virtio-net: out-of-bounds buffer write on load
[qemu.git] / hw / net / virtio-net.c
1 /*
2 * Virtio Network Device
3 *
4 * Copyright IBM, Corp. 2007
5 *
6 * Authors:
7 * Anthony Liguori <aliguori@us.ibm.com>
8 *
9 * This work is licensed under the terms of the GNU GPL, version 2. See
10 * the COPYING file in the top-level directory.
11 *
12 */
13
14 #include "qemu/iov.h"
15 #include "hw/virtio/virtio.h"
16 #include "net/net.h"
17 #include "net/checksum.h"
18 #include "net/tap.h"
19 #include "qemu/error-report.h"
20 #include "qemu/timer.h"
21 #include "hw/virtio/virtio-net.h"
22 #include "net/vhost_net.h"
23 #include "hw/virtio/virtio-bus.h"
24 #include "qapi/qmp/qjson.h"
25 #include "monitor/monitor.h"
26
27 #define VIRTIO_NET_VM_VERSION 11
28
29 #define MAC_TABLE_ENTRIES 64
30 #define MAX_VLAN (1 << 12) /* Per 802.1Q definition */
31
32 /*
33 * Calculate the number of bytes up to and including the given 'field' of
34 * 'container'.
35 */
36 #define endof(container, field) \
37 (offsetof(container, field) + sizeof(((container *)0)->field))
38
39 typedef struct VirtIOFeature {
40 uint32_t flags;
41 size_t end;
42 } VirtIOFeature;
43
44 static VirtIOFeature feature_sizes[] = {
45 {.flags = 1 << VIRTIO_NET_F_MAC,
46 .end = endof(struct virtio_net_config, mac)},
47 {.flags = 1 << VIRTIO_NET_F_STATUS,
48 .end = endof(struct virtio_net_config, status)},
49 {.flags = 1 << VIRTIO_NET_F_MQ,
50 .end = endof(struct virtio_net_config, max_virtqueue_pairs)},
51 {}
52 };
53
54 static VirtIONetQueue *virtio_net_get_subqueue(NetClientState *nc)
55 {
56 VirtIONet *n = qemu_get_nic_opaque(nc);
57
58 return &n->vqs[nc->queue_index];
59 }
60
61 static int vq2q(int queue_index)
62 {
63 return queue_index / 2;
64 }
65
66 /* TODO
67 * - we could suppress RX interrupt if we were so inclined.
68 */
69
70 static void virtio_net_get_config(VirtIODevice *vdev, uint8_t *config)
71 {
72 VirtIONet *n = VIRTIO_NET(vdev);
73 struct virtio_net_config netcfg;
74
75 stw_p(&netcfg.status, n->status);
76 stw_p(&netcfg.max_virtqueue_pairs, n->max_queues);
77 memcpy(netcfg.mac, n->mac, ETH_ALEN);
78 memcpy(config, &netcfg, n->config_size);
79 }
80
81 static void virtio_net_set_config(VirtIODevice *vdev, const uint8_t *config)
82 {
83 VirtIONet *n = VIRTIO_NET(vdev);
84 struct virtio_net_config netcfg = {};
85
86 memcpy(&netcfg, config, n->config_size);
87
88 if (!(vdev->guest_features >> VIRTIO_NET_F_CTRL_MAC_ADDR & 1) &&
89 memcmp(netcfg.mac, n->mac, ETH_ALEN)) {
90 memcpy(n->mac, netcfg.mac, ETH_ALEN);
91 qemu_format_nic_info_str(qemu_get_queue(n->nic), n->mac);
92 }
93 }
94
95 static bool virtio_net_started(VirtIONet *n, uint8_t status)
96 {
97 VirtIODevice *vdev = VIRTIO_DEVICE(n);
98 return (status & VIRTIO_CONFIG_S_DRIVER_OK) &&
99 (n->status & VIRTIO_NET_S_LINK_UP) && vdev->vm_running;
100 }
101
102 static void virtio_net_vhost_status(VirtIONet *n, uint8_t status)
103 {
104 VirtIODevice *vdev = VIRTIO_DEVICE(n);
105 NetClientState *nc = qemu_get_queue(n->nic);
106 int queues = n->multiqueue ? n->max_queues : 1;
107
108 if (!nc->peer) {
109 return;
110 }
111 if (nc->peer->info->type != NET_CLIENT_OPTIONS_KIND_TAP) {
112 return;
113 }
114
115 if (!tap_get_vhost_net(nc->peer)) {
116 return;
117 }
118
119 if (!!n->vhost_started ==
120 (virtio_net_started(n, status) && !nc->peer->link_down)) {
121 return;
122 }
123 if (!n->vhost_started) {
124 int r;
125 if (!vhost_net_query(tap_get_vhost_net(nc->peer), vdev)) {
126 return;
127 }
128 n->vhost_started = 1;
129 r = vhost_net_start(vdev, n->nic->ncs, queues);
130 if (r < 0) {
131 error_report("unable to start vhost net: %d: "
132 "falling back on userspace virtio", -r);
133 n->vhost_started = 0;
134 }
135 } else {
136 vhost_net_stop(vdev, n->nic->ncs, queues);
137 n->vhost_started = 0;
138 }
139 }
140
141 static void virtio_net_set_status(struct VirtIODevice *vdev, uint8_t status)
142 {
143 VirtIONet *n = VIRTIO_NET(vdev);
144 VirtIONetQueue *q;
145 int i;
146 uint8_t queue_status;
147
148 virtio_net_vhost_status(n, status);
149
150 for (i = 0; i < n->max_queues; i++) {
151 q = &n->vqs[i];
152
153 if ((!n->multiqueue && i != 0) || i >= n->curr_queues) {
154 queue_status = 0;
155 } else {
156 queue_status = status;
157 }
158
159 if (!q->tx_waiting) {
160 continue;
161 }
162
163 if (virtio_net_started(n, queue_status) && !n->vhost_started) {
164 if (q->tx_timer) {
165 timer_mod(q->tx_timer,
166 qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL) + n->tx_timeout);
167 } else {
168 qemu_bh_schedule(q->tx_bh);
169 }
170 } else {
171 if (q->tx_timer) {
172 timer_del(q->tx_timer);
173 } else {
174 qemu_bh_cancel(q->tx_bh);
175 }
176 }
177 }
178 }
179
180 static void virtio_net_set_link_status(NetClientState *nc)
181 {
182 VirtIONet *n = qemu_get_nic_opaque(nc);
183 VirtIODevice *vdev = VIRTIO_DEVICE(n);
184 uint16_t old_status = n->status;
185
186 if (nc->link_down)
187 n->status &= ~VIRTIO_NET_S_LINK_UP;
188 else
189 n->status |= VIRTIO_NET_S_LINK_UP;
190
191 if (n->status != old_status)
192 virtio_notify_config(vdev);
193
194 virtio_net_set_status(vdev, vdev->status);
195 }
196
197 static void rxfilter_notify(NetClientState *nc)
198 {
199 QObject *event_data;
200 VirtIONet *n = qemu_get_nic_opaque(nc);
201
202 if (nc->rxfilter_notify_enabled) {
203 gchar *path = object_get_canonical_path(OBJECT(n->qdev));
204 if (n->netclient_name) {
205 event_data = qobject_from_jsonf("{ 'name': %s, 'path': %s }",
206 n->netclient_name, path);
207 } else {
208 event_data = qobject_from_jsonf("{ 'path': %s }", path);
209 }
210 monitor_protocol_event(QEVENT_NIC_RX_FILTER_CHANGED, event_data);
211 qobject_decref(event_data);
212 g_free(path);
213
214 /* disable event notification to avoid events flooding */
215 nc->rxfilter_notify_enabled = 0;
216 }
217 }
218
219 static char *mac_strdup_printf(const uint8_t *mac)
220 {
221 return g_strdup_printf("%.2x:%.2x:%.2x:%.2x:%.2x:%.2x", mac[0],
222 mac[1], mac[2], mac[3], mac[4], mac[5]);
223 }
224
225 static intList *get_vlan_table(VirtIONet *n)
226 {
227 intList *list, *entry;
228 int i, j;
229
230 list = NULL;
231 for (i = 0; i < MAX_VLAN >> 5; i++) {
232 for (j = 0; n->vlans[i] && j <= 0x1f; j++) {
233 if (n->vlans[i] & (1U << j)) {
234 entry = g_malloc0(sizeof(*entry));
235 entry->value = (i << 5) + j;
236 entry->next = list;
237 list = entry;
238 }
239 }
240 }
241
242 return list;
243 }
244
245 static RxFilterInfo *virtio_net_query_rxfilter(NetClientState *nc)
246 {
247 VirtIONet *n = qemu_get_nic_opaque(nc);
248 VirtIODevice *vdev = VIRTIO_DEVICE(n);
249 RxFilterInfo *info;
250 strList *str_list, *entry;
251 int i;
252
253 info = g_malloc0(sizeof(*info));
254 info->name = g_strdup(nc->name);
255 info->promiscuous = n->promisc;
256
257 if (n->nouni) {
258 info->unicast = RX_STATE_NONE;
259 } else if (n->alluni) {
260 info->unicast = RX_STATE_ALL;
261 } else {
262 info->unicast = RX_STATE_NORMAL;
263 }
264
265 if (n->nomulti) {
266 info->multicast = RX_STATE_NONE;
267 } else if (n->allmulti) {
268 info->multicast = RX_STATE_ALL;
269 } else {
270 info->multicast = RX_STATE_NORMAL;
271 }
272
273 info->broadcast_allowed = n->nobcast;
274 info->multicast_overflow = n->mac_table.multi_overflow;
275 info->unicast_overflow = n->mac_table.uni_overflow;
276
277 info->main_mac = mac_strdup_printf(n->mac);
278
279 str_list = NULL;
280 for (i = 0; i < n->mac_table.first_multi; i++) {
281 entry = g_malloc0(sizeof(*entry));
282 entry->value = mac_strdup_printf(n->mac_table.macs + i * ETH_ALEN);
283 entry->next = str_list;
284 str_list = entry;
285 }
286 info->unicast_table = str_list;
287
288 str_list = NULL;
289 for (i = n->mac_table.first_multi; i < n->mac_table.in_use; i++) {
290 entry = g_malloc0(sizeof(*entry));
291 entry->value = mac_strdup_printf(n->mac_table.macs + i * ETH_ALEN);
292 entry->next = str_list;
293 str_list = entry;
294 }
295 info->multicast_table = str_list;
296 info->vlan_table = get_vlan_table(n);
297
298 if (!((1 << VIRTIO_NET_F_CTRL_VLAN) & vdev->guest_features)) {
299 info->vlan = RX_STATE_ALL;
300 } else if (!info->vlan_table) {
301 info->vlan = RX_STATE_NONE;
302 } else {
303 info->vlan = RX_STATE_NORMAL;
304 }
305
306 /* enable event notification after query */
307 nc->rxfilter_notify_enabled = 1;
308
309 return info;
310 }
311
312 static void virtio_net_reset(VirtIODevice *vdev)
313 {
314 VirtIONet *n = VIRTIO_NET(vdev);
315
316 /* Reset back to compatibility mode */
317 n->promisc = 1;
318 n->allmulti = 0;
319 n->alluni = 0;
320 n->nomulti = 0;
321 n->nouni = 0;
322 n->nobcast = 0;
323 /* multiqueue is disabled by default */
324 n->curr_queues = 1;
325
326 /* Flush any MAC and VLAN filter table state */
327 n->mac_table.in_use = 0;
328 n->mac_table.first_multi = 0;
329 n->mac_table.multi_overflow = 0;
330 n->mac_table.uni_overflow = 0;
331 memset(n->mac_table.macs, 0, MAC_TABLE_ENTRIES * ETH_ALEN);
332 memcpy(&n->mac[0], &n->nic->conf->macaddr, sizeof(n->mac));
333 qemu_format_nic_info_str(qemu_get_queue(n->nic), n->mac);
334 memset(n->vlans, 0, MAX_VLAN >> 3);
335 }
336
337 static void peer_test_vnet_hdr(VirtIONet *n)
338 {
339 NetClientState *nc = qemu_get_queue(n->nic);
340 if (!nc->peer) {
341 return;
342 }
343
344 n->has_vnet_hdr = qemu_has_vnet_hdr(nc->peer);
345 }
346
347 static int peer_has_vnet_hdr(VirtIONet *n)
348 {
349 return n->has_vnet_hdr;
350 }
351
352 static int peer_has_ufo(VirtIONet *n)
353 {
354 if (!peer_has_vnet_hdr(n))
355 return 0;
356
357 n->has_ufo = qemu_has_ufo(qemu_get_queue(n->nic)->peer);
358
359 return n->has_ufo;
360 }
361
362 static void virtio_net_set_mrg_rx_bufs(VirtIONet *n, int mergeable_rx_bufs)
363 {
364 int i;
365 NetClientState *nc;
366
367 n->mergeable_rx_bufs = mergeable_rx_bufs;
368
369 n->guest_hdr_len = n->mergeable_rx_bufs ?
370 sizeof(struct virtio_net_hdr_mrg_rxbuf) : sizeof(struct virtio_net_hdr);
371
372 for (i = 0; i < n->max_queues; i++) {
373 nc = qemu_get_subqueue(n->nic, i);
374
375 if (peer_has_vnet_hdr(n) &&
376 qemu_has_vnet_hdr_len(nc->peer, n->guest_hdr_len)) {
377 qemu_set_vnet_hdr_len(nc->peer, n->guest_hdr_len);
378 n->host_hdr_len = n->guest_hdr_len;
379 }
380 }
381 }
382
383 static int peer_attach(VirtIONet *n, int index)
384 {
385 NetClientState *nc = qemu_get_subqueue(n->nic, index);
386
387 if (!nc->peer) {
388 return 0;
389 }
390
391 if (nc->peer->info->type != NET_CLIENT_OPTIONS_KIND_TAP) {
392 return 0;
393 }
394
395 return tap_enable(nc->peer);
396 }
397
398 static int peer_detach(VirtIONet *n, int index)
399 {
400 NetClientState *nc = qemu_get_subqueue(n->nic, index);
401
402 if (!nc->peer) {
403 return 0;
404 }
405
406 if (nc->peer->info->type != NET_CLIENT_OPTIONS_KIND_TAP) {
407 return 0;
408 }
409
410 return tap_disable(nc->peer);
411 }
412
413 static void virtio_net_set_queues(VirtIONet *n)
414 {
415 int i;
416 int r;
417
418 for (i = 0; i < n->max_queues; i++) {
419 if (i < n->curr_queues) {
420 r = peer_attach(n, i);
421 assert(!r);
422 } else {
423 r = peer_detach(n, i);
424 assert(!r);
425 }
426 }
427 }
428
429 static void virtio_net_set_multiqueue(VirtIONet *n, int multiqueue);
430
431 static uint32_t virtio_net_get_features(VirtIODevice *vdev, uint32_t features)
432 {
433 VirtIONet *n = VIRTIO_NET(vdev);
434 NetClientState *nc = qemu_get_queue(n->nic);
435
436 features |= (1 << VIRTIO_NET_F_MAC);
437
438 if (!peer_has_vnet_hdr(n)) {
439 features &= ~(0x1 << VIRTIO_NET_F_CSUM);
440 features &= ~(0x1 << VIRTIO_NET_F_HOST_TSO4);
441 features &= ~(0x1 << VIRTIO_NET_F_HOST_TSO6);
442 features &= ~(0x1 << VIRTIO_NET_F_HOST_ECN);
443
444 features &= ~(0x1 << VIRTIO_NET_F_GUEST_CSUM);
445 features &= ~(0x1 << VIRTIO_NET_F_GUEST_TSO4);
446 features &= ~(0x1 << VIRTIO_NET_F_GUEST_TSO6);
447 features &= ~(0x1 << VIRTIO_NET_F_GUEST_ECN);
448 }
449
450 if (!peer_has_vnet_hdr(n) || !peer_has_ufo(n)) {
451 features &= ~(0x1 << VIRTIO_NET_F_GUEST_UFO);
452 features &= ~(0x1 << VIRTIO_NET_F_HOST_UFO);
453 }
454
455 if (!nc->peer || nc->peer->info->type != NET_CLIENT_OPTIONS_KIND_TAP) {
456 return features;
457 }
458 if (!tap_get_vhost_net(nc->peer)) {
459 return features;
460 }
461 return vhost_net_get_features(tap_get_vhost_net(nc->peer), features);
462 }
463
464 static uint32_t virtio_net_bad_features(VirtIODevice *vdev)
465 {
466 uint32_t features = 0;
467
468 /* Linux kernel 2.6.25. It understood MAC (as everyone must),
469 * but also these: */
470 features |= (1 << VIRTIO_NET_F_MAC);
471 features |= (1 << VIRTIO_NET_F_CSUM);
472 features |= (1 << VIRTIO_NET_F_HOST_TSO4);
473 features |= (1 << VIRTIO_NET_F_HOST_TSO6);
474 features |= (1 << VIRTIO_NET_F_HOST_ECN);
475
476 return features;
477 }
478
479 static void virtio_net_apply_guest_offloads(VirtIONet *n)
480 {
481 qemu_set_offload(qemu_get_queue(n->nic)->peer,
482 !!(n->curr_guest_offloads & (1ULL << VIRTIO_NET_F_GUEST_CSUM)),
483 !!(n->curr_guest_offloads & (1ULL << VIRTIO_NET_F_GUEST_TSO4)),
484 !!(n->curr_guest_offloads & (1ULL << VIRTIO_NET_F_GUEST_TSO6)),
485 !!(n->curr_guest_offloads & (1ULL << VIRTIO_NET_F_GUEST_ECN)),
486 !!(n->curr_guest_offloads & (1ULL << VIRTIO_NET_F_GUEST_UFO)));
487 }
488
489 static uint64_t virtio_net_guest_offloads_by_features(uint32_t features)
490 {
491 static const uint64_t guest_offloads_mask =
492 (1ULL << VIRTIO_NET_F_GUEST_CSUM) |
493 (1ULL << VIRTIO_NET_F_GUEST_TSO4) |
494 (1ULL << VIRTIO_NET_F_GUEST_TSO6) |
495 (1ULL << VIRTIO_NET_F_GUEST_ECN) |
496 (1ULL << VIRTIO_NET_F_GUEST_UFO);
497
498 return guest_offloads_mask & features;
499 }
500
501 static inline uint64_t virtio_net_supported_guest_offloads(VirtIONet *n)
502 {
503 VirtIODevice *vdev = VIRTIO_DEVICE(n);
504 return virtio_net_guest_offloads_by_features(vdev->guest_features);
505 }
506
507 static void virtio_net_set_features(VirtIODevice *vdev, uint32_t features)
508 {
509 VirtIONet *n = VIRTIO_NET(vdev);
510 int i;
511
512 virtio_net_set_multiqueue(n, !!(features & (1 << VIRTIO_NET_F_MQ)));
513
514 virtio_net_set_mrg_rx_bufs(n, !!(features & (1 << VIRTIO_NET_F_MRG_RXBUF)));
515
516 if (n->has_vnet_hdr) {
517 n->curr_guest_offloads =
518 virtio_net_guest_offloads_by_features(features);
519 virtio_net_apply_guest_offloads(n);
520 }
521
522 for (i = 0; i < n->max_queues; i++) {
523 NetClientState *nc = qemu_get_subqueue(n->nic, i);
524
525 if (!nc->peer || nc->peer->info->type != NET_CLIENT_OPTIONS_KIND_TAP) {
526 continue;
527 }
528 if (!tap_get_vhost_net(nc->peer)) {
529 continue;
530 }
531 vhost_net_ack_features(tap_get_vhost_net(nc->peer), features);
532 }
533
534 if ((1 << VIRTIO_NET_F_CTRL_VLAN) & features) {
535 memset(n->vlans, 0, MAX_VLAN >> 3);
536 } else {
537 memset(n->vlans, 0xff, MAX_VLAN >> 3);
538 }
539 }
540
541 static int virtio_net_handle_rx_mode(VirtIONet *n, uint8_t cmd,
542 struct iovec *iov, unsigned int iov_cnt)
543 {
544 uint8_t on;
545 size_t s;
546 NetClientState *nc = qemu_get_queue(n->nic);
547
548 s = iov_to_buf(iov, iov_cnt, 0, &on, sizeof(on));
549 if (s != sizeof(on)) {
550 return VIRTIO_NET_ERR;
551 }
552
553 if (cmd == VIRTIO_NET_CTRL_RX_PROMISC) {
554 n->promisc = on;
555 } else if (cmd == VIRTIO_NET_CTRL_RX_ALLMULTI) {
556 n->allmulti = on;
557 } else if (cmd == VIRTIO_NET_CTRL_RX_ALLUNI) {
558 n->alluni = on;
559 } else if (cmd == VIRTIO_NET_CTRL_RX_NOMULTI) {
560 n->nomulti = on;
561 } else if (cmd == VIRTIO_NET_CTRL_RX_NOUNI) {
562 n->nouni = on;
563 } else if (cmd == VIRTIO_NET_CTRL_RX_NOBCAST) {
564 n->nobcast = on;
565 } else {
566 return VIRTIO_NET_ERR;
567 }
568
569 rxfilter_notify(nc);
570
571 return VIRTIO_NET_OK;
572 }
573
574 static int virtio_net_handle_offloads(VirtIONet *n, uint8_t cmd,
575 struct iovec *iov, unsigned int iov_cnt)
576 {
577 VirtIODevice *vdev = VIRTIO_DEVICE(n);
578 uint64_t offloads;
579 size_t s;
580
581 if (!((1 << VIRTIO_NET_F_CTRL_GUEST_OFFLOADS) & vdev->guest_features)) {
582 return VIRTIO_NET_ERR;
583 }
584
585 s = iov_to_buf(iov, iov_cnt, 0, &offloads, sizeof(offloads));
586 if (s != sizeof(offloads)) {
587 return VIRTIO_NET_ERR;
588 }
589
590 if (cmd == VIRTIO_NET_CTRL_GUEST_OFFLOADS_SET) {
591 uint64_t supported_offloads;
592
593 if (!n->has_vnet_hdr) {
594 return VIRTIO_NET_ERR;
595 }
596
597 supported_offloads = virtio_net_supported_guest_offloads(n);
598 if (offloads & ~supported_offloads) {
599 return VIRTIO_NET_ERR;
600 }
601
602 n->curr_guest_offloads = offloads;
603 virtio_net_apply_guest_offloads(n);
604
605 return VIRTIO_NET_OK;
606 } else {
607 return VIRTIO_NET_ERR;
608 }
609 }
610
611 static int virtio_net_handle_mac(VirtIONet *n, uint8_t cmd,
612 struct iovec *iov, unsigned int iov_cnt)
613 {
614 struct virtio_net_ctrl_mac mac_data;
615 size_t s;
616 NetClientState *nc = qemu_get_queue(n->nic);
617
618 if (cmd == VIRTIO_NET_CTRL_MAC_ADDR_SET) {
619 if (iov_size(iov, iov_cnt) != sizeof(n->mac)) {
620 return VIRTIO_NET_ERR;
621 }
622 s = iov_to_buf(iov, iov_cnt, 0, &n->mac, sizeof(n->mac));
623 assert(s == sizeof(n->mac));
624 qemu_format_nic_info_str(qemu_get_queue(n->nic), n->mac);
625 rxfilter_notify(nc);
626
627 return VIRTIO_NET_OK;
628 }
629
630 if (cmd != VIRTIO_NET_CTRL_MAC_TABLE_SET) {
631 return VIRTIO_NET_ERR;
632 }
633
634 int in_use = 0;
635 int first_multi = 0;
636 uint8_t uni_overflow = 0;
637 uint8_t multi_overflow = 0;
638 uint8_t *macs = g_malloc0(MAC_TABLE_ENTRIES * ETH_ALEN);
639
640 s = iov_to_buf(iov, iov_cnt, 0, &mac_data.entries,
641 sizeof(mac_data.entries));
642 mac_data.entries = ldl_p(&mac_data.entries);
643 if (s != sizeof(mac_data.entries)) {
644 goto error;
645 }
646 iov_discard_front(&iov, &iov_cnt, s);
647
648 if (mac_data.entries * ETH_ALEN > iov_size(iov, iov_cnt)) {
649 goto error;
650 }
651
652 if (mac_data.entries <= MAC_TABLE_ENTRIES) {
653 s = iov_to_buf(iov, iov_cnt, 0, macs,
654 mac_data.entries * ETH_ALEN);
655 if (s != mac_data.entries * ETH_ALEN) {
656 goto error;
657 }
658 in_use += mac_data.entries;
659 } else {
660 uni_overflow = 1;
661 }
662
663 iov_discard_front(&iov, &iov_cnt, mac_data.entries * ETH_ALEN);
664
665 first_multi = in_use;
666
667 s = iov_to_buf(iov, iov_cnt, 0, &mac_data.entries,
668 sizeof(mac_data.entries));
669 mac_data.entries = ldl_p(&mac_data.entries);
670 if (s != sizeof(mac_data.entries)) {
671 goto error;
672 }
673
674 iov_discard_front(&iov, &iov_cnt, s);
675
676 if (mac_data.entries * ETH_ALEN != iov_size(iov, iov_cnt)) {
677 goto error;
678 }
679
680 if (mac_data.entries <= MAC_TABLE_ENTRIES - in_use) {
681 s = iov_to_buf(iov, iov_cnt, 0, &macs[in_use * ETH_ALEN],
682 mac_data.entries * ETH_ALEN);
683 if (s != mac_data.entries * ETH_ALEN) {
684 goto error;
685 }
686 in_use += mac_data.entries;
687 } else {
688 multi_overflow = 1;
689 }
690
691 n->mac_table.in_use = in_use;
692 n->mac_table.first_multi = first_multi;
693 n->mac_table.uni_overflow = uni_overflow;
694 n->mac_table.multi_overflow = multi_overflow;
695 memcpy(n->mac_table.macs, macs, MAC_TABLE_ENTRIES * ETH_ALEN);
696 g_free(macs);
697 rxfilter_notify(nc);
698
699 return VIRTIO_NET_OK;
700
701 error:
702 g_free(macs);
703 return VIRTIO_NET_ERR;
704 }
705
706 static int virtio_net_handle_vlan_table(VirtIONet *n, uint8_t cmd,
707 struct iovec *iov, unsigned int iov_cnt)
708 {
709 uint16_t vid;
710 size_t s;
711 NetClientState *nc = qemu_get_queue(n->nic);
712
713 s = iov_to_buf(iov, iov_cnt, 0, &vid, sizeof(vid));
714 vid = lduw_p(&vid);
715 if (s != sizeof(vid)) {
716 return VIRTIO_NET_ERR;
717 }
718
719 if (vid >= MAX_VLAN)
720 return VIRTIO_NET_ERR;
721
722 if (cmd == VIRTIO_NET_CTRL_VLAN_ADD)
723 n->vlans[vid >> 5] |= (1U << (vid & 0x1f));
724 else if (cmd == VIRTIO_NET_CTRL_VLAN_DEL)
725 n->vlans[vid >> 5] &= ~(1U << (vid & 0x1f));
726 else
727 return VIRTIO_NET_ERR;
728
729 rxfilter_notify(nc);
730
731 return VIRTIO_NET_OK;
732 }
733
734 static int virtio_net_handle_mq(VirtIONet *n, uint8_t cmd,
735 struct iovec *iov, unsigned int iov_cnt)
736 {
737 VirtIODevice *vdev = VIRTIO_DEVICE(n);
738 struct virtio_net_ctrl_mq mq;
739 size_t s;
740 uint16_t queues;
741
742 s = iov_to_buf(iov, iov_cnt, 0, &mq, sizeof(mq));
743 if (s != sizeof(mq)) {
744 return VIRTIO_NET_ERR;
745 }
746
747 if (cmd != VIRTIO_NET_CTRL_MQ_VQ_PAIRS_SET) {
748 return VIRTIO_NET_ERR;
749 }
750
751 queues = lduw_p(&mq.virtqueue_pairs);
752
753 if (queues < VIRTIO_NET_CTRL_MQ_VQ_PAIRS_MIN ||
754 queues > VIRTIO_NET_CTRL_MQ_VQ_PAIRS_MAX ||
755 queues > n->max_queues ||
756 !n->multiqueue) {
757 return VIRTIO_NET_ERR;
758 }
759
760 n->curr_queues = queues;
761 /* stop the backend before changing the number of queues to avoid handling a
762 * disabled queue */
763 virtio_net_set_status(vdev, vdev->status);
764 virtio_net_set_queues(n);
765
766 return VIRTIO_NET_OK;
767 }
768 static void virtio_net_handle_ctrl(VirtIODevice *vdev, VirtQueue *vq)
769 {
770 VirtIONet *n = VIRTIO_NET(vdev);
771 struct virtio_net_ctrl_hdr ctrl;
772 virtio_net_ctrl_ack status = VIRTIO_NET_ERR;
773 VirtQueueElement elem;
774 size_t s;
775 struct iovec *iov;
776 unsigned int iov_cnt;
777
778 while (virtqueue_pop(vq, &elem)) {
779 if (iov_size(elem.in_sg, elem.in_num) < sizeof(status) ||
780 iov_size(elem.out_sg, elem.out_num) < sizeof(ctrl)) {
781 error_report("virtio-net ctrl missing headers");
782 exit(1);
783 }
784
785 iov = elem.out_sg;
786 iov_cnt = elem.out_num;
787 s = iov_to_buf(iov, iov_cnt, 0, &ctrl, sizeof(ctrl));
788 iov_discard_front(&iov, &iov_cnt, sizeof(ctrl));
789 if (s != sizeof(ctrl)) {
790 status = VIRTIO_NET_ERR;
791 } else if (ctrl.class == VIRTIO_NET_CTRL_RX) {
792 status = virtio_net_handle_rx_mode(n, ctrl.cmd, iov, iov_cnt);
793 } else if (ctrl.class == VIRTIO_NET_CTRL_MAC) {
794 status = virtio_net_handle_mac(n, ctrl.cmd, iov, iov_cnt);
795 } else if (ctrl.class == VIRTIO_NET_CTRL_VLAN) {
796 status = virtio_net_handle_vlan_table(n, ctrl.cmd, iov, iov_cnt);
797 } else if (ctrl.class == VIRTIO_NET_CTRL_MQ) {
798 status = virtio_net_handle_mq(n, ctrl.cmd, iov, iov_cnt);
799 } else if (ctrl.class == VIRTIO_NET_CTRL_GUEST_OFFLOADS) {
800 status = virtio_net_handle_offloads(n, ctrl.cmd, iov, iov_cnt);
801 }
802
803 s = iov_from_buf(elem.in_sg, elem.in_num, 0, &status, sizeof(status));
804 assert(s == sizeof(status));
805
806 virtqueue_push(vq, &elem, sizeof(status));
807 virtio_notify(vdev, vq);
808 }
809 }
810
811 /* RX */
812
813 static void virtio_net_handle_rx(VirtIODevice *vdev, VirtQueue *vq)
814 {
815 VirtIONet *n = VIRTIO_NET(vdev);
816 int queue_index = vq2q(virtio_get_queue_index(vq));
817
818 qemu_flush_queued_packets(qemu_get_subqueue(n->nic, queue_index));
819 }
820
821 static int virtio_net_can_receive(NetClientState *nc)
822 {
823 VirtIONet *n = qemu_get_nic_opaque(nc);
824 VirtIODevice *vdev = VIRTIO_DEVICE(n);
825 VirtIONetQueue *q = virtio_net_get_subqueue(nc);
826
827 if (!vdev->vm_running) {
828 return 0;
829 }
830
831 if (nc->queue_index >= n->curr_queues) {
832 return 0;
833 }
834
835 if (!virtio_queue_ready(q->rx_vq) ||
836 !(vdev->status & VIRTIO_CONFIG_S_DRIVER_OK)) {
837 return 0;
838 }
839
840 return 1;
841 }
842
843 static int virtio_net_has_buffers(VirtIONetQueue *q, int bufsize)
844 {
845 VirtIONet *n = q->n;
846 if (virtio_queue_empty(q->rx_vq) ||
847 (n->mergeable_rx_bufs &&
848 !virtqueue_avail_bytes(q->rx_vq, bufsize, 0))) {
849 virtio_queue_set_notification(q->rx_vq, 1);
850
851 /* To avoid a race condition where the guest has made some buffers
852 * available after the above check but before notification was
853 * enabled, check for available buffers again.
854 */
855 if (virtio_queue_empty(q->rx_vq) ||
856 (n->mergeable_rx_bufs &&
857 !virtqueue_avail_bytes(q->rx_vq, bufsize, 0))) {
858 return 0;
859 }
860 }
861
862 virtio_queue_set_notification(q->rx_vq, 0);
863 return 1;
864 }
865
866 /* dhclient uses AF_PACKET but doesn't pass auxdata to the kernel so
867 * it never finds out that the packets don't have valid checksums. This
868 * causes dhclient to get upset. Fedora's carried a patch for ages to
869 * fix this with Xen but it hasn't appeared in an upstream release of
870 * dhclient yet.
871 *
872 * To avoid breaking existing guests, we catch udp packets and add
873 * checksums. This is terrible but it's better than hacking the guest
874 * kernels.
875 *
876 * N.B. if we introduce a zero-copy API, this operation is no longer free so
877 * we should provide a mechanism to disable it to avoid polluting the host
878 * cache.
879 */
880 static void work_around_broken_dhclient(struct virtio_net_hdr *hdr,
881 uint8_t *buf, size_t size)
882 {
883 if ((hdr->flags & VIRTIO_NET_HDR_F_NEEDS_CSUM) && /* missing csum */
884 (size > 27 && size < 1500) && /* normal sized MTU */
885 (buf[12] == 0x08 && buf[13] == 0x00) && /* ethertype == IPv4 */
886 (buf[23] == 17) && /* ip.protocol == UDP */
887 (buf[34] == 0 && buf[35] == 67)) { /* udp.srcport == bootps */
888 net_checksum_calculate(buf, size);
889 hdr->flags &= ~VIRTIO_NET_HDR_F_NEEDS_CSUM;
890 }
891 }
892
893 static void receive_header(VirtIONet *n, const struct iovec *iov, int iov_cnt,
894 const void *buf, size_t size)
895 {
896 if (n->has_vnet_hdr) {
897 /* FIXME this cast is evil */
898 void *wbuf = (void *)buf;
899 work_around_broken_dhclient(wbuf, wbuf + n->host_hdr_len,
900 size - n->host_hdr_len);
901 iov_from_buf(iov, iov_cnt, 0, buf, sizeof(struct virtio_net_hdr));
902 } else {
903 struct virtio_net_hdr hdr = {
904 .flags = 0,
905 .gso_type = VIRTIO_NET_HDR_GSO_NONE
906 };
907 iov_from_buf(iov, iov_cnt, 0, &hdr, sizeof hdr);
908 }
909 }
910
911 static int receive_filter(VirtIONet *n, const uint8_t *buf, int size)
912 {
913 static const uint8_t bcast[] = {0xff, 0xff, 0xff, 0xff, 0xff, 0xff};
914 static const uint8_t vlan[] = {0x81, 0x00};
915 uint8_t *ptr = (uint8_t *)buf;
916 int i;
917
918 if (n->promisc)
919 return 1;
920
921 ptr += n->host_hdr_len;
922
923 if (!memcmp(&ptr[12], vlan, sizeof(vlan))) {
924 int vid = be16_to_cpup((uint16_t *)(ptr + 14)) & 0xfff;
925 if (!(n->vlans[vid >> 5] & (1U << (vid & 0x1f))))
926 return 0;
927 }
928
929 if (ptr[0] & 1) { // multicast
930 if (!memcmp(ptr, bcast, sizeof(bcast))) {
931 return !n->nobcast;
932 } else if (n->nomulti) {
933 return 0;
934 } else if (n->allmulti || n->mac_table.multi_overflow) {
935 return 1;
936 }
937
938 for (i = n->mac_table.first_multi; i < n->mac_table.in_use; i++) {
939 if (!memcmp(ptr, &n->mac_table.macs[i * ETH_ALEN], ETH_ALEN)) {
940 return 1;
941 }
942 }
943 } else { // unicast
944 if (n->nouni) {
945 return 0;
946 } else if (n->alluni || n->mac_table.uni_overflow) {
947 return 1;
948 } else if (!memcmp(ptr, n->mac, ETH_ALEN)) {
949 return 1;
950 }
951
952 for (i = 0; i < n->mac_table.first_multi; i++) {
953 if (!memcmp(ptr, &n->mac_table.macs[i * ETH_ALEN], ETH_ALEN)) {
954 return 1;
955 }
956 }
957 }
958
959 return 0;
960 }
961
962 static ssize_t virtio_net_receive(NetClientState *nc, const uint8_t *buf, size_t size)
963 {
964 VirtIONet *n = qemu_get_nic_opaque(nc);
965 VirtIONetQueue *q = virtio_net_get_subqueue(nc);
966 VirtIODevice *vdev = VIRTIO_DEVICE(n);
967 struct iovec mhdr_sg[VIRTQUEUE_MAX_SIZE];
968 struct virtio_net_hdr_mrg_rxbuf mhdr;
969 unsigned mhdr_cnt = 0;
970 size_t offset, i, guest_offset;
971
972 if (!virtio_net_can_receive(nc)) {
973 return -1;
974 }
975
976 /* hdr_len refers to the header we supply to the guest */
977 if (!virtio_net_has_buffers(q, size + n->guest_hdr_len - n->host_hdr_len)) {
978 return 0;
979 }
980
981 if (!receive_filter(n, buf, size))
982 return size;
983
984 offset = i = 0;
985
986 while (offset < size) {
987 VirtQueueElement elem;
988 int len, total;
989 const struct iovec *sg = elem.in_sg;
990
991 total = 0;
992
993 if (virtqueue_pop(q->rx_vq, &elem) == 0) {
994 if (i == 0)
995 return -1;
996 error_report("virtio-net unexpected empty queue: "
997 "i %zd mergeable %d offset %zd, size %zd, "
998 "guest hdr len %zd, host hdr len %zd guest features 0x%x",
999 i, n->mergeable_rx_bufs, offset, size,
1000 n->guest_hdr_len, n->host_hdr_len, vdev->guest_features);
1001 exit(1);
1002 }
1003
1004 if (elem.in_num < 1) {
1005 error_report("virtio-net receive queue contains no in buffers");
1006 exit(1);
1007 }
1008
1009 if (i == 0) {
1010 assert(offset == 0);
1011 if (n->mergeable_rx_bufs) {
1012 mhdr_cnt = iov_copy(mhdr_sg, ARRAY_SIZE(mhdr_sg),
1013 sg, elem.in_num,
1014 offsetof(typeof(mhdr), num_buffers),
1015 sizeof(mhdr.num_buffers));
1016 }
1017
1018 receive_header(n, sg, elem.in_num, buf, size);
1019 offset = n->host_hdr_len;
1020 total += n->guest_hdr_len;
1021 guest_offset = n->guest_hdr_len;
1022 } else {
1023 guest_offset = 0;
1024 }
1025
1026 /* copy in packet. ugh */
1027 len = iov_from_buf(sg, elem.in_num, guest_offset,
1028 buf + offset, size - offset);
1029 total += len;
1030 offset += len;
1031 /* If buffers can't be merged, at this point we
1032 * must have consumed the complete packet.
1033 * Otherwise, drop it. */
1034 if (!n->mergeable_rx_bufs && offset < size) {
1035 #if 0
1036 error_report("virtio-net truncated non-mergeable packet: "
1037 "i %zd mergeable %d offset %zd, size %zd, "
1038 "guest hdr len %zd, host hdr len %zd",
1039 i, n->mergeable_rx_bufs,
1040 offset, size, n->guest_hdr_len, n->host_hdr_len);
1041 #endif
1042 return size;
1043 }
1044
1045 /* signal other side */
1046 virtqueue_fill(q->rx_vq, &elem, total, i++);
1047 }
1048
1049 if (mhdr_cnt) {
1050 stw_p(&mhdr.num_buffers, i);
1051 iov_from_buf(mhdr_sg, mhdr_cnt,
1052 0,
1053 &mhdr.num_buffers, sizeof mhdr.num_buffers);
1054 }
1055
1056 virtqueue_flush(q->rx_vq, i);
1057 virtio_notify(vdev, q->rx_vq);
1058
1059 return size;
1060 }
1061
1062 static int32_t virtio_net_flush_tx(VirtIONetQueue *q);
1063
1064 static void virtio_net_tx_complete(NetClientState *nc, ssize_t len)
1065 {
1066 VirtIONet *n = qemu_get_nic_opaque(nc);
1067 VirtIONetQueue *q = virtio_net_get_subqueue(nc);
1068 VirtIODevice *vdev = VIRTIO_DEVICE(n);
1069
1070 virtqueue_push(q->tx_vq, &q->async_tx.elem, 0);
1071 virtio_notify(vdev, q->tx_vq);
1072
1073 q->async_tx.elem.out_num = q->async_tx.len = 0;
1074
1075 virtio_queue_set_notification(q->tx_vq, 1);
1076 virtio_net_flush_tx(q);
1077 }
1078
1079 /* TX */
1080 static int32_t virtio_net_flush_tx(VirtIONetQueue *q)
1081 {
1082 VirtIONet *n = q->n;
1083 VirtIODevice *vdev = VIRTIO_DEVICE(n);
1084 VirtQueueElement elem;
1085 int32_t num_packets = 0;
1086 int queue_index = vq2q(virtio_get_queue_index(q->tx_vq));
1087 if (!(vdev->status & VIRTIO_CONFIG_S_DRIVER_OK)) {
1088 return num_packets;
1089 }
1090
1091 assert(vdev->vm_running);
1092
1093 if (q->async_tx.elem.out_num) {
1094 virtio_queue_set_notification(q->tx_vq, 0);
1095 return num_packets;
1096 }
1097
1098 while (virtqueue_pop(q->tx_vq, &elem)) {
1099 ssize_t ret, len;
1100 unsigned int out_num = elem.out_num;
1101 struct iovec *out_sg = &elem.out_sg[0];
1102 struct iovec sg[VIRTQUEUE_MAX_SIZE];
1103
1104 if (out_num < 1) {
1105 error_report("virtio-net header not in first element");
1106 exit(1);
1107 }
1108
1109 /*
1110 * If host wants to see the guest header as is, we can
1111 * pass it on unchanged. Otherwise, copy just the parts
1112 * that host is interested in.
1113 */
1114 assert(n->host_hdr_len <= n->guest_hdr_len);
1115 if (n->host_hdr_len != n->guest_hdr_len) {
1116 unsigned sg_num = iov_copy(sg, ARRAY_SIZE(sg),
1117 out_sg, out_num,
1118 0, n->host_hdr_len);
1119 sg_num += iov_copy(sg + sg_num, ARRAY_SIZE(sg) - sg_num,
1120 out_sg, out_num,
1121 n->guest_hdr_len, -1);
1122 out_num = sg_num;
1123 out_sg = sg;
1124 }
1125
1126 len = n->guest_hdr_len;
1127
1128 ret = qemu_sendv_packet_async(qemu_get_subqueue(n->nic, queue_index),
1129 out_sg, out_num, virtio_net_tx_complete);
1130 if (ret == 0) {
1131 virtio_queue_set_notification(q->tx_vq, 0);
1132 q->async_tx.elem = elem;
1133 q->async_tx.len = len;
1134 return -EBUSY;
1135 }
1136
1137 len += ret;
1138
1139 virtqueue_push(q->tx_vq, &elem, 0);
1140 virtio_notify(vdev, q->tx_vq);
1141
1142 if (++num_packets >= n->tx_burst) {
1143 break;
1144 }
1145 }
1146 return num_packets;
1147 }
1148
1149 static void virtio_net_handle_tx_timer(VirtIODevice *vdev, VirtQueue *vq)
1150 {
1151 VirtIONet *n = VIRTIO_NET(vdev);
1152 VirtIONetQueue *q = &n->vqs[vq2q(virtio_get_queue_index(vq))];
1153
1154 /* This happens when device was stopped but VCPU wasn't. */
1155 if (!vdev->vm_running) {
1156 q->tx_waiting = 1;
1157 return;
1158 }
1159
1160 if (q->tx_waiting) {
1161 virtio_queue_set_notification(vq, 1);
1162 timer_del(q->tx_timer);
1163 q->tx_waiting = 0;
1164 virtio_net_flush_tx(q);
1165 } else {
1166 timer_mod(q->tx_timer,
1167 qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL) + n->tx_timeout);
1168 q->tx_waiting = 1;
1169 virtio_queue_set_notification(vq, 0);
1170 }
1171 }
1172
1173 static void virtio_net_handle_tx_bh(VirtIODevice *vdev, VirtQueue *vq)
1174 {
1175 VirtIONet *n = VIRTIO_NET(vdev);
1176 VirtIONetQueue *q = &n->vqs[vq2q(virtio_get_queue_index(vq))];
1177
1178 if (unlikely(q->tx_waiting)) {
1179 return;
1180 }
1181 q->tx_waiting = 1;
1182 /* This happens when device was stopped but VCPU wasn't. */
1183 if (!vdev->vm_running) {
1184 return;
1185 }
1186 virtio_queue_set_notification(vq, 0);
1187 qemu_bh_schedule(q->tx_bh);
1188 }
1189
1190 static void virtio_net_tx_timer(void *opaque)
1191 {
1192 VirtIONetQueue *q = opaque;
1193 VirtIONet *n = q->n;
1194 VirtIODevice *vdev = VIRTIO_DEVICE(n);
1195 assert(vdev->vm_running);
1196
1197 q->tx_waiting = 0;
1198
1199 /* Just in case the driver is not ready on more */
1200 if (!(vdev->status & VIRTIO_CONFIG_S_DRIVER_OK)) {
1201 return;
1202 }
1203
1204 virtio_queue_set_notification(q->tx_vq, 1);
1205 virtio_net_flush_tx(q);
1206 }
1207
1208 static void virtio_net_tx_bh(void *opaque)
1209 {
1210 VirtIONetQueue *q = opaque;
1211 VirtIONet *n = q->n;
1212 VirtIODevice *vdev = VIRTIO_DEVICE(n);
1213 int32_t ret;
1214
1215 assert(vdev->vm_running);
1216
1217 q->tx_waiting = 0;
1218
1219 /* Just in case the driver is not ready on more */
1220 if (unlikely(!(vdev->status & VIRTIO_CONFIG_S_DRIVER_OK))) {
1221 return;
1222 }
1223
1224 ret = virtio_net_flush_tx(q);
1225 if (ret == -EBUSY) {
1226 return; /* Notification re-enable handled by tx_complete */
1227 }
1228
1229 /* If we flush a full burst of packets, assume there are
1230 * more coming and immediately reschedule */
1231 if (ret >= n->tx_burst) {
1232 qemu_bh_schedule(q->tx_bh);
1233 q->tx_waiting = 1;
1234 return;
1235 }
1236
1237 /* If less than a full burst, re-enable notification and flush
1238 * anything that may have come in while we weren't looking. If
1239 * we find something, assume the guest is still active and reschedule */
1240 virtio_queue_set_notification(q->tx_vq, 1);
1241 if (virtio_net_flush_tx(q) > 0) {
1242 virtio_queue_set_notification(q->tx_vq, 0);
1243 qemu_bh_schedule(q->tx_bh);
1244 q->tx_waiting = 1;
1245 }
1246 }
1247
1248 static void virtio_net_set_multiqueue(VirtIONet *n, int multiqueue)
1249 {
1250 VirtIODevice *vdev = VIRTIO_DEVICE(n);
1251 int i, max = multiqueue ? n->max_queues : 1;
1252
1253 n->multiqueue = multiqueue;
1254
1255 for (i = 2; i <= n->max_queues * 2 + 1; i++) {
1256 virtio_del_queue(vdev, i);
1257 }
1258
1259 for (i = 1; i < max; i++) {
1260 n->vqs[i].rx_vq = virtio_add_queue(vdev, 256, virtio_net_handle_rx);
1261 if (n->vqs[i].tx_timer) {
1262 n->vqs[i].tx_vq =
1263 virtio_add_queue(vdev, 256, virtio_net_handle_tx_timer);
1264 n->vqs[i].tx_timer = timer_new_ns(QEMU_CLOCK_VIRTUAL,
1265 virtio_net_tx_timer,
1266 &n->vqs[i]);
1267 } else {
1268 n->vqs[i].tx_vq =
1269 virtio_add_queue(vdev, 256, virtio_net_handle_tx_bh);
1270 n->vqs[i].tx_bh = qemu_bh_new(virtio_net_tx_bh, &n->vqs[i]);
1271 }
1272
1273 n->vqs[i].tx_waiting = 0;
1274 n->vqs[i].n = n;
1275 }
1276
1277 /* Note: Minux Guests (version 3.2.1) use ctrl vq but don't ack
1278 * VIRTIO_NET_F_CTRL_VQ. Create ctrl vq unconditionally to avoid
1279 * breaking them.
1280 */
1281 n->ctrl_vq = virtio_add_queue(vdev, 64, virtio_net_handle_ctrl);
1282
1283 virtio_net_set_queues(n);
1284 }
1285
1286 static void virtio_net_save(QEMUFile *f, void *opaque)
1287 {
1288 int i;
1289 VirtIONet *n = opaque;
1290 VirtIODevice *vdev = VIRTIO_DEVICE(n);
1291
1292 /* At this point, backend must be stopped, otherwise
1293 * it might keep writing to memory. */
1294 assert(!n->vhost_started);
1295 virtio_save(vdev, f);
1296
1297 qemu_put_buffer(f, n->mac, ETH_ALEN);
1298 qemu_put_be32(f, n->vqs[0].tx_waiting);
1299 qemu_put_be32(f, n->mergeable_rx_bufs);
1300 qemu_put_be16(f, n->status);
1301 qemu_put_byte(f, n->promisc);
1302 qemu_put_byte(f, n->allmulti);
1303 qemu_put_be32(f, n->mac_table.in_use);
1304 qemu_put_buffer(f, n->mac_table.macs, n->mac_table.in_use * ETH_ALEN);
1305 qemu_put_buffer(f, (uint8_t *)n->vlans, MAX_VLAN >> 3);
1306 qemu_put_be32(f, n->has_vnet_hdr);
1307 qemu_put_byte(f, n->mac_table.multi_overflow);
1308 qemu_put_byte(f, n->mac_table.uni_overflow);
1309 qemu_put_byte(f, n->alluni);
1310 qemu_put_byte(f, n->nomulti);
1311 qemu_put_byte(f, n->nouni);
1312 qemu_put_byte(f, n->nobcast);
1313 qemu_put_byte(f, n->has_ufo);
1314 if (n->max_queues > 1) {
1315 qemu_put_be16(f, n->max_queues);
1316 qemu_put_be16(f, n->curr_queues);
1317 for (i = 1; i < n->curr_queues; i++) {
1318 qemu_put_be32(f, n->vqs[i].tx_waiting);
1319 }
1320 }
1321
1322 if ((1 << VIRTIO_NET_F_CTRL_GUEST_OFFLOADS) & vdev->guest_features) {
1323 qemu_put_be64(f, n->curr_guest_offloads);
1324 }
1325 }
1326
1327 static int virtio_net_load(QEMUFile *f, void *opaque, int version_id)
1328 {
1329 VirtIONet *n = opaque;
1330 VirtIODevice *vdev = VIRTIO_DEVICE(n);
1331 int ret, i, link_down;
1332
1333 if (version_id < 2 || version_id > VIRTIO_NET_VM_VERSION)
1334 return -EINVAL;
1335
1336 ret = virtio_load(vdev, f);
1337 if (ret) {
1338 return ret;
1339 }
1340
1341 qemu_get_buffer(f, n->mac, ETH_ALEN);
1342 n->vqs[0].tx_waiting = qemu_get_be32(f);
1343
1344 virtio_net_set_mrg_rx_bufs(n, qemu_get_be32(f));
1345
1346 if (version_id >= 3)
1347 n->status = qemu_get_be16(f);
1348
1349 if (version_id >= 4) {
1350 if (version_id < 8) {
1351 n->promisc = qemu_get_be32(f);
1352 n->allmulti = qemu_get_be32(f);
1353 } else {
1354 n->promisc = qemu_get_byte(f);
1355 n->allmulti = qemu_get_byte(f);
1356 }
1357 }
1358
1359 if (version_id >= 5) {
1360 n->mac_table.in_use = qemu_get_be32(f);
1361 /* MAC_TABLE_ENTRIES may be different from the saved image */
1362 if (n->mac_table.in_use <= MAC_TABLE_ENTRIES) {
1363 qemu_get_buffer(f, n->mac_table.macs,
1364 n->mac_table.in_use * ETH_ALEN);
1365 } else {
1366 int64_t i;
1367
1368 /* Overflow detected - can happen if source has a larger MAC table.
1369 * We simply set overflow flag so there's no need to maintain the
1370 * table of addresses, discard them all.
1371 * Note: 64 bit math to avoid integer overflow.
1372 */
1373 for (i = 0; i < (int64_t)n->mac_table.in_use * ETH_ALEN; ++i) {
1374 qemu_get_byte(f);
1375 }
1376 n->mac_table.multi_overflow = n->mac_table.uni_overflow = 1;
1377 n->mac_table.in_use = 0;
1378 }
1379 }
1380
1381 if (version_id >= 6)
1382 qemu_get_buffer(f, (uint8_t *)n->vlans, MAX_VLAN >> 3);
1383
1384 if (version_id >= 7) {
1385 if (qemu_get_be32(f) && !peer_has_vnet_hdr(n)) {
1386 error_report("virtio-net: saved image requires vnet_hdr=on");
1387 return -1;
1388 }
1389 }
1390
1391 if (version_id >= 9) {
1392 n->mac_table.multi_overflow = qemu_get_byte(f);
1393 n->mac_table.uni_overflow = qemu_get_byte(f);
1394 }
1395
1396 if (version_id >= 10) {
1397 n->alluni = qemu_get_byte(f);
1398 n->nomulti = qemu_get_byte(f);
1399 n->nouni = qemu_get_byte(f);
1400 n->nobcast = qemu_get_byte(f);
1401 }
1402
1403 if (version_id >= 11) {
1404 if (qemu_get_byte(f) && !peer_has_ufo(n)) {
1405 error_report("virtio-net: saved image requires TUN_F_UFO support");
1406 return -1;
1407 }
1408 }
1409
1410 if (n->max_queues > 1) {
1411 if (n->max_queues != qemu_get_be16(f)) {
1412 error_report("virtio-net: different max_queues ");
1413 return -1;
1414 }
1415
1416 n->curr_queues = qemu_get_be16(f);
1417 if (n->curr_queues > n->max_queues) {
1418 error_report("virtio-net: curr_queues %x > max_queues %x",
1419 n->curr_queues, n->max_queues);
1420 return -1;
1421 }
1422 for (i = 1; i < n->curr_queues; i++) {
1423 n->vqs[i].tx_waiting = qemu_get_be32(f);
1424 }
1425 }
1426
1427 if ((1 << VIRTIO_NET_F_CTRL_GUEST_OFFLOADS) & vdev->guest_features) {
1428 n->curr_guest_offloads = qemu_get_be64(f);
1429 } else {
1430 n->curr_guest_offloads = virtio_net_supported_guest_offloads(n);
1431 }
1432
1433 if (peer_has_vnet_hdr(n)) {
1434 virtio_net_apply_guest_offloads(n);
1435 }
1436
1437 virtio_net_set_queues(n);
1438
1439 /* Find the first multicast entry in the saved MAC filter */
1440 for (i = 0; i < n->mac_table.in_use; i++) {
1441 if (n->mac_table.macs[i * ETH_ALEN] & 1) {
1442 break;
1443 }
1444 }
1445 n->mac_table.first_multi = i;
1446
1447 /* nc.link_down can't be migrated, so infer link_down according
1448 * to link status bit in n->status */
1449 link_down = (n->status & VIRTIO_NET_S_LINK_UP) == 0;
1450 for (i = 0; i < n->max_queues; i++) {
1451 qemu_get_subqueue(n->nic, i)->link_down = link_down;
1452 }
1453
1454 return 0;
1455 }
1456
1457 static void virtio_net_cleanup(NetClientState *nc)
1458 {
1459 VirtIONet *n = qemu_get_nic_opaque(nc);
1460
1461 n->nic = NULL;
1462 }
1463
1464 static NetClientInfo net_virtio_info = {
1465 .type = NET_CLIENT_OPTIONS_KIND_NIC,
1466 .size = sizeof(NICState),
1467 .can_receive = virtio_net_can_receive,
1468 .receive = virtio_net_receive,
1469 .cleanup = virtio_net_cleanup,
1470 .link_status_changed = virtio_net_set_link_status,
1471 .query_rx_filter = virtio_net_query_rxfilter,
1472 };
1473
1474 static bool virtio_net_guest_notifier_pending(VirtIODevice *vdev, int idx)
1475 {
1476 VirtIONet *n = VIRTIO_NET(vdev);
1477 NetClientState *nc = qemu_get_subqueue(n->nic, vq2q(idx));
1478 assert(n->vhost_started);
1479 return vhost_net_virtqueue_pending(tap_get_vhost_net(nc->peer), idx);
1480 }
1481
1482 static void virtio_net_guest_notifier_mask(VirtIODevice *vdev, int idx,
1483 bool mask)
1484 {
1485 VirtIONet *n = VIRTIO_NET(vdev);
1486 NetClientState *nc = qemu_get_subqueue(n->nic, vq2q(idx));
1487 assert(n->vhost_started);
1488 vhost_net_virtqueue_mask(tap_get_vhost_net(nc->peer),
1489 vdev, idx, mask);
1490 }
1491
1492 void virtio_net_set_config_size(VirtIONet *n, uint32_t host_features)
1493 {
1494 int i, config_size = 0;
1495 host_features |= (1 << VIRTIO_NET_F_MAC);
1496 for (i = 0; feature_sizes[i].flags != 0; i++) {
1497 if (host_features & feature_sizes[i].flags) {
1498 config_size = MAX(feature_sizes[i].end, config_size);
1499 }
1500 }
1501 n->config_size = config_size;
1502 }
1503
1504 void virtio_net_set_netclient_name(VirtIONet *n, const char *name,
1505 const char *type)
1506 {
1507 /*
1508 * The name can be NULL, the netclient name will be type.x.
1509 */
1510 assert(type != NULL);
1511
1512 if (n->netclient_name) {
1513 g_free(n->netclient_name);
1514 n->netclient_name = NULL;
1515 }
1516 if (n->netclient_type) {
1517 g_free(n->netclient_type);
1518 n->netclient_type = NULL;
1519 }
1520
1521 if (name != NULL) {
1522 n->netclient_name = g_strdup(name);
1523 }
1524 n->netclient_type = g_strdup(type);
1525 }
1526
1527 static void virtio_net_device_realize(DeviceState *dev, Error **errp)
1528 {
1529 VirtIODevice *vdev = VIRTIO_DEVICE(dev);
1530 VirtIONet *n = VIRTIO_NET(dev);
1531 NetClientState *nc;
1532 int i;
1533
1534 virtio_init(vdev, "virtio-net", VIRTIO_ID_NET, n->config_size);
1535
1536 n->max_queues = MAX(n->nic_conf.queues, 1);
1537 n->vqs = g_malloc0(sizeof(VirtIONetQueue) * n->max_queues);
1538 n->vqs[0].rx_vq = virtio_add_queue(vdev, 256, virtio_net_handle_rx);
1539 n->curr_queues = 1;
1540 n->vqs[0].n = n;
1541 n->tx_timeout = n->net_conf.txtimer;
1542
1543 if (n->net_conf.tx && strcmp(n->net_conf.tx, "timer")
1544 && strcmp(n->net_conf.tx, "bh")) {
1545 error_report("virtio-net: "
1546 "Unknown option tx=%s, valid options: \"timer\" \"bh\"",
1547 n->net_conf.tx);
1548 error_report("Defaulting to \"bh\"");
1549 }
1550
1551 if (n->net_conf.tx && !strcmp(n->net_conf.tx, "timer")) {
1552 n->vqs[0].tx_vq = virtio_add_queue(vdev, 256,
1553 virtio_net_handle_tx_timer);
1554 n->vqs[0].tx_timer = timer_new_ns(QEMU_CLOCK_VIRTUAL, virtio_net_tx_timer,
1555 &n->vqs[0]);
1556 } else {
1557 n->vqs[0].tx_vq = virtio_add_queue(vdev, 256,
1558 virtio_net_handle_tx_bh);
1559 n->vqs[0].tx_bh = qemu_bh_new(virtio_net_tx_bh, &n->vqs[0]);
1560 }
1561 n->ctrl_vq = virtio_add_queue(vdev, 64, virtio_net_handle_ctrl);
1562 qemu_macaddr_default_if_unset(&n->nic_conf.macaddr);
1563 memcpy(&n->mac[0], &n->nic_conf.macaddr, sizeof(n->mac));
1564 n->status = VIRTIO_NET_S_LINK_UP;
1565
1566 if (n->netclient_type) {
1567 /*
1568 * Happen when virtio_net_set_netclient_name has been called.
1569 */
1570 n->nic = qemu_new_nic(&net_virtio_info, &n->nic_conf,
1571 n->netclient_type, n->netclient_name, n);
1572 } else {
1573 n->nic = qemu_new_nic(&net_virtio_info, &n->nic_conf,
1574 object_get_typename(OBJECT(dev)), dev->id, n);
1575 }
1576
1577 peer_test_vnet_hdr(n);
1578 if (peer_has_vnet_hdr(n)) {
1579 for (i = 0; i < n->max_queues; i++) {
1580 qemu_using_vnet_hdr(qemu_get_subqueue(n->nic, i)->peer, true);
1581 }
1582 n->host_hdr_len = sizeof(struct virtio_net_hdr);
1583 } else {
1584 n->host_hdr_len = 0;
1585 }
1586
1587 qemu_format_nic_info_str(qemu_get_queue(n->nic), n->nic_conf.macaddr.a);
1588
1589 n->vqs[0].tx_waiting = 0;
1590 n->tx_burst = n->net_conf.txburst;
1591 virtio_net_set_mrg_rx_bufs(n, 0);
1592 n->promisc = 1; /* for compatibility */
1593
1594 n->mac_table.macs = g_malloc0(MAC_TABLE_ENTRIES * ETH_ALEN);
1595
1596 n->vlans = g_malloc0(MAX_VLAN >> 3);
1597
1598 nc = qemu_get_queue(n->nic);
1599 nc->rxfilter_notify_enabled = 1;
1600
1601 n->qdev = dev;
1602 register_savevm(dev, "virtio-net", -1, VIRTIO_NET_VM_VERSION,
1603 virtio_net_save, virtio_net_load, n);
1604
1605 add_boot_device_path(n->nic_conf.bootindex, dev, "/ethernet-phy@0");
1606 }
1607
1608 static void virtio_net_device_unrealize(DeviceState *dev, Error **errp)
1609 {
1610 VirtIODevice *vdev = VIRTIO_DEVICE(dev);
1611 VirtIONet *n = VIRTIO_NET(dev);
1612 int i;
1613
1614 /* This will stop vhost backend if appropriate. */
1615 virtio_net_set_status(vdev, 0);
1616
1617 unregister_savevm(dev, "virtio-net", n);
1618
1619 if (n->netclient_name) {
1620 g_free(n->netclient_name);
1621 n->netclient_name = NULL;
1622 }
1623 if (n->netclient_type) {
1624 g_free(n->netclient_type);
1625 n->netclient_type = NULL;
1626 }
1627
1628 g_free(n->mac_table.macs);
1629 g_free(n->vlans);
1630
1631 for (i = 0; i < n->max_queues; i++) {
1632 VirtIONetQueue *q = &n->vqs[i];
1633 NetClientState *nc = qemu_get_subqueue(n->nic, i);
1634
1635 qemu_purge_queued_packets(nc);
1636
1637 if (q->tx_timer) {
1638 timer_del(q->tx_timer);
1639 timer_free(q->tx_timer);
1640 } else if (q->tx_bh) {
1641 qemu_bh_delete(q->tx_bh);
1642 }
1643 }
1644
1645 g_free(n->vqs);
1646 qemu_del_nic(n->nic);
1647 virtio_cleanup(vdev);
1648 }
1649
1650 static void virtio_net_instance_init(Object *obj)
1651 {
1652 VirtIONet *n = VIRTIO_NET(obj);
1653
1654 /*
1655 * The default config_size is sizeof(struct virtio_net_config).
1656 * Can be overriden with virtio_net_set_config_size.
1657 */
1658 n->config_size = sizeof(struct virtio_net_config);
1659 }
1660
1661 static Property virtio_net_properties[] = {
1662 DEFINE_NIC_PROPERTIES(VirtIONet, nic_conf),
1663 DEFINE_PROP_UINT32("x-txtimer", VirtIONet, net_conf.txtimer,
1664 TX_TIMER_INTERVAL),
1665 DEFINE_PROP_INT32("x-txburst", VirtIONet, net_conf.txburst, TX_BURST),
1666 DEFINE_PROP_STRING("tx", VirtIONet, net_conf.tx),
1667 DEFINE_PROP_END_OF_LIST(),
1668 };
1669
1670 static void virtio_net_class_init(ObjectClass *klass, void *data)
1671 {
1672 DeviceClass *dc = DEVICE_CLASS(klass);
1673 VirtioDeviceClass *vdc = VIRTIO_DEVICE_CLASS(klass);
1674
1675 dc->props = virtio_net_properties;
1676 set_bit(DEVICE_CATEGORY_NETWORK, dc->categories);
1677 vdc->realize = virtio_net_device_realize;
1678 vdc->unrealize = virtio_net_device_unrealize;
1679 vdc->get_config = virtio_net_get_config;
1680 vdc->set_config = virtio_net_set_config;
1681 vdc->get_features = virtio_net_get_features;
1682 vdc->set_features = virtio_net_set_features;
1683 vdc->bad_features = virtio_net_bad_features;
1684 vdc->reset = virtio_net_reset;
1685 vdc->set_status = virtio_net_set_status;
1686 vdc->guest_notifier_mask = virtio_net_guest_notifier_mask;
1687 vdc->guest_notifier_pending = virtio_net_guest_notifier_pending;
1688 }
1689
1690 static const TypeInfo virtio_net_info = {
1691 .name = TYPE_VIRTIO_NET,
1692 .parent = TYPE_VIRTIO_DEVICE,
1693 .instance_size = sizeof(VirtIONet),
1694 .instance_init = virtio_net_instance_init,
1695 .class_init = virtio_net_class_init,
1696 };
1697
1698 static void virtio_register_types(void)
1699 {
1700 type_register_static(&virtio_net_info);
1701 }
1702
1703 type_init(virtio_register_types)