From 1c188fc8cbffc5f05cc616cab4e1372fb6e6f11f Mon Sep 17 00:00:00 2001 From: Akihiko Odaki Date: Wed, 27 Mar 2024 11:05:09 +0900 Subject: [PATCH 1/5] virtio-net: Fix vhost virtqueue notifiers for RSS virtio_net_guest_notifier_pending() and virtio_net_guest_notifier_mask() checked VIRTIO_NET_F_MQ to know there are multiple queues, but VIRTIO_NET_F_RSS also enables multiple queues. Refer to n->multiqueue, which is set to true either of VIRTIO_NET_F_MQ or VIRTIO_NET_F_RSS is enabled. Fixes: 68b0a6395f36 ("virtio-net: align ctrl_vq index for non-mq guest for vhost_vdpa") Signed-off-by: Akihiko Odaki Signed-off-by: Jason Wang --- hw/net/virtio-net.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/hw/net/virtio-net.c b/hw/net/virtio-net.c index 9959f1932b..a6ff000cd9 100644 --- a/hw/net/virtio-net.c +++ b/hw/net/virtio-net.c @@ -3426,7 +3426,7 @@ static bool virtio_net_guest_notifier_pending(VirtIODevice *vdev, int idx) VirtIONet *n = VIRTIO_NET(vdev); NetClientState *nc; assert(n->vhost_started); - if (!virtio_vdev_has_feature(vdev, VIRTIO_NET_F_MQ) && idx == 2) { + if (!n->multiqueue && idx == 2) { /* Must guard against invalid features and bogus queue index * from being set by malicious guest, or penetrated through * buggy migration stream. @@ -3458,7 +3458,7 @@ static void virtio_net_guest_notifier_mask(VirtIODevice *vdev, int idx, VirtIONet *n = VIRTIO_NET(vdev); NetClientState *nc; assert(n->vhost_started); - if (!virtio_vdev_has_feature(vdev, VIRTIO_NET_F_MQ) && idx == 2) { + if (!n->multiqueue && idx == 2) { /* Must guard against invalid features and bogus queue index * from being set by malicious guest, or penetrated through * buggy migration stream. From ba6bb2ec953f10751f174b6f7da8fe7e5f008c08 Mon Sep 17 00:00:00 2001 From: Akihiko Odaki Date: Wed, 27 Mar 2024 11:05:10 +0900 Subject: [PATCH 2/5] ebpf: Fix indirections table setting The kernel documentation says: > The value stored can be of any size, however, all array elements are > aligned to 8 bytes. https://www.kernel.org/doc/html/v6.8/bpf/map_array.html Fixes: 333b3e5fab75 ("ebpf: Added eBPF map update through mmap.") Signed-off-by: Akihiko Odaki Acked-by: Andrew Melnychenko Signed-off-by: Jason Wang --- ebpf/ebpf_rss.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/ebpf/ebpf_rss.c b/ebpf/ebpf_rss.c index 2e506f9743..d102f3dd09 100644 --- a/ebpf/ebpf_rss.c +++ b/ebpf/ebpf_rss.c @@ -185,13 +185,18 @@ static bool ebpf_rss_set_indirections_table(struct EBPFRSSContext *ctx, uint16_t *indirections_table, size_t len) { + char *cursor = ctx->mmap_indirections_table; + if (!ebpf_rss_is_loaded(ctx) || indirections_table == NULL || len > VIRTIO_NET_RSS_MAX_TABLE_LEN) { return false; } - memcpy(ctx->mmap_indirections_table, indirections_table, - sizeof(*indirections_table) * len); + for (size_t i = 0; i < len; i++) { + *(uint16_t *)cursor = indirections_table[i]; + cursor += 8; + } + return true; } From 89a8de364b51db8107d2a210314431885ac52238 Mon Sep 17 00:00:00 2001 From: Akihiko Odaki Date: Wed, 27 Mar 2024 17:42:56 +0900 Subject: [PATCH 3/5] hw/net/net_tx_pkt: Fix virtio header without checksum offloading It is incorrect to have the VIRTIO_NET_HDR_F_NEEDS_CSUM set when checksum offloading is disabled so clear the bit. TCP/UDP checksum is usually offloaded when the peer requires virtio headers because they can instruct the peer to compute checksum. However, igb disables TX checksum offloading when a VF is enabled whether the peer requires virtio headers because a transmitted packet can be routed to it and it expects the packet has a proper checksum. Therefore, it is necessary to have a correct virtio header even when checksum offloading is disabled. A real TCP/UDP checksum will be computed and saved in the buffer when checksum offloading is disabled. The virtio specification requires to set the packet checksum stored in the buffer to the TCP/UDP pseudo header when the VIRTIO_NET_HDR_F_NEEDS_CSUM bit is set so the bit must be cleared in that case. Fixes: ffbd2dbd8e64 ("e1000e: Perform software segmentation for loopback") Buglink: https://issues.redhat.com/browse/RHEL-23067 Signed-off-by: Akihiko Odaki Signed-off-by: Jason Wang --- hw/net/net_tx_pkt.c | 1 + 1 file changed, 1 insertion(+) diff --git a/hw/net/net_tx_pkt.c b/hw/net/net_tx_pkt.c index 2e5f58b3c9..2134a18c4c 100644 --- a/hw/net/net_tx_pkt.c +++ b/hw/net/net_tx_pkt.c @@ -833,6 +833,7 @@ bool net_tx_pkt_send_custom(struct NetTxPkt *pkt, bool offload, if (offload || gso_type == VIRTIO_NET_HDR_GSO_NONE) { if (!offload && pkt->virt_hdr.flags & VIRTIO_NET_HDR_F_NEEDS_CSUM) { + pkt->virt_hdr.flags &= ~VIRTIO_NET_HDR_F_NEEDS_CSUM; net_tx_pkt_do_sw_csum(pkt, &pkt->vec[NET_TX_PKT_L2HDR_FRAG], pkt->payload_frags + NET_TX_PKT_PL_START_FRAG - 1, pkt->payload_len); From decfde6b0e56d3872ec1a5acfafd30c0886fb847 Mon Sep 17 00:00:00 2001 From: Akihiko Odaki Date: Mon, 12 Feb 2024 23:04:35 +0900 Subject: [PATCH 4/5] tap-win32: Remove unnecessary stubs Some of them are only necessary for POSIX systems. The others are assigned to function pointers in NetClientInfo that can actually be NULL. Signed-off-by: Akihiko Odaki Signed-off-by: Jason Wang --- net/tap-win32.c | 54 ------------------------------------------------- 1 file changed, 54 deletions(-) diff --git a/net/tap-win32.c b/net/tap-win32.c index 7b8b4be02c..7edbd71633 100644 --- a/net/tap-win32.c +++ b/net/tap-win32.c @@ -707,70 +707,16 @@ static void tap_win32_send(void *opaque) } } -static bool tap_has_ufo(NetClientState *nc) -{ - return false; -} - -static bool tap_has_vnet_hdr(NetClientState *nc) -{ - return false; -} - -int tap_probe_vnet_hdr_len(int fd, int len) -{ - return 0; -} - -void tap_fd_set_vnet_hdr_len(int fd, int len) -{ -} - -int tap_fd_set_vnet_le(int fd, int is_le) -{ - return -EINVAL; -} - -int tap_fd_set_vnet_be(int fd, int is_be) -{ - return -EINVAL; -} - -static void tap_using_vnet_hdr(NetClientState *nc, bool using_vnet_hdr) -{ -} - -static void tap_set_offload(NetClientState *nc, int csum, int tso4, - int tso6, int ecn, int ufo, int uso4, int uso6) -{ -} - struct vhost_net *tap_get_vhost_net(NetClientState *nc) { return NULL; } -static bool tap_has_vnet_hdr_len(NetClientState *nc, int len) -{ - return false; -} - -static void tap_set_vnet_hdr_len(NetClientState *nc, int len) -{ - abort(); -} - static NetClientInfo net_tap_win32_info = { .type = NET_CLIENT_DRIVER_TAP, .size = sizeof(TAPState), .receive = tap_receive, .cleanup = tap_cleanup, - .has_ufo = tap_has_ufo, - .has_vnet_hdr = tap_has_vnet_hdr, - .has_vnet_hdr_len = tap_has_vnet_hdr_len, - .using_vnet_hdr = tap_using_vnet_hdr, - .set_offload = tap_set_offload, - .set_vnet_hdr_len = tap_set_vnet_hdr_len, }; static int tap_win32_init(NetClientState *peer, const char *model, From d9b33018a0da51eddceb48c42345cfb351065f3e Mon Sep 17 00:00:00 2001 From: Akihiko Odaki Date: Thu, 21 Sep 2023 18:37:59 +0900 Subject: [PATCH 5/5] Revert "tap: setting error appropriately when calling net_init_tap_one()" This reverts commit 46d4d36d0bf2b24b205f2f604f0905db80264eef. The reverted commit changed to emit warnings instead of errors when vhost is requested but vhost initialization fails if vhostforce option is not set. However, vhostforce is not meant to ignore vhost errors. It was once introduced as an option to commit 5430a28fe4 ("vhost: force vhost off for non-MSI guests") to force enabling vhost for non-MSI guests, which will have worse performance with vhost. The option was deprecated with commit 1e7398a140 ("vhost: enable vhost without without MSI-X") and changed to behave identical with the vhost option for compatibility. Worse, commit bf769f742c ("virtio: del net client if net_init_tap_one failed") changed to delete the client when vhost fails even when the failure only results in a warning. The leads to an assertion failure for the -netdev command line option. The reverted commit was intended to avoid that the vhost initialization failure won't result in a corrupted netdev. This problem should have been fixed by deleting netdev when the initialization fails instead of ignoring the failure with an arbitrary option. Fortunately, commit bf769f742c ("virtio: del net client if net_init_tap_one failed"), mentioned earlier, implements this behavior. Restore the correct semantics and fix the assertion failure for the -netdev command line option by reverting the problematic commit. Signed-off-by: Akihiko Odaki Signed-off-by: Jason Wang --- include/net/vhost_net.h | 3 --- net/tap.c | 22 +++++----------------- 2 files changed, 5 insertions(+), 20 deletions(-) diff --git a/include/net/vhost_net.h b/include/net/vhost_net.h index c37aba35e6..c6a5361a2a 100644 --- a/include/net/vhost_net.h +++ b/include/net/vhost_net.h @@ -4,9 +4,6 @@ #include "net/net.h" #include "hw/virtio/vhost-backend.h" -#define VHOST_NET_INIT_FAILED \ - "vhost-net requested but could not be initialized" - struct vhost_net; typedef struct vhost_net VHostNetState; diff --git a/net/tap.c b/net/tap.c index c698b70475..baaa2f7a9a 100644 --- a/net/tap.c +++ b/net/tap.c @@ -743,11 +743,7 @@ static void net_init_tap_one(const NetdevTapOptions *tap, NetClientState *peer, if (vhostfdname) { vhostfd = monitor_fd_param(monitor_cur(), vhostfdname, &err); if (vhostfd == -1) { - if (tap->has_vhostforce && tap->vhostforce) { - error_propagate(errp, err); - } else { - warn_report_err(err); - } + error_propagate(errp, err); goto failed; } if (!g_unix_set_fd_nonblocking(vhostfd, true, NULL)) { @@ -758,13 +754,8 @@ static void net_init_tap_one(const NetdevTapOptions *tap, NetClientState *peer, } else { vhostfd = open("/dev/vhost-net", O_RDWR); if (vhostfd < 0) { - if (tap->has_vhostforce && tap->vhostforce) { - error_setg_errno(errp, errno, - "tap: open vhost char device failed"); - } else { - warn_report("tap: open vhost char device failed: %s", - strerror(errno)); - } + error_setg_errno(errp, errno, + "tap: open vhost char device failed"); goto failed; } if (!g_unix_set_fd_nonblocking(vhostfd, true, NULL)) { @@ -777,11 +768,8 @@ static void net_init_tap_one(const NetdevTapOptions *tap, NetClientState *peer, s->vhost_net = vhost_net_init(&options); if (!s->vhost_net) { - if (tap->has_vhostforce && tap->vhostforce) { - error_setg(errp, VHOST_NET_INIT_FAILED); - } else { - warn_report(VHOST_NET_INIT_FAILED); - } + error_setg(errp, + "vhost-net requested but could not be initialized"); goto failed; } } else if (vhostfdname) {