xref: /openbmc/qemu/hw/net/virtio-net.c (revision 0806b30c8dff64e944456aa15bdc6957384e29a8)
1 /*
2  * Virtio Network Device
3  *
4  * Copyright IBM, Corp. 2007
5  *
6  * Authors:
7  *  Anthony Liguori   <aliguori@us.ibm.com>
8  *
9  * This work is licensed under the terms of the GNU GPL, version 2.  See
10  * the COPYING file in the top-level directory.
11  *
12  */
13 
14 #include "qemu/osdep.h"
15 #include "qemu/iov.h"
16 #include "hw/virtio/virtio.h"
17 #include "net/net.h"
18 #include "net/checksum.h"
19 #include "net/tap.h"
20 #include "qemu/error-report.h"
21 #include "qemu/timer.h"
22 #include "hw/virtio/virtio-net.h"
23 #include "net/vhost_net.h"
24 #include "hw/virtio/virtio-bus.h"
25 #include "qapi/qmp/qjson.h"
26 #include "qapi-event.h"
27 #include "hw/virtio/virtio-access.h"
28 
29 #define VIRTIO_NET_VM_VERSION    11
30 
31 #define MAC_TABLE_ENTRIES    64
32 #define MAX_VLAN    (1 << 12)   /* Per 802.1Q definition */
33 
34 /* previously fixed value */
35 #define VIRTIO_NET_RX_QUEUE_DEFAULT_SIZE 256
36 /* for now, only allow larger queues; with virtio-1, guest can downsize */
37 #define VIRTIO_NET_RX_QUEUE_MIN_SIZE VIRTIO_NET_RX_QUEUE_DEFAULT_SIZE
38 
39 /*
40  * Calculate the number of bytes up to and including the given 'field' of
41  * 'container'.
42  */
43 #define endof(container, field) \
44     (offsetof(container, field) + sizeof(((container *)0)->field))
45 
46 typedef struct VirtIOFeature {
47     uint32_t flags;
48     size_t end;
49 } VirtIOFeature;
50 
51 static VirtIOFeature feature_sizes[] = {
52     {.flags = 1 << VIRTIO_NET_F_MAC,
53      .end = endof(struct virtio_net_config, mac)},
54     {.flags = 1 << VIRTIO_NET_F_STATUS,
55      .end = endof(struct virtio_net_config, status)},
56     {.flags = 1 << VIRTIO_NET_F_MQ,
57      .end = endof(struct virtio_net_config, max_virtqueue_pairs)},
58     {.flags = 1 << VIRTIO_NET_F_MTU,
59      .end = endof(struct virtio_net_config, mtu)},
60     {}
61 };
62 
63 static VirtIONetQueue *virtio_net_get_subqueue(NetClientState *nc)
64 {
65     VirtIONet *n = qemu_get_nic_opaque(nc);
66 
67     return &n->vqs[nc->queue_index];
68 }
69 
70 static int vq2q(int queue_index)
71 {
72     return queue_index / 2;
73 }
74 
75 /* TODO
76  * - we could suppress RX interrupt if we were so inclined.
77  */
78 
79 static void virtio_net_get_config(VirtIODevice *vdev, uint8_t *config)
80 {
81     VirtIONet *n = VIRTIO_NET(vdev);
82     struct virtio_net_config netcfg;
83 
84     virtio_stw_p(vdev, &netcfg.status, n->status);
85     virtio_stw_p(vdev, &netcfg.max_virtqueue_pairs, n->max_queues);
86     virtio_stw_p(vdev, &netcfg.mtu, n->net_conf.mtu);
87     memcpy(netcfg.mac, n->mac, ETH_ALEN);
88     memcpy(config, &netcfg, n->config_size);
89 }
90 
91 static void virtio_net_set_config(VirtIODevice *vdev, const uint8_t *config)
92 {
93     VirtIONet *n = VIRTIO_NET(vdev);
94     struct virtio_net_config netcfg = {};
95 
96     memcpy(&netcfg, config, n->config_size);
97 
98     if (!virtio_vdev_has_feature(vdev, VIRTIO_NET_F_CTRL_MAC_ADDR) &&
99         !virtio_vdev_has_feature(vdev, VIRTIO_F_VERSION_1) &&
100         memcmp(netcfg.mac, n->mac, ETH_ALEN)) {
101         memcpy(n->mac, netcfg.mac, ETH_ALEN);
102         qemu_format_nic_info_str(qemu_get_queue(n->nic), n->mac);
103     }
104 }
105 
106 static bool virtio_net_started(VirtIONet *n, uint8_t status)
107 {
108     VirtIODevice *vdev = VIRTIO_DEVICE(n);
109     return (status & VIRTIO_CONFIG_S_DRIVER_OK) &&
110         (n->status & VIRTIO_NET_S_LINK_UP) && vdev->vm_running;
111 }
112 
113 static void virtio_net_announce_timer(void *opaque)
114 {
115     VirtIONet *n = opaque;
116     VirtIODevice *vdev = VIRTIO_DEVICE(n);
117 
118     n->announce_counter--;
119     n->status |= VIRTIO_NET_S_ANNOUNCE;
120     virtio_notify_config(vdev);
121 }
122 
123 static void virtio_net_vhost_status(VirtIONet *n, uint8_t status)
124 {
125     VirtIODevice *vdev = VIRTIO_DEVICE(n);
126     NetClientState *nc = qemu_get_queue(n->nic);
127     int queues = n->multiqueue ? n->max_queues : 1;
128 
129     if (!get_vhost_net(nc->peer)) {
130         return;
131     }
132 
133     if ((virtio_net_started(n, status) && !nc->peer->link_down) ==
134         !!n->vhost_started) {
135         return;
136     }
137     if (!n->vhost_started) {
138         int r, i;
139 
140         if (n->needs_vnet_hdr_swap) {
141             error_report("backend does not support %s vnet headers; "
142                          "falling back on userspace virtio",
143                          virtio_is_big_endian(vdev) ? "BE" : "LE");
144             return;
145         }
146 
147         /* Any packets outstanding? Purge them to avoid touching rings
148          * when vhost is running.
149          */
150         for (i = 0;  i < queues; i++) {
151             NetClientState *qnc = qemu_get_subqueue(n->nic, i);
152 
153             /* Purge both directions: TX and RX. */
154             qemu_net_queue_purge(qnc->peer->incoming_queue, qnc);
155             qemu_net_queue_purge(qnc->incoming_queue, qnc->peer);
156         }
157 
158         if (virtio_has_feature(vdev->guest_features, VIRTIO_NET_F_MTU)) {
159             r = vhost_net_set_mtu(get_vhost_net(nc->peer), n->net_conf.mtu);
160             if (r < 0) {
161                 error_report("%uBytes MTU not supported by the backend",
162                              n->net_conf.mtu);
163 
164                 return;
165             }
166         }
167 
168         n->vhost_started = 1;
169         r = vhost_net_start(vdev, n->nic->ncs, queues);
170         if (r < 0) {
171             error_report("unable to start vhost net: %d: "
172                          "falling back on userspace virtio", -r);
173             n->vhost_started = 0;
174         }
175     } else {
176         vhost_net_stop(vdev, n->nic->ncs, queues);
177         n->vhost_started = 0;
178     }
179 }
180 
181 static int virtio_net_set_vnet_endian_one(VirtIODevice *vdev,
182                                           NetClientState *peer,
183                                           bool enable)
184 {
185     if (virtio_is_big_endian(vdev)) {
186         return qemu_set_vnet_be(peer, enable);
187     } else {
188         return qemu_set_vnet_le(peer, enable);
189     }
190 }
191 
192 static bool virtio_net_set_vnet_endian(VirtIODevice *vdev, NetClientState *ncs,
193                                        int queues, bool enable)
194 {
195     int i;
196 
197     for (i = 0; i < queues; i++) {
198         if (virtio_net_set_vnet_endian_one(vdev, ncs[i].peer, enable) < 0 &&
199             enable) {
200             while (--i >= 0) {
201                 virtio_net_set_vnet_endian_one(vdev, ncs[i].peer, false);
202             }
203 
204             return true;
205         }
206     }
207 
208     return false;
209 }
210 
211 static void virtio_net_vnet_endian_status(VirtIONet *n, uint8_t status)
212 {
213     VirtIODevice *vdev = VIRTIO_DEVICE(n);
214     int queues = n->multiqueue ? n->max_queues : 1;
215 
216     if (virtio_net_started(n, status)) {
217         /* Before using the device, we tell the network backend about the
218          * endianness to use when parsing vnet headers. If the backend
219          * can't do it, we fallback onto fixing the headers in the core
220          * virtio-net code.
221          */
222         n->needs_vnet_hdr_swap = virtio_net_set_vnet_endian(vdev, n->nic->ncs,
223                                                             queues, true);
224     } else if (virtio_net_started(n, vdev->status)) {
225         /* After using the device, we need to reset the network backend to
226          * the default (guest native endianness), otherwise the guest may
227          * lose network connectivity if it is rebooted into a different
228          * endianness.
229          */
230         virtio_net_set_vnet_endian(vdev, n->nic->ncs, queues, false);
231     }
232 }
233 
234 static void virtio_net_drop_tx_queue_data(VirtIODevice *vdev, VirtQueue *vq)
235 {
236     unsigned int dropped = virtqueue_drop_all(vq);
237     if (dropped) {
238         virtio_notify(vdev, vq);
239     }
240 }
241 
242 static void virtio_net_set_status(struct VirtIODevice *vdev, uint8_t status)
243 {
244     VirtIONet *n = VIRTIO_NET(vdev);
245     VirtIONetQueue *q;
246     int i;
247     uint8_t queue_status;
248 
249     virtio_net_vnet_endian_status(n, status);
250     virtio_net_vhost_status(n, status);
251 
252     for (i = 0; i < n->max_queues; i++) {
253         NetClientState *ncs = qemu_get_subqueue(n->nic, i);
254         bool queue_started;
255         q = &n->vqs[i];
256 
257         if ((!n->multiqueue && i != 0) || i >= n->curr_queues) {
258             queue_status = 0;
259         } else {
260             queue_status = status;
261         }
262         queue_started =
263             virtio_net_started(n, queue_status) && !n->vhost_started;
264 
265         if (queue_started) {
266             qemu_flush_queued_packets(ncs);
267         }
268 
269         if (!q->tx_waiting) {
270             continue;
271         }
272 
273         if (queue_started) {
274             if (q->tx_timer) {
275                 timer_mod(q->tx_timer,
276                                qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL) + n->tx_timeout);
277             } else {
278                 qemu_bh_schedule(q->tx_bh);
279             }
280         } else {
281             if (q->tx_timer) {
282                 timer_del(q->tx_timer);
283             } else {
284                 qemu_bh_cancel(q->tx_bh);
285             }
286             if ((n->status & VIRTIO_NET_S_LINK_UP) == 0 &&
287                 (queue_status & VIRTIO_CONFIG_S_DRIVER_OK)) {
288                 /* if tx is waiting we are likely have some packets in tx queue
289                  * and disabled notification */
290                 q->tx_waiting = 0;
291                 virtio_queue_set_notification(q->tx_vq, 1);
292                 virtio_net_drop_tx_queue_data(vdev, q->tx_vq);
293             }
294         }
295     }
296 }
297 
298 static void virtio_net_set_link_status(NetClientState *nc)
299 {
300     VirtIONet *n = qemu_get_nic_opaque(nc);
301     VirtIODevice *vdev = VIRTIO_DEVICE(n);
302     uint16_t old_status = n->status;
303 
304     if (nc->link_down)
305         n->status &= ~VIRTIO_NET_S_LINK_UP;
306     else
307         n->status |= VIRTIO_NET_S_LINK_UP;
308 
309     if (n->status != old_status)
310         virtio_notify_config(vdev);
311 
312     virtio_net_set_status(vdev, vdev->status);
313 }
314 
315 static void rxfilter_notify(NetClientState *nc)
316 {
317     VirtIONet *n = qemu_get_nic_opaque(nc);
318 
319     if (nc->rxfilter_notify_enabled) {
320         gchar *path = object_get_canonical_path(OBJECT(n->qdev));
321         qapi_event_send_nic_rx_filter_changed(!!n->netclient_name,
322                                               n->netclient_name, path, &error_abort);
323         g_free(path);
324 
325         /* disable event notification to avoid events flooding */
326         nc->rxfilter_notify_enabled = 0;
327     }
328 }
329 
330 static intList *get_vlan_table(VirtIONet *n)
331 {
332     intList *list, *entry;
333     int i, j;
334 
335     list = NULL;
336     for (i = 0; i < MAX_VLAN >> 5; i++) {
337         for (j = 0; n->vlans[i] && j <= 0x1f; j++) {
338             if (n->vlans[i] & (1U << j)) {
339                 entry = g_malloc0(sizeof(*entry));
340                 entry->value = (i << 5) + j;
341                 entry->next = list;
342                 list = entry;
343             }
344         }
345     }
346 
347     return list;
348 }
349 
350 static RxFilterInfo *virtio_net_query_rxfilter(NetClientState *nc)
351 {
352     VirtIONet *n = qemu_get_nic_opaque(nc);
353     VirtIODevice *vdev = VIRTIO_DEVICE(n);
354     RxFilterInfo *info;
355     strList *str_list, *entry;
356     int i;
357 
358     info = g_malloc0(sizeof(*info));
359     info->name = g_strdup(nc->name);
360     info->promiscuous = n->promisc;
361 
362     if (n->nouni) {
363         info->unicast = RX_STATE_NONE;
364     } else if (n->alluni) {
365         info->unicast = RX_STATE_ALL;
366     } else {
367         info->unicast = RX_STATE_NORMAL;
368     }
369 
370     if (n->nomulti) {
371         info->multicast = RX_STATE_NONE;
372     } else if (n->allmulti) {
373         info->multicast = RX_STATE_ALL;
374     } else {
375         info->multicast = RX_STATE_NORMAL;
376     }
377 
378     info->broadcast_allowed = n->nobcast;
379     info->multicast_overflow = n->mac_table.multi_overflow;
380     info->unicast_overflow = n->mac_table.uni_overflow;
381 
382     info->main_mac = qemu_mac_strdup_printf(n->mac);
383 
384     str_list = NULL;
385     for (i = 0; i < n->mac_table.first_multi; i++) {
386         entry = g_malloc0(sizeof(*entry));
387         entry->value = qemu_mac_strdup_printf(n->mac_table.macs + i * ETH_ALEN);
388         entry->next = str_list;
389         str_list = entry;
390     }
391     info->unicast_table = str_list;
392 
393     str_list = NULL;
394     for (i = n->mac_table.first_multi; i < n->mac_table.in_use; i++) {
395         entry = g_malloc0(sizeof(*entry));
396         entry->value = qemu_mac_strdup_printf(n->mac_table.macs + i * ETH_ALEN);
397         entry->next = str_list;
398         str_list = entry;
399     }
400     info->multicast_table = str_list;
401     info->vlan_table = get_vlan_table(n);
402 
403     if (!virtio_vdev_has_feature(vdev, VIRTIO_NET_F_CTRL_VLAN)) {
404         info->vlan = RX_STATE_ALL;
405     } else if (!info->vlan_table) {
406         info->vlan = RX_STATE_NONE;
407     } else {
408         info->vlan = RX_STATE_NORMAL;
409     }
410 
411     /* enable event notification after query */
412     nc->rxfilter_notify_enabled = 1;
413 
414     return info;
415 }
416 
417 static void virtio_net_reset(VirtIODevice *vdev)
418 {
419     VirtIONet *n = VIRTIO_NET(vdev);
420 
421     /* Reset back to compatibility mode */
422     n->promisc = 1;
423     n->allmulti = 0;
424     n->alluni = 0;
425     n->nomulti = 0;
426     n->nouni = 0;
427     n->nobcast = 0;
428     /* multiqueue is disabled by default */
429     n->curr_queues = 1;
430     timer_del(n->announce_timer);
431     n->announce_counter = 0;
432     n->status &= ~VIRTIO_NET_S_ANNOUNCE;
433 
434     /* Flush any MAC and VLAN filter table state */
435     n->mac_table.in_use = 0;
436     n->mac_table.first_multi = 0;
437     n->mac_table.multi_overflow = 0;
438     n->mac_table.uni_overflow = 0;
439     memset(n->mac_table.macs, 0, MAC_TABLE_ENTRIES * ETH_ALEN);
440     memcpy(&n->mac[0], &n->nic->conf->macaddr, sizeof(n->mac));
441     qemu_format_nic_info_str(qemu_get_queue(n->nic), n->mac);
442     memset(n->vlans, 0, MAX_VLAN >> 3);
443 }
444 
445 static void peer_test_vnet_hdr(VirtIONet *n)
446 {
447     NetClientState *nc = qemu_get_queue(n->nic);
448     if (!nc->peer) {
449         return;
450     }
451 
452     n->has_vnet_hdr = qemu_has_vnet_hdr(nc->peer);
453 }
454 
455 static int peer_has_vnet_hdr(VirtIONet *n)
456 {
457     return n->has_vnet_hdr;
458 }
459 
460 static int peer_has_ufo(VirtIONet *n)
461 {
462     if (!peer_has_vnet_hdr(n))
463         return 0;
464 
465     n->has_ufo = qemu_has_ufo(qemu_get_queue(n->nic)->peer);
466 
467     return n->has_ufo;
468 }
469 
470 static void virtio_net_set_mrg_rx_bufs(VirtIONet *n, int mergeable_rx_bufs,
471                                        int version_1)
472 {
473     int i;
474     NetClientState *nc;
475 
476     n->mergeable_rx_bufs = mergeable_rx_bufs;
477 
478     if (version_1) {
479         n->guest_hdr_len = sizeof(struct virtio_net_hdr_mrg_rxbuf);
480     } else {
481         n->guest_hdr_len = n->mergeable_rx_bufs ?
482             sizeof(struct virtio_net_hdr_mrg_rxbuf) :
483             sizeof(struct virtio_net_hdr);
484     }
485 
486     for (i = 0; i < n->max_queues; i++) {
487         nc = qemu_get_subqueue(n->nic, i);
488 
489         if (peer_has_vnet_hdr(n) &&
490             qemu_has_vnet_hdr_len(nc->peer, n->guest_hdr_len)) {
491             qemu_set_vnet_hdr_len(nc->peer, n->guest_hdr_len);
492             n->host_hdr_len = n->guest_hdr_len;
493         }
494     }
495 }
496 
497 static int peer_attach(VirtIONet *n, int index)
498 {
499     NetClientState *nc = qemu_get_subqueue(n->nic, index);
500 
501     if (!nc->peer) {
502         return 0;
503     }
504 
505     if (nc->peer->info->type == NET_CLIENT_DRIVER_VHOST_USER) {
506         vhost_set_vring_enable(nc->peer, 1);
507     }
508 
509     if (nc->peer->info->type != NET_CLIENT_DRIVER_TAP) {
510         return 0;
511     }
512 
513     if (n->max_queues == 1) {
514         return 0;
515     }
516 
517     return tap_enable(nc->peer);
518 }
519 
520 static int peer_detach(VirtIONet *n, int index)
521 {
522     NetClientState *nc = qemu_get_subqueue(n->nic, index);
523 
524     if (!nc->peer) {
525         return 0;
526     }
527 
528     if (nc->peer->info->type == NET_CLIENT_DRIVER_VHOST_USER) {
529         vhost_set_vring_enable(nc->peer, 0);
530     }
531 
532     if (nc->peer->info->type !=  NET_CLIENT_DRIVER_TAP) {
533         return 0;
534     }
535 
536     return tap_disable(nc->peer);
537 }
538 
539 static void virtio_net_set_queues(VirtIONet *n)
540 {
541     int i;
542     int r;
543 
544     if (n->nic->peer_deleted) {
545         return;
546     }
547 
548     for (i = 0; i < n->max_queues; i++) {
549         if (i < n->curr_queues) {
550             r = peer_attach(n, i);
551             assert(!r);
552         } else {
553             r = peer_detach(n, i);
554             assert(!r);
555         }
556     }
557 }
558 
559 static void virtio_net_set_multiqueue(VirtIONet *n, int multiqueue);
560 
561 static uint64_t virtio_net_get_features(VirtIODevice *vdev, uint64_t features,
562                                         Error **errp)
563 {
564     VirtIONet *n = VIRTIO_NET(vdev);
565     NetClientState *nc = qemu_get_queue(n->nic);
566 
567     /* Firstly sync all virtio-net possible supported features */
568     features |= n->host_features;
569 
570     virtio_add_feature(&features, VIRTIO_NET_F_MAC);
571 
572     if (!peer_has_vnet_hdr(n)) {
573         virtio_clear_feature(&features, VIRTIO_NET_F_CSUM);
574         virtio_clear_feature(&features, VIRTIO_NET_F_HOST_TSO4);
575         virtio_clear_feature(&features, VIRTIO_NET_F_HOST_TSO6);
576         virtio_clear_feature(&features, VIRTIO_NET_F_HOST_ECN);
577 
578         virtio_clear_feature(&features, VIRTIO_NET_F_GUEST_CSUM);
579         virtio_clear_feature(&features, VIRTIO_NET_F_GUEST_TSO4);
580         virtio_clear_feature(&features, VIRTIO_NET_F_GUEST_TSO6);
581         virtio_clear_feature(&features, VIRTIO_NET_F_GUEST_ECN);
582     }
583 
584     if (!peer_has_vnet_hdr(n) || !peer_has_ufo(n)) {
585         virtio_clear_feature(&features, VIRTIO_NET_F_GUEST_UFO);
586         virtio_clear_feature(&features, VIRTIO_NET_F_HOST_UFO);
587     }
588 
589     if (!get_vhost_net(nc->peer)) {
590         return features;
591     }
592     return vhost_net_get_features(get_vhost_net(nc->peer), features);
593 }
594 
595 static uint64_t virtio_net_bad_features(VirtIODevice *vdev)
596 {
597     uint64_t features = 0;
598 
599     /* Linux kernel 2.6.25.  It understood MAC (as everyone must),
600      * but also these: */
601     virtio_add_feature(&features, VIRTIO_NET_F_MAC);
602     virtio_add_feature(&features, VIRTIO_NET_F_CSUM);
603     virtio_add_feature(&features, VIRTIO_NET_F_HOST_TSO4);
604     virtio_add_feature(&features, VIRTIO_NET_F_HOST_TSO6);
605     virtio_add_feature(&features, VIRTIO_NET_F_HOST_ECN);
606 
607     return features;
608 }
609 
610 static void virtio_net_apply_guest_offloads(VirtIONet *n)
611 {
612     qemu_set_offload(qemu_get_queue(n->nic)->peer,
613             !!(n->curr_guest_offloads & (1ULL << VIRTIO_NET_F_GUEST_CSUM)),
614             !!(n->curr_guest_offloads & (1ULL << VIRTIO_NET_F_GUEST_TSO4)),
615             !!(n->curr_guest_offloads & (1ULL << VIRTIO_NET_F_GUEST_TSO6)),
616             !!(n->curr_guest_offloads & (1ULL << VIRTIO_NET_F_GUEST_ECN)),
617             !!(n->curr_guest_offloads & (1ULL << VIRTIO_NET_F_GUEST_UFO)));
618 }
619 
620 static uint64_t virtio_net_guest_offloads_by_features(uint32_t features)
621 {
622     static const uint64_t guest_offloads_mask =
623         (1ULL << VIRTIO_NET_F_GUEST_CSUM) |
624         (1ULL << VIRTIO_NET_F_GUEST_TSO4) |
625         (1ULL << VIRTIO_NET_F_GUEST_TSO6) |
626         (1ULL << VIRTIO_NET_F_GUEST_ECN)  |
627         (1ULL << VIRTIO_NET_F_GUEST_UFO);
628 
629     return guest_offloads_mask & features;
630 }
631 
632 static inline uint64_t virtio_net_supported_guest_offloads(VirtIONet *n)
633 {
634     VirtIODevice *vdev = VIRTIO_DEVICE(n);
635     return virtio_net_guest_offloads_by_features(vdev->guest_features);
636 }
637 
638 static void virtio_net_set_features(VirtIODevice *vdev, uint64_t features)
639 {
640     VirtIONet *n = VIRTIO_NET(vdev);
641     int i;
642 
643     virtio_net_set_multiqueue(n,
644                               virtio_has_feature(features, VIRTIO_NET_F_MQ));
645 
646     virtio_net_set_mrg_rx_bufs(n,
647                                virtio_has_feature(features,
648                                                   VIRTIO_NET_F_MRG_RXBUF),
649                                virtio_has_feature(features,
650                                                   VIRTIO_F_VERSION_1));
651 
652     if (n->has_vnet_hdr) {
653         n->curr_guest_offloads =
654             virtio_net_guest_offloads_by_features(features);
655         virtio_net_apply_guest_offloads(n);
656     }
657 
658     for (i = 0;  i < n->max_queues; i++) {
659         NetClientState *nc = qemu_get_subqueue(n->nic, i);
660 
661         if (!get_vhost_net(nc->peer)) {
662             continue;
663         }
664         vhost_net_ack_features(get_vhost_net(nc->peer), features);
665     }
666 
667     if (virtio_has_feature(features, VIRTIO_NET_F_CTRL_VLAN)) {
668         memset(n->vlans, 0, MAX_VLAN >> 3);
669     } else {
670         memset(n->vlans, 0xff, MAX_VLAN >> 3);
671     }
672 }
673 
674 static int virtio_net_handle_rx_mode(VirtIONet *n, uint8_t cmd,
675                                      struct iovec *iov, unsigned int iov_cnt)
676 {
677     uint8_t on;
678     size_t s;
679     NetClientState *nc = qemu_get_queue(n->nic);
680 
681     s = iov_to_buf(iov, iov_cnt, 0, &on, sizeof(on));
682     if (s != sizeof(on)) {
683         return VIRTIO_NET_ERR;
684     }
685 
686     if (cmd == VIRTIO_NET_CTRL_RX_PROMISC) {
687         n->promisc = on;
688     } else if (cmd == VIRTIO_NET_CTRL_RX_ALLMULTI) {
689         n->allmulti = on;
690     } else if (cmd == VIRTIO_NET_CTRL_RX_ALLUNI) {
691         n->alluni = on;
692     } else if (cmd == VIRTIO_NET_CTRL_RX_NOMULTI) {
693         n->nomulti = on;
694     } else if (cmd == VIRTIO_NET_CTRL_RX_NOUNI) {
695         n->nouni = on;
696     } else if (cmd == VIRTIO_NET_CTRL_RX_NOBCAST) {
697         n->nobcast = on;
698     } else {
699         return VIRTIO_NET_ERR;
700     }
701 
702     rxfilter_notify(nc);
703 
704     return VIRTIO_NET_OK;
705 }
706 
707 static int virtio_net_handle_offloads(VirtIONet *n, uint8_t cmd,
708                                      struct iovec *iov, unsigned int iov_cnt)
709 {
710     VirtIODevice *vdev = VIRTIO_DEVICE(n);
711     uint64_t offloads;
712     size_t s;
713 
714     if (!virtio_vdev_has_feature(vdev, VIRTIO_NET_F_CTRL_GUEST_OFFLOADS)) {
715         return VIRTIO_NET_ERR;
716     }
717 
718     s = iov_to_buf(iov, iov_cnt, 0, &offloads, sizeof(offloads));
719     if (s != sizeof(offloads)) {
720         return VIRTIO_NET_ERR;
721     }
722 
723     if (cmd == VIRTIO_NET_CTRL_GUEST_OFFLOADS_SET) {
724         uint64_t supported_offloads;
725 
726         if (!n->has_vnet_hdr) {
727             return VIRTIO_NET_ERR;
728         }
729 
730         supported_offloads = virtio_net_supported_guest_offloads(n);
731         if (offloads & ~supported_offloads) {
732             return VIRTIO_NET_ERR;
733         }
734 
735         n->curr_guest_offloads = offloads;
736         virtio_net_apply_guest_offloads(n);
737 
738         return VIRTIO_NET_OK;
739     } else {
740         return VIRTIO_NET_ERR;
741     }
742 }
743 
744 static int virtio_net_handle_mac(VirtIONet *n, uint8_t cmd,
745                                  struct iovec *iov, unsigned int iov_cnt)
746 {
747     VirtIODevice *vdev = VIRTIO_DEVICE(n);
748     struct virtio_net_ctrl_mac mac_data;
749     size_t s;
750     NetClientState *nc = qemu_get_queue(n->nic);
751 
752     if (cmd == VIRTIO_NET_CTRL_MAC_ADDR_SET) {
753         if (iov_size(iov, iov_cnt) != sizeof(n->mac)) {
754             return VIRTIO_NET_ERR;
755         }
756         s = iov_to_buf(iov, iov_cnt, 0, &n->mac, sizeof(n->mac));
757         assert(s == sizeof(n->mac));
758         qemu_format_nic_info_str(qemu_get_queue(n->nic), n->mac);
759         rxfilter_notify(nc);
760 
761         return VIRTIO_NET_OK;
762     }
763 
764     if (cmd != VIRTIO_NET_CTRL_MAC_TABLE_SET) {
765         return VIRTIO_NET_ERR;
766     }
767 
768     int in_use = 0;
769     int first_multi = 0;
770     uint8_t uni_overflow = 0;
771     uint8_t multi_overflow = 0;
772     uint8_t *macs = g_malloc0(MAC_TABLE_ENTRIES * ETH_ALEN);
773 
774     s = iov_to_buf(iov, iov_cnt, 0, &mac_data.entries,
775                    sizeof(mac_data.entries));
776     mac_data.entries = virtio_ldl_p(vdev, &mac_data.entries);
777     if (s != sizeof(mac_data.entries)) {
778         goto error;
779     }
780     iov_discard_front(&iov, &iov_cnt, s);
781 
782     if (mac_data.entries * ETH_ALEN > iov_size(iov, iov_cnt)) {
783         goto error;
784     }
785 
786     if (mac_data.entries <= MAC_TABLE_ENTRIES) {
787         s = iov_to_buf(iov, iov_cnt, 0, macs,
788                        mac_data.entries * ETH_ALEN);
789         if (s != mac_data.entries * ETH_ALEN) {
790             goto error;
791         }
792         in_use += mac_data.entries;
793     } else {
794         uni_overflow = 1;
795     }
796 
797     iov_discard_front(&iov, &iov_cnt, mac_data.entries * ETH_ALEN);
798 
799     first_multi = in_use;
800 
801     s = iov_to_buf(iov, iov_cnt, 0, &mac_data.entries,
802                    sizeof(mac_data.entries));
803     mac_data.entries = virtio_ldl_p(vdev, &mac_data.entries);
804     if (s != sizeof(mac_data.entries)) {
805         goto error;
806     }
807 
808     iov_discard_front(&iov, &iov_cnt, s);
809 
810     if (mac_data.entries * ETH_ALEN != iov_size(iov, iov_cnt)) {
811         goto error;
812     }
813 
814     if (mac_data.entries <= MAC_TABLE_ENTRIES - in_use) {
815         s = iov_to_buf(iov, iov_cnt, 0, &macs[in_use * ETH_ALEN],
816                        mac_data.entries * ETH_ALEN);
817         if (s != mac_data.entries * ETH_ALEN) {
818             goto error;
819         }
820         in_use += mac_data.entries;
821     } else {
822         multi_overflow = 1;
823     }
824 
825     n->mac_table.in_use = in_use;
826     n->mac_table.first_multi = first_multi;
827     n->mac_table.uni_overflow = uni_overflow;
828     n->mac_table.multi_overflow = multi_overflow;
829     memcpy(n->mac_table.macs, macs, MAC_TABLE_ENTRIES * ETH_ALEN);
830     g_free(macs);
831     rxfilter_notify(nc);
832 
833     return VIRTIO_NET_OK;
834 
835 error:
836     g_free(macs);
837     return VIRTIO_NET_ERR;
838 }
839 
840 static int virtio_net_handle_vlan_table(VirtIONet *n, uint8_t cmd,
841                                         struct iovec *iov, unsigned int iov_cnt)
842 {
843     VirtIODevice *vdev = VIRTIO_DEVICE(n);
844     uint16_t vid;
845     size_t s;
846     NetClientState *nc = qemu_get_queue(n->nic);
847 
848     s = iov_to_buf(iov, iov_cnt, 0, &vid, sizeof(vid));
849     vid = virtio_lduw_p(vdev, &vid);
850     if (s != sizeof(vid)) {
851         return VIRTIO_NET_ERR;
852     }
853 
854     if (vid >= MAX_VLAN)
855         return VIRTIO_NET_ERR;
856 
857     if (cmd == VIRTIO_NET_CTRL_VLAN_ADD)
858         n->vlans[vid >> 5] |= (1U << (vid & 0x1f));
859     else if (cmd == VIRTIO_NET_CTRL_VLAN_DEL)
860         n->vlans[vid >> 5] &= ~(1U << (vid & 0x1f));
861     else
862         return VIRTIO_NET_ERR;
863 
864     rxfilter_notify(nc);
865 
866     return VIRTIO_NET_OK;
867 }
868 
869 static int virtio_net_handle_announce(VirtIONet *n, uint8_t cmd,
870                                       struct iovec *iov, unsigned int iov_cnt)
871 {
872     if (cmd == VIRTIO_NET_CTRL_ANNOUNCE_ACK &&
873         n->status & VIRTIO_NET_S_ANNOUNCE) {
874         n->status &= ~VIRTIO_NET_S_ANNOUNCE;
875         if (n->announce_counter) {
876             timer_mod(n->announce_timer,
877                       qemu_clock_get_ms(QEMU_CLOCK_VIRTUAL) +
878                       self_announce_delay(n->announce_counter));
879         }
880         return VIRTIO_NET_OK;
881     } else {
882         return VIRTIO_NET_ERR;
883     }
884 }
885 
886 static int virtio_net_handle_mq(VirtIONet *n, uint8_t cmd,
887                                 struct iovec *iov, unsigned int iov_cnt)
888 {
889     VirtIODevice *vdev = VIRTIO_DEVICE(n);
890     struct virtio_net_ctrl_mq mq;
891     size_t s;
892     uint16_t queues;
893 
894     s = iov_to_buf(iov, iov_cnt, 0, &mq, sizeof(mq));
895     if (s != sizeof(mq)) {
896         return VIRTIO_NET_ERR;
897     }
898 
899     if (cmd != VIRTIO_NET_CTRL_MQ_VQ_PAIRS_SET) {
900         return VIRTIO_NET_ERR;
901     }
902 
903     queues = virtio_lduw_p(vdev, &mq.virtqueue_pairs);
904 
905     if (queues < VIRTIO_NET_CTRL_MQ_VQ_PAIRS_MIN ||
906         queues > VIRTIO_NET_CTRL_MQ_VQ_PAIRS_MAX ||
907         queues > n->max_queues ||
908         !n->multiqueue) {
909         return VIRTIO_NET_ERR;
910     }
911 
912     n->curr_queues = queues;
913     /* stop the backend before changing the number of queues to avoid handling a
914      * disabled queue */
915     virtio_net_set_status(vdev, vdev->status);
916     virtio_net_set_queues(n);
917 
918     return VIRTIO_NET_OK;
919 }
920 
921 static void virtio_net_handle_ctrl(VirtIODevice *vdev, VirtQueue *vq)
922 {
923     VirtIONet *n = VIRTIO_NET(vdev);
924     struct virtio_net_ctrl_hdr ctrl;
925     virtio_net_ctrl_ack status = VIRTIO_NET_ERR;
926     VirtQueueElement *elem;
927     size_t s;
928     struct iovec *iov, *iov2;
929     unsigned int iov_cnt;
930 
931     for (;;) {
932         elem = virtqueue_pop(vq, sizeof(VirtQueueElement));
933         if (!elem) {
934             break;
935         }
936         if (iov_size(elem->in_sg, elem->in_num) < sizeof(status) ||
937             iov_size(elem->out_sg, elem->out_num) < sizeof(ctrl)) {
938             virtio_error(vdev, "virtio-net ctrl missing headers");
939             virtqueue_detach_element(vq, elem, 0);
940             g_free(elem);
941             break;
942         }
943 
944         iov_cnt = elem->out_num;
945         iov2 = iov = g_memdup(elem->out_sg, sizeof(struct iovec) * elem->out_num);
946         s = iov_to_buf(iov, iov_cnt, 0, &ctrl, sizeof(ctrl));
947         iov_discard_front(&iov, &iov_cnt, sizeof(ctrl));
948         if (s != sizeof(ctrl)) {
949             status = VIRTIO_NET_ERR;
950         } else if (ctrl.class == VIRTIO_NET_CTRL_RX) {
951             status = virtio_net_handle_rx_mode(n, ctrl.cmd, iov, iov_cnt);
952         } else if (ctrl.class == VIRTIO_NET_CTRL_MAC) {
953             status = virtio_net_handle_mac(n, ctrl.cmd, iov, iov_cnt);
954         } else if (ctrl.class == VIRTIO_NET_CTRL_VLAN) {
955             status = virtio_net_handle_vlan_table(n, ctrl.cmd, iov, iov_cnt);
956         } else if (ctrl.class == VIRTIO_NET_CTRL_ANNOUNCE) {
957             status = virtio_net_handle_announce(n, ctrl.cmd, iov, iov_cnt);
958         } else if (ctrl.class == VIRTIO_NET_CTRL_MQ) {
959             status = virtio_net_handle_mq(n, ctrl.cmd, iov, iov_cnt);
960         } else if (ctrl.class == VIRTIO_NET_CTRL_GUEST_OFFLOADS) {
961             status = virtio_net_handle_offloads(n, ctrl.cmd, iov, iov_cnt);
962         }
963 
964         s = iov_from_buf(elem->in_sg, elem->in_num, 0, &status, sizeof(status));
965         assert(s == sizeof(status));
966 
967         virtqueue_push(vq, elem, sizeof(status));
968         virtio_notify(vdev, vq);
969         g_free(iov2);
970         g_free(elem);
971     }
972 }
973 
974 /* RX */
975 
976 static void virtio_net_handle_rx(VirtIODevice *vdev, VirtQueue *vq)
977 {
978     VirtIONet *n = VIRTIO_NET(vdev);
979     int queue_index = vq2q(virtio_get_queue_index(vq));
980 
981     qemu_flush_queued_packets(qemu_get_subqueue(n->nic, queue_index));
982 }
983 
984 static int virtio_net_can_receive(NetClientState *nc)
985 {
986     VirtIONet *n = qemu_get_nic_opaque(nc);
987     VirtIODevice *vdev = VIRTIO_DEVICE(n);
988     VirtIONetQueue *q = virtio_net_get_subqueue(nc);
989 
990     if (!vdev->vm_running) {
991         return 0;
992     }
993 
994     if (nc->queue_index >= n->curr_queues) {
995         return 0;
996     }
997 
998     if (!virtio_queue_ready(q->rx_vq) ||
999         !(vdev->status & VIRTIO_CONFIG_S_DRIVER_OK)) {
1000         return 0;
1001     }
1002 
1003     return 1;
1004 }
1005 
1006 static int virtio_net_has_buffers(VirtIONetQueue *q, int bufsize)
1007 {
1008     VirtIONet *n = q->n;
1009     if (virtio_queue_empty(q->rx_vq) ||
1010         (n->mergeable_rx_bufs &&
1011          !virtqueue_avail_bytes(q->rx_vq, bufsize, 0))) {
1012         virtio_queue_set_notification(q->rx_vq, 1);
1013 
1014         /* To avoid a race condition where the guest has made some buffers
1015          * available after the above check but before notification was
1016          * enabled, check for available buffers again.
1017          */
1018         if (virtio_queue_empty(q->rx_vq) ||
1019             (n->mergeable_rx_bufs &&
1020              !virtqueue_avail_bytes(q->rx_vq, bufsize, 0))) {
1021             return 0;
1022         }
1023     }
1024 
1025     virtio_queue_set_notification(q->rx_vq, 0);
1026     return 1;
1027 }
1028 
1029 static void virtio_net_hdr_swap(VirtIODevice *vdev, struct virtio_net_hdr *hdr)
1030 {
1031     virtio_tswap16s(vdev, &hdr->hdr_len);
1032     virtio_tswap16s(vdev, &hdr->gso_size);
1033     virtio_tswap16s(vdev, &hdr->csum_start);
1034     virtio_tswap16s(vdev, &hdr->csum_offset);
1035 }
1036 
1037 /* dhclient uses AF_PACKET but doesn't pass auxdata to the kernel so
1038  * it never finds out that the packets don't have valid checksums.  This
1039  * causes dhclient to get upset.  Fedora's carried a patch for ages to
1040  * fix this with Xen but it hasn't appeared in an upstream release of
1041  * dhclient yet.
1042  *
1043  * To avoid breaking existing guests, we catch udp packets and add
1044  * checksums.  This is terrible but it's better than hacking the guest
1045  * kernels.
1046  *
1047  * N.B. if we introduce a zero-copy API, this operation is no longer free so
1048  * we should provide a mechanism to disable it to avoid polluting the host
1049  * cache.
1050  */
1051 static void work_around_broken_dhclient(struct virtio_net_hdr *hdr,
1052                                         uint8_t *buf, size_t size)
1053 {
1054     if ((hdr->flags & VIRTIO_NET_HDR_F_NEEDS_CSUM) && /* missing csum */
1055         (size > 27 && size < 1500) && /* normal sized MTU */
1056         (buf[12] == 0x08 && buf[13] == 0x00) && /* ethertype == IPv4 */
1057         (buf[23] == 17) && /* ip.protocol == UDP */
1058         (buf[34] == 0 && buf[35] == 67)) { /* udp.srcport == bootps */
1059         net_checksum_calculate(buf, size);
1060         hdr->flags &= ~VIRTIO_NET_HDR_F_NEEDS_CSUM;
1061     }
1062 }
1063 
1064 static void receive_header(VirtIONet *n, const struct iovec *iov, int iov_cnt,
1065                            const void *buf, size_t size)
1066 {
1067     if (n->has_vnet_hdr) {
1068         /* FIXME this cast is evil */
1069         void *wbuf = (void *)buf;
1070         work_around_broken_dhclient(wbuf, wbuf + n->host_hdr_len,
1071                                     size - n->host_hdr_len);
1072 
1073         if (n->needs_vnet_hdr_swap) {
1074             virtio_net_hdr_swap(VIRTIO_DEVICE(n), wbuf);
1075         }
1076         iov_from_buf(iov, iov_cnt, 0, buf, sizeof(struct virtio_net_hdr));
1077     } else {
1078         struct virtio_net_hdr hdr = {
1079             .flags = 0,
1080             .gso_type = VIRTIO_NET_HDR_GSO_NONE
1081         };
1082         iov_from_buf(iov, iov_cnt, 0, &hdr, sizeof hdr);
1083     }
1084 }
1085 
1086 static int receive_filter(VirtIONet *n, const uint8_t *buf, int size)
1087 {
1088     static const uint8_t bcast[] = {0xff, 0xff, 0xff, 0xff, 0xff, 0xff};
1089     static const uint8_t vlan[] = {0x81, 0x00};
1090     uint8_t *ptr = (uint8_t *)buf;
1091     int i;
1092 
1093     if (n->promisc)
1094         return 1;
1095 
1096     ptr += n->host_hdr_len;
1097 
1098     if (!memcmp(&ptr[12], vlan, sizeof(vlan))) {
1099         int vid = lduw_be_p(ptr + 14) & 0xfff;
1100         if (!(n->vlans[vid >> 5] & (1U << (vid & 0x1f))))
1101             return 0;
1102     }
1103 
1104     if (ptr[0] & 1) { // multicast
1105         if (!memcmp(ptr, bcast, sizeof(bcast))) {
1106             return !n->nobcast;
1107         } else if (n->nomulti) {
1108             return 0;
1109         } else if (n->allmulti || n->mac_table.multi_overflow) {
1110             return 1;
1111         }
1112 
1113         for (i = n->mac_table.first_multi; i < n->mac_table.in_use; i++) {
1114             if (!memcmp(ptr, &n->mac_table.macs[i * ETH_ALEN], ETH_ALEN)) {
1115                 return 1;
1116             }
1117         }
1118     } else { // unicast
1119         if (n->nouni) {
1120             return 0;
1121         } else if (n->alluni || n->mac_table.uni_overflow) {
1122             return 1;
1123         } else if (!memcmp(ptr, n->mac, ETH_ALEN)) {
1124             return 1;
1125         }
1126 
1127         for (i = 0; i < n->mac_table.first_multi; i++) {
1128             if (!memcmp(ptr, &n->mac_table.macs[i * ETH_ALEN], ETH_ALEN)) {
1129                 return 1;
1130             }
1131         }
1132     }
1133 
1134     return 0;
1135 }
1136 
1137 static ssize_t virtio_net_receive_rcu(NetClientState *nc, const uint8_t *buf,
1138                                       size_t size)
1139 {
1140     VirtIONet *n = qemu_get_nic_opaque(nc);
1141     VirtIONetQueue *q = virtio_net_get_subqueue(nc);
1142     VirtIODevice *vdev = VIRTIO_DEVICE(n);
1143     struct iovec mhdr_sg[VIRTQUEUE_MAX_SIZE];
1144     struct virtio_net_hdr_mrg_rxbuf mhdr;
1145     unsigned mhdr_cnt = 0;
1146     size_t offset, i, guest_offset;
1147 
1148     if (!virtio_net_can_receive(nc)) {
1149         return -1;
1150     }
1151 
1152     /* hdr_len refers to the header we supply to the guest */
1153     if (!virtio_net_has_buffers(q, size + n->guest_hdr_len - n->host_hdr_len)) {
1154         return 0;
1155     }
1156 
1157     if (!receive_filter(n, buf, size))
1158         return size;
1159 
1160     offset = i = 0;
1161 
1162     while (offset < size) {
1163         VirtQueueElement *elem;
1164         int len, total;
1165         const struct iovec *sg;
1166 
1167         total = 0;
1168 
1169         elem = virtqueue_pop(q->rx_vq, sizeof(VirtQueueElement));
1170         if (!elem) {
1171             if (i) {
1172                 virtio_error(vdev, "virtio-net unexpected empty queue: "
1173                              "i %zd mergeable %d offset %zd, size %zd, "
1174                              "guest hdr len %zd, host hdr len %zd "
1175                              "guest features 0x%" PRIx64,
1176                              i, n->mergeable_rx_bufs, offset, size,
1177                              n->guest_hdr_len, n->host_hdr_len,
1178                              vdev->guest_features);
1179             }
1180             return -1;
1181         }
1182 
1183         if (elem->in_num < 1) {
1184             virtio_error(vdev,
1185                          "virtio-net receive queue contains no in buffers");
1186             virtqueue_detach_element(q->rx_vq, elem, 0);
1187             g_free(elem);
1188             return -1;
1189         }
1190 
1191         sg = elem->in_sg;
1192         if (i == 0) {
1193             assert(offset == 0);
1194             if (n->mergeable_rx_bufs) {
1195                 mhdr_cnt = iov_copy(mhdr_sg, ARRAY_SIZE(mhdr_sg),
1196                                     sg, elem->in_num,
1197                                     offsetof(typeof(mhdr), num_buffers),
1198                                     sizeof(mhdr.num_buffers));
1199             }
1200 
1201             receive_header(n, sg, elem->in_num, buf, size);
1202             offset = n->host_hdr_len;
1203             total += n->guest_hdr_len;
1204             guest_offset = n->guest_hdr_len;
1205         } else {
1206             guest_offset = 0;
1207         }
1208 
1209         /* copy in packet.  ugh */
1210         len = iov_from_buf(sg, elem->in_num, guest_offset,
1211                            buf + offset, size - offset);
1212         total += len;
1213         offset += len;
1214         /* If buffers can't be merged, at this point we
1215          * must have consumed the complete packet.
1216          * Otherwise, drop it. */
1217         if (!n->mergeable_rx_bufs && offset < size) {
1218             virtqueue_unpop(q->rx_vq, elem, total);
1219             g_free(elem);
1220             return size;
1221         }
1222 
1223         /* signal other side */
1224         virtqueue_fill(q->rx_vq, elem, total, i++);
1225         g_free(elem);
1226     }
1227 
1228     if (mhdr_cnt) {
1229         virtio_stw_p(vdev, &mhdr.num_buffers, i);
1230         iov_from_buf(mhdr_sg, mhdr_cnt,
1231                      0,
1232                      &mhdr.num_buffers, sizeof mhdr.num_buffers);
1233     }
1234 
1235     virtqueue_flush(q->rx_vq, i);
1236     virtio_notify(vdev, q->rx_vq);
1237 
1238     return size;
1239 }
1240 
1241 static ssize_t virtio_net_receive(NetClientState *nc, const uint8_t *buf,
1242                                   size_t size)
1243 {
1244     ssize_t r;
1245 
1246     rcu_read_lock();
1247     r = virtio_net_receive_rcu(nc, buf, size);
1248     rcu_read_unlock();
1249     return r;
1250 }
1251 
1252 static int32_t virtio_net_flush_tx(VirtIONetQueue *q);
1253 
1254 static void virtio_net_tx_complete(NetClientState *nc, ssize_t len)
1255 {
1256     VirtIONet *n = qemu_get_nic_opaque(nc);
1257     VirtIONetQueue *q = virtio_net_get_subqueue(nc);
1258     VirtIODevice *vdev = VIRTIO_DEVICE(n);
1259 
1260     virtqueue_push(q->tx_vq, q->async_tx.elem, 0);
1261     virtio_notify(vdev, q->tx_vq);
1262 
1263     g_free(q->async_tx.elem);
1264     q->async_tx.elem = NULL;
1265 
1266     virtio_queue_set_notification(q->tx_vq, 1);
1267     virtio_net_flush_tx(q);
1268 }
1269 
1270 /* TX */
1271 static int32_t virtio_net_flush_tx(VirtIONetQueue *q)
1272 {
1273     VirtIONet *n = q->n;
1274     VirtIODevice *vdev = VIRTIO_DEVICE(n);
1275     VirtQueueElement *elem;
1276     int32_t num_packets = 0;
1277     int queue_index = vq2q(virtio_get_queue_index(q->tx_vq));
1278     if (!(vdev->status & VIRTIO_CONFIG_S_DRIVER_OK)) {
1279         return num_packets;
1280     }
1281 
1282     if (q->async_tx.elem) {
1283         virtio_queue_set_notification(q->tx_vq, 0);
1284         return num_packets;
1285     }
1286 
1287     for (;;) {
1288         ssize_t ret;
1289         unsigned int out_num;
1290         struct iovec sg[VIRTQUEUE_MAX_SIZE], sg2[VIRTQUEUE_MAX_SIZE + 1], *out_sg;
1291         struct virtio_net_hdr_mrg_rxbuf mhdr;
1292 
1293         elem = virtqueue_pop(q->tx_vq, sizeof(VirtQueueElement));
1294         if (!elem) {
1295             break;
1296         }
1297 
1298         out_num = elem->out_num;
1299         out_sg = elem->out_sg;
1300         if (out_num < 1) {
1301             virtio_error(vdev, "virtio-net header not in first element");
1302             virtqueue_detach_element(q->tx_vq, elem, 0);
1303             g_free(elem);
1304             return -EINVAL;
1305         }
1306 
1307         if (n->has_vnet_hdr) {
1308             if (iov_to_buf(out_sg, out_num, 0, &mhdr, n->guest_hdr_len) <
1309                 n->guest_hdr_len) {
1310                 virtio_error(vdev, "virtio-net header incorrect");
1311                 virtqueue_detach_element(q->tx_vq, elem, 0);
1312                 g_free(elem);
1313                 return -EINVAL;
1314             }
1315             if (n->needs_vnet_hdr_swap) {
1316                 virtio_net_hdr_swap(vdev, (void *) &mhdr);
1317                 sg2[0].iov_base = &mhdr;
1318                 sg2[0].iov_len = n->guest_hdr_len;
1319                 out_num = iov_copy(&sg2[1], ARRAY_SIZE(sg2) - 1,
1320                                    out_sg, out_num,
1321                                    n->guest_hdr_len, -1);
1322                 if (out_num == VIRTQUEUE_MAX_SIZE) {
1323                     goto drop;
1324 		}
1325                 out_num += 1;
1326                 out_sg = sg2;
1327 	    }
1328         }
1329         /*
1330          * If host wants to see the guest header as is, we can
1331          * pass it on unchanged. Otherwise, copy just the parts
1332          * that host is interested in.
1333          */
1334         assert(n->host_hdr_len <= n->guest_hdr_len);
1335         if (n->host_hdr_len != n->guest_hdr_len) {
1336             unsigned sg_num = iov_copy(sg, ARRAY_SIZE(sg),
1337                                        out_sg, out_num,
1338                                        0, n->host_hdr_len);
1339             sg_num += iov_copy(sg + sg_num, ARRAY_SIZE(sg) - sg_num,
1340                              out_sg, out_num,
1341                              n->guest_hdr_len, -1);
1342             out_num = sg_num;
1343             out_sg = sg;
1344         }
1345 
1346         ret = qemu_sendv_packet_async(qemu_get_subqueue(n->nic, queue_index),
1347                                       out_sg, out_num, virtio_net_tx_complete);
1348         if (ret == 0) {
1349             virtio_queue_set_notification(q->tx_vq, 0);
1350             q->async_tx.elem = elem;
1351             return -EBUSY;
1352         }
1353 
1354 drop:
1355         virtqueue_push(q->tx_vq, elem, 0);
1356         virtio_notify(vdev, q->tx_vq);
1357         g_free(elem);
1358 
1359         if (++num_packets >= n->tx_burst) {
1360             break;
1361         }
1362     }
1363     return num_packets;
1364 }
1365 
1366 static void virtio_net_handle_tx_timer(VirtIODevice *vdev, VirtQueue *vq)
1367 {
1368     VirtIONet *n = VIRTIO_NET(vdev);
1369     VirtIONetQueue *q = &n->vqs[vq2q(virtio_get_queue_index(vq))];
1370 
1371     if (unlikely((n->status & VIRTIO_NET_S_LINK_UP) == 0)) {
1372         virtio_net_drop_tx_queue_data(vdev, vq);
1373         return;
1374     }
1375 
1376     /* This happens when device was stopped but VCPU wasn't. */
1377     if (!vdev->vm_running) {
1378         q->tx_waiting = 1;
1379         return;
1380     }
1381 
1382     if (q->tx_waiting) {
1383         virtio_queue_set_notification(vq, 1);
1384         timer_del(q->tx_timer);
1385         q->tx_waiting = 0;
1386         if (virtio_net_flush_tx(q) == -EINVAL) {
1387             return;
1388         }
1389     } else {
1390         timer_mod(q->tx_timer,
1391                        qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL) + n->tx_timeout);
1392         q->tx_waiting = 1;
1393         virtio_queue_set_notification(vq, 0);
1394     }
1395 }
1396 
1397 static void virtio_net_handle_tx_bh(VirtIODevice *vdev, VirtQueue *vq)
1398 {
1399     VirtIONet *n = VIRTIO_NET(vdev);
1400     VirtIONetQueue *q = &n->vqs[vq2q(virtio_get_queue_index(vq))];
1401 
1402     if (unlikely((n->status & VIRTIO_NET_S_LINK_UP) == 0)) {
1403         virtio_net_drop_tx_queue_data(vdev, vq);
1404         return;
1405     }
1406 
1407     if (unlikely(q->tx_waiting)) {
1408         return;
1409     }
1410     q->tx_waiting = 1;
1411     /* This happens when device was stopped but VCPU wasn't. */
1412     if (!vdev->vm_running) {
1413         return;
1414     }
1415     virtio_queue_set_notification(vq, 0);
1416     qemu_bh_schedule(q->tx_bh);
1417 }
1418 
1419 static void virtio_net_tx_timer(void *opaque)
1420 {
1421     VirtIONetQueue *q = opaque;
1422     VirtIONet *n = q->n;
1423     VirtIODevice *vdev = VIRTIO_DEVICE(n);
1424     /* This happens when device was stopped but BH wasn't. */
1425     if (!vdev->vm_running) {
1426         /* Make sure tx waiting is set, so we'll run when restarted. */
1427         assert(q->tx_waiting);
1428         return;
1429     }
1430 
1431     q->tx_waiting = 0;
1432 
1433     /* Just in case the driver is not ready on more */
1434     if (!(vdev->status & VIRTIO_CONFIG_S_DRIVER_OK)) {
1435         return;
1436     }
1437 
1438     virtio_queue_set_notification(q->tx_vq, 1);
1439     virtio_net_flush_tx(q);
1440 }
1441 
1442 static void virtio_net_tx_bh(void *opaque)
1443 {
1444     VirtIONetQueue *q = opaque;
1445     VirtIONet *n = q->n;
1446     VirtIODevice *vdev = VIRTIO_DEVICE(n);
1447     int32_t ret;
1448 
1449     /* This happens when device was stopped but BH wasn't. */
1450     if (!vdev->vm_running) {
1451         /* Make sure tx waiting is set, so we'll run when restarted. */
1452         assert(q->tx_waiting);
1453         return;
1454     }
1455 
1456     q->tx_waiting = 0;
1457 
1458     /* Just in case the driver is not ready on more */
1459     if (unlikely(!(vdev->status & VIRTIO_CONFIG_S_DRIVER_OK))) {
1460         return;
1461     }
1462 
1463     ret = virtio_net_flush_tx(q);
1464     if (ret == -EBUSY || ret == -EINVAL) {
1465         return; /* Notification re-enable handled by tx_complete or device
1466                  * broken */
1467     }
1468 
1469     /* If we flush a full burst of packets, assume there are
1470      * more coming and immediately reschedule */
1471     if (ret >= n->tx_burst) {
1472         qemu_bh_schedule(q->tx_bh);
1473         q->tx_waiting = 1;
1474         return;
1475     }
1476 
1477     /* If less than a full burst, re-enable notification and flush
1478      * anything that may have come in while we weren't looking.  If
1479      * we find something, assume the guest is still active and reschedule */
1480     virtio_queue_set_notification(q->tx_vq, 1);
1481     ret = virtio_net_flush_tx(q);
1482     if (ret == -EINVAL) {
1483         return;
1484     } else if (ret > 0) {
1485         virtio_queue_set_notification(q->tx_vq, 0);
1486         qemu_bh_schedule(q->tx_bh);
1487         q->tx_waiting = 1;
1488     }
1489 }
1490 
1491 static void virtio_net_add_queue(VirtIONet *n, int index)
1492 {
1493     VirtIODevice *vdev = VIRTIO_DEVICE(n);
1494 
1495     n->vqs[index].rx_vq = virtio_add_queue(vdev, n->net_conf.rx_queue_size,
1496                                            virtio_net_handle_rx);
1497     if (n->net_conf.tx && !strcmp(n->net_conf.tx, "timer")) {
1498         n->vqs[index].tx_vq =
1499             virtio_add_queue(vdev, 256, virtio_net_handle_tx_timer);
1500         n->vqs[index].tx_timer = timer_new_ns(QEMU_CLOCK_VIRTUAL,
1501                                               virtio_net_tx_timer,
1502                                               &n->vqs[index]);
1503     } else {
1504         n->vqs[index].tx_vq =
1505             virtio_add_queue(vdev, 256, virtio_net_handle_tx_bh);
1506         n->vqs[index].tx_bh = qemu_bh_new(virtio_net_tx_bh, &n->vqs[index]);
1507     }
1508 
1509     n->vqs[index].tx_waiting = 0;
1510     n->vqs[index].n = n;
1511 }
1512 
1513 static void virtio_net_del_queue(VirtIONet *n, int index)
1514 {
1515     VirtIODevice *vdev = VIRTIO_DEVICE(n);
1516     VirtIONetQueue *q = &n->vqs[index];
1517     NetClientState *nc = qemu_get_subqueue(n->nic, index);
1518 
1519     qemu_purge_queued_packets(nc);
1520 
1521     virtio_del_queue(vdev, index * 2);
1522     if (q->tx_timer) {
1523         timer_del(q->tx_timer);
1524         timer_free(q->tx_timer);
1525     } else {
1526         qemu_bh_delete(q->tx_bh);
1527     }
1528     virtio_del_queue(vdev, index * 2 + 1);
1529 }
1530 
1531 static void virtio_net_change_num_queues(VirtIONet *n, int new_max_queues)
1532 {
1533     VirtIODevice *vdev = VIRTIO_DEVICE(n);
1534     int old_num_queues = virtio_get_num_queues(vdev);
1535     int new_num_queues = new_max_queues * 2 + 1;
1536     int i;
1537 
1538     assert(old_num_queues >= 3);
1539     assert(old_num_queues % 2 == 1);
1540 
1541     if (old_num_queues == new_num_queues) {
1542         return;
1543     }
1544 
1545     /*
1546      * We always need to remove and add ctrl vq if
1547      * old_num_queues != new_num_queues. Remove ctrl_vq first,
1548      * and then we only enter one of the following too loops.
1549      */
1550     virtio_del_queue(vdev, old_num_queues - 1);
1551 
1552     for (i = new_num_queues - 1; i < old_num_queues - 1; i += 2) {
1553         /* new_num_queues < old_num_queues */
1554         virtio_net_del_queue(n, i / 2);
1555     }
1556 
1557     for (i = old_num_queues - 1; i < new_num_queues - 1; i += 2) {
1558         /* new_num_queues > old_num_queues */
1559         virtio_net_add_queue(n, i / 2);
1560     }
1561 
1562     /* add ctrl_vq last */
1563     n->ctrl_vq = virtio_add_queue(vdev, 64, virtio_net_handle_ctrl);
1564 }
1565 
1566 static void virtio_net_set_multiqueue(VirtIONet *n, int multiqueue)
1567 {
1568     int max = multiqueue ? n->max_queues : 1;
1569 
1570     n->multiqueue = multiqueue;
1571     virtio_net_change_num_queues(n, max);
1572 
1573     virtio_net_set_queues(n);
1574 }
1575 
1576 static int virtio_net_post_load_device(void *opaque, int version_id)
1577 {
1578     VirtIONet *n = opaque;
1579     VirtIODevice *vdev = VIRTIO_DEVICE(n);
1580     int i, link_down;
1581 
1582     virtio_net_set_mrg_rx_bufs(n, n->mergeable_rx_bufs,
1583                                virtio_vdev_has_feature(vdev,
1584                                                        VIRTIO_F_VERSION_1));
1585 
1586     /* MAC_TABLE_ENTRIES may be different from the saved image */
1587     if (n->mac_table.in_use > MAC_TABLE_ENTRIES) {
1588         n->mac_table.in_use = 0;
1589     }
1590 
1591     if (!virtio_vdev_has_feature(vdev, VIRTIO_NET_F_CTRL_GUEST_OFFLOADS)) {
1592         n->curr_guest_offloads = virtio_net_supported_guest_offloads(n);
1593     }
1594 
1595     if (peer_has_vnet_hdr(n)) {
1596         virtio_net_apply_guest_offloads(n);
1597     }
1598 
1599     virtio_net_set_queues(n);
1600 
1601     /* Find the first multicast entry in the saved MAC filter */
1602     for (i = 0; i < n->mac_table.in_use; i++) {
1603         if (n->mac_table.macs[i * ETH_ALEN] & 1) {
1604             break;
1605         }
1606     }
1607     n->mac_table.first_multi = i;
1608 
1609     /* nc.link_down can't be migrated, so infer link_down according
1610      * to link status bit in n->status */
1611     link_down = (n->status & VIRTIO_NET_S_LINK_UP) == 0;
1612     for (i = 0; i < n->max_queues; i++) {
1613         qemu_get_subqueue(n->nic, i)->link_down = link_down;
1614     }
1615 
1616     if (virtio_vdev_has_feature(vdev, VIRTIO_NET_F_GUEST_ANNOUNCE) &&
1617         virtio_vdev_has_feature(vdev, VIRTIO_NET_F_CTRL_VQ)) {
1618         n->announce_counter = SELF_ANNOUNCE_ROUNDS;
1619         timer_mod(n->announce_timer, qemu_clock_get_ms(QEMU_CLOCK_VIRTUAL));
1620     }
1621 
1622     return 0;
1623 }
1624 
1625 /* tx_waiting field of a VirtIONetQueue */
1626 static const VMStateDescription vmstate_virtio_net_queue_tx_waiting = {
1627     .name = "virtio-net-queue-tx_waiting",
1628     .fields = (VMStateField[]) {
1629         VMSTATE_UINT32(tx_waiting, VirtIONetQueue),
1630         VMSTATE_END_OF_LIST()
1631    },
1632 };
1633 
1634 static bool max_queues_gt_1(void *opaque, int version_id)
1635 {
1636     return VIRTIO_NET(opaque)->max_queues > 1;
1637 }
1638 
1639 static bool has_ctrl_guest_offloads(void *opaque, int version_id)
1640 {
1641     return virtio_vdev_has_feature(VIRTIO_DEVICE(opaque),
1642                                    VIRTIO_NET_F_CTRL_GUEST_OFFLOADS);
1643 }
1644 
1645 static bool mac_table_fits(void *opaque, int version_id)
1646 {
1647     return VIRTIO_NET(opaque)->mac_table.in_use <= MAC_TABLE_ENTRIES;
1648 }
1649 
1650 static bool mac_table_doesnt_fit(void *opaque, int version_id)
1651 {
1652     return !mac_table_fits(opaque, version_id);
1653 }
1654 
1655 /* This temporary type is shared by all the WITH_TMP methods
1656  * although only some fields are used by each.
1657  */
1658 struct VirtIONetMigTmp {
1659     VirtIONet      *parent;
1660     VirtIONetQueue *vqs_1;
1661     uint16_t        curr_queues_1;
1662     uint8_t         has_ufo;
1663     uint32_t        has_vnet_hdr;
1664 };
1665 
1666 /* The 2nd and subsequent tx_waiting flags are loaded later than
1667  * the 1st entry in the queues and only if there's more than one
1668  * entry.  We use the tmp mechanism to calculate a temporary
1669  * pointer and count and also validate the count.
1670  */
1671 
1672 static void virtio_net_tx_waiting_pre_save(void *opaque)
1673 {
1674     struct VirtIONetMigTmp *tmp = opaque;
1675 
1676     tmp->vqs_1 = tmp->parent->vqs + 1;
1677     tmp->curr_queues_1 = tmp->parent->curr_queues - 1;
1678     if (tmp->parent->curr_queues == 0) {
1679         tmp->curr_queues_1 = 0;
1680     }
1681 }
1682 
1683 static int virtio_net_tx_waiting_pre_load(void *opaque)
1684 {
1685     struct VirtIONetMigTmp *tmp = opaque;
1686 
1687     /* Reuse the pointer setup from save */
1688     virtio_net_tx_waiting_pre_save(opaque);
1689 
1690     if (tmp->parent->curr_queues > tmp->parent->max_queues) {
1691         error_report("virtio-net: curr_queues %x > max_queues %x",
1692             tmp->parent->curr_queues, tmp->parent->max_queues);
1693 
1694         return -EINVAL;
1695     }
1696 
1697     return 0; /* all good */
1698 }
1699 
1700 static const VMStateDescription vmstate_virtio_net_tx_waiting = {
1701     .name      = "virtio-net-tx_waiting",
1702     .pre_load  = virtio_net_tx_waiting_pre_load,
1703     .pre_save  = virtio_net_tx_waiting_pre_save,
1704     .fields    = (VMStateField[]) {
1705         VMSTATE_STRUCT_VARRAY_POINTER_UINT16(vqs_1, struct VirtIONetMigTmp,
1706                                      curr_queues_1,
1707                                      vmstate_virtio_net_queue_tx_waiting,
1708                                      struct VirtIONetQueue),
1709         VMSTATE_END_OF_LIST()
1710     },
1711 };
1712 
1713 /* the 'has_ufo' flag is just tested; if the incoming stream has the
1714  * flag set we need to check that we have it
1715  */
1716 static int virtio_net_ufo_post_load(void *opaque, int version_id)
1717 {
1718     struct VirtIONetMigTmp *tmp = opaque;
1719 
1720     if (tmp->has_ufo && !peer_has_ufo(tmp->parent)) {
1721         error_report("virtio-net: saved image requires TUN_F_UFO support");
1722         return -EINVAL;
1723     }
1724 
1725     return 0;
1726 }
1727 
1728 static void virtio_net_ufo_pre_save(void *opaque)
1729 {
1730     struct VirtIONetMigTmp *tmp = opaque;
1731 
1732     tmp->has_ufo = tmp->parent->has_ufo;
1733 }
1734 
1735 static const VMStateDescription vmstate_virtio_net_has_ufo = {
1736     .name      = "virtio-net-ufo",
1737     .post_load = virtio_net_ufo_post_load,
1738     .pre_save  = virtio_net_ufo_pre_save,
1739     .fields    = (VMStateField[]) {
1740         VMSTATE_UINT8(has_ufo, struct VirtIONetMigTmp),
1741         VMSTATE_END_OF_LIST()
1742     },
1743 };
1744 
1745 /* the 'has_vnet_hdr' flag is just tested; if the incoming stream has the
1746  * flag set we need to check that we have it
1747  */
1748 static int virtio_net_vnet_post_load(void *opaque, int version_id)
1749 {
1750     struct VirtIONetMigTmp *tmp = opaque;
1751 
1752     if (tmp->has_vnet_hdr && !peer_has_vnet_hdr(tmp->parent)) {
1753         error_report("virtio-net: saved image requires vnet_hdr=on");
1754         return -EINVAL;
1755     }
1756 
1757     return 0;
1758 }
1759 
1760 static void virtio_net_vnet_pre_save(void *opaque)
1761 {
1762     struct VirtIONetMigTmp *tmp = opaque;
1763 
1764     tmp->has_vnet_hdr = tmp->parent->has_vnet_hdr;
1765 }
1766 
1767 static const VMStateDescription vmstate_virtio_net_has_vnet = {
1768     .name      = "virtio-net-vnet",
1769     .post_load = virtio_net_vnet_post_load,
1770     .pre_save  = virtio_net_vnet_pre_save,
1771     .fields    = (VMStateField[]) {
1772         VMSTATE_UINT32(has_vnet_hdr, struct VirtIONetMigTmp),
1773         VMSTATE_END_OF_LIST()
1774     },
1775 };
1776 
1777 static const VMStateDescription vmstate_virtio_net_device = {
1778     .name = "virtio-net-device",
1779     .version_id = VIRTIO_NET_VM_VERSION,
1780     .minimum_version_id = VIRTIO_NET_VM_VERSION,
1781     .post_load = virtio_net_post_load_device,
1782     .fields = (VMStateField[]) {
1783         VMSTATE_UINT8_ARRAY(mac, VirtIONet, ETH_ALEN),
1784         VMSTATE_STRUCT_POINTER(vqs, VirtIONet,
1785                                vmstate_virtio_net_queue_tx_waiting,
1786                                VirtIONetQueue),
1787         VMSTATE_UINT32(mergeable_rx_bufs, VirtIONet),
1788         VMSTATE_UINT16(status, VirtIONet),
1789         VMSTATE_UINT8(promisc, VirtIONet),
1790         VMSTATE_UINT8(allmulti, VirtIONet),
1791         VMSTATE_UINT32(mac_table.in_use, VirtIONet),
1792 
1793         /* Guarded pair: If it fits we load it, else we throw it away
1794          * - can happen if source has a larger MAC table.; post-load
1795          *  sets flags in this case.
1796          */
1797         VMSTATE_VBUFFER_MULTIPLY(mac_table.macs, VirtIONet,
1798                                 0, mac_table_fits, mac_table.in_use,
1799                                  ETH_ALEN),
1800         VMSTATE_UNUSED_VARRAY_UINT32(VirtIONet, mac_table_doesnt_fit, 0,
1801                                      mac_table.in_use, ETH_ALEN),
1802 
1803         /* Note: This is an array of uint32's that's always been saved as a
1804          * buffer; hold onto your endiannesses; it's actually used as a bitmap
1805          * but based on the uint.
1806          */
1807         VMSTATE_BUFFER_POINTER_UNSAFE(vlans, VirtIONet, 0, MAX_VLAN >> 3),
1808         VMSTATE_WITH_TMP(VirtIONet, struct VirtIONetMigTmp,
1809                          vmstate_virtio_net_has_vnet),
1810         VMSTATE_UINT8(mac_table.multi_overflow, VirtIONet),
1811         VMSTATE_UINT8(mac_table.uni_overflow, VirtIONet),
1812         VMSTATE_UINT8(alluni, VirtIONet),
1813         VMSTATE_UINT8(nomulti, VirtIONet),
1814         VMSTATE_UINT8(nouni, VirtIONet),
1815         VMSTATE_UINT8(nobcast, VirtIONet),
1816         VMSTATE_WITH_TMP(VirtIONet, struct VirtIONetMigTmp,
1817                          vmstate_virtio_net_has_ufo),
1818         VMSTATE_SINGLE_TEST(max_queues, VirtIONet, max_queues_gt_1, 0,
1819                             vmstate_info_uint16_equal, uint16_t),
1820         VMSTATE_UINT16_TEST(curr_queues, VirtIONet, max_queues_gt_1),
1821         VMSTATE_WITH_TMP(VirtIONet, struct VirtIONetMigTmp,
1822                          vmstate_virtio_net_tx_waiting),
1823         VMSTATE_UINT64_TEST(curr_guest_offloads, VirtIONet,
1824                             has_ctrl_guest_offloads),
1825         VMSTATE_END_OF_LIST()
1826    },
1827 };
1828 
1829 static NetClientInfo net_virtio_info = {
1830     .type = NET_CLIENT_DRIVER_NIC,
1831     .size = sizeof(NICState),
1832     .can_receive = virtio_net_can_receive,
1833     .receive = virtio_net_receive,
1834     .link_status_changed = virtio_net_set_link_status,
1835     .query_rx_filter = virtio_net_query_rxfilter,
1836 };
1837 
1838 static bool virtio_net_guest_notifier_pending(VirtIODevice *vdev, int idx)
1839 {
1840     VirtIONet *n = VIRTIO_NET(vdev);
1841     NetClientState *nc = qemu_get_subqueue(n->nic, vq2q(idx));
1842     assert(n->vhost_started);
1843     return vhost_net_virtqueue_pending(get_vhost_net(nc->peer), idx);
1844 }
1845 
1846 static void virtio_net_guest_notifier_mask(VirtIODevice *vdev, int idx,
1847                                            bool mask)
1848 {
1849     VirtIONet *n = VIRTIO_NET(vdev);
1850     NetClientState *nc = qemu_get_subqueue(n->nic, vq2q(idx));
1851     assert(n->vhost_started);
1852     vhost_net_virtqueue_mask(get_vhost_net(nc->peer),
1853                              vdev, idx, mask);
1854 }
1855 
1856 static void virtio_net_set_config_size(VirtIONet *n, uint64_t host_features)
1857 {
1858     int i, config_size = 0;
1859     virtio_add_feature(&host_features, VIRTIO_NET_F_MAC);
1860 
1861     for (i = 0; feature_sizes[i].flags != 0; i++) {
1862         if (host_features & feature_sizes[i].flags) {
1863             config_size = MAX(feature_sizes[i].end, config_size);
1864         }
1865     }
1866     n->config_size = config_size;
1867 }
1868 
1869 void virtio_net_set_netclient_name(VirtIONet *n, const char *name,
1870                                    const char *type)
1871 {
1872     /*
1873      * The name can be NULL, the netclient name will be type.x.
1874      */
1875     assert(type != NULL);
1876 
1877     g_free(n->netclient_name);
1878     g_free(n->netclient_type);
1879     n->netclient_name = g_strdup(name);
1880     n->netclient_type = g_strdup(type);
1881 }
1882 
1883 static void virtio_net_device_realize(DeviceState *dev, Error **errp)
1884 {
1885     VirtIODevice *vdev = VIRTIO_DEVICE(dev);
1886     VirtIONet *n = VIRTIO_NET(dev);
1887     NetClientState *nc;
1888     int i;
1889 
1890     if (n->net_conf.mtu) {
1891         n->host_features |= (0x1 << VIRTIO_NET_F_MTU);
1892     }
1893 
1894     virtio_net_set_config_size(n, n->host_features);
1895     virtio_init(vdev, "virtio-net", VIRTIO_ID_NET, n->config_size);
1896 
1897     /*
1898      * We set a lower limit on RX queue size to what it always was.
1899      * Guests that want a smaller ring can always resize it without
1900      * help from us (using virtio 1 and up).
1901      */
1902     if (n->net_conf.rx_queue_size < VIRTIO_NET_RX_QUEUE_MIN_SIZE ||
1903         n->net_conf.rx_queue_size > VIRTQUEUE_MAX_SIZE ||
1904         (n->net_conf.rx_queue_size & (n->net_conf.rx_queue_size - 1))) {
1905         error_setg(errp, "Invalid rx_queue_size (= %" PRIu16 "), "
1906                    "must be a power of 2 between %d and %d.",
1907                    n->net_conf.rx_queue_size, VIRTIO_NET_RX_QUEUE_MIN_SIZE,
1908                    VIRTQUEUE_MAX_SIZE);
1909         virtio_cleanup(vdev);
1910         return;
1911     }
1912 
1913     n->max_queues = MAX(n->nic_conf.peers.queues, 1);
1914     if (n->max_queues * 2 + 1 > VIRTIO_QUEUE_MAX) {
1915         error_setg(errp, "Invalid number of queues (= %" PRIu32 "), "
1916                    "must be a positive integer less than %d.",
1917                    n->max_queues, (VIRTIO_QUEUE_MAX - 1) / 2);
1918         virtio_cleanup(vdev);
1919         return;
1920     }
1921     n->vqs = g_malloc0(sizeof(VirtIONetQueue) * n->max_queues);
1922     n->curr_queues = 1;
1923     n->tx_timeout = n->net_conf.txtimer;
1924 
1925     if (n->net_conf.tx && strcmp(n->net_conf.tx, "timer")
1926                        && strcmp(n->net_conf.tx, "bh")) {
1927         error_report("virtio-net: "
1928                      "Unknown option tx=%s, valid options: \"timer\" \"bh\"",
1929                      n->net_conf.tx);
1930         error_report("Defaulting to \"bh\"");
1931     }
1932 
1933     for (i = 0; i < n->max_queues; i++) {
1934         virtio_net_add_queue(n, i);
1935     }
1936 
1937     n->ctrl_vq = virtio_add_queue(vdev, 64, virtio_net_handle_ctrl);
1938     qemu_macaddr_default_if_unset(&n->nic_conf.macaddr);
1939     memcpy(&n->mac[0], &n->nic_conf.macaddr, sizeof(n->mac));
1940     n->status = VIRTIO_NET_S_LINK_UP;
1941     n->announce_timer = timer_new_ms(QEMU_CLOCK_VIRTUAL,
1942                                      virtio_net_announce_timer, n);
1943 
1944     if (n->netclient_type) {
1945         /*
1946          * Happen when virtio_net_set_netclient_name has been called.
1947          */
1948         n->nic = qemu_new_nic(&net_virtio_info, &n->nic_conf,
1949                               n->netclient_type, n->netclient_name, n);
1950     } else {
1951         n->nic = qemu_new_nic(&net_virtio_info, &n->nic_conf,
1952                               object_get_typename(OBJECT(dev)), dev->id, n);
1953     }
1954 
1955     peer_test_vnet_hdr(n);
1956     if (peer_has_vnet_hdr(n)) {
1957         for (i = 0; i < n->max_queues; i++) {
1958             qemu_using_vnet_hdr(qemu_get_subqueue(n->nic, i)->peer, true);
1959         }
1960         n->host_hdr_len = sizeof(struct virtio_net_hdr);
1961     } else {
1962         n->host_hdr_len = 0;
1963     }
1964 
1965     qemu_format_nic_info_str(qemu_get_queue(n->nic), n->nic_conf.macaddr.a);
1966 
1967     n->vqs[0].tx_waiting = 0;
1968     n->tx_burst = n->net_conf.txburst;
1969     virtio_net_set_mrg_rx_bufs(n, 0, 0);
1970     n->promisc = 1; /* for compatibility */
1971 
1972     n->mac_table.macs = g_malloc0(MAC_TABLE_ENTRIES * ETH_ALEN);
1973 
1974     n->vlans = g_malloc0(MAX_VLAN >> 3);
1975 
1976     nc = qemu_get_queue(n->nic);
1977     nc->rxfilter_notify_enabled = 1;
1978 
1979     n->qdev = dev;
1980 }
1981 
1982 static void virtio_net_device_unrealize(DeviceState *dev, Error **errp)
1983 {
1984     VirtIODevice *vdev = VIRTIO_DEVICE(dev);
1985     VirtIONet *n = VIRTIO_NET(dev);
1986     int i, max_queues;
1987 
1988     /* This will stop vhost backend if appropriate. */
1989     virtio_net_set_status(vdev, 0);
1990 
1991     g_free(n->netclient_name);
1992     n->netclient_name = NULL;
1993     g_free(n->netclient_type);
1994     n->netclient_type = NULL;
1995 
1996     g_free(n->mac_table.macs);
1997     g_free(n->vlans);
1998 
1999     max_queues = n->multiqueue ? n->max_queues : 1;
2000     for (i = 0; i < max_queues; i++) {
2001         virtio_net_del_queue(n, i);
2002     }
2003 
2004     timer_del(n->announce_timer);
2005     timer_free(n->announce_timer);
2006     g_free(n->vqs);
2007     qemu_del_nic(n->nic);
2008     virtio_cleanup(vdev);
2009 }
2010 
2011 static void virtio_net_instance_init(Object *obj)
2012 {
2013     VirtIONet *n = VIRTIO_NET(obj);
2014 
2015     /*
2016      * The default config_size is sizeof(struct virtio_net_config).
2017      * Can be overriden with virtio_net_set_config_size.
2018      */
2019     n->config_size = sizeof(struct virtio_net_config);
2020     device_add_bootindex_property(obj, &n->nic_conf.bootindex,
2021                                   "bootindex", "/ethernet-phy@0",
2022                                   DEVICE(n), NULL);
2023 }
2024 
2025 static void virtio_net_pre_save(void *opaque)
2026 {
2027     VirtIONet *n = opaque;
2028 
2029     /* At this point, backend must be stopped, otherwise
2030      * it might keep writing to memory. */
2031     assert(!n->vhost_started);
2032 }
2033 
2034 static const VMStateDescription vmstate_virtio_net = {
2035     .name = "virtio-net",
2036     .minimum_version_id = VIRTIO_NET_VM_VERSION,
2037     .version_id = VIRTIO_NET_VM_VERSION,
2038     .fields = (VMStateField[]) {
2039         VMSTATE_VIRTIO_DEVICE,
2040         VMSTATE_END_OF_LIST()
2041     },
2042     .pre_save = virtio_net_pre_save,
2043 };
2044 
2045 static Property virtio_net_properties[] = {
2046     DEFINE_PROP_BIT("csum", VirtIONet, host_features, VIRTIO_NET_F_CSUM, true),
2047     DEFINE_PROP_BIT("guest_csum", VirtIONet, host_features,
2048                     VIRTIO_NET_F_GUEST_CSUM, true),
2049     DEFINE_PROP_BIT("gso", VirtIONet, host_features, VIRTIO_NET_F_GSO, true),
2050     DEFINE_PROP_BIT("guest_tso4", VirtIONet, host_features,
2051                     VIRTIO_NET_F_GUEST_TSO4, true),
2052     DEFINE_PROP_BIT("guest_tso6", VirtIONet, host_features,
2053                     VIRTIO_NET_F_GUEST_TSO6, true),
2054     DEFINE_PROP_BIT("guest_ecn", VirtIONet, host_features,
2055                     VIRTIO_NET_F_GUEST_ECN, true),
2056     DEFINE_PROP_BIT("guest_ufo", VirtIONet, host_features,
2057                     VIRTIO_NET_F_GUEST_UFO, true),
2058     DEFINE_PROP_BIT("guest_announce", VirtIONet, host_features,
2059                     VIRTIO_NET_F_GUEST_ANNOUNCE, true),
2060     DEFINE_PROP_BIT("host_tso4", VirtIONet, host_features,
2061                     VIRTIO_NET_F_HOST_TSO4, true),
2062     DEFINE_PROP_BIT("host_tso6", VirtIONet, host_features,
2063                     VIRTIO_NET_F_HOST_TSO6, true),
2064     DEFINE_PROP_BIT("host_ecn", VirtIONet, host_features,
2065                     VIRTIO_NET_F_HOST_ECN, true),
2066     DEFINE_PROP_BIT("host_ufo", VirtIONet, host_features,
2067                     VIRTIO_NET_F_HOST_UFO, true),
2068     DEFINE_PROP_BIT("mrg_rxbuf", VirtIONet, host_features,
2069                     VIRTIO_NET_F_MRG_RXBUF, true),
2070     DEFINE_PROP_BIT("status", VirtIONet, host_features,
2071                     VIRTIO_NET_F_STATUS, true),
2072     DEFINE_PROP_BIT("ctrl_vq", VirtIONet, host_features,
2073                     VIRTIO_NET_F_CTRL_VQ, true),
2074     DEFINE_PROP_BIT("ctrl_rx", VirtIONet, host_features,
2075                     VIRTIO_NET_F_CTRL_RX, true),
2076     DEFINE_PROP_BIT("ctrl_vlan", VirtIONet, host_features,
2077                     VIRTIO_NET_F_CTRL_VLAN, true),
2078     DEFINE_PROP_BIT("ctrl_rx_extra", VirtIONet, host_features,
2079                     VIRTIO_NET_F_CTRL_RX_EXTRA, true),
2080     DEFINE_PROP_BIT("ctrl_mac_addr", VirtIONet, host_features,
2081                     VIRTIO_NET_F_CTRL_MAC_ADDR, true),
2082     DEFINE_PROP_BIT("ctrl_guest_offloads", VirtIONet, host_features,
2083                     VIRTIO_NET_F_CTRL_GUEST_OFFLOADS, true),
2084     DEFINE_PROP_BIT("mq", VirtIONet, host_features, VIRTIO_NET_F_MQ, false),
2085     DEFINE_NIC_PROPERTIES(VirtIONet, nic_conf),
2086     DEFINE_PROP_UINT32("x-txtimer", VirtIONet, net_conf.txtimer,
2087                        TX_TIMER_INTERVAL),
2088     DEFINE_PROP_INT32("x-txburst", VirtIONet, net_conf.txburst, TX_BURST),
2089     DEFINE_PROP_STRING("tx", VirtIONet, net_conf.tx),
2090     DEFINE_PROP_UINT16("rx_queue_size", VirtIONet, net_conf.rx_queue_size,
2091                        VIRTIO_NET_RX_QUEUE_DEFAULT_SIZE),
2092     DEFINE_PROP_UINT16("host_mtu", VirtIONet, net_conf.mtu, 0),
2093     DEFINE_PROP_END_OF_LIST(),
2094 };
2095 
2096 static void virtio_net_class_init(ObjectClass *klass, void *data)
2097 {
2098     DeviceClass *dc = DEVICE_CLASS(klass);
2099     VirtioDeviceClass *vdc = VIRTIO_DEVICE_CLASS(klass);
2100 
2101     dc->props = virtio_net_properties;
2102     dc->vmsd = &vmstate_virtio_net;
2103     set_bit(DEVICE_CATEGORY_NETWORK, dc->categories);
2104     vdc->realize = virtio_net_device_realize;
2105     vdc->unrealize = virtio_net_device_unrealize;
2106     vdc->get_config = virtio_net_get_config;
2107     vdc->set_config = virtio_net_set_config;
2108     vdc->get_features = virtio_net_get_features;
2109     vdc->set_features = virtio_net_set_features;
2110     vdc->bad_features = virtio_net_bad_features;
2111     vdc->reset = virtio_net_reset;
2112     vdc->set_status = virtio_net_set_status;
2113     vdc->guest_notifier_mask = virtio_net_guest_notifier_mask;
2114     vdc->guest_notifier_pending = virtio_net_guest_notifier_pending;
2115     vdc->legacy_features |= (0x1 << VIRTIO_NET_F_GSO);
2116     vdc->vmsd = &vmstate_virtio_net_device;
2117 }
2118 
2119 static const TypeInfo virtio_net_info = {
2120     .name = TYPE_VIRTIO_NET,
2121     .parent = TYPE_VIRTIO_DEVICE,
2122     .instance_size = sizeof(VirtIONet),
2123     .instance_init = virtio_net_instance_init,
2124     .class_init = virtio_net_class_init,
2125 };
2126 
2127 static void virtio_register_types(void)
2128 {
2129     type_register_static(&virtio_net_info);
2130 }
2131 
2132 type_init(virtio_register_types)
2133