* [PULL 0/4] Net patches
@ 2020-07-28 5:57 Jason Wang
2020-07-28 5:57 ` [PULL 1/4] virtio-pci: fix wrong index in virtio_pci_queue_enabled Jason Wang
` (4 more replies)
0 siblings, 5 replies; 6+ messages in thread
From: Jason Wang @ 2020-07-28 5:57 UTC (permalink / raw)
To: peter.maydell; +Cc: Jason Wang, qemu-devel
The following changes since commit 9303ecb658a0194560d1eecde165a1511223c2d8:
Merge remote-tracking branch 'remotes/cohuck/tags/s390x-20200727' into staging (2020-07-27 17:25:06 +0100)
are available in the git repository at:
https://github.com/jasowang/qemu.git tags/net-pull-request
for you to fetch changes up to 7142cad78d6bf4a1cbcb09d06b39935a7998c24e:
net: forbid the reentrant RX (2020-07-28 13:50:41 +0800)
----------------------------------------------------------------
Want to send earlier but most patches just come.
- fix vhost-vdpa issues when no peer
- fix virtio-pci queue enabling check
- forbid reentrant RX
----------------------------------------------------------------
Jason Wang (2):
virtio-net: check the existence of peer before accessing vDPA config
net: forbid the reentrant RX
Laurent Vivier (1):
virtio-pci: fix virtio_pci_queue_enabled()
Yuri Benditovich (1):
virtio-pci: fix wrong index in virtio_pci_queue_enabled
hw/net/virtio-net.c | 30 +++++++++++++++++++-----------
hw/virtio/virtio-pci.c | 4 ++--
hw/virtio/virtio.c | 7 ++++++-
include/hw/virtio/virtio.h | 1 +
net/queue.c | 3 +++
5 files changed, 31 insertions(+), 14 deletions(-)
^ permalink raw reply [flat|nested] 6+ messages in thread
* [PULL 1/4] virtio-pci: fix wrong index in virtio_pci_queue_enabled
2020-07-28 5:57 [PULL 0/4] Net patches Jason Wang
@ 2020-07-28 5:57 ` Jason Wang
2020-07-28 5:57 ` [PULL 2/4] virtio-pci: fix virtio_pci_queue_enabled() Jason Wang
` (3 subsequent siblings)
4 siblings, 0 replies; 6+ messages in thread
From: Jason Wang @ 2020-07-28 5:57 UTC (permalink / raw)
To: peter.maydell; +Cc: Yuri Benditovich, Jason Wang, qemu-devel
From: Yuri Benditovich <yuri.benditovich@daynix.com>
https://bugzilla.redhat.com/show_bug.cgi?id=1702608
Fixes: f19bcdfedd53 ("virtio-pci: implement queue_enabled method")
Signed-off-by: Yuri Benditovich <yuri.benditovich@daynix.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
---
hw/virtio/virtio-pci.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/hw/virtio/virtio-pci.c b/hw/virtio/virtio-pci.c
index ada1101..2b1f9cc 100644
--- a/hw/virtio/virtio-pci.c
+++ b/hw/virtio/virtio-pci.c
@@ -1113,7 +1113,7 @@ static bool virtio_pci_queue_enabled(DeviceState *d, int n)
VirtIODevice *vdev = virtio_bus_get_device(&proxy->bus);
if (virtio_vdev_has_feature(vdev, VIRTIO_F_VERSION_1)) {
- return proxy->vqs[vdev->queue_sel].enabled;
+ return proxy->vqs[n].enabled;
}
return virtio_queue_enabled(vdev, n);
--
2.7.4
^ permalink raw reply related [flat|nested] 6+ messages in thread
* [PULL 2/4] virtio-pci: fix virtio_pci_queue_enabled()
2020-07-28 5:57 [PULL 0/4] Net patches Jason Wang
2020-07-28 5:57 ` [PULL 1/4] virtio-pci: fix wrong index in virtio_pci_queue_enabled Jason Wang
@ 2020-07-28 5:57 ` Jason Wang
2020-07-28 5:57 ` [PULL 3/4] virtio-net: check the existence of peer before accessing vDPA config Jason Wang
` (2 subsequent siblings)
4 siblings, 0 replies; 6+ messages in thread
From: Jason Wang @ 2020-07-28 5:57 UTC (permalink / raw)
To: peter.maydell
Cc: Laurent Vivier, Jason Wang, qemu-devel, Cindy Lu, Michael S . Tsirkin
From: Laurent Vivier <lvivier@redhat.com>
In legacy mode, virtio_pci_queue_enabled() falls back to
virtio_queue_enabled() to know if the queue is enabled.
But virtio_queue_enabled() calls again virtio_pci_queue_enabled()
if k->queue_enabled is set. This ends in a crash after a stack
overflow.
The problem can be reproduced with
"-device virtio-net-pci,disable-legacy=off,disable-modern=true
-net tap,vhost=on"
And a look to the backtrace is very explicit:
...
#4 0x000000010029a438 in virtio_queue_enabled ()
#5 0x0000000100497a9c in virtio_pci_queue_enabled ()
...
#130902 0x000000010029a460 in virtio_queue_enabled ()
#130903 0x0000000100497a9c in virtio_pci_queue_enabled ()
#130904 0x000000010029a460 in virtio_queue_enabled ()
#130905 0x0000000100454a20 in vhost_net_start ()
...
This patch fixes the problem by introducing a new function
for the legacy case and calls it from virtio_pci_queue_enabled().
It also calls it from virtio_queue_enabled() to avoid code duplication.
Fixes: f19bcdfedd53 ("virtio-pci: implement queue_enabled method")
Cc: Jason Wang <jasowang@redhat.com>
Cc: Cindy Lu <lulu@redhat.com>
CC: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Laurent Vivier <lvivier@redhat.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
---
hw/virtio/virtio-pci.c | 2 +-
hw/virtio/virtio.c | 7 ++++++-
include/hw/virtio/virtio.h | 1 +
3 files changed, 8 insertions(+), 2 deletions(-)
diff --git a/hw/virtio/virtio-pci.c b/hw/virtio/virtio-pci.c
index 2b1f9cc..ccdf54e 100644
--- a/hw/virtio/virtio-pci.c
+++ b/hw/virtio/virtio-pci.c
@@ -1116,7 +1116,7 @@ static bool virtio_pci_queue_enabled(DeviceState *d, int n)
return proxy->vqs[n].enabled;
}
- return virtio_queue_enabled(vdev, n);
+ return virtio_queue_enabled_legacy(vdev, n);
}
static int virtio_pci_add_mem_cap(VirtIOPCIProxy *proxy,
diff --git a/hw/virtio/virtio.c b/hw/virtio/virtio.c
index 546a198..e983025 100644
--- a/hw/virtio/virtio.c
+++ b/hw/virtio/virtio.c
@@ -3309,6 +3309,11 @@ hwaddr virtio_queue_get_desc_addr(VirtIODevice *vdev, int n)
return vdev->vq[n].vring.desc;
}
+bool virtio_queue_enabled_legacy(VirtIODevice *vdev, int n)
+{
+ return virtio_queue_get_desc_addr(vdev, n) != 0;
+}
+
bool virtio_queue_enabled(VirtIODevice *vdev, int n)
{
BusState *qbus = qdev_get_parent_bus(DEVICE(vdev));
@@ -3317,7 +3322,7 @@ bool virtio_queue_enabled(VirtIODevice *vdev, int n)
if (k->queue_enabled) {
return k->queue_enabled(qbus->parent, n);
}
- return virtio_queue_get_desc_addr(vdev, n) != 0;
+ return virtio_queue_enabled_legacy(vdev, n);
}
hwaddr virtio_queue_get_avail_addr(VirtIODevice *vdev, int n)
diff --git a/include/hw/virtio/virtio.h b/include/hw/virtio/virtio.h
index 198ffc7..e424df1 100644
--- a/include/hw/virtio/virtio.h
+++ b/include/hw/virtio/virtio.h
@@ -295,6 +295,7 @@ typedef struct VirtIORNGConf VirtIORNGConf;
VIRTIO_F_RING_PACKED, false)
hwaddr virtio_queue_get_desc_addr(VirtIODevice *vdev, int n);
+bool virtio_queue_enabled_legacy(VirtIODevice *vdev, int n);
bool virtio_queue_enabled(VirtIODevice *vdev, int n);
hwaddr virtio_queue_get_avail_addr(VirtIODevice *vdev, int n);
hwaddr virtio_queue_get_used_addr(VirtIODevice *vdev, int n);
--
2.7.4
^ permalink raw reply related [flat|nested] 6+ messages in thread
* [PULL 3/4] virtio-net: check the existence of peer before accessing vDPA config
2020-07-28 5:57 [PULL 0/4] Net patches Jason Wang
2020-07-28 5:57 ` [PULL 1/4] virtio-pci: fix wrong index in virtio_pci_queue_enabled Jason Wang
2020-07-28 5:57 ` [PULL 2/4] virtio-pci: fix virtio_pci_queue_enabled() Jason Wang
@ 2020-07-28 5:57 ` Jason Wang
2020-07-28 5:57 ` [PULL 4/4] net: forbid the reentrant RX Jason Wang
2020-07-28 9:02 ` [PULL 0/4] Net patches Jason Wang
4 siblings, 0 replies; 6+ messages in thread
From: Jason Wang @ 2020-07-28 5:57 UTC (permalink / raw)
To: peter.maydell; +Cc: Jason Wang, qemu-devel, Cindy Lu
We try to check whether a peer is VDPA in order to get config from
there - with no peer, this leads to a NULL
pointer dereference. Add a check before trying to access the peer
type. No peer means not VDPA.
Fixes: 108a64818e69b ("vhost-vdpa: introduce vhost-vdpa backend")
Cc: Cindy Lu <lulu@redhat.com>
Tested-by: Cornelia Huck <cohuck@redhat.com>
Reviewed-by: Cornelia Huck <cohuck@redhat.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
---
hw/net/virtio-net.c | 30 +++++++++++++++++++-----------
1 file changed, 19 insertions(+), 11 deletions(-)
diff --git a/hw/net/virtio-net.c b/hw/net/virtio-net.c
index 4895af1..a1fe9e9 100644
--- a/hw/net/virtio-net.c
+++ b/hw/net/virtio-net.c
@@ -125,6 +125,7 @@ static void virtio_net_get_config(VirtIODevice *vdev, uint8_t *config)
{
VirtIONet *n = VIRTIO_NET(vdev);
struct virtio_net_config netcfg;
+ NetClientState *nc = qemu_get_queue(n->nic);
int ret = 0;
memset(&netcfg, 0 , sizeof(struct virtio_net_config));
@@ -142,13 +143,16 @@ static void virtio_net_get_config(VirtIODevice *vdev, uint8_t *config)
VIRTIO_NET_RSS_SUPPORTED_HASHES);
memcpy(config, &netcfg, n->config_size);
- NetClientState *nc = qemu_get_queue(n->nic);
- if (nc->peer->info->type == NET_CLIENT_DRIVER_VHOST_VDPA) {
+ /*
+ * Is this VDPA? No peer means not VDPA: there's no way to
+ * disconnect/reconnect a VDPA peer.
+ */
+ if (nc->peer && nc->peer->info->type == NET_CLIENT_DRIVER_VHOST_VDPA) {
ret = vhost_net_get_config(get_vhost_net(nc->peer), (uint8_t *)&netcfg,
- n->config_size);
- if (ret != -1) {
- memcpy(config, &netcfg, n->config_size);
- }
+ n->config_size);
+ if (ret != -1) {
+ memcpy(config, &netcfg, n->config_size);
+ }
}
}
@@ -156,6 +160,7 @@ static void virtio_net_set_config(VirtIODevice *vdev, const uint8_t *config)
{
VirtIONet *n = VIRTIO_NET(vdev);
struct virtio_net_config netcfg = {};
+ NetClientState *nc = qemu_get_queue(n->nic);
memcpy(&netcfg, config, n->config_size);
@@ -166,11 +171,14 @@ static void virtio_net_set_config(VirtIODevice *vdev, const uint8_t *config)
qemu_format_nic_info_str(qemu_get_queue(n->nic), n->mac);
}
- NetClientState *nc = qemu_get_queue(n->nic);
- if (nc->peer->info->type == NET_CLIENT_DRIVER_VHOST_VDPA) {
- vhost_net_set_config(get_vhost_net(nc->peer), (uint8_t *)&netcfg,
- 0, n->config_size,
- VHOST_SET_CONFIG_TYPE_MASTER);
+ /*
+ * Is this VDPA? No peer means not VDPA: there's no way to
+ * disconnect/reconnect a VDPA peer.
+ */
+ if (nc->peer && nc->peer->info->type == NET_CLIENT_DRIVER_VHOST_VDPA) {
+ vhost_net_set_config(get_vhost_net(nc->peer),
+ (uint8_t *)&netcfg, 0, n->config_size,
+ VHOST_SET_CONFIG_TYPE_MASTER);
}
}
--
2.7.4
^ permalink raw reply related [flat|nested] 6+ messages in thread
* [PULL 4/4] net: forbid the reentrant RX
2020-07-28 5:57 [PULL 0/4] Net patches Jason Wang
` (2 preceding siblings ...)
2020-07-28 5:57 ` [PULL 3/4] virtio-net: check the existence of peer before accessing vDPA config Jason Wang
@ 2020-07-28 5:57 ` Jason Wang
2020-07-28 9:02 ` [PULL 0/4] Net patches Jason Wang
4 siblings, 0 replies; 6+ messages in thread
From: Jason Wang @ 2020-07-28 5:57 UTC (permalink / raw)
To: peter.maydell; +Cc: Jason Wang, qemu-devel
The memory API allows DMA into NIC's MMIO area. This means the NIC's
RX routine must be reentrant. Instead of auditing all the NIC, we can
simply detect the reentrancy and return early. The queue->delivering
is set and cleared by qemu_net_queue_deliver() for other queue helpers
to know whether the delivering in on going (NIC's receive is being
called). We can check it and return early in qemu_net_queue_flush() to
forbid reentrant RX.
Signed-off-by: Jason Wang <jasowang@redhat.com>
---
net/queue.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/net/queue.c b/net/queue.c
index 0164727..19e32c8 100644
--- a/net/queue.c
+++ b/net/queue.c
@@ -250,6 +250,9 @@ void qemu_net_queue_purge(NetQueue *queue, NetClientState *from)
bool qemu_net_queue_flush(NetQueue *queue)
{
+ if (queue->delivering)
+ return false;
+
while (!QTAILQ_EMPTY(&queue->packets)) {
NetPacket *packet;
int ret;
--
2.7.4
^ permalink raw reply related [flat|nested] 6+ messages in thread
* Re: [PULL 0/4] Net patches
2020-07-28 5:57 [PULL 0/4] Net patches Jason Wang
` (3 preceding siblings ...)
2020-07-28 5:57 ` [PULL 4/4] net: forbid the reentrant RX Jason Wang
@ 2020-07-28 9:02 ` Jason Wang
4 siblings, 0 replies; 6+ messages in thread
From: Jason Wang @ 2020-07-28 9:02 UTC (permalink / raw)
To: peter.maydell; +Cc: qemu-devel
On 2020/7/28 下午1:57, Jason Wang wrote:
> The following changes since commit 9303ecb658a0194560d1eecde165a1511223c2d8:
>
> Merge remote-tracking branch 'remotes/cohuck/tags/s390x-20200727' into staging (2020-07-27 17:25:06 +0100)
>
> are available in the git repository at:
>
> https://github.com/jasowang/qemu.git tags/net-pull-request
>
> for you to fetch changes up to 7142cad78d6bf4a1cbcb09d06b39935a7998c24e:
>
> net: forbid the reentrant RX (2020-07-28 13:50:41 +0800)
>
> ----------------------------------------------------------------
> Want to send earlier but most patches just come.
>
> - fix vhost-vdpa issues when no peer
> - fix virtio-pci queue enabling check
> - forbid reentrant RX
>
> ----------------------------------------------------------------
> Jason Wang (2):
> virtio-net: check the existence of peer before accessing vDPA config
> net: forbid the reentrant RX
>
> Laurent Vivier (1):
> virtio-pci: fix virtio_pci_queue_enabled()
Just notice this has been merged.
Will send a V2.
Thanks
>
> Yuri Benditovich (1):
> virtio-pci: fix wrong index in virtio_pci_queue_enabled
>
> hw/net/virtio-net.c | 30 +++++++++++++++++++-----------
> hw/virtio/virtio-pci.c | 4 ++--
> hw/virtio/virtio.c | 7 ++++++-
> include/hw/virtio/virtio.h | 1 +
> net/queue.c | 3 +++
> 5 files changed, 31 insertions(+), 14 deletions(-)
>
>
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2020-07-28 9:03 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-07-28 5:57 [PULL 0/4] Net patches Jason Wang
2020-07-28 5:57 ` [PULL 1/4] virtio-pci: fix wrong index in virtio_pci_queue_enabled Jason Wang
2020-07-28 5:57 ` [PULL 2/4] virtio-pci: fix virtio_pci_queue_enabled() Jason Wang
2020-07-28 5:57 ` [PULL 3/4] virtio-net: check the existence of peer before accessing vDPA config Jason Wang
2020-07-28 5:57 ` [PULL 4/4] net: forbid the reentrant RX Jason Wang
2020-07-28 9:02 ` [PULL 0/4] Net patches Jason Wang
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.