From 4b52d63249a508dd927222ffac1a868d38681fc5 Mon Sep 17 00:00:00 2001 From: Akihiko Odaki Date: Sun, 28 Apr 2024 16:00:45 +0900 Subject: tap: Remove qemu_using_vnet_hdr() Since qemu_set_vnet_hdr_len() is always called when qemu_using_vnet_hdr() is called, we can merge them and save some code. For consistency, express that the virtio-net header is not in use by returning 0 with qemu_get_vnet_hdr_len() instead of having a dedicated function, qemu_get_using_vnet_hdr(). Signed-off-by: Akihiko Odaki Signed-off-by: Jason Wang --- hw/net/virtio-net.c | 3 --- 1 file changed, 3 deletions(-) (limited to 'hw/net/virtio-net.c') diff --git a/hw/net/virtio-net.c b/hw/net/virtio-net.c index 24e5e7d347..ff600b3002 100644 --- a/hw/net/virtio-net.c +++ b/hw/net/virtio-net.c @@ -3778,9 +3778,6 @@ static void virtio_net_device_realize(DeviceState *dev, Error **errp) peer_test_vnet_hdr(n); if (peer_has_vnet_hdr(n)) { - for (i = 0; i < n->max_queue_pairs; i++) { - qemu_using_vnet_hdr(qemu_get_subqueue(n->nic, i)->peer, true); - } n->host_hdr_len = sizeof(struct virtio_net_hdr); } else { n->host_hdr_len = 0; -- cgit 1.4.1 From 283be5966eb7ec18fda3e95c979be620dfb8c72a Mon Sep 17 00:00:00 2001 From: Akihiko Odaki Date: Sun, 28 Apr 2024 16:00:50 +0900 Subject: virtio-net: Do not propagate ebpf-rss-fds errors Propagating ebpf-rss-fds errors has several problems. First, it makes device realization fail and disables the fallback to the conventional eBPF loading. Second, it leaks memory by making device realization fail without freeing memory already allocated. Third, the convention is to set an error when a function returns false, but virtio_net_load_ebpf_fds() and virtio_net_load_ebpf() returns false without setting an error, which is confusing. Remove the propagation to fix these problems. Fixes: 0524ea0510a3 ("ebpf: Added eBPF initialization by fds.") Signed-off-by: Akihiko Odaki Signed-off-by: Jason Wang --- hw/net/virtio-net.c | 23 ++++++++++------------- 1 file changed, 10 insertions(+), 13 deletions(-) (limited to 'hw/net/virtio-net.c') diff --git a/hw/net/virtio-net.c b/hw/net/virtio-net.c index ff600b3002..3cee2ef3ac 100644 --- a/hw/net/virtio-net.c +++ b/hw/net/virtio-net.c @@ -1329,24 +1329,22 @@ static void virtio_net_detach_epbf_rss(VirtIONet *n) virtio_net_attach_ebpf_to_backend(n->nic, -1); } -static bool virtio_net_load_ebpf_fds(VirtIONet *n, Error **errp) +static bool virtio_net_load_ebpf_fds(VirtIONet *n) { int fds[EBPF_RSS_MAX_FDS] = { [0 ... EBPF_RSS_MAX_FDS - 1] = -1}; int ret = true; int i = 0; - ERRP_GUARD(); - if (n->nr_ebpf_rss_fds != EBPF_RSS_MAX_FDS) { - error_setg(errp, - "Expected %d file descriptors but got %d", - EBPF_RSS_MAX_FDS, n->nr_ebpf_rss_fds); + warn_report("Expected %d file descriptors but got %d", + EBPF_RSS_MAX_FDS, n->nr_ebpf_rss_fds); return false; } for (i = 0; i < n->nr_ebpf_rss_fds; i++) { - fds[i] = monitor_fd_param(monitor_cur(), n->ebpf_rss_fds[i], errp); - if (*errp) { + fds[i] = monitor_fd_param(monitor_cur(), n->ebpf_rss_fds[i], + &error_warn); + if (fds[i] < 0) { ret = false; goto exit; } @@ -1355,7 +1353,7 @@ static bool virtio_net_load_ebpf_fds(VirtIONet *n, Error **errp) ret = ebpf_rss_load_fds(&n->ebpf_rss, fds[0], fds[1], fds[2], fds[3]); exit: - if (!ret || *errp) { + if (!ret) { for (i = 0; i < n->nr_ebpf_rss_fds && fds[i] != -1; i++) { close(fds[i]); } @@ -1364,13 +1362,12 @@ exit: return ret; } -static bool virtio_net_load_ebpf(VirtIONet *n, Error **errp) +static bool virtio_net_load_ebpf(VirtIONet *n) { bool ret = false; if (virtio_net_attach_ebpf_to_backend(n->nic, -1)) { - if (!(n->ebpf_rss_fds - && virtio_net_load_ebpf_fds(n, errp))) { + if (!(n->ebpf_rss_fds && virtio_net_load_ebpf_fds(n))) { ret = ebpf_rss_load(&n->ebpf_rss); } } @@ -3809,7 +3806,7 @@ static void virtio_net_device_realize(DeviceState *dev, Error **errp) net_rx_pkt_init(&n->rx_pkt); if (virtio_has_feature(n->host_features, VIRTIO_NET_F_RSS)) { - virtio_net_load_ebpf(n, errp); + virtio_net_load_ebpf(n); } } -- cgit 1.4.1 From 8c49756825dab430b17648637735c2736d23f778 Mon Sep 17 00:00:00 2001 From: Akihiko Odaki Date: Sun, 28 Apr 2024 16:00:51 +0900 Subject: virtio-net: Add only one queue pair when realizing Multiqueue usage is not negotiated yet when realizing. If more than one queue is added and the guest never requests to enable multiqueue, the extra queues will not be deleted when unrealizing and leak. Fixes: f9d6dbf0bf6e ("virtio-net: remove virtio queues if the guest doesn't support multiqueue") Signed-off-by: Akihiko Odaki Signed-off-by: Jason Wang --- hw/net/virtio-net.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) (limited to 'hw/net/virtio-net.c') diff --git a/hw/net/virtio-net.c b/hw/net/virtio-net.c index 3cee2ef3ac..a8db8bfd9c 100644 --- a/hw/net/virtio-net.c +++ b/hw/net/virtio-net.c @@ -3743,9 +3743,7 @@ static void virtio_net_device_realize(DeviceState *dev, Error **errp) n->net_conf.tx_queue_size = MIN(virtio_net_max_tx_queue_size(n), n->net_conf.tx_queue_size); - for (i = 0; i < n->max_queue_pairs; i++) { - virtio_net_add_queue(n, i); - } + virtio_net_add_queue(n, 0); n->ctrl_vq = virtio_add_queue(vdev, 64, virtio_net_handle_ctrl); qemu_macaddr_default_if_unset(&n->nic_conf.macaddr); -- cgit 1.4.1 From ad57f700f469ba1b621274053973f76f8f97cf83 Mon Sep 17 00:00:00 2001 From: Akihiko Odaki Date: Sun, 28 Apr 2024 16:00:52 +0900 Subject: virtio-net: Copy header only when necessary The copied header is only used for byte swapping. Signed-off-by: Akihiko Odaki Signed-off-by: Jason Wang --- hw/net/virtio-net.c | 26 ++++++++++++-------------- 1 file changed, 12 insertions(+), 14 deletions(-) (limited to 'hw/net/virtio-net.c') diff --git a/hw/net/virtio-net.c b/hw/net/virtio-net.c index a8db8bfd9c..13a17a1e5a 100644 --- a/hw/net/virtio-net.c +++ b/hw/net/virtio-net.c @@ -360,7 +360,8 @@ static void virtio_net_vnet_endian_status(VirtIONet *n, uint8_t status) * can't do it, we fallback onto fixing the headers in the core * virtio-net code. */ - n->needs_vnet_hdr_swap = virtio_net_set_vnet_endian(vdev, n->nic->ncs, + n->needs_vnet_hdr_swap = n->has_vnet_hdr && + virtio_net_set_vnet_endian(vdev, n->nic->ncs, queue_pairs, true); } else if (virtio_net_started(n, vdev->status)) { /* After using the device, we need to reset the network backend to @@ -2751,7 +2752,7 @@ static int32_t virtio_net_flush_tx(VirtIONetQueue *q) return -EINVAL; } - if (n->has_vnet_hdr) { + if (n->needs_vnet_hdr_swap) { if (iov_to_buf(out_sg, out_num, 0, &vhdr, n->guest_hdr_len) < n->guest_hdr_len) { virtio_error(vdev, "virtio-net header incorrect"); @@ -2759,19 +2760,16 @@ static int32_t virtio_net_flush_tx(VirtIONetQueue *q) g_free(elem); return -EINVAL; } - if (n->needs_vnet_hdr_swap) { - virtio_net_hdr_swap(vdev, (void *) &vhdr); - sg2[0].iov_base = &vhdr; - sg2[0].iov_len = n->guest_hdr_len; - out_num = iov_copy(&sg2[1], ARRAY_SIZE(sg2) - 1, - out_sg, out_num, - n->guest_hdr_len, -1); - if (out_num == VIRTQUEUE_MAX_SIZE) { - goto drop; - } - out_num += 1; - out_sg = sg2; + virtio_net_hdr_swap(vdev, (void *) &vhdr); + sg2[0].iov_base = &vhdr; + sg2[0].iov_len = n->guest_hdr_len; + out_num = iov_copy(&sg2[1], ARRAY_SIZE(sg2) - 1, out_sg, out_num, + n->guest_hdr_len, -1); + if (out_num == VIRTQUEUE_MAX_SIZE) { + goto drop; } + out_num += 1; + out_sg = sg2; } /* * If host wants to see the guest header as is, we can -- cgit 1.4.1 From 942f420e5cef8cba5daffd6827e6e55e2d17de76 Mon Sep 17 00:00:00 2001 From: Akihiko Odaki Date: Sun, 28 Apr 2024 16:00:53 +0900 Subject: virtio-net: Shrink header byte swapping buffer Byte swapping is only performed for the part of header shared with the legacy standard and the buffer only needs to cover it. Signed-off-by: Akihiko Odaki Signed-off-by: Jason Wang --- hw/net/virtio-net.c | 17 ++++++----------- 1 file changed, 6 insertions(+), 11 deletions(-) (limited to 'hw/net/virtio-net.c') diff --git a/hw/net/virtio-net.c b/hw/net/virtio-net.c index 13a17a1e5a..dabfa6e7d7 100644 --- a/hw/net/virtio-net.c +++ b/hw/net/virtio-net.c @@ -676,11 +676,6 @@ static void virtio_net_set_mrg_rx_bufs(VirtIONet *n, int mergeable_rx_bufs, n->mergeable_rx_bufs = mergeable_rx_bufs; - /* - * Note: when extending the vnet header, please make sure to - * change the vnet header copying logic in virtio_net_flush_tx() - * as well. - */ if (version_1) { n->guest_hdr_len = hash_report ? sizeof(struct virtio_net_hdr_v1_hash) : @@ -2736,7 +2731,7 @@ static int32_t virtio_net_flush_tx(VirtIONetQueue *q) ssize_t ret; unsigned int out_num; struct iovec sg[VIRTQUEUE_MAX_SIZE], sg2[VIRTQUEUE_MAX_SIZE + 1], *out_sg; - struct virtio_net_hdr_v1_hash vhdr; + struct virtio_net_hdr vhdr; elem = virtqueue_pop(q->tx_vq, sizeof(VirtQueueElement)); if (!elem) { @@ -2753,18 +2748,18 @@ static int32_t virtio_net_flush_tx(VirtIONetQueue *q) } if (n->needs_vnet_hdr_swap) { - if (iov_to_buf(out_sg, out_num, 0, &vhdr, n->guest_hdr_len) < - n->guest_hdr_len) { + if (iov_to_buf(out_sg, out_num, 0, &vhdr, sizeof(vhdr)) < + sizeof(vhdr)) { virtio_error(vdev, "virtio-net header incorrect"); virtqueue_detach_element(q->tx_vq, elem, 0); g_free(elem); return -EINVAL; } - virtio_net_hdr_swap(vdev, (void *) &vhdr); + virtio_net_hdr_swap(vdev, &vhdr); sg2[0].iov_base = &vhdr; - sg2[0].iov_len = n->guest_hdr_len; + sg2[0].iov_len = sizeof(vhdr); out_num = iov_copy(&sg2[1], ARRAY_SIZE(sg2) - 1, out_sg, out_num, - n->guest_hdr_len, -1); + sizeof(vhdr), -1); if (out_num == VIRTQUEUE_MAX_SIZE) { goto drop; } -- cgit 1.4.1 From cef776c03a24576c5913f7e4427b133766531744 Mon Sep 17 00:00:00 2001 From: Akihiko Odaki Date: Sun, 28 Apr 2024 16:00:54 +0900 Subject: virtio-net: Disable RSS on reset RSS is disabled by default. Fixes: 590790297c ("virtio-net: implement RSS configuration command") Signed-off-by: Akihiko Odaki Reviewed-by: Michael Tokarev Signed-off-by: Jason Wang --- hw/net/virtio-net.c | 70 +++++++++++++++++++++++++++-------------------------- 1 file changed, 36 insertions(+), 34 deletions(-) (limited to 'hw/net/virtio-net.c') diff --git a/hw/net/virtio-net.c b/hw/net/virtio-net.c index dabfa6e7d7..345ef9a8fd 100644 --- a/hw/net/virtio-net.c +++ b/hw/net/virtio-net.c @@ -600,40 +600,6 @@ static void virtio_net_queue_enable(VirtIODevice *vdev, uint32_t queue_index) } } -static void virtio_net_reset(VirtIODevice *vdev) -{ - VirtIONet *n = VIRTIO_NET(vdev); - int i; - - /* Reset back to compatibility mode */ - n->promisc = 1; - n->allmulti = 0; - n->alluni = 0; - n->nomulti = 0; - n->nouni = 0; - n->nobcast = 0; - /* multiqueue is disabled by default */ - n->curr_queue_pairs = 1; - timer_del(n->announce_timer.tm); - n->announce_timer.round = 0; - n->status &= ~VIRTIO_NET_S_ANNOUNCE; - - /* Flush any MAC and VLAN filter table state */ - n->mac_table.in_use = 0; - n->mac_table.first_multi = 0; - n->mac_table.multi_overflow = 0; - n->mac_table.uni_overflow = 0; - memset(n->mac_table.macs, 0, MAC_TABLE_ENTRIES * ETH_ALEN); - memcpy(&n->mac[0], &n->nic->conf->macaddr, sizeof(n->mac)); - qemu_format_nic_info_str(qemu_get_queue(n->nic), n->mac); - memset(n->vlans, 0, MAX_VLAN >> 3); - - /* Flush any async TX */ - for (i = 0; i < n->max_queue_pairs; i++) { - flush_or_purge_queued_packets(qemu_get_subqueue(n->nic, i)); - } -} - static void peer_test_vnet_hdr(VirtIONet *n) { NetClientState *nc = qemu_get_queue(n->nic); @@ -3845,6 +3811,42 @@ static void virtio_net_device_unrealize(DeviceState *dev) virtio_cleanup(vdev); } +static void virtio_net_reset(VirtIODevice *vdev) +{ + VirtIONet *n = VIRTIO_NET(vdev); + int i; + + /* Reset back to compatibility mode */ + n->promisc = 1; + n->allmulti = 0; + n->alluni = 0; + n->nomulti = 0; + n->nouni = 0; + n->nobcast = 0; + /* multiqueue is disabled by default */ + n->curr_queue_pairs = 1; + timer_del(n->announce_timer.tm); + n->announce_timer.round = 0; + n->status &= ~VIRTIO_NET_S_ANNOUNCE; + + /* Flush any MAC and VLAN filter table state */ + n->mac_table.in_use = 0; + n->mac_table.first_multi = 0; + n->mac_table.multi_overflow = 0; + n->mac_table.uni_overflow = 0; + memset(n->mac_table.macs, 0, MAC_TABLE_ENTRIES * ETH_ALEN); + memcpy(&n->mac[0], &n->nic->conf->macaddr, sizeof(n->mac)); + qemu_format_nic_info_str(qemu_get_queue(n->nic), n->mac); + memset(n->vlans, 0, MAX_VLAN >> 3); + + /* Flush any async TX */ + for (i = 0; i < n->max_queue_pairs; i++) { + flush_or_purge_queued_packets(qemu_get_subqueue(n->nic, i)); + } + + virtio_net_disable_rss(n); +} + static void virtio_net_instance_init(Object *obj) { VirtIONet *n = VIRTIO_NET(obj); -- cgit 1.4.1 From 0e07198ea3d899b0e7946b1a3d2a439d53415289 Mon Sep 17 00:00:00 2001 From: Akihiko Odaki Date: Sun, 28 Apr 2024 16:00:55 +0900 Subject: virtio-net: Unify the logic to update NIC state for RSS The code to attach or detach the eBPF program to RSS were duplicated so unify them into one function to save some code. Signed-off-by: Akihiko Odaki Signed-off-by: Jason Wang --- hw/net/virtio-net.c | 90 +++++++++++++++++++++-------------------------------- 1 file changed, 36 insertions(+), 54 deletions(-) (limited to 'hw/net/virtio-net.c') diff --git a/hw/net/virtio-net.c b/hw/net/virtio-net.c index 345ef9a8fd..8464eb4082 100644 --- a/hw/net/virtio-net.c +++ b/hw/net/virtio-net.c @@ -1232,18 +1232,6 @@ static int virtio_net_handle_announce(VirtIONet *n, uint8_t cmd, } } -static void virtio_net_detach_epbf_rss(VirtIONet *n); - -static void virtio_net_disable_rss(VirtIONet *n) -{ - if (n->rss_data.enabled) { - trace_virtio_net_rss_disable(); - } - n->rss_data.enabled = false; - - virtio_net_detach_epbf_rss(n); -} - static bool virtio_net_attach_ebpf_to_backend(NICState *nic, int prog_fd) { NetClientState *nc = qemu_get_peer(qemu_get_queue(nic), 0); @@ -1291,6 +1279,40 @@ static void virtio_net_detach_epbf_rss(VirtIONet *n) virtio_net_attach_ebpf_to_backend(n->nic, -1); } +static void virtio_net_commit_rss_config(VirtIONet *n) +{ + if (n->rss_data.enabled) { + n->rss_data.enabled_software_rss = n->rss_data.populate_hash; + if (n->rss_data.populate_hash) { + virtio_net_detach_epbf_rss(n); + } else if (!virtio_net_attach_epbf_rss(n)) { + if (get_vhost_net(qemu_get_queue(n->nic)->peer)) { + warn_report("Can't load eBPF RSS for vhost"); + } else { + warn_report("Can't load eBPF RSS - fallback to software RSS"); + n->rss_data.enabled_software_rss = true; + } + } + + trace_virtio_net_rss_enable(n->rss_data.hash_types, + n->rss_data.indirections_len, + sizeof(n->rss_data.key)); + } else { + virtio_net_detach_epbf_rss(n); + trace_virtio_net_rss_disable(); + } +} + +static void virtio_net_disable_rss(VirtIONet *n) +{ + if (!n->rss_data.enabled) { + return; + } + + n->rss_data.enabled = false; + virtio_net_commit_rss_config(n); +} + static bool virtio_net_load_ebpf_fds(VirtIONet *n) { int fds[EBPF_RSS_MAX_FDS] = { [0 ... EBPF_RSS_MAX_FDS - 1] = -1}; @@ -1455,28 +1477,7 @@ static uint16_t virtio_net_handle_rss(VirtIONet *n, goto error; } n->rss_data.enabled = true; - - if (!n->rss_data.populate_hash) { - if (!virtio_net_attach_epbf_rss(n)) { - /* EBPF must be loaded for vhost */ - if (get_vhost_net(qemu_get_queue(n->nic)->peer)) { - warn_report("Can't load eBPF RSS for vhost"); - goto error; - } - /* fallback to software RSS */ - warn_report("Can't load eBPF RSS - fallback to software RSS"); - n->rss_data.enabled_software_rss = true; - } - } else { - /* use software RSS for hash populating */ - /* and detach eBPF if was loaded before */ - virtio_net_detach_epbf_rss(n); - n->rss_data.enabled_software_rss = true; - } - - trace_virtio_net_rss_enable(n->rss_data.hash_types, - n->rss_data.indirections_len, - temp.b); + virtio_net_commit_rss_config(n); return queue_pairs; error: trace_virtio_net_rss_error(err_msg, err_value); @@ -3076,26 +3077,7 @@ static int virtio_net_post_load_device(void *opaque, int version_id) } } - if (n->rss_data.enabled) { - n->rss_data.enabled_software_rss = n->rss_data.populate_hash; - if (!n->rss_data.populate_hash) { - if (!virtio_net_attach_epbf_rss(n)) { - if (get_vhost_net(qemu_get_queue(n->nic)->peer)) { - warn_report("Can't post-load eBPF RSS for vhost"); - } else { - warn_report("Can't post-load eBPF RSS - " - "fallback to software RSS"); - n->rss_data.enabled_software_rss = true; - } - } - } - - trace_virtio_net_rss_enable(n->rss_data.hash_types, - n->rss_data.indirections_len, - sizeof(n->rss_data.key)); - } else { - trace_virtio_net_rss_disable(); - } + virtio_net_commit_rss_config(n); return 0; } -- cgit 1.4.1 From 13d40aa88bdc3eed480a4a4156dc0b84e06d3da7 Mon Sep 17 00:00:00 2001 From: Akihiko Odaki Date: Sun, 28 Apr 2024 16:00:56 +0900 Subject: virtio-net: Always set populate_hash The member is not cleared during reset so may have a stale value. Signed-off-by: Akihiko Odaki Signed-off-by: Jason Wang --- hw/net/virtio-net.c | 1 + 1 file changed, 1 insertion(+) (limited to 'hw/net/virtio-net.c') diff --git a/hw/net/virtio-net.c b/hw/net/virtio-net.c index 8464eb4082..b423169a48 100644 --- a/hw/net/virtio-net.c +++ b/hw/net/virtio-net.c @@ -651,6 +651,7 @@ static void virtio_net_set_mrg_rx_bufs(VirtIONet *n, int mergeable_rx_bufs, n->guest_hdr_len = n->mergeable_rx_bufs ? sizeof(struct virtio_net_hdr_mrg_rxbuf) : sizeof(struct virtio_net_hdr); + n->rss_data.populate_hash = false; } for (i = 0; i < n->max_queue_pairs; i++) { -- cgit 1.4.1 From a4c960eedcd2c68ff784fb4d4cb8ddd5bff8814f Mon Sep 17 00:00:00 2001 From: Akihiko Odaki Date: Sun, 28 Apr 2024 16:00:57 +0900 Subject: virtio-net: Do not write hashes to peer buffer The peer buffer is qualified with const and not meant to be modified. Signed-off-by: Akihiko Odaki Signed-off-by: Jason Wang --- hw/net/virtio-net.c | 36 +++++++++++++++++------------------- 1 file changed, 17 insertions(+), 19 deletions(-) (limited to 'hw/net/virtio-net.c') diff --git a/hw/net/virtio-net.c b/hw/net/virtio-net.c index b423169a48..666a4e2a03 100644 --- a/hw/net/virtio-net.c +++ b/hw/net/virtio-net.c @@ -1830,16 +1830,9 @@ static uint8_t virtio_net_get_hash_type(bool hasip4, return 0xff; } -static void virtio_set_packet_hash(const uint8_t *buf, uint8_t report, - uint32_t hash) -{ - struct virtio_net_hdr_v1_hash *hdr = (void *)buf; - hdr->hash_value = hash; - hdr->hash_report = report; -} - static int virtio_net_process_rss(NetClientState *nc, const uint8_t *buf, - size_t size) + size_t size, + struct virtio_net_hdr_v1_hash *hdr) { VirtIONet *n = qemu_get_nic_opaque(nc); unsigned int index = nc->queue_index, new_index = index; @@ -1870,7 +1863,8 @@ static int virtio_net_process_rss(NetClientState *nc, const uint8_t *buf, n->rss_data.hash_types); if (net_hash_type > NetPktRssIpV6UdpEx) { if (n->rss_data.populate_hash) { - virtio_set_packet_hash(buf, VIRTIO_NET_HASH_REPORT_NONE, 0); + hdr->hash_value = VIRTIO_NET_HASH_REPORT_NONE; + hdr->hash_report = 0; } return n->rss_data.redirect ? n->rss_data.default_queue : -1; } @@ -1878,7 +1872,8 @@ static int virtio_net_process_rss(NetClientState *nc, const uint8_t *buf, hash = net_rx_pkt_calc_rss_hash(pkt, net_hash_type, n->rss_data.key); if (n->rss_data.populate_hash) { - virtio_set_packet_hash(buf, reports[net_hash_type], hash); + hdr->hash_value = hash; + hdr->hash_report = reports[net_hash_type]; } if (n->rss_data.redirect) { @@ -1898,7 +1893,7 @@ static ssize_t virtio_net_receive_rcu(NetClientState *nc, const uint8_t *buf, VirtQueueElement *elems[VIRTQUEUE_MAX_SIZE]; size_t lens[VIRTQUEUE_MAX_SIZE]; struct iovec mhdr_sg[VIRTQUEUE_MAX_SIZE]; - struct virtio_net_hdr_mrg_rxbuf mhdr; + struct virtio_net_hdr_v1_hash extra_hdr; unsigned mhdr_cnt = 0; size_t offset, i, guest_offset, j; ssize_t err; @@ -1908,7 +1903,7 @@ static ssize_t virtio_net_receive_rcu(NetClientState *nc, const uint8_t *buf, } if (!no_rss && n->rss_data.enabled && n->rss_data.enabled_software_rss) { - int index = virtio_net_process_rss(nc, buf, size); + int index = virtio_net_process_rss(nc, buf, size, &extra_hdr); if (index >= 0) { NetClientState *nc2 = qemu_get_subqueue(n->nic, index); return virtio_net_receive_rcu(nc2, buf, size, true); @@ -1968,15 +1963,17 @@ static ssize_t virtio_net_receive_rcu(NetClientState *nc, const uint8_t *buf, if (n->mergeable_rx_bufs) { mhdr_cnt = iov_copy(mhdr_sg, ARRAY_SIZE(mhdr_sg), sg, elem->in_num, - offsetof(typeof(mhdr), num_buffers), - sizeof(mhdr.num_buffers)); + offsetof(typeof(extra_hdr), hdr.num_buffers), + sizeof(extra_hdr.hdr.num_buffers)); } receive_header(n, sg, elem->in_num, buf, size); if (n->rss_data.populate_hash) { - offset = sizeof(mhdr); + offset = offsetof(typeof(extra_hdr), hash_value); iov_from_buf(sg, elem->in_num, offset, - buf + offset, n->host_hdr_len - sizeof(mhdr)); + (char *)&extra_hdr + offset, + sizeof(extra_hdr.hash_value) + + sizeof(extra_hdr.hash_report)); } offset = n->host_hdr_len; total += n->guest_hdr_len; @@ -2006,10 +2003,11 @@ static ssize_t virtio_net_receive_rcu(NetClientState *nc, const uint8_t *buf, } if (mhdr_cnt) { - virtio_stw_p(vdev, &mhdr.num_buffers, i); + virtio_stw_p(vdev, &extra_hdr.hdr.num_buffers, i); iov_from_buf(mhdr_sg, mhdr_cnt, 0, - &mhdr.num_buffers, sizeof mhdr.num_buffers); + &extra_hdr.hdr.num_buffers, + sizeof extra_hdr.hdr.num_buffers); } for (j = 0; j < i; j++) { -- cgit 1.4.1 From 2c3e4e2de699cd4d9f6c71f30a22d8f125cd6164 Mon Sep 17 00:00:00 2001 From: Alexey Dobriyan Date: Tue, 30 Apr 2024 13:53:33 +0300 Subject: virtio-net: drop too short packets early Reproducer from https://gitlab.com/qemu-project/qemu/-/issues/1451 creates small packet (1 segment, len = 10 == n->guest_hdr_len), then destroys queue. "if (n->host_hdr_len != n->guest_hdr_len)" is triggered, if body creates zero length/zero segment packet as there is nothing after guest header. qemu_sendv_packet_async() tries to send it. slirp discards it because it is smaller than Ethernet header, but returns 0 because tx hooks are supposed to return total length of data. 0 is propagated upwards and is interpreted as "packet has been sent" which is terrible because queue is being destroyed, nobody is waiting for TX to complete and assert it triggered. Fix is discard such empty packets instead of sending them. Length 1 packets will go via different codepath: virtqueue_push(q->tx_vq, elem, 0); virtio_notify(vdev, q->tx_vq); g_free(elem); and aren't problematic. Signed-off-by: Alexey Dobriyan Signed-off-by: Jason Wang --- hw/net/virtio-net.c | 18 ++++++++++++------ 1 file changed, 12 insertions(+), 6 deletions(-) (limited to 'hw/net/virtio-net.c') diff --git a/hw/net/virtio-net.c b/hw/net/virtio-net.c index 666a4e2a03..9c7e85caea 100644 --- a/hw/net/virtio-net.c +++ b/hw/net/virtio-net.c @@ -2708,18 +2708,14 @@ static int32_t virtio_net_flush_tx(VirtIONetQueue *q) out_sg = elem->out_sg; if (out_num < 1) { virtio_error(vdev, "virtio-net header not in first element"); - virtqueue_detach_element(q->tx_vq, elem, 0); - g_free(elem); - return -EINVAL; + goto detach; } if (n->needs_vnet_hdr_swap) { if (iov_to_buf(out_sg, out_num, 0, &vhdr, sizeof(vhdr)) < sizeof(vhdr)) { virtio_error(vdev, "virtio-net header incorrect"); - virtqueue_detach_element(q->tx_vq, elem, 0); - g_free(elem); - return -EINVAL; + goto detach; } virtio_net_hdr_swap(vdev, &vhdr); sg2[0].iov_base = &vhdr; @@ -2747,6 +2743,11 @@ static int32_t virtio_net_flush_tx(VirtIONetQueue *q) n->guest_hdr_len, -1); out_num = sg_num; out_sg = sg; + + if (out_num < 1) { + virtio_error(vdev, "virtio-net nothing to send"); + goto detach; + } } ret = qemu_sendv_packet_async(qemu_get_subqueue(n->nic, queue_index), @@ -2767,6 +2768,11 @@ drop: } } return num_packets; + +detach: + virtqueue_detach_element(q->tx_vq, elem, 0); + g_free(elem); + return -EINVAL; } static void virtio_net_tx_timer(void *opaque); -- cgit 1.4.1