usb/redir: avoid dynamic stack allocation (CVE-2021-3527)
[qemu/kevin.git] / net / tap-linux.c
blobb0635e9e32cea525bdca424aa21a28b66056e2a1
1 /*
2 * QEMU System Emulator
4 * Copyright (c) 2003-2008 Fabrice Bellard
5 * Copyright (c) 2009 Red Hat, Inc.
7 * Permission is hereby granted, free of charge, to any person obtaining a copy
8 * of this software and associated documentation files (the "Software"), to deal
9 * in the Software without restriction, including without limitation the rights
10 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
11 * copies of the Software, and to permit persons to whom the Software is
12 * furnished to do so, subject to the following conditions:
14 * The above copyright notice and this permission notice shall be included in
15 * all copies or substantial portions of the Software.
17 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
18 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
19 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
20 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
21 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
22 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
23 * THE SOFTWARE.
26 #include "qemu/osdep.h"
27 #include "qemu-common.h"
28 #include "tap_int.h"
29 #include "tap-linux.h"
30 #include "net/tap.h"
32 #include <net/if.h>
33 #include <sys/ioctl.h>
35 #include "qapi/error.h"
36 #include "qemu/error-report.h"
37 #include "qemu/cutils.h"
39 #define PATH_NET_TUN "/dev/net/tun"
41 int tap_open(char *ifname, int ifname_size, int *vnet_hdr,
42 int vnet_hdr_required, int mq_required, Error **errp)
44 struct ifreq ifr;
45 int fd, ret;
46 int len = sizeof(struct virtio_net_hdr);
47 unsigned int features;
49 TFR(fd = open(PATH_NET_TUN, O_RDWR));
50 if (fd < 0) {
51 error_setg_errno(errp, errno, "could not open %s", PATH_NET_TUN);
52 return -1;
54 memset(&ifr, 0, sizeof(ifr));
55 ifr.ifr_flags = IFF_TAP | IFF_NO_PI;
57 if (ioctl(fd, TUNGETFEATURES, &features) == -1) {
58 warn_report("TUNGETFEATURES failed: %s", strerror(errno));
59 features = 0;
62 if (features & IFF_ONE_QUEUE) {
63 ifr.ifr_flags |= IFF_ONE_QUEUE;
66 if (*vnet_hdr) {
67 if (features & IFF_VNET_HDR) {
68 *vnet_hdr = 1;
69 ifr.ifr_flags |= IFF_VNET_HDR;
70 } else {
71 *vnet_hdr = 0;
74 if (vnet_hdr_required && !*vnet_hdr) {
75 error_setg(errp, "vnet_hdr=1 requested, but no kernel "
76 "support for IFF_VNET_HDR available");
77 close(fd);
78 return -1;
81 * Make sure vnet header size has the default value: for a persistent
82 * tap it might have been modified e.g. by another instance of qemu.
83 * Ignore errors since old kernels do not support this ioctl: in this
84 * case the header size implicitly has the correct value.
86 ioctl(fd, TUNSETVNETHDRSZ, &len);
89 if (mq_required) {
90 if (!(features & IFF_MULTI_QUEUE)) {
91 error_setg(errp, "multiqueue required, but no kernel "
92 "support for IFF_MULTI_QUEUE available");
93 close(fd);
94 return -1;
95 } else {
96 ifr.ifr_flags |= IFF_MULTI_QUEUE;
100 if (ifname[0] != '\0')
101 pstrcpy(ifr.ifr_name, IFNAMSIZ, ifname);
102 else
103 pstrcpy(ifr.ifr_name, IFNAMSIZ, "tap%d");
104 ret = ioctl(fd, TUNSETIFF, (void *) &ifr);
105 if (ret != 0) {
106 if (ifname[0] != '\0') {
107 error_setg_errno(errp, errno, "could not configure %s (%s)",
108 PATH_NET_TUN, ifr.ifr_name);
109 } else {
110 error_setg_errno(errp, errno, "could not configure %s",
111 PATH_NET_TUN);
113 close(fd);
114 return -1;
116 pstrcpy(ifname, ifname_size, ifr.ifr_name);
117 fcntl(fd, F_SETFL, O_NONBLOCK);
118 return fd;
121 /* sndbuf implements a kind of flow control for tap.
122 * Unfortunately when it's enabled, and packets are sent
123 * to other guests on the same host, the receiver
124 * can lock up the transmitter indefinitely.
126 * To avoid packet loss, sndbuf should be set to a value lower than the tx
127 * queue capacity of any destination network interface.
128 * Ethernet NICs generally have txqueuelen=1000, so 1Mb is
129 * a good value, given a 1500 byte MTU.
131 #define TAP_DEFAULT_SNDBUF 0
133 void tap_set_sndbuf(int fd, const NetdevTapOptions *tap, Error **errp)
135 int sndbuf;
137 sndbuf = !tap->has_sndbuf ? TAP_DEFAULT_SNDBUF :
138 tap->sndbuf > INT_MAX ? INT_MAX :
139 tap->sndbuf;
141 if (!sndbuf) {
142 sndbuf = INT_MAX;
145 if (ioctl(fd, TUNSETSNDBUF, &sndbuf) == -1 && tap->has_sndbuf) {
146 error_setg_errno(errp, errno, "TUNSETSNDBUF ioctl failed");
150 int tap_probe_vnet_hdr(int fd, Error **errp)
152 struct ifreq ifr;
154 if (ioctl(fd, TUNGETIFF, &ifr) != 0) {
155 /* TUNGETIFF is available since kernel v2.6.27 */
156 error_setg_errno(errp, errno,
157 "Unable to query TUNGETIFF on FD %d", fd);
158 return -1;
161 return ifr.ifr_flags & IFF_VNET_HDR;
164 int tap_probe_has_ufo(int fd)
166 unsigned offload;
168 offload = TUN_F_CSUM | TUN_F_UFO;
170 if (ioctl(fd, TUNSETOFFLOAD, offload) < 0)
171 return 0;
173 return 1;
176 /* Verify that we can assign given length */
177 int tap_probe_vnet_hdr_len(int fd, int len)
179 int orig;
180 if (ioctl(fd, TUNGETVNETHDRSZ, &orig) == -1) {
181 return 0;
183 if (ioctl(fd, TUNSETVNETHDRSZ, &len) == -1) {
184 return 0;
186 /* Restore original length: we can't handle failure. */
187 if (ioctl(fd, TUNSETVNETHDRSZ, &orig) == -1) {
188 fprintf(stderr, "TUNGETVNETHDRSZ ioctl() failed: %s. Exiting.\n",
189 strerror(errno));
190 abort();
191 return -errno;
193 return 1;
196 void tap_fd_set_vnet_hdr_len(int fd, int len)
198 if (ioctl(fd, TUNSETVNETHDRSZ, &len) == -1) {
199 fprintf(stderr, "TUNSETVNETHDRSZ ioctl() failed: %s. Exiting.\n",
200 strerror(errno));
201 abort();
205 int tap_fd_set_vnet_le(int fd, int is_le)
207 int arg = is_le ? 1 : 0;
209 if (!ioctl(fd, TUNSETVNETLE, &arg)) {
210 return 0;
213 /* Check if our kernel supports TUNSETVNETLE */
214 if (errno == EINVAL) {
215 return -errno;
218 error_report("TUNSETVNETLE ioctl() failed: %s.", strerror(errno));
219 abort();
222 int tap_fd_set_vnet_be(int fd, int is_be)
224 int arg = is_be ? 1 : 0;
226 if (!ioctl(fd, TUNSETVNETBE, &arg)) {
227 return 0;
230 /* Check if our kernel supports TUNSETVNETBE */
231 if (errno == EINVAL) {
232 return -errno;
235 error_report("TUNSETVNETBE ioctl() failed: %s.", strerror(errno));
236 abort();
239 void tap_fd_set_offload(int fd, int csum, int tso4,
240 int tso6, int ecn, int ufo)
242 unsigned int offload = 0;
244 /* Check if our kernel supports TUNSETOFFLOAD */
245 if (ioctl(fd, TUNSETOFFLOAD, 0) != 0 && errno == EINVAL) {
246 return;
249 if (csum) {
250 offload |= TUN_F_CSUM;
251 if (tso4)
252 offload |= TUN_F_TSO4;
253 if (tso6)
254 offload |= TUN_F_TSO6;
255 if ((tso4 || tso6) && ecn)
256 offload |= TUN_F_TSO_ECN;
257 if (ufo)
258 offload |= TUN_F_UFO;
261 if (ioctl(fd, TUNSETOFFLOAD, offload) != 0) {
262 offload &= ~TUN_F_UFO;
263 if (ioctl(fd, TUNSETOFFLOAD, offload) != 0) {
264 fprintf(stderr, "TUNSETOFFLOAD ioctl() failed: %s\n",
265 strerror(errno));
270 /* Enable a specific queue of tap. */
271 int tap_fd_enable(int fd)
273 struct ifreq ifr;
274 int ret;
276 memset(&ifr, 0, sizeof(ifr));
278 ifr.ifr_flags = IFF_ATTACH_QUEUE;
279 ret = ioctl(fd, TUNSETQUEUE, (void *) &ifr);
281 if (ret != 0) {
282 error_report("could not enable queue");
285 return ret;
288 /* Disable a specific queue of tap/ */
289 int tap_fd_disable(int fd)
291 struct ifreq ifr;
292 int ret;
294 memset(&ifr, 0, sizeof(ifr));
296 ifr.ifr_flags = IFF_DETACH_QUEUE;
297 ret = ioctl(fd, TUNSETQUEUE, (void *) &ifr);
299 if (ret != 0) {
300 error_report("could not disable queue");
303 return ret;
306 int tap_fd_get_ifname(int fd, char *ifname)
308 struct ifreq ifr;
310 if (ioctl(fd, TUNGETIFF, &ifr) != 0) {
311 error_report("TUNGETIFF ioctl() failed: %s",
312 strerror(errno));
313 return -1;
316 pstrcpy(ifname, sizeof(ifr.ifr_name), ifr.ifr_name);
317 return 0;