[Devel] [PATCH RHEL10 COMMIT] vhost/vsock: re-scan TX virtqueue on device start

Konstantin Khorenko khorenko at virtuozzo.com
Mon Jun 29 18:42:58 MSK 2026


The commit is pushed to "branch-rh10-6.12.0-211.16.1.12.x.vz10-ovz" and will appear at git at bitbucket.org:openvz/vzkernel.git
after rh10-6.12.0-211.16.1.12.5.vz10
------>
commit 67fdd1befc4da39f114de9a2ad4e725ea442a034
Author: Andrey Drobyshev <andrey.drobyshev at virtuozzo.com>
Date:   Thu Jun 4 18:46:13 2026 +0300

    vhost/vsock: re-scan TX virtqueue on device start
    
    During QEMU CPR live-update (and VHOST_RESET_OWNER in general) the guest
    keeps running while the host drops and later re-attaches vhost backends.
    If the guest adds a buffer to the TX virtqueue (guest->host) and kicks
    while the backend is temporarily NULL (between vhost_vsock_drop_backends()
    and the next vhost_vsock_start()), then the kick is delivered to the
    vhost worker, handle_tx_kick() sees a NULL backend and returns, and the
    kick signal is consumed.  The buffer is then left in the ring.
    
    Then upon device start vhost_vsock_start() only re-kicks the RX send
    worker, never the TX VQ, so the buffer is processed only if the guest
    happens to kick again.  But if the guest itself is now waiting for data
    from the host, it will never kick TX VQ again, and we end up in a
    deadlock.
    
    The deadlock is reproduced during active host->guest socat data transfer
    under multiple consecutive qemu-update's.
    
    To fix this, in vhost_vsock_start(), after kicking the RX send worker, also
    queue the TX vq poll so any buffers the guest enqueued while we were paused
    get scanned.
    
    https://virtuozzo.atlassian.net/browse/VSTOR-131956
    https://virtuozzo.atlassian.net/browse/VSTOR-101116
    Reviewed-by: Pavel Tikhomirov <ptikhomirov at virtuozzo.com>
    Signed-off-by: Andrey Drobyshev <andrey.drobyshev at virtuozzo.com>
    Feature: vhost-vsock: VHOST_RESET_OWNER ioctl
---
 drivers/vhost/vsock.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/drivers/vhost/vsock.c b/drivers/vhost/vsock.c
index 67cedf55cd2a3..55a4de4c4f7a4 100644
--- a/drivers/vhost/vsock.c
+++ b/drivers/vhost/vsock.c
@@ -637,6 +637,12 @@ static int vhost_vsock_start(struct vhost_vsock *vsock)
 	 */
 	vhost_vq_work_queue(&vsock->vqs[VSOCK_VQ_RX], &vsock->send_pkt_work);
 
+	/*
+	 * Some packets might've also been queued in TX VQ.  Re-scan it here,
+	 * mirroring the RX send-worker kick above.
+	 */
+	vhost_poll_queue(&vsock->vqs[VSOCK_VQ_TX].poll);
+
 	mutex_unlock(&vsock->dev.mutex);
 	return 0;
 


More information about the Devel mailing list