[Devel] [PATCH VZ10 2/2] vhost/vsock: re-scan TX virtqueue on device start
Andrey Drobyshev
andrey.drobyshev at virtuozzo.com
Thu Jun 25 15:43:49 MSK 2026
On 6/25/26 3:22 PM, Pavel Tikhomirov wrote:
>
>
> On 6/4/26 17:46, Andrey Drobyshev wrote:
>> During QEMU CPR live-update (and VHOST_RESET_OWNER in general) the guest
>> keeps running while the host drops and later re-attaches vhost backends.
>> If the guest adds a buffer to the TX virtqueue (guest->host) and kicks
>> while the backend is temporarily NULL (between vhost_vsock_drop_backends()
>> and the next vhost_vsock_start()), then the kick is delivered to the
>> vhost worker, handle_tx_kick() sees a NULL backend and returns, and the
>> kick signal is consumed. The buffer is then left in the ring.
>>
>> Then upon device start vhost_vsock_start() only re-kicks the RX send
>> worker, never the TX VQ, so the buffer is processed only if the guest
>> happens to kick again. But if the guest itself is now waiting for data
>> from the host, it will never kick TX VQ again, and we end up in a
>> deadlock.
>>
>> The deadlock is reproduced during active host->guest socat data transfer
>> under multiple consecutive qemu-update's.
>>
>> To fix this, in vhost_vsock_start(), after kicking the RX send worker, also
>> queue the TX vq poll so any buffers the guest enqueued while we were paused
>> get scanned.
>>
>> https://virtuozzo.atlassian.net/browse/VSTOR-131956
>> https://virtuozzo.atlassian.net/browse/VSTOR-101116
>
> Fixes: e541d8e1cf515 ("vhost/vsock: add VHOST_RESET_OWNER ioctl")
>
> right?
>
Well kinda, but I deliberately added it as a standalone patch as it
fixes a pre-existing issue, just this issue is only manifesting on
RESET_OWNER. I also sent it upstream like that.
>>
>> Signed-off-by: Andrey Drobyshev <andrey.drobyshev at virtuozzo.com>
>>
>> Feature: vhost-vsock: VHOST_RESET_OWNER ioctl
>> ---
>> drivers/vhost/vsock.c | 6 ++++++
>> 1 file changed, 6 insertions(+)
>>
>> diff --git a/drivers/vhost/vsock.c b/drivers/vhost/vsock.c
>> index 35f65b58108d..9aee012ababe 100644
>> --- a/drivers/vhost/vsock.c
>> +++ b/drivers/vhost/vsock.c
>> @@ -623,6 +623,12 @@ static int vhost_vsock_start(struct vhost_vsock *vsock)
>> */
>> vhost_vq_work_queue(&vsock->vqs[VSOCK_VQ_RX], &vsock->send_pkt_work);
>>
>> + /*
>> + * Some packets might've also been queued in TX VQ. Re-scan it here,
>> + * mirroring the RX send-worker kick above.
>> + */
>> + vhost_poll_queue(&vsock->vqs[VSOCK_VQ_TX].poll);
>> +
>> mutex_unlock(&vsock->dev.mutex);
>> return 0;
>>
>
More information about the Devel
mailing list