From 5dd2d45e344b50b018912b6d98ab47493f946eb6 Mon Sep 17 00:00:00 2001 From: Jason Wang Date: Mon, 15 Feb 2016 12:52:34 +0800 Subject: net: filter: correctly remove filter from the list during finalization Qemu may crash when we want to add two filters on the same netdev but the initialization of second fails (e.g missing parameters): ./qemu-system-x86_64 -netdev user,id=un0 \ -object filter-buffer,id=f0,netdev=un0,interval=10 \ -object filter-buffer,id=f1,netdev=un0 Segmentation fault (core dumped) This is because we don't check whether or not the filter was in the list of netdev. This patch fixes this. Cc: Yang Hongyang Reviewed-by: Yang Hongyang Signed-off-by: Jason Wang --- net/filter.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'net') diff --git a/net/filter.c b/net/filter.c index d2a514e..7cdbc6c 100644 --- a/net/filter.c +++ b/net/filter.c @@ -196,7 +196,8 @@ static void netfilter_finalize(Object *obj) nfc->cleanup(nf); } - if (nf->netdev && !QTAILQ_EMPTY(&nf->netdev->filters)) { + if (nf->netdev && !QTAILQ_EMPTY(&nf->netdev->filters) && + nf->next.tqe_prev) { QTAILQ_REMOVE(&nf->netdev->filters, nf, next); } g_free(nf->netdev_id); -- cgit v1.1 From 3a2d44f6dd1d6cc1e5a5ebfa736a72e035c41d1b Mon Sep 17 00:00:00 2001 From: Paolo Bonzini Date: Fri, 26 Feb 2016 00:05:57 +0100 Subject: net: simplify net_init_tap_one logic net_init_tap_one receives in vhostfdname a fd name from vhostfd= or vhostfds=, or NULL if there is no vhostfd=/vhostfds=. It is simpler to just check vhostfdname, than it is to check for vhostfd= or vhostfds=. This also calms down Coverity, which otherwise thinks that monitor_fd_param could dereference a NULL vhostfdname. Signed-off-by: Paolo Bonzini Signed-off-by: Jason Wang --- net/tap.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'net') diff --git a/net/tap.c b/net/tap.c index cfb6831..cd7a7fc 100644 --- a/net/tap.c +++ b/net/tap.c @@ -662,7 +662,7 @@ static void net_init_tap_one(const NetdevTapOptions *tap, NetClientState *peer, options.backend_type = VHOST_BACKEND_TYPE_KERNEL; options.net_backend = &s->nc; - if (tap->has_vhostfd || tap->has_vhostfds) { + if (vhostfdname) { vhostfd = monitor_fd_param(cur_mon, vhostfdname, &err); if (vhostfd == -1) { error_propagate(errp, err); @@ -684,7 +684,7 @@ static void net_init_tap_one(const NetdevTapOptions *tap, NetClientState *peer, "vhost-net requested but could not be initialized"); return; } - } else if (tap->has_vhostfd || tap->has_vhostfds) { + } else if (vhostfdname) { error_setg(errp, "vhostfd= is not valid without vhost"); } } -- cgit v1.1 From 9fbad2ca36f099699ebdf91c523a9ddc34d6b1c4 Mon Sep 17 00:00:00 2001 From: Vincenzo Maffione Date: Wed, 24 Feb 2016 11:30:41 +0100 Subject: net: netmap: probe netmap interface for virtio-net header Previous implementation of has_ufo, has_vnet_hdr, has_vnet_hdr_len, etc. did not really probe for virtio-net header support for the netmap interface attached to the backend. These callbacks were correct for VALE ports, but incorrect for hardware NICs, pipes, monitors, etc. This patch fixes the implementation to work properly with all kinds of netmap ports. Signed-off-by: Vincenzo Maffione Signed-off-by: Jason Wang --- net/netmap.c | 59 ++++++++++++++++++++++++++++++++++++++--------------------- 1 file changed, 38 insertions(+), 21 deletions(-) (limited to 'net') diff --git a/net/netmap.c b/net/netmap.c index 9710321..1b42728 100644 --- a/net/netmap.c +++ b/net/netmap.c @@ -323,20 +323,47 @@ static void netmap_cleanup(NetClientState *nc) } /* Offloading manipulation support callbacks. */ -static bool netmap_has_ufo(NetClientState *nc) +static int netmap_fd_set_vnet_hdr_len(NetmapState *s, int len) { - return true; + struct nmreq req; + + /* Issue a NETMAP_BDG_VNET_HDR command to change the virtio-net header + * length for the netmap adapter associated to 's->ifname'. + */ + memset(&req, 0, sizeof(req)); + pstrcpy(req.nr_name, sizeof(req.nr_name), s->ifname); + req.nr_version = NETMAP_API; + req.nr_cmd = NETMAP_BDG_VNET_HDR; + req.nr_arg1 = len; + + return ioctl(s->nmd->fd, NIOCREGIF, &req); } -static bool netmap_has_vnet_hdr(NetClientState *nc) +static bool netmap_has_vnet_hdr_len(NetClientState *nc, int len) { + NetmapState *s = DO_UPCAST(NetmapState, nc, nc); + int prev_len = s->vnet_hdr_len; + + /* Check that we can set the new length. */ + if (netmap_fd_set_vnet_hdr_len(s, len)) { + return false; + } + + /* Restore the previous length. */ + if (netmap_fd_set_vnet_hdr_len(s, prev_len)) { + error_report("Failed to restore vnet-hdr length %d on %s: %s", + prev_len, s->ifname, strerror(errno)); + abort(); + } + return true; } -static bool netmap_has_vnet_hdr_len(NetClientState *nc, int len) +/* A netmap interface that supports virtio-net headers always + * supports UFO, so we use this callback also for the has_ufo hook. */ +static bool netmap_has_vnet_hdr(NetClientState *nc) { - return len == 0 || len == sizeof(struct virtio_net_hdr) || - len == sizeof(struct virtio_net_hdr_mrg_rxbuf); + return netmap_has_vnet_hdr_len(nc, sizeof(struct virtio_net_hdr)); } static void netmap_using_vnet_hdr(NetClientState *nc, bool enable) @@ -347,20 +374,11 @@ static void netmap_set_vnet_hdr_len(NetClientState *nc, int len) { NetmapState *s = DO_UPCAST(NetmapState, nc, nc); int err; - struct nmreq req; - /* Issue a NETMAP_BDG_VNET_HDR command to change the virtio-net header - * length for the netmap adapter associated to 's->ifname'. - */ - memset(&req, 0, sizeof(req)); - pstrcpy(req.nr_name, sizeof(req.nr_name), s->ifname); - req.nr_version = NETMAP_API; - req.nr_cmd = NETMAP_BDG_VNET_HDR; - req.nr_arg1 = len; - err = ioctl(s->nmd->fd, NIOCREGIF, &req); + err = netmap_fd_set_vnet_hdr_len(s, len); if (err) { - error_report("Unable to execute NETMAP_BDG_VNET_HDR on %s: %s", - s->ifname, strerror(errno)); + error_report("Unable to set vnet-hdr length %d on %s: %s", + len, s->ifname, strerror(errno)); } else { /* Keep track of the current length. */ s->vnet_hdr_len = len; @@ -373,8 +391,7 @@ static void netmap_set_offload(NetClientState *nc, int csum, int tso4, int tso6, NetmapState *s = DO_UPCAST(NetmapState, nc, nc); /* Setting a virtio-net header length greater than zero automatically - * enables the offloadings. - */ + * enables the offloadings. */ if (!s->vnet_hdr_len) { netmap_set_vnet_hdr_len(nc, sizeof(struct virtio_net_hdr)); } @@ -388,7 +405,7 @@ static NetClientInfo net_netmap_info = { .receive_iov = netmap_receive_iov, .poll = netmap_poll, .cleanup = netmap_cleanup, - .has_ufo = netmap_has_ufo, + .has_ufo = netmap_has_vnet_hdr, .has_vnet_hdr = netmap_has_vnet_hdr, .has_vnet_hdr_len = netmap_has_vnet_hdr_len, .using_vnet_hdr = netmap_using_vnet_hdr, -- cgit v1.1 From 338d3f415e131673ea51719b0c30edf65f69d806 Mon Sep 17 00:00:00 2001 From: zhanghailiang Date: Tue, 1 Mar 2016 13:37:02 +0800 Subject: filter: Add 'status' property for filter object With this property, users can control if this filter is 'on' or 'off'. The default behavior for filter is 'on'. For some types of filters, they may need to react to status changing, So here, we introduced status changing callback/notifier for filter class. We will skip the disabled ('off') filter when delivering packets in net layer. Signed-off-by: zhanghailiang Cc: Jason Wang Cc: Yang Hongyang Signed-off-by: Jason Wang --- net/filter.c | 41 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 41 insertions(+) (limited to 'net') diff --git a/net/filter.c b/net/filter.c index 7cdbc6c..a08ef68 100644 --- a/net/filter.c +++ b/net/filter.c @@ -17,6 +17,11 @@ #include "qom/object_interfaces.h" #include "qemu/iov.h" +static inline bool qemu_can_skip_netfilter(NetFilterState *nf) +{ + return !nf->on; +} + ssize_t qemu_netfilter_receive(NetFilterState *nf, NetFilterDirection direction, NetClientState *sender, @@ -25,6 +30,9 @@ ssize_t qemu_netfilter_receive(NetFilterState *nf, int iovcnt, NetPacketSent *sent_cb) { + if (qemu_can_skip_netfilter(nf)) { + return 0; + } if (nf->direction == direction || nf->direction == NET_FILTER_DIRECTION_ALL) { return NETFILTER_GET_CLASS(OBJECT(nf))->receive_iov( @@ -134,8 +142,38 @@ static void netfilter_set_direction(Object *obj, int direction, Error **errp) nf->direction = direction; } +static char *netfilter_get_status(Object *obj, Error **errp) +{ + NetFilterState *nf = NETFILTER(obj); + + return nf->on ? g_strdup("on") : g_strdup("off"); +} + +static void netfilter_set_status(Object *obj, const char *str, Error **errp) +{ + NetFilterState *nf = NETFILTER(obj); + NetFilterClass *nfc = NETFILTER_GET_CLASS(obj); + + if (strcmp(str, "on") && strcmp(str, "off")) { + error_setg(errp, "Invalid value for netfilter status, " + "should be 'on' or 'off'"); + return; + } + if (nf->on == !strcmp(str, "on")) { + return; + } + nf->on = !nf->on; + if (nfc->status_changed) { + nfc->status_changed(nf, errp); + } +} + static void netfilter_init(Object *obj) { + NetFilterState *nf = NETFILTER(obj); + + nf->on = true; + object_property_add_str(obj, "netdev", netfilter_get_netdev_id, netfilter_set_netdev_id, NULL); @@ -143,6 +181,9 @@ static void netfilter_init(Object *obj) NetFilterDirection_lookup, netfilter_get_direction, netfilter_set_direction, NULL); + object_property_add_str(obj, "status", + netfilter_get_status, netfilter_set_status, + NULL); } static void netfilter_complete(UserCreatable *uc, Error **errp) -- cgit v1.1 From f1b2bc601af5037f0af6d55575e619b912e348b5 Mon Sep 17 00:00:00 2001 From: zhanghailiang Date: Tue, 1 Mar 2016 13:37:03 +0800 Subject: filter-buffer: Add status_changed callback processing While the status of filter-buffer changing from 'on' to 'off', it need to release all the buffered packets, and delete the related timer, while switch from 'off' to 'on', it need to resume the release packets timer. Here, we extract the process of setup timer into a new helper, which will be used in the new status_changed callback. Signed-off-by: zhanghailiang Cc: Jason Wang Cc: Yang Hongyang Signed-off-by: Jason Wang --- net/filter-buffer.c | 34 ++++++++++++++++++++++++++++------ 1 file changed, 28 insertions(+), 6 deletions(-) (limited to 'net') diff --git a/net/filter-buffer.c b/net/filter-buffer.c index 12ad2e3..972177b 100644 --- a/net/filter-buffer.c +++ b/net/filter-buffer.c @@ -100,6 +100,19 @@ static void filter_buffer_cleanup(NetFilterState *nf) } } +static void filter_buffer_setup_timer(NetFilterState *nf) +{ + FilterBufferState *s = FILTER_BUFFER(nf); + + if (s->interval) { + timer_init_us(&s->release_timer, QEMU_CLOCK_VIRTUAL, + filter_buffer_release_timer, nf); + /* Timer armed to fire in s->interval microseconds. */ + timer_mod(&s->release_timer, + qemu_clock_get_us(QEMU_CLOCK_VIRTUAL) + s->interval); + } +} + static void filter_buffer_setup(NetFilterState *nf, Error **errp) { FilterBufferState *s = FILTER_BUFFER(nf); @@ -115,12 +128,20 @@ static void filter_buffer_setup(NetFilterState *nf, Error **errp) } s->incoming_queue = qemu_new_net_queue(qemu_netfilter_pass_to_next, nf); - if (s->interval) { - timer_init_us(&s->release_timer, QEMU_CLOCK_VIRTUAL, - filter_buffer_release_timer, nf); - /* Timer armed to fire in s->interval microseconds. */ - timer_mod(&s->release_timer, - qemu_clock_get_us(QEMU_CLOCK_VIRTUAL) + s->interval); + filter_buffer_setup_timer(nf); +} + +static void filter_buffer_status_changed(NetFilterState *nf, Error **errp) +{ + FilterBufferState *s = FILTER_BUFFER(nf); + + if (!nf->on) { + if (s->interval) { + timer_del(&s->release_timer); + } + filter_buffer_flush(nf); + } else { + filter_buffer_setup_timer(nf); } } @@ -131,6 +152,7 @@ static void filter_buffer_class_init(ObjectClass *oc, void *data) nfc->setup = filter_buffer_setup; nfc->cleanup = filter_buffer_cleanup; nfc->receive_iov = filter_buffer_receive_iov; + nfc->status_changed = filter_buffer_status_changed; } static void filter_buffer_get_interval(Object *obj, Visitor *v, -- cgit v1.1 From 362786f14a753d8a5256ef97d7c10ed576d6572b Mon Sep 17 00:00:00 2001 From: Prasad J Pandit Date: Wed, 2 Mar 2016 17:29:58 +0530 Subject: net: check packet payload length While computing IP checksum, 'net_checksum_calculate' reads payload length from the packet. It could exceed the given 'data' buffer size. Add a check to avoid it. Reported-by: Liu Ling Signed-off-by: Prasad J Pandit Signed-off-by: Jason Wang --- net/checksum.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) (limited to 'net') diff --git a/net/checksum.c b/net/checksum.c index b5016ab..d0fa424 100644 --- a/net/checksum.c +++ b/net/checksum.c @@ -60,6 +60,11 @@ void net_checksum_calculate(uint8_t *data, int length) int hlen, plen, proto, csum_offset; uint16_t csum; + /* Ensure data has complete L2 & L3 headers. */ + if (length < 14 + 20) { + return; + } + if ((data[14] & 0xf0) != 0x40) return; /* not IPv4 */ hlen = (data[14] & 0x0f) * 4; @@ -77,8 +82,9 @@ void net_checksum_calculate(uint8_t *data, int length) return; } - if (plen < csum_offset+2) - return; + if (plen < csum_offset + 2 || 14 + hlen + plen > length) { + return; + } data[14+hlen+csum_offset] = 0; data[14+hlen+csum_offset+1] = 0; -- cgit v1.1