672229 – romfile memory leak

RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 672229 - romfile memory leak

Summary: romfile memory leak

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux 6
Classification:	Red Hat
Component:	qemu-kvm
Sub Component:
Version:	6.0
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	rc
Target Release:	---
Assignee:	jason wang
QA Contact:	Virtualization Bugs
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	580954
TreeView+	depends on / blocked

Reported:	2011-01-24 13:59 UTC by Michael S. Tsirkin
Modified:	2013-01-09 23:30 UTC (History)
CC List:	7 users (show)
Fixed In Version:	qemu-kvm-0.12.1.2-2.134.el6
Doc Type:	Bug Fix
Doc Text:	Cause: each time a device with a romfile property is added, qemu allocates a small amount of memory which is never freed. Consequence: memory leak. Fix: free PCIDevice::rom_file on qemu_unregister_device(). Result: memory is not leaked when loading romfiles for virtual PCI devices.
Clone Of:
Environment:
Last Closed:	2011-05-19 11:21:05 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2011:0534	0	normal	SHIPPED_LIVE	Important: qemu-kvm security, bug fix, and enhancement update	2011-05-19 11:20:36 UTC

Description Michael S. Tsirkin 2011-01-24 13:59:10 UTC

Description of problem:
each time a device with a romfile property is
added, qemu allocates a small amount of memory
which is never freed.

Version-Release number of selected component (if applicable):
qemu-kvm-0.12.1.2-2.130.el6

How reproducible:
always

Steps to Reproduce:
1. hotplug add a device with a romfile property
2. hotplug remove the device
3. wait until device removal is acknowleded by
   guest and completes
  
Actual results:
The memory isn't freed. Repeating the step above many times will
cause qemu to consume more and more memory

Expected results:
The memory is freed.

Additional info:

Comment 1 Michael S. Tsirkin 2011-01-24 14:03:08 UTC

This is the fix:

commit be7052c2a8f667f1dc42b06afcebb964ee0b03ff
Author: Isaku Yamahata <yamahata.jp>
Date:   Mon Jan 24 19:00:47 2011 +0900

    pci: memory leak of PCIDevice::rom_file
    
    PCIDevice::rom_file is leaked.
    PCIDevice::rom_file is allocated in pci_qdev_init(), but not freed anywhere.
    free it in qemu_unregister_device().
    
    Signed-off-by: Isaku Yamahata <yamahata.jp>
    Signed-off-by: Michael S. Tsirkin <mst>

Comment 10 juzhang 2011-02-11 09:29:57 UTC

According to comment 4 said "virtio-net rtl8139 and e1000 devices have romfile
by default even without libvirt specifying one.",I tried all these devices.can't reproduce this issue.take e1000 for example.fix me,if any mistake.

(1)tested on unfixed version qemu-kvm-0.12.1.2-2.132.el6
----
1.boot guest.
2.after guest booted,run the following script,focus on observe qemu-kvm process VSZ
#while true; do ps --format 'vsz' `pidof qemu-kvm`; sleep 2; done
3.hotplug e1000 nic,after hotplug device,immediately record VSZ value
{"execute": "netdev_add", "arguments": { "type":"tap","id":"hostnet2"}}
{"execute": "device_add", "arguments": { "driver":"e1000","netdev":"hostnet2","mac":"22:11:22:45:61:97","id": "net2"}}
4.hotunplug e1000 nic,after hotunplug device,immediately record VSZ value
{"execute": "device_del", "arguments": {"id": "net2"}}
{"execute": "netdev_del", "arguments": {"id": "hostnet2"}}
5.repeat step3 and step4 5 times.

result:
guest process VSZ is very stable(2521208) when hotadd/hotremove device.don't find any memory leak.
#while true; do ps --format 'vsz' `pidof qemu-kvm`; sleep 2; done
   VSZ
2521208
   VSZ
2521208
   VSZ
2521208 after hot add e1000
   VSZ
2521208
   VSZ
2521208 after remove e1000
   VSZ
2521208
   VSZ
........
........
2521208
   VSZ
2521208 after hot add e1000
   VSZ
2521208
   VSZ
2521208 after remove e1000
   VSZ
2521208
   VSZ


(2)tested on fixed version qemu-kvm-0.12.1.2-2.144.el6 using as same as the above steps.
guest still process VSZ is very stable(2513460) when hotadd/hotremove device.don't find any memory leak.
result:
#while true; do ps --format 'vsz' `pidof qemu-kvm`; sleep 2; done
   VSZ
2513460
   VSZ
2513460
   VSZ
2513460 after hot add e1000
   VSZ
2513460
   VSZ
2513460 after remove e1000
   VSZ
2513460
..............
..............
     VSZ
2513460 after hot add e1000
   VSZ
2513460
   VSZ
2513460 after remove e1000
   VSZ
2513460

Comment 11 juzhang 2011-02-14 01:55:12 UTC

tested on unfixed version qemu-kvm-0.12.1.2-2.132.el6 again,still can't reproduced.

1.boot guest.
2.after guest booted,run the following script,focus on observe qemu-kvm process
VSZ
#while true; do ps --format 'vsz' `pidof qemu-kvm`; sleep 2; done
3.stop guest.
4.hotplug e1000 nic,after hotplug device,immediately record VSZ value
{"execute": "netdev_add", "arguments": { "type":"tap","id":"hostnet2"}}
{"execute": "device_add", "arguments": {
"driver":"e1000","netdev":"hostnet2","mac":"22:11:22:45:61:97","id": "net2"}}
5.hotunplug e1000 nic,after hotunplug device,immediately record VSZ value
{"execute": "device_del", "arguments": {"id": "net2"}}
{"execute": "netdev_del", "arguments": {"id": "hostnet2"}}
6.repeat step4 and step5 5000 times.

guest process VSZ is very stable when hotadd/hotremove device.don't
find any memory leak.

Comment 12 jason wang 2011-02-15 06:54:51 UTC

(In reply to comment #11)
> tested on unfixed version qemu-kvm-0.12.1.2-2.132.el6 again,still can't
> reproduced.
> 
> 1.boot guest.
> 2.after guest booted,run the following script,focus on observe qemu-kvm process
> VSZ
> #while true; do ps --format 'vsz' `pidof qemu-kvm`; sleep 2; done
> 3.stop guest.
> 4.hotplug e1000 nic,after hotplug device,immediately record VSZ value
> {"execute": "netdev_add", "arguments": { "type":"tap","id":"hostnet2"}}
> {"execute": "device_add", "arguments": {
> "driver":"e1000","netdev":"hostnet2","mac":"22:11:22:45:61:97","id": "net2"}}
> 5.hotunplug e1000 nic,after hotunplug device,immediately record VSZ value
> {"execute": "device_del", "arguments": {"id": "net2"}}
> {"execute": "netdev_del", "arguments": {"id": "hostnet2"}}
> 6.repeat step4 and step5 5000 times.
> 
> guest process VSZ is very stable when hotadd/hotremove device.don't
> find any memory leak.

As the leak is just filename which is only few bytes, so it may be hard to detected, so I think it's enough for you to verify the patch does not break the hot unplug.
Thanks

Comment 13 juzhang 2011-02-15 07:08:36 UTC

this patch indeed merged in qemu-kvm-0.12.1.2-2.144.el6.x86_64.
#rpm -ql grep qemu-kvm-0.12.1.2-2.144.el6.x86_64 --changelog | grep 672229
- kvm-pci-memory-leak-of-PCIDevice-rom_file.patch [bz#672229]
- Resolves: bz#672229

Comment 15 Eduardo Habkost 2011-05-03 19:07:41 UTC

    Technical note added. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    New Contents:
Cause: each time a device with a romfile property is
added, qemu allocates a small amount of memory
which is never freed.

Consequence: memory leak.

Fix: free PCIDevice::rom_file on qemu_unregister_device().

Result: memory is not leaked when loading romfiles for virtual PCI devices.

Comment 16 errata-xmlrpc 2011-05-19 11:21:05 UTC

An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHSA-2011-0534.html

Comment 17 errata-xmlrpc 2011-05-19 13:01:19 UTC

An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHSA-2011-0534.html

Note You need to log in before you can comment on or make changes to this bug.