1311058 – libvirt-python: memoryPeek fail with large memory address.

Bug 1311058 - libvirt-python: memoryPeek fail with large memory address.

Summary: libvirt-python: memoryPeek fail with large memory address.

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux 7
Classification:	Red Hat
Component:	libvirt-python
Sub Component:
Version:	7.2
Hardware:	x86_64
OS:	Linux
Priority:	unspecified
Severity:	medium
Target Milestone:	rc
Target Release:	---
Assignee:	Pavel Hrdina
QA Contact:	Virtualization Bugs
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2016-02-23 09:59 UTC by Kairui Song
Modified:	2016-11-04 00:12 UTC (History)
CC List:	4 users (show)
Fixed In Version:	libvirt-python-1.3.2-1.el7
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2016-11-04 00:12:33 UTC
Target Upstream Version:

Attachments	(Terms of Use)
patch to fix the bug. (767 bytes, application/mbox) 2016-02-23 09:59 UTC, Kairui Song	no flags	Details
View All Add an attachment (proposed patch, testcase, etc.)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHBA-2016:2186	0	normal	SHIPPED_LIVE	libvirt-python bug fix and enhancement update	2016-11-03 13:18:26 UTC

Description Kairui Song 2016-02-23 09:59:28 UTC

Created attachment 1129687 [details]
patch to fix the bug.

Description of problem:
libvirt-python: memoryPeek fail with 64bit memory address beyond 0x8000000000000000.


Version-Release number of selected component (if applicable):
libvirt-python-1.2.17-2.el7.x86_64


How reproducible:
100%


Steps to Reproduce:

1.Create a guest vm and start it.

2.run follow script in python

>>> import libvirt
>>> conn = libvirt.open()
>>> dom = conn.lookupByName('libvirt_test_api')
>>> dom.memoryPeek(0xffff880000099000, 8, libvirt.VIR_MEMORY_VIRTUAL)


Actual results:

Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/usr/lib64/python2.7/site-packages/libvirt.py", line 1436, in memoryPeek
    ret = libvirtmod.virDomainMemoryPeek(self._o, start, size, flags)
OverflowError: long too big to convert


Expected results:

8 byte of memory data at 0xffff880000099000 dumped.


Additional info:

"virsh qemu-monitor-command libvirt_test_api --hmp memsave 0xffff880000099000 8 tmp/memdump" works well.

'memoryPeek' calls 'virDomainMemoryPeek' which expect a unsigned long long as the address.

At libvirt-override.c:7588
> unsigned long long start;
.....
> if (!PyArg_ParseTuple(args, (char *)"OLnI:virDomainMemoryPeek",
>                       &pyobj_domain, &start, &size, &flags))

Using 'L' for PyArg_ParseTuple to parse a unsinged long long caused overflow with address beyond 0x8000000000000000.

Replace with

> if (!PyArg_ParseTuple(args, (char *)"OKnI:virDomainMemoryPeek",
>                       &pyobj_domain, &start, &size, &flags))

L -> K, will fix it.

There are also many other code using 'L' to parse unsigned long long, (generator.py:316, libvirt-override.c:7555 and others), might cause overflow under certain circumstances.

Comment 2 Pavel Hrdina 2016-03-01 13:39:08 UTC

Upstream commit:

commit bc4c7477f02f3085bf2be47998b17fa6589823ab
Author: Pavel Hrdina <phrdina>
Date:   Tue Feb 23 13:45:36 2016 +0100

    libvirt-override: fix PyArg_ParseTuple for unsigned long long

Comment 5 lcheng 2016-03-09 09:11:03 UTC

I can reproduce it in libvirt-python-1.2.17-2.el7.x86_64.

[root@intel-lizardhead-02 ~]# rpm -q libvirt-python
libvirt-python-1.2.17-2.el7.x86_64

[root@intel-lizardhead-02 ~]# python
Python 2.7.5 (default, Oct 11 2015, 17:47:16) 
[GCC 4.8.3 20140911 (Red Hat 4.8.3-9)] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> import libvirt
>>> conn=libvirt.open()
>>> dom=conn.lookupByName('snapshotguest')
>>> dom.memoryPeek(0xffff880000099000, 8, libvirt.VIR_MEMORY_VIRTUAL)
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/usr/lib64/python2.7/site-packages/libvirt.py", line 1436, in memoryPeek
    ret = libvirtmod.virDomainMemoryPeek(self._o, start, size, flags)
OverflowError: long too big to convert
>>>
>>> dom.blockPeek('vda', 0xffff880000099000, 32, 0)
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/usr/lib64/python2.7/site-packages/libvirt.py", line 779, in blockPeek
    ret = libvirtmod.virDomainBlockPeek(self._o, disk, offset, size, flags)
OverflowError: long too big to convert
>>>
>>> dom.memoryPeek(0xffff88, 0xffffff88ffffffff, libvirt.VIR_MEMORY_VIRTUAL)
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/usr/lib64/python2.7/site-packages/libvirt.py", line 1436, in memoryPeek
    ret = libvirtmod.virDomainMemoryPeek(self._o, start, size, flags)
OverflowError: Python int too large to convert to C long
>>>
>>> dom.blockPeek('vda', 0x88, 0xffffff88ffffffff, 0)
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/usr/lib64/python2.7/site-packages/libvirt.py", line 779, in blockPeek
    ret = libvirtmod.virDomainBlockPeek(self._o, disk, offset, size, flags)
OverflowError: Python int too large to convert to C long


============================================================================

Verify version:
[root@intel-lizardhead-02 ~]# rpm -q libvirt-python
libvirt-python-1.3.2-1.el7.x86_64

Steps:

[root@intel-lizardhead-02 ~]# python
Python 2.7.5 (default, Oct 11 2015, 17:47:16) 
[GCC 4.8.3 20140911 (Red Hat 4.8.3-9)] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> import libvirt
>>> conn=libvirt.open()
>>> dom=conn.lookupByName('snapshotguest')
>>> dom.memoryPeek(0xffff880000099000, 8, libvirt.VIR_MEMORY_VIRTUAL)
'\x00\x00\x00\x00\x00\x00\x00\x00'
>>>
>>> dom.blockPeek('vda', 0xffff880000099000, 32, 0)
libvirt: QEMU Driver error : /var/lib/libvirt/images/libvirt-test-api.1457410307: failed to seek or read: Invalid argument
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/usr/lib64/python2.7/site-packages/libvirt.py", line 786, in blockPeek
    if ret is None: raise libvirtError ('virDomainBlockPeek() failed', dom=self)
libvirt.libvirtError: /var/lib/libvirt/images/libvirt-test-api.1457410307: failed to seek or read: Invalid argument
>>>
>>> dom.memoryPeek(0xffff88, 0xffffff88ffffffff, libvirt.VIR_MEMORY_VIRTUAL)
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/usr/lib64/python2.7/site-packages/libvirt.py", line 1433, in memoryPeek
    ret = libvirtmod.virDomainMemoryPeek(self._o, start, size, flags)
MemoryError
>>>
>>> dom.blockPeek('vda', 0x88, 0xffffff88ffffffff, 0)
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/usr/lib64/python2.7/site-packages/libvirt.py", line 785, in blockPeek
    ret = libvirtmod.virDomainBlockPeek(self._o, disk, offset, size, flags)
MemoryError


No 'OverflowError', move to verified.

Comment 8 errata-xmlrpc 2016-11-04 00:12:33 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2016-2186.html

Note You need to log in before you can comment on or make changes to this bug.