The following changes since commit 48033ad678ae2def43bf0d543a2c4c3d2a93feaf:

Merge remote-tracking branch 'remotes/vsementsov/tags/pull-nbd-2022-02-09-v2' into staging (2022-02-12 22:04:07 +0000)

for you to fetch changes up to 9d6267b240c114d1a3cd314a08fd6e1339d34b83:

net/eth: Don't consider ESP to be an IPv6 option header (2022-02-14 11:50:44 +0800)

Nick Hudson (1):

hw/net: e1000e: Clear ICR on read when using non MSI-X interrupts

Peter Foley (2):

net/tap: Set return code on failure

net: Fix uninitialized data usage

Philippe Mathieu-Daudé (1):

hw/net/vmxnet3: Log guest-triggerable errors using LOG_GUEST_ERROR

Rao Lei (1):

net/filter: Optimize filter_send to coroutine

Thomas Jansen (1):

net/eth: Don't consider ESP to be an IPv6 option header

Zhang Chen (2):

net/colo-compare.c: Optimize compare order for performance

net/colo-compare.c: Update the default value comments

hw/net/e1000e_core.c | 5 ++++

hw/net/trace-events | 1 +

hw/net/vmxnet3.c | 4 +++-

net/colo-compare.c | 28 +++++++++++-----------

net/eth.c | 1 -

net/filter-mirror.c | 66 +++++++++++++++++++++++++++++++++++++++++-----------

net/tap-linux.c | 1 +

net/tap.c | 1 +

8 files changed, 78 insertions(+), 29 deletions(-)

From: Philippe Mathieu-Daudé <philmd@redhat.com>

The "Interrupt Cause" register (VMXNET3_REG_ICR) is read-only.

Write accesses are ignored. Log them with as LOG_GUEST_ERROR

instead of aborting:

[R +0.239743] writeq 0xe0002031 0x46291a5a55460800

ERROR:hw/net/vmxnet3.c:1819:vmxnet3_io_bar1_write: code should not be reached

Thread 1 "qemu-system-i38" received signal SIGABRT, Aborted.

(gdb) bt

#3 0x74c397d3 in __GI_abort () at abort.c:79

#4 0x76d3cd4c in g_assertion_message (domain=<optimized out>, file=<optimized out>, line=<optimized out>, func=<optimized out>, message=<optimized out>) at ../glib/gtestutils.c:3223

#5 0x76d9d45f in g_assertion_message_expr

(domain=0x0, file=0x59fc2e53 "hw/net/vmxnet3.c", line=1819, func=0x59fc11e0 <__func__.vmxnet3_io_bar1_write> "vmxnet3_io_bar1_write", expr=<optimized out>)

at ../glib/gtestutils.c:3249

#6 0x57e80a3a in vmxnet3_io_bar1_write (opaque=0x62814100, addr=56, val=70, size=4) at hw/net/vmxnet3.c:1819

#7 0x58c2d894 in memory_region_write_accessor (mr=0x62816b90, addr=56, value=0x7fff9450, size=4, shift=0, mask=4294967295, attrs=...) at softmmu/memory.c:492

#8 0x58c2d1d2 in access_with_adjusted_size (addr=56, value=0x7fff9450, size=1, access_size_min=4, access_size_max=4, access_fn=

0x58c2d290 <memory_region_write_accessor>, mr=0x62816b90, attrs=...) at softmmu/memory.c:554

#9 0x58c2bae7 in memory_region_dispatch_write (mr=0x62816b90, addr=56, data=70, op=MO_8, attrs=...) at softmmu/memory.c:1504

#10 0x58bfd034 in flatview_write_continue (fv=0x606000181700, addr=0xe0002038, attrs=..., ptr=0x7fffb9e0, len=1, addr1=56, l=1, mr=0x62816b90)

at softmmu/physmem.c:2782

#11 0x58beba00 in flatview_write (fv=0x606000181700, addr=0xe0002031, attrs=..., buf=0x7fffb9e0, len=8) at softmmu/physmem.c:2822

#12 0x58beb589 in address_space_write (as=0x608000015f20, addr=0xe0002031, attrs=..., buf=0x7fffb9e0, len=8) at softmmu/physmem.c:2914

Reported-by: Dike <dike199774@qq.com>

Reported-by: Duhao <504224090@qq.com>

BugLink: https://bugzilla.redhat.com/show_bug.cgi?id=2032932

Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>

hw/net/vmxnet3.c | 4 +++-

1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/hw/net/vmxnet3.c b/hw/net/vmxnet3.c

--- a/hw/net/vmxnet3.c

+++ b/hw/net/vmxnet3.c

@@ -XXX,XX +XXX,XX @@ vmxnet3_io_bar1_write(void *opaque,

case VMXNET3_REG_ICR:

VMW_CBPRN("Write BAR1 [VMXNET3_REG_ICR] = %" PRIx64 ", size %d",

val, size);

- g_assert_not_reached();

+ qemu_log_mask(LOG_GUEST_ERROR,

+ "%s: write to read-only register VMXNET3_REG_ICR\n",

+ TYPE_VMXNET3);

break;

/* Event Cause Register */

From: Peter Foley <pefoley@google.com>

Match the other error handling in this function.

Fixes: e7b347d0bf6 ("net: detect errors from probing vnet hdr flag for TAP devices")

Reviewed-by: Patrick Venture <venture@google.com>

Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>

Signed-off-by: Peter Foley <pefoley@google.com>

net/tap.c | 1 +

1 file changed, 1 insertion(+)

if (i == 0) {

vnet_hdr = tap_probe_vnet_hdr(fd, errp);

if (vnet_hdr < 0) {

+ ret = -1;

goto free_fail;

}

} else if (vnet_hdr != tap_probe_vnet_hdr(fd, NULL)) {

From: Zhang Chen <chen.zhang@intel.com>

COLO-compare use the glib function g_queue_find_custom to dump

another VM's networking packet to compare. But this function always

start find from the queue->head(here is the newest packet), It will

reduce the success rate of comparison. So this patch reversed

the order of the queues for performance.

Signed-off-by: Zhang Chen <chen.zhang@intel.com>

Reported-by: leirao <lei.rao@intel.com>

net/colo-compare.c | 26 +++++++++++++-------------

1 file changed, 13 insertions(+), 13 deletions(-)

diff --git a/net/colo-compare.c b/net/colo-compare.c

--- a/net/colo-compare.c

+++ b/net/colo-compare.c

@@ -XXX,XX +XXX,XX @@ static void colo_compare_inconsistency_notify(CompareState *s)

/* Use restricted to colo_insert_packet() */

static gint seq_sorter(Packet *a, Packet *b, gpointer data)

- return a->tcp_seq - b->tcp_seq;

+ return b->tcp_seq - a->tcp_seq;

static void fill_pkt_tcp_info(void *data, uint32_t *max_ack)

@@ -XXX,XX +XXX,XX @@ pri:

if (g_queue_is_empty(&conn->primary_list)) {

return;

}

- ppkt = g_queue_pop_head(&conn->primary_list);

+ ppkt = g_queue_pop_tail(&conn->primary_list);

sec:

if (g_queue_is_empty(&conn->secondary_list)) {

- g_queue_push_head(&conn->primary_list, ppkt);

+ g_queue_push_tail(&conn->primary_list, ppkt);

return;

}

- spkt = g_queue_pop_head(&conn->secondary_list);

+ spkt = g_queue_pop_tail(&conn->secondary_list);

if (ppkt->tcp_seq == ppkt->seq_end) {

colo_release_primary_pkt(s, ppkt);

@@ -XXX,XX +XXX,XX @@ sec:

}

}

if (!ppkt) {

- g_queue_push_head(&conn->secondary_list, spkt);

+ g_queue_push_tail(&conn->secondary_list, spkt);

goto pri;

}

}

@@ -XXX,XX +XXX,XX @@ sec:

if (mark == COLO_COMPARE_FREE_PRIMARY) {

conn->compare_seq = ppkt->seq_end;

colo_release_primary_pkt(s, ppkt);

- g_queue_push_head(&conn->secondary_list, spkt);

+ g_queue_push_tail(&conn->secondary_list, spkt);

goto pri;

} else if (mark == COLO_COMPARE_FREE_SECONDARY) {

conn->compare_seq = spkt->seq_end;

@@ -XXX,XX +XXX,XX @@ sec:

goto pri;

}

} else {

- g_queue_push_head(&conn->primary_list, ppkt);

- g_queue_push_head(&conn->secondary_list, spkt);

+ g_queue_push_tail(&conn->primary_list, ppkt);

+ g_queue_push_tail(&conn->secondary_list, spkt);

#ifdef DEBUG_COLO_PACKETS

qemu_hexdump(stderr, "colo-compare ppkt", ppkt->data, ppkt->size);

@@ -XXX,XX +XXX,XX @@ static void colo_compare_packet(CompareState *s, Connection *conn,

while (!g_queue_is_empty(&conn->primary_list) &&

!g_queue_is_empty(&conn->secondary_list)) {

- pkt = g_queue_pop_head(&conn->primary_list);

+ pkt = g_queue_pop_tail(&conn->primary_list);

result = g_queue_find_custom(&conn->secondary_list,

pkt, (GCompareFunc)HandlePacket);

@@ -XXX,XX +XXX,XX @@ static void colo_compare_packet(CompareState *s, Connection *conn,

* timeout, it will trigger a checkpoint request.

*/

trace_colo_compare_main("packet different");

- g_queue_push_head(&conn->primary_list, pkt);

+ g_queue_push_tail(&conn->primary_list, pkt);

colo_compare_inconsistency_notify(s);

break;

@@ -XXX,XX +XXX,XX @@ static int compare_chr_send(CompareState *s,

entry->buf = g_malloc(size);

memcpy(entry->buf, buf, size);

}

- g_queue_push_head(&sendco->send_list, entry);

+ g_queue_push_tail(&sendco->send_list, entry);

if (sendco->done) {

sendco->co = qemu_coroutine_create(_compare_chr_send, sendco);

@@ -XXX,XX +XXX,XX @@ static void colo_flush_packets(void *opaque, void *user_data)

Packet *pkt = NULL;

while (!g_queue_is_empty(&conn->primary_list)) {

- pkt = g_queue_pop_head(&conn->primary_list);

+ pkt = g_queue_pop_tail(&conn->primary_list);

compare_chr_send(s,

pkt->data,

pkt->size,

@@ -XXX,XX +XXX,XX @@ static void colo_flush_packets(void *opaque, void *user_data)

packet_destroy_partial(pkt, NULL);

}

while (!g_queue_is_empty(&conn->secondary_list)) {

- pkt = g_queue_pop_head(&conn->secondary_list);

+ pkt = g_queue_pop_tail(&conn->secondary_list);

packet_destroy(pkt, NULL);

From: Rao Lei <lei.rao@intel.com>

This patch is to improve the logic of QEMU main thread sleep code in

qemu_chr_write_buffer() where it can be blocked and can't run other

coroutines during COLO IO stress test.

Our approach is to put filter_send() in a coroutine. In this way,

filter_send() will call qemu_coroutine_yield() in qemu_co_sleep_ns(),

so that it can be scheduled out and QEMU main thread has opportunity to

run other tasks.

Signed-off-by: Lei Rao <lei.rao@intel.com>

Signed-off-by: Zhang Chen <chen.zhang@intel.com>

Reviewed-by: Li Zhijian <lizhijian@fujitsu.com>

Reviewed-by: Zhang Chen <chen.zhang@intel.com>

net/filter-mirror.c | 66 ++++++++++++++++++++++++++++++++++++++++++-----------

1 file changed, 53 insertions(+), 13 deletions(-)

diff --git a/net/filter-mirror.c b/net/filter-mirror.c

--- a/net/filter-mirror.c

+++ b/net/filter-mirror.c

@@ -XXX,XX +XXX,XX @@

#include "chardev/char-fe.h"

#include "qemu/iov.h"

#include "qemu/sockets.h"

+#include "block/aio-wait.h"

#define TYPE_FILTER_MIRROR "filter-mirror"

typedef struct MirrorState MirrorState;

@@ -XXX,XX +XXX,XX @@ struct MirrorState {

bool vnet_hdr;

};

-static int filter_send(MirrorState *s,

- const struct iovec *iov,

- int iovcnt)

+typedef struct FilterSendCo {

+ MirrorState *s;

+ char *buf;

+ ssize_t size;

+ bool done;

+ int ret;

+} FilterSendCo;

+

+static int _filter_send(MirrorState *s,

+ char *buf,

+ ssize_t size)

{

NetFilterState *nf = NETFILTER(s);

int ret = 0;

- ssize_t size = 0;

uint32_t len = 0;

- char *buf;

-

- size = iov_size(iov, iovcnt);

- if (!size) {

- return 0;

- }

len = htonl(size);

ret = qemu_chr_fe_write_all(&s->chr_out, (uint8_t *)&len, sizeof(len));

@@ -XXX,XX +XXX,XX @@ static int filter_send(MirrorState *s,

From: Nick Hudson <skrll@netbsd.org>

In section 7.4.3 of the 82574 datasheet it states that

"In systems that do not support MSI-X, reading the ICR

register clears it's bits..."

Some OSes rely on this.

Signed-off-by: Nick Hudson <skrll@netbsd.org>

hw/net/e1000e_core.c | 5 +++++

hw/net/trace-events | 1 +

2 files changed, 6 insertions(+)

@@ -XXX,XX +XXX,XX @@ e1000e_mac_icr_read(E1000ECore *core, int index)

core->mac[ICR] = 0;

}

+ if (!msix_enabled(core->owner)) {

+ trace_e1000e_irq_icr_clear_nonmsix_icr_read();

+ core->mac[ICR] = 0;

+ }

+

if ((core->mac[ICR] & E1000_ICR_ASSERTED) &&

(core->mac[CTRL_EXT] & E1000_CTRL_EXT_IAME)) {

trace_e1000e_irq_icr_clear_iame();

diff --git a/hw/net/trace-events b/hw/net/trace-events

index XXXXXXX..XXXXXXX 100644

--- a/hw/net/trace-events

+++ b/hw/net/trace-events

@@ -XXX,XX +XXX,XX @@ e1000e_irq_write_ics(uint32_t val) "Adding ICR bits 0x%x"

e1000e_irq_icr_process_iame(void) "Clearing IMS bits due to IAME"

e1000e_irq_read_ics(uint32_t ics) "Current ICS: 0x%x"

e1000e_irq_read_ims(uint32_t ims) "Current IMS: 0x%x"

+e1000e_irq_icr_clear_nonmsix_icr_read(void) "Clearing ICR on read due to non MSI-X int"

e1000e_irq_icr_read_entry(uint32_t icr) "Starting ICR read. Current ICR: 0x%x"

e1000e_irq_icr_read_exit(uint32_t icr) "Ending ICR read. Current ICR: 0x%x"

e1000e_irq_icr_clear_zero_ims(void) "Clearing ICR on read due to zero IMS"