search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
qjson: Don't crash when input exceeds nesting limit
[qemu/ar7.git] / hw / net / xen_nic.c
blob0da16b44f40a708c8ecb43f9b6e9521aad81ff96
1 /*
2 * xen paravirt network card backend
3 *
4 * (c) Gerd Hoffmann <kraxel@redhat.com>
5 *
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; under version 2 of the License.
9 *
10 * This program is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 * GNU General Public License for more details.
14 *
15 * You should have received a copy of the GNU General Public License along
16 * with this program; if not, see <http://www.gnu.org/licenses/>.
17 *
18 * Contributions after 2012-01-13 are licensed under the terms of the
19 * GNU GPL, version 2 or (at your option) any later version.
20 */
21
22 #include <stdio.h>
23 #include <stdlib.h>
24 #include <stdarg.h>
25 #include <string.h>
26 #include <unistd.h>
27 #include <inttypes.h>
28 #include <fcntl.h>
29 #include <errno.h>
30 #include <sys/socket.h>
31 #include <sys/ioctl.h>
32 #include <sys/types.h>
33 #include <sys/stat.h>
34 #include <sys/mman.h>
35 #include <sys/wait.h>
36
37 #include "hw/hw.h"
38 #include "net/net.h"
39 #include "net/checksum.h"
40 #include "net/util.h"
41 #include "hw/xen/xen_backend.h"
42
43 #include <xen/io/netif.h>
44
45 /* ------------------------------------------------------------- */
46
47 struct XenNetDev {
48 struct XenDevice xendev; /* must be first */
49 char *mac;
50 int tx_work;
51 int tx_ring_ref;
52 int rx_ring_ref;
53 struct netif_tx_sring *txs;
54 struct netif_rx_sring *rxs;
55 netif_tx_back_ring_t tx_ring;
56 netif_rx_back_ring_t rx_ring;
57 NICConf conf;
58 NICState *nic;
59 };
60
61 /* ------------------------------------------------------------- */
62
63 static void net_tx_response(struct XenNetDev *netdev, netif_tx_request_t *txp, int8_t st)
64 {
65 RING_IDX i = netdev->tx_ring.rsp_prod_pvt;
66 netif_tx_response_t *resp;
67 int notify;
68
69 resp = RING_GET_RESPONSE(&netdev->tx_ring, i);
70 resp->id = txp->id;
71 resp->status = st;
72
73 #if 0
74 if (txp->flags & NETTXF_extra_info) {
75 RING_GET_RESPONSE(&netdev->tx_ring, ++i)->status = NETIF_RSP_NULL;
76 }
77 #endif
78
79 netdev->tx_ring.rsp_prod_pvt = ++i;
80 RING_PUSH_RESPONSES_AND_CHECK_NOTIFY(&netdev->tx_ring, notify);
81 if (notify) {
82 xen_be_send_notify(&netdev->xendev);
83 }
84
85 if (i == netdev->tx_ring.req_cons) {
86 int more_to_do;
87 RING_FINAL_CHECK_FOR_REQUESTS(&netdev->tx_ring, more_to_do);
88 if (more_to_do) {
89 netdev->tx_work++;
90 }
91 }
92 }
93
94 static void net_tx_error(struct XenNetDev *netdev, netif_tx_request_t *txp, RING_IDX end)
95 {
96 #if 0
97 /*
98 * Hmm, why netback fails everything in the ring?
99 * Should we do that even when not supporting SG and TSO?
100 */
101 RING_IDX cons = netdev->tx_ring.req_cons;
102
103 do {
104 make_tx_response(netif, txp, NETIF_RSP_ERROR);
105 if (cons >= end) {
106 break;
107 }
108 txp = RING_GET_REQUEST(&netdev->tx_ring, cons++);
109 } while (1);
110 netdev->tx_ring.req_cons = cons;
111 netif_schedule_work(netif);
112 netif_put(netif);
113 #else
114 net_tx_response(netdev, txp, NETIF_RSP_ERROR);
115 #endif
116 }
117
118 static void net_tx_packets(struct XenNetDev *netdev)
119 {
120 netif_tx_request_t txreq;
121 RING_IDX rc, rp;
122 void *page;
123 void *tmpbuf = NULL;
124
125 for (;;) {
126 rc = netdev->tx_ring.req_cons;
127 rp = netdev->tx_ring.sring->req_prod;
128 xen_rmb(); /* Ensure we see queued requests up to 'rp'. */
129
130 while ((rc != rp)) {
131 if (RING_REQUEST_CONS_OVERFLOW(&netdev->tx_ring, rc)) {
132 break;
133 }
134 memcpy(&txreq, RING_GET_REQUEST(&netdev->tx_ring, rc), sizeof(txreq));
135 netdev->tx_ring.req_cons = ++rc;
136
137 #if 1
138 /* should not happen in theory, we don't announce the *
139 * feature-{sg,gso,whatelse} flags in xenstore (yet?) */
140 if (txreq.flags & NETTXF_extra_info) {
141 xen_be_printf(&netdev->xendev, 0, "FIXME: extra info flag\n");
142 net_tx_error(netdev, &txreq, rc);
143 continue;
144 }
145 if (txreq.flags & NETTXF_more_data) {
146 xen_be_printf(&netdev->xendev, 0, "FIXME: more data flag\n");
147 net_tx_error(netdev, &txreq, rc);
148 continue;
149 }
150 #endif
151
152 if (txreq.size < 14) {
153 xen_be_printf(&netdev->xendev, 0, "bad packet size: %d\n", txreq.size);
154 net_tx_error(netdev, &txreq, rc);
155 continue;
156 }
157
158 if ((txreq.offset + txreq.size) > XC_PAGE_SIZE) {
159 xen_be_printf(&netdev->xendev, 0, "error: page crossing\n");
160 net_tx_error(netdev, &txreq, rc);
161 continue;
162 }
163
164 xen_be_printf(&netdev->xendev, 3, "tx packet ref %d, off %d, len %d, flags 0x%x%s%s%s%s\n",
165 txreq.gref, txreq.offset, txreq.size, txreq.flags,
166 (txreq.flags & NETTXF_csum_blank) ? " csum_blank" : "",
167 (txreq.flags & NETTXF_data_validated) ? " data_validated" : "",
168 (txreq.flags & NETTXF_more_data) ? " more_data" : "",
169 (txreq.flags & NETTXF_extra_info) ? " extra_info" : "");
170
171 page = xc_gnttab_map_grant_ref(netdev->xendev.gnttabdev,
172 netdev->xendev.dom,
173 txreq.gref, PROT_READ);
174 if (page == NULL) {
175 xen_be_printf(&netdev->xendev, 0, "error: tx gref dereference failed (%d)\n",
176 txreq.gref);
177 net_tx_error(netdev, &txreq, rc);
178 continue;
179 }
180 if (txreq.flags & NETTXF_csum_blank) {
181 /* have read-only mapping -> can't fill checksum in-place */
182 if (!tmpbuf) {
183 tmpbuf = g_malloc(XC_PAGE_SIZE);
184 }
185 memcpy(tmpbuf, page + txreq.offset, txreq.size);
186 net_checksum_calculate(tmpbuf, txreq.size);
187 qemu_send_packet(qemu_get_queue(netdev->nic), tmpbuf,
188 txreq.size);
189 } else {
190 qemu_send_packet(qemu_get_queue(netdev->nic),
191 page + txreq.offset, txreq.size);
192 }
193 xc_gnttab_munmap(netdev->xendev.gnttabdev, page, 1);
194 net_tx_response(netdev, &txreq, NETIF_RSP_OKAY);
195 }
196 if (!netdev->tx_work) {
197 break;
198 }
199 netdev->tx_work = 0;
200 }
201 g_free(tmpbuf);
202 }
203
204 /* ------------------------------------------------------------- */
205
206 static void net_rx_response(struct XenNetDev *netdev,
207 netif_rx_request_t *req, int8_t st,
208 uint16_t offset, uint16_t size,
209 uint16_t flags)
210 {
211 RING_IDX i = netdev->rx_ring.rsp_prod_pvt;
212 netif_rx_response_t *resp;
213 int notify;
214
215 resp = RING_GET_RESPONSE(&netdev->rx_ring, i);
216 resp->offset = offset;
217 resp->flags = flags;
218 resp->id = req->id;
219 resp->status = (int16_t)size;
220 if (st < 0) {
221 resp->status = (int16_t)st;
222 }
223
224 xen_be_printf(&netdev->xendev, 3, "rx response: idx %d, status %d, flags 0x%x\n",
225 i, resp->status, resp->flags);
226
227 netdev->rx_ring.rsp_prod_pvt = ++i;
228 RING_PUSH_RESPONSES_AND_CHECK_NOTIFY(&netdev->rx_ring, notify);
229 if (notify) {
230 xen_be_send_notify(&netdev->xendev);
231 }
232 }
233
234 #define NET_IP_ALIGN 2
235
236 static ssize_t net_rx_packet(NetClientState *nc, const uint8_t *buf, size_t size)
237 {
238 struct XenNetDev *netdev = qemu_get_nic_opaque(nc);
239 netif_rx_request_t rxreq;
240 RING_IDX rc, rp;
241 void *page;
242
243 if (netdev->xendev.be_state != XenbusStateConnected) {
244 return -1;
245 }
246
247 rc = netdev->rx_ring.req_cons;
248 rp = netdev->rx_ring.sring->req_prod;
249 xen_rmb(); /* Ensure we see queued requests up to 'rp'. */
250
251 if (rc == rp || RING_REQUEST_CONS_OVERFLOW(&netdev->rx_ring, rc)) {
252 return 0;
253 }
254 if (size > XC_PAGE_SIZE - NET_IP_ALIGN) {
255 xen_be_printf(&netdev->xendev, 0, "packet too big (%lu > %ld)",
256 (unsigned long)size, XC_PAGE_SIZE - NET_IP_ALIGN);
257 return -1;
258 }
259
260 memcpy(&rxreq, RING_GET_REQUEST(&netdev->rx_ring, rc), sizeof(rxreq));
261 netdev->rx_ring.req_cons = ++rc;
262
263 page = xc_gnttab_map_grant_ref(netdev->xendev.gnttabdev,
264 netdev->xendev.dom,
265 rxreq.gref, PROT_WRITE);
266 if (page == NULL) {
267 xen_be_printf(&netdev->xendev, 0, "error: rx gref dereference failed (%d)\n",
268 rxreq.gref);
269 net_rx_response(netdev, &rxreq, NETIF_RSP_ERROR, 0, 0, 0);
270 return -1;
271 }
272 memcpy(page + NET_IP_ALIGN, buf, size);
273 xc_gnttab_munmap(netdev->xendev.gnttabdev, page, 1);
274 net_rx_response(netdev, &rxreq, NETIF_RSP_OKAY, NET_IP_ALIGN, size, 0);
275
276 return size;
277 }
278
279 /* ------------------------------------------------------------- */
280
281 static NetClientInfo net_xen_info = {
282 .type = NET_CLIENT_OPTIONS_KIND_NIC,
283 .size = sizeof(NICState),
284 .receive = net_rx_packet,
285 };
286
287 static int net_init(struct XenDevice *xendev)
288 {
289 struct XenNetDev *netdev = container_of(xendev, struct XenNetDev, xendev);
290
291 /* read xenstore entries */
292 if (netdev->mac == NULL) {
293 netdev->mac = xenstore_read_be_str(&netdev->xendev, "mac");
294 }
295
296 /* do we have all we need? */
297 if (netdev->mac == NULL) {
298 return -1;
299 }
300
301 if (net_parse_macaddr(netdev->conf.macaddr.a, netdev->mac) < 0) {
302 return -1;
303 }
304
305 netdev->nic = qemu_new_nic(&net_xen_info, &netdev->conf,
306 "xen", NULL, netdev);
307
308 snprintf(qemu_get_queue(netdev->nic)->info_str,
309 sizeof(qemu_get_queue(netdev->nic)->info_str),
310 "nic: xenbus vif macaddr=%s", netdev->mac);
311
312 /* fill info */
313 xenstore_write_be_int(&netdev->xendev, "feature-rx-copy", 1);
314 xenstore_write_be_int(&netdev->xendev, "feature-rx-flip", 0);
315
316 return 0;
317 }
318
319 static int net_connect(struct XenDevice *xendev)
320 {
321 struct XenNetDev *netdev = container_of(xendev, struct XenNetDev, xendev);
322 int rx_copy;
323
324 if (xenstore_read_fe_int(&netdev->xendev, "tx-ring-ref",
325 &netdev->tx_ring_ref) == -1) {
326 return -1;
327 }
328 if (xenstore_read_fe_int(&netdev->xendev, "rx-ring-ref",
329 &netdev->rx_ring_ref) == -1) {
330 return 1;
331 }
332 if (xenstore_read_fe_int(&netdev->xendev, "event-channel",
333 &netdev->xendev.remote_port) == -1) {
334 return -1;
335 }
336
337 if (xenstore_read_fe_int(&netdev->xendev, "request-rx-copy", &rx_copy) == -1) {
338 rx_copy = 0;
339 }
340 if (rx_copy == 0) {
341 xen_be_printf(&netdev->xendev, 0, "frontend doesn't support rx-copy.\n");
342 return -1;
343 }
344
345 netdev->txs = xc_gnttab_map_grant_ref(netdev->xendev.gnttabdev,
346 netdev->xendev.dom,
347 netdev->tx_ring_ref,
348 PROT_READ | PROT_WRITE);
349 if (!netdev->txs) {
350 return -1;
351 }
352 netdev->rxs = xc_gnttab_map_grant_ref(netdev->xendev.gnttabdev,
353 netdev->xendev.dom,
354 netdev->rx_ring_ref,
355 PROT_READ | PROT_WRITE);
356 if (!netdev->rxs) {
357 xc_gnttab_munmap(netdev->xendev.gnttabdev, netdev->txs, 1);
358 netdev->txs = NULL;
359 return -1;
360 }
361 BACK_RING_INIT(&netdev->tx_ring, netdev->txs, XC_PAGE_SIZE);
362 BACK_RING_INIT(&netdev->rx_ring, netdev->rxs, XC_PAGE_SIZE);
363
364 xen_be_bind_evtchn(&netdev->xendev);
365
366 xen_be_printf(&netdev->xendev, 1, "ok: tx-ring-ref %d, rx-ring-ref %d, "
367 "remote port %d, local port %d\n",
368 netdev->tx_ring_ref, netdev->rx_ring_ref,
369 netdev->xendev.remote_port, netdev->xendev.local_port);
370
371 net_tx_packets(netdev);
372 return 0;
373 }
374
375 static void net_disconnect(struct XenDevice *xendev)
376 {
377 struct XenNetDev *netdev = container_of(xendev, struct XenNetDev, xendev);
378
379 xen_be_unbind_evtchn(&netdev->xendev);
380
381 if (netdev->txs) {
382 xc_gnttab_munmap(netdev->xendev.gnttabdev, netdev->txs, 1);
383 netdev->txs = NULL;
384 }
385 if (netdev->rxs) {
386 xc_gnttab_munmap(netdev->xendev.gnttabdev, netdev->rxs, 1);
387 netdev->rxs = NULL;
388 }
389 }
390
391 static void net_event(struct XenDevice *xendev)
392 {
393 struct XenNetDev *netdev = container_of(xendev, struct XenNetDev, xendev);
394 net_tx_packets(netdev);
395 qemu_flush_queued_packets(qemu_get_queue(netdev->nic));
396 }
397
398 static int net_free(struct XenDevice *xendev)
399 {
400 struct XenNetDev *netdev = container_of(xendev, struct XenNetDev, xendev);
401
402 if (netdev->nic) {
403 qemu_del_nic(netdev->nic);
404 netdev->nic = NULL;
405 }
406 g_free(netdev->mac);
407 netdev->mac = NULL;
408 return 0;
409 }
410
411 /* ------------------------------------------------------------- */
412
413 struct XenDevOps xen_netdev_ops = {
414 .size = sizeof(struct XenNetDev),
415 .flags = DEVOPS_FLAG_NEED_GNTDEV,
416 .init = net_init,
417 .initialise = net_connect,
418 .event = net_event,
419 .disconnect = net_disconnect,
420 .free = net_free,
421 };
AR7 emulation for QEMU