From nobody Fri May 17 08:24:43 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1627878920; cv=none; d=zohomail.com; s=zohoarc; b=Hd0k5DqvuRupAFNB0TEWkTw0ng5QM3JrGzTYnzboxSwfHFjBnmiS4Yz66NcbgkfbyISLQWACeXPrlepT7igoMpKLs599j9JEnlc5FjCmLu92xausVn77T0eGrRr6A3odvg7DCv15Kk0CloQh/qn1XxnD7DexjsGiajULySUhOnw= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1627878920; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=XCuH2DnGhTuHPp0vTXmmmjvPeuqyrQZJIMyE/uSi21Q=; b=Ysecij/5lBvBahit2W2DOAQvf+NE6AzbJ+YMwjLmPtRYWcLlgilO4pnP0NbiFK0BGi5fuHx3sxyK1tVhwigOBMwNZGVLAE1w/izZNSG9iPXmBgTp4/KzFQV/SVVrWGgTjhwEE898G9+HUuhnrJphA9RjDvsr0edoKNjlyo8VocQ= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1627878920116757.4577725820789; Sun, 1 Aug 2021 21:35:20 -0700 (PDT) Received: from localhost ([::1]:60858 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1mAPfa-0006FT-EC for importer@patchew.org; Mon, 02 Aug 2021 00:35:18 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:37028) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1mAPeI-0004Gg-S0 for qemu-devel@nongnu.org; Mon, 02 Aug 2021 00:33:59 -0400 Received: from us-smtp-delivery-124.mimecast.com ([170.10.133.124]:57434) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1mAPeG-0007ym-8n for qemu-devel@nongnu.org; Mon, 02 Aug 2021 00:33:57 -0400 Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-134-0LrlqFmoMBaf4yQGm9hHhg-1; Mon, 02 Aug 2021 00:33:51 -0400 Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com [10.5.11.15]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id EB2FF760C0; Mon, 2 Aug 2021 04:33:50 +0000 (UTC) Received: from localhost.localdomain (ovpn-12-135.pek2.redhat.com [10.72.12.135]) by smtp.corp.redhat.com (Postfix) with ESMTP id 0228B544F1; Mon, 2 Aug 2021 04:33:48 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1627878835; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=XCuH2DnGhTuHPp0vTXmmmjvPeuqyrQZJIMyE/uSi21Q=; b=XQ+32jXTRBI1VGsElaKxSEInKfCX0jYJDzjicGHaqs7fdSrLtO2qkORb+cT96/0gE3dz7N fzYHDU28TtCSXEPOATUarkYeL2WXxOvhUwrTlVLLTMnbzM9Clq4kOn6TewKU08enl9TgEv O0xVJlDptok4qrX/Q8ENzqc/4OYGCaE= X-MC-Unique: 0LrlqFmoMBaf4yQGm9hHhg-1 From: Jason Wang To: qemu-devel@nongnu.org, peter.maydell@linaro.org Subject: [PULL 1/5] hw/net/vmxnet3: Do not abort QEMU if guest specified bad queue numbers Date: Mon, 2 Aug 2021 12:33:40 +0800 Message-Id: <20210802043344.44301-2-jasowang@redhat.com> In-Reply-To: <20210802043344.44301-1-jasowang@redhat.com> References: <20210802043344.44301-1-jasowang@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=jasowang@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=170.10.133.124; envelope-from=jasowang@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -34 X-Spam_score: -3.5 X-Spam_bar: --- X-Spam_report: (-3.5 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.699, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Thomas Huth , Jason Wang Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: pass (identity @redhat.com) X-ZM-MESSAGEID: 1627878922613100001 Content-Type: text/plain; charset="utf-8" From: Thomas Huth QEMU should never terminate unexpectedly just because the guest is doing something wrong like specifying wrong queue numbers. Let's simply refuse to set the device active in this case. Buglink: https://bugs.launchpad.net/qemu/+bug/1890160 Signed-off-by: Thomas Huth Signed-off-by: Jason Wang --- hw/net/vmxnet3.c | 34 ++++++++++++++++++++++------------ 1 file changed, 22 insertions(+), 12 deletions(-) diff --git a/hw/net/vmxnet3.c b/hw/net/vmxnet3.c index f6bd8c5..41f796a 100644 --- a/hw/net/vmxnet3.c +++ b/hw/net/vmxnet3.c @@ -1381,7 +1381,7 @@ static void vmxnet3_validate_interrupts(VMXNET3State = *s) } } =20 -static void vmxnet3_validate_queues(VMXNET3State *s) +static bool vmxnet3_validate_queues(VMXNET3State *s) { /* * txq_num and rxq_num are total number of queues @@ -1390,12 +1390,18 @@ static void vmxnet3_validate_queues(VMXNET3State *s) */ =20 if (s->txq_num > VMXNET3_DEVICE_MAX_TX_QUEUES) { - hw_error("Bad TX queues number: %d\n", s->txq_num); + qemu_log_mask(LOG_GUEST_ERROR, "vmxnet3: Bad TX queues number: %d\= n", + s->txq_num); + return false; } =20 if (s->rxq_num > VMXNET3_DEVICE_MAX_RX_QUEUES) { - hw_error("Bad RX queues number: %d\n", s->rxq_num); + qemu_log_mask(LOG_GUEST_ERROR, "vmxnet3: Bad RX queues number: %d\= n", + s->rxq_num); + return false; } + + return true; } =20 static void vmxnet3_activate_device(VMXNET3State *s) @@ -1419,6 +1425,16 @@ static void vmxnet3_activate_device(VMXNET3State *s) return; } =20 + s->txq_num =3D + VMXNET3_READ_DRV_SHARED8(d, s->drv_shmem, devRead.misc.numTxQueues= ); + s->rxq_num =3D + VMXNET3_READ_DRV_SHARED8(d, s->drv_shmem, devRead.misc.numRxQueues= ); + + VMW_CFPRN("Number of TX/RX queues %u/%u", s->txq_num, s->rxq_num); + if (!vmxnet3_validate_queues(s)) { + return; + } + vmxnet3_adjust_by_guest_type(s); vmxnet3_update_features(s); vmxnet3_update_pm_state(s); @@ -1445,14 +1461,6 @@ static void vmxnet3_activate_device(VMXNET3State *s) VMXNET3_READ_DRV_SHARED8(d, s->drv_shmem, devRead.intrConf.autoMas= k); VMW_CFPRN("Automatic interrupt masking is %d", (int)s->auto_int_maskin= g); =20 - s->txq_num =3D - VMXNET3_READ_DRV_SHARED8(d, s->drv_shmem, devRead.misc.numTxQueues= ); - s->rxq_num =3D - VMXNET3_READ_DRV_SHARED8(d, s->drv_shmem, devRead.misc.numRxQueues= ); - - VMW_CFPRN("Number of TX/RX queues %u/%u", s->txq_num, s->rxq_num); - vmxnet3_validate_queues(s); - qdescr_table_pa =3D VMXNET3_READ_DRV_SHARED64(d, s->drv_shmem, devRead.misc.queueDescP= A); VMW_CFPRN("TX queues descriptors table is at 0x%" PRIx64, qdescr_table= _pa); @@ -2404,7 +2412,9 @@ static int vmxnet3_post_load(void *opaque, int versio= n_id) } } =20 - vmxnet3_validate_queues(s); + if (!vmxnet3_validate_queues(s)) { + return -1; + } vmxnet3_validate_interrupts(s); =20 return 0; --=20 2.7.4 From nobody Fri May 17 08:24:43 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=redhat.com Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1627878920134662.8008925887431; Sun, 1 Aug 2021 21:35:20 -0700 (PDT) Received: from localhost ([::1]:60844 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1mAPfa-0006Eq-Aw for importer@patchew.org; Mon, 02 Aug 2021 00:35:18 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:37052) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1mAPeJ-0004Gs-Nv for qemu-devel@nongnu.org; Mon, 02 Aug 2021 00:33:59 -0400 Received: from us-smtp-delivery-124.mimecast.com ([216.205.24.124]:56464) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1mAPeI-000803-4C for qemu-devel@nongnu.org; Mon, 02 Aug 2021 00:33:59 -0400 Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-335-kS0jau72N7y1HYgzZ5FuwA-1; Mon, 02 Aug 2021 00:33:56 -0400 Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com [10.5.11.15]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id EE055760C0; Mon, 2 Aug 2021 04:33:54 +0000 (UTC) Received: from localhost.localdomain (ovpn-12-135.pek2.redhat.com [10.72.12.135]) by smtp.corp.redhat.com (Postfix) with ESMTP id 83E8C544F1; Mon, 2 Aug 2021 04:33:51 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1627878837; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=RIlUTuucYiv8d07NsUlhqg58B69Jo1Hj6DxoDUraArM=; b=ey3vfdnlc2StySucgNbjMs9L0Tc3MFzSIysbS7t18wnKJ4HVTDoQ/Y6424kvpofcqMQjad Cnd7yNAUPNAQN3SIAJxDP9Vxo8P/02rAPVlVno+2pICQMLjh0jU5O/E0/bpZvtKv4jGxay F35UpqPTz2mBwoDl0GBne1FEM1TGA7c= X-MC-Unique: kS0jau72N7y1HYgzZ5FuwA-1 From: Jason Wang To: qemu-devel@nongnu.org, peter.maydell@linaro.org Subject: [PULL 2/5] hw/net/can: sja1000 fix buff2frame_bas and buff2frame_pel when dlc is out of std CAN 8 bytes Date: Mon, 2 Aug 2021 12:33:41 +0800 Message-Id: <20210802043344.44301-3-jasowang@redhat.com> In-Reply-To: <20210802043344.44301-1-jasowang@redhat.com> References: <20210802043344.44301-1-jasowang@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=jasowang@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=216.205.24.124; envelope-from=jasowang@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -34 X-Spam_score: -3.5 X-Spam_bar: --- X-Spam_report: (-3.5 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.699, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= , Jason Wang , Qiang Ning , qemu-stable@nongnu.org, Pavel Pisa Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZM-MESSAGEID: 1627878922614100002 From: Pavel Pisa Problem reported by openEuler fuzz-sig group. The buff2frame_bas function (hw\net\can\can_sja1000.c) infoleak(qemu5.x~qemu6.x) or stack-overflow(qemu 4.x). Reported-by: Qiang Ning Cc: qemu-stable@nongnu.org Reviewed-by: Philippe Mathieu-Daud=C3=A9 Signed-off-by: Pavel Pisa Signed-off-by: Jason Wang --- hw/net/can/can_sja1000.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/hw/net/can/can_sja1000.c b/hw/net/can/can_sja1000.c index 42d2f99..34eea68 100644 --- a/hw/net/can/can_sja1000.c +++ b/hw/net/can/can_sja1000.c @@ -275,6 +275,10 @@ static void buff2frame_pel(const uint8_t *buff, qemu_c= an_frame *frame) } frame->can_dlc =3D buff[0] & 0x0f; =20 + if (frame->can_dlc > 8) { + frame->can_dlc =3D 8; + } + if (buff[0] & 0x80) { /* Extended */ frame->can_id |=3D QEMU_CAN_EFF_FLAG; frame->can_id |=3D buff[1] << 21; /* ID.28~ID.21 */ @@ -311,6 +315,10 @@ static void buff2frame_bas(const uint8_t *buff, qemu_c= an_frame *frame) } frame->can_dlc =3D buff[1] & 0x0f; =20 + if (frame->can_dlc > 8) { + frame->can_dlc =3D 8; + } + for (i =3D 0; i < frame->can_dlc; i++) { frame->data[i] =3D buff[2 + i]; } --=20 2.7.4 From nobody Fri May 17 08:24:43 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=redhat.com Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1627879034539300.437442123589; Sun, 1 Aug 2021 21:37:14 -0700 (PDT) Received: from localhost ([::1]:39062 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1mAPhR-0002BH-IR for importer@patchew.org; Mon, 02 Aug 2021 00:37:13 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:37100) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1mAPeP-0004Uj-DR for qemu-devel@nongnu.org; Mon, 02 Aug 2021 00:34:05 -0400 Received: from us-smtp-delivery-124.mimecast.com ([170.10.133.124]:32607) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1mAPeN-00084q-Ms for qemu-devel@nongnu.org; Mon, 02 Aug 2021 00:34:05 -0400 Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-382-1NR8xi5QNmWhR6VSJRrjzQ-1; Mon, 02 Aug 2021 00:34:01 -0400 Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com [10.5.11.15]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 51F4510066E5; Mon, 2 Aug 2021 04:34:00 +0000 (UTC) Received: from localhost.localdomain (ovpn-12-135.pek2.redhat.com [10.72.12.135]) by smtp.corp.redhat.com (Postfix) with ESMTP id 7FC34544F1; Mon, 2 Aug 2021 04:33:55 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1627878843; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=MNTUmMHN/IB3QV167fIw72CwbwoA/mcTYnh+rj9MlTA=; b=Uuhhj0pozcFS79dtpuokMbqnFIb2XYWQdRNBjrgsmXIlZIUVV11BOEAW/BEZ/vCerjAFqu uoma4uJp91GBc8PKSXe8Ka3793h+wO6FNslT5Y3pch5Nc6jZaSzfCnHt8jN0GaMsAaSm2j wfrfvmMzgsUgvA5o2UDT0ScTOdkVxCI= X-MC-Unique: 1NR8xi5QNmWhR6VSJRrjzQ-1 From: Jason Wang To: qemu-devel@nongnu.org, peter.maydell@linaro.org Subject: [PULL 3/5] hw/net: e1000: Correct the initial value of VET register Date: Mon, 2 Aug 2021 12:33:42 +0800 Message-Id: <20210802043344.44301-4-jasowang@redhat.com> In-Reply-To: <20210802043344.44301-1-jasowang@redhat.com> References: <20210802043344.44301-1-jasowang@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=jasowang@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=170.10.133.124; envelope-from=jasowang@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -34 X-Spam_score: -3.5 X-Spam_bar: --- X-Spam_report: (-3.5 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.699, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Bin Meng , Jason Wang , Christina Wang , Markus Carlstedt Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZM-MESSAGEID: 1627879035436100001 Content-Type: text/plain; charset="utf-8" From: Christina Wang The initial value of VLAN Ether Type (VET) register is 0x8100, as per the manual and real hardware. While Linux e1000 driver always writes VET register to 0x8100, it is not always the case for everyone. Drivers relying on the reset value of VET won't be able to transmit and receive VLAN frames in QEMU. Reported-by: Markus Carlstedt Signed-off-by: Christina Wang Signed-off-by: Bin Meng Signed-off-by: Jason Wang --- hw/core/machine.c | 1 + hw/net/e1000.c | 17 +++++++++++++++++ 2 files changed, 18 insertions(+) diff --git a/hw/core/machine.c b/hw/core/machine.c index 775add0..f98a797 100644 --- a/hw/core/machine.c +++ b/hw/core/machine.c @@ -41,6 +41,7 @@ GlobalProperty hw_compat_6_0[] =3D { { "gpex-pcihost", "allow-unmapped-accesses", "false" }, { "i8042", "extended-state", "false"}, { "nvme-ns", "eui64-default", "off"}, + { "e1000", "init-vet", "off" }, }; const size_t hw_compat_6_0_len =3D G_N_ELEMENTS(hw_compat_6_0); =20 diff --git a/hw/net/e1000.c b/hw/net/e1000.c index 4f75b44..a30546c 100644 --- a/hw/net/e1000.c +++ b/hw/net/e1000.c @@ -29,6 +29,7 @@ #include "hw/pci/pci.h" #include "hw/qdev-properties.h" #include "migration/vmstate.h" +#include "net/eth.h" #include "net/net.h" #include "net/checksum.h" #include "sysemu/sysemu.h" @@ -130,10 +131,13 @@ struct E1000State_st { #define E1000_FLAG_MIT_BIT 1 #define E1000_FLAG_MAC_BIT 2 #define E1000_FLAG_TSO_BIT 3 +#define E1000_FLAG_VET_BIT 4 #define E1000_FLAG_AUTONEG (1 << E1000_FLAG_AUTONEG_BIT) #define E1000_FLAG_MIT (1 << E1000_FLAG_MIT_BIT) #define E1000_FLAG_MAC (1 << E1000_FLAG_MAC_BIT) #define E1000_FLAG_TSO (1 << E1000_FLAG_TSO_BIT) +#define E1000_FLAG_VET (1 << E1000_FLAG_VET_BIT) + uint32_t compat_flags; bool received_tx_tso; bool use_tso_for_migration; @@ -361,6 +365,13 @@ e1000_autoneg_timer(void *opaque) } } =20 +static bool e1000_vet_init_need(void *opaque) +{ + E1000State *s =3D opaque; + + return chkflag(VET); +} + static void e1000_reset(void *opaque) { E1000State *d =3D opaque; @@ -386,6 +397,10 @@ static void e1000_reset(void *opaque) } =20 e1000x_reset_mac_addr(d->nic, d->mac_reg, macaddr); + + if (e1000_vet_init_need(d)) { + d->mac_reg[VET] =3D ETH_P_VLAN; + } } =20 static void @@ -1737,6 +1752,8 @@ static Property e1000_properties[] =3D { compat_flags, E1000_FLAG_MAC_BIT, true), DEFINE_PROP_BIT("migrate_tso_props", E1000State, compat_flags, E1000_FLAG_TSO_BIT, true), + DEFINE_PROP_BIT("init-vet", E1000State, + compat_flags, E1000_FLAG_VET_BIT, true), DEFINE_PROP_END_OF_LIST(), }; =20 --=20 2.7.4 From nobody Fri May 17 08:24:43 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=redhat.com Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1627879044637456.79193525957567; Sun, 1 Aug 2021 21:37:24 -0700 (PDT) Received: from localhost ([::1]:39888 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1mAPhb-0002l5-L6 for importer@patchew.org; Mon, 02 Aug 2021 00:37:23 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:37128) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1mAPeS-0004ec-7E for qemu-devel@nongnu.org; Mon, 02 Aug 2021 00:34:08 -0400 Received: from us-smtp-delivery-124.mimecast.com ([170.10.133.124]:48464) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1mAPeQ-00087B-BM for qemu-devel@nongnu.org; Mon, 02 Aug 2021 00:34:08 -0400 Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-24-1HQyGJ17OCSl77j_HXwQtQ-1; Mon, 02 Aug 2021 00:34:04 -0400 Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com [10.5.11.15]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 423A2801AC0; Mon, 2 Aug 2021 04:34:03 +0000 (UTC) Received: from localhost.localdomain (ovpn-12-135.pek2.redhat.com [10.72.12.135]) by smtp.corp.redhat.com (Postfix) with ESMTP id D8D2D6A902; Mon, 2 Aug 2021 04:34:00 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1627878845; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=8hTmvS9uBMIyOGRbt2awNkoFr0/LmnnsB1s+rwROHTI=; b=ThoBl/N3N/pzj3LDsFOfTa4U0fogOQuusiKq3OOstKeO3Mg6f3APa6QR/Hi+94arX/2q2U 2N34NHEbjkcVSfJJ+k/uRphsUbWcee6KPBUsGr31hRIa9bv3xlT4e1K6ygMggQaJ2abCEz ODe5jiTAKGisyVDz3bUgMaA88YG3nK0= X-MC-Unique: 1HQyGJ17OCSl77j_HXwQtQ-1 From: Jason Wang To: qemu-devel@nongnu.org, peter.maydell@linaro.org Subject: [PULL 4/5] hw/net: e1000e: Correct the initial value of VET register Date: Mon, 2 Aug 2021 12:33:43 +0800 Message-Id: <20210802043344.44301-5-jasowang@redhat.com> In-Reply-To: <20210802043344.44301-1-jasowang@redhat.com> References: <20210802043344.44301-1-jasowang@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=jasowang@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=170.10.133.124; envelope-from=jasowang@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -34 X-Spam_score: -3.5 X-Spam_bar: --- X-Spam_report: (-3.5 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.699, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Bin Meng , Jason Wang , Christina Wang , Markus Carlstedt Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZM-MESSAGEID: 1627879045828100003 Content-Type: text/plain; charset="utf-8" From: Christina Wang The initial value of VLAN Ether Type (VET) register is 0x8100, as per the manual and real hardware. While Linux e1000e driver always writes VET register to 0x8100, it is not always the case for everyone. Drivers relying on the reset value of VET won't be able to transmit and receive VLAN frames in QEMU. Unlike e1000 in QEMU, e1000e uses a field 'vet' in "struct E1000Core" to cache the value of VET register, but the cache only gets updated when VET register is written. To always get a consistent VET value no matter VET is written or remains its reset value, drop the 'vet' field and use 'core->mac[VET]' directly. Reported-by: Markus Carlstedt Signed-off-by: Christina Wang Signed-off-by: Bin Meng Signed-off-by: Jason Wang --- hw/core/machine.c | 1 + hw/net/e1000e.c | 8 +++++++- hw/net/e1000e_core.c | 9 ++++----- 3 files changed, 12 insertions(+), 6 deletions(-) diff --git a/hw/core/machine.c b/hw/core/machine.c index f98a797..943974d 100644 --- a/hw/core/machine.c +++ b/hw/core/machine.c @@ -42,6 +42,7 @@ GlobalProperty hw_compat_6_0[] =3D { { "i8042", "extended-state", "false"}, { "nvme-ns", "eui64-default", "off"}, { "e1000", "init-vet", "off" }, + { "e1000e", "init-vet", "off" }, }; const size_t hw_compat_6_0_len =3D G_N_ELEMENTS(hw_compat_6_0); =20 diff --git a/hw/net/e1000e.c b/hw/net/e1000e.c index a8a77ec..ac96f76 100644 --- a/hw/net/e1000e.c +++ b/hw/net/e1000e.c @@ -35,6 +35,7 @@ =20 #include "qemu/osdep.h" #include "qemu/units.h" +#include "net/eth.h" #include "net/net.h" #include "net/tap.h" #include "qemu/module.h" @@ -79,7 +80,7 @@ struct E1000EState { bool disable_vnet; =20 E1000ECore core; - + bool init_vet; }; =20 #define E1000E_MMIO_IDX 0 @@ -527,6 +528,10 @@ static void e1000e_qdev_reset(DeviceState *dev) trace_e1000e_cb_qdev_reset(); =20 e1000e_core_reset(&s->core); + + if (s->init_vet) { + s->core.mac[VET] =3D ETH_P_VLAN; + } } =20 static int e1000e_pre_save(void *opaque) @@ -666,6 +671,7 @@ static Property e1000e_properties[] =3D { e1000e_prop_subsys_ven, uint16_t), DEFINE_PROP_SIGNED("subsys", E1000EState, subsys, 0, e1000e_prop_subsys, uint16_t), + DEFINE_PROP_BOOL("init-vet", E1000EState, init_vet, true), DEFINE_PROP_END_OF_LIST(), }; =20 diff --git a/hw/net/e1000e_core.c b/hw/net/e1000e_core.c index b75f2ab..b4bf4ca 100644 --- a/hw/net/e1000e_core.c +++ b/hw/net/e1000e_core.c @@ -731,7 +731,7 @@ e1000e_process_tx_desc(E1000ECore *core, if (e1000x_vlan_enabled(core->mac) && e1000x_is_vlan_txd(txd_lower)) { net_tx_pkt_setup_vlan_header_ex(tx->tx_pkt, - le16_to_cpu(dp->upper.fields.special), core->vet); + le16_to_cpu(dp->upper.fields.special), core->mac[VET]); } if (e1000e_tx_pkt_send(core, tx, queue_index)) { e1000e_on_tx_done_update_stats(core, tx->tx_pkt); @@ -1012,7 +1012,7 @@ e1000e_receive_filter(E1000ECore *core, const uint8_t= *buf, int size) { uint32_t rctl =3D core->mac[RCTL]; =20 - if (e1000x_is_vlan_packet(buf, core->vet) && + if (e1000x_is_vlan_packet(buf, core->mac[VET]) && e1000x_vlan_rx_filter_enabled(core->mac)) { uint16_t vid =3D lduw_be_p(buf + 14); uint32_t vfta =3D ldl_le_p((uint32_t *)(core->mac + VFTA) + @@ -1686,7 +1686,7 @@ e1000e_receive_iov(E1000ECore *core, const struct iov= ec *iov, int iovcnt) } =20 net_rx_pkt_attach_iovec_ex(core->rx_pkt, iov, iovcnt, iov_ofs, - e1000x_vlan_enabled(core->mac), core->vet); + e1000x_vlan_enabled(core->mac), core->mac[V= ET]); =20 e1000e_rss_parse_packet(core, core->rx_pkt, &rss_info); e1000e_rx_ring_init(core, &rxr, rss_info.queue); @@ -2397,8 +2397,7 @@ static void e1000e_set_vet(E1000ECore *core, int index, uint32_t val) { core->mac[VET] =3D val & 0xffff; - core->vet =3D le16_to_cpu(core->mac[VET]); - trace_e1000e_vlan_vet(core->vet); + trace_e1000e_vlan_vet(core->mac[VET]); } =20 static void --=20 2.7.4 From nobody Fri May 17 08:24:43 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=redhat.com Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1627879036949100.25725630941372; Sun, 1 Aug 2021 21:37:16 -0700 (PDT) Received: from localhost ([::1]:39250 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1mAPhT-0002IL-VM for importer@patchew.org; Mon, 02 Aug 2021 00:37:15 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:37152) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1mAPeX-0004rh-Ci for qemu-devel@nongnu.org; Mon, 02 Aug 2021 00:34:13 -0400 Received: from us-smtp-delivery-124.mimecast.com ([170.10.133.124]:34948) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1mAPeV-0008DI-MV for qemu-devel@nongnu.org; Mon, 02 Aug 2021 00:34:12 -0400 Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-250-bO9RNDUZPjOCYjvpF8ez5w-1; Mon, 02 Aug 2021 00:34:07 -0400 Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com [10.5.11.15]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 3B590189CD01; Mon, 2 Aug 2021 04:34:06 +0000 (UTC) Received: from localhost.localdomain (ovpn-12-135.pek2.redhat.com [10.72.12.135]) by smtp.corp.redhat.com (Postfix) with ESMTP id C85886A902; Mon, 2 Aug 2021 04:34:03 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1627878851; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=A8sYNa7zqV02/Y3dczuBzMf2eA/laisy4986gsp9g7s=; b=eM6HWA3YR7X4yyH0SC/FWRrfVdKi76k6JX00PCXPCi/Pn6NToTm0RZ5JMbyffvtdBw9v/Y w+2Zn1oek7A1Lz3H49mnLRQr439i/Bq7iAwV5bkHCGqCQaUAlR9nGsgDu8kew+dMQoshto dSWkZRj/RPJpGgNCXCRE+nY5viYwNko= X-MC-Unique: bO9RNDUZPjOCYjvpF8ez5w-1 From: Jason Wang To: qemu-devel@nongnu.org, peter.maydell@linaro.org Subject: [PULL 5/5] hw/net: e1000e: Don't zero out the VLAN tag in the legacy RX descriptor Date: Mon, 2 Aug 2021 12:33:44 +0800 Message-Id: <20210802043344.44301-6-jasowang@redhat.com> In-Reply-To: <20210802043344.44301-1-jasowang@redhat.com> References: <20210802043344.44301-1-jasowang@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=jasowang@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=170.10.133.124; envelope-from=jasowang@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -34 X-Spam_score: -3.5 X-Spam_bar: --- X-Spam_report: (-3.5 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.699, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Bin Meng , Jason Wang , Christina Wang , Markus Carlstedt Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZM-MESSAGEID: 1627879037410100003 Content-Type: text/plain; charset="utf-8" From: Christina Wang In the legacy RX descriptor mode, VLAN tag was saved to d->special by e1000e_build_rx_metadata() in e1000e_write_lgcy_rx_descr(), but it was then zeroed out again at the end of the call, which is wrong. Fixes: c89d416a2b0f ("e1000e: Don't zero out buffer address in rx descripto= r") Reported-by: Markus Carlstedt Signed-off-by: Christina Wang Signed-off-by: Bin Meng Signed-off-by: Jason Wang --- hw/net/e1000e_core.c | 1 - 1 file changed, 1 deletion(-) diff --git a/hw/net/e1000e_core.c b/hw/net/e1000e_core.c index b4bf4ca..8ae6fb7 100644 --- a/hw/net/e1000e_core.c +++ b/hw/net/e1000e_core.c @@ -1285,7 +1285,6 @@ e1000e_write_lgcy_rx_descr(E1000ECore *core, uint8_t = *desc, &d->special); d->errors =3D (uint8_t) (le32_to_cpu(status_flags) >> 24); d->status =3D (uint8_t) le32_to_cpu(status_flags); - d->special =3D 0; } =20 static inline void --=20 2.7.4