aboutsummaryrefslogtreecommitdiff
path: root/hw/net/rtl8139.c
AgeCommit message (Collapse)Author
2022-11-21rtl8139: honor large send MSS valueStefan Hajnoczi
The Large-Send Task Offload Tx Descriptor (9.2.1 Transmit) has a Large-Send MSS value where the driver specifies the MSS. See the datasheet here: http://realtek.info/pdf/rtl8139cp.pdf The code ignores this value and uses a hardcoded MSS of 1500 bytes instead. When the MTU is less than 1500 bytes the hardcoded value results in IP fragmentation and poor performance. Use the Large-Send MSS value to correctly size Large-Send packets. Jason Wang <jasowang@redhat.com> noticed that the Large-Send MSS value mask was incorrect so it is adjusted to match the datasheet and Linux 8139cp driver. This issue was discussed in the past here: https://lore.kernel.org/all/20161114162505.GD26664@stefanha-x1.localdomain/ Reported-by: Russell King - ARM Linux <linux@armlinux.org.uk> Reported-by: Tobias Fiebig <tobias+git@fiebig.nl> Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1312 Acked-by: Jason Wang <jasowang@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> Message-Id: <20221117165554.1773409-4-stefanha@redhat.com>
2022-11-21rtl8139: keep Tx command mode 0 and 1 separateStefan Hajnoczi
There are two Tx Descriptor formats called mode 0 and mode 1. The mode is determined by the Large Send bit. CP_TX_IPCS (bit 18) is defined in mode 1 but the code checks the bit unconditionally. In mode 0 bit 18 is part of the Large Send MSS value. Explicitly check the Large Send bit to distinguish Tx command modes. This avoids bugs where modes are confused. Note that I didn't find any actual bugs aside from needlessly computing the IP checksum when the Large Send bit is enabled. Acked-by: Jason Wang <jasowang@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> Message-Id: <20221117165554.1773409-3-stefanha@redhat.com>
2022-11-21rtl8139: avoid clobbering tx descriptor bitsStefan Hajnoczi
The device turns the Tx Descriptor into a Tx Status descriptor after fully reading the descriptor. This involves clearing Tx Own (bit 31) to indicate that the driver has ownership of the descriptor again as well as several other bits. The code keeps the first dword of the Tx Descriptor in the txdw0 local variable. txdw0 is reused to build the first word of the Tx Status descriptor. Later on the code uses txdw0 again, incorrectly assuming that it still contains the first dword of the Tx Descriptor. The tx offloading code misbehaves because it sees bogus bits in txdw0. Use a separate local variable for Tx Status and preserve Tx Descriptor in txdw0. Acked-by: Jason Wang <jasowang@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> Message-Id: <20221117165554.1773409-2-stefanha@redhat.com>
2022-11-11rtl8139: Remove unused variableMiroslav Rezanina
Variable send_count used in rtl8139_cplus_transmit_one function is only incremented but never read. This causes 'Unused but set variable' warning on Clang 15.0.1 compiler. Removing the variable to prevent the warning. Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com> Reviewed-by: Thomas Huth <thuth@redhat.com> Message-Id: <15a32dd06c492216cbf27cd3ddcbe1e9afb8d8f5.1668009030.git.mrezanin@redhat.com> Signed-off-by: Thomas Huth <thuth@redhat.com>
2022-03-22Replace GCC_FMT_ATTR with G_GNUC_PRINTFMarc-André Lureau
One less qemu-specific macro. It also helps to make some headers/units only depend on glib, and thus moved in standalone projects eventually. Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: Richard W.M. Jones <rjones@redhat.com>
2021-03-15rtl8139: switch to use qemu_receive_packet() for loopbackAlexander Bulekov
This patch switches to use qemu_receive_packet() which can detect reentrancy and return early. This is intended to address CVE-2021-3416. Cc: Prasad J Pandit <ppandit@redhat.com> Cc: qemu-stable@nongnu.org Buglink: https://bugs.launchpad.net/qemu/+bug/1910826 Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com Signed-off-by: Alexander Bulekov <alxndr@bu.edu> Signed-off-by: Jason Wang <jasowang@redhat.com>
2021-01-08Remove superfluous timer_del() callsPeter Maydell
This commit is the result of running the timer-del-timer-free.cocci script on the whole source tree. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Acked-by: Corey Minyard <cminyard@mvista.com> Acked-by: Paolo Bonzini <pbonzini@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20201215154107.3255-4-peter.maydell@linaro.org
2020-09-18Use OBJECT_DECLARE_SIMPLE_TYPE when possibleEduardo Habkost
This converts existing DECLARE_INSTANCE_CHECKER usage to OBJECT_DECLARE_SIMPLE_TYPE when possible. $ ./scripts/codeconverter/converter.py -i \ --pattern=AddObjectDeclareSimpleType $(git grep -l '' -- '*.[ch]') Signed-off-by: Eduardo Habkost <ehabkost@redhat.com> Acked-by: Paul Durrant <paul@xen.org> Message-Id: <20200916182519.415636-6-ehabkost@redhat.com> Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
2020-09-09Use DECLARE_*CHECKER* macrosEduardo Habkost
Generated using: $ ./scripts/codeconverter/converter.py -i \ --pattern=TypeCheckMacro $(git grep -l '' -- '*.[ch]') Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Reviewed-by: Juan Quintela <quintela@redhat.com> Message-Id: <20200831210740.126168-12-ehabkost@redhat.com> Reviewed-by: Juan Quintela <quintela@redhat.com> Message-Id: <20200831210740.126168-13-ehabkost@redhat.com> Message-Id: <20200831210740.126168-14-ehabkost@redhat.com> Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
2020-09-09Move QOM typedefs and add missing includesEduardo Habkost
Some typedefs and macros are defined after the type check macros. This makes it difficult to automatically replace their definitions with OBJECT_DECLARE_TYPE. Patch generated using: $ ./scripts/codeconverter/converter.py -i \ --pattern=QOMStructTypedefSplit $(git grep -l '' -- '*.[ch]') which will split "typdef struct { ... } TypedefName" declarations. Followed by: $ ./scripts/codeconverter/converter.py -i --pattern=MoveSymbols \ $(git grep -l '' -- '*.[ch]') which will: - move the typedefs and #defines above the type check macros - add missing #include "qom/object.h" lines if necessary Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Reviewed-by: Juan Quintela <quintela@redhat.com> Message-Id: <20200831210740.126168-9-ehabkost@redhat.com> Reviewed-by: Juan Quintela <quintela@redhat.com> Message-Id: <20200831210740.126168-10-ehabkost@redhat.com> Message-Id: <20200831210740.126168-11-ehabkost@redhat.com> Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
2020-05-15Drop more @errp parameters after previous commitMarkus Armbruster
Several functions can't fail anymore: ich9_pm_add_properties(), device_add_bootindex_property(), ppc_compat_add_property(), spapr_caps_add_properties(), PropertyInfo.create(). Drop their @errp parameter. Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Reviewed-by: Paolo Bonzini <pbonzini@redhat.com> Message-Id: <20200505152926.18877-16-armbru@redhat.com>
2020-03-31hw/net: Make NetCanReceive() return a booleanPhilippe Mathieu-Daudé
The NetCanReceive handler return whether the device can or can not receive new packets. Make it obvious by returning a boolean type. Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com> Acked-by: David Gibson <david@gibson.dropbear.id.au> Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Reviewed-by: Cédric Le Goater <clg@kaod.org> Signed-off-by: Jason Wang <jasowang@redhat.com>
2020-03-31hw/net/rtl8139: Update coding style to make checkpatch.pl happyPhilippe Mathieu-Daudé
We will modify this code in the next commit. Clean it up first to avoid checkpatch.pl errors. Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com> Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Reviewed-by: Cédric Le Goater <clg@kaod.org> Signed-off-by: Jason Wang <jasowang@redhat.com>
2020-03-31hw/net/rtl8139: Simplify if/else statementPhilippe Mathieu-Daudé
Rewrite: if (E) { return A; } else { return B; } /* EOF */ } as: if (E) { return A; } return B; } Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com> Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Reviewed-by: Cédric Le Goater <clg@kaod.org> Signed-off-by: Jason Wang <jasowang@redhat.com>
2020-01-24qdev: set properties with device_class_set_props()Marc-André Lureau
The following patch will need to handle properties registration during class_init time. Let's use a device_class_set_props() setter. spatch --macro-file scripts/cocci-macro-file.h --sp-file ./scripts/coccinelle/qdev-set-props.cocci --keep-comments --in-place --dir . @@ typedef DeviceClass; DeviceClass *d; expression val; @@ - d->props = val + device_class_set_props(d, val) Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Message-Id: <20200110153039.1379601-20-marcandre.lureau@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2019-08-16Include hw/qdev-properties.h lessMarkus Armbruster
In my "build everything" tree, changing hw/qdev-properties.h triggers a recompile of some 2700 out of 6600 objects (not counting tests and objects that don't depend on qemu/osdep.h). Many places including hw/qdev-properties.h (directly or via hw/qdev.h) actually need only hw/qdev-core.h. Include hw/qdev-core.h there instead. hw/qdev.h is actually pointless: all it does is include hw/qdev-core.h and hw/qdev-properties.h, which in turn includes hw/qdev-core.h. Replace the remaining uses of hw/qdev.h by hw/qdev-properties.h. While there, delete a few superfluous inclusions of hw/qdev-core.h. Touching hw/qdev-properties.h now recompiles some 1200 objects. Cc: Paolo Bonzini <pbonzini@redhat.com> Cc: "Daniel P. Berrangé" <berrange@redhat.com> Cc: Eduardo Habkost <ehabkost@redhat.com> Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Eduardo Habkost <ehabkost@redhat.com> Message-Id: <20190812052359.30071-22-armbru@redhat.com>
2019-08-16Include hw/hw.h exactly where neededMarkus Armbruster
In my "build everything" tree, changing hw/hw.h triggers a recompile of some 2600 out of 6600 objects (not counting tests and objects that don't depend on qemu/osdep.h). The previous commits have left only the declaration of hw_error() in hw/hw.h. This permits dropping most of its inclusions. Touching it now recompiles less than 200 objects. Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Message-Id: <20190812052359.30071-19-armbru@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Tested-by: Philippe Mathieu-Daudé <philmd@redhat.com>
2019-08-16Include migration/vmstate.h lessMarkus Armbruster
In my "build everything" tree, changing migration/vmstate.h triggers a recompile of some 2700 out of 6600 objects (not counting tests and objects that don't depend on qemu/osdep.h). hw/hw.h supposedly includes it for convenience. Several other headers include it just to get VMStateDescription. The previous commit made that unnecessary. Include migration/vmstate.h only where it's still needed. Touching it now recompiles only some 1600 objects. Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Message-Id: <20190812052359.30071-16-armbru@redhat.com> Tested-by: Philippe Mathieu-Daudé <philmd@redhat.com>
2019-06-12Include qemu/module.h where needed, drop it from qemu-common.hMarkus Armbruster
Signed-off-by: Markus Armbruster <armbru@redhat.com> Message-Id: <20190523143508.25387-4-armbru@redhat.com> [Rebased with conflicts resolved automatically, except for hw/usb/dev-hub.c hw/misc/exynos4210_rng.c hw/misc/bcm2835_rng.c hw/misc/aspeed_scu.c hw/display/virtio-vga.c hw/arm/stm32f205_soc.c; ui/cocoa.m fixed up]
2018-10-19rtl8139: fix possible out of bound accessJason Wang
In rtl8139_do_receive(), we try to assign size_ to size which converts from size_t to integer. This will cause troubles when size_ is greater INT_MAX, this will lead a negative value in size and it can then pass the check of size < MIN_BUF_SIZE which may lead out of bound access of for both buf and buf1. Fixing by converting the type of size to size_t. CC: qemu-stable@nongnu.org Reported-by: Daniel Shapira <daniel@twistlock.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Jason Wang <jasowang@redhat.com>
2018-03-05hw/net: Remove unnecessary header includesThomas Huth
Headers like "hw/loader.h" and "qemu/sockets.h" are not needed in the hw/net/*.c files. And Some other headers are included via other headers already, so we can drop them, too. Signed-off-by: Thomas Huth <thuth@redhat.com> Signed-off-by: Jason Wang <jasowang@redhat.com>
2017-12-22rtl8139: use inline net_crc32() and bitshift instead of compute_mcast_idx()Mark Cave-Ayland
This makes it much easier to compare the multicast CRC calculation endian and bitshift against the Linux driver implementation. Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk> Signed-off-by: Jason Wang <jasowang@redhat.com>
2017-10-15pci: Add INTERFACE_CONVENTIONAL_PCI_DEVICE to Conventional PCI devicesEduardo Habkost
Add INTERFACE_CONVENTIONAL_PCI_DEVICE to all direct subtypes of TYPE_PCI_DEVICE, except: 1) The ones that already have INTERFACE_PCIE_DEVICE set: * base-xhci * e1000e * nvme * pvscsi * vfio-pci * virtio-pci * vmxnet3 2) base-pci-bridge Not all PCI bridges are Conventional PCI devices, so INTERFACE_CONVENTIONAL_PCI_DEVICE is added only to the subtypes that are actually Conventional PCI: * dec-21154-p2p-bridge * i82801b11-bridge * pbm-bridge * pci-bridge The direct subtypes of base-pci-bridge not touched by this patch are: * xilinx-pcie-root: Already marked as PCIe-only. * pcie-pci-bridge: Already marked as PCIe-only. * pcie-port: all non-abstract subtypes of pcie-port are already marked as PCIe-only devices. 3) megasas-base Not all megasas devices are Conventional PCI devices, so the interface names are added to the subclasses registered by megasas_register_types(), according to information in the megasas_devices[] array. "megasas-gen2" already implements INTERFACE_PCIE_DEVICE, so add INTERFACE_CONVENTIONAL_PCI_DEVICE only to "megasas". Acked-by: Alberto Garcia <berto@igalia.com> Acked-by: John Snow <jsnow@redhat.com> Acked-by: Anthony PERARD <anthony.perard@citrix.com> Signed-off-by: Eduardo Habkost <ehabkost@redhat.com> Reviewed-by: David Gibson <david@gibson.dropbear.id.au> Acked-by: David Gibson <david@gibson.dropbear.id.au> Reviewed-by: Marcel Apfelbaum <marcel@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2017-09-27migration: pre_save return intDr. David Alan Gilbert
Modify the pre_save method on VMStateDescription to return an int rather than void so that it potentially can fail. Changed zillions of devices to make them return 0; the only case I've made it return non-0 is hw/intc/s390_flic_kvm.c that already had an error_report/return case. Note: If you add an error exit in your pre_save you must emit an error_report to say why. Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com> Message-Id: <20170925112917.21340-2-dgilbert@redhat.com> Reviewed-by: Peter Xu <peterx@redhat.com> Reviewed-by: Cornelia Huck <cohuck@redhat.com> Reviewed-by: Juan Quintela <quintela@redhat.com> Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
2017-09-08net: rtl8139: do not use old_mmio accessesMatt Parker
Both io and memory use the same mmio functions in the rtl8139 device. This patch removes the separate MemoryRegionOps and old_mmio accessors for memory, and replaces it with an alias to the io memory region. Signed-off-by: Matt Parker <mtparkr@gmail.com> Signed-off-by: Jason Wang <jasowang@redhat.com>
2017-01-06rtl8139: correctly handle PHY resetHervé Poussineau
According to datasheet: "[Bit 15 of Basic Mode Control Register] sets the status and control registers of the PHY (register 0062-0074) in a default state. This bit is self-clearing. 1 = software reset; 0 = normal operation." This fixes the netcard detection failure in Minoca OS. Signed-off-by: Hervé Poussineau <hpoussin@reactos.org> Signed-off-by: Jason Wang <jasowang@redhat.com>
2016-10-26net: rtl8139: limit processing of ring descriptorsPrasad J Pandit
RTL8139 ethernet controller in C+ mode supports multiple descriptor rings, each with maximum of 64 descriptors. While processing transmit descriptor ring in 'rtl8139_cplus_transmit', it does not limit the descriptor count and runs forever. Add check to avoid it. Reported-by: Andrew Henderson <hendersa@icculus.org> Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org> Signed-off-by: Jason Wang <jasowang@redhat.com>
2016-07-19qapi: Change Netdev into a flat unionEric Blake
This is a mostly-mechanical conversion that creates a new flat union 'Netdev' QAPI type that covers all the branches of the former 'NetClientOptions' simple union, where the branches are now listed in a new 'NetClientDriver' enum rather than generated from the simple union. The existence of a flat union has no change to the command line syntax accepted for new code, and will make it possible for a future patch to switch the QMP command to parse a boxed union for no change to valid QMP; but it does have some ripple effect on the C code when dealing with the new types. While making the conversion, note that the 'NetLegacy' type remains unchanged: it applies only to legacy command line options, and will not be ported to QMP, so it should remain a wrapper around a simple union; to avoid confusion, the type named 'NetClientOptions' is now gone, and we introduce 'NetLegacyOptions' in its place. Then, in the C code, we convert from NetLegacy to Netdev as soon as possible, so that the bulk of the net stack only has to deal with one QAPI type, not two. Note that since the old legacy code always rejected 'hubport', we can just omit that branch from the new 'NetLegacyOptions' simple union. Based on an idea originally by Zoltán Kővágó <DirtY.iCE.hu@gmail.com>: Message-Id: <01a527fbf1a5de880091f98cf011616a78adeeee.1441627176.git.DirtY.iCE.hu@gmail.com> although the sed script in that patch no longer applies due to other changes in the tree since then, and I also did some manual cleanups (such as fixing whitespace to keep checkpatch happy). Signed-off-by: Eric Blake <eblake@redhat.com> Message-Id: <1468468228-27827-13-git-send-email-eblake@redhat.com> Reviewed-by: Markus Armbruster <armbru@redhat.com> [Fixup from Eric squashed in] Signed-off-by: Markus Armbruster <armbru@redhat.com>
2016-06-28rtl8139: save/load RxMulOk counter (again)David Vrabel
Commit 9d29cdeaaca3a0383af764000b71492c4fc67c6e (rtl8139: port TallyCounters to vmstate) introduced in incompatibility in the v4 format as it omitted the RxOkMul counter. There are presumably no users that were impacted by the v4 to v4' breakage, so increase the save version to 5 and re-add the field, keeping backward compatibility with v4'. We can't have a field conditional on the section version in vmstate_tally_counters since this version checked would not be the section version (but the version defined in this structure). So, move all the fields into the main state structure. Signed-off-by: David Vrabel <david.vrabel@citrix.com> Signed-off-by: Jason Wang <jasowang@redhat.com>
2016-06-27hw/net/rtl8139.c: Don't use *_to_cpup()Peter Maydell
Don't use *_to_cpup() to do byte-swapped loads; instead use ld*_p() which correctly handle misaligned accesses. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <rth@twiddle.net> Acked-by: Jason Wang <jasowang@redhat.com> Acked-by: Dmitry Fleytman <dmitry@daynix.com <mailto:dmitry@daynix.com>> Message-id: 1466097446-981-3-git-send-email-peter.maydell@linaro.org
2016-06-02rtl8139: Move more TCP definitions to common headerDmitry Fleytman
Signed-off-by: Dmitry Fleytman <dmitry.fleytman@ravellosystems.com> Signed-off-by: Leonid Bloch <leonid.bloch@ravellosystems.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Jason Wang <jasowang@redhat.com>
2016-04-06rtl8139: using CP_TX_OWN for ownership transferring during txJason Wang
Through CP_TX_OWN and CP_RX_OWN points to the same bit, we'd better use CP_TX_OWN for tx descriptor handling. Signed-off-by: Jason Wang <jasowang@redhat.com>
2016-01-29hw/net: Clean up includesPeter Maydell
Clean up includes so that osdep.h is included first and headers which it implies are not included manually. This commit was created with scripts/clean-includes. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Message-id: 1453832250-766-19-git-send-email-peter.maydell@linaro.org
2016-01-11ether/slirp: Avoid redefinition of the same constantsDr. David Alan Gilbert
eth.h and slirp.h both define ETH_ALEN and ETH_P_IP rtl8139.c and eth.h both define ETH_HLEN Move the related constant (ETH_P_ARP) from slirp.h to eth.h, and remove the duplicates; make slirp.h include eth.h Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com> Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Signed-off-by: Jason Wang <jasowang@redhat.com>
2015-09-25rtl8139: remove muldiv64()Laurent Vivier
Originally, timers were ticks based, and it made sense to add ticks to current time to know when to trigger an alarm. But since commit: 7447545 change all other clock references to use nanosecond resolution accessors All timers use nanoseconds and we need to convert ticks to nanoseconds, by doing something like: y = muldiv64(x, get_ticks_per_sec(), PCI_FREQUENCY) where x is the number of device ticks and y the number of system ticks. y is used as nanoseconds in timer functions, it works because 1 tick is 1 nanosecond. (get_ticks_per_sec() is 10^9) But as PCI frequency is 33 MHz, we can also do: y = x * 30; /* 33 MHz PCI period is 30 ns */ Which is much more simple. This implies a 33.333333 MHz PCI frequency, but this is correct. Signed-off-by: Laurent Vivier <lvivier@redhat.com> Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
2015-09-11maint: avoid useless "if (foo) free(foo)" patternMarkus Armbruster
My Coccinelle semantic patch finds a few more, because it also fixes up the equally pointless conditional if (foo) { free(foo); foo = NULL; } Result (feel free to squash it into your patch): Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2015-09-11maint: remove / fix many doubled wordsDaniel P. Berrange
Many source files have doubled words (eg "the the", "to to", and so on). Most of these can simply be removed, but a couple were actual mis-spellings (eg "to to" instead of "to do"). There was even one triple word score "to to to" :-) Signed-off-by: Daniel P. Berrange <berrange@redhat.com> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2015-09-02rtl8139: Do not consume the packet during overflow in standard mode.Vladislav Yasevich
When operation in standard mode, we currently return the size of packet during buffer overflow. This consumes the overflow packet. Return 0 instead so we can re-process the overflow packet when we have room. This fixes issues with lost/dropped fragments of large messages. Signed-off-by: Vladislav Yasevich <vyasevic@redhat.com> Reviewed-by: Jason Wang <jasowang@redhat.com> Message-id: 1441121206-6997-3-git-send-email-vyasevic@redhat.com Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2015-09-02rtl8139: Fix receive buffer overflow checkVladislav Yasevich
rtl8139_do_receive() tries to check for the overflow condition by making sure that packet_size + 8 does not exceed the available buffer space. The issue here is that RxBuffAddr, used to calculate available buffer space, is aligned to a a 4 byte boundry after every update. So it is possible that every packet ends up being slightly padded when written to the receive buffer. This padding is not taken into account when checking for overflow and we may end up missing the overflow condition can causing buffer overwrite. This patch takes alignment into consideration when checking for overflow condition. Signed-off-by: Vladislav Yasevich <vyasevic@redhat.com> Reviewed-by: Jason Wang <jasowang@redhat.com> Message-id: 1441121206-6997-2-git-send-email-vyasevic@redhat.com Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2015-09-02rtl8139: use ldl/stl wrapper for unaligned 32-bit accessStefan Hajnoczi
The tx offload feature accesses a 16-bit aligned TCP header struct. The 32-bit fields must be accessed using ldl/stl wrappers since some host architectures fault on unaligned access. Suggested-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> Reviewed-by: Jason Wang <jasowang@redhat.com> Message-id: 1438604157-29664-4-git-send-email-stefanha@redhat.com
2015-09-02rtl8139: use net/eth.h macros instead of custom macrosStefan Hajnoczi
Eliminate the following "custom" macros since they are just duplicates of net/eth.h macros under a different name: ETHER_ADDR_LEN -> ETH_ALEN ETH_P_8021Q -> ETH_P_VLAN IP_HEADER_LENGTH -> IP_HDR_GET_LEN TCP_FLAG_FIN -> TH_FIN TCP_FLAG_PUSH -> TH_PUSH Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> Reviewed-by: Jason Wang <jasowang@redhat.com> Message-id: 1438604157-29664-3-git-send-email-stefanha@redhat.com
2015-09-02rtl8139: remove duplicate net/eth.h definitionsStefan Hajnoczi
The transmit offload features inspect Ethernet, IP, TCP, and UDP headers. Avoid redefining these net/eth.h structs. Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> Reviewed-by: Jason Wang <jasowang@redhat.com> Message-id: 1438604157-29664-2-git-send-email-stefanha@redhat.com
2015-08-03rtl8139: check TCP Data Offset field (CVE-2015-5165)Stefan Hajnoczi
The TCP Data Offset field contains the length of the header. Make sure it is valid and does not exceed the IP data length. Reported-by: 朱东海(启路) <donghai.zdh@alibaba-inc.com> Reviewed-by: Jason Wang <jasowang@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2015-08-03rtl8139: skip offload on short TCP header (CVE-2015-5165)Stefan Hajnoczi
TCP Large Segment Offload accesses the TCP header in the packet. If the packet is too short we must not attempt to access header fields: tcp_header *p_tcp_hdr = (tcp_header*)(eth_payload_data + hlen); int tcp_hlen = TCP_HEADER_DATA_OFFSET(p_tcp_hdr); Reported-by: 朱东海(启路) <donghai.zdh@alibaba-inc.com> Reviewed-by: Jason Wang <jasowang@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2015-08-03rtl8139: check IP Total Length field (CVE-2015-5165)Stefan Hajnoczi
The IP Total Length field includes the IP header and data. Make sure it is valid and does not exceed the Ethernet payload size. Reported-by: 朱东海(启路) <donghai.zdh@alibaba-inc.com> Reviewed-by: Jason Wang <jasowang@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2015-08-03rtl8139: check IP Header Length field (CVE-2015-5165)Stefan Hajnoczi
The IP Header Length field was only checked in the IP checksum case, but is used in other cases too. Reported-by: 朱东海(启路) <donghai.zdh@alibaba-inc.com> Reviewed-by: Jason Wang <jasowang@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2015-08-03rtl8139: skip offload on short Ethernet/IP header (CVE-2015-5165)Stefan Hajnoczi
Transmit offload features access Ethernet and IP headers the packet. If the packet is too short we must not attempt to access header fields: int proto = be16_to_cpu(*(uint16_t *)(saved_buffer + 12)); ... eth_payload_data = saved_buffer + ETH_HLEN; ... ip = (ip_header*)eth_payload_data; if (IP_HEADER_VERSION(ip) != IP_HEADER_VERSION_4) { Reported-by: 朱东海(启路) <donghai.zdh@alibaba-inc.com> Reviewed-by: Jason Wang <jasowang@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2015-08-03rtl8139: drop tautologous if (ip) {...} statement (CVE-2015-5165)Stefan Hajnoczi
The previous patch stopped using the ip pointer as an indicator that the IP header is present. When we reach the if (ip) {...} statement we know ip is always non-NULL. Remove the if statement to reduce nesting. Reported-by: 朱东海(启路) <donghai.zdh@alibaba-inc.com> Reviewed-by: Jason Wang <jasowang@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2015-08-03rtl8139: avoid nested ifs in IP header parsing (CVE-2015-5165)Stefan Hajnoczi
Transmit offload needs to parse packet headers. If header fields have unexpected values the offload processing is skipped. The code currently uses nested ifs because there is relatively little input validation. The next patches will add missing input validation and a goto label is more appropriate to avoid deep if statement nesting. Reported-by: 朱东海(启路) <donghai.zdh@alibaba-inc.com> Reviewed-by: Jason Wang <jasowang@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2015-06-12migration: Use normal VMStateDescriptions for SubsectionsJuan Quintela
We create optional sections with this patch. But we already have optional subsections. Instead of having two mechanism that do the same, we can just generalize it. For subsections we just change: - Add a needed function to VMStateDescription - Remove VMStateSubsection (after removal of the needed function it is just a VMStateDescription) - Adjust the whole tree, moving the needed function to the corresponding VMStateDescription Signed-off-by: Juan Quintela <quintela@redhat.com>