vmdk: Fix integer overflow in offset calculation

qemu with hax to log dma reads & writes jcs.org/2018/11/12/vfio

This fixes the bug introduced by commit c6ac36e (vmdk: Optimize cluster
allocation).

$ ~/build/master/qemu-io /stor/vm/arch.vmdk -c 'write 2G 1k'
write failed: Invalid argument

Reported-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Fam Zheng <famz@redhat.com>
Message-id: 1411437381-11234-1-git-send-email-famz@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>

authored by

Fam Zheng and committed by

Stefan Hajnoczi 11 years ago d1319b07 fbf28a43

+93 -1

4 changed files

expand all

block

vmdk.c

tests

qemu-iotests

105

105.out

group

+1 -1

block/vmdk.c

··· 1113 1113 uint32_t min_count, *l2_table; 1114 1114 bool zeroed = false; 1115 1115 int64_t ret; 1116 - int32_t cluster_sector; 1116 + int64_t cluster_sector; 1117 1117 1118 1118 if (m_data) { 1119 1119 m_data->valid = 0;

+70

tests/qemu-iotests/105

··· 1 + #!/bin/bash 2 + # 3 + # Create, read, write big image 4 + # 5 + # Copyright (C) 2014 Red Hat, Inc. 6 + # 7 + # This program is free software; you can redistribute it and/or modify 8 + # it under the terms of the GNU General Public License as published by 9 + # the Free Software Foundation; either version 2 of the License, or 10 + # (at your option) any later version. 11 + # 12 + # This program is distributed in the hope that it will be useful, 13 + # but WITHOUT ANY WARRANTY; without even the implied warranty of 14 + # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 15 + # GNU General Public License for more details. 16 + # 17 + # You should have received a copy of the GNU General Public License 18 + # along with this program. If not, see <http://www.gnu.org/licenses/>. 19 + # 20 + 21 + # creator 22 + owner=famz@redhat.com 23 + 24 + seq=`basename $0` 25 + echo "QA output created by $seq" 26 + 27 + here=`pwd` 28 + tmp=/tmp/$$ 29 + status=1 # failure is the default! 30 + 31 + _cleanup() 32 + { 33 + _cleanup_test_img 34 + } 35 + trap "_cleanup; exit \$status" 0 1 2 3 15 36 + 37 + # get standard environment, filters and checks 38 + . ./common.rc 39 + . ./common.filter 40 + 41 + _supported_fmt qcow2 vmdk vhdx qed 42 + _supported_proto generic 43 + _supported_os Linux 44 + _unsupported_imgopts "subformat=twoGbMaxExtentFlat" \ 45 + "subformat=twoGbMaxExtentSparse" 46 + 47 + echo 48 + echo "creating large image" 49 + _make_test_img 16T 50 + 51 + echo 52 + echo "small read" 53 + $QEMU_IO -c "read 1024 4096" "$TEST_IMG" | _filter_qemu_io 54 + 55 + echo 56 + echo "small write" 57 + $QEMU_IO -c "write 8192 4096" "$TEST_IMG" | _filter_qemu_io 58 + 59 + echo 60 + echo "small read at high offset" 61 + $QEMU_IO -c "read 14T 4096" "$TEST_IMG" | _filter_qemu_io 62 + 63 + echo 64 + echo "small write at high offset" 65 + $QEMU_IO -c "write 14T 4096" "$TEST_IMG" | _filter_qemu_io 66 + 67 + # success, all done 68 + echo "*** done" 69 + rm -f $seq.full 70 + status=0

+21

tests/qemu-iotests/105.out

··· 1 + QA output created by 105 2 + 3 + creating large image 4 + Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=17592186044416 5 + 6 + small read 7 + read 4096/4096 bytes at offset 1024 8 + 4 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec) 9 + 10 + small write 11 + wrote 4096/4096 bytes at offset 8192 12 + 4 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec) 13 + 14 + small read at high offset 15 + read 4096/4096 bytes at offset 15393162788864 16 + 4 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec) 17 + 18 + small write at high offset 19 + wrote 4096/4096 bytes at offset 15393162788864 20 + 4 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec) 21 + *** done

tests/qemu-iotests/group

··· 105 105 101 rw auto quick 106 106 103 rw auto quick 107 107 104 rw auto 108 + 105 rw auto quick