726015 – Fix memleak on exit in virtio-blk

RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 726015 - Fix memleak on exit in virtio-blk

Summary: Fix memleak on exit in virtio-blk

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux 6
Classification:	Red Hat
Component:	qemu-kvm
Sub Component:
Version:	6.2
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	rc
Target Release:	---
Assignee:	Amit Shah
QA Contact:	Virtualization Bugs
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2011-07-27 10:28 UTC by Amit Shah
Modified:	2013-01-10 00:09 UTC (History)
CC List:	6 users (show)
Fixed In Version:	qemu-kvm-0.12.1.2-2.179.el6
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2011-12-06 15:54:49 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2011:1531	0	normal	SHIPPED_LIVE	Moderate: qemu-kvm security, bug fix, and enhancement update	2011-12-06 01:23:30 UTC

Description Amit Shah 2011-07-27 10:28:13 UTC

Description of problem:

Unplugging a virtio-blk device or exiting qemu doesn't free some RAM. 
Adding an exit handler that calls virtio_cleanup() fixes the leak.

Comment 5 Shaolong Hu 2011-08-17 09:30:06 UTC

Try to reproduce this bug on qemu-kvm-0.12.1.2-2.178.el6.x86_64 and verify this bug on qemu-kvm-0.12.1.2-2.183.el6.x86_64, according to Comment 1, test unplug, however, run into some strange results, if i did wrong, please correct me:

Steps to reproduce:
----------------------------
1.in the host:
#while true;do ps --no-headers --format 'rss,vsz' `pidof qemu-kvm`; sleep 10; done

2.boot guest with:
#/usr/libexec/qemu-kvm -enable-kvm -M rhel6.2.0 -smp 4 -m 4G -name rhel6.1-64 -uuid 3f2ea5cd-3d29-48ff-aab2-23df1b6ae213 -drive file=RHEL-Server-6.1-64-virtio.qcow2,cache=none,if=none,rerror=stop,werror=stop,id=drive-virtio-disk0,format=qcow2 -device virtio-blk-pci,drive=drive-virtio-disk0,id=device-virtio-disk0 -netdev tap,script=/etc/qemu-ifup,id=netdev0 -device virtio-net-pci,netdev=netdev0,id=device-net0 -boot order=dc -usb -device usb-tablet,id=input0 -monitor stdio -vnc :10

3.hotplug a virtio-blk
(qemu) __com.redhat_drive_add file=test.img,cache=none,rerror=stop,werror=stop,id=drive-virtio-disk1,format=qcow2
(qemu) device_add virtio-blk-pci,drive=drive-virtio-disk1,id=device-virtio-disk1

4.hotunplug the disk
(qemu) device_del device-virtio-disk1


Actual results:
--------------------------
                                qemu-kvm-0.12.1.2-2.178        qemu-kvm-0.12.1.2-2.183
after step 2            548236     4784364                   543964          4784376
after step 3            548528     4786724                   544260          4786856
after step 4            548524     4784672                   544256          4784804
-----------------------------------------------------------------------------------------------------
step4 - step2                288              308                          292                   428


Additional info:
---------------------------
If repeat step 2-4, on qemu-kvm-0.12.1.2-2.183:

543964          4784376       <- initial status

544260          4786856       <- first plug
544256          4784804       <- first unplug

544384          4786564       <- second plug
550528          4786564       <- second unplug

550560          4786708       <- third plug
550576          4786708       <- third unplug

RSS keeps increasing but there is no regular pattern, it's weird why VSZ doesn't reduce in second and third time.

Comment 6 Shaolong Hu 2011-08-17 09:42:03 UTC

If this bug is refer to the situation when there is additional virtio-blk device in qemu-kvm command line then unplug it, following is the test:


Steps to reproduce:
----------------------------
1.in the host:
#while true;do ps --no-headers --format 'rss,vsz' `pidof qemu-kvm`; sleep 10; done

2.boot guest with:
#/usr/libexec/qemu-kvm -enable-kvm -M rhel6.2.0 -smp 4 -m 4G -name rhel6.1-64 -uuid 3f2ea5cd-3d29-48ff-aab2-23df1b6ae213 -drive file=RHEL-Server-6.1-64-virtio.qcow2,cache=none,if=none,rerror=stop,werror=stop,id=drive-virtio-disk0,format=qcow2 -device virtio-blk-pci,drive=drive-virtio-disk0,id=device-virtio-disk0 -netdev tap,script=/etc/qemu-ifup,id=netdev0 -device virtio-net-pci,netdev=netdev0,id=device-net0 -boot order=dc -usb -device usb-tablet,id=input0 -monitor stdio -vnc :10 -drive file=test.img,cache=none,if=none,rerror=stop,werror=stop,id=drive-virtio-disk1,format=qcow2 -device virtio-blk-pci,drive=drive-virtio-disk1,id=device-virtio-disk1

3.hotunplug the disk
(qemu) device_del device-virtio-disk1


Actual results:
--------------------------
                           0.12.1.2-2.178                0.12.1.2-2.183
after step 2       544384    4788372        543280         4787420
after step 3       544360    4786184        543212         4785232
-----------------------------------------------------------------------------------
step3 - step2            24            2188                 68                2188

Comment 7 Shaolong Hu 2011-08-17 09:45:17 UTC

Adjust "Actual results" format in Comment 5:

Actual results:
--------------------
                           0.12.1.2-2.178                  0.12.1.2-2.183
after step 2       548236     4784364         543964         4784376
after step 3       548528     4786724         544260         4786856
after step 4       548524     4784672         544256         4784804
------------------------------------------------------------------------------------
step4 - step2          288              308                  292                 428

Comment 8 Amit Shah 2011-08-17 12:45:09 UTC

It doesn't matter how the device is initialised -- on the command line or via hotplug.  Similarly, it doesn't matter how the device is removed - via hot-unplug or via quitting qemu.

What you are seeing in the repeated tests is that the memory allocated by '__com_redhat_drive_add' stays allocated even if you unplug the virtio-blk device.  If you remove the drive as well, you will see that usage go down.

Comment 9 Shaolong Hu 2011-08-18 02:03:03 UTC

Hi Amit,

As i know, the recommended way to unplug a blk is using "device_del" only, it will remove the device, as you said, there is some mem allocated with the drive, but after device_del, the $drive_id is invalid, so i can not use __com_redhat_drive_del. Using __com_redhat_drive_del first then device_del works too, but it's not recommended, right? Which way you want me use to test this bug? And which kind of memory i should focus, RSS or VSZ?

If the test is right, do you think the result can verify the bug? It's weird that results differ when i hotplug the device then do the test and when i add the the device on the command line then do the test, i use "device_del" only to unplug the device for all tests:


Actual results (hotplug then unplug):
-------------------------------------
                   0.12.1.2-2.178             0.12.1.2-2.183
                   RSS        VSZ             RSS            VSZ
after boot         548236     4784364         543964         4784376
after plug         548528     4786724         544260         4786856
after unplug       548524     4784672         544256         4784804
--------------------------------------------------------------------
plug - unplug           4        2052              4            2052



Actual results (on command line then unplug):
---------------------------------------------
                   0.12.1.2-2.178           0.12.1.2-2.183
                   RSS       VSZ            RSS            VSZ
after boot         544384    4788372        543280         4787420
after unplug       544360    4786184        543212         4785232
------------------------------------------------------------------
boot - unplug          24       2188            68            2188

Comment 10 Amit Shah 2011-08-26 09:42:33 UTC

The structure that is freed with the patch here is 208 bytes long.

It's entirely possible that the memory that gets allocated isn't given back immediately in anticipation of more mallocs, so you don't really see the benefit of the memfree.  I suppose if you run valgrind through qemu, you will notice some difference here.

However, it's surprising you see different results for the hotplug case and command line case.  If this is repeatable over a number of runs, it means there are some additional mem leaks, or just that the freeing happens at different times.

Overall, valgrind can confirm all the cases for us.

Comment 11 Shaolong Hu 2011-08-31 06:40:21 UTC

Steps to reproduce and verify:
------------------------------------
1.Disable as more services as possible in level 3 and init 3:
#ls /etc/rc.d/rc3.d/
K01libvirt-guests  K05atd        K16ksm             K50dnsmasq     K60nfs         K75netfs      K83nfslock         K85ebtables    K87restorecond  K89rdisc      K99cpuspeed
K01smartd          K10psacct     K25sshd            K50netconsole  K69rpcsvcgssd  K75ntpdate    K83rpcgssd         K85mdmonitor   K88auditd       K90network    K99lvm2-monitor
K02avahi-daemon    K10saslauthd  K30postfix         K50snmpd       K74acpid       K75quota_nld  K83rpcidmapd       K85messagebus  K88iscsi        K92ip6tables  K99sysstat
K02rhsmcertd       K15ksmtuned   K30spice-vdagentd  K50snmptrapd   K74haldaemon   K75udev-post  K84NetworkManager  K86cgred       K88rsyslog      K92iptables   S13rpcbind
K03rhnsd           K16abrtd      K46radvd           K60crond       K74ntpd        K80kdump      K84wpa_supplicant  K87irqbalance  K89iscsid       K95cgconfig   S99local

2.Make sure top suggests there are not other memory consuming processes:
  PID USER      PR  NI  VIRT  RES  SHR S %CPU %MEM    TIME+    COMMAND 
    1 root      20   0 19204 1488 1208 S  0.0  0.0   0:00.62   init
    2 root      20   0     0    0    0 S  0.0  0.0   0:00.00   kthreadd
    3 root      RT   0     0    0    0 S  0.0  0.0   0:00.19   migration/0  
    4 root      20   0     0    0    0 S  0.0  0.0   0:00.00   ksoftirqd/0
    5 root      RT   0     0    0    0 S  0.0  0.0   0:00.00   migration/0

3.Boot guest, do 5000 times hotplug/unplug, use "free -m" when:
  1) before start qemu
  2) before hotplug/unplug
  3) after hotplug/unplug
  4) after exit qemu
  each time before "free -m", do "echo 3 > /proc/sys/vm/drop_caches" first.


Actual results:
---------------------
reproduced on qemu-kvm-0.12.1.2-2.178.el6.x86_64:
                               
used    free    buffers/cached             
180     7281          0/6             <---before start qemu
811     6651          0/9             <---start qemu
1148    6314          0/9             <---after hotplug/unplug 5000 times
181     7280          0/6             <---after exit qemu

verified on qemu-kvm-0.12.1.2-2.183.el6.x86_64:

used    free    buffers/cached             
181     7280          0/6             <---before start qemu
741     6720          0/9             <---start qemu
898     6563          0/9             <---after hotplug/unplug 5000 times
182     7279          0/6             <---after exit qemu


Conclusion:
--------------
The patch release the memory when unplug, given the condition that two versions share the similar memory usage before qemu start and after exit, test suggests after hotplug/unplug 5000 times but not exit qemu yet, free memory with qemu 183 is much more than 178, based on this, the patch works well, verified.

Comment 13 errata-xmlrpc 2011-12-06 15:54:49 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHSA-2011-1531.html

Note You need to log in before you can comment on or make changes to this bug.