801143 – Windows Guest Agent leaks ov.hEvent in ga_channel_write()

RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 801143 - Windows Guest Agent leaks ov.hEvent in ga_channel_write()

Summary: Windows Guest Agent leaks ov.hEvent in ga_channel_write()

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux 6
Classification:	Red Hat
Component:	qemu-kvm
Sub Component:
Version:	6.4
Hardware:	All
OS:	Linux
Priority:	high
Severity:	high
Target Milestone:	rc
Target Release:	---
Assignee:	Jeff Cody
QA Contact:	Virtualization Bugs
Docs Contact:
URL:
Whiteboard:
Depends On:	787723
Blocks:	804161 820481 831387
TreeView+	depends on / blocked

Reported:	2012-03-07 19:01 UTC by Jeff Cody
Modified:	2013-02-21 07:32 UTC (History)
CC List:	11 users (show)
Fixed In Version:	qemu-kvm-0.12.1.2-2.297.el6
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2013-02-21 07:32:49 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)
win7-32 guest before running geust-ping (95.01 KB, image/png) 2012-12-21 03:46 UTC, Qunfang Zhang	no flags	Details
win7-32 guest after running guest-ping (98.62 KB, image/png) 2012-12-21 03:47 UTC, Qunfang Zhang	no flags	Details
View All

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHBA-2013:0527	0	normal	SHIPPED_LIVE	qemu-kvm bug fix and enhancement update	2013-02-20 21:51:08 UTC

Description Jeff Cody 2012-03-07 19:01:31 UTC

Description of problem:
In the Windows guest agent, in the file qga/channel-win32.c, the function ga_channel_write() leaks the ov.hEvent created at the beginning of the function.

Before returning, ga_channel_write() should call CloseHandle on the created HANDLE ov.hEvent.

Version-Release number of selected component (if applicable):
qemu-kvm origin/master
Introduced via Bug #787723 to RHEL, from the backport of the guest agent code. (not yet tagged in rhel6 repo)


How reproducible:
100%

Steps to Reproduce:
1. Launch windows guest agent
2. Issue command to the guest agent (for instance, {"execute": "guest-info"})
3. Memory is leaked in ga_channel_write() when sending the response.

Actual results:
Small amount of memory leaked on every command.

Expected results:
No memory leaked.

Additional info:
This leak was noticed by Paolo Bonzini.

Comment 2 Jeff Cody 2012-03-15 18:29:04 UTC

Patch submitted to qemu-devel:

http://patchwork.ozlabs.org/patch/147055/

Comment 3 Jeff Cody 2012-03-28 17:41:10 UTC

Patch accepted upstream, commit id b71706d122838d9656e1a6dae80e22401babdf37

Comment 7 Qunfang Zhang 2012-11-28 02:26:13 UTC

Hi Jeff
As we still have no windows guest agent package now, so is there some method for QE to verify this bug?

Thanks,
Qunfang

Comment 8 Qunfang Zhang 2012-12-06 12:25:57 UTC

Paste the mail replied by Jeff for reference:
======
We are currently working to figure out the installable package for
Windows.  There currently is not one for the guest agent.  However, I
could supply you the binaries and DLL files, which could be run, if that
would help.

As far as testing this bug goes, this bug was noticed by code
inspection, and not by observation.  The leak is very small, so I am not
sure of a reliable method to show a before and after comparison.

Comment 9 Qunfang Zhang 2012-12-21 03:45:24 UTC

Hi, Jeff
I tested windows guest agent this week with the executable in qemu-kvm-0.12.1.2-2.346.el6.x86_64 and could you help check my following steps? 

1. Boot a windows guest (I tested win7-32 and win2012-64).
/usr/libexec/qemu-kvm -M rhel6.4.0 -cpu SandyBridge -enable-kvm -m 2048 -smp 2,sockets=2,cores=1,threads=1 -enable-kvm -name win7 -uuid 255874cf-ceee-458a-b9e7-757dcf4d97bb -k en-us -rtc base=localtime,clock=host,driftfix=slew -no-kvm-pit-reinjection -device piix3-usb-uhci,id=usb,bus=pci.0,addr=0x1.0x2 -device usb-tablet,id=input0 -drive file=/home/win7-32-virtio.qcow2,if=none,id=disk0,format=qcow2,werror=stop,rerror=stop,aio=native -device ide-drive,bus=ide.0,unit=1,drive=disk0,id=disk0  -drive file=/home/boot.iso,if=none,media=cdrom,id=drive-ide0-1-0,readonly=on,format=raw -device ide-drive,drive=drive-ide0-1-0,bus=ide.1,unit=0,id=cdrom -netdev tap,id=hostnet0 -device rtl8139,netdev=hostnet0,id=net0,mac=44:37:E6:5E:91:5E,bus=pci.0,addr=0x5 -monitor stdio -qmp tcp:0:6666,server,nowait -chardev socket,path=/tmp/isa-serial,server,nowait,id=isa1 -device isa-serial,chardev=isa1,id=isa-serial1 -device virtio-serial-pci,id=virtio-serial0,bus=pci.0,addr=0x8 -chardev socket,id=charchannel0,path=/tmp/serial-socket,server,nowait -device virtserialport,bus=virtio-serial0.0,nr=1,chardev=charchannel0,id=channel0,name=com.redhat.rhevm.vdsm -chardev socket,path=/tmp/foo,server,nowait,id=foo -device virtconsole,chardev=foo,id=console0 -chardev spicevmc,id=charchannel1,name=vdagent -device virtserialport,bus=virtio-serial0.0,nr=2,chardev=charchannel1,id=channel1,name=com.redhat.spice.0 -device virtio-balloon-pci,id=balloon0,bus=pci.0,addr=0x9 -spice port=5930,disable-ticketing -vga qxl -k en-us -boot c -chardev socket,path=/tmp/qga.sock,server,nowait,id=qga0 -device virtserialport,bus=virtio-serial0.0,chardev=qga0,name=org.qemu.guest_agent.0 -global  PIIX4_PM.disable_s3=0 -global PIIX4_PM.disable_s4=0

2. Install the windows guest agent executable inside guest. 
#qemu-ga.exe --service install.

3. Check if the qemu-ga service starts, if not, start it.

4. Send commands to guest agent.

 for i in $(seq 1 1000) ; do echo { "execute": "guest-ping"} | nc -U /tmp/qga.sock ; sleep 0.1; echo $i;  done


Result: Before sending the command, qemu-ga resumes 828K mem and after finish the above script, it consumes 932K mem and will not change back to about 828K unless I reboot guest.

Hi, Jeff
Do you this this is a problem?  The result is the same when testing win2012 guest.

Thanks.
Qunfang

Comment 10 Qunfang Zhang 2012-12-21 03:46:48 UTC

Created attachment 667094 [details]
win7-32 guest before running geust-ping

Comment 11 Qunfang Zhang 2012-12-21 03:47:31 UTC

Created attachment 667095 [details]
win7-32 guest after running guest-ping

Comment 12 Jeff Cody 2013-01-05 03:39:07 UTC

(In reply to comment #9)
> Hi, Jeff
> I tested windows guest agent this week with the executable in
> qemu-kvm-0.12.1.2-2.346.el6.x86_64 and could you help check my following
> steps? 
> 
> 1. Boot a windows guest (I tested win7-32 and win2012-64).
> /usr/libexec/qemu-kvm -M rhel6.4.0 -cpu SandyBridge -enable-kvm -m 2048 -smp
> 2,sockets=2,cores=1,threads=1 -enable-kvm -name win7 -uuid
> 255874cf-ceee-458a-b9e7-757dcf4d97bb -k en-us -rtc
> base=localtime,clock=host,driftfix=slew -no-kvm-pit-reinjection -device
> piix3-usb-uhci,id=usb,bus=pci.0,addr=0x1.0x2 -device usb-tablet,id=input0
> -drive
> file=/home/win7-32-virtio.qcow2,if=none,id=disk0,format=qcow2,werror=stop,
> rerror=stop,aio=native -device
> ide-drive,bus=ide.0,unit=1,drive=disk0,id=disk0  -drive
> file=/home/boot.iso,if=none,media=cdrom,id=drive-ide0-1-0,readonly=on,
> format=raw -device ide-drive,drive=drive-ide0-1-0,bus=ide.1,unit=0,id=cdrom
> -netdev tap,id=hostnet0 -device
> rtl8139,netdev=hostnet0,id=net0,mac=44:37:E6:5E:91:5E,bus=pci.0,addr=0x5
> -monitor stdio -qmp tcp:0:6666,server,nowait -chardev
> socket,path=/tmp/isa-serial,server,nowait,id=isa1 -device
> isa-serial,chardev=isa1,id=isa-serial1 -device
> virtio-serial-pci,id=virtio-serial0,bus=pci.0,addr=0x8 -chardev
> socket,id=charchannel0,path=/tmp/serial-socket,server,nowait -device
> virtserialport,bus=virtio-serial0.0,nr=1,chardev=charchannel0,id=channel0,
> name=com.redhat.rhevm.vdsm -chardev
> socket,path=/tmp/foo,server,nowait,id=foo -device
> virtconsole,chardev=foo,id=console0 -chardev
> spicevmc,id=charchannel1,name=vdagent -device
> virtserialport,bus=virtio-serial0.0,nr=2,chardev=charchannel1,id=channel1,
> name=com.redhat.spice.0 -device
> virtio-balloon-pci,id=balloon0,bus=pci.0,addr=0x9 -spice
> port=5930,disable-ticketing -vga qxl -k en-us -boot c -chardev
> socket,path=/tmp/qga.sock,server,nowait,id=qga0 -device
> virtserialport,bus=virtio-serial0.0,chardev=qga0,name=org.qemu.guest_agent.0
> -global  PIIX4_PM.disable_s3=0 -global PIIX4_PM.disable_s4=0
> 
> 2. Install the windows guest agent executable inside guest. 
> #qemu-ga.exe --service install.
> 
> 3. Check if the qemu-ga service starts, if not, start it.
> 
> 4. Send commands to guest agent.
> 
>  for i in $(seq 1 1000) ; do echo { "execute": "guest-ping"} | nc -U
> /tmp/qga.sock ; sleep 0.1; echo $i;  done
> 
> 
> Result: Before sending the command, qemu-ga resumes 828K mem and after
> finish the above script, it consumes 932K mem and will not change back to
> about 828K unless I reboot guest.
> 
> Hi, Jeff
> Do you this this is a problem?  The result is the same when testing win2012
> guest.
> 
> Thanks.
> Qunfang

Hi Qunfang,

Rather than stop at 1000, if you do an infinite loop, will the memory consumption continue to increase?  If the memory usage increases, but reaches a steady amount, that would not cause alarm to me, and I think the bug could be verified.  If instead, the memory usage keeps increasing so long as commands are sent, then that is a concern.  However, this bug was detected by code inspection, and not by observation - and so if it is leaking, then that may be a new bug rather than this specific fix.

Comment 13 Qunfang Zhang 2013-01-05 03:43:47 UTC

Hi, Jeff
Thanks a lot for the information. I will have a try later and verify it if have no issue. 


Thanks,
Qunfang

Comment 14 Qunfang Zhang 2013-01-05 05:38:02 UTC

Re-check again and there's no problem according to Jeff's comment 12.  Keep an infinite loop to send commands to guest agent, the guest memory usage reaches a steady amount (from 828K to 924K) during the loop. Guest and the agent always work well.

So this bug can be verified pass. 

Guest agent and qemu-kvm version:
qemu-kvm-0.12.1.2-2.346.el6.x86_64
qemu-guest-agent-win32-0.12.1.2-2.346.el6.x86_64

Comment 16 errata-xmlrpc 2013-02-21 07:32:49 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2013-0527.html

Note You need to log in before you can comment on or make changes to this bug.