[5/5] block/nvme: Fix memory leak from nvme_init_queue()

Message ID	20211006164931.172349-6-philmd@redhat.com
State	New
Headers	show Return-Path: <qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org> From: =?utf-8?q?Philippe_Mathieu-Daud=C3=A9?= <philmd@redhat.com> To: qemu-devel@nongnu.org Subject: [PATCH 5/5] block/nvme: Fix memory leak from nvme_init_queue() Date: Wed, 6 Oct 2021 18:49:31 +0200 Message-Id: <20211006164931.172349-6-philmd@redhat.com> In-Reply-To: <20211006164931.172349-1-philmd@redhat.com> References: <20211006164931.172349-1-philmd@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Received-SPF: pass client-ip=216.205.24.124; envelope-from=philmd@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -28 X-Spam_score: -2.9 X-Spam_bar: -- X-Spam_report: (-2.9 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.05, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action Precedence: list Cc: Fam Zheng <fam@euphon.net>, Kevin Wolf <kwolf@redhat.com>, qemu-block@nongnu.org, Max Reitz <mreitz@redhat.com>, Hanna Reitz <hreitz@redhat.com>, Stefan Hajnoczi <stefanha@redhat.com>, =?utf-8?q?Philippe_Mathieu-Daud=C3=A9?= <philmd@redhat.com> Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Sender: "Qemu-devel" <qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org>
Series	block/nvme: Fix a memory leak in nvme_free_queue_pair() \| expand [0/5] block/nvme: Fix a memory leak in nvme_free_queue_pair() [1/5] block/nvme: Automatically free qemu_memalign() with QEMU_AUTO_VFREE [2/5] block/nvme: Display CQ/SQ pointer in nvme_free_queue_pair() [3/5] block/nvme: Extract nvme_free_queue() from nvme_free_queue_pair() [4/5] block/nvme: Pass BDRVNVMeState* handle to nvme_free_queue_pair() [5/5] block/nvme: Fix memory leak from nvme_init_queue()

Philippe Mathieu-Daudé Oct. 6, 2021, 4:49 p.m. UTC

nvme_create_queue_pair() allocates resources with qemu_vfio_dma_map(),
but we never release them. Do it in nvme_free_queue() which is called
from nvme_free_queue_pair().

Reported by valgrind:

  ==252858== 520,192 bytes in 1 blocks are still reachable in loss record 8,293 of 8,302
  ==252858==    at 0x4846803: memalign (vg_replace_malloc.c:1265)
  ==252858==    by 0x484691F: posix_memalign (vg_replace_malloc.c:1429)
  ==252858==    by 0xB8AFE4: qemu_try_memalign (oslib-posix.c:210)
  ==252858==    by 0xA9E315: nvme_create_queue_pair (nvme.c:229)
  ==252858==    by 0xAA0125: nvme_init (nvme.c:799)
  ==252858==    by 0xAA081C: nvme_file_open (nvme.c:953)
  ==252858==    by 0xA23DDD: bdrv_open_driver (block.c:1550)
  ==252858==    by 0xA24806: bdrv_open_common (block.c:1827)
  ==252858==    by 0xA2889B: bdrv_open_inherit (block.c:3747)
  ==252858==    by 0xA28DE4: bdrv_open (block.c:3840)
  ==252858==    by 0x9E0F8E: bds_tree_init (blockdev.c:675)
  ==252858==    by 0x9E7C74: qmp_blockdev_add (blockdev.c:3551)

Fixes: bdd6a90a9e5 ("block: Add VFIO based NVMe driver")
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
---
 block/nvme.c | 1 +
 1 file changed, 1 insertion(+)

Philippe Mathieu-Daudé Oct. 6, 2021, 4:58 p.m. UTC | #1

On 10/6/21 18:49, Philippe Mathieu-Daudé wrote:
> nvme_create_queue_pair() allocates resources with qemu_vfio_dma_map(),
> but we never release them. Do it in nvme_free_queue() which is called
> from nvme_free_queue_pair().
> 
> Reported by valgrind:
> 
>   ==252858== 520,192 bytes in 1 blocks are still reachable in loss record 8,293 of 8,302

BTW the "8302" number is kinda depressing...

Good news, with this patch I'm now at 8301.

>   ==252858==    at 0x4846803: memalign (vg_replace_malloc.c:1265)
>   ==252858==    by 0x484691F: posix_memalign (vg_replace_malloc.c:1429)
>   ==252858==    by 0xB8AFE4: qemu_try_memalign (oslib-posix.c:210)
>   ==252858==    by 0xA9E315: nvme_create_queue_pair (nvme.c:229)
>   ==252858==    by 0xAA0125: nvme_init (nvme.c:799)
>   ==252858==    by 0xAA081C: nvme_file_open (nvme.c:953)
>   ==252858==    by 0xA23DDD: bdrv_open_driver (block.c:1550)
>   ==252858==    by 0xA24806: bdrv_open_common (block.c:1827)
>   ==252858==    by 0xA2889B: bdrv_open_inherit (block.c:3747)
>   ==252858==    by 0xA28DE4: bdrv_open (block.c:3840)
>   ==252858==    by 0x9E0F8E: bds_tree_init (blockdev.c:675)
>   ==252858==    by 0x9E7C74: qmp_blockdev_add (blockdev.c:3551)
> 
> Fixes: bdd6a90a9e5 ("block: Add VFIO based NVMe driver")
> Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
> ---
>  block/nvme.c | 1 +
>  1 file changed, 1 insertion(+)
> 
> diff --git a/block/nvme.c b/block/nvme.c
> index 6e476f54b9f..903c8ffa060 100644
> --- a/block/nvme.c
> +++ b/block/nvme.c
> @@ -185,6 +185,7 @@ static bool nvme_init_queue(BDRVNVMeState *s, NVMeQueue *q,
>  
>  static void nvme_free_queue(BDRVNVMeState *s, NVMeQueue *q)
>  {
> +    qemu_vfio_dma_unmap(s->vfio, q->queue);
>      qemu_vfree(q->queue);
>  }
>  
>

Stefan Hajnoczi Oct. 7, 2021, 1:29 p.m. UTC | #2

On Wed, Oct 06, 2021 at 06:49:31PM +0200, Philippe Mathieu-Daudé wrote:
> nvme_create_queue_pair() allocates resources with qemu_vfio_dma_map(),
> but we never release them. Do it in nvme_free_queue() which is called
> from nvme_free_queue_pair().
> 
> Reported by valgrind:
> 
>   ==252858== 520,192 bytes in 1 blocks are still reachable in loss record 8,293 of 8,302
>   ==252858==    at 0x4846803: memalign (vg_replace_malloc.c:1265)
>   ==252858==    by 0x484691F: posix_memalign (vg_replace_malloc.c:1429)
>   ==252858==    by 0xB8AFE4: qemu_try_memalign (oslib-posix.c:210)
>   ==252858==    by 0xA9E315: nvme_create_queue_pair (nvme.c:229)
>   ==252858==    by 0xAA0125: nvme_init (nvme.c:799)
>   ==252858==    by 0xAA081C: nvme_file_open (nvme.c:953)
>   ==252858==    by 0xA23DDD: bdrv_open_driver (block.c:1550)
>   ==252858==    by 0xA24806: bdrv_open_common (block.c:1827)
>   ==252858==    by 0xA2889B: bdrv_open_inherit (block.c:3747)
>   ==252858==    by 0xA28DE4: bdrv_open (block.c:3840)
>   ==252858==    by 0x9E0F8E: bds_tree_init (blockdev.c:675)
>   ==252858==    by 0x9E7C74: qmp_blockdev_add (blockdev.c:3551)
> 
> Fixes: bdd6a90a9e5 ("block: Add VFIO based NVMe driver")
> Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
> ---
>  block/nvme.c | 1 +
>  1 file changed, 1 insertion(+)
> 
> diff --git a/block/nvme.c b/block/nvme.c
> index 6e476f54b9f..903c8ffa060 100644
> --- a/block/nvme.c
> +++ b/block/nvme.c
> @@ -185,6 +185,7 @@ static bool nvme_init_queue(BDRVNVMeState *s, NVMeQueue *q,
>  
>  static void nvme_free_queue(BDRVNVMeState *s, NVMeQueue *q)
>  {
> +    qemu_vfio_dma_unmap(s->vfio, q->queue);
>      qemu_vfree(q->queue);
>  }

I can't figure out the issue. qemu_vfree(q->queue) was already called
before this patch. How does adding qemu_vfio_dma_unmap() help with the
valgrind report in the commit description?

Stefan

Philippe Mathieu-Daudé Oct. 7, 2021, 1:34 p.m. UTC | #3

On 10/7/21 15:29, Stefan Hajnoczi wrote:
> On Wed, Oct 06, 2021 at 06:49:31PM +0200, Philippe Mathieu-Daudé wrote:
>> nvme_create_queue_pair() allocates resources with qemu_vfio_dma_map(),
>> but we never release them. Do it in nvme_free_queue() which is called
>> from nvme_free_queue_pair().
>>
>> Reported by valgrind:
>>
>>   ==252858== 520,192 bytes in 1 blocks are still reachable in loss record 8,293 of 8,302
>>   ==252858==    at 0x4846803: memalign (vg_replace_malloc.c:1265)
>>   ==252858==    by 0x484691F: posix_memalign (vg_replace_malloc.c:1429)
>>   ==252858==    by 0xB8AFE4: qemu_try_memalign (oslib-posix.c:210)
>>   ==252858==    by 0xA9E315: nvme_create_queue_pair (nvme.c:229)
>>   ==252858==    by 0xAA0125: nvme_init (nvme.c:799)
>>   ==252858==    by 0xAA081C: nvme_file_open (nvme.c:953)
>>   ==252858==    by 0xA23DDD: bdrv_open_driver (block.c:1550)
>>   ==252858==    by 0xA24806: bdrv_open_common (block.c:1827)
>>   ==252858==    by 0xA2889B: bdrv_open_inherit (block.c:3747)
>>   ==252858==    by 0xA28DE4: bdrv_open (block.c:3840)
>>   ==252858==    by 0x9E0F8E: bds_tree_init (blockdev.c:675)
>>   ==252858==    by 0x9E7C74: qmp_blockdev_add (blockdev.c:3551)
>>
>> Fixes: bdd6a90a9e5 ("block: Add VFIO based NVMe driver")
>> Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
>> ---
>>  block/nvme.c | 1 +
>>  1 file changed, 1 insertion(+)
>>
>> diff --git a/block/nvme.c b/block/nvme.c
>> index 6e476f54b9f..903c8ffa060 100644
>> --- a/block/nvme.c
>> +++ b/block/nvme.c
>> @@ -185,6 +185,7 @@ static bool nvme_init_queue(BDRVNVMeState *s, NVMeQueue *q,
>>  
>>  static void nvme_free_queue(BDRVNVMeState *s, NVMeQueue *q)
>>  {
>> +    qemu_vfio_dma_unmap(s->vfio, q->queue);
>>      qemu_vfree(q->queue);
>>  }
> 
> I can't figure out the issue. qemu_vfree(q->queue) was already called
> before this patch. How does adding qemu_vfio_dma_unmap() help with the
> valgrind report in the commit description?

You are right, I think I didn't select the correct record
between the 8302 reported by valgrind. I will revisit, thanks.

Kevin Wolf Nov. 2, 2021, 12:33 p.m. UTC | #4

Am 07.10.2021 um 15:34 hat Philippe Mathieu-Daudé geschrieben:
> On 10/7/21 15:29, Stefan Hajnoczi wrote:
> > On Wed, Oct 06, 2021 at 06:49:31PM +0200, Philippe Mathieu-Daudé wrote:
> >> nvme_create_queue_pair() allocates resources with qemu_vfio_dma_map(),
> >> but we never release them. Do it in nvme_free_queue() which is called
> >> from nvme_free_queue_pair().
> >>
> >> Reported by valgrind:
> >>
> >>   ==252858== 520,192 bytes in 1 blocks are still reachable in loss record 8,293 of 8,302
> >>   ==252858==    at 0x4846803: memalign (vg_replace_malloc.c:1265)
> >>   ==252858==    by 0x484691F: posix_memalign (vg_replace_malloc.c:1429)
> >>   ==252858==    by 0xB8AFE4: qemu_try_memalign (oslib-posix.c:210)
> >>   ==252858==    by 0xA9E315: nvme_create_queue_pair (nvme.c:229)
> >>   ==252858==    by 0xAA0125: nvme_init (nvme.c:799)
> >>   ==252858==    by 0xAA081C: nvme_file_open (nvme.c:953)
> >>   ==252858==    by 0xA23DDD: bdrv_open_driver (block.c:1550)
> >>   ==252858==    by 0xA24806: bdrv_open_common (block.c:1827)
> >>   ==252858==    by 0xA2889B: bdrv_open_inherit (block.c:3747)
> >>   ==252858==    by 0xA28DE4: bdrv_open (block.c:3840)
> >>   ==252858==    by 0x9E0F8E: bds_tree_init (blockdev.c:675)
> >>   ==252858==    by 0x9E7C74: qmp_blockdev_add (blockdev.c:3551)
> >>
> >> Fixes: bdd6a90a9e5 ("block: Add VFIO based NVMe driver")
> >> Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
> >> ---
> >>  block/nvme.c | 1 +
> >>  1 file changed, 1 insertion(+)
> >>
> >> diff --git a/block/nvme.c b/block/nvme.c
> >> index 6e476f54b9f..903c8ffa060 100644
> >> --- a/block/nvme.c
> >> +++ b/block/nvme.c
> >> @@ -185,6 +185,7 @@ static bool nvme_init_queue(BDRVNVMeState *s, NVMeQueue *q,
> >>  
> >>  static void nvme_free_queue(BDRVNVMeState *s, NVMeQueue *q)
> >>  {
> >> +    qemu_vfio_dma_unmap(s->vfio, q->queue);
> >>      qemu_vfree(q->queue);
> >>  }
> > 
> > I can't figure out the issue. qemu_vfree(q->queue) was already called
> > before this patch. How does adding qemu_vfio_dma_unmap() help with the
> > valgrind report in the commit description?
> 
> You are right, I think I didn't select the correct record
> between the 8302 reported by valgrind. I will revisit, thanks.

Should we still merge (parts of) this series for 6.2? Or does this mean
that we don't want it at all?

Kevin

Philippe Mathieu-Daudé Nov. 2, 2021, 12:36 p.m. UTC | #5

On 11/2/21 13:33, Kevin Wolf wrote:
> Am 07.10.2021 um 15:34 hat Philippe Mathieu-Daudé geschrieben:
>> On 10/7/21 15:29, Stefan Hajnoczi wrote:
>>> On Wed, Oct 06, 2021 at 06:49:31PM +0200, Philippe Mathieu-Daudé wrote:
>>>> nvme_create_queue_pair() allocates resources with qemu_vfio_dma_map(),
>>>> but we never release them. Do it in nvme_free_queue() which is called
>>>> from nvme_free_queue_pair().
>>>>
>>>> Reported by valgrind:
>>>>
>>>>   ==252858== 520,192 bytes in 1 blocks are still reachable in loss record 8,293 of 8,302
>>>>   ==252858==    at 0x4846803: memalign (vg_replace_malloc.c:1265)
>>>>   ==252858==    by 0x484691F: posix_memalign (vg_replace_malloc.c:1429)
>>>>   ==252858==    by 0xB8AFE4: qemu_try_memalign (oslib-posix.c:210)
>>>>   ==252858==    by 0xA9E315: nvme_create_queue_pair (nvme.c:229)
>>>>   ==252858==    by 0xAA0125: nvme_init (nvme.c:799)
>>>>   ==252858==    by 0xAA081C: nvme_file_open (nvme.c:953)
>>>>   ==252858==    by 0xA23DDD: bdrv_open_driver (block.c:1550)
>>>>   ==252858==    by 0xA24806: bdrv_open_common (block.c:1827)
>>>>   ==252858==    by 0xA2889B: bdrv_open_inherit (block.c:3747)
>>>>   ==252858==    by 0xA28DE4: bdrv_open (block.c:3840)
>>>>   ==252858==    by 0x9E0F8E: bds_tree_init (blockdev.c:675)
>>>>   ==252858==    by 0x9E7C74: qmp_blockdev_add (blockdev.c:3551)
>>>>
>>>> Fixes: bdd6a90a9e5 ("block: Add VFIO based NVMe driver")
>>>> Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
>>>> ---
>>>>  block/nvme.c | 1 +
>>>>  1 file changed, 1 insertion(+)
>>>>
>>>> diff --git a/block/nvme.c b/block/nvme.c
>>>> index 6e476f54b9f..903c8ffa060 100644
>>>> --- a/block/nvme.c
>>>> +++ b/block/nvme.c
>>>> @@ -185,6 +185,7 @@ static bool nvme_init_queue(BDRVNVMeState *s, NVMeQueue *q,
>>>>  
>>>>  static void nvme_free_queue(BDRVNVMeState *s, NVMeQueue *q)
>>>>  {
>>>> +    qemu_vfio_dma_unmap(s->vfio, q->queue);
>>>>      qemu_vfree(q->queue);
>>>>  }
>>>
>>> I can't figure out the issue. qemu_vfree(q->queue) was already called
>>> before this patch. How does adding qemu_vfio_dma_unmap() help with the
>>> valgrind report in the commit description?
>>
>> You are right, I think I didn't select the correct record
>> between the 8302 reported by valgrind. I will revisit, thanks.
> 
> Should we still merge (parts of) this series for 6.2? Or does this mean
> that we don't want it at all?

Patches #1-4 are cleanups welcome for 6.2 :) However we do not want #5.

Kevin Wolf Nov. 2, 2021, 2:50 p.m. UTC | #6

Am 02.11.2021 um 13:36 hat Philippe Mathieu-Daudé geschrieben:
> On 11/2/21 13:33, Kevin Wolf wrote:
> > Am 07.10.2021 um 15:34 hat Philippe Mathieu-Daudé geschrieben:
> >> On 10/7/21 15:29, Stefan Hajnoczi wrote:
> >>> On Wed, Oct 06, 2021 at 06:49:31PM +0200, Philippe Mathieu-Daudé wrote:
> >>>> nvme_create_queue_pair() allocates resources with qemu_vfio_dma_map(),
> >>>> but we never release them. Do it in nvme_free_queue() which is called
> >>>> from nvme_free_queue_pair().
> >>>>
> >>>> Reported by valgrind:
> >>>>
> >>>>   ==252858== 520,192 bytes in 1 blocks are still reachable in loss record 8,293 of 8,302
> >>>>   ==252858==    at 0x4846803: memalign (vg_replace_malloc.c:1265)
> >>>>   ==252858==    by 0x484691F: posix_memalign (vg_replace_malloc.c:1429)
> >>>>   ==252858==    by 0xB8AFE4: qemu_try_memalign (oslib-posix.c:210)
> >>>>   ==252858==    by 0xA9E315: nvme_create_queue_pair (nvme.c:229)
> >>>>   ==252858==    by 0xAA0125: nvme_init (nvme.c:799)
> >>>>   ==252858==    by 0xAA081C: nvme_file_open (nvme.c:953)
> >>>>   ==252858==    by 0xA23DDD: bdrv_open_driver (block.c:1550)
> >>>>   ==252858==    by 0xA24806: bdrv_open_common (block.c:1827)
> >>>>   ==252858==    by 0xA2889B: bdrv_open_inherit (block.c:3747)
> >>>>   ==252858==    by 0xA28DE4: bdrv_open (block.c:3840)
> >>>>   ==252858==    by 0x9E0F8E: bds_tree_init (blockdev.c:675)
> >>>>   ==252858==    by 0x9E7C74: qmp_blockdev_add (blockdev.c:3551)
> >>>>
> >>>> Fixes: bdd6a90a9e5 ("block: Add VFIO based NVMe driver")
> >>>> Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
> >>>> ---
> >>>>  block/nvme.c | 1 +
> >>>>  1 file changed, 1 insertion(+)
> >>>>
> >>>> diff --git a/block/nvme.c b/block/nvme.c
> >>>> index 6e476f54b9f..903c8ffa060 100644
> >>>> --- a/block/nvme.c
> >>>> +++ b/block/nvme.c
> >>>> @@ -185,6 +185,7 @@ static bool nvme_init_queue(BDRVNVMeState *s, NVMeQueue *q,
> >>>>  
> >>>>  static void nvme_free_queue(BDRVNVMeState *s, NVMeQueue *q)
> >>>>  {
> >>>> +    qemu_vfio_dma_unmap(s->vfio, q->queue);
> >>>>      qemu_vfree(q->queue);
> >>>>  }
> >>>
> >>> I can't figure out the issue. qemu_vfree(q->queue) was already called
> >>> before this patch. How does adding qemu_vfio_dma_unmap() help with the
> >>> valgrind report in the commit description?
> >>
> >> You are right, I think I didn't select the correct record
> >> between the 8302 reported by valgrind. I will revisit, thanks.
> > 
> > Should we still merge (parts of) this series for 6.2? Or does this mean
> > that we don't want it at all?
> 
> Patches #1-4 are cleanups welcome for 6.2 :) However we do not want #5.

Thanks. Patch 4 doesn't seem to make sense without 5 (and definitely not
without rewriting the commit message), but I'm applying patches 1-3.

Kevin

Philippe Mathieu-Daudé Nov. 2, 2021, 3:17 p.m. UTC | #7

On 11/2/21 15:50, Kevin Wolf wrote:
> Am 02.11.2021 um 13:36 hat Philippe Mathieu-Daudé geschrieben:
>> On 11/2/21 13:33, Kevin Wolf wrote:

>>> Should we still merge (parts of) this series for 6.2? Or does this mean
>>> that we don't want it at all?
>>
>> Patches #1-4 are cleanups welcome for 6.2 :) However we do not want #5.
> 
> Thanks. Patch 4 doesn't seem to make sense without 5 (and definitely not
> without rewriting the commit message), but I'm applying patches 1-3.

Oops indeed. Thank you, that helps.

[5/5] block/nvme: Fix memory leak from nvme_init_queue()

Commit Message

Comments

Patch