hpet: Catch out-of-bounds timer access
[qemu/stefanha.git] / hw / virtio-net.c
blob06ba48103d70173811d59e90bf06fdce897bf823
1 /*
2 * Virtio Network Device
4 * Copyright IBM, Corp. 2007
6 * Authors:
7 * Anthony Liguori <aliguori@us.ibm.com>
9 * This work is licensed under the terms of the GNU GPL, version 2. See
10 * the COPYING file in the top-level directory.
14 #include "iov.h"
15 #include "virtio.h"
16 #include "net.h"
17 #include "net/checksum.h"
18 #include "net/tap.h"
19 #include "qemu-error.h"
20 #include "qemu-timer.h"
21 #include "virtio-net.h"
22 #include "vhost_net.h"
24 #define VIRTIO_NET_VM_VERSION 11
26 #define MAC_TABLE_ENTRIES 64
27 #define MAX_VLAN (1 << 12) /* Per 802.1Q definition */
29 typedef struct VirtIONet
31 VirtIODevice vdev;
32 uint8_t mac[ETH_ALEN];
33 uint16_t status;
34 VirtQueue *rx_vq;
35 VirtQueue *tx_vq;
36 VirtQueue *ctrl_vq;
37 NICState *nic;
38 QEMUTimer *tx_timer;
39 int tx_timer_active;
40 uint32_t has_vnet_hdr;
41 uint8_t has_ufo;
42 struct {
43 VirtQueueElement elem;
44 ssize_t len;
45 } async_tx;
46 int mergeable_rx_bufs;
47 uint8_t promisc;
48 uint8_t allmulti;
49 uint8_t alluni;
50 uint8_t nomulti;
51 uint8_t nouni;
52 uint8_t nobcast;
53 uint8_t vhost_started;
54 VMChangeStateEntry *vmstate;
55 struct {
56 int in_use;
57 int first_multi;
58 uint8_t multi_overflow;
59 uint8_t uni_overflow;
60 uint8_t *macs;
61 } mac_table;
62 uint32_t *vlans;
63 } VirtIONet;
65 /* TODO
66 * - we could suppress RX interrupt if we were so inclined.
69 static VirtIONet *to_virtio_net(VirtIODevice *vdev)
71 return (VirtIONet *)vdev;
74 static void virtio_net_get_config(VirtIODevice *vdev, uint8_t *config)
76 VirtIONet *n = to_virtio_net(vdev);
77 struct virtio_net_config netcfg;
79 netcfg.status = n->status;
80 memcpy(netcfg.mac, n->mac, ETH_ALEN);
81 memcpy(config, &netcfg, sizeof(netcfg));
84 static void virtio_net_set_config(VirtIODevice *vdev, const uint8_t *config)
86 VirtIONet *n = to_virtio_net(vdev);
87 struct virtio_net_config netcfg;
89 memcpy(&netcfg, config, sizeof(netcfg));
91 if (memcmp(netcfg.mac, n->mac, ETH_ALEN)) {
92 memcpy(n->mac, netcfg.mac, ETH_ALEN);
93 qemu_format_nic_info_str(&n->nic->nc, n->mac);
97 static void virtio_net_set_link_status(VLANClientState *nc)
99 VirtIONet *n = DO_UPCAST(NICState, nc, nc)->opaque;
100 uint16_t old_status = n->status;
102 if (nc->link_down)
103 n->status &= ~VIRTIO_NET_S_LINK_UP;
104 else
105 n->status |= VIRTIO_NET_S_LINK_UP;
107 if (n->status != old_status)
108 virtio_notify_config(&n->vdev);
111 static void virtio_net_reset(VirtIODevice *vdev)
113 VirtIONet *n = to_virtio_net(vdev);
115 /* Reset back to compatibility mode */
116 n->promisc = 1;
117 n->allmulti = 0;
118 n->alluni = 0;
119 n->nomulti = 0;
120 n->nouni = 0;
121 n->nobcast = 0;
122 if (n->vhost_started) {
123 vhost_net_stop(tap_get_vhost_net(n->nic->nc.peer), vdev);
124 n->vhost_started = 0;
127 /* Flush any MAC and VLAN filter table state */
128 n->mac_table.in_use = 0;
129 n->mac_table.first_multi = 0;
130 n->mac_table.multi_overflow = 0;
131 n->mac_table.uni_overflow = 0;
132 memset(n->mac_table.macs, 0, MAC_TABLE_ENTRIES * ETH_ALEN);
133 memset(n->vlans, 0, MAX_VLAN >> 3);
136 static int peer_has_vnet_hdr(VirtIONet *n)
138 if (!n->nic->nc.peer)
139 return 0;
141 if (n->nic->nc.peer->info->type != NET_CLIENT_TYPE_TAP)
142 return 0;
144 n->has_vnet_hdr = tap_has_vnet_hdr(n->nic->nc.peer);
146 return n->has_vnet_hdr;
149 static int peer_has_ufo(VirtIONet *n)
151 if (!peer_has_vnet_hdr(n))
152 return 0;
154 n->has_ufo = tap_has_ufo(n->nic->nc.peer);
156 return n->has_ufo;
159 static uint32_t virtio_net_get_features(VirtIODevice *vdev, uint32_t features)
161 VirtIONet *n = to_virtio_net(vdev);
163 features |= (1 << VIRTIO_NET_F_MAC);
165 if (peer_has_vnet_hdr(n)) {
166 tap_using_vnet_hdr(n->nic->nc.peer, 1);
167 } else {
168 features &= ~(0x1 << VIRTIO_NET_F_CSUM);
169 features &= ~(0x1 << VIRTIO_NET_F_HOST_TSO4);
170 features &= ~(0x1 << VIRTIO_NET_F_HOST_TSO6);
171 features &= ~(0x1 << VIRTIO_NET_F_HOST_ECN);
173 features &= ~(0x1 << VIRTIO_NET_F_GUEST_CSUM);
174 features &= ~(0x1 << VIRTIO_NET_F_GUEST_TSO4);
175 features &= ~(0x1 << VIRTIO_NET_F_GUEST_TSO6);
176 features &= ~(0x1 << VIRTIO_NET_F_GUEST_ECN);
179 if (!peer_has_vnet_hdr(n) || !peer_has_ufo(n)) {
180 features &= ~(0x1 << VIRTIO_NET_F_GUEST_UFO);
181 features &= ~(0x1 << VIRTIO_NET_F_HOST_UFO);
184 if (!n->nic->nc.peer ||
185 n->nic->nc.peer->info->type != NET_CLIENT_TYPE_TAP) {
186 return features;
188 if (!tap_get_vhost_net(n->nic->nc.peer)) {
189 return features;
191 return vhost_net_get_features(tap_get_vhost_net(n->nic->nc.peer), features);
194 static uint32_t virtio_net_bad_features(VirtIODevice *vdev)
196 uint32_t features = 0;
198 /* Linux kernel 2.6.25. It understood MAC (as everyone must),
199 * but also these: */
200 features |= (1 << VIRTIO_NET_F_MAC);
201 features |= (1 << VIRTIO_NET_F_CSUM);
202 features |= (1 << VIRTIO_NET_F_HOST_TSO4);
203 features |= (1 << VIRTIO_NET_F_HOST_TSO6);
204 features |= (1 << VIRTIO_NET_F_HOST_ECN);
206 return features;
209 static void virtio_net_set_features(VirtIODevice *vdev, uint32_t features)
211 VirtIONet *n = to_virtio_net(vdev);
213 n->mergeable_rx_bufs = !!(features & (1 << VIRTIO_NET_F_MRG_RXBUF));
215 if (n->has_vnet_hdr) {
216 tap_set_offload(n->nic->nc.peer,
217 (features >> VIRTIO_NET_F_GUEST_CSUM) & 1,
218 (features >> VIRTIO_NET_F_GUEST_TSO4) & 1,
219 (features >> VIRTIO_NET_F_GUEST_TSO6) & 1,
220 (features >> VIRTIO_NET_F_GUEST_ECN) & 1,
221 (features >> VIRTIO_NET_F_GUEST_UFO) & 1);
223 if (!n->nic->nc.peer ||
224 n->nic->nc.peer->info->type != NET_CLIENT_TYPE_TAP) {
225 return;
227 if (!tap_get_vhost_net(n->nic->nc.peer)) {
228 return;
230 vhost_net_ack_features(tap_get_vhost_net(n->nic->nc.peer), features);
233 static int virtio_net_handle_rx_mode(VirtIONet *n, uint8_t cmd,
234 VirtQueueElement *elem)
236 uint8_t on;
238 if (elem->out_num != 2 || elem->out_sg[1].iov_len != sizeof(on)) {
239 fprintf(stderr, "virtio-net ctrl invalid rx mode command\n");
240 exit(1);
243 on = ldub_p(elem->out_sg[1].iov_base);
245 if (cmd == VIRTIO_NET_CTRL_RX_MODE_PROMISC)
246 n->promisc = on;
247 else if (cmd == VIRTIO_NET_CTRL_RX_MODE_ALLMULTI)
248 n->allmulti = on;
249 else if (cmd == VIRTIO_NET_CTRL_RX_MODE_ALLUNI)
250 n->alluni = on;
251 else if (cmd == VIRTIO_NET_CTRL_RX_MODE_NOMULTI)
252 n->nomulti = on;
253 else if (cmd == VIRTIO_NET_CTRL_RX_MODE_NOUNI)
254 n->nouni = on;
255 else if (cmd == VIRTIO_NET_CTRL_RX_MODE_NOBCAST)
256 n->nobcast = on;
257 else
258 return VIRTIO_NET_ERR;
260 return VIRTIO_NET_OK;
263 static int virtio_net_handle_mac(VirtIONet *n, uint8_t cmd,
264 VirtQueueElement *elem)
266 struct virtio_net_ctrl_mac mac_data;
268 if (cmd != VIRTIO_NET_CTRL_MAC_TABLE_SET || elem->out_num != 3 ||
269 elem->out_sg[1].iov_len < sizeof(mac_data) ||
270 elem->out_sg[2].iov_len < sizeof(mac_data))
271 return VIRTIO_NET_ERR;
273 n->mac_table.in_use = 0;
274 n->mac_table.first_multi = 0;
275 n->mac_table.uni_overflow = 0;
276 n->mac_table.multi_overflow = 0;
277 memset(n->mac_table.macs, 0, MAC_TABLE_ENTRIES * ETH_ALEN);
279 mac_data.entries = ldl_le_p(elem->out_sg[1].iov_base);
281 if (sizeof(mac_data.entries) +
282 (mac_data.entries * ETH_ALEN) > elem->out_sg[1].iov_len)
283 return VIRTIO_NET_ERR;
285 if (mac_data.entries <= MAC_TABLE_ENTRIES) {
286 memcpy(n->mac_table.macs, elem->out_sg[1].iov_base + sizeof(mac_data),
287 mac_data.entries * ETH_ALEN);
288 n->mac_table.in_use += mac_data.entries;
289 } else {
290 n->mac_table.uni_overflow = 1;
293 n->mac_table.first_multi = n->mac_table.in_use;
295 mac_data.entries = ldl_le_p(elem->out_sg[2].iov_base);
297 if (sizeof(mac_data.entries) +
298 (mac_data.entries * ETH_ALEN) > elem->out_sg[2].iov_len)
299 return VIRTIO_NET_ERR;
301 if (mac_data.entries) {
302 if (n->mac_table.in_use + mac_data.entries <= MAC_TABLE_ENTRIES) {
303 memcpy(n->mac_table.macs + (n->mac_table.in_use * ETH_ALEN),
304 elem->out_sg[2].iov_base + sizeof(mac_data),
305 mac_data.entries * ETH_ALEN);
306 n->mac_table.in_use += mac_data.entries;
307 } else {
308 n->mac_table.multi_overflow = 1;
312 return VIRTIO_NET_OK;
315 static int virtio_net_handle_vlan_table(VirtIONet *n, uint8_t cmd,
316 VirtQueueElement *elem)
318 uint16_t vid;
320 if (elem->out_num != 2 || elem->out_sg[1].iov_len != sizeof(vid)) {
321 fprintf(stderr, "virtio-net ctrl invalid vlan command\n");
322 return VIRTIO_NET_ERR;
325 vid = lduw_le_p(elem->out_sg[1].iov_base);
327 if (vid >= MAX_VLAN)
328 return VIRTIO_NET_ERR;
330 if (cmd == VIRTIO_NET_CTRL_VLAN_ADD)
331 n->vlans[vid >> 5] |= (1U << (vid & 0x1f));
332 else if (cmd == VIRTIO_NET_CTRL_VLAN_DEL)
333 n->vlans[vid >> 5] &= ~(1U << (vid & 0x1f));
334 else
335 return VIRTIO_NET_ERR;
337 return VIRTIO_NET_OK;
340 static void virtio_net_handle_ctrl(VirtIODevice *vdev, VirtQueue *vq)
342 VirtIONet *n = to_virtio_net(vdev);
343 struct virtio_net_ctrl_hdr ctrl;
344 virtio_net_ctrl_ack status = VIRTIO_NET_ERR;
345 VirtQueueElement elem;
347 while (virtqueue_pop(vq, &elem)) {
348 if ((elem.in_num < 1) || (elem.out_num < 1)) {
349 fprintf(stderr, "virtio-net ctrl missing headers\n");
350 exit(1);
353 if (elem.out_sg[0].iov_len < sizeof(ctrl) ||
354 elem.in_sg[elem.in_num - 1].iov_len < sizeof(status)) {
355 fprintf(stderr, "virtio-net ctrl header not in correct element\n");
356 exit(1);
359 ctrl.class = ldub_p(elem.out_sg[0].iov_base);
360 ctrl.cmd = ldub_p(elem.out_sg[0].iov_base + sizeof(ctrl.class));
362 if (ctrl.class == VIRTIO_NET_CTRL_RX_MODE)
363 status = virtio_net_handle_rx_mode(n, ctrl.cmd, &elem);
364 else if (ctrl.class == VIRTIO_NET_CTRL_MAC)
365 status = virtio_net_handle_mac(n, ctrl.cmd, &elem);
366 else if (ctrl.class == VIRTIO_NET_CTRL_VLAN)
367 status = virtio_net_handle_vlan_table(n, ctrl.cmd, &elem);
369 stb_p(elem.in_sg[elem.in_num - 1].iov_base, status);
371 virtqueue_push(vq, &elem, sizeof(status));
372 virtio_notify(vdev, vq);
376 /* RX */
378 static void virtio_net_handle_rx(VirtIODevice *vdev, VirtQueue *vq)
380 VirtIONet *n = to_virtio_net(vdev);
382 qemu_flush_queued_packets(&n->nic->nc);
384 /* We now have RX buffers, signal to the IO thread to break out of the
385 * select to re-poll the tap file descriptor */
386 qemu_notify_event();
389 static int virtio_net_can_receive(VLANClientState *nc)
391 VirtIONet *n = DO_UPCAST(NICState, nc, nc)->opaque;
393 if (!virtio_queue_ready(n->rx_vq) ||
394 !(n->vdev.status & VIRTIO_CONFIG_S_DRIVER_OK))
395 return 0;
397 return 1;
400 static int virtio_net_has_buffers(VirtIONet *n, int bufsize)
402 if (virtio_queue_empty(n->rx_vq) ||
403 (n->mergeable_rx_bufs &&
404 !virtqueue_avail_bytes(n->rx_vq, bufsize, 0))) {
405 virtio_queue_set_notification(n->rx_vq, 1);
407 /* To avoid a race condition where the guest has made some buffers
408 * available after the above check but before notification was
409 * enabled, check for available buffers again.
411 if (virtio_queue_empty(n->rx_vq) ||
412 (n->mergeable_rx_bufs &&
413 !virtqueue_avail_bytes(n->rx_vq, bufsize, 0)))
414 return 0;
417 virtio_queue_set_notification(n->rx_vq, 0);
418 return 1;
421 /* dhclient uses AF_PACKET but doesn't pass auxdata to the kernel so
422 * it never finds out that the packets don't have valid checksums. This
423 * causes dhclient to get upset. Fedora's carried a patch for ages to
424 * fix this with Xen but it hasn't appeared in an upstream release of
425 * dhclient yet.
427 * To avoid breaking existing guests, we catch udp packets and add
428 * checksums. This is terrible but it's better than hacking the guest
429 * kernels.
431 * N.B. if we introduce a zero-copy API, this operation is no longer free so
432 * we should provide a mechanism to disable it to avoid polluting the host
433 * cache.
435 static void work_around_broken_dhclient(struct virtio_net_hdr *hdr,
436 const uint8_t *buf, size_t size)
438 if ((hdr->flags & VIRTIO_NET_HDR_F_NEEDS_CSUM) && /* missing csum */
439 (size > 27 && size < 1500) && /* normal sized MTU */
440 (buf[12] == 0x08 && buf[13] == 0x00) && /* ethertype == IPv4 */
441 (buf[23] == 17) && /* ip.protocol == UDP */
442 (buf[34] == 0 && buf[35] == 67)) { /* udp.srcport == bootps */
443 /* FIXME this cast is evil */
444 net_checksum_calculate((uint8_t *)buf, size);
445 hdr->flags &= ~VIRTIO_NET_HDR_F_NEEDS_CSUM;
449 static int receive_header(VirtIONet *n, struct iovec *iov, int iovcnt,
450 const void *buf, size_t size, size_t hdr_len)
452 struct virtio_net_hdr *hdr = (struct virtio_net_hdr *)iov[0].iov_base;
453 int offset = 0;
455 hdr->flags = 0;
456 hdr->gso_type = VIRTIO_NET_HDR_GSO_NONE;
458 if (n->has_vnet_hdr) {
459 memcpy(hdr, buf, sizeof(*hdr));
460 offset = sizeof(*hdr);
461 work_around_broken_dhclient(hdr, buf + offset, size - offset);
464 /* We only ever receive a struct virtio_net_hdr from the tapfd,
465 * but we may be passing along a larger header to the guest.
467 iov[0].iov_base += hdr_len;
468 iov[0].iov_len -= hdr_len;
470 return offset;
473 static int receive_filter(VirtIONet *n, const uint8_t *buf, int size)
475 static const uint8_t bcast[] = {0xff, 0xff, 0xff, 0xff, 0xff, 0xff};
476 static const uint8_t vlan[] = {0x81, 0x00};
477 uint8_t *ptr = (uint8_t *)buf;
478 int i;
480 if (n->promisc)
481 return 1;
483 if (n->has_vnet_hdr) {
484 ptr += sizeof(struct virtio_net_hdr);
487 if (!memcmp(&ptr[12], vlan, sizeof(vlan))) {
488 int vid = be16_to_cpup((uint16_t *)(ptr + 14)) & 0xfff;
489 if (!(n->vlans[vid >> 5] & (1U << (vid & 0x1f))))
490 return 0;
493 if (ptr[0] & 1) { // multicast
494 if (!memcmp(ptr, bcast, sizeof(bcast))) {
495 return !n->nobcast;
496 } else if (n->nomulti) {
497 return 0;
498 } else if (n->allmulti || n->mac_table.multi_overflow) {
499 return 1;
502 for (i = n->mac_table.first_multi; i < n->mac_table.in_use; i++) {
503 if (!memcmp(ptr, &n->mac_table.macs[i * ETH_ALEN], ETH_ALEN)) {
504 return 1;
507 } else { // unicast
508 if (n->nouni) {
509 return 0;
510 } else if (n->alluni || n->mac_table.uni_overflow) {
511 return 1;
512 } else if (!memcmp(ptr, n->mac, ETH_ALEN)) {
513 return 1;
516 for (i = 0; i < n->mac_table.first_multi; i++) {
517 if (!memcmp(ptr, &n->mac_table.macs[i * ETH_ALEN], ETH_ALEN)) {
518 return 1;
523 return 0;
526 static ssize_t virtio_net_receive(VLANClientState *nc, const uint8_t *buf, size_t size)
528 VirtIONet *n = DO_UPCAST(NICState, nc, nc)->opaque;
529 struct virtio_net_hdr_mrg_rxbuf *mhdr = NULL;
530 size_t hdr_len, offset, i;
532 if (!virtio_net_can_receive(&n->nic->nc))
533 return -1;
535 /* hdr_len refers to the header we supply to the guest */
536 hdr_len = n->mergeable_rx_bufs ?
537 sizeof(struct virtio_net_hdr_mrg_rxbuf) : sizeof(struct virtio_net_hdr);
540 if (!virtio_net_has_buffers(n, size + hdr_len))
541 return 0;
543 if (!receive_filter(n, buf, size))
544 return size;
546 offset = i = 0;
548 while (offset < size) {
549 VirtQueueElement elem;
550 int len, total;
551 struct iovec sg[VIRTQUEUE_MAX_SIZE];
553 total = 0;
555 if ((i != 0 && !n->mergeable_rx_bufs) ||
556 virtqueue_pop(n->rx_vq, &elem) == 0) {
557 if (i == 0)
558 return -1;
559 fprintf(stderr, "virtio-net truncating packet: "
560 "offset %zd, size %zd, hdr_len %zd\n",
561 offset, size, hdr_len);
562 exit(1);
565 if (elem.in_num < 1) {
566 fprintf(stderr, "virtio-net receive queue contains no in buffers\n");
567 exit(1);
570 if (!n->mergeable_rx_bufs && elem.in_sg[0].iov_len != hdr_len) {
571 fprintf(stderr, "virtio-net header not in first element\n");
572 exit(1);
575 memcpy(&sg, &elem.in_sg[0], sizeof(sg[0]) * elem.in_num);
577 if (i == 0) {
578 if (n->mergeable_rx_bufs)
579 mhdr = (struct virtio_net_hdr_mrg_rxbuf *)sg[0].iov_base;
581 offset += receive_header(n, sg, elem.in_num,
582 buf + offset, size - offset, hdr_len);
583 total += hdr_len;
586 /* copy in packet. ugh */
587 len = iov_from_buf(sg, elem.in_num,
588 buf + offset, size - offset);
589 total += len;
591 /* signal other side */
592 virtqueue_fill(n->rx_vq, &elem, total, i++);
594 offset += len;
597 if (mhdr)
598 mhdr->num_buffers = i;
600 virtqueue_flush(n->rx_vq, i);
601 virtio_notify(&n->vdev, n->rx_vq);
603 return size;
606 static void virtio_net_flush_tx(VirtIONet *n, VirtQueue *vq);
608 static void virtio_net_tx_complete(VLANClientState *nc, ssize_t len)
610 VirtIONet *n = DO_UPCAST(NICState, nc, nc)->opaque;
612 virtqueue_push(n->tx_vq, &n->async_tx.elem, n->async_tx.len);
613 virtio_notify(&n->vdev, n->tx_vq);
615 n->async_tx.elem.out_num = n->async_tx.len = 0;
617 virtio_queue_set_notification(n->tx_vq, 1);
618 virtio_net_flush_tx(n, n->tx_vq);
621 /* TX */
622 static void virtio_net_flush_tx(VirtIONet *n, VirtQueue *vq)
624 VirtQueueElement elem;
626 if (!(n->vdev.status & VIRTIO_CONFIG_S_DRIVER_OK))
627 return;
629 if (n->async_tx.elem.out_num) {
630 virtio_queue_set_notification(n->tx_vq, 0);
631 return;
634 while (virtqueue_pop(vq, &elem)) {
635 ssize_t ret, len = 0;
636 unsigned int out_num = elem.out_num;
637 struct iovec *out_sg = &elem.out_sg[0];
638 unsigned hdr_len;
640 /* hdr_len refers to the header received from the guest */
641 hdr_len = n->mergeable_rx_bufs ?
642 sizeof(struct virtio_net_hdr_mrg_rxbuf) :
643 sizeof(struct virtio_net_hdr);
645 if (out_num < 1 || out_sg->iov_len != hdr_len) {
646 fprintf(stderr, "virtio-net header not in first element\n");
647 exit(1);
650 /* ignore the header if GSO is not supported */
651 if (!n->has_vnet_hdr) {
652 out_num--;
653 out_sg++;
654 len += hdr_len;
655 } else if (n->mergeable_rx_bufs) {
656 /* tapfd expects a struct virtio_net_hdr */
657 hdr_len -= sizeof(struct virtio_net_hdr);
658 out_sg->iov_len -= hdr_len;
659 len += hdr_len;
662 ret = qemu_sendv_packet_async(&n->nic->nc, out_sg, out_num,
663 virtio_net_tx_complete);
664 if (ret == 0) {
665 virtio_queue_set_notification(n->tx_vq, 0);
666 n->async_tx.elem = elem;
667 n->async_tx.len = len;
668 return;
671 len += ret;
673 virtqueue_push(vq, &elem, len);
674 virtio_notify(&n->vdev, vq);
678 static void virtio_net_handle_tx(VirtIODevice *vdev, VirtQueue *vq)
680 VirtIONet *n = to_virtio_net(vdev);
682 if (n->tx_timer_active) {
683 virtio_queue_set_notification(vq, 1);
684 qemu_del_timer(n->tx_timer);
685 n->tx_timer_active = 0;
686 virtio_net_flush_tx(n, vq);
687 } else {
688 qemu_mod_timer(n->tx_timer,
689 qemu_get_clock(vm_clock) + TX_TIMER_INTERVAL);
690 n->tx_timer_active = 1;
691 virtio_queue_set_notification(vq, 0);
695 static void virtio_net_tx_timer(void *opaque)
697 VirtIONet *n = opaque;
699 n->tx_timer_active = 0;
701 /* Just in case the driver is not ready on more */
702 if (!(n->vdev.status & VIRTIO_CONFIG_S_DRIVER_OK))
703 return;
705 virtio_queue_set_notification(n->tx_vq, 1);
706 virtio_net_flush_tx(n, n->tx_vq);
709 static void virtio_net_save(QEMUFile *f, void *opaque)
711 VirtIONet *n = opaque;
713 if (n->vhost_started) {
714 /* TODO: should we really stop the backend?
715 * If we don't, it might keep writing to memory. */
716 vhost_net_stop(tap_get_vhost_net(n->nic->nc.peer), &n->vdev);
717 n->vhost_started = 0;
719 virtio_save(&n->vdev, f);
721 qemu_put_buffer(f, n->mac, ETH_ALEN);
722 qemu_put_be32(f, n->tx_timer_active);
723 qemu_put_be32(f, n->mergeable_rx_bufs);
724 qemu_put_be16(f, n->status);
725 qemu_put_byte(f, n->promisc);
726 qemu_put_byte(f, n->allmulti);
727 qemu_put_be32(f, n->mac_table.in_use);
728 qemu_put_buffer(f, n->mac_table.macs, n->mac_table.in_use * ETH_ALEN);
729 qemu_put_buffer(f, (uint8_t *)n->vlans, MAX_VLAN >> 3);
730 qemu_put_be32(f, n->has_vnet_hdr);
731 qemu_put_byte(f, n->mac_table.multi_overflow);
732 qemu_put_byte(f, n->mac_table.uni_overflow);
733 qemu_put_byte(f, n->alluni);
734 qemu_put_byte(f, n->nomulti);
735 qemu_put_byte(f, n->nouni);
736 qemu_put_byte(f, n->nobcast);
737 qemu_put_byte(f, n->has_ufo);
740 static int virtio_net_load(QEMUFile *f, void *opaque, int version_id)
742 VirtIONet *n = opaque;
743 int i;
745 if (version_id < 2 || version_id > VIRTIO_NET_VM_VERSION)
746 return -EINVAL;
748 virtio_load(&n->vdev, f);
750 qemu_get_buffer(f, n->mac, ETH_ALEN);
751 n->tx_timer_active = qemu_get_be32(f);
752 n->mergeable_rx_bufs = qemu_get_be32(f);
754 if (version_id >= 3)
755 n->status = qemu_get_be16(f);
757 if (version_id >= 4) {
758 if (version_id < 8) {
759 n->promisc = qemu_get_be32(f);
760 n->allmulti = qemu_get_be32(f);
761 } else {
762 n->promisc = qemu_get_byte(f);
763 n->allmulti = qemu_get_byte(f);
767 if (version_id >= 5) {
768 n->mac_table.in_use = qemu_get_be32(f);
769 /* MAC_TABLE_ENTRIES may be different from the saved image */
770 if (n->mac_table.in_use <= MAC_TABLE_ENTRIES) {
771 qemu_get_buffer(f, n->mac_table.macs,
772 n->mac_table.in_use * ETH_ALEN);
773 } else if (n->mac_table.in_use) {
774 qemu_fseek(f, n->mac_table.in_use * ETH_ALEN, SEEK_CUR);
775 n->mac_table.multi_overflow = n->mac_table.uni_overflow = 1;
776 n->mac_table.in_use = 0;
780 if (version_id >= 6)
781 qemu_get_buffer(f, (uint8_t *)n->vlans, MAX_VLAN >> 3);
783 if (version_id >= 7) {
784 if (qemu_get_be32(f) && !peer_has_vnet_hdr(n)) {
785 error_report("virtio-net: saved image requires vnet_hdr=on");
786 return -1;
789 if (n->has_vnet_hdr) {
790 tap_using_vnet_hdr(n->nic->nc.peer, 1);
791 tap_set_offload(n->nic->nc.peer,
792 (n->vdev.guest_features >> VIRTIO_NET_F_GUEST_CSUM) & 1,
793 (n->vdev.guest_features >> VIRTIO_NET_F_GUEST_TSO4) & 1,
794 (n->vdev.guest_features >> VIRTIO_NET_F_GUEST_TSO6) & 1,
795 (n->vdev.guest_features >> VIRTIO_NET_F_GUEST_ECN) & 1,
796 (n->vdev.guest_features >> VIRTIO_NET_F_GUEST_UFO) & 1);
800 if (version_id >= 9) {
801 n->mac_table.multi_overflow = qemu_get_byte(f);
802 n->mac_table.uni_overflow = qemu_get_byte(f);
805 if (version_id >= 10) {
806 n->alluni = qemu_get_byte(f);
807 n->nomulti = qemu_get_byte(f);
808 n->nouni = qemu_get_byte(f);
809 n->nobcast = qemu_get_byte(f);
812 if (version_id >= 11) {
813 if (qemu_get_byte(f) && !peer_has_ufo(n)) {
814 error_report("virtio-net: saved image requires TUN_F_UFO support");
815 return -1;
819 /* Find the first multicast entry in the saved MAC filter */
820 for (i = 0; i < n->mac_table.in_use; i++) {
821 if (n->mac_table.macs[i * ETH_ALEN] & 1) {
822 break;
825 n->mac_table.first_multi = i;
827 if (n->tx_timer_active) {
828 qemu_mod_timer(n->tx_timer,
829 qemu_get_clock(vm_clock) + TX_TIMER_INTERVAL);
831 return 0;
834 static void virtio_net_cleanup(VLANClientState *nc)
836 VirtIONet *n = DO_UPCAST(NICState, nc, nc)->opaque;
838 n->nic = NULL;
841 static NetClientInfo net_virtio_info = {
842 .type = NET_CLIENT_TYPE_NIC,
843 .size = sizeof(NICState),
844 .can_receive = virtio_net_can_receive,
845 .receive = virtio_net_receive,
846 .cleanup = virtio_net_cleanup,
847 .link_status_changed = virtio_net_set_link_status,
850 static void virtio_net_set_status(struct VirtIODevice *vdev, uint8_t status)
852 VirtIONet *n = to_virtio_net(vdev);
853 if (!n->nic->nc.peer) {
854 return;
856 if (n->nic->nc.peer->info->type != NET_CLIENT_TYPE_TAP) {
857 return;
860 if (!tap_get_vhost_net(n->nic->nc.peer)) {
861 return;
863 if (!!n->vhost_started == !!(status & VIRTIO_CONFIG_S_DRIVER_OK)) {
864 return;
866 if (status & VIRTIO_CONFIG_S_DRIVER_OK) {
867 int r = vhost_net_start(tap_get_vhost_net(n->nic->nc.peer), vdev);
868 if (r < 0) {
869 fprintf(stderr, "unable to start vhost net: %d: "
870 "falling back on userspace virtio\n", -r);
871 } else {
872 n->vhost_started = 1;
874 } else {
875 vhost_net_stop(tap_get_vhost_net(n->nic->nc.peer), vdev);
876 n->vhost_started = 0;
880 static void virtio_net_vmstate_change(void *opaque, int running, int reason)
882 VirtIONet *n = opaque;
883 uint8_t status = running ? VIRTIO_CONFIG_S_DRIVER_OK : 0;
884 /* This is called when vm is started/stopped,
885 * it will start/stop vhost backend if * appropriate
886 * e.g. after migration. */
887 virtio_net_set_status(&n->vdev, n->vdev.status & status);
890 VirtIODevice *virtio_net_init(DeviceState *dev, NICConf *conf)
892 VirtIONet *n;
893 static int virtio_net_id;
895 n = (VirtIONet *)virtio_common_init("virtio-net", VIRTIO_ID_NET,
896 sizeof(struct virtio_net_config),
897 sizeof(VirtIONet));
899 n->vdev.get_config = virtio_net_get_config;
900 n->vdev.set_config = virtio_net_set_config;
901 n->vdev.get_features = virtio_net_get_features;
902 n->vdev.set_features = virtio_net_set_features;
903 n->vdev.bad_features = virtio_net_bad_features;
904 n->vdev.reset = virtio_net_reset;
905 n->vdev.set_status = virtio_net_set_status;
906 n->rx_vq = virtio_add_queue(&n->vdev, 256, virtio_net_handle_rx);
907 n->tx_vq = virtio_add_queue(&n->vdev, 256, virtio_net_handle_tx);
908 n->ctrl_vq = virtio_add_queue(&n->vdev, 64, virtio_net_handle_ctrl);
909 qemu_macaddr_default_if_unset(&conf->macaddr);
910 memcpy(&n->mac[0], &conf->macaddr, sizeof(n->mac));
911 n->status = VIRTIO_NET_S_LINK_UP;
913 n->nic = qemu_new_nic(&net_virtio_info, conf, dev->info->name, dev->id, n);
915 qemu_format_nic_info_str(&n->nic->nc, conf->macaddr.a);
917 n->tx_timer = qemu_new_timer(vm_clock, virtio_net_tx_timer, n);
918 n->tx_timer_active = 0;
919 n->mergeable_rx_bufs = 0;
920 n->promisc = 1; /* for compatibility */
922 n->mac_table.macs = qemu_mallocz(MAC_TABLE_ENTRIES * ETH_ALEN);
924 n->vlans = qemu_mallocz(MAX_VLAN >> 3);
926 register_savevm("virtio-net", virtio_net_id++, VIRTIO_NET_VM_VERSION,
927 virtio_net_save, virtio_net_load, n);
928 n->vmstate = qemu_add_vm_change_state_handler(virtio_net_vmstate_change, n);
930 return &n->vdev;
933 void virtio_net_exit(VirtIODevice *vdev)
935 VirtIONet *n = DO_UPCAST(VirtIONet, vdev, vdev);
936 qemu_del_vm_change_state_handler(n->vmstate);
938 if (n->vhost_started) {
939 vhost_net_stop(tap_get_vhost_net(n->nic->nc.peer), vdev);
942 qemu_purge_queued_packets(&n->nic->nc);
944 unregister_savevm("virtio-net", n);
946 qemu_free(n->mac_table.macs);
947 qemu_free(n->vlans);
949 qemu_del_timer(n->tx_timer);
950 qemu_free_timer(n->tx_timer);
952 virtio_cleanup(&n->vdev);
953 qemu_del_vlan_client(&n->nic->nc);