
>> +	vhost_poll_queue(&vsock->vqs[VSOCK_VQ_TX].poll);
>> +
>>  	mutex_unlock(&vsock->dev.mutex);
>>  	return 0;
>>  
> 



More information about the Devel mailing list