From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from [140.186.70.92] (port=57551 helo=eggs.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1OSD4D-0006az-D2 for qemu-devel@nongnu.org; Fri, 25 Jun 2010 13:51:57 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.69) (envelope-from ) id 1OS6gz-0007u6-EG for qemu-devel@nongnu.org; Fri, 25 Jun 2010 07:03:30 -0400 Received: from mx1.redhat.com ([209.132.183.28]:36866) by eggs.gnu.org with esmtp (Exim 4.69) (envelope-from ) id 1OS6gz-0007tD-67 for qemu-devel@nongnu.org; Fri, 25 Jun 2010 07:03:29 -0400 Received: from int-mx05.intmail.prod.int.phx2.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com [10.5.11.18]) by mx1.redhat.com (8.13.8/8.13.8) with ESMTP id o5PB3QL6025121 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK) for ; Fri, 25 Jun 2010 07:03:27 -0400 Date: Fri, 25 Jun 2010 13:58:33 +0300 From: "Michael S. Tsirkin" Message-ID: <20100625105833.GA16444@redhat.com> References: <20100624155407.GA11165@redhat.com> <20100625071703.GA1332@amit-laptop.redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20100625071703.GA1332@amit-laptop.redhat.com> Subject: [Qemu-devel] Re: [PATCHv3] virtio-net: correct packet length math List-Id: qemu-devel.nongnu.org List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: Amit Shah Cc: alex.williamson@redhat.com, qemu-devel@nongnu.org, Juan Quintela On Fri, Jun 25, 2010 at 12:47:03PM +0530, Amit Shah wrote: > On (Thu) Jun 24 2010 [18:54:07], Michael S. Tsirkin wrote: > > We were requesting too much when checking buffer > > length: size already includes host header length. > > > > Further, we should not exit if we get a packet that > > is too long, since this might not be under control > > of the guest. Just drop the packet. > > control of the host? Well, host too I guess. What I was trying to say, it might not be the fault of the guest that it got a packet that is too long. > > @@ -579,19 +581,32 @@ static ssize_t virtio_net_receive(VLANClientState *nc, const uint8_t *buf, size_ > > mhdr = (struct virtio_net_hdr_mrg_rxbuf *)sg[0].iov_base; > > > > offset += receive_header(n, sg, elem.in_num, > > - buf + offset, size - offset, hdr_len); > > - total += hdr_len; > > + buf + offset, size - offset, guest_hdr_len); > > + total += guest_hdr_len; > > } > > > > /* copy in packet. ugh */ > > len = iov_from_buf(sg, elem.in_num, > > buf + offset, size - offset); > > total += len; > > + offset += len; > > + /* If buffers can't be merged, at this point we > > + * must have consumed the complete packet. > > + * Otherwise, drop it. */ > > + if (!n->mergeable_rx_bufs && offset < size) { > > +#if 0 > > + fprintf(stderr, "virtio-net truncated non-mergeable packet: " > > + > > + "i %zd mergeable %d offset %zd, size %zd, " > > + "guest hdr len %zd, host hdr len %zd\n", > > + i, n->mergeable_rx_bufs, > > + offset, size, guest_hdr_len, host_hdr_len); > > +#endif > > + return size; > > + } > > Before returning, won't you have to finish off the virtqueue operations > -- fill, flush, kick, etc.? > > Amit No, this would consume a buffer. We just want to drop the packet without side-effects. But we do need to decrement the inuse counter. I'll respin the patch. -- MST