Bug 1067338
Summary: | Mem leak while start a guest with a character followed | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 7 | Reporter: | zhenfeng wang <zhwang> |
Component: | libvirt | Assignee: | Ján Tomko <jtomko> |
Status: | CLOSED ERRATA | QA Contact: | Virtualization Bugs <virt-bugs> |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | 7.0 | CC: | ajia, dyuan, gsun, jmiao, jtomko, juzhou, mzhan, rbalakri, vivianzhang, ydu |
Target Milestone: | rc | ||
Target Release: | --- | ||
Hardware: | x86_64 | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | libvirt-1.2.7-1.el7 | Doc Type: | Bug Fix |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2015-03-05 07:30:31 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
zhenfeng wang
2014-02-20 09:22:47 UTC
Fixed upstream by: commit 6c1059ef24f72a5d35cbdb0e01b443a8f55e5a15 Author: Jincheng Miao <jmiao> AuthorDate: 2014-02-20 17:29:15 +0800 Commit: Eric Blake <eblake> CommitDate: 2014-02-20 05:40:13 -0700 virsh: fix memleak when starting a guest with invalid fd git describe: v1.2.1-265-g6c1059e contains: v1.2.2-rc1~27 Looking at the code, it seems there is a similar issue with 'virsh create'. I have proposed a patch for the 'virsh create' leak: https://www.redhat.com/archives/libvir-list/2014-February/msg01444.html Now fixed upstream by: commit fe1b6e72d2d2e350e49d0f5d5b0fecbbed854a1b Author: Ján Tomko <jtomko> CommitDate: 2014-02-24 18:46:34 +0100 virsh: Don't leak buffer if GetFDs fails in cmdCreate Change the logic of the function to return false by default and move the freeing of the buffer to the cleanup section. https://bugzilla.redhat.com/show_bug.cgi?id=1067338 git describe: v1.2.2-rc1-11-gfe1b6e7 I can produce this bug on build libvirt-1.1.1-23.el7.x86_64 verify this bug on build libvirt-1.2.8-9.el7.x86_64 qemu-kvm-rhev-2.1.2-12.el7.x86_64 kernel-3.10.0-208.el7.x86_64 verify steps: 1. prepare a guest xml and create it with invalid fd number, check mem leak with valgrind is 0 bytes # valgrind -v --leak-check=full virsh create /tmp/rhel6new.xml --pass-fds a ... error: Unable to parse FD number 'a' ==25601== ==25601== HEAP SUMMARY: ==25601== in use at exit: 109,089 bytes in 1,097 blocks ==25601== total heap usage: 4,645 allocs, 3,548 frees, 1,289,014 bytes allocated ==25601== ==25601== Searching for pointers to 1,097 not-freed blocks ==25601== Checked 1,554,488 bytes ==25601== ==25601== 40 bytes in 1 blocks are possibly lost in loss record 120 of 192 ==25601== at 0x4C29BBD: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) ==25601== by 0xBA28FDB: ??? (in /usr/lib64/libnspr4.so) ==25601== by 0xBA42CB6: ??? (in /usr/lib64/libnspr4.so) ==25601== by 0xBA432A4: PR_OpenFile (in /usr/lib64/libnspr4.so) ==25601== by 0xD957AC9: ??? (in /usr/lib64/libfreebl3.so) ==25601== by 0xD957DF0: ??? (in /usr/lib64/libfreebl3.so) ==25601== by 0xD92DAE9: ??? (in /usr/lib64/libfreebl3.so) ==25601== by 0x400F502: _dl_init (in /usr/lib64/ld-2.17.so) ==25601== by 0x4001459: ??? (in /usr/lib64/ld-2.17.so) ==25601== by 0x4: ??? ==25601== by 0xFFF00067A: ??? ==25601== by 0xFFF000680: ??? ==25601== ==25601== 48 bytes in 1 blocks are possibly lost in loss record 126 of 192 ==25601== at 0x4C29BBD: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) ==25601== by 0xBA28FC9: ??? (in /usr/lib64/libnspr4.so) ==25601== by 0xBA42CB6: ??? (in /usr/lib64/libnspr4.so) ==25601== by 0xBA432A4: PR_OpenFile (in /usr/lib64/libnspr4.so) ==25601== by 0xD957AC9: ??? (in /usr/lib64/libfreebl3.so) ==25601== by 0xD957DF0: ??? (in /usr/lib64/libfreebl3.so) ==25601== by 0xD92DAE9: ??? (in /usr/lib64/libfreebl3.so) ==25601== by 0x400F502: _dl_init (in /usr/lib64/ld-2.17.so) ==25601== by 0x4001459: ??? (in /usr/lib64/ld-2.17.so) ==25601== by 0x4: ??? ==25601== by 0xFFF00067A: ??? ==25601== by 0xFFF000680: ??? ==25601== ==25601== LEAK SUMMARY: ==25601== definitely lost: 0 bytes in 0 blocks ==25601== indirectly lost: 0 bytes in 0 blocks ==25601== possibly lost: 88 bytes in 2 blocks ==25601== still reachable: 109,001 bytes in 1,095 blocks ==25601== suppressed: 0 bytes in 0 blocks ==25601== Reachable blocks (those to which a pointer was found) are not shown. ==25601== To see them, rerun with: --leak-check=full --show-leak-kinds=all ==25601== ==25601== ERROR SUMMARY: 2 errors from 2 contexts (suppressed: 2 from 2) --25601-- --25601-- used_suppression: 2 glibc-2.5.x-on-SUSE-10.2-(PPC)-2a /usr/lib64/valgrind/default.supp:1296 ==25601== ==25601== ERROR SUMMARY: 2 errors from 2 contexts (suppressed: 2 from 2) 2. prepare a normal guest in shutoff # virsh list --all Id Name State ---------------------------------------------------- - rhel7new shut off 3. start guest with invalide fd number, also check mem leak with valgrind, leak 0 bytes # valgrind -v --leak-check=full virsh start rhel7new --pass-fds a error: Unable to parse FD number 'a' ==25922== ==25922== HEAP SUMMARY: ==25922== in use at exit: 109,080 bytes in 1,097 blocks ==25922== total heap usage: 4,662 allocs, 3,565 frees, 1,346,758 bytes allocated ==25922== ==25922== Searching for pointers to 1,097 not-freed blocks ==25922== Checked 1,554,912 bytes ==25922== ==25922== 40 bytes in 1 blocks are possibly lost in loss record 120 of 192 ==25922== at 0x4C29BBD: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) ==25922== by 0xBA28FDB: ??? (in /usr/lib64/libnspr4.so) ==25922== by 0xBA42CB6: ??? (in /usr/lib64/libnspr4.so) ==25922== by 0xBA432A4: PR_OpenFile (in /usr/lib64/libnspr4.so) ==25922== by 0xD957AC9: ??? (in /usr/lib64/libfreebl3.so) ==25922== by 0xD957DF0: ??? (in /usr/lib64/libfreebl3.so) ==25922== by 0xD92DAE9: ??? (in /usr/lib64/libfreebl3.so) ==25922== by 0x400F502: _dl_init (in /usr/lib64/ld-2.17.so) ==25922== by 0x4001459: ??? (in /usr/lib64/ld-2.17.so) ==25922== by 0x4: ??? ==25922== by 0xFFF000686: ??? ==25922== by 0xFFF00068C: ??? ==25922== ==25922== 48 bytes in 1 blocks are possibly lost in loss record 126 of 192 ==25922== at 0x4C29BBD: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) ==25922== by 0xBA28FC9: ??? (in /usr/lib64/libnspr4.so) ==25922== by 0xBA42CB6: ??? (in /usr/lib64/libnspr4.so) ==25922== by 0xBA432A4: PR_OpenFile (in /usr/lib64/libnspr4.so) ==25922== by 0xD957AC9: ??? (in /usr/lib64/libfreebl3.so) ==25922== by 0xD957DF0: ??? (in /usr/lib64/libfreebl3.so) ==25922== by 0xD92DAE9: ??? (in /usr/lib64/libfreebl3.so) ==25922== by 0x400F502: _dl_init (in /usr/lib64/ld-2.17.so) ==25922== by 0x4001459: ??? (in /usr/lib64/ld-2.17.so) ==25922== by 0x4: ??? ==25922== by 0xFFF000686: ??? ==25922== by 0xFFF00068C: ??? ==25922== ==25922== LEAK SUMMARY: ==25922== definitely lost: 0 bytes in 0 blocks ==25922== indirectly lost: 0 bytes in 0 blocks ==25922== possibly lost: 88 bytes in 2 blocks ==25922== still reachable: 108,992 bytes in 1,095 blocks ==25922== suppressed: 0 bytes in 0 blocks ==25922== Reachable blocks (those to which a pointer was found) are not shown. ==25922== To see them, rerun with: --leak-check=full --show-leak-kinds=all ==25922== ==25922== ERROR SUMMARY: 2 errors from 2 contexts (suppressed: 2 from 2) --25922-- --25922-- used_suppression: 2 glibc-2.5.x-on-SUSE-10.2-(PPC)-2a /usr/lib64/valgrind/default.supp:1296 ==25922== ==25922== ERROR SUMMARY: 2 errors from 2 contexts (suppressed: 2 from 2) move to verified Due to some debuginfo missing leads to a lot of ??? shown in result, retest the verify steps I can produce this bug on build libvirt-1.1.1-23.el7.x86_64 verify this bug on build libvirt-1.2.8-9.el7.x86_64 qemu-kvm-rhev-2.1.2-12.el7.x86_64 kernel-3.10.0-208.el7.x86_64 verify steps: 1. prepare a guest start it with invalid fd number, check mem leak # valgrind -v --leak-check=full virsh start rhel7new --pass-fds a error: Unable to parse FD number 'a' --9362-- REDIR: 0x8615020 (libc.so.6:__memmove_ssse3_back) redirected to 0x4c2ded0 (memcpy.5) ==9362== ==9362== HEAP SUMMARY: ==9362== in use at exit: 108,216 bytes in 1,075 blocks ==9362== total heap usage: 2,300 allocs, 1,225 frees, 902,263 bytes allocated ==9362== ==9362== Searching for pointers to 1,075 not-freed blocks ==9362== Checked 1,485,504 bytes ==9362== ==9362== 40 bytes in 1 blocks are possibly lost in loss record 100 of 170 ==9362== at 0x4C29BBD: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) ==9362== by 0xBA28FDB: _PR_Getfd (prfdcach.c:112) ==9362== by 0xBA42CB6: pt_SetMethods.isra.11 (ptio.c:3303) ==9362== by 0xBA432A4: PR_OpenFile (ptio.c:3581) ==9362== by 0xD957AC9: blapi_SHVerifyFile (shvfy.c:355) ==9362== by 0xD957DF0: blapi_SHVerify (shvfy.c:289) ==9362== by 0xD92DAE9: freebl_fipsSoftwareIntegrityTest (fipsfreebl.c:1541) ==9362== by 0xD92DAE9: bl_startup_tests (fipsfreebl.c:1732) ==9362== by 0x400F4E2: call_init (dl-init.c:82) ==9362== by 0x400F4E2: _dl_init (dl-init.c:131) ==9362== by 0x4001459: ??? (in /usr/lib64/ld-2.17.so) ==9362== by 0x4: ??? ==9362== by 0xFFF000612: ??? ==9362== by 0xFFF000618: ??? ==9362== ==9362== 48 bytes in 1 blocks are possibly lost in loss record 106 of 170 ==9362== at 0x4C29BBD: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) ==9362== by 0xBA28FC9: _PR_Getfd (prfdcach.c:109) ==9362== by 0xBA42CB6: pt_SetMethods.isra.11 (ptio.c:3303) ==9362== by 0xBA432A4: PR_OpenFile (ptio.c:3581) ==9362== by 0xD957AC9: blapi_SHVerifyFile (shvfy.c:355) ==9362== by 0xD957DF0: blapi_SHVerify (shvfy.c:289) ==9362== by 0xD92DAE9: freebl_fipsSoftwareIntegrityTest (fipsfreebl.c:1541) ==9362== by 0xD92DAE9: bl_startup_tests (fipsfreebl.c:1732) ==9362== by 0x400F4E2: call_init (dl-init.c:82) ==9362== by 0x400F4E2: _dl_init (dl-init.c:131) ==9362== by 0x4001459: ??? (in /usr/lib64/ld-2.17.so) ==9362== by 0x4: ??? ==9362== by 0xFFF000612: ??? ==9362== by 0xFFF000618: ??? ==9362== ==9362== LEAK SUMMARY: ==9362== definitely lost: 0 bytes in 0 blocks ==9362== indirectly lost: 0 bytes in 0 blocks ==9362== possibly lost: 88 bytes in 2 blocks ==9362== still reachable: 108,128 bytes in 1,073 blocks ==9362== suppressed: 0 bytes in 0 blocks ==9362== Reachable blocks (those to which a pointer was found) are not shown. ==9362== To see them, rerun with: --leak-check=full --show-leak-kinds=all ==9362== ==9362== ERROR SUMMARY: 2 errors from 2 contexts (suppressed: 2 from 2) --9362-- --9362-- used_suppression: 2 glibc-2.5.x-on-SUSE-10.2-(PPC)-2a /usr/lib64/valgrind/default.supp:1296 ==9362== ==9362== ERROR SUMMARY: 2 errors from 2 contexts (suppressed: 2 from 2) move to verified Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHSA-2015-0323.html |