The following changes since commit 23895cbd82be95428e90168b12e925d0d3ca2f06:

Merge remote-tracking branch 'remotes/awilliam/tags/vfio-update-20201123.0' into staging (2020-11-23 18:51:13 +0000)

for you to fetch changes up to 9925990d01a92564af55f6f69d0f5f59b47609b1:

net: Use correct default-path macro for downscript (2020-11-24 10:40:17 +0800)

Keqian Zhu (1):

net: Use correct default-path macro for downscript

Paolo Bonzini (1):

net: do not exit on "netdev_add help" monitor command

Prasad J Pandit (1):

hw/net/e1000e: advance desc_offset in case of null descriptor

Yuri Benditovich (1):

net: purge queued rx packets on queue deletion

yuanjungong (1):

tap: fix a memory leak

hw/net/e1000e_core.c | 8 +++---

include/net/net.h | 1 +

monitor/hmp-cmds.c | 6 ++++

net/net.c | 80 +++++++++++++++++++++++++++-------------------------

net/tap.c | 5 +++-

5 files changed, 57 insertions(+), 43 deletions(-)

From: Yuri Benditovich <yuri.benditovich@daynix.com>

https://bugzilla.redhat.com/show_bug.cgi?id=1829272

When deleting queue pair, purge pending RX packets if any.

Example of problematic flow:

1. Bring up q35 VM with tap (vhost off) and virtio-net or e1000e

2. Run ping flood to the VM NIC ( 1 ms interval)

3. Hot unplug the NIC device (device_del)

During unplug process one or more packets come, the NIC

can't receive, tap disables read_poll

4. Hot plug the device (device_add) with the same netdev

The tap stays with read_poll disabled and does not receive

any packets anymore (tap_send never triggered)

Signed-off-by: Yuri Benditovich <yuri.benditovich@daynix.com>

net/net.c | 12 ++++++++----

1 file changed, 8 insertions(+), 4 deletions(-)

diff --git a/net/net.c b/net/net.c

--- a/net/net.c

+++ b/net/net.c

@@ -XXX,XX +XXX,XX @@ void qemu_del_nic(NICState *nic)

qemu_macaddr_set_free(&nic->conf->macaddr);

- /* If this is a peer NIC and peer has already been deleted, free it now. */

- if (nic->peer_deleted) {

- for (i = 0; i < queues; i++) {

- qemu_free_net_client(qemu_get_subqueue(nic, i)->peer);

+ for (i = 0; i < queues; i++) {

+ NetClientState *nc = qemu_get_subqueue(nic, i);

+ /* If this is a peer NIC and peer has already been deleted, free it now. */

+ if (nic->peer_deleted) {

+ qemu_free_net_client(nc->peer);

+ } else if (nc->peer) {

+ /* if there are RX packets pending, complete them */

+ qemu_purge_queued_packets(nc->peer);

From: Keqian Zhu <zhukeqian1@huawei.com>

Fixes: 63c4db4c2e6d (net: relocate paths to helpers and scripts)

Signed-off-by: Keqian Zhu <zhukeqian1@huawei.com>

net/tap.c | 3 ++-

1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/net/tap.c b/net/tap.c

--- a/net/tap.c

+++ b/net/tap.c

@@ -XXX,XX +XXX,XX @@ free_fail:

script = default_script = get_relocated_path(DEFAULT_NETWORK_SCRIPT);

}

if (!downscript) {

- downscript = default_downscript = get_relocated_path(DEFAULT_NETWORK_SCRIPT);

+ downscript = default_downscript =

+ get_relocated_path(DEFAULT_NETWORK_DOWN_SCRIPT);

}

if (tap->has_ifname) {

From: Paolo Bonzini <pbonzini@redhat.com>

"netdev_add help" is causing QEMU to exit because the code that

invokes show_netdevs is shared between CLI and HMP processing.

Move the check to the callers so that exit(0) remains only

in the CLI flow.

"netdev_add help" is not fixed by this patch; that is left for

later work.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

include/net/net.h | 1 +

monitor/hmp-cmds.c | 6 +++++

net/net.c | 68 +++++++++++++++++++++++++++---------------------------

3 files changed, 41 insertions(+), 34 deletions(-)

diff --git a/include/net/net.h b/include/net/net.h

--- a/include/net/net.h

+++ b/include/net/net.h

@@ -XXX,XX +XXX,XX @@ extern const char *host_net_devices[];

/* from net.c */

int net_client_parse(QemuOptsList *opts_list, const char *str);

+void show_netdevs(void);

int net_init_clients(Error **errp);

void net_check_clients(void);

void net_cleanup(void);

diff --git a/monitor/hmp-cmds.c b/monitor/hmp-cmds.c

--- a/monitor/hmp-cmds.c

+++ b/monitor/hmp-cmds.c

#include "qemu/option.h"

#include "qemu/timer.h"

#include "qemu/sockets.h"

+#include "qemu/help_option.h"

#include "monitor/monitor-internal.h"

#include "qapi/error.h"

#include "qapi/clone-visitor.h"

@@ -XXX,XX +XXX,XX @@ void hmp_netdev_add(Monitor *mon, const QDict *qdict)

{

Error *err = NULL;

QemuOpts *opts;

+ const char *type = qdict_get_try_str(qdict, "type");

+ if (type && is_help_option(type)) {

+ show_netdevs();

+ return;

+ }

opts = qemu_opts_from_qdict(qemu_find_opts("netdev"), qdict, &err);

if (err) {

goto out;

diff --git a/net/net.c b/net/net.c

index XXXXXXX..XXXXXXX 100644

--- a/net/net.c

+++ b/net/net.c

@@ -XXX,XX +XXX,XX @@

#include "qemu/config-file.h"

#include "qemu/ctype.h"

#include "qemu/iov.h"

+#include "qemu/qemu-print.h"

#include "qemu/main-loop.h"

#include "qemu/option.h"

#include "qapi/error.h"

@@ -XXX,XX +XXX,XX @@ static int net_client_init1(const Netdev *netdev, bool is_netdev, Error **errp)

return 0;

}

-static void show_netdevs(void)

+void show_netdevs(void)

{

int idx;

const char *available_netdevs[] = {

@@ -XXX,XX +XXX,XX @@ static void show_netdevs(void)

#endif

};

- printf("Available netdev backend types:\n");

+ qemu_printf("Available netdev backend types:\n");

for (idx = 0; idx < ARRAY_SIZE(available_netdevs); idx++) {

- puts(available_netdevs[idx]);

+ qemu_printf("%s\n", available_netdevs[idx]);

@@ -XXX,XX +XXX,XX @@ static int net_client_init(QemuOpts *opts, bool is_netdev, Error **errp)

int ret = -1;

Visitor *v = opts_visitor_new(opts);

- const char *type = qemu_opt_get(opts, "type");

-

- if (is_netdev && type && is_help_option(type)) {

- show_netdevs();

- exit(0);

- } else {

- /* Parse convenience option format ip6-net=fec0::0[/64] */

- const char *ip6_net = qemu_opt_get(opts, "ipv6-net");

+ /* Parse convenience option format ip6-net=fec0::0[/64] */

+ const char *ip6_net = qemu_opt_get(opts, "ipv6-net");

- if (ip6_net) {

- char *prefix_addr;

- unsigned long prefix_len = 64; /* Default 64bit prefix length. */

+ if (ip6_net) {

+ char *prefix_addr;

+ unsigned long prefix_len = 64; /* Default 64bit prefix length. */

- substrings = g_strsplit(ip6_net, "/", 2);

- if (!substrings || !substrings[0]) {

- error_setg(errp, QERR_INVALID_PARAMETER_VALUE, "ipv6-net",

- "a valid IPv6 prefix");

- goto out;

- }

+ substrings = g_strsplit(ip6_net, "/", 2);

+ if (!substrings || !substrings[0]) {

+ error_setg(errp, QERR_INVALID_PARAMETER_VALUE, "ipv6-net",

+ "a valid IPv6 prefix");

+ goto out;

+ }

- prefix_addr = substrings[0];

+ prefix_addr = substrings[0];

- /* Handle user-specified prefix length. */

- if (substrings[1] &&

- qemu_strtoul(substrings[1], NULL, 10, &prefix_len))

- {

- error_setg(errp, QERR_INVALID_PARAMETER_VALUE,

- "ipv6-prefixlen", "a number");

- goto out;

- }

-

- qemu_opt_set(opts, "ipv6-prefix", prefix_addr, &error_abort);

- qemu_opt_set_number(opts, "ipv6-prefixlen", prefix_len,

- &error_abort);

- qemu_opt_unset(opts, "ipv6-net");

+ /* Handle user-specified prefix length. */

+ if (substrings[1] &&

+ qemu_strtoul(substrings[1], NULL, 10, &prefix_len))

+ {

+ error_setg(errp, QERR_INVALID_PARAMETER_VALUE,

+ "ipv6-prefixlen", "a number");

+ goto out;

}

+ qemu_opt_set(opts, "ipv6-prefix", prefix_addr, &error_abort);

+ qemu_opt_set_number(opts, "ipv6-prefixlen", prefix_len,

+ &error_abort);

+ qemu_opt_unset(opts, "ipv6-net");

/* Create an ID for -net if the user did not specify one */

@@ -XXX,XX +XXX,XX @@ static int net_init_client(void *dummy, QemuOpts *opts, Error **errp)

static int net_init_netdev(void *dummy, QemuOpts *opts, Error **errp)

{

+ const char *type = qemu_opt_get(opts, "type");

+ if (type && is_help_option(type)) {

+ show_netdevs();

+ exit(0);

From: yuanjungong <ruc_gongyuanjun@163.com>

Close fd before returning.

Buglink: https://bugs.launchpad.net/qemu/+bug/1904486

Signed-off-by: yuanjungong <ruc_gongyuanjun@163.com>

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>

net/tap.c | 2 ++

1 file changed, 2 insertions(+)

diff --git a/net/tap.c b/net/tap.c

--- a/net/tap.c

+++ b/net/tap.c

@@ -XXX,XX +XXX,XX @@ int net_init_tap(const Netdev *netdev, const char *name,

if (ret < 0) {

error_setg_errno(errp, -ret, "%s: Can't use file descriptor %d",

name, fd);

+ close(fd);

return -1;

}

@@ -XXX,XX +XXX,XX @@ int net_init_tap(const Netdev *netdev, const char *name,

vhostfdname, vnet_hdr, fd, &err);

if (err) {

error_propagate(errp, err);

+ close(fd);

return -1;

}

} else if (tap->has_fds) {

From: Prasad J Pandit <pjp@fedoraproject.org>

While receiving packets via e1000e_write_packet_to_guest() routine,

'desc_offset' is advanced only when RX descriptor is processed. And

RX descriptor is not processed if it has NULL buffer address.

This may lead to an infinite loop condition. Increament 'desc_offset'

to process next descriptor in the ring to avoid infinite loop.

Reported-by: Cheol-woo Myung <330cjfdn@gmail.com>

Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>

hw/net/e1000e_core.c | 8 ++++----

1 file changed, 4 insertions(+), 4 deletions(-)

@@ -XXX,XX +XXX,XX @@ e1000e_write_packet_to_guest(E1000ECore *core, struct NetRxPkt *pkt,

(const char *) &fcs_pad, e1000x_fcs_len(core->mac));

}

}

- desc_offset += desc_size;

- if (desc_offset >= total_size) {

- is_last = true;

- }

} else { /* as per intel docs; skip descriptors with null buf addr */

trace_e1000e_rx_null_descriptor();

}

+ desc_offset += desc_size;

+ if (desc_offset >= total_size) {

+ is_last = true;

+ }

e1000e_write_rx_descr(core, desc, is_last ? core->rx_pkt : NULL,

rss_info, do_ps ? ps_hdr_len : 0, &bastate.written);