Bug 1196688 - bdrv_make_zero() passes a too large nb_sectors value to bdrv_write_zeroes()
Summary: bdrv_make_zero() passes a too large nb_sectors value to bdrv_write_zeroes()
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: qemu-kvm-rhev
Version: 7.1
Hardware: Unspecified
OS: Unspecified
high
urgent
Target Milestone: rc
: ---
Assignee: Stefan Hajnoczi
QA Contact: Virtualization Bugs
URL:
Whiteboard:
: 1196698 (view as bug list)
Depends On:
Blocks: 1194743 1200043 1203543
TreeView+ depends on / blocked
 
Reported: 2015-02-26 14:32 UTC by Stefan Hajnoczi
Modified: 2015-12-04 16:30 UTC (History)
14 users (show)

Fixed In Version: qemu 2.2
Doc Type: Bug Fix
Doc Text:
On a virtual disk with a high number of sectors, the number of sectors was in some cases handled incorrectly, and converting a QEMU image failed with an "invalid argument" error. This update fixes the incorrect calculation that caused this error, and the described failure no longer occurs.
Clone Of:
: 1200043 1203543 (view as bug list)
Environment:
Last Closed: 2015-12-04 16:30:14 UTC
Target Upstream Version:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2015:2546 0 normal SHIPPED_LIVE qemu-kvm-rhev bug fix and enhancement update 2015-12-04 21:11:56 UTC

Description Stefan Hajnoczi 2015-02-26 14:32:47 UTC 
Description of problem:

bdrv_make_zero() clamps the nb_sectors value:

  if (nb_sectors > INT_MAX) {
      nb_sectors = INT_MAX;
  }

But INT_MAX is too large because bdrv_rw_co() performs the following check later:

  if (nb_sectors < 0 || nb_sectors > INT_MAX / BDRV_SECTOR_SIZE) {
      return -EINVAL;
  }

Fam Zheng already fixed this bug upstream so we just need to backport the fix:
http://git.qemu-project.org/?p=qemu.git;a=commitdiff;h=f3a9cfddaec127078ac1898de6b063db8ac3bb48


How reproducible:
Deterministic


Steps to Reproduce:
1. qemu-img create input.img 2G
2. qemu-img create output.img 2G
3. sudo losetup -f output.img
4. qemu-img convert -t none -O raw input.img /dev/loop0


Actual results:
qemu-img: error writing zeroes at sector 0: Invalid argument


Expected results:
Success from qemu-img convert.
Comment 1 Stefan Hajnoczi 2015-02-27 12:18:16 UTC 
*** Bug 1196698 has been marked as a duplicate of this bug. ***
Comment 2 Stefan Hajnoczi 2015-03-06 22:35:37 UTC 
Set state to modified.  The patch will come into RHEL 7.2 qemu-kvm from upstream via rebase.
Comment 3 Dan Prince 2015-03-09 12:37:31 UTC 
This same issue effects Fedora 21 as well and is displayed when trying to use OpenStack Cinder to convert Glance images. Could we backport the fix into Fedora 21 as well (it is preventing upstream CI from using Fedora ATM).
Comment 12 Shaolong Hu 2015-07-02 10:17:33 UTC 
Reproduced on qemu-kvm-rhev-2.1.2-23.el7.x86_64:


1. qemu-img create input.img 2G
2. qemu-img create output.img 2G
3. sudo losetup -f output.img
4. qemu-img convert -t none -O raw input.img /dev/loop0
qemu-img: error writing zeroes at sector 0: Invalid argument


Verified on qemu-kvm-1.5.3-86.el7.x86_64 and qemu-kvm-rhev-2.3.0-6.el7.x86_64:

step 4 succeeds.
Comment 14 errata-xmlrpc 2015-12-04 16:30:14 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2015-2546.html
Note You need to log in before you can comment on or make changes to this bug.