[PATCH 0/4] vCPU hotunplug related memory leaks

[PATCH 0/4] vCPU hotunplug related memory leaks

[Mark Kanda]

This series addresses a few vCPU hotunplug related leaks (found with Valgrind).

Mark Kanda (4):
  softmmu/cpus: Free cpu->thread in cpu_remove_sync()
  softmmu/cpus: Free cpu->halt_cond in cpu_remove_sync()
  cpu: Free cpu->cpu_ases in cpu_exec_unrealizefn()
  i386/cpu: Free env->xsave_buf in x86_cpu_unrealizefn()

 cpu.c             | 1 +
 softmmu/cpus.c    | 2 ++
 target/i386/cpu.c | 2 ++
 3 files changed, 5 insertions(+)

-- 
2.27.0

[PATCH 1/4] softmmu/cpus: Free cpu->thread in cpu_remove_sync()

[Mark Kanda]

vCPU hotunplug related leak reported by Valgrind:

==377357== 8 bytes in 1 blocks are definitely lost in loss record 1,029 of 8,471
==377357==    at 0x4C3ADBB: calloc (vg_replace_malloc.c:1117)
==377357==    by 0x65C14CD: g_malloc0 (in /usr/lib64/libglib-2.0.so.0.5600.4)
==377357==    by 0x8B5AC8: kvm_start_vcpu_thread (kvm-accel-ops.c:68)
==377357==    by 0x7817AF: qemu_init_vcpu (cpus.c:634)
==377357==    by 0x7185A3: x86_cpu_realizefn (cpu.c:6447)
==377357==    by 0x8E46B7: device_set_realized (qdev.c:531)
==377357==    by 0x8EE36F: property_set_bool (object.c:2268)
==377357==    by 0x8EC3C5: object_property_set (object.c:1403)
==377357==    by 0x8F075D: object_property_set_qobject (qom-qobject.c:28)
==377357==    by 0x8EC72C: object_property_set_bool (object.c:1472)
==377357==    by 0x8E3F7F: qdev_realize (qdev.c:333)
==377357==    by 0x43F3A2: qdev_device_add_from_qdict (qdev-monitor.c:711)

Signed-off-by: Mark Kanda <mark.kanda@oracle.com>
---
 softmmu/cpus.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/softmmu/cpus.c b/softmmu/cpus.c
index 23bca46b07..1d8380d4aa 100644
--- a/softmmu/cpus.c
+++ b/softmmu/cpus.c
@@ -603,6 +603,7 @@ void cpu_remove_sync(CPUState *cpu)
     qemu_mutex_unlock_iothread();
     qemu_thread_join(cpu->thread);
     qemu_mutex_lock_iothread();
+    g_free(cpu->thread);
 }
 
 void cpus_register_accel(const AccelOpsClass *ops)
-- 
2.27.0

[PATCH 2/4] softmmu/cpus: Free cpu->halt_cond in cpu_remove_sync()

[Mark Kanda]

vCPU hotunplug related leak reported by Valgrind:

==377357== 56 bytes in 1 blocks are definitely lost in loss record 5,017 of 8,471
==377357==    at 0x4C3ADBB: calloc (vg_replace_malloc.c:1117)
==377357==    by 0x65C14CD: g_malloc0 (in /usr/lib64/libglib-2.0.so.0.5600.4)
==377357==    by 0x8B5AE0: kvm_start_vcpu_thread (kvm-accel-ops.c:69)
==377357==    by 0x7817AF: qemu_init_vcpu (cpus.c:634)
==377357==    by 0x7185A3: x86_cpu_realizefn (cpu.c:6447)
==377357==    by 0x8E46B7: device_set_realized (qdev.c:531)
==377357==    by 0x8EE36F: property_set_bool (object.c:2268)
==377357==    by 0x8EC3C5: object_property_set (object.c:1403)
==377357==    by 0x8F075D: object_property_set_qobject (qom-qobject.c:28)
==377357==    by 0x8EC72C: object_property_set_bool (object.c:1472)
==377357==    by 0x8E3F7F: qdev_realize (qdev.c:333)
==377357==    by 0x43F3A2: qdev_device_add_from_qdict (qdev-monitor.c:711)

Signed-off-by: Mark Kanda <mark.kanda@oracle.com>
---
 softmmu/cpus.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/softmmu/cpus.c b/softmmu/cpus.c
index 1d8380d4aa..edaa36f6dc 100644
--- a/softmmu/cpus.c
+++ b/softmmu/cpus.c
@@ -604,6 +604,7 @@ void cpu_remove_sync(CPUState *cpu)
     qemu_thread_join(cpu->thread);
     qemu_mutex_lock_iothread();
     g_free(cpu->thread);
+    g_free(cpu->halt_cond);
 }
 
 void cpus_register_accel(const AccelOpsClass *ops)
-- 
2.27.0

[PATCH 3/4] cpu: Free cpu->cpu_ases in cpu_exec_unrealizefn()

[Mark Kanda]

vCPU hotunplug related leak reported by Valgrind:

==377357== 216 bytes in 1 blocks are definitely lost in loss record 7,042 of 8,471
==377357==    at 0x4C3ADBB: calloc (vg_replace_malloc.c:1117)
==377357==    by 0x65C14CD: g_malloc0 (in /usr/lib64/libglib-2.0.so.0.5600.4)
==377357==    by 0x78552E: cpu_address_space_init (physmem.c:750)
==377357==    by 0x78175B: qemu_init_vcpu (cpus.c:629)
==377357==    by 0x7185A3: x86_cpu_realizefn (cpu.c:6447)
==377357==    by 0x8E46B7: device_set_realized (qdev.c:531)
==377357==    by 0x8EE36F: property_set_bool (object.c:2268)
==377357==    by 0x8EC3C5: object_property_set (object.c:1403)
==377357==    by 0x8F075D: object_property_set_qobject (qom-qobject.c:28)
==377357==    by 0x8EC72C: object_property_set_bool (object.c:1472)
==377357==    by 0x8E3F7F: qdev_realize (qdev.c:333)
==377357==    by 0x43F3A2: qdev_device_add_from_qdict (qdev-monitor.c:711)

Signed-off-by: Mark Kanda <mark.kanda@oracle.com>
---
 cpu.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/cpu.c b/cpu.c
index 016bf06a1a..d5c730164a 100644
--- a/cpu.c
+++ b/cpu.c
@@ -170,6 +170,7 @@ void cpu_exec_unrealizefn(CPUState *cpu)
     if (tcg_enabled()) {
         tcg_exec_unrealizefn(cpu);
     }
+    g_free(cpu->cpu_ases);
 
     cpu_list_remove(cpu);
 }
-- 
2.27.0

[PATCH 4/4] i386/cpu: Free env->xsave_buf in x86_cpu_unrealizefn()

[Mark Kanda]

vCPU hotunplug related leak reported by Valgrind:

==377357== 4,096 bytes in 1 blocks are definitely lost in loss record 8,354 of 8,471
==377357==    at 0x4C3B15F: memalign (vg_replace_malloc.c:1265)
==377357==    by 0x4C3B288: posix_memalign (vg_replace_malloc.c:1429)
==377357==    by 0xAA4773: qemu_try_memalign (oslib-posix.c:222)
==377357==    by 0xAA47E5: qemu_memalign (oslib-posix.c:238)
==377357==    by 0x6C403D: kvm_arch_init_vcpu (kvm.c:1986)
==377357==    by 0x8AEB01: kvm_init_vcpu (kvm-all.c:516)
==377357==    by 0x8B59EA: kvm_vcpu_thread_fn (kvm-accel-ops.c:40)
==377357==    by 0xAA72F0: qemu_thread_start (qemu-thread-posix.c:556)
==377357==    by 0x8EE8159: start_thread (in /usr/lib64/libpthread-2.28.so)
==377357==    by 0x91FCDD2: clone (in /usr/lib64/libc-2.28.so)

Signed-off-by: Mark Kanda <mark.kanda@oracle.com>
---
 target/i386/cpu.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/target/i386/cpu.c b/target/i386/cpu.c
index aa9e636800..33405d245d 100644
--- a/target/i386/cpu.c
+++ b/target/i386/cpu.c
@@ -6487,6 +6487,7 @@ static void x86_cpu_unrealizefn(DeviceState *dev)
 {
     X86CPU *cpu = X86_CPU(dev);
     X86CPUClass *xcc = X86_CPU_GET_CLASS(dev);
+    CPUX86State *env = &cpu->env;
 
 #ifndef CONFIG_USER_ONLY
     cpu_remove_sync(CPU(dev));
@@ -6499,6 +6500,7 @@ static void x86_cpu_unrealizefn(DeviceState *dev)
     }
 
     xcc->parent_unrealize(dev);
+    g_free(env->xsave_buf);
 }
 
 typedef struct BitProperty {
-- 
2.27.0

Re: [PATCH 0/4] vCPU hotunplug related memory leaks

[Mark Kanda]

Gentle ping - any thoughts on this series?

Thanks/regards,
-Mark

On 1/26/2022 8:29 AM, Mark Kanda wrote:
> This series addresses a few vCPU hotunplug related leaks (found with Valgrind).
>
> Mark Kanda (4):
>    softmmu/cpus: Free cpu->thread in cpu_remove_sync()
>    softmmu/cpus: Free cpu->halt_cond in cpu_remove_sync()
>    cpu: Free cpu->cpu_ases in cpu_exec_unrealizefn()
>    i386/cpu: Free env->xsave_buf in x86_cpu_unrealizefn()
>
>   cpu.c             | 1 +
>   softmmu/cpus.c    | 2 ++
>   target/i386/cpu.c | 2 ++
>   3 files changed, 5 insertions(+)
>

Re: [PATCH 1/4] softmmu/cpus: Free cpu->thread in cpu_remove_sync()

[Philippe Mathieu-Daudé]

On 26/1/22 15:29, Mark Kanda wrote:
> vCPU hotunplug related leak reported by Valgrind:
> 
> ==377357== 8 bytes in 1 blocks are definitely lost in loss record 1,029 of 8,471
> ==377357==    at 0x4C3ADBB: calloc (vg_replace_malloc.c:1117)
> ==377357==    by 0x65C14CD: g_malloc0 (in /usr/lib64/libglib-2.0.so.0.5600.4)
> ==377357==    by 0x8B5AC8: kvm_start_vcpu_thread (kvm-accel-ops.c:68)
> ==377357==    by 0x7817AF: qemu_init_vcpu (cpus.c:634)
> ==377357==    by 0x7185A3: x86_cpu_realizefn (cpu.c:6447)
> ==377357==    by 0x8E46B7: device_set_realized (qdev.c:531)
> ==377357==    by 0x8EE36F: property_set_bool (object.c:2268)
> ==377357==    by 0x8EC3C5: object_property_set (object.c:1403)
> ==377357==    by 0x8F075D: object_property_set_qobject (qom-qobject.c:28)
> ==377357==    by 0x8EC72C: object_property_set_bool (object.c:1472)
> ==377357==    by 0x8E3F7F: qdev_realize (qdev.c:333)
> ==377357==    by 0x43F3A2: qdev_device_add_from_qdict (qdev-monitor.c:711)
> 
> Signed-off-by: Mark Kanda <mark.kanda@oracle.com>
> ---
>   softmmu/cpus.c | 1 +
>   1 file changed, 1 insertion(+)
> 
> diff --git a/softmmu/cpus.c b/softmmu/cpus.c
> index 23bca46b07..1d8380d4aa 100644
> --- a/softmmu/cpus.c
> +++ b/softmmu/cpus.c
> @@ -603,6 +603,7 @@ void cpu_remove_sync(CPUState *cpu)
>       qemu_mutex_unlock_iothread();
>       qemu_thread_join(cpu->thread);
>       qemu_mutex_lock_iothread();
> +    g_free(cpu->thread);

Shouldn't we free that in a dedicated AccelOpsClass::destroy_vcpu_thread
handler instead? (Similarly to free CPUState::halt_cond, next patch).

>   }