[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Stable-8.2.6 02/18] virtio-net: drop too short packets early
From: |
Michael Tokarev |
Subject: |
[Stable-8.2.6 02/18] virtio-net: drop too short packets early |
Date: |
Thu, 4 Jul 2024 18:52:33 +0300 |
From: Alexey Dobriyan <adobriyan@yandex-team.ru>
Reproducer from https://gitlab.com/qemu-project/qemu/-/issues/1451
creates small packet (1 segment, len = 10 == n->guest_hdr_len),
then destroys queue.
"if (n->host_hdr_len != n->guest_hdr_len)" is triggered, if body creates
zero length/zero segment packet as there is nothing after guest header.
qemu_sendv_packet_async() tries to send it.
slirp discards it because it is smaller than Ethernet header,
but returns 0 because tx hooks are supposed to return total length of data.
0 is propagated upwards and is interpreted as "packet has been sent"
which is terrible because queue is being destroyed, nobody is waiting for TX
to complete and assert it triggered.
Fix is discard such empty packets instead of sending them.
Length 1 packets will go via different codepath:
virtqueue_push(q->tx_vq, elem, 0);
virtio_notify(vdev, q->tx_vq);
g_free(elem);
and aren't problematic.
Signed-off-by: Alexey Dobriyan <adobriyan@yandex-team.ru>
Signed-off-by: Jason Wang <jasowang@redhat.com>
(cherry picked from commit 2c3e4e2de699cd4d9f6c71f30a22d8f125cd6164)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
diff --git a/hw/net/virtio-net.c b/hw/net/virtio-net.c
index 8451dbee41..0467b3bd8a 100644
--- a/hw/net/virtio-net.c
+++ b/hw/net/virtio-net.c
@@ -2709,18 +2709,14 @@ static int32_t virtio_net_flush_tx(VirtIONetQueue *q)
out_sg = elem->out_sg;
if (out_num < 1) {
virtio_error(vdev, "virtio-net header not in first element");
- virtqueue_detach_element(q->tx_vq, elem, 0);
- g_free(elem);
- return -EINVAL;
+ goto detach;
}
if (n->has_vnet_hdr) {
if (iov_to_buf(out_sg, out_num, 0, &vhdr, n->guest_hdr_len) <
n->guest_hdr_len) {
virtio_error(vdev, "virtio-net header incorrect");
- virtqueue_detach_element(q->tx_vq, elem, 0);
- g_free(elem);
- return -EINVAL;
+ goto detach;
}
if (n->needs_vnet_hdr_swap) {
virtio_net_hdr_swap(vdev, (void *) &vhdr);
@@ -2751,6 +2747,11 @@ static int32_t virtio_net_flush_tx(VirtIONetQueue *q)
n->guest_hdr_len, -1);
out_num = sg_num;
out_sg = sg;
+
+ if (out_num < 1) {
+ virtio_error(vdev, "virtio-net nothing to send");
+ goto detach;
+ }
}
ret = qemu_sendv_packet_async(qemu_get_subqueue(n->nic, queue_index),
@@ -2771,6 +2772,11 @@ drop:
}
}
return num_packets;
+
+detach:
+ virtqueue_detach_element(q->tx_vq, elem, 0);
+ g_free(elem);
+ return -EINVAL;
}
static void virtio_net_tx_timer(void *opaque);
--
2.39.2
- [Stable-8.2.6 00/18] Patch Round-up for stable 8.2.6, freeze on 2024-07-14, Michael Tokarev, 2024/07/04
- [Stable-8.2.6 01/18] target/i386: fix size of EBP writeback in gen_enter(), Michael Tokarev, 2024/07/04
- [Stable-8.2.6 03/18] ui/gtk: Draw guest frame at refresh cycle, Michael Tokarev, 2024/07/04
- [Stable-8.2.6 02/18] virtio-net: drop too short packets early,
Michael Tokarev <=
- [Stable-8.2.6 06/18] accel/tcg: Fix typo causing tb->page_addr[1] to not be recorded, Michael Tokarev, 2024/07/04
- [Stable-8.2.6 04/18] hw/audio/virtio-snd: Always use little endian audio format, Michael Tokarev, 2024/07/04
- [Stable-8.2.6 05/18] stdvga: fix screen blanking, Michael Tokarev, 2024/07/04
- [Stable-8.2.6 07/18] linux-user: Make TARGET_NR_setgroups affect only the current thread, Michael Tokarev, 2024/07/04
- [Stable-8.2.6 09/18] tcg/loongarch64: Fix tcg_out_movi vs some pcrel pointers, Michael Tokarev, 2024/07/04
- [Stable-8.2.6 08/18] target/sparc: use signed denominator in sdiv helper, Michael Tokarev, 2024/07/04
- [Stable-8.2.6 11/18] tests: Update our CI to use CentOS Stream 9 instead of 8, Michael Tokarev, 2024/07/04
- [Stable-8.2.6 10/18] migration: Fix file migration with fdset, Michael Tokarev, 2024/07/04
- [Stable-8.2.6 12/18] i386/cpu: fixup number of addressable IDs for processor cores in the physical package, Michael Tokarev, 2024/07/04
- [Stable-8.2.6 14/18] target/arm: Fix FJCVTZS vs flush-to-zero, Michael Tokarev, 2024/07/04