summaryrefslogtreecommitdiffstats
path: root/hw/net/virtio-net.c
Commit message (Collapse)AuthorAgeFilesLines
...
* virtio-net: remove virtio queues if the guest doesn't support multiqueueWen Congyang2015-07-201-28/+82
| | | | | | | | | | | commit da51a335 adds all queues in .realize(). But if the guest doesn't support multiqueue, we forget to remove them. And we cannot handle the ctrl vq corretly. The guest will hang. Signed-off-by: Wen Congyang <wency@cn.fujitsu.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com> Acked-by: Jason Wang <jasowang@redhat.com>
* virtio-net: Flush incoming queues when DRIVER_OK is being setFam Zheng2015-07-201-1/+9
| | | | | | | | | | | | | | | | | | | | | | | | | This patch fixes network hang after "stop" then "cont", while network packets keep arriving. Tested both manually (tap, host pinging guest) and with Jason's qtest series (plus his "[PATCH 2.4] socket: pass correct size in net_socket_send()" fix). As virtio_net_set_status is called when guest driver is setting status byte and when vm state is changing, it is a good opportunity to flush queued packets. This is necessary because during vm stop the backend (e.g. tap) would stop rx processing after .can_receive returns false, until the queue is explicitly flushed or purged. The other interesting condition in .can_receive, virtio_queue_ready(), is handled by virtio_net_handle_rx() when guest kicks; the 3rd condition is invalid queue index which doesn't need flushing. Signed-off-by: Fam Zheng <famz@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
* virtio-net: unbreak any layoutJason Wang2015-07-201-5/+18
| | | | | | | | | | | | | | | | | Commit 032a74a1c0fcdd5fd1c69e56126b4c857ee36611 ("virtio-net: byteswap virtio-net header") breaks any layout by requiring out_sg[0].iov_len >= n->guest_hdr_len. Fixing this by copying header to temporary buffer if swap is needed, and then use this buffer as part of out_sg. Fixes 032a74a1c0fcdd5fd1c69e56126b4c857ee36611 ("virtio-net: byteswap virtio-net header") Cc: qemu-stable@nongnu.org Cc: clg@fr.ibm.com Signed-off-by: Jason Wang <jasowang@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com>
* Revert "virtio-net: enable virtio 1.0"Jason Wang2015-07-131-1/+0Star
| | | | | | | | | | | | | | This reverts commit df91055db5c9cee93d70ca8c08d72119a240b987. This is because: - vhost support virtio 1.0 now - transport code (e.g virtio-pci) set this feature when modern is enabled, setting this unconditionally will break disable-modern=on. Cc: Cornelia Huck <cornelia.huck@de.ibm.com> Signed-off-by: Jason Wang <jasowang@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
* vhost: enable vhost without without MSI-XPankaj Gupta2015-06-191-4/+0Star
| | | | | | | | | | | | | | | | | We use vhostforce to enable vhost even if Guests don't have MSI-X support and we fall back to QEMU virtio-net. This gives a very small performance gain, but the disadvantage is that guest now controls which virtio code is running (qemu or vhost) so our attack surface is doubled. This patch will enable vhost unconditionally whenever it's requested. For compatibility, enable vhost when vhostforce is set, as well. Signed-off-by: Pankaj Gupta <pagupta@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com> Reviewed-by: Jason Wang <jasowang@redhat.com>
* virtio-net: move qdev properties into virtio-net.cShannon Zhao2015-06-101-2/+42
| | | | | | | | | | | | As only one place in virtio-net.c uses DEFINE_VIRTIO_NET_FEATURES, there is no need to expose it. Inline it into virtio-net.c to avoid wrongly use. Signed-off-by: Shannon Zhao <zhaoshenglong@huawei.com> Signed-off-by: Shannon Zhao <shannon.zhao@linaro.org> Reviewed-by: Paolo Bonzini <pbonzini@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
* virtio-net: enable virtio 1.0Cornelia Huck2015-06-101-0/+1
| | | | | | | | | | | | | | | virtio-net (non-vhost) now should have everything in place to support virtio 1.0: let's enable the feature bit for it. Note that VIRTIO_F_VERSION_1 is technically a transport feature; once every device is ready for virtio 1.0, we can move setting this feature bit out of the individual devices. Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
* virtio-net: support longer headerCornelia Huck2015-06-101-6/+15
| | | | | | | | | | | virtio-1 devices always use num_buffers in the header, even if mergeable rx buffers have not been negotiated. Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
* virtio-net: no writeable mac for virtio-1Cornelia Huck2015-06-101-0/+1
| | | | | | | | | | | Devices operating as virtio 1.0 may not allow writes to the mac address in config space. Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
* virtio: 64bit features fixups.Gerd Hoffmann2015-06-031-1/+1
| | | | | | | | | | Commit "019a3ed virtio: make features 64bit wide" missed a few changes, as I've noticed while trying to rebase the virtio-1 branch to latest master. This patch adds them. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
* virtio: make features 64bit wideGerd Hoffmann2015-06-011-8/+10
| | | | | | | | | | | | | | Make features 64bit wide everywhere. On migration a full 64bit guest_features field is sent if one of the high bits is set, in addition to the lower 32bit guest_features field which must stay for compatibility reasons. That way we send the lower 32 feature bits twice, but the code is simpler because we don't have to split and compose the 64bit features into two 32bit fields. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
* virtio: rename VIRTIO_PCI_QUEUE_MAX to VIRTIO_QUEUE_MAXJason Wang2015-05-311-2/+2
| | | | | | | | | | VIRTIO_PCI_QUEUE_MAX is not only used for pci, so rename it be generic. Cc: Amit Shah <amit.shah@redhat.com> Cc: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Jason Wang <jasowang@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
* virtio-net: adding all queues in .realize()Jason Wang2015-05-311-42/+17Star
| | | | | | | | | | Instead of adding queues for multiqueue during feature set. This patch did this in .realize(), this will help the following patches that count the number of virtqueues used in .device_plugged() callback. Signed-off-by: Jason Wang <jasowang@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
* Merge remote-tracking branch 'remotes/stefanha/tags/net-pull-request' into ↵Peter Maydell2015-05-121-9/+3Star
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | staging # gpg: Signature made Mon May 11 16:25:58 2015 BST using RSA key ID 81AB73C8 # gpg: Good signature from "Stefan Hajnoczi <stefanha@redhat.com>" # gpg: aka "Stefan Hajnoczi <stefanha@gmail.com>" * remotes/stefanha/tags/net-pull-request: rocker: timestamp on the debug logs helps correlate with events in the VM MAINTAINERS: add rocker rocker: add tests rocker: add new rocker switch device pci: add network device class 'other' for network switches pci: add rocker device ID rocker: add register programming guide virtio-net: use qemu_mac_strdup_printf net: add MAC address string printer Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
| * virtio-net: use qemu_mac_strdup_printfScott Feldman2015-05-111-9/+3Star
| | | | | | | | | | | | | | Signed-off-by: Scott Feldman <sfeldma@gmail.com> Reviewed-by: Eric Blake <eblake@redhat.com> Message-id: 1426306173-24884-3-git-send-email-sfeldma@gmail.com Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
* | Merge remote-tracking branch 'remotes/mst/tags/for_upstream' into stagingPeter Maydell2015-05-111-2/+7
|\ \ | |/ |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | pc, virtio enhancements Memory hot-unplug support for pc, MSI-X mapping update speedup for virtio-pci, misc refactorings and bugfixes. Signed-off-by: Michael S. Tsirkin <mst@redhat.com> # gpg: Signature made Mon May 11 08:23:43 2015 BST using RSA key ID D28D5469 # gpg: Good signature from "Michael S. Tsirkin <mst@kernel.org>" # gpg: aka "Michael S. Tsirkin <mst@redhat.com>" * remotes/mst/tags/for_upstream: (28 commits) acpi: update expected files for memory unplug virtio-scsi: Move DEFINE_VIRTIO_SCSI_FEATURES to virtio-scsi virtio-net: Move DEFINE_VIRTIO_NET_FEATURES to virtio-net pci: Merge pci_nic_init() into pci_nic_init_nofail() acpi: add a missing backslash to the \_SB scope. qmp-event: add event notification for memory hot unplug error acpi: add hardware implementation for memory hot unplug acpi: fix "Memory device control fields" register acpi: extend aml_field() to support UpdateRule acpi, mem-hotplug: add unplug cb for memory device acpi, mem-hotplug: add unplug request cb for memory device acpi, mem-hotplug: add acpi_memory_slot_status() to get MemStatus docs: update documentation for memory hot unplug virtio: coding style tweak pci: remove hard-coded bar size in msix_init_exclusive_bar() virtio-pci: speedup MSI-X masking and unmasking virtio: introduce vector to virtqueues mapping virtio-ccw: using VIRTIO_NO_VECTOR instead of 0 for invalid virtqueue monitor: check return value of qemu_find_net_clients_except() monitor: replace the magic number 255 with MAX_QUEUE_NUM ... Conflicts: hw/s390x/s390-virtio-bus.c [PMM: fixed conflict in s390_virtio_scsi_properties and s390_virtio_net_properties arrays; since the result of the two conflicting patches is to empty the property arrays completely, the conflict resolution is to remove them entirely.] Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
| * virtio-net: Move DEFINE_VIRTIO_NET_FEATURES to virtio-netShannon Zhao2015-04-281-1/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | So far virtio-net-device can't expose host features to guest while using virtio-mmio because it doesn't set DEFINE_VIRTIO_NET_FEATURES on backend or transport. So the performance is low. The host features belong to the backend while virtio-net-pci, virtio-net-s390 and virtio-net-ccw set the DEFINE_VIRTIO_NET_FEATURES on transports. But they already have the ability to forward property accesses to the backend child. So if we move the host features to backends, it doesn't break the backwards compatibility for them and make host features work while using virtio-mmio. Here we move DEFINE_VIRTIO_NET_FEATURES to the backend virtio-net. The transports just sync the host features from backend. Meanwhile move virtio_net_set_config_size to virtio-net to make sure the config size is correct and don't expose it. Signed-off-by: Shannon Zhao <zhaoshenglong@huawei.com> Signed-off-by: Shannon Zhao <shannon.zhao@linaro.org> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com> Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
| * virtio-net: fix the upper bound when trying to delete queuesJason Wang2015-04-271-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | Virtqueue were indexed from zero, so don't delete virtqueue whose index is n->max_queues * 2 + 1. Cc: Michael S. Tsirkin <mst@redhat.com> Cc: qemu-stable <qemu-stable@nongnu.org> Signed-off-by: Jason Wang <jasowang@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
* | misc: Fix new collection of typosStefan Weil2015-04-301-1/+1
|/ | | | | | | | | | All of them were reported by codespell. Most typos are in comments, one is in an error message. Signed-off-by: Stefan Weil <sw@weilnetz.de> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
* virtio-net: validate backend queue numbers against bus limitationJason Wang2015-03-251-0/+7
| | | | | | | | | | | | | | | | | | | We don't validate the backend queue numbers against bus limitation, this will easily crash qemu if it exceeds the limitation which will hit the abort() in virtio_del_queue(). An example is trying to starting a virtio-net device with 256 queues. E.g: ./qemu-system-x86_64 -netdev tap,id=hn0,queues=256 -device virtio-net-pci,netdev=hn0 Fixing this by doing the validation and fail early. Cc: Michael S. Tsirkin <mst@redhat.com> Cc: qemu-stable <qemu-stable@nongnu.org> Signed-off-by: Jason Wang <jasowang@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com> Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
* fix GCC 5.0.0 logical-not-parentheses warningsRadim Krčmář2015-03-101-2/+2
| | | | | | | | | | | | | | | | | | | | | | | man gcc: Warn about logical not used on the left hand side operand of a comparison. This option does not warn if the RHS operand is of a boolean type. By preferring bool over int where sensible, but without modifying any depending code, make GCC happy in cases like this, qemu-img.c: In function ‘compare_sectors’: qemu-img.c:992:39: error: logical not is only applied to the left hand side of comparison [-Werror=logical-not-parentheses] if (!!memcmp(buf1, buf2, 512) != res) { hw/ide/core.c:1836 doesn't throw an error, assert(!!s->error == !!(s->status & ERR_STAT)); even thought the second operand is int (and first hunk of this patch has a very similar case), maybe GCC developers still have a little faith in C programmers. Signed-off-by: Radim Krčmář <rkrcmar@redhat.com> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
* virtio: add feature checking helpersCornelia Huck2015-02-261-10/+13
| | | | | | | | | | | | Add a helper function for checking whether a bit is set in the guest features for a vdev as well as one that works on a feature bit set. Convert code that open-coded this: It cleans up the code and makes it easier to extend the guest feature bits. Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
* virtio: feature bit manipulation helpersCornelia Huck2015-02-261-17/+17
| | | | | | | | | | | | | | Add virtio_{add,clear}_feature helper functions for manipulating a feature bits variable. This has some benefits over open coding: - add check that the bit is in a sane range - make it obvious at a glance what is going on - have a central point to change when we want to extend feature bits Convert existing code manipulating features to use the new helpers. Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
* net: remove all cleanup methods from NIC NetClientInfosPaolo Bonzini2015-01-121-8/+0Star
| | | | | | | | | | | | | | | | | All NICs have a cleanup function that, in most cases, zeroes the pointer to the NICState. In some cases, it frees data belonging to the NIC. However, this function is never called except when exiting from QEMU. It is not necessary to NULL pointers and free data here; the right place to do that would be in the device's unrealize function, after calling qemu_del_nic. Zeroing the NIC multiple times is also wrong for multiqueue devices. This cleanup function gets in the way of making the NetClientStates for the NIC hold an object_ref reference to the object, so get rid of it. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
* virtio-net: fix unmap leakJason Wang2014-11-281-2/+3
| | | | | | | | | | | | | | | | | | | virtio_net_handle_ctrl() and other functions that process control vq request call iov_discard_front() which will shorten the iov. This will lead unmapping in virtqueue_push() leaks mapping. Fixes this by keeping the original iov untouched and using a temp variable in those functions. Cc: Wen Congyang <wency@cn.fujitsu.com> Cc: Stefano Stabellini <stefano.stabellini@eu.citrix.com> Cc: qemu-stable@nongnu.org Signed-off-by: Jason Wang <jasowang@redhat.com> Reviewed-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com> Reviewed-by: Fam Zheng <famz@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Message-id: 1417082643-23907-1-git-send-email-jasowang@redhat.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
* bootindex: move calling add_boot_device_patch to bootindex setter functionGonglei2014-10-151-2/+0Star
| | | | | | | | | On this way, we can assure the new bootindex take effect during vm rebooting. Signed-off-by: Gonglei <arei.gonglei@huawei.com> Reviewed-by: Gerd Hoffmann <kraxel@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
* virtio-net: add bootindex to qom propertyGonglei2014-10-151-0/+3
| | | | | | | | | | | Add a qom property with the same name 'bootindex', when we remove it form qdev property, things will continue to work just fine, and we can use qom features which are not supported by qdev property. Signed-off-by: Gonglei <arei.gonglei@huawei.com> Reviewed-by: Gerd Hoffmann <kraxel@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
* virtio-net: drop assert on vm stopMichael S. Tsirkin2014-09-181-2/+0Star
| | | | | | | | | | On vm stop, vm_running state set to stopped before device is notified, so callbacks can get envoked with vm_running = false; and this is not an error. Cc: qemu-stable@nongnu.org Acked-by: Jason Wang <jasowang@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
* virtio-net: purge outstanding packets when starting vhostMichael S. Tsirkin2014-09-041-1/+14
| | | | | | | | | | | | | whenever we start vhost, virtio could have outstanding packets queued, when they complete later we'll modify the ring while vhost is processing it. To prevent this, purge outstanding packets on vhost start. Cc: qemu-stable@nongnu.org Cc: Jason Wang <jasowang@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
* virtio-net: don't run bh on vm stoppedMichael S. Tsirkin2014-09-041-2/+12
| | | | | | | | | | | | | | | commit 783e7706937fe15523b609b545587a028a2bdd03 virtio-net: stop/start bh when appropriate is incomplete: BH might execute within the same main loop iteration but after vmstop, so in theory, we might trigger an assertion. I was unable to reproduce this in practice, but it seems clear enough that the potential is there, so worth fixing. Cc: qemu-stable@nongnu.org Reported-by: Stefan Hajnoczi <stefanha@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
* virtio-net: use virtio wrappers to access headersRusty Russell2014-06-291-14/+17
| | | | | | | | | | | Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> Reviewed-by: Anthony Liguori <aliguori@us.ibm.com> [ pass VirtIODevice * to memory accessors, converted new tswap locations to virtio_tswap, Greg Kurz <gkurz@linux.vnet.ibm.com> ] Signed-off-by: Greg Kurz <gkurz@linux.vnet.ibm.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
* virtio-net: implement per-device migration callsGreg Kurz2014-06-291-6/+16
| | | | | | | Signed-off-by: Greg Kurz <gkurz@linux.vnet.ibm.com> Reviewed-by: Alexander Graf <agraf@suse.de> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
* virtio: introduce device specific migration callsGreg Kurz2014-06-291-1/+1
| | | | | | | | | | | | | In order to migrate virtio subsections, they should be streamed after the device itself. We need the device specific code to be called from the common migration code to achieve this. This patch introduces load and save methods for this purpose. Suggested-by: Andreas Färber <afaerber@suse.de> Signed-off-by: Greg Kurz <gkurz@linux.vnet.ibm.com> Reviewed-by: Alexander Graf <agraf@suse.de> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
* virtio-net: byteswap virtio-net headerCédric Le Goater2014-06-291-0/+17
| | | | | | | | | | | | | | | | | | | | | | TCP connectivity fails when the guest has a different endianness. The packets are silently dropped on the host by the tap backend when they are read from user space because the endianness of the virtio-net header is in the wrong order. These lines may appear in the guest console: [ 454.709327] skbuff: bad partial csum: csum=8704/4096 len=74 [ 455.702554] skbuff: bad partial csum: csum=8704/4096 len=74 The issue that got first spotted with a ppc64le PowerKVM guest, but it also exists for the less common case of a x86_64 guest run by a big-endian ppc64 TCG hypervisor. Signed-off-by: Cédric Le Goater <clg@fr.ibm.com> [ Ported from PowerKVM, Greg Kurz <gkurz@linux.vnet.ibm.com> ] Signed-off-by: Greg Kurz <gkurz@linux.vnet.ibm.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
* net: move queue number into NICPeersJiri Pirko2014-06-271-1/+1
| | | | | | | | | It indicates the number of elements in ncs field and makes sense to have int inside NICPeers. Also in parse_netdev we do not need to access container and work with NICPeers only. Signed-off-by: Jiri Pirko <jiri@resnulli.us> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
* qapi event: convert NIC_RX_FILTER_CHANGEDWenchao Xia2014-06-231-10/+3Star
| | | | | | | | | | Param name is declared as optional, since in code it is an optional one. Signed-off-by: Wenchao Xia <wenchaoqemu@gmail.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
* Refactor virtio-net to use generic get_vhost_netNikolay Nikolaev2014-06-191-21/+8Star
| | | | | | | | | | This decouples virtio-net from the TAP netdev backend and allows support for other backends to be implemented. Signed-off-by: Antonios Motakis <a.motakis@virtualopensystems.com> Signed-off-by: Nikolay Nikolaev <n.nikolaev@virtualopensystems.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
* virtio-net: announce self by guestJason Wang2014-06-191-0/+42
| | | | | | | | | | | | | | | | | | | | | | | | | It's hard to track all mac addresses and their configurations (e.g vlan or ipv6) in qemu. Without this information, it's impossible to build proper garp packet after migration. The only possible solution to this is let guest (who knows all configurations) to do this. So, this patch introduces a new readonly config status bit of virtio-net, VIRTIO_NET_S_ANNOUNCE which is used to notify guest to announce presence of its link through config update interrupt.When guest has done the announcement, it should ack the notification through VIRTIO_NET_CTRL_ANNOUNCE_ACK cmd. This feature is negotiated by a new feature bit VIRTIO_NET_F_ANNOUNCE (which has already been supported by Linux guest). During load, a counter of announcing rounds is set so that after the vm is running it can trigger rounds of config interrupts to notify the guest to build and send the correct garps. Cc: Liuyongan <liuyongan@huawei.com> Cc: Amos Kong <akong@redhat.com> Signed-off-by: Jason Wang <jasowang@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
* virtio: Drop superfluous conditionals around g_strdup()Markus Armbruster2014-06-191-6/+1Star
| | | | | | | Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com>
* virtio: Drop superfluous conditionals around g_free()Markus Armbruster2014-06-191-16/+8Star
| | | | | | | Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com>
* virtio-net: out-of-bounds buffer write on loadMichael S. Tsirkin2014-05-051-4/+11
| | | | | | | | | | | | | | | | | | | | | | CVE-2013-4149 QEMU 1.3.0 out-of-bounds buffer write in virtio_net_load()@hw/net/virtio-net.c > } else if (n->mac_table.in_use) { > uint8_t *buf = g_malloc0(n->mac_table.in_use); We are allocating buffer of size n->mac_table.in_use > qemu_get_buffer(f, buf, n->mac_table.in_use * ETH_ALEN); and read to the n->mac_table.in_use size buffer n->mac_table.in_use * ETH_ALEN bytes, corrupting memory. If adversary controls state then memory written there is controlled by adversary. Reviewed-by: Michael Roth <mdroth@linux.vnet.ibm.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Juan Quintela <quintela@redhat.com>
* virtio-net: out-of-bounds buffer write on invalid state loadMichael S. Tsirkin2014-05-051-0/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | CVE-2013-4150 QEMU 1.5.0 out-of-bounds buffer write in virtio_net_load()@hw/net/virtio-net.c This code is in hw/net/virtio-net.c: if (n->max_queues > 1) { if (n->max_queues != qemu_get_be16(f)) { error_report("virtio-net: different max_queues "); return -1; } n->curr_queues = qemu_get_be16(f); for (i = 1; i < n->curr_queues; i++) { n->vqs[i].tx_waiting = qemu_get_be32(f); } } Number of vqs is max_queues, so if we get invalid input here, for example if max_queues = 2, curr_queues = 3, we get write beyond end of the buffer, with data that comes from wire. This might be used to corrupt qemu memory in hard to predict ways. Since we have lots of function pointers around, RCE might be possible. Signed-off-by: Michael S. Tsirkin <mst@redhat.com> Acked-by: Jason Wang <jasowang@redhat.com> Reviewed-by: Michael Roth <mdroth@linux.vnet.ibm.com> Signed-off-by: Juan Quintela <quintela@redhat.com>
* virtio-net: fix guest-triggerable buffer overrunMichael S. Tsirkin2014-04-111-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | When VM guest programs multicast addresses for a virtio net card, it supplies a 32 bit entries counter for the number of addresses. These addresses are read into tail portion of a fixed macs array which has size MAC_TABLE_ENTRIES, at offset equal to in_use. To avoid overflow of this array by guest, qemu attempts to test the size as follows: - if (in_use + mac_data.entries <= MAC_TABLE_ENTRIES) { however, as mac_data.entries is uint32_t, this sum can overflow, e.g. if in_use is 1 and mac_data.entries is 0xffffffff then in_use + mac_data.entries will be 0. Qemu will then read guest supplied buffer into this memory, overflowing buffer on heap. CVE-2014-0150 Cc: qemu-stable@nongnu.org Signed-off-by: Michael S. Tsirkin <mst@redhat.com> Message-id: 1397218574-25058-1-git-send-email-mst@redhat.com Reviewed-by: Michael Tokarev <mjt@tls.msk.ru> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
* virtio-net: add vlan receive state to RxFilterInfoAmos Kong2014-03-261-13/+29
| | | | | | | | | | | | | | | | | | | Stefan Fritsch just fixed a virtio-net driver bug [1], virtio-net won't filter out VLAN-tagged packets if VIRTIO_NET_F_CTRL_VLAN isn't negotiated. This patch added a new field to @RxFilterInfo to indicate vlan receive state ('normal', 'none', 'all'). If VIRTIO_NET_F_CTRL_VLAN isn't negotiated, vlan receive state will be 'all', then all VLAN-tagged packets will be received by guest. This patch also fixed a boundary issue in visiting vlan table. [1] http://lists.nongnu.org/archive/html/qemu-devel/2014-02/msg02604.html Signed-off-by: Amos Kong <akong@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com>
* virtio-net: Do not filter VLANs without F_CTRL_VLANStefan Fritsch2014-03-261-0/+6
| | | | | | | | | | | | | If VIRTIO_NET_F_CTRL_VLAN is not negotiated, do not filter out all VLAN-tagged packets but send them to the guest. This fixes VLANs with OpenBSD guests (and probably NetBSD, too, because the OpenBSD driver started as a port from NetBSD). Signed-off-by: Stefan Fritsch <sf@sfritsch.de> Signed-off-by: Amos Kong <akong@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
* virtio-net: remove function calls from assertJoel Stanley2014-03-091-2/+5
| | | | | | | | | | peer_{de,at}tach were called from inside assert(). We don't support building without NDEBUG but it's not tidy. Rearrange to attach peer outside assert calls. Signed-off-by: Joel Stanley <joel@jms.id.au> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
* virtio-net: use qemu_get_queue() where possibleStefan Hajnoczi2014-02-251-1/+1
| | | | | | | qemu_get_queue() is a shorthand for qemu_get_subqueue(n->nic, 0). Use the shorthand where possible. Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
* net: remove implicit peer from offload APIStefan Hajnoczi2014-02-251-6/+6
| | | | | | | | | | | | | | | | The virtio_net offload APIs are used on the NIC's peer (i.e. the tap device). The API was defined to implicitly use nc->peer, saving the caller the trouble. This wasn't ideal because: 1. There are callers who have the peer but not the NIC. Currently they are forced to bypass the API and access peer->info->... directly. 2. The rest of the net.h API uses nc, not nc->peer, so it is inconsistent. This patch pushes nc->peer back up to callers. Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
* net: virtio-net and vmxnet3 use offloading APIVincenzo Maffione2014-02-251-10/+6Star
| | | | | | | | | | | With this patch, virtio-net and vmxnet3 frontends make use of the qemu_peer_* API for backend offloadings manipulations, instead of calling TAP-specific functions directly. We also remove the existing checks which prevent those frontends from using offloadings with backends different from TAP (e.g. netmap). Signed-off-by: Vincenzo Maffione <v.maffione@gmail.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
* Merge remote-tracking branch 'bonzini/virtio' into stagingAnthony Liguori2013-12-131-20/+16Star
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | # By Andreas Färber (18) and Paolo Bonzini (12) # Via Paolo Bonzini * bonzini/virtio: (30 commits) virtio: Convert exit to unrealize virtio: Complete converting VirtioDevice to QOM realize virtio-scsi: Convert to QOM realize virtio-rng: Convert to QOM realize virtio-balloon: Convert to QOM realize virtio-net: Convert to QOM realize virtio-serial: Convert to QOM realize virtio-blk: Convert to QOM realize virtio-9p: Convert to QOM realize virtio: Start converting VirtioDevice to QOM realize virtio-scsi: QOM realize preparations virtio-rng: QOM realize preparations virtio-balloon: QOM realize preparations virtio-net: QOM realize preparations virtio-serial: QOM realize preparations virtio-blk: QOM realize preparations virtio-9p: QOM realize preparations virtio-blk-dataplane: Improve error reporting virtio-pci: add device_unplugged callback virtio-rng: switch exit callback to VirtioDeviceClass ...