- 31 5月, 2015 2 次提交
-
-
由 Jason Wang 提交于
VIRTIO_PCI_QUEUE_MAX is not only used for pci, so rename it be generic. Cc: Amit Shah <amit.shah@redhat.com> Cc: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: NJason Wang <jasowang@redhat.com> Reviewed-by: NMichael S. Tsirkin <mst@redhat.com> Signed-off-by: NMichael S. Tsirkin <mst@redhat.com>
-
由 Jason Wang 提交于
Instead of adding queues for multiqueue during feature set. This patch did this in .realize(), this will help the following patches that count the number of virtqueues used in .device_plugged() callback. Signed-off-by: NJason Wang <jasowang@redhat.com> Reviewed-by: NMichael S. Tsirkin <mst@redhat.com> Signed-off-by: NMichael S. Tsirkin <mst@redhat.com>
-
- 11 5月, 2015 1 次提交
-
-
由 Scott Feldman 提交于
Signed-off-by: NScott Feldman <sfeldma@gmail.com> Reviewed-by: NEric Blake <eblake@redhat.com> Message-id: 1426306173-24884-3-git-send-email-sfeldma@gmail.com Signed-off-by: NStefan Hajnoczi <stefanha@redhat.com>
-
- 30 4月, 2015 1 次提交
-
-
由 Stefan Weil 提交于
All of them were reported by codespell. Most typos are in comments, one is in an error message. Signed-off-by: NStefan Weil <sw@weilnetz.de> Reviewed-by: NPeter Maydell <peter.maydell@linaro.org> Reviewed-by: NStefan Hajnoczi <stefanha@redhat.com> Signed-off-by: NMichael Tokarev <mjt@tls.msk.ru>
-
- 28 4月, 2015 2 次提交
-
-
由 Shannon Zhao 提交于
So far virtio-net-device can't expose host features to guest while using virtio-mmio because it doesn't set DEFINE_VIRTIO_NET_FEATURES on backend or transport. So the performance is low. The host features belong to the backend while virtio-net-pci, virtio-net-s390 and virtio-net-ccw set the DEFINE_VIRTIO_NET_FEATURES on transports. But they already have the ability to forward property accesses to the backend child. So if we move the host features to backends, it doesn't break the backwards compatibility for them and make host features work while using virtio-mmio. Here we move DEFINE_VIRTIO_NET_FEATURES to the backend virtio-net. The transports just sync the host features from backend. Meanwhile move virtio_net_set_config_size to virtio-net to make sure the config size is correct and don't expose it. Signed-off-by: NShannon Zhao <zhaoshenglong@huawei.com> Signed-off-by: NShannon Zhao <shannon.zhao@linaro.org> Reviewed-by: NMichael S. Tsirkin <mst@redhat.com> Signed-off-by: NMichael S. Tsirkin <mst@redhat.com> Reviewed-by: NPeter Maydell <peter.maydell@linaro.org>
-
由 Jason Wang 提交于
Virtqueue were indexed from zero, so don't delete virtqueue whose index is n->max_queues * 2 + 1. Cc: Michael S. Tsirkin <mst@redhat.com> Cc: qemu-stable <qemu-stable@nongnu.org> Signed-off-by: NJason Wang <jasowang@redhat.com> Reviewed-by: NMichael S. Tsirkin <mst@redhat.com> Signed-off-by: NMichael S. Tsirkin <mst@redhat.com>
-
- 25 3月, 2015 1 次提交
-
-
由 Jason Wang 提交于
We don't validate the backend queue numbers against bus limitation, this will easily crash qemu if it exceeds the limitation which will hit the abort() in virtio_del_queue(). An example is trying to starting a virtio-net device with 256 queues. E.g: ./qemu-system-x86_64 -netdev tap,id=hn0,queues=256 -device virtio-net-pci,netdev=hn0 Fixing this by doing the validation and fail early. Cc: Michael S. Tsirkin <mst@redhat.com> Cc: qemu-stable <qemu-stable@nongnu.org> Signed-off-by: NJason Wang <jasowang@redhat.com> Reviewed-by: NMichael S. Tsirkin <mst@redhat.com> Signed-off-by: NMichael S. Tsirkin <mst@redhat.com> Reviewed-by: NStefan Hajnoczi <stefanha@redhat.com>
-
- 10 3月, 2015 1 次提交
-
-
由 Radim Krčmář 提交于
man gcc: Warn about logical not used on the left hand side operand of a comparison. This option does not warn if the RHS operand is of a boolean type. By preferring bool over int where sensible, but without modifying any depending code, make GCC happy in cases like this, qemu-img.c: In function ‘compare_sectors’: qemu-img.c:992:39: error: logical not is only applied to the left hand side of comparison [-Werror=logical-not-parentheses] if (!!memcmp(buf1, buf2, 512) != res) { hw/ide/core.c:1836 doesn't throw an error, assert(!!s->error == !!(s->status & ERR_STAT)); even thought the second operand is int (and first hunk of this patch has a very similar case), maybe GCC developers still have a little faith in C programmers. Signed-off-by: NRadim Krčmář <rkrcmar@redhat.com> Signed-off-by: NMichael Tokarev <mjt@tls.msk.ru>
-
- 26 2月, 2015 2 次提交
-
-
由 Cornelia Huck 提交于
Add a helper function for checking whether a bit is set in the guest features for a vdev as well as one that works on a feature bit set. Convert code that open-coded this: It cleans up the code and makes it easier to extend the guest feature bits. Signed-off-by: NCornelia Huck <cornelia.huck@de.ibm.com> Reviewed-by: NMichael S. Tsirkin <mst@redhat.com> Signed-off-by: NMichael S. Tsirkin <mst@redhat.com>
-
由 Cornelia Huck 提交于
Add virtio_{add,clear}_feature helper functions for manipulating a feature bits variable. This has some benefits over open coding: - add check that the bit is in a sane range - make it obvious at a glance what is going on - have a central point to change when we want to extend feature bits Convert existing code manipulating features to use the new helpers. Signed-off-by: NCornelia Huck <cornelia.huck@de.ibm.com> Reviewed-by: NMichael S. Tsirkin <mst@redhat.com> Signed-off-by: NMichael S. Tsirkin <mst@redhat.com>
-
- 12 1月, 2015 1 次提交
-
-
由 Paolo Bonzini 提交于
All NICs have a cleanup function that, in most cases, zeroes the pointer to the NICState. In some cases, it frees data belonging to the NIC. However, this function is never called except when exiting from QEMU. It is not necessary to NULL pointers and free data here; the right place to do that would be in the device's unrealize function, after calling qemu_del_nic. Zeroing the NIC multiple times is also wrong for multiqueue devices. This cleanup function gets in the way of making the NetClientStates for the NIC hold an object_ref reference to the object, so get rid of it. Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com> Signed-off-by: NStefan Hajnoczi <stefanha@redhat.com>
-
- 28 11月, 2014 1 次提交
-
-
由 Jason Wang 提交于
virtio_net_handle_ctrl() and other functions that process control vq request call iov_discard_front() which will shorten the iov. This will lead unmapping in virtqueue_push() leaks mapping. Fixes this by keeping the original iov untouched and using a temp variable in those functions. Cc: Wen Congyang <wency@cn.fujitsu.com> Cc: Stefano Stabellini <stefano.stabellini@eu.citrix.com> Cc: qemu-stable@nongnu.org Signed-off-by: NJason Wang <jasowang@redhat.com> Reviewed-by: NStefano Stabellini <stefano.stabellini@eu.citrix.com> Reviewed-by: NFam Zheng <famz@redhat.com> Reviewed-by: NMichael S. Tsirkin <mst@redhat.com> Message-id: 1417082643-23907-1-git-send-email-jasowang@redhat.com Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
-
- 15 10月, 2014 2 次提交
-
-
由 Gonglei 提交于
On this way, we can assure the new bootindex take effect during vm rebooting. Signed-off-by: NGonglei <arei.gonglei@huawei.com> Reviewed-by: NGerd Hoffmann <kraxel@redhat.com> Signed-off-by: NGerd Hoffmann <kraxel@redhat.com>
-
由 Gonglei 提交于
Add a qom property with the same name 'bootindex', when we remove it form qdev property, things will continue to work just fine, and we can use qom features which are not supported by qdev property. Signed-off-by: NGonglei <arei.gonglei@huawei.com> Reviewed-by: NGerd Hoffmann <kraxel@redhat.com> Signed-off-by: NGerd Hoffmann <kraxel@redhat.com>
-
- 19 9月, 2014 1 次提交
-
-
由 Michael S. Tsirkin 提交于
On vm stop, vm_running state set to stopped before device is notified, so callbacks can get envoked with vm_running = false; and this is not an error. Cc: qemu-stable@nongnu.org Acked-by: NJason Wang <jasowang@redhat.com> Signed-off-by: NMichael S. Tsirkin <mst@redhat.com>
-
- 05 9月, 2014 2 次提交
-
-
由 Michael S. Tsirkin 提交于
whenever we start vhost, virtio could have outstanding packets queued, when they complete later we'll modify the ring while vhost is processing it. To prevent this, purge outstanding packets on vhost start. Cc: qemu-stable@nongnu.org Cc: Jason Wang <jasowang@redhat.com> Signed-off-by: NMichael S. Tsirkin <mst@redhat.com> Signed-off-by: NStefan Hajnoczi <stefanha@redhat.com>
-
由 Michael S. Tsirkin 提交于
commit 783e7706 virtio-net: stop/start bh when appropriate is incomplete: BH might execute within the same main loop iteration but after vmstop, so in theory, we might trigger an assertion. I was unable to reproduce this in practice, but it seems clear enough that the potential is there, so worth fixing. Cc: qemu-stable@nongnu.org Reported-by: NStefan Hajnoczi <stefanha@redhat.com> Signed-off-by: NMichael S. Tsirkin <mst@redhat.com> Signed-off-by: NStefan Hajnoczi <stefanha@redhat.com>
-
- 02 9月, 2014 1 次提交
-
-
由 Michael S. Tsirkin 提交于
commit 783e7706 virtio-net: stop/start bh when appropriate is incomplete: BH might execute within the same main loop iteration but after vmstop, so in theory, we might trigger an assertion. I was unable to reproduce this in practice, but it seems clear enough that the potential is there, so worth fixing. Cc: qemu-stable@nongnu.org Reported-by: NStefan Hajnoczi <stefanha@redhat.com> Signed-off-by: NMichael S. Tsirkin <mst@redhat.com>
-
- 30 6月, 2014 4 次提交
-
-
由 Rusty Russell 提交于
Signed-off-by: NRusty Russell <rusty@rustcorp.com.au> Reviewed-by: NAnthony Liguori <aliguori@us.ibm.com> [ pass VirtIODevice * to memory accessors, converted new tswap locations to virtio_tswap, Greg Kurz <gkurz@linux.vnet.ibm.com> ] Signed-off-by: NGreg Kurz <gkurz@linux.vnet.ibm.com> Reviewed-by: NMichael S. Tsirkin <mst@redhat.com> Signed-off-by: NMichael S. Tsirkin <mst@redhat.com>
-
由 Greg Kurz 提交于
Signed-off-by: NGreg Kurz <gkurz@linux.vnet.ibm.com> Reviewed-by: NAlexander Graf <agraf@suse.de> Reviewed-by: NMichael S. Tsirkin <mst@redhat.com> Signed-off-by: NMichael S. Tsirkin <mst@redhat.com>
-
由 Greg Kurz 提交于
In order to migrate virtio subsections, they should be streamed after the device itself. We need the device specific code to be called from the common migration code to achieve this. This patch introduces load and save methods for this purpose. Suggested-by: NAndreas Färber <afaerber@suse.de> Signed-off-by: NGreg Kurz <gkurz@linux.vnet.ibm.com> Reviewed-by: NAlexander Graf <agraf@suse.de> Reviewed-by: NMichael S. Tsirkin <mst@redhat.com> Signed-off-by: NMichael S. Tsirkin <mst@redhat.com>
-
由 Cédric Le Goater 提交于
TCP connectivity fails when the guest has a different endianness. The packets are silently dropped on the host by the tap backend when they are read from user space because the endianness of the virtio-net header is in the wrong order. These lines may appear in the guest console: [ 454.709327] skbuff: bad partial csum: csum=8704/4096 len=74 [ 455.702554] skbuff: bad partial csum: csum=8704/4096 len=74 The issue that got first spotted with a ppc64le PowerKVM guest, but it also exists for the less common case of a x86_64 guest run by a big-endian ppc64 TCG hypervisor. Signed-off-by: NCédric Le Goater <clg@fr.ibm.com> [ Ported from PowerKVM, Greg Kurz <gkurz@linux.vnet.ibm.com> ] Signed-off-by: NGreg Kurz <gkurz@linux.vnet.ibm.com> Reviewed-by: NMichael S. Tsirkin <mst@redhat.com> Signed-off-by: NMichael S. Tsirkin <mst@redhat.com>
-
- 27 6月, 2014 1 次提交
-
-
由 Jiri Pirko 提交于
It indicates the number of elements in ncs field and makes sense to have int inside NICPeers. Also in parse_netdev we do not need to access container and work with NICPeers only. Signed-off-by: NJiri Pirko <jiri@resnulli.us> Signed-off-by: NStefan Hajnoczi <stefanha@redhat.com>
-
- 23 6月, 2014 1 次提交
-
-
由 Wenchao Xia 提交于
Param name is declared as optional, since in code it is an optional one. Signed-off-by: NWenchao Xia <wenchaoqemu@gmail.com> Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com> Reviewed-by: NEric Blake <eblake@redhat.com> Signed-off-by: NLuiz Capitulino <lcapitulino@redhat.com>
-
- 19 6月, 2014 4 次提交
-
-
由 Nikolay Nikolaev 提交于
This decouples virtio-net from the TAP netdev backend and allows support for other backends to be implemented. Signed-off-by: NAntonios Motakis <a.motakis@virtualopensystems.com> Signed-off-by: NNikolay Nikolaev <n.nikolaev@virtualopensystems.com> Reviewed-by: NMichael S. Tsirkin <mst@redhat.com> Signed-off-by: NMichael S. Tsirkin <mst@redhat.com>
-
由 Jason Wang 提交于
It's hard to track all mac addresses and their configurations (e.g vlan or ipv6) in qemu. Without this information, it's impossible to build proper garp packet after migration. The only possible solution to this is let guest (who knows all configurations) to do this. So, this patch introduces a new readonly config status bit of virtio-net, VIRTIO_NET_S_ANNOUNCE which is used to notify guest to announce presence of its link through config update interrupt.When guest has done the announcement, it should ack the notification through VIRTIO_NET_CTRL_ANNOUNCE_ACK cmd. This feature is negotiated by a new feature bit VIRTIO_NET_F_ANNOUNCE (which has already been supported by Linux guest). During load, a counter of announcing rounds is set so that after the vm is running it can trigger rounds of config interrupts to notify the guest to build and send the correct garps. Cc: Liuyongan <liuyongan@huawei.com> Cc: Amos Kong <akong@redhat.com> Signed-off-by: NJason Wang <jasowang@redhat.com> Reviewed-by: NMichael S. Tsirkin <mst@redhat.com> Signed-off-by: NMichael S. Tsirkin <mst@redhat.com>
-
由 Markus Armbruster 提交于
Signed-off-by: NMarkus Armbruster <armbru@redhat.com> Reviewed-by: NMichael S. Tsirkin <mst@redhat.com> Signed-off-by: NMichael S. Tsirkin <mst@redhat.com> Reviewed-by: NEric Blake <eblake@redhat.com>
-
由 Markus Armbruster 提交于
Signed-off-by: NMarkus Armbruster <armbru@redhat.com> Reviewed-by: NMichael S. Tsirkin <mst@redhat.com> Signed-off-by: NMichael S. Tsirkin <mst@redhat.com> Reviewed-by: NEric Blake <eblake@redhat.com>
-
- 06 5月, 2014 1 次提交
-
-
由 Michael S. Tsirkin 提交于
CVE-2013-4149 QEMU 1.3.0 out-of-bounds buffer write in virtio_net_load()@hw/net/virtio-net.c > } else if (n->mac_table.in_use) { > uint8_t *buf = g_malloc0(n->mac_table.in_use); We are allocating buffer of size n->mac_table.in_use > qemu_get_buffer(f, buf, n->mac_table.in_use * ETH_ALEN); and read to the n->mac_table.in_use size buffer n->mac_table.in_use * ETH_ALEN bytes, corrupting memory. If adversary controls state then memory written there is controlled by adversary. Reviewed-by: NMichael Roth <mdroth@linux.vnet.ibm.com> Signed-off-by: NMichael S. Tsirkin <mst@redhat.com> Signed-off-by: NJuan Quintela <quintela@redhat.com>
-
- 05 5月, 2014 1 次提交
-
-
由 Michael S. Tsirkin 提交于
CVE-2013-4150 QEMU 1.5.0 out-of-bounds buffer write in virtio_net_load()@hw/net/virtio-net.c This code is in hw/net/virtio-net.c: if (n->max_queues > 1) { if (n->max_queues != qemu_get_be16(f)) { error_report("virtio-net: different max_queues "); return -1; } n->curr_queues = qemu_get_be16(f); for (i = 1; i < n->curr_queues; i++) { n->vqs[i].tx_waiting = qemu_get_be32(f); } } Number of vqs is max_queues, so if we get invalid input here, for example if max_queues = 2, curr_queues = 3, we get write beyond end of the buffer, with data that comes from wire. This might be used to corrupt qemu memory in hard to predict ways. Since we have lots of function pointers around, RCE might be possible. Signed-off-by: NMichael S. Tsirkin <mst@redhat.com> Acked-by: NJason Wang <jasowang@redhat.com> Reviewed-by: NMichael Roth <mdroth@linux.vnet.ibm.com> Signed-off-by: NJuan Quintela <quintela@redhat.com>
-
- 11 4月, 2014 1 次提交
-
-
由 Michael S. Tsirkin 提交于
When VM guest programs multicast addresses for a virtio net card, it supplies a 32 bit entries counter for the number of addresses. These addresses are read into tail portion of a fixed macs array which has size MAC_TABLE_ENTRIES, at offset equal to in_use. To avoid overflow of this array by guest, qemu attempts to test the size as follows: - if (in_use + mac_data.entries <= MAC_TABLE_ENTRIES) { however, as mac_data.entries is uint32_t, this sum can overflow, e.g. if in_use is 1 and mac_data.entries is 0xffffffff then in_use + mac_data.entries will be 0. Qemu will then read guest supplied buffer into this memory, overflowing buffer on heap. CVE-2014-0150 Cc: qemu-stable@nongnu.org Signed-off-by: NMichael S. Tsirkin <mst@redhat.com> Message-id: 1397218574-25058-1-git-send-email-mst@redhat.com Reviewed-by: NMichael Tokarev <mjt@tls.msk.ru> Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
-
- 26 3月, 2014 2 次提交
-
-
由 Amos Kong 提交于
Stefan Fritsch just fixed a virtio-net driver bug [1], virtio-net won't filter out VLAN-tagged packets if VIRTIO_NET_F_CTRL_VLAN isn't negotiated. This patch added a new field to @RxFilterInfo to indicate vlan receive state ('normal', 'none', 'all'). If VIRTIO_NET_F_CTRL_VLAN isn't negotiated, vlan receive state will be 'all', then all VLAN-tagged packets will be received by guest. This patch also fixed a boundary issue in visiting vlan table. [1] http://lists.nongnu.org/archive/html/qemu-devel/2014-02/msg02604.htmlSigned-off-by: NAmos Kong <akong@redhat.com> Reviewed-by: NMichael S. Tsirkin <mst@redhat.com> Signed-off-by: NMichael S. Tsirkin <mst@redhat.com> Reviewed-by: NEric Blake <eblake@redhat.com>
-
由 Stefan Fritsch 提交于
If VIRTIO_NET_F_CTRL_VLAN is not negotiated, do not filter out all VLAN-tagged packets but send them to the guest. This fixes VLANs with OpenBSD guests (and probably NetBSD, too, because the OpenBSD driver started as a port from NetBSD). Signed-off-by: NStefan Fritsch <sf@sfritsch.de> Signed-off-by: NAmos Kong <akong@redhat.com> Reviewed-by: NMichael S. Tsirkin <mst@redhat.com> Signed-off-by: NMichael S. Tsirkin <mst@redhat.com>
-
- 10 3月, 2014 1 次提交
-
-
由 Joel Stanley 提交于
peer_{de,at}tach were called from inside assert(). We don't support building without NDEBUG but it's not tidy. Rearrange to attach peer outside assert calls. Signed-off-by: NJoel Stanley <joel@jms.id.au> Reviewed-by: NMichael S. Tsirkin <mst@redhat.com> Signed-off-by: NMichael S. Tsirkin <mst@redhat.com>
-
- 25 2月, 2014 3 次提交
-
-
由 Stefan Hajnoczi 提交于
qemu_get_queue() is a shorthand for qemu_get_subqueue(n->nic, 0). Use the shorthand where possible. Signed-off-by: NStefan Hajnoczi <stefanha@redhat.com>
-
由 Stefan Hajnoczi 提交于
The virtio_net offload APIs are used on the NIC's peer (i.e. the tap device). The API was defined to implicitly use nc->peer, saving the caller the trouble. This wasn't ideal because: 1. There are callers who have the peer but not the NIC. Currently they are forced to bypass the API and access peer->info->... directly. 2. The rest of the net.h API uses nc, not nc->peer, so it is inconsistent. This patch pushes nc->peer back up to callers. Signed-off-by: NStefan Hajnoczi <stefanha@redhat.com>
-
由 Vincenzo Maffione 提交于
With this patch, virtio-net and vmxnet3 frontends make use of the qemu_peer_* API for backend offloadings manipulations, instead of calling TAP-specific functions directly. We also remove the existing checks which prevent those frontends from using offloadings with backends different from TAP (e.g. netmap). Signed-off-by: NVincenzo Maffione <v.maffione@gmail.com> Signed-off-by: NStefan Hajnoczi <stefanha@redhat.com>
-
- 10 12月, 2013 3 次提交
-
-
由 Andreas Färber 提交于
Signed-off-by: NAndreas Färber <afaerber@suse.de> Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
-
由 Andreas Färber 提交于
Signed-off-by: NAndreas Färber <afaerber@suse.de> Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
-
由 Andreas Färber 提交于
Rename variable qdev -> dev since that's what realize's argument is called by convention. Avoid duplicate VIRTIO_DEVICE() cast. Signed-off-by: NAndreas Färber <afaerber@suse.de> Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
-