From patchwork Wed Aug 5 09:22:58 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Tuguoyi X-Patchwork-Id: 277117 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-10.0 required=3.0 tests=BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_PATCH, MAILING_LIST_MULTI, SIGNED_OFF_BY, SPF_HELO_NONE, SPF_PASS autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id ED1C1C433DF for ; Wed, 5 Aug 2020 09:24:20 +0000 (UTC) Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id C4A3B22B40 for ; Wed, 5 Aug 2020 09:24:20 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org C4A3B22B40 Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=h3c.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Received: from localhost ([::1]:34890 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1k3Fem-0007BI-3D for qemu-devel@archiver.kernel.org; Wed, 05 Aug 2020 05:24:20 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:58930) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1k3Fe5-0006gj-7n; Wed, 05 Aug 2020 05:23:37 -0400 Received: from smtp.h3c.com ([60.191.123.50]:43822 helo=h3cspam02-ex.h3c.com) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1k3Fe1-0004Y9-JK; Wed, 05 Aug 2020 05:23:36 -0400 Received: from DAG2EX09-IDC.srv.huawei-3com.com ([10.8.0.72]) by h3cspam02-ex.h3c.com with ESMTPS id 0759Mt4a003231 (version=TLSv1.2 cipher=AES256-GCM-SHA384 bits=256 verify=FAIL); Wed, 5 Aug 2020 17:22:55 +0800 (GMT-8) (envelope-from tu.guoyi@h3c.com) Received: from DAG2EX03-BASE.srv.huawei-3com.com (10.8.0.66) by DAG2EX09-IDC.srv.huawei-3com.com (10.8.0.72) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.1713.5; Wed, 5 Aug 2020 17:22:58 +0800 Received: from DAG2EX03-BASE.srv.huawei-3com.com ([fe80::5d18:e01c:bbbd:c074]) by DAG2EX03-BASE.srv.huawei-3com.com ([fe80::5d18:e01c:bbbd:c074%7]) with mapi id 15.01.1713.004; Wed, 5 Aug 2020 17:22:58 +0800 From: Tuguoyi To: "kwolf@redhat.com" , "mreitz@redhat.com" , "qemu-block@nongnu.org" Subject: [PATCH] qcow2-cluster: Fix integer left shift error in qcow2_alloc_cluster_link_l2() Thread-Topic: [PATCH] qcow2-cluster: Fix integer left shift error in qcow2_alloc_cluster_link_l2() Thread-Index: AdZrCV/0aSDyco1VQNa8/fefsiaORg== Date: Wed, 5 Aug 2020 09:22:58 +0000 Message-ID: <81ba90fe0c014f269621c283269b42ad@h3c.com> Accept-Language: en-US Content-Language: zh-CN X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [10.125.108.131] x-sender-location: DAG2 MIME-Version: 1.0 X-DNSRBL: X-MAIL: h3cspam02-ex.h3c.com 0759Mt4a003231 Received-SPF: pass client-ip=60.191.123.50; envelope-from=tu.guoyi@h3c.com; helo=h3cspam02-ex.h3c.com X-detected-operating-system: by eggs.gnu.org: First seen = 2020/08/05 05:23:21 X-ACL-Warn: Detected OS = FreeBSD 9.x or newer [fuzzy] X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Gaoliang , Chengchiwen , "qemu-devel@nongnu.org" , Wangyong Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: "Qemu-devel" When calculating the offset, the result of left shift operation will be promoted to type int64 automatically because the left operand of + operator is uint64_t. but the result after integer promotion may be produce an error value for us and trigger the following asserting error. For example, consider i=0x2000, cluster_bits=18, the result of left shift operation will be 0x80000000. Cause argument i is of signed integer type, the result is automatically promoted to 0xffffffff80000000 which is not we expected The way to trigger the assertion error: qemu-img create -f qcow2 -o preallocation=full,cluster_size=256k tmpdisk 10G This patch fix it by casting @i to uint64_t before doing left shift operation Signed-off-by: Guoyi Tu --- block/qcow2-cluster.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) -- 2.7.4 -- Best regards, Guoyi diff --git a/block/qcow2-cluster.c b/block/qcow2-cluster.c index a677ba9..550850b 100644 --- a/block/qcow2-cluster.c +++ b/block/qcow2-cluster.c @@ -980,7 +980,7 @@ int qcow2_alloc_cluster_link_l2(BlockDriverState *bs, QCowL2Meta *m) assert(l2_index + m->nb_clusters <= s->l2_slice_size); for (i = 0; i < m->nb_clusters; i++) { - uint64_t offset = cluster_offset + (i << s->cluster_bits); + uint64_t offset = cluster_offset + ((uint64_t)i << s->cluster_bits); /* if two concurrent writes happen to the same unallocated cluster * each write allocates separate cluster and writes data concurrently. * The first one to complete updates l2 table with pointer to its