Re: [PATCH] virtio-balloon: fix memory leak while attach virtio-balloon device
On 2019/12/3 13:34, Michael S. Tsirkin wrote:
> On Tue, Dec 03, 2019 at 09:44:19AM +0800, pannengy...@huawei.com wrote:
>> From: PanNengyuan
>>
>> ivq/dvq/svq/free_page_vq is forgot to cleanup in
>> virtio_balloon_device_unrealize, the memory leak stack is as follow:
>>
>> Direct leak of 14336 byte(s) in 2 object(s) allocated from:
>> #0 0x7f99fd9d8560 in calloc (/usr/lib64/libasan.so.3+0xc7560)
>> #1 0x7f99fcb20015 in g_malloc0 (/usr/lib64/libglib-2.0.so.0+0x50015)
>> #2 0x557d90638437 in virtio_add_queue
>> /mnt/sdb/qemu-4.2.0-rc0/hw/virtio/virtio.c:2327
>> #3 0x557d9064401d in virtio_balloon_device_realize
>> /mnt/sdb/qemu-4.2.0-rc0/hw/virtio/virtio-balloon.c:793
>> #4 0x557d906356f7 in virtio_device_realize
>> /mnt/sdb/qemu-4.2.0-rc0/hw/virtio/virtio.c:3504
>> #5 0x557d9073f081 in device_set_realized
>> /mnt/sdb/qemu-4.2.0-rc0/hw/core/qdev.c:876
>> #6 0x557d908b1f4d in property_set_bool
>> /mnt/sdb/qemu-4.2.0-rc0/qom/object.c:2080
>> #7 0x557d908b655e in object_property_set_qobject
>> /mnt/sdb/qemu-4.2.0-rc0/qom/qom-qobject.c:26
>>
>> Reported-by: Euler Robot
>> Signed-off-by: PanNengyuan
>> ---
>> hw/virtio/virtio-balloon.c | 7 +++
>> 1 file changed, 7 insertions(+)
>>
>> diff --git a/hw/virtio/virtio-balloon.c b/hw/virtio/virtio-balloon.c
>> index 40b04f5..5329c65 100644
>> --- a/hw/virtio/virtio-balloon.c
>> +++ b/hw/virtio/virtio-balloon.c
>> @@ -831,6 +831,13 @@ static void virtio_balloon_device_unrealize(DeviceState
>> *dev, Error **errp)
>> }
>> balloon_stats_destroy_timer(s);
>> qemu_remove_balloon_handler(s);
>> +
>> +virtio_del_queue(vdev, 0);
>> +virtio_del_queue(vdev, 1);
>> +virtio_del_queue(vdev, 2);
>> +if (s->free_page_vq) {
>> +virtio_del_queue(vdev, 3);
>> +}
>> virtio_cleanup(vdev);
>> }
>
> Hmm ok, but how about just doing it through a vq pointer then?
> Seems cleaner. E.g. use patch below and add your on top
> using the new virtio_delete_queue?
>
ok, It seems more cleaner, I will send a new version later.
Thanks.
> -->
> virtio: add ability to delete vq through a pointer
>
> Devices tend to maintain vq pointers, allow deleting them like this.
>
> Signed-off-by: Michael S. Tsirkin
>
> --
>
> diff --git a/include/hw/virtio/virtio.h b/include/hw/virtio/virtio.h
> index c32a815303..e18756d50d 100644
> --- a/include/hw/virtio/virtio.h
> +++ b/include/hw/virtio/virtio.h
> @@ -183,6 +183,8 @@ VirtQueue *virtio_add_queue(VirtIODevice *vdev, int
> queue_size,
>
> void virtio_del_queue(VirtIODevice *vdev, int n);
>
> +void virtio_delete_queue(VirtQueue *vq);
> +
> void virtqueue_push(VirtQueue *vq, const VirtQueueElement *elem,
> unsigned int len);
> void virtqueue_flush(VirtQueue *vq, unsigned int count);
> diff --git a/hw/virtio/virtio.c b/hw/virtio/virtio.c
> index 04716b5f6c..31dd140990 100644
> --- a/hw/virtio/virtio.c
> +++ b/hw/virtio/virtio.c
> @@ -2330,17 +2330,22 @@ VirtQueue *virtio_add_queue(VirtIODevice *vdev, int
> queue_size,
> return &vdev->vq[i];
> }
>
> +void virtio_delete_queue(VirtQueue *vq)
> +{
> +vq->vring.num = 0;
> +vq->vring.num_default = 0;
> +vq->handle_output = NULL;
> +vq->handle_aio_output = NULL;
> +g_free(vq->used_elems);
> +}
> +
> void virtio_del_queue(VirtIODevice *vdev, int n)
> {
> if (n < 0 || n >= VIRTIO_QUEUE_MAX) {
> abort();
> }
>
> -vdev->vq[n].vring.num = 0;
> -vdev->vq[n].vring.num_default = 0;
> -vdev->vq[n].handle_output = NULL;
> -vdev->vq[n].handle_aio_output = NULL;
> -g_free(vdev->vq[n].used_elems);
> +virtio_delete_queue(&vdev->vq[n]);
> }
>
> static void virtio_set_isr(VirtIODevice *vdev, int value)
>
>
> .
>
Re: [PATCH] virtio-balloon: fix memory leak while attach virtio-balloon device
On Tue, Dec 03, 2019 at 09:44:19AM +0800, pannengy...@huawei.com wrote:
> From: PanNengyuan
>
> ivq/dvq/svq/free_page_vq is forgot to cleanup in
> virtio_balloon_device_unrealize, the memory leak stack is as follow:
>
> Direct leak of 14336 byte(s) in 2 object(s) allocated from:
> #0 0x7f99fd9d8560 in calloc (/usr/lib64/libasan.so.3+0xc7560)
> #1 0x7f99fcb20015 in g_malloc0 (/usr/lib64/libglib-2.0.so.0+0x50015)
> #2 0x557d90638437 in virtio_add_queue
> /mnt/sdb/qemu-4.2.0-rc0/hw/virtio/virtio.c:2327
> #3 0x557d9064401d in virtio_balloon_device_realize
> /mnt/sdb/qemu-4.2.0-rc0/hw/virtio/virtio-balloon.c:793
> #4 0x557d906356f7 in virtio_device_realize
> /mnt/sdb/qemu-4.2.0-rc0/hw/virtio/virtio.c:3504
> #5 0x557d9073f081 in device_set_realized
> /mnt/sdb/qemu-4.2.0-rc0/hw/core/qdev.c:876
> #6 0x557d908b1f4d in property_set_bool
> /mnt/sdb/qemu-4.2.0-rc0/qom/object.c:2080
> #7 0x557d908b655e in object_property_set_qobject
> /mnt/sdb/qemu-4.2.0-rc0/qom/qom-qobject.c:26
>
> Reported-by: Euler Robot
> Signed-off-by: PanNengyuan
> ---
> hw/virtio/virtio-balloon.c | 7 +++
> 1 file changed, 7 insertions(+)
>
> diff --git a/hw/virtio/virtio-balloon.c b/hw/virtio/virtio-balloon.c
> index 40b04f5..5329c65 100644
> --- a/hw/virtio/virtio-balloon.c
> +++ b/hw/virtio/virtio-balloon.c
> @@ -831,6 +831,13 @@ static void virtio_balloon_device_unrealize(DeviceState
> *dev, Error **errp)
> }
> balloon_stats_destroy_timer(s);
> qemu_remove_balloon_handler(s);
> +
> +virtio_del_queue(vdev, 0);
> +virtio_del_queue(vdev, 1);
> +virtio_del_queue(vdev, 2);
> +if (s->free_page_vq) {
> +virtio_del_queue(vdev, 3);
> +}
> virtio_cleanup(vdev);
> }
Hmm ok, but how about just doing it through a vq pointer then?
Seems cleaner. E.g. use patch below and add your on top
using the new virtio_delete_queue?
-->
virtio: add ability to delete vq through a pointer
Devices tend to maintain vq pointers, allow deleting them like this.
Signed-off-by: Michael S. Tsirkin
--
diff --git a/include/hw/virtio/virtio.h b/include/hw/virtio/virtio.h
index c32a815303..e18756d50d 100644
--- a/include/hw/virtio/virtio.h
+++ b/include/hw/virtio/virtio.h
@@ -183,6 +183,8 @@ VirtQueue *virtio_add_queue(VirtIODevice *vdev, int
queue_size,
void virtio_del_queue(VirtIODevice *vdev, int n);
+void virtio_delete_queue(VirtQueue *vq);
+
void virtqueue_push(VirtQueue *vq, const VirtQueueElement *elem,
unsigned int len);
void virtqueue_flush(VirtQueue *vq, unsigned int count);
diff --git a/hw/virtio/virtio.c b/hw/virtio/virtio.c
index 04716b5f6c..31dd140990 100644
--- a/hw/virtio/virtio.c
+++ b/hw/virtio/virtio.c
@@ -2330,17 +2330,22 @@ VirtQueue *virtio_add_queue(VirtIODevice *vdev, int
queue_size,
return &vdev->vq[i];
}
+void virtio_delete_queue(VirtQueue *vq)
+{
+vq->vring.num = 0;
+vq->vring.num_default = 0;
+vq->handle_output = NULL;
+vq->handle_aio_output = NULL;
+g_free(vq->used_elems);
+}
+
void virtio_del_queue(VirtIODevice *vdev, int n)
{
if (n < 0 || n >= VIRTIO_QUEUE_MAX) {
abort();
}
-vdev->vq[n].vring.num = 0;
-vdev->vq[n].vring.num_default = 0;
-vdev->vq[n].handle_output = NULL;
-vdev->vq[n].handle_aio_output = NULL;
-g_free(vdev->vq[n].used_elems);
+virtio_delete_queue(&vdev->vq[n]);
}
static void virtio_set_isr(VirtIODevice *vdev, int value)
[PATCH] virtio-balloon: fix memory leak while attach virtio-balloon device
From: PanNengyuan
ivq/dvq/svq/free_page_vq is forgot to cleanup in
virtio_balloon_device_unrealize, the memory leak stack is as follow:
Direct leak of 14336 byte(s) in 2 object(s) allocated from:
#0 0x7f99fd9d8560 in calloc (/usr/lib64/libasan.so.3+0xc7560)
#1 0x7f99fcb20015 in g_malloc0 (/usr/lib64/libglib-2.0.so.0+0x50015)
#2 0x557d90638437 in virtio_add_queue
/mnt/sdb/qemu-4.2.0-rc0/hw/virtio/virtio.c:2327
#3 0x557d9064401d in virtio_balloon_device_realize
/mnt/sdb/qemu-4.2.0-rc0/hw/virtio/virtio-balloon.c:793
#4 0x557d906356f7 in virtio_device_realize
/mnt/sdb/qemu-4.2.0-rc0/hw/virtio/virtio.c:3504
#5 0x557d9073f081 in device_set_realized
/mnt/sdb/qemu-4.2.0-rc0/hw/core/qdev.c:876
#6 0x557d908b1f4d in property_set_bool
/mnt/sdb/qemu-4.2.0-rc0/qom/object.c:2080
#7 0x557d908b655e in object_property_set_qobject
/mnt/sdb/qemu-4.2.0-rc0/qom/qom-qobject.c:26
Reported-by: Euler Robot
Signed-off-by: PanNengyuan
---
hw/virtio/virtio-balloon.c | 7 +++
1 file changed, 7 insertions(+)
diff --git a/hw/virtio/virtio-balloon.c b/hw/virtio/virtio-balloon.c
index 40b04f5..5329c65 100644
--- a/hw/virtio/virtio-balloon.c
+++ b/hw/virtio/virtio-balloon.c
@@ -831,6 +831,13 @@ static void virtio_balloon_device_unrealize(DeviceState
*dev, Error **errp)
}
balloon_stats_destroy_timer(s);
qemu_remove_balloon_handler(s);
+
+virtio_del_queue(vdev, 0);
+virtio_del_queue(vdev, 1);
+virtio_del_queue(vdev, 2);
+if (s->free_page_vq) {
+virtio_del_queue(vdev, 3);
+}
virtio_cleanup(vdev);
}
--
2.7.2.windows.1
