* [Qemu-devel] [PULL 1/5] net: Mark 'vlan' parameter as deprecated
2017-02-15 3:53 [Qemu-devel] [PULL 0/5] Net patches Jason Wang
@ 2017-02-15 3:53 ` Jason Wang
2017-02-15 3:53 ` [Qemu-devel] [PULL 2/5] net: e1000e: fix dead code in e1000e_write_packet_to_guest Jason Wang
` (4 subsequent siblings)
5 siblings, 0 replies; 7+ messages in thread
From: Jason Wang @ 2017-02-15 3:53 UTC (permalink / raw)
To: peter.maydell; +Cc: qemu-devel, Thomas Huth, Jason Wang
From: Thomas Huth <thuth@redhat.com>
The 'vlan' parameter is a continuous source of confusion for the users,
many people mix it up with the more common term VLAN (the link layer
packet encapsulation), and even if they realize that the QEMU 'vlan' is
rather some kind of network hub emulation, there is still a high risk
that they configure their QEMU networking in a wrong way with this
parameter (e.g. by hooking NICs together, so they get a 'loopback'
between one and the other NIC).
Thus at one point in time, we should finally get rid of the 'vlan'
feature in QEMU. Let's do a first step in this direction by declaring
the 'vlan' parameter as deprecated and informing the users to use the
'netdev' parameter instead.
Signed-off-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
---
net/net.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/net/net.c b/net/net.c
index 939fe31..fb7af3a 100644
--- a/net/net.c
+++ b/net/net.c
@@ -970,6 +970,7 @@ static int net_client_init1(const void *object, bool is_netdev, Error **errp)
const Netdev *netdev;
const char *name;
NetClientState *peer = NULL;
+ static bool vlan_warned;
if (is_netdev) {
netdev = object;
@@ -1050,6 +1051,11 @@ static int net_client_init1(const void *object, bool is_netdev, Error **errp)
!opts->u.nic.data->has_netdev) {
peer = net_hub_add_port(net->has_vlan ? net->vlan : 0, NULL);
}
+
+ if (net->has_vlan && !vlan_warned) {
+ error_report("'vlan' is deprecated. Please use 'netdev' instead.");
+ vlan_warned = true;
+ }
}
if (net_client_init_fun[netdev->type](netdev, name, peer, errp) < 0) {
--
2.7.4
^ permalink raw reply related [flat|nested] 7+ messages in thread* [Qemu-devel] [PULL 2/5] net: e1000e: fix dead code in e1000e_write_packet_to_guest
2017-02-15 3:53 [Qemu-devel] [PULL 0/5] Net patches Jason Wang
2017-02-15 3:53 ` [Qemu-devel] [PULL 1/5] net: Mark 'vlan' parameter as deprecated Jason Wang
@ 2017-02-15 3:53 ` Jason Wang
2017-02-15 3:53 ` [Qemu-devel] [PULL 3/5] colo-compare: sort TCP packet queue by sequence number Jason Wang
` (3 subsequent siblings)
5 siblings, 0 replies; 7+ messages in thread
From: Jason Wang @ 2017-02-15 3:53 UTC (permalink / raw)
To: peter.maydell; +Cc: qemu-devel, Paolo Bonzini, Jason Wang
From: Paolo Bonzini <pbonzini@redhat.com>
Because is_first is declared inside a loop, it is always true. The store
is dead, and so is the "else" branch of "if (is_first)". is_last is
okay though.
Reported by Coverity.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Dmitry Fleytman <dmitry@daynix.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
---
hw/net/e1000e_core.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/hw/net/e1000e_core.c b/hw/net/e1000e_core.c
index 2b11499..c99e2fb 100644
--- a/hw/net/e1000e_core.c
+++ b/hw/net/e1000e_core.c
@@ -1507,6 +1507,7 @@ e1000e_write_packet_to_guest(E1000ECore *core, struct NetRxPkt *pkt,
const E1000E_RingInfo *rxi;
size_t ps_hdr_len = 0;
bool do_ps = e1000e_do_ps(core, pkt, &ps_hdr_len);
+ bool is_first = true;
rxi = rxr->i;
@@ -1514,7 +1515,6 @@ e1000e_write_packet_to_guest(E1000ECore *core, struct NetRxPkt *pkt,
hwaddr ba[MAX_PS_BUFFERS];
e1000e_ba_state bastate = { { 0 } };
bool is_last = false;
- bool is_first = true;
desc_size = total_size - desc_offset;
--
2.7.4
^ permalink raw reply related [flat|nested] 7+ messages in thread* [Qemu-devel] [PULL 3/5] colo-compare: sort TCP packet queue by sequence number
2017-02-15 3:53 [Qemu-devel] [PULL 0/5] Net patches Jason Wang
2017-02-15 3:53 ` [Qemu-devel] [PULL 1/5] net: Mark 'vlan' parameter as deprecated Jason Wang
2017-02-15 3:53 ` [Qemu-devel] [PULL 2/5] net: e1000e: fix dead code in e1000e_write_packet_to_guest Jason Wang
@ 2017-02-15 3:53 ` Jason Wang
2017-02-15 3:53 ` [Qemu-devel] [PULL 4/5] net: imx: limit buffer descriptor count Jason Wang
` (2 subsequent siblings)
5 siblings, 0 replies; 7+ messages in thread
From: Jason Wang @ 2017-02-15 3:53 UTC (permalink / raw)
To: peter.maydell; +Cc: qemu-devel, Zhang Chen, Li Zhijian, Jason Wang
From: Zhang Chen <zhangchen.fnst@cn.fujitsu.com>
Improve efficiency of TCP packet comparison.
Signed-off-by: Zhang Chen <zhangchen.fnst@cn.fujitsu.com>
Signed-off-by: Li Zhijian <lizhijian@cn.fujitsu.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
---
net/colo-compare.c | 19 +++++++++++++++++++
1 file changed, 19 insertions(+)
diff --git a/net/colo-compare.c b/net/colo-compare.c
index 4962976..162fd6a 100644
--- a/net/colo-compare.c
+++ b/net/colo-compare.c
@@ -101,6 +101,15 @@ static int compare_chr_send(CharBackend *out,
const uint8_t *buf,
uint32_t size);
+static gint seq_sorter(Packet *a, Packet *b, gpointer data)
+{
+ struct tcphdr *atcp, *btcp;
+
+ atcp = (struct tcphdr *)(a->transport_header);
+ btcp = (struct tcphdr *)(b->transport_header);
+ return ntohl(atcp->th_seq) - ntohl(btcp->th_seq);
+}
+
/*
* Return 0 on success, if return -1 means the pkt
* is unsupported(arp and ipv6) and will be sent later
@@ -137,6 +146,11 @@ static int packet_enqueue(CompareState *s, int mode)
if (g_queue_get_length(&conn->primary_list) <=
MAX_QUEUE_SIZE) {
g_queue_push_tail(&conn->primary_list, pkt);
+ if (conn->ip_proto == IPPROTO_TCP) {
+ g_queue_sort(&conn->primary_list,
+ (GCompareDataFunc)seq_sorter,
+ NULL);
+ }
} else {
error_report("colo compare primary queue size too big,"
"drop packet");
@@ -145,6 +159,11 @@ static int packet_enqueue(CompareState *s, int mode)
if (g_queue_get_length(&conn->secondary_list) <=
MAX_QUEUE_SIZE) {
g_queue_push_tail(&conn->secondary_list, pkt);
+ if (conn->ip_proto == IPPROTO_TCP) {
+ g_queue_sort(&conn->secondary_list,
+ (GCompareDataFunc)seq_sorter,
+ NULL);
+ }
} else {
error_report("colo compare secondary queue size too big,"
"drop packet");
--
2.7.4
^ permalink raw reply related [flat|nested] 7+ messages in thread* [Qemu-devel] [PULL 4/5] net: imx: limit buffer descriptor count
2017-02-15 3:53 [Qemu-devel] [PULL 0/5] Net patches Jason Wang
` (2 preceding siblings ...)
2017-02-15 3:53 ` [Qemu-devel] [PULL 3/5] colo-compare: sort TCP packet queue by sequence number Jason Wang
@ 2017-02-15 3:53 ` Jason Wang
2017-02-15 3:53 ` [Qemu-devel] [PULL 5/5] net: e1000e: fix an infinite loop issue Jason Wang
2017-02-16 14:23 ` [Qemu-devel] [PULL 0/5] Net patches Peter Maydell
5 siblings, 0 replies; 7+ messages in thread
From: Jason Wang @ 2017-02-15 3:53 UTC (permalink / raw)
To: peter.maydell; +Cc: qemu-devel, Prasad J Pandit, Jason Wang
From: Prasad J Pandit <pjp@fedoraproject.org>
i.MX Fast Ethernet Controller uses buffer descriptors to manage
data flow to/fro receive & transmit queues. While transmitting
packets, it could continue to read buffer descriptors if a buffer
descriptor has length of zero and has crafted values in bd.flags.
Set an upper limit to number of buffer descriptors.
Reported-by: Li Qiang <liqiang6-s@360.cn>
Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
Signed-off-by: Jason Wang <jasowang@redhat.com>
---
hw/net/imx_fec.c | 10 ++++++----
1 file changed, 6 insertions(+), 4 deletions(-)
diff --git a/hw/net/imx_fec.c b/hw/net/imx_fec.c
index 50c7564..90e6ee3 100644
--- a/hw/net/imx_fec.c
+++ b/hw/net/imx_fec.c
@@ -55,6 +55,8 @@
} \
} while (0)
+#define IMX_MAX_DESC 1024
+
static const char *imx_default_reg_name(IMXFECState *s, uint32_t index)
{
static char tmp[20];
@@ -402,12 +404,12 @@ static void imx_eth_update(IMXFECState *s)
static void imx_fec_do_tx(IMXFECState *s)
{
- int frame_size = 0;
+ int frame_size = 0, descnt = 0;
uint8_t frame[ENET_MAX_FRAME_SIZE];
uint8_t *ptr = frame;
uint32_t addr = s->tx_descriptor;
- while (1) {
+ while (descnt++ < IMX_MAX_DESC) {
IMXFECBufDesc bd;
int len;
@@ -453,12 +455,12 @@ static void imx_fec_do_tx(IMXFECState *s)
static void imx_enet_do_tx(IMXFECState *s)
{
- int frame_size = 0;
+ int frame_size = 0, descnt = 0;
uint8_t frame[ENET_MAX_FRAME_SIZE];
uint8_t *ptr = frame;
uint32_t addr = s->tx_descriptor;
- while (1) {
+ while (descnt++ < IMX_MAX_DESC) {
IMXENETBufDesc bd;
int len;
--
2.7.4
^ permalink raw reply related [flat|nested] 7+ messages in thread* [Qemu-devel] [PULL 5/5] net: e1000e: fix an infinite loop issue
2017-02-15 3:53 [Qemu-devel] [PULL 0/5] Net patches Jason Wang
` (3 preceding siblings ...)
2017-02-15 3:53 ` [Qemu-devel] [PULL 4/5] net: imx: limit buffer descriptor count Jason Wang
@ 2017-02-15 3:53 ` Jason Wang
2017-02-16 14:23 ` [Qemu-devel] [PULL 0/5] Net patches Peter Maydell
5 siblings, 0 replies; 7+ messages in thread
From: Jason Wang @ 2017-02-15 3:53 UTC (permalink / raw)
To: peter.maydell; +Cc: qemu-devel, Li Qiang, Li Qiang, Jason Wang
From: Li Qiang <liq3ea@gmail.com>
This issue is like the issue in e1000 network card addressed in
this commit:
e1000: eliminate infinite loops on out-of-bounds transfer start.
Signed-off-by: Li Qiang <liqiang6-s@360.cn>
Reviewed-by: Dmitry Fleytman <dmitry@daynix.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
---
hw/net/e1000e_core.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/hw/net/e1000e_core.c b/hw/net/e1000e_core.c
index c99e2fb..28c5be1 100644
--- a/hw/net/e1000e_core.c
+++ b/hw/net/e1000e_core.c
@@ -806,7 +806,8 @@ typedef struct E1000E_RingInfo_st {
static inline bool
e1000e_ring_empty(E1000ECore *core, const E1000E_RingInfo *r)
{
- return core->mac[r->dh] == core->mac[r->dt];
+ return core->mac[r->dh] == core->mac[r->dt] ||
+ core->mac[r->dt] >= core->mac[r->dlen] / E1000_RING_DESC_LEN;
}
static inline uint64_t
@@ -1522,6 +1523,10 @@ e1000e_write_packet_to_guest(E1000ECore *core, struct NetRxPkt *pkt,
desc_size = core->rx_desc_buf_size;
}
+ if (e1000e_ring_empty(core, rxi)) {
+ return;
+ }
+
base = e1000e_ring_head_descr(core, rxi);
pci_dma_read(d, base, &desc, core->rx_desc_len);
--
2.7.4
^ permalink raw reply related [flat|nested] 7+ messages in thread* Re: [Qemu-devel] [PULL 0/5] Net patches
2017-02-15 3:53 [Qemu-devel] [PULL 0/5] Net patches Jason Wang
` (4 preceding siblings ...)
2017-02-15 3:53 ` [Qemu-devel] [PULL 5/5] net: e1000e: fix an infinite loop issue Jason Wang
@ 2017-02-16 14:23 ` Peter Maydell
5 siblings, 0 replies; 7+ messages in thread
From: Peter Maydell @ 2017-02-16 14:23 UTC (permalink / raw)
To: Jason Wang; +Cc: QEMU Developers
On 15 February 2017 at 03:53, Jason Wang <jasowang@redhat.com> wrote:
> The following changes since commit 5dae13cd71f0755a1395b5a4cde635b8a6ee3f58:
>
> Merge remote-tracking branch 'remotes/rth/tags/pull-or-20170214' into staging (2017-02-14 09:55:48 +0000)
>
> are available in the git repository at:
>
> https://github.com/jasowang/qemu.git tags/net-pull-request
>
> for you to fetch changes up to 4154c7e03fa55b4cf52509a83d50d6c09d743b77:
>
> net: e1000e: fix an infinite loop issue (2017-02-15 11:18:57 +0800)
>
> ----------------------------------------------------------------
>
> ---------------------------------------------------------------
Applied, thanks.
-- PMM
^ permalink raw reply [flat|nested] 7+ messages in thread