[PULL 0/2] Net patches
[PULL 0/5] Net patches
1
The following changes since commit 90218a9a393c7925f330e7dcc08658e2a01d3bd4:
1
The following changes since commit 23895cbd82be95428e90168b12e925d0d3ca2f06:
2
2
3
Merge remote-tracking branch 'remotes/huth-gitlab/tags/pull-request-2020-07-21' into staging (2020-07-21 10:24:38 +0100)
3
Merge remote-tracking branch 'remotes/awilliam/tags/vfio-update-20201123.0' into staging (2020-11-23 18:51:13 +0000)
4
4
5
are available in the git repository at:
5
are available in the git repository at:
6
6
7
https://github.com/jasowang/qemu.git tags/net-pull-request
7
https://github.com/jasowang/qemu.git tags/net-pull-request
8
8
9
for you to fetch changes up to 5519724a13664b43e225ca05351c60b4468e4555:
9
for you to fetch changes up to 9925990d01a92564af55f6f69d0f5f59b47609b1:
10
10
11
hw/net/xgmac: Fix buffer overflow in xgmac_enet_send() (2020-07-21 21:30:39 +0800)
11
net: Use correct default-path macro for downscript (2020-11-24 10:40:17 +0800)
12
12
13
----------------------------------------------------------------
13
----------------------------------------------------------------
14
14
15
----------------------------------------------------------------
15
----------------------------------------------------------------
16
Andrew (1):
16
Keqian Zhu (1):
17
hw/net: Added plen fix for IPv6
17
net: Use correct default-path macro for downscript
18
18
19
Mauro Matteo Cascella (1):
19
Paolo Bonzini (1):
20
hw/net/xgmac: Fix buffer overflow in xgmac_enet_send()
20
net: do not exit on "netdev_add help" monitor command
21
21
22
hw/net/net_tx_pkt.c | 23 +++++++++++++++++++++++
22
Prasad J Pandit (1):
23
hw/net/net_tx_pkt.h | 14 ++++++++++++++
23
hw/net/e1000e: advance desc_offset in case of null descriptor
24
hw/net/xgmac.c | 14 ++++++++++++--
24
25
include/net/eth.h | 1 +
25
Yuri Benditovich (1):
26
4 files changed, 50 insertions(+), 2 deletions(-)
26
net: purge queued rx packets on queue deletion
27
28
yuanjungong (1):
29
tap: fix a memory leak
30
31
hw/net/e1000e_core.c | 8 +++---
32
include/net/net.h | 1 +
33
monitor/hmp-cmds.c | 6 ++++
34
net/net.c | 80 +++++++++++++++++++++++++++-------------------------
35
net/tap.c | 5 +++-
36
5 files changed, 57 insertions(+), 43 deletions(-)
27
37
28
38
diff view generated by jsdifflib
New patch
[PULL 1/5] hw/net/e1000e: advance desc_offset in case of null descriptor
1
From: Prasad J Pandit <pjp@fedoraproject.org>
1
2
3
While receiving packets via e1000e_write_packet_to_guest() routine,
4
'desc_offset' is advanced only when RX descriptor is processed. And
5
RX descriptor is not processed if it has NULL buffer address.
6
This may lead to an infinite loop condition. Increament 'desc_offset'
7
to process next descriptor in the ring to avoid infinite loop.
8
9
Reported-by: Cheol-woo Myung <330cjfdn@gmail.com>
10
Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
11
Signed-off-by: Jason Wang <jasowang@redhat.com>
12
---
13
hw/net/e1000e_core.c | 8 ++++----
14
1 file changed, 4 insertions(+), 4 deletions(-)
15
16
diff --git a/hw/net/e1000e_core.c b/hw/net/e1000e_core.c
17
index XXXXXXX..XXXXXXX 100644
18
--- a/hw/net/e1000e_core.c
19
+++ b/hw/net/e1000e_core.c
20
@@ -XXX,XX +XXX,XX @@ e1000e_write_packet_to_guest(E1000ECore *core, struct NetRxPkt *pkt,
21
(const char *) &fcs_pad, e1000x_fcs_len(core->mac));
22
}
23
}
24
- desc_offset += desc_size;
25
- if (desc_offset >= total_size) {
26
- is_last = true;
27
- }
28
} else { /* as per intel docs; skip descriptors with null buf addr */
29
trace_e1000e_rx_null_descriptor();
30
}
31
+ desc_offset += desc_size;
32
+ if (desc_offset >= total_size) {
33
+ is_last = true;
34
+ }
35
36
e1000e_write_rx_descr(core, desc, is_last ? core->rx_pkt : NULL,
37
rss_info, do_ps ? ps_hdr_len : 0, &bastate.written);
38
--
39
2.7.4
40
41
diff view generated by jsdifflib
New patch
[PULL 2/5] net: do not exit on "netdev_add help" monitor command
1
From: Paolo Bonzini <pbonzini@redhat.com>
1
2
3
"netdev_add help" is causing QEMU to exit because the code that
4
invokes show_netdevs is shared between CLI and HMP processing.
5
Move the check to the callers so that exit(0) remains only
6
in the CLI flow.
7
8
"netdev_add help" is not fixed by this patch; that is left for
9
later work.
10
11
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
12
Signed-off-by: Jason Wang <jasowang@redhat.com>
13
---
14
include/net/net.h | 1 +
15
monitor/hmp-cmds.c | 6 +++++
16
net/net.c | 68 +++++++++++++++++++++++++++---------------------------
17
3 files changed, 41 insertions(+), 34 deletions(-)
18
19
diff --git a/include/net/net.h b/include/net/net.h
20
index XXXXXXX..XXXXXXX 100644
21
--- a/include/net/net.h
22
+++ b/include/net/net.h
23
@@ -XXX,XX +XXX,XX @@ extern const char *host_net_devices[];
24
25
/* from net.c */
26
int net_client_parse(QemuOptsList *opts_list, const char *str);
27
+void show_netdevs(void);
28
int net_init_clients(Error **errp);
29
void net_check_clients(void);
30
void net_cleanup(void);
31
diff --git a/monitor/hmp-cmds.c b/monitor/hmp-cmds.c
32
index XXXXXXX..XXXXXXX 100644
33
--- a/monitor/hmp-cmds.c
34
+++ b/monitor/hmp-cmds.c
35
@@ -XXX,XX +XXX,XX @@
36
#include "qemu/option.h"
37
#include "qemu/timer.h"
38
#include "qemu/sockets.h"
39
+#include "qemu/help_option.h"
40
#include "monitor/monitor-internal.h"
41
#include "qapi/error.h"
42
#include "qapi/clone-visitor.h"
43
@@ -XXX,XX +XXX,XX @@ void hmp_netdev_add(Monitor *mon, const QDict *qdict)
44
{
45
Error *err = NULL;
46
QemuOpts *opts;
47
+ const char *type = qdict_get_try_str(qdict, "type");
48
49
+ if (type && is_help_option(type)) {
50
+ show_netdevs();
51
+ return;
52
+ }
53
opts = qemu_opts_from_qdict(qemu_find_opts("netdev"), qdict, &err);
54
if (err) {
55
goto out;
56
diff --git a/net/net.c b/net/net.c
57
index XXXXXXX..XXXXXXX 100644
58
--- a/net/net.c
59
+++ b/net/net.c
60
@@ -XXX,XX +XXX,XX @@
61
#include "qemu/config-file.h"
62
#include "qemu/ctype.h"
63
#include "qemu/iov.h"
64
+#include "qemu/qemu-print.h"
65
#include "qemu/main-loop.h"
66
#include "qemu/option.h"
67
#include "qapi/error.h"
68
@@ -XXX,XX +XXX,XX @@ static int net_client_init1(const Netdev *netdev, bool is_netdev, Error **errp)
69
return 0;
70
}
71
72
-static void show_netdevs(void)
73
+void show_netdevs(void)
74
{
75
int idx;
76
const char *available_netdevs[] = {
77
@@ -XXX,XX +XXX,XX @@ static void show_netdevs(void)
78
#endif
79
};
80
81
- printf("Available netdev backend types:\n");
82
+ qemu_printf("Available netdev backend types:\n");
83
for (idx = 0; idx < ARRAY_SIZE(available_netdevs); idx++) {
84
- puts(available_netdevs[idx]);
85
+ qemu_printf("%s\n", available_netdevs[idx]);
86
}
87
}
88
89
@@ -XXX,XX +XXX,XX @@ static int net_client_init(QemuOpts *opts, bool is_netdev, Error **errp)
90
int ret = -1;
91
Visitor *v = opts_visitor_new(opts);
92
93
- const char *type = qemu_opt_get(opts, "type");
94
-
95
- if (is_netdev && type && is_help_option(type)) {
96
- show_netdevs();
97
- exit(0);
98
- } else {
99
- /* Parse convenience option format ip6-net=fec0::0[/64] */
100
- const char *ip6_net = qemu_opt_get(opts, "ipv6-net");
101
+ /* Parse convenience option format ip6-net=fec0::0[/64] */
102
+ const char *ip6_net = qemu_opt_get(opts, "ipv6-net");
103
104
- if (ip6_net) {
105
- char *prefix_addr;
106
- unsigned long prefix_len = 64; /* Default 64bit prefix length. */
107
+ if (ip6_net) {
108
+ char *prefix_addr;
109
+ unsigned long prefix_len = 64; /* Default 64bit prefix length. */
110
111
- substrings = g_strsplit(ip6_net, "/", 2);
112
- if (!substrings || !substrings[0]) {
113
- error_setg(errp, QERR_INVALID_PARAMETER_VALUE, "ipv6-net",
114
- "a valid IPv6 prefix");
115
- goto out;
116
- }
117
+ substrings = g_strsplit(ip6_net, "/", 2);
118
+ if (!substrings || !substrings[0]) {
119
+ error_setg(errp, QERR_INVALID_PARAMETER_VALUE, "ipv6-net",
120
+ "a valid IPv6 prefix");
121
+ goto out;
122
+ }
123
124
- prefix_addr = substrings[0];
125
+ prefix_addr = substrings[0];
126
127
- /* Handle user-specified prefix length. */
128
- if (substrings[1] &&
129
- qemu_strtoul(substrings[1], NULL, 10, &prefix_len))
130
- {
131
- error_setg(errp, QERR_INVALID_PARAMETER_VALUE,
132
- "ipv6-prefixlen", "a number");
133
- goto out;
134
- }
135
-
136
- qemu_opt_set(opts, "ipv6-prefix", prefix_addr, &error_abort);
137
- qemu_opt_set_number(opts, "ipv6-prefixlen", prefix_len,
138
- &error_abort);
139
- qemu_opt_unset(opts, "ipv6-net");
140
+ /* Handle user-specified prefix length. */
141
+ if (substrings[1] &&
142
+ qemu_strtoul(substrings[1], NULL, 10, &prefix_len))
143
+ {
144
+ error_setg(errp, QERR_INVALID_PARAMETER_VALUE,
145
+ "ipv6-prefixlen", "a number");
146
+ goto out;
147
}
148
+
149
+ qemu_opt_set(opts, "ipv6-prefix", prefix_addr, &error_abort);
150
+ qemu_opt_set_number(opts, "ipv6-prefixlen", prefix_len,
151
+ &error_abort);
152
+ qemu_opt_unset(opts, "ipv6-net");
153
}
154
155
/* Create an ID for -net if the user did not specify one */
156
@@ -XXX,XX +XXX,XX @@ static int net_init_client(void *dummy, QemuOpts *opts, Error **errp)
157
158
static int net_init_netdev(void *dummy, QemuOpts *opts, Error **errp)
159
{
160
+ const char *type = qemu_opt_get(opts, "type");
161
+
162
+ if (type && is_help_option(type)) {
163
+ show_netdevs();
164
+ exit(0);
165
+ }
166
return net_client_init(opts, true, errp);
167
}
168
169
--
170
2.7.4
171
172
diff view generated by jsdifflib
New patch
[PULL 3/5] net: purge queued rx packets on queue deletion
1
From: Yuri Benditovich <yuri.benditovich@daynix.com>
1
2
3
https://bugzilla.redhat.com/show_bug.cgi?id=1829272
4
When deleting queue pair, purge pending RX packets if any.
5
Example of problematic flow:
6
1. Bring up q35 VM with tap (vhost off) and virtio-net or e1000e
7
2. Run ping flood to the VM NIC ( 1 ms interval)
8
3. Hot unplug the NIC device (device_del)
9
During unplug process one or more packets come, the NIC
10
can't receive, tap disables read_poll
11
4. Hot plug the device (device_add) with the same netdev
12
The tap stays with read_poll disabled and does not receive
13
any packets anymore (tap_send never triggered)
14
15
Signed-off-by: Yuri Benditovich <yuri.benditovich@daynix.com>
16
Signed-off-by: Jason Wang <jasowang@redhat.com>
17
---
18
net/net.c | 12 ++++++++----
19
1 file changed, 8 insertions(+), 4 deletions(-)
20
21
diff --git a/net/net.c b/net/net.c
22
index XXXXXXX..XXXXXXX 100644
23
--- a/net/net.c
24
+++ b/net/net.c
25
@@ -XXX,XX +XXX,XX @@ void qemu_del_nic(NICState *nic)
26
27
qemu_macaddr_set_free(&nic->conf->macaddr);
28
29
- /* If this is a peer NIC and peer has already been deleted, free it now. */
30
- if (nic->peer_deleted) {
31
- for (i = 0; i < queues; i++) {
32
- qemu_free_net_client(qemu_get_subqueue(nic, i)->peer);
33
+ for (i = 0; i < queues; i++) {
34
+ NetClientState *nc = qemu_get_subqueue(nic, i);
35
+ /* If this is a peer NIC and peer has already been deleted, free it now. */
36
+ if (nic->peer_deleted) {
37
+ qemu_free_net_client(nc->peer);
38
+ } else if (nc->peer) {
39
+ /* if there are RX packets pending, complete them */
40
+ qemu_purge_queued_packets(nc->peer);
41
}
42
}
43
44
--
45
2.7.4
46
47
diff view generated by jsdifflib
[PULL 2/2] hw/net/xgmac: Fix buffer overflow in xgmac_enet_send()
[PULL 4/5] tap: fix a memory leak
1
From: Mauro Matteo Cascella <mcascell@redhat.com>
1
From: yuanjungong <ruc_gongyuanjun@163.com>
2
2
3
A buffer overflow issue was reported by Mr. Ziming Zhang, CC'd here. It
3
Close fd before returning.
4
occurs while sending an Ethernet frame due to missing break statements
5
and improper checking of the buffer size.
6
4
7
Reported-by: Ziming Zhang <ezrakiez@gmail.com>
5
Buglink: https://bugs.launchpad.net/qemu/+bug/1904486
8
Signed-off-by: Mauro Matteo Cascella <mcascell@redhat.com>
6
7
Signed-off-by: yuanjungong <ruc_gongyuanjun@163.com>
9
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
8
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
10
Signed-off-by: Jason Wang <jasowang@redhat.com>
9
Signed-off-by: Jason Wang <jasowang@redhat.com>
11
---
10
---
12
hw/net/xgmac.c | 14 ++++++++++++--
11
net/tap.c | 2 ++
13
1 file changed, 12 insertions(+), 2 deletions(-)
12
1 file changed, 2 insertions(+)
14
13
15
diff --git a/hw/net/xgmac.c b/hw/net/xgmac.c
14
diff --git a/net/tap.c b/net/tap.c
16
index XXXXXXX..XXXXXXX 100644
15
index XXXXXXX..XXXXXXX 100644
17
--- a/hw/net/xgmac.c
16
--- a/net/tap.c
18
+++ b/hw/net/xgmac.c
17
+++ b/net/tap.c
19
@@ -XXX,XX +XXX,XX @@ static void xgmac_enet_send(XgmacState *s)
18
@@ -XXX,XX +XXX,XX @@ int net_init_tap(const Netdev *netdev, const char *name,
19
if (ret < 0) {
20
error_setg_errno(errp, -ret, "%s: Can't use file descriptor %d",
21
name, fd);
22
+ close(fd);
23
return -1;
20
}
24
}
21
len = (bd.buffer1_size & 0xfff) + (bd.buffer2_size & 0xfff);
25
22
26
@@ -XXX,XX +XXX,XX @@ int net_init_tap(const Netdev *netdev, const char *name,
23
+ /*
27
vhostfdname, vnet_hdr, fd, &err);
24
+ * FIXME: these cases of malformed tx descriptors (bad sizes)
28
if (err) {
25
+ * should probably be reported back to the guest somehow
29
error_propagate(errp, err);
26
+ * rather than simply silently stopping processing, but we
30
+ close(fd);
27
+ * don't know what the hardware does in this situation.
31
return -1;
28
+ * This will only happen for buggy guests anyway.
29
+ */
30
if ((bd.buffer1_size & 0xfff) > 2048) {
31
DEBUGF_BRK("qemu:%s:ERROR...ERROR...ERROR... -- "
32
"xgmac buffer 1 len on send > 2048 (0x%x)\n",
33
__func__, bd.buffer1_size & 0xfff);
34
+ break;
35
}
32
}
36
if ((bd.buffer2_size & 0xfff) != 0) {
33
} else if (tap->has_fds) {
37
DEBUGF_BRK("qemu:%s:ERROR...ERROR...ERROR... -- "
38
"xgmac buffer 2 len on send != 0 (0x%x)\n",
39
__func__, bd.buffer2_size & 0xfff);
40
+ break;
41
}
42
- if (len >= sizeof(frame)) {
43
+ if (frame_size + len >= sizeof(frame)) {
44
DEBUGF_BRK("qemu:%s: buffer overflow %d read into %zu "
45
- "buffer\n" , __func__, len, sizeof(frame));
46
+ "buffer\n" , __func__, frame_size + len, sizeof(frame));
47
DEBUGF_BRK("qemu:%s: buffer1.size=%d; buffer2.size=%d\n",
48
__func__, bd.buffer1_size, bd.buffer2_size);
49
+ break;
50
}
51
52
cpu_physical_memory_read(bd.buffer1_addr, ptr, len);
53
--
34
--
54
2.5.0
35
2.7.4
55
36
56
37
diff view generated by jsdifflib
[PULL 1/2] hw/net: Added plen fix for IPv6
[PULL 5/5] net: Use correct default-path macro for downscript
1
From: Andrew <andrew@daynix.com>
1
From: Keqian Zhu <zhukeqian1@huawei.com>
2
2
3
Buglink: https://bugzilla.redhat.com/show_bug.cgi?id=1708065
3
Fixes: 63c4db4c2e6d (net: relocate paths to helpers and scripts)
4
With network backend with 'virtual header' - there was an issue
4
Signed-off-by: Keqian Zhu <zhukeqian1@huawei.com>
5
in 'plen' field. Overall, during TSO, 'plen' would be changed,
6
but with 'vheader' this field should be set to the size of the
7
payload itself instead of '0'.
8
9
Signed-off-by: Andrew Melnychenko <andrew@daynix.com>
10
Signed-off-by: Jason Wang <jasowang@redhat.com>
5
Signed-off-by: Jason Wang <jasowang@redhat.com>
11
---
6
---
12
hw/net/net_tx_pkt.c | 23 +++++++++++++++++++++++
7
net/tap.c | 3 ++-
13
hw/net/net_tx_pkt.h | 14 ++++++++++++++
8
1 file changed, 2 insertions(+), 1 deletion(-)
14
include/net/eth.h | 1 +
15
3 files changed, 38 insertions(+)
16
9
17
diff --git a/hw/net/net_tx_pkt.c b/hw/net/net_tx_pkt.c
10
diff --git a/net/tap.c b/net/tap.c
18
index XXXXXXX..XXXXXXX 100644
11
index XXXXXXX..XXXXXXX 100644
19
--- a/hw/net/net_tx_pkt.c
12
--- a/net/tap.c
20
+++ b/hw/net/net_tx_pkt.c
13
+++ b/net/tap.c
21
@@ -XXX,XX +XXX,XX @@ bool net_tx_pkt_send(struct NetTxPkt *pkt, NetClientState *nc)
14
@@ -XXX,XX +XXX,XX @@ free_fail:
22
15
script = default_script = get_relocated_path(DEFAULT_NETWORK_SCRIPT);
23
if (pkt->has_virt_hdr ||
16
}
24
pkt->virt_hdr.gso_type == VIRTIO_NET_HDR_GSO_NONE) {
17
if (!downscript) {
25
+ net_tx_pkt_fix_ip6_payload_len(pkt);
18
- downscript = default_downscript = get_relocated_path(DEFAULT_NETWORK_SCRIPT);
26
net_tx_pkt_sendv(pkt, nc, pkt->vec,
19
+ downscript = default_downscript =
27
pkt->payload_frags + NET_TX_PKT_PL_START_FRAG);
20
+ get_relocated_path(DEFAULT_NETWORK_DOWN_SCRIPT);
28
return true;
21
}
29
@@ -XXX,XX +XXX,XX @@ bool net_tx_pkt_send_loopback(struct NetTxPkt *pkt, NetClientState *nc)
22
30
23
if (tap->has_ifname) {
31
return res;
32
}
33
+
34
+void net_tx_pkt_fix_ip6_payload_len(struct NetTxPkt *pkt)
35
+{
36
+ struct iovec *l2 = &pkt->vec[NET_TX_PKT_L2HDR_FRAG];
37
+ if (eth_get_l3_proto(l2, 1, l2->iov_len) == ETH_P_IPV6) {
38
+ struct ip6_header *ip6 = (struct ip6_header *) pkt->l3_hdr;
39
+ /*
40
+ * TODO: if qemu would support >64K packets - add jumbo option check
41
+ * something like that:
42
+ * 'if (ip6->ip6_plen == 0 && !has_jumbo_option(ip6)) {'
43
+ */
44
+ if (ip6->ip6_plen == 0) {
45
+ if (pkt->payload_len <= ETH_MAX_IP_DGRAM_LEN) {
46
+ ip6->ip6_plen = htons(pkt->payload_len);
47
+ }
48
+ /*
49
+ * TODO: if qemu would support >64K packets
50
+ * add jumbo option for packets greater then 65,535 bytes
51
+ */
52
+ }
53
+ }
54
+}
55
diff --git a/hw/net/net_tx_pkt.h b/hw/net/net_tx_pkt.h
56
index XXXXXXX..XXXXXXX 100644
57
--- a/hw/net/net_tx_pkt.h
58
+++ b/hw/net/net_tx_pkt.h
59
@@ -XXX,XX +XXX,XX @@ bool net_tx_pkt_parse(struct NetTxPkt *pkt);
60
*/
61
bool net_tx_pkt_has_fragments(struct NetTxPkt *pkt);
62
63
+/**
64
+ * Fix IPv6 'plen' field.
65
+ * If ipv6 payload length field is 0 - then there should be Hop-by-Hop
66
+ * option for packets greater than 65,535.
67
+ * For packets with a payload less than 65,535: fix 'plen' field.
68
+ * For backends with vheader, we need just one packet with proper
69
+ * payload size. For now, qemu drops every packet with size greater 64K
70
+ * (see net_tx_pkt_send()) so, there is no reason to add jumbo option to ip6
71
+ * hop-by-hop extension if it's missed
72
+ *
73
+ * @pkt packet
74
+ */
75
+void net_tx_pkt_fix_ip6_payload_len(struct NetTxPkt *pkt);
76
+
77
#endif
78
diff --git a/include/net/eth.h b/include/net/eth.h
79
index XXXXXXX..XXXXXXX 100644
80
--- a/include/net/eth.h
81
+++ b/include/net/eth.h
82
@@ -XXX,XX +XXX,XX @@ struct tcp_hdr {
83
84
#define ip6_nxt ip6_ctlun.ip6_un1.ip6_un1_nxt
85
#define ip6_ecn_acc ip6_ctlun.ip6_un3.ip6_un3_ecn
86
+#define ip6_plen ip6_ctlun.ip6_un1.ip6_un1_plen
87
88
#define PKT_GET_ETH_HDR(p) \
89
((struct eth_header *)(p))
90
--
24
--
91
2.5.0
25
2.7.4
92
26
93
27
diff view generated by jsdifflib

Patchew 2.1-devel-b67e4c2

© 2016 - 2025 Red Hat, Inc.