Bug 1203543

Summary: bdrv_make_zero() passes a too large nb_sectors value to bdrv_write_zeroes()
Product: Red Hat Enterprise Linux 7 Reporter: Jan Kurik <jkurik>
Component: qemu-kvm-rhevAssignee: Stefan Hajnoczi <stefanha>
Status: CLOSED ERRATA QA Contact: Virtualization Bugs <virt-bugs>
Severity: unspecified Docs Contact:
Priority: high    
Version: 7.1CC: adahms, amureini, djuran, dmaley, dprince, dron, eharney, hhuang, huding, jen, jherrman, jkurik, jraju, juli, juzhang, kevin.x.wang, lyarwood, mrezanin, mykaul, myllynen, nsabine, pm-eus, scohen, sgotliv, sluo, s-takeda, stefanha, tatsu-ab1, tnisan, virt-bugs, virt-maint, xfu
Target Milestone: rcKeywords: Regression, ZStream
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: qemu-kvm-rhev-2.1.2-23.el7_1.2 Doc Type: Bug Fix
Doc Text:
On a virtual disk with a high number of sectors, the number of sectors was in some cases handled incorrectly, and converting a QEMU image failed with an "invalid argument" error. This update fixes the incorrect calculation that caused this error, and the described failure no longer occurs.
Story Points: ---
Clone Of: 1196688
: 1215775 1215776 1216130 (view as bug list) Environment:
Last Closed: 2015-05-07 15:13:01 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1196688    
Bug Blocks: 1194743, 1209034, 1215744, 1215775, 1215776, 1216130    

Description Jan Kurik 2015-03-19 05:20:11 UTC
This bug has been copied from bug #1196688 and has been proposed
to be backported to 7.1 z-stream (EUS).

Comment 10 Stefan Hajnoczi 2015-04-07 16:31:15 UTC
Posted patch.  Sorry for the delay, there was an issue with the last patch I posted and I missed that the patch had been dropped.

Comment 13 Miroslav Rezanina 2015-04-21 07:22:02 UTC
Fix included in qemu-kvm-rhev-2.1.2-23.el7_1_1.2

Comment 20 Jun Li 2015-04-24 03:13:04 UTC
Test on qemu-kvm-rhev-2.1.2-23.el7.x86_64. Steps as bz 1196688 comment#0. 

Steps:
1. qemu-img create input.img 2G
2. qemu-img create output.img 2G
3. sudo losetup -f output.img
4. qemu-img convert -t none -O raw input.img /dev/loop0


Actual results:
After step 4, can not find any error.

Stefan and Jan,

  Could you help to check above reproduce method is right or not? If incorrect, could you give some suggestions? 

  Another question, does QE need to do more testing for verify this bz. Thx.


Regards,
Jun Li

Comment 23 Stefan Hajnoczi 2015-04-24 10:36:32 UTC
(In reply to Jun Li from comment #20)
> Test on qemu-kvm-rhev-2.1.2-23.el7.x86_64. Steps as bz 1196688 comment#0. 
> 
> Steps:
> 1. qemu-img create input.img 2G
> 2. qemu-img create output.img 2G
> 3. sudo losetup -f output.img
> 4. qemu-img convert -t none -O raw input.img /dev/loop0
> 
> 
> Actual results:
> After step 4, can not find any error.
> 
> Stefan and Jan,
> 
>   Could you help to check above reproduce method is right or not? If
> incorrect, could you give some suggestions? 
> 
>   Another question, does QE need to do more testing for verify this bz. Thx.

That verifies the fix, additional tests are not necessary.  Thank you!

Stefan

Comment 24 Jun Li 2015-04-24 12:29:31 UTC
(In reply to Stefan Hajnoczi from comment #23)
> (In reply to Jun Li from comment #20)
> > Test on qemu-kvm-rhev-2.1.2-23.el7.x86_64. Steps as bz 1196688 comment#0. 
> > 
> > Steps:
> > 1. qemu-img create input.img 2G
> > 2. qemu-img create output.img 2G
> > 3. sudo losetup -f output.img
> > 4. qemu-img convert -t none -O raw input.img /dev/loop0
> > 
> > 
> > Actual results:
> > After step 4, can not find any error.
> > 
> > Stefan and Jan,
> > 
> >   Could you help to check above reproduce method is right or not? If
> > incorrect, could you give some suggestions? 
> > 
> >   Another question, does QE need to do more testing for verify this bz. Thx.
> 
> That verifies the fix, additional tests are not necessary.  Thank you!
> 
> Stefan

Hi Stefan,

Seems above method can not reproduce this issue. 

QE just do a simple debug, seems can not call bdrv_make_zero() when execute "qemu-img convert -t none -O raw input.img /dev/loop0".


static int img_convert(int argc, char **argv)
{
...
                                       +-------> Here will return 0.
                                       |
        if (!has_zero_init && bdrv_can_write_zeroes_with_unmap(out_bs)) {
            ret = bdrv_make_zero(out_bs, BDRV_REQ_MAY_UNMAP);
            if (ret < 0) {
                goto out;
            }
...
}

As bdrv_can_write_zeroes_with_unmap(out_bs) will return 0, so can not call  bdrv_make_zero(out_bs, BDRV_REQ_MAY_UNMAP).

bdrv_can_write_zeroes_with_unmap
    bdrv_get_info

   int bdrv_get_info(BlockDriverState *bs, BlockDriverInfo *bdi)
{
    BlockDriver *drv = bs->drv;
    if (!drv)
        return -ENOMEDIUM;
    if (!drv->bdrv_get_info)  -----> Here !drv->bdrv_get_info will be 1.
        return -ENOTSUP;                                   |
    memset(bdi, 0, sizeof(*bdi));                          |
    return drv->bdrv_get_info(bs, bdi);                    |
}                                                          |
                                                           |
                                                          \|/ 
                                               I don't know why here is 1. Could you give some explanations and suggestions ? Thx.




Regards,
Jun Li

Comment 25 Stefan Hajnoczi 2015-04-24 17:52:14 UTC
(In reply to Jun Li from comment #24)
> (In reply to Stefan Hajnoczi from comment #23)
> > (In reply to Jun Li from comment #20)
> > > Test on qemu-kvm-rhev-2.1.2-23.el7.x86_64. Steps as bz 1196688 comment#0. 
> > > 
> > > Steps:
> > > 1. qemu-img create input.img 2G
> > > 2. qemu-img create output.img 2G
> > > 3. sudo losetup -f output.img
> > > 4. qemu-img convert -t none -O raw input.img /dev/loop0
> > > 
> > > 
> > > Actual results:
> > > After step 4, can not find any error.
> > > 
> > > Stefan and Jan,
> > > 
> > >   Could you help to check above reproduce method is right or not? If
> > > incorrect, could you give some suggestions? 
> > > 
> > >   Another question, does QE need to do more testing for verify this bz. Thx.
> > 
> > That verifies the fix, additional tests are not necessary.  Thank you!
> > 
> > Stefan
> 
> Hi Stefan,
> 
> Seems above method can not reproduce this issue. 
> 
> QE just do a simple debug, seems can not call bdrv_make_zero() when execute
> "qemu-img convert -t none -O raw input.img /dev/loop0".

I cannot reproduce what you are showing:

$ git log --oneline
509328f block: Fix max nb_sectors in bdrv_make_zero
230c69c Update to qemu-kvm-rhev-2.1.2-23.el7
$ gdb ./qemu-img --args ./qemu-img convert -t none -O raw input.img /dev/loop0
(gdb) b bdrv_can_write_zeroes_with_unmap
(gdb) r
(gdb) finish
Run till exit from #0  bdrv_can_write_zeroes_with_unmap (
    bs=0x555555c65ac0) at block.c:3950
0x0000555555569194 in img_convert (argc=<optimized out>, 
    argv=<optimized out>) at qemu-img.c:1608
1608	        if (!has_zero_init && bdrv_can_write_zeroes_with_unmap(out_bs)) {
Value returned is $1 = true

The function is returning true, so the bdrv_make_zero() code path gets taken.

Can you retry with the exact GDB commands that I have provided?

Comment 26 Jun Li 2015-04-27 03:18:03 UTC
(In reply to Stefan Hajnoczi from comment #25)
> (In reply to Jun Li from comment #24)
> > (In reply to Stefan Hajnoczi from comment #23)
> > > (In reply to Jun Li from comment #20)
> > > > Test on qemu-kvm-rhev-2.1.2-23.el7.x86_64. Steps as bz 1196688 comment#0. 
> > > > 
> > > > Steps:
> > > > 1. qemu-img create input.img 2G
> > > > 2. qemu-img create output.img 2G
> > > > 3. sudo losetup -f output.img
> > > > 4. qemu-img convert -t none -O raw input.img /dev/loop0
> > > > 
> > > > 
> > > > Actual results:
> > > > After step 4, can not find any error.
> > > > 
> > > > Stefan and Jan,
> > > > 
> > > >   Could you help to check above reproduce method is right or not? If
> > > > incorrect, could you give some suggestions? 
> > > > 
> > > >   Another question, does QE need to do more testing for verify this bz. Thx.
> > > 
> > > That verifies the fix, additional tests are not necessary.  Thank you!
> > > 
> > > Stefan
> > 
> > Hi Stefan,
> > 
> > Seems above method can not reproduce this issue. 
> > 
> > QE just do a simple debug, seems can not call bdrv_make_zero() when execute
> > "qemu-img convert -t none -O raw input.img /dev/loop0".
> 
> I cannot reproduce what you are showing:
> 
> $ git log --oneline
> 509328f block: Fix max nb_sectors in bdrv_make_zero
> 230c69c Update to qemu-kvm-rhev-2.1.2-23.el7
> $ gdb ./qemu-img --args ./qemu-img convert -t none -O raw input.img
> /dev/loop0
> (gdb) b bdrv_can_write_zeroes_with_unmap
> (gdb) r
> (gdb) finish
> Run till exit from #0  bdrv_can_write_zeroes_with_unmap (
>     bs=0x555555c65ac0) at block.c:3950
> 0x0000555555569194 in img_convert (argc=<optimized out>, 
>     argv=<optimized out>) at qemu-img.c:1608
> 1608	        if (!has_zero_init && bdrv_can_write_zeroes_with_unmap(out_bs))
> {
> Value returned is $1 = true
> 
> The function is returning true, so the bdrv_make_zero() code path gets taken.
> 
> Can you retry with the exact GDB commands that I have provided?


Hi Stefan,

 So Sorry. Wrong qemu-img shell execute environment.
# which qemu-img 
/usr/local/bin/qemu-img

# rpm -ql qemu-img-rhev-2.1.2-23.el7.x86_64
/usr/bin/qemu-img
/usr/bin/qemu-io
/usr/bin/qemu-nbd
/usr/share/man/man1/qemu-img.1.gz
/usr/share/man/man8/qemu-nbd.8.gz

Then using the correct qemu-img shell path test as followings:

Reproduce:
Version of components:
qemu-img-rhev-2.1.2-23.el7.x86_64

# losetup -D

# losetup -l

# /usr/bin/qemu-img create input.img 2G
Formatting 'input.img', fmt=raw size=2147483648

# /usr/bin/qemu-img create output.img 2G
Formatting 'output.img', fmt=raw size=2147483648

# losetup -f output.img

# losetup -l
NAME       SIZELIMIT OFFSET AUTOCLEAR RO BACK-FILE
/dev/loop0         0      0         0  0 /tmp/output.img

# /usr/bin/qemu-img convert -t none -O raw input.img /dev/loop0
qemu-img: error writing zeroes at sector 0: Invalid argument

As above show, this bz has been reproduced.

Verify:
Version of components:
qemu-img-rhev-2.1.2-23.el7_1.2.x86_64

Steps:
1,
# losetup -D
2,
# losetup -l
3,
# /usr/bin/qemu-img create input.img 2G
Formatting 'input.img', fmt=raw size=2147483648 
4,
# /usr/bin/qemu-img create output.img 2G
Formatting 'output.img', fmt=raw size=2147483648 
5,
# losetup -f output.img
6,
# losetup -l
NAME       SIZELIMIT OFFSET AUTOCLEAR RO BACK-FILE
/dev/loop0         0      0         0  0 /tmp/output.img
7,
# /usr/bin/qemu-img convert -t none -O raw input.img /dev/loop0

After step 7, no any error occur. 


Based on above show, this bz has been verified. Thanks Stefan again.


Regards,
Jun Li

Comment 32 errata-xmlrpc 2015-05-07 15:13:01 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2015-0952.html