[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-devel] [PATCH 146/156] virtio-net: byteswap virtio-net header
From: |
Michael Roth |
Subject: |
[Qemu-devel] [PATCH 146/156] virtio-net: byteswap virtio-net header |
Date: |
Tue, 8 Jul 2014 12:18:57 -0500 |
From: Cédric Le Goater <address@hidden>
TCP connectivity fails when the guest has a different endianness.
The packets are silently dropped on the host by the tap backend
when they are read from user space because the endianness of the
virtio-net header is in the wrong order. These lines may appear
in the guest console:
[ 454.709327] skbuff: bad partial csum: csum=8704/4096 len=74
[ 455.702554] skbuff: bad partial csum: csum=8704/4096 len=74
The issue that got first spotted with a ppc64le PowerKVM guest,
but it also exists for the less common case of a x86_64 guest run
by a big-endian ppc64 TCG hypervisor.
Signed-off-by: Cédric Le Goater <address@hidden>
[ Ported from PowerKVM,
Greg Kurz <address@hidden> ]
Signed-off-by: Greg Kurz <address@hidden>
Reviewed-by: Michael S. Tsirkin <address@hidden>
Signed-off-by: Michael S. Tsirkin <address@hidden>
(cherry picked from commit 032a74a1c0fcdd5fd1c69e56126b4c857ee36611)
Signed-off-by: Michael Roth <address@hidden>
---
hw/net/virtio-net.c | 17 +++++++++++++++++
1 file changed, 17 insertions(+)
diff --git a/hw/net/virtio-net.c b/hw/net/virtio-net.c
index 29c5f35..6246725 100644
--- a/hw/net/virtio-net.c
+++ b/hw/net/virtio-net.c
@@ -843,6 +843,14 @@ static int virtio_net_has_buffers(VirtIONetQueue *q, int
bufsize)
return 1;
}
+static void virtio_net_hdr_swap(struct virtio_net_hdr *hdr)
+{
+ tswap16s(&hdr->hdr_len);
+ tswap16s(&hdr->gso_size);
+ tswap16s(&hdr->csum_start);
+ tswap16s(&hdr->csum_offset);
+}
+
/* dhclient uses AF_PACKET but doesn't pass auxdata to the kernel so
* it never finds out that the packets don't have valid checksums. This
* causes dhclient to get upset. Fedora's carried a patch for ages to
@@ -878,6 +886,7 @@ static void receive_header(VirtIONet *n, const struct iovec
*iov, int iov_cnt,
void *wbuf = (void *)buf;
work_around_broken_dhclient(wbuf, wbuf + n->host_hdr_len,
size - n->host_hdr_len);
+ virtio_net_hdr_swap(wbuf);
iov_from_buf(iov, iov_cnt, 0, buf, sizeof(struct virtio_net_hdr));
} else {
struct virtio_net_hdr hdr = {
@@ -1086,6 +1095,14 @@ static int32_t virtio_net_flush_tx(VirtIONetQueue *q)
exit(1);
}
+ if (n->has_vnet_hdr) {
+ if (out_sg[0].iov_len < n->guest_hdr_len) {
+ error_report("virtio-net header incorrect");
+ exit(1);
+ }
+ virtio_net_hdr_swap((void *) out_sg[0].iov_base);
+ }
+
/*
* If host wants to see the guest header as is, we can
* pass it on unchanged. Otherwise, copy just the parts
--
1.9.1
- [Qemu-devel] [PATCH 050/156] ssd0323: fix buffer overun on invalid state load, (continued)
- [Qemu-devel] [PATCH 050/156] ssd0323: fix buffer overun on invalid state load, Michael Roth, 2014/07/09
- [Qemu-devel] [PATCH 073/156] block/cloop: refuse images with huge offsets arrays (CVE-2014-0144), Michael Roth, 2014/07/10
- [Qemu-devel] [PATCH 143/156] KVM: Fix GSI number space limit, Michael Roth, 2014/07/10
- [Qemu-devel] [PATCH 049/156] ssi-sd: fix buffer overrun on invalid state load, Michael Roth, 2014/07/10
- [Qemu-devel] [PATCH 109/156] block: Limit request size (CVE-2014-0143), Michael Roth, 2014/07/10
- [Qemu-devel] [PATCH 095/156] qcow2: Zero-initialise first cluster for new images, Michael Roth, 2014/07/10
- [Qemu-devel] [PATCH 108/156] dmg: prevent chunk buffer overflow (CVE-2014-0145), Michael Roth, 2014/07/10
- [Qemu-devel] [PATCH 113/156] qcow2: Check maximum L1 size in qcow2_snapshot_load_tmp() (CVE-2014-0143), Michael Roth, 2014/07/10
- [Qemu-devel] [PATCH 051/156] tsc210x: fix buffer overrun on invalid state load, Michael Roth, 2014/07/10
- [Qemu-devel] [PATCH 070/156] qemu-iotests: add cloop input validation tests, Michael Roth, 2014/07/10
- [Qemu-devel] [PATCH 146/156] virtio-net: byteswap virtio-net header,
Michael Roth <=
- [Qemu-devel] [PATCH 004/156] s390x/virtio-hcall: Add range check for hypervisor call, Michael Roth, 2014/07/10
- [Qemu-devel] [PATCH 010/156] tests: Fix 'make test' for i686 hosts (build regression), Michael Roth, 2014/07/10
- [Qemu-devel] [PATCH 012/156] mirror: fix throttling delay calculation, Michael Roth, 2014/07/10
- [Qemu-devel] [PATCH 116/156] qcow1: Make padding in the header explicit, Michael Roth, 2014/07/10
- [Qemu-devel] [PATCH 068/156] migration: catch unknown flags in ram_load, Michael Roth, 2014/07/10
- [Qemu-devel] [PATCH 048/156] pxa2xx: avoid buffer overrun on incoming migration, Michael Roth, 2014/07/10
- [Qemu-devel] [PATCH 053/156] virtio-scsi: fix buffer overrun on invalid state load, Michael Roth, 2014/07/10
- [Qemu-devel] [PATCH 115/156] parallels: Sanity check for s->tracks (CVE-2014-0142), Michael Roth, 2014/07/10
- [Qemu-devel] [PATCH 058/156] stellaris_enet: block migration, Michael Roth, 2014/07/10
- [Qemu-devel] [PATCH 102/156] dmg: coding style and indentation cleanup, Michael Roth, 2014/07/10