[Qemu-devel] [PATCH v4] vmdk: Fix integer overflow in offset calculation

[Qemu-devel] [PATCH v4] vmdk: Fix integer overflow in offset calculation

[Fam Zheng]

This fixes the bug introduced by commit c6ac36e (vmdk: Optimize cluster
allocation).

$ ~/build/master/qemu-io /stor/vm/arch.vmdk -c 'write 2G 1k'
write failed: Invalid argument

Reported-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Signed-off-by: Fam Zheng <famz@redhat.com>

---
v4: Fix typo in file header: 1014 -> 2014.
v3: A new case 105 instead of embedding in 005. (Max)
---
 block/vmdk.c               |  2 +-
 tests/qemu-iotests/105     | 70 ++++++++++++++++++++++++++++++++++++++++++++++
 tests/qemu-iotests/105.out | 21 ++++++++++++++
 3 files changed, 92 insertions(+), 1 deletion(-)
 create mode 100755 tests/qemu-iotests/105
 create mode 100644 tests/qemu-iotests/105.out

diff --git a/block/vmdk.c b/block/vmdk.c
index afdea1a..4ae6c75 100644
--- a/block/vmdk.c
+++ b/block/vmdk.c
@@ -1113,7 +1113,7 @@ static int get_cluster_offset(BlockDriverState *bs,
     uint32_t min_count, *l2_table;
     bool zeroed = false;
     int64_t ret;
-    int32_t cluster_sector;
+    int64_t cluster_sector;
 
     if (m_data) {
         m_data->valid = 0;
diff --git a/tests/qemu-iotests/105 b/tests/qemu-iotests/105
new file mode 100755
index 0000000..9bae49e
--- /dev/null
+++ b/tests/qemu-iotests/105
@@ -0,0 +1,70 @@
+#!/bin/bash
+#
+# Create, read, write big image
+#
+# Copyright (C) 2014 Red Hat, Inc.
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+#
+
+# creator
+owner=famz@redhat.com
+
+seq=`basename $0`
+echo "QA output created by $seq"
+
+here=`pwd`
+tmp=/tmp/$$
+status=1	# failure is the default!
+
+_cleanup()
+{
+	_cleanup_test_img
+}
+trap "_cleanup; exit \$status" 0 1 2 3 15
+
+# get standard environment, filters and checks
+. ./common.rc
+. ./common.filter
+
+_supported_fmt qcow2 vmdk vhdx qed
+_supported_proto generic
+_supported_os Linux
+_unsupported_imgopts "subformat=twoGbMaxExtentFlat" \
+                     "subformat=twoGbMaxExtentSparse"
+
+echo
+echo "creating large image"
+_make_test_img 16T
+
+echo
+echo "small read"
+$QEMU_IO -c "read 1024 4096" "$TEST_IMG" | _filter_qemu_io
+
+echo
+echo "small write"
+$QEMU_IO -c "write 8192 4096" "$TEST_IMG" | _filter_qemu_io
+
+echo
+echo "small read at high offset"
+$QEMU_IO -c "read 14T 4096" "$TEST_IMG" | _filter_qemu_io
+
+echo
+echo "small write at high offset"
+$QEMU_IO -c "write 14T 4096" "$TEST_IMG" | _filter_qemu_io
+
+# success, all done
+echo "*** done"
+rm -f $seq.full
+status=0
diff --git a/tests/qemu-iotests/105.out b/tests/qemu-iotests/105.out
new file mode 100644
index 0000000..de47061
--- /dev/null
+++ b/tests/qemu-iotests/105.out
@@ -0,0 +1,21 @@
+QA output created by 105
+
+creating large image
+Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=17592186044416
+
+small read
+read 4096/4096 bytes at offset 1024
+4 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+
+small write
+wrote 4096/4096 bytes at offset 8192
+4 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+
+small read at high offset
+read 4096/4096 bytes at offset 4398046511104
+4 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+
+small write at high offset
+wrote 4096/4096 bytes at offset 4398046511104
+4 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+*** done
-- 
1.9.3

Re: [Qemu-devel] [PATCH v4] vmdk: Fix integer overflow in offset calculation

[Stefan Hajnoczi]

[-- Attachment #1: Type: text/plain, Size: 865 bytes --]

On Mon, Sep 22, 2014 at 03:15:44PM +0800, Fam Zheng wrote:
> This fixes the bug introduced by commit c6ac36e (vmdk: Optimize cluster
> allocation).
> 
> $ ~/build/master/qemu-io /stor/vm/arch.vmdk -c 'write 2G 1k'
> write failed: Invalid argument
> 
> Reported-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
> Signed-off-by: Fam Zheng <famz@redhat.com>
> 
> ---
> v4: Fix typo in file header: 1014 -> 2014.
> v3: A new case 105 instead of embedding in 005. (Max)
> ---
>  block/vmdk.c               |  2 +-
>  tests/qemu-iotests/105     | 70 ++++++++++++++++++++++++++++++++++++++++++++++
>  tests/qemu-iotests/105.out | 21 ++++++++++++++
>  3 files changed, 92 insertions(+), 1 deletion(-)
>  create mode 100755 tests/qemu-iotests/105
>  create mode 100644 tests/qemu-iotests/105.out

Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>

[-- Attachment #2: Type: application/pgp-signature, Size: 473 bytes --]

Re: [Qemu-devel] [PATCH v4] vmdk: Fix integer overflow in offset calculation

[Max Reitz]

On 22.09.2014 09:15, Fam Zheng wrote:
> This fixes the bug introduced by commit c6ac36e (vmdk: Optimize cluster
> allocation).
>
> $ ~/build/master/qemu-io /stor/vm/arch.vmdk -c 'write 2G 1k'
> write failed: Invalid argument
>
> Reported-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
> Signed-off-by: Fam Zheng <famz@redhat.com>
>
> ---
> v4: Fix typo in file header: 1014 -> 2014.
> v3: A new case 105 instead of embedding in 005. (Max)
> ---
>   block/vmdk.c               |  2 +-
>   tests/qemu-iotests/105     | 70 ++++++++++++++++++++++++++++++++++++++++++++++
>   tests/qemu-iotests/105.out | 21 ++++++++++++++
>   3 files changed, 92 insertions(+), 1 deletion(-)
>   create mode 100755 tests/qemu-iotests/105
>   create mode 100644 tests/qemu-iotests/105.out

I'm sorry, but you didn't add the respective line to the group file. 
Also, the reference output is wrong; for the latter two accesses, it 
should be "at offset 15393162788864" (14T) instead of "at offset 
4398046511104" (4T).

Those changes are trivial, though, so with an appropriate line in 
tests/qemu-iotests/group and %s/4398046511104/15393162788864/ in 
tests/qemu-iotests/105.out:

Reviewed-by: Max Reitz <mreitz@redhat.com>

Re: [Qemu-devel] [PATCH v4] vmdk: Fix integer overflow in offset calculation

[Fam Zheng]

On Mon, 09/22 14:32, Max Reitz wrote:
> On 22.09.2014 09:15, Fam Zheng wrote:
> >This fixes the bug introduced by commit c6ac36e (vmdk: Optimize cluster
> >allocation).
> >
> >$ ~/build/master/qemu-io /stor/vm/arch.vmdk -c 'write 2G 1k'
> >write failed: Invalid argument
> >
> >Reported-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
> >Signed-off-by: Fam Zheng <famz@redhat.com>
> >
> >---
> >v4: Fix typo in file header: 1014 -> 2014.
> >v3: A new case 105 instead of embedding in 005. (Max)
> >---
> >  block/vmdk.c               |  2 +-
> >  tests/qemu-iotests/105     | 70 ++++++++++++++++++++++++++++++++++++++++++++++
> >  tests/qemu-iotests/105.out | 21 ++++++++++++++
> >  3 files changed, 92 insertions(+), 1 deletion(-)
> >  create mode 100755 tests/qemu-iotests/105
> >  create mode 100644 tests/qemu-iotests/105.out
> 
> I'm sorry, but you didn't add the respective line to the group file. Also,
> the reference output is wrong; for the latter two accesses, it should be "at
> offset 15393162788864" (14T) instead of "at offset 4398046511104" (4T).

Oops I saw a no-op when running check, but thought it passed!

> 
> Those changes are trivial, though, so with an appropriate line in
> tests/qemu-iotests/group and %s/4398046511104/15393162788864/ in
> tests/qemu-iotests/105.out:

Thanks so much for your careful reviewing! I am fixing this and picking up your
rev-by line in v5.

Fam

> 
> Reviewed-by: Max Reitz <mreitz@redhat.com>

Re: [Qemu-devel] [PATCH v4] vmdk: Fix integer overflow in offset calculation

[Mark Cave-Ayland]

On 22/09/14 08:15, Fam Zheng wrote:

> This fixes the bug introduced by commit c6ac36e (vmdk: Optimize cluster
> allocation).
>
> $ ~/build/master/qemu-io /stor/vm/arch.vmdk -c 'write 2G 1k'
> write failed: Invalid argument
>
> Reported-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
> Signed-off-by: Fam Zheng <famz@redhat.com>

Unfortunately I don't have access to the VMWare system anymore (it 
belongs to a client) but I can at least confirm that applying your v4 
patch to git master allows me to complete the original conversion 
process without throwing an error at the 2GB limit.


Many thanks,

Mark.