Bug 1196688

Summary: bdrv_make_zero() passes a too large nb_sectors value to bdrv_write_zeroes()
Product: Red Hat Enterprise Linux 7 Reporter: Stefan Hajnoczi <stefanha>
Component: qemu-kvm-rhevAssignee: Stefan Hajnoczi <stefanha>
Status: CLOSED ERRATA QA Contact: Virtualization Bugs <virt-bugs>
Severity: urgent Docs Contact:
Priority: high    
Version: 7.1CC: dprince, dron, ebarrera, eharney, huding, jen, jherrman, jraju, juzhang, mrezanin, myllynen, stefanha, virt-maint, xfu
Target Milestone: rcKeywords: ZStream
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: qemu 2.2 Doc Type: Bug Fix
Doc Text:
On a virtual disk with a high number of sectors, the number of sectors was in some cases handled incorrectly, and converting a QEMU image failed with an "invalid argument" error. This update fixes the incorrect calculation that caused this error, and the described failure no longer occurs.
 Story Points: ---
Clone Of:
: 1200043 1203543 (view as bug list) Environment:
Last Closed: 2015-12-04 16:30:14 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1194743, 1200043, 1203543    

Description Stefan Hajnoczi 2015-02-26 14:32:47 UTC 
Description of problem:

bdrv_make_zero() clamps the nb_sectors value:

  if (nb_sectors > INT_MAX) {
      nb_sectors = INT_MAX;
  }

But INT_MAX is too large because bdrv_rw_co() performs the following check later:

  if (nb_sectors < 0 || nb_sectors > INT_MAX / BDRV_SECTOR_SIZE) {
      return -EINVAL;
  }

Fam Zheng already fixed this bug upstream so we just need to backport the fix:
http://git.qemu-project.org/?p=qemu.git;a=commitdiff;h=f3a9cfddaec127078ac1898de6b063db8ac3bb48


How reproducible:
Deterministic


Steps to Reproduce:
1. qemu-img create input.img 2G
2. qemu-img create output.img 2G
3. sudo losetup -f output.img
4. qemu-img convert -t none -O raw input.img /dev/loop0


Actual results:
qemu-img: error writing zeroes at sector 0: Invalid argument


Expected results:
Success from qemu-img convert.
Comment 1 Stefan Hajnoczi 2015-02-27 12:18:16 UTC 
*** Bug 1196698 has been marked as a duplicate of this bug. ***
Comment 2 Stefan Hajnoczi 2015-03-06 22:35:37 UTC 
Set state to modified.  The patch will come into RHEL 7.2 qemu-kvm from upstream via rebase.
Comment 3 Dan Prince 2015-03-09 12:37:31 UTC 
This same issue effects Fedora 21 as well and is displayed when trying to use OpenStack Cinder to convert Glance images. Could we backport the fix into Fedora 21 as well (it is preventing upstream CI from using Fedora ATM).
Comment 12 Shaolong Hu 2015-07-02 10:17:33 UTC 
Reproduced on qemu-kvm-rhev-2.1.2-23.el7.x86_64:


1. qemu-img create input.img 2G
2. qemu-img create output.img 2G
3. sudo losetup -f output.img
4. qemu-img convert -t none -O raw input.img /dev/loop0
qemu-img: error writing zeroes at sector 0: Invalid argument


Verified on qemu-kvm-1.5.3-86.el7.x86_64 and qemu-kvm-rhev-2.3.0-6.el7.x86_64:

step 4 succeeds.
Comment 14 errata-xmlrpc 2015-12-04 16:30:14 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2015-2546.html