Bug 672229

Summary: romfile memory leak
Product: Red Hat Enterprise Linux 6 Reporter: Michael S. Tsirkin <mst>
Component: qemu-kvmAssignee: jason wang <jasowang>
Status: CLOSED ERRATA QA Contact: Virtualization Bugs <virt-bugs>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 6.0CC: alex.williamson, ehabkost, juzhang, michen, mkenneth, tburke, virt-maint
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: qemu-kvm-0.12.1.2-2.134.el6 Doc Type: Bug Fix
Doc Text:
Cause: each time a device with a romfile property is added, qemu allocates a small amount of memory which is never freed. Consequence: memory leak. Fix: free PCIDevice::rom_file on qemu_unregister_device(). Result: memory is not leaked when loading romfiles for virtual PCI devices.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2011-05-19 11:21:05 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 580954    

Description Michael S. Tsirkin 2011-01-24 13:59:10 UTC 
Description of problem:
each time a device with a romfile property is
added, qemu allocates a small amount of memory
which is never freed.

Version-Release number of selected component (if applicable):
qemu-kvm-0.12.1.2-2.130.el6

How reproducible:
always

Steps to Reproduce:
1. hotplug add a device with a romfile property
2. hotplug remove the device
3. wait until device removal is acknowleded by
   guest and completes
  
Actual results:
The memory isn't freed. Repeating the step above many times will
cause qemu to consume more and more memory

Expected results:
The memory is freed.

Additional info:
Comment 1 Michael S. Tsirkin 2011-01-24 14:03:08 UTC 
This is the fix:

commit be7052c2a8f667f1dc42b06afcebb964ee0b03ff
Author: Isaku Yamahata <yamahata.jp>
Date:   Mon Jan 24 19:00:47 2011 +0900

    pci: memory leak of PCIDevice::rom_file
    
    PCIDevice::rom_file is leaked.
    PCIDevice::rom_file is allocated in pci_qdev_init(), but not freed anywhere.
    free it in qemu_unregister_device().
    
    Signed-off-by: Isaku Yamahata <yamahata.jp>
    Signed-off-by: Michael S. Tsirkin <mst>
Comment 10 juzhang 2011-02-11 09:29:57 UTC 
According to comment 4 said "virtio-net rtl8139 and e1000 devices have romfile
by default even without libvirt specifying one.",I tried all these devices.can't reproduce this issue.take e1000 for example.fix me,if any mistake.

(1)tested on unfixed version qemu-kvm-0.12.1.2-2.132.el6
----
1.boot guest.
2.after guest booted,run the following script,focus on observe qemu-kvm process VSZ
#while true; do ps --format 'vsz' `pidof qemu-kvm`; sleep 2; done
3.hotplug e1000 nic,after hotplug device,immediately record VSZ value
{"execute": "netdev_add", "arguments": { "type":"tap","id":"hostnet2"}}
{"execute": "device_add", "arguments": { "driver":"e1000","netdev":"hostnet2","mac":"22:11:22:45:61:97","id": "net2"}}
4.hotunplug e1000 nic,after hotunplug device,immediately record VSZ value
{"execute": "device_del", "arguments": {"id": "net2"}}
{"execute": "netdev_del", "arguments": {"id": "hostnet2"}}
5.repeat step3 and step4 5 times.

result:
guest process VSZ is very stable(2521208) when hotadd/hotremove device.don't find any memory leak.
#while true; do ps --format 'vsz' `pidof qemu-kvm`; sleep 2; done
   VSZ
2521208
   VSZ
2521208
   VSZ
2521208 after hot add e1000
   VSZ
2521208
   VSZ
2521208 after remove e1000
   VSZ
2521208
   VSZ
........
........
2521208
   VSZ
2521208 after hot add e1000
   VSZ
2521208
   VSZ
2521208 after remove e1000
   VSZ
2521208
   VSZ


(2)tested on fixed version qemu-kvm-0.12.1.2-2.144.el6 using as same as the above steps.
guest still process VSZ is very stable(2513460) when hotadd/hotremove device.don't find any memory leak.
result:
#while true; do ps --format 'vsz' `pidof qemu-kvm`; sleep 2; done
   VSZ
2513460
   VSZ
2513460
   VSZ
2513460 after hot add e1000
   VSZ
2513460
   VSZ
2513460 after remove e1000
   VSZ
2513460
..............
..............
     VSZ
2513460 after hot add e1000
   VSZ
2513460
   VSZ
2513460 after remove e1000
   VSZ
2513460
Comment 11 juzhang 2011-02-14 01:55:12 UTC 
tested on unfixed version qemu-kvm-0.12.1.2-2.132.el6 again,still can't reproduced.

1.boot guest.
2.after guest booted,run the following script,focus on observe qemu-kvm process
VSZ
#while true; do ps --format 'vsz' `pidof qemu-kvm`; sleep 2; done
3.stop guest.
4.hotplug e1000 nic,after hotplug device,immediately record VSZ value
{"execute": "netdev_add", "arguments": { "type":"tap","id":"hostnet2"}}
{"execute": "device_add", "arguments": {
"driver":"e1000","netdev":"hostnet2","mac":"22:11:22:45:61:97","id": "net2"}}
5.hotunplug e1000 nic,after hotunplug device,immediately record VSZ value
{"execute": "device_del", "arguments": {"id": "net2"}}
{"execute": "netdev_del", "arguments": {"id": "hostnet2"}}
6.repeat step4 and step5 5000 times.

guest process VSZ is very stable when hotadd/hotremove device.don't
find any memory leak.
Comment 12 jason wang 2011-02-15 06:54:51 UTC 
(In reply to comment #11)
> tested on unfixed version qemu-kvm-0.12.1.2-2.132.el6 again,still can't
> reproduced.
> 
> 1.boot guest.
> 2.after guest booted,run the following script,focus on observe qemu-kvm process
> VSZ
> #while true; do ps --format 'vsz' `pidof qemu-kvm`; sleep 2; done
> 3.stop guest.
> 4.hotplug e1000 nic,after hotplug device,immediately record VSZ value
> {"execute": "netdev_add", "arguments": { "type":"tap","id":"hostnet2"}}
> {"execute": "device_add", "arguments": {
> "driver":"e1000","netdev":"hostnet2","mac":"22:11:22:45:61:97","id": "net2"}}
> 5.hotunplug e1000 nic,after hotunplug device,immediately record VSZ value
> {"execute": "device_del", "arguments": {"id": "net2"}}
> {"execute": "netdev_del", "arguments": {"id": "hostnet2"}}
> 6.repeat step4 and step5 5000 times.
> 
> guest process VSZ is very stable when hotadd/hotremove device.don't
> find any memory leak.

As the leak is just filename which is only few bytes, so it may be hard to detected, so I think it's enough for you to verify the patch does not break the hot unplug.
Thanks
Comment 13 juzhang 2011-02-15 07:08:36 UTC 
this patch indeed merged in qemu-kvm-0.12.1.2-2.144.el6.x86_64.
#rpm -ql grep qemu-kvm-0.12.1.2-2.144.el6.x86_64 --changelog | grep 672229
- kvm-pci-memory-leak-of-PCIDevice-rom_file.patch [bz#672229]
- Resolves: bz#672229
Comment 15 Eduardo Habkost 2011-05-03 19:07:41 UTC 
    Technical note added. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    New Contents:
Cause: each time a device with a romfile property is
added, qemu allocates a small amount of memory
which is never freed.

Consequence: memory leak.

Fix: free PCIDevice::rom_file on qemu_unregister_device().

Result: memory is not leaked when loading romfiles for virtual PCI devices.
Comment 16 errata-xmlrpc 2011-05-19 11:21:05 UTC 
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHSA-2011-0534.html
Comment 17 errata-xmlrpc 2011-05-19 13:01:19 UTC 
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHSA-2011-0534.html