Pmem: Fix resource leaks#5855
Merged
ilstam merged 5 commits intofirecracker-microvm:mainfrom Apr 29, 2026
Merged
Conversation
Codecov Report❌ Patch coverage is Additional details and impacted files@@ Coverage Diff @@
## main #5855 +/- ##
==========================================
- Coverage 82.87% 82.79% -0.09%
==========================================
Files 276 276
Lines 29728 29764 +36
==========================================
+ Hits 24637 24643 +6
- Misses 5091 5121 +30
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
ilstam
added
the
Status: Awaiting review
Manciukic
previously approved these changes
Apr 24, 2026
Contributor
Manciukic
left a comment
Manciukic
left a comment
There was a problem hiding this comment.
LGTM, just a few non-blocking nitpicks
ShadowCurse
reviewed
Apr 24, 2026
ShadowCurse
reviewed
Apr 28, 2026
Manciukic
previously approved these changes
Apr 29, 2026
Contributor
Manciukic
left a comment
Manciukic
left a comment
There was a problem hiding this comment.
LGTM, just a possible minor issue about the drop ordering
ShadowCurse
previously approved these changes
Apr 29, 2026
Pmem::alloc_region() panics if it fails to allocate the address range it needs. That is especially problematic for hot-plugging support, since it means failing to attach a device would kill the entire VM. Remove the unwrap and introduce a new error code that is propagated to the caller in case of failure. Signed-off-by: Ilias Stamatis <ilstam@amazon.com>
Change PmemBuilder to store Vec<PmemConfig> instead of Vec<Arc<Mutex<Pmem>>>. Created the actual Pmem device objects in attach_pmem_devices() in builder.rs, matching the pattern already used by memory_hotplug/virtio-mem. This means VmResources no longer holds device objects for pmem, only configs. This change will allows us to move the alloc_region() and set_pmem_region() calls into the Pmem object constructor and use RAII in a subsequent patch. Since the backing file is no longer validated at config time, move the zero-size file test from test_api.py to test_pmem.py where it now asserts the error at boot time. Signed-off-by: Ilias Stamatis <ilstam@amazon.com>
If EventFd allocation fails in new_with_queues() then the Pmem drop() function never runs and the memory allocated with mmap() is never freed. To fix this introduce a RAII PmemMmap struct that performs mmap in its constructor and munmap in its Drop implementation. Signed-off-by: Ilias Stamatis <ilstam@amazon.com>
Pass config_space and acked_features as arguments to new_with_queues() instead of mutating the Pmem struct from the restore() caller. This moves the state initialization into the constructor. ConfigSpace is passed as an Option because in a subsequent patch we will allocate the guest memory region if ConfigSpace is not set and make alloc_region() non public. avail_features is not passed because it is determined by the device implementation and cannot be changed by the guest, so it is always the same value regardless of whether we are creating a new device or restoring from a snapshot. Signed-off-by: Ilias Stamatis <ilstam@amazon.com>
The Pmem struct does not fully use RAII, it rather has separate alloc_region() and set_mem_region() calls to allocate a guest memory region and then allocate a KVM memory slot and configure it. Crucially it never deallocates these resources anywhere which was not a problem until now, but it will become a problem once we support device hot-unplugging. Introduce GuestPmemRegion and KvmMemSlot RAII structs that manage the lifecycle of the GPA allocation and KVM user memory region respectively. These replace the manual alloc_region() and set_mem_region() calls. Both resources are now allocated inside new_with_queues(), making the constructor self-contained. Callers no longer need to call alloc_region() or set_mem_region() separately. Signed-off-by: Ilias Stamatis <ilstam@amazon.com>
Manciukic
approved these changes
Apr 29, 2026
ShadowCurse
approved these changes
Apr 29, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
There are resource leaks in Pmem which are not a problem currently, but will be a problem once we have device hotplugging support.
License Acceptance
By submitting this pull request, I confirm that my contribution is made under
the terms of the Apache 2.0 license. For more information on following Developer
Certificate of Origin and signing off your commits, please check
CONTRIBUTING.md.PR Checklist
tools/devtool checkbuild --allto verify that the PR passesbuild checks on all supported architectures.
tools/devtool checkstyleto verify that the PR passes theautomated style checks.
how they are solving the problem in a clear and encompassing way.
in the PR.
CHANGELOG.md.Runbook for Firecracker API changes.
integration tests.
TODO.rust-vmm.