Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.
RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 1311058

Summary: libvirt-python: memoryPeek fail with large memory address.
Product: Red Hat Enterprise Linux 7 Reporter: Kairui Song <kasong>
Component: libvirt-pythonAssignee: Pavel Hrdina <phrdina>
Status: CLOSED ERRATA QA Contact: Virtualization Bugs <virt-bugs>
Severity: medium Docs Contact:
Priority: unspecified    
Version: 7.2CC: dyuan, jdenemar, lcheng, mzhan
Target Milestone: rc   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: libvirt-python-1.3.2-1.el7 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2016-11-04 00:12:33 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
patch to fix the bug. none

Description Kairui Song 2016-02-23 09:59:28 UTC 
Created attachment 1129687 [details]
patch to fix the bug.

Description of problem:
libvirt-python: memoryPeek fail with 64bit memory address beyond 0x8000000000000000.


Version-Release number of selected component (if applicable):
libvirt-python-1.2.17-2.el7.x86_64


How reproducible:
100%


Steps to Reproduce:

1.Create a guest vm and start it.

2.run follow script in python

>>> import libvirt
>>> conn = libvirt.open()
>>> dom = conn.lookupByName('libvirt_test_api')
>>> dom.memoryPeek(0xffff880000099000, 8, libvirt.VIR_MEMORY_VIRTUAL)


Actual results:

Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/usr/lib64/python2.7/site-packages/libvirt.py", line 1436, in memoryPeek
    ret = libvirtmod.virDomainMemoryPeek(self._o, start, size, flags)
OverflowError: long too big to convert


Expected results:

8 byte of memory data at 0xffff880000099000 dumped.


Additional info:

"virsh qemu-monitor-command libvirt_test_api --hmp memsave 0xffff880000099000 8 tmp/memdump" works well.

'memoryPeek' calls 'virDomainMemoryPeek' which expect a unsigned long long as the address.

At libvirt-override.c:7588
> unsigned long long start;
.....
> if (!PyArg_ParseTuple(args, (char *)"OLnI:virDomainMemoryPeek",
>                       &pyobj_domain, &start, &size, &flags))

Using 'L' for PyArg_ParseTuple to parse a unsinged long long caused overflow with address beyond 0x8000000000000000.

Replace with

> if (!PyArg_ParseTuple(args, (char *)"OKnI:virDomainMemoryPeek",
>                       &pyobj_domain, &start, &size, &flags))

L -> K, will fix it.

There are also many other code using 'L' to parse unsigned long long, (generator.py:316, libvirt-override.c:7555 and others), might cause overflow under certain circumstances.
Comment 2 Pavel Hrdina 2016-03-01 13:39:08 UTC 
Upstream commit:

commit bc4c7477f02f3085bf2be47998b17fa6589823ab
Author: Pavel Hrdina <phrdina>
Date:   Tue Feb 23 13:45:36 2016 +0100

    libvirt-override: fix PyArg_ParseTuple for unsigned long long
Comment 5 lcheng 2016-03-09 09:11:03 UTC 
I can reproduce it in libvirt-python-1.2.17-2.el7.x86_64.

[root@intel-lizardhead-02 ~]# rpm -q libvirt-python
libvirt-python-1.2.17-2.el7.x86_64

[root@intel-lizardhead-02 ~]# python
Python 2.7.5 (default, Oct 11 2015, 17:47:16) 
[GCC 4.8.3 20140911 (Red Hat 4.8.3-9)] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> import libvirt
>>> conn=libvirt.open()
>>> dom=conn.lookupByName('snapshotguest')
>>> dom.memoryPeek(0xffff880000099000, 8, libvirt.VIR_MEMORY_VIRTUAL)
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/usr/lib64/python2.7/site-packages/libvirt.py", line 1436, in memoryPeek
    ret = libvirtmod.virDomainMemoryPeek(self._o, start, size, flags)
OverflowError: long too big to convert
>>>
>>> dom.blockPeek('vda', 0xffff880000099000, 32, 0)
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/usr/lib64/python2.7/site-packages/libvirt.py", line 779, in blockPeek
    ret = libvirtmod.virDomainBlockPeek(self._o, disk, offset, size, flags)
OverflowError: long too big to convert
>>>
>>> dom.memoryPeek(0xffff88, 0xffffff88ffffffff, libvirt.VIR_MEMORY_VIRTUAL)
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/usr/lib64/python2.7/site-packages/libvirt.py", line 1436, in memoryPeek
    ret = libvirtmod.virDomainMemoryPeek(self._o, start, size, flags)
OverflowError: Python int too large to convert to C long
>>>
>>> dom.blockPeek('vda', 0x88, 0xffffff88ffffffff, 0)
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/usr/lib64/python2.7/site-packages/libvirt.py", line 779, in blockPeek
    ret = libvirtmod.virDomainBlockPeek(self._o, disk, offset, size, flags)
OverflowError: Python int too large to convert to C long


============================================================================

Verify version:
[root@intel-lizardhead-02 ~]# rpm -q libvirt-python
libvirt-python-1.3.2-1.el7.x86_64

Steps:

[root@intel-lizardhead-02 ~]# python
Python 2.7.5 (default, Oct 11 2015, 17:47:16) 
[GCC 4.8.3 20140911 (Red Hat 4.8.3-9)] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> import libvirt
>>> conn=libvirt.open()
>>> dom=conn.lookupByName('snapshotguest')
>>> dom.memoryPeek(0xffff880000099000, 8, libvirt.VIR_MEMORY_VIRTUAL)
'\x00\x00\x00\x00\x00\x00\x00\x00'
>>>
>>> dom.blockPeek('vda', 0xffff880000099000, 32, 0)
libvirt: QEMU Driver error : /var/lib/libvirt/images/libvirt-test-api.1457410307: failed to seek or read: Invalid argument
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/usr/lib64/python2.7/site-packages/libvirt.py", line 786, in blockPeek
    if ret is None: raise libvirtError ('virDomainBlockPeek() failed', dom=self)
libvirt.libvirtError: /var/lib/libvirt/images/libvirt-test-api.1457410307: failed to seek or read: Invalid argument
>>>
>>> dom.memoryPeek(0xffff88, 0xffffff88ffffffff, libvirt.VIR_MEMORY_VIRTUAL)
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/usr/lib64/python2.7/site-packages/libvirt.py", line 1433, in memoryPeek
    ret = libvirtmod.virDomainMemoryPeek(self._o, start, size, flags)
MemoryError
>>>
>>> dom.blockPeek('vda', 0x88, 0xffffff88ffffffff, 0)
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/usr/lib64/python2.7/site-packages/libvirt.py", line 785, in blockPeek
    ret = libvirtmod.virDomainBlockPeek(self._o, disk, offset, size, flags)
MemoryError


No 'OverflowError', move to verified.
Comment 8 errata-xmlrpc 2016-11-04 00:12:33 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2016-2186.html