[Qemu-devel] [PULL 0/5] Net patches

[Qemu-devel] [PULL 0/5] Net patches

[Jason Wang]

The following changes since commit 7acbff99c6c285b3070bf0e768d56f511e2bf346:

  Update version for v2.6.0-rc1 release (2016-04-05 21:53:18 +0100)

are available in the git repository at:

  https://github.com/jasowang/qemu.git tags/net-pull-request

for you to fetch changes up to e0a039e50d481dce6b4ee45a29002538a258cd89:

  filter-buffer: fix segfault when starting qemu with status=off property (2016-04-06 09:52:07 +0800)

----------------------------------------------------------------
- fix segfault when start filter with status=off
- fix large array to heap for nc_sendv_compat()
- fix OptsVisitor memory leak during net client init

----------------------------------------------------------------
Isaac Lozano (1):
      util: Improved qemu_hexmap() to include an ascii dump of the buffer

Jason Wang (1):
      rtl8139: using CP_TX_OWN for ownership transferring during tx

Paolo Bonzini (1):
      net: fix OptsVisitor memory leak

Pooja Dhannawat (1):
      net: Allocating Large sized arrays to heap

zhanghailiang (1):
      filter-buffer: fix segfault when starting qemu with status=off property

 hw/net/rtl8139.c |  2 +-
 net/filter.c     |  2 +-
 net/net.c        | 44 +++++++++++---------------------------------
 util/hexdump.c   | 33 ++++++++++++++++++++++-----------
 4 files changed, 35 insertions(+), 46 deletions(-)

[Qemu-devel] [PULL 1/5] util: Improved qemu_hexmap() to include an ascii dump of the buffer

[Jason Wang]

From: Isaac Lozano <109lozanoi@gmail.com>

qemu_hexdump() in util/hexdump.c has been changed to give also include a
ascii dump of the buffer. Also, calls to hex_dump() in net/net.c have
been replaced with calls to qemu_hexdump(). This takes care of two misc
BiteSized Tasks.

Reviewed-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Isaac Lozano <109lozanoi@gmail.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
---
 net/net.c      | 30 +-----------------------------
 util/hexdump.c | 33 ++++++++++++++++++++++-----------
 2 files changed, 23 insertions(+), 40 deletions(-)

diff --git a/net/net.c b/net/net.c
index 594c3b8..0bc42a1 100644
--- a/net/net.c
+++ b/net/net.c
@@ -81,34 +81,6 @@ int default_net = 1;
 /***********************************************************/
 /* network device redirectors */
 
-#if defined(DEBUG_NET)
-static void hex_dump(FILE *f, const uint8_t *buf, int size)
-{
-    int len, i, j, c;
-
-    for(i=0;i<size;i+=16) {
-        len = size - i;
-        if (len > 16)
-            len = 16;
-        fprintf(f, "%08x ", i);
-        for(j=0;j<16;j++) {
-            if (j < len)
-                fprintf(f, " %02x", buf[i+j]);
-            else
-                fprintf(f, "   ");
-        }
-        fprintf(f, " ");
-        for(j=0;j<len;j++) {
-            c = buf[i+j];
-            if (c < ' ' || c > '~')
-                c = '.';
-            fprintf(f, "%c", c);
-        }
-        fprintf(f, "\n");
-    }
-}
-#endif
-
 static int get_str_sep(char *buf, int buf_size, const char **pp, int sep)
 {
     const char *p, *p1;
@@ -664,7 +636,7 @@ static ssize_t qemu_send_packet_async_with_flags(NetClientState *sender,
 
 #ifdef DEBUG_NET
     printf("qemu_send_packet_async:\n");
-    hex_dump(stdout, buf, size);
+    qemu_hexdump((const char *)buf, stdout, "net", size);
 #endif
 
     if (sender->link_down || !sender->peer) {
diff --git a/util/hexdump.c b/util/hexdump.c
index 1d9c129..f879ff0 100644
--- a/util/hexdump.c
+++ b/util/hexdump.c
@@ -18,21 +18,32 @@
 
 void qemu_hexdump(const char *buf, FILE *fp, const char *prefix, size_t size)
 {
-    unsigned int b;
+    unsigned int b, len, i, c;
 
-    for (b = 0; b < size; b++) {
-        if ((b % 16) == 0) {
-            fprintf(fp, "%s: %04x:", prefix, b);
+    for (b = 0; b < size; b += 16) {
+        len = size - b;
+        if (len > 16) {
+            len = 16;
         }
-        if ((b % 4) == 0) {
-            fprintf(fp, " ");
+        fprintf(fp, "%s: %04x:", prefix, b);
+        for (i = 0; i < 16; i++) {
+            if ((i % 4) == 0) {
+                fprintf(fp, " ");
+            }
+            if (i < len) {
+                fprintf(fp, " %02x", (unsigned char)buf[b + i]);
+            } else {
+                fprintf(fp, "   ");
+            }
         }
-        fprintf(fp, " %02x", (unsigned char)buf[b]);
-        if ((b % 16) == 15) {
-            fprintf(fp, "\n");
+        fprintf(fp, " ");
+        for (i = 0; i < len; i++) {
+            c = buf[b + i];
+            if (c < ' ' || c > '~') {
+                c = '.';
+            }
+            fprintf(fp, "%c", c);
         }
-    }
-    if ((b % 16) != 0) {
         fprintf(fp, "\n");
     }
 }
-- 
2.5.0

[Qemu-devel] [PULL 2/5] net: Allocating Large sized arrays to heap

[Jason Wang]

From: Pooja Dhannawat <dhannawatpooja1@gmail.com>

nc_sendv_compat has a huge stack usage of 69680 bytes approx.
Moving large arrays to heap to reduce stack usage.

Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Pooja Dhannawat <dhannawatpooja1@gmail.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
---
 net/net.c | 13 +++++++++----
 1 file changed, 9 insertions(+), 4 deletions(-)

diff --git a/net/net.c b/net/net.c
index 0bc42a1..f8b1e00 100644
--- a/net/net.c
+++ b/net/net.c
@@ -683,23 +683,28 @@ ssize_t qemu_send_packet_raw(NetClientState *nc, const uint8_t *buf, int size)
 static ssize_t nc_sendv_compat(NetClientState *nc, const struct iovec *iov,
                                int iovcnt, unsigned flags)
 {
-    uint8_t buf[NET_BUFSIZE];
+    uint8_t *buf = NULL;
     uint8_t *buffer;
     size_t offset;
+    ssize_t ret;
 
     if (iovcnt == 1) {
         buffer = iov[0].iov_base;
         offset = iov[0].iov_len;
     } else {
+        buf = g_new(uint8_t, NET_BUFSIZE);
         buffer = buf;
-        offset = iov_to_buf(iov, iovcnt, 0, buf, sizeof(buf));
+        offset = iov_to_buf(iov, iovcnt, 0, buf, NET_BUFSIZE);
     }
 
     if (flags & QEMU_NET_PACKET_FLAG_RAW && nc->info->receive_raw) {
-        return nc->info->receive_raw(nc, buffer, offset);
+        ret = nc->info->receive_raw(nc, buffer, offset);
     } else {
-        return nc->info->receive(nc, buffer, offset);
+        ret = nc->info->receive(nc, buffer, offset);
     }
+
+    g_free(buf);
+    return ret;
 }
 
 ssize_t qemu_deliver_packet_iov(NetClientState *sender,
-- 
2.5.0

[Qemu-devel] [PULL 3/5] net: fix OptsVisitor memory leak

[Jason Wang]

From: Paolo Bonzini <pbonzini@redhat.com>

Fixes 96a1616("qapi-dealloc: Reduce use outside of generated code")
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
---
 net/net.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/net/net.c b/net/net.c
index f8b1e00..0ad6217 100644
--- a/net/net.c
+++ b/net/net.c
@@ -1077,6 +1077,7 @@ int net_client_init(QemuOpts *opts, int is_netdev, Error **errp)
     }
 
     error_propagate(errp, err);
+    opts_visitor_cleanup(ov);
     return ret;
 }
 
-- 
2.5.0

[Qemu-devel] [PULL 4/5] rtl8139: using CP_TX_OWN for ownership transferring during tx

[Jason Wang]

Through CP_TX_OWN and CP_RX_OWN points to the same bit, we'd better use
CP_TX_OWN for tx descriptor handling.

Signed-off-by: Jason Wang <jasowang@redhat.com>
---
 hw/net/rtl8139.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hw/net/rtl8139.c b/hw/net/rtl8139.c
index fee97bf..1e5ec14 100644
--- a/hw/net/rtl8139.c
+++ b/hw/net/rtl8139.c
@@ -2046,7 +2046,7 @@ static int rtl8139_cplus_transmit_one(RTL8139State *s)
     }
 
     /* transfer ownership to target */
-    txdw0 &= ~CP_RX_OWN;
+    txdw0 &= ~CP_TX_OWN;
 
     /* reset error indicator bits */
     txdw0 &= ~CP_TX_STATUS_UNF;
-- 
2.5.0

[Qemu-devel] [PULL 5/5] filter-buffer: fix segfault when starting qemu with status=off property

[Jason Wang]

From: zhanghailiang <zhang.zhanghailiang@huawei.com>

After commit 338d3f, we support 'status' property for filter object.
The segfault can be triggered by starting qemu with 'status=off' property
for filter, when the s->incoming_queue is NULL, we reference it directly
in qemu_net_queue_flush() which was called in status_changed() callback
function.

We shouldn't trigger status_changed() before the filter was initialized,
We can check the value of 'nf->netdev' to confirm if the filter is
initialized or not, so let's check its value before calling
status_changed().

Signed-off-by: zhanghailiang <zhang.zhanghailiang@huawei.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
---
 net/filter.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/net/filter.c b/net/filter.c
index 1c4fc5a..8ac79f3 100644
--- a/net/filter.c
+++ b/net/filter.c
@@ -164,7 +164,7 @@ static void netfilter_set_status(Object *obj, const char *str, Error **errp)
         return;
     }
     nf->on = !nf->on;
-    if (nfc->status_changed) {
+    if (nf->netdev && nfc->status_changed) {
         nfc->status_changed(nf, errp);
     }
 }
-- 
2.5.0

Re: [Qemu-devel] [PULL 0/5] Net patches

[Peter Maydell]

On 6 April 2016 at 03:37, Jason Wang <jasowang@redhat.com> wrote:
> The following changes since commit 7acbff99c6c285b3070bf0e768d56f511e2bf346:
>
>   Update version for v2.6.0-rc1 release (2016-04-05 21:53:18 +0100)
>
> are available in the git repository at:
>
>   https://github.com/jasowang/qemu.git tags/net-pull-request
>
> for you to fetch changes up to e0a039e50d481dce6b4ee45a29002538a258cd89:
>
>   filter-buffer: fix segfault when starting qemu with status=off property (2016-04-06 09:52:07 +0800)
>
> ----------------------------------------------------------------
> - fix segfault when start filter with status=off
> - fix large array to heap for nc_sendv_compat()
> - fix OptsVisitor memory leak during net client init
>

Applied, thanks.

-- PMM